Automation

NSX-T Opaque Networks now supported with Cross vCenter Workload Migration Fling

04/15/2019 by William Lam Leave a Comment

The Cross vCenter Workload Migration Fling continues to be an extremely powerful tool for our customers and I just love hearing successful customer stories like the one recently shared by Jason on how the tool allowed him to easily migrate over 600 Virtual Machines and with more to come!

Moved 600 and looking at another thousand. Some monster VMs... our test environment moved as easy as vmotion.

— Jason 🛠 (@JasonThoms) April 9, 2019

One capability that customers have been asking for is the ability to migrate to and from an NSX-T Opaque Network type, which the current Fling does not support. This has become more and more important as the default NSX stack for VMware Cloud on AWS (VMC) is now NSX-T by default, rather than NSX-V. We are also seeing requests from on-premises customers who have deployed NSX-T for their next generation infrastructure and needing the ability to easily migrate workloads between their old infrastructure that maybe running VSS/VDS or NSX-V backed networks.

With the help from two new colleagues, Vikas Shitole and Rajmani Patel, we are excited to announce the release Cross vCenter Workload Migration v2.6 which now adds support for NSX-T Opaque Networks!

Enhanced vCenter Server Audit Event & Logging in vSphere 6.7 Update 2

04/08/2019 by William Lam Leave a Comment

A couple of years back I had published a detailed analysis on vCenter Server's Authentication (AuthN) and Authorization (AuthZ) from an auditing and logging standpoint. This has been the go to reference for many of our customers and the posts also includes a number of log samples which I have documented in the following Github repository.

In addition to serving as a reference for our customers, it has also helped our Product and Engineering teams understand where we still had some gaps and how we could improve the overall user experience. As hinted in the recently announced vSphere 6.7 Update 2 release, which will be available soon, there are number of new auditing enhancements that have been made to both vCenter Server and the vCenter Single Sign-On (SSO) service that I think customers will really appreciate.

"Real" client IP address in Events

When you look at a login or logout Event in vCenter Server today, you may have noticed the user's client IP Address is actually of the vCenter Server rather than the actual remote client's address and the reason for this is explained here. In vSphere 6.7 Update 2, the real client IP Address is now captured and is included in all successful login/logout and failed logins. This information can now enable administrators to easily identify unauthorized access and be able to quickly track down the systems initiating the connections.

How to immediately refresh the network GuestInfo using VMware Tools?

04/03/2019 by William Lam 1 Comment

We all know the benefits of installing VMware Tools into your guest operating system which also includes additional functionality such as the Guest Operations APIs, allowing administrators to perform operations directly within the guest (credentials required), even if networking is not available. In addition to all these benefits, customers also get better visibility into the guest such as the underlying OS that is actually installed, disk volumes and networking information such as hostname and IP Addresses for the different network interfaces.

I am assuming most of you have seen the VM Summary page in the vSphere UI and if VMware Tools is installed and running, some of the GuestInfo data will be displayed such as networking.

An interesting tidbit that I had learned recently about VMware Tools while working on Instant Cloning Apple MacOS (yup, this works!) is that there is a default polling interval of 30 seconds in which this GuestInfo data is updated. In general, this is not a problem as this type of information does not change frequently and the default should be more than sufficient for most customers.

However, if you are performing an Instant Clone and you are relying on the vSphere API and the GuestInfo data to determine the IP Address of the guest, having to wait up to 30seconds is not ideal, especially since the actual Instant Clone operation completes in just a few seconds. One option is to change the default polling interval, which I have outlined the details in the MacOS Instant Clone article, but rather than changing the default which can add some additional load, there is actually a much simpler solution.

With VMware Tools 10.1 or newer, customers now have a way to immediate initiate a refresh of the networking info, directly from within the guest. This is perfect for the Instant Clone use case where network configuration is applied through a customization script and you can then run the update command afterwards to ensure the GuestInfo data is immediately reflected. Below are the respective commands for each OS type and you will need to have administrator privileges to perform this operation.

Windows:

C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe info update network

Linux:

/usr/bin/vmware-toolbox-cmd info update network

MacOS:

/Library/Application\ Support/VMware\ Tools/vmware-tools-cli info update network

Integrating Github Actions with vSphere and VMware Cloud on AWS

04/01/2019 by William Lam Leave a Comment

I have always been a fan of event-driven automation, the idea where you can automatically trigger a workflow or an operation based on a specific event. In the consumer world, the most popular example is the If This, Then That (IFTTT) service, which I use on a regular basis to automate the sharing of new articles from virtuallyGhetto to different Social Media channels.

For the Enterprise, this is also not a new idea and many folks including myself have been doing this for years in vSphere using vCenter Server Alarms. In fact, one example I still reference on a regular basis is from 2012 where you automatically apply a set of vSphere Security Hardening configurations to a Virtual Machine when a new VM Create Event is published by vCenter.

There are countless more examples of this concept beyond VMware but the general idea is to be able to subscribe to specific events and then automatically do something when a given event occurs. When Github Actions (Beta) was announced last year, I was really interested as I think this could open the door for a ton of interesting possibilities, especially from a VMware perspective around Continuous Integration/Development (CI/CD). I quickly registered for the Beta but did not get access until the start of this year. If you want to know what Github Actions can do, check out some of these demos that have been built by various folks from the community. The really exciting thing about Github Actions is that you can literally execute any workflow as long as you can containerized your business logic within a Docker Container. This means, you can use any language or tool that you are familiar with and make this work with Github Actions, pretty powerful stuff!

It was only recently while working on a personal project, which I hope will make its way to VMworld, that I finally got a chance to dig into Github Actions. I noticed in many of the online Github Action examples, that it included ways to deploy applications and containers to a Public Cloud but there was nothing that I found related to VMware. I figured, this would be a good learning opopournity for myself and I could even learn how to build my own Actions which can be useful for others to use or extend further.

Instant Clone Apple MacOS

03/28/2019 by William Lam 1 Comment

Whether you are a brand new startup working on the next hot mobile app or an established Enterprise or Consumer brand company, development and testing of Apple iOS and/or MacOS is simply a reality in todays world. The vast majority of these customers accomplish this by running Apple MacOS on vSphere, either within their own on-premises datacenter or leveraging MacStadium, the largest MacOS Cloud hosting provider, who also runs their Mac infrastructure using VMware vSphere.

The ability to quickly build/test and deploy your application (Continuous Integration and Continuous Delivery) can mean the difference of having an edge over you competitor or being able to keep up with the demands of your business. Many customers have benefited from using vSphere platform and with technologies like Linked Clones, which allows you to quickly spin up a new VM without having to perform a complete full clone, it means you can build and test your application even faster.

In vSphere 6.7, we introduced a major enhancement to Instant Clone, which you can read more about here and here. One of the questions I have been seeing lately is whether Instant Clone can be applied to MacOS guests? The answer is absolutely! In fact, Matt Moriarity, who works for TravisCI, recently shared some tidbits on how to get a MacOS Mojave guests to see the updated MAC Address to ensure that there are no network conflicts when performing an Instant Clone.

The majority of the "hard" work to use Instant Clone is really from within the GuestOS and the customization script that needs to be developed. In fact, Instant Clone is pretty OS agnostics and you can even Instant Clone Microsoft Windows 98 and 2000, if you really wanted to 😀

ESXTOP and VMware Cloud on AWS

03/26/2019 by William Lam 6 Comments

ESXTOP is one of the most versatile and popular tool in the VI Administrators tool belt when it comes to real time performance analysis and data collection in a vSphere environment. In fact, ESXTOP also came up in the most recent episode of the VirtuallySpeaking Podcast covering the Top 10 Tools for VI Administrators, which Duncan Epping and I had the pleasure to be part of.

To use ESXTOP, you are required to SSH to an ESXi host as it is only available in the ESXi Shell. Traditionally, this has not been a huge issue for on-premises environment, especially as you can enable access when you needed to run ESXTOP. However, when operating on VMware Cloud on AWS (VMC), customers no longer have to worry about managing the underlying infrastructure and can now focus on being a consumer of the VMware SDDC. One side affect of this operational change is that customers do not have direct access to ESXi and would not be able to use ESXTOP.