VMware Cloud on AWS

Resource Pools, Folders & VMC now supported with Cross vCenter vMotion Utility Fling

07/18/2018 by William Lam Leave a Comment

Many of you are already familiar with the Cross vCenter vMotion Utility, which was released as a Fling last year. In fact, a number of you have even shared your VM migration numbers, many of which are quite impressive (e.g. 5-10K VMs). Not only are the number of production VMs significant, but I also learned the duration of customer migration projects, such as datacenter evacuation, was able to complete significantly faster with the help of this tool.

Although v2.1 was just recently released, Vishal, the lead developer is constantly looking for ways to improve the tool. Most recently, we had a few customers ask for supporting additional placement targets such as vSphere VM Folders and Resource Pools. Customers often use VM Folders for organization purposes but also as a way to manage permissions and of course resource management with the use of Resource Pools (not for organization purposes ;)). These two stand alone feature are quite useful on their own, but they are also a building block to allow us to support migrating workloads to and from VMware Cloud on AWS (VMC) which we have received requests for as well. VMC has a restrictive permission model and customer workloads must be placed in a specific VM Folder and Resource Pool, both of which was not initially supported with the Cross vCenter vMotion Utility.

With the latest v2.2. release, customers will now have the ability to optionally specify a target Resource Pool and/or VM Folder by enabling an Advanced settings option at the upper right hand corner of the tool as shown in the screenshot below.

Below is a screenshot of vMotion'ing 3 running PhotonOS VMs from onPrem environment to my VMC's SDDC. The Fling supports both hot and cold relocate, however for vMotion to work you will need to ensure that your source vCenter Server (including ESXi hosts) are running vSphere 6.7 and the VM is configured with the new Per-VM EVC (requires vHW 14) which can be configured in the vSphere H5 Client.

Give the latest Fling a try and let us know what you think, if you have any feedback or request, feel free to leave a comment on the Fling page.

Automating VM Template management using Content Library in VMC

07/17/2018 by William Lam 1 Comment

Today, the vSphere Content Library only supports a single deployable VM type using the Open Virtualization Format (OVF) standard. Although customers are familiar with both OVF and OVA (archive of OVF and VMDKs), support for vCenter VM Template is still one of the most highly requested feature for Content Library. This should come as no surprise since many of our customers have built operational procedures and automation workflows for managing VM deployments over the years and simply switching to another format has a significant impact to their existing workflows.

I know the Content Library team has been heads down working on a number of enhancements to Content Library and it looks like one of these improvements has recently made its way out onto VMware Cloud on AWS (VMC) which I had just noticed while working in my SDDC.

In VMC, when you right click on a VM and select "Clone as Template to Library", there will be a new option to capture a VM as a VM Template (VMTX) within a Content Library!

Auditing detailed operations within VMware Cloud on AWS using the Activity Log API

06/29/2018 by William Lam Leave a Comment

All operations (UI or API) that occurs within VMware Cloud AWS (VMC), including but not limited to SDDC creation, deletion, updates, network configurations, user authorization/access, etc. is all captured as part of the Activity Log in the VMC Console. Within the Activity Log, customers will be able view the type of operation, the time the operation occurred, the applicable SDDC as well the user of the operation and all of these fields can be filtered out further.

The UI is great for quickly looking up quick changes, however for customers who require auditing level logging, this may not be sufficient. This was actually a question that I had received from a customer who was interested in getting more details but also a way to send this information back to their on-premises environment for auditing purposes. Luckily, the Activity Log actually stores a lot more information than what is shown in the UI and all of this data is available through the VMC API.

All entries are scoped within a VMC Organization and you can use the following APIs to retrieve all activities or a specific activity given the VMC Task Id:

GET /orgs/{org}/tasks - List all tasks for organization
GET /orgs/{org}/tasks/{task} - Get task details

OVFTool and VMware Cloud on AWS

06/18/2018 by William Lam Leave a Comment

Recently, I had noticed a number of questions that have come up regarding the use of OVFTool with the VMware Cloud on AWS (VMC) service. I had a chance to take a look at this last Friday and I can confirm that customers can indeed use this tool to import/export VMs into VMC whether they are from a vSphere/vCloud Director-based environment or simply OVF/OVAs you have on your desktop. Outlined below are the requirements and steps that you must have setup before you can use OVFTool with VMC. In addition, I have also include an OVFTool command snippet which you can use and adapt in your own environment.

Requirements:

You must setup VPN connection between your onPrem environment and the Management Gateway on VMC (direct internet access to ESXi is not supported)
Configure the VMC Firewall to allow access between your onPrem and VMC's ESXi host on port 443 (data transfer occurs at ESXi host level)
Specify the Workload VM Folder as a target
Specify the Compute-ResourcePool Resource Pool as a target
Specify the WorkloadDatastore Datastore as a target

Instructions:

Step 1 - Create a Management VPN connection, please see the official documentation here for more details.

Step 2 - Create a two new Firewall Rules that allow traffic from your onPrem environment to both vCenter Server and ESXi host on port 443. vCenter Server will obviously be used for UI/API access and for ESXi, this is where the data traffic transfer will take place.

Step 3 - Construct your OVFTool command-line arguments and ensure you are using the VM Folder "Workloads", Resource Pool "Compute-ResourcePool" and Datastore "WorkloadDatastore" as your target destination since the CloudAdmin user will have restrictive privileges within VMC.

Here is an example command to upload an OVA from my desktop to the VMC vCenter Server:

ovftool.exe `
--acceptAllEulas `
--name=William-To-The-Cloud `
--datastore=WorkloadDatastore `
--net:None=sddc-cgw-network-1 `
--vmFolder=Workloads `
C:\Users\primp\desktop\William.ova `
'vi://cloudadmin@vmc.local:FillInYourOwnPassword@vcenter.sddc-A-B-C-C.vmc.vmware.com/SDDC-Datacenter/host/Cluster-1/Resources/Compute-ResourcePool/'

ovftool.exe `

--acceptAllEulas `

--name=William-To-The-Cloud `

--datastore=WorkloadDatastore `

--net:None=sddc-cgw-network-1 `

--vmFolder=Workloads `

C:\Users\primp\desktop\William.ova `

'vi://cloudadmin@vmc.local:FillInYourOwnPassword@vcenter.sddc-A-B-C-C.vmc.vmware.com/SDDC-Datacenter/host/Cluster-1/Resources/Compute-ResourcePool/'

Note: OVFTool also supports the ability to specify a VM that is residing in your vSphere environment as a source, so you do not have to export it locally to your desktop and you can directly transfer it (your client desktop acting as a proxy) to VMC.

Here is the output from running the above command:

Once the upload has completed, you should see your new VM appear in your vSphere Inventory

Getting started with Hybrid Cloud Extension (HCX) on VMware Cloud on AWS

12/12/2017 by William Lam 8 Comments

I had been hearing a lot of cool things about VMware's Hybrid Cloud Extension (HCX) but never tried the solution myself nor had a good understanding of what it actually provided. With the recently announced Hybrid Cloud Extension (HCX) on VMware Cloud on AWS (VMWonAWS) offering being available, I thought this was a great way to get hands on with HCX and take advantage of my VMWonAWS infrastructure. Having only spent a couple of days with the solution, I can see why customers are excited for HCX and the new offering on VMWonAWS makes it super easy to consume. I also recently learned that HCX is now free for all VMWonAWS customers and you can easily moving VMs to/from your onPrem environment!

There are a number of impressive capabilities that HCX offers, but two that really stood out to me which I thought was quite unique and interesting compared to other VM-based "migration" options. The first is that HCX can perform live VM migrations (vMotion) or replicated migrations (vSphere Replication) which includes scheduled switch over across different versions of vSphere (vSphere 5.x to/from vSphere 6.x). This is great for customers who may not be able to upgrade their underlying vSphere environment to 6.0 or later and take advantage of things like Cross vCenter vMotion feature which only supports VM migration between vSphere 6.0u3 to/from 6.x.

The second capability is that HCX can abstract and protect the underlying ESXi hosts by not requiring direct connectivity between the source and destination ESXi hosts. Traditionally, for vMotion and vSphere Replication traffic, you either had to stretch the VLAN or ensure the VMkernel interface was routable so that it can communicate with the destination ESXi hosts for data transfers. This was not always possible and adds additional networking requirements which can be challenging to implement depending on how your network infrastructure is configured. The way HCX solves this problem is by using a special HCX Cloud Gateway which securely proxy vMotion and vSphere Replication traffic from the on-premises environment out to the respective HCX Cloud Gateway Peer which then gets transfered to destination vSphere environment. Below is a diagram to help illustrate this:

Note: HCX also supports WAN optimization (compression and de-duplication) out of the box, which the diagram includes as that is what I had deployed in my env. This is an optional virtual appliance that can be deployed at each location ensuring efficient data transfer between the source and destination vSphere environments.

While going through and getting HCX configured on both my VMWonAWS and onPrem environment, I had ran into a few minor gotchas and to help others avoid some of the issues I had ran into, I figure I would outline the process and include some additional tips that can be help.

VMware Cloud on AWS – VM Creation Date available in vSphere API

10/23/2017 by William Lam 2 Comments

I was recently doing some work with my VMware Cloud on AWS instance and I needed to verify something in the vSphere API. Since I already had a browser open, rather than context switch, I decided to quickly open up the vSphere MOB which is a debugging tool that provides a browser interface to the vSphere SOAP API. While going through the Virtual Machine view, I was pleasantly surprised to see a new VM config property called createDate which looks to give you the original date/time of when the VM was first created!

This is probably one of the most frequently asked question that I have seen from VI Admins around basic VM management and I am sure everyone has probably had a need to pull this type of information at least once in their career. Historically, VM creation date was not an easy thing to thing to find and success of retrieving that data was dependent on the retention of your vCenter Server Events database since that is where the information is stored. This means if you only retain 6 months worth of historical events, you will not be able to retrieve creation dates for VMs that were created prior to that.