Category: NSX

VMware vSphere Update Manager Download Service (UMDS) is an optional module of Update Manager. For security reasons and deployment restrictions, vSphere, including Update Manager, might be installed in a secured network that is disconnected from other local networks and the Internet. Update Manager requires access to patch information to function properly. If you are using such an environment, you can install UMDS on a computer that has Internet access to download upgrades, patch binaries, and patch metadata, and then export the downloads to a portable media drive or configure an IIS server  so that they become accessible to the Update Manager server.

IBM Cloud for VMware Solutions enables you to quickly and seamlessly integrate or migrate your on-premises VMware workloads to the IBM Cloud by using the scalable, secure, and high-performance IBM Cloud infrastructure and the industry-leading VMware hybrid virtualization technology.

IBM Cloud for VMware Solutions allows you to easily deploy your VMware virtual environments and manage the infrastructure resources on IBM Cloud. At the same time, you can still use your familiar native VMware product console to manage the VMware workloads.

Deployment Options:

IBM Cloud for VMware Solutions provides standardized and customizable deployment choices of VMware virtual environments. The following deployment types are offered:

• VMware Cloud Foundation on IBM Cloud: The Cloud Foundation offering provides a unified VMware virtual environment by using standard IBM Cloud compute, storage, and network resources that are dedicated to each user deployment.
• VMware vCenter Server on IBM Cloud: The vCenter Server offering allows you to deploy a VMware virtual environment by using custom compute, storage, and network resources to best fit your business needs.
• VMware vSphere on IBM Cloud: The vSphere on IBM Cloud offering provides a customizable virtualization service that combines VMware-compatible bare metal servers, hardware components, and licenses, to build your own IBM-hosted VMware environment.

To use IBM Cloud for VMware Solutions to order instances, you must have an IBM Cloud account. The cost of the components that are ordered in your instances is billed to that IBM Cloud account.

When you order VMware Cloud Foundation on IBM Cloud, an entire VMware environment is deployed automatically. The base deployment consists of four IBM Cloud Bare Metal Servers with the VMware Cloud Foundation stack pre-installed and configured to provide unified software-defined data center (SDDC) platform. Cloud Foundation natively integrates VMware vSphere, VMware NSX, VMware Virtual SAN, and This has been architected based on VMware-validated designs.

The following image depicts the overall architecture and components of the Cloud Foundation deployment.

Physical infrastructure

Physical Infrastructure provides the physical compute, storage, and network resources to be used by the virtual infrastructure.

Virtualization infrastructure (Compute, Storage, and Network)

Virtualization infrastructure layer virtualizes the physical infrastructure through different VMware products:

• VMware vSphere virtualizes the physical compute resources.
• vSAN provides software-defined shared storage based on the storage in the physical servers.
• VMware NSX is the network virtualization platform that provides logical networking components and virtual networks.

Virtualization Management

Virtualization Management consists of vCenter Server, which represents the management layer for the virtualized environment. The same familiar vSphere API-compatible tools and scripts can be used to manage the IBM hosted VMware environment.

On the IBM Cloud for VMware Solutions console, you can expand and contract the capacity of your instances using the add and remove ESXi server capability. In addition, lifecycle management functions like applying updates and upgrading the VMware components in the hosted environment are also available.

A fabric node is a node that has been registered with the NSX-T management plane and has NSX-T modules installed. For a hypervisor host to be part of the NSX-T overlay, it must first be added to the NSX-T fabric.

As we know NSX-T is vCenter agnostic, the Host Switch is configured from the NSX manager UI. The NSX manager owns the life-cycle of the Host Switch and the Logical Switch creation on these Host Switches.

• Go to Fabric – > Nodes and check the Hosts tab and Click on ADD

• Enter Name of the Host , IP address of the host , choose OS tpye , since in this exercise i am adding an ESXi host , so chosen “ESXi” , Enter “root” credentials and most important enter the thumb print and to get the thumb print enter below command on ESXi command prompt – # openssl x509 -in /etc/vmware/ssl/rui.crt -fingerprint -sha256 -noout

• Click Save.

• If you do not enter the host thumbprint, the NSX-T UI prompts you to use the default thumbprint in the plain text format retrieved from the host.

Monitor the progress , it will install NSX binaries on Hosts.

• Since i am deploying in my Home lab and my ESXi Host was having 12 GB RAM and installation failed because minimum RAM requirement is 16GB.

• and finally vibs successfully installed.

Now lets add the host in to Management Plane

Joining the hypervisor hosts with the management plane ensures that the NSX Manager and the hosts can communicate with each other.

• Open an SSH session to the NSX Manager appliance and  Log in with the Administrator credentials.On the NSX Manager appliance, run the get certificate api thumbprint command.  “The command output is a string of numbers that is unique to this NSX Manager.”  Copy this String

• Now Open an SSH session to the hypervisor host and run the join management-plane command.

• Provide the following information:
  •  Hostname or IP address of the NSX Manager with an optional port number
  • Username of the NSX Manager
  • Certificate thumbprint of the NSX Manager
  • Password of the NSX Manager

• Command will prompt for Password for API user: <NSX-Manager’s-password> and if everything is fine then you should get “Node successfully joined”

Next post i will be targeting to prepare KVM host , till then Happy Learning 🙂

NSX controllers controls virtual networks and overlay transport tunnels. NSX Controllers are deployed as a cluster of highly available vApps that are responsible for the automated deployment of virtual networks across the entire NSX-T architecture and  to achieve high availability of control plane the NSX Controllers are deployed in a cluster of three instances.

Deploying the NSX Controller is almost similar to deploying the NSX Manager appliance. I’ve deployed one NSX Controllers onto the same network as the NSX Manager.

Let’s Start Deploying Controller:

1 – First login to ESXi using HTML5 Client and run the New Virtual Machine wizard and select “Deploy a virtual machine from an OVF or OVA file”

2 – Enter the name for the NSX-T Controller appliance (nsxc.avnlab.com) and choose NSX-T controller appliance OVA (nsx-controller-2.0.0.0.0.6522091.ova)

3 – Choose your storage

4 – Choose your Network and disk type

5 – Enter various password for “Root User” , “admin User” and “audit User” , we need to setup a complex password.Password complexity requirements are as below:

• At least eight characters
• At least one lower-case letter
• At least one upper-case letter
• At least one digit
• At least one special character
• At least five different characters
• No dictionary words
• No palindromes

6 – in the same window Enter the “Host Name”, Default Gateway, IP address and Other network related information.

7 – Review the configuration and click Finish

8 – it will take some time and once ova import completes  , you are done.

Validate Controller Network Configuration as below:

Connect Controller Cluster to NSX Manager

Get NSX Manager API thumbprint

1. Log onto the NSX Manager via SSH using the admin credentials.
2. Use “get certificate api thumbprint” to get the SSL certificate thumbprint. Copy the output to use later
3. 

Join NSX Controller to NSX Manager

1. Log on to the NSX Controllers via SSH using the admin credentials.
2. Use “join management-plane <NSX Manager> username admin thumbprint <API Thumbprint>“
3. 
4. command will prompt for “admin” password.
5. Once entered , wait for some time , if all goes well then you will see below “successful” message .
6. 
7. Enter command on NSX Controller as “get managers” to view the connection to Manager
8. 
9. On NSX manager run command “get nodes” to view registration is successful..
10. 
11. From the command line using command “get management-cluster status ” you can see the details and their status  –  Controllers is listed in the control cluster, but the cluster status is “UNSTABLE”.
12. 

Configure the Controller Cluster:

To configure the Controller cluster you need to log on to any of the Controllers and initialise the cluster. Since this i am deploying in my Home Lab and have a single cluster , so let’s login to Controller and initialize the the cluster.

1. Log onto the Controller node via SSH using the admin credentials.
2. Use “set control-cluster security-model shared-secret” to configure the shared secret
3. 
4. after the secret is configured, use “initialize control-cluster” to promote this node as Master controller
5. 
6. Now , if you see “Control Cluster Status” is “Stable”
7. 
8. you can also view in GUI console also..
9. 

so now we have completed NSX manager installation , NSX controller installation and their integration.

Happy Learning 🙂

NSX-T has been decoupled from vCenter and is availabe for multiple platforms and since lots of things are happening around SDN, their integration with Micro Services running on containers and kubernetes , so it is right to start getting familiar with NSX-T before customer start adopting it.

So first step towards learning NSX-T is to read through official documentation and parallelly start deploying NSX-T 2.0 components…here is the deployment flow that i will follow:

1. Install NSX Manager.
2. Install NSX Controllers.
3. Join NSX Controllers with the management plane.
4. Initialize the control cluster to create a master controller.
5. Join NSX Controllers into a control cluster. NSX Manager installs NSX-T modules after the hypervisor hosts are added.
6. Join hypervisor hosts with the management plane. This causes the host to send its host certificate to the management plane.
7. Install NSX Edges.
8. Join NSX Edges with the management plane.
9. Create transport zones and transport nodes.

So let’s move towards our first step,  deploy NSX Manager….

Here is the System Requirements for NSX-T Manager :
NSX-T has specific requirements regarding hardware resources and software versions.

for My Lab I am going to use Nested ESXi6.5.

1 – First login to ESXi using HTML5 Client and run the New Virtual Machine wizard and select “Deploy a virtual machine from an OVF or OVA file”

Enter the name for the NSX-T Manager appliance (nsxtm.avnlab.com) and choose NSX-T Manager appliance OVA (nsx-unified-appliance-2.0.0.0.0.6522097)

Select your storage

Choose your network , Disk type

Enter various password for “Root User” , “admin User” and “audit User” , we need to setup a complex password , else it will ask to enter new password post deployment.

NOTE – NSX-T  core services on the appliance will not start until a password with sufficient complexity is set.

Password complexity requirement:

At least eight characters
At least one lower-case letter
At least one upper-case letter
At least one digit
At least one special character
At least five different characters
No dictionary words
No palindromes

in the same window Enter the “Hostname” , Rolename will be “nsx-manager” don’t change it.

Enter DNS and NTP server details , enable SSH and root SSH login ( if you required)

and click finish

it will take some time and once ova import completes  , you are done.

Login with IP address that we specified in the installation and Here is your first NSX-T login screen…login with user name “admin” and password that we specified in above steps.

Accept “End User License Agreement” and click on “Continue”

and here is your first successful NSX-T installation 🙂 Finally, the NSX Manager is deployed.

Happy Learning 🙂

Took the exam VMware Certified Advanced Professional 6 — Data Center Virtualization Deploy exam on 30th August 2017  and really happy to share that i have passed this exam too.

Few tips for everyone who are preparing for the exam:

Before starting this exam stay relax as you will have to spend lots of time understanding questions and performing tasks as per understanding, so stay relaxed and use all your experaicnce on vSphere , vSAN  , vSphere replication and VDP.This is the exam for the people who works on these product on daily basis and understands each and every aspect of vSphere , HA , DRS , vMotion , dvSwtich , some basic understanding of PowerCLI  , troubleshooting , esxi command lines etc..  , I would suggest to follow blueprint and practice as much as you can and practice will lead to you towards successes. To get the feel of exam , i would highly recommend everyone to visit Hands on Labs and test out few labs which will give you a brief idea on how to deal with the desktop during the actual exam.

When writing VCAP6-DCV Deploy exam every seconds count , so I would suggest spend time reading the questions thoroughly before starting the task it’s going to be beneficial at-least it was in my case because I was able to save a lot of time when doing the tasks.

Be aware that CRTL, ALT and BACKSPACE are not working go back using arrow keys and then press delete it’s better to make use of on screen keyboard if you wish to copy and paste.

Best of luck to everyone who are preparing for the VCAP Deploy exam!!!

First thing  before we start upgrading , we must download vRealize Operations Manager virtual appliance updates for both the operating system and the virtual appliance. You can do this from the same page on where you download vRealize Operations 6.6. Both of these are PAK files that will have file names similar to- vRealize_Operations_Manager-VA-OS-6.6.0.5707160.pak    and vRealize_Operations_Manager-VA-6.6.0.5707160.pak

Once Download is finished , Follow the steps as below:

Login to the vROps admin interface at – https://<master-node-FQDN-or-IP-address>/admin and Take the cluster offline.

Cl

Once the Custer is Offline, Start the upgrade process by clicking on Software Upgrade and Click on “Install a Software Update”

Click browse and select PAK file , there are two files that we need to download from VMware website , one is OS upgrade and another one is application upgrade.

let’s first upgrade OS , choose OS upgrade .pak file and Click on Upload.

Check the version.

Accept the License , check the Update information

and Finally Click on Install

Monitor the installation process.

Since in my Lab i have many appliances and it took almost half an hour to upgrade the OS of all the appliances, will reboot all the appliances and comeback , once done with OS upgrade ,

Lets start with application upgrade.

Please follow the same series of steps, shown above but provide the virtual appliance update PAK file this time. Click Upload.

Check if we have choosen the right file to upgrade.

Click install in the Last step and finally monitor the upgrade progress…

After some time, the virtual appliance will restart. Once restarted you should log back in to the admin console and here it is all new HTML5 vRealize Operation Manager.

and here is the version information..

that’s it , Happy learning 🙂

In an NSX for vSphere environment, basically the management plane is responsible for providing the GUI interface and the REST API entry point to manage the NSX environment.

Control Plane

The control plane includes a three node cluster running the control plane protocols required to capture the system configuration and push it down to the data plane and data plane consists of VIB modules installed in the hypervisor during host preparation.

NSX Controller stores the following types of tables:

• VTEP table -keeps track of what virtual network (VNI) is present on which VTEP/hypervisor.
• MAC table – keeps track of VM MAC to VTEP IP mappings.
• ARP table – keeps track of VM IP to VM MAC mappings.

Controllers maintain the routing information by distributing the routing data learned from the control VM to each routing kernel module in the ESXi hosts. The use of the controller cluster eliminates the need for multicast support from the physical network infrastructure. Customers no longer have to provision multicast group IP addresses.  They also no longer need to enable PIM routing or IGMP snooping features on physical switches or routers. Logical switches need to be configured in unicast mode to avail of this feature.

NSX Controllers support an ARP suppression mechanism that reduces the need to flood ARP broadcast requests across the L2 network domain where virtual machines are connected. This is achieved by converting the ARP broadcasts into Controller lookups. If the controller lookup fails, then normal flooding will be used.

The ESXi host, with NSX Virtual Switch, intercepts the following types of traffic:

• Virtual machine broadcast
• Virtual machine unicast
• Virtual machine multicast
• Ethernet requests
• Queries to the NSX Controller instance to retrieve the correct response to those requests

Each controller node is assigned a set of roles that define the tasks it can implement. By default, each controller is assigned all the following roles:

• API Provider:  Handles HTTP requests from NSX Manager
• Persistence Server: Persistently stores network state information
• Logical Manager: Computes policies and network topology
• Switch Manager: Manages the hypervisors and pushes configuration to the hosts
• Directory Server: Manages VXLAN and distributed logical routing information

One of the controller nodes is elected as a leader for each role.so may be controller 1 elected as the leader for the API Provider and Logical Manager.controller 2 as the leader for Persistence Server and Directory Server and controller 3 has been elected as the leader for the Switch Manager role.

The leader for each role is responsible for allocating tasks to all individual nodes in the cluster. This is called slicing and slicing is being used to increase the scalability characteristics of the NSX architecture , slicing ensure that all the controller nodes can be active at any given time

The leader of each role maintains a sharding db table to keep track of the workload. The sharding db table is calculated by the leader and replicated to every controller node. It is used by both VXLAN and distributed logical router, known as DLR. The sharding db table may be recalculated at cluster membership changes, role master changes, or adjusted periodically for rebalancing.

In case of the failure of a controller node, the slices for a given role that were owned by the failed node are reassigned to the remaining members of the cluster.  Node failure triggers a new leader election for the roles originally led by the failed node.

Control Plane Interaction

• ESXi hosts and NSX logical router virtual machines learn network information and send it to NSX Controller through UWA.
• The NSX Controller CLI provides a consistent interface to verify VXLAN and logical routing network state information.
• NSX Manager also provides APIs to programmatically retrieve data from the NSX Controller nodes in future.

Controller Internal Communication

The Management Plane communicates to the Controller Cluster over TCP/443.The Management Plane communicates directly with the vsfwd agent in the ESXi host over TCP/5671 using RabbitMQ, to push down firewall configuration changes.

The controllers communicates to the netcpa agent running in the ESXi host over TCP/1234 to propagate L2 and L3 changes. Netcpa then internally propagates these changes to the respective routing and VXLAN kernel modules in the ESXi host. Netcpa also acts as a middleman between the vsfwd agent and the ESXi kernel modules.

NSX Manager chooses a single controller node to start a REST API call. Once the connection is established, the NSX Manager transmits the host certificate thumbprint, VNI and logical interface information to the NSX Controller Cluster.

All the date transmitted by NSX Manager can be found in the file config-by-vsm.xml in the directory /etc/vmware/netcpa on the ESXi host. File /var/log/netcpa.log, can be helpful in troubleshooting the communication path between the NSX Manager, vsfwd and netcpa.

Netcpa randomly chooses a controller to establish the initial connection that is called core session and thsi core session is used to transmit the Controller Sharding table to the hosts, so they are aware of who is responsible for a particular VNI or routing instance.

Hope this helps you in understanding NSX Controllers.Happy Learning 🙂

This is for my beginner friends in vSphere…

vSphere Features Supported by Storage Type:

Happy learning 🙂

Shared by one of my colleague , really helpful.

Happy Learning 🙂