VMware

VMware – Create VAAI supported iSCSI LUNs on Synology

by
VAAI

Today i was working with storage topics. I tried to create iSCSI connections in my vSphere homelab and tried to figure out how to connect or mount iSCSI storage. I had already some iSCSI storage connected to my nested ESXi hosts. But i felt as there is something not correct. And i was right. After some research on the internet i’ve found out that you should take another approach to add iSCSI storage as i did in my previous post. There is a way that your new iSCSI storage on your Synology NAS is fully vSphere and VAAI compatible. Let me show you how you do that.

  1. Before we start to create storage and add it to our ESXi hosts you have to install the VAAI plugin from Synology:
    1. How do I install Synology NFS VAAI Plug-in on an ESXi host?
  2. Reboot your hosts after plugin installation

Now your hosts are ready to get connected to your VAAI supported Synology NAS. Let’s create now the iSCSI LUNs in the next step.

Read more

Review – 10 most popular posts on my blog in 2016

by
review

Call it a review or a look back. Or a time travel if you like to. I’d like to introduce you the 10 most popular posts on my blog of 2016. And a short reflection what happend in 2016.

Very much happened last year (you don’t say?). I had the opportunity to work on many interesting customer projects. Deploying VMware AirWatch for a customer was one of my favorite projects. But there were not only projects in my company and for customers but also many personal projects. I invested much effort, time and money to build a small vSphere homelab as preparation for my VCP exam (which i failed twice in 2016, damn it). In 2016 i attended also two great events in Barcelona and Frankfurt.

I took the chance and went the first time to VMworld Europe last year. It was great. Exhausting. Interesting. I met so many cool people, had interesting chats with them. In Frankfurt i attended the VeeamON Forum which was also a cool event. All about virtualization and data security. I would like to mention the Veeam EMEA team, when i had the opportunity to join them for dinner. Really cool guys there at Veeam, thank you!

And i also really started with blogging. In the meantime i really like it. Sometimes i don’t know what to write. I’m not a fashionista, or a foodie, that puts every bit on the internet. I’d like to provide content which hopefully help people to get their job done and i’d like to help solving a problem. Most of my blog posts are based on problems which i struggled with, and a solution i found for it. Bang. Put that on my website. Because mostly you’re not alone with a specific IT problem. And if you find a solution here on my blog, you’re welcome. I’m here to help.

Some other blog posts are based just on my personal interest in all kinds of IT belongings. Is there a new feature in Veeam or a new version? I’ll go out and test it. Bang. Blog post done.

But now let us focus on what happened on my blog last year. What are the 10 most popular blog posts of 2016? Here they are!

Number 1

VMware – Read before upgrade to vSphere 6.5

vSphere 6.5 was officially announced at VMworld Europe 2016 in Barcelona. The world waited for it. But as always, there are some things to consider before you upgrade your infrastructure to the latest version.

Number 2

Veeam – Automatic backup tests with SureBackup

You probably know the movie “Groundhog Day” with Bill Murray. Every day the same things happen. So with your backups. You backup your data each and every day. But do you also test it? What happens if you really have to restore something? There are many companies which don’t test their backups. With Veeam SureBackup you can fully automate it. And save your time for more important things.

Number 3

VMware vSphere – How to script vMotion for your VMs

Scripting can help you automate things. Just thinking about the batch scripts for network drive mapping at Windows login. And that’s a simple one. But we dig deeper and go to vMotion. This blog post based on a solution i found for a specific problem in my vSphere homelab. I had to find out how i can vmotion my VMs to one specific host so that i can backup them all. Et voila. A nice PowerCLI script arised from researching, trial and error.

Number 4

VMware Homelab – Hardware für den Homeserver

I have to excuse for the language. I’m a native german speaking person. And this was one of the first blog posts about my upcoming vSphere homelab. I had an old game rig and i upgraded with lots of memory, disks and stuff to become my ESXi host which is hosting three other nested ESXi servers. The hardware got a second life, and it is also the starting point of my certification preparations. I’ll probably review this post and make it also available in english.

Number 5

Veeam – Backup your Office 365 mailboxes (on a UNC path)

Many companies relay on their emails and email systems. Some companies have their own mail server, other companies are moving to the cloud. With Office 365 you’ve got different possibilities and you’ll find the one which suits you the best. Office 365 is not only, but also hosted Exchange. You can access your mails on every device at every time, wherever you are. BUT you are responsible to backup up those mailboxes. With Veeam Backup for Office 365 you can do that, fast and easy. I’ll show you how.

Number 6

Veeam SureBackup – Ping-Test Troubleshooting

When we’re talking about backups, we have to talk about recoverability and backup tests too. With Veeam SureBackup you can configure automated backup tests and save your time for more important things. But it’s possible that it doesn’t run out of to box just with clicking around and configure the things. Make sure you configure the virtual helper appliance correctly, according your networking needs.

Number 7

Veeam Endpoint Backup: error: Cannot find partition

I’m sure you’re backing up your personal computer, don’t you? Well, you should. Heard of crypto locker and other malware around the interwebz? At least that should worry you. But also when configuring your backup for your personal computer you can get some trouble. Veeam Endpoint Backup FREE is the right choice for you. Quick and easy setup and configuration. But you can also mess things up, or if your computer has some issues, then you’ve got problems. You can configure Veeam Endpoint Backup so that each and every partition is covered. This post shows you how to do that.

Number 8

VMware – vSAN Deploy and Manage course – Day 1

Just a few weeks ago a attended the VMware VSAN Deploy and Manage course. Three days packed full with information and hands-on labs. We had a great teacher, Paul McSharry. This guy knows the stuff. And of course i did a daily review.

Number 9

Microsoft Active Directory – Change UPN for all users

We’re back at scripting again. This time it’s an Active Directory topic. Many of you might know that. Changing the UPN for a bunch of Active Directory accounts can be frustrating, if not some pain in the b***. I had to do that some months ago for few hundred users. I searched for a solution which i can use not only for one specific use case, but to have a script i can edit and use it anywhere i want. Here it is. Chaning UPN for all users with a script.

Number 10

VMware Certification – How to fail the third time at VCP exam

Last but not least, the mos frustrating and annoying topic for me in 2016 was learning and certification. I thought that i’m ready. Ready to catch the VCP6-DCV exam. But i wasn’t. I tried it at VMworld Europe in Barcelona. And i failed miserably. This was the third time i failed at the VCP exam. I tried once VCP5 and 5.x (that was at the end of 2015). And last year i tried VCP6 two times. The second one was in December. I failed there too. This year i will pass it. And not only just pass it but also get some points. I’ll review all my notes and the study guides and get prepared.

That’s it folks. The review is done. These were the 10 most popular posts on my blog in 2016. I hope you enjoyed this review, and that you probably found a topic of interest, or a solution for a problem. I’m always here to help.

I whish you a great, successful, lucky and healthy 2017. I whish you all the best!

VMware – Homelab storage extension installed

by
storage

Recently i ordered the last piece of hardware for 2016 for use in my VMware vSphere homelab. I failled in the fourth VCP exam in December 2016 and that gave me the kick to extend my homelab a little, and look into storage stuff in detail.

Thoughts and requirements

I had some ideas in mind and received good inputs from my fellow homelab colleagues, but there are so much possibilities for extending storage. There are various NAS manufacturers and storage vendors. You can “extend” your storage even virtually with some virtual storage appliances. But i have to keep my budget small, well as small as possible for my needs. I don’t have a sponsor (would be nice indeed). So for the extension of my homelab any storage device other than a NAS costs way too much money. And i want to use real physical existent storage, so also a no-go for virtual storage appliances (which also requires some physical storage in the back end). This made the field of choice at least a little smaller, not much, and i’m still kicking out some devices to find the one which suits my needs the best.

Another point is network connectivity. My decision was to have four network ports on this specific NAS device. It should support link aggregation, load balancing and failover. The NAS device should also support NFS and iSCSI protocols so i can reach it from my ESXi hosts and use it. It would be the best for the integration into my homelab when i’m already familiar with a specific kind of device / operating system / manufacturer. Yes, i know, that’s not a real decision maker, at least not the best. But why struggle if there exist easy to setup systems? And last but not least it should be supported within VMware, for example with VAAI.

With all this points from above i decided to go for a Synology NAS device.

The hardware

The base system is a Synology DS1515+ NAS device. The technical specifications:

CPU Model Intel Atom C2538
CPU Architecture 64-bit
CPU Frequency Quad Core 2.4 GHz
System Memory 2 GB DDR3
Memory Expandable up to 6 GB (2 GB + 4 GB)
Drive Bay(s) 5
Hot Swappable Drive YES
RJ-45 1GbE LAN Port 4
VMware vSphere 5 with VAAI YES
VMware vSphere 6 with VAAI YES

Details specifications are available here: Synology DS1515+

Disks (capazity / cache)

I ordered also three WD Red SATA disk with 4TB each and two Sandisk X400 SSDs with 512GB each. In this configuration i’ll get enough raw storage space (roughly 8TB usable capazity). With two SSD in a Synology multi-bay NAS i can also configure read-write cache (you’ll get read cache only with one SSD).

So let’s get our hands on the hardware…

Read more

VMware – vSAN Deploy and Manage course – Day 3

by

Today it was the last day in our VMware vSAN Deploy and Manage course. Nevertheless today we have given everything again. We had a deep dive in designing vSAN solutions, we discussed the key topics in design decisions and also played around with some what-if scenarios. But as every day we kicked off with some review what we discovered yesterday, and again to make for everyone clear what vSAN really is.

Day 3

Daily review

What is vSAN:

  • Software Defined Storage
  • Hyper Converged Infrastructure
  • Network Storage Topology
  • Hypervisor integrated
    • That means less latency
    • no dependencies on VMs
    • support
    • distributed
  • local disks presenting one datastore per cluster

Use cases:

  • VDI (licensing, offload of IOPS, scalable)
  • Test / DEv environments (projects, easy, growth)
  • Branch Office / Remote Office (same solution, backup)

Install vSAN:

  • Simple, with GUI, all from the web client (with just few clicks)
  • install vSphere
  • create a Cluster
  • set a VMkernel for vSAN
  • disable HA
  • claim disks
    • create disk groups
    • claim them as cache / capacity tier
  • enable vSAN

What’s in the default vSAN policy:

  • FTT = 1
  • Stripes = 1
  • No reservation (neither cache nor capacity)
  • Thin provisioning

What is a Fault Domain:

  • an area which may can fail
  • plan to recover impact of Ops
    • Rack awareness
    • Site awerness

Availability:

In vSAN there are two states of compliance…

  • Compliant
  • non compliant
    • Absent => wait for 60 minutes, then rebuild
    • Degraded => rebuild immediately

What-if failures:

  • Cache disk fails => lose disk group => latency increases
  • Capacity disk fails => degraded => rebuild => VM back online
  • Controller => host issue => HA response
  • Host outtage (complete loss of host) => HA response => VM response

Module 7 Lesson 2 – Troubleshooting

Some topics we covered already yesterday. Today it was also some repetition and a quick overview about troubleshooting and some of the tools we discovered yesterday. There are so many tools for troubleshooting available, either already built-in or community driven, i think the list could be longer. But at least some of the most known tools i will provide you with this list.

  • vCenter (you don’t say…)
  • vROPS
  • esxtop
  • Wireshark (yes indeed; capture packets on ESXi and analyze them with Wireshark => pcap)
  • vSAN Observer (based on Ruby)
  • RVC (Ruby vSphere Console)
  • Health Service Plugin
  • vCheck
  • PowerCLI scripts (combined with Onyx)

A cool tool indeed is vCheck. It’s based on Powershell scripts and runs against your vSphere infrastructure (there are scripts for other stuff too). You schedule the scripts and you can reveive notifications about changes, issues (before they become a real deal). So when you arrive in your office you already know what’s going on (or what’s not). Also worth to mention is vSAN Observer. It’s already there, just start it and access the built-in webserver to get an overview what’s going on in your vSAN environment.

Module 8 -Stretched Cluster

After doing some work in the labs we talked about design. And having a stretched cluster is also a question of design, how to create a solution which covers rack outtages or even a complete site outtage. You can do that with a stretched cluster. And the failover happens automatic (what may probably not the best solution in every fail over situation…).

When planning a stretched cluster you have to concern about resources. You need 50% spare capacity on both sites (talking about two racks or two sites) in HA admission control. Imagine that one site / rack should keep the other one online, and the stuff which is already running on the secondary site too.

You don’t have to use SRM (Site Recovery Manager) for a failover. vSAN does that for you automatically. If you use SRM then you have to have a recovery plan for each and every VM. Thats a lot of planning and even checks if there are new or changed VMs. Not to think about the costs. You need SRM licenses and a second vCenter license.

Talking about the vSAN witness. A witness is a separate ESXi box. This can be a physical server with ESXi which needs to be licensed. This physical server can’t be a member of a cluster, but it can run some VMs on it. Or you can get a witness appliance, which represents a special ESXi as an appliance, which runs on a ESXi server. This appliance cannot run VMs on it.

You can have a ROBO vSAN cluster in your remote office / branch office which consists only of two ESXi hosts in this cluster. If you’re doing so you have to have a witness host / appliance in your main office site. You always need somewhere a witness to have the quorum in case of an HA event. And remember the 5 heartbeats. In the case of an outtage, after 5 missed hearbeats your host is gone and a failover happens.

Module 10 – Designing a vSAN deployment

That’s not a random list of IT buzzwords, folks. You have to consider these key points when you’re designing a vSAN solution (probably any other scalable solution too).

Availability Management
Managability Virtual machines
Performance Compute
Recoverability Network
Security Storage

Let me give you some more things to consider. In the way of designing a vSAN solution you will have to find answers to these questions. Some answers you will get from your customer when talking with him about a solution for his specific needs. Some other answers you will find when you design the solution. And you will find some more questions too…

Requirements (must have / be / do)

  • “RPO of 15 minutes”
  • “RTO of 5 minutes”
  • Location of data / data center

Constraints (design decisions)

  • “Must work with existing network hardware”
  • “Must work at this site”

Assumptions

  • “We have enough bandwith”

Risks

  • “If the bandwith is not enough => risk of not meeting the SLA”

If you covered the topics above (and the bullet points are just ideas, there are lot more to cover) then you will proceed with the design.

Conception

Logical

  • “Keep data at this location”
  • “We want two sites, one for failover”
  • Should also be vendor independent

Physical

  • Here you can come in with the vendor and create the solution
  • vSAN here, stretched cluster there
  • Network links from here to here
  • Backup then with this
  • and so on…

And if you are searching some benchmark tools for your newly created solution, there you go:

  • HCIBench (https://labs.vmware.com/flings/hcibench)
    • simplify and accelerate customer POC performance testing
    • not only a benchmark tool designed for Virtual SAN
    • evaluate the performance of all kinds of Hyper-Converged Infrastructure Storage in vSphere
  • HammerDB (http://www.hammerdb.com/)
    • open source database load testing and benchmarking tool
    • Oracle Database, Microsoft SQL Server, IBM DB2, TimesTen, MySQL, MariaDB,  PostgreSQL
    • Postgres Plus Advanced Server, Greenplum, Redis
    • Amazon Aurora and Redshift and Trafodion SQL on Hadoop

Here you can find the other blog posts about the vSAN deploy and manage course:

VMware – vSAN Deploy and Manage course – Day 2

by

This week i attend the VMware vSAN Deploy and Manage course with Paul McSharry as our instructor. I’m still learning and preparing for my VCP6-DCV which i will catch before new years eve. And there is a helluva stuff to stuff in my brain. This course is not especially for VCP exam, but it will help to answer at least some question about vSAN, which is part of vSphere and this in turn is part of the VCP. So it’s not bad to get some insights.

Day 2

Starting off with day 2 we had a quick review about yesterday, what we did and what we discussed on day 1. We repeated what vSAN is, what you can do with it (and what not; see Pauls review question list further down). Today we worked a lot in the labs to get familiar with some functions, and probably some stuff you wouldn’t do just so in production. We enjoyed also a small outlook to vSAN 6.5 and some of its features in comparison with vSAN 6.2.

Review Question List

After Pauls questions we talked about some basic networking stuff. We discussed load balancing, features of virtual distributed switches and so on. vSAN is set up in just a few clicks. But you have to look for the networking. vSAN is a storage topology which depends on proper configured and well performing network connections. So its a good idea to make the network admins your friends.

Module 5 Lesson 1 – vSAN policies and VMs

A policy is a state config and a specification and it defines basically the SLA. It can be configured at VM or even at VMDK level. The FTT value describes how many hosts can be tolerated to be lost. FTT generates the replicas of your data (how many copies to store). When using stripes we talk about performance. Stripes define the number of physical disks across which each replica of a storage object is striped. It could increase the performance if you add some more stripes. But also the ressource usage will increase. And you will have to have probably more disks.

Another component in vSAN is the witness. It is the tiebreaker for objects. The cluster needs always a quorum to decide what to do in case of an outtage (absent or degraded state). Per default, if a host is absent (the cluster does not know what happend with that host), your data will be replicated after a wait time of 60 minutes. If the cluster is degraded (cluster knows what happend with a dowend host) then the data will be replicated instantly. You can see that the default vSAN policy with FTT=1 is always your safety net. It is recommended not to edit the default vSAN policies but to create new ones and apply those to your vSAN storage / VM / VMDK.

Module 2 Lesson 2 – vsanSpares Snapshots

Is a snapshot a backup? Most people would freak out at this question. No, it’s not a backup. If you want to make backups of your VMs (and thats a damn good idea…) you should use vSphere Data Protection (or other third party products). But VMware did some changes especially for virtual SAN snaptshots. It’s called the vsanSparse Snapshot. A traditional snapshot will be created, but with this new VMDK type. The delta file will be mounted with a virtual SCSI driver, all the read requests are served through the in-memory cache (physical memory from the host) and all writes go directly to disk. It should not create any performance impact and you can keep up to 32 snapshots as long as you want. But don’t do that. Really.

Module 6 – Management (HA & Update)

At the beginning of this module we talked about the maintenance mode and its specific differences in a vSAN cluster. The maintenance mode enables you to take a host out of rotation. This is the normal vSphere (HA / DRS) maintenance mode. The vSAN maintenance mode is slightly different.

When you put a host in a vSAN cluster in maitenance mode then you can choose between three modes:

  • Ensure accessibility => move objects to active vSAN ressources as needed to ensure access.
  • Full data migration => move all objects to active vSAN ressources, regardless of wether the move is needed.
  • Do nothing => move no objects. Some objects might become unavailable.

We discovered in a class discussion that, depending on the amount of data residing on the hosts, it could be painful to put a host in maintenance mode, even if you don’t do a full data migration but just ensure accessibility. It can take some minutes up to some hourse until the host is in maintenance mode. But you can decrease the time needed with adding more hosts, increase FTT and also stripes.

High Availability

Few words about HA (High Availability). If your cluster already has HA configured, then you cannot enable vSAN. You have to disable HA, enable vSAN, and then enable HA again. When HA is turned on, the FDM agent (HA) traffic uses the virtual SAN network. The datastore heartbeat is disabled when there are only vSAN datastores in the cluster. And HA will never use a vSAN datastore for a heartbeat, because the vSAN networking is already used for network heartbeat.

What happens with physical disk failures? In traditional server environments or with a normal SAN you create a RAID array, probably with a hot spare, to ensure immediate disk replacement if a disk fails. With vSAN the redundancy is built logically directly within vSAN (FTT, stripes, witness). Thats the reason you shouldn’t create a RAID array but configure your disk controller to pass-through mode, so vSAN is aware of each physical disk and its state.

Upgrade Process

The upgrade process for vSAN in a few words…

  • it’s non-disruptive
  • but it’s I/O intensive
  • you can’t downgrade a disk group once the upgrade is completed
  • it needs more than 3 hosts (run the allow-reduced mode => potential risk)

vSAN Upgrade Process

Before you upgrade check the hardware for vSAN 6 support (HCL…). The rest of the upgrade process is straight forward:

  1. First upgrade your vCenter
  2. then upgrade the vSphere Update Manager (VUM)
  3. Afther that upgrade your ESXi hosts to version 6
  4. Confirm that Ruby vSphere Console (RVC) is accessible
  5. Login to Ruby and execute the upgrade script at cluster level
    1. vsan.v2_ondisk_upgrade /<vcenter>/<Datacenter>/computers/<cluster>
  6. Maintenance mode is not required at host level

Now the upgrade utility runs some checks and begins with upgrading the on-disk format.

You can upgrade the disk groups as followed:

  • Evacuate all data from the disk group you want to upgrade
  • Destroy this disk group
  • Rebuild the disk group with the latest on-disk format
  • Repeat the steps above for all remaining disk groups

Module 7 – Monitoring vSAN

The monitoring part we have only touched. There are a lot of vSphare built-in and also community driven tools for monitoring vSAN.

Built-in:

  • vCenter
  • vSphere Web Client
  • DCUI
  • SSH / vCLI / PowerCLI / ESXicli
  • esxtop
  • vROPS
  • Ruby / vSAN Observer

Community driven:

One cool built-in tool we tried out today on day 2 in our course. Its the Ruby vSphere Console (RVC) with which the vSAN Observer can be enabled / started. The process starts a webserver which you then can access via https://vCenterServer_hostname_or_IP_Address:8010. The result looks like this:

vSAN Observer

The initial configuration is not that easy, but its not a big deal. Enter some commands and you’re good to go. The webserver will stop itself after a runtime of an hour or if you manually stop it with Ctrl + C in the CLI console.

Module 8 – Stretched Cluster

Everyone knows a cluster, a group of servers that act like a single system. A strechted cluster is very similar to a normal cluster, with the difference that you cover two sites with the same cluster (or probably multiple racks in one datacenter), including vMotion, storage vMotion and all other cluster-enabled features.

A stretched cluster helps you to…

  • do maintenance of a complete site with no downtime
  • lower RPO for unplanned failures

Setting up fault domains enables you to set…

  • Rack Awareness (1st is primary site, 2nd is failover, 3rd is witness)
  • Site Awerness (across sites)

A stretched cluster has some specific requirements (some are also required to setup vSAN itself):

  • L2 stretched network for vSAN (Multicast)
  • L3 routed network between witness and vSAN hosts (Unicast)
  • Less than 5ms network latency for data
  • 200ms latency for witness
  • 500ms latency for ROBO (the two-host vSAN in your remote office / branch office)
  • 10GB links are recommended
  • If you have less than 10 VMs in your ROBO then you’re fine with 1GB links
  • Consistent MTU size from end to end

You can imagine the following scenarios when there are outtages in your environment:

  • Failed site => site failover
  • Failed host same site => if ressources are good to handle the SLA then same site, otherwise DR in other site
  • Failed witness => everyone carries on workin because no tiebreaker is needed
  • Failes network between sites => Restart to preferred site
  • Failed site with vCenter => Witness comes to use to restart to FD2 site

Conclusion

Today we learned a lot about vSAN in its technical details. With an all-flash solution you get lots of IOPS and performance. With a stretched cluster you can even tolerate a complete site failure. Think about that! VMware Virtual SAN is a really cool storage topology which is easy to setup if everything is prepared correctly (networking!).

Here you can find the other blog posts about the vSAN deploy and manage course: