TheSaffaGeek

My ramblings about all things technical


9 Comments

What’s New in vRealize Automation 6.2

Today at VMworld Europe, VMware are going to announce vRealize Automation 6.2 which is the renamed vCloud Automation Center solution but obviously the next version which is due to be available in Q4 this year. It does seem like there is a new version every six months of the solution as vCAC 6.1 was only GA 6 weeks ago which added a whole host of new features.

Below is an overview of what is being added in the vRealize Automation 6.2 product, fortunately there isn’t a change to the architecture so for those who have recently deployed vCAC 6.1 to customer like I have recently you don’t have to stress about doing the upgrade like it was between previous versions.

Upgrade and Migrate to vCAC 6.1

Release 6.0.1.1 to release 6.1

  • 6.0 must first be upgraded to 6.0.1.1
  • In-place upgrade from 6.0.1.1 to 6.1
  • Application Services (AppD) requires side-by side migration

Release 5.2.1 to release 6.1

  • Older versions must be first upgrade to 5.2.1
  • 6.1 will be installed side by side with 5.2.1
  • A migration utility will move data from 5.2.1 to new 6.1 deployment
  • Will require some system down time
  • Does not include AppD

vRealize Automation 6.2 Summary

Enhanced integration between vRealize Operations and Automation

  • Health status displays
  • Reclaims inactive VMs

Admin Friendly CLI

  • Simplify scripting of vRealize Automation commands

Enhanced Endpoint Support

  • vSphere 6 (Q1-15)
  • XenDesktop 7
  • Enhancements to vCloud Air

Proxy Support

  • Pay as you go support (Q1-2015)
  • OpenStack (Havana)

vRealize Automation 6.2 In-Depth

image

image

image

image

image

CloudClient

image

CloudClient Overview

  • Command-line utility that provides verb-based access with a unified interface across the vCAC APIs (including IaaS, Applications, vCO)
  • Focused on providing an easy-to-use command-line interface for the IT administrator where scripting and CLI use is more feasible than direct API calls
  • Stable interface while underlying APIs may change over time
  • Provides common security; exception handling; JSON, CSV and tabular formatting; file export; auto login for scripting (password and keyfiles); and auto-generated documentation.
  • Available as a separate Download in Early Q4 (supports 6.1)

Make sure you  watch the live VMworld keynote to learn more.

Advertisements


1 Comment

What’s New In vCloud Automation Center 6.1

Not long after VMworld Europe vCAC 6.1 was released. For the past year I have been very fortunate to have been on some very large vCAC projects as an extension of VMware PSO and have seen the product change dramatically. there have certainly been some challenges but I’m super excited about vCAC 6.1 and from the experience I have gained of it so far it is looking very solid and now can work seemlessly with vCO along with a number of other great new feaures. So below is an overview of what is new in vCAC  6.1.

vCAC Extension

image

image

image

image

Interested in Developing a VCO Plugin?
Free Access to the vCO Plug-in SDK

  • The SDK has samples and documentation to facilitate development
  • http://communities.vmware.com/community/vmtn/developer/forums/orchestrator
  • Additional Resources

    Distribution on VMware Solutions Exchange
    – Contact: Meenakshi Nagarajan
    mnagarajan@vmware.com for additional info

    image

    image

    Automating Application and Infrastructure Services

    Simplifying the deployment and management of single machines and complex multi-tired applications.

    image

    image

    image

    image

    image

    User Experience

    image

    image

    image

    image

    image


    Leave a comment

    VCAP-CID Objective 1.5 – Determine Security and Compliance Requirements for a Conceptual Design

    Knowledge

    Identify relevant industry security standards.

    • For security standards there are a few and for these they are normally for government,finance,military and telecommunications. There are a few standards each of these keep to and they largely overlap into the next point of compliancy. For example here in the United Kingdom there are a few cloud vendors who run community clouds where they assure they meet business impact levels and each of these levels determines the requirements for protection. A really good article straight from the UK government is here where information security is defined based on a number of criteria. A lot of government and military companies keep data in IL2 or IL3 and vSphere 4.0 and 4.1 were actually verified to meet IL3 compliancy. Recently they are still EAL4+ and FISMA certified.
    • For your conceptual design you will need to know what abstraction is required based on whatever the relevant security standard is and most likely have to sit down with the compliancy officer and determine what they feel is required for them to approve your solution meets their security standards.

    Identify relevant industry compliance standards.

    • There are a number of compliance standards that are used  from various companies who process credit cards, hospitals who keep peoples personal data to companies who have to keep to specific regulations. There are a number of these and some are only applicable in specific countries but the ones I think are the most likely to be seen in a vCloud environment are:
      • Sarbanes-Oxley
      • Health Insurance Portability and Accountability Act (HIPAA)
      • Federal Financial Institutions Examination Council (FFIEC)
      • Payment Card Industry Data Security Standard (PCI DSS)
      • International Organization for Standardization (ISO) 17799
      • National Institute of Standards and Technology (NIST)
      • International Organization for Standardization (ISO) 27001
    • A really great example of this is the Architecture Design Guide for Payment Card Industry (PCI) document by VMware. This is PERFECT in showing the kinds of things you need to keep in mind and the varying mechanisms to achieve this. The document goes much deeper than conceptual but seeing as you will have to go from conceptual to logical and then to physical it makes sense to learn it now.
    • Another great document by VMware that is mentioned on the blueprint is the Infrastructure Security: Getting to the Bottom of Compliance in the Cloud document.

    Explain vCloud security capabilities.

    • This along with the two points above are covered  perfectly in appendix B of the vCAT Architecting a VMware vCloud pdf. For the conceptual design this is more around isolation and multi-tenancy but the whole of appendix B gives a great break down of the kinds of security that is possible within vCloud and the mechanisms and products that can be used to achieve this.

    Identify the auditing capabilities of vCloud technologies.

    • This is the vast mechanisms such as logging,log retention, syslog shipping and firewall logging via vCNS to name but a few that are possible via vCloud. Appendix B of the vCAT covers these off really well and the retention policies mentioned in the Architecture Design Guide for Payment Card Industry (PCI) document cover off the kinds of auditing you may be requested to do. For conceptual this isn’t very applicable and I’m amazed it is actually mentioned here.

    Skills and Abilities

    Based on customer requirements, determine auditing requirements for a vCloud conceptual design.

    • These would be determined in design workshops and discussions with different subject matter experts within the customer around what they are looking to audit/log and if there are any compliancy standards they needs to meet. If they are a service provider who provides public cloud to the general public then there is a very good chance they have to meet PCI compliancy for example and so retain logs and do auditing to ensure security and allow retrospective inspection. For a conceptual design auditing isn’t something you would put in your “napkin” design but knowing if you need additional auditing does mean you have to design to be prepared for this in the logical and physical designs.

    Based on customer requirements, determine security requirements for a vCloud conceptual design.

    • A large portion of this is the same as above as with security requirements around compliancy includes auditing also.  For example if it is a private cloud that is being designed but it is for a hospital, then HIPAA standards need to be met and so certain security measures need to be applied. For conceptual this is mainly around separation, defence in depth and usage of two factor authentication to name a few off my head. How different zones within the cloud offering are separated and secured also need to be planned for and conceptually designed.

    Based on customer requirements and vShield Edge security capabilities, determine the impact to a vCloud conceptual design.

    • For this you need to know what vShield Edge is capable of doing and in what use cases each of these would be used. A perfect document that describes this is the vShield Edge Design Guide Whitepaper. The actual impact to a conceptual design is mainly that vShield Edge allows isolated virtual datacentre’s hosted on a common physical infrastructure instead of needing siloed physical infrastructures. The separation via the vShield Edge firewall is in most cases more than sufficient but knowing where physical separation is required (PCI for example) is also very important.
    • vShield Edge also provides IPSec VPN capabilities which are very important for the security of your cloud infrastructure. Knowing that the vShield edge can provide this along with NAT,Load balancing and most importantly for this section firewall capabilities via one device means you don’t need multiple devices like in a traditional multitenant design.

    Explain the logging capabilities of the various VMware products.

    If you feel I have covered something incorrectly please let me know as I’m learning like everyone else and I certainly don’t claim to be perfect (near it but not perfect Winking smile ). Also the vBrownbag covered the whole of objective 1 here.

    Gregg


    Leave a comment

    VCAP-CID Objective 1.4 – Determine Availability Requirements for a Conceptual Design

    Knowledge

    Identify availability options for management components.

    • Availability can achieved within the vCloud architecture in a number of different ways and via differing methods. I’m going to break them up into different categories and i’m not going to cover each one but if you understand the different methods I think when you are reading the vCAT or any other kind of design book you’ll be able to identify them with ease.
      • Redundancy: This is simply creating multiple instances of an important service to ensure that if one or more fail that the solution isn’t impacted by this. There are multiple examples of this but the most simple but one of the most important in my opinion is the creation and usage of multiple vCloud cells to ensure load balancing but more importantly redundancy in the event of a loss of a vCloud cell. You can also cover this further down the stack with Heartbeat in the vSphere layer(even though this has now been made end of life) ,multiple network cards from the physical networking and multiple redundant switches to multiple redundant storage processors.
      • Disaster Recovery/Failover: This is covered in a whole section in the vCAT which goes over methods of utilising products like SRM to configure disaster recovery of the management layer. For conceptual this is more about knowing what is and isn’t possible but also taking the availability requirements of the customer from a business impact analysis where it is deemed the amount of money a customer is willing to lose due to downtime and then equate this to a number of nines. The table below gives an example of the number of times compared to amount of downtime and with the larger the number of nines this will then mean more expensive solutions which you will need to advise your customer about (99.9 can be met by HA for example but 99.99 will require heartbeat and synchronise replication with QoS). For conceptual you don’t cover specific products but knowing that you will need a DR site with fast links between will cover this for example.

    HA

    Differentiate between management components and resource components.

    • This is simply determining what should be part of your management cluster and what should be part of your resource cluster. I think this is really straight forward as anything in your management cluster is used to provide services to you the vCloud administrator and the resource cluster/s are for your customers to provision to and is the pools of resources you configure as your provider virtual datacentres. The below image is a great example of a conceptual diagram of the management and resource clusters.

    conceptual

    Skills and Abilities

    Explain compatibility of various vSphere high availability features with a vCloud design.

    • This is covered perfectly in appendix A of the vCAT Architecting a VMware vCloud pdf so I don’t see the need to explain it here and i think it is better if you go through that instead. The link to the online documentation centre is here 

    Given customer requirements and constraints, determine appropriate customer Service Level Agreements (SLAs) for the conceptual design.

    • This is covered in more depth within objective 1.6 so we will cover this in that section.

    Determine how given SLAs impact availability design decisions.

    • This is covered in more depth within objective 1.6 so we will cover this in that section.

    Given customer requirements and constraints, determine how to achieve desired availability.

    • From the design workshops and requirements collecting you will have worked out what the customers requirements and constraints are and will then have to work with these to try meet them all. For this it is their availability requirements which will be as I mentioned above their permitted amount of downtime per year along with their RPO’s ,RTO’s , MTD’s and WRT’s. From this you will have to work with their constraints to design a solution that meets their requirements so for example if they have an RPO of 5 minutes for critical systems within the management cluster in the event of a site failure this cannot be achieved via SRM with vSphere replication. For the conceptual design my example isn’t applicable but knowing this kind of limitation will then mean you know conceptually what needs to be created (multiple sites with fast links that have near zero latency for multiple data service providers and storage that can achieve this)

    Given customer requirements and VMware technologies, determine availability impact to the conceptual design.

    • I feel this is largely what i have mentioned above but now you are including VMware technologies limitations/capabilities into your thinking which I actually did above. You will need to know what is and isn’t possible with HA for example and how it’s can only provide a certain level of availability and is limited by the amount of restarts it can achieve at once whilst being possibly limited by priority groups.

    If you feel I have covered something incorrectly please let me know as I’m learning like everyone else and I certainly don’t claim to be perfect (near it but not perfect Winking smile ). Also the vBrownbag covered the whole of objective 1 here.

    Gregg


    Leave a comment

    vCloud endpoint wont delete from vCAC 5.2

    I am currently working on a project that is using vCAC 5.2 ,vFabric Application Director 5.2 and vCloud 5.1 to provide automated self service provisioning of resources for customers (super learning experience).

    Whilst going through the manual steps of removing a test customer from the solution before automating the steps through VCO, I hit a very strange problem where at the point of deleting the endpoint to the vCloud Organisation that was assigned for the test customer I got an error stating “ Error has been caught,see event logs located on the vCAC server for detail” and as shown below.

    clip_image001

    If I went to the the logs within vCAC there were two errors linked to the problem. the main one stating “….  Inner Exception: the DELETE statement conflicted with the REFERENCE constraint “HostNic….”

    clip_image002

    The error is showing that a computer resource is still attached to the endpoint even though I had removed the computer resource from the vCloud Enterprise Group computer resources selection, removed the Org VDC from vCloud and run a manual data collection. It seems that there is a bug at present that doesn’t allow the removal via the UI (bug report already opened before someone asks) so what you need to do is (I make no promises or guarantees around this script so use at own discretion and backup your DB before running this):

    1. Go to the SQL server that hosts the vCAC database.
    2. Open SQL Management Studio as a user with sufficient permissions.
    3. Select the vCAC database and click the New Query button at the top left.
    4. Ensure the vCAC database is selected.
    5. Paste the following SQL script in the query box and change the ‘ORG VDC NAME’ to the name of the Organisation VDC that the endpoint was connected to and execute the query.

    DECLARE @HostId uniqueidentifier

    SET @HostId= (SELECT HostId FROM Host WHERE HostName = ‘ORG VDC NAME’)

    DELETE FROM VirtualMachine WHERE HostID = @HostId

    DELETE FROM HostNicToReservation WHERE HostNicID IN (SELECT HostNicID FROM HostNic WHERE HostID = @HostId)

    DELETE FROM HostReservation WHERE HostID = @HostId

    DELETE FROM HostNic WHERE HostID = @HostId

    DELETE FROM HostToStorage WHERE HostID = @HostId

    DELETE FROM AdminGroupToHost WHERE HostID = @HostId

    DELETE FROM ResourcePool WHERE HostID = @HostId

    DELETE FROM Host WHERE HostUniqueID = (SELECT HostUniqueID FROM Host WHERE HostID = @HostId) AND ClusterHostID = @HostId

    DELETE FROM Host WHERE HostID = @HostId

    1. The results should show that some values have been changed.
    2. Now you can remove the endpoint from vCAC and the computer resource won’t show up for selection under the vCloud Enterprise Group either.

    I hope this saves someone the time I spent trying to fix the problem.

    Gregg


      Leave a comment

      VCDX Spotlight: Garrette Grouwstra

      Name: Garrette Grouwstra

      Twitter Handle: @VirtualCanadian

      Blog URL: vCanadian.ca

      Current Employer: Long View Systems

      VCDX #: 127

      How did you get into using VMware?

      I was working for a small ISP in 2009, and began a consolidation project to go hand-in-hand with their upcoming infrastructure refresh. As soon as I started using ESXi 3.5, I thought that the whole idea of virtualization was something I needed to focus on professionally.

      What made you decide to do the VCDX?

      For the past 2.5 years, I have had the privilege of building and architecting a public cloud offering to help diversify the services that the company I work for offers to clients. VCDX-DCV had been on my mind at the time as I watched others in the organization (@vcloudmatt and @DavesRant) go through the process. Once the Cloud track was announced, I knew that would be my next goal.

      How long did it take you to complete the whole VCDX journey?

      That is a tough question, as the VCDX-Cloud certification is still brand spanking new. I had to complete all of the prerequisites first, I received the VCP-Cloud in August of 2012, followed by the Beta’s of the VCAP-CID, and VCAP-CIA, which I received in February 2013.

      I started writing my design documentation in March of 2013, putting it aside while I planned a wedding and went on a honeymoon, and picked back up in August 2013. With the help of my design Co-author, Matt Vandenbeld (@vcloudmatt), I was able to complete the application by the end of December, and was fortunately invited to defend in February 2014.

      What advice would you give to people thinking of pursuing the VCDX accreditation?

      1. Get support from your family, and work. I was lucky that both my husband and Long View Systems gave me time, and supported me on this journey. I could not have remained sane without them.

      2. Set milestones to complete sections of your design doc, and within all supporting material. Keep to the deadlines.

      3. Don’t work in a vacuum. There are many great resources out there, both blogs and people (Inside and outside of your organization). Use them

      4. Know your design inside and out. Really, I mean it.

      5. Accept that you may have submitted a design with mistakes. Own those mistakes and call them

      6. Practice, practice, practice! Find others in the community that are able to assist you, and do mock defences, design and troubleshooting scenarios. Brad Christian (@BChristian21) organized mock defences between most of the candidates defending at PEX. The group ripped my design apart more so than they did in the room, and were amazing help preparing.

      7. Breathe. Take a time out before the actual defence to compose yourself.

      If you could do the whole VCDX journey again what would you do differently?

      The only thing I would do differently is more mocks. I saw myself grow so much as a consultant and VCDX candidate during the weeks leading up to the defence, and the mocks were a LARGE part of that. I wish I would have done more troubleshooting and design mocks.

      Life after the VCDX?  How did your company respond?  Was it worth it?

      The VCDX is a certification I achieved for myself, not for my company. They have been supportive along the way, and all congratulated me, however I did not, and do not expect much to change from a company perspective.

      The biggest change personally, is that I have free time again. I’m still trying to come to terms with that and debating how to fill the void that VCDX prep has left.


      4 Comments

      vCAC 6.0 Resources

      As most people who work with VMware will know vCloud Automation Center version 6 was released last week and with the plans for vCAC to become the route for non VSPP partners for cloud plus the added features and functionality of 6.0 the twitterverse is alive with people looking to learn more. I am one of those people and was even fortunate enough to be part of the beta for 6.o but there is loads to learn so I decided to start a list of really great resources around the product that I could use to skill up with and thought it would probably help other people as well and so this is what this blog posting is about. I am hoping to continually add more resources to this list and welcome any recommendations on good resources.

      Product Landing Page:

      Product Documentation:

      Release Notes:

      Compatibility Matrix:

      Installation and configuration blogs:

      Distributed Installation

      Sam McGeown has done a series around the distributed installation of vCAC 6.0 which isn’t as simple as you would hope.

      1. VCAC 6.0 build-out to distributed model – Part 1: Certificates
      2. vCAC 6.0 build-out to distributed model – Part 2: vPostgres
      3. vCAC 6.0 build-out to distributed model – Part 3.1: Configure Load Balancing with vCNS
      4. vCAC 6.0 build-out to distributed model – Part 3.2: Configure load balancing with NSX
      5. vCAC 6.0 build-out to distributed model – Part 4: Deploying and clustering a secondary vCAC Appliance

      Training

      Automation of the Installation

      Day 2 Automation

      Jonathan Medd as created a brilliant series of postings around vCAC tenant creation

      Automating vCAC Tenant Creation with vCO: Part 1 AD SSL
      Automating vCAC Tenant Creation with vCO: Part 2 AD Users, Groups and OUs
      Automating vCAC Tenant Creation with vCO: Part 3 Install the vCAC plugin for vCO
      Automating vCAC Tenant Creation with vCO: Part 4 Creating a Tenant
      Automating vCAC Tenant Creation with vCO: Part 5 Creating an Identity Store
      Automating vCAC Tenant Creation with vCO: Part 6 Adding Administrators

       

      Top orchestration blogs

      http://vcoteam.info/

      http://elasticskies.com/

      http://cloudyautomation.com/

      http://v-reality.info/

      http://www.vcacteam.info/

      http://www.vcoportal.de/

      http://d-fens.ch/category/technology/

      Orchestrator Videos

      Intro to vCenter Orchestrator

      vCenter Orchestrator Install and Configure

      Using vCO to manage Active Directory and Exchange

      Advanced vCO

      Converting vCO Workflows to versionable code

      FREE VMware vCenter Orchestrator Instructional Videos [Updated]

      VMware Hands On Labs

      Videos:

      VMwareTV have now posted 30 videos covering vCAC features http://www.youtube.com/user/vmwaretv?feature=watch

      vCAC 6.0 Extensibility Overview

      #vBrownBag Automate ALL the things – vCAC 6.0 Installation with Jon Harris (@ThevCACGuy) from ProfessionalVMware on Vimeo.

      #vBrownBag Automate ALL the things – vCAC 6.0 Getting Started with Jon Harris (@ThevCACGuy) from ProfessionalVMware on Vimeo.

      Reference Architecture Guide:

      http://www.vmware.com/files/pdf/techpaper/vmware-vcloud-automation-center-60-reference-architecture.pdf

      Helpful vCAC 5.2 Resources

      Just because some people will still be asked to do vCAC 5.2 . Also the installation notes only cover installing all the components on one server whereas Arnim has detailed how to do it when you have separated the components like you would in a production environment. I’ve used these notes on a 5.2 engagement and assure you these are correct compared to the actual VMware instillation notes

      http://www.van-lieshout.com/2013/08/vcloud-automation-center-part-1-vcac-components-overview/

      http://www.van-lieshout.com/2013/08/vcloud-automation-center-part-2-installation-preparation/