All (good) things come to an end. Goodbye C# client

Yesterday VMware announced the retirement of the C# client or vSphere Client for Windows. It will not be available for the next version of vSphere.
The next version of vSphere will get a HTML5 based Web Client, this will not only replace the C# client but will also replace the current Flash based Web Client. Although both web clients will coexist for some time to give (3rd party) plugins time to move from the Flash based Web Client to the new HTML5 based Web Client.
VMware states that the HTML5 Web Client will bring a great user experience. Currently you can already try the new HTML5 "look and feel" when you run ESXi 6.0 Update 2, this includes the Embedded Host Client which started of as a VMWare Lab Fling but made it into the Update 2 release.
And if you want to take it even a step further in your lab (VMware Lab Flings should not be used in a production environment), you can go ahead and get the vSphere HTML5 Web Client Fling!

At this time, it is not sure if the GA version of the HTML5 Web Client is going to look the same as the Fling does at the moment. But for the moment I really like the clean and basic look (called Clarity) of the Fling.

One other important thing to mention, VMware will try to stay on the same support model (supporting the one it’s released with, and one version back for upgrade transitioning) for the new HTML5 Web Client. Due to the amount of changes to the backend API it is not sure if they will be able to make this actually happen.

vRealize Orchestrator (vRO) licensing pitfall

vRO is a powerful tool used when you want to automate repetitive tasks on your vSphere environment. It has various plugins which bring integration with other VMware products as well as integration with third party hardware and software solutions.
vRO is a workflow based tool, besides the default workflows you can also create custom workflows. These workflows are stored in the vRO database together with the configuration data, depending on the use case you can choose either between a embedded database that is based on vPostgress or you can choose to use a external database solution based MS SQL or Oracle.

About the use cases which could use the embedded database, VMware documentation is not really clear on this. Because the Install and Configure documentation on vRO version 6.0.1 states that the embedded database should only be used for testing or PoC purposes. But the Install and Configure documentation on vRO version 6.0.3 states that default database option is suitable for small- or medium-scale environments. What is clear is that when you use the embedded database you cannot set up vRO to work in cluster mode, or change any licenses and the server certificate by using the vRO configuration interface.

So why am I writing about the database choice of vRO, well recently at a customer which uses vRO to automate tasks we ran into a operational issue when nobody could logon to the newly deployed vRO instance. It became clear that this vRO instances had been running on the default evaluation license, which stops working after its 90 day evaluation / grace period.
The solution would be simple, just login to the vRO configuration page and update the license key. But as documented in the Install and Configure documentation, when the embedded database is used you cannot update the license key from the configuration page. The only way to do this is to run the license update workflow from within vRO itself.
This was not possible because logon the the vRO client did not work because of the expired evaluation license. A solution to this "chicken and egg" problem was not easily found.

So how do you solve this problem, I first need to mention that I did not find this solution. All credits for the solution described below go to Martijn Went (@MartijnW01).

As mentioned earlier, when your vRO license is expired you cannot logon the the vRO client and run workflows. But you can logon to the vRO configuration page, after you first start the configuration service.

• Start the service and logon to the configuration page
• Go to the Database sub menu
• Change the database type to anything other than embedded, this will make License sub menu become available.

• Go to the License sub menu and go to the vCenter license tab and enter the details about the vCenter that needs to be used to license this vRO instance. Leave the port (443) and path (/sdk) default. Enter vCenter credentials and apply changes.
• After the connection to the vCenter is made the license will be verified, check the license details on the vCenter license tab you are on.
• Go back to the Database sub menu and change the database back to embedded
• Now you should be able to start the vRO service again.
• After the service is started, logon the the vRO client and run the workflow to license vRO to the vCenter license.

Now all should be operational again, the only thing that we had to do to be fully operational was reconnecting vRO to all vCenters within the environment. Not sure if this is related to the vRO configuration actions, but for some reason the vRO instance lost connection to the vCenters.

I'm sure this is not a supported solution, but VMware GSS did not have a solution on hand when they where contacted regarding this issue. The solution they found that might work, was to manually edit the database (replace the evaluation license key).

vSphere 6 template issue

A couple of weeks ago I was on-site at a customer. While working I needed to copy a couple of templates from their current environment to their new environment. For all except one template this worked as expected. The one template had some actions grayed out.

To complete my work I needed first the Rename action and second Remove form Inventory, it looked like this could possibly be a issue.
My first thought was that the template had become orphaned for some reason, but this would result in having all actions grayed out. To verify if this template was still usable I deployed a VM from it, this worked without any issues. The deployed VM looked fine.
After this action I took another look at the available actions for the template and all actions were available again, apparently the deployment action "fixed" the issue.
The real cause and why deploying a VM from it fixed it is still not clear to me, but I guess the deployment does something to either the vCenter inventory or the database that clears up the issue.

Deprecated VMFS volume(s) found on the host warning message

Last week I ran into a VMFS version warning message while building a new vSphere 6 environment for a enterprise customer. This environment is a green field deployment, so everything is new from SAN infrastructure, Network, Compute and Storage.
When I started adding payload ESXi hosts to their respective HA clusters, the only warning message I received was about the System logs being stored on non-persistent storage. This was expected as the hosts where Blades (without any local harddisks) which booted the hypervisor of a embedded USB device and there was no shared storage available yet.
After presenting shared storage and adding it to the ESXi hosts, being formatted in the process as VMFS 5 (VMFS 5.61 to be exact) all looked fine.
But when I rebooted the ESXi hosts, they came back online within vCenter and there was a extra warning message: Deprecated VMFS volume(s) found on the host. Please consider upgrading volume(s) to the latest version

The only action I had done on the environment between adding the shared storage and rebooting the hosts was deploying a OVA. This was the EMC VSI (Virtual Storage Integrator) appliance, deployment, configuration and installing of the plug-in went without any trouble.
Not sure if deploying the EMC OVA had anything to do with the warning message. In any case VMware has a KB article about the false positive deprecated VMFS warning.
KB2109735 does not disclose what is causing this false positive, but it does suggest a simple yet effective solution to the problem. At least it did solve the problem in my case.
By restarting the hosts management services the warning message is gone, the easiest way to do this is to run services.sh restart from either the DCUI or through a SSH session.

Installing vSphere 6 gotcha

The last couple of weeks I have been involved in the deployment of a vSphere 6.0 environment. This was my first vSphere 6.0 customer deployment.
Most of the implementation plan I wrote and as this was my first customer deployment I had to do some rework on my default implementation, which I have used on vSphere 5.5 implementations. To write this implementation plan I used the official VMware installation and configuration documentation as guideline. At the time of writing all implementation steps seamed logical, but when we came to the actual implementation we ran into a issue when we tried to add Identity Sources to the PSC (Platform Service Controller).
This customer vSphere environment is a large, multi tenant and multi site environment and for this reason together with the need for flexibility and scalability a design choice was made to use external PSC's. Also during the design sessions with the customer the decision had been made to use the vCSA (vCenter Server Appliance) instead of the up until vSphere 5.5 generally chose Windows based vCenter.
The issue we ran in to has to do with in which order you go to the configuration steps after the PSC is deployed. At some point you want to be able to join a PSC to the Active Directory domain to be able to use AD integrated authentication. When using external PSC's like in this particular case you don't join vCenter (vCSA) to the domain but the PSC. The reason for this is simple, SSO (Single Sign On) and Authentication services are provided by the PSC not vCenter.
The implementation plan followed the exact same steps for this part of the configuration as the VMware documentation and we followed the each en every step as they where documented in the implementation plan, but for some reason we still got a error message.
After verifying that I had used the most recent version of the VMware documentation I did a quick check on the VMware communities to see if anyone else had ran into the same issue.
There was a post dated March 27 2015 called "Wrong information in VMware 6.0 documentation vCSA 6.0" which described the exact issue and the writer came to the same conclusion that the VMware documentation has the configuration steps in the wrong order.
This community post was posted two and a half months ago, clearly VMware hadn't been able to update their online documentation.
Below you will find in short the correct steps and order to join a PSC (internal or external) to a Active Directory domain followed by adding Identity Sources to the PSC. For more details please have a look at the community post.

1. Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance.
2. Under Deployment, click System Configuration.
3. Under System Configuration, click Nodes.
4. Under Nodes, select a node and click the Manage tab.
5. Under Advanced, select Active Directory, and click Join.
6. Type the Active Directory details (use the administrator@your_domain_name syntax for the user).
7. Reboot the appliance, after the reboot login as described in step 1.
8. Navigate to Administration > Single Sign-On > Configuration.
9. On the Identity Sources tab, click the Add Identity Source icon.
10. Add the Active Directory domain as an identity source, enter the identity source settings, and click OK.
11. Finished, you can now continue with the rest of the configuration like adding AD security groups to the roles defined in Global Permissions.

I am sure that VMware eventually will update their online documentation. In the mean time, if you follow the steps described above the configuration should be easy. Alternatively you still could follow the steps as described in the VMware documentation, but you will run into this issue. The error message has gotten a link to the correct webpage where you can first join your PSC to a Active Directory domain. After a reboot you can then restart your configuration. Although the second option will take more time the end result will be the same.

VMware reveals vSphere 6 !

Most people in the Virtualization industry already knew, today was the day of the big VMware event. There was enough speculation about what VMware would be revealing, but generally most rumors were telling vSphere 6 (or vSphere next). The rumors were right, VMware launched vSphere 6 today.

So why does VMware call this the biggest launch in VMware history?

Well let's first look at the highlights of vSphere 6 and after we take a quick look under the covers of vSphere 6.

With the new release VMware is focusing more and more on vCenter as a virtual appliance, no longer the appliance is in any way inferior to the Windows based vCenter. Both have the same maximums, although Vmware Update Manager is embedded within the vCenter virtual appliance (vCSA) a separate Windows (virtual) server is still needed for this component.
New to the vCSA is a guided installer, instead of getting a OVF file from the vCenter installer ISO and importing it in your vSphere environment it now get's a separate ISO and a more wizard like deployment.
For most deployments and customers, I think that the vCSA is the way to go from now on. Easier to deploy and no reboots regarding Microsoft security patches and updates. More secure and build-in upgrade/patch functionality. Although there will still be some doubt around troubleshooting vCenter as a virtual appliance, in addition there are also some vSphere features not integrated in the vCSA (yet).

The configuration maximums have been updated to further improve scalability, clusters can now support up to 64 nodes, Hosts support up to 12 TB of RAM and Virtual Machines support up to 128 vCPUs and 4 TB of RAM. Creating Virtual Machines of this size you will need to use the new hardware compatibility version 11.
Personally I have not seen many customers that have a use for Monster VMs, but it is good for the customers that do have this kind of VMs to be able to scale when needed.

In addition to the already existing reservations for CPU and Memory, vSphere 6 introduces Storage IO Controls this supports per VM reservations for Storage. With this you can set reservation in IOPS per VM, in other words a guaranteed minimum in IOPS.

Now the feature everybody was waiting for (I know I was), Virtual Volumes ( VVol). During the last couple of VMworlds VMware has been very busy promoting and explaining what VVol is about and why we need it. There is already so much information published around VVol, please checkout this blog post of Cormac Hogan is want to read up on it, that I will spare you the details. VVols is VMwares' way of making (existing) SAN/NAS systems VM-aware. The granularity of the current storage systems is mostly at LUN level, with VVol this is brought down to VM level. Every VM is comprised out of a minimum of 3 files, VMX (VM configuration), VMDK (hard disk file) and a swap file. With VVol each of these files becomes a separate volume a VVol.
A VMware product already leveraging VVol is VSAN (Virtual SAN); this has been fun testing during the Beta program. The most important points I found exploring VSAN, it is simple to configure and manage. On top of that, depending on the hardware, it's incredibly high performance. Another new addition in the storage area is the introduction of NFSv4.1 support (with Kerberos).

The next important enhancement is around vMotion, possibly one of the most "famous" vSphere features. Up until this new release of vSphere, vMotion was bound within a vCenter, or actually bound within a logical datacenter object. With the new release this is no longer the case, you could almost state that you now can vMotion across anything. Being able to vMotion across different vCenters and long distance vMotion, which will work up to 100 ms RTT are the two enhancements most important to me as most of the customers I work with have multi site environments. With these enhancements multi-site load balancing and "follow the sun" principles become possible.

Other enhancements around availability are, vSphere FT is going SMP. Fault Tolerant is now able to protect VMs with up to 4 vCPUs. vSphere Replication is also enhanced and it will now support replication up to 2000 VMs per vCenter.

The biggest complaint about vSphere 5.X was without doubt the web client, the look and feel of it was not good, performance was even worse. Along the vSphere 5.X versions it got better, but still not good enough for VM admins to stop using the C# client. To no surprise the web client has gotten a lot of enhancements on the performance part, login, action menus, page loading time, they all have been improved. Also an important enhancement is that the home screen layout looks again like the C# client, the recent tasks pane is back to the location it belongs, at the bottom center of the screen. Also all menus are flattened for quicker access to all menu actions.

Next to the enhancements there are also some new features added to vCenter, the most important in my opinion is the Content Library. This is basically a place where you can effectively manage all your VM templates, vApps and ISOs. The content can then be synchronized / replicated across sites and or vCenters.
One new feature that is added, will be greatly appreciated by anyone who ever had to manually replace all SSL certificates across their vSphere environment(s). The CLI interface called VMware Certificate Lifecycle Management, is going to be the way of managing both VMware and 3rd party certificates.

One of the most important differences, in my opinion between vCenter in vSphere 6 compared to vCenter in vSphere 5.5 is the components it is comprised from. With the introduction of vSphere 5.1 we got SSO (Single Sign On), Inventory Service and Web Client as additional components that you could install on separate (virtual) servers next to vCenter itself. With 5.1 the general advice was to use a separate server for each of these components, especially in large enterprise environments to keep up  performance and scalability. With vSphere 5.5 this advice was replaced with "keep the components together as much as you possibly can". Also the SSO component was rewritten,  now with vSphere 6 all known components have been replaced. vCenter is now comprised out of only two main components, Management (vCenter server) and Platform Services Controller (PSC). This is similar for both versions (VCSA and Windows based). The management part handles vSphere management, Infrastructure monitoring and management and API's. And the PSC handles SSO, Licensing, Certificate Management (VMCA) and Identity Management.
And more important, the installation or deployment options have become a lot simpler. You either install both components on 1 (virtual) Windows server (embedded node option) or you install the components on separate servers (individual node option). The same options are available for the vCSA. For now the general rule is to use the embedded option for standard vSphere environments. For more complex environments, which consists of more then one SSO enabled solution (example: vRealize Automation Center) and/or future need to do PSC replication across sites use the individual node deployment.