Being half way through a large infrastructure migration, there have been some interesting issues turn up along the way which have then required updating to the design and deployment documentation. One of the steps that I need to perform is upgrade VM hardware compatibility and VMTools. This all seemed an easy enough task to complete, especially with Update Manager, that was until it came to doing the actual VMTools upgrade. Update Manager continued to fail on a large number of VMs. When the installation was manually ran, an error message “VMware Guest Introspection must be fully uninstalled before the installation can proceed.” would
What was interesting about this was that I had migrated away from a system that did not have NSX or Guest Introspection per se. The old environment was running traditional vShield and had moved to the new environment which was now running NSX Manager and Guest Introspection only.
After going through a couple of knowledge base articles around the subject, I went ahead and tried the removal of regkeys in VMware, this did not fix the problem; in fact it was a very simple fix.
In control panel –> Programs and Features -> select VMware vShield Endpoint.
Uninstall VMware vShield Endpoint.
Once complete you can successfully go ahead and upgrade VMTools.
Tag: VMware
-
Guest Introspection needs to be fully uninstalled first – Error message
-
Guest Introspection Service – NSX
Continuing on from my last post, I thought I would get in and talk about the Guest Introspection service before I roll back and redeploy my NSX lab.
In prior versions to vSphere 6.x, part of the VMware vCloud Networking and Security (vCNS) was vShield Endpoint that was installed onto each host to allow for agentless security products to interact with virtual machines through VMTools. This was a two component setup, you would first have the vShield Manager that was connected to your vCenter which then added an installation option on each host for vShield Endpoint. Once vShield Endpoint was installed and vShield Driver (Part of VMTools install), your antivirus/anti-malware software could then protect inside your virtual machines that have been set up.
Fast forward to vSphere 6.x and the release of NSX taking over the networking and security side of things for vSphere environments. vShield was partially removed in vSphere 6.0, but completely removed by vSphere 6.5. Replacing vShield is now the NSX Guest Introspection Service (GIS) that still gets deployed to each host, but the difference is instead of having a separate vShield manager, it is included with the NSX Manager.
The GIS is free (Depending on vCloud licensing you may need to double check with your reseller) with the default licensing that comes with NSX Manager. There is a default key that is automatically deployed with NSX Manager giving you this access.
To set up your Guest Introspection Services, follow the below steps:
Pre-requisites:
IP Pool (If you do not have one configured, then you can set up during GIS deployment)- Open up your Network and Security Tab –> Click on Installation –> Select Service Deployments.
- Click on the + sign –> Select Guest Introspection –> Choose when you want to deploy Now or Schedule –> click next.
- Select your Datacenter and cluster you want to install your Guest Introspection to –> click next
- Choose your storage device and network you want to –> Decide to use DHCP or IP Pool, click Change –> Select IP Pool and Click the + sign to create the Pool.
- Confirm and click Finish.
The process will run through and migrate VMs between hosts if required. Once installed, your security software should detect the hosts and their current state and either require install a filter driver to the hosts and then the appliance (Third party components may vary between vendors).
This is a very straight forward service setup, but very powerful for the service it provides to your environment.
Thank you for reading. Please let a comment if you would like to. - Open up your Network and Security Tab –> Click on Installation –> Select Service Deployments.
-
Upgrade NSX Manager Version
I’ve been getting into a bit of NSX lately and have a new fondness for virtual networking of which previously I knew a little about NSX and its use cases, but I had not spent time with deploying it and making some use of it. That being said, I am not a networking guy, but after watching the latest vBrownBag 3 part NSX series with Tim Davis (@ALDTD), I think it’s becoming a new passion for me. See the Series here. Part 1 – Part 2 – Part 3 (TBU)
With all that, here’s my first NSX post on How to upgrade your NSX Manager.
I am currently running version 6.2.7, however last week NSX Ver. 6.3.2 was released and I thought I would take the opportunity to upgrade now before I rebuild my environment and deploy 6.3.2 direct.- Open up vSphere web client and select Networking and Security -> Select NSX Managers -> Then your NSX Manger -> Summary – to check the version
- Download the latest upgrade bundle from my.vmware.com
- Log on to your NSX manager via it’s management IP using admin user
- Select upgrade from the home page (You will notice in the upgrade screen the version number currently running) -> Click the upgrade button -> Click Browse and search for your upgrade bundle -> Click Continue (This will upload the file)
- Once the upload has complete, you will be present with a warning to create a backup of your NSX Manager before proceeding with the upgrade. You also receive the option to enable SSH and to join the VMware Customer Experience Improvement Program. -> Click Upgrade when ready
- Once completed, click close and wait for your NSX Manger to restart.
- Next log into vSphere webclient and select Network and Security -> installation. here you will see the NSX manager upgraded and the Controller Cluster saying “Upgrade Available” Select Upgrade available and let NSX do its thing.
- Your controller node will go off and may say “Disconnected” – Just refresh the webclient.
Out of habit, I do a host force sync of services. I don’t have any other components set up at this stage as I had only got to setting up my transport zones, but make sure you run through and upgrade any other components you have deployed such as the Guest Introspection Service (New vShield) as well as any Edge services you have deployed.
Tip: You can go to the Network and Security Dashboard to see if there are any components that are out of date and require an upgrade. Click on the number to bring up more information.
Thank you for reading. Please leave a comment if you have anything to say, be it more information/Corrections/requests.
- Open up vSphere web client and select Networking and Security -> Select NSX Managers -> Then your NSX Manger -> Summary – to check the version
-
VMUG UserCon Sydney: 2015
On Tuesday, I had the opportunity to go to the Sydney VMUG UserCON. This was quite an amazing experience. The last time I was in Sydney and outside the airport was when I was 12 on a school camp, and even then I was off the bus, on the ferry and then back on the bus.
So what happened at Sydney VMUG UserCON that made it such an amazing day? Well… lots!! I guess starting and running through the day is the best way to start.
It was a warm sunny morning, the birds were singing, the workers were hurrying across the roads to get to work on time and I was passing by to try and get my 5 seconds of window fame on sunrise…. Alright, fast forward to the event.
0800hrs: Registration:
This was a great set up, walking into the venue was great, very well presented, the sign-in desk was well set up allowing the member to search their name and print out their name tag, thus one step closer to saving the environment. Breakfast was also available with croissants and muffins, and COFFEE!!! (I walked through the city from 6am looking for coffee, I was at the venue waiting outside very early.) After standing around a little I quietly walked into the main hall for the opening to the day.
0830hrs: Welcome, VMware Updates and morning Keynote: John Troyer
VMUGhq representative Renee did a short welcome introducing the VMUG team and giving a brief overview and then introducing Ryan McBride (Sydney VMUG Leader). Ryan also started off with a welcome followed by a presentation on the updates to VMUG including VMUG Advantage and the benefits along with EVALexperience. Ryan then spoke about the steering team, about the sponsors and what was going to be in store for the day. Next was Tom Hubert from VMware education bringing up-to-date information in regards to the new vSphere 6.0 certification paths. (You can read about the changes in this article.)
All of a sudden, Ryan did not come back on stage, instead Nigel Moreton from VMware was on stage and in no time at all he dropped a big surprise, Sanjay Mirchandani (VMware Senior VP and GM for APJ) was in the house and in no time at all, he was up on stage with so much energy.
On to the Keynote. Mr John Troyer was up, straight away he was in to it. The entire audience was engaged as John delivered The New I.T. There were a lot of funny meme’s that John had put together, and for good reason, they were the exact example of how I.T. is viewed, the team in the dungeon. The key is to change from saying “No” to “Yes, and….” This drops the ego, and it allows you to show your interest to take the next step and progress further. John continued to discuss how there are different technologies that are becoming big and will change I.T. as it is today. There are many ways we use to rely on hearing technology news, we don’t buy the latest magazines anymore, we just google what we want, or read blogs.
The points that John left us with were;- Start Side Projects (Create New things)
- Teach Internally
- Blog
- Educate
Move from being the operator and keep moving by doing things that charge you. Don’t write a book first, start small by building in your network where you may only start with one friend reading your blog, but within time, more and more will join until you have thousands.
1055hrs: The Missed Session
Two days before the event, I spent an hour putting together my agenda for the day, trying to work out which events would be best suited to myself and job. Unfortunately, they don’t always go to plan. Fortunately, during the break, I met some very knowledgeable people, Josh Odgers, Ryan McBride and Michael Webster. Within this time, we had missed the call for the next session, but it turned out for the best as the first session I picked to fill in time anyway. We had some great discussions about technology, VMUGs, customer stories, designs, among other things that were just an eye opener to me. This lead into the next session.
1155hrs: Performance Tuning for Monster VMs and Business Critical Apps – Michael (Web-Scale) Webster.Now I don’t deal with monster VMs that use 40 vCPUs and 512Gb of RAM, but regardless, this session was full of content that related to how you should think about sizing your VMs, and how you can get the most performance out of your databases. Michael broke down how you should assign cores to your VMs, eg. 8 Core CPU = 1, 2, 4, or 8 cores in a VM. 10 core CPU = 1, 2, 4, 5, etc. vNUMA only kicks in once you start using 9 cores or more.
Michael talked about a series of tweaks that you can perform to get the most out of your VMs, by upgrading to Hardware Version 10 he noticed an 8% increase in performance.
Storage Controllers are a critical choice that needs to be correct as the different controllers, you can read more here: More here.
NIC choices are also an integral part, but if you choose the wrong one, you may be harming your throughput. Again Michael has done up another great post here.
This was another great session as it got me to really think about the way I design my VMs and what I need to configure to get the most out of the VMs.
1410hrs: Accelerating Business Critical Apps and VMware Horizon 6 with Web-Scale
After lunch and a bit of spare time walking around talking to some of the sponsors and finding out about their products a bit more, I gave in and went to Josh Odgers, and Michael Websters presentation. I was particularly interested in what Nutanix could do with with VMware Horizon, and I was impressed with the results that were displayed. Up to 2048 VMs in a HA cluster (but this is limited due to VMware limitations). 6 minutes to load 100 or 888 VMs.
Nutanix have designed a really nice little unit that scales really easily, and has great GeoLocation ability.
1520hrs: Deploying Vmware Horizon Workspace in the real World – Alastair Cooke
This was a session I was really looking forward to, and it delivered a stack of information. Alastair described a recent project that he worked on for a particular client who was using XenApp. This project involved migrating them across to Airwatch, Horizon 6 and Workspace Portal. During the presentation, Alastair talked about the design, the road blocks and challenges that he experienced. Alastair showed pictures of the Workspace Portal and how it presents a corporate App Store (as everything has an App Store these days) he talked about how customisable it is to work with for the users. The Citrix integration wasn’t very straight forward, but if you read the instructions it is certainly a lot easier. There were several key points that Alastair shared.- Put workspace in an internal network first for testing (Firewalls are a huge issue)
- Learn Distinguished Names
- Read documentation
- Know your DNs
1620hrs: Closing Keynote: Chad Sakac
Wow! What energy to start a keynote (especially after a long day). This really got me thinking, my entire way of approaching design, operations, work ethic. Chad was a standout guy on stage. So much content packed in. The diagrams that were presented on screen gave a clear picture on how different Storage controllers and designs could greatly impact the data and performance.
4 main types of storage fabrics:- Persistence Models: Changing
- Tightly Coupled
- Loosely Coupled.
- Distributed Share
The one thing that stood out to me was the time it takes data to be stored. Even when using FusionIO or ExtremeIO it still is a long time, not humanly noticeable, except Chad broke it down to be noticeable. If moving from CPU to SRAM is 1ns, then it would be 1 Second. If SRAM to DRAM it would be 10 seconds, right up to All Flash Array that equalled a trip around the the world in a boat.
The key points that Chad left us with were:
Watch:- Increasing Application Delivery
- Increase Diversity in Compute
Do
- No time to Dither
- Start to be Maniacal/clear about workload
- Accepting the differences
- Invest time into M&O
- Use Internal Pressures
This was certainly a great way to close off the entire days worth of sessions.
Congratulations to all that won prizes from VMUG and the Sponsors.
1735hrs: Reception
Beers, who could say “No”?
If you didn’t get a chance throughout the day to meet new people, this was the time. I got a great opportunity to speak with Alastair Cooke, I was able to thank him personally for all his work that he has put into AutoLab. We had a really good conversation about opportunities for building the community for VMUG. A very nice guy who is very passionate about communities and presenting.
The evening was cut short for me as I needed to catch my flight home. To me I felt like I had made new friends in business and personally. I learnt a lot in the one day, and I am really keen to bring that day to the Brisbane VMUG, if not this year, then next year. This was a very enjoyable event for me and I take my hat off to Ryan and his team for making it a great day!
Thank you.
Keiran.
*I do apologise if I have missed some content, this was produced a little later than I anticipated.
