APIs can be very useful to automate processes and integrate systems. VMware Workspace ONE Access has a full set of REST APIs that you can leverage.

The steps below will show you the basic steps to connect to a Workspace ONE Access server and send an API request:

1. Login to your Workspace ONE Access environment as admin. On this example I am using Google Chrome, so the following options may vary if you are using a different browser.

2. On the "Dashboard" page, press F12 to view the Developer Tools. Alternatively, navigate to Menu (tree dots) > More Tools > Developer Tools.

3. Select the Application tab and then expand Cookies.

4. Under Cookies, select your IDM URL, highlight the HZN cookie and copy its Value.

5. Open your API client tool. On this example I am using Postman (https://www.getpostman.com/).

6. Select your API request method (e.g. GET) and enter the URL for it. Under the Header tab, enter the following:

Key: Authorization

Value: HZN <Cookie value copied on step 4>

7. Enter any other required fields (depending on your request) and click Send.

More information, including a list of the API calls that can be used with VMware Workspace ONE Access, can be found at: https://code.vmware.com/apis/57/idm

--

The postings on this site are my own and do not represent VMware’s positions, strategies or opinions.

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}$output= ""|Select Name, NaaIDforeach($ds in $DSList){
    $output.Name =$ds.Name    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname    $output     $output|Export-csv DSList.csv -Append -NoTypeInformation}

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

ESXi USB Sorunu | VMware Virtualization Blog

https://www.tayfundeger.com/datastore-path-raporu-nasil-alinir.html

Ocak 2020

• 24 Ocak 2020 -ESXi USB Sorunu
• 22 Ocak 2020 -HPE SimpliVity Datastore Nasıl Oluşturulur?
• 19 Ocak 2020 -HPE SimpliVity VM Restore Nasıl Yapılır?
• 19 Ocak 2020 -Objective 4.8 – Configure an SSO domain
• 18 Ocak 2020 -HPE SimpliVity VM Backup Nasıl Alınır?
• 18 Ocak 2020 -Datastore Path Raporu Nasıl Alınır?
• 15 Ocak 2020 -Tüm ESXi Host'ların SSH'ı Nasıl Açılır?
• 15 Ocak 2020 -ESXi PSOD QFLE3I Driver
• 11 Ocak 2020 -VMware vSphere Enterprise Plus

Aralık 2019

• 30 Aralık 2019 -VMware Update Manager Nedir?
• 29 Aralık 2019 -ESXi 6.5 ve ESXi 6.7 igbn Driver PSOD
• 27 Aralık 2019 -vCenter Support Bundle Nasıl Oluşturulur?
• 27 Aralık 2019 -ESXi Support Bundle Nasıl Oluşturulur?
• 25 Aralık 2019 -HPE FlexFabric 650FLB - ESXi PSOD
• 14 Aralık 2019 -VMware vSphere Essentials
• 10 Aralık 2019 -vSphere Replication Nasıl Update/Upgrade Edilir?
• 09 Aralık 2019 -HPE SimpliVity VM Datastore Migration
• 08 Aralık 2019 -HPE SimpliVity Datastore Nasıl Extend Edilir?
• 08 Aralık 2019 -HPE SimpliVity File Restore Nasıl Yapılır?
• 07 Aralık 2019 -HPE SimpliVity Performans Nasıl İncelenir?
• 06 Aralık 2019 -HPE SimpliVity Clone Nasıl Alınır?

Kasım 2019

• 20 Kasım 2019 -VSAN - RAID 6 Erasure Coding

Ekim 2019

• 29 Ekim 2019 -Multi Writer Disk Kullanımı
• 28 Ekim 2019 -Objective 4.7 – Set up identity sources
• 27 Ekim 2019 -Runecast Analyzer 3.0
• 19 Ekim 2019 -HPE SimpliVity Compression
• 12 Ekim 2019 -Objective 4.6 – Deploy and configure VMware vCenter Server Appliance (VCSA)
• 12 Ekim 2019 -HPE SimpliVity Backup Nasıl Çalışır?
• 06 Ekim 2019 -Objective 4.5 – Configure virtual networking

Eylül 2019

• 23 Eylül 2019 -Objective 4.4 – Set up ESXi hosts
• 21 Eylül 2019 -HPE Simplivity Data Deduplication
• 18 Eylül 2019 -ESXi 6.7 Update 3 'e Nasıl Update Edilir?
• 15 Eylül 2019 -Objective. 4.3 – Set up a content library
• 12 Eylül 2019 -VSAN - Raid 5/6 Erasure Coding
• 03 Eylül 2019 -HPE OmniStack Accelerator Card
• 02 Eylül 2019 -Objective 4.2 – Create and configure vSphere objects
• 01 Eylül 2019 -HPE Simplivity Nedir?

Ağustos 2019

• 30 Ağustos 2019 -VMware Ports and Protocols
• 28 Ağustos 2019 -Objective 4.1 – Understand basic log output from vSphere products
• 27 Ağustos 2019 -VCSA 6.5 to VCSA 6.7 Upgrade
• 26 Ağustos 2019 -VMware Project Pacific Nedir?
• 26 Ağustos 2019 -Objective 2.3 – Describe the options for securing a vSphere environment
• 20 Ağustos 2019 -VSAN 6.7 Update 3 Yenilikleri
• 19 Ağustos 2019 -vSphere 6.7 Update 3 Yenilikleri
• 10 Ağustos 2019 -Objective 2.2 – Describe HA solutions for vSphere

Temmuz 2019

• 31 Temmuz 2019 -Objective 2.1 – Describe vSphere integration with other VMware products
• 24 Temmuz 2019 -Objective 1.11 – Describe vMotion and Storage vMotion technology
• 23 Temmuz 2019 -Objective 1.10 – Describe virtual machine (VM) file structure
• 22 Temmuz 2019 -Objective 1.9 – Describe the purpose of cluster and the features it provides
• 21 Temmuz 2019 -Objective 1.8 – Differentiate between VDS and VSS
• 14 Temmuz 2019 -Objective 1.7 – Describe and identify resource pools and use cases
• 10 Temmuz 2019 -Objective 1.6 – Describe and differentiate among vSphere, HA, DRS, and SDRS functionality
• 09 Temmuz 2019 -Objective 1.5 – Manage vCenter inventory efficiently
• 08 Temmuz 2019 -Objective 1.4 – Differentiate between NIOC and SIOC
• 08 Temmuz 2019 -Objective 1.3 – Describe storage types for vSphere
• 07 Temmuz 2019 -Objective 1.2 – Identify vCenter high availability (HA) requirements
• 07 Temmuz 2019 -Objective 1.1 – Identify the pre-requisites and components for vSphere implementation
• 07 Temmuz 2019 -VCP-DCV 2019 Study Guide
• 01 Temmuz 2019 -VSAN - Thin Swap ve Performans

Haziran 2019

• 23 Haziran 2019 -VSAN - Advanced Options
• 21 Haziran 2019 -Virtual Hardware Version 15

Mayıs 2019

• 20 Mayıs 2019 -vSphere 6.7 U2 - Converge Tool Kullanımı
• 18 Mayıs 2019 -VSAN - Read Cache Nedir?
• 05 Mayıs 2019 -VSAN - Cache Tier

Nisan 2019

• 23 Nisan 2019 -vMotion Hatası - CPU incompatibilities
• 16 Nisan 2019 -VSAN - All Flash ve Hybrid
• 07 Nisan 2019 -VSAN - Resyncing Objects

Mart 2019

• 27 Mart 2019 -vSphere Replication 8.1 VM Recover – Bölüm 3
• 26 Mart 2019 -vSphere Replication 8.1 VM Replikasyonu - Bölüm 2
• 25 Mart 2019 -vSphere Replication 8.1 Kurulumu - Bölüm 1
• 10 Mart 2019 -VSAN - Storage Policy Data Locality

Şubat 2019

• 25 Şubat 2019 -VSAN - Stretched Cluster ve Fault Domain
• 23 Şubat 2019 -VSAN - Stretched Cluster ve Network Bandwidth
• 18 Şubat 2019 -VSAN - Fault Domain
• 14 Şubat 2019 -VSAN - Cluster Seçenekleri Nelerdir?

Ocak 2019

• 27 Ocak 2019 -External PSC to Embedded PSC Migration - Bölüm 2
• 22 Ocak 2019 -External PSC to Embedded PSC Migration - Bölüm 1
• 13 Ocak 2019 -Nutanix - Controller VM (CVM)
• 09 Ocak 2019 -vSphere 6.7 - Fault Tolerance Yenilikleri
• 04 Ocak 2019 -External PSC Desteği Bitiyor
• 01 Ocak 2019 -Storage I/O Control ve VM Storage Policies

Aralık 2018

• 25 Aralık 2018 -Fiziksel CPU / Sanal CPU Oranı
• 10 Aralık 2018 -Vembu BDR Suite 4.0 GA
• 09 Aralık 2018 -RuneCast 2.1 Release Oldu!
• 07 Aralık 2018 -Cluster QuickStart

Kasım 2018

• 19 Kasım 2018 -Top vBlog 2018 - Oylarınızı Bekliyorum!

Ekim 2018

• 30 Ekim 2018 -SAP HANA - vSAN
• 22 Ekim 2018 -VCSA 6.7 to VCSA 6.7 Update 1 - Online Update
• 19 Ekim 2018 -vSphere 6.7 Update 1 Download Link
• 19 Ekim 2018 -vCenter Server 6.7 Update 1 Release Oldu!
• 14 Ekim 2018 -Nutanix AOS ve Prism Central 5.9 Release Oldu!
• 03 Ekim 2018 -Vembu BDR 3.9.1 ve vSphere 6.7 Desteği

Eylül 2018

• 30 Eylül 2018 -VMware Tools Nedir? Gerekli mi?
• 20 Eylül 2018 -vSphere 5.5 - End Of General Support
• 11 Eylül 2018 -Latency Sensitivity Nedir? - vSphere DRS
• 08 Eylül 2018 -VMware Tools 10.3.0 ve PSOD
• 06 Eylül 2018 -Nutanix AHV ve SAP HANA
• 02 Eylül 2018 -L1 Terminal Fault - VMM (L1TF - VMM)
• 02 Eylül 2018 -esx.problem.hyperthreading.unmitigated
• 02 Eylül 2018 -VCSA 6.7 Restore işlemi Nasıl Yapılır?
• 02 Eylül 2018 -VCSA 6.7 Backup Nasıl Alınır?

Ağustos 2018

• 29 Ağustos 2018 -vSphere Platinum Nedir?
• 28 Ağustos 2018 -vSphere 6.7 Update 1 ile Gelen Yenilikler
• 20 Ağustos 2018 -VCSA 6.7 - Offline Patch Nasıl Yüklenir?
• 15 Ağustos 2018 -Neden Resource Pool Kullanılır?
• 05 Ağustos 2018 -Free ESXi 6.7 Özellikleri Nelerdir?
• 04 Ağustos 2018 -VCSA 6.7 - Online Patch Nasıl Yüklenir?

Temmuz 2018

• 22 Temmuz 2018 -vCenter Server Appliance 6.7 Kurulumu - Bölüm 2
• 09 Temmuz 2018 -vCenter Server Appliance 6.7 Kurulumu - Bölüm 1
• 01 Temmuz 2018 -vCenter Server Appliance Nedir? Embedded ve External Deployment

Haziran 2018

• 11 Haziran 2018 -Windows vCenter Server 6.5 to 6.7 Upgrade

Mayıs 2018

• 20 Mayıs 2018 -ESXi 6.5 to ESXi 6.7 Upgrade
• 16 Mayıs 2018 -Altaro VM Backup 7.6 Yenilikleri

Nisan 2018

• 30 Nisan 2018 -VMware vSphere ESXi 6.7 Kurulumu
• 30 Nisan 2018 -vSphere 6.7 Upgrade - Dikkat Edilmesi Gerekenler
• 26 Nisan 2018 -vSphere 6.7 - Persistent Memory
• 25 Nisan 2018 -vSphere 6.7 - Configuration Maximums
• 23 Nisan 2018 -vSphere 6.7 - vCenter Server Yenilikleri
• 18 Nisan 2018 -vSphere 6.7 - Genel Bilgiler

Kasım 2017

• 25 Kasım 2017 -VCSA Domain User ile SSH Erişimi
• 04 Kasım 2017 -vCloud Director 9.0 Yenilikleri Nelerdir?

Ekim 2017

• 21 Ekim 2017 -vSphere Web Client Flash Crash Sorunu
• 21 Ekim 2017 -VCSA 6.5 Log Export
• 08 Ekim 2017 -VCSA 6.5 - Servislerin Yönetimi

Eylül 2017

• 30 Eylül 2017 -Platform Services Controller Nedir?
• 24 Eylül 2017 -VMware Remote Console Options
• 17 Eylül 2017 -Datastore Extend Sorunu
• 16 Eylül 2017 -Windows vCenter 5.5 to VCSA 6.0 Upgrade

Ağustos 2017

• 30 Ağustos 2017 -vSphere Web Client Kaldırılıyor
• 26 Ağustos 2017 -vRealize Operations Manager - Anomalies
• 13 Ağustos 2017 -vRealize Operations Manager - Workload
• 11 Ağustos 2017 -Top vBlog 2017 Sonuçları

Temmuz 2017

• 30 Temmuz 2017 -vSphere 6.5 Update 1 Yenilikleri Nelerdir?
• 23 Temmuz 2017 -Virtual Machine Encryption
• 17 Temmuz 2017 -CPU/Memory/Disk Shares Değerleri
• 16 Temmuz 2017 -Reserve All Guest Memory Seçeneği Nedir?
• 10 Temmuz 2017 -vSphere Replication 6.5 VM Recover – Bölüm 3

Haziran 2017

• 28 Haziran 2017 -Petya Ransomware Dikkat Edin!
• 19 Haziran 2017 -vSphere Replication 6.5 ile VM Replikasyonu – Bölüm 2
• 18 Haziran 2017 -vSphere Replication 6.5 Kurulumu - Bölüm 1
• 11 Haziran 2017 -vSphere HA Orchestrated Restart Nedir?
• 10 Haziran 2017 -Proactive HA Nedir? Konfigurasyonu Nasıl Yapılır?
• 08 Haziran 2017 -VCSA 6.5 Disk Boyutu Nasıl Değiştirilir?
• 05 Haziran 2017 -Virtual Machine Crash Dump Nasıl Alınır?

Mayıs 2017

• 20 Mayıs 2017 -Runecast Analyzer
• 20 Mayıs 2017 -VSAN - ISCSI Target Konfigurasyonu
• 14 Mayıs 2017 -VSAN 6.5 to VSAN 6.6 Upgrade
• 13 Mayıs 2017 -VCSA 6.5 to VCSA 6.5d Update
• 08 Mayıs 2017 -VSAN Upgrade Prerequisite
• 07 Mayıs 2017 -Unitrends ile Virtual Machine Backup Nasıl Alınır?

Nisan 2017

• 25 Nisan 2017 -ESXi 6.5 Basics - ISCSI Datastore Nasıl Eklenir?
• 24 Nisan 2017 -Site Recovery Manager Nedir? Nasıl Çalışır?
• 11 Nisan 2017 -ESXi PSOD - Intel Ethernet Controller X710
• 09 Nisan 2017 -ESXi 6.5 Autostart Özelliği Nasıl Kullanılır?
• 08 Nisan 2017 -ESXi 6.5 Basics - Hostname Nasıl Değiştirilir?
• 07 Nisan 2017 -vSphere Replication Nedir? Nasıl Çalışır?
• 02 Nisan 2017 -ESXi 6.5'a Patch Nasıl Geçilir?
• 02 Nisan 2017 -Vembu ile Image Backup Nasıl Alınır?

Mart 2017

• 26 Mart 2017 -ESXi 6.5 Basics - Sanal Makine Nasıl Oluşturulur?
• 25 Mart 2017 -Free ESXi 6.5 Özellikleri Nelerdir? Free Key Nasıl Girilir?
• 19 Mart 2017 -vCenter HA (VCHA) Nedir? Nasıl Enable Edilir?
• 14 Mart 2017 -vSphere 6.5 - Distributed Switch Mimarisi
• 08 Mart 2017 -vSphere 6.5 - 2TB VDMK Hot-Extend Desteği
• 05 Mart 2017 -vCenter Server 6.5 Topolojileri

Şubat 2017

• 27 Şubat 2017 -VCSA 6.5 Restore Nasıl Yapılır?
• 26 Şubat 2017 -VCSA 6.5 Backup Nasıl Alınır?
• 17 Şubat 2017 -ESXi 6.5 PSOD - VmAnon_AllocVmmPages
• 08 Şubat 2017 -Vembu BDR ile Hyper-V Ortamlarınızı Yedekleyin!
• 05 Şubat 2017 -ESXi 6.5 Üzerinde Hyper-V Nasıl Çalıştırılır?
• 04 Şubat 2017 -Vembu BDR ile VMware Ortamlarınızı Yedekleyin!

Ocak 2017

• 29 Ocak 2017 -Vembu Backup Çözümlerini Incelediniz mi?
• 25 Ocak 2017 -VCSA 6.5 Database Alarm Nasıl Oluşturulur?
• 22 Ocak 2017 -VCSA 6.5 - CPU, Memory, Database Monitoring
• 21 Ocak 2017 -Virtual Machine Monitoring Nedir, Nasıl Çalışır?
• 14 Ocak 2017 -vCenter 6.5 Active Directory Entegrasyonu Nasıl Yapılır?
• 13 Ocak 2017 -VSAN - Witness Appliance Nedir? Ne iş Yapar?
• 07 Ocak 2017 -vSphere 6.5 Content Library Nasıl Kullanılır?
• 07 Ocak 2017 -ESXi 6.5 Disk Latency Sorunu
• 02 Ocak 2017 -Memory Compression Nedir?
• 01 Ocak 2017 -Memory Overcommitment Nedir?

Aralık 2016

• 30 Aralık 2016 -vSphere 6.5 Configuration Maximums
• 22 Aralık 2016 -VCSA 6.0 ‘dan VCSA 6.5’a Upgrade – Bölüm 2
• 19 Aralık 2016 -VCSA 6.0 'dan VCSA 6.5'a Upgrade - Bölüm 1
• 15 Aralık 2016 -Guest Operating System Seçimi Önemli mi?
• 13 Aralık 2016 -VMFS5 ve VMFS6 Arasındaki Farklar Nelerdir?
• 10 Aralık 2016 -vSphere 6.5 - HTML5 Client Limitasyonları
• 01 Aralık 2016 -vCenter Server Appliance 6.5'a Migration Süresi

Kasım 2016

• 27 Kasım 2016 -vCenter Server Appliance (VCSA) 6.5 Kurulumu - Bölüm 2
• 27 Kasım 2016 -vCenter Server Appliance (VCSA) 6.5 Kurulumu - Bölüm 1
• 26 Kasım 2016 -vCenter Server 6.0'dan vCenter Server 6.5'a Upgrade
• 25 Kasım 2016 -ESXi Server 6.0 to ESXi Server 6.5 Upgrade
• 19 Kasım 2016 -vCenter Server 6.5 Kurulumu Bölüm 3 - vCenter Installation
• 19 Kasım 2016 -vCenter Server 6.5 Kurulumu Bölüm 2 - Deployment Models
• 17 Kasım 2016 -vCenter Server 6.5 Kurulumu Bölüm 1 - Requirements
• 16 Kasım 2016 -VMware vSphere ESXi 6.5 Kurulumu
• 16 Kasım 2016 -vSphere 6.5 Download Edilebilir
• 14 Kasım 2016 -Altaro VM Backup Denediniz mi?
• 13 Kasım 2016 -vSAN 6.5 Lisans Detayları
• 08 Kasım 2016 -Virtual Machine Log Dosyaları Nasıl Disable Edilir?
• 06 Kasım 2016 -VMware Tools Kaynaklı Snapshot Sorunu

Ekim 2016

• 30 Ekim 2016 -vSphere 6.5 - HA Yenilikleri
• 24 Ekim 2016 -vSphere 6.5 - Genel Bilgiler
• 22 Ekim 2016 -VMware VSAN 6.5 Yenilikleri
• 19 Ekim 2016 -vSphere 6.5 - DRS Yenilikleri
• 19 Ekim 2016 -vSphere 6.5 - Fault Tolerance Yenilikleri
• 18 Ekim 2016 -vSphere 6.5 - VM Encryption Nedir?
• 18 Ekim 2016 -vSphere 6.5 - vCenter Server Yenilikleri

Eylül 2016

• 26 Eylül 2016 -ESXi SSH Login Mesajı Eklemek
• 25 Eylül 2016 -vSphere 6.0 Update 2 Login Banner Özelliği
• 24 Eylül 2016 -ESXi – Network Driver ve Firmware Versiyonu
• 23 Eylül 2016 -ESXi - HBA Driver ve Firmware Versiyonu
• 18 Eylül 2016 -VMware Integrated Openstack 3.0
• 04 Eylül 2016 -VSAN Observer Nedir?
• 03 Eylül 2016 -VSAN ve Storage Policies – Bölüm 2

Ağustos 2016

• 28 Ağustos 2016 -VSAN ve Storage Policies - Bölüm 1
• 22 Ağustos 2016 -Runecast Analyzer Nedir?
• 18 Ağustos 2016 -Nakivo Backup & Replication v6.1 Kurulumu – Bölüm 2
• 14 Ağustos 2016 -Nakivo Backup & Replication v6.1 Mimarisi - Bölüm 1
• 05 Ağustos 2016 -Nakivo v6.1 Release oldu!

Temmuz 2016

• 31 Temmuz 2016 -Route Based on Physical NIC Load Nedir?
• 29 Temmuz 2016 -Nutanix - Daha fazla IOPS!
• 29 Temmuz 2016 -Nutanix - Health Dashboard
• 24 Temmuz 2016 -Route Based on IP Hash Nedir?
• 24 Temmuz 2016 -Nakivo v6.1 Beta
• 12 Temmuz 2016 -Route Based on Source MAC Hash Nedir?
• 10 Temmuz 2016 -Route Based on Originating Virtual Port Nedir?
• 04 Temmuz 2016 -Free ESXi 6 özellikleri nelerdir?

Realize Orchestrator  (vRO) is workflow engine that allows you to extend the capabilities of vRA Cloud services. It is used as integration endpoint between vRA Cloud services and other third parties running on-prem or in the cloud. vRO comes bundled with set of commonly used plugin's (vSphere, Active Directory, Power Shell, REST...) to help you automate your existing business processes. For example one common scenario could be on-boarding of new employee. In such case usually there is set of resources that need to be provision and often an approval is required for them. Will concentrate on the approvals part and implement "Custom Approval policy" using vRO and popular issue tracking system "JIRA".

Scenario

User requests a machine. Before machine is provisioned approval need to be granted.

Prerequisites:

• vRA Cloud account
• vRO 7.6 SaaS registered in vRA Cloud  Configure vRealize Orchestrator integration in Cloud Assembly
• Access to JIRA Server with permissions to create project.

Steps:

• User logins in vRA Cloud and requests a machine.
• JIRA ticket is created  and assigned to authorized party.
  • If  JIRA ticket is APPROVED then proceed with the request
  • if  JIRA ticket is REJECTED machine request is also rejected.

Solution overview

Create blocking subscription "Wait for Approval" and attach it to "Compute Allocate" phase. When subscription is triggered it will invoke a vRO workflow "Wait for approval" to create JIRA ticket and assign it for approval. vRO workflow "Wait for approval" will wait for JIRA ticket status to reach "APPROVED" or "REJECTED" state before unblocking the deployment.

For the impatient

• JIRA Create test JIRA project. Make sure to use "Process Management" template and project key is "VRO"
• VROImport  com.vmware.jira.approval.package.
• VROAdd vRO REST Endpoint "Approvals JIRA" using "Library→ HTTP-REST→Add a Rest host" workflow pointing to your JIRA Server.
• VROEdit Configuration "com→ vmware→ Jira→ JiraApprovalConfiguration"
  • Set jiraHost to  "Approvals JIRA" REST host
  • Update jiraProjectKey  to match your JIRA project key.
•   VRA CLOUD  Create Extensibility Subscription "Wait for approval"
  • Event Topic is "Compute Allocate".
  • Runable Item is set to vRO Workflow - "Wait for approval"
  • Blocking is enabled
•   VRA CLOUD  Set Projects→Your Project→Provisioning->Request Timeout
• Test it!
  •   VRA CLOUD  Request a machine deployment
  • JIRA Check Jira project for the approval issue and Approve it or Reject it!
  •   VRA CLOUD  Check the status of your deployment.

JIRA      Action is performed inside JIRA server

  VRO         Action is performed inside vRO server

  VRA CLOUD       CLOUD Action is performed inside vRA Cloud

Approvals Configuration & Demo ...

Continue reading for more detailed look at the solution...

JIRA Integration

JIRA has nice REST API and vRO already comes bundled with REST plugin so let's use it!First step is to create new JIRA project for the approvals demo.  I choose to use "Process Management" template since it comes out of the box with default JIRA server installation and correspond well with our use case. It has "APPROVED" and "REJECTED" status in default workflow. If you choose to use different template make sure to update "JiraApprovalConfiguration" accordingly.

Once we already have JIRA project to work with next step is to add JIRA server as vRO REST Endpoint. This enables vRO Server communication with JIRA server and we will use it to create new issues and track their status.

Inside vRO Client navigate to "Library→ HTTP-REST→Add a Rest host" workflow and run  it.

Provided Name, URL,  authentication method and credentials valid for your JIRA server. I am using local JIRA server with Basic authentication which makes the task trivial.

After "Add a Rest host" completes successfully you should be able to see new REST endpoint (in my case  I named it "Approvals JIRA")  under HTTP REST plugin inventory.

4.1. Approvals package

We will need couple of workflows and actions to complete the integration with JIRA.

In vRO Client navigate to Packages view and import package com.vmware.jira.approval.package.

Lets take a closer look at package content.

Actions

• createJiraIssue    - Performs actual POST request to JIRA server to create new issue.
• getIssue              - Contacts JIRA server and returns details for specific issue. Used for Issue status tracking.
• dumpProperties -  Print incoming vRO inputs

Workflows

• "Wait for approval" - Entry point of our integration. When invoked it will create JIRA issue and start waiting till issue reach REJECTED or APPROVED state.
• "JIRA - Wait on issue status" - Helper workflow to wait till Jira issue reaches specified state..

Resources

•      createIssue.json - JSON template for create issue POST request to JIRA server.

Configurations

• JiraApprovalConfiguration - Environment specific properties for Approvals integration.

Configuration

Till now we have a project created in JIRA,  required com.vmware.jira.approval.package imported in vRO and a  REST endpoint "Approvals JIRA" created.

To link them together we will need to edit "JiraApprovalConfiguration" configuration element deployed with com.vmware.jira.approval.package.

Configurations→ JiraApprovalConfiguration

• jiraHost  - REST host for communication with JIRA server
• jiraProjectKey  - Key of the Pproject in Jira where issues tracking the approvals will be created
• jiraIssueType   -  Type of the issue tracking the approval. Defaults to "Task".
• jiraIssueRejectedState -  Jira issue status which corresponds to Rejected state for the request. When Jira issue status changes to this state request will be rejected. Defaults to "Rejected"
• jiraIssueApprovedState - Configures Jira status which corresponds to Approved  state for the request. When Jira issue status changes to this state request will be rejected. Defaults to "Approved"

If you have used the recommended Jira Project template - "Process Management" and project key "VRO" only required change is to set "jiraHost".

vRA Cloud Subscription

Now we need to make vRA Cloud services aware of our "Wait for approvals" workflow.

To do so login vRA Cloud and create a Extensibility Subscription "Wait for approval".

Make sure to set

• Event Topic is "Compute Allocate".
• Runnable item is set to vRO Workflow - "Wait for approval"
• Blocking is enabled

Last configuration change needed is to set "Request Timeout" for your Project in vRA Cloud.

Request Timeout

If this project team is deploying blueprints that need more than 2 hours to provision, you can specify an extended period before the deployment fails.

If both the blueprint and the project include timeout values, the largest value takes precedence.

And finally we are ready to test our solution...

Request new blueprint deployment. Once it  reaches allocation phase check new JIRA issue should be created  and waiting to get approved...

No need to hurry deployment will stay in allocation phase till JIRA issue is Approved or Rejected...

You can  also check vRO. There should be new run of "Wait for approval" tracking the status of newly created JIRA ...

Now let's check what happens if we approve it.

Open the issue and update it's states to Approved ("Start Progress"→ "Under Review"→"Approved")

In a while "Wait for Approval" run in vRO should be marked as completed and you should see deployment progressing into "CREATE_IN_PROGRESS"

Video capturing the configuration & test steps is also available

Hope it helps!

I tweeted a reply to the Virtually Speaking Homelab request for Homelabs and was shocked at the response I got from the community!  In case you missed it, here is a link to it on Twitter - Max Abelardo on Twitter: "My Homelab is an All-Flash vSAN on 4 x NUC7i5BNH cubes. It’s the most power efficient home la… 

One of the people that commented was William Lam who encouraged me to submit my build to his HomeLab Inventory page - https://www.virtuallyghetto.com/homelab .  Since the site needs a blog location, I hope this is a good place to include my build details. 

This is a howto guide on how to set up an Intel NUC based vSAN Homelab like mine.  It is somewhat detailed and includes links to sites where some of the info was gleaned to build my own lab.   Basically I got all the info from William Lam’s site.  https://www.virtuallyghetto.com/2017/02/update-on-intel-nuc-7th-gen-kaby-lake-esxi-6-x.html

Here are details on what is comprised in my build and some of the reasons I chose those components:

Hardware needed & relative costs - Obviously, you will have to multiply some of these costs by 4.

$449 - NUC7i5BNH - I like these because I use this for traveling demos to customers at various events.  The lights on this particular NUC look excellent and can be tuned to blink with HDD activity in a variety of colors.  In later NUC models, the lights are not available unless you purchase the highend i7 based CPU.  This NUC model also has a bay for a 2.5” low profile “laptop” SSD for vSAN capacity.  This in combination with the internal m.2 NVMe Drive is perfect for the vSAN cache tier.  You can get these rather inexpensively from Amazon or eBay.  Intel NUC 7 Mainstream Kit (NUC7i5BNH) - Core i5, Tall, Add't Components Needed https://www.amazon.com/dp/B01N2UMKZ5/ref=cm_sw_r_cp_api_i_xbolEbCCFD8XM

$119 - 2 x 16GB SODIMMS - These can be obtained from Amazon at Crucial 32GB Kit (16GBx2) DDR4 2666 MT/s (PC4-21300) DR x8 SODIMM 260-Pin Memory - CT2K16G48FD8266 https://www.amazon.com/dp/B071H38422/ref=cm_sw_r_cp_api_i_L.nlEbS4B6AJ5

$8 - 16GB USB Flash Memory Drive - Since the m.2 NVMe is for vSAN Cache and the 2.5" SSD is for capacity.  I use this to boot ESXi.  I could have used the SD card to boot ESXi as well, but the access to the SD card is on the side and I just wanted easier access to the USB from the front.

$299 - vSAN Capacity Micron 5100 SATA SSD 1.7TB.  Since you can only install 1 SDD in each node make it count with this fast SATA SDD.  It runs at 6 Gbps and has impressive specs.  Micron 1920GB (2TB) 5100 MAX TCG-E SED 5DWPD 3D eTLC SATA III (6Gb/s) 2.5" Internal Server SSD https://www.amazon.com/dp/B081VRTM9K/ref=cm_sw_r_cp_api_i_ydolEb8XTV18J

$69 - vSAN cache tier - Samsung EVO 970 256GB.  If you want, you can spend a little more for a larger cache drive but these are super fast, a great value and large enough for most Homelab work.  Samsung 970 EVO Plus SSD 250GB - M.2 NVMe Interface Internal Solid State Drive with V-NAND Technology (MZ-V7S250B/AM) https://www.amazon.com/dp/B07MG119KG/ref=cm_sw_r_cp_api_i_5folEb35AHMZE

$251 HDMU KVM Switch. - IO Gear 4 port KVM. I don’t know if NUC BIOS updates have fixed this issue, but a few years ago, if you connected to a NUC w/o an HDMI cable attached all you got was a blank screen even though the machine was running.  It is certainly handy to be able to switch between the devices during initial configuration or during maintenance.  IOGEAR 4-Port 4K UHD DisplayPort KVMP Switch with USB 3.0 Hub, w/Full Set of Cables (TAA Compliant) GCS1904 https://www.amazon.com/dp/B0718XXG9M/ref=cm_sw_r_cp_api_i_TiolEb9NMPGQQ

$99 Netgear 16 Port 1GbE switch -  if you add multiple dedicated USB NICs for vSAN VMKernel, vMotion etc you will need more poets.  This will handle all of them and give you a couple to spare.  NETGEAR 16-Port Gigabit Ethernet Unmanaged Switch (GS116NA) - Desktop, and ProSAFE Limited Lifetime Protection https://www.amazon.com/dp/B00023DRLO/ref=cm_sw_r_cp_api_i_hmolEbHRFEFR1

As 10 GbE becomes more prevalent and cost effective here is an option. Plugable USB 3.0 to Ethernet Gigabit 10/100/1000 LAN Network Adapter (ASIX AX88179 chipset Compatible with Windows 10, 8.1, 7, XP, Linux, Switch Game Console, Chrome OS) https://www.amazon.com/dp/B00AQM8586/ref=cm_sw_r_cp_api_i_VuolEbCNV6F4M

$279 - Mantiz Venus MZ-02 eGPU Enclosure - I chose this because it was fully Thunderbolt 3 supported, has a 2 Slot full-length, full height slot, several USB 3.1 ports on it (5 in total), and a powerful 550W Power Supply (enough to power a 375W GPU).  It also has an easy to open case requiring no screws and is a great looking case.  Another nice feature is that it has a SATA connector and place to mount a 2.5" SSD or HDD to the inside of the case.  I noticed, the Mantiz is no longer available on Amazon, although VisionTek offers them refurbished - VisionTek 900998 Accelerator

$5,531.99 - Nvidia Quadro RTX 8000 48GB GPU - This is the most amazing GPU I have ever had the pleasure to use.  It helps me run demos of vGPU or Oculus Rift when configured in PCI Pass-Thru mode.  Here is a link to Amazon https://www.amazon.com/PNY-VCQRTX8000-PB-NVIDIA-Quadro-Graphic/dp/B07NH3HKG9

I cut and crimped my own custom length ethernet cables to reduce the cable mass at the back of the unit.  I do need to work on reducing the cable mass of the KVM and AC/DC power adaptors.

Lastly, I encased my entire HomeLab in a plexiglass enclosure built by a friend of mine at CDW Woodworking - Wood Wall Art, Quilt Blocks and Boxes

I hope you found this useful and good luck in your effort to build your very own vSAN NUC Homelab!  Stay tuned for my next blog on how I loaded ESX on it and configured eGPU Pass-Thru to my GPU.

昨年の12月のクリスマス シーズンに、ひたすら vSAN 6.7 の Tips をつぶやく Advent Calendar を試みてみました。

これは「Twitter 140文字＋スクリーンショット4枚＋Adventar のコメント」という割とシンプルなコンテンツです。

1ヶ月くらいたったので、少し振り返っておこうかと思います。

vSAN のつぶやき。 Advent Calendar 2019 - Adventar

なお、一昨年の2018年末にも、

ひたすら色々なパターンでネステッド vSAN をつくって様子を投稿していました。

Nested vSAN Advent Calendar 2018 - Adventar

ネステッド vSAN 6.7 U1 を楽しむ。まとめ

毎日投稿するコンテンツなので、2019 年版は省エネ働き方改革をねらったものの、

コンテンツのボリュームは少ないのですが、検証＆作文で結局 1日あたり 1～3時間くらいかかり、

2018年版と同じくらいの（結局ブログを投稿するくらいの）リソース消費だった気がします。

それでは、いくつか振り返りについて・・・

利用した環境について。

利用した vSAN 環境は、昨年と同様、基本的に 1台の物理マシン上のネステッド環境です。

物理マシンは Intel NUC で、スペックは下記です。

• Intel Core i7-6770HQ CPU @ 2.60GHz
• 32 GiB Memory
• Intel SSD 600p Series (512GB)

意外とオーバーコミットできるので、このハードウェア スペックでも

「VCSA + 8 ESXi + 監視ホスト」といったサイズの vSAN でもネストで動作します。

いろいろ vSAN クラスタを作成してみたところ、UI や製品動作の確認は、たいていネスト環境で問題なそうな感触です。

vSAN 環境構築の方法について。

毎日 vSAN クラスタを作成するには手動だとさすがに大変なので、

PowerCLI スクリプトである程度、自動化していました。

利用した PowerCLI スクリプトは下記のようなものです。

これは、PowerCLI の手動実行でネステッド vSAN 構築したときの コマンドラインを羅列したようなスクリプトですが、

そこそこ頻繁に手を入れて徐々に育てています。

GitHub - gowatana/deploy-1box-vsan: Nested vSAN ラボを構築するための工夫。

Home · gowatana/deploy-1box-vsan Wiki · GitHub

今回のイベントでは、下記のような設定ファイルをもとに vSAN クラスタを作成していました。

あとで同様の vSAN クラスタを作成して確認をするときも便利です。

GitHub - gowatana/vsan-advent-2019: vSAN のつぶやき。 Advent Calendar 2019 | 設定ファイル集

今年は Linux で PowerCLI（しかも Docker コンテナのもの）を使用したのですが、

vSAN 関連モジュールも含めて、意外と  Windows の PowerShell 環境で作成していたスクリプトがそのまま動作しました。

vSAN Setup from Linux · gowatana/deploy-1box-vsan Wiki · GitHub

いろいろ PowerCLI の Tips が得られたので、いずれ紹介したいと思っています。

つぶやきの感想。

毎日思いつくままつぶやいたので、並べて見直すとあまり関連性がなく、

やはり、ある程度はシナリオを考えてから始めればよかった気がしました。

そして、スクリーンショットは、あえて無加工（赤枠などをつけないまま）投稿してみたのですが、

はやり赤枠くらいはつければよかったかなと思いました。

Tweet した Tips を実機スクリーンショットで確認できるように

できるだけ特徴的なスクリーンショットを取得して Twitter に貼ったつもりだったのですが、

なんといても、後日に自分で見直しても意外とポイントがわかりにくかった・・・

以上、昨年末の vSAN のつぶやきの振り返りでした。

**** 留意事項 *****

こちらのブログの内容はDECN（Dell EMC Community Network）に投稿されたブログの再掲です。

DECNが近い将来に廃止となるためこちらに移行させていただいております。

内容についてはオリジナルの執筆当時のものとなりますので最新ではない場合がありますがご容赦ください。

この記事では、vCenterからvSANクラスターを管理、トラブルシュートする際に用いられるCLIユーティリティ、

RVC(Ruby vSphere Console)の超基本的な使い方について紹介します。

RVCでは、vSANクラスターの状態確認・リソースの使用量や各Object・Componentの参照等、一般的な情報の参照からハイレベルな調査まで様々な作業が可能です。

vSANクラスターに障害が発生した場合の解析や、GUIからは実施できないような細かい設定を伴う作業をvSANクラスターに行う場合にも用いられます。

詳細な利用方法については文末のリファレンスをご参照ください。

1. ログイン

vCSAにSSHでログイン後、下記のコマンドでログインします。

認証には、vCenter SSOアカウントを使用してください。

    ※vCSAのSSHを無効化している場合は、下記手順にて有効化が必要です。

    VxRail: ESXi、vCenter、PSCのSSH有効化

# rvc

Install the "ffi" gem for better tab completion.

Host to connect to (user@host): administrator@vsphere.local@localhost  < vCenter SSO ユーザー名@localhostを入力

password:                                                                                          < vCenter SSO パスワードを入力

0 /

1 localhost/

>

rvcコマンドと同時にユーザー名を指定でもログイン可能です。

# rvc administrator@vsphere.local@localhost          < vCenter SSO ユーザー名@localhostを入力

Install the "ffi" gem for better tab completion.

password:                                                                                   < vCenter SSO パスワードを入力

0 /

1 localhost/

>

2. パスの移動、参照

RVCでは、vSANを構成するリソースがファイルシステムのようなツリー構造で表現されています。

RVCコマンドでは各リソースのパス(RVCの公式ドキュメント等ではObjectと呼ばれています)を指定して実行する必要がありますので、どこにどのリソースが配置されているかを漠然と把握しておくとスムーズに作業が行えます。

とはいえ、難しく考える必要はなく一般的なUnixベースOSと同じ要領でls・cd コマンドで参照・移動を行うだけです。

お馴染みの矢印キー↑↓でのコマンド履歴参照や、Tabキーによるオートコンプリートも可能です。

各パスは、一般的なUnixベースOSと同じくフルパス指定、相対パス指定の他、./(カレントディレクトリ)、 ..(1つ上位のディレクトリ)などで参照可能です。

vSANのトラブルシュートでは、vSANのコンピュートリソースのパスを指定してコマンドを実施する場合が多いです。

一般的には、vSANコンピュートリソースのパスは下記に配置されています。

/localhost/データセンター名/computers/vSANコンピュートリソース(vSANクラスター名)

  

例として、"vsan.check_limits"コマンドを使用してみます。

vsan.check_limitsは、vSANクラスター内の各ホストのディスク使用率や、ネットワークの制限項目を参照するコマンドで、vSANコンピュートリソースを引数に指定して実行します。

※画像は適宜クリックで拡大してください

※↓はgif動画です

例のようにフルパス指定や相対パス指定でコマンドを実行できます。

また、特殊なパス指定の方法として、インデックス指定があります。

RVCでは各ディレクトリにインデックスが付いており、パス名を入力しなくてもインデックスをコマンドの引数にすることが可能です。

インデックス指定でコマンドを実行する際には一点クセがあり、一旦lsコマンドでパスに対するインデックスを参照してから引数に指定する必要があります。

3. Tips

vSANのコンピュートリソース等、長いパスをいちいち指定、コピペするのが面倒な場合は、markコマンドでパス名に略称を付与することができます。

尚、markコマンドで付与した略称はセッション限定ですので、RVCからログアウトすると設定が消えます。

mark <任意の略称> 対象のパス

  

markコマンドで付与した略称をコマンドの引数に指定するには、略称の前に"~"を付けます。

以上

関連記事:

CLIによるvSANリバランス

Deployment - which DLLs do you need?

RVCを活用した情報収集

RVCを活用してアラーム情報を取得する

参考文献:

VMware Virtual SAN Diagnostics and Troubleshooting Reference Manual

VMware® Ruby vSphere Console Command Reference for Virtual SAN

Ruby vSphere Consoleの使い方(起動/ログイン/基本操作編) - VMwareな日々

Try to Converge your external PSC to Embedded as mentioned in below steps.

1. Please mount vCenter ISO with same version as you have on vCenter/PSC.

2. Click on "Home" >>> Menu >>>Click on "Administration"

3. Click on "System Configuration"

4. Select vCenter "vCenter Server with external Platform Services Controller"

5.Click on "CONVERGE TO EMBEDDED"

6. It will give below warning:-

"vCenter Server downtime

Converging this node will restart all the vCenter Server services on it making it inaccessible until the operation is complete"

7. Click on proceed

8. Enter SSO (Single Sign-On) User Name & Pwd

9. Don't change "Skip AD Join"

10. Acknowledge it .

11. Click on "CONVERGE"

12. Monitor it for few min.

13. It will give vCenter Server downtime alert (The vCenter Server services will be restarted and might take a few minutes to complete. You will be logged out during this operation. Monitor the progress of the convergence from the CLI or any linked vCenter Server)

Be Patience!!!

14. Wait for sometime to come your vCenter back  check via ssh with below cmd (it shouldn't show services in "StartPending")

service-control --status --all

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Stopped:

vmcam vmware-imagebuilder vmware-mbcs vmware-netdumper vmware-rbd-watchdog vmware-vcha vsan-dps

Running:

applmgmt lwsmd pschealth vmafdd vmcad vmdird vmdnsd vmonapi vmware-analytics vmware-certificatemanagement vmware-cis-license vmware-cm vmware-content-library vmware-eam vmware-perfcharts vmware-pod vmware-postgres-archiver vmware-rhttpproxy vmware-sca vmware-sps vmware-statsmonitor vmware-sts-idmd vmware-stsd vmware-topologysvc vmware-updatemgr vmware-vapi-endpoint vmware-vmon vmware-vpostgres vmware-vpxd vmware-vpxd-svcs vmware-vsan-health vmware-vsm vsphere-client vsphere-ui

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

15. When all services are come up then login back in your vCenter via  https://vCenterIP or FQDN/

16.  Go back to below options:-

Administration >>> System Configuration >> and you will see that conversion has been completed.

"vCenter Server with embedded Platform Services Controller"

17. Now Select PSC Controller >> DECOMMISSION PSC.

Alert ##### vCenter Server downtime (Decommissioning this node will restart all the vCenter Server services. The vCenter Server will be inaccessible until the operation is complete)

18. Click on Proceed.

19. Click on "View Thumbprint" >> Enter "SSO Credentials" >> Acknowledge it>> Click on "DECOMMISSION"

20. Monitor it for few min.

21. On 50% it will give message like this.

"External Platform Services Controller node shutdown successful"

Be Patience!!!

22. vCenter Services will go down now and you need to wait to come services up

via ssh >>>  service-control --status --all

23. When all services come up, login in vCenter again via https://vCenterIP or FQDN/

24. Validate only vCenter Component will show under.

Administration >>> System Configuration >> and you will see vCenter with Embedded only .

"vCenter Server with embedded Platform Services Controller"

That's it

Try to Converge your external PSC to Embedded as mentioned in below steps.

1. Please mount vCenter ISO with same version as you have on vCenter/PSC.

2. Click on "Home" >>> Menu >>>Click on "Administration"

3. Click on "System Configuration"

4. Select vCenter "vCenter Server with external Platform Services Controller"

5.Click on "CONVERGE TO EMBEDDED"

6. It will give below warning:-

"vCenter Server downtime

Converging this node will restart all the vCenter Server services on it making it inaccessible until the operation is complete"

7. Click on proceed

8. Enter SSO (Single Sign-On) User Name & Pwd

9. Don't change "Skip AD Join"

10. Acknowledge it .

11. Click on "CONVERGE"

12. Monitor it for few min.

13. It will give vCenter Server downtime alert (The vCenter Server services will be restarted and might take a few minutes to complete. You will be logged out during this operation. Monitor the progress of the convergence from the CLI or any linked vCenter Server)

Be Patience!!!

14. Wait for sometime to come your vCenter back  check via ssh with below cmd (it shouldn't show services in "StartPending")

service-control --status --all

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Stopped:

vmcam vmware-imagebuilder vmware-mbcs vmware-netdumper vmware-rbd-watchdog vmware-vcha vsan-dps

Running:

applmgmt lwsmd pschealth vmafdd vmcad vmdird vmdnsd vmonapi vmware-analytics vmware-certificatemanagement vmware-cis-license vmware-cm vmware-content-library vmware-eam vmware-perfcharts vmware-pod vmware-postgres-archiver vmware-rhttpproxy vmware-sca vmware-sps vmware-statsmonitor vmware-sts-idmd vmware-stsd vmware-topologysvc vmware-updatemgr vmware-vapi-endpoint vmware-vmon vmware-vpostgres vmware-vpxd vmware-vpxd-svcs vmware-vsan-health vmware-vsm vsphere-client vsphere-ui

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

15. When all services are come up then login back in your vCenter via  https://vCenterIP or FQDN/

16.  Go back to below options:-

Administration >>> System Configuration >> and you will see that conversion has been completed.

"vCenter Server with embedded Platform Services Controller"

17. Now Select PSC Controller >> DECOMMISSION PSC.

Alert ##### vCenter Server downtime (Decommissioning this node will restart all the vCenter Server services. The vCenter Server will be inaccessible until the operation is complete)

18. Click on Proceed.

19. Click on "View Thumbprint" >> Enter "SSO Credentials" >> Acknowledge it>> Click on "DECOMMISSION"

20. Monitor it for few min.

21. On 50% it will give message like this.

"External Platform Services Controller node shutdown successful"

Be Patience!!!

22. vCenter Services will go down now and you need to wait to come services up

via ssh >>>  service-control --status --all

23. When all services come up, login in vCenter again via https://vCenterIP or FQDN/

24. Validate only vCenter Component will show under.

Administration >>> System Configuration >> and you will see vCenter with Embedded only .

"vCenter Server with embedded Platform Services Controller"

That's it

After knowing how to upload alpha/beta/prod versions in the Google Play console, the next question is how to relate the priorities in UEM with the tracks in Play console. Given the scarce documentation, I admit I was very confused on how this should work. If in UEM, device is assigned first to Alpha track and in Play console the track is empty, does the device go see if it's also assigned to Beta? Do the priorities in UEM matter? Does the version code in Play console matter?

Well, here's the breakdown! (Disclaimer: applies to Workspace ONE UEM 1909 and above)

1. In UEM, let's assign the app in this priority: Alpha (0) > Beta (1) > Prod (1)

2.  For each of the devices the app is assigned to, UEM gets the FIRST track it is assigned to and passes this info to the Play console. For example:

Device A --> Alpha Track

Device B --> Beta Track

Device C --> Production Track

3. On the Play console side, when a device is assigned to a track (Alpha/Beta), it is also approved for the Production track. Devices assigned to Production just gets approved for Production. The device will then receive the highest version among the tracks it is approved for.

4. Bonus scenarios:

• When a Production track has a higher version than Alpha/ Beta, the lower version/s gets "superseded".
• An alpha/ beta app can be released to Production. This results in the app being "promoted".
• For both scenarios above, rule that the device will receive the highest version among the tracks it is approved for applies.

5. Let's try the scenarios with devices A, B, and C. The items in red for the tracks are the changes in Play console. The items in blue at the bottom of the table means there was a resulting change in version installed on the device.

Note:

Pre 1909, whitelisting behavior from UEM to Play console is different such that in item 2, behavior is as follows:

Device A --> Alpha Track --> Alpha, Beta, and Prod tracks approved

Device B --> Beta Track --> Beta and Prod tracks approved

Device C --> Production Track --> ONLY Prod track approved

Same Play console rule applies: The device will receive the highest version among the tracks it is approved for.

Below is the sample behavior pre-1909

Special thanks to Jason Huang, Kevin Murray, Glen Friedman, and Michael Gow for helping breaking down the components with me.

Ce mois de Janvier voit sortir en GA la version 3.9.1 de VCF

VMware y incorpore :

– Application Virtual Networks

– Les API supporte plusieurs pNICs et VDS

– La GUI de Cloud Builder est updatée

– Developer Center

– Petits trucs en plus :

– Supports du SSO Management Domain Convergence pour VxRail.

– Support pour L3 vSAN en stretched et normal pour VxRail

Application Virtual Networks :

Ou Réseaux Virtuels d’Applications, sont des réseaux qui vont permettent la gestion des migration ou déplacement de réseaux en version « SDN », pour faciliter les PRA et migrations.

L’installation de AVN sera obligatoire pour les nouvelles installation de VCF les update le proposerons en options

Les API supporte plusieurs pNICs et VDS

3 VDS et 6 cartes physique sont maintenant supportées dans la version 3.9.1

La GUI de Cloud Builder est mise à jours

De meilleurs rapports et une GUI repensée et plus fluide pour les Wizard

Developer Center

Les API maintenant accessibles directement par le SDDC Manager Dashboard.

VxRailなど、PowerEdge上にESXiをInstallしている場合、トラブルシューティングや初期構築などでiDRACの仮想コンソールに接続することはしばしばあると思います。

先日、ESXiのInstall用途で、iDRACの仮想コンソールにJavaで接続しようとしたら、エラーになって接続できないことがありました。

結論からいうと、iDRACのFWをUpdateするか、Javaのセキュリティファイルの設定を書き換えることで解決できました。

その時のトラブルシューティングを記します。

事象

キャプチャをとればよかったのですが、残念ながら取り損ねてしまいました。

英語でのキャプチャが欲しかったので後で事象を再現させて取ればよい、と楽観していたところ再現しなくなってしまったので取れずじまいです。

事象としては、idracの仮想コンソールにJavaで接続しようとした際に、Javaのアプレット（？）が起動した直後に「ビューワが切断された～」みたいなメッセージがでて接続できないという事象でした。

トラブルシューティング

Javaのコンソールやトレースを有効化する

Javaのエラーを見れば何かわかる、と思ったのでJavaのコンソールやロギングを有効化しました。

有効化は、コンパネからJavaのコントロールパネルを開き、AdvancedタブからConsoleやLoggingやTracingのチェックを入れればいいだけです。

事象を再現してログをみる

コンソールとロギング・トレーシングの設定をしたら、もう一度事象を再現させて、ログを見ればよいです。

実際に記録されていたログは以下です。

2020年2月19日

4:07

 

 

Java Web Start 11.241.2.07

Using JRE version 1.8.0_241-b07 Java HotSpot(TM) Client VM

JRE expiration date: 20/05/17 0:00

console.user.home = C:\Users\Administrator

----------------------------------------------------

c:   clear console window

f:   finalize objects on finalization queue

g:   garbage collect

h:   display this help message

m:   print memory usage

o:   trigger logging

p:   reload proxy configuration

q:   hide console

r:   reload policy configuration

s:   dump system and deployment properties

t:   dump thread list

v:   dump thread stack

0-5: set trace level to <n>

----------------------------------------------------

Missing Application-Name manifest attribute for: https://ip.ex.am.ple:443/software/avctKVM.jar

replace numpad

** Max Size: W = 1920 H = 1040

** Window Pref Size: W = 1040 H = 823

** Max Size: W = 1920 H = 1040

** Window Pref Size: W = 1040 H = 823

JNLPClassLoader: Finding library VMAPI_DLL.dll

JNLPClassLoader: Finding library jawt.dll

JNLPClassLoader: Finding library avctKVMIO.dll

ProtocolAPCP.receieveSessionSetup : v1.2 APCP = true

APCP Version = 259

 

 

 

 

Supported protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]

 

 

 

 

Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]

 

 

 

 

Supported ciphers: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

 

 

 

 

Enabled ciphers: [SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5]

 

 

 

 

Exception in server handshake

javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

at sun.security.ssl.Handshaker.activate(Unknown Source)

at sun.security.ssl.SSLSocketImpl.kickstartHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at com.avocent.d.a.a.a(Unknown Source)

at com.avocent.d.a.a.a(Unknown Source)

at com.avocent.d.a.a.b(Unknown Source)

at com.avocent.d.d.b.a(Unknown Source)

at com.avocent.a.b.w.g(Unknown Source)

at com.avocent.a.b.w.a(Unknown Source)

at com.avocent.app.c.l.m(Unknown Source)

at com.avocent.app.c.l.e(Unknown Source)

at com.avocent.idrac.kvm.a.e(Unknown Source)

at com.avocent.idrac.kvm.Main.a(Unknown Source)

at com.avocent.idrac.kvm.Main.main(Unknown Source)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at com.sun.javaws.Launcher.executeApplication(Unknown Source)

at com.sun.javaws.Launcher.executeMainClass(Unknown Source)

at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)

at com.sun.javaws.Launcher.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

at sun.security.ssl.Handshaker.activate(Unknown Source)

at sun.security.ssl.SSLSocketImpl.kickstartHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at com.avocent.d.a.a.a(Unknown Source)

at com.avocent.d.a.a.a(Unknown Source)

at com.avocent.d.a.a.b(Unknown Source)

at com.avocent.d.d.b.a(Unknown Source)

at com.avocent.a.b.w.g(Unknown Source)

at com.avocent.a.b.w.a(Unknown Source)

at com.avocent.app.c.l.m(Unknown Source)

at com.avocent.app.c.l.e(Unknown Source)

at com.avocent.idrac.kvm.a.e(Unknown Source)

at com.avocent.idrac.kvm.Main.a(Unknown Source)

at com.avocent.idrac.kvm.Main.main(Unknown Source)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at com.sun.javaws.Launcher.executeApplication(Unknown Source)

at com.sun.javaws.Launcher.executeMainClass(Unknown Source)

at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)

at com.sun.javaws.Launcher.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

CoreSessionListener : connection failed

in CoreSessionListner : fireOnSessionStateChanged

KVM session state SESSION_FAILED

Javaのログを見慣れない人でも何となく赤くした部分を最初に見るのではないかと思います。

その部分を見ると何やらProtocalだか、Cipher Suiteだかが適切でないように思えてきますね。

Javaのセキュリティ設定を緩めにしてみる

Googleで、「Java Cipher Legacy」とかでググってみたところ、どうやら設定ファイルをいじると古いプロトコルも使えるようです。

以下の場所ファイルを編集して、ProtocolとかCipherをDisableにしている行を片っ端からコメントアウトしてみました。

もちろん編集前にバックアップを取っておくべきことは言うまでもありません

C:\Program Files (x86)\Java\<java version>\lib\security\java.security

実際には以下の項目をコメントアウトしました。

※コメントアウトした行のみを抜粋

##jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \

##    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

 

##jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024

 

##jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \

##    EC keySize < 224, 3DES_EDE_CBC, anon, NULL

 

コメントアウトしたのちに、再度接続を試みました。

接続成功！！

今度はエラーで切断されることなく接続することができました。

その際のJavaコンソールの出力は以下（ProtocalとCipherの部分のみ抜粋）でした

Supported protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]

 

Enabled protocols: [SSLv3, TLSv1, TLSv1.1, TLSv1.2]

 

Supported ciphers: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256, TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

 

Enabled ciphers: [SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5]

失敗していた時とのログを見比べると、Enabled ProtocalでSSLv3が増え、Supported Cipherの項目も内容が大きく増えていることがわかります。

その結果、Enabled cipherとSupported Cipherで共通するCipherが現れました。

想像ですが、JavaのCipherに関する設定を緩くしたことでEnabled とSupportedの内容で一致するものが出てきたことで接続できるようになったものと思われます。

iDRACをFWのUpdateをしたら再現しなくなった

ESXiのInstallとFWのUpgrade作業を終えた後に再度事象を再現させようとしたところ、設定ファイルを戻しても再現しませんでした。

おそらく、FWのUpgradeにiDRACのUpdateが含まれており、それによりJavaのアプレットも更新されたことでCipherの問題が出なくなったと想像してます。

JavaのVersionにも依存？

きちんと切り分けをしたわけじゃないですが、いくつかの端末では設定ファイルをいじらなくても接続できるものがありました。（iDRAC Update前）

おそらくは、端末にインストールされているJavaのVersionによってはセキュリティ設定のデフォルト値などの関係で影響を受けずに接続できるものと思われます。

（そうじゃないといろいろおかしい）

まとめ

新しいJavaと古いiDRAC FWの組み合わせで、仮想コンソールにJavaアプレットで接続できない場合があることがわかりました。

解決方法としては、iDRAC FWをUpdateするか、Javaのセキュリティファイルをいじって古いプロトコルや暗号方式を有効化することで回避できます。

JavaのVersionを古いもの（理想はiDRAC FWのリリース当時のJava）にすることでも解消できそうですが、未検証です。

End Of Support vSphere 6.0 / 12-03-2020

Le mois de Mars prochain vas voir arriver beaucoup de demandes d'update vSphere auprès des fournisseurs de services ...

En effet c'est le sprint final pour vSphere 6.0, passé la date du 12 Mars prochain le support s’arrête

le passage en version supérieure vas donc être de rigueur.

En 6.5 ou mieux en 6.7, mais attention aux matrices de compatibilités :

https://www.vmware.com/resources/compatibility/search.php

certain de vos processeurs et matériels risque de na pas passer cette épreuve ☹

Voici un lien vers un BLOG pour connaitre les nouveautés de la version 6.5 :

https://blogs.vmware.com/vsphere/2016/10/whats-new-in-vsphere-6-5-vcenter-server.html

En cas d’extrême panique ou de palpitations, en pensant à cette proche migration, ne pas hésiter à me contacter pour conseils et autre posologies   

Issue: failed to retrieve version information from remote platform service controller.

• Migrating a Windows Server 2008 R2 installed vCenter Server 6.0 to vCenter Server Appliance 6.7U2 using external PSC,  fails with the Error: failed to retrieve version information from remote platform service controller.
• In the migration-assistant.log, you see entries similar as:

2020-02-17 05:11:35.759Z| migration-assistant-13843380| I: Entering function: ValidateExportDir

2020-02-17 05:11:35.759Z| migration-assistant-13843380| I: DirectoryPermissionCheck: Will check export dir: "C:\Users\Administrator\AppData\Local\VMware\Migration-Assistant\"

2020-02-17 05:11:35.760Z| migration-assistant-13843380| I: GetPathPermissions: Longest existing path for "C:\Users\Administrator\AppData\Local\VMware\Migration-Assistant\" is "C:\Users\Administrator\AppData\Local\VMware\Migration-Assistant\"

2020-02-17 05:11:35.761Z| migration-assistant-13843380| I: GetPathPermissions: Dir  perms for "C:\Users\Administrator\AppData\Local\VMware\Migration-Assistant\": MigrationAssistant R1 W1 E1 D1 Dc1 ACL1 service R69716481 W16843009 E16843009 D16843009 Dc188 ACL48957392 anyone R1228 W48562176 E2753176 D0 Dc7 ACL69009408

2020-02-17 05:11:35.761Z| migration-assistant-13843380| I: GetPathPermissions: Longest existing path for "C:\Users\Administrator\AppData\Local\VMware\Migration-Assistant\" is "C:\Users\Administrator\AppData\Local\VMware\Migration-Assistant\"

2020-02-17 05:11:35.761Z| migration-assistant-13843380| I: GetPathPermissions: File perms for "C:\Users\Administrator\AppData\Local\VMware\Migration-Assistant\": MigrationAssistant R1 W1 E1 D1 Dc1 ACL1 service R69716481 W16843009 E16843009 D16843009 Dc188 ACL48956560 anyone R1228 W48562176 E2753176 D0 Dc7 ACL69009408

2020-02-17 05:11:35.761Z| migration-assistant-13843380| I: ValidateExportDir: Required core space: 5260; core, events and tasks space: 10174; All space: 13452; FreeSpace: 28471;

2020-02-17 05:11:35.761Z| migration-assistant-13843380| I: Leaving function: ValidateExportDir

2020-02-17 05:11:35.761Z| migration-assistant-13843380| I: ConnectToLdapServer: Connecting to ldap server [PSC01.internal.local] on port [636]

2020-02-17 05:11:35.764Z| migration-assistant-13843380| E: ConnectToLdapServer: Failed to connect to the LDAP server. Error code: 81

2020-02-17 05:11:35.764Z| migration-assistant-13843380| W: RetrievePSCMajorMinorVersion: Failed to connect to server [PSC01.internal.local]] to validate PSC version using Platform Services Conntroller LDAPs port [636].

2020-02-17 05:11:35.764Z| migration-assistant-13843380| I: ConnectToLdapServer: Connecting to ldap server [PSC01.internal.local]] on port [11712]

2020-02-17 05:11:56.765Z| migration-assistant-13843380| E: ConnectToLdapServer: Failed to connect to the LDAP server. Error code: 81

2020-02-17 05:11:56.765Z| migration-assistant-13843380| E: RetrievePSCMajorMinorVersion: Failed to connect to server [PSC01.internal.local] on legacy LDAPs port [11712].

Cause: Transport Layer Security (TLS) 1.2 is the default protocol for Platform Service Controller 6.7 by default, while  TLS 1.2 is not supported by default on Windows Server 2008 R2

Resolution:

Enable TLS 1.2 on Windows Server 2008 R2.
Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine.

1. Navigate to the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
2. Create a new folder and label it TLS 1.2.
3. Create two new keys with the TLS 1.2 folder, and name the keys Client and Server.
4. Under the Client key, create two DWORD (32-bit) values, and name them DisabledByDefault and Enabled.
5. Under the Server key, create two DWORD (32-bit) values, and name them DisabledByDefault and Enabled.
6. Ensure that the Value field is set to 0 and that the Base is Hexadecimal for DisabledByDefault.
7. Ensure that the Value field is set to 1 and that the Base is Hexadecimal for Enabled.
8. Reboot the Windows Server 2008 R2 machine.
9. Now re-initiate the migration assistance tool it worked perfectly.

vExpert 2020 Award Announcement - VMware vExpert Blog

Issue: B-series blade fails to power on in UCSM and the following critical fault:

Severity: Critical

Code: F0868

Last Transition Time: 2020-02-25T03:34:17Z

ID: 11500997

Status: None

Description: Motherboard of server 1/7 (service profile: org-root/ls-IN-ESX-01) power: failed

Affected Object: sys/chassis-1/blade-7/board

Name: Compute Board Power Fail

Cause: Power Problem

Type: Environmental

Acknowledged: No

Occurrences: 2

Creation Time: 2020-02-25T03:33:07Z

Original Severity: Critical

Previous Severity: Critical

Highest Severity: Critical

Following entries seen in the server's SEL log:

671 | 02/25/2020 04:23:06 EST | CIMC | Module/Board SUPER_CAP_FLT #0x8f | Predictive Failure deasserted | Asserted

672 | 02/25/2020 04:23:40 EST | CIMC | Processor WILL_BOOT_FAULT #0x90 | Predictive Failure deasserted | Asserted

673 | 02/25/2020 04:23:55 EST | CIMC | Platform alert POWER_ON_FAIL #0x8c | Predictive Failure asserted | Asserted

674 | 02/25/2020 04:24:06 EST | CIMC | Platform alert POWER_ON_FAIL #0x8c | Predictive Failure deasserted | Asserted

675 | 02/25/2020 04:24:58 EST | CIMC | Platform alert POWER_ON_FAIL #0x8c | Predictive Failure asserted | Asserted

Following entries seen in the server's Oblf Log:

Feb 25 04:23:55 EST:4.1(30b):IPMI:1708: Pilot3SrvPower.c:483:  -> Power State On: LPC RESET is     IN RESET; powerOnLPCOff[2b]

Feb 25 04:23:55 EST:4.1(30b):IPMI:1708: Pilot3SrvPower.c:483:  -> Power State On: LPC RESET is     IN RESET; powerOnLPCOff[2c]

Feb 25 04:23:55 EST:4.1(30b):IPMI:1708: Pilot3SrvPower.c:483:  -> Power State On: LPC RESET is     IN RESET; powerOnLPCOff[2d]

Feb 25 04:23:55 EST:4.1(30b):IPMI:1708: Pilot3SrvPower.c:483:  -> Power State On: LPC RESET is     IN RESET; powerOnLPCOff[2e]

Feb 25 04:23:55 EST:4.1(30b):IPMI:1708: Pilot3SrvPower.c:483:  -> Power State On: LPC RESET is     IN RESET; powerOnLPCOff[2f]

Feb 25 04:23:55 EST:4.1(30b):IPMI:1708: Pilot3SrvPower.c:483:  -> Power State On: LPC RESET is     IN RESET; powerOnLPCOff[30]

Feb 25 04:23:55 EST:4.1(30b):IPMI:1708: Pilot3SrvPower.c:483:  -> Power State On: LPC RESET is     IN RESET; powerOnLPCOff[31]

Feb 25 04:23:55 EST:4.1(30b):IPMI:1708: Pilot3SrvPower.c:483:  -> Power State On: LPC RESET is     IN RESET; powerOnLPCOff[32]

SEL log location:

Chassis log bundle -> CIMCx_TechSupport.tar.gz -> var -> log -> sel

OBFL log location:

Chassis log bundle -> CIMCx_TechSupport.tar.gz -> obfl

Cause: This fault is caused by a hardware failure on the motherboard.

Solution:

Attempt following troubleshooting steps:

1. Reset CIMC

2. Physically reseat server in chassis

Note: If the above actions do not resolve issue and blade still does not power on, it is likely there is a hardware failure.

3. Contact Cisco TAC for part replacement.

Request to please like and comment.

自宅ラボの vSphere を眺めていたら、クラスタの vMotion 数がいい感じに増えていました。

そこで vMotion と DRS の様子を、vCenter Server と vRealize Operations Manager（vROps） で

観察する Tips を紹介しようと思います。

今回の環境は、vCenter 6.7 U3 ＋ vROps 8.0 です。

vCenter / vSphere Client での vMotion 観察。

まず、クラスタでの vMotion 数についてです。

vCenter Server では、クラスタごとに vMotion 実行数を記録しています。

自宅ラボのクラスタ「infra-cluster-01」では、これまで 45781 回の vMotion が実行されたことがわかります。

このクラスタでは vSphere DRS が有効化されており、ほとんどの vMotion は自動実行されたものです。

検証環境なので使用リソース増減も激しく、結構頻繁に vMotion が発生します。

vMotion の合計移行回数は、vSphere Client のパフォーマンス チャートでも表示できます。

対応しているカウンタは、クラスタの「仮想マシン操作」→「vMotion 数」です。

直近1年間の、vMotion の積み重ねが可視化されました。

いい感じに自宅ラボが使われていそうな気がします。

しかし、パフォーマンス チャートの情報は一定期間ごとにロールアップされてしまうため、

vCenter だけでは詳しく vMotion の様子を確認しにくいかなと思います。

そこで、vRealize Operations Manager（vROps）でも、

このクラスタでの vMotion の様子を見てみます。

vRealize Operations Manager での vMotion 観察。

vROps を利用すると、過去にさかのぼって一定間隔ごと（最短で5分間隔くらい）の vMotion 数が確認できます。

これで、クラスタで普段と異なる動きがないか確認することもできます。

2月23日あたりのグラフ上昇は、自宅ラボの ESXi を1台ずつローリング アップデートしたため vMotion が特に増えています。

※残念ながらこの vROps は最近デプロイしたもので1年間の情報が蓄積されていないため、年間通してのチャートは表示しません。

さらに、vMotion が DRS によるものか、それ以外（手動 vMotion）なのかも可視化できます。

赤枠内の紫線のところだけは、DRS ではない手動 vMotion のはずです。

おまけとして・・・

本来の利用方法ではないと思いますが、VM がどの時間帯に、どの ESXi ホストにいたかをチャートに表示することもできます。

VM（例では lab-rancher-01）の「メトリック」で、「サマリ」→「親ホスト」のチャートを表示すると、

時系列で VM がどの ESXi で稼働していたか確認することができます。

ただし、ESXi がチャートの縦軸で表現されているので、ESXi 台数が多くなると見にくいかもしれません。

この例の VM は、5台 の ESXi （クラスタは 6ノードですが）の間だけで移動しています。

DRS / vMotion の観察方法はいろいろあり、vCenter のイベント情報や他の vRealize 製品でも違った見方ができます。

今回は、あえて GUI で簡単に確認できそうな方法を選択してみました。

以上、vMotion 観察の Tips 紹介でした。