Quantcast
Channel: VMware Communities : Blog List - All Communities
Viewing all 3135 articles
Browse latest View live

CentOS Kickstart installation with vRealize Automation

$
0
0

vRealize Automation (vRA) provides several methods for provisioning virtual machines from blueprints. These include template based mechanisms as well as workflows leveraging unattended installation procedures to deploy a virtual machine operating system. As some customers do have existing deployment processes they want to leverage a variety of unattended installation methods ranging from SCCM, AutoYaST and RedHat kickstart to name some is supported by vRA.

This blog describes how to leverage kickstart mechanism to deploy a virtual machine in vRealize Automation using CentOS 6.4 x86 as operating system. The process has been tested with vRealize Automation 6.2.3 and version 7.

 

Be aware this blog is not intended to provide a full step-by-step guide and replace documentation. It furthermore covers the whole process in bullet points and highlights important pieces that are not clearly covered in documentation.


Architectural considerations

 

A deployment process in vRealize Automation (vRA) is based on a blueprint which is being cloned when requested by a user. The blueprint itself defines the methodology to be used deploying the virtual machine. In RedHat/CentOS kickstart case there’s a workflow called “LinuxKickstartWorkflow” which is leveraged. Kickstart in a nutshell is the default unattended installation method for RedHat Linux operating systems which is based on a kickstart description file.

Following general steps have to be taken to accomplish the task:

 

  • Preparation of a CentOS installation ISO which is modified to point to an externally hosted kickstart file. CentOS ISO is stored on a vSphere datastore.
  • External kickstart configuration file has to be created to define unattended installation parameters as well as invoke installation of vRA guest agent as last part of the installation. The kickstart file is stored on an external server (e.g. web server)
  • vRA guest agent files have to be stored on a network share (e.g. web server)
  • Blueprint custom properties have to be defined to e.g. point to the installation sources

 

Deployment process in high level:

  • User requests published blueprint
  • Virtual machine is created on vSphere with CentOS iso attached
  • VM is booted up and boots from attached ISO
  • ISO downloads kickstart file from location defined and runs full unattended installation
  • Last part of unattended installation will download guest agent files to virtual machine and install the agent into the virtual machine
  • After reboot guest agent is started automatically and reports “success” to vRA
  • Process is finished in vRA and VM can be managed in “items” view

 

 

Preparation of CentOS ISO

 

An existing CentOS ISO (e.g. downloaded from www.centos.org) has to be prepared to include information where to find the kickstart file. There’s multiple ways to modify content of an ISO file, some of them are using commercial tools as most of the freeware tools do have a limit of 300 or 500MB in writing an ISO file. Due to that this document uses a standard linux operating system which provides the functionality for free and also guarantees it works. Follow these steps to modify the ISO:

  • Provide a web server which is reachable in your network
  • Copy the ISO file to the linux system
  • Loop mount the iso according to this description: http://bencane.com/2013/06/12/mkisofs-repackaging-a-linux-install-iso/
  • In “make your changes” section of above document edit the /var/tmp/linux/isolinux/isolinux.cfg file and add the red append parameters as mentioned below. Replace the <websrv> by the IP address of your web server and adapt the path and file name to your needs. Creation of the kickstart file is described in next section.

 

/var/tmp/linux/isolinux/isolinux.cfg

label linux

  menu label ^Install or upgrade an existing system

  menu default

  kernel vmlinuz

  append initrd=initrd.img --bootproto=dhcp ks=http://<websrv>/vra/ks.cfg

 

  • Save the file and create the ISO as per above link’s description
  • Copy the ISO to a vSphere datastore e.g. by coping it to a Windows system and uploading it to datastore from there

 

kickstart-pic01.png

 

  • Note datastore name (in this case “VM-NFS-01”) and path to ISO file (in this case “/ISO/centos64-unattend.iso”)

 

 

Preparation of kickstart file and guest agent

 

The preparation of the kickstart file is decribed in vRA documentation, see here: http://pubs.vmware.com/vra-62/topic/com.vmware.vra.iaas.virtual.doc/GUID-13EDB88E-DF34-4D82-B17A-CDF6289A2DC8.html

 

The file can simply be generated by a text editor. In this case we are using a slightly modified version compared to the documentation which works as well, see here:

 

ks.cfg

auth --useshadow --enablemd5

bootloader --append="rhgb quiet" --location=mbr --driveorder=sda

zerombr

clearpart --all --initlabel

text

firewall --disabled

keyboard us

lang en_US

logging --level=info

network --bootproto=dhcp --device=eth0 --onboot=on

reboot

rootpw secret

selinux --enforcing

timezone --isUtc America/New_York

install

part / --asprimary --fstype="ext3" --size=4096

part swap --asprimary --fstype="swap" --size=512

%packages

vim-enhanced

%post

 

rpm -i http://<websrvip>/vra/gugent-6.2.2-05062015.i386.rpm

export AXIS2C_HOME=axis2

export PYTHONPATH=/usr/share/gugent/site/dops

echo | openssl s_client -connect <vra-iaas-srv-fqdn>:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /usr/share/gugent/cert.pem

cd /usr/share/gugent

./installgugent.sh <vra-iaas-srv-fqdn>:443 ssl

 

Replace all components marked in RED by the paths, IPs, server names tailored to your environment.

After successful modification name the file “ks.cfg” and store it on the appropriate web server path (referenced from isolinux.cfg in modified CentOS ISO file).

Store the guest agent rpm file on the web server as well in the appropriate path.

 

 

Preparation of the blue print

 

Create a new blueprint and use the Action “Create” as well as provisioning workflow “LinuxKickstartWorkflow”. Fill all other values according to your needs. In addition there’s some custom properties that have to be set to make kickstart installation work. Find an easy example here:

kickstart-pic02.png

Image.ISO.Location = Datastore name where CentOS ISO resides

Image.ISO.Name = path and name of CentOS ISO file related to the root of the above mentioned datastore

VMware.VirtualCenter.OperatingSystem = operating system ID of the OS to be installed.

 

See full reference here: http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.wssdk.apiref.doc%2Fvim.vm.GuestOsDescriptor.GuestOsIdentifier.html

 

After saving the blueprint, publishing and defining the appropriate entitlements you should be able to request a VM which gets fully provisioned by kickstart process.

 

 

Troubleshooting

 

ISO checksum wrong

 

If the ISO generation tool does not create proper ISO checksum you will notice this during boot of the virtual machine created. In early boot stage a related message will come up on the console.

If that’s the case use the recommended way to modify the ISO as per this documentation (using linux system).

 

Guest agent trouble shooting

 

One important step of the whole process is the successful installation of the guest agent. If this step is not done properly the whole process in vRA will stay in “in progress” status and wait for a time out (which will not occur in less than 24 hours). So it’s essential that the guest agent is installed and starts up properly after reboot to report “success” back to vRA.

Some points to look at

  • After deployment the guest agent should be installed. You can check this by running “rpm –qa | grep gugent”. This should show a gugent package with the appropriate version number. If the output is empty gugent has not been installed. In this case check the kickstart script for syntax errors in the “rpm –i" command and also check network configuration for DHCP which is leveraged during kickstart installation.
  • Guest agent communicates with the vRA IaaS Server in an encrypted way. To do this it has to retrieve the client certificate from the IaaS server and store it in a file. Using the default parameters in above configuration files a file called “cert.pem” should be stored under /usr/share/gugent. If it’s not there or its content is empty check availability of the IaaS server during VM installation and check kickstart file for correct syntax. In addition be aware that during installation the virtual machine uses a DHCP IP address. Make sure that this address incl. the assigned DNS server is able to resolve and reach the vRA IaaS server specified in kickstart file properly.
  • Check if vrm-agent is running on the installed virtual machine: “ps aux” should show the appropriate process (VRM_daemon.pl). In addition check if vrm-agent is configured for automatic start with “chkconfig –list” command. If there’s no runlevel entry for vrm-agent but the agent has been installed the kickstart script section with “installgugent.sh” command has failed. This could be the case because cert file is not available or the IaaS server is not reachable.
  • For further trouble shooting there’s a log file GuestAgent.log which provides more in-depth information on guest agent issues as well as another log file /usr/share/gugent/axis2/logs/gugent-axis.log which shows even more details.

VMware TAM Source 8.01 - Happy new Year

$
0
0

FROM THE EDITORS VIRTUAL DESK

Welcome everyone to the first newsletter of 2016! We are delighted to be back and hope that you had a restful holiday season. As usual we will be bringing you all of the relevant VMware news and related information every week to ensure that you are kept up to date with what is going on in the world of VMware.

 

We also plan on extending the newsletter sections as we did last year but also trying to make the newsletter as easy as possible to navigate and find the information you are looking for.


So with that I look forward to bringing you all of the VMware news in 2016 and I hope that you are able to get value out of the newsletter. Please do not hesitate to contact me directly should you wish to provide any feedback on the newsletter.

 

Wishing you a fantastic start to 2016!

Virtually Yours

Neil Isserow

Staff Technical Account Manager, Team Lead

San Francisco, CA


TAM FOUNDATIONAL TRAINING PLAN (Editor: Jodi Shely)
Looking for training resources on VMware Solutions. We have everything you need online and updated regularly.
EUC - http://tinyurl.com/ftpeuc
SDDC - http://tinyurl.com/ftpsddc

 

TAM WEBCASTS (Editor: Michelle Kaiser)

 

Please head over to our dedicated TAM Webcasts online URL:
http://tinyurl.com/tamwebcasts

TAM VCLOUD SUITE RESOURCES ONLINE (Editor: Joseph Suma)
Please check out our ever changing list of resources
http://tinyurl.com/tamvcsresources

NEW AND UPDATES PRODUCTS AND SOLUTIONS
A list of many of our latest updates to existing solutions and any new releases
http://tinyurl.com/tamnewreleases


NEWS AND DEVELOPMENTS FROM VMWARE

GENERAL NEWS

Technical Paper: Installing VMware ESXi 6 Using PXE

It’s 2016, are you still installing VMware ESXi by mounting ISO images in a browser-based console? That’s probably fine for one-off efforts, and it sure beats making a trip to the datacenter with physical CDs, but network deployments are the way of the future. If you have not yet made the move to...

Jan 8, 2016 6:46:50 PM

New NSX KBs, What’s New in vSphere 5.5 Update 3b and Top 20 KB articles

Each month, we share the top VMware Global Support Services (GSS) news, alerts, and announcements from our sister blog, VMware Support Insider . Read on to find out what you might have missed. New NSX KBs you need to know Check out this blog post for last month’s trending Knowledge Base articles ...

Jan 8, 2016 4:02:10 PM

Platform Services Controller (PCS) and vCenter Server 6 Maximums

By Petr McAllister One of my customers successfully completed the VMware vSphere: Fast Track [V6] class. The customer provided a lot of positive feedback in regards to the class, and also about new functionality in vSphere 6. However, one thing was unclear: The instructor stated there is a maximu...

Jan 7, 2016 4:46:33 PM

The Changing Face of Enterprise Data

What constitutes business-critical data for an enterprise today? A decade ago, the answer would be straightforward: the data associated with business-critical applications such as inventory management, email systems, financials, etc. IT was focused primarily on transforming business processes int...

Jan 7, 2016 4:32:15 PM

VCP5-DCV Delta Exam Availability Extended

After reviewing the continued popularity of the VMware Certified Professional 5 – Data Center Virtualization Delta exam for candidates to recertify their VCP5-DCV we have decided to extend the availability date until March 31, 2016 . The exam offers some key advantages: It’s based on new material...

Jan 6, 2016 6:43:50 PM

Top 20 vRealize Operations Manager KBs for December 2015

Resetting the Administrator password in VMware vRealize Operations Manager appliance Update sequence for vSphere 6.0 and its compatible VMware products The VMware vRealize Operations Manager for Horizon (V4H/V4V) 6.2 Broker Agent fails to pair with the Horizon adapter Public Patch (Build 3294016)...

Jan 6, 2016 6:23:04 PM

Top 20 vRealize Automation KBs for December 2015

Repairing or updating the trust between all components within a VMware vRealize Automation environment Update sequence for vSphere 6.0 and its compatible VMware products Removing a virtual machine from Management in VMware vRealize Automation or vCloud Automation Migrating to a new SSO or recover...

Jan 6, 2016 6:18:56 PM

Top 20 vCenter KBs for December 2015

After upgrading an ESXi host to 5.5 Update 3b and later, the host is no longer manageable by vCenter Server Purging old data from the database used by VMware vCenter Server Consolidating snapshots in vSphere 5.x/6.0 Unlocking and resetting the VMware vCenter Single Sign-On administrator password ...

Jan 6, 2016 5:22:30 PM

Top 20 ESXi articles for December 2015

After upgrading an ESXi host to 5.5 Update 3b and later, the host is no longer manageable by vCenter Server Licensing ESXi 5.x and vCenter Server 5.x Licensing ESXi 6.x and vCenter Server 6.x Reverting to a previous version of ESXi Commands to monitor snapshot deletion in VMware ESXi/ESX Collecti...

Jan 6, 2016 1:48:38 PM

Top 20 Articles for December 2015

Here is our Top 20 KB list for December 2015. This list is ranked by the number of times a VMware Support Request was resolved by following the steps in a published Knowledge Base article. Installing VMware Tools in a Fusion virtual machine running Windows Upgrading to Windows 10 using Software U...

vCloud: The Past Week in Review

We’re excited to welcome in the New Year with a fresh round of blogs. Now you can catch up on everything that’s been happening on the VMware vCloud Blog in one place! From Cloud-Native Apps to service provider spotlights, here’s the past week in review: vCloud Air vTech Talk: Take the Quiz, Chart...

Jan 9, 2016 5:00:04 PM

Hybrid Cloud Manager is your Bridge to the Cloud

By: Eiad Al-Aqqad , Consultant Architect and Author of virtualizationteam.com . At VMworld 2015, VMware introduced the Hybrid Cloud Manager, however, with the excitement of the Cross-Cloud VMotion tech-preview that was shown at the same demo, many overlooked the Hybrid Cloud Manager announcement....

Jan 8, 2016 5:13:00 PM

vRealize Operations Manager Tech Tips: Tip #1 – Custom Datacenter object

In vRealize Operations Manager 6.1 we introduced a new construct called Custom Datacenter (CDC). I wanted to describe how to create Custom Datacenter objects, and how you would leverage these objects. The Custom Datacenter object can be created in the vR Ops UI, and you can add one or more Cluste...

Jan 7, 2016 8:25:32 PM

Virtual SAN Stretch Clusters – Real World Design Practices (Part 1)

By Jonathan McDonald This is part one of a two blog series as there was just too much detail for a single blog. I want to start off by saying that all of the details here are based on my own personal experiences. It is not meant to be a comprehensive guide for setting up stretch clustering for Vi...

Jan 7, 2016 6:41:04 PM

vCloud Air Network Service Provider Spotlight: UOLDIVEO

Acquiring and managing a secure cloud network is difficult no matter where you are. But for those who have operations in Latin America and Brazil, setting up and managing a true hybrid cloud can be especially complicated. Thankfully, there’s a simple solution, and that solution is this edition of...

Jan 7, 2016 5:00:22 PM

vRealize Automation: Tribune Media profile in Baseline Magazine

2016 has started out with substantial fanfare for the vRealize Team. The vRealize suite was called out in the Baseline story as a key component of Tribune Media’s “software-defined everything” approach. The article features great quotes from David Giambruno of Tribune on benefits to date of adopt...

Jan 7, 2016 11:01:55 AM

Completely Disable Time Synchronization for your VM

Some administrative practices, like a bad habit, have more lives than the proverbial cat – they tend to stay around forever. It is, therefore, very comforting when one finds a problematic administrative practice that has not just been universally abandoned by administrators, but is also on the to...

Jan 6, 2016 11:34:18 PM

Cloud Native Apps for the OPs Guy – Pt. 1 What the Hell is CNA Anyway?

By: Kevin Gorman, Cloud Specialist at VMware. Reposted from Zerotin.org . DevOps, containers and every other buzzword bingo concept seem to be severely muddying the waters of understanding the practicality of web-scale application development and it’s relevance to the everyday Operations Team. I’...

Jan 6, 2016 5:00:11 PM

Bringing XenDesktop and XenApp Users and Sessions to vRealize Operations

By: Mike Langdon, Blue Medora If you are a XenDesktop or XenApp admin, an all too common complaint is: “My desktop is so slow.” If one user is complaining, chances are that many more are suffering. This is where vRealize Operations comes in. Using the Management Pack for XenDesktop and XenApp, we...

Jan 6, 2016 11:01:45 AM

vCloud Air vTech Talk: Take the Quiz, Chart Your Course

Happy New Year from the VMware vCloud Air Community! As 2016 gets underway, it’s the perfect time to assess your cloud computing strategy for the coming year. Where are you on the journey to the public cloud? And where do you want to be? In this week’s vTech Talk, we’re highlighting the vCloud Ai...

Jan 5, 2016 5:00:20 PM

VMware NSX and Split and Smear Micro-Segmentation

While external perimeter protection requirements will most likely command hardware acceleration and support for the foreseeable future, the distributed nature of the services inside the data center calls for a totally different set of specifications. Some vendors have recently claimed they can ac...

Jan 5, 2016 1:00:34 PM

END USER COMPUTING

Email’s Stayin’ Alive…and Evolving with Mobile Collaboration

In recent years, businesses have been disaster-prepping for the certain doom and demise of email . The shift seemed inevitable: email is fundamentally flawed (hello, information overload), better technology exists and new generations are ushering in brand new ways of communicating. But 2016 is sh...

Jan 8, 2016 4:00:51 PM

This Week’s Top Mobile News Headlines

VMware and Intel Security alliance helps IT level up mobile security. Two tech giants announced their collaboration to integrate mobile security into the enterprise threat defense lifecycle. What does that mean? Intel + AirWatch customers can now respond to ever-increasing mobile threats faster a...

Jan 8, 2016 2:54:58 PM

Feature and Mobile Updates: December 2015

Happy New Year everyone! 2016 will be a very exciting year for Socialcast and we can’t wait to share all the new things currently in the works. But first, let’s take a look back at all the feature enhancements and mobile apps that were released in December to round out 2015. 1. Improved Search Re...

Jan 7, 2016 11:09:44 PM

Every Business Is a Digital Business. So What’s Next?

In 2013, the phrase “every business is a digital business” sparked an “aha!” moment for every company, across every industry. Two years later, where are we now? As companies reach digital maturity, what’s next? The digital transformation isn’t over, yet, according to Sanjay Poonen , executive vic...

Jan 7, 2016 2:05:40 PM

Transforming Healthcare: VITAS Embraces the Power of Mobile Devices

It’s that time of year again when we begin to pack up holiday decorations and do our level best to set goals for what we want to accomplish in the coming year. As the CIO for VITAS Healthcare—the nation’s leading provider of end-of-life care—I have one item that I think should be high on every […]

Jan 7, 2016 12:56:24 PM

Getting Started with VMware Fusion eBook: $5

Happy new year friends! Did you know about this little book I wrote called ‘Getting Started With VMware Fusion’ ? No? Well good news! It’s on sale for $5! Before I moved down here to Silicon Valley, I was a lead on the Fusion / Workstation Support team in Canada, and in 2014 I was asked by the go...

Jan 6, 2016 9:49:18 PM

Want to Look Like a Genius at Work? Grow Your Social Circle

Even great teams grow stale if they never collaborate beyond their inner circle. The most creative contributors and fastest problem-solvers often have the largest social circles at work. If you really want to work smarter and get ahead in 2016, it’s time for your tiny social bubble to pop and to ...

Jan 6, 2016 4:00:50 PM

Every Business Is a Digital Business. So What’s Next?

In 2013, the phrase “every business is a digital business” sparked an “aha!” moment for every company, across every industry. Two years later, where are we now? As companies reach digital maturity, what’s next? The digital transformation isn’t over, yet, according to Sanjay Poonen, executive vice...

Jan 6, 2016 3:56:43 PM

New AirWatch and Intel Alliance Levels up Your Mobile Security

The complex mobile threat defense lifecycle is about to get a lot shorter, thanks to a new partnership announced today between AirWatch and Intel Security. By entering into each other’s security programs—the Intel Security Innovation Alliance™ and the AirWatch Mobile Security Alliance (MSA)—mutua...

Jan 5, 2016 5:00:26 PM

Download the 3-Part Guide to Developing a BYOD Strategy

Is your organization ready to take advantage of BYOD, but aren’t sure where to start? Today, we launched a simple 3-part BYOD strategy guide that walks you through specific device- and user-based policy considerations, outline critical areas for content access, security practices, and compliance ...

Jan 5, 2016 2:30:20 PM

Legal Firm’s CIO Makes His 2016 Business Mobility Predictions

2015 was another year of growth in mobility at Dowling Aaron, as we not only reached new mobile users but current users extended their mobility profile. Each year, we add more and more mobile users as they see their peers reach new heights of productivity and collaboration. In the legal industry,...

Jan 4, 2016 1:15:40 PM

VMware TAM Source 8.02

$
0
0

FROM THE EDITORS VIRTUAL DESK

Welcome to the latest edition of the VMware TAM Weekly Newsletter. This week we have 2 items that may be of interest to you apart from the usual news and updates. First off we have a blog posting from the official VMware TAM Blog. This is titled "Platform Services Controller (PCS) and vCenter Server 6 Maximums". A preview of the article is below with a link to the full article. If you are new to vSphere 6 then I suggest that this would be a very good read.

We also have a new section that is actually an old section we are bringing back. This is "Tweets of the Week" and features 5 specifically selected Tweets that our Twitter Account Manager has selected to showcase each week.

There is also a summary of the TAM Social Media Assets now in every newsletter. These include links to our official blog, Twitter, Facebook and more. As we progress we will include other items for you to connect with us on.

I wish you all a successful week ahead and look forward to bringing you further news and updates next week.

 

Virtually Yours

Neil Isserow

Staff Technical Account Manager, Team Lead

San Francisco, CA


TAM SOCIAL MEDIA ASSETS (Owner: Neil Isserow)
Facebook - www.facebook.com/vmwaretam/
Twitter - @VMwareTAM (twitter.com/vmwareTAM)
Blog - blogs.vmware.com/tam
Newsletter Archive - communities.vmware.com/blogs/vmwaretam

TAM TWEETS OF THE WEEK (Editor: Daniel Mizrahi) - twitter.com/vmwareTAM
- VMware's five key cloud-native computing investments | https://t.co/fcuXu9av5Thttps://t.co/zZKwDWst21
- VMware's Casado warns Congress of insufficient national cyber defenses | https://t.co/65tG9zU9GQhttps://t.co/C2ZUeTGIED
- Photon Platform Devbox: give it a try! | https://t.co/R8xHs6dC7bhttps://t.co/PDyb0i8312
- Datacenter Infrastructure Architectural Rules | https://t.co/XeM8VWE6rkhttps://t.co/vpY7mEbT2o
- VMware sets course on future strategies | https://t.co/axSZAPD32khttps://t.co/FM7XbE7LOa

TAM FOUNDATIONAL TRAINING PLAN (Editor: Jodi Shely)
Looking for training resources on VMware Solutions. We have everything you need online and updated regularly.
EUC - bit.ly/tamftpeuc
SDDC - bit.ly/tamftpsddc

 

TAM WEBCASTS (Editor: Michelle Kaiser)

 

Please head over to our dedicated TAM Webcasts online URL:
http://bit.ly/tamwebcasts

TAM VCLOUD SUITE RESOURCES ONLINE (Editor: Joseph Suma)
Please check out our ever changing list of resources
http://bit.ly/tamvcsresources

NEW AND UPDATES PRODUCTS AND SOLUTIONS
A list of many of our latest updates to existing solutions and any new releases
http://bit.ly/tamnewreleases


NEWS AND DEVELOPMENTS FROM VMWARE

GENERAL NEWS

vRealize Automation 7.0, Virtual SAN Stretch Clusters, and The Cloud Business Manager Role

The VMware blogosphere is a wealth of knowledge covering everything from how-to content to put your skills to the test, to strategic concepts that can help you think differently about work. Check out a few of the latest posts from the Professional Services bloggers below! VMware vRealize Automati...

Jan 15, 2016 4:17:30 PM

Host disconnected from vCenter and VMs showing as inaccessible

Another deep-dive troubleshooting blog today from Nathan Small (twitter account: @vSphereStorage ) Description from customer: Host is getting disconnected from vCenter and VMs are showing as inaccessible. Only one host is affected. Analysis: A quick review of the vmkernel log shows a log spew of ...

Jan 15, 2016 1:30:54 PM

TLDR

By Tim Aines I learned a new acronym yesterday. One apparently invented by in-a-hurry techie Millennials. It showed up in a VMware technical analysis I was reading. In this otherwise extremely useful document was a sentence near the end that started out “TLDR.” A naturally curious type, I sort of...

Jan 14, 2016 8:51:04 PM

How to Overcome the Resistance to Change

By Gordon Hodgson As the New Year begins IT Organizations are beginning to implement their strategies for 2016 which will bring change to their operations that will have impact their staff. Mark Fields, the CEO at Ford addresses strategy when he is quoted as saying, “You can have the best plan in...

Jan 14, 2016 8:45:53 PM

Learn how to upload virtual machines from VMware Workstation 12 to vCloud Air

In our previous video tutorial Learn how to connect VMware Workstation to vCloud Air , we demonstrated how quick and easy it is to connect your VMware Workstation application to a vCloud Air instance. In this video tutorial we show how you can upload a virtual machine from your Workstation instal...

Jan 14, 2016 4:55:25 PM

Learn how to connect VMware Workstation to vCloud Air

Did you know that you can connect your VMware Workstation application to a VMware vCloud Air instance? Well, in this short and snappy video tutorial you will learn how you do just that. For additional information and instructions, see VMware Knowledge Base article Connecting to VMware vCloud Air ...

Jan 14, 2016 4:53:21 PM

2016 VCDX Workshop Locations and Registrations

Happy New Year Everyone! I hope everyone had a safe and happy New Year. I wanted to provide a quick update on 2016 VCDX Workshops. In 2015, we established a new process that aligned workshops with key VMUG events. This worked out extremely well to combine efforts and combine events. We also learn...

Jan 11, 2016 4:25:05 PM

vCloud Air: The Past Week in Review

The cloud is constantly changing and it can be hard to keep up, but now you don’t have to miss a beat. Catch up on everything that’s been happening on the VMware vCloud Air Blog in one place! From RAM upgrades to vTech Talks, here’s the past week in review: WEBCAST: Navigating Important Cloud Dec...

Jan 16, 2016 5:00:43 PM

Upcoming Webcast: Expert Panel on Cloud Automation

Join us for a live, online event where Christian Paulus, Director of Product Marketing for Cloud Management will lead an expert panel on cloud automation. The panel will go through a series of demos and questions that will explore how IT teams can automate the delivery and ongoing management of s...

Jan 16, 2016 11:00:52 AM

WEBCAST: Navigating Important Cloud Decisions for 2016

Are you evaluating public clouds but don’t know where to begin? Are you wondering if you should compare features and functions, look at analyst ratings, or hire a consultant? Join Angelos Kottas, VMware Senior Director, Product Marketing, for this hour-long webcast on January 19 th at 11am PST to...

Jan 15, 2016 5:40:14 PM

Automating VMware NSX Security Rules Creation using Splunk and Some Code

The VMware NSX network virtualization platform allows us to build sophisticated networking and security constructs in software. NSX has a rich RESTful API which allows one to build highly flexible and automated environments. In this blog, we’re going to focus on operations and automation; we’ll d...

Jan 15, 2016 1:00:11 PM

RevenueWell draws on vCloud Air Network partner Armor to Deliver Security and Scalability

RevenueWell provides a patient marketing and communications suite for dentists everywhere. It currently helps over 3,500 dental offices to streamline their day-to-day operations, so they can get back to doing what they do best: provide quality dental care to patients. But part of providing qualit...

Jan 14, 2016 5:00:56 PM

The Best of Both Worlds with Advanced Networking Services

By: Penny Collen , Financial Solutions Architect, Thought Leader, Blogger, and Speaker Ask CIOs why they move workloads to the cloud and you will hear “cost savings” and “agility.” Ask those same CIOs why they are not using more cloud services and they will probably say security concerns. Securit...

Jan 13, 2016 5:00:37 PM

vCloud Air vTech Talk: Launch and secure applications with Bitnami and vCloud Air

Quick: How is it possible to configure secure, functioning applications and servers in just a few clicks and minutes? If you answered “Bitnami and vCloud Air,” then yeah, you probably read the title. In this episode of vCloud Air vTech Talk, our series highlighting tips, tricks and resources for ...

Jan 12, 2016 5:00:42 PM

Creating a Custom Role for SQL DBAs with the Management Pack for Microsoft SQL Server

By: Greg Hohertz, Blue Medora As you expand the reach of vRealize Operations Manager outside the realm of vSphere and down the stack into your compute, network and storage infrastructure and up the stack in databases, middleware, and applications, you’ll quickly find the need to create custom gro...

Jan 12, 2016 11:01:56 AM

Dedicated Cloud RAM Upgrade

The vCloud Air team is pleased to announce that we have increased the RAM in our Dedicated Cloud service to 240GB per host in all locations. This gives all customers, particularly the early adopters, more RAM and enables all users to create VMs up to 240GB in size. Benefits of this upgrade includ...

Jan 11, 2016 5:00:18 PM

Log Insight for Web Traffic

Happy New Year! You may have noticed in late December some new Log Insight content packs were published to the marketplace. In this post I would like to talk about which content packs were released and the value they provide. Background A total of 5 content packs were released: Apache – CLF Apach...

Jan 11, 2016 2:00:48 PM

END USER COMPUTING

Five Great Reasons for VMware Horizon Air

By Anthony Rizzo – Staff End-User-Computing Technologist, VMware As a VMware End-User-Computing Specialist, I encounter many people who still have not been exposed to the basic concepts of desktop virtualization and desktop as a service (DaaS). After these concepts are explained, the majority of ...

Jan 15, 2016 10:40:52 PM

What’s an Enterprise Social Network Got to Do with Sales?

By Randy Ferree, Mid Market Account Executive at VMware AirWatch Account Executive Randy Ferree shares how the sales team here at VMware AirWatch uses enterprise social network Socialcast to work faster, elevate the customer experience and build camaraderie. As an account executive, it’s my job t...

Jan 15, 2016 4:00:41 PM

mPOS Is the New Barcode: Retail Mobility Expected to Explode

Though it’s difficult to remember a time before it, the barcode actually just took off about 30 years ago after some resistance. Since then, barcodes have sped up checkout lines and provided powerful market data across the entire retail industry, reaching 80-90 percent adoption among the Fortune ...

Jan 15, 2016 4:00:21 PM

This Week’s Top Mobile News: Windows 10, iOS 9.3, CES and MWC 2016

Pretty please, with sugar on top, upgrade to Windows 10? Microsoft officially ended support for Windows 8 last weekend and started pushing users of small business PCs to upgrade to Windows 10 with new notifications. Computerworld noted, this could possibly impact pockets of users at large organiz...

Jan 15, 2016 3:09:37 PM

A Look at Mobile World Congress 2016: It’s Going to Be Epic

Apps, enterprise wearables, smart machines, money…everything’s coming up mobile. And the world’s biggest, annual conference on mobile trends and mobile innovation, Mobile World Congress 2016, is coming up soon, Feb. 22–25 in Barcelona, to cover it all. Mobile World Congress is the place for indus...

Jan 14, 2016 4:29:03 PM

A Look at Mobile World Congress 2016: It’s Going to Be Epic

Apps, enterprise wearables, smart machines, money…everything’s coming up mobile. And the world’s biggest, annual conference on mobile trends and mobile innovation, Mobile World Congress 2016 , is coming up soon, Feb. 22–25 in Barcelona, to cover it all. Mobile World Congress is the place for indu...

Jan 14, 2016 4:07:14 PM

Workaround for the NAT port forwarding issue in Fusion 8.1

We recently discovered that NAT network port forwarding doesn’t work properly in Fusion 8.1. While the VMware Fusion team is working on a fix which will be included in the next update, here is a temporary workaround. Steps: Download the NAT network component from https://www.vmware.com/go/ dl_vmn...

Jan 13, 2016 10:18:20 PM

Sneak Peek: AirWatch Content Locker Gets a New Look & Feel

A new AirWatch Content Locker is officially on the way. Following up on communications sent to AirWatch Content Locker administrators earlier this month, we’re so excited to share that your feedback has helped us develop an exciting new user interface for our popular secure content collaboration ...

Jan 13, 2016 6:21:19 PM

Trash Gets Smart: AirWatch Developers Hack Garbage Collection

Every mobile innovation starts with a problem. Ours was garbage. Our local city civic authorities in India struggle to find the best alternative for efficient garbage collection. Bin pickers constantly make rounds to check how full every garbage bin is, wasting time and resources. My team (Suprit...

Jan 13, 2016 2:01:07 PM

Southern States Transforms Customer Experience by Modernizing Retail Operations | VMware Horizon

Southern States Cooperative asked Steve Tupponce’s team to accomplish two things: improve the customer experience in the field and centralize its point-of-sale and agronomy systems. In the video below, the manager of infrastructure and delivery services shares his journey of evaluating multiple o...

Jan 12, 2016 8:12:31 PM

mPOS Is the New Barcode: Retail Mobility Expected to Explode

Though it’s difficult to remember a time before it, the barcode actually just took off about 30 years ago after some resistance. Since then, barcodes have sped up checkout lines and provided powerful market data across the entire retail industry, reaching 80-90 percent adoption among the Fortune ...

Jan 12, 2016 3:01:42 PM

Look Who’s Talking EUC + Mobile Retail at NRF 2016

Consumers aren’t coming to retail stores as much as they used to, but when they do, they are better educated and expect exceptional service. To stay current in this highly competitive new retail world, retailers are finding innovative ways to deliver delightful customer experiences and the produc...

Jan 11, 2016 12:50:35 PM

Look Who’s Talking Mobile at NRF 2016

Consumers aren’t coming to retail stores as much as they used to, but when they do, they are better educated and expect exceptional service. To stay current in this highly competitive new retail world, retailers are finding innovative ways to deliver delightful customer experiences and the produc...

Jan 11, 2016 12:45:10 PM

Installing and configuring Endpoint Operations vCenter Monitoring Solution

$
0
0

Installing and configuring Endpoint Operations  vCenter Monitoring Solution

 

The new vCenter Monitoring Solution is based on the EPOPS Agent.

Documentation:

https://c368768.ssl.cf1.rackcdn.com/product_files/25806/original/vCenter_Solution_1.1_Guidefadf2b185bd8c71f01f43301f65f1d06.pdf

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2133716

Ingredients:


1. vRealize Operations Manager 6.1 -> You already have it installed, if not, download it

     ->https:/my.vmware.com/group/vmware/info?slug=infrastructure_operations_management/vmware_vrealize_operations/6_1

2. vRealize Operations EndPoint Agent installable -> download the 64-bit version from

     -> https://my.vmware.com/group/vmware/details?downloadGroup=VROPS-610&productId=538&rPId=8818

3. vCenter Monitoring Solution Management Pack (PAK-File) -> not easy to find, but it is on

      -> https://solutionexchange.vmware.com/store/products/130354

4. vCenter Server access with administrator / root privileges -> in my case Linux vCSA

 

Instructions:

 

1. Install and configure EPOPS Agent on the vCenter

2. Install and configure vCenter Monitoring Management Pack

****************

1. Detailed instructions - The Agent

1.1 Download the agent (Linux 64-bit)  from here:

11-detailed-instructions---the-agent.png

1.2 Run RPM-installation

vcsa-01a:~ # rpm -Uvh epops-agent-x86-64-linux-6.1.0-3030162.rpm
Preparing...                ########################################### [100%]
Password for `epops' is already locked!
1:epops-agent            ########################################### [100%]insserv:
Service syslog is missed in the runlevels 2 to use service cgconfigepops-agent              0:off  1:off  2:off  3:on  4:off  5:on  6:off
End Point Operations Management Agent has successfully been installed to /epops-agent
, and the service is configured to start at boot using the "epops" user credentials.
Note that some plug-ins require special permissions to discover and monitor their ap  plications.
Verify that the "epops" user has the necessary permissions.
Before you start the service, perform one of the following processes:* 
Begin the interactive setup by starting the epops-agent service.* 
Edit the /epops-agent/conf/agent.properties file, by uncommenting and modifying the agent.setup values,
then start the epops-agent service.Run 'service epops-agent start' to start the epops-agent service...

1.3 Change agent user to root

Open the /etc/init.d/epops-agent file in a text editor.


1.3.1 Change the line:


RUN_AS_USER=epops

to

RUN_AS_USER=root 

 

1.3.2 Also find the line below:

AGENT_CTL="su $RUN_AS_USER -s $SHELL $AGENT_INSTALL_DIR/epops-agent/bin/ep-agent.sh"
and remove $SHELL, such that the line now reads:
AGENT_CTL="su $RUN_AS_USER -s $AGENT_INSTALL_DIR/epops-agent/bin/ep-agent.sh"
13-change-agent-user-to-root.png

1.4 Configure the agent by starting the service for the first time

vcsa-01a:~ # service epops-agent start

Starting End Point Operations Management Agent...... running (1919).

[ Running agent setup ] - The agent generated the following token    1453723755661-608569690955820004-2774624980274959717

Enter the server hostname or IP address: vrops-01a.corp.local

Enter the server SSL port [default=443]: - Testing secure connection ...

...

 

Do you trust this certificate (yes/no/more)? [default=no]: yes

- Connection successful.

Enter your server username: admin

Enter your server password:

- Registering the agent with server.

- The agent has received a client certificate from server.

- The agent has been successfully registered.

1.5 Check and write down postgres user and password

 

This password will be used later on to configure the postgres monitoring plugin in vR Ops:

vcsa-01a:~ # cat  /etc/vmware-vpx/vcdb.properties

driver = org.postgresql.Driver

dbtype = PostgreSQL

url = jdbc:postgresql://localhost:5432/VCDB

username = vc

password = DKTRP){3d$1sHvCZ

password.encrypted = false

2. Detailed Instructions: The Management Pack

2.1 Management Pack installation and configuration

Download vCenter Self-Monitoring Solution management pack from here:    https://solutionexchange.vmware.com/store/products/130354

2.2 Install the managent pack

Log in to vRealize Operations manager as "admin" and go to Solution, click on the + sign and install the management pack.

22-install-the-managent-pack.png

2.3 Configure solution credentials in vR Ops

Once the management pack installed and assuming the agent is already running a list of new resources will appear. Go to "Administration -> Inventory Explorer -> Adapter Types -> EP Ops Adapter" and select "vCenter App Server- your-vcsa-hostname" object. Press the pencil symbol ot edit it.

23-configure-solution-credentials-in-vr-ops.png

2.4 Add vCenter web credentials

Click on + to create new credentials

24-add-vcenter-web-credentials.png

2.5  Provide user name and password

25--provide-user-name-and-password.png

2.6 Configure postgress agent

Now select the object called "PostgreSQL - your vcsa hostname" and click on the pencil to edit it. Add the postgres credentials acquired in the step 1.5.

26-configure-postgress-agent.png

2.7 Check both configured objects have green collection status:

After a while (5 minutes) both configured objects should show gree collection status.

27-check-both-configured-objects-have-green-collection-status--.png

2.8 Check new data

Check new objects and data under Environment -> Operating Systems World -> Linux -> vcsa-host..

28-check-new-data.png

2.9. Check new vCenter App Server dashboard

29-check-new-vcenter-app-server-dashboard.png

2.9 Check new Alerts for vCenter Monitoring

Filter based on "Adapter Type = EP Ops Adapter"

210-check-new-alerts-for-vcenter-monitoring.png

Linux ゲストで VMDK サイズを拡張してみる。

$
0
0

ESXi では VM のディスク(VMDKファイル)拡張は簡単にできます。

その VMKD 拡張後にゲスト側ではどうしたらよいか聞かれることが多いので

Linux ゲストを例として、ディスク拡張をやってみます。

 

VMの仮想ディスク拡張の考え方。

仮想ディスクのサイズ拡張は、VMだけでなくゲスト側でも作業が必要です。

下のレイヤから順に拡張作業することになります。

ちなみに、今回はの環境は・・・

  • ESXi は、6.0 U1 。VMバージョンは 11。(vmx-11)
  • VM では「準仮想化」の SCSI コントローラを使用している。
  • ゲスト OS は、Oracle Linux 6.7。 (ただし仮想マシンのタイプは RHEL6)
  • 拡張する VMDK は、VM の「ハードディスク 2」。ゲスト OS では /dev/sdb と認識されている。
  • ゲスト OS では、ディスクは単一パーティション(/dev/sdb1)だけ。
  • ゲスト OS では、/dev/sdb1 に ext4 ファイルシステムを作成している。
  • /dev/sdb では、ゲスト OS での LVM は使用していない。

vmdk-extend.png

 

最初の状態を確認しておきます。

 

OS は、Oracle Linux 6.7 です。RHEL 6.x や CentOS 6.x でも同様な手順が使えるはずです。

[root@ol67-vm01 ~]# cat /etc/oracle-release

Oracle Linux Server release 6.7

 

パーティションを見てみます。

今回、拡張する VMDK は /dev/sdb で、パーティションは /dev/sdb1 です。

[root@ol67-vm01 ~]# cat /proc/partitions | grep sdb

   8       16   10485760 sdb

   8       17   10485744 sdb1

 

今回は sfdisk コマンドでパーティション拡張してみます。

sfdisk でも、初期状態を見ておきます。

※-uM は MB 表示、-uS はセクタ表示です。

[root@ol67-vm01 ~]# sfdisk -l -uM /dev/sdb

 

ディスク /dev/sdb: シリンダ数 10240、ヘッド数 64、32 セクタ/トラック

Units = 1048576 バイトをメガバイト、1024 バイトのブロック、0 から数えます

 

デバイス ブート 始点   終点   MiB  #ブロック   Id  システム

/dev/sdb1         0+ 10239  10240-  10485744   83  Linux

/dev/sdb2         0      -      0          0    0  空

/dev/sdb3         0      -      0          0    0  空

/dev/sdb4         0      -      0          0    0  空

 

[root@ol67-vm01 ~]# sfdisk -l -uS /dev/sdb

 

ディスク /dev/sdb: シリンダ数 10240、ヘッド数 64、32 セクタ/トラック

ユニット = 512 バイトのセクタ、0 から数えます

 

デバイス ブート    始点      終点    #セクタ  Id システム

/dev/sdb1            32  20971519   20971488  83  Linux

/dev/sdb2             0         -          0   0  空

/dev/sdb3             0         -          0   0  空

/dev/sdb4             0         -          0   0  空

 

ファイルシステムは ext4 にしています。だいたい 10 GB です。

[root@ol67-vm01 ~]# df -hT

Filesystem           Type   Size  Used Avail Use% Mounted on

/dev/mapper/vg_ol67min-lv_root

                     ext4    14G  1.7G   12G  14% /

tmpfs                tmpfs  873M     0  873M   0% /dev/shm

/dev/sda1            ext4   477M   72M  376M  16% /boot

/dev/sdb1            ext4   9.8G   23M  9.2G   1% /u01

 

ファイルシステム上のファイルが読み取れることを確認しておきます。

[root@ol67-vm01 ~]# cat /u01/test.txt

abcd

efg

 

 

1. 仮想ディスク(VMDK)の拡張。

 

vSphere Web Client で作業します。

拡張したい VMDK を接続している VM の「設定の編集」の、

「仮想ハードウェア」→「ハードディスク 2」のサイズを増やします。

※逆に、サイズを縮小することはできません。

 

現状では、10GB です。

vmdk-extend-01.png

 

サイズを 20GB に増やしました。

vmdk-extend-02.png

 

VM のサマリ画面でも、容量が 20GB になったことがわかります。

vmdk-extend-03.png

 

2. パーティションの拡張。

 

これは、Linux ゲスト に直接ログインして作業します。

 

まず、ファイルシステムをアンマウントしておきます。

今回、/dev/sdb1 は、/u01 にマウントしています。

※ディレクトリやファイルをつかんでいるアプリケーションなどは停止しておく必要があります。

[root@ol67-vm01 ~]# umount /u01

 

この時点では、まだ VMDK のサイズ拡張が認識されていないはずです。

[root@ol67-vm01 ~]# cat /proc/partitions | grep sdb

   8       16   10485760 sdb

   8       17   10485744 sdb1

 

パーティションテーブルを、いったん再読み込みします。

[root@ol67-vm01 ~]# sfdisk -R /dev/sdb

 

VMDK の拡張が認識されます。

[root@ol67-vm01 ~]# cat /proc/partitions | grep sdb

   8       16   20971520 sdb

   8       17   10485744 sdb1

 

/dev/sdb1 パーティションを拡張します。

今回は、開始セクタ(sfdisk -l -uS 表示の「開始」)が 32 なので、

[root@ol67-vm01 ~]# sfdisk -l -uS /dev/sdb

 

ディスク /dev/sdb: シリンダ数 20480、ヘッド数 64、32 セクタ/トラック

ユニット = 512 バイトのセクタ、0 から数えます

 

デバイス ブート    始点      終点    #セクタ  Id システム

/dev/sdb1            32 20971519   20971488  83  Linux

/dev/sdb2             0         -          0   0  空

/dev/sdb3             0         -          0   0  空

/dev/sdb4             0         -          0   0  空

 

32 セクタから末尾まで拡張してみます。

[root@ol67-vm01 ~]# echo '32,,' | sfdisk -uS /dev/sdb

現在、誰もこのディスクを使っていないかを調べます...

OK

 

ディスク /dev/sdb: シリンダ数 20480、ヘッド数 64、32 セクタ/トラック

古い場面:

ユニット = 512 バイトのセクタ、0 から数えます

 

デバイス ブート    始点      終点    #セクタ  Id システム

/dev/sdb1            32  20971519   20971488  83  Linux

/dev/sdb2             0         -          0   0  空

/dev/sdb3             0         -          0   0  空

/dev/sdb4             0         -          0   0  空

新たな場面:

ユニット = 512 バイトのセクタ、0 から数えます

 

デバイス ブート    始点      終点    #セクタ  Id システム

/dev/sdb1            32  41943039   41943008  83  Linux

/dev/sdb2             0         -          0   0  空

/dev/sdb3             0         -          0   0  空

/dev/sdb4             0         -          0   0  空

警告: ブート可能な基本パーティションがありません

LILO にとっては問題ありませんが、DOS MBR はこのディスクをブートできなく

なってしまいます。

新たなパーティションの書き込みに成功

 

パーティションテーブルを再読み込み中...

 

もし、DOS パーティションを作成または変更したならば -- たとえば /dev/foo7 、

dd(1) をつかって最初の 512 バイトをゼロにして下さい:

dd if=/dev/zero of=/dev/foo7 bs=512 count=1

(詳細は fdisk(8)を見てください。)

 

この時点だと、まだ /dev/sdb1 に作成された ext4 のファイルシステムは拡張されていません。

[root@ol67-vm01 ~]# mount /u01

[root@ol67-vm01 ~]# df -hT /u01

Filesystem     Type  Size  Used Avail Use% Mounted on

/dev/sdb1      ext4  9.8G   23M  9.2G   1% /u01

 

3. ファイルシステムの拡張。

 

引き続き、Linux ゲスト にて作業します。

いちおう、ファイルシステムをアンマウントしておきます。

[root@ol67-vm01 ~]# umount /u01

 

そして、ファイルシステムチェック(e2fsck)を実施した後に、

ファイルシステムを拡張(resize2fs )します。

[root@ol67-vm01 ~]# e2fsck -f /dev/sdb1

e2fsck 1.43-WIP (20-Jun-2013)

Pass 1: Checking inodes, blocks, and sizes

Pass 2: Checking directory structure

Pass 3: Checking directory connectivity

Pass 4: Checking reference counts

Pass 5: Checking group summary information

/dev/sdb1: 12/655360 files (0.0% non-contiguous), 79664/2621436 blocks

[root@ol67-vm01 ~]# resize2fs /dev/sdb1

resize2fs 1.43-WIP (20-Jun-2013)

Resizing the filesystem on /dev/sdb1 to 5242876 (4k) blocks.

The filesystem on /dev/sdb1 is now 5242876 blocks long.

 

これで、ファイルシステムも 20GB に拡張されました。

[root@ol67-vm01 ~]# mount /u01

[root@ol67-vm01 ~]# df -hT /u01

Filesystem     Type  Size  Used Avail Use% Mounted on

/dev/sdb1      ext4   20G   28M   19G   1% /u01

 

もともと配置していたファイルが読み取れています。

[root@ol67-vm01 ~]# cat /u01/test.txt

abcd

efg

 

Linux のディストリビューションや、LVM 利用の有無、ファイルシステムの種類によって

使用するツールやコマンドラインは変わりますが、このような流れで VM のディスク拡張が可能です。

また、実際にディスク拡張をする場合は、

事前に拡張対象ファイルシステムにあるデータのバックアップを取得しておくとよいと思います。

 

以上、VM のディスク拡張についてでした。

Docker Hub OFFICIAL の VMware Photon リポジトリが公開されました。

$
0
0

VMware Photon OS の、Docker Hub オフィシャルリポジトリが公開されました。

Docker コンテナイメージが「docker pull photon」でダウンロードできます。

 

Three New Official Repos Join the Docker Library

http://blog.docker.com/2016/01/three-new-official-repos-join-the-docker-library/http://blog.docker.com/2016/01/three-new-official-repos-join-the-docker-library/

 

Docker Hub の photon リポジトリ。

https://hub.docker.com/r/library/photon/https://hub.docker.com/r/library/photon/

 

リポジトリの Tag を見ると、現時点(2016/01)でインストーラの ISO イメージが公開されている

Photon OS 1.0 TP2 と、それよりも新しい 1.0 RC が公開されています。

この時点の latest Tag は 1.0RC のイメージに割り当てられています。

Image.png

 

ということで、Docker Hub オフィシャルのイメージからコンテナを起動してみます。

 

オフィシャル photon イメージからコンテナ起動。

 

Docker ホストは、Photon OS 1.0 TP2 を使用しています。

root [ ~ ]# cat /etc/photon-release

VMware Photon Linux 1.0 TP2

 

今回の Docker ホストは、photon21 というホスト名にしています。

root [ ~ ]# uname -n

photon21

 

Docker Hub のオフィシャルの photon はこれです。

NAME に「/」がなく、OFFICIAL が [OK] になっています。

root [ ~ ]# docker search photon | grep -v /

NAME                                 DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED

photon                               Photon OS is a technology preview of a min...   5         [OK]

 

イメージをダウンロード(pull)してみます。

タグなしで「photon」と指定しているので、「photon:latest」がダウンロードされます。

root [ ~ ]# docker pull photon

Using default tag: latest

latest: Pulling from library/photon

2b04b19ccb4f: Pull complete

a7d41096d06c: Pull complete

b12b5ead0dad: Pull complete

library/photon:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.

Digest: sha256:b2848958bab911122e8469411184ab683d8105859497ecb33bb9f3760ace6ce0

Status: Downloaded newer image for photon:latest

 

ダウンロードされました。

root [ ~ ]# docker images photon

REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE

photon              latest              b12b5ead0dad        2 weeks ago         119.1 MB

 

コンテナを起動してみます。

起動と同時にコンテナの中に入っていることが、プロンプトとホスト名からわかります。

root [ ~ ]# docker run -it photon

root [ / ]# uname -n  ★ここからコンテナの中。

4ee5f47acd72

 

latest から起動したコンテナの Photon OS のバージョンは 1.0 RC になっています。

root [ / ]# cat /etc/photon-release

VMware Photon Linux 1.0-RC

PHOTON_BUILD_NUMBER=09637bc

 

Photon OS では、yum のかわりに tdnf という yum 互換コマンドで RPM パッケージを管理します。

コンテナイメージに登録済みのリポジトリを見てみます。

root [ / ]# tdnf repolist

repo id             repo name                               status

photon              VMware Photon Linux 1.0(x86_64)         enabled

photon-updates      VMware Photon Linux 1.0(x86_64)Updates  enabled

lightwave           VMware Lightwave 1.0(x86_64)            enabled

 

tdnf は、yum と同様のリポジトリ参照設定をします。

今回のコンテナでは、このように設定されていました。

tdnf / yum コマンドを実行しなくても、baseurl に設定されている URL に Web ブラウザなどで

アクセスすると、実際にどのような RPM が用意されているのか確認できます。

root [ / ]# ls /etc/yum.repos.d/

lightwave.repo  photon-iso.repo  photon-updates.repo  photon.repo

root [ / ]# cat /etc/yum.repos.d/photon.repo

[photon]

name=VMware Photon Linux 1.0(x86_64)

baseurl=https://dl.bintray.com/vmware/photon_release_1.0_RC_x86_64

gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY

gpgcheck=1

enabled=1

skip_if_unavailable=True

root [ / ]# cat /etc/yum.repos.d/photon-updates.repo

[photon-updates]

name=VMware Photon Linux 1.0(x86_64)Updates

baseurl=https://dl.bintray.com/vmware/photon_updates_1.0_RC_x86_64

gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY

gpgcheck=1

enabled=1

skip_if_unavailable=True

root [ / ]# cat /etc/yum.repos.d/lightwave.repo

[lightwave]

name=VMware Lightwave 1.0(x86_64)

baseurl=https://dl.bintray.com/vmware/lightwave

gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY

gpgcheck=1

enabled=1

skip_if_unavailable=True

root [ / ]# cat /etc/yum.repos.d/photon-iso.repo

[photon-iso]

name=VMWare Photon Linux 1.0(x86_64)

baseurl=file:///mnt/cdrom/RPMS

gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY

gpgcheck=1

enabled=0

skip_if_unavailable=True

 

ちなみに、このコンテナイメージには、yum は入っていません。

ただし、photon のリポジトリには配置されているので追加インストールすることは可能です。

root [ / ]# yum

bash: yum: command not found

root [ / ]# tdnf list yum

yum.noarch                                  3.4.3-2.ph1rc             photon

 

オフィシャル photon イメージのカスタマイズ。

 

photon では標準で tdnf を使用するようになっているので、

コンテナイメージをカスタマイズするときは、

これまで yum を使用していた手順では、かわりに tdnf コマンドを使用します。

たとえば、docker build ~ するときは、下記のような感じになります。

 

まず、例として httpd をインストールして起動するだけの超簡易的な Dockerfile を作成してみました。

 

Dockerfile の内容

FROM photon

MAINTAINER gowatana

 

RUN tdnf install -y httpd

ENTRYPOINT /usr/sbin/httpd -D FOREGROUND

 

イメージを build してみます。

root [ ~ ]# docker build -t photon-web:1.0 .

Sending build context to Docker daemon 10.75 kB

Step 0 : FROM photon

---> b12b5ead0dad

Step 1 : MAINTAINER gowatana

---> Running in 750719e6d0e2

---> e945a2934d58

Removing intermediate container 750719e6d0e2

Step 2 : RUN tdnf install -y httpd

---> Running in 989cd40787da

 

Installing:

Linux-PAM                       x86_64      1.1.8-2.ph1rc       1011.17 k

krb5                            x86_64      1.12.2-1.ph1rc        3.51 M

e2fsprogs                       x86_64      1.42.9-4.ph1rc        2.67 M

cyrus-sasl                      x86_64      2.1.26-4.ph1rc      548.33 k

apr                             x86_64      1.5.2-5.ph1rc       519.52 k

apr-util                        x86_64      1.5.4-5.ph1rc       394.36 k

openldap                        x86_64      2.4.40-2.ph1rc        1.51 M

httpd                           x86_64      2.4.12-4.ph1rc       12.19 M

 

Total installed size: 22.30 M

 

Downloading:

httpd                                  4692452    100%

openldap                                865721    100%

apr-util                                156350    100%

apr                                     181582    100%

cyrus-sasl                              276100    100%

e2fsprogs                              1051512    100%

krb5                                   1406668    100%

/var/tmp/rpm-tmp.gShFPX: line 3: groupadd: command not found

/var/tmp/rpm-tmp.gShFPX: line 6: useradd: command not found

 

Testing transaction

Running transaction

 

Complete!

---> 9b51afe2abb4

Removing intermediate container 989cd40787da

Step 3 : ENTRYPOINT /usr/sbin/httpd -D FOREGROUND

---> Running in fac2999916a5

---> ccfd44e6ff70

Removing intermediate container fac2999916a5

Successfully built ccfd44e6ff70

 

「photon-web:1.0」が build されました。

root [ ~ ]# docker images

REPOSITORY          TAG                 IMAGE ID            CREATED              VIRTUAL SIZE

photon-web          1.0                 ccfd44e6ff70        About a minute ago   147.6 MB

photon              latest              b12b5ead0dad        2 weeks ago          119.1 MB

 

コンテナを起動して curl でアクセスすると、ちゃんと httpd でおなじみの「It works!」ページが返されています。

root [ ~ ]# docker run -d -p 8001:80 photon-web:1.0

a38e5be9e9d27a932d86b08781833a67592e4d36dcc00f9a88179426773fc86f

root [ ~ ]# curl http://localhost:8001/

<html><body><h1>It works!</h1></body></html>

 

ただ、Photon OS はコンテナ用の軽量 OS のため、デフォルトで設定されている photon の tdnf のリポジトリには

あまり RPM が配置されていません。

このイメージは、特定の用途(Lightwave とか)で使用するか、もしくは

カスタマイズするためにいくらか tdnf(yum)のリポジトリを追加する必要がありそうです。

 

以上、Docker Hub オフィシャルの photon イメージについてでした。

Jinu Varghese

$
0
0

I have been working with VMware products  for last 7 Years and i have also worked on other Visualization software,i feel no one cannot beat the feature and flexibility of the VMware.

I will  keeps on posting my knowledge and thoughts on this blogs.

vca-cliを使用してvCloud Airを操作してみるー基本操作編ー

$
0
0

vca-cliを使用してvCloud AirへログインしvAppリストを取得してみます。

 

1. vCloud Airへログイン

C:\> vca login ”User ID” --password "Password"

 

2. インスタンスIDリストの取得

C:\> vca instance

 

3. インスタンスIDを指定してVDCへ接続

C:\> vca instance use --instance ”Instance Id

 

4. 操作対象のVDCを確認

アスタリスクの表示があるVDCが操作対象になります。

C:\> vca vdc

SnapCrab_NoName_2015-11-29_15-47-0_No-00.png

 

5. VDCの変更

操作対象のVDCを変更するには下記コマンドを実行します。

C:\> vca vdc use --vdc "VDC name"

 

6. vAppリストの取得

C:\> vca vapp

 

7. vCloud Airからログアウト

C:\> vca logout

 

 

下記コマンドでvca-cliの使用例が確認できます(※添付ファイル参照)。

C:\> vca example


[VMware] vSphere Replication初期構成時エラーが発生する

$
0
0

vSphere Replicationを導入し、アプライアンス管理ページより初期構成を行うと次のエラーが発生することがあります。

 

  "Server returned 'request expired' less than 0 seconds after request was issued but is shouldn't have expired for at least 600 seconds "

vSphereReplication_error01.png

上記のエラーが発生するとvSphere Replicationサービス(VRM)が開始しません。

 

 

■ 原因

本エラーは主にvSphere ReplicationアプライアンスのNTPとESXi、vCenterのNTPにズレがある場合発生します。アプライアンスインポートの際にtime zoneも設定したにもかからわず、時刻同期の動的ポリシーがうまく動作しない場合があるようです。

 

 

■ 解決方法

vSphere Replicationアプライアンスのコンソールに接続、手動でNTPを構成します。

  sntp -P no -r NTPサーバアドレス

 

 

NTP設定後、ntpサービスを再起動します。

Move DVS from one vcenter to another Vcenter

$
0
0

Hi

 

   Happy to announce i have migrated DVS switch from one vcenter to another vcneter without  downtime for vms.

  i have used the DVS export and import functionality of vcenter vsphere web client,

 

Thanks

Jinu Varghese

CentOS Kickstart installation with vRealize Automation

$
0
0

vRealize Automation (vRA) provides several methods for provisioning virtual machines from blueprints. These include template based mechanisms as well as workflows leveraging unattended installation procedures to deploy a virtual machine operating system. As some customers do have existing deployment processes they want to leverage a variety of unattended installation methods ranging from SCCM, AutoYaST and RedHat kickstart to name some is supported by vRA.

This blog describes how to leverage kickstart mechanism to deploy a virtual machine in vRealize Automation using CentOS 6.4 x86 as operating system. The process has been tested with vRealize Automation 6.2.3 and version 7.

 

Be aware this blog is not intended to provide a full step-by-step guide and replace documentation. It furthermore covers the whole process in bullet points and highlights important pieces that are not clearly covered in documentation.


Architectural considerations

 

A deployment process in vRealize Automation (vRA) is based on a blueprint which is being cloned when requested by a user. The blueprint itself defines the methodology to be used deploying the virtual machine. In RedHat/CentOS kickstart case there’s a workflow called “LinuxKickstartWorkflow” which is leveraged. Kickstart in a nutshell is the default unattended installation method for RedHat Linux operating systems which is based on a kickstart description file.

Following general steps have to be taken to accomplish the task:

 

  • Preparation of a CentOS installation ISO which is modified to point to an externally hosted kickstart file. CentOS ISO is stored on a vSphere datastore.
  • External kickstart configuration file has to be created to define unattended installation parameters as well as invoke installation of vRA guest agent as last part of the installation. The kickstart file is stored on an external server (e.g. web server)
  • vRA guest agent files have to be stored on a network share (e.g. web server)
  • Blueprint custom properties have to be defined to e.g. point to the installation sources

 

Deployment process in high level:

  • User requests published blueprint
  • Virtual machine is created on vSphere with CentOS iso attached
  • VM is booted up and boots from attached ISO
  • ISO downloads kickstart file from location defined and runs full unattended installation
  • Last part of unattended installation will download guest agent files to virtual machine and install the agent into the virtual machine
  • After reboot guest agent is started automatically and reports “success” to vRA
  • Process is finished in vRA and VM can be managed in “items” view

 

 

Preparation of CentOS ISO

 

An existing CentOS ISO (e.g. downloaded from www.centos.org) has to be prepared to include information where to find the kickstart file. There’s multiple ways to modify content of an ISO file, some of them are using commercial tools as most of the freeware tools do have a limit of 300 or 500MB in writing an ISO file. Due to that this document uses a standard linux operating system which provides the functionality for free and also guarantees it works. Follow these steps to modify the ISO:

  • Provide a web server which is reachable in your network
  • Copy the ISO file to the linux system
  • Loop mount the iso according to this description: http://bencane.com/2013/06/12/mkisofs-repackaging-a-linux-install-iso/
  • In “make your changes” section of above document edit the /var/tmp/linux/isolinux/isolinux.cfg file and add the red append parameters as mentioned below. Replace the <websrv> by the IP address of your web server and adapt the path and file name to your needs. Creation of the kickstart file is described in next section.

 

/var/tmp/linux/isolinux/isolinux.cfg

label linux

  menu label ^Install or upgrade an existing system

  menu default

  kernel vmlinuz

  append initrd=initrd.img --bootproto=dhcp ks=http://<websrv>/vra/ks.cfg

 

  • Save the file and create the ISO as per above link’s description
  • Copy the ISO to a vSphere datastore e.g. by coping it to a Windows system and uploading it to datastore from there

 

kickstart-pic01.png

 

  • Note datastore name (in this case “VM-NFS-01”) and path to ISO file (in this case “/ISO/centos64-unattend.iso”)

 

 

Preparation of kickstart file and guest agent

 

The preparation of the kickstart file is decribed in vRA documentation, see here: http://pubs.vmware.com/vra-62/topic/com.vmware.vra.iaas.virtual.doc/GUID-13EDB88E-DF34-4D82-B17A-CDF6289A2DC8.html

 

The file can simply be generated by a text editor. In this case we are using a slightly modified version compared to the documentation which works as well, see here:

 

ks.cfg

auth --useshadow --enablemd5

bootloader --append="rhgb quiet" --location=mbr --driveorder=sda

zerombr

clearpart --all --initlabel

text

firewall --disabled

keyboard us

lang en_US

logging --level=info

network --bootproto=dhcp --device=eth0 --onboot=on

reboot

rootpw secret

selinux --enforcing

timezone --isUtc America/New_York

install

part / --asprimary --fstype="ext3" --size=4096

part swap --asprimary --fstype="swap" --size=512

%packages

vim-enhanced

%post

 

rpm -i http://<websrvip>/vra/gugent-6.2.2-05062015.i386.rpm

export AXIS2C_HOME=axis2

export PYTHONPATH=/usr/share/gugent/site/dops

echo | openssl s_client -connect <vra-iaas-srv-fqdn>:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /usr/share/gugent/cert.pem

cd /usr/share/gugent

./installgugent.sh <vra-iaas-srv-fqdn>:443 ssl

 

Replace all components marked in RED by the paths, IPs, server names tailored to your environment.

After successful modification name the file “ks.cfg” and store it on the appropriate web server path (referenced from isolinux.cfg in modified CentOS ISO file).

Store the guest agent rpm file on the web server as well in the appropriate path.

 

 

Preparation of the blue print

 

Create a new blueprint and use the Action “Create” as well as provisioning workflow “LinuxKickstartWorkflow”. Fill all other values according to your needs. In addition there’s some custom properties that have to be set to make kickstart installation work. Find an easy example here:

kickstart-pic02.png

Image.ISO.Location = Datastore name where CentOS ISO resides

Image.ISO.Name = path and name of CentOS ISO file related to the root of the above mentioned datastore

VMware.VirtualCenter.OperatingSystem = operating system ID of the OS to be installed.

 

See full reference here: http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.wssdk.apiref.doc%2Fvim.vm.GuestOsDescriptor.GuestOsIdentifier.html

 

After saving the blueprint, publishing and defining the appropriate entitlements you should be able to request a VM which gets fully provisioned by kickstart process.

 

 

Troubleshooting

 

ISO checksum wrong

 

If the ISO generation tool does not create proper ISO checksum you will notice this during boot of the virtual machine created. In early boot stage a related message will come up on the console.

If that’s the case use the recommended way to modify the ISO as per this documentation (using linux system).

 

Guest agent trouble shooting

 

One important step of the whole process is the successful installation of the guest agent. If this step is not done properly the whole process in vRA will stay in “in progress” status and wait for a time out (which will not occur in less than 24 hours). So it’s essential that the guest agent is installed and starts up properly after reboot to report “success” back to vRA.

Some points to look at

  • After deployment the guest agent should be installed. You can check this by running “rpm –qa | grep gugent”. This should show a gugent package with the appropriate version number. If the output is empty gugent has not been installed. In this case check the kickstart script for syntax errors in the “rpm –i" command and also check network configuration for DHCP which is leveraged during kickstart installation.
  • Guest agent communicates with the vRA IaaS Server in an encrypted way. To do this it has to retrieve the client certificate from the IaaS server and store it in a file. Using the default parameters in above configuration files a file called “cert.pem” should be stored under /usr/share/gugent. If it’s not there or its content is empty check availability of the IaaS server during VM installation and check kickstart file for correct syntax. In addition be aware that during installation the virtual machine uses a DHCP IP address. Make sure that this address incl. the assigned DNS server is able to resolve and reach the vRA IaaS server specified in kickstart file properly.
  • Check if vrm-agent is running on the installed virtual machine: “ps aux” should show the appropriate process (VRM_daemon.pl). In addition check if vrm-agent is configured for automatic start with “chkconfig –list” command. If there’s no runlevel entry for vrm-agent but the agent has been installed the kickstart script section with “installgugent.sh” command has failed. This could be the case because cert file is not available or the IaaS server is not reachable.
  • For further trouble shooting there’s a log file GuestAgent.log which provides more in-depth information on guest agent issues as well as another log file /usr/share/gugent/axis2/logs/gugent-axis.log which shows even more details.

critical swap usage alert of Host

$
0
0

I am getting critical swap usage alert in one of the monitoring tool called nagios.

 

1) However when I went to the host from vCenter and checked the memory utilization from the cluster, the respective host memory utilization is only 66%

Also I went to performance tab of a host, when i selected memory, it shows a 1 min high spike and suddenly it went down.

My question is how do I identify, which VM is using more swap on this Host or what is the cause of  that high spike?


2) From ESXi command line, esxtop "m" output shows the below


SWAP  /MB:   123    curr,   122 rclmtgt:                 0.00 r/s,   0.00 w/s


which means it is using 123 MB swap and reclaim memory is 0.


My query is, when I can see it is showing 66% utilization of Memory, then why it is using swap? and I am not sure, how do I avoid to such situation in future?


Can anybody please, I have searched and didn't found anything relevant.

vCloud AirへログインしなくてもVMのコンソールが起動できるんです!!

$
0
0

Edge GWでFWやNAT設定を行い接続対象のVMにSSH・RDP接続も可能ですが

要件によっては穴あけを避けたいケースが考えられます。

そんな時にPowerCLIのOpen-VMConsoleWindowコマンドレットを使用して

vCloud Airへブラウザからログインしなくても対象のVMのコンソールを起動させることができます。

 

■前提条件:

・PowerCLIがクライアントにインストールされていること

・できればブラウザはFireFoxが好ましい(そしてFireFoxを既定のブラウザに設定しておく

 

■対象サービス:

・VPC

・Dedicated

・OnDemand

 

1. PowerCLIを起動しvCDへ接続する

Connect-CIServer p10v1-vcd.vchs.vmware.com -Org M12345678-9012

 

2. vCloud Airログインアカウントを入力する

 

3. 接続対象のVMを選択する

$selection = Get-CIVM | ? {$_.Status -eq "PoweredOn"} | Out-GridView -OutputMode Multiple

 

4. コンソールを起動する

Open-VMConsoleWindow $selection

 

※下図はOnDemand環境のVMにコンソール接続した例です。

SnapCrab_NoName_2016-2-9_22-46-22_No-00.png

VCSA に Onyx for the Web Client をインストールしてみる。

$
0
0

Onyx for the Web Client をインストールしてみました。

vSphere Web Client での操作を PowerCLI のコードに変換してくれます。

 

Onyx for the Web Client

https://labs.vmware.com/flings/onyx-for-the-web-client

 

以前から vSphere Client で使用する Onyx も提供されていました。

 

Onyx

https://labs.vmware.com/flings/onyx

 

VMware LABS サイトで提供されている FLINGS と呼ばれるツールで、製品サポートは受けられませんが、

どうしてもスクリプト化したい操作があるときに役立ちます。

 

Onyx for the Web Client の VCSA へのインストール。

 

今回は、VMware vCenter Server Appliance (VCSA)6.0 U1 にインストールしてみます。

 

まず、VMware LABS の Web サイトから 「onyx-setup-60u1.zip」 ファイルをダウンロードします。

同意ボタンにチェックをいれると、Download できるようになります。

onyx-web-01.png

 

ダウンロードした Zip ファイルです。

※事情により、Linux で作業しています。

[root@work01 ~]# ls -l onyx-setup-60u1.zip

-rw-r--r--. 1 root root 4257758  2月 15 00:41 2016 onyx-setup-60u1.zip

 

SSH アクセスを許可してある VCSA に、root ユーザでログインします。

※今回の VCSA は、vc60n02.godc.lab という名前にしています。

[root@work01 ~]# ssh -l root vc60n02.godc.lab

 

VMware vCenter Server Appliance 6.0.0.10000

 

Type: vCenter Server with an embedded Platform Services Controller

 

root@vc60n02.godc.lab's password: ★パスワードを入力。

Last login: Sun Feb 14 15:49:30 UTC 2016 from 192.168.1.197 on ssh

Last login: Sun Feb 14 15:50:09 2016 from 192.168.5.238

Connected to service

 

    * List APIs: "help api list"

    * List Plugins: "help pi list"

    * Enable BASH access: "shell.set --enabled True"

    * Launch BASH: "shell"

 

Command>

 

「shell.set --enabled True」コマンドで Shell アクセスを有効化して、

そのまま bash shell を起動します。

Command> shell.set --enabled True

Command> shell

    ---------- !!!! WARNING WARNING WARNING !!!! ----------

 

Your use of "pi shell" has been logged!

 

The "pi shell" is intended for advanced troubleshooting operations and while

supported in this release, is a deprecated interface, and may be removed in a

future version of the product.  For alternative commands, exit the "pi shell"

and run the "help" command.

 

The "pi shell" command launches a root bash shell.  Commands within the shell

are not audited, and improper use of this command can severely harm the

system.

 

Help us improve the product!  If your scenario requires "pi shell," please

submit a Service Request, or post your scenario to the

https://communities.vmware.com/community/vmtn/vcenter/vc forum and add

"appliance" tag.

 

vc60n02:~ #

 

VCSA の中から、先ほどの Zip ファイルを scp 転送します。

※ work01.godc.lab が Zip ファイルを置いていたサーバです。

vc60n02:~ # scp work01.godc.lab:/root/onyx-setup-60u1.zip /root/.

The authenticity of host 'work01.godc.lab (192.168.5.238)' can't be established.

RSA key fingerprint is f2:4e:c1:65:33:83:94:37:3b:17:07:3b:0a:f0:4e:9b [MD5].

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'work01.godc.lab,192.168.5.238' (RSA) to the list of known hosts.

root@work01.godc.lab's password: ★パスワードを入力。

onyx-setup-60u1.zip                                                                      100% 4158KB  4.1MB/s  00:00

 

onyx-setup ディレクトリを作成して、そこに Zip ファイルを解凍します。

vc60n02:~ # mkdir onyx-setup

vc60n02:~ # cd onyx-setup/

vc60n02:~/onyx-setup # unzip ../onyx-setup-60u1.zip

Archive:  ../onyx-setup-60u1.zip

  inflating: install.sh

  inflating: Onyx For the Web Client_V1_0_DocV1_0.pdf

  inflating: uninstall.ps1

  inflating: uninstall.sh

  inflating: onyx/plugin-package.xml

  creating: onyx/plugins/

  inflating: onyx/plugins/onyx-service.jar

  inflating: onyx/plugins/onyx-ui-war-1.0.0.war

  inflating: vsphere-patch/vim-commons-6.0.0.jar

  inflating: vsphere-patch/vim-commons-vsphere-6.0.0.jar

  inflating: deploy.sh

  inflating: install.ps1

 

install.sh ファイルに実行権限を付与(chmod +x)します。

vc60n02:~/onyx-setup # chmod +x ./install.sh

vc60n02:~/onyx-setup # ls -l ./install.sh

-r-x------ 1 root root 1851 Jun 15  2015 ./install.sh

 

./install.sh で実行すると、セットアップするか確認されます。

「y」を入力して Enter キーをおすと、インストールが開始されます。

このとき、Web Client サーバのサービス(vsphere-client )が自動的に再起動されます。

vc60n02:~/onyx-setup # ./install.sh

 

Onyx for Web Client setup

=========================

 

This fling replaces core Web Client files and may cause issues

with stability and patching of future versions, please only

continue with this installation if you are using a test or dev

environment.

 

Are you sure you would like to continue? [y/N] y

-- Shutting down vSphere Web Client

INFO:root:Service: vsphere-client, Action: stop

Service: vsphere-client, Action: stop

2016-02-14T22:01:11.198Z  Running command: ['/sbin/service', u'vsphere-client', 'status']

2016-02-14T22:01:11.413Z  Done running command

2016-02-14T22:01:11.413Z  Running command: ['/sbin/service', u'vsphere-client', 'stop']

2016-02-14T22:01:17.031Z  Done running command

2016-02-14T22:01:17.032Z  Successfully stopped service vsphere-client

-- Patching vSphere Web Client core

Backup file created: /usr/lib/vmware-vsphere-client/server/repository/usr/vim-commons-6.0.0.jar.bak1

Backup file created: /usr/lib/vmware-vsphere-client/server/repository/usr/vim-commons-vsphere-6.0.0.jar.bak1

-- Deploying Onyx plugin

-- Powering on vSphere Web Client

INFO:root:Service: vsphere-client, Action: start

Service: vsphere-client, Action: start

2016-02-14T22:01:17.181Z  Running command: ['/sbin/chkconfig', u'vsphere-client']

2016-02-14T22:01:17.253Z  Done running command

2016-02-14T22:01:17.253Z  Running command: ['/sbin/service', u'vsphere-client', 'status']

2016-02-14T22:01:17.439Z  Done running command

2016-02-14T22:01:17.439Z  Running command: ['/sbin/chkconfig', '--force', u'vsphere-client', 'on']

2016-02-14T22:01:17.507Z  Done running command

2016-02-14T22:01:17.508Z  Running command: ['/sbin/service', u'vsphere-client', 'start']

2016-02-14T22:01:22.881Z  Done running command

2016-02-14T22:01:22.881Z  Successfully started service vsphere-client

vc60n02:~/onyx-setup #

 

Web Client のサービスが再起動するのを数分待ちます。

そして Web ブラウザから Web Client にログインしなおすと、Onyx がインストールされています。

画面上部にボタンが 2つ 追加されて、

ホームインベントリと、左側のナビゲータにも Onyx アイコンが追加されます。

onyx-web-02.png

 

ホーム画面から、管理 → ソリューション → クライアントプラグイン を開くと、

onyx-ui プラグインがインストールされています。

onyx-web-03.png

 

 

Onyx for the Web Client を使ってみる。

 

Onyx の 録画ボタンっぽい Start ボタンをクリックします。

※画面上部 / Onyx 画面 どちらボタンでも大丈夫です。

onyx-web-04.png

 

そして、そのままこの Web Client で PowerCLI スクリプト化したい操作をします。


操作が終わったら、録画停止っぽい Stop ボタンをクリックします。

※これも画面上部 / Onyx 画面 どちらボタンでも大丈夫です。

onyx-web-05.png

 

Stop ボタンをクリックすると、コードが表示されます。

onyx-web-06.png

 

このままだと、Web Client を操作したままのコードなので、

いま操作したオブジェクト ID などがそのまま記録されています。

表示されたコードは、PowerShell ISE などのエディタで編集して汎用的なスクリプトにしたりします。

 

Onyx は便利ですが、Technical Preview なので

本番(商用)環境の vCenter にはインストールせず、検証用 / 評価用の環境で試すとよいと思います。

 

また、生成されるコードは標準的なコマンドレットにはならないので、

個人的には、実際に本番環境で使用するスクリプトは、

まずは標準的な PowerCLI コマンドレットでのやり方を模索して、

どうしてもダメそうな場合に Onyx を使うことをお勧めします。

 

以上、Onyx for the Web Client のインストールについてでした。

Micro-Segmentation with NSX for vCloud Air Network Service Providers

$
0
0

Introduction

 

As a vCloud Air Network service provider running your cloud with VMware software, you’re probably familiar with technologies such as VMware NSX and how they can be used to accomplish huge paradigm shifts within the enterprise datacenter. Micro-segmentation is one of the phenomena brought about by NSX that facilitates one of these paradigm shifts, software defined networking and security. Owning and operating a VMware powered datacenter means you are also likely seeking to leverage differentiators in the VMware platform in order to offer new, value-add services to your customers. What may not be clear however, is how to take a killer feature like micro-segmentation and build differentiating use cases into the platform that help customers and other partners to solve many challenges. Many of these challenges are relative to operationalizing cyber security in a hybrid cloud model, a unique challenge given the nature shared responsibility that is required. Managing the relationship with your customers becomes an integral part of how future services will be offered and what expectations should be on all sides, including strictly defined, measurable parameters for all services to be delivered.

 

This blog is the first in a series of publications on items such as Cloud Migration and DevOps that will build on the concepts presented within the context of Micro-Segmentation. It serves an introduction and overview to a vCloud Architecture Toolkit document on the subject of Micro-Segmentation that is currently being developed and will soon follow. The purpose of this information seeks to clearly articulate the differentiation these features are capable of bringing to our vCloud Air Network service provider partners. There will be future blogs providing vignettes of how several identified use cases change operational models into a streamlined, trusted and consistent way of doing things within a service provider who is offering, or planning to offer, hybrid cloud. The first of these use cases is in a short video at the end of this blog. We believe capabilities built on the principles of Micro-Segmentation to be a huge potential differentiation, perhaps a necessity, in order to reap the true potential value of hybrid cloud. NSX micro-segmentation use cases provide powerful, predictable, measureable features and capabilities to narrow customer time to value on their way to successfully executing on their hybrid cloud security operations plan.

 

The Industry Challenge

 

There are any number of bad actors, on the internet and elsewhere, seeking to gain unauthorized access for a variety of motivations. Cyber criminals seeking profit look for data/identity theft or blackmail opportunities, State actors seeking power look for intellectual property or state secrets while those motivated by prestige may seek to deface, bring down or otherwise exploit a resource

such as this one.  As attacks become more sophisticated they can emanate from many sources, including inside the hybrid-connected enterprise.  This makes the potential for insider threat taking on new meaning. If we can't expect these boundaries to be mutually assured to be securely operated, how we could we trust anything connected to you? This  manifests the nature of the shared and privileged connectivity required to execute on hybrid cloud architecture. Compelling features are being integrated into the core of the VMware vCloud platform such as long distance vMotion, NSX Universal objects such as the Distributed Firewall rules. These types of objects can be defined once and shared across up to 8 vCenter instances, wherever they may be located. We need to master the deployment and management of federated layer of trust that unlocks all of these features to their truest potential. As you'll see in this blog it is a responsibility you will own and define for your customers as opposed to perpetual reactionary mode we find ourselves in dealing with these sorts of issues today.

 

vCAN service providers, much like enterprises, employ any number of controls such as firewalls, logging, ulnerability scanning or AV/Malware in order to identify threats and may likely sell the use of these tools to their customers as an additional service. Like most approaches and solutions in the market today, many of these controls are operating on the network layer and tend to exist near the physical or logical edge of the datacenter or in agents on managed virtual machines.  This creates blind spots due to lhe positioning of controls and from the need to inspect multiple OSI layers simultaneously for creating context. This approach also fails from a datacenter scale perspective as it is done in ASIC based appliances which have an upper limit per device with chaining them often proving ineffective. It also follows with complicated federation schemes and tremendous costs for managing new/existing appliances, their connectivity and operations support. While these appliances have been ported to software appliances making them easier to federate, they are slow relative to the required speed of NSX and its underlying transport capabilities.

 

We are now left with a myriad of questionably scalable, increasingly more difficult to manage security control set, where leaving open any vulnerability can allow an attacker to own the environment through privileged operation by executing the ‘kill chain’ as shown in Figure 1 below. It is important to understand that disruption to this kill chain path be maintained as a defender of cyber attacks. For more information on the Kill Chain and NSX I encourage you to watch Tom Corn’s session at RSA Conference in 2015 here. Hat tip to Firehost, seen @ about 40 minutes in (Firehost is now known as Armor), who are in this fight as a vCloud Air Network service provider protecting customers from an ever increasing, diverse set of threat profiles by using NSX.

 

GartnerKillChain.jpg

Figure 1. Gartner’s Cyber Attack Chain Model


 

VMware NSX and Micro-Segmentation

 

VMware NSX, with its stateful Distributed Firewall, gives us the foundational system capabilities to use for Micro-Segmentation use cases.  The Distributed Firewall runs in a 64 bit ESXi memory space called dvFilter, which has direct access to generate logical data streams of network traffic for binding of various network enabled solutions such as load balancing, firewall or IPS among others. It shares the NSX inventory of network objects used to manage how virtual network traffic gets on and off of the physical network and into the NSX overlay context prior to traific being fed into a vNIC on a virtual machine. This allows us to interact with the network flows entirely in a software object model prior to serialization on the physical network. By creating context and control at the tenant level including what objects should talk to one another, not just based on IP addresses or TCP ports but with rich, dynamic, object oriented relationships. Furthermore, all hosts cache NSX policy combinations of which virtual machines should have which controls applied to them in order to help activate those policies into operation.

 

NSX addresses the legacy nature of many security controls which were not designed to operated on this type of network now prevalent in modern cloud services provider leaf/spine designs. By design legacy controls were mostly employed to solve the challenge of multi-tenancy, as an example, but without the virtualization paradigm with pervasive resource sharing. Without the layers of virtualization and hybrid cloud computing factored in, their effectiveness in supporting modern attack/respond scenarios is diminished. There are, however, a number of technology partners (F5, Palo Alto, Checkpoint, Rapid7, Intel Security, Trend, Symantec, HyTrust and Riverbed amongst others) who have authored solutions that live in memory slots next to the one supplied by NSX for Distributed Firewall through dvFilter or within other layers of the virtual stack as we will see later in this blog.

 

In this space, virtual traffic flows combine with network/security processing chains where they are serialized, parallelized, and pipelined to a now truly distributed, performant set of software defined security functions used to defend against cyber attack by enabling agile response to adverse operating conditions. Due to the performant location on a per ESXi host/instance basis and their ability focus on dealing with only the virtual machines present on said host, rules and operations are carried out in the most distributed, scalable way possible, utilizing only fractions of the total ESXi memory overhead.

 

The green boxes below in Figure 2 are a list of cyber security technology partner solution categories that have these integration patterns with NSX. As we will touch on later in the paper these solutions can be orchestrated via NSX Service Composer and are triggered by continuously queried security event tags allowing context to be shared across software defined security functions. A particular combination of NSX technology partners is described in the Project Wonderland video emceed by my VMware Alliances  colleague, Jeremiah Cornelius along with Symantec and Rapid7.

 

 

 

NSX Ecosystem.png

Figure 2. NSX and Third Party Service Categories


 

The Goldilocks Zone and Macro-Segmentation

 

Changing back to the bigger picture, securing hybrid cloud datacenters. In order to execute on a successful cyber security operation, we must have a repeatable, measurable, trusted provider infrastructure layer. Rather than constantly thinking about how to identify and to respond to attacks, NSX seeks to change the game by positioning the solutions previously discussed in the exact context required to protect against specific threat profiles. This context is removed from where many of the threats from the outside will originate, the tenant VMs, and was deemed the ‘Goldilocks Zone’ by the leader of our Network and Security business unit, makers of NSX, Martin Casado. In another sense the context has also helped to define clearly the answer to the question of exactly what a service provider must do to enable the solution(s) to help manage the secure state of tenant virtual machines. Making sure they are installed, operating and executing their work, providing evidence that they have done so and forwarding exceptions to a shared queue.

 

Looking at Figure 3 below we can see the virtual machine resource provide opportunities to leverage platform functions. Today this is often done with agent based solution INSIDE the virtual machine, commingled WITH the threat it is responsible for eradicating. Risky business indeed so this becomes another potential point of weakness to be managed.

VM.png

Figure 3. Virtual Machine Resources

 

As we see in Figure 4 below the power of the combined solution used to protect virtual machines can be provisioned from a VDC.

 

VDC.png

Figure 4. Provider Virtual Data Center

 

By moving the execution of functions into vSphere, such as  encryption (on the wire and ‘at rest’ in the upcoming vSphere beta), firewall, and NSX partners producing solutions for IPS, AV/Malware, Vulnerability, patching,role based access control etc., into the Goldilocks Zone, we have established a foundation for the trusted provider layer. By effectively leveraging combinations of these solutions we can protect the plane in cyberspace where the attacker will now have to execute leaps from context to context.  Our controls are operating in a context in between points they need to travel. When that context is hardened and trusted we can, at a minimum, attest that our security is operational. Too many times the machine left unpatched or default password left unchanged leaves attackers all of the foothold they may require. Even worse any link in the chain that is subverted in this privileged realm may have tremendous context for broad sweeping activities in hybrid cloud networks.

 

Taking these malleable building blocks, we are able to construct administrative boundaries in the provider layer that are dynamically grouped by applying policy tags impacting what types of resources can be combined to execute tenant operations for security. The chain of control for the trusted provider layer also extends downward into the hardware where we can pair ESXi auto-deploy and the measurement of trusted boot state. Physical control of this nature can lead to an out of the box enhancement to your service offerings simply from its ability to guarantee physical locality attestation of each host and thereby each virtual machine. This is an immediate value-add for data sovereignty issues in order to meet various regulations throughout the globe. Please see information from HyTrust here and here for more on trusted boot, geolocation and advanced management solutions for VMware.

 

To illustrate the patterns used to construct these boundaries, made of NSX networks and other segmented resources or what I call Macro-segmentation, I made them into this video:

 

 

 

 

Deploy the Optimal Control with Flexible Security Functions

 

Having created the consistent, trusted foundation layer we can provision tenant topologies scoped with preferred security controls in place. This also abstracts day to day operations and allows us to devise service offerings that present opportunties for vCAN partners to create value add for vCAN service providers. The infrastructure qualities alone are an asset that is easily assigned a price, for instance, when targeting a regulated environment. Because most customers are doing, or outsourcing, many of these operations today, most are likely already using some security solution from the NSX technology partners listed in this blog. They are also experiencing potentially very little return on that investment,  with a lack of operational agility, uncertainty that they can respond meaningfully to an attack or know that they are even  under attack. With a hodgepodge of security solutions scatted about the hybrid cloud network it will certainly not be enough to create adequate policy boundaries due to the increasing threat centric operating environment where being proactive seems rarely to be an option. Spending time responding after the damage is done is no way for a business to run and tends to limit the ways in which the line of business relies on IT.

 

With software defined networking and security Micro-Segmentation we are able to create control vectors relative to the threat vectors at which the bad actors must navigate in order to execute their kill chain. We are now able to define the landscape of the virtual topology, limiting hiding places while forcing tenant operations, including security, into a centralized layer consisting of administrative consoles and APIs. The amount of real estate left for attackers to operate within this security defined cyber space dwindles as does the time with which they have to ‘dwell’ or seeking to penetrate the environment more deeply from one or more of the threat vectors in any given context. To further shorten this dwell time, it is important to align solutions that can respond to events from external sources. Events may come from the management plane ‘administrator account just had failed login attempts from a suspicious IP’, from the internet as in a DDoS attack, from an external source such as new critical vulnerability identified by the industry. Threats can also come from other cloud contexts (east/west) as more ‘as a service’ types are supported (think desktops) within the service provider infrastructure on a per customer basis. Service providers and customers can now use this dynamic environment to interact with ITSM solutions such as serviceNOW!, traditional Business Process Management systems through APIs and logging/reporting solutions such as vRealize Log Insight. But mostly these events will come from the NSX and technology partner solutions where they can be advertised for other solutions in the chain to respond.

 

Providers can continue to add value simply by hosting the right solutions for performing the hands-on security management aspects of the tenant environment. With every condition that arises the trusted platform ensures tools are available to properly execute on security operations with the extensibility to reach out to specialized operators, in context, relative to new or ongoing threats. This streamlines any security operation by simply fully embracing the concepts laid out herein.

 

Responding to Conditions

 

Our goal is to help create situations favorable to our service providers and customers for succeeding in the delivery of services based on best practices for cyber-security. It’s also a goal that templates and patterns from these references be easily shared on top of architectures built with NSX Distributed Firewall micro-segmentation concepts. While using these reference implementations can get you started we hope the approaches are dynamic enough to be adopted into best practices for delivering managed hybrid cloud service in any organization. This feature is important in the sense that everyone involved in the hybrid cloud contract would be able access common networks while maintaining the level of governance described, all embedded in the system design. With customers that lack the maturity to deliver this kind of control, it is a great option to purchase this kind of managed service from a vCAN partner rather than deliver it entirely in house. In this unique approach to security, there is a massive opportunity for risk management along the vectors discussed in this blog. Because it is all software-defined, the combinations and timing by which you activate these solutions to identify and fend off cyber attacks, becomes highly composable, allowing a highly functional underpinning to serve cyber security professionals. And many organizations today are opting for a zero-trust model where everything, everywhere must meet certain levels of security. To win this security minded customer the vCloud Air Network, partners need a solution that can deliver that as well as consistent operational model where maturity affords to offer increasingly higher value services with a higher ASP.

 

In cyber security operations, changes in states or conditions, require actions. Packaging those actions to prepare for or to fight off, a cyber attack should be ultimate goal. For security operators, esponding in an isolated, well parameterized environment with advanced software defined security functions operating against the known threat vectors,  operations greatly simplifies especially under threat/response conditions. This is due to the attacker’s inability to use typical methods since every security control is positioned at every vertex of network communication. Ultimately you need to catch them before they establish any command and control inside of your environment since what you really want to prevent to prevent at the end of the day is exfiltration! Eventually the effort the attackers must exhibit to outmaneuver this operational agility and line of sight will become too much of a challenge to bear in a micro-segmented environment. Like the most secured home on the block, the bad actor’s effort/risk/reward model soon wears thin.

 

As a service provider how high you want to go in the composition of services above delivering the trusted foundations, is completely up to you. Forming the tenant Operations layer and simply providing a service to support the uptime and execution of NSX and the chosen partner technology solutions becomes viable, as does implementation of templated patterns that can be used to build the secured digital property prior to migrating or on-boarding new customers. The following subject areas that will appear in the vCAT blog at a later date, such as Migration, DevOps, DaaS as well as Continuent will utilize these trusted foundations with micro-segmentation to enable more value-add potential for hosting mission critical applications that may require higher levels of security assurance.

 

Streamlining which security services to combine into which contexts to respond to threat conditions and with which functional use cases, remains the work to be done to devise an effective service that can be monetized. By focusing on NSX and Micro=Segmentation driving adoption for the trusted platform utilizing micro-segmentation training specialized security architects, operators and event response teams to use the platform becomes a reality. It is important that parties engaged in security operations on the system understand their boundaries with regards to what functions and/or evidence of execution is expected to be shared when it comes to security events. As the operational context for security becomes richer with NSX, it exhibits a number of features. For one, less noise to information ratio due to context of logging produced by the solution. This also enables driving operational dashboards in near real time, further de-risking the proposition that you would fail to respond to any cyber attack in timely fashion. To exhibit these features bonded together in the VMware stack let's look at Micro-Segmentation Use Case 1 next.

 

 

Micro-Segmentation Use Case 1 - Privileged Administrator Access

 

In any cloud environment there are a number of Administrative personas performing activities; cloud operators, database administrators, web application and network engineers, who can all be given explicit access to sessions for conducting operations By adding enhancements to the use case from CA Xceedium you can get features such as root password vaulting and session recording without a session broker like xCeedium, the base of the use case could be a client executable on a Windows client or a web application with Java on a Linux virtual machine. That process is governed by the integration of NSX Distributed Firewall with an Active Directory SID added to the tuple. Once again I’ll ask you to watch a short video of how these solutions aggregate to form an enriched context boundary for a database administrator scenario in the tenant application administrator realm but leveraging the underpinning of micro-segmentation.

 

 

You can see that a similar combination could be used to provision jump boxes or bastion hosts for most any type of cloud administrative activity. Because many of those calls from client to server are done with REST XML they become even more transparent to manage. No more worries about browser or software stack compatibility because the session is initiated entirely on your terms. With solutions from VMware Horizon such as App Volumes and View, you could provide a highly manageable, fully automated regime of desktops for all of these personas and activities. These could be worth leveraging in order to develop new services for your customers. Think about a secure "bring your own device plan", managed by AirWatch running in your cloud. You will need the trusted foundation to deliver on this vision as well with more security enhancements coming in the future from VMware End User Computing and NSX, extending that trust boundary from the cloud to the device.

 

Conclusion

 

Given the potential power of the first true hybrid cloud with shared resources running across all NSX enabled vSphere environments, on-premise to the cloud, we wouldn’t want cybersecurity to become any more of a barrier to adoption. Our customers are listening to the message from VMware that micro-segmentation capabilities should be thought of as an opportunity to change the game in security. But it is our service provider partners that can create a consistent value add to that software platform in ways that make the most sense for solving what has become a potentially difficult to solve problem. We want our vCAN partners to enter the problem-solving phase around securing the hybrid cloud with a clear description of how the technology is expected to work in practice, for what purpose and at what value. Value expressed in terms of predictable cost savings, streamlined operations and a path, through security use cases, to better support enterprise hybrid cloud customers.

 

By utilizing the Micro-Segmentation Use Cases we can offer controls for each resource type, at each threat vector and understand how the trusted provider layer will act and react in each situation. By binding other security controls and services within the management boundary down to the physical hardware, we are able to distribute portions of security operations across all sides of the hybrid cloud. Carrying out the security operations can occur from either or both sides given adequate coordination. By leveraging the trusted platform in the Micro-Segmentation Reference Architecture and Use Cases yet to come in the vCloud Architecture Toolkit for Service Providers, vCAN Service Providers can offer can be ready to implement the kinds of services that could be used to run services of varying levels of complexity:

 

  1. Trusted compute foundation for geolocation attestation and management boundary enforcement
  2. NSX VXLAN and DFW designed into service provider tenant networks
  3. 3rd Party NSX integrated solutions to help build out use cases
  4. Managed readiness, uptime, execution of functional security components
  5. Policy based orchestration of security solutions at varying levels of maturity and abstraction to help manage cyber security operations
  6. Possibility to partner with resellers of higher order services who do not want to own the infrastructure and security solutions
  7. Deliver those to any environment built on same trusted foundation creating a single security context ACROSS all visualization and cloud resources
  8. Expand portfolio to meet regulatory controls

 

For more information on running a VMware cloud relative to supported regulations please start with this blog.

 

Executives must be informed enough to not just get a compliance report, but measure risk. This process is not done in absolutes but in finding tolerance for certain outcomes, therefore it is a consultative sale. The vCloud Air Network service providers should build a cybersecurity toolkit from the trusted provider layer to and arm the operators of these systems who must be diligent in the execution chain of the prescribed functions. Attestation about what we can trust to a tolerable degree of certainty is peace of mind where customers and cloud security is concerned. As you can see, VMware NSX Distributed Firewall and its security focused technology partners riding sidecar in dvFilter, can rule the Goldilocks Zone by executing a chain of orchestrated responses in context and based on measurable conditions. This problem of cyber security must be actively managed and choosing the right set of technology to defend against adverse events requires a common layer that controls the context. That layer is NSX , a security focused PaaS, and the pattern is micro-segmentation, truly a new weapon in the cyber warfare front.

 

We can only be as strong as our weakest link, are you up for the challenge?

 

ChainLink.png


PowerCLI でコマンド作業履歴を残す方法

$
0
0

※2013/06/06 の投稿です。

 

PowerCLI で作業履歴(TeraTermログ的な)を残すには、
「Start-Transcript」 というコマンドレットが便利です。

これはPowerCLI 特有のコマンドではなく、ベースである PowerShell の標準的なコマンドレットです。

 

下記のようにコマンド実行すると、コマンド実行結果がファイルに保存されます。

PowerCLI> Start-Transcript <ログ出力ファイル名>

※出力を停止するときは、「Stop-Transcript」を実行します。

 

実行例

 

PowerCLI のコマンド実行結果をファイルに残してみます。

ためしに、「powercli.log」というファイルに出力します。

PowerCLI C:\work> Start-Transcript powercli.log  ★ファイルへの出力開始
トランスクリプトが開始されました。出力ファイル: powercli.log
PowerCLI C:\work> Get-VMHost | select Name,PowerState | ft -AutoSize  ★適当にコマンド実行

Name              PowerState
----              ----------
esxi51n2.vs51.lab  PoweredOn
esxi51n1.vs51.lab  PoweredOn


PowerCLI C:\work> Stop-Transcript  ★ファイルへの出力を終了
トランスクリプトが停止されました。出力ファイル: C:\work\powercli.log
PowerCLI C:\work>

コマンド実行結果の出力を見てみます。

PowerCLI C:\work> type .\powercli.log
**********************
Windows PowerShell トランスクリプト開始
開始時刻: 20130606012555
ユーザー名  : WIN7PC-01\testuser1
コンピューター    : WIN7PC-01 (Microsoft Windows NT 6.1.7601 Service Pack 1)
**********************
トランスクリプトが開始されました。出力ファイル: powercli.log
PowerCLI C:\work> Get-VMHost | select Name,PowerState | ft -AutoSize

Name              PowerState
----              ----------
esxi51n2.vs51.lab  PoweredOn
esxi51n1.vs51.lab  PoweredOn


PowerCLI C:\work> Stop-Transcript
**********************
Windows PowerShell トランスクリプト終了
終了時刻: 20130606012610
**********************
PowerCLI C:\work>

※かならず「Stop-Transcript」で出力を停止してから確認します。

 「Start-Transcript」したままファイルを表示すると、

 ファイル内容表示→ファイルに出力→ファイル内容表示... のループになってしまいます。

 

なお、「Stop-Transcript」を実行しなくても、

PowerCLI の画面を閉じれば、自動的にファイルへの出力も停止します。

 

おまけ


PowerCLI (PowerShell)では、ユーザ名やタイムスタンプが取得できます。
こういった情報をファイル名の一部として指定すると便利です。

 

PowerCLIを実行しているコンピュータ名

PowerCLI> $Env:COMPUTERNAME
WIN7PC-01

 

現在のタイムスタンプ

PowerCLI C:\work> Get-Date -Format "yyyyMMddHHmmss"
20130606013128

 

PowerCLIを実行しているWindowsユーザ名

(testuser1というユーザでPowerCLIを実行しているWindowsにログイン中)

PowerCLI C:\work> $Env:USERNAME
testuser1

 

PowerCLIからvCenterに接続しているユーザ名

(vcadminというユーザで、vCenterに接続中)

PowerCLI C:\work> (Get-View "SessionManager").CurrentSession.FullName.Trim()
vcadmin


たとえば、下記コマンドラインのようにファイル名を指定すると、
「WIN7PC-01_testuser1_20130606013254.log」といった名前のファイルに
コマンドの結果を残すことができます。

PowerCLI> Start-Transcript ($Env:COMPUTERNAME + "_" + $Env:USERNAME + "_" + (Get-Date -Format "yyyyMMddHHmmss") + ".log")

 

以上、PowerCLI のコマンド作業履歴を残す方法でした。

vSphere 6.0 の 新機能について。(Web Client の改善)

$
0
0

2015/03/16 1:59:40 の投稿です。


とうとう、vSphere 6.0 がリリースされました。

VMware vSphere 6 のドキュメント

http://www.vmware.com/jp/support/support-resources/pubs/vsphere-esxi-vcenter-server-6-pubs.html


いわゆる GA 版 が使用できるようになったので、

個人的に vSphere 6.0 で一番よい改善だと思う vSphere Web Client の UI について紹介したいと思います。


vSphere 5.5 の Web Client


まず、vSphere 5.5 の頃の Web Client です。

デフォルトで TCP 9443 番という微妙なポートを使用します。

vsphere-55-webclient-01.png


例として、vSphere 5.5 Web Client での

ESXi の右クリックメニューを見てみると、規則性をみつけにくく、結構、迷子になります。


パッと見てみあたらないものは、「すべての vCenter アクション」から深い階層をたどっていくと見つかったりします。

vsphere-55-webclient-02.png

 

vSphere 6.0 の Web Client


まず、Web Client のポートが 9443 ではなく、443 番ポートになりました。

標準的な https のポートを使用するので、

Web ブラウザで指定する URL ではポート番号の指定(以前の「~:9443」という部分)は不要になります。

独特な 9443 番ポートを使用しなくなるので、ファイアウォールの設定もれや

運用手順書などでの URL 指定ミスなどのヒューマンエラーが減らせそうです。

web-client-60-01.png


Web Client にログインすると、このような画面になります。

vSphere Client のように「最近のタスク」がデフォルトで画面下部に配置されています。

画面の雰囲気については、これまでの Web Client からあまり変化がないと思います。

web-client-60-02.png


しかし、メニュー構成は大幅に改善されています。

例として ESXi の右クリックメニューを見てみると、

5.5 のころより、直観的に階層をたどりやすく整理されています。

web-client-60-03.png


たとえば、「メンテナンス モード」メニューの配下はこうなっています。

web-client-60-04.png


「電源」メニューの配下に、「パワーオン」や「シャットダウン」が配置されています。

web-client-60-05.png


以前は見つけにくかった データストアを追加するメニューも

「ストレージ」メニュー配下に、「新しいデータストア」として配置されています。

web-client-60-06.png


おなじく、以前は分かりにくかった ESXi の VMkernel ポートや ポートグループの追加も、

ESXi の右クリックメニューからウィザードが起動できるようになりました。

「ネットワークの追加」をクリックすると・・・

web-client-60-07.png


この画面が開けるようになりました。

web-client-60-08.png


ちなみに、Web Client だけの改善ではありませんが、

「証明書」メニューで、ESXi の証明書が入れ替えられるようになりました。

「証明書を更新」をクリックして・・・

web-client-60-09.png


「はい」をクリックするだけで、vCenter の VMCA(VMware Certificate Authority)による

ESXi の証明書が更新できるようになりました。

web-client-60-10.png


地味な改善ですが、

これからは Web Client を使うようにアナウンスされていたり

vSphere 5.1 以降の新機能は Web Client でしか使用できなかったりするので

Web Client が使いやすくなることはありがたいです。

 

例示したメニューのように、いろいろ細部が改善されています。

そろそろ、これまで vSphere Client 派だった人も

Web Client を使ってもよいのではないかと思います。


ちなみに、vSphere Client は将来的に削除されるとのことですが、

vSphere 6.0 では、まだ生き残っています。


以上、vSphere 6.0 での Web Client の改善についてでした。

ESXi 6.0 ローカルユーザのパスワードルール変更について。(PowerCLI にて)

$
0
0

※2015/04/20 1:32:28 の投稿です。

 

少し前のこのポストの続きですが・・・

vSphere 6.0 の 新機能について。(ESXi ローカルユーザ管理)


ESXi 5.5 までは、パスワードルールを変更する場合は、認証にかかわる(PAM の)設定ファイルを

ESXi に直接ログインしたうえで、vi 等のテキストエディタで編集する必要がありました。

※Enterprise Plus であれば Host Profile でも設定可能ですが・・・


ESX、ESXi 4.x および 5.x でのパスワードの要件と制限

http://kb.vmware.com/kb/2079822


この設定ファイル(/etc/pam.d/passwd)を直接編集していました。

~ # vmware -vl

VMware ESXi 5.5.0 build-2456374

VMware ESXi 5.5.0 Update 2

~ # cat /etc/pam.d/passwd

#%PAM-1.0

 

password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6

password   sufficient   /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512

password   required     /lib/security/$ISA/pam_deny.so


ESXi 6.0 からは、パスワードルールが ESXi の詳細オプション

「Security.PasswordQualityControl」で管理されるようになりました。

そのため、vCenter から管理下の ESXi の設定をまとめて変更可能になります。

 

ESXi のパスワード、ESXi のパス フレーズ、およびアカウント ロックアウト

http://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.security.doc/GUID-DC96FFDB-F5F2-43EC-8C73-05ACDAE6BE43.html

 

ESXi 6.0 の /etc/pam.d/passwd ファイルにも、

詳細オプションで設定変更するようにコメントがあります。

※ちなみに、ESXi 6.0 からパスワードルールのデフォルト値も変更されています。

[root@hv60n04:~] vmware -vl

VMware ESXi 6.0.0 build-2494585

VMware ESXi 6.0.0 GA

[root@hv60n04:~] cat /etc/pam.d/passwd

#%PAM-1.0

 

# Change only through host advanced option "Security.PasswordQualityControl".

password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7

password   sufficient   /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512

password   required     /lib/security/$ISA/pam_deny.so

 

ちなみにパスワードルールは、ファイルを編集すると即時反映されます。

パスワードルールは、passwd コマンド実行時にも表示されるようになっていて

たとえば ESXi の root ユーザのパスワードを変更しようとすると下記のようになります。

※これは ESXi というより passwdqc の機能のため、以前の ESXi でも表示されます。

[root@hv60n04:~] passwd root

Changing password for root

 

You can now choose the new password.

 

A valid password should be a mix of upper and lower case letters,

digits, and other characters.  You can use a 7 character long

password with characters from at least 3 of these 4 classes.

An upper case letter that begins the password and a digit that

ends it do not count towards the number of character classes used.

 

Alternatively, if noone else can see your terminal now, you can

pick this as your password: "gehyl=ebbg&wbo".

 

Enter new password:

 

パスワードルール設定変更(GUI にて)

 

Web Client から ESXi の詳細設定を見ると、

新たに「Security.PasswordQualityControl」が追加されていることがわかります。

esxi60-pam-passwdqc-01.png


この設定を変更すると、/etc/pam.d/passwd に即時反映されます。

esxi60-pam-passwdqc-02.png


ちなみに、vSphere Client でも変更可能です。

esxi60-pam-passwdqc-03.png

 

パスワードルール設定変更(PowerCLI にて

 

まず、vCenter に接続します。

PowerCLI> Connect-VIServer vc60n02.godc.lab

 

PowerCLI> $global:DefaultVIServer | select Name,Version,Build | ft -AutoSize

 

Name             Version Build

----             ------- -----

vc60n02.godc.lab 6.0     2559267

 

ESXi のバージョンは、6.0 GA です。

今回の ESXi のホスト名は hv60n04.godc.lab です。

PowerCLI> Get-VMHost hv60n04.godc.lab | select Name,Version,Build | sort Name | ft -AutoSize

 

Name             Version Build

----             ------- -----

hv60n04.godc.lab 6.0.0   2494585

 

Get-AdvancedSetting で、Security.~ という名前のパラメータを見てみます。

Security.PasswordQualityControl のほかにも、

アカウント ロックアウト関連のパラメータがあります。

PowerCLI> Get-VMHost hv60n04.godc.lab | Get-AdvancedSetting Security.* | ft Name,Value -AutoSize

 

Name                            Value

----                            -----

Security.PasswordQualityControl retry=3 min=disabled,disabled,disabled,7,7

Security.AccountLockFailures    10

Security.AccountUnlockTime      120


それでは、パスワードルールを変更してみます。

ESXi 5.x の頃のデフォルト値にしてみました。

ちなみに、Get-VMHost の後に ESXi を指定しなければ、

接続中の vCenter 管理下の ESXi すべてをまとめて設定変更することができます。

PowerCLI> Get-VMHost hv60n04.godc.lab | Get-AdvancedSetting Security.PasswordQualityControl | Set-AdvancedSetting -Value "retry=3 min=8,8,8,7,6" -Confirm:$false

 

Name                 Value                Type                 Description

----                 -----                ----                 -----------

Security.Password... retry=3 min=8,8,8... VMHost

 

 

PowerCLI> Get-VMHost hv60n04.godc.lab | Get-AdvancedSetting Security.PasswordQualityControl | ft Name,Value -AutoSize

 

Name                            Value

----                            -----

Security.PasswordQualityControl retry=3 min=8,8,8,7,6

 

PowerCLI での設定変更は、/etc/pam.d/passwd に即時反映されました。

[root@hv60n04:~] cat /etc/pam.d/passwd

#%PAM-1.0

 

# Change only through host advanced option "Security.PasswordQualityControl".

password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6

password   sufficient   /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512

password   required     /lib/security/$ISA/pam_deny.so

 

これまで、ESXi のローカルユーザのパスワードルールは

デフォルトでは無効である ESXi Shell や SSH を有効にしたうえで

ESXi に直接ログインしなくては変更できませんでした。

 

vCenter にログインするだけで変更できるようになったので

どうしてもパスワードの複雑性が必要な環境では、結構便利になったのではないかと思います。

 

以上、ESXi 6.0 のパスワードルール変更でした。

Case Studies: NVIDIA GRID with VMware Horizon

$
0
0

VMware TAM Source 8.03

$
0
0

FROM THE EDITORS VIRTUAL DESK

Hi everyone, this week we have a new blog posting to share with you on our official TAM Blog. Please check below for the posting. I also wanted to share with you some information on our Open Source projects, many of which were featured at VMworld in 2015 and continue to gain momentum.

Here is a link to the main page and some of our ongoing projects for you to check out:vmware.github.io/
- Photon Controller
- Xenon
- Photon
- Lightwave
- tndf
- many more… https://github.com/vmware/


I wish you all a very successful week ahead and I look forward to speaking to you again next week.

 

Virtually Yours

Neil Isserow

Staff Technical Account Manager, Team Lead

San Francisco, CA


TAM SOCIAL MEDIA ASSETS (Owner: Neil Isserow)
Facebook - www.facebook.com/vmwaretam/
Twitter - @VMwareTAM (twitter.com/vmwareTAM)
Blog - blogs.vmware.com/tam
Newsletter Archive - communities.vmware.com/blogs/vmwaretam

TAM TWEETS OF THE WEEK (Editor: Daniel Mizrahi)
Photon Platform Devbox: give it a try! | vmw.re/1SScENu pic.twitter.com/PDyb0i8312
VMware Modernizes and Secures Retail Opportunities in the Mobile-Cloud Era | vmw.re/1Wp2ML4 pic.twitter.com/RWCEUnJ7yE
Top five 2016 IT Predictions for CIOs: Bask Iyer, VMware | bit.ly/1nBcgHo pic.twitter.com/de7sVMjARk
Reinvent Cloud Security with vCloud Air youtu.be/bcvlw1jUp68 via @YouTube
Data centre is heading to the cloud: Sanjay Poonen, VMware | bit.ly/1QhbKcV pic.twitter.com/z576rlSHMM

TAM BLOG (Editor: Kelly Dare)
Why the VMware America’s TAM organization is rated higher than the Apple iPhone
By Martha Bellens-Martin
After being in this business for more than 25 years, I have worked with hundreds of customers—most of them from a pre-sales perspective. That means I have spent a lot of time working with organizations to help them envision how a proposed solution will lower risk and address their pain points.

[continue reading...]

TAM FOUNDATIONAL TRAINING PLAN (Editor: Jodi Shely)
Looking for training resources on VMware Solutions. We have everything you need online and updated regularly.
EUC - bit.ly/tamftpeuc
SDDC - bit.ly/tamftpsddc

 

TAM WEBCASTS (Editor: Michelle Kaiser)

 

Please head over to our dedicated TAM Webcasts online URL:
http://bit.ly/tamwebcasts

TAM VCLOUD SUITE RESOURCES ONLINE (Editor: Joseph Suma)
Please check out our ever changing list of resources
http://bit.ly/tamvcsresources

NEW AND UPDATES PRODUCTS AND SOLUTIONS
A list of many of our latest updates to existing solutions and any new releases
http://bit.ly/tamnewreleases


NEWS AND DEVELOPMENTS FROM VMWARE

GENERAL NEWS

 

Where in the World are VCPs, VCIX6 Certification Announcement and Extending the Cisco Certification Credit

 

Where in the World are VCPs? [Infographic] See where in the World VCPs are in this infographic . Bonus points for commenting which country you represent! VCIX6 Certification Announcement: Part 3 of 3 In this three-part blog series (see parts one and two ) we roll out all the information you need ...

Jan 22, 2016 4:36:24 PM

 

3 Capabilities Needed for DevOps that You Should Already Have in Your Cloud Organization

 

By Pierre Moncassin A number of enterprise customers have established dedicated organizations to leverage VMware’s cloud technology. As these organizations reach increasing levels of cloud maturity, we are more and more often asked by our customers: “how is our organization going to be impacted b...

Jan 22, 2016 12:35:11 AM

 

Use Your Shelf Space for Industry Awards…Not Unused Software

 

Why the VMware America’s TAM organization is rated higher than the Apple iPhone By Martha Bellens-Martin After being in this business for more than 25 years, I have worked with hundreds of customers—most of them from a pre-sales perspective. That means I have spent a lot of time working with orga...

Jan 21, 2016 6:21:51 PM

 

View Composer DiskFault: Disk customization failed due to an internal error

 

There’s a glitch some customers are encountering whereby a Linked Clone desktop is created on vCenter Ok, but is deleted soon after vCenter complains about either “disposable” or “internal” .vmdk files this desktop. Creating and recomposing linked clone desktops fails on VMware Horizon View 6.1.x...

Jan 20, 2016 2:24:48 PM

 

4 New eLearning Courses Available

 

In addition to instructor-led courses delivered in a traditional classroom environment, VMware Education Services also offers self-paced training delivered online as well. Last month we released four new courses that you can attend whenever and wherever you like. AirWatch Enterprise Mobility: Con...

Jan 18, 2016 10:57:40 AM

 

Three Reasons to Choose Cloud-Based Disaster Recovery

 

Disasters happen, that doesn’t mean business failure has to. As they say “you can’t stop the waves, but you can learn to surf,” which is why a foolproof Disaster Recovery (DR) solution is crucial to any sound business plan. Furthermore, choosing the right solution for your organization is more im...

Jan 22, 2016 5:00:49 PM

 

Now Updated: Microsoft Exchange Server on VMware vSphere Best Practices Guide

 

Microsoft Exchange Server is one of the mission critical applications most commonly virtualized on the vSphere platform. As customers become more comfortable and familiar with virtualization in general and the VMware vSphere virtualization platform in particular, they become more confident, enoug...

Jan 21, 2016 10:16:13 PM

 

vCloud Air Network Compliance Spotlight – ISO 27001 Standard

 

Growth is a natural byproduct of any successful business. However, with any type of growth, come growing pains. As your business grows, one way to ease those growing pains is to have a clear option when it comes to your cloud strategy. The vCloud Air Network makes compliance clear. In our previou...

Jan 21, 2016 5:00:29 PM

 

Another VMware Cloud in Action — SAP’s Martin Heisig on the Benefits of vCloud Air

 

Martin Heisig runs infrastructure services for SAP, the world leader in business applications. As one of the biggest players in its category, SAP depends on flexibility, agility, and scalability to succeed—but being a leader doesn’t come without problems. The organization was having some challeng...

Jan 20, 2016 5:00:58 PM

 

Virtual SAN Stretch Clusters – Real World Design Practices (Part 2)

 

By Jonathan McDonald This is the second part of a two blog series as there was just too much detail for a single blog. For Part 1 see: http://blogs.vmware.com/consulting/2016/01/virtual-san-stretch-clusters-real-world-design-practices-part-1.html . As I mentioned at the beginning of the last blog...

Jan 19, 2016 9:19:39 PM

 

vCloud Air vTech Talk: Options for Backing Up Workloads

 

It’s called a cloud, not a lockbox. It’s your data, so you should have the ability to back it up how you’d like. This week, we answer this question from the vCloud community: “Other than using the Data Protection Service, how are people backing up their workloads in vCloud Air?” There are actuall...

Jan 19, 2016 5:20:21 PM

 

Dashboards and Reports in vRealize Operations Manager 6.1

 

By Troy Bailey, Blue Medora Dashboards are the primary visualization tool for users of VMware vRealize Operations Manager (vROps). This tool provides graphic representation of vROps data and displays overall infrastructure health. Reports are another great way for vROps consumers to use and lever...

Jan 19, 2016 11:01:15 AM

 

vRealize Operations Manager Tech Tips: Tip #2 – Customizing Symptoms and Alerts in vRealize Operations

 

I was recently given a use case by a client who was seeing alert noise from the vR Ops 6.1 alert “One or more virtual machine guest file systems are running out of disk space“. This alert is built from three symptoms: “1. Guest file system space usage at warning level” “2. Guest file system space...

Jan 19, 2016 11:00:42 AM

 

Webcast: Navigating Important Cloud Decisions for 2016

 

We hear this a lot – you’ve been asked to evaluate public clouds by your IT leaders who say, “Cloud is strategic”…but where do you even begin? Should you compare features and functions? Look at analyst ratings? Hire a consultant? Join Angelos Kottas, VMware Senior Director, Product Marketing, for...

Jan 18, 2016 5:00:50 PM

END USER COMPUTING

 

How the Most Productive People Work from Home

 

It’s severe weather season, and even if you’re not a regular telecommuter, chances are high you’ll find yourself skipping icy commutes to work from home at least once this winter. Though working from home is known to increase productivity at work , distractions abound, and it’s easy for the new o...

Jan 22, 2016 4:11:09 PM

 

5 Top Mobile News Headlines This Week

 

Microsoft’s $1B donation, iOS 9.3 “best” feature, banking on IoT and VMware’s big announcement. 1. Microsoft puts its money where the cloud is. Microsoft has pledged to donate $1 billion in cloud services to non-profit groups and university researchers over three years, the Wall Street Journal re...

Jan 22, 2016 2:28:59 PM

 

Product Reveals & Strategy Announcements Expected at VMware Online Event

 

Wonder what VMware has in store for its End-User Computing division and business mobility vision this year? Here’s your exclusive chance to get the VMware news as it breaks. Enabling the Digital Enterprise: Two-part Online Event VMware has opened up registration for what promises to be one of the...

Jan 21, 2016 7:21:13 PM

 

Get Your Exclusive Pass to VMware’s Breaking News Event

 

On February 9 th and 10 th , you have the opportunity to be among the first worldwide to hear VMware’s breaking news. All you have to do is claim your ticket here . Next month, VMware CEO Pat Gelsinger will host an exclusive virtual event with the breaking news and announcements about VMware’s “O...

Jan 21, 2016 5:54:04 PM

 

Intermountain Healthcare Puts Mobile Security at the Top of 2016 Priorities

 

For many years, we have been pulled into this false sense of mobile security. In early September, that sense of security came crashing down when it was revealed that the App Store had been hit with malicious code known as XcodeGhost. It is malicious code inserted into iOS apps using Xcode, which ...

Jan 21, 2016 3:40:14 PM

 

Expert Predictions: IoT & Mobile Banking Trends 2016

 

This last year was a very exciting one, to say the least. The sheer magnitude of the popularity wave for mobile devices caused a shift in the way we live our everyday lives. This cannot help but take the world of business along with it. In banking, we have seen mobile apps evolve from “nice-to-ha...

Jan 20, 2016 5:17:49 PM

 

Putting Customers at the Forefront of the Retail Experience

 

Over the past several years, we’ve had the unique opportunity to see the transformation of the retail experience firsthand. As technology quickly evolves and ushers in the mobile-cloud era, leading retail organizations have made incredible strides in leveraging tech innovations to deliver better ...

Jan 18, 2016 1:00:57 PM

 

Leading Retailers Use VMware End-User Computing Solutions to Modernize Stores & Improve Customer Experience

 

by Paige Handza, VMware End-User Computing retail vertical marketing manager Here at VMware End-User Computing, we are thrilled to help thousands of retailers—including 19 of the 20 top U.S. retailers—leverage purpose-built technology solutions to boost customer engagement, modernize store operat...

Jan 18, 2016 1:00:54 PM

 

 

KB ARTICLES

http://blogs.vmware.com/kbdigest/

Viewing all 3135 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>