Why a HomeLab need a Shared Storage and How to choose one

Do you have a home lab to practice virtualization technologies? Then  you’re going to need centralized storage to make the full use of all the available features. The most optimal way to enable this is to use a storage system which can virtualize itself. Several Virtual Storage Appliances (VSA) are available and it can be tricky to decide  which is the best to use.  Neil Anderson (www.flackbox.com ) has published a list of all the available VSA’s including their system requirements and links to setup guides for each one. There’s also recommendations on which VSA is most suitable for you given your needs.

IT News Around UAE/World

Last week Cyberattack was reported in Aviation Sector of Saudi Arabia.  More details are available here

8th Dec VMUG in Dubai is scheduled and sponsored by Redington. Details are available here. Please do register as seats are limited, Redington has impressive Datacenter, you might get an opportunity visit it.

VMware Go Ahead is a scheduled event on 14th Dec (Jumeirah Beach Hotel
Conference: 14: – 19:00 @ MEYANA Auditorium) that offers a unique setting for IT professionals to engage with experts and to get the industry insights of most relevant topics covered during VMworld– including Unified Hybrid Cloud, Cloud Management and Services, Hyper-Converged Infrastructure, Business Mobility and Network Virtualization – as part of a preeminent cloud infrastructure technology event.Register for the event here.

Dec 13th Availability of SAP with Veeam: Best Practices, Tips and Strategy: Register here

VeeamON 2017 registration is now live with super early bird pricing – so if you already know you’re going, it makes sense to register before the end of this month.

McAfee released 2017 Security Report. The Report specifically highlights Ransomware will decrease. Nevertheless, new threats are predicted. I’m extremely scared of Ransomware. Few ways to avoid it are

  1. Don’t give your kids Admin access to the laptop/desktop they are using
  2. Buy Antivirus. Do not depend on free AV. Ensure AV has malware protection in place
  3. Do not use browser plugins which are developed by the 3rd party unless you are 100% sure. 99% attacks are occurring via browser plugin and attack surface increases if you have admin rights
  4. Block P2P and other applications which are required
  5. Keep your OS up to date. I know it sounds Banal it is one of the security layers you cannot afford to miss.

Experience the Best of vFORUM 2016 (Across India) delivered to you on demand here. This is the first time it has been offered online. I will be watching it as half of the team I miss even today would be presenting it. If you are keen on ASEAN, the link is here

Migrate from any hypervisor to any hypervisor using vembu

We can use Vembu to migrate VMs to any hypervisor. Such tools are available in the market, but what is unique about Vembu it offers this feature as a part of the backup suite. I can backup VM in VMDK (VMWare) format and restore it to hyper-v format. This Feature can of great use if you are using different hypervisor in DR than in production. Let me describe the use case.

Use Case: Migrate from VMware to Hyper-V, VMware to KVM, Hyper-V to VMware, Hyper-V to KVM, KVM to Hyper-V, KVM to VMware  (Any to Any Hypervisor) Continue reading Migrate from any hypervisor to any hypervisor using vembu

Configuring Backup Job in Vembu

In earlier posts (Post:01, Post:02) I gave a brief over of Vembu Backup production. I have consciously still not covered the installation of Vembu. But I will keep that aside. In this post, I shall walk you through how to configure backup job and multiple options that are available.

After you install the straightforward, simplest product I have ever seen, you point the browser to https://localhost:6061 and below page welcomes you.

Vembu BDR Suite Logon Page
Vembu BDR Suite Logon Page

Continue reading Configuring Backup Job in Vembu

File Level Backup Features of Vembu

In the previous post, I discussed what the various options to backup Virtual Machines, Physical Servers, Applications, Files and types of backup. In this post and futures post, I shall delve into each type of backup. Let’s start with the file level backup as you might know this is the most common backup types.

Below screen highlights the various options available in Vembu

Various sources Vembu can backup

Multiple sources Vembu can backup

Continue reading File Level Backup Features of Vembu

Vembu Backup Options

Vembu is Business and Data Protection suite is widely prevalent among Small And Medium size business and growing. It has almost all the features of any Backup Product available in the market. In this part: 01 the where I will discuss what are primary features Vembu offers

vBDR offers following backup options

  1. Image backup for VMware and Microsoft Hypervisor as shown in the screen below
VMBackup
VMBackup

2. Image backup for Physical servers and desktop. It is worth noting Desktop Backup software is offered free of cost which means you get a full backup solution for servers desktops and applications. So what is supported for application level backup also referred as Granular level backups (GLR)? Here is the list below Application-aware Backup Continue reading Vembu Backup Options

[VMware] VDI Requirement Gathering

Oh! it is been a month i haven’t written a single post. Ah! Blogging is my favorite activity. I love sharing my experience and learning. This the single most platform I can express my thoughts on technical front. I don’t know how many of you like  but I don’t see that as motivation factor. In all cases I would love to hear back from you. Recently I did a VDI requirement gathering workshop with a customer. Based on various design meeting I have come across questionnaire. I would like to share with you. You will need to basic understanding VDI especially technology you are supporting. First and foremost and most important why are you looking towards VDI. Don’t start with Why question. Rather I suggest you put across a question in way a your customer understands. It is worth noting first meeting will be with IT manager, CXO. They would understand if you ask them what is the primary objective in exploring VDI options.

What is the business goals/Drivers for VDI?

Security, Cost saving, desktop refresh. These are few of the options which can help you to drive the discussion. Without understanding each of the Business drivers your conversation will be more like Q&A. It should be discussion. If desktop refresh is one of the drivers, then immediate question would be to understand if existing desktops can be reused. Are the existing desktop end of life.  Since existing desktop will be used, it is very likely user might use both the desktop. It is opportunity to ask where users will be saving their data. It would also give you insight that you need some profile migration tool in place. Since we are here, whether users are using PST and if they are storing in some central location. Here is reference on this topic. This post also provide you likely solutions

What applications will be used via VDI Desktops and What is the nature of this application?

This is most important thing I learnt from Brian Suhr book. VDI is all about apps and not about desktops alone. How you present Applications (apps) to the end user. iPad, Tablets,Phone and Cars is of utmost important. Entire focus of your discussion should around these applications. Who is using these application and what they are doing with these applications. Are there is common set of applications used across your organization? Are there heavy graphics, High I/O (Autocad, Visual Studio), Memory Intensive CPU intensive (Graphics), Recording Audio application in used. Are these application business specific, can these application be down? This discussion will help you decide 1.) if you need a multiple desktop pools 2) Do you need any application virtualization feature. This could be easily guessed, more variation in applications portfolio, more will be inclination to separating application from desktop pool . Most frequently used application can be part of standard image or can be thin app’ed. This is very well explained in Brian’s book. In each case you need to the count of users who are using this application. e.g. If photoshop users are only 5 and they just use it for light graphics you probably don’t need grid cards. If these are heavy graphic users along with considerations of Grid cards, you are very likely to consider to Monitor size and resolution. You could see how one question leads to answer to another. Now that you understand the nature of application, most critical part is how license works. e.g. Office licenses need validation and it need license management server (KMS).

Are there any users who need to install applications on local desktops other than desktop admins?

Now this is one of the use case for persistent desktops. If there are developers in your organization who need pool of applications, they obviously need administrator access and much more. As could be easily guess, you must know how many developers/users with this requirement are needed. This will drive the DR strategy for persistent desktops. Along with, you need to know how critical is their nature of work. Here you can pause and ask how frequently application refresh occurs and how applications are refreshed. This is critical piece of information as these will impact application virtualization and it’s efforts need to update. e.g. If application-A is refreshed every month (yes there are applications which are refreshed every month), and if you are proposing application virtualization for these set of application, you need to consider how are you going to ensure these updates are integrated. This is on-going cost and may vary based on complexity of application. yes I’m reading your mind “App Volumes”. Yeah!, do you need to be architect to say/propose it. Think again!!!

Are users working in shift?

If yes, what is anticipated concurrent users. This will help you decide licenses for VDI and CALs. This will also help you decide % of users who need floating desktops. e.g. if there are 300 users working in a 3 shifts, i.e. 100 users per shift. You just need 100 Concurrent user licenses, you can provide 5% allowances and procure licenses. Floating desktops is must here. CALS refer to end user CALS for desktops or RDSH if you are offering RDSH based desktops. This could be also appropriate place to understand if Terminal services licenses are there with customer

What is anticipated total users (if they are not shift users)?

This will help you identify license requirement for AV, Software licenses for Office, Desktops and other product which do not based their licensing concurrent users. You could relate difference between 300 licenses or 100 AntiVirus license.

From where end users are going to access desktops/applications?

This help you understanding how access has to be granted to the end users e.g. WAN/LAN/Internet. If there are Multiple sites, what is the required bandwidth between these sites. How users are going to access from the remote site. (thin client/Desktop/Laptop). Internet: They could be mobile users, working from home or working from office. Number of users, number of applications they need to access will have direct impact on bandwidth and latency required

Do you need access to desktop from home?

Yes it is not application access but desktop access. If yes, there is whole lot of security considerations. You need view security server or identity access appliance. Identity access appliance would be suitable if there is sufficient VMware Infrastructure in DMZ. All users would need access from Home? Do users needs two factor authentication? if Yes, RSA token is license per user. Is access from Home critical? or it is access on best effort basis. It will drive your high availability design. Again you will need restrict VDI Desktops to specific VLAN

Is user using Lync/Audio/Video user ?

Lync will have direct impact on selection of thin client. It must support Lync plug-in. Zero client definitely do not support it. Factors like features, cost, Design and performance.

Do you need USB devices/Scanner/SmartCard Readers redirection?

This is often forgotten. User need USB devices for various reason. It must be able to accommodate this requirement. In hospitality industry things become more critical when they need to move between room attending patients. This requirement will have indirect impact on your selection of endpoint device.

List down the agent installed on the desktop

  • AV Agent
  • Backup Agent
  • SCCM/LANDesk Agent3

Do you still needs these agents in VDI Desktops? Backup Agent? definitely not. You no longer would be taking desktop backups. would you?

Following questions will help you build supporting infrastructure

  1. Do you have Certificate Authority? If no, you either have to recommend one to be prerequisite(read this post from Harsha) or assist them in building one
  2. Do you have Load balancer in your existing solution? If no, you can either procure on behalf of them or ask them to in pre-requisite list? If they need active active VDI solution, then Load balancer should be intelligent to divert traffic based on source IP
  3. Do you have SRM? If DR strategy is Active-Passive, then SRM will assist in DR failover to VDI components. Refer this white paper for further details
  4. Do you have terminal server licenses? If yes, you can explore the possibility of providing RDSH to the customer for select applications
  5. Where users are storing data? local desktop/laptop? then you must considered file server in your design for user data and probably for PST as well.
  6. Do you have DHCP server at  site? Is it redundant?
  7. Are there any non-corporate users accessing desktops? e.g. Vendor, contractors? How these users prohibited from accessing corp data?
  8. How are using connecting to the network? These will have direct impact on users endpoint.

This is just the tip of iceberg. If you follow this questionnaire, I’m sure you can built your own based on your experiences. Biggest advantages of this questionnaire is, it allows you to build requirement gathering document without much effort.

 

[Nutanix] NPP Journey

Starting this year I choose to learn a new technology which was Nutanix. In order to start the Journey I choose to put a goal NPP as a starting goal. NPP stands for Nutanix Platform Professional. I have found putting certification as a goal is best way to learn any technology. If you focus on certification of any particular technology, you are more likely to learn new technology as here the focus is to clear the exam. Nutanix as of now offers three certification NPP, NSS and NPX .

Where to start

  1. You must install nutanix community edition and here is the best blog i have found. This is the only blog which explains the workaround if you don’t have SSD
  2. If you have budget of 35,000 INR, I strongly suggest you enroll online plus exam.
  3. At least go through PRISM WEB CONSOLE GUIDE.
  4. And youtube videos here
  5. Optionally Nutanix Bible here

Online Plus Course

First & foremost this is very unique learning approach. You are given access to nutanix course material and lab starts after 2-3 days. It allows you to read training material at least 2 days before and helps you with good head start with Nutanix. One of the best part of Online Plus course, you have access to learning material even after you have completed your course. Unfortunately it is not documented anywhere but I suspect access will remain for more than a year. You don’t need to take any notes. This course duration is for 2 weeks and you get two lectures. First lecture is about lab and second one is question and answer session with instructor. I liked the second lecture a lot. Instructor was extremely knowledgeable and source of lot of information and has been part of this blog. It was worth 35k, however if your organization is going to enter in partnership agreement with Nutanix, you get free online plus course.

The NPP exam is free to all Nutanix customers and partners, Request an account from education@nutanix.com.

Do you really need to do undergo this course. You would be surprised, it is completely optional. In fact NPP do not have any critiera. Do you want to give this exam?, just drop a email to education@nutanix.com they will send you email for exam. And it might surprise some of you, this is open book exam. You don’t have to go to any VUE/Prometric center for it. You can give this exam in group/Home/Office. It reminded me of how we use to pass compliance requirements in my previous organization. Jokes apart, you have a choice to be honest here. So this exam is free, this exam is open book. I did this course sometime in March and proud to say I have completed it within month. What next?

Preetam Zare_NPP Certification Exam (4.5)_Certificate

Reference for Nutanix Platform Pprofessional

Nutanix Certifications 

Nutanix Professional Exams

Nutanix Online Plus exam course description

Nutanix Online Plus Exam schedule

 

[NUTANIX] Internal CA Signed Certificate for console Access for Prism

SSL signed certificate are used to encyrpt communication between client and server. Signed Certificate ensures the server is authenticated. Self-signed certificates are not signed by 3rd Party and therefore cannot be fully trusted. For internal services, you can use internal Certificate Authority (Internal CA).Nutanix uses SSL to secure communication with a cluster and web console allows you to install SSL certificates.

Nutanix provides simplest way to configure SSL signed certificate to encrypt communication between console and server. You need Microsoft CA and openssl. Openssl can be downloaded from here. Installation of Microsoft CA is explained here. As with any step Certificate Signing Request (CSR) is first step.In order to create csr, you need openssl.cfg file. Following is the file I created. I used similar file for VMware Certificates.


[ req ]
default_bits = 2048
default_keyfile = rui.pem
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:sssnut, IP:192.168.1.190, DNS:sssnut.shsee.com, DNS:NTNX-f8b67341-A-CVM, IP:192.168.1.170, DNS:NTNX-f8b67341-A-CVM.shsee.com

[ req_distinguished_name ]
countryName = AE
stateOrProvinceName = AbuDhabi
localityName = ME12
0.organizationName = SHSEE
organizationalUnitName = Nutanix Services
commonName = sssnut.shsee.com

Pay special attention to line 14. Do note country codes are two letters only. I was using UAE, but was getting error while creating csr. For UAE, it is AE. Line 2 is the key length. Various key lengths supported by default. Do ensure CA you are configuring has at least 2048 key length. In cfg file I have edited only line 14, 17-22 only. Everything else remains default. After you have downloaded openssl from http://slproweb.com/products/Win32OpenSSL.html, extract as it to C:\ as shown. Take a backup of openssl.cfg.

You can refer my previous post of openssl.cfg file here

Run following command to create csr request. Do note rui.pem file is private key which is unique per request.

2016-04-23_11-07-13

Browse to http://CertificateAuthorityFQDN/certsrv/

Upload CSR to Microsoft CA as shown below. Review Slide Share for detail steps

 

This is all needed.

Finally wish to Thank Marc for promoting my previous post. Believe me or not, post hit highest count so far. Power of social media

[VMware] Automation of Windows Server 2012 R2 using Powershell, AnswerFile

Last week I shared my learnings on building Answer file and automate Windows Server deployment on Acropolis Hypervsior [AHV]. This post is almost similar to earlier post, but it is based for deployment on VMware Platform. I really want to explain the code line by line. This would make post highly verbose. Let me keep it short and simple. You need to create a VM to install a Operation system. For Virtual machine you need a mandatory input e.g. vCPU, vRAM, Storage, GuestOS, Datastore and CD ROM (for my automation workflow you need two CDROM). After Virtual machine is created , attach Operating System ISO. My script assumes you already have ISO uploaded into datastore. Below is over all workflow

2016-04-16_21-56-41

For automation, you just need a path to ISO. This being done, you need to update answer file. Well I know I’m creating answer file. Answer file is created in previous host. All you need is update the answer file with two variables which I mentioned above i.e. Server Name and IP Address. To get this done, I’m loading the XML file and updating the parameters as shown below. Once parameters are updated I’m saving the file

$xml = New-Object XML $xml.Load($xmlsourcepath) $xml.unattend.settings[1].component[7].Interfaces.Interface.UnicastIpAddresses.IpAddress.'#text'=$IPaddress $xml.unattend.settings[1].component[0].ComputerName=$VMName $xml.Save($xmlsourcepath)[/code]</pre>
Please note I have to cast a string into string. Apparently it is bug in powershell
$VMName=[string]$VMNamestr $IPaddress=[string]$IP 

Now task is to create a ISO file of an answer file and copy this answer file into datastore. Watch out, I have created the ISO file of same name as Server name (line 14 ). This will be helpful as same ISO cannot be attached to different virtual machine as XML file will have unique IP and servername.

Now create a additional CDROM on VM to attach answer file ISO. When you attach ISO to VM, you can only say “Connect at Power on” for additional CDRM but in order to actually connect it, it must be “Connected”. See below what i meant.

2016-04-23_11-27-07

So I  attached the ISO and clicked the checkbox “Connect at power on”. Now when I power on the virtual machine, I get this additional CDROM in connected state. But by this time OS is already booted and boot process initiated. As workaround, I’m resetting VM after 5 seconds (Line no:11). This trick fixed the issue.

New-CDDrive -VM $VMName
Start-VM -VM $VMName -Confirm:$false
#attach ISO to datastore
Get-CDDrive -VM $VMName -Name "CD/DVD drive 1"| Set-CDDrive -IsoPath $ISO -StartConnected:$true -Confirm:$false
Get-CDDrive -Name "CD/DVD drive 2" -VM $VMName | Set-CDDrive -IsoPath "[PhyStorage]\ISO\$VMName.iso" -StartConnected:$true -Confirm:$false
#check if CDROM is connected, if not connect it.
$Cstates=Get-CDDrive -VM $VMName 
foreach($Cstate in $Cstates){
if($Cstate.ConnectionState.Connected -eq $false){
Get-CDDrive $Cstate.Parent -Name $Cstate.Name | Set-CDDrive -Connected:$true -Confirm:$false
Start-Sleep -Seconds 5
Restart-VM -VM $VMName -Confirm:$false
}
}

Here is full code

#Purpose is to create Virtual machine, attach OS ISO File, create Answer file, create ISO of answer file
#add secondary CDROM and attached
Add-PSSnapin -Name *vmware*
Connect-VIServer 192.168.1.98 -User servera09@shsee.com -Password VMware1!
$VMNamestr=read-host "Enter the name of virtual machine"
$IP=read-host "Please enter IP for this Machine"
#casting into strings
$VMName=[string]$VMNamestr
$IPaddress=[string]$IP
#FilePaths
$xmlsourcepath="E:\Automation\Windows\autounattend.xml"
$xmldestination="C:\Answer"
$ISO="[PhyStorage]\ISO\SW_DVD9_Windows_Svr_Std_and_DataCtr_2012_R2_64Bit_English_-2_Core_MLF_X19-31419.ISO"
$answerISO="C:\workingdir\$VMName.iso"
$answerISODestination="vmstore:\AbuDhabi\PhyStorage\ISO"
#VM Details
$vCPU="2"
$RAMinGB="4"
$diskinGB="80"
$GuestOS="windows8Server64Guest"
$Datastore="PhyStorage"
#Removed xml from 
Remove-Item $xmldestination\*.xml
####Virtual Machine is created######
New-VM -Name $VMName -Datastore $Datastore -DiskGB $diskinGB -MemoryGB $RAMinGB -GuestId $GuestOS -NumCpu $vCPU -ResourcePool Resources -Version v8 -CD
#------------------------------------------------updated Answer File---------------------------------------------------------------------------------------#
$xml = New-Object XML
$xml.Load($xmlsourcepath)
$xml.unattend.settings[1].component[7].Interfaces.Interface.UnicastIpAddresses.IpAddress.'#text'=$IPaddress
$xml.unattend.settings[1].component[0].ComputerName=$VMName
$xml.Save($xmlsourcepath)
Copy-Item $xmlsourcepath $xmldestination
& 'C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg\oscdimg.exe' -n $xmldestination $answerISO

#copy ISO to datastore
Copy-DatastoreItem -Destination $answerISODestination -Item $answerISO
#add additional CDROM for Answer file
New-CDDrive -VM $VMName
Start-VM -VM $VMName -Confirm:$false
#attach ISO to datastore
Get-CDDrive -VM $VMName -Name "CD/DVD drive 1"| Set-CDDrive -IsoPath $ISO -StartConnected:$true -Confirm:$false
Get-CDDrive -Name "CD/DVD drive 2" -VM $VMName | Set-CDDrive -IsoPath "[PhyStorage]\ISO\$VMName.iso" -StartConnected:$true -Confirm:$false
#check if CDROM is connected, if not connect it.
$Cstates=Get-CDDrive -VM $VMName 
foreach($Cstate in $Cstates){
if($Cstate.ConnectionState.Connected -eq $false){
Get-CDDrive $Cstate.Parent -Name $Cstate.Name | Set-CDDrive -Connected:$true -Confirm:$false
Start-Sleep -Seconds 5
Restart-VM -VM $VMName -Confirm:$false
}
}

Distrupting Datacenter