Category Archives: Virtualization

[WS2016]Installing and Configuring IIS on Windows Server 2016 Nano -Part01

I believe the best method to learn any technology is to teach someone or implement it. I prefer to deploy and try out for myself. Having said that I’m open to teaching if required. I have recently started exploring the feasibility of using Windows Server 2016 Nano for the Production environment. There are at least four use cases for Windows Nano one of them is using Windows IIS Server which I will describe here. Given that I know I have IIS role available on Nano I was examining to put this in right learning form. The closest and easiest I could think of Web Server is required for vSphere Update Manager (VUM) when it is configured in Air-Gapped mode.

So let’s get rolling so that we can take a look at it.

Here is the list of things we need to Build an Air Gapped VUM

  1. Web Server in DMZ
  2. Operating System for Web Server
  3. Storage space for Update Repository
  4. Optional but Strongly recommended to have Certificate Authority configured.

 

Installing Nano Server with IIS Package

Nano server can be deployed using two methods. The First method which is very popular is PowerShell and second method know to few is the GUI based. I’ll cover here PowerShell approach while GUI based approach is covered here

So what we need to achieve our goal. [Pre-requisites]
  1. Windows 2016 ISO
  2. Windows 10 or Windows 2016 Machine (Yes can’t do this on Windows 8.1. The dism version which ships with Windows 8.1 is older and cannot be replaced or upgraded using Windows Assessment and Deployment Kit (ADK).
  3. Working directory
I will cover it in two part. In part01 I will cover how to Package, Install and Configure Nano server. In part02 I will cover how to set up IIS server.

 

As a first step, you must import Nano Server PowerShell package. Where is this package? Well, it is in Windows 2016 ISO. Double click ISO. It will automatically mount. Open Powershell ISE (Elevated Prompt) and run following command to import NanoServerImageGenerator Module

Import-Module D:\NanoServer\NanoServerImageGenerator -Verbose
Import-Module D:\NanoServer\NanoServerImageGenerator -Verbose

To confirm whether the NanoServerImageGenerator Module is imported, type the following command. Yes ! Only three commands and 99% of the time you will use only one command.

Get-Command -Module NanoServerImageGenerator
Get-Command -Module NanoServerImageGenerator

Now before you start the process of creating the image, you might need to find the package name. To find package name, you must install package provider.

If the above installation is successful, then you should be able to find the following command

and the output of the command will be exactly as below

Find-NanoServerPackage
Find-NanoServerPackage

Create Nano Server Image

Once our pre-requisites are ready, then we can start building Nano Image. As mentioned above, you need either Windows 10 or Windows Server 2016 to create this image and working directory. I have used Windows Server 2016.

Now let’s begin the process of creating Nano Image. I’ll be building Virtual Image. Assuming you are still in Powershell session, type the following command. Below screen capture is from Powershell and not from PowerShell ISE. I’m not aware how to create multiple lines of codes in Powershell ISE. After pressing Enter on the preceding command, you will be prompted for the Administrator password. Supply the password to begin image building process.

New-NanoServerImage
New-NanoServerImage

I have tabulated the parameter of the command below and provided explanation against each.

Parameters Comments
Edition Standard or Enterprise a decision If you will use Hyper-V
Deployment Type Guest or Host. Guest is for Virtual Machine and Host is for Hyper-V. If you are going to host Hyper-V role on it, then the role is Host
Package The package you wish to deploy. To find out the package available, please refer to screen capture with Title ‘Find-NanoServerPackage’ above. In my case, I have to select IIS Package
IPv4 You will typically deploy Server with Static IP. For IP Address, Subnet Mark, Gateway and DNS Server
EnableRemoteManagementPort Enable Remote Management. This port is a must.
ComputerName Name of the server. This name is the Guest OS name
MediaPath Path to ISO. It is the path of ISO image
TargetPath Path where to create Image i.e. VHDX file which will be our working directory
InterfaceNameorIndex Name of the Network Card. In all cases it is Ethernet.

There are other parameters which I have not used here as it is not required.

Now our image is ready to be deployed, So let’s deploy it. Before you do that copy .vhdx file into Hyper-V working directory.

I’m using Hyper-V manager. Detailed eight steps procedure is captured in the screen capture below.

Deploy Nano Image using Hyper-V manager
Deploy Nano Image using Hyper-V manager

A point to note is in Step:04 you must select Generation:02 as we have selected VHDX extension while creating NanoServer Image.

After you press Finish, Nano VM is created, and it is ready to be powered on. Why not power it on then? Power on the Virtual Machine. VM will be powered on immediately, but it will take few seconds to join to the domain and Install IIS Package. After that few seconds gap, you will be looking at the console of brand new Nano Server

Nano Server is now up and Running
Nano Server is now up and Running

There is no practical need to login to this console as we have already configured IP Address, DNS and domain join. In the below screen I have logged in using contoso.com credentials. This screen is referred as Nano Server Recovery Console. The recovery console screen is to reset Networking configuration.

As we are here, let’s take a look at our available options.

Logged into Nano Server using Domain Account
Logged into Nano Server using Domain Account

I always like to enable Ping on all Windows Server leaving firewall enabled. Click on Inbound firewall rules, press Enter scroll down till you see ICMP IPv4 shown below. Press enter to modify the rule by press F4 which will toggle Enable or Disable. It is the only rule you can change in this console. You might think, hey! Wait I can achieve similar thing from GroupPolicy. But GroupPolicy is not supported on Nano

Though I have shown how to achieve it here, it is not the requirement.

Disable ICMP Ping rule in Windows Nano Server
Disable ICMP Ping rule in Windows Nano Server

Manage Nano Server using Server Manager

Open Server Manager from our working server and follow the steps mentioned or the screen capture for the steps

  1. Click on All Servers
  2. Right click and Add Server
  3. Select Find Now and choose the NanoIIS03 from the list
  4. Move the compute

 

Manage Nano Server using Server Manager
Manage Nano Server using Server Manager

If Firewall ports are opened, the Online status will be immediately visible.

Nano Server Added to Server Manager
Nano Server Added to Server Manager

Before We conclude this post, let me walk you through the basic configuration you might have to do on the nano server.

Set Time Zone on Nano Server

Time Zone must be changed to match to your region. It is critical to check if the time of the server is matching.  If the time difference is more than 5 minutes Domain, Join will fail.

Remote into nano Server using our familiar command

Set Time Zone on Nano Server

Increase the Disk Size on Nano Server
  1. Right click on Nano server, then select settings
  2. Find the Hard Drive and press Edit as shown below
Press Edit to Expand Disk Online
Press Edit to Expand Disk Online

Provide the new size.  Note I have skipped few unimportant screens. In below example, I have increased the size from 4 GB to 10 GB

Enter New Size to Expand Disk

Enter New Size to Expand DiskPress finish which will increase the disk size. This action will increase the disk size but not at the disk level. To the extent the C:\ you need to get disk and partition details in a variable and then use max size method to increase it.

  1. Get Partition command will give details of Partition available on Nano Server. I’m assuming you still have the remote session on nano server.

  1. Select the right partition. In my case, it is Disk 0 and Partition 4. Capture output of this command in variable $Extvol.

  1. Extend partition using Resize-Partition command. Most important variable essential to extend the partition is

Following screen capture is sequence of command executed in PowerShell

Extend the Volume using Powershell

Extend the Volume using Powershell.

In case you wish to avoid PowerShell in extending disk you can easily do so by installing file server role. All you need is to add -storage shown below

In the second post, I will cover how to create IIS site and configure it to host the repository of vSphere Updates.

Configuring Backup Job in Vembu

In earlier posts (Post:01, Post:02) I gave a brief over of Vembu Backup production. I have consciously still not covered the installation of Vembu. But I will keep that aside. In this post, I shall walk you through how to configure backup job and multiple options that are available.

After you install the straightforward, simplest product I have ever seen, you point the browser to https://localhost:6061 and below page welcomes you.

Vembu BDR Suite Logon Page
Vembu BDR Suite Logon Page

Continue reading Configuring Backup Job in Vembu

[VMware] Automation of Windows Server 2012 R2 using Powershell, AnswerFile

Last week I shared my learnings on building Answer file and automate Windows Server deployment on Acropolis Hypervsior [AHV]. This post is almost similar to earlier post, but it is based for deployment on VMware Platform. I really want to explain the code line by line. This would make post highly verbose. Let me keep it short and simple. You need to create a VM to install a Operation system. For Virtual machine you need a mandatory input e.g. vCPU, vRAM, Storage, GuestOS, Datastore and CD ROM (for my automation workflow you need two CDROM). After Virtual machine is created , attach Operating System ISO. My script assumes you already have ISO uploaded into datastore. Below is over all workflow

2016-04-16_21-56-41

For automation, you just need a path to ISO. This being done, you need to update answer file. Well I know I’m creating answer file. Answer file is created in previous host. All you need is update the answer file with two variables which I mentioned above i.e. Server Name and IP Address. To get this done, I’m loading the XML file and updating the parameters as shown below. Once parameters are updated I’m saving the file

$xml = New-Object XML $xml.Load($xmlsourcepath) $xml.unattend.settings[1].component[7].Interfaces.Interface.UnicastIpAddresses.IpAddress.'#text'=$IPaddress $xml.unattend.settings[1].component[0].ComputerName=$VMName $xml.Save($xmlsourcepath)[/code]</pre>
Please note I have to cast a string into string. Apparently it is bug in powershell
$VMName=[string]$VMNamestr $IPaddress=[string]$IP 

Now task is to create a ISO file of an answer file and copy this answer file into datastore. Watch out, I have created the ISO file of same name as Server name (line 14 ). This will be helpful as same ISO cannot be attached to different virtual machine as XML file will have unique IP and servername.

Now create a additional CDROM on VM to attach answer file ISO. When you attach ISO to VM, you can only say “Connect at Power on” for additional CDRM but in order to actually connect it, it must be “Connected”. See below what i meant.

2016-04-23_11-27-07

So I  attached the ISO and clicked the checkbox “Connect at power on”. Now when I power on the virtual machine, I get this additional CDROM in connected state. But by this time OS is already booted and boot process initiated. As workaround, I’m resetting VM after 5 seconds (Line no:11). This trick fixed the issue.

New-CDDrive -VM $VMName
Start-VM -VM $VMName -Confirm:$false
#attach ISO to datastore
Get-CDDrive -VM $VMName -Name "CD/DVD drive 1"| Set-CDDrive -IsoPath $ISO -StartConnected:$true -Confirm:$false
Get-CDDrive -Name "CD/DVD drive 2" -VM $VMName | Set-CDDrive -IsoPath "[PhyStorage]\ISO\$VMName.iso" -StartConnected:$true -Confirm:$false
#check if CDROM is connected, if not connect it.
$Cstates=Get-CDDrive -VM $VMName 
foreach($Cstate in $Cstates){
if($Cstate.ConnectionState.Connected -eq $false){
Get-CDDrive $Cstate.Parent -Name $Cstate.Name | Set-CDDrive -Connected:$true -Confirm:$false
Start-Sleep -Seconds 5
Restart-VM -VM $VMName -Confirm:$false
}
}

Here is full code

#Purpose is to create Virtual machine, attach OS ISO File, create Answer file, create ISO of answer file
#add secondary CDROM and attached
Add-PSSnapin -Name *vmware*
Connect-VIServer 192.168.1.98 -User servera09@shsee.com -Password VMware1!
$VMNamestr=read-host "Enter the name of virtual machine"
$IP=read-host "Please enter IP for this Machine"
#casting into strings
$VMName=[string]$VMNamestr
$IPaddress=[string]$IP
#FilePaths
$xmlsourcepath="E:\Automation\Windows\autounattend.xml"
$xmldestination="C:\Answer"
$ISO="[PhyStorage]\ISO\SW_DVD9_Windows_Svr_Std_and_DataCtr_2012_R2_64Bit_English_-2_Core_MLF_X19-31419.ISO"
$answerISO="C:\workingdir\$VMName.iso"
$answerISODestination="vmstore:\AbuDhabi\PhyStorage\ISO"
#VM Details
$vCPU="2"
$RAMinGB="4"
$diskinGB="80"
$GuestOS="windows8Server64Guest"
$Datastore="PhyStorage"
#Removed xml from 
Remove-Item $xmldestination\*.xml
####Virtual Machine is created######
New-VM -Name $VMName -Datastore $Datastore -DiskGB $diskinGB -MemoryGB $RAMinGB -GuestId $GuestOS -NumCpu $vCPU -ResourcePool Resources -Version v8 -CD
#------------------------------------------------updated Answer File---------------------------------------------------------------------------------------#
$xml = New-Object XML
$xml.Load($xmlsourcepath)
$xml.unattend.settings[1].component[7].Interfaces.Interface.UnicastIpAddresses.IpAddress.'#text'=$IPaddress
$xml.unattend.settings[1].component[0].ComputerName=$VMName
$xml.Save($xmlsourcepath)
Copy-Item $xmlsourcepath $xmldestination
& 'C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg\oscdimg.exe' -n $xmldestination $answerISO

#copy ISO to datastore
Copy-DatastoreItem -Destination $answerISODestination -Item $answerISO
#add additional CDROM for Answer file
New-CDDrive -VM $VMName
Start-VM -VM $VMName -Confirm:$false
#attach ISO to datastore
Get-CDDrive -VM $VMName -Name "CD/DVD drive 1"| Set-CDDrive -IsoPath $ISO -StartConnected:$true -Confirm:$false
Get-CDDrive -Name "CD/DVD drive 2" -VM $VMName | Set-CDDrive -IsoPath "[PhyStorage]\ISO\$VMName.iso" -StartConnected:$true -Confirm:$false
#check if CDROM is connected, if not connect it.
$Cstates=Get-CDDrive -VM $VMName 
foreach($Cstate in $Cstates){
if($Cstate.ConnectionState.Connected -eq $false){
Get-CDDrive $Cstate.Parent -Name $Cstate.Name | Set-CDDrive -Connected:$true -Confirm:$false
Start-Sleep -Seconds 5
Restart-VM -VM $VMName -Confirm:$false
}
}

My Learnings on Sysprep, Answerfile and Mass Deployment -Post01

I started with a aim to find a information on how to mass deploy windows 2012R2 on AHV and end up learning whole lot of things. I want to know how can we clone VMs in AHV i.e. Acropolis Hypervisor. Well there are multiple ways of it. I want to talk about the one which is relevant to AHV. I will explore the other options via this series of posts.

Goal

Create OSE (operating system environment) based on windows 2012 R2 with following features

  1. Automatic partition of windows OS
  2. Automatic selection Windows 2012 R2 Standard Edition
  3. Automatic addition of Windows Server to domain
  4. Automatic creation of one local user id with admin priviliges
  5. Automatic enabling Remote desktop
  6. Automatic configuration of time zone
  7. Automatic disabling of Enchanced I.E. security features for Administrators
  8. Automatic disabling Welcome to Server Managed at logon
  9. Automatic configuration of powershell to executionmode=remotesigned
  10. Automatic installation of RSAT tools and Telnet client

List doesn’t end here

In order achieve it, you must know how to create an answer file. Answer file creation process is explained in all over places. But I didn’t found a simple post about it. First and foremost you need a Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1 Update. It is here. Download and install it. Installation file is just under 1.5 MB. Install it and it will further ask you following question.

2016-04-06_19-41-26

Select appropriate choice of yours. I choose to install on same PC, so I left the default selection and press Next, Next and selected only deployment tools.

2016-04-06_19-44-40

Post installation, you need a take a trouble to find where is Windows System Image Manager. I prefer you create a shortcut on taskbar. Now you need the ISO. You can’t use evaluation version, you must have a ISO which is licensed. You can either mount the ISO or extract the ISO. I would prefer to extract. Create a directory of your choice. Mine is workingdir as shown below. After ISO is extracted go to the path shown below. 

2016-04-06_20-50-58

Copy install.wim into WorkingDir folder. Open Windows System Image Manager, open install.wim file by going to Windows Image, right click

2016-04-06_20-55-28

You will get a prompt as shown below, select the Edition of operation system.

2016-04-06_20-57-51

It is will prompt to create catalog. Just say “yes”. It will take ample time to create catalog.

2016-04-06_20-59-55

Now to create new answer file, click as shown below

2016-04-06_21-06-07

To complete answer file you need add various components shown above. This is very meat of entire post. Loads of options are available, which one to choose and what to fill is very important.let’s First add Microsoft-Windows-International-Core-WinPE this is basically going to automate default language, locale, and other international settings.

2016-04-06_21-16-33

After you add it to pass 1, fill in the details. If you are getting lost, just use Help, it is excellent source of information.

 

Then add Microsoft-Windows-Setup component it contains settings that enable you to select the Windows image that you install, configure the disk that you install Windows to, and configure the Windows PE operating system. Now this has lots of stuff. Let’s start from top to bottom. There is nothing in DiskConfiguration to configure other than shown below

2016-04-06_22-02-47

Right click on DiskConfiguration and Insert New Disk. For Disk0 we will wipe it as configured below.

2016-04-06_22-03-12

After disk is wiped, you need to create and define partition. All our SOE will have 80 GB drive just for installing Guest OS and basic softwares e.g. AV, monitoring agents, VMware Tools and etc. No applications.  We will create two partitions, one for system and other for windows.

2016-04-06_22-04-08

System partition will be 350 MB in size and has to be non-extending.

2016-04-06_22-04-37

similarly windows partition will be set to extending true and will be second partition

2016-04-06_22-16-00

If you are installing Windows to a blank hard disk, you must use the CreatePartitions and ModifyPartitions settings to create and format partitions on the disk

2016-04-06_22-19-46

Make partition1 active and it will be label as System. Order 1 suggest it will be first created

2016-04-06_22-24-22

Now Partition2 where OS will be installed will be label Windows and will be assigned Drive C:\

2016-04-06_22-48-10


 

Now lets move to ImageInstall, ImageInstall specifies the Windows image to install and the location to which the image is to be installed. InstallFrom doesn’t applies in ISO installation, so skip it. You must specify either the InstallTo or the InstallToAvailablePartition settings (shown below)

2016-04-06_23-18-25

2016-04-06_23-04-35

 

2016-04-06_23-04-53

However we need to specific installation path for Image and therefore we need to add MetaData

2016-04-06_23-05-18

Finally you must  specific InstallTo e.g. Disk0 and Partition2, it where you will install Operating System

2016-04-06_23-19-17

Task 1, 2 are achieved

UserData

In this screen, we will add EULA and skip product key as I don’t have valid product key. You can use license keys mentioned here.

2016-04-06_23-23-20

 

I’m skipping name of the computer.  As I don’t believe putting computer name in answer file is a recipe for mass deployment. I will explore this option in future post.

4 Specialize

Add Microsoft-Windows-Shell-Setup to specialize Pass.

we need to add same key again in 7 oobe System but options are completely different which you will observed

2016-04-07_19-29-24

Enter Name of the organization, Registered Owner and Time zone as shown above. Task 6 is achieved

Add Microsoft-Windows-IE-ESC in Pass 4 and enter False of IEHardenAdmin and True(which is default) for IEHardenUser. Task:07 is achieved

2016-04-07_19-43-35

Add Microsoft-Windows-ServerManager-SvrMgrNc in Pass 4 and enter True for DoNotOpenServerManagerAtLogon. Task:08 is achieved

2016-04-07_19-46-22

Add Microsoft-Windows-UnattendedJoin in Pass 4 and edit JoinDomain name shown below. Next add Identification specifies credentials to join a domain. Task3 is achieved.

2016-04-07_19-59-20

Use either Provisioning or Credentials to join an account to the domain.

2016-04-07_20-51-05

Add Microsoft-Windows-TerminalServices-LocalSessionManager in Pass 4 and edit False for fDenyTSConnections to remote desktop and below to open firewall port. Task 5 is achieved.

2016-04-07_19-47-26

Add Networking-MPSSVC-Svc in Pass 4 to add remote desktop group. You must add firewall group as shown below. You must insert firewall group to enable or disable firewall for. To achieve Task 5

2016-04-07_20-54-40

2016-04-07_20-53-58

Now let’s provide IP Address to VM, I don’t believe IP Address should be part of unattend.xml. It is the property which changes per VM and it should be dynamic. I have a post reserved for it. It will be coming soon. For sake of this post let’s complete the parameters. Drag wow64_Microsoft-Windows-TCPIP component into Answer file shown below.

2016-04-10_20-31-27

In the interface tab, right click and create Insert New Interface.

2016-04-10_20-29-16

In the Interface type Identifier. This identifier is “Ethernet” you can’t say Local Area Connection here. It has to be Ethernet.

2016-04-10_20-35-02

Below in Ipv4Settings, Don’t touch anything here as everything here is optional.

2016-04-10_20-36-34

Then there is Routes, It is for providing gateway details. Right click Routes and Insert New Route.

2016-04-10_20-37-40

You can say any number for integer. It is of little use here. Leave Metric blank. NextHopAddress should be default gateway. Prefix for 255.255.255.0 should be 0.0.0.0/0.  

2016-04-10_20-39-11

 

Finally Unicast IP Address which is IP Address of the VM. Right click and select Insert New IP Address. Key is 1 and value is IP Address as shown below.

2016-04-10_20-40-542016-04-10_20-41-46

7 oobe System

Add Microsoft-Windows-Shell-Setup to oobe pass to enable autologon as shown below

2016-04-07_20-56-45

Create a local user and give him administrator rights as shown below. Task 4 is achieved

2016-04-07_20-58-34

 

For every account you create you must add password value as shown above

Now final piece, FirstLogonCommands. These commands are made to run when you have enabled autologon for administrator. These commands run under administrator privileges.  I have selected Synchronous command and provided the order in which they should run. I’m using Powershell to install RSAT tool and Telnet tools. And in second command I’m changing powershell execution mode to remotesigned. Both commands I have copied and pasted for better visibility.

2016-04-10_20-42-56

%WINDIR%\System32\WindowsPowerShell\v1.0\PowerShell.exe -command Import-Module ServerManager; Add-WindowsFeature RSAT-Role-Tools; Add-WindowsFeature RSAT-DNS-Server; Add-WindowsFeature Telnet-Client

2016-04-10_20-44-12

%WINDIR%\System32\WindowsPowerShell\v1.0\PowerShell.exe -command set-executionpolicy remotesigned -force >> C:\Users\Public\Documents\setExecution.log

2016-04-10_20-45-09

Task 9 & 10 is achieved.At this stage answer file is ready.

Few tips

  1. Select Sensitive data to hide password.

2016-04-11_9-50-03

  1. Domain Join password doesn’t get encrypted. You need to find a workaround for it. It is my next post.
  2. Every time you save answer file it is by default validated.

Attaching answer file

Answer file can be attached using

  1. USB drive
  2. External disk
  3. CDROM Image

For AHV, I have yet to figure this out. But there are posts around which advocate burning unattended file directly on Windows CD or inserting into Windows ISO. Both approach are not  scalable.  XML file will be unique per VM, so you need to look at the mechanism how to ensure XML file is generated & Unique for each VM without much hassle and same file much be seamless attached as CDROM/made visible to boot process.

For this post I’m going to use inbuilt tool which is oscdimg.exe. This exe is part of Windows AIK and located in

C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg folder.

Save a xml file to some folder. In my case I created a folder Answer and copied unattended file into it as shown below.

2016-04-10_20-47-54

run following command

oscdimg.exe -n c:\Answer c:\ans999.iso

2016-04-10_20-48-36

That is all. Attach answerfile.iso to AHV and boot VM and it should read the answer file. Only caveat, you have to attach additional CDROM to the VM and ensure it is second IDE device and not first. First IDE device is used to boot from ISO.

 

My Notes on vCloud Automation Center for VMware Architects

It took bit long to come up with next post. Lot of posts on vCAC are ready in draft stage but I’m unable to collate in the blog post. Here I’m sharing my notes for vCAC Architects. It is based on my understanding of vCAC architecture. I sincerely hope it saves  my colleagues, friends time.
It is 25 slides deck. Covers some basic things. How design can evolve, scale and can be made highly available. This is the first draft, I’m aiming to cover more aspect and will be updating it accordingly. Even If you find this of little use I can guarantee that slide 24 and 25 would be of some use to you. Thanks for visiting the site, I welcome comments.

Here is the PPT format https://drive.google.com/file/d/0BxY7kXZb0x8tenowQWtjd0ZfN2s/edit?usp=sharing

vCloud Automation Center 6.0 –Creating Build Profiles, Custom Properties

Custom properties are one of the core part of self service provisioning, as it allows extending vCloud automation center (vCAC). This is the best feature of this product. This extensibility can be easily achieved as long as you know vCenter Orchestrator. This is the easiest product to learn, to start with the product you can find all the relevant videos for vCenter Orchestrator here by Brian Watrus. Ok back to the post.

Custom properties as the name denotes refers to customization. Therefore are used to override existing default values. You can also allow customer (end users) to make those choices.  End users are the personnel who are going to use self service provisioning day-in, day-out.

Initial Thoughts

There are many ways we can give flexibility to end users. But what are the use case for this end user? This is the first question we all need to ask. Is she an end user with no IT knowledge or she is merely a developer. These requirement drives what service offering you wish to expose to end users. I would ideally want to give to the user

  1. 1. VM type to provisioned (OS Variance, Variance by Size)
  2. 2. Ability to take VM backup on demand. Backup policy selection? Right now vCHS offers backup option but yet to offer restore service to enduser. You have to call support. Reference Blog 
  3. Ability to enable monitoring for a VM (and then choice of monitoring baseline)
  4. Ability to enable Antivirus support for a VM (and then file exclusion)
  5. Does it need DR (If yes, RPO/RTO definition option please)

This clearly is leading towards SDCC. Without SDDC architecture in place this kind of automation is impossible. 

Scope of this post

Below are the custom property I preferred to play with in this blog post

  • Allowing end user to select the portgroup to which to attach this VM
  • Allowing end user to select the folder in vCenter to place the VM
  • Remove unnecessary device from the VM e.g. CD ROM
  • Cleaning up computer accounts in active directory
  • Allowing end user to select the network type
  • Control snapshot numbers per VM
  • Control SCSI controller for a VM

That being said this is clearly a very small and simple list. I had initially plan to make use of most of them but I have cut this list down. Primary reason I did this is because custom properties are clearly dependent upon how are you deploying your VM. For cloning workflow these custom properties are limited. If you see my previous blog post on Blueprints here, I limited the scope to only Basicworkflow, Cloneworkflow and linkedclone workflow

What are reserved property

Custom properties which are defined by vCAC and cannot be used with same name are referred as reserved properties. Reserved properties allows you to add a property to a machine or override its default or existing value. vCloud Automation Center (vCAC) has defined some properties which are referred as reserved property. There are four types of properties explained below.

Properties types

Internal: This value is maintained in database only. You can query by using any programing interfaces. Below are few example of internal property. For full list of custom property please refer Custom Property Reference Guide here

  • VirtualMachine.Admin.Owner – The end user’s name who has requested the machine
  • VirtualMachine.Admin.Approver – The approver’s name who has approved the request
  • VirtualMachine.Admin.Description – The description of the machine as entered by the end users

    Read-only: These are values in read-only mode and cannot be changed. Examples could be UUID and other values which gets associated with VM for its life cycle. e.g. VirtualMachine.Admin.Name -name of the VM generated by vCAC using machine Prefix

External: This value is implemented in the VM and also updated in the Database. But if this value is changed in the VM, this value is not updated back in database. Kinda  of one time process only. e.g.

  • Hostname (to over write the VM name generated by vCAC using machine prefix)
  • VirtualMachine.Admin.AddOwnerToAdmins  – Not supported in cloning operations Crying face)
  • VirtualMachine.Admin.AllowLogin (boolean value) –To add owner to remote desktop user group. This allows requestor to login after machine is successfully provisioned. My experience in getting this work in cloning workflow has failed

Updated: Exactly opposite of external. Value is tracked till its lifetime via inventory updating mechanism when it is changed outside vCAC

  1. VirtualMachine.Admin.Hostname – Name of the host on which VM resides
  2. VirtualMachine.Memory.Size – Memory size of VM
  3. VirtualMachine.CPU.Count – CPU Count of VM
  4. VirtualMachine.Admin.TotalDiskUsage – Disk usage on the disk including swap file size

In my opinion Internal and read-only property can be of limited usage. However there is some scope for updated and external properties. From official documentation

External and updated properties can be used for cloned machines only if marked with (cloning). Others have no effect on cloned machines because they set attributes that are determined by the template and customization specification used and cannot be changed by vCAC.

Any property can be changed in the vCAC database only using the Edit option on the machine menu, except the read-only properties VirtualMachine.Admin.AgentID, VirtualMachine.Admin.UUID and Virtual-Machine.Admin.Name.

Now that we understood little bit of custom property, lets understand how we can better use them

What is build profile?

It is collection of the custom property under single title e.g Custom properties can be seen as members of a group. Collecting custom property under build profile helps to apply them to VMs and makes them more manageable. You have the option to add custom property to reservation or blueprint however in build profile you simply combine them under similar property sets. vCloud Automation center does provide in-built property set. We will look into property set at later part of the post while discussing Active Directory Clean up below

Create a build Profile

Creating  a build profile is way tooo simple. Login as a Fabric Admin Open Infrastructure –> Blueprints –> Build Profiles –> New Build Profile

image

I have created two Build profiles. One for a cloning workflow and other for Basic workflow. Primary reason for doing so is because with cloning workflow you basically deploy VM from the template. So lot of the VM properties and OS properties are being copied from the template into VM as referred in official documentation (also mentioned above in Italics). So there is a limited way you can play with VMs deployed using this cloning workflow and similar logic applies to Basic workflow

Let’s focus on custom properties that I have created for VMs to be provisioned from Basic workflow.

Select New Property. Enter name for the property. This name must be same as defined by vCloud Automation Center Custom Property Reference Guide. Put the value and select If you wish to encrypt and or prompt user for inputs

image

In above build profile I have created 6 custom properties to be part of Build profile by name BasicVM. Let’s discuss them one by one.

  1. VirtualMachine.CDROM.Attach –This property by default has True value, in above I have changed this to False as I don’t want to attach CD ROM to my machine
  2. VirtualMachine.Network0.Name –This property allows you to choose which port group you want your VM to be attached. I have left Value field as blank which means by default it won’t have any value. I have select this value not to be encrypted. In Prompt User I have selected that user should be prompted for input. In above property Network0 refers to first network card attached to the VM. If you wish to learn to more on how to do this, please refer to an excellent blog by Magnus Andersson –>vcdx56.com. I’m regular reader of this excellent blog.
  3. VMware.Network.Type –This property allows you to select the network adapter type you can select for VM to be provisioned. It based on Magnus’s blog. It is kind of I learnt from his post and I choose to find another use case to implement using same principle
  4. VMware.SCSI.Type – This property allows you to select SCSI controller for your VM. In this case I’ve not given user option but I made that choice on behalf of end user. By default SCSI controller of pvscsi will be created. For Windows 2008R2 default SCSI controller is LSI Logic SAS. It is worth observing you do not get a choice to user different types of controllers for different disk. All controllers of PVSCSI are created based on this property value
  5. VMware.VirtualCenter.Folder – This property allows you select the folder where you wish to place the VM.
  6. VMware.VirtualCenter.OperatingSystem – This property creates VM with Windows 2008 R2 operating system

Now all 6 properties forms part of build profile under name BasicVM. This build profile will automatically appear in Blueprint’s Properties tab as seen below. Just select it. Press Ok

image

Now when user request a virtual machine he gets three drop downs menu which are 1)select Destination Network (derived from VirtualMachine.Network0.Name property), Network Card Type (derived from VMware.Network.Type property) and VM Folder Location (derived from VMware.VirtualCenter.Folder).

image

NB: All the above properties except VMware.VirtualCenter.Folder are not possible to change when we use cloning workflow.

Below are the screens of how dropdown menu appears to end users for selection of choice.

image

image

image

Disclaimer: Properties which I have discussed for cloning workflow are based on my experience, trials and error. VMware doesn’t explicitly & correctly mentions about which properties are applicable/not applicable in particular workflow.

image

That being said So let’s discuss what properties we can use when we are using cloning workflow. Here I have created a build profile by name Customize VM.

SNAGHTML1254e34

  1. First 5 custom properties are inbuilt custom properties created for you under Active Directory Clean up plugin by vCAC. It is referred as property set. These we cannot change in the property set, we can just use them. The process to load them is as below
    1. In the Add from Property Set either scroll down or Type Active directory. After Active directory menu is visible, press Load button. After you press Load button properties related to the property set are loaded. In this case first 5 property are loaded for active directory clean up
    2. Plugin.AdMachineCleanup.Delete is set for false. If it is set for True, computer account is deleted and So property Plugin.AdMachineCleanup.MoveToOU which controls where delete computer account should go serves no purpose. So in order to use Plugin.AdMachineCleanup.MoveToOU, we must put Plugin.AdMachineCleanup.Delete value as false.
    3. Plugin.AdMachineCleanup.Execute is set for true. Unless this is true none of the plugin properties will be of use
    4. Plugin.AdMachineCleanup.Username & Plugin.AdMachineCleanup.Password these are credentials an account which has rights to delete computer accounts in AD. Please note for Plugin.AdMachineCleanup.Password I have selected encrypt checkbox which is the reason password is not visible in clear text.

Below screens shows the results of active directory plug-in values

image

  1. Snapshot.Policy.AgeLimit allows you to limit number of snapshot per VM. It is 3 in my case. If you go beyond it, you would get an error as shown below.

image

  1. VMware.Memory.Reservation it is the property where you can reserve memory for VM. We have reserved 512 MB and below this value is reflected in VM property. That being said I have not seen custom property for CPU.

image

VMware.VirtualCenter.Folder is as explained above

Hope you like this post.

Previous Posts

 

 

vCloud Automation Center 6.0 (vCAC 6.0)–Publish Blueprints, Configure Services, Configure Entitlements

Publish Blueprint

In previous post we discussed very basic about Blueprints. Blueprints are now ready, now we need to publish them. Publish Blueprint is simple two click task. Select the Blueprint you wish to publish, from the drop down menu select Publish.

image

Next screen (seen below) provides you option to review the Blueprint details. Press OK to confirm Blueprint publishing. Please note Blueprint name will be reflected in catalog items in subsequent screen. Naming convention makes significant difference.

image

 After Blueprint is published how I do I differentiate Blueprint publish from the Blueprint unpublished? After Blueprint is published, publish option disappears which implicitly confirms Blueprint is published.

image

Next natural step is create a services and make it available for end user

Create & Configure Services

The word catalog was always easier for me to understand. But term service made me do some search to understand how it differs from catalog. And I was right it is catalog re-coined as service. In Infrastructure as a Service (IaaS) we have to define service which will focus more on Infra side of things. These generally include Hardware (now virtual), software (OS) 

I personally see following as core part of IaaS

  • CPU & Memory (Compute)
  • Network
  • Storage
  • OS

    So far we discussed Blueprints and it did cover all above aspects. Most of the services are driven by service definition. What you see as a IaaS, some would see IaaS as foundation to build PaaS. Bottom line : Always stick to service definition.

    Service Catalogs are a fundamental part of service delivery.

    image

    By definition a service Catalogue is a list of services that an organization provides to its customers. Each service within the catalogue typically includes the type of the service, Who is entitled to request/view the service, Costs, support hours and description of service.

    To create a service we must have blueprint published. As we already have published Blueprint, Lets go and create a service. To create service login as tenant administrator.

    First time we’re going into 1)Administration tab (in the past it was all about infrastructure tab). Then 2)Catalog Management and then 3)Services. Click on big fat green Icon.

    image

     

    Provide the name to the service. This is bit important. Name of the service must reflect the content inside the service. I called my service Basic Windows Services. I choose this name as I have only windows VM inside my small lab and at the most I can configure them in T-Shirt size image e.g. Small, Medium, Large, Extra Large. So it is basic windows services with different sizes of VM. Use meaningful description. Description will provide information to end user to make decision about the service. Pickup the Icons from Here.

    Status for service

  • Inactive : Service creation is in progress. State used when you don’t want end users to use it. It helps to pause the service in case there is maintenance windows or when we need update blueprint image.
  • Active: Service is available to all entitled users
  • Deleted: Service is no longer i.e. Service is decommissioned

    image

    Additional information

  • Hours: Visible to the customer as support hours
  • Owner: Business owner for this service
  • Support Team: DL for support/Contact number/email
  • Change Window: Planned maintenance windows

    Finally press Add to complete service creation. So service is purely a definition, it is of little use unless you add catalog items to it.

    Add Catalog Items in a Service

    To add items inside the catalog is nothing but adding blueprints to it. Blueprints by themselves represent a template, business policies or application. It is the same place where we went earlier i.e. Administration –> Catalog Management –> Services. Select the service you want to add to the catalog item. Since we have created Basic Windows Service we will select it and at the right side 1) click on down arrow and select 2) Manage Catalog Items

    image

    After you click Manage Catalog Items, you get a screen to add Catalog Items shown below. You can see it in the background (in light brown color). Click on fat green button to open another window.

    image

    In the above window you see Blueprint is listed which we published earlier.

    So if we try to join the dots the moment we publish blueprint, it becomes a catalog item.

    From the down arrow, select Configure option to configure the blue print. Personally I felt there is not much to configure but you lot to edit.

    image

    Just do some embellishment in configuring catalog item. Other field I have shown in screen capture below. Once you are done press the Update button

    image

    At this stage service is ready, catalog are added to the service. But we are yet to decide who can request service.

    Create & Configure Entitlements

    The term here is entitlements. I could recall the right word from my windows background i.e. Privileges. If you compare technical details with different technology they are almost similar. Terminology changes but technology more or less remains unchanged. Knowing one hypervisor makes easier to learn another hypervisor. I digress.

    ok. I’m back. Entitlements can be done at three levels. First top most container i.e. service level, second at catalog item level and then in the catalog item on the resource action level. Resource action e.g. are controlling the service i.e poweron/off, reset, reprovisioning. Now you can recollect why the word privileges applies here. You can also assign approval policy for Entitlements. Approval policy and entitlement are closely related. Approval policy I’ve discussed in next blog. Considering the length of this post I have to keep approval policy out of this post.

    Entitlements are assigned to users, group. So you need to know which users/groups entitlement must be assigned and which entitlements. Entitlements can be done in any order. To keep things simple I created single entitlement and assign it to Service, catalog item and resource actions.

    Creation of entitlement is quite simple, go to administration –>Catalog management –>Entitlements

    image

    Provide name for the entitlement which reflect the user or group who use it. Add users & groups who will receive entitlements. Select status to be active for users to access items. I guess Draft option could be used for testing/maintenance purpose as you can imagine the moment you put entitlement in draft status users loose access to all items these entitlement is configured for.

    image

    Select the business group. Users & groups must belong to same business group. Since I have single business group I’m unable to confirm if there is a validation check there in place. However tenant administration guide does implicitly mentions it.

    This information includes the name and status of the entitlement and the business group whose selected  users and groups are entitled to request the services and catalog items and perform the actions listed in the entitlement.

    I have not understood the use cases for expiration date. I will skip it. In above screen I did played with it and configured it till 2016.

    Entitle users to Services

    Now it is time to assign entitlement to the service, catalog item and resource action. If you are at the same location i.e. Administration –> Catalog Management –> Entitlements –>Coca Cola Sales Users. Just toggle to Items & Approvals. Procedure is more or less similar for every item i.e. Press green fat button.

    image

    As mentioned earlier entitlement can happen in any order. Below is an example of adding service to entitlement.

    image

    Pretty simple, select the service with a checkbox. Press OK.

    Similarly you can add catalog items to entitlement. I have not shown this as I realize post is getting bigger now. We need to cover how to assign rights to entitlement. Here we go.

    Click on Entitled Actions, new window pops with list of Actions you wish to assign it to entitlements

    image

    In above screen I select some basic power operation command.

    image

    Now next section I would be sharing user experience while provisioning services.

 

vCloud Automation Center 6.0 (vCAC 6.0)–Creating & Configuring Blueprints–Basics

Blueprints (BP) are fundamental building blocks for provisioning virtual machine, cloud machine and physical machine from vCloud Automation Center (vCAC). Blueprint represent processes and policies Tenant follows today.

Introduction to Blueprints

Before we start creating Blueprint (BP) we need to understand what kind of services you are planning for end users. When they request services (in this case IaaS only) are end users expecting a full fledge VM with OS installed, Full fledged VM with OS installed, configured and customized. Blueprints provides several of these options. I ‘m focusing only on VMware based VMs as highlighted below

 

image

Basic Workflow

In basic workflow VMs are provisioned without any Guest OS. Well at first thought I felt there is no point in discussing this BP type. But lets start with simple. Lets understand the process and see how Basic BP differs from others.

1. First logging using tenant administrator/business group manager. I’m logging as tenant, as in the end he need to take full control of how to consume resources

2. Go to Infrastructure –> Blueprints –> Blueprints

3. For our purpose we will select Virtual > Blueprint > vSphere (vCenter)

image

 

Blueprint information Tab

1. Type the name for the Blueprint. Name should reflect OS, Application or Service. Since in IaaS name of the OS and Version should be okay to start with.

image

In below screen please note how screen changes if you deselect Shared blueprint, Business group appears automatically. Since I’m using tenant admin credentials to create & configure blueprint I have to select Shared blueprint (can be Shared across groups) option

image

Build Information Tab

Build information tab is where you make choice about workflow type. In Blueprint type you have an option between Server and Desktop. I choose Server for this blog post. Next piece is Action. For basic workflow select create from the drop down menu. Next label Provisioning workflow automatically gets populated with list from which you select basicvmworkflow (shown in 2nd screen capture).

SNAGHTML3541e79

 

SNAGHTML17c58e0

Lets move to Machine Resource section. Key in CPUs, Memory (MB), Storage (GB) &

Lease (days): How many days you want VM. Leave it blank to make it permanent.

Do make a note of maximum section. Using maximum value you give user flexibility to choose between minimum and maximum values while provisioning VMs. e.g. for Memory (MB) we have minimum 512 MB and maximum 1024 MB. So end user can request a VM with memory from anywhere between 512 to 1024 MB

Properties Tab

In property tab we have option to use Build profiles. Build profiles I have cover in this blog post. You can create custom properties. Custom properties are used to pass value to OS during its provisioning process. And every workflow has pre-define list of custom properties

image

I have used a very simple custom property here. VirtualMachine.Admin.ThinProvisionion which gives you control if you wish thin provision VM. This property is must if you are provisioning against local SCSI disk.

Actions

Select the actions you want to make available to the end users.

image

 

At this point all four tabs we have been configured. There is more to discuss about Blueprint. I plan to cover it future posts especially the advance configuration options. Now I will move to other workflows i.e. Cloned and linked clone workflow. In both these workflow Blueprint Information, Action and properties tabs are similar and what we discussed in Properties and Actions tab above applies for these workflows as well.

Use blueprint actions and entitlements together to maintain detailed control over provisioned machines.

Creating a Blueprint for Cloning

Word cloning clicks immediately. It means we need a reference VM inside vCenter. This workflow is nothing but wrapper over the process we had done for last so many years. That being said you need a reference, pre-customized VM, you need a sysprep for Windows 2003 or earlier on vCenter. Simplest workflow and I guess widely used as long as we are focusing on IaaS.

Blueprint Information

Nothing here to configure but ensure your naming convention matches the workflow.

image

Build Information

Select Blueprint type

Select action as Clone. This changes the workflow option to clone.

image

After you select clone, immediately an option to browse to select image to clone from becomes visible.

SNAGHTML427f79c[6]

Browse to select the VM. This is actually a template must be available in vCenter

image

I didn’t liked the name of the workflow. Cloning workflow is incorrectly named. It should be inline with deploying from template. At first look it gave me a feeling that I’m cloning VM. Coming from Microsoft background I don’t like cloning. That being said in reality we are deploying from template and not cloning from VM. So it is doing thing which I was expecting.

Go to the Machine Resources section and you might be surprised (as I was) to see Minimum resource column is already populated with some values. These values are picked from the template values and cannot be modified. Now just fill (optionally) maximum value you want to proceed with.

image

NB:Custom properties available for CloneWorkflow are more in numbers compared basic workflow.

Linked Clone Blueprint

Linked clones are extremely popular with desktops and were introduced with VMware View. They work on simple concept of parent VM and base snapshot. Base snapshot is base virtual disk for virtual machines (often referred as delta disk) and points back to parent VM. All changes happens at base virtual disk only

SNAGHTMLf1bd89

Primary requirement is to have a VM with clean OS installed and with a snapshot.

image

After you click Clone from, you see a pop seen below. Select the VM to use as a reference/Parent VM.

image

Select a snapshot to clone from. You also get an option to take snapshot from this interface but since I have press refresh button during screen capture it is not visible below.

image

Nothing much in below screen, just read it and say Ok

image

You get a smart option to delete snapshot when you delete blueprint. I think it make complete sense and should be always checked.

image

With this we are done with basic blue print creation. In properties there are many custom properties available and more or less similar to cloned workflow. But one custom property is worth noting here is MaximumProvisionedMachines. By default vCloud Automation Center 6.0 (vCAC 6.0) allows you to create 20 linked clones of one machine snapshot. This property will allow us to override this default limit.

Next post I will be looking at exploring advance blueprint option.

vCloud Automation Center 6.0 (vCAC 6.0)–Reservation Policies, Storage Reservation Policies, Network Profiles

Before we proceed further let me revise where we are. In first post here we Installed and Configure vCloud Automation Center 6.0 Identity Appliance (vCAC 6.0 Identity Appliance) and vCloud Automation Center Appliance (vCAC 6.0) and in second post here we Installed and configured vCloud Automation Center IaaS (vCAC 6.0 IaaS). In third post we went further to configure Tenant. As per below diagram we completed almost every configuration. This post will be focusing on optional configuration part

ComponentLevel

We created sales business group, assigned Business group admin to it. We created reservation and assigned reservation to sales BU. 

While creating reservation we stopped at explaining Alert tab. Lets resume with its discussion. It is optional configuration but worth understanding and enabling it. In cloud environment where things change dynamically we must configure alert.

Click on the ALERTS tab, Set the capacity alerts to on various parameters seen below.

image

Unless you have configuration notification alerts emails won’t be sent

Few consideration about Reservation

Reservation is a portion/share of resources which we assign to multiple business group (e.g. Sales, HR, Marketing) and multiple business group can have different reservation types (e.g. Gold, Silver and Bronze). In my environment Gold cluster was assigned to Sales and Marketing Business group in above figure. I have linked PDF copy to the figure. However reservation cannot be shared across the Business group.
If you have created reservation for, end user cannot request a Hyper-V resource using that reservation. Reservation type must match the platform defined in blueprint. If you name your blueprint accordingly this shouldn’t be problem at all.

Reservation Policy

It is collection of resources into group to make specific type of service available. Below I have created a policy by name Production Reservation Policy and included silver and gold reservation.

 

image

 

In below figure I tried to explain that you can have different reservations assigned to single reservation policy but Blue prints can have only one reservation policy assigned. However when resources are provisioned, only reservation which match the blueprint type are considered & allocated.

 

image

 

Reservation policy needs to be populated with reservations. However this is not quite easy to correlate in practice. When you create reservation you have an option to assign that reservation to the reservation policy. This is where association between reservation and reservation policies is created. Reservations are created for Business group and Business group have multiple reservation from fabric. With reservation policy you have an option to bring all types of reservation assigned to a business group under single reservation policy. let me explain it via simple diagram below

 

image

In above example we have tenant, under which we have created a Sales Business group. Inside Sales Business group I have created three reservation of different types. I defined have multiple reservations e.g. Cloud, Virtual and Physical. As Fabric administrator I have created reservation policy by name “Virtual Reservation Policy” to collect resources of both Virtual and Cloud reservations. This policy will help me to provision all virtual resource as long as I select in Blueprint/Reservation “Virtual Reservation Policy”. This is just one way of doing it.

You can create reservation or reservation policy first. There is as such no dependence. In fact reservation policies are optional part of over all piece. Better way to do is create reservation policy first.

Reservation policy is actually a tag. All you need to put a name to the tag, little description for it. To create reservation policy, Go to Infrastructure –> Reservation –>Reservation Policies and Click New Reservation Policies. As described above I have created two reservation policy and can be seen below.

  1. Production Reservation Policy for Gold and Silver reservation
  2. Gold Storage for production virtual machines

image

Creating reservation policy is not sufficient. You must Assign reservation policy to reservations which you intended to group together. So below I’m creating new reservations and assigning newly creating reservation policies each one of them as described above.

image

Storage Reservation Policy

Storage reservation policy is similar to reservation policy. Primary purpose is to collect datastore of similar characteristic into a group. Below I have created a storage reservation policy by name GOLD and got three different datastores (Datastore01, Datastore02 & Datastore03) of same characteristic into single storage reservation policy.

image

This tag helps to assign storage as per the requirement of application. In case Datastore 01 one is full, VM will be automatically provision to datastore 02. It means we just need to have storage reservation policy in place. Behind scene Gold storage from either of datastore01,02 or 03 is assigned for sure.

It is similar to storage profiles released in vSphere 5.0. However these tags were inherited by Dynamic ops. I wonder if there is still a use case of this tag when vSphere DRS cluster is becoming so much popular. Datastore cannot have multiple storage reservation policy e.g. Datastore 01 cannot have another storage reservation policy assigned but storage reservation policy can have different datastores. After storage reservation policy is created to be effective you must assigned it to volume.

Do not create storage reservation policy if you have well designed Storage DRS cluster

Similar to reservation policy, storage reservation policy is also a tag. You can create storage reservation policy from same interface as from reservation policy. Both are almost similar, at least I have not discovered any difference but logically they cannot be combined.

Assigning storage reservation policy differs from the assigning reservation policy. Storage reservation policy must be applied directly on datastores. Go to Infrastructure – Compute Resources – Compute Resources

image

Network Profiles

By default vCAC will assigns DHCP IP Address to all machine it can provision. DHCP is ok for non-production Server VMs but production Server VMs needs IP address. Probably we never need to worry about Desktop VMs as far as networking policies are considered. To allocate static IP is the primary intention of network profiles. It is way to create a pool of IPs using a pre-defined. You can apply network profiles while creating reservation or while creating Blueprint. 

Network profiles do not apply to AWS

Fabric Administrators defines the IP ranges, subnet mask, DNS, DHCP, WINS (does it exist yet???), DNS suffix and combine all these values into single profile referred as network profile. Network profile like reservation policies can be applied to the reservation, blueprints.

Create a Network Profile for Static IP Address Assignment

Login as fabric admin, navigate to infrastructure –> reservations –> New Network Profiles –>External

SNAGHTML3937ea3

1) Name of network profile –Append the name with type of profile e.g. Production External

2) Subnet mask for the network range

3) Gateway ( for NAT type network profile this field is compulsory)

4) Primary DNS server

5) DNS Suffix

SNAGHTML3a5e957

6) Click on IP Range tab. Below screen enter  IP Address you need to reserved for this profile. Provide name and description. Press OK once done

SNAGHTML3adcf91

After you press OK, below screen displays IP range and allocation status in status column.

SNAGHTML3ad3fd0

Now we have network profile, we need to assign it to reservation. Below here I’m  assigning it to existing reservation. Go to Infrastructure –> Reservations –> Edit Existing Reservation configured. For network path “VM Network” select network profile from drop down menu. Press OK

image

So in this post we learn the importance of reservation policy. How to configure reservation policy. We learnt about storage reservation policy and how to configure storage reservation policy. Storage reservation policy needs to applied to compute resource, while reservation policy needs to be configured at reservation screen. Then we went and checked the Network profile, it’s use cases. Finally we learnt How to configure network profile so that static IP’s can be assigned to Servers.

Next post I will be discussing how to create and configure vCloud Automation Center 6.0 (vCAC 6.0) Blueprints

Creating & Configuring Tenant/s in vCloud Automation Center 6.0 (vCAC 6.0)

Mutli-tenancy is built into vCAC6.0. What it means? It simply means for every tenant you do not need to install vCAC. You can have multi-tenant on single vCAC. Each tenant can have its own branding, Active Directory Authentication source, group, Business policies, Catalog offering and dedicated infrastructure. Tenants in vCAC are an organizational unit. Tenant represent business unit within an organization or can be organization itself.

In vCAC each tenants gets

  • Dedicated URL
  • Identity Stores
  • Branding
  • Notification Providers (email alerts)
  • Business Policies
  • Service Catalog offering (small VM, Big VM, Web service, Apache Service)
  • Infrastructure Resources (virtual. Physical, Cloud)

    vCAC gets a default tenant vSphere.local (cannot be changed/avoided) and can be accessed via http://vCACApplianceFQDN/shell-ui-app

     

    image_thumb3

    1) To create a new tenant click on green Icon encircled above. New window opens up. When all details are entered, press Submit and Next

    image_thumb5[1]

    2) Lets add the identity source. In my case I’m using my own AD.

    image_thumb15

    Here you as Administrator create two very important roles.

  • Tenant Administrators

  • Infrastructure Administrators (I have referred it as IaaS Admin in this post)

    image_thumb19

    Parameters

    Explanation

    Name Name by which you wish to identify the Identity source
    Type You’ve option to choose from Active Directory or LDAP. Native AD option is available only for vsphere.local
    URL Provide the LDAP format even if you are using AD. It is referred as accessing AD over LDAP connection
    Domain Name of your domain
    Alias You can put any name here which is easier to remember and it helps to use to login this alias. In my case I can use spreetam@vZare.com or just spreetam@vZare . Both works.
    Login user DN User who has read only permissions on Active directory
    Password Password for Login user
    User search base DN Place in AD/LDAP where you wish to search the Users. I have put my Favorite company OU as a location to search users. Effectively I will be adding users only in my Favorite OU
    Group search base DN Same as above except that it will be used to search groups

    Branding and other parameters in tenant creation I left it default as there isn’t much to learn

     

    Configuring Tenant

     

    Below is the workflow we should follow to configure Tenants

    image

     

     


    IaaS Administrator is created by administrator and is responsible to perform

    • Management of endpoints, endpoints credentials and virtualization proxy agent
    • Management of cloud service accounts as well as physical machines and storage devices
    • Monitoring of IaaS system logs

image

  • Here in below screen I have logged in using IaaS Admin (userid:iAdmin). Go to the myfavoritecompany tenant in the infrastructure tab (9 out of 10 times you will be in infrastructure tab).

     

    Credentials

    Let’s first create the credentials. This credential is like a template of credential which can be used several times without typing every time same credential or if credential of vCenter/endpoint cannot be shared with vCAC admins.Enter the Name for credential. I recommend to put FQDN name of the vCenter so that you’re aware of connection details. Put some short meaningful Description, Username and Password. Press the green check box.

    NB: I always keep searching for image Button. That green button should be on right hand side not left hand side.

    EndPoints

    Go to the endpoints tab. Now here Name is the most important field. This name must match to the name you have selected while installing the vSphere Endpoint.

  • Just for reference purpose I’m pasting that screen here.
  • SNAGHTML562d69b

    imageSo now we need to put the same name as we have configured in above screen. It is case sensitive.

    imageAddress of vCenter. This is the address of end point. For vCenter it has to be https://vCenterFQDN/sdk format

    imageNow select the credentials you had created earlier. You can use integrated authentication If you have selected integrated credentials while installing vSphere agent.

    imageSelect the checkbox for Specify manager for network and security platform If  you have vShield manager (vCNS Manager) or NSX Instance in your environment. After you select checkbox you get need to put the URL and credentials for it (not shown & explored by me here. It is topic which I will deal with vCloud Director endpoint).

    imagePress OK and we are done configuring vSphere Endpoint

    At this point if vSphere endpoint is configured correctly you should see compute resources e.g. clusters are discovered. Quickest way to check this is to go to Agents tab and in the description tab from the drop down menu you should see vSphere agent. It confirms agent and endpoint are communicating

    image

     

    Below depicts how data collection works out using end points and what kind of data is collected

    image

    Organize Compute Resource

    In order to organize resources we must create fabric group. Fabric group manages resources within their group. e.g. if you create a fabric group just for virtual resource then it cannot manage anything outside this assignment. Below I have create a fabric group and assigned a vCluster (later on I renamed this cluster to Gold cluster to make sense). So VirtualFabgroup will be able to manage only resources inside vCluster. However these resources are restricted to Memory and Storage as we will see it during creation of reservation.

    This where vCloud Director must more superior product. You can configure things at much more granular level

  • image

  • Type name for Fabric Admins as VirtualFabgroup. This name should reflect type of fabric this group is going to manage. It helps a lot. Assign administrator to manage this Fabric as shown below. Select the resource it will manage.

    Now that we have organize resource and appointed fabric admin. Let’s use fabric admin credential to login. It is worth noting all configuration till has been done by IaaS admin

    Fabric Administrator Role

    Machine Prefix

    You cannot create business group before creating Machine Prefix. It is must parameter for business group. You need at least one machine prefix. As mentioned above machine prefix are created by Fabric admin. Using Fabric admin lets create some meaningful prefix

    image

    I have created another two prefix offline just in case we need it and named them starting with CC-UAT and CC-DEV as seen below

    image

    Business Group

    Now that machine prefix is sorted out, let’s do business group. Business group represents BU within a organization. It could represent sales BU, Marketing BU or HR BU. In below example I considered  Sales BU. So if tenant is organization then BU becomes part of Tenant.

    test

  • You get an option within business group to create Business group administrator, support user and end user.

    Business group manager Role 

    1. Approves machines and lease requests.
    2. Manages machines created by all users in the business group.

    Business Support Role: Support user helps you to request resources on behalf of the user. User role can request/self-provision machines/services from the catalog

    Name for the Business group. Ensure it reflects Business group name.

  • Business group admins group/user name.
  • Email id of business group admin.
  • Support Role.
  • User Role.

    Active directory container is optional, I left it unfilled.

    image

    Only Tenant Administrators can create business group

    image

    Create Reservation and Reservation Policy

    Using fabric admin credentials lets create a simple reservation

    Click Infrastructure tab, –>> Click Reservations, –>> select Reservations, –>> click New Reservation, –>> vSphere (vCenter)

    image

    image

    I have not configured reservation policy. I left machine quota and Priority to default values.

    Lets move to Resources tab. Actual reservation is done here. You choose to reserve memory & storage. In Memory section you get to know how much of is available i.e. Physical, How much is reserved and how much is allocated out of this reservation.

    image

    Similar way I have reserved 27 GB out of 40 GB on Gold cluster. None is allocated.

    Finally select network label by moving into Network tab. I have just one network label. But you can have as many as. But remember you must plan about it in advance.

    image

    I think I’ll pause my post here as I see it is already very big. But I’ll continue in next post. That being said lot of configuration of tenant is still pending.