Pages

Tuesday, 31 March 2015

Migrating a VMkernel interface used for the management network between standard vSwitches (2037654)

Purpose

This article provides steps to migrate the VMkernel interface that is used for management traffic between standard vSwitches.

Resolution

Note: As a best practice before migrating a VMkernel interface, it is recommended to disable HA (or host monitoring under HA) to prevent HA/FDM from restarting virtual machines.

You can migrate the VMkernel interface between two standard virtual switches or more with this method in the console/KVM, using the DCUI shell.

Using DCUI on the Console/KVM

  1. Press Alt+F1 at the console/KVM and log into the command line as root.
  2. Run this command to list the VMkernel interfaces:

    # esxcfg-vmknic -l
  3. Run this command to delete the VMkernel interface that you want to migrate from the port group to which it belongs:

    # esxcfg-vmknic -d Port_Group_Name
  4. Run this command to add the VMkernel port to the destination vSwitch:

    # esxcfg-vswitch –A "Port_Group_Name" vSwitch0

    For example:

    esxcfg-vswitch –A "Management" vSwitch0

    Note: After migrating the management interface, you can re-enable HA.
  5. To add the interface you removed in step 3 to the Port Group you created in step 4, run this command:

    # esxcfg-vmknic -a -i x.x.x.x -n y.y.y.y Port_Group_Name

    For example:

    # esxcfg-vmknic –a -i 192.168.100.1 -n 255.255.255.0 "Management"
Note: This method will also work if used in an SSH root login.
Source KB

Network Restore Options in VMware ESXi DCUI

Under Network Restore Options further there are three options :-
  1. Restore Network Settings
  2. Restore Standard Switch
  3. Restore vDS

Recovery is not supported on stateless ESXi instances.

Restore Network Settings

Restoring the network configuration is quite a dangerous option if not used correctly. It has the potential to reset the network to such a state that you will not be able to communicate to the VMware ESX host without resorting to the DCUI to resume communication. It also has the possibility of disconnecting virtual machines (VMs) that are running on the VMware ESX host. Additionally, it has the ability to remove standard and distributed virtual switches (vSwitch) from the host in event that these have become broken on the host beyond repair.

Restore vDS

This option will be greyed out unless your management network is connected to a dvSwitch.You may need to run this if you are having problems with the dvSwitch an this is causing a loss of connectivity to your hosts management network. It may be that you need to fix issues with the dvSwitch, but need to restore host connectivity in the meantime.
The DCUI clones a host local port from the existing misconfigured port and applies the values you provided for VLAN and Blocked. The DCUI changes the Management Network to use the new host local port to restore connectivity to vCenter Server. vCenter Server picks up the new host local port and updates its database with the new information. vCenter Server creates a standalone port that is connected to the Management Network.

Restore Standard Switch

This option will be greyed out unless your management network is connected to a dvSwitch.You may need to run this if you are having problems with the dvSwitch an this is causing a loss of connectivity to your hosts management network. It may be that you need to fix issues with the dvSwitch, but need to restore host connectivity in the meantime.
When you select this option, a new standard vSwitch will be created on the host, with a new vmkernel interface to which an IP can be assigned. An uplink from the dvSwitch will be moved to the new standard vSwitch.
 A vSphere Distributed Switch functions as a single virtual switch across all associated hosts. Virtual machines can maintain a consistent network configuration as they migrate across multiple hosts. If you migrate an existing standard switch, or virtual adapter, to a Distributed Switch and the Distributed Switch becomes unnecessary or stops functioning, you can restore the standard switch to ensure that the host remains accessible.

When you restore the standard switch, a new virtual adapter is created and the management network uplink that is currently connected to Distributed Switch is migrated to the new virtual switch.
You might need to restore the standard switch for the following reasons:

The Distributed Switch is not needed or is not functioning.
The Distributed Switch needs to be repaired to restore connectivity to vCenter Server and the hosts need to remain accessible.
You do not want vCenter Server to manage the host. When the host is not connected to vCenter Server, most Distributed Switch features are unavailable to the host.
Verify that your management network is connected to a distributed switch.

1

From the direct console, select Restore Standard Switch and press Enter.
If the host is on a standard switch, this selection is dimmed, and you cannot select it.
2

Press F11 to confirm.
Source:-
http://buildvirtual.net/utilize-direct-console-user-interface-dcui-and-esxi-shell-to-troubleshoot-configure-and-monitor-esxi-networking/

Why is VM options greyed out in vmware web client?

Question : I want to open the console for the guest OS on a VM in Vsphere using Firefox on OSX. Everything is working properly on the machine. I am able to console using the desktop client program in windows -- but when I go to try to open the console in web client on OS X, the "Open console" button is greyed

Answer : This is not available when client integration plugin is not installed or blocked by the popup blocker. So if not installed install it and if installed check the popup blocker settings to resolve this issue and once done refresh the web browser.

Tuesday, 24 March 2015

What is the Tenant URL in vRealize Automation 6.2?


Each tenant has a unique URL to access the vRealize Automation 6.2 console:
https://vRealize_Automation_server_FQDN/vcac/org/tenant_URL_name

In vCloud Automation Center 6.0 this unique url was:-
https://vRealize_Automation_server_FQDN/shell-ui-app/org/tenant_URL_name

Monday, 23 March 2015

Advanced Memory Attributes

You can use the advanced memory attributes to customize memory resource usage.
Advanced Memory Attributes
Attribute
Description
Default
Mem.CtlMaxPercent
Limits the maximum amount of memory reclaimed from any virtual machine using vmmemctl, based on a percentage of its configured memory size. Specify 0 to disable reclamation using vmmemctl for all virtual machines.
65
Mem.ShareScanTime
Specifies the time, in minutes, within which an entire virtual machine is scanned for page sharing opportunities. Defaults to 60 minutes.
60
Mem.ShareScanGHz
Specifies the maximum amount of memory pages to scan (per second) for page sharing opportunities for each GHz of available host CPU resource.
Defaults to 4 MB/sec per 1GHz.
4
Mem.IdleTax
Specifies the idle memory tax rate, as a percentage. This tax effectively charges virtual machines more for idle memory than for memory they are actively using. A tax rate of 0 percent defines an allocation policy that ignores working sets and allocates memory strictly based on shares. A high tax rate results in an allocation policy that allows idle memory to be reallocated away from virtual machines that are unproductively hoarding it.
75
Mem.SamplePeriod
Specifies the periodic time interval, measured in seconds of the virtual machine’s execution time, over which memory activity is monitored to estimate working set sizes.
60
Mem.BalancePeriod
Specifies the periodic time interval, in seconds, for automatic memory reallocations. Significant changes in the amount of free memory also trigger reallocations.
15
Mem.AllocGuestLargePage
Set this option to 1 to enable backing of guest large pages with host large pages. Reduces TLB misses and improves performance in server workloads that use guest large pages. 0=disable.
1
Mem.AllocUsePSharePool
and
Mem.AllocUseGuestPool
Set these options to 1 to reduce memory fragmentation. If host memory is fragmented, the availability of host large pages is reduced. These options improve the probability of backing guest large pages with host large pages. 0 = disable.
1
Mem.MemZipEnable
Set this option to 1 to enable memory compression for the host. Set the option to 0 to disable memory compression.
1
Mem.MemZipMaxPct
Specifies the maximum size of the compression cache in terms of the maximum percentage of each virtual machine's memory that can be stored as compressed memory.
10
LPage.LPageDefragEnable
Set this option to 1 to enable large page defragmentation. 0 = disable.
1
LPage.LPageDefragRateVM
Maximum number of large page defragmentation attempts per second per virtual machine. Accepted values range from 1 to 1024.
32
LPage.LPageDefragRateTotal
Maximum number of large page defragmentation attempts per second. Accepted values range from 1 to 10240.
256
LPage.LPageAlwaysTryForNPT
Set this option to 1 to enable always try to allocate large pages for nested page tables (called 'RVI' by AMD or 'EPT' by Intel). 0= disable.
If you enable this option, all guest memory is backed with large pages in machines that use nested page tables (for example, AMD Barcelona). If NPT is not available, only some portion of guest memory is backed with large pages.
1

Source:-
VMware Documentation

Infrastructure Administrator Role Assignment is not possible in vRealize Automation (vRA)

if in vRealize Automation IaaS Component is not yet installed you will not be able to assign the infrastructure administrator role in any Tenant. Here is screenshot of the tenant properties:-


Sunday, 22 March 2015

Adding an Integrated Active Directory (IWA) Identity Source without the vSphere Web Client for vCenter Single Sign-On 5.5 (2063424)

Purpose

This article provides steps to create an Active Directory (Integrated Windows Authentication) identity source using your machine account for service principal name (SPN) when you are unable to use the vSphere Web Client.

Resolution

Currently, with vCenter Single Sign-On (SSO) 5.5, there is no auto-discover feature to automatically query and add applicable identity sources from the environment. This results in the local OS (the local machine's users and groups) and the vSphere.local (the internal-domain for SSO) identity sources only being accessible. When there is an upgrade from SSO 5.1 to SSO 5.5, the earlier Active Directory identity source, if present, is converted to Active Directory as a LDAP server.


Prerequisites:

Before you proceed, ensure that:
  • SSO 5.5 is installed on your machine.
  • The SSO system is joined to the domain.
  • You are logged in as a local administrator or root on the SSO system or vCenter Server Appliance.
  1. Download the one of the following files attached to this article. 
  • vCenter Server for Windows - 2063424_sso-add-native-ad-idp_windows.zip
  • vCenter Server Appliance - 2063424_sso-add-native-ad-idp_appliance.zip
  1. Extract the sso-add-native-ad-idp file from one of the above downloaded zip files. 

To create an Integrated Active Directory Identity Source on Windows:

  1. Open an elevated command prompt. For more information, see Opening a command or shell prompt (1003892).
  2. Run the following command to determine the installation drive used for vCenter Single Sign-On:

    reg query "HKLM\SOFTWARE\VMware, Inc.\VMware Identity Services" /v "InstallPath"

    This will output the SSO Installation directory.

    HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Identity Services
    InstallPath    REG_SZ    C:\Program Files\VMware\Infrastructure\VMware\CIS\vmware-sso\

  3. Create a directory vdcidentitysource on the system's drive determined from Step 2. For the following example, this will be C:\ .
  4. Move the sso-add-native-ad-idp file to the directory c:\vdcidentitysource\.
  5. Run the following command to navigate to the vdcidetitysource directory:

    cd c:\vdcidentitysource
  6. Run this command:

    sso-add-native-ad-idp.cmd domain_name

    For example:

    sso-add-native-ad-idp.cmd vmware.com
    Notes:
    • To find the domain name to be used in the above cmdlet, run this command:

      echo %userdnsdomain%
      This creates an Integrated Windows Authentication identity source using your machine account as SPN.

To create an Integrated Active Directory Identity Source on vCenter Server Appliance:

  1. Using WinSCP (or any SCP client), connect to the vCenter Server Appliance and upload the sso-add-native-ad-idp.sh file to the /tmp/ directory.
  2. Connect to the vCenter Server Appliance via SSH. For more information, see Enable or Disable SSH Administrator Login on the VMware vCenter Server Appliance section in the vCenter Server 5.5 and Host Management Guide.
  3. Run this command to navigate to the /tmp/ directory:

    cd /tmp/
  4. Run the following command to change permissions on the file:

    chmod 777 sso-add-native-ad-idp.sh
  5. Run the below command to create the Identity Source:

    ./sso-add-native-ad-idp.sh domain_name

    For example:

    ./sso-add-native-ad-idp.sh vmware.com
    Notes:
    • To find the domain name to be used in the above cmdlet, run this command:

      vpxd_servicecfg ad read | grep DOMAIN
      This creates an Integrated Windows Authentication identity source using your machine account as SPN.

After completing the preceding procedure, log in to vCenter Server with the Administrator@vSphere.local account and verify if you are able to add users. 

Source KB