Tuesday 16 September 2014

Upgrading to NSX 6.1

In this article I'm going to go through the steps of upgrading my nested NSX test lab from version 6.0.4 to 6.1  Chris Wahl (Blog | Twitter) has a great article with what's new in NSX 6.1.  First step is to download the NSX 6.1 upgrade bundle from the VMware site:

Once it's downloaded log into the NSX Manager admin page and browse to the Upgrade section:

Click on the Upgrade button and choose the upgrade bundle that you just downloaded and click Continue:

The upgrade bundle should start uploading.  This will take a few minutes:

Once the bundle has uploaded click Continue.  The upgrade process warns you to ensure you have taken a snapshot prior to the upgrade.  Once you are ready, click Upgrade:

Once the process starts you can monitor its progress:

Once the upgrade process has completed the NSX Manager VM will automatically reboot and take you back to the login screen.  Once you log back in and go to the Upgrade section you should see it completed successfully and that it's now running at version 6.1:

Now that the NSX Manager is running at version 6.1 it's time to upgrade all the controllers and Edges.  Since this is a test lab I only have one controller VM so as long as there are no vMotions within my lab I should not have any connectivity issues.  To upgrade the controller VM log into the vSphere Web Client and navigate to the NSX Manager plugin and then click on the Installation menu item:

Click on the Upgrade Available link and then Yes to upgrade the NSX controllers:

If you refresh the vSphere Web Client you should see the installation in progress and then eventually the controller rebooting:

Once the controller has rebooted it should also be at version 6.1.  

Next were going to upgrade the network virtualization components on the hosts.  Browse to the Installation tab and click update:

The VIBS on each ESXi host should update to 6.1 and show as Ready:

The final step is to upgrade any Edges that you have within your environment.  In my lab I only have two so this should be nice and easy.  As you can see, they are both at version 6.0.4:

To upgrade the Edges simply select one, click on the Actions menu and then Upgrade Version

Finally click Yes to confirm:

Once all Edges are upgraded they should show version 6.1:

The steps above shows you how to upgrade to NSX 6.1 without any issues.  During my upgrade I did have issues upgrading the Edges but I think this was because I hadn't upgraded the hosts prior to the Edges.  Ultimately I ended up re-creating the Edges but if I had RTFM I don't think I would have encountered any issues.  Also, remember to disable any firewall rules that block L2 connectivity between two VM's before testing :)

That's the upgrade complete, have yourself a well deserved cup of tea and go explore some of the new features.

Monday 15 September 2014

Offline upgrade of ESXi hosts to 5.5 U2

This is a quick post to show you how to upgrade your ESXi hosts to vSphere 5.5 U2 without the use of vCenter Update Manager, and also to remind me for later updates.  I currently use vCenter Update Manager to upgrade my production hosts but it's not worth deploying another instance for my nested environment and unfortunately you can only have one vCenter Update Manager per vCenter instance.  So, first thing to do is download the vSphere 5.5 U2 offline bundle:

Next you need to upload the offline bundle .zip to a datastore that's accessible by all ESXi hosts that you wish to upgrade.  In my example I'm going to use IX2-ISCSI-TestLab:

Once the .zip is uploaded place the host you wish to upgrade into maintenance mode and SSH into the host and run the following command to list the image profiles that are in that offline bundle:

esxcli software sources profile list -d /vmfs/volumes/IX2-ISCSI-TestLab/

Select the profile that you want to install and run the following command:

esxcli software profile update -d /vmfs/volumes/IX2-ISCSI-TestLab/ -p ESXi-5.5.0-20140902001-standard

Once completed you will be instructed to reboot the host:

Once the host reboots the version should now show as 5.5 U2:

Simply take it out of maintenance mode and upgrade the remaining hosts in the cluster and don't forget about updating VMtools on all your VM's

Happy offline updating

Thursday 11 September 2014

No Health State Data after upgrade to vSphere 5.5 Update 2

I upgraded my lab environment to vSphere 5.5 Update 2 and when I logged into the Web Client I noticed that the health state information was no longer being shown.  The error I received was:

Cannot connect to the vCenter Operations server.  Check your network connection, and the running state of the virtual machines in the vCenter Operations Manager vApp

I check the vApp and network connectivity and everything was fine.  There is no firewall in-between these two hosts so I knew that wasn't the issue.  I then tried unregistering and re-registering the vCenter servers in vCenter Operations Manager by logging into the vCenter Operations Manager admin interface and un-registering and re-registering both vCenter Servers:

Once completed the vCenter Operations Appliance showed that it was unlicensed so I had to go back to vCenter and correctly license the solution again.  After a few minutes the appliance was fully licensed but still no information in the Health State.  My other vCenter which was not upgraded to 5.5 U2 works fine so I can only assume the upgrade done something with the certificates.

If anyone knows the fix for this then let me know, otherwise I'll update this post when I fix it

** UPDATE - 11/09/2014 **

I've just noticed that the option to open an object within vCenter Operations is greyed out on the vCenter that was upgraded to 5.5 U2 but not on the vCenter that's still 5.5 U1

vCenter 5.5 U1

vCenter 5.5 U2

I've also check the vCenter Managed Object Browser and both vCenter servers look to be configured identical for com.vmware.vcops so that rules out certificates.

Tuesday 9 September 2014

EMEA vBrownBag Network Virtualization (VCP-NV) Series

Just a quick post to point out the EMEA vBrownBag guys are starting a series on Network Virtualization tonight to help go through the blueprint to obtain your VCP in Network Virtualization

The sessions are held every Tuesday at 19:00 and you can register via the following URL:

The schedule is currently as follows:

9/9/2014 (EMEA) VMware Certified Professional – Network Virtualization (VCP-NV) Ojbective 1 by Frank Buchsel (@fbuchsel)
9/16/2014 (EMEA) VMware Certified Professional – Network Virtualization (VCP-NV) Ojbective 2
9/23/2014 (EMEA) VMware Certified Professional – Network Virtualization (VCP-NV) Ojbective 3
9/30/2014 (EMEA) VMware Certified Professional – Network Virtualization (VCP-NV) Ojbective 4

The blueprint for VCP-NV is here and it looks like this:

Section 1 – Define VMware NSX Technology and Architecture

Objective 1.1 – Describe the Benefits of a VMware NSX Implementation
Objective 1.2 – Describe VMware NSX Architecture
Objective 1.3 – Differentiate VMware Network and Security Technologies
Objective 1.4 – Contrast Physical and Virtual Network Technologies
Objective 1.5 – Explain VMware NSX Integration with Third-Party Products and Services
Objective 1.6 – Explain VMware NSX Integration with vCloud Automation Center (vCAC)

Section 2 – Plan and Configure vSphere Networking

Objective 2.1 – Define Benefits of Running VMware NSX on Physical Network Fabrics
Objective 2.2 – Describe Physical Infrastructure Requirements for a VMware NSX Implementation

Section 3 – Configure and Manage vSphere Networking

Objective 3.1 – Configure and Manage vSphere Standard Switches (vSS)
Objective 3.2 – Configure and Manage vSphere Distributed Switches (vDS)
Objective 3.3 – Configure and Manage vSS and vDS Policies

Section 4 – Install and Upgrade VMware NSX

Objective 4.1 – Configure Environment for Network Virtualization
Objective 4.2 – Deploy VMware NSX Components
Objective 4.3 – Upgrade Existing vCNS/NSX Implementation
Objective 4.4 – Expand Transport Zone to Include New Cluster(s)

Section 5 – Configure VMware NSX Virtual Networks

Objective 5.1 – Create and Administer Logical Switches
Objective 5.2 – Configure VXLAN
Objective 5.3 – Configure and Manage Layer 2 Bridging
Objective 5.4 – Configure and Manage Logical Routers

Section 6 – Configure and Manage NSX Network Services

Objective 6.1 – Configure and Manage Logical Load Balancing
Objective 6.2 – Configure and Manage Logical Virtual Private Networks (VPN)
Objective 6.3 – Configure and Manage DHCP/DNS/NAT
Objective 6.4 – Configure and Manage Edge Services High Availability

Section 7 – Configure and Administer Network Security

Objective 7.1 – Configure and Administer Logical Firewall Services
Objective 7.2 – Configure Distributed Firewall Services
Objective 7.3 – Configure and Manage Service Composer

Section 8 – Perform Operations Tasks in a VMware NSX Environment

Objective 8.1 – Configure Roles, Permissions, and Scopes
Objective 8.2 – Describe NSX Automation
Objective 8.3 – Monitor a VMware NSX Implementation
Objective 8.4 – Perform Auditing and Compliance
Objective 8.5 – Administer Logging
Objective 8.6 – Backup and Recover Configurations

Section 9 – Troubleshoot a VMware Network Virtualization Implementation

Objective 9.1 – Identify Tools Available for Troubleshooting
Objective 9.2 – Troubleshoot Common NSX Installation/Configuration Issues
Objective 9.3 – Troubleshoot Common NSX Component Issues
Objective 9.4 – Troubleshoot Common Connectivity Issues
Objective 9.5 – Troubleshoot Common vSphere Networking Issues

See you there

Micro-Segmentation in Action

In this blog article I’m going to show you Micro-Sgementation in action with NSX in my lab.  The concept of Micro-Sgementaiton is the ability to block or limit traffic between all workloads within your datacenter, which includes blocking or limiting traffic between all VM’s on the same layer 2 network.  There is a great whitepaper here explaining more.  In my lab I have the following logical switches:

I have the following virtual machines assigned to the following logical switches:

WEB01 ( -> Tenant-01-Web-Tier
WEB02 ( -> Tenant-01-Web-Tier
APP01 ( -> Tenant-01-App-Tier
DB01 ( -> Tenant-01-DB-Tier

WEB01 can successfully ping WEB02 and vice versa:

The following rule will block all traffic from WEB01 to WEB02 but not from WEB02 to WEB01:

This was just a quick post showing the power of NSX and Micro-Segmentation.  I’m now going to start looking into the service composes functionality and policies can be applied to a specific group of VM’s.  Expect more soon 

Wednesday 3 September 2014

vCOPS report to help size for vCloud Air

I was asked recently by one of my partners if there was a specific report that can be run within vCenter Operations Manager to help gather the size of an environment to then quote for some vCloud Air resources.  The best report to run to gather this information is the Virtual Machine List Report:

This will produce the following report for all VM's that vCOPS is currently monitoring:

You can also use the legacy C# client to gather this information and export to a .csv file if you prefer:

One thing to point out with the C# client is that it will show total space provisioned which will include snapshots and overhead.