jump to navigation

VMware vMA authentication methods November 28, 2012

Posted by vbry21 in VCAP5-DCA, VMware Training.
Tags: , ,
add a comment

As part of the preparation for the VCAP5-DCA exam and also as part of teaching the VMware vSphere Optimize and Scale course I’ve been looking at managing an ESXi host and vCenter through VMware’s vMA (vSphere Management Assistant).

The command structure can become quite tedious.

For example to list network cards without using an authentication method would be as follows.

vicfg-nics –server esxi01a.qavdc.com –username root –password P@ssw0rd -l

However the VMA does support vMA Authentication.

The vMA authentication interface enables users and applications to authenticate with the target servers by using vi-fastpass or Active Directory (AD). While adding a server as a target, the administrator can determine whether the target must use vi-fastpass or AD authentication. For vi- fastpass authentication, the credentials that a user has on the vCenter Server system or ESXi host are stored in a local credential store. For AD authentication, the user is authenticated with an AD server.

When you add an ESXi host as a fastpass target server, vi-fastpass creates two users with obfuscated passwords on the target server and stores the password information on vMA:

vi-admin with administrator privileges

vi-user with read-only privileges

The creation of vi-admin and vi-user does not apply for AD authentication targets. When you add a system as an AD target, vMA does not store information about the credentials. To use the AD authentication, the administrator must configure vMA for AD.

Configure vMA for Active Directory authentication so that ESXi hosts and vCenter Server systems added to Active Directory can be added to vMA. Joining the vMA to Active Directory prevents you from having to store the passwords in the vMA credential store. This approach is a more secure way of adding targets to vMA.

Ensure that the DNS server configured for vMA is the same as the DNS server of the domain. You can change the DNS server by using the vMA Console to the Web UI.

Ensure that the domain is accessible from vMA. Ensure that you can ping the ESXi and vCenter Server systems that you want to add to vMA. Ensure also that pinging resolves the IP address to the target servers domain.

To add vMA to a domain:

From the vMA console, run the following command:

sudo domainjoin-cli join <domain_name> <domain_admin_user>

When prompted, provide the Active Directory administrator’s password.

Restart vMA.

For further information read, VMware’s vMA product documentation.

Advertisements

vCenter Multi-Hypervisor Manager 1.0 is here November 21, 2012

Posted by vbry21 in VMware blogs, VMworld 2012 Barcelona.
Tags:
add a comment

A few week ago I mentioned that VMware’s vCenter product would be able to manage multiple Hypervisors

Do you want to manage your vSphere environment and some other hypervisors? Then come and look at vCenter Multi-Hypervisor Manager 1.0.

Well here’s the good news, it’s here

This is a product I am definitely interested in as I teach VMware and Hyper-V, the only question is.

“Do I manage VMware and Hyper-V from vCenter, or do I manage VMware and Hyper-V from System Center?”

The answer is “It Depends”

 

VMware Partner Exchange 2013 dates released November 21, 2012

Posted by vbry21 in General Stuff.
Tags:
add a comment

The VMware Partner Exchange 2013 dates have been released. Book now

VMware Partner Exchange is dedicated to educating and enabling you to sell and deploy VMware products and solutions successful

Gain insights to identify customer needs effectively and acquire new customers.

 Find out how to expand business by cross-selling VMware solutions and services

Network with other partners, VMware experts and executives

Walk away with go-to-market selling strategies that enable you to accelerate your business

Be the first to hear VMware’s plans for the coming year, learn about new partner offerings, explore best practices and understand the training roadmap.

Enabling the vMA root user account November 20, 2012

Posted by vbry21 in VCAP5-DCA.
Tags:
add a comment

I was asked a question recently relating to the root account in the VMware vSphere Management Assistant Virtual Appliance. The question was why can’t I login as root?

By default the root user account is disabled, but what you may want to do for troubleshooting purposes is to enable the root account (I would only do this in conjunction with VMware Global Support Services).

To enable the root account in vMA:

  1. Log in to vMA as the vi-admin user.
  2. Run this command to open the passwd file:

    sudo vi /etc/passwd

  3. Locate the line that appears similar to:

    root:x:0:0:root:/root:/sbin/nologin

  4. Modify the line it to:

    root:x:0:0:root:/root:/bin/bash

  5. Log out from vMA and log in again as the vi-admin user.
  6. Run this command and enter the new root password:

    sudo passwd root

  7. You should now be able to log in to vMA using the root account.

 

Enabling the ESXi Shell for Troubleshooting November 18, 2012

Posted by vbry21 in VCAP5-DCA.
add a comment

As part of my preparation for the VCAP5-DCA exam I’ve been messing about with the ESXi shell.

The ESXi shell allows us to enter and run commands directly in the VMware vSphere ESXi Shell and VMware say that this should only ever be used in troubleshooting situations.

Ideally for command line we should use either the VMware vSphere Command-Line Interface (vCLI) or the VMware vSphere Management Assistant (vMA).

So how do we enable the ESXi Shell.

In the DCUI of the ESXi host, press F2 and provide credentials when prompted.

Scroll to Troubleshooting Options and press Enter.

Select Enable ESXi Shell and press Enter.

On the left, Enable ESXi Shell changes to Disable ESXi Shell. On the right, ESXi Shell is Disabled changes to ESXi Shell is Enabled.

Press Esc until you return to the main DCUI screen.

Local users that are assigned to the administrator role automatically have local shell access. Assigning local shell access to the administrator role prevents the root account from being shared by multiple users. Sharing the root account presents security issues and makes auditing the host difficult.

If you enable SSH access, do so only for a limited time. SSH should never be left open on an ESXi host in a production environment.

If SSH is enabled for the ESXi Shell, you can run shell commands by using an SSH client, such as SSH or PuTTY.

To enable SSH from the vSphere Client:

Select the host and click the Configuration tab.

Click Security Profile in the Software panel.

In Services, click Properties.

Select SSH and click Options.

Change the SSH options. To change the Startup policy across reboots, click Start and stop with host and reboot the host.

Click OK.

To enable the local or remote ESXi Shell from the vSphere Client:

Select the host and click the Configuration tab.

Click Security Profile in the Software panel.

In Services, click Properties.

Select ESXi Shell and click Options.

Change the ESXi Shell options. To change the Startup policy across reboots, click Start and stop with host and reboot the host.

Click OK.

The ESXi Shell timeout setting specifies how long, in minutes, you can leave an unused session open. By default, the timeout for the ESXi Shell is 0, which means the session remains open even if it is unused. If you change the timeout, for example, to 30 minutes, you have to log in again after the timeout period has elapsed.

To modify the ESXi Shell Timeout:

In the Direct Console, follow these steps.

Select Modify ESXi Shell timeout and press Enter.

Enter the timeout value in minutes and press Enter.

In the vSphere Client, follow these steps:

In the Configuration tab’s Software panel, click Advanced Settings.

In the left panel, click UserVars.

Find UserVars.ESXiShellTimeOut and enter the timeout value in minutes.

Click OK.

 

Starting your training journey with Microsoft Private Clouds November 15, 2012

Posted by vbry21 in Microsoft Training, Microsoft Virtualisation blogs, Windows 2012 Hyper-V.
Tags: ,
1 comment so far

Now anyone who has read any of my posts may think that perhaps I’m a little bit biased towards VMware.

Really though I’m not. (Was he being sarcastic? No he’s not).

One of the things I like about Microsoft virtualisation is the fact that Microsoft are trying to make virtualisation available to all.

I joke in my classes that we can all afford Solid State Disks and also spend hundreds of thousands on storage, but in the real world we can’t.

Microsoft has produced a wonderful white paper entitled.

Flexible Storage with Windows Server 2012

I can see that Windows 2012 Hyper-V alongside System Center 2012 becoming a very sound solution for virtualisation.

As such I have included a list of some very useful and informative courses on moving to a Microsoft powered private cloud.

Monitoring and Operating a Private Cloud with System Center 2012

Configuring and Deploying a Private Cloud with System Center 2012

 

 

VMware Hands on Labs go public beta November 15, 2012

Posted by vbry21 in VMware Training.
Tags:
add a comment

I got a nice email today from VMware and it was in relation to their Hands on Labs.

When I teach my various VMware courses a question always comes up.

“Can I access this lab environment after the course?”

The answer is always.

“No, sorry, the kit gets rebuilt for the course next week.”

I then see a sad little face looking back at me.

VMware told me about their hands on labs, the good news is that they are now in Public Beta. If you head across to the linked site above, you can express your interest in the public beta.

 

some thoughts on storage in virtualisation November 15, 2012

Posted by vbry21 in General Stuff.
Tags: ,
add a comment

Today my mind turns to storage with virtualisation.

I am currently prepping to teach a new virtualisation course and I have just reached the module which deals with storage optimisation.

In the good old days I used to be a virtualisation consultant and engineer. I used to get called out to customer sites to troubleshoot performance issues.

I always followed a specific order in analysing the issue.

1)      Storage

2)      Memory

3)      CPU

4)      Networks

My reasoning being, VMs are stored on datastores, and if we have a great number of VMs on a single LUN / datastore then we have issues.

However other factors need to be considered.

Storage protocols, generally Fibre channel and hardware iSCSI may be faster than software iSCSI and NFS, purely because processing in the software protocols may be done by the host, rather than offloaded to the storage adaptor or array.

Proper Configuration of your storage devices, goes without saying.

Load balancing across storage, generally more read / write heads and multiple paths equals better performance, just think about motorways versus single farm track.

Storage queues, I prefer to call this latency, basically how fast can we eliminate the queue, ideally I’d love a latency of 0ms.

Now obviously I can’t tell you how to configure your storage, but what I hope I’ve given you is some food for thought.

Microsoft Windows 7 course instructor demos November 12, 2012

Posted by vbry21 in Microsoft Training.
Tags: ,
add a comment

I’m teaching a Microsoft Windows 7 6292A course next week in London.

In order to make the course run smoothly, I have produced all of the instructor demonstrations as Youtube videos.

These videos are now uploaded to my Youtube channel , you can find the videos in my Microsoft Windows 7 6292 demos playlist. I hope you find them useful.

As for the course, please find more information at the QA website

VCAP5-DCA revision begins in earnest November 12, 2012

Posted by vbry21 in VCAP5-DCA, VMware blogs, VMware Training.
Tags:
add a comment

One of the things I’m doing in a few weeks is my VCAP5-DCA exam, yes I’m a VCAP4-DCA, I would have sat it earlier, but unfortunately the nearest testing centre is in Leeds and I live in Newcastle upon Tyne, so I have to fit in the exam when I’m not teaching and when the testing centre is available.

So I’m doing a little bit revision.

I hate command line (I’m sure I’ve mentioned it before). But I do learn and use what I need to know for my job.

The exam blue print states I need to learn command line again as I’d learnt it and forgot it after my last VCAP exam.

I found this fantastic document that can also be printed as a poster, thank you VMware, you’ve just made my revision easier, hooray, and it’s now sitting as a PDF on my iPad in my Good reader app.