Identifying the vSAN Performance Stats DB object and review it's physical storage

The performance statistics in vSAN are stored in a database object on the vSAN Datastore in a vSAN enabled cluster. Information about the object can be found in the vSphere Client under the Services tab of the vSAN Cluster Configuration. The image below shows the objects's status and that it's protected under the vSAN Default Storage Policy. 

Set timeout to 0 for vSphere Client with a script

The vSphere Client and vSphere Web Client in the vCenter Appliance both have a timeout of 120 minutes. NSX-T has a timeout of 30 minutes. When I am teaching VMware classes the client always has just timed out when I want to demonstrate something to my students and I then have to re-login. So therefor I always configure the timeout to 0 (no timeout) at the start of each class. It is documented here how to do that:

List effective firewall rules for VMs with NSX-T

The distributed firewall enforces firewall rules on each vNic of each VM. To find which rules are effectively enforced on a VM the following commands can be used on the transport node (hypervisor) where the virtual machine is running.

For ESXi

To access the list of firewall rules we first need to find the name of the dvfilter used on the VM's network adapter. Use the following command to access the full list:

summarize-dvfilter

Tags

Set NSX-T web UI and CLI timeout

Configure CLI timeout

The NSX-T Manager appliance shell is configured with a default timeout of 600 seconds . This timeout can be changed from the NSX Manager Command Line Interface. Access the NSX Manager CLI through the console or through SSH. With the following command you can retrieve the current setting of the CLI timeout:

get cli-timeout

To configure the timeout use the following command:

set cli-timeout <seconds>

Updating Custom Properties in a vRealize Automation 8 Deployment with a vRealize Orchestrator Workflow

When deploying machines from vRealize Automation version 8.x custom properties can be used to store values that you want to process yourself during the lifecycle of the machine. These custom properties can be accessed and updated with a vRealize Orchestrator workflow when called by a subscription. How to read and update custom properties is documented in this article. In the video below I show how the properties are read and updated. Also a new custom property is added during execution.

Creating your first vRealize Orchestrator Workflow

This article is based on using the HTML-based user interface that was introduced with vRealize Orchestrator version 7.5 and which is the only available client in version 8. If you are running an older version and would like to use the instructions for the older Java-based client then you can find those instruction here

New web site for VMware ports overview launched

VMware has released a new web site (ports.vmware.com), now at ports.broadcom.com, that conveniently contains all used ports per product. Not all products are covered yet but let's hope that's a matter of time. Here is an example of ports for NSX for vSphere with a filter that shows the ports used when ESXi is the source. This allows you to conveniently find the used ports per component.

VMware Horizon Manual Floating pool with two users in AD group for computer management

A customer asked if it is possible to allow AD users to manage an existing virtual machine through an HTML connection. In this short video I am showing this setup with two VMs (each in their own pool) that can be accessed by two individual users that are members of an AD Group. To accomplish this you would have to create a Manual Floating pool with 1 VM per pool that can be accessed by multiple users (not simultaneously). Use a manual pool to make sure VMs are not deleted or otherwise managed by Horizon.

vSAN: No witness! No problem?

When you study how vSAN works then you will read about how objects are backed by one or more components. This is dependent on the fault tolerance level and what you would also read is that a tie-breaker witness will be created. This is to make sure that when a network partition occurs, servers in a network partition can decide whether or not they together hold more than 50% of the necessary components and/or witnesses. 

Why DRS Should Run Rules are better than anti-affinity rules in small clusters

The Distributed Resource Scheduler (DRS) allows vSphere Administrators to use rules to enforce virtual machine placement on cluster nodes. An example of such a rule is in the image below with a rule to reparate two domain controllers so that they won't run on the same vSphere host.

DRS Anti Affinity Rule

Configure Permissions for vRealize Orchestrator with AD

vRealize Orchestrator allows you to configure permissions for users in your authentication domain to access your vRO deployment with different types of access. While you might want administrators to access your workflows from the vSphere Web Client sometimes there will still be users that need access with the vRO client. One example is a group of developers that you only want to allow access to one or just a few folders in your vRO environment.

Configure Syslog server for NSX Controller with HTTP REST and vRealize Orchestrator

For many NSX components you can easily configure a syslog server, such as vRealize Log Insight. This however is not simple and straightforward for the NSX Controller Nodes. For those components this setting has to be configured via the NSX API via HTTP REST. In this article I explain how to use vRealize Orchestrator to accomplish this task.

The syntax and procedure are described in two locations:

vCenter 6.5 Appliance Backup and Restore

With the release of vSphere 6.5 VMware has introduced a new method for creating a backup of the vCenter Appliance. This method is available from the vCenter Appliance web management interface on port 5480 (https://applianceaddress:5480). In this article I will explain how to create a backup and what the restore procedure is.

vCenter Appliance backup

Schedule vCenter 6.5 appliance backups with vRealize Orchestrator

With the release of vSphere 6.5 VMware has introduced a new method for creating a backup of the vCenter Appliance. This method is available from the vCenter Appliance web management interface on port 5480 (https://applianceaddress:5480).

Tip: Starting with vSphere 6.7 scheduling functionality has been added as a native feature in the appliance, eliminating the need for this workflow. It still applies to vSphere 6.5.

Running VMware vSphere 6 vCenter Appliance on Ravello Systems

Running the VMware vSphere 6 vCenter Appliance on the Ravello Systems cloud is not supported in its native format. If you have created a local working copy of the appliance then you can import it into the Ravello Systems cloud environment. When you then want to Edit and Verify the imported virtual machine an error message will be generated that Ravello Systems only supports 7 virtual disks but the appliance was created by VMware with 11 virtual disks.

In this image you can see disks 10 and 11 of the imported appliance: