<![CDATA[Virtual Southwest - Blog]]>Wed, 20 Sep 2017 14:32:07 -0700Weebly<![CDATA[VMworld 2017 Las Vegas  Recap]]>Tue, 19 Sep 2017 14:52:24 GMThttp://virtualsouthwest.com/blog/vmworld-2017-las-vegas-recapAh, nothing like being in Las Vegas the end of August with several thousand of your closest IT colleagues!!  I have not attended a VMworld in Las Vegas since it was held at the Venetian a few years back, so I was really looking forward to this one.
 This 14th US VMworld was AWESOME!!  Attended by more than 20,000 customers and partners. And there was  a record number of Hand on Labs taken as well!
I hope everyone that attended had as much fun, and learned as many new things as me and my friends did!
I want to give a big thank you and pitch to Cohesity in giving out one of the coolest vExpert item ever!  It included a Patagonia backpack, travel mug, water bottle, USB charger and socks!!
Check out their VMworld 2017 blog
Here is a bit of a review in pictures from VMworld 2017 in Las Vegas-

​Even at baggage claim, ready for VMworld!
LEGO's were a big item this year!
An after-reception snack at my favorite burger joint-
VMworld Customer Appreciation Party at the T-Mobile Arena-
Rocking Out with the headline Band - Blink-182
For some replays and more info, visit VMware VMworld 2017 
]]>
<![CDATA[More API fun with VMware NSX - Disable Distributed Firewall]]>Wed, 13 Sep 2017 21:44:15 GMThttp://virtualsouthwest.com/blog/more-api-fun-for-nsx-disable-distributed-firewallIf you have tried to disable the Distributed Firewall on one of your host clusters, and found that even when selecting Disable it still shows Enabled,  there is a know issue and documented in this VMware KB 

The KB details the workaround to disable the Distributed Firewall with the API call to the NSX Manager-
Method: PUT URL: https://nsxmgr-ip/api/4.0/firewall/domainID/enable/true|false
Note: Replace the domainID field with the Cluster ID of the cluster which has the firewall disabled.
So, how to find your cluster ID you need??  Most of the documents have you go to the Management Object Browser (MOB), of your vCenter, then drill down to locate the specific item you need and it's associated ID.

​However, there is a quicker way.  If you log into the web client of your vCenter, (and yes all new features like NSX, vSan and many others can only be done in the web client),  you can locate the object ID for many items!
Just click on the item you need, such as the Cluster, then in the address bar of your browser, scroll all the way to the right, and the ID will be listed close to the end.
Here is an example of the cluster and ID needed:​
I used this trick during my VCIX-NV exam, which has one API question, and was able to find the ID required for a specific VM and then build my API query needed.  I was able to pass the exam so I hope I got that question correct at least!

]]>
<![CDATA[NSX Manager Slowness – Too many Backup Files??]]>Wed, 13 Sep 2017 21:03:45 GMThttp://virtualsouthwest.com/blog/nsx-manager-slowness-too-many-backup-filesA follow up to my previous post on setting up NSX backups…
If you have configured a backup schedule on your NSX Manager, you may notice that there is no setting on the number of backups to retain, or any option to remove older backups.  This is even true in the latest 6.3.3 version.
On several NSX Managers that I administer, I had noticed a slowdown accessing the managers, and when creating or deploying any new components, such as an edge gateway.
 It was discovered that the slowness started occurring if the NSX Manager has 100 or more backup files.  The only way to remove the files was to delete them from the FTP server folder, and then reboot the NSX Manager.

If you start to experience any odd behavior of your NSX Managers, check the number of backup files and remove the ones not needed.  I keep mine under 20.
I am hoping a feature will be added in the upcoming release to allow you to set a backup retention and to delete backup files in the web ui.
Will keep you posted on my progress for that...

]]>
<![CDATA[Configure NSX Backups with API Call]]>Wed, 13 Sep 2017 20:25:49 GMThttp://virtualsouthwest.com/blog/configure-nsx-backups-with-api-callWhether you need to recover your NSX Manager from a failure or revert from changes, it is always good to have a current backup!
And if you have several NSX Managers to configure backups on, updating them using the API call will save you quite a lot of time.
NSX Manager supports setting up backups using FTP or SFTP, and to schedule them to run on an hourly,
daily or weekly frequency.
If you are looking for a FTP Server, I have used the FileZilla Server and pointed NSX Manager backups. It will support SFTP as well, check out the FileZilla info- forum.filezilla-project.org/viewtopic.php?t=8812
I have had the best success running API calls to NSX using the Firefox RESTClient.  To start with-
1. Locate the RESTClient Mozilla add‐on, and add it to Firefox.
2. Click Tools > REST Client to start the add‐on.
3. Click Authentication,then Basic Authentication, and enter the NSX Manager login credentials, which then appear encoded in the Request Header.
Note: you may need to browse to the NSX Managers web ui, and accept the certificate warning before running query.
4. Select a method such as GET, POST, or PUT, and type the URL of a REST API.
Response Header, Response Body, and Rendered HTML appear in the bottom window.
5. For POST and PUT, you will need to add a Custom Header.
Select Headers, Custom header and add the name Content-Type and Value application/xml

Below is an example of adding a backup for a daily schedule:

Method   PUT   URL: https://nsx-manager.corp.local/api/1.0/appliance-management/backuprestore /backupsettings
Headers: Authorization: Basic       Content-Type: application/xml
Body:
<backupRestoreSettings>
<ftpSettings>
<transferProtocol>FTP</transferProtocol>
<hostNameIPAddress>ftp-server.corp.local</hostNameIPAddress>
<port>21</port>
<userName>ftp-user</userName><password>my-pasword</password>
<backupDirectory>NSXBackupDir</backupDirectory>
<filenamePrefix>nsx-manager-</filenamePrefix>
<passiveMode>true</passiveMode>
<useEPRT>false</useEPRT>
<useEPSV>true</useEPSV>
</ftpSettings>
<backupFrequency>
<frequency>DAILY</frequency>
<hourOfDay>19</hourOfDay>
<minuteOfHour>30</minuteOfHour>
</backupFrequency>
<excludeTables>
<excludeTable>AUDIT_LOGS</excludeTable>
<excludeTable>SYSTEM_EVENTS</excludeTable>
</excludeTables>
</backupRestoreSettings>
 
The items in Bold are the options for your specific configuration…
To check your backup settings, just change the Method to GET, and run the same URL with the Authentication: Basic Header-
Method   GET   URL: https://nsx-manager.corp.local/api/1.0/appliance-management/backuprestore /backupsettings
Headers: Authorization: Basic       
The configured settings will display in the Body:
<backupRestoreSettings>
<ftpSettings>
<transferProtocol>FTP</transferProtocol>
<hostNameIPAddress>ftp-server.corp.local</hostNameIPAddress>
<port>21</port>
<userName>ftp-user</userName><password>my-pasword</password>
<backupDirectory>NSXBackupDir</backupDirectory>
<filenamePrefix>nsx-manager-</filenamePrefix>
<passiveMode>true</passiveMode>
<useEPRT>false</useEPRT>
<useEPSV>true</useEPSV>
</ftpSettings>
<backupFrequency>
<frequency>DAILY</frequency>
<hourOfDay>19</hourOfDay>
<minuteOfHour>30</minuteOfHour>
</backupFrequency>
<excludeTables>
<excludeTable>AUDIT_LOGS</excludeTable>
<excludeTable>SYSTEM_EVENTS</excludeTable>
</excludeTables>
</backupRestoreSettings>]]>
<![CDATA[vExpert 2017 Announcement!]]>Mon, 27 Mar 2017 20:59:10 GMThttp://virtualsouthwest.com/blog/vexpert-2017-announcementPicture
I ​am very honored to be selected as a vExpert for the fifth year in a row! 
Congratulations to everyone that was selected this year, you can see the list and announcement here: https://blogs.vmware.com/vmtn/2017/02/vexpert-2017-award-announcement.html
Congratulations to all of the vExperts of 2017!!

]]>
<![CDATA[VCP6-NV Exam Experience]]>Wed, 07 Sep 2016 21:08:53 GMThttp://virtualsouthwest.com/blog/vcp6-nv-exam-experienceYeah, I am way behind on posting things.  I passed the VCP6-NV exam last spring, since I have been working with NSX, and a bit of networking on a daily basis for a while I thought I would just schedule and take exam.

The exam is multiple choice, with several diagram questions, that have you select how a VM or host communicates with another VM or host.  I think there were 4 or 5 questions on this.  I also had a couple of questions on basic subnetting, so be sure and review that before you take the exam!

I watched two NSX courses from Pluralsight, www.pluralsight.com  by Jason Nash.  VMware NSX for vSphere Introduction and Installation and VMware NSX for vSphere: Network Services. 

These are both a huge help in learning NSX, especially the details needed for many of the services it can provide.

I had several questions with a diagram, not as nice as the one below, asking how VM1 would find the Mac address, or IP address of VM2.
Here is the process if the VM’s are on the same host:
  1. VM1 sends Address Resolution Protocol (ARP) request for the MAC address of VM2 on the
    same logical switch (VNI 5001) on the same host.
  2. Broadcast is sent to all virtual machines on the logical switch of the same host. The switch
    security module uses the management network to query the NSX Controller instances ARP
    table for VM2 ARP entry.
  3. Because VM2 is on the same logical switch, VM2 sends an ARP reply before NSX Controller
    responds to the switch security module:
    1. If VM2 has not participated in previous ARP reply or Dynamic Host Configuration Protocol (DHCP), the NSX Controller instance lacks the information.
    2.  Switch security module updates local ARP table and notifies NSX Controller to update the ARP entry for VM2 (in the ARP table).
4. Logical switch delivers a unicast ARP reply to VM1.
And the same but with the VM’s on different hosts:
The steps, for Unicast mode at least, are:
  1. VM1 sends an ARP request for the MAC address of VM3 on the same logical switch (VNI 5001) on a different host in a different cluster.
  2. Broadcast is sent on the local logical switch and the switch security module queries the NSX Controller instance for an ARP entry for VM3.
  3. The NSX Controller instance lacks the information on VM3. So the broadcast is forwarded as encapsulated unicast from VTEPx to all local VTEPs and the remote proxy VTEP.
  4. VM3 sends a unicast ARP reply that is encapsulated by VTEPy, and is sent to VTEPx, and returned to VM1.
  5. VTEPx learns the MAC address of VM3 for all subsequent communication from local virtual machines to VM3.
There were also a few questions on Distributed Switches, creating Port Groups ect.

I didn’t find the exam overly difficult, but with 85 or so questions I was pretty worn out at the end of the exam….

Good luck to everyone who is working towards this certification!!
]]>
<![CDATA[vExpert 2016 Announcement!]]>Sun, 07 Feb 2016 01:27:03 GMThttp://virtualsouthwest.com/blog/vexpert-2016-announcementPicture




I am very honored to be selected as a vExpert for the fourth year in a row! ​
​Congratulations to everyone that was selected this year, you can see the list and announcement here: http://blogs.vmware.com/vmtn/2016/02/vexpert-2016-award-announcement.html
There are many benefits to becoming a vExpert, private community access from VMware, cool free shirts and lots of swag!  But my favorite is from Pluralsight which offers access to their entire training library for vExperts and MVP’s.
Check out http://blog.pluralsight.com/2015-vexperts-mvps-free-training
I watched two courses on VMware NSX, which covered a lot of material for the VCP-NV exam, which I was able to pass last year.  More info on that exam coming up!
Congratulations again to all of the vExperts of 2016!!

]]>
<![CDATA[VMware vSphere Security Cookbook Review]]>Tue, 03 Nov 2015 20:50:01 GMThttp://virtualsouthwest.com/blog/vmware-vsphere-security-cookbook-reviewA while back I had the opportunity to be a reviewer for the new book by PACK Publishing, https://www.packtpub.com/ , the VMware vSphere Security Cookbook, by Mike Greer.

This was my first time as a book reviewer, and I had thought it would be a few minutes in the evening reading the sections the publisher emailed me, then adding some short comments, wrong!  As I read over the chapters I started thinking about how I would write or explain the specific topic, then doing research on the web or in the VMware KB’s to verify what I thought, or what was in the chapters accurate and the best way to explain the specific topics.

I can tell you from past experience in writing procedure documents for customers, you really need to have the steps to follow defined correctly and accurately.  What I really like is the way it details the steps to configure the components of vSphere security whether you are doing it for the first time, or you have done it several times.

The book is based on vSphere vCNS 5.5, however I have been working with NSX since its release and I can see that many of the interfaces are identical.  This is especially true with most of the Edge Services Gateway configurations.  

The book covers additional security areas that you always need to interface with, such as Microsoft Active Directory and SSL Certificates.  The use of the SSL Certificate Automation Tool, with real life examples, is covered as well!

You can find the book at: https://www.packtpub.com/virtualization-and-cloud/vsphere-security-cookbook  

I hope you find the book helpful in your daily vSphere administration!!
]]>