VMworld 2015 Announcements – In a Nutshell

Posted on by Craig

vmworld2015-logo-blackThe excitement of VMworld 2015 is upon us, and below are the key announcements.

Naturally, we will need to dig a bit deeper to understand the technology in more detail along with the limitations and costs.

  • VSAN 6.1
    • 2 x Node Cluster Supported
    • vSphere Metro Storage Cluster Supported
    • Windows Server Failover Clustering Supported
    • vROPs Integration (not sure if a management pack is needed)
    • vSphere Replication Enhanced 5 Min RPO

This answers a lot of use cases for me, especially the 2 x Node Cluster and vMSC support.

  • VMware Hybrid Cloud
    • Support for Layer 2 Networking Extension
    • Encryption over the WAN and optimisation
    • Cross Cloud vMotion (on-premises to vCloud Air)

Layer 2 is key here as a lot of customers have apps that break if you change subnets.  Zero downtime is pretty decent as well, however you still need to design for user access to applications and services in vCloud Air.

  • SRM 6.1
    • Metro Stretch Clusters, ability to live migrate across vCenters.  Think vMSC but with control for test and planned failover.

Another key enhancement here, lots of campus type customers such as Universities and NHS Trusts will look into this more deeply..

  • VAIO (vSphere API’s for IO Filtering)
    • Enables third party data services to intercept IO and optimise before hitting storage.
    • Initial use cases are caching and replication
    • Works with VMFS, Virtual Volumes and VSAN

Although VAIO was announced at VMworld 2014.  We should start to see some practical use-cases.  My best guess is that we will see in-memory optimisation for IO, same as Atlantis but without the need for a separate appliance.

Cisco UCS Platform Emulator – ‘Slot ID Must Be A Range In The Format [a-b]’

Posted on by Craig

This is another quick blog post to help anyone using the Cisco UCS Platform Emulator and is configuring a chassis or blade and runs into the error message ‘slot ID must be a range in the format [a-b]’

UCS Error01The [a-b] is misleading, however you do need to enter details in a specific format for it to be accepted by the Cisco UCS Platform Emulator.

The easiest way to do this is to jump onto Cisco UCS Manager and expand the component you are trying to add and check the properties of the item.

In the above case, I’m trying to add fans to a 5108 Chassis. So I have drilled down to the component and checked the format of the ID and Tray.

UCS Error02The format to enter the fans in is 1-1 or if you want to populate all 8 at once enter 1-8.

UCS Error03To give another example, I want to configure a Cisco UCS B200 M4 Blade and want to add in Intel(R) Xeon(R) E5-2650 v3 2.30 GHz 105W 10C/25MB Cache/DDR4 2133MHz.  The format for this is 1-2 which represents the CPU slots.UCS Error04

Cisco UCS Platform Emulator – Unable to Launch UCS Manager

Posted on by Craig

This is a quick blog post to help anyone who is setting up and configuring Cisco UCS Platform Emulator for the first time and is staring blankly at a screen wondering why they have no ability to launch UCS Manager.

Problem Statement

Connecting to the VIP Address of the Cisco UCS Platform Emulator, you are unable to launch UCS Manager.

Cisco UCS 01

Solution

Cisco UCS Platform Emulator works under the premise of secure and un-secure context and therefore is blocked by FireFox.

Select the ‘shield icon’ in FireFox

Cisco UCS 02

 

Click Options

Cisco UCS 03

Select ‘Disable Protection Now’

Cisco UCS 04

 

Refresh and you can now Launch Cisco UCS Manager

Cisco UCS 05

Azure Networking Overview

Posted on by Craig

The purpose of this post is to explain my understanding of the different networking options with Azure, it is meant to be an overview and not a deep dive into each area.  If you notice any areas which are incorrect, feel free to make a comment and I will update this post.

Endpoints

Endpoints are the most basic configuration offering when it comes to Azure networking.  Each virtual machine is externally accessible over the internet using RDP and Remote PowerShell. Port forwarding is used to access the VM.  For example 12.3.4.1:6510 resolves to azure.vmfocus.com which is then port forwarded to an internal VM on 10.0.0.1:3389 Azure Input Endpoints

  • Public IP Address (VIP) is mapped to the Cloud Service Name e.g. azure.vmfocus.com
  • The port forward can be changed if required and additional services can be opened or the defaults of RDP and Remote PowerShell can be closed
  • It is important to note that the public IP is completely open and the only security offered is password authentication into the virtual machine
  • Each virtual machine has to have an exclusive port mapped see diagram below

Azure Input Endpoints Multiple VM

Endpoint Access Control Lists

To provide some mitigation to having virtual machines completely exposed to the internet, you can define an basic access control list (ACL).  The ACL is based on source public IP Address with a permit or deny to a virtual machine.

  • Maximum of 50 rules per virtual machine
  • Processing order is from top down
  • Suggested configuration would be to white list on-premises external public IP address

Load Balancing

Multiple virtual machines are given the same public port for example 80.  Azure load balancing then distributes traffic using round robin.

  • Health probes can be used every 15 seconds on a private internal port to ensure the service is running.
  • The health probe uses TCP ACK for TCP queries
  • The health probe can use HTTP 200 responses for UDP queries
  • If either probe fails twice the traffic to the virtual machine stops.  However the probe continues to ‘beacon’ the virtual machine and once a response is received it is re-entered into round robin load balancing

Azure Load Balancing

Virtual Networks

Virtual networks enable you to create secure isolated networks within Azure to maintain persistent IP addresses.  Used for virtual machines which require static IP Addresses.

  • Enables you to extend your trust boundary to federate services whether this is Active Directory Replication using AD Connect or Hybrid Cloud connections
  • Can perform internal load balancing using internal virtual networks using the same principle as load balancing endpoints.

Hybrid Options

This is probably the most interesting part for me, as this provides the connectivity from your on-premises infrastructure to Azure.

Point to Site Point to site uses certificate based authentication to create a VPN tunnel from a client machine to Azure.

  • Maximum of 128 client machines per Azure Gateway
  • Maximum bandwidth of 80 Mbps
  • Data is sent over an encrypted tunnel via certificate authentication on each individual client machine
  • No performance commitment from Microsoft (makes sense as they don’t control the internet)
  • Once created certificates could be deployed to domain joined client devices using group policy
  • Machine authentication not user authentication

Azure Point to Site Site to Site Site to site sends data over an encrypted IPSec tunnel.

  • Requires public IP Address as the source tunnel endpoint and a physical or virtual device that supports IPSec with the following:
    • IKE v1 v2
    • AES 128 256
    • SHA1 SHA2
  • Microsoft keep a known compatible device list located here
  • Requires manual addition of new virtual networks and on-premises networks
  • Again no performance commitment from Microsoft
  • Maximum bandwidth of 80 Mpbs
  • The gateway roles in Azure have two instances active/passive for redundancy and an SLA of 99.9%
  • Can use RRAS if you feel that way inclined to create the IPSec tunnel
  • Certain devices have automatic configuration scripts generated in Azure based

Azure Site to Site Express Route A dedicated route is created either via an exchange provider or a network service provider using a private dedicated network.

  • Bandwidth options range from 10 Mbps to 10 Gbps
  • Committed bandwidth and SLA of 99.99%
  • Predictable network performance
  • BGP is the routing protocol used with ‘private peering’
  • Not limited to VM traffic also Azure Public Services can be sent across Express Route
  • Exchange Providers
    • Provide datacenters in which they connect your rack to Azure
    • Provide unlimited inbound data transfer as part of the exchange provider package
    • Outbound data transfer is included in the monthly exchange provider package but will be limited
  • Network Service Provider
    • Customers who use MPLS providers such as BT & AT&T can add Azure as another ‘site’ on their MPLS circuit
    • Unlimited data transfer in and out of Azure

Azure Express Route

Traffic Manager

Traffic Manager is a DNS based load balancer that offer three load balancing algorithms

  • Performance
    • Traffic Manager makes the decision on the best route for the client to the service it is trying to access based on hops and latency
  • Round Robin
    • Alternates between a number of different locations
  • Failover
    • Traffic always hits your chosen datacentre unless there is a failover scenario

Traffic Manager relies on mapping your DNS domain to x.trafficmanager.net with a CNAME e.g. vmfocus.com to vmfocustm.trafficmanager.net. Then Cloud Service URL’s are mapped to global datacentres to the Traffic Manager Profile e.g. east.vmfocus.com west.vmfocus.com north.vmfocus.com Azure Traffic Manager