tag:blogger.com,1999:blog-56700483730051771982024-03-13T04:34:56.808+01:00Core fourVMware, virtualization, performance and securitylarstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.comBlogger54125tag:blogger.com,1999:blog-5670048373005177198.post-90188837374031517082023-12-28T14:18:00.002+01:002023-12-28T14:23:16.493+01:00Jumpstart plugin late-filesystem activation failed<p> <b>Problem</b></p><p>When installing ESXi you sometimes get this error message after pressing F11 to accept the EULA:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhvJvTXQA5AfbyXK0bgyAZkZXd4hDPV4IzTaIpmM15r1JIe8ALj8yzb_9yjtxUYiNLFrxT4vT0YYiIHnPvhxjk-G2Udezsp0xMj8GpZIhre4QFXN53BtZ5Yj7J2KRjbhZknAo-bbHhqR07sFISpTYvCYmnRkh1mizNcXS7iWMo_IIk4H2KIGf13WCqvPOI" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="927" data-original-width="1317" height="450" src="https://blogger.googleusercontent.com/img/a/AVvXsEhvJvTXQA5AfbyXK0bgyAZkZXd4hDPV4IzTaIpmM15r1JIe8ALj8yzb_9yjtxUYiNLFrxT4vT0YYiIHnPvhxjk-G2Udezsp0xMj8GpZIhre4QFXN53BtZ5Yj7J2KRjbhZknAo-bbHhqR07sFISpTYvCYmnRkh1mizNcXS7iWMo_IIk4H2KIGf13WCqvPOI=w640-h450" width="640" /></a></div><br /><br /><p></p><div class="separator" style="clear: both; text-align: center;"><br /></div><p><br /></p><b>Solution</b><p></p><p>The reason you're seeing this problem is because your Alt button has magically stuck within your iDRAC/iLO/RSA session and you're seeing tty11 instead of tty2. Pressing alt+F2 bring you back to the EULA page again. Press Alt by itself once and then F11 will allow you to continue the installer.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhPqSHqW2QB8UgC3JvpBebwRoRbYzucLmudWes97xXpWoTkIpkkkYX7E86kjzWpcLpP_qWEau8YKMC1L7dem8EIigsEIW6geiNBv-aqqewwrR-P-kqm5pIfE0s0jYJy1WqREh3SErYevCpG33zskmX3nz6zs09cbJCJnJo3-O3r1_y1UOmJ3m6pInNui9g" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1024" data-original-width="1343" height="488" src="https://blogger.googleusercontent.com/img/a/AVvXsEhPqSHqW2QB8UgC3JvpBebwRoRbYzucLmudWes97xXpWoTkIpkkkYX7E86kjzWpcLpP_qWEau8YKMC1L7dem8EIigsEIW6geiNBv-aqqewwrR-P-kqm5pIfE0s0jYJy1WqREh3SErYevCpG33zskmX3nz6zs09cbJCJnJo3-O3r1_y1UOmJ3m6pInNui9g=w640-h488" width="640" /></a></div><br /><br /><br /><p></p>larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-64719923990163547592023-04-01T11:58:00.000+02:002023-04-01T11:58:37.681+02:00CloudBuilder fails to deploy vCenter during initial deployment<p><b>Background </b><br />When deploying VCF 4.5 you should be able to do that in an air gapped environment that has no access to the internet. In such cases you will need to get updates and such into the environment manually, but it's still a supported solution.</p><p><br /><b>Problem</b><br />When running the initial bring up process deployment will fail with the message: "vCenter installation failed. Check logs for more details.". The vcf-bringup.log file will tell you that the vCenter appliance was deployed and started, but that there's was problem with the time of this appliance. </p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgmR_7Zk5-Nlpvn3v9iiahBb6VFULqrKMO4lbLU3BNwp13GQ0KMMb6Bb1cFrcJu5yetNrYHYhaS4RGDaH1dpbkeaLl8t5GcrrPl2LK7sK_IMRnnaY4kAohtOrKY2QYGHnXcsa_feO3nNTkl_GmbNaVrmrUHV_3pqptfIJp9QsqwbLqjfSaEIJ4TUtik" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1240" data-original-width="1908" height="260" src="https://blogger.googleusercontent.com/img/a/AVvXsEgmR_7Zk5-Nlpvn3v9iiahBb6VFULqrKMO4lbLU3BNwp13GQ0KMMb6Bb1cFrcJu5yetNrYHYhaS4RGDaH1dpbkeaLl8t5GcrrPl2LK7sK_IMRnnaY4kAohtOrKY2QYGHnXcsa_feO3nNTkl_GmbNaVrmrUHV_3pqptfIJp9QsqwbLqjfSaEIJ4TUtik=w400-h260" width="400" /></a></div>The ntp parameters you have specified in your spreadsheet have been populated correctly in /etc/ntp.conf of the Cloud Builder appliance, but the logs show that it's trying to connect to the Google ntp servers.<br /><br /><p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhEs2QHSvQ6BfZ7TGrBC3RlFvXnLId9PizcesMsUadFJEd2_WzJl8DgZ27DzTNb613aXGTipJc-Dud1D5PTI8-tIJPLACK3jw2qXA9OxZahDUG0nfIx5J7W_hFytMIcSs6mNvPH8O75qoqMBG-YM5I9_xYY6S5H2hyJOslotwSPAoGu_b31usntBpND" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="665" data-original-width="1203" height="221" src="https://blogger.googleusercontent.com/img/a/AVvXsEhEs2QHSvQ6BfZ7TGrBC3RlFvXnLId9PizcesMsUadFJEd2_WzJl8DgZ27DzTNb613aXGTipJc-Dud1D5PTI8-tIJPLACK3jw2qXA9OxZahDUG0nfIx5J7W_hFytMIcSs6mNvPH8O75qoqMBG-YM5I9_xYY6S5H2hyJOslotwSPAoGu_b31usntBpND=w400-h221" width="400" /></a></div><br /><p></p><p><b>Workaround</b></p><p>The only solution we've found so far is to either impersonate Google's ntp entries in dns or to open the firewall and let Cloud Builder communicate with these external servers. Cloud Builder is only used during bring up so these workarounds can be reverted once the environment is up and running. </p>larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-8987561040769868652023-03-01T23:05:00.002+01:002023-03-16T22:26:45.312+01:00LPe12000 and other old Emulex cards are unsupported if you patch ESXi 7.0U3<p> <b>Background</b></p><p>In January 2020 <a href="https://www.mouser.com/PCN/Broadcom_Limited_PCN_V20_011701_ECD_0A.pdf" target="_blank">Broadcom announced</a> that a series of Emulex cards would soon go End Of Life. They have however worked fine in VMware ESXi until recently, including 7.0U3d. </p><p><b>Problem</b></p><p>If you <a href="https://support.hpe.com/hpesc/public/docDisplay?docId=sf000090047en_us" target="_blank">patch</a> your ESXi 7 host with the <a href="https://communities.vmware.com/t5/ESXi-Discussions/ESXi-7-0-3-u3f-doesn-t-work-with-Emulex-LPe12000-S-8Gb-Fibre/td-p/2919484">latest</a> patches the lpfc driver will be replaced by one that doesn't support these old cards and you will no longer see your FC LUNs (vmfs datastores & RDM disks). The driver will be upgraded from <a href="https://docs.broadcom.com/doc/12399255" target="_blank">14.0.169.25</a> to <a href="https://docs.broadcom.com/doc/elx_DRVVM-RN1404-100.pdf" target="_blank">14.0.543.0</a>. We've also found that installing ESXi 7.0U3j comes with a non-working driver.</p><p><b>Solution</b></p><p>Using <a href="https://www.vmware.com/resources/compatibility/search.php" target="_blank">supported hardware</a> is always recommended. Swapping these old cards with newer ones would be optimal.</p><p><b>Workaround</b></p><p><a href="https://kb.vmware.com/s/article/2008939" target="_blank">Installing</a> an <a href="https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/esx/vmw/vib20/lpfc/VMW_bootbank_lpfc_14.0.169.25-5vmw.703.0.35.19482537.vib">old driver</a> (right click this link, Save As) that still supports old hardware is possible and you will then see your LUNs again.</p><p><b>Detection</b></p><p>In order to identify where this problem will occur before patching I used the following PowerCLI script:</p><p><span style="background-color: black; color: #04ff00; font-family: courier; font-size: x-small;">$vmhosts = get-vmhost|sort-object</span></p><p><span style="background-color: black; color: #04ff00; font-family: courier; font-size: x-small;">foreach($vmhost in $vmhosts){</span></p><p><span style="background-color: black; color: #04ff00; font-family: courier; font-size: x-small;"> $devices = Get-VMHostHba -VMHost $vmhost.Name | Where-Object </span><span style="background-color: black; color: #04ff00; font-family: courier; font-size: x-small;">{$_.Model -match "3530C|LPe1605|LPe12004|LPe12000|LPe12002|SN1000E"}</span></p><p><span style="background-color: black; color: #04ff00; font-family: courier; font-size: x-small;"> foreach ($device in $devices) {</span></p><p><span style="background-color: black; color: #04ff00; font-family: courier; font-size: x-small;"> Write-Output "$vmhost - $($device.Model) device with WWN $($device.PortWorldWideName)"</span></p><p><span style="background-color: black; color: #04ff00; font-family: courier; font-size: x-small;"> }</span></p><p><span style="background-color: black; color: #04ff00; font-family: courier; font-size: x-small;"> }</span></p><p></p><div class="separator" style="clear: both; text-align: left;">This script will check the HBAs of all of your ESXi hosts and you'll get a listing similar to this:<a href="https://blogger.googleusercontent.com/img/a/AVvXsEgj8Y7Ajtq5vYGRrRDIyE0fO0pp5eENILVHQTj27V-MneTYga50rdh36PlQVKF7DIHZB0dT2CYpIrF3AXUaDFyV4ikXKBZaGOXKbamxpn9_sM0ZPye__7lUAQSOqIx4sFY37h_ZX5AvwC2yv-xp75S8S4jH-8GvhJGt7ru3WNqQ2iBBO61HXiD4YRcN" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="159" data-original-width="910" height="112" src="https://blogger.googleusercontent.com/img/a/AVvXsEgj8Y7Ajtq5vYGRrRDIyE0fO0pp5eENILVHQTj27V-MneTYga50rdh36PlQVKF7DIHZB0dT2CYpIrF3AXUaDFyV4ikXKBZaGOXKbamxpn9_sM0ZPye__7lUAQSOqIx4sFY37h_ZX5AvwC2yv-xp75S8S4jH-8GvhJGt7ru3WNqQ2iBBO61HXiD4YRcN=w640-h112" width="640" /></a></div><br /><b>Reflection</b><br /><div>It's highly unusual that a device gets unsupported while patching a version of ESXi. As far as I can recall we have only seen devices being discontinued between major or minor versions of ESXi, not while installing non-critical patches.<br /><p></p><p><br /></p><p><br /></p></div>larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-39535940726074109152022-05-04T09:21:00.000+02:002022-05-04T09:21:02.722+02:00Horizon Client 8.5 crashing on Linux<p><b>Background</b></p><p>After upgrading from version 8.4 the Horizon Client was unable launch correctly. Launching it from the command line showed a segmentation fault:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhP1z4Uu_lPOwlRyVcekyVx2yaQpzc0ylPjj7ROzVhPYVmNriq9pHEO79kBWwFruFkkqdeEVllh1RATPZTxQ32cSeUgPc78BDJhXzGQrm2Ji718hdy_N-rczAI-_a3dKMwtT2VnLjB54iMYzEwb_C3qyIHeYS3Ck9mRtPfkRUk5o5dsnfqUSYLLBbdd/s2968/ksnip_20220504-075047.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="794" data-original-width="2968" height="173" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhP1z4Uu_lPOwlRyVcekyVx2yaQpzc0ylPjj7ROzVhPYVmNriq9pHEO79kBWwFruFkkqdeEVllh1RATPZTxQ32cSeUgPc78BDJhXzGQrm2Ji718hdy_N-rczAI-_a3dKMwtT2VnLjB54iMYzEwb_C3qyIHeYS3Ck9mRtPfkRUk5o5dsnfqUSYLLBbdd/w640-h173/ksnip_20220504-075047.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>I'm using Ubuntu 20.04 LTS, but other related distros may also be affected.<p></p><p><br /><b>Solution</b></p><p>It turned out that Reddit user <a href="https://www.reddit.com/user/Zixyar/">Zixyar</a> had already <a href="https://www.reddit.com/r/VMwareHorizon/comments/u11y1w/segmentation_fault_on_linux_303/">found</a> that you could solve this problem by editing the file /etc/pam.d/lightdm and uncommenting the line:</p><p>#session required pam_loginuid.so</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjedj7X-eq-Qop2Rf8me6mzNbvoWqSPs0BlmpxnZOKJsU6a9vkYQo1OYl6OQRi0IrNE1-gWZ3HYvL7_wUd7yvX62EjIOiCL_4r9LBNswiMhHN5CQg0AEiNPqFVl569v5_jcOrdWOoucHH68MgiH6nbhTQWTfNMvuBbN_CUHq3NL2sbwrP0mbCMIsAlL/s744/ksnip_20220504-090439.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="300" data-original-width="744" height="258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjedj7X-eq-Qop2Rf8me6mzNbvoWqSPs0BlmpxnZOKJsU6a9vkYQo1OYl6OQRi0IrNE1-gWZ3HYvL7_wUd7yvX62EjIOiCL_4r9LBNswiMhHN5CQg0AEiNPqFVl569v5_jcOrdWOoucHH68MgiH6nbhTQWTfNMvuBbN_CUHq3NL2sbwrP0mbCMIsAlL/w640-h258/ksnip_20220504-090439.png" width="640" /></a></div><br /><p>After rebooting I was able to use the Horizon client 8.5 (2203-8.5.0-19586897) without problems.</p>larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-11331522246717610502021-05-17T18:32:00.000+02:002021-05-17T18:32:17.921+02:00Priority tagging of vSAN traffic<p><b> Background</b></p><p>According to Cisco COS is <a href="https://community.cisco.com/t5/networking-documents/cos-class-of-service/ta-p/3115738">defined as</a> "Class of Service (CoS) or Quality of Service (QoS) is a way to manage multiple traffic profiles over a network by giving certain types of traffic priority over others. "</p><p>Note that there's also a similar technology called <a href="https://www.erg.abdn.ac.uk/users/gorry/eg3567/inet-pages/dscp.html">DSCP</a> that can used in more or less the same way.</p><p>When using a vSphere Distributed Switch it's <a href="https://docs.vmware.com/en/VMware-Validated-Design/5.0/com.vmware.vvd.sddc-design.doc/GUID-0E38FEDC-544D-4A67-AD54-51522AA061E8.html">possible to configure</a> <a href="https://download3.vmware.com/vcat/vmw-vcloud-architecture-toolkit-spv1-webworks/index.html#page/Storage%20and%20Availability/Architecting%20VMware%20vSAN%206.2/Architecting%20Virtual%20SAN%206.2.2.080.html">this</a> and create fairly granular rules per Port Group. It's not at all limited to vSAN traffic even though that was our use case.</p><p><b>Task</b></p><p>I was asked by the networking guys if we could enable this functionality for vSAN traffic by setting COS=3.</p><p><b>Solution</b></p><p>Identify the port group associated with the vmkernel adapter used by vSAN and choose <i>Edit Settings</i>. / Advanced and enable Traffic filtering and marking. </p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-IxR78SiP27s/YKGg2ZYWnfI/AAAAAAAGNFA/6tUSZpTSdwkWb901utbg68JtAqJsGTgCQCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="662" data-original-width="1000" height="424" src="https://lh3.googleusercontent.com/-IxR78SiP27s/YKGg2ZYWnfI/AAAAAAAGNFA/6tUSZpTSdwkWb901utbg68JtAqJsGTgCQCLcBGAsYHQ/w640-h424/image.png" width="640" /></a></div><br />At configure level for the port group you will need to create the rule as outlined in the following steps:<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-_RFGU9rAAiI/YKGhTeBV1dI/AAAAAAAGNFI/OHDyGRjN-A4v2SL0Hx3rSMxto2ra2i8twCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="346" data-original-width="768" height="288" src="https://lh3.googleusercontent.com/-_RFGU9rAAiI/YKGhTeBV1dI/AAAAAAAGNFI/OHDyGRjN-A4v2SL0Hx3rSMxto2ra2i8twCLcBGAsYHQ/w640-h288/image.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-0eyyNhTaPl8/YKGhzJL8TNI/AAAAAAAGNFQ/uT9wFNjSaRE_nUicqYdNaGqhTv97hnsFQCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="536" data-original-width="868" height="396" src="https://lh3.googleusercontent.com/-0eyyNhTaPl8/YKGhzJL8TNI/AAAAAAAGNFQ/uT9wFNjSaRE_nUicqYdNaGqhTv97hnsFQCLcBGAsYHQ/w640-h396/image.png" width="640" /></a></div><br /><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-JB5-bZH3kLI/YKGi1DrBXQI/AAAAAAAGNFc/uAsZmXNlN7oxJU-UJJIYg-5p9sm20Dr6QCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="300" data-original-width="1199" height="160" src="https://lh3.googleusercontent.com/-JB5-bZH3kLI/YKGi1DrBXQI/AAAAAAAGNFc/uAsZmXNlN7oxJU-UJJIYg-5p9sm20Dr6QCLcBGAsYHQ/w640-h160/image.png" width="640" /></a></div><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-BMwdzJ1nJI8/YKGjJCskrqI/AAAAAAAGNFo/SLmN3d5X5Vc7sdHoO417rZDinOI6gAwqgCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="590" data-original-width="876" height="432" src="https://lh3.googleusercontent.com/-BMwdzJ1nJI8/YKGjJCskrqI/AAAAAAAGNFo/SLmN3d5X5Vc7sdHoO417rZDinOI6gAwqgCLcBGAsYHQ/w640-h432/image.png" width="640" /></a></div><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-MjXKiWtPMR8/YKGjWPov0iI/AAAAAAAGNFs/zni1w7CWg5YrOO3WpMFyhXMjc-1Etp90QCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="226" data-original-width="1167" height="124" src="https://lh3.googleusercontent.com/-MjXKiWtPMR8/YKGjWPov0iI/AAAAAAAGNFs/zni1w7CWg5YrOO3WpMFyhXMjc-1Etp90QCLcBGAsYHQ/w640-h124/image.png" width="640" /></a></div><div><br /></div>Now that it was turned on it was instantly visible to the networking guys as they started seeing traffic within UC3 (Priority Group 3).<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-dF4ESDY8Em8/YKKI7dIF_2I/AAAAAAAGNJo/Amisjvnct8wtU3fJTFS9dytHz7dzat47wCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="94" data-original-width="547" height="55" src="https://lh3.googleusercontent.com/-dF4ESDY8Em8/YKKI7dIF_2I/AAAAAAAGNJo/Amisjvnct8wtU3fJTFS9dytHz7dzat47wCLcBGAsYHQ/image.png" width="320" /></a></div><br /><br /><p></p>larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-16456582381673459692021-04-19T08:19:00.000+02:002021-04-19T08:19:16.924+02:00Autoinstall physical NSX Edge with custom passwords<p><b>Background</b></p><p>Setting up NSX Edge in an automatic way with a custom password is a good idea because by default you get a default password that needs to be changed at first login. If you're planning on using an extra strong password, setting it through iDRAC (or similar) can be a bit awkward. If you're using a non-english keyboard layout (like me) it can be even more non-trivial to hit the correct special characters.</p><p><b>Problem</b></p><p>1. We had a problem getting the physical Dell R640 server with Mellanox 25GbE nics to boot from PXE. It would say "Booting from PXE Device 1: Integrated NIC 1 Port 1 Partition 1 Downloading NBP file... NBP File downloaded successfully. Boot: Failed PXE Device 1: Integrated NIC 1 Port 1 Partition 1 No boot device available or Operating system detected. Please ensure a compatible bootable media is available."</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-3hTUmqSEAUI/YHyJyM_BW5I/AAAAAAAGMR4/mPtO2f1M3DgntRMomBr6mnZon5PDjNB7gCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="648" data-original-width="759" height="342" src="https://lh3.googleusercontent.com/-3hTUmqSEAUI/YHyJyM_BW5I/AAAAAAAGMR4/mPtO2f1M3DgntRMomBr6mnZon5PDjNB7gCLcBGAsYHQ/w400-h342/image.png" width="400" /></a></div><br /><br /><p></p><p>2. VMware has provided us with a <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/installation/GUID-19CF848D-51F4-40F1-9EDB-1DD3C2935F59.html">nice 19 step document</a> that guides us through the needed steps for setting up everything we need. The optional step <b>16</b> of setting a non-default password is however a bit misleading (probably referring to an older version of NSX?) and doesn't quite work.</p><p><b>Solution</b></p><p>1. In order to get the physical server to PXE boot we had to <a href="https://www.dell.com/community/PowerEdge-Hardware-General/Dell-M630-PXE-boot-Fails/td-p/5086530">change the boot mode</a> from UEFI to BIOS.</p><p>2. I had a case open for months without a resolution. In the end I started studying the <a href="https://www.debian.org/releases/jessie/amd64/apbs05.html.en">Debian manuals</a> (that the NSX Edge installer is based upon). I eventually found a working solution. It turned out that adding the following commands to preseed.cfg right after the "di passwd/root..." line gave a working config:</p><div style="text-align: left;"><span style="font-family: courier; font-size: xx-small;">d-i preseed/late_command string \<br /> in-target usermod --password 'insert non escaped password hash here' root;\<br /> in-target usermod --password 'non escaped password hash' admin</span></div><div>You will need to create the password hash using <i>mkpasswd -m sha-512</i> as described in the original 19 step document.</div><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-zCFON43MY9M/YHyVuoNn0JI/AAAAAAAGMSA/Nf574a4Hso0DA-I4UugskCRpozNbjZLQwCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="386" data-original-width="1550" height="159" src="https://lh3.googleusercontent.com/-zCFON43MY9M/YHyVuoNn0JI/AAAAAAAGMSA/Nf574a4Hso0DA-I4UugskCRpozNbjZLQwCLcBGAsYHQ/w640-h159/image.png" width="640" /></a></div><br /><br /><p></p>larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-55382711303613961752021-04-15T21:00:00.001+02:002021-04-16T00:42:13.863+02:00vSAN critical alert regarding a potential data inconsistency and maintenance mode problems after upgrade to 7.0U1<p><b>Background</b></p><p>Versions involved: </p><p>VMware ESXi, 7.0.1, 17325551, DEL-ESXi-701_17325551-A01</p><p>vCenter 7.0U1 Build 17491160</p><p>vCenter and ESXi hosts were upgraded from 6.7U3 to 7.0U1c an the vSAN disk format was upgraded to version 13.</p><p><b>Problem</b></p><p>After upgrading many clusters from 6.7U3 to 7.0U1c and upgrading the vSAN format to 13 we experienced a health warning after the upgrade.</p><p>The error message in Skyline Health was "vSAN critical alert regarding a potential data inconsistency"</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-edUD8hpdmD8/YF2f3n-npmI/AAAAAAAGLjo/KmCSWhlQwxkWrEqjrluLDb_PPwB1CtkxQCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="344" data-original-width="1344" height="82" src="https://lh3.googleusercontent.com/-edUD8hpdmD8/YF2f3n-npmI/AAAAAAAGLjo/KmCSWhlQwxkWrEqjrluLDb_PPwB1CtkxQCLcBGAsYHQ/image.png" width="320" /></a></div><br /><i>For almost all clusters this error would <b>fix itself</b> within 60 minutes after the upgrade (typically in a much shorter time).</i><div><br /></div><div>For one of our clusters this error did however stick and we were unable to put any hosts within this cluster in maintenance mode.<br /><p></p><p>Trying to put a host in maintenance mode would fail after 1 hour. Before failing it would stop at a high percentage between 80 and even at 100% with a message "Objects Evacuated xxx of yyy. Data Evacuated xxx MB of yyy MB".</p><p>It's worth mentioning that this cluster had an active Horizon environment running during the upgrade and we suspect that it's constant tasks of creating and removing VMs has contributed to this problem.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-AN5bK09u6B8/YF2UoOta8iI/AAAAAAAGLjg/pSLJhkenHmMgQbOBy-I2m6hzY1NymuqJACLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="84" data-original-width="1213" height="44" src="https://lh3.googleusercontent.com/-AN5bK09u6B8/YF2UoOta8iI/AAAAAAAGLjg/pSLJhkenHmMgQbOBy-I2m6hzY1NymuqJACLcBGAsYHQ/w640-h44/image.png" width="640" /></a></div><br /><br /><p></p><p><b>Solution</b></p><p>We found a kb article with a similar error message even though we haven't changed the storage policy of any VMs for a long time (but Horizon might have done something like that behind the scenes): <a href="https://kb.vmware.com/s/article/82383">https://kb.vmware.com/s/article/82383</a></p><p>This article states this is a rare issue, but we found a <a href="https://smallrich.tistory.com/62">korean page</a> referring this same issue. The VMware kb article has a python script that you will need to run on each host involved. After running the python script we were able to put hosts in maintenance mode and do 7.x single image patching.</p><p>We asked VMware support if it was a good idea that we had changed this setting and their response was "Yes, if you want the DeltaComponent functionality going forward then please change it back to 1. The delta component makes a temporary component when there are maintenance mode issues."</p><p>Because of this we decided to change the value back and wrote a powershell script instead of running a python script on each host:</p><p></p><blockquote><p><span style="font-family: courier;">param (</span></p><p><span style="font-family: courier;"> [string]$clustername = $( Read-Host "Enter cluster name:" )</span></p><p><span style="font-family: courier;"> )</span></p><p><span style="font-family: courier;">get-cluster $clustername|Get-VMHost| Get-AdvancedSetting -Name "VSAN.DeltaComponent"| Set-AdvancedSetting -Value 1 -Confirm:$false</span></p><p></p></blockquote><p>As we've only found a single article on this issue (in Korean) I guess this issue is indeed quite rare, but if it happens again we now know what to do.</p><p><br /></p></div>larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-42040000793263370372020-12-02T00:24:00.021+01:002020-12-03T10:29:49.567+01:00How to check BIOS Power management settings of ESXi hosts<div><b>Background</b></div>The performance of your workload will possibly be greatly affected by the power saving settings of your hosts. There are power saving settings both in the vSphere client¹, in the BIOS of the hosts² and inside the VMs³. This can cause much confuzion and there are a number of articles related to this issue:<br />
<a href="https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.resmgmt.doc/GUID-F48D75C7-2461-4643-8A3A-B0383146F3AA.html">Select a CPU Power Management Policy</a><br />
<a href="https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/performance/vsphere-esxi-vcenter-server-67-performance-best-practices.pdf">Performance Best Practices for VMware vSphere 6.7</a><br />
<a href="https://kb.vmware.com/s/article/1018206">Virtual machine application runs slower than expected in ESXi (1018206)</a><br />
<a href="https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/solutions/sql-server-on-vmware-best-practices-guide.pdf">ARCHITECTING MICROSOFT SQL SERVER ON VMWARE VSPHERE®</a><br />
<br />
The root cause of the problem is that servers are normally shipped with a BIOS setting of Balanced power saving. This means that <a href="https://www.hardwaresecrets.com/everything-you-need-to-know-about-the-cpu-c-states-power-saving-modes/">C states</a> are enabled in order to make the cpus sleep whenever they are idle.<br />
<br />
You use the vSphere client to check the settings of your BIOS (ESXi host / Configure / Hardware - Power Management) and you can also configure how ESXi should treat power savings.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-HBsDZVzKes4/XaxLFnXjLLI/AAAAAAAFzPY/H7wZUTV3NxkA212cWghegAAMVYBbHQJIgCLcBGAsYHQ/s1600/Selection_799.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="194" data-original-width="632" height="98" src="https://1.bp.blogspot.com/-HBsDZVzKes4/XaxLFnXjLLI/AAAAAAAFzPY/H7wZUTV3NxkA212cWghegAAMVYBbHQJIgCLcBGAsYHQ/s320/Selection_799.jpg" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">Note that in vSphere 7 this option has moved to ESXi host / Configure / Hardware - Overview - Power Management.</div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-2qISstbcoNw/X8bGHrvFQ4I/AAAAAAAGF0U/wOx7ndBD9QI3K3ExNev4l1bDpOBKp04OwCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="248" data-original-width="915" height="87" src="https://lh3.googleusercontent.com/-2qISstbcoNw/X8bGHrvFQ4I/AAAAAAAGF0U/wOx7ndBD9QI3K3ExNev4l1bDpOBKp04OwCLcBGAsYHQ/image.png" width="320" /></a></div><br /><br /></div>
From the example above we can see <a href="https://software.intel.com/en-us/blogs/2008/03/12/c-states-and-p-states-are-very-different">P states</a> are also enabled on this system. P states makes turbo mode work when something requires extra performance, but doesn't need all cores. Many systems tend however to come with only C states enabled. The information seen from the vSphere client does not reveal the level of C states that are configured. C states does not always have a severe impact, but since all systems I have seen so far come with all C states enabled it will normally affect the performance if you see it in the vSphere client.<br />
<br />
The <a href="https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/performance/vsphere-esxi-vcenter-server-67-performance-best-practices.pdf">Performance BP doc</a> says the following:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-cYmCAnVKfSs/XaxQX9jh1vI/AAAAAAAFzPk/2PyJ4qRdi_Qvw8I3KREo9aa9xC30f7lcACLcBGAsYHQ/s1600/Selection_800.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1099" data-original-width="1196" height="294" src="https://1.bp.blogspot.com/-cYmCAnVKfSs/XaxQX9jh1vI/AAAAAAAFzPk/2PyJ4qRdi_Qvw8I3KREo9aa9xC30f7lcACLcBGAsYHQ/s320/Selection_800.jpg" width="320" /></a></div>
<br />
<br />
The SQL BP doc says:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-DeCf8rpKk8o/XaxRFfbwXLI/AAAAAAAFzPs/UG31i1iRQhQ5hGJIhhsAwJtjENcldmcDQCLcBGAsYHQ/s1600/Selection_801.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="107" data-original-width="947" height="36" src="https://1.bp.blogspot.com/-DeCf8rpKk8o/XaxRFfbwXLI/AAAAAAAFzPs/UG31i1iRQhQ5hGJIhhsAwJtjENcldmcDQCLcBGAsYHQ/s320/Selection_801.jpg" width="320" /></a></div>
Both these documents agree on that disabling C states is the way to go (The OS Control mode setting in BIOS typically disables C states and enables P states). <a href="https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmware-sql-server-vsphere55-performance-white-paper.pdf">Earlier</a> versions of this document have suggested disabling saving functionality completely. <br />
<br />
The document <a href="https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmw-tuning-latency-sensitive-workloads-white-paper.pdf">Best Practices for Performance Tuning of Latency-Sensitive Workloads in vSphere Virtual Machines</a> also suggest to set "Power Management Mode to Maximum Performance" in BIOS, disabling Power Management completely.<div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-vJYFCtLcOwk/X8bHSLfGgAI/AAAAAAAGF0g/8_ff4PWl48MEfo8_zX0U1jhjWl94OnvCACLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="377" data-original-width="604" height="200" src="https://lh3.googleusercontent.com/-vJYFCtLcOwk/X8bHSLfGgAI/AAAAAAAGF0g/8_ff4PWl48MEfo8_zX0U1jhjWl94OnvCACLcBGAsYHQ/image.png" width="320" /></a></div><br />The the good old .Net based vSphere client it was only possible to change the settings if either C or P states were available. In the HTML5 client you can set options here even if they are disabled, which doesn't really make much sense.<br />
<br />
Many new servers now also come with a virtualization adapted predefined power scheme that you can choose in BIOS.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-7E-jesIoAHc/Xax6H0cnG7I/AAAAAAAFzP4/_1FkJTTHMUkjVGs5rPjyvCaAuCpH3blMACLcBGAsYHQ/s1600/Selection_759.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="569" data-original-width="1600" height="113" src="https://1.bp.blogspot.com/-7E-jesIoAHc/Xax6H0cnG7I/AAAAAAAFzP4/_1FkJTTHMUkjVGs5rPjyvCaAuCpH3blMACLcBGAsYHQ/s320/Selection_759.jpg" width="320" /></a></div>
<br />
When you buy servers today it's also possible to specify to make this setting the default one and then all the servers will come correctly preconfigured.</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-OfViWnlwkOE/X8bQRnxngYI/AAAAAAAGF0s/Avy67QkC8-MTpxazi_UB1vp2ANToWVGxQCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="100" data-original-width="393" height="81" src="https://lh3.googleusercontent.com/-OfViWnlwkOE/X8bQRnxngYI/AAAAAAAGF0s/Avy67QkC8-MTpxazi_UB1vp2ANToWVGxQCLcBGAsYHQ/image.png" width="320" /></a></div><br /><br /><br /></div><div><b>Problem</b></div><div>Even if all your servers at one point had the BIOS settings set to Full Performance, you may at a later point see that not all servers perform equally good. I have seen that replacement of motherboards will normally lead to a Balanced power saving setting (and degraded performance).</div><div><br /></div><div><b>Solution</b></div><div>With <a href="https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Power-saving-settings/m-p/506951" target="_blank">Powershell</a> you can easily identify servers that has C or P states enabled.</div><div><div><span style="font-family: courier; font-size: x-small;">Get-VMHost | Sort | Select Name,</span></div><div><span style="font-family: courier; font-size: x-small;"><div> @{ N='HW Support';</div><div> E={$_.ExtensionData.Hardware.CpuPowerManagementInfo.HardwareSupport}}</div><div><br /></div></span></div><div><br /></div><div>When you run it agains your clusters it will tell you if the ESXi hosts has any of these power states enabled in the BIOS:</div></div><div><br /></div><div><div><span style="font-family: courier; font-size: x-small;">C:\> get-biospowersettings.ps1</span></div><div><span style="font-family: courier; font-size: x-small;">Name HW Support</span></div><div><span style="font-family: courier; font-size: x-small;">---- ----------</span></div><div><span style="font-family: courier; font-size: x-small;">esxa001.mydomain.com ACPI C-states</span></div><div><span style="font-family: courier; font-size: x-small;">esxa002.mydomain.com </span></div><div><span style="font-family: courier; font-size: x-small;">esxb001.mydomain.com ACPI P-states</span></div><div><span style="font-family: courier; font-size: x-small;">esxb002.mydomain.com ACPI P-states</span></div><div><span style="font-family: courier; font-size: x-small;">esxc044.mydomain.com ACPI C-states</span></div><div><span style="font-family: courier; font-size: x-small;">esxc047.mydomain.com ACPI C-states</span></div></div><div><br /></div><div>As we can see from this output one of the host has no output. This means that it has power saving disabled in the BIOS. The ones with C states probably has a default setting of Balanced (gives poor performance) and the ones with P states have probably been manually configured to take advantage of cpu Turbo modes. For most workloads (and lowest latency) you will probably want to disable power saving in the BIOS and have a blank result here.</div><div><br /></div>larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-88769875591057809052019-02-24T14:21:00.000+01:002019-02-24T14:23:35.324+01:00Quick boot and hba driver updates<b>Background</b><br />
vSphere 6.7 introduced a new feature called <a href="https://docs.vmware.com/en/vSphere/6.7/solutions/vSphere-6.7.2cd6d2a77980cc623caa6062f3c89362/GUID-C24E75DCBEE72CA989811E0ED3F0DB27.html">Quick Boot</a> that reboots ESXi of certain server models without going into <a href="https://en.wikipedia.org/wiki/Power-on_self-test">POST</a>. This can <a href="https://www.reddit.com/r/sysadmin/comments/818pin/slow_post_with_dell_poweredge_r720_and_windows/">save</a> <a href="http://www.running-system.com/hpe-starting-drivers-please-wait-bios-p89-v2-40-spp-201704/">quite</a> a <a href="https://serverfault.com/questions/303918/ibm-server-takes-a-long-time-to-boot-past-uefi-to-os">bit</a> of time as many servers can spend several minutes during POST. In clusters with many servers this means we can save hours or even days during a year of updates and reboots.<br />
<br />
<b>Problem</b><br />
When using vSAN it's very important that you follow the HCL in regards to using supported firmware+driver versions. We had a newly installed vSAN cluster with servers in a non-supported state. Because of this we used Update Manager to deploy a supported driver. The driver was installed, but the server never came up again. When we checked the console of the first host we saw the error message: "LoadESX in progress".<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-Hp-usPs3_0g/XHKZAQTpnVI/AAAAAAAFgkY/F7vT4NoexWQb4SGvn4CqyOLrNipSDEvhQCLcBGAs/s1600/LoadESX%2Bin%2BProgress.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="422" data-original-width="638" height="211" src="https://2.bp.blogspot.com/-Hp-usPs3_0g/XHKZAQTpnVI/AAAAAAAFgkY/F7vT4NoexWQb4SGvn4CqyOLrNipSDEvhQCLcBGAs/s320/LoadESX%2Bin%2BProgress.png" width="320" /></a></div>
If we reset the power of the server it would complete POST and boot up with the new driver installed.<br />
<br />
<b>Solution</b><br />
Disabling Quick Boot (from the Update Manager configuration) solved this problem and we were able to get all servers in our cluster up to date without any problems.larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-83352138639768209182018-09-07T13:14:00.000+02:002018-11-22T13:51:37.669+01:00"Status of other host hardware objects" on HPE Gen10 servers<b>Problem</b><br />
On HPE Gen10 servers we have observed several error messages in hardware monitoring and VMware vCenter reports these as a critical problem.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-nOPhoEh7y7E/W5JW5ZbI2AI/AAAAAAAFYyM/-6to-n0QAqAbkWQAOp5ICMrDGfhx8UnkACLcBGAs/s1600/Selection_321.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Device IO Module 4 NIC_Link_01P4" border="0" data-original-height="345" data-original-width="893" height="123" src="https://3.bp.blogspot.com/-nOPhoEh7y7E/W5JW5ZbI2AI/AAAAAAAFYyM/-6to-n0QAqAbkWQAOp5ICMrDGfhx8UnkACLcBGAs/s320/Selection_321.jpg" title="" width="320" /></a></div>
This problem <a href="https://www.reddit.com/r/vmware/comments/93ogy2/status_of_other_host_hardware_objects_after/">has been reported</a> on both vSphere 6.5 and 6.7.<br />
<br />
<b>Solution</b><br />
<i><span style="font-family: Verdana, sans-serif;">Update 21Nov2018: This issue has been fixed in ILO version 1.37: <a href="https://vmoller.dk/index.php/2018/11/17/lom-warning-in-vmware-on-hpe-gen10-servers/">https://vmoller.dk/index.php/2018/11/17/lom-warning-in-vmware-on-hpe-gen10-servers/</a></span></i><br />
<i><br /></i>
It turned out that the servers that had this problem were using <a href="https://support.hpe.com/hpesc/public/home/driverHome?sp4ts.oid=1010145741">ILO version</a> 1.30 and 1.35 while the servers that did not have this problem were using ILO <a href="https://support.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1010145741&swItemId=MTX_156ef46ee1974c5c962c489960&swEnvOid=4184">1.20</a>. After downgrading ILO to version 1.20 the problem was resolved. Hopefully this will be fixed in a future version.<br />
<br />
<br />
Downgrading ILO is a <a href="https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00019259en_us">new feature</a> of ILO 5:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-6I48pGCgny4/W5JYsTfIfjI/AAAAAAAFYyY/DobDtvkXSxE0O0T1TwcZoUBTtp9t5y3mQCLcBGAs/s1600/Selection_353.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="The components can be organized in to install sets and can be used to rollback/Patch faulty firmware" border="0" data-original-height="154" data-original-width="986" height="49" src="https://3.bp.blogspot.com/-6I48pGCgny4/W5JYsTfIfjI/AAAAAAAFYyY/DobDtvkXSxE0O0T1TwcZoUBTtp9t5y3mQCLcBGAs/s320/Selection_353.jpg" title="" width="320" /></a></div>
Note that while you can upgrade ILO directly with the Update Firmware functionality, you can't downgrade it the same way. In order to be able to downgrade ILO you must upload it to the ILO Repository first. Once it has been uploaded you can downgrade the ILO firmware.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-7qguxX6pe3E/W5JZpVdtxiI/AAAAAAAFYyg/W_2yeTbPe0IBsue5RvspWVl90lRNm-n7ACLcBGAs/s1600/Selection_340.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="831" data-original-width="1381" height="192" src="https://4.bp.blogspot.com/-7qguxX6pe3E/W5JZpVdtxiI/AAAAAAAFYyg/W_2yeTbPe0IBsue5RvspWVl90lRNm-n7ACLcBGAs/s320/Selection_340.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-XjvGlECL5fE/W5JZ1CLTwII/AAAAAAAFYys/LO95VdPvYSoES_ZLanJ1f64eNIqjrDAbwCLcBGAs/s1600/Selection_341.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="493" data-original-width="527" height="298" src="https://3.bp.blogspot.com/-XjvGlECL5fE/W5JZ1CLTwII/AAAAAAAFYys/LO95VdPvYSoES_ZLanJ1f64eNIqjrDAbwCLcBGAs/s320/Selection_341.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-1F3J4x5ICH8/W5JZ1Ey7GAI/AAAAAAAFYyo/zs7coeFQ0Sguw8ohhDxd21q_Ogc84BPHQCLcBGAs/s1600/Selection_342.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="321" data-original-width="752" height="136" src="https://2.bp.blogspot.com/-1F3J4x5ICH8/W5JZ1Ey7GAI/AAAAAAAFYyo/zs7coeFQ0Sguw8ohhDxd21q_Ogc84BPHQCLcBGAs/s320/Selection_342.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-HrbCrdfPNo0/W5JZ1GnM12I/AAAAAAAFYyw/T88mYmhyo4QqF3Z4Tnuk1_GVh-hyCZzOwCLcBGAs/s1600/Selection_343.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="245" data-original-width="836" height="93" src="https://2.bp.blogspot.com/-HrbCrdfPNo0/W5JZ1GnM12I/AAAAAAAFYyw/T88mYmhyo4QqF3Z4Tnuk1_GVh-hyCZzOwCLcBGAs/s320/Selection_343.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-K04RktcZqF0/W5JZ1rGAsRI/AAAAAAAFYy0/aqaUiRwXFz0vUyUalCabLQFDlmuAgLlqACLcBGAs/s1600/Selection_344.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="795" data-original-width="902" height="282" src="https://1.bp.blogspot.com/-K04RktcZqF0/W5JZ1rGAsRI/AAAAAAAFYy0/aqaUiRwXFz0vUyUalCabLQFDlmuAgLlqACLcBGAs/s320/Selection_344.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-RuE_GfI39bU/W5JaMeV6WTI/AAAAAAAFYzI/ZT-mCb6CuyEnUwIAVaq4DekSVwXVhULmwCLcBGAs/s1600/Selection_345.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="804" data-original-width="889" height="289" src="https://3.bp.blogspot.com/-RuE_GfI39bU/W5JaMeV6WTI/AAAAAAAFYzI/ZT-mCb6CuyEnUwIAVaq4DekSVwXVhULmwCLcBGAs/s320/Selection_345.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-_Uiu2ZnXf3o/W5Jaffgos5I/AAAAAAAFYzU/LZiJAXmrkR0DHpSeIGCbV0DWPOuZCcvrwCLcBGAs/s1600/Selection_346.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="588" data-original-width="764" height="246" src="https://2.bp.blogspot.com/-_Uiu2ZnXf3o/W5Jaffgos5I/AAAAAAAFYzU/LZiJAXmrkR0DHpSeIGCbV0DWPOuZCcvrwCLcBGAs/s320/Selection_346.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-tBIpEwPVsXw/W5JafKQx0BI/AAAAAAAFYzQ/qzCN6lf_F28YAxrvqxo3qCLyY5XCAnIBgCLcBGAs/s1600/Selection_347.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="268" data-original-width="869" height="98" src="https://4.bp.blogspot.com/-tBIpEwPVsXw/W5JafKQx0BI/AAAAAAAFYzQ/qzCN6lf_F28YAxrvqxo3qCLyY5XCAnIBgCLcBGAs/s320/Selection_347.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-wXSDfl_asN8/W5JWgWtGwxI/AAAAAAAFYyI/VVBMunAvGf0iy52feqDuN8uufMIzkbSAACEwYBhgL/s1600/Selection_351.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="257" data-original-width="1087" height="75" src="https://1.bp.blogspot.com/-wXSDfl_asN8/W5JWgWtGwxI/AAAAAAAFYyI/VVBMunAvGf0iy52feqDuN8uufMIzkbSAACEwYBhgL/s320/Selection_351.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-oWyfqfGVcxY/W5JawgP_EII/AAAAAAAFYzg/08yrTDBtxW8Gaj5Dd-_qUNDKx81lzNLOQCLcBGAs/s1600/Selection_348.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="285" data-original-width="450" height="202" src="https://4.bp.blogspot.com/-oWyfqfGVcxY/W5JawgP_EII/AAAAAAAFYzg/08yrTDBtxW8Gaj5Dd-_qUNDKx81lzNLOQCLcBGAs/s320/Selection_348.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
After having downgraded ILO you will need to go into each of the ESXi host's hardware status and press the reset sensors button and everything will be fine.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-LalOtNOF8TU/W5JcDaSsGvI/AAAAAAAFYzs/dZP4gpUegkojyB_dpHr30NNVN-FGpLIXACLcBGAs/s1600/Selection_349.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="598" data-original-width="849" height="225" src="https://3.bp.blogspot.com/-LalOtNOF8TU/W5JcDaSsGvI/AAAAAAAFYzs/dZP4gpUegkojyB_dpHr30NNVN-FGpLIXACLcBGAs/s320/Selection_349.jpg" width="320" /></a></div>
<br />larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-52500414030515348272018-06-15T16:32:00.000+02:002018-06-15T16:37:16.419+02:00LLDP not available on Intel X710 running ESXi 6.5U1<b>Problem</b><br />
While setting up 6.5U1 on new HPE DL380 Gen10 servers we could not get LLDP working. We had the error message "Link Layer Discovery Protocol is not available on this physical network adapter."<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-RbtNkBcY-sE/WyO8Crs_rvI/AAAAAAAFSDM/aMGC5A3Kn4we0x15x_AoTRDYHtnfnaJlACEwYBhgL/s1600/Selection_060.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="421" data-original-width="469" height="287" src="https://1.bp.blogspot.com/-RbtNkBcY-sE/WyO8Crs_rvI/AAAAAAAFSDM/aMGC5A3Kn4we0x15x_AoTRDYHtnfnaJlACEwYBhgL/s320/Selection_060.jpg" width="320" /></a></div>
<br />
It looks like the X710 card is doing <a href="https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/xl710-10-40-controller-datasheet.pdf">LLDP in hardware</a>, but I'm not sure why that could be a problem.<br />
<br />
<b><br /></b>
<b>Solution</b><br />
The <a href="https://communities.vmware.com/thread/575459">solution</a> to this problem is as follows:<br />
<br />
<ol>
<li>Upgrade firmware the firmware as provided in <a href="http://h17007.www1.hpe.com/us/en/enterprise/servers/products/service_pack/spp/index.aspx">Service Pack for ProLiant (SPP) Version 2018.03.0</a>, where the <a href="https://downloadcenter.intel.com/product/82947/Intel-Ethernet-Controller-X710-Series">intel firmware</a> version 6.0.1 is provided.</li>
<li>The X710 driver needs to be on version 1.5.6 which is available on the <a href="https://my.vmware.com/web/vmware/details?productId=614&downloadGroup=OEM-ESXI65U1-HPE">HPE Custom Image for ESXi 6.5U1</a>. </li>
<li>You also need to run the following command on each host: <i>esxcli system module parameters set -m i40en -p LLDP=0,0,0,0 </i>where the number of zeros is the number of x710 interfaces in your system.</li>
<li>Reboot</li>
</ol>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-wMZ6s9u0GhI/WyPCR7hJRvI/AAAAAAAFSDU/uZq3iSew5XITUpocdU6_6CInRh_bh3s8ACLcBGAs/s1600/Selection_064.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="405" data-original-width="464" height="278" src="https://2.bp.blogspot.com/-wMZ6s9u0GhI/WyPCR7hJRvI/AAAAAAAFSDU/uZq3iSew5XITUpocdU6_6CInRh_bh3s8ACLcBGAs/s320/Selection_064.jpg" width="320" /></a></div>
<div>
<br /></div>
<br />
<br />
<br />
<br />
<br />
<br />larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com1tag:blogger.com,1999:blog-5670048373005177198.post-35454155617854108972017-10-24T14:21:00.000+02:002017-10-24T14:21:33.613+02:00Accept button greyed out when trying to update VCSA<h2>
Background</h2>
<div>
Updating to new minor versions of VCSA is really simple since all the update functionality is built into the web interface living on port 5480 of the vCenter Server, also known as VAMI (vCenter Appliance Management Interface).</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-54abQkt_r3c/We8v-OqeEGI/AAAAAAAFFDY/FjPDdoQ-5A8Q-HYwMZgW1I1oyGYMo5GQgCLcBGAs/s1600/Selection_048.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="565" data-original-width="1348" height="134" src="https://4.bp.blogspot.com/-54abQkt_r3c/We8v-OqeEGI/AAAAAAAFFDY/FjPDdoQ-5A8Q-HYwMZgW1I1oyGYMo5GQgCLcBGAs/s320/Selection_048.jpg" width="320" /></a></div>
<div>
<br /></div>
<h2>
Problem</h2>
<div>
When trying to upgrade from 6.5.0.10000 Build Number 5973321 to 6.5.0.10100 Build Number 6671409 I wasn't able to click the Accept button because it was greyed out. Clicking the EULA link several times was of no help.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-fq6xJa7lVkg/We8uo6rdt3I/AAAAAAAFFDE/r3iZxvuY_1g62fxIf27B0T2e0QwOpBZfwCLcBGAs/s1600/Selection_031.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="590" data-original-width="944" height="200" src="https://2.bp.blogspot.com/-fq6xJa7lVkg/We8uo6rdt3I/AAAAAAAFFDE/r3iZxvuY_1g62fxIf27B0T2e0QwOpBZfwCLcBGAs/s320/Selection_031.jpg" width="320" /></a></div>
<div>
<br /></div>
<h2>
Solution</h2>
<div>
Switching browser helped. I originally tried using Chrome version 61.0.3163.100. Switching to Firefox version 56 revealed the Accept button and I could proceed with the update..</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-rs0U7Ayzuys/We8vQg6uQhI/AAAAAAAFFDI/gg6SQ93aKfwmWFktz7s3zW1PSf8meaVZQCLcBGAs/s1600/Selection_047.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="451" data-original-width="816" height="176" src="https://3.bp.blogspot.com/-rs0U7Ayzuys/We8vQg6uQhI/AAAAAAAFFDI/gg6SQ93aKfwmWFktz7s3zW1PSf8meaVZQCLcBGAs/s320/Selection_047.jpg" width="320" /></a></div>
<div>
<br /></div>
larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-22394539732569392772017-09-10T17:49:00.000+02:002017-09-17T23:23:00.664+02:00Visibility of private VMware services on the public internet<h2>
Background</h2>
VMware services like <a href="https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-16227288-E2D1-4759-9EF1-321CE634F2AB.html">ESXi hosts and vCenter</a> are services you would normally place in your private networks. Preferably not in your average internal networks, but in your management network along with other services you provide management for. VMs on the other hand are placed in other networks like internal networks, DMZ networks and similar.<br />
<br />
<h2>
Results</h2>
By using Shodan I was able to find <a href="https://www.shodan.io/search?query=9443%2Fvsphere-client%2F">4644 (probable) vCenter Servers</a> (servers with the vsphere web client on port 9443):<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-ExworkwVIk4/WUhRnEqdsFI/AAAAAAAE9Fo/b7zp1_9vd5MQuFOFmuP5eAI99qFsIPu1ACLcBGAs/s1600/Selection_999%2528931%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="902" data-original-width="1319" height="272" src="https://2.bp.blogspot.com/-ExworkwVIk4/WUhRnEqdsFI/AAAAAAAE9Fo/b7zp1_9vd5MQuFOFmuP5eAI99qFsIPu1ACLcBGAs/s400/Selection_999%2528931%2529.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
With the same search engine it's also easy to find computers that are <a href="https://www.shodan.io/search?query=220+MKSDisplayProtocol%3AVNC">hosting VMs</a> (ESXi, Workstation, Player, by looking for computers with VMware Authentication daemon (providing VNC) on port 902) and the number is quite astonishing:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-lpUrgOd3kuE/WUhGq3s3N0I/AAAAAAAE9FY/lRHEtvwVqW4CqOcKpFqPUwwNzFgbcO8pgCLcBGAs/s1600/Selection_999%2528930%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="480" data-original-width="493" height="311" src="https://3.bp.blogspot.com/-lpUrgOd3kuE/WUhGq3s3N0I/AAAAAAAE9FY/lRHEtvwVqW4CqOcKpFqPUwwNzFgbcO8pgCLcBGAs/s320/Selection_999%2528930%2529.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Most of these systems are not identified by OS (only ~3k of ~200k), but I suspect that a big majority here is hosted products and not ESXi hosts. We can also tell by the version of the <a href="https://www.shodan.io/search?query=port%3A902+product%3A%22VMware+Authentication+Daemon%22+version%3A%221.0%22">VMware Autherntication Daemon</a> that some of the systems are dated with <a href="http://www.cvedetails.com/cve/CVE-2009-4811/">pre 2009 versions</a>.<br />
<br />
<br />
<br />
<br />
<br />
We can even <a href="https://www.shodan.io/search?query=ssl%3A%22VMware+default%22">search for the VMware Self Signed certificate</a> that is installed by default by most VMware services:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-SFiq_7z1lMU/WUhDvjDujkI/AAAAAAAE9FM/yFZu2ezZPt4HblFyVmDHpA_VyoEiHVaawCLcBGAs/s1600/Selection_999%2528929%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1040" data-original-width="1307" height="317" src="https://2.bp.blogspot.com/-SFiq_7z1lMU/WUhDvjDujkI/AAAAAAAE9FM/yFZu2ezZPt4HblFyVmDHpA_VyoEiHVaawCLcBGAs/s400/Selection_999%2528929%2529.jpg" width="400" /></a></div>
By looking at the certificate information you're also able to either get the internal ip address or the local hostname of the service.<br />
<div>
<br /></div>
<div>
By monitoring these queries over some time I've observed that the number of systems reported are changing on a semi weekly basis by up to 20%. Some times up and sometimes down.<br />
<br />
By using <a href="https://twitter.com/the_anykey">Richard Garsthagens</a> tool <a href="https://github.com/AnykeyNL/vmware_scanner">https://github.com/AnykeyNL/vmware_scanner</a> you can also reveal that many of these systems are very old.<br />
<h2>
Conclusion</h2>
<div>
That these systems are available on the internet may not seem like a big issue at the moment as things may seem to be working as expected. </div>
<div>
<br /></div>
<div>
The main reason it is not recommended to expose these services is that this is the doorway to manage and control all of your virtual environment. All you need is a valid username and password. Those who have monitored the logs of internet exposed systems know that automated systems will try to login on a regular basis. </div>
<div>
<br /></div>
<div>
We also know that even though some services are regarded safe and have no known security holes over many years they still may turn out with some hole at some point and can potentially give people access without a valid username and password.</div>
<div>
<br /></div>
<div>
Many of the systems exposed seem to be very old and we all know that is bad karma to leave an old unpatched system open to the internet.</div>
<div>
<br /></div>
</div>
larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-18873100562140314592016-08-18T00:33:00.000+02:002017-10-04T01:04:22.518+02:00Configuring the HPE 6125XLG Ethernet Blade Switch for use in a VMware environment - part 2<b>Background</b><br />
Many people are using Flex Fabric for Ethernet (+FC) connectivity for their HP Blade environments. For better functionality and control we've chosen to use HPE 6125XLG blade switches instead and documenting how we achieved this. It's interesting to note that the <a href="http://www8.hp.com/us/en/products/interconnects/product-detail.html?oid=5404492">6125XLG</a> is using the exact same hardware that is also used in the <a href="http://www8.hp.com/us/en/products/virtual-connects/product-detail.html?oid=6239367">FlexFabric -20/40 F8</a>.<br />
<br />
<b>Problem</b><br />
I've found the documentation for the H3C line of switches is a bit <a href="http://h17007.www1.hp.com/docs/interoperability/Cisco/HP-Networking-and-Cisco-CLI-Reference-Guide_June_10_WW_Eng_ltr.pdf">confusing</a> and some times wrong. Our switches are using a command set known as Comware7 while many <a href="http://community.hpe.com/t5/Comware-Based/bd-p/switching-a-series-forum#.V7TihnV95s4">examples</a> are using Comware5.<br />
<br />
<b>Solution</b><br />
We have configured our system with the following features:<br />
<br />
<ol>
<li>The switches are stacked and works as one big switch. See <a href="http://www.core-four.info/2016/03/configuring-hpe-6125xlg-ethernet-blade.html">part 1</a> for a closer description.</li>
<li>There are two 10GbE uplinks from each of these switches to two Cisco 6500 series switches.</li>
<li>The trunk between the 6125XLGs and Cisco 6500 is setup with LACP.</li>
<li>Spanning tree between switches is configured to RSTP</li>
<li>CDP has been setup between switches and servers</li>
<li>VMware ESXi is setup with distributed switch using LBT+NetIOC</li>
<li>Logs are forwarded to logstash</li>
<li>SNMP has been configured (for future use)</li>
<li>NTP</li>
</ol>
<div>
<br />
There are two 6125XLG switches in the C7000 and each of the blades has one nic connected to each of these switches. The two switches has 4 10GbE ports connected to each other and these are normally used for stacking (IRF) and FCoE (you dedicate a pair for each). Each switch also has 8x 10GbE SFP+ ports and 4x 40GbE QSFP+ ports. It's recommended to use original HPE GBICs, but third party GBICs has also proven also work nicely. </div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://3.bp.blogspot.com/-oEZQTYNjZNo/V1DAVoxF9DI/AAAAAAAEpMs/O6Rx7QTgtBQ0l3Gf7bwNH-hqlmQBkOHvwCLcB/s1600/Selection_038.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="180" src="https://3.bp.blogspot.com/-oEZQTYNjZNo/V1DAVoxF9DI/AAAAAAAEpMs/O6Rx7QTgtBQ0l3Gf7bwNH-hqlmQBkOHvwCLcB/s320/Selection_038.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Logical view</td></tr>
</tbody></table>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-BoB2BVccoOI/V1DAVkWtwcI/AAAAAAAEpMw/Rz2-yZDuYb4oCzG1wOO83f6x4vCP_lDWwCLcB/s1600/Selection_039.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="98" src="https://1.bp.blogspot.com/-BoB2BVccoOI/V1DAVkWtwcI/AAAAAAAEpMw/Rz2-yZDuYb4oCzG1wOO83f6x4vCP_lDWwCLcB/s320/Selection_039.png" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-f08UwyoddHU/V1DAmFlkVXI/AAAAAAAEpM4/0RICivlCuo44nYAfoh71LC4A32WdiTPnQCLcB/s1600/6125xlg.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="103" src="https://2.bp.blogspot.com/-f08UwyoddHU/V1DAmFlkVXI/AAAAAAAEpM4/0RICivlCuo44nYAfoh71LC4A32WdiTPnQCLcB/s320/6125xlg.jpg" width="320" /></a></div>
<div>
<h4>
1. Stacking</h4>
When you configure IRF you have 4 ports to choose from. You can either use two or four of these (you can dedicate two for FCoE if you need to). In this example we're using all four ports to aggregate the switches into one large one. In H3C language this is called <a href="https://en.wikipedia.org/wiki/Intelligent_Resilient_Framework">Intelligent Resilient Framework</a>.<br />
<blockquote class="tr_bq">
<blockquote class="tr_bq">
<span style="font-size: x-small;"> <span style="font-family: "courier new" , "courier" , monospace;">irf mac-address persistent timer</span></span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> irf auto-update enable</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> undo irf link-delay</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> irf member 1 priority 10</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> irf member 2 priority 1</span></blockquote>
<div>
<br /></div>
</blockquote>
<blockquote class="tr_bq">
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">irf-port 1/1</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port group interface Ten-GigabitEthernet1/0/17</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port group interface Ten-GigabitEthernet1/0/18</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port group interface Ten-GigabitEthernet1/0/19</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port group interface Ten-GigabitEthernet1/0/20</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">irf-port 2/2</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port group interface Ten-GigabitEthernet2/0/17</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port group interface Ten-GigabitEthernet2/0/18</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port group interface Ten-GigabitEthernet2/0/19</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port group interface Ten-GigabitEthernet2/0/20</span></blockquote>
</blockquote>
<blockquote class="tr_bq">
</blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet1/0/17</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description IRF</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet1/0/18</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description IRF</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet1/0/19</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description IRF</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet1/0/20</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet2/0/17</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description IRF</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet2/0/18</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description IRF</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet2/0/19</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description IRF</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet2/0/20</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description IRF</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<br />
<h4>
2. Trunk ( stp, LACP, 4x 10GbE, CDP) </h4>
<div>
On each of the two 6125 switches we establish a trunk facing the core Cisco switches. In our example we decided to use rstp for spanning tree. We use CDP instead of LLDP for our external facing interfaces.</div>
<blockquote class="tr_bq">
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">stp mode rstp</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> stp global enable</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Bridge-Aggregation1</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-type trunk</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port trunk permit vlan all</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> link-aggregation mode dynamic</span></blockquote>
<blockquote class="tr_bq">
<br /></blockquote>
<div>
<br /></div>
</blockquote>
Interfaces on switch 1:<br />
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet1/1/5</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-mode bridge</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description Trunk 6500</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-type trunk</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port trunk permit vlan all</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> lldp compliance admin-status cdp txrx</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-aggregation group 1</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet1/1/6</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-mode bridge</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description Trunk 6500</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-type trunk</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port trunk permit vlan all</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> lldp compliance admin-status cdp txrx</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-aggregation group 1</span></blockquote>
Interfaces on switch 2:<br />
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet2/1/5</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-mode bridge</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description Trunk 6500</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-type trunk</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port trunk permit vlan all</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> lldp compliance admin-status cdp txrx</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-aggregation group 1</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet2/1/6</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-mode bridge</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description Trunk 6500</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-type trunk</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port trunk permit vlan all</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> lldp compliance admin-status cdp txrx</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-aggregation group 1</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
</blockquote>
<blockquote class="tr_bq">
</blockquote>
<h4>
3. Interfaces facing ESXi hosts</h4>
<div>
Each of the ESXi hosts have a config for each of it's nics, one on each switch. Flow control is enabled by default on all ESXi nics so we also enable it on the switch. Since we are <a href="http://wahlnetwork.com/2014/01/13/vsphere-need-lag-bandaids/">using</a> <a href="http://frankdenneman.nl/2011/02/24/ip-hash-versus-lbt/">LBT</a>+<a href="http://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/network-ioc-vsphere6-performance-evaluation-white-paper.pdf">NetIOC</a> we are not using etherchannel / LACP on the ESXi ports (like most examples provided by HPe do).</div>
<blockquote class="tr_bq">
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet1/0/1</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-mode bridge</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description xyz-esx-01</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-type trunk</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port trunk permit vlan all</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> flow-control</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> stp edged-port</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> lldp compliance admin-status cdp txrx</span></blockquote>
<div>
<br /></div>
</blockquote>
<br />
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">interface Ten-GigabitEthernet2/0/1</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-mode bridge</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> description xyz-esx-01</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port link-type trunk</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> port trunk permit vlan all</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> flow-control</span> </blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> stp edged-port</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> lldp compliance admin-status cdp txrx</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
</blockquote>
<div>
<br /></div>
<h4>
4. Management (clock, syslog, snmp, ssh, ntp)</h4>
<br />
<blockquote class="tr_bq">
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> clock timezone CET add 01:00:00</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> clock summer-time CETDT 02:00:00 March last Sunday 03:00:00 October last Sunday 03:00:00</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> info-center synchronous</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> info-center logbuffer size 1024</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> info-center loghost 10.20.30.40 port 20514</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> snmp-agent</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> snmp-agent local-engineid 800063A280BCEAFA031F8600000001</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> snmp-agent community write privatecleartextpassword</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> snmp-agent community read publiccleartextpassword</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> snmp-agent sys-info version all</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> ssh server enable</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> ntp-service enable</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> ntp-service unicast-server 1.2.3.4</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">#</span></blockquote>
<div>
<br /></div>
</blockquote>
<div>
<h4>
Conclusion</h4>
Finding the right syntax that we needed to configure this switch was a bit challenging as many of the examples we found didn't work right out of the box since the command set is slightly different of different versions. After having overcome the <a href="http://www.core-four.info/2016/03/configuring-hpe-6125xlg-ethernet-blade.html">initial obstruction</a> we were able to configure the switch exactly as we needed. </div>
<blockquote class="tr_bq">
</blockquote>
</div>
<br />
<br />larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com1tag:blogger.com,1999:blog-5670048373005177198.post-3000862909959285092016-03-18T20:58:00.001+01:002016-03-18T21:18:15.140+01:00Configuring the HPE 6125XLG Ethernet Blade Switch for use in a VMware environment - part 1<b>Background</b><br />
In a HPE C7000 blade system a common method of accessing the network is through Flex Fabric/Flex-10 modules. These modules are not fully featured switches, but still have some switch features built in. Another alternative is to use a real switch such as the <a href="http://www8.hp.com/h20195/v2/GetPDF.aspx%2Fc04111374.pdf">HPE 6125XLG</a> or <a href="http://www8.hp.com/h20195/v2/GetPDF.aspx/c04164456.pdf">Cisco Nexus B22HP FEX</a>.<br />
<br />
A real switch has many technical benefits over a FlexFabric system, but has a different approach for configuration than the FlexFabric (that has server admins as their main target and is often hated by people who know networking). The 6125XLG has a CLI that has a similar feel as IOS, but not as much as NXOS or ProCurve. The 6125XLG is the heritage of a cooperation between 3Com and Huawei that HPE bought a few years back and is often referred to as H3C and the CLI is referred to as Comware. It's a blade integrated switch with 10GbE facing the blade servers and both 10GbE (SFP+) and 40GbE (QSFP+) uplinks that can be used to connect to the network.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-0qqkKB8-p_g/VusrDPoBBTI/AAAAAAAEjdU/otu_EDZnzRUJBeYWs41Hb2IhDcycoONrw/s1600/Selection_999%2528358%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="152" src="https://3.bp.blogspot.com/-0qqkKB8-p_g/VusrDPoBBTI/AAAAAAAEjdU/otu_EDZnzRUJBeYWs41Hb2IhDcycoONrw/s320/Selection_999%2528358%2529.jpg" width="320" /></a></div>
<br />
<b>Problem</b><br />
One problem I found while trying to configure this switch was the lack of good documentation. There is a lot of <a href="http://h20566.www2.hpe.com/portal/site/hpsc/template.PAGE/public/psi/manualsResults/?javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken&javax.portlet.prp_e97ce00a6f76436cc859bfdeb053ce01=wsrp-navigationalState%3Daction%253Dmanualslist%257Ccontentid%253DSetup-and-install-general%257Clang%253Den&javax.portlet.tpst=e97ce00a6f76436cc859bfdeb053ce01&sp4ts.oid=5404487&ac.admitted=1458235561063.125225703.1938120508">documentation</a> available, but a lot of it is for Comware v5 while the 6125 uses Comware v7. The <a href="http://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=5404487&docId=emr_na-c04338003&docLocale=en_US">6125XLG Fundamentals Configuration Guide</a> stated that it was important to use the command <i>line class aux</i> as part of the stacking (IRF) process, but this command was not available on my switches.<br />
<blockquote class="tr_bq">
<pre style="background-color: whitesmoke; border-radius: 0px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, 'Courier New', monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow: auto; padding: 9.5px; word-break: break-all; word-wrap: break-word;">[HP]line class aux
^
% Unrecognized command found at '^' position.</pre>
</blockquote>
It turned out that the firmware that came preinstalled had a bug that prevented you from stacking the two switches without the use of a RS232 cable. The <a href="http://community.hpe.com/t5/Comware-Based/bd-p/switching-a-series-forum#.Vuspm2ErJs4">HPE forums</a> had many helpful posts, but <a href="http://community.hpe.com/t5/Comware-Based/line-class-aux/m-p/6836081#M7457">posting there</a> didn't provide me any answers from active users. I did however find a <a href="http://jimmy.gr/2015/02/04/hp-6125xlg-caveat/">couple</a> of blog posts that helped me going even though they didn't really provide a solution.<br />
<br />
<b>Solution</b><br />
Upgrading the firmware of both switches from Release 2306 to Release 2422P01 before trying to do anything else solved this problem. The firmware upgrade is described at length in the <a href="http://h20566.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=5404491&swItemId=MTX_07a13242ccf743b48fde7336f0&swEnvOid=54">firmware download package</a>. I chose to upload the firmware image to the switches using ftp. I could now stack my switches according to the <a href="http://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=5404487&docId=emr_na-c04338003&docLocale=en_US">Fundamentals Guide</a> (and this HPE Support article: <a href="http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=mmr_kc-0119719#bottom">HP 6125g Switch Series - How to Configure Intelligent Resilient Framework (IRF)</a>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-Y8lSHGan22U/VuxiX4VU22I/AAAAAAAEjeg/5tgyEgmNWFkEIr28q1kbfJeY66WzAiyrQ/s1600/Selection_999%2528287%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="91" src="https://2.bp.blogspot.com/-Y8lSHGan22U/VuxiX4VU22I/AAAAAAAEjeg/5tgyEgmNWFkEIr28q1kbfJeY66WzAiyrQ/s320/Selection_999%2528287%2529.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-gQifnBJj4C4/VuxZ_t2JMGI/AAAAAAAEjeM/T9SQTeqa5lYIF_ka3OA4p3ePn-pvC0caQ/s1600/Selection_999%2528291%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="311" src="https://1.bp.blogspot.com/-gQifnBJj4C4/VuxZ_t2JMGI/AAAAAAAEjeM/T9SQTeqa5lYIF_ka3OA4p3ePn-pvC0caQ/s320/Selection_999%2528291%2529.jpg" width="320" /></a></div>
<br />larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-11583166030084443762016-02-16T17:39:00.001+01:002016-02-16T17:45:54.410+01:00Accessing the Global Knowledge labs from Ubuntu Linux<b>Background</b><br />
While attending training I tried accessing the labs from my BYOD computer (Buy Your Own Device). I was warned before the training that the Global Knowledge labs were best working with an OS that supported Internet Explorer: "<span style="color: #44546a; font-family: "arial" , sans-serif;">please
use an Operating System that supports the Internet Explorer Browser. We
have found that Mac Books do not work well when connecting to this
environment</span>".<br />
<br />
<b>Problem</b><br />
I while back I was able to <a href="http://www.core-four.info/2014/11/accessing-gk-cloud-labs-from-linux.html">make the labs work</a> from my personal Linux desktop, but it seems that the labs have been changed and my old method would not work anymore.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-jnakmtI91z4/VsNNXByaZDI/AAAAAAAEiuQ/3WuUotD50v8/s1600/Selection_999%2528232%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="getaddrinfo: Name or service not known [17:22:43:165] [20836:1234650880] [INFO][com.freerdp.core.gateway.tsg] - TS Gateway Connection Success [17:22:44:030] [20836:1234650880] [ERROR][com.freerdp.core.capabilities] - expected PDU_TYPE_DEMAND_ACTIVE 0001, got 0007 [17:22:44:030] [20836:1234650880] [ERROR][com.freerdp.core] - ERRINFO_SERVER_INSUFFICIENT_PRIVILEGES (0x00000009):The user cannot connect to the server due to insufficient access privileges. [17:22:44:031] [20836:1234650880] [ERROR][com.freerdp.core.capabilities] - expected PDU_TYPE_DEMAND_ACTIVE 0001, got 0007 [17:22:44:047] [20836:1234650880] [ERROR][com.freerdp.core.rdp] - DisconnectProviderUltimatum: reason: 1" border="0" height="40" src="https://2.bp.blogspot.com/-jnakmtI91z4/VsNNXByaZDI/AAAAAAAEiuQ/3WuUotD50v8/s400/Selection_999%2528232%2529.jpg" title="" width="400" /></a></div>
<br />
<b>Solution</b><br />
The solution was however quite simple. The Remote labs portal <a href="http://rlsupport.globalknowledge.net/portal/welcome.html">has information</a> about accessing from a variety of devices. I've also got a document describing some NTLMv2 requirements. I used Firefox and logged in to the portal. When trying to connect I was offered to download an .rdp config file. I chose to save this file in the default location.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-t0xypln2_3s/VsNKnZelG7I/AAAAAAAEiuA/L1WzCKwdYTw/s1600/Selection_999%2528229%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img alt="Logging in to the portal" border="0" height="210" src="https://3.bp.blogspot.com/-t0xypln2_3s/VsNKnZelG7I/AAAAAAAEiuA/L1WzCKwdYTw/s320/Selection_999%2528229%2529.jpg" title="" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-L45yoGEqaZc/VsNKna_e4bI/AAAAAAAEit8/yWOZ44rcsII/s1600/Selection_999%2528230%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Launch the Remote Labs!" border="0" height="252" src="https://3.bp.blogspot.com/-L45yoGEqaZc/VsNKna_e4bI/AAAAAAAEit8/yWOZ44rcsII/s320/Selection_999%2528230%2529.jpg" title="" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-2DtQmcELtJ8/VsNKnTijtII/AAAAAAAEiuE/OA9V4Mrs_7M/s1600/Selection_999%2528231%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Save file" border="0" height="206" src="https://4.bp.blogspot.com/-2DtQmcELtJ8/VsNKnTijtII/AAAAAAAEiuE/OA9V4Mrs_7M/s320/Selection_999%2528231%2529.jpg" title="" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Now I could use this file as an input to <a href="http://www.freerdp.com/">freerdp</a> (version 1.20) and connect without problems by using the command:<br />
<span style="font-family: "courier new" , "courier" , monospace;">xfreerdp cpub-vcloud-launcher-RemoteApps-CmsRdsh.rdp /d:gklabs /u:username /p:password -nego</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<br />
<iframe src="https://vine.co/v/ivimPT7FM2T/embed/simple" width="600" height="600" frameborder="0"></iframe><script src="https://platform.vine.co/static/scripts/embed.js"></script>
<br />
<div>
<br /></div>larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-75940945973238588032015-12-14T01:23:00.000+01:002015-12-15T14:50:07.456+01:00SSO is not initialized<b>Background</b><br />
After upgrading vCenter from 6.0 to 6.0U1 we had the vCenter GUI back. This HTML5 based GUI will allow you to manipulate certificates and several other things that you could only configure from appliancesh before U1.<br />
<br />
<b>Problem</b><br />
After the upgrade we experienced an error message within this GUI: "<a href="http://www.virtuallyghetto.com/2015/09/how-to-upgrade-from-vcsa-5-x-6-x-to-vcsa-6-0-update-1.html">SSO is not initialized</a>". This system was running an external PSC and authentication was working nicely as it should do. We didn't quite understand why this error message was there.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-Eqd3mTGMFB4/Vm4IQX4chBI/AAAAAAAEg5s/7xtSlQ88EGs/s1600/SSO%2Bis%2Bnot%2Binitialized.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="120" src="http://2.bp.blogspot.com/-Eqd3mTGMFB4/Vm4IQX4chBI/AAAAAAAEg5s/7xtSlQ88EGs/s400/SSO%2Bis%2Bnot%2Binitialized.png" width="400" /></a></div>
<b>Solution</b><br />
We had a support case going on this problem for a few weeks. We were repeatedly told to repoint our SSO until they finally told us that <i>this error message was in fact a bug</i>: "...this is something that we are looking to rectify as this information should not be shown when using an external PSC.<br />
Our Engineering department are aware of this are looking to make a graphical change to this.<br />
With regards to your environment however, I can confirm that SSO is
functioning correctly and you are not experiencing an issue with SSO at
this time."<br />
<br />
<br />larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-41867228744392684462015-11-21T17:42:00.001+01:002015-11-21T20:16:16.323+01:00Replacing a vSAN caching disk<b>Background</b><br />
Replacing disks in vSAN could be a <a href="https://blogs.vmware.com/storage/2014/12/02/vmware-virtual-san-operations-replacing-disk-devices/">bit less</a> smooth than some of the traditional Storage Arrays. For normal disks used for storage it's quite easy, but disks used for caching it can be a slightly different story. If you get a dead caching disk you should remove it from the config before removing it physically from the server. Otherwise you will get the problems described in this posting.<br />
<br />
<b>Problem</b><br />
Once the disk has been replaced you will be unable to delete the disk or the disk group both from the vSphere Web client and RVC. The reason this fails is that it can't find the disk. The disk will show up with a status of "Dead or Error" or "Absent" (depending on where you look)<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-DjAcB4cIK3c/VlDBcfP1CTI/AAAAAAAEgDs/-80KVY_fT94/s1600/Selection_999%2528050%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="173" src="http://3.bp.blogspot.com/-DjAcB4cIK3c/VlDBcfP1CTI/AAAAAAAEgDs/-80KVY_fT94/s320/Selection_999%2528050%2529.jpg" width="320" /></a></div>
<br />
"<a href="http://www.vmware.com/files/pdf/products/vsan/VSAN-Troubleshooting-Reference-Manual.pdf">esxcli vsan storage list</a>" will show all the other disks belonging to vsan on that server, but not the missing SSD disk.<br />
<br />
Listing out the disks in RVC with the command vsan-host_info shows that the disk is in an Absent status:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-G0_z2dyjtEc/VlDC9WHz-bI/AAAAAAAEgD8/05s5cD9Oh98/s1600/Selection_999%2528049%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="http://3.bp.blogspot.com/-G0_z2dyjtEc/VlDC9WHz-bI/AAAAAAAEgD8/05s5cD9Oh98/s320/Selection_999%2528049%2529.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
Trying to use RVC with "vsan.host_wipe_vsan_disks -f" to remove the disk also fails:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-fTWGplIGLfk/Vk4QuSAW16I/AAAAAAAEfnM/pzVeHisZV34/s1600/Selection_999%2528047%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="241" src="http://1.bp.blogspot.com/-fTWGplIGLfk/Vk4QuSAW16I/AAAAAAAEfnM/pzVeHisZV34/s320/Selection_999%2528047%2529.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<b>Solution</b><br />
A solution that did work in the end was to use partedUtil to <a href="https://www.vmguru.com/2015/05/vmware-vsan-reusing-ssd-disks/">remove</a> the <a href="http://cormachogan.com/2014/02/18/vsan-part-16-reclaiming-disks-for-other-uses/">partitions</a> of all spinning disks of this disk group. partedUtil is a very dangerous tool so if you have multiple disk groups on your host (like we had) you must make sure you're working with the correct disks. We found it best to locate the naa IDs of the failed disk group from the web client.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-mzBUZSuQPcw/Vk4TUnEgafI/AAAAAAAEfnk/HAEKUOBObo4/s1600/Selection_999%2528051%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="173" src="http://3.bp.blogspot.com/-mzBUZSuQPcw/Vk4TUnEgafI/AAAAAAAEfnk/HAEKUOBObo4/s320/Selection_999%2528051%2529.jpg" width="320" /></a></div>
<br />
After removing both partitions of all the disks belonging to this disk group, the disk group was gone and we could create a new one where we were able to use our new SSD disk and all the spinning ones.<br />
<br />
<b>Appendum</b><br />
The official way to solve thisproblem is to <a href="https://blogs.vmware.com/storage/2014/12/02/vmware-virtual-san-operations-replacing-disk-devices/">remove the disk from the pool while it's still present</a> in the server. In our case that was not possible. The SSD disk had for some unknown reason entered "<a href="https://www.dell.com/support/article/us/en/19/SLN129432">Foreign mode</a>", which is a Dell disk controller feature. We had to enter the Perc controller BIOS settings (from POST), clear the Foreign Config and we also had to <a href="http://www.core-four.info/2015/01/bulk-registering-vsan-disks-for.html">configure</a> the disk in the controller config in order to use it again. Because of these things the disk came up with a new naa ID even though we didn't really have a failed disk.<br />
<br />
<br />larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com2tag:blogger.com,1999:blog-5670048373005177198.post-6954430530670657862015-03-23T08:04:00.000+01:002015-03-23T22:52:12.971+01:00vSphere AutoDeploy and Trend Micro Deep Security<b>Background</b><br />
When researching online documentation to see if we could get Trend Micro Deep Security implemented in our VMware vSphere AutoDeploy environment, the only references we could find were a <a href="http://blogs.vmware.com/jp-cim/2014/08/autodeploy-deepsecurity.html">japanese blog posting</a> and a <a href="http://blogs.vmware.com/jp-cim/files/2014/08/AutoDeploy%E6%A7%8B%E7%AF%89%E6%96%B9%E6%B3%952.pdf">japanese white paper</a>. My language abilities is a bit limited, but I still found the screen shots valuable.<br />
<br />
<b>Overview</b><br />
To get Deep Security working there are several components that needs to get fixed in a given order:<br />
<ol>
<li>Manually load vShield Endpoint driver on one of the ESXi hosts</li>
<li>Update Host Profile based on ESXi host with vShield Endpoint driver</li>
<li>Edit Host profile in order to get it working</li>
<li>Create new ESXi image with Image builder that includes the vShield Endpoint driver and Trend Micro Filter driver</li>
<li>Boot ESXi hosts from new ESXi Image</li>
<li>Remediate new Host Profile for these hosts</li>
<li>Deploy DSVA per ESXi host</li>
</ol>
<div>
<b>Details</b></div>
<div>
1. You need to use vShield Manager to install the <a href="http://www.vmware.com/files/pdf/techpaper/vmware-horizon-view-vshield-endpoint-antivirus.pdf">vShield Endpoint</a> driver. Note that the ESXi host should <b>not</b> be in maintenance mode when doing this. This may sound strange, but you'll get an error message after installing it if the host was in maintenance mode.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-hFnunjxUIGM/VQ8P5IsxcFI/AAAAAAAEZRw/TfU3BNze_kc/s1600/Selection_744.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-hFnunjxUIGM/VQ8P5IsxcFI/AAAAAAAEZRw/TfU3BNze_kc/s1600/Selection_744.png" height="78" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-kTMp8dJmGPQ/VRCK-5l9oLI/AAAAAAAEZgQ/gTatT8TFZBk/s1600/Selection_746.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-kTMp8dJmGPQ/VRCK-5l9oLI/AAAAAAAEZgQ/gTatT8TFZBk/s1600/Selection_746.png" height="145" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
2. Go to host profiles and either create a new Host Profile based on Host, or update an existing Host based on the host you installed the driver on.</div>
<div>
</div>
<div>
3. You need to edit the Host Profile. In addition to <a href="http://blogs.vmware.com/vsphere/2013/03/how-to-prevent-host-profiles-from-prompting-for-mac-addresses.html">other</a> <a href="https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-4BE555A4-A020-43AC-B0AA-E5DB300E405F.html">tasks</a> that needs to be done when a Host Profile has been updated from a host config, you now also need to make this new vShield based endpoint network work automatically. There are basically three things that needs to be done: Unselect a vShield Connection ID field, Don't get asked for a MAC address and Set a static ip address. This address is always 169.254.1.1 and is an internal (host only) network on each host.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-l4YWtnJgMUc/VQ8SzwHR97I/AAAAAAAEZSA/n7N2DbADHvU/s1600/Selection_748.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-l4YWtnJgMUc/VQ8SzwHR97I/AAAAAAAEZSA/n7N2DbADHvU/s1600/Selection_748.png" height="126" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-4-pjlThPJ-c/VQ8OjoZuXxI/AAAAAAAEZRg/WG1FJ0LsGb0/s1600/Selection_740.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-4-pjlThPJ-c/VQ8OjoZuXxI/AAAAAAAEZRg/WG1FJ0LsGb0/s1600/Selection_740.png" height="142" width="400" /></a></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-2tvTJP7D7Vo/VQ8OcJzeyFI/AAAAAAAEZRY/r3P-1YVOqPw/s1600/Selection_739.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-2tvTJP7D7Vo/VQ8OcJzeyFI/AAAAAAAEZRY/r3P-1YVOqPw/s1600/Selection_739.png" height="93" width="400" /></a></div>
<br />
<div>
4. The following needs to be added to the VMware vSphere Image Builder script:</div>
<br />
<div>
<br /></div>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Add-EsxSoftwareDepot -DepotUrl "e:\vmware\drivers\vShield-Endpoint-Mux.zip"<br />Add-EsxSoftwareDepot -DepotUrl "e:\vmware\drivers\FilterDriver-ESX_5.0-9.5.3-2750.x86_64.zip"</span></blockquote>
<br />
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Add-EsxSoftwarePackage -ImageProfile $imageprofile -SoftwarePackage epsec-mux<br />Add-EsxSoftwarePackage -ImageProfile $imageprofile -SoftwarePackage dvfilter-dsa</span></blockquote>
<div>
5. Activate the new image using the cmdlet <a href="http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.powercli.cmdletref.doc%2FRepair-DeployRuleSetCompliance.html">Repair-DeployRuleSetCompliance</a></div>
<div>
6. <a href="https://pubs.vmware.com/vsphere-55/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-55-host-profiles-guide.pdf">Remediate</a> the host with the new Host Profile.</div>
<div>
7. You can now see that the ESXi host has a prepared status and you can now start <a href="http://docs.trendmicro.com/all/ent/ds/v9.5/en-us/Deep_Security_95_Install_Guide_vmsafe_EN.pdf">deploying</a> DSVAs.</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-dzWEjY_k0FI/VQ-78Goxz5I/AAAAAAAEZS0/HR0dEMjx5oo/s1600/Selection_754.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-dzWEjY_k0FI/VQ-78Goxz5I/AAAAAAAEZS0/HR0dEMjx5oo/s1600/Selection_754.png" height="99" width="320" /></a></div>
<br /></div>
larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-8886758415331085652015-03-22T18:47:00.000+01:002015-03-23T22:54:59.710+01:00vSphere AutoDeploy and Apex 2800 cardsWhen reading through the <a href="http://www.teradici.com/resource-center">Teradici documentation</a> you can't find a single reference of neither Autodeploy nor Image Builder. The good news is that it does indeed work out of the box. All you need is to add a few lines to the image builder config:<br />
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">....<br />Add-EsxSoftwareDepot -DepotUrl "e:\vmware\drivers\apex2800-rel-2.4.0.35302-esxi.5.5.0.zip"<br />Add-EsxSoftwarePackage -ImageProfile $imageprofile pcoip-ctrl<br />Add-EsxSoftwarePackage -ImageProfile $imageprofile tera2</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">....</span> </blockquote>
<div>
You can now build the image like you normally do and the driver will load if there's an APEX card in the server.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-CGSeBIc1ea8/VQ7-HSBLBbI/AAAAAAAEZQ8/jArBYJPCHoM/s1600/Selection_767.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-CGSeBIc1ea8/VQ7-HSBLBbI/AAAAAAAEZQ8/jArBYJPCHoM/s1600/Selection_767.png" height="36" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-VqI1lDN4LEU/VQ7_gnJj3gI/AAAAAAAEZRI/vfx7bqjzwss/s1600/Selection_768.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-VqI1lDN4LEU/VQ7_gnJj3gI/AAAAAAAEZRI/vfx7bqjzwss/s1600/Selection_768.png" height="197" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
</div>
larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-76470229818826002222015-01-26T21:22:00.000+01:002015-01-30T13:10:07.631+01:00Bulk registering vSAN disks for controllers not supporting pass-through modeWhen configuring VSAN the amount of initial setup time is highly dependent on the type of <a href="http://www.yellow-bricks.com/2014/03/27/selecting-disk-controller-vsan-using-hcl/">disk controller</a> you're using. Some controllers support pass-through mode and will not need the additional configuration described in this posting.<br />
<br />
If you however are using a controller such as the Dell PERC H710, you will first need to setup each disk in the RAID controller's BIOS; with every disk in it's own disk group where you enable write through, disable read ahead and select initialize.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-356MdGmsWjw/VMacFL3X0FI/AAAAAAAEUPQ/M2JazaX2GNI/s1600/Selection_465.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-356MdGmsWjw/VMacFL3X0FI/AAAAAAAEUPQ/M2JazaX2GNI/s1600/Selection_465.png" height="168" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-RFseWTsxyIY/VMacZEbz4xI/AAAAAAAEUPY/ePzZyaLeL8Y/s1600/Selection_466.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-RFseWTsxyIY/VMacZEbz4xI/AAAAAAAEUPY/ePzZyaLeL8Y/s1600/Selection_466.png" height="174" width="320" /></a></div>
<br />
After doing this you will see the individual disks within VMware vCenter under the esx host / manage / storage / storage controller / devices. The disks are however not detected correctly as the controller gives no information about the type of disks shared in these RAID 0s.<br />
<div>
<br /></div>
In order for vSAN to make sense of these disks you will need to create rules that specify what type of disks that are being used.<br />
<br />
Spinning disk command:<br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">esxcli storage nmp satp rule add --satp=VMW_SATP_LOCAL --device <device id> --option "enable_local"</span><br />
<div>
<br /></div>
<div>
SSD disk command: </div>
<div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">esxcli storage nmp satp rule add --satp=VMW_SATP_LOCAL --device <device id> --option "enable_local enable_ssd"</span></div>
</div>
<div>
<br /></div>
<div>
The device id in question here is the <a href="http://kb.vmware.com/kb/1014953">naa lun id</a>. Some suggest that you use the command <b>esxcli storage core device list</b>, but in a system with many disks I've found it easier to filter out the needed info by using the command <b>fdisk -l</b> by identifying the disk types by looking at the disk sizes.</div>
<div>
<br /></div>
<div>
You can compile the list of naa lun ids for a given disk type and run the following commands:</div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">for i in <paste list of spinning disk naa lun ids here></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">do</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">esxcli storage nmp satp rule add --satp=VMW_SATP_LOCAL --device $i --option "enable_local"</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">done</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span></div>
<div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">for i in <paste list of ssd disk naa lun ids here></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">do</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">esxcli storage nmp satp rule add --satp=VMW_SATP_LOCAL --device $i --option "enable_local enable_ssd"</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">done</span></div>
</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-Fom6uot7E20/VMaZlRu-xiI/AAAAAAAEUPE/0Ylkq7yoO_c/s1600/20141118_082712.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-Fom6uot7E20/VMaZlRu-xiI/AAAAAAAEUPE/0Ylkq7yoO_c/s1600/20141118_082712.jpg" height="60" width="400" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
You will now need to reboot the host for the new config to become active. Repeat these steps for all of your vSAN hosts and you'll soon be able to start <a href="http://youtu.be/1EDWKE93ivw">configuring vSAN</a>.</div>
<div>
<br /></div>
larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-66009869801401859522014-11-22T00:43:00.000+01:002014-11-22T00:43:15.081+01:00vSAN and HP 5400 switchesWhile setting up vSAN we found <a href="http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/desktop-virtualization-solutions-vmware-horizon-view/whitepaper_C11-732332.html">several</a> guides for <a href="http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/desktop-virtualization-solutions-vmware-horizon-view/whitepaper_C11-732332.html">Cisco switches</a>, but none for HP. Even the <a href="http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04409909-1&docLocale=en_US">HP vSAN reference architecture</a> was using Cisco Nexus switches.<br />
<br />
We did initially see the <a href="https://www.vmware.com/files/pdf/products/vsan/VMware_Virtual_SAN_Quick_Monitoring_Reference_Guide.pdf">error</a> message: <a href="https://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.troubleshooting.doc%2FGUID-CD12983A-4648-461A-AA00-0694892B0FCA.html">"Host cannot communicate with all other nodes in the VSAN enabled cluster"</a> even though all vSAN enabled vmkernel interfaces could ping each other. vSAN has some <a href="http://www.yellow-bricks.com/2014/03/31/vsan-misconfiguration-detected-2/">special</a> <a href="http://cormachogan.com/2014/01/21/vsan-part-15-multicast-requirement-for-networking-misconfiguration-detected/">multicast requirements</a> that needs to be taken care of.<br />
<br />
We were trying to get HP 5400 series 10GbE switches to work with vSAN.<br />
<br />
After playing around for a bit with the switch config we came up with the following working config:<br />
<blockquote class="tr_bq">
<blockquote class="tr_bq">
vlan 53</blockquote>
<blockquote class="tr_bq">
name "vSAN network 1"</blockquote>
<blockquote class="tr_bq">
tagged C1-C8</blockquote>
<blockquote class="tr_bq">
ip address 172.16.53.1 255.255.255.0</blockquote>
<blockquote class="tr_bq">
ip igmp</blockquote>
<blockquote class="tr_bq">
jumbo</blockquote>
<blockquote class="tr_bq">
exit</blockquote>
</blockquote>
Within a few minutes the error messages were gone, status went to Normal with a green icon and vSAN started working nicely.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-S71pAtAcEuo/VG_G27tjF6I/AAAAAAAES1o/BS9LDW5ItaI/s1600/Selection_264.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-S71pAtAcEuo/VG_G27tjF6I/AAAAAAAES1o/BS9LDW5ItaI/s1600/Selection_264.png" height="145" width="320" /></a></div>
<br />
<br />
Since we had 2x 10GbE nics dedicated to vSAN we also <a href="http://www.yellow-bricks.com/2013/09/09/vmware-vsphere-virtual-san-design-considerations/">setup a secondary vlan</a> for vSAN and bound each of the vlans to different nics in order to get maximum performance.larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-33898294093367977742014-11-18T01:15:00.002+01:002016-02-17T01:20:12.944+01:00Accessing the GK Cloud Labs from Linux<i>Update: New posting <a href="http://www.core-four.info/2016/02/accessing-global-knowledge-labs-from.html">here</a> describing how to do it in 2016.</i><br />
<i><br /></i>
Last week I attended <a href="https://twitter.com/larstr/status/532827952065806336/photo/1">vSAN training</a> in Stockholm. The requirements for attending this class was that you needed to bring your own laptop with RDP capabilities.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-zEY31ekvfZI/VGqBoX2qo6I/AAAAAAAESu0/Plz0X2n8JkY/s1600/Selection_262.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="139" src="https://2.bp.blogspot.com/-zEY31ekvfZI/VGqBoX2qo6I/AAAAAAAESu0/Plz0X2n8JkY/s1600/Selection_262.png" width="320" /></a></div>
When attending the class I discovered that there were a few extra things into this requirement. According to the class manual it required you to install an ActiveX component in Internet Explorer in order to get this working.<br />
<br />
As I'm a Linux user they did of course not provide any info on how to do it, but that's part of the game I guess. In case I couldn't figure things out I could always start a Windows VM from within VMware Workstation. They did however <a href="http://rlsupport.globalknowledge.net/cloud/Connecting_to_cloud_labs_with_a_Mac.pdf">provide info</a> for Apple Macintosh users. By reading through the Mac docs I found what was really going on behind the scenes. The RDP session required a proxy config and encryption.<br />
<br />
The standard Ubuntu RDP client didn't provide support for an RDP proxy, but I found an alternate client, called <a href="http://en.wikipedia.org/wiki/FreeRDP">FreeRDP</a> that I installed by following <a href="http://www.vikingengineer.com/linux/rd-gateway-in-linux/">this HowTo</a>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-uP9QOKJNEg0/VGqJSqt8fFI/AAAAAAAESvE/UpuZkQIhuEU/s1600/Selection_263.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://1.bp.blogspot.com/-uP9QOKJNEg0/VGqJSqt8fFI/AAAAAAAESvE/UpuZkQIhuEU/s1600/Selection_263.png" width="258" /></a></div>
I could now the access the labs by using the info from the login info sheet we had been provided with the following command:<br />
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace;">xfreerdp /v:cloud.labs.globalknowledge.net /d:gklabs /u:Wxxxx-Studentx-x /p:PassWord /g:gw1.labs.globalknowledge.net /w:1920 /h:1080 -neg</span><span style="font-family: "courier new" , "courier" , monospace;">o</span></blockquote>
The connection now worked perfectly, even though it spent some time setting up the initial connection. Looks like it was trying to verify the certificate, even with the -nego switch that is supposed to tell it to ignore the certificate. Well, it does in fact ignore it in the sense you're not warned about a self signed certificate, but it still waits for it to time out before starting the connection.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-3HkbEdk2brA/VGqN3oZUTnI/AAAAAAAESvQ/fuPd7Xf_nXk/s1600/Selection_238.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="186" src="https://2.bp.blogspot.com/-3HkbEdk2brA/VGqN3oZUTnI/AAAAAAAESvQ/fuPd7Xf_nXk/s1600/Selection_238.png" width="320" /></a></div>
<br />
<br />
All in all the training was a great experience, giving a better insight into <a href="http://www.vmware.com/uk/products/virtual-san">vSAN</a> than the <a href="http://labs.hol.vmware.com/HOL/catalogs/">HOL lab</a>.<br />
<br />
<br />
<br />
<br />
<br />larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-3987605505473108302014-08-23T16:51:00.001+02:002014-08-23T19:51:12.009+02:00Making the XtremIO GUI Simulator work under Linux<br />
While attending <a href="http://xtremio.com/">XtremIO</a> training this week there was a bit talk about a <a href="https://my.syncplicity.com/share/xpfad3ww9ecckx0/XtremIO_GUI_Simulator_User_Guide_Version1">GUI simulator</a> for XtremIO. While not as good as the real thing it can be a good thing for learning to know the GUI and maybe show customers/colleagues how to admin the XtremIO. While XtremIO was bought by EMC they still seem to operate outside of EMC and their GUI is not integrated into <a href="https://uk.emc.com/storage/vnx/unisphere.htm">UniSphere</a>.<br />
<br />
The GUI Simulator is available as for <a href="https://community.emc.com/docs/DOC-36495">download</a> and exists in two flavors: Mac and Windows.<br />
<br />
I downloaded the Windows version and I initially planned to try to run it in Wine, but I discovered that it really was a java application so I just needed to extract the correct files and install the required version of java.<br />
<br />
I use Ubuntu 13.04 and did the following steps:<br />
<br />
Install java runtime 1.8:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">$ sudo add-apt-repository ppa:webupd8team/java</span><br />
<span style="font-family: Courier New, Courier, monospace;">$ sudo apt-get update</span><br />
<span style="font-family: Courier New, Courier, monospace;">$ sudo apt-get install oracle-java8-installer</span><br />
<span style="font-family: Courier New, Courier, monospace;">$ java -version</span><br />
<br />
Install Wine from Software Center if you haven't already. We will be using Wine to unpack the files inside the .exe file by installing it into a Wine container. Locate the XtremIO GUI Simulator exe file (which is an installer) and right click it.<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://3.bp.blogspot.com/-FvzdNvXewds/U_h2R1StLOI/AAAAAAAEK-U/fPHnY2wZXMU/s1600/20140823_021813.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://3.bp.blogspot.com/-FvzdNvXewds/U_h2R1StLOI/AAAAAAAEK-U/fPHnY2wZXMU/s1600/20140823_021813.jpg" height="180" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: small; text-align: start;">Choose Open with Wine Windows Program Launcher.</span></td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-qHzedLoiaLg/U_h2O0kfbzI/AAAAAAAEK98/SuR6l7P-kGE/s1600/Selection_041.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="" border="0" src="http://1.bp.blogspot.com/-qHzedLoiaLg/U_h2O0kfbzI/AAAAAAAEK98/SuR6l7P-kGE/s1600/Selection_041.png" height="252" title="" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Choose to install the application.</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-JHBKjqo32cA/U_h2OrDLNHI/AAAAAAAEK-A/a-7vYXtIb-Q/s1600/Selection_042.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://1.bp.blogspot.com/-JHBKjqo32cA/U_h2OrDLNHI/AAAAAAAEK-A/a-7vYXtIb-Q/s1600/Selection_042.png" height="251" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">After a bit the install will finish and all the files are extracted</td></tr>
</tbody></table>
You will need to make the Simulator.jar file executable.<br />
<span style="font-family: Courier New, Courier, monospace;">$ cd .wine/drive_c/users/lars/Local\ Settings/Application\ Data/XtremIO\ GUI\ Simulator/app/</span><br />
<span style="font-family: Courier New, Courier, monospace;">$ chmod +x Simulator.jar</span><br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-7z_kF7J55VU/U_h2Q-Ko_PI/AAAAAAAEK-M/UxkuRJrzS0g/s1600/Selection_043.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://1.bp.blogspot.com/-7z_kF7J55VU/U_h2Q-Ko_PI/AAAAAAAEK-M/UxkuRJrzS0g/s1600/Selection_043.png" height="50" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Navigate to the app folder using the file browser</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://3.bp.blogspot.com/-iPByqhdGJes/U_im-HEP0GI/AAAAAAAEK_Y/OTvLkBoqqoc/s1600/20140823_162825.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://3.bp.blogspot.com/-iPByqhdGJes/U_im-HEP0GI/AAAAAAAEK_Y/OTvLkBoqqoc/s1600/20140823_162825.jpg" height="180" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Right click Simulator.jar and choose Open with Oracle Java 8 Runtime</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://3.bp.blogspot.com/-Ja2q3aJSaXo/U_im-lqCWVI/AAAAAAAEK_k/x_JSSWSy_uI/s1600/Selection_045.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://3.bp.blogspot.com/-Ja2q3aJSaXo/U_im-lqCWVI/AAAAAAAEK_k/x_JSSWSy_uI/s1600/Selection_045.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Pick your choice, any choice.</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-Q_-hHIWGtaI/U_im-ir4n_I/AAAAAAAEK_c/132_LpcqzJU/s1600/Selection_046.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://1.bp.blogspot.com/-Q_-hHIWGtaI/U_im-ir4n_I/AAAAAAAEK_c/132_LpcqzJU/s1600/Selection_046.png" height="202" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Login with <a href="https://community.emc.com/docs/DOC-36495">default credentials</a></td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-PJ-iwMpRYW0/U_im_tBab9I/AAAAAAAEK_s/UQdqOqj_kSg/s1600/Selection_047.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://1.bp.blogspot.com/-PJ-iwMpRYW0/U_im_tBab9I/AAAAAAAEK_s/UQdqOqj_kSg/s1600/Selection_047.png" height="400" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">And you're free to use the XtremIO GUI Simulator.</td></tr>
</tbody></table>
Note that the while the GUI Simulator is good for training it is not 100% equal to the real XtremIO GUI as the simulator seems to have a few bugs that are not present in the real GUI. It still gives a fairly good idea of how things work.<br />
<div>
<br /></div>
<div>
The GUI Simulator requires quite a bit of resources in order to run well so a slow PC without too much free ram will not be working greatly.<br />
<br /></div>
larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com0tag:blogger.com,1999:blog-5670048373005177198.post-38404855281780916052014-08-17T23:48:00.004+02:002014-08-17T23:48:57.391+02:00Lenovo losing it's Thinkpad roots?When IBM sold off it's desktop line of products to the Chinese company Lenovo in 2005 many people thought that this would be the end of an amazing product line. After Lenovo took over we observed the opposite, things were actually getting better than before.<br />
<br />
For many years I've been a happy die-hard Thinkpad user. My previous laptop was a T520. Before that I had a <a href="https://communities.vmware.com/people/larstr/blog/2009/12/18/running-esx-40u1-on-lenovo-thinkpad-t500">T500</a>, T61 and T60. Thinkpads have traditionally been "<a href="http://notebooks.com/2012/01/27/thinkpad-x130e-mini-review-built-like-a-tank-ready-for-school/">built</a> like <a href="http://youtu.be/d7cvi00OZDM">a</a> <a href="http://youtu.be/x6sGX2tb7rU">tank</a>" and not changed much in physical build between different models. This has made the transition to a newer model totally safe, because you always knew what to expect.<br />
<br />
Now that my T520 was getting old it was time to get a new one. My employer now has some sort of BYOD system (Bring/Buy Your Own Device) where you can choose between a range of products. You can choose to get a free one or you can pay some extra to get top models. I could have gotten a T540 for free, but chose to go for the ("better bells and whistles") <a href="http://shop.lenovo.com/gb/en/laptops/thinkpad/w-series/w540/">W540</a> instead. The T and W series laptops are usually quite similar, but the W series are equipped with better GPU and larger SSD.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-m1QZ-sXbDIw/U-8gn1d6ZxI/AAAAAAAEJPg/D9dlSwkiCaQ/s1600/Selection_033.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-m1QZ-sXbDIw/U-8gn1d6ZxI/AAAAAAAEJPg/D9dlSwkiCaQ/s1600/Selection_033.png" height="232" width="320" /></a></div>
Such an upgrade would give me a computer that was similar to the one I had, but with new and better components. This was something I had done many times before so I didn't <a href="https://www.youtube.com/watch?v=UXa0XzNvuZU">waste time</a> on <a href="http://reviews.lenovo.com/8923-en_us/FF91C0F5F9E6C09AFF518C1EFD422998_12F0696583E04D86B9B79B0FEC01C087/lenovo-thinkpad-w540-reviews/reviews.htm">reading</a> <a href="http://reviews.lenovo.com/8923-en_us/E791494BD91972C7CBE8FADC873BABDF_12F0696583E04D86B9B79B0FEC01C087/lenovo-thinkpad-t540p-reviews/reviews.htm">reviews</a> since I had a good idea of what to expect.<br />
<br />
The day the new laptop <a href="https://twitter.com/larstr/status/470981955857952768">arrived</a> I was not late installing my <a href="http://ubuntustudio.org/">favorite desktop OS</a> instead of the preinstalled Windows 8 that was default.<br />
<br />
My disappointment was however endless as I figured out the new computer was <a href="https://twitter.com/larstr/status/471058231809564674">unusable</a> due to the way they have changed the keyboard/<a href="http://www.techradar.com/news/mobile-computing/laptops/there-ll-never-be-a-thinkpad-without-the-red-trackpoint-nub-665258">trackpoint</a> layout; no "mouse" <a href="https://www.change.org/petitions/lenovo-bring-back-the-three-dedicated-lenovo-trackpoint-buttons">buttons</a> and included an oversized touchpad left of the center of the keyboard. Instead of the buttons you are supposed to use push on the touchpad as if it had buttons. They have also included a numeric keyboard, reduced the number of rows and removed special keys for wifi, sound controls, mute, and removed leds for caps lock, num lock and lid light.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.lenovo.com/images/gallery/1060x596/lenovo-laptop-thinkpad-w540-overhead-keyboard-2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.lenovo.com/images/gallery/1060x596/lenovo-laptop-thinkpad-w540-overhead-keyboard-2.jpg" height="179" width="320" /></a></div>
<br />
<br />
You see, I'm one of those guys who are not using an external mouse. I'm using the <a href="http://en.wikipedia.org/wiki/Pointing_stick">little red joystick</a> in the middle of the keyboard that Lenovo refers to as Trackpoint. The little red stick was still there, but without those three buttons it was useless.<br />
<br />
My anger and frustration was similar to the reaction of Hitler in this YouTube video:<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/UXa0XzNvuZU?feature=player_embedded' frameborder='0'></iframe></div>
<br />
<br />
Many years ago I used mouse as my main pointing device (like most desktop users), but I started getting mouse arm/elbow symptoms. I decided to try change my habits and start using that little pointing stick in the middle of the keyboard. My mouse arm started to recover and I also discovered that I would do things more efficiently as I didn't have to move my arm away from the keyboard in order to move the pointer.<br />
<br />
I did some attempts on using the TouchPad of the new W540, but basic tasks, such as marking a text that was more than one page was giving me headaches. Video and picture editing was frustratingly hard, and you could just forget gaming. I started looking for alternate ways of solving this, and in the end I bought a Lenovo <a href="http://support.lenovo.com/gb/en/documents/pd026745">usb keyboard</a> that had TrackPoint, buttons and it even lacked a TouchPad (I always disable the TouchPad).<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-0k-k4ALBAFw/U_C_SY0vCzI/AAAAAAAEJTY/qYsY5EwBI4U/s1600/20140806_122056.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-0k-k4ALBAFw/U_C_SY0vCzI/AAAAAAAEJTY/qYsY5EwBI4U/s1600/20140806_122056.jpg" height="228" width="320" /></a></div>
<br />
<br />
I'm now using the W540 as my main computer and bring it everywhere. It works quite nicely now that I'm having a proper keyboard/pointing device setup, even though it shouldn't have been necessary.<br />
<br />
Other than that it seems that the overall quality of the new Lenovo series is not as good as the good old ones:<br />
<br />
<ol>
<li>The lid is thinner than before and lacks a grip for carrying. You're probably better off closing the lid before carrying it.</li>
<li>The lid has no lock mechanism.</li>
<li>Why has the power connector suddenly become square and incompatible with all old adapters?</li>
<li>Hissing sound! There's a <a href="http://forums.lenovo.com/t5/W-Series-ThinkPad-Laptops/W540-Speaker-hissing-sound/td-p/1426495">hissing sound</a> both from the speaker and when using a headset. A noise canceling headset solves this, but should not be needed for daily use.</li>
</ol>
<br />
<br />
The screen is however superb. At first I thought having a screen resolution of 2880x1620 on a 15.6" screen would be a bit too much. And for some applications it is, but in most situations it's awesome. It could be a good idea to adjust the DPI settings for your display manager. It gives you a very large work space and allows for more information on less space. I have also tested it outside in the sun thanks to it's <a href="http://en.wikipedia.org/wiki/IPS_panel">IPS LED</a> technology it's possible to work outdoors. It's not perfect, but better than my previous laptops and much better than a glossy thing that many vendors are selling.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-AaGMT3vEtVg/U_CmIY3xQ1I/AAAAAAAEJTI/Ys0QV4RSJdA/s1600/Selection_035.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-AaGMT3vEtVg/U_CmIY3xQ1I/AAAAAAAEJTI/Ys0QV4RSJdA/s1600/Selection_035.png" height="180" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-PhYsRGnEUWo/U_EcLqBLJEI/AAAAAAAEKUk/8zh4GQDegVE/s1600/20140817_201948.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-PhYsRGnEUWo/U_EcLqBLJEI/AAAAAAAEKUk/8zh4GQDegVE/s1600/20140817_201948.jpg" height="311" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<br />
The <a href="http://www.notebookcheck.net/NVIDIA-Quadro-K2100M.98900.0.html">NVidia GPU</a> is also very nice with it's 576 cuda cores, but it gets very hot when under high load and not suited for lap operations. By using an IR Thermometer I have recorded temperatures above 50C at two areas under the laptop (probably where cpu and gpu are placed).<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-xMlQoY9nqlw/U_CmHLeUbwI/AAAAAAAEJTA/qIxEy95CkWY/s1600/Selection_036.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-xMlQoY9nqlw/U_CmHLeUbwI/AAAAAAAEJTA/qIxEy95CkWY/s1600/Selection_036.png" height="320" width="306" /></a></div>
<br />
I wish Lenovo would reconsider their design and bring back the good old buttons and also consider not to try to become Apple like Dell, HP and a few others seem to be trying to. Better stand out from the crowd with proven solutions.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><span style="margin-left: auto; margin-right: auto;"><a href="http://www.techradar.com/news/mobile-computing/laptops/there-ll-never-be-a-thinkpad-without-the-red-trackpoint-nub-665258"><img border="0" src="http://1.bp.blogspot.com/-UE8P71qhG0M/U_EihWDXCBI/AAAAAAAEKU0/9mY-3gcf2rw/s1600/Selection_037.png" height="290" width="320" /></a></span></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><a href="http://www.techradar.com/news/mobile-computing/laptops/there-ll-never-be-a-thinkpad-without-the-red-trackpoint-nub-665258"><br /></a></td></tr>
</tbody></table>
<br />
If a Thinkpad is not a real Thinkpad anymore then there's no reason I should choose Thinkpad (the workaround with that Thinkpad usb keyboard+trackpad would work with any vendor and I also have to use it with my <a href="http://shop.lenovo.com/gb/en/tablets/lenovo/miix-series/lenovo-miix2-11-inch/">MIIX2 11</a> that also suffers from the same problems as the W540 except that it lacks the TrackPoint completely). larstrhttp://www.blogger.com/profile/05963794523825848062noreply@blogger.com2