Upgrading vSphere 5.1 with embedded SSO to vSphere 6 with external multi-site Platform Services Controllers

arrow-of-double-point-pointing-different-directions_318-50733

vSphere 6 Platform Services Controller Multimode setup

So this is a job I had to do recently which involves quite a few stages but on the whole works very nicely. So I decided to replicate it in my lab using the below 4 servers to show how we can upgrade and migrate from an embedded situation to an external PSC situation. This initial setup has 2 x 5.1 separate vCenter Servers with embedded SSO which will end up being 2 separate 6.0.2 vCenter servers pointing to their own Window 2012 PSCs which will be in Multisite mode.

  • 1 x Windows 2012 server with vCenter 5.1 with embedded SSO
  • 1 x Windows 2012 server with vCenter 5.1 with embedded SSO
  • 1 x Windows 2012 PSC 5.5 U3(New build) (Note we cannot build a v6 PSC at this point due to staged upgrade considerations) (This will be setup as the first PSC)
  • 1 x Windows 2012 PSC 5.5 U3 (New build) (Note we cannot build a v6 PSC at this point due to staged upgrade considerations) (This will be set up as the 2nd PSC in multi-site

PSC Information

The Platform Services Controller is available on both the Windows vCenter Server ISO or within the vCenter Server Appliance (VCSA) ISO. We will be using the Windows vCenter Server ISO.

Components that are installed with PSC 6.0 include:

  • VMware Appliance Management Service (only in Appliance-based PSC)
  • VMware License Service
  • VMware Component Manager
  • VMware Identity Management Service
  • VMware HTTP Reverse Proxy
  • VMware Service Control Agent
  • VMware Security Token Service
  • VMware Common Logging Service
  • VMware Syslog Health Service
  • VMware Authentication Framework
  • VMware Certificate Service
  • VMware Directory Service

PSC 6.0 is supported with:

  • VMware vCenter Server
  • VMware vCenter Inventory Services
  • VMware vSphere Web Client
  • VMware Log Browser
  • VMware NSX for vSphere
  • VMware Site Recovery Manager
  • VMware vCloud Air
  • VMware vCloud Director
  • VMware vRealize Automation Center
  • VMware vRealize Orchestrator
  • VMware vSphere Data Protection
  • VMware vShield Manager

What does Multi-site PSCs give us?

  • Customers are able to seamlessly move the vCenter Servers between PSCs when necessary
  • This topology allows for Enhanced Linked Mode (ELM) which is facilitated by the PSC. Starting with vSphere 6.0, the implementation of Linked Mode has changed. You no longer need to join vCenter Server instances to Linked Mode groups. You can access the replication functionality provided by Linked Mode in vSphere 6 by registering multiple vCenter Server instances to the same Platform Services Controller or joining Platform Services Controller instances in the same vCenter Single Sign-On domain
  • Enhanced Linked Mode provides for a single point of management for all vCenter Servers in the same vSphere domain
  • In vSphere 6 the Windows-based and Virtual Appliance-based vCenter Servers have the same operational maximums and can belong to the same linked mode configuration
  • The configuration replicates all license, global permissions, tags and roles across all sites
  • While it is possible to deploy PSCs over a WAN, the replication between PSCs is very latency sensitive. It is recommended that the latency between PSCs, as with any replicating directory service, to be as low as possible. Additionally, now that Enhanced Linked Mode (ELM) and all features that utilize ELM are facilitated via the PSC, for the best user experience within a vSphere environment, low latency is highly recommended
  • Regarding an environment in which multiple PSCs are in the same vSphere Domain and Enhanced Link Mode is being used, if a PSC in which a vCenter Server is connected to fails, access to this vCenter Server through a different vCenter Server’s vSphere Web Client is not possible. This is due to a user’s SAML token from the vSphere Web Client being unable to be passed to the failed PSC, thus to vCenter Server. Unless the PSC is brought back online or vCenter Server is repointed to a different PSC in the same domain, users cannot access it.

Considerations

  • It is not supported to re-register vCenter Server 5.x bits to a PSC 6.0
  • You cannot re-register vCenter Server 6.0 to a PSC 6.0 that does not reside in the existing SSO Domain.
  • You cannot install SSO 5.5 and join a PSC 6.0 (and vice versa)

High Level Overview

  1. Install new Windows Server 2012 R2 SSO 5.5 Server – version 5.5 U3 in the vSphere domain vSphere.local and site configuration Default-First-Site or whatever you want to call your first site for example
  2. Install new Windows Server 2012 R2 SSO 5.5 Server – version 5.5 U3 in the same vSphere domain vSphere.local and multisite configuration Default-Second-Site or whatever you want to call your first site for example
  3. Register/Repoint the first 5.1 embedded SSO vCenter to external 5.5 U3 SSO/PSC
  4. Register/Repoint the second 5.1 embedded SSO vCenter to external 5.5 U3 SSO/PSC
  5. Uninstall 5.1 Single Sign-On from the two 5.1 vCenters
  6. Upgrade first external SSO 5.5 to PSC 6.0 U2
  7. Upgrade second external SSO 5.5 to PSC 6.0 U2
  8. Upgrade vCenters to 6.0.2
  9. Upgrade Update Manager and vSphere Client
  10. Check Multimode using vcdrepadmin tool in command prompt

Step 1 and 2 Install 5.5 Single Sign On only on both servers in multisite mode

  • Attach the vSphere 5.5 U3 ISO to the first Windows Server 2012 R2 server
  • Select Single Sign-On and click Install

Screen Shot 2016-08-16 at 14.37.33

  • Click Next

Screen Shot 2016-08-16 at 14.38.38

  • Accept the License Agreement
  • Check the below screens details

Screen Shot 2016-08-16 at 14.40.20

  • Choose Standalone vCenter Single Sign-On server as this is the first SSO server before we attach the second in multisite mode

Screen Shot 2016-08-16 at 14.41.27

  • Leave the Site name as Default-First-Site or you can change it to what you want

Screen Shot 2016-08-16 at 14.43.04

  • HTTPS port is 7444

Screen Shot 2016-08-16 at 14.43.58

  • Check the Directory you are installing in to

Screen Shot 2016-08-16 at 14.44.33

  • Check all the final details

Screen Shot 2016-08-16 at 14.45.17

  • Attach the vSphere 5.5 U3 ISO to the second Windows Server 2012 R2 server

Screen Shot 2016-08-16 at 14.37.33

  • Click Next

Screen Shot 2016-08-16 at 14.38.38

  • Check the details

Screen Shot 2016-08-16 at 14.59.49

  • For this second 5.5 PSC, choose Multisite

Screen Shot 2016-08-16 at 15.15.56

  • Put in the Single Sign-On information putting in the partner host name as the first PSC server we set up

Screen Shot 2016-08-16 at 15.17.09

  • Check the certificate and click Next

Screen Shot 2016-08-16 at 15.18.19

  • Put in a name for the second site (Note the first PSC was Default-First-Site and this second one I have named Default-Second-Site)

Screen Shot 2016-08-16 at 15.19.12

  • HTTPS port is 7444

Screen Shot 2016-08-16 at 14.43.58

  • Check the Directory you are installing in to

Screen Shot 2016-08-16 at 14.44.33

  • Check the Final Details and click Install

Screen Shot 2016-08-16 at 15.20.59

Step 3 and 4 Repointing and reregistering VMware vCenter 5.1 to the new 5.5 SSO/PSC

After certain changes to your VMware vSphere deployment topography, you might need to re-point or re-register vCenter Server components with the vCenter Inventory Service or vCenter Single Sign-On and the vCenter Lookup Service to ensure that the components can continue to communicate.

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2033620

  • On the first vCenter, open a command prompt and change directory to C:\Program Files\VMware\Infrastructure\Inventory Service\scripts
  • Run the is-change-sso.bat command to update the stored configuration information of the Inventory Service. Point to the https address of the new 5.5 SSO server
  • is-change-sso.bat https://techlabsso002.techlab.local:7444/lookupservice/sdk “administrator@vSphere.local” “SSO_password”

Screen Shot 2016-08-17 at 09.39.21

  • Type net stop vimqueryservice
  • Type net start vimqueryservice
  • Next Register vCenter Server with a different Single Sign-On instance

During installation or upgrade, vCenter Server is registered with the Lookup Service for a vCenter Single Sign-On instance. You can change this registration to the Lookup Service for a different Single Sign-On instance. You might register vCenter Server to a different vCenter Single Sign-On instance if the original Single Sign-On instance fails, or if you add a new Single Sign-On node and want to associate vCenter Server with the new node.

Note: When you register vCenter Server to a new Single Sign-On instance, you lose these permissions:

  • All permissions created for users from the Single Sign-On system identity source
  • All permissions granted to users from identity sources that are not present in the new Single Sign-On instance
  • All permissions granted to local operating system users

To register vCenter Server to a different vCenter Single Sign-On instance:

  • Open a command prompt and change directory to C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool
  • Note: If you have installed vCenter Server in a location other than the default C:\Program Files\ folder, adjust the path
  • Unzip the sso_svccfg.zip file. Best practice is to unzip these files into a new folder and change directory to the new folder before executing the next step. Unzip to a folder called sso_svccfg
  • Run the below command
  • repoint.cmd configure-vc –lookup-server https://techlabsso002.techlab.local:7444/lookupservice/sdk –user “administrator@vSphere.local” –password “SSO_password@” –openssl-path “C:\Program Files\VMware\Infrastructure\Inventory Service\bin/”

Screen Shot 2016-08-17 at 09.54.07

  • Restart the VMware VirtualCenter Server and the VMware VirtualCenter Management Webservices services
  • Next Ignore the next step in the article which says to re-register vCenter with the Inventory Service unless any of the conditions are relevant
  • Next Register the vSphere Web Client with a different Single Sign-On instance
  • Open a command prompt and change directory to c:\Program Files\VMware\Infrastructure\vSphereWebClient\Scripts
  • Run the following command
  • client-repoint.bat https://techlabsso002.techlab.local:7444/lookupservice/sdk “administrator@vSphere.local” “SSO_password”

Screen Shot 2016-08-17 at 10.07.41

Now interestingly at this point my vSphere Web Client re-registration failed so i had a look at this KB – https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2060637 and it said my SSO password is supported with an exclamation mark. However I had to log into the web client on techlabsso002 and change the password and remove the exclamation mark in order for the registration to work!

If you have issues, it will look like this

Screen Shot 2016-08-17 at 10.43.55

  • Next you need to follow exactly the same re-registration steps for the other 5.1 vCenter server and 5.5 SSO server

Step 5 – Uninstall 5.1 Single Sign-On from the two 5.1 vCenters

  • Go to Control Panel and Uninstall

Screen Shot 2016-08-17 at 13.31.58

Step 6 and 7 – Upgrade both 5.5 SSO servers to PSC 6 servers

  • Attach the vCenter 6 iso to the first PSC server and select vCenter Server for Windows and Install

Screen Shot 2016-08-17 at 13.41.10

  • Click Next

Screen Shot 2016-08-17 at 14.15.48

  • Accept the License Agreement
  • Put in the Single Sign-On password in and you will see it going through pre-upgrade checks

Screen Shot 2016-08-17 at 14.17.16

  • Check Ports (Important for multi-site communication) (There will be further information at the end of this post about ports required

Screen Shot 2016-08-17 at 14.47.57

  • Check Destination Directories

Screen Shot 2016-08-17 at 14.48.55

  • Choose whether to join the Customer Improvement Program

Screen Shot 2016-08-17 at 14.50.11

  • Check the final details and tick I verify that I have backed up this Single Sign-On machine
  • You can see that this SSO server has a replication partner of the other SSO server techlabsso003 which is in the multi-site setup
  • Click Upgrade

Screen Shot 2016-08-17 at 14.51.08

  • You can check a couple of links such as https://techlabsso002.techlab.local/websso

Screen Shot 2016-08-17 at 15.17.42

  • Check the below link is working also –https://techlabsso002.techlab.local/psc

Screen Shot 2016-08-17 at 15.19.29

  • Next follow the exact same steps to upgrade the second SSO server to a PSC v6 server
  • You will see on the final screen in the details that this is the second site (Default-Second-Site)

Screen Shot 2016-08-17 at 15.27.00

Step 8 – Upgrade both vCenter 5.1 U3 servers to vCenter v6.0 U2

Note: vCenter needs at least 2 vCPUs and 8GB RAM

  • Attach the vSphere 6 ISO and select vCenter Server for Windows and click Install

Screen Shot 2016-08-17 at 15.30.48

  • Accept the License Agreement
  • Put in the vCenter Server credentials

Screen Shot 2016-08-17 at 16.56.12

  • It will run the pre-upgrade scripts
  • Put in the Single Sign-On password

Screen Shot 2016-08-17 at 17.20.40

  • Accept the certificate

Screen Shot 2016-08-17 at 17.22.53

  • Check Ports

Screen Shot 2016-08-17 at 17.23.20

  • Select Destination Directories

Screen Shot 2016-08-17 at 17.23.47

  • Check the details on the Ready to Upgrade Page

Screen Shot 2016-08-17 at 17.24.23

Step 9 – upgrade the vSphere Client

Step 10 -Upgrade Update Manager

Step 11 – Determining multi-site replication agreements and status with the Platform Services Controller using vdcrepadmin

Useful VMware KB Link here

Use these parameters using the vdcrepadmin CLI:

  • showservers – Displays all of the PSCs in a vSphere domain.
  • showpartners – Displays the current partnerships from a single PSC within a vSphere domain.
  • showpartnerstatus – Displays the current replication status of a PSC and any of the replication partners of the PSC.
  • createagreement and removeagreement – Allows for creation and removal of additional replication agreements between PSCs within a vSphere domain.

Steps for vdcrepadmin showservers

This steps below provide information on using the vdcrepadmin command-line interface (CLI) for reviewing the existing vSphere domain, Platform Services Controllers (PSC) that make up your vSphere domain as well as checking the replication agreements configured and replication status within your environment. Although the utility can be used for other operations, at this time, only what is documented must be executed by technical support staff and customers.

  • Log into the PSC and open a Command Prompt as Administrator
  • Navigate to cd c:\Program Files\VMware\vCenter Server\vmdird
  • Type the below command to show all the PSC Controllers in the vSphere domain

vdcrepadmin -f showservers -h PSC_FQDN -u administrator -w Administrator_Password

Example

vdcrepadmin -f showservers -h techlabsso002.techlab.local -u administrator -w Password123!

Screen Shot 2016-08-17 at 21.35.11

  • You should now see the below showing you your 2 PSCs. In my case techlabsso002 and techlabsso003

Steps for vdcrepadmin showpartners

  • Next type the following command to show the psc partners

vdcrepadmin -f showpartners -h psc1.vmware.local -u administrator -w VMw@re123

Example

vdcrepadmin -f showpartners -h techlabpsc002.techlab.local -u administrator -w Password123!

Screen Shot 2016-08-17 at 21.37.08

  • You could run this showpartners command against all PSCs to map out the topology of the current vSphere domain by re-running this command against each of the PSCs in order to determine all of the partnerships.
  • You can see that some environments will be installed in an in-line fashion, with each PSC installed against the previous PSC, rather than a hub-and-spoke fashion where all of the PSCs would terminate to a central PSC

Steps for vdcrepadmin showpartnerstatus

  • Next type the following command to show the partner replication status.
  • This CLI is limited to execution only against the local PSC. Using the command to query the replication status from one PSC to a different PSC is not yet supported.

vdcrepadmin -f showpartnerstatus -h localhost -u administrator -w Administrator_password

Example

vdcrepadmin -f showpartnerstatus -h techlabpsc002.techlab.local -u administrator -w Password123!

Screen Shot 2016-08-17 at 21.38.20

  • If you have problems with replication failing, review the /var/log/vmware/vmdird/vmdird-syslog.log or %VMWARE_LOG_DIR%\vmdird\vmdird-syslog.log file for details. This provides all information related to replication status and the objects that are replicated

What do you see with multisite?

  • When multisite is installed, you can then log in to each vCenter and see all other vCenters which are set up and control them

Multimode

Steps for vdcrepadmin createagreement – Example only with 4 PSCs as I only have 2 PSCs

  • Note: This cannot be used to create replication agreements between disparate (separate) vSphere domains
  • Map out the topology of the current vSphere domain by re-running the showpartners command against each of the PSCs in order to determine all of the partnerships

For example you have 4 PSCs

  • psc1
  • psc2
  • psc3
  • psc4

You can use the showservers parameter to get a list of all of the PSCs in the domain.

vdcrepadmin -f showpartners -h psc1.vmware.local -u administrator -w VMw@re123
ldap://psc2. vmware.local

vdcrepadmin -f showpartners -h psc2.vmware.local -u administrator -w VMw@re123
ldap://psc1. vmware.local
ldaps://psc3. vmware.local

vdcrepadmin -f showpartners -h psc3.vmware.local -u administrator -w VMw@re123
ldap://psc4. vmware.local
ldaps://psc2. vmware.local

vdcrepadmin -f showpartners -h psc4.vmware.local -u administrator -w VMw@re123
ldap://psc3. vmware.local

  • With the topology defined, we can now generate new replication agreements. Using the PSCs 1-4 in this section as a model, we need to generate additional replication agreements between:
  • PSC1.* and PSC3.*
  • PSC1.* and PSC4.*
  • PSC2.* and PSC4.*
  • Use the following command to create a new replication agreement between PSCs to generate a mesh topology:

vdcrepadmin -f createagreement -2 -h Source_PSC_FQDN -H New_PSC_FQDN_to_Replicate -u administrator -w Administrator_Password

For example:

vdcrepadmin -f createagreement -2 -h psc1.vmware.local -H psc3.vmware.local -u Administrator -w VMw@re123

vdcrepadmin -f createagreement -2 -h psc1.vmware.local -H psc4.vmware.local -u Administrator -w VMw@re123

vdcrepadmin -f createagreement -2 -h psc2.vmware.local -H psc4.vmware.local -u Administrator -w VMw@re123

  • Repeat this operation for additional PSCs until you have created an entire mesh topology.
  • After completion, repeat Step 5 to confirm that you have generated a mesh topology.
  • Note: Due to replication time, it may take a few seconds to minutes for a complete mesh topology to be configured.

Steps for vdcrepadmin removeagreement – Example only with 4 PSCs as I only have 2 PSCs

  • Map out the topology of the current vSphere domain by re-running the showpartners command against each of the PSCs in order to determine all of the partnerships

For example you have 4 PSCs

  • psc1
  • psc2
  • psc3
  • psc4

You can use the showservers parameter to get a list of all of the PSCs in the domain.

vdcrepadmin -f showpartners -h psc1.vmware.local -u administrator -w VMw@re123
ldap://psc2. vmware.local
ldap://psc3. vmware.local
ldap://psc4. vmware.local

vdcrepadmin -f showpartners -h psc2.vmware.local -u administrator -w VMw@re123
ldap://psc1. vmware.local
ldap://psc3. vmware.local
ldap://psc4. vmware.local

ldap://psc4. vmware.local

vdcrepadmin -f showpartners -h psc3.vmware.local -u administrator -w VMw@re123
ldap://psc4. vmware.local
ldap://psc2. vmware.local
ldap://psc1. vmware.local

vdcrepadmin -f showpartners -h psc4.vmware.local -u administrator -w VMw@re123
ldap://psc3. vmware.local
ldap://psc1. vmware.local
ldap://psc2. vmware.local

  • Use the following command to remove a replication agreement

vdcrepadmin -f removeagreement -2 -h Source_PSC_FQDN -h PSC_FQDN_to_Remove_from_Replication -u administrator -w Administrator_Password

For example:

vdcrepadmin -f removeagreement -2 -h psc1.vmware.local -h psc3.vmware.local -u administrator -w Administrator_Password

vCenter and PSC Ports

Ports can also be seen here in the vSphere Documentation Center

The table below shows all the ports which vCenter uses but multisite communication only needs a subset of these ports

Screen Shot 2016-08-17 at 15.08.10

What ports need to be open between sites for PSC Multisite Mode?

Some situations exist where communication within the same SSO domain can be blocked by external firewalls. The ports which should be open are

PSC to PSC should be 389, 636, 2012, 2014, 2020 and 7444 (Plus 11711 and 11712 if using 5.5)

VC to VC should be 443

PSC to VC should be 443, 389, 636, 11711,11712 and 2012 (11711 and 11712 legacy)

vCenter to vCenter

techlabvcs004 vCenter to techlabvcs005 vCenter – 443

techlabvcs005 vCenter to techlabvcs004 vCenter – 443

PSC to PSC

techlabsso002 PSC to techlabsso003 PSC – 389, 636, 11711, 11712, and 2012 (11711 and 11712 legacy)

techlabsso003 PSC to techlabsso002 PSC – 389, 636, 11711, 11712, and 2012 (11711 and 11712 legacy)

vCenter to PSC 

techlabvcs004 vCenter to techlabsso002 PSC – 443, 389, 636, 2012, 2014, 2020, and 7444 (plus 11711 and 11712 if using 5.5)

techlabvcs004 vCenter to techlabsso003 PSC – 443, 389, 636, 2012, 2014, 2020, and 7444 (plus 11711 and 11712 if using 5.5)

techlabvcs005 vCenter to techlabsso002 PSC – 443, 389, 636, 2012, 2014, 2020, and 7444 (plus 11711 and 11712 if using 5.5)

techlabvcs005 vCenter to techlabsso003 PSC – 443, 389, 636, 2012, 2014, 2020, and 7444 (plus 11711 and 11712 if using 5.5)

Setting up an F5 Load Balancer v12

arrow-of-double-point-pointing-different-directions_318-50733

Instructions

  • On the F5 website, click trial license and download your software and request a license to be emailed to you (F5 BIG-VE-LAB-LIC)

https://f5.com/products/trials/product-trials

F5a

  • Download the installer (ESXi Server)

F5b

  • Open vCenter and select File > Deploy OVF Template

F5c

  • Accept License agreement
  • Put in a name

F5dPNG

  • Check the resources

f55PNG

  • Choose the storage

f56PNG

  • Choose disk formatting options

f57PNG

  • Check network mappings
  • Management and Internal need to be on different networks so my machines will sit on the F5 network. I’m not worried about the oher 2 networks for now as I will use the management and the Internal only

F5e

  • Check details
  • Click Finish

F5f

  • Power on the appliance
  • Put in root as the username and default as the password
  • Type config and the following screen will open

vRAD133

  • Say No to automatically configured address
  • Put in your IP address, Subnet Mask and Gateway
  • You should now be able to log into the interface on https://youripaddress

vRAD134

  • The username is admin and the password is admin

vRAD135

  • You will need to activate the license which will have been emailed to you

vRAD136

  • Accept the license agreement

vRAD137

  • You should now see the below screen which shows you current resource reservations, License status and disk provisioning figures

vRAD138

  • Click Next and you will now see your device certificates screen

Screen Shot 2016-07-07 at 10.45.49

  • You will now be on the General properties screen
  • Add in your Hostname in FQDN format, Timezone and change the Root and Admin account password and any other details which require changing

Screen Shot 2016-07-07 at 10.49.55

  • It will ask you to Log out and in again
  • When you log back in you will be presented with a network screen
  • Click Next

F5g

  • Click Next on the page below

F5h

  • On the VLANs page put in a self IP, and subnet mask this needs to be an address on your internal network, in my case the F5 network
  • Put in a floating IP address on the same network
  • In Internal VAN configuration, select the 1.0 VLAN interface and select untagged and click Add

F5i

  • Interface 1.0 is the Management interface that was initialized during the deployment of the OVA and configured earlier in this document.
  • As mentioned earlier for the purpose of this document we will be utilizing only the Internal (Interface 1.1) Interface for load balancing
  • The Internal Interface or Interface 1.1 corresponds to Network Adapter 2 of our F5 appliance
  • You are now on the External Network Configuration screen
  • In External Network Configuration, Choose Select existing VLAN and select Internal
  • In External VLAN configuration delete anything in interfaces then add 1.2 as untagged

F5k

  • On the High Availability screen do the same as the above and Select existing VLAN as Internal
  • On the High Availability VLAN Configuration screen, delete the interface in interfaces and choose 1.3 and untagged and add

F5l

  • Add in the NTP Configuration. I just pointed to my domain controller.

F5m

  • Make sure the correct DNS Lookup Servers and DNS search Domain have been added.

vRAD143

  • Click Next, Next, Next until you get to the Finished screen

F5o

  • You will now be on the default F5 page and ready to set up load balancing

Setting up VMware vCenter PSCs with an F5 Load Balancer

Please see the below link to see the F5 in action 🙂

vSphere 6 Platform Services Controller HA Setups – High Availability with an F5 Load Balancer

Useful Links

http://kaloferov.com/blog/configuring-vrealize-automation-load-balancing-using-f5-big-ip/

http://networkjutsu.com/f5-big-ip-ltm-ve-home-lab/

https://downloads.f5.com/esd/ecc.sv?sw=BIG-IP&pro=big-ip_v11.x&ver=11.6.0&container=Virtual-Edition

vSphere 6 Platform Services Controller HA Setups – High Availability with an F5 Load Balancer

arrow-of-double-point-pointing-different-directions_318-50733

vSphere 6 Platform Services Controller HA Setups – High Availability

Useful Links

Useful VMware Feature Walkthrough Link here

VMware vCenter Server 6.0 Deployment Guide here Includes F5 setup steps in the Appendix.

vCenter Single Sign-On and Platform Services Controller High Availability Compatibility Matrix here

Configuring Windows PSC 6.0 High Availability for vSphere 6.0 (2113085) here

Information

When configuring PSC High Availability, the load balanced pair are required to be the same type; it is not supported to mix Appliance-Base and Windows-Based PSCs in the same load balanced pair.

New to vSphere 6.0, both the Appliance-based PSC and Windows-based PSC can be deployed in both multi-site or high availability configurations. Additionally, if you need multi-site in conjunction with high availability, you can now setup your vSphere environment to have multi-sites and then configure each site with secondary PSCs. A load balancer is still required per site to provide high-availability. Only local load balancers (often times referred to as LTM, or Local Traffic Manager) are supported for PSC HA

PSC Config (Lab Setup)

1 x Windows 2012 Server – techlabpsc001 (192.168.2.152/24)

1 x Windows 2012 Server – techlabpsc002 (192.168.2.153/24)

Load Balanced Name – psclb.techlab.local

Load Balanced IP – 192.168.2.155

F5 Load Balancer is Version 12

Steps to enable High Availability on 2 Platform Service Controllers

  • Install Windows 2012 on a new server
  • Attach the vCenter 6 ISO to the server
  • In the software directory, double click the autorun installer

Screen Shot 2016-07-06 at 10.44.22

  • Accept the License Agreement
  • Choose External Deployment > Platform Services Controller

Screen Shot 2016-07-06 at 10.45.19

  • Put in a FQDN System Network Name for the Platform Services Controller

Screen Shot 2016-07-06 at 10.46.41

  • Ignore the warning below but do make sure you have added a DNS entry for the PSC into your DNS server and that it is joined to the domain

Screen Shot 2016-07-06 at 10.48.47

  • As this is the first PSC, you will need to select Create a new vCenter Single Sign-On domain.
  • Enter an SSO password
  • Put in the Site Name. In this case I am just using the name England-Site

Screen Shot 2016-07-06 at 15.14.33

  •  Check the ports which need to be available

Screen Shot 2016-07-06 at 10.53.24

  • Select the destination directory

Screen Shot 2016-07-06 at 10.54.27

  • Choose whether to join the VMware Customer experience program

Screen Shot 2016-07-06 at 10.55.09

  • Double check the details you have entered

Screen Shot 2016-07-06 at 10.56.12

  • Once installed you should see the below screen

Screen Shot 2016-07-06 at 11.06.57

NEXT Install the second Platform Services Controller

  • In the software directory, double click the autorun installer

Screen Shot 2016-07-06 at 10.44.22

  • Accept the License Agreement
  • Choose External Deployment > Platform Services Controller

Screen Shot 2016-07-06 at 10.45.19

  • Put in a FQDN System Network Name for the Platform Services Controller

Screen Shot 2016-07-06 at 16.54.10

  • Select Join a vCenter Single Sign-On domain
  • Put in the first PSC FQDN
  • Put in the SSO password

Screen Shot 2016-07-06 at 16.55.12

  • Accept the Certificate

Screen Shot 2016-07-06 at 16.56.42

  • Select to join an existing site which is my England site

Screen Shot 2016-07-06 at 16.57.25

  • Check the Configure Ports screen

Screen Shot 2016-07-06 at 16.58.29

  • Choose your Destination Directory

Screen Shot 2016-07-06 at 16.59.08

  • Choose whether to join the Customer Experience Program
  • Check the final details and Install

Screen Shot 2016-07-06 at 16.59.50

NEXT: Now we need to download the scripts used to setup a cluster of PSC nodes into a highly available configuration from here

  • Download and unzip the scripts into a folder called c:\sso-ha

Screen Shot 2016-07-06 at 15.34.44

  • You should see the scripts here

Screen Shot 2016-07-06 at 15.43.35

  • Go to the first Platform Services Controller
  • Open a Command Prompt and add Python to the path
  • Type path=%PATH%;%VMWARE_PYTHON_HOME%

Screen Shot 2016-07-06 at 15.40.42

  • Type cd c:\sso-ha
  • Type python gen-lb-cert.py –primary-node –lb-fqdn=loadbalancerFQDN Where loadbalancerFQDN is the FQDN of the load balancer’s virtual IP used for load balancing the Platform Service Controllers
  • In my case I typed python gen-lb-cert.py –primary-node –lb-fqdn=psclb.techlab.local

Screen Shot 2016-07-06 at 16.15.57

  • This also generates a ha folder on the C Drive
  • Next Setup your load balancer to balance between the two Platform Service Controllers on ports 443, 2012, 2014, 2020, 389, and 636. See the vCenter Server 6.0 Deployment Guide – Page 88 for specific instructions on configuring the load balancer or read my notes below

My F5 v12 Load Balancer Notes below

  • Download the lb.p12 file from the c:\ha folder from the first Platform Services Controller.

Screen Shot 2016-07-07 at 13.51.56

  • Log in to the F5 BIG-IP configuration Web page.
  • Click System.
  • Open File Management, SSL Certificate List.

Screen Shot 2016-07-07 at 13.48.23

  • Click Import.
  • For Import Type, select PKCS

Screen Shot 2016-07-07 at 13.51.03

  • Provide a descriptive Certificate Name. Browse for the Certificate downloaded earlier. Click Import.

Screen Shot 2016-07-07 at 13.57.47

  • You should now see the certificate as per below screenprint (psclb)

Screen Shot 2016-07-07 at 14.29.09

  • Click Local Traffic.
  • Open Profiles, SSL, Client.

Screen Shot 2016-07-07 at 14.05.41

  • Click Create.
  • Provide a descriptive Name. In my case psclb
  • Click Custom under Configuration
  • Click Add under Certificate Key Chain

Screen Shot 2016-07-07 at 14.10.05

Screen Shot 2016-07-07 at 14.11.35

  • Choose the Certificate and Key installed earlier.
  • Enter the Passphrase for the certificate. In this case it was changeme
  • Click Add.

Screen Shot 2016-07-07 at 14.31.32

  • Scroll to the bottom and click Finished. You will be taken back to the screen below

Screen Shot 2016-07-07 at 14.32.04

  • Open Profiles, SSL, Server.

Screen Shot 2016-07-07 at 14.34.11

  • Click Create.
  • Provide a descriptive Name.
  • Click Custom.

Screen Shot 2016-07-07 at 14.34.11

  • Choose the Certificate and Key installed earlier.

Screen Shot 2016-07-07 at 14.37.05

  • Scroll to the bottom and click Finished

Screen Shot 2016-07-07 at 14.38.40

  • Open Nodes, Node List.
  • Click Create.

Screen Shot 2016-07-07 at 14.40.12

  • Add all Platform Services Controllers as a node. (I added my 2 PSC Nodes techlabpsc002 and techlabpsc003)
  • Use Repeat to speed up the process.

Screen Shot 2016-07-07 at 14.45.24

  • Open Pools, Pool List.
  • Click Create.

Screen Shot 2016-07-07 at 14.47.07

  • Create six pools, one each for port 443, 2012, 2014, 2020, 389, and 636.
  • All pools have the same Configuration, tcp for monitoring, and Round Robin for Load Balancing Method.
  • Add both psc servers to he New Members box
  • Use Repeat to save time: Remove the existing members from the list.

Screen Shot 2016-07-07 at 14.49.48

Screen Shot 2016-07-07 at 14.57.16

Screen Shot 2016-07-07 at 14.58.39

  • Open Virtual Servers, Virtual Server List.

Screen Shot 2016-07-07 at 15.04.19

  • Click Create.
  • All virtual servers—except the one for port 443—have the same configuration.
  • Provide a descriptive Name.
  • Enter the Destination Address. (The Load Balanced address)
  • For Service Port, enter 443 and HTTPS
  • For SSL Profile (Client), select the client profile created earlier.
  • For SSL Profile (Server), select the client profile created earlier.
  • For Source Address Translation, select Auto Map.
  • For the Default Pool, select the pool created for port 443.
  • For the Default Persistence Profile, select source_addr.
  • Click Finished
  • Repeat the steps above from Click Create to create virtual servers for all other ports: 2012, 2014, 2020, 389, and 636. All settings are the same as port 443, except there is no SSL Profile (Client) or SSL Profile (Server) and the Service Port and Default Pool should match. For example, if the Service Port is 2012, the Default Pool should be the pool set up for port 2012.

Screen Shot 2016-07-07 at 15.16.06

Screen Shot 2016-07-07 at 15.16.43

  • Open Profiles, Persistence.
  • Click source_addr.

Screen Shot 2016-07-07 at 15.26.51

  • Check Match Across Services and click Update

Screen Shot 2016-07-07 at 15.27.54

  • After both Platform Services Controller nodes have been installed and configured, click Network Map and verify that all services are up (green).

Screen Shot 2016-07-07 at 15.32.13

  • Next log into the second PSC
  • Copy the sso-ha and ha folder from the first Platform Services Controller into the c: drive.
  • Copy C:\ProgramData\VMware\vCenterServer\cfg\sso\keys from the first Platform Services Controller to c:\ha\keys.
  • Open a command prompt.
  • Add Python to your path by typing: path=%PATH%;%VMWARE_PYTHON_HOME%

F5q

  • Change directories to c:\sso-ha.
  • Run: python gen-lb-cert.py –secondary-node –lb-fqdn=loadbalancerFQDN –lb-certfolder=C:\ha –sso-serversign-folder=c:\ha\keys\ where loadbalancerFQDN is the FQDN of the load balancer’s VIP used for load-balancing the Platform Services Controllers

F5r

  • Repeat this step on any additional PSCs
  • On one Platform Services Controller, update the endpoint URL by running: python lstoolHA.py –hostname=FQDNofLocalMachine –lb-fqdn=loadbalancerFQDN –lb-cert-folder=C:\ha –user=Administrator@SSODomain –password=”password” where FQDNofLocalMachine is the FQDN of the machine where the script is being run, loadbalancerFQDN is the FQDN of the load balancer’s VIP used for load balancing the Platform Services Controllers, SSODomain is the vCenter Single Sign-On domain (by default vsphere.local), and password is the password for the vCenter Single Sign-On administrator. The password parameter is optional; if not specified, you will be prompted for it.

C:\sso-ha> python lstoolHA.py –hostname=techlabpsc002.techlab.local –lb-fqdn=psclb.techlab.local –lb-cert-folder=C:\ha –user=Administrator@vsphere.local

Screen Shot 2016-07-07 at 18.08.37

  • To verify the endpoints have been updated correctly run these commands using the First PSC Node FQDN entry:
  • Obtain the Site ID by running the following

“C:\Program Files\VMware\vCenter Server\python\python.exe” “C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts\lstool.py” get-site-id –url https://psc_node_1_fqdn/lookupservice/sdk

F5s

F5t

  • Using the output sitename from the previous step, run these commands to verify the endpoints have been updated with the Load Balanced FQDN:

“C:\Program Files\VMware\vCenter Server\python\python.exe” “C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts\lstool.py” list –url https://psc_node_1_fqdn/lookupservice/sdk –site My_Site_ID –type cs.license | findstr “URL:”

F5u

“C:\Program Files\VMware\vCenter Server\python\python.exe” “C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts\lstool.py” list –url https://psc_node_2_fqdn/lookupservice/sdk –site My_Site_ID –type cs.identity | findstr “URL:”

  • Should bring back the same information as the above screenprint
  • Follow the steps to install a new external vCenter Server. When asked for the Platform Services Controller, enter the FQDN of the load balancer’s VIP.

 

 

vSphere 6 Platform Services Controller HA Setups – Enhanced Linked Mode

arrow-of-double-point-pointing-different-directions_318-50733

vSphere 6 Platform Services Controller HA Setups – Enhanced Linked Mode

To install vCenter Server with 2 or more external Platform Services Controllers, first install a Platform Services Controller for Windows followed by a second Platform Services Controller joined to the same domain The Platform Services Controller contains the common services, such as vCenter Single Sign-On and the License service, which can be shared across several vCenter Server instances.

You can install many Platform Services Controllers and join them to the same vCenter Single Sign-On domain. Concurrent installations of Platform Services Controllers are not supported. You must install the Platform Services Controllers in a sequence.

1. Enhanced Linked Mode

When you select to join an existing vCenter Single Sign-On domain, you enable the Enhanced Linked Mode feature. Your Platform Services Controller will replicate infrastructure data with the joined vCenter Single Sign-On server.

Note: You can use the appliance or a Windows Server. In the steps below, I have 2 Windows servers I am using as an example

Steps to enable Enhanced Linked Mode on 2 Platform Service Controllers

  • Install Windows 2012 on a new server
  • Attach the vCenter 6 ISO to the server
  • In the software directory, double click the autorun installer

Screen Shot 2016-07-06 at 10.44.22

  • Accept the License Agreement
  • Choose External Deployment > Platform Services Controller

Screen Shot 2016-07-06 at 10.45.19

  • Put in a FQDN System Network Name for the Platform Services Controller

Screen Shot 2016-07-06 at 10.46.41

  • Ignore the warning below but do make sure you have added a DNS entry for the PSC into your DNS server and that it is joined to the domain

Screen Shot 2016-07-06 at 10.48.47

  • As this is the first PSC, you will need to select Create a new vCenter Single Sign-On domain.
  • Enter an SSO password

Screen Shot 2016-07-06 at 10.50.31

  •  Check the ports which need to be available

Screen Shot 2016-07-06 at 10.53.24

  • Select the destination directory

Screen Shot 2016-07-06 at 10.54.27

  • Choose whether to join the VMware Customer experience program

Screen Shot 2016-07-06 at 10.55.09

  • Double check the details you have entered

Screen Shot 2016-07-06 at 10.56.12

  • Once installed you should see the below screen

Screen Shot 2016-07-06 at 11.06.57

Now we need to move on to the second PSC and install this in Enhanced Linked Mode

  • Install Windows 2012 on a new server
  • Attach the vCenter 6 ISO to the server
  • In the software directory, double click the autorun installer
Screen Shot 2016-07-06 at 10.44.22
  • Accept the License Agreement
  • Choose External Deployment > Platform Services Controller

Screen Shot 2016-07-06 at 10.45.19

  • Put in a name for your second PSC Controller

Screen Shot 2016-07-06 at 11.14.33

  • Ignore the warning below but do make sure you have added a DNS entry for the PSC into your DNS server and that it is joined to the domain

Screen Shot 2016-07-06 at 10.48.47

  • As this is the second PSC, you will need to Join an existing vCenter Single Sign-On domain and put in the FQDN of the first PSC created earlier
  • Enter the Single Sign-On password

Screen Shot 2016-07-06 at 11.16.35

  • Accept the certificate

Screen Shot 2016-07-06 at 11.32.39

  • Select to join an existing site which in this case is the Default-First-Site

Screen Shot 2016-07-06 at 11.35.22

  • Check the Ports screen

Screen Shot 2016-07-06 at 11.36.55

  • Choose the Destination Directory

Screen Shot 2016-07-06 at 11.37.37

  • Select whether to join the Customer Experience Program

Screen Shot 2016-07-06 at 11.38.15

  • Check the final details

Screen Shot 2016-07-06 at 11.39.06

  • Finish.
  • The 2 PSCs are now set up in Enhanced Linked Mode

Determining replication agreements and status with the Platform Services Controller using vdcrepadmin

Useful VMware KB Link here

Use these parameters using the vdcrepadmin CLI:

  • showservers – Displays all of the PSCs in a vSphere domain.
  • showpartners – Displays the current partnerships from a single PSC within a vSphere domain.
  • showpartnerstatus – Displays the current replication status of a PSC and any of the replication partners of the PSC.
  • createagreement and removeagreement – Allows for creation and removal of additional replication agreements between PSCs within a vSphere domain.

Steps for vdcrepadmin showservers

This steps below provide information on using the vdcrepadmin command-line interface (CLI) for reviewing the existing vSphere domain, Platform Services Controllers (PSC) that make up your vSphere domain as well as checking the replication agreements configured and replication status within your environment. Although the utility can be used for other operations, at this time, only what is documented must be executed by technical support staff and customers.

  • Open a Command Prompt as Administrator
  • Navigate to cd c:\Program Files\VMware\vCenter Server\vmdird
  • Type the below command to show all the PSC Controllers in the vSphere domain

vdcrepadmin -f showservers -h PSC_FQDN -u administrator -w Administrator_Password

Example

vdcrepadmin -f showservers -h techlabpsc002.techlab.local -u administrator -w Password123!

Screen Shot 2016-07-06 at 12.06.30

  • You should now see the below showing you your 2 PSCs

Screen Shot 2016-07-06 at 12.11.11

Steps for vdcrepadmin showpartners

  • Next type the following command to show the psc partners

vdcrepadmin -f showpartners -h psc1.vmware.local -u administrator -w VMw@re123

Example

vdcrepadmin -f showpartners -h techlabpsc002.techlab.local -u administrator -w Password123!

Screen Shot 2016-07-06 at 13.26.09

  • You could run this showpartners command against all PSCs to map out the topology of the current vSphere domain by re-running this command against each of the PSCs in order to determine all of the partnerships.
  • You can see that some environments will be installed in an in-line fashion, with each PSC installed against the previous PSC, rather than a hub-and-spoke fashion where all of the PSCs would terminate to a central PSC

Steps for vdcrepadmin showpartnerstatus

  • Next type the following command to show the partner replication status.
  • This CLI is limited to execution only against the local PSC. Using the command to query the replication status from one PSC to a different PSC is not yet supported.

vdcrepadmin -f showpartnerstatus -h localhost -u administrator -w Administrator_password

Example

vdcrepadmin -f showpartnerstatus -h techlabpsc002.techlab.local -u administrator -w Password123!

Screen Shot 2016-07-06 at 13.34.48

  • If you have problems with replication failing, review the /var/log/vmware/vmdird/vmdird-syslog.log or %VMWARE_LOG_DIR%\vmdird\vmdird-syslog.log file for details. This provides all information related to replication status and the objects that are replicated

Steps for vdcrepadmin createagreement – Example only with 4 PSCs as I only have 2 PSCs

  • Note: This cannot be used to create replication agreements between disparate (separate) vSphere domains
  • Map out the topology of the current vSphere domain by re-running the showpartners command against each of the PSCs in order to determine all of the partnerships

For example you have 4 PSCs

  • psc1
  • psc2
  • psc3
  • psc4

You can use the showservers parameter to get a list of all of the PSCs in the domain.

vdcrepadmin -f showpartners -h psc1.vmware.local -u administrator -w VMw@re123
ldap://psc2. vmware.local

vdcrepadmin -f showpartners -h psc2.vmware.local -u administrator -w VMw@re123
ldap://psc1. vmware.local
ldaps://psc3. vmware.local

vdcrepadmin -f showpartners -h psc3.vmware.local -u administrator -w VMw@re123
ldap://psc4. vmware.local
ldaps://psc2. vmware.local

vdcrepadmin -f showpartners -h psc4.vmware.local -u administrator -w VMw@re123
ldap://psc3. vmware.local

  • With the topology defined, we can now generate new replication agreements. Using the PSCs 1-4 in this section as a model, we need to generate additional replication agreements between:
  • PSC1.* and PSC3.*
  • PSC1.* and PSC4.*
  • PSC2.* and PSC4.*
  • Use the following command to create a new replication agreement between PSCs to generate a mesh topology:

vdcrepadmin -f createagreement -2 -h Source_PSC_FQDN -H New_PSC_FQDN_to_Replicate -u administrator -w Administrator_Password

For example:

vdcrepadmin -f createagreement -2 -h psc1.vmware.local -H psc3.vmware.local -u Administrator -w VMw@re123

vdcrepadmin -f createagreement -2 -h psc1.vmware.local -H psc4.vmware.local -u Administrator -w VMw@re123

vdcrepadmin -f createagreement -2 -h psc2.vmware.local -H psc4.vmware.local -u Administrator -w VMw@re123

  • Repeat this operation for additional PSCs until you have created an entire mesh topology.
  • After completion, repeat Step 5 to confirm that you have generated a mesh topology.
  • Note: Due to replication time, it may take a few seconds to minutes for a complete mesh topology to be configured.

Steps for vdcrepadmin removeagreement – Example only with 4 PSCs as I only have 2 PSCs

  • Map out the topology of the current vSphere domain by re-running the showpartners command against each of the PSCs in order to determine all of the partnerships

For example you have 4 PSCs

  • psc1
  • psc2
  • psc3
  • psc4

You can use the showservers parameter to get a list of all of the PSCs in the domain.

vdcrepadmin -f showpartners -h psc1.vmware.local -u administrator -w VMw@re123
ldap://psc2. vmware.local
ldap://psc3. vmware.local
ldap://psc4. vmware.local

vdcrepadmin -f showpartners -h psc2.vmware.local -u administrator -w VMw@re123
ldap://psc1. vmware.local
ldap://psc3. vmware.local
ldap://psc4. vmware.local

ldap://psc4. vmware.local

vdcrepadmin -f showpartners -h psc3.vmware.local -u administrator -w VMw@re123
ldap://psc4. vmware.local
ldap://psc2. vmware.local
ldap://psc1. vmware.local

vdcrepadmin -f showpartners -h psc4.vmware.local -u administrator -w VMw@re123
ldap://psc3. vmware.local
ldap://psc1. vmware.local
ldap://psc2. vmware.local

  • Use the following command to remove a replication agreement

vdcrepadmin -f removeagreement -2 -h Source_PSC_FQDN -h PSC_FQDN_to_Remove_from_Replication -u administrator -w Administrator_Password

For example:

vdcrepadmin -f removeagreement -2 -h psc1.vmware.local -h psc3.vmware.local -u administrator -w Administrator_Password

vRealize Operations Manager 6.2 Dashboards – Using a Helpdesk Dashboard

Screen Shot 2016-06-09 at 15.04.19

Using a Helpdesk Dashboard

Thank to Sunny Dua and Iwan Rahabok for the xml files and dashboard

This Help Desk Dashboard can be ideally used by your Helpdesk team to quickly understand the infrastructure areas which could be a performance bottleneck for a virtual machine.

Use Cases

Use Case 1
  • Quickly search for an affected VM & look at the Key Performance Indicators to get a direction for further troubleshooting (CPU, RAM, DISK, NETWORK etc.)
Use Case 2
  • Quickly review the utilization of a VM for a past few days to months in case you have a request for resource addition such as CPU or Memory expansion.
Use Case 3
  • This can also help the VM Right-Sizing Efforts as you can easily pull out the statistics around CPU or RAM utilization going back in Time and share the same with the app owners to get approvals on right-sizing.

Key Metrics

Here are the key metrics which can be viewed with a click of a button in this dashboard
  • CPU Usage %
  • CPU Contention %
  • Memory Usage %
  • Memory Contention %
  • Network Workload %
  • Virtual Disk Latency (ms) aggregate for all disks in the VM

Instructions

  • Download the Dashboard here
  • Click on the Content tab and click on Manage Metric Config in the inventory window (you need vROps 6.0.1 or later versions for you to see this option.
  • Under Manage Metric Config, click on ResKndMetric directory and click on the + Sign to create a new XML named – vmperf.xml
  • Paste the following xml code in blue color on the right pane and click on Save

Note: if you want to know how to create these files then Viktor van den Berg has a great blog below on configuring these.

http://www.viktorious.nl/2015/12/07/vrops-how-to-create-and-use-a-metric-xml-configuration-file/

<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?>
<AdapterKinds>
<AdapterKind adapterKindKey=”VMWARE”>
<ResourceKind resourceKindKey=”VirtualMachine”>
<Metric attrkey=”cpu|usage_average” label=”” unit=”%” yellow=”85″ orange=”90″ red=”95″ />
<Metric attrkey=”cpu|capacity_contentionPct” label=”” unit=”%” yellow=”15″ orange=”20″ red=”30″ />

<Metric attrkey=”mem|usage_average” label=”” unit=”%” yellow=”85″ orange=”90″ red=”95″ />
<Metric attrkey=”mem|host_contentionPct” label=”” unit=”%” yellow=”15″ orange=”20″ red=”30″ />

<Metric attrkey=”net|workload” label=”” unit=”%” yellow=”85″ orange=”90″ red=”95″ />
<Metric attrkey=”virtualDisk:Aggregate of all instances|totalLatency” label=”” unit=”ms” yellow=”20″ orange=”30″ red=”40″ />
<Metric attrkey=”virtualDisk:Aggregate of all instances|commandsAveraged_average” label=”” unit=”IOPS” yellow=”10000″ orange=”30000″ red=”40000″ />
<Metric attrkey=”diskspace|snapshot” label=”” unit=”” yellow=”1″ orange=”2″ red=”3″ />
</ResourceKind>
</AdapterKind>
<AdapterKind adapterKindKey=”bbb”>
</AdapterKind>
</AdapterKinds>

Dashboards19

  • Import the dashboard file which we downloaded before. Click on Content > Dashboards > Settings Button > Import Dashboards and import the HELPDESKDB.json

Dashboards20

  • Share the Dashboard

Dashboards21

  • Now select the newly created HELPDESK Dashboard and drag & drop it on the groups with whom you want to share the same
  • Next click Home > Dashboards and have a look at whats going on

Dashboards22

 

 

vRealize Operations Manager 6.2 Dashboards – Building a Capacity and Performance Dashboard

Screen Shot 2016-06-09 at 15.04.19

Building a Capacity and Performance Dashboard

Dashboards are the primary visualization tool for users of VMware vRealize Operations Manager (vROps). This tool provides graphic representation of vROps data and displays overall infrastructure health.

This dashboard does have 15 Super Metrics, 6 Views and 1 Customized XML file which helps you build the entire dashboard

What does the dashboard do?

  • This lists all the clusters you are monitoring through vRealize Operations Manager 6.x
  • This widget display the key capacity metrics from a CPU, Memory & Storage perspective.
  • This widget provides the Peak & Average CPU Usage by an Virtual Machine in the selected cluster. This would basically give you an idea of how the virtual machines are using CPU in your environment. Is it Too Busy, Less Busy etc.
  • While the previous widget measure the usage, this widget looks at Peak & Average CPU Contention% which defines whether the demand of the CPU is being met without Contention at the CPU. Contention% is the key metric to measure CPU performance.
  • This widget provides the Peak & Average Memory Usage by a Virtual Machine in the selected cluster. This would basically give you an idea of how the virtual machines are using RAM in your environment. Is it Too Busy, Less Busy etc.
  • Similar to CPU Contention, for Memory performance you need to measure the Memory Contention %. With this widget we measure the Peak & Average memory contention experienced by any virtual machine in the cluster. The contention will be seen as soon as you have memory over-commitment and more demand than supply which is not a great sign.
  • This widget shows the Peak & Average IOPS done by any virtual machine in the selected cluster.
  • Alongside the IOPS you can see the Peak and Average Virtual Disk latency experienced by the virtual machines.

Use cases for this dashboard

  • Performance SLA Monitoring – If you have an agreed Performance SLA with the business measured in CPU & Memory Contention and Disk Latency then you can easily keep a track with this dashboard.
  • Performance Trending – Since this dashboard allows you to view the data from the past you can easily go back in time and look at how performance metrics trend in your environment.
  • Performance Driven Capacity Planning – This one is my favorite as you can now take capacity decisions based on your performance metrics. This basically means that if you need to ensure that as soon as you see performance metrics.
  • Capacity Overview – The capacity piece is quite obvious from the scorecard which talks about the consolidation ratios, summary of resources and the capacity remaining. With this in place you can easily see what kind of performance you are getting with over commitment of resources.

Download the following files

Instructions

  • Import Supermetrics and enable them in the policy
  • Login to vROps with an account with Admin Privileges. Click on Content -> Super Metrics. Click on the Blue Wheel Icon and click on Import Super Metric

Dashboards1

  • Once they are all imported they should look like this

Dashboards2

  • Next enable these Super Metrics for collection in the Default Policy. Click on Administration > Policies > Policy Library > Select the Default Policy > Click on the Pencil shaped icon to Edit the policy

Dashboards3

  • Now click on the Collect Metrics and Properties option in the Edit Monitoring Policy Wizard and click on Collapse to see all the columns.

Dashboards4

  • Click on Attribute type and uncheck everything except Supermetric to list all the of them.

Dashboards5

  • On Object Type select Cluster Compute Resource under the vCenter Adapter to list all the Super Metrics attached to a Cluster Object and you should see all the 15 super metrics which we imported earlier.

Dashboards6

  • Finally, just select all the 15 metrics using CTRL + Mouse Left Click and click on Actions -> Enable to enable collection on all these super metrics

Dashboards8

  • Click Save

Next Importing Views

  • Click on Content -> Views -> Blue Wheel Icon -> Import

Dashboards9

  • Import the AllViews.xml file

Dashboards10

  • This would give you 6 new Views which the dashboard uses. Now let’s create an XML for the Capacity Score card.
  • Click on Content -> Manage Metric Config (You need vROps 6.0.2 or above), highlight the ResKndMetric Directory and click on the Green + Sign to add an XML.

Dashboards12

  • Name the XML as Custom-Capacity-Data.xml and click on OK

Dashboards13

  • You now need to enter the below xml code

<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?>
<AdapterKinds>
<AdapterKind adapterKindKey=”VMWARE”>
<ResourceKind resourceKindKey=”ClusterComputeResource”>

<Metric attrkey=”summary|total_number_hosts” label=”ESXi Hosts” unit=” ” yellow=”63″ orange=”64″ red=”65″ />
<Metric attrkey=”summary|total_number_datastores” label=”Datastores” unit=” ” yellow=”255″ orange=”256″ red=”257″ />
<Metric attrkey=”summary|total_number_vms” label=”VMs and Templates” unit=” ” yellow=”5000″ orange=”6000″ red=”8000″ />

<Metric attrkey=”Super Metric|sm_a5a9c11a-f27c-446c-8bd5-48a11124b543″ label=”Total Datastore Capacity(TB)” unit=”” yellow=”16383″ orange=”16384″ red=”16385″ />
<Metric attrkey=”Super Metric|sm_6ad28eb5-ef7e-4a88-8fb7-8b4225944f48″ label=”Used Datastore Capacity(TB)” unit=”” yellow=”16383″ orange=”16384″ red=”16385″ />
<Metric attrkey=”Super Metric|sm_53c99a82-ecd7-4053-93cf-08b54be817c0″ label=”Remaining Datastore Capacity(%)” unit=”” yellow=”15″ orange=”10″ red=”5″ />

<Metric attrkey=”summary|avg_vm_density” label=”Running VMs Per Host” unit=”:1″ yellow=”50″ orange=”60″ red=”70″ />
<Metric attrkey=”cpu|demand|vConsumption.per.pConsumption” label=”vCPU : pCPU” unit=”:1″ yellow=”7.1″ orange=”8″ red=”9″ />
<Metric attrkey=”mem|consumed|vConsumption.per.pConsumption” label=”vMEM : pMEM” unit=”memory” yellow=”1.26″ orange=”1.5″ red=”2″ />

<Metric attrkey=”summary|capacityRemainingUsingConsumers_average” label=”Total VMs Remaining” unit=”” yellow=”10″ orange=”5″ red=”0″ />
<Metric attrkey=”cpu|capacityRemainingUsingConsumers_average” label=”CPU – VM Remaining” unit=”” yellow=”10″ orange=”5″ red=”0″ />
<Metric attrkey=”mem|capacityRemainingUsingConsumers_average” label=”MEMORY – VM Remaining” unit=”” yellow=”10″ orange=”5″ red=”0″ />

</ResourceKind>
</AdapterKind>
</AdapterKinds>

  • So it should now look like

Dashboards14

  • Once you have pasted the relevant xml click on Save.

Importing the Dashboard

  • Click on Content -> Dashboards -> Blue Wheel Icon -> Import Dashboards

Dashboards15

  • Browse to the downloaded file Cluster_cap_perf_db file and click on Open.

Dashboards16

  • Click on the Dashboard List option on the home page and you will see the Capacity Menu, click on that and you will see the Capacity & Performance Dashboard. Click on that to launch the dashboard.

Dashboards17

  • Click on any of your Clusters to see the capacity scores and the performance data. Please remember that these super metrics would start calculating now, hence you need to wait for a day or two to get some data around performance. Usually after a week or so, you will have some good data

Dashboards18

vRealize Operations Manager 6.2 Dashboards – One Click Cluster Dashboard

Screen Shot 2016-06-09 at 15.04.19

vROps Cluster Dashboard

This dashboard will give a clear overview of how your cluster is operating

Instructions

  • First of all it is a good idea to have an idea of what widgets you want to put in a dashboard

Dashboards23

  • Go to Contents > Dashboard and create a new Dashboard

Dashboards24

  • Drag all the relevant widgets into the dashboard which you require

Dashboards25

Configuration of the widgets

For this we will work from the first widget in the top left being the object list and work our way down the first column then start at the top of the second etc. Here we will see the configurations made as well as any XML that may be needed.

Object List

  • Edit the Object List widget
  • Change the title to cluster list
  • Set mode to self
  • Select the Cluster Compute Resources tag, this means only cluster objects will be shown in the list which is what we are after in this case.

Dashboards26

Health Chart

  • Edit Health Chart Widget
  • Change title to Cluster Host Health
  • Set Self Provider to off
  • Select Children as the mode
  • Under the tag select host systems

Scoreboard (summary)

Download the custom xml file here

  • Go to Content > Manage Metric Config > ReskndMetric and upload the custom xml file

Dashboards28

  • Edit the scoreboard widget
  • Select self provider off
  • Feel free to adjust the box and label size to suit
  • In Metric Configuration select a custom XML file which was uploaded as the first step

Dashboards29

Heat Map ( Core Utilization )

  • Edit the Heat Map Widget
  • Edit the title to core Utilization
  • Enter the same name in the description
  • Choose Cluster Compute Resource in the group by section
  • Mode is set to instance
  • Object Type should be changed to Host System and the attribute Kind should use CPU Core Utilization

What this will achieve is that it will show the hosts in the cluster selected with smaller boxes representing the cores and the colours will show the utilization of the cores. It is worth noting that by default the core utilization is not set to collect if using the default or base policy and will need to be changed to use this metric

Dashboards39

Dashboards30

Scoreboard (CPU Health)

Download the custom cpuhealth xml file here

  • Go to Content > Manage Metric Config > ReskndMetric and upload the custom xml file
  • Edit the scoreboard widget
  • Edit the title to CPU Health
  • Self Provider set to off
  • In Metric Configuration select a custom XML file which was uploaded as the first step.

Dashboards31

Scoreboard (Datastore Health)

Download the custom cpuhealth xml file here

  • Go to Content > Manage Metric Config > ReskndMetric and upload the custom xml file
  • Edit the scoreboard widget
  • Edit the title to Datastore Health Scoreboard
  • Self Provider set to off
  • In Metric Configuration select a custom XML file which was uploaded as the first step.

Dashboards32

HeatMap ( Datastore Threshold )

  • Edit the heat map widget
  • Edit the title to Datastore Threshold
  • Set description to the same “Datastore Threshold”
  • Select instance as the Mode.
  • Object type to Datastore
  • Attribute Kind set to Disk Space|Capacity Remaining
  • On the colour scale where it is green on the left click the little green square, This will open a colour pallet choose red, on the right side do the same but choose green. This will effectively swap the colours around. This is done because 0 space remaining is bad.
  • Set the Max Value to 20. If this was set to 100 it would not make a good indicator of remaining space. This means it will be green all the way up to 20 then have a more granular colour down to 0.
  • Click Save

Dashboards34

Heat Map ( Memory Swap in Rate )

  • Edit the Heat Map Widget
  • Edit the title to Memory Swap in Rate
  • Enter the same name in the description
  • Choose Cluster Compute Resource in the group by section
  • Mode is set to instance
  • Object Type should be changed to Host System and the attribute Kind should use memory|Swap in Rate
  • Configure the Max for you environment generally its low, here we set 5 for 5 Kbps
  • Click on Save

Scoreboard (Memory Health)

Download the custom memoryhealth xml file here

  • Go to Content > Manage Metric Config > ReskndMetric and upload the custom xml file
  • Edit the scoreboard widget
  • Edit the title to Datastore Health Scoreboard
  • Self Provider set to off
  • In Metric Configuration select the memoryhealth XML file which was uploaded as the first step.

Dashboards36

Scoreboard (Capacity)

Download the custom capacity xml file here

  • Go to Content > Manage Metric Config > ReskndMetric and upload the capacity xml file
  • Edit the scoreboard widget
  • Edit the title to Capacity Scoreboard
  • Self Provider set to off
  • In Metric Configuration select the capacity XML file which was uploaded as the first step.

Dashboards37

Topology Graph

This one here is more of a space filler. It just gives the connections to the cluster object and its children. Optionally you could add the degree of separation to 2 this really shows a spider web of dependencies

  • Change Self Provider to Off.

Dashboards38

Interactions

From the image below we can see this is pretty straight forward. One widget being the object list feeds all the other widgets

Dashboards39b

The Finished Dashboard Voila

And now you should start seeing results coming into your dashboard 🙂

Dashboards41

vRealize Log Insight 3.3 and vRealize Operations Manager Integration

Log39

vRealize Log Insight and Operations Manager Integration

VMware vRealize Log Insight delivers heterogeneous and highly scalable log management with intuitive, actionable dashboards, sophisticated analytics and broad third party extensibility, providing deep operational visibility and faster troubleshooting.

Sophisticated and scalable log analytics and log management organizes chaotic log data and gives you meaningful, actionable insights across multiple tiers of a hybrid cloud environments

Useful link

Sizing
Log9
Steps
  • Download the Log Insigh appliance from here
  • Import the OVF into vCenter
  • Power on the Log Insight Appliance
  • Connect to the IP address you set as your Log Insight Appliance Address – https://<Log Insight FQDN>
  • Click Next

Log1

  • Click Start New Deployment

Log2

  • Put in Admin Credentials

Log3

  • Put in a License key

Log4

  • Put in an email and check whether you want to join the customer experience program

Log5

  • Set the Time Configuration and test it. You can choose your own NTP server or sync with your ESXi hosts

Log6

  • Set your NTP Configuration

Log7

  • Finish the Configuration

Log8

  • Click Configure vSphere Integration
  • Put in your vCenter Server and username and password and test connection

Log10

  • It will then configure your hosts

Log11

A quick look through the Admin Pages

  • System Monitor

Log12

  • Cluster

Log13

  • Access Control

Log14

  • Hosts

Log15

  • Agents

Log16

  • Event Forwarding

Log17

  • License

Log18

  • vRealize Operations Integration

Log19

When you enable launch in context you will then get another menu option on an object in vROps as seen below

Log36

  • General

Log20

  • Time

Log21

  • Authentication

Log22

  • SMTP

Log23

  • Archiving

Log24

  • SSL

Log25

Next The Default Dashboards Screen

Dashboards are a collection of different charts or queries.

The screen is divided into four parts parts:

  • The menubar, all the way to the top
  • The dashboard selection. It’s the left part of the screen
  • The widget/chart area, which is the bottom part of the screen on the right
  • The filtering area, which is the top part of the screen on the right

Log26

in the top right hand corner, you can click on the drop down by Admin to change your password and e-mail address or if you want to change settings or add management packs to Log Insight (the three bars)

Log27

What can you do with dashboards?

  • You can create your own dashboards with useful metrics that you want to monitor closely.
  • Any query can be turned into a dashboard widget and visualized for any range in time.
  • You can check the performance of your system for the last hour, day, or week.
  • You can view a break down of errors by hour and observe the trends in log events.

You can filter by hostname

Log28

You can open the Interactive Analytics by clicking on the Search icon highlighted in yellow below

Log29

Within the Interactive Analytics page we can click on the highlighted icon Area to choose a type of chart to display

Log30

We can start typing a keyword into the box which will bring up other keywords you could use as well

Log31

Clicking on the gear icon to the left on an error message will bring up even more options allowing you to filter further and colourise events and errors

Log32

You can set the time interval you want to look at

Log33

There are 4 icons next to the time interval

Log34

  • You can add a current query you have built to your Favourites
  • You can add the current query to a dashboard
  • You can create or manage alerts
  • You can export or share a current query

There are another 4 tabs above the events where you can also see different information

Log35

  • Events

This lists all the events seen under the current query or default view

  • Field Table

A Field Table that contains events where each field represents a column. A dashboard field table widget contains the latest events for the given query in a table format where each field represents a column.

You can use a field table widget for the following reasons.

To see the latest events for the given query. This can be useful for change management or for security reasons.

To see only the fields you care about for a given query. This can be useful to limit event output

  • Event Types

The event Types tab is located on the Interactive Analytics page, under the search bar. When you click the event Types tab you see a list of similar events that are grouped together.

Machine learning analyzes events and discovers the types of fields that similar log messages contain. For example, the types may be timestamp, string, int, hex and others. The discovered types appear as hyperlinks within the event Types list.

Each type that machine learning discovers represents a new type of field called smart field. The default name of a smart field follows the format smart field – type number [event_type]. You can change the default name of a smart field. After you name a smart field, it appears under the Fields section just like other fields. You can rename or delete a smart field but you cannot modify its definition.

Machine learning introduces a new static field called event_type. You can use the event_type as a filter to include or exclude certain event types from queries

  • Event Trends

You can analyze log events for trends and anomalies.

Procedure

1

Navigate to the Interactive Analytics tab.

2

Construct and run your query by using the search text box and applying filters.

3

In the Set Time Range From Event dialog box, use the drop-down menus to select the period and direction of the time range.

4

Click the Event Trends tab.

Realize Log Insight compares your query to the same time period immediately before and displays the result

Fields

You can create your own custom fields to search from by doing the following

  • Look at Events and the keywords you may want to reuse in future searches
  • Highlight the word and select Extract to field

Log37

  • Name the field

Log38

  • This can then be reused

vRealize Log Insight Management Pack Configuration – vRealize Operations Management Pack

Log39

vRealize Log Insight Management Pack Configuration – vRealize Operations Management Pack

VMware vRealize Operations Manager content pack is provided to present log data in a more meaningful way and to analyze all the logs redirected from a vRealize Operations Manager instance(s). The content pack contains various dashboards, queries and alerts to provide better diagnostics and troubleshooting capabilities to the vRealize Operations Manager administrator

Description

The content pack for vRealize Configurations Manager can be used to aggregate and analyze the logs from multiple vRealize Operations Manager instances. Operators can then select the particular vRealize Operations cluster or node for further analysis of the current state of the environment.

Highlights
  • Proactive monitoring and alert notifications of the vRealize Operations clusters – Specific alerts focused on important events that indicate problems can be enabled to get the alerts in vR Ops as well as for sending emails to the administrator(s).
  • Cluster-role specific breakdown of vRealize Operations events – The dashboards are grouped based on the cluster role of the vR Ops nodes/slices like Master, Data, Replica and Remote Collector to provide better manageability.
  • Cluster-role specific breakdown of vRealize Operations events – The dashboards are also grouped based on the cluster role of the vR Ops nodes/slices like Master, Data, Replica and Remote Collector to provide better manageability.

What’s New in v 1.6

  • Added vRealize operations Telemetry and vRealize operations cassandra Components in the content pack
  • Added new dashboard & widgets relevant to 6.1+, with backwards compatibility to 6.0.x
  • New Dashboards, alerts and queries

Components

The vRealize Operation Manager content pack comprises of the following components:

  • 12 Dashboard Groups
  • 81 Dashboard Widgets
  • Queries
  • Alerts
  • Extracted Fields

Download Link

The Management Pack can be downloaded here from http://solutionexchange.com

Instructions

  • Once you have downloaded the Management Pack and saved it you will need to look at the documentation here
  • What we need to do next is modify a file called liagent.ini which is located in /var/lib/loginsight-agent on the vROps appliance

The vRealize Log Insight agent enables the integration and manages communication between vRealize Operations Manager and vRealize Log Insight. The liagent.ini file contains configuration properties that control how the vRealize Log Insight agent sends events to vRealize  Log Insight servers, sets the communication protocol and port, and configures flat file log collection.
To identify the source and cluster role, tags need to be updated in the
liagent.ini configuration file. As administrator, configure the following tags for each node role and on each node in the cluster. The applicable values for Cluster roles are the following.

  • Master
  • Replica
  • Data
  • RemoteCollector

Within the file below I have highlighted in blue everything which needs adjusting according to the instructions below

  • vmw_vr_ops_appname: do not update this tag
  • vmw_vr_ops_logtype: do not update this tag
  • vmw_vr_ops_clustername: this tag can be updated
  • vmw_vr_ops_clusterrole: change the tag to either the Master, Replica, Data, or Remote Collector
  • vmw_vr_ops_nodename: this tag can be updated as per below can be picked up from Administration > Cluster Management in the vROps console

LogInsightvROps1

  • vmw_vr_ops_hostname: The IP or FQDN of the vRealize Operations Manager node as per below can be picked up from Administration > Cluster Management in the vROps console

LogInsightvROps

The liagent.ini file

The information below is what is contained in the liagent.ini file

Note you will need to update the [Sever] section only once with the LogInsight Server name

; Client-side configuration of VMware Log Insight Agent
; See liagent-effective.ini for the actual configuration used by VMware Log Insight Agent

[server]
; Log Insight server hostname or ip address
; If omitted the default value is LOGINSIGHT
hostname=techlabvrl001.techlab.local

; Set protocol to use:
; cfapi – Log Insight REST API
; syslog – Syslog protocol
; If omitted the default value is cfapi
;
;proto=cfapi

; Log Insight server port to connect to. If omitted the default value is:
; for syslog: 512
; for cfapi without ssl: 9000
; for cfapi with ssl: 9543
;port=9000

;ssl – enable/disable SSL. Applies to cfapi protocol only.
; Possible values are yes or no. If omitted the default value is no.
;ssl=no

; Time in minutes to force reconnection to the server
; If omitted the default value is 30
;reconnect=30

[storage]
;max_disk_buffer – max disk usage limit (data + logs) in MB:
; 100 – 2000 MB, default 200
;max_disk_buffer=200

[logging]
;debug_level – the level of debug messages to enable:
;   0 – no debug messages
;   1 – trace essential debug messages
;   2 – verbose debug messages (will have negative impact on performace)
;debug_level=0

[filelog|messages]
directory=/var/log
include=messages;messages.?

[filelog|syslog]
directory=/var/log
include=syslog;syslog.?

[filelog|ANALYTICS-analytics]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”ANALYTICS”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = analytics*.log*
exclude_fields=hostname

[filelog|COLLECTOR-collector]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”COLLECTOR”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = collector.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|COLLECTOR-collector_wrapper]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”COLLECTOR”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = collector-wrapper.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\.\d{3}

[filelog|COLLECTOR-collector_gc]
directory = /data/vcops/log
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”COLLECTOR”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
include = collector-gc*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\w]\d{2}:\d{2}:\d{2}\.\d{3}

[filelog|WEB-web]
directory = /data/vcops/log
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”WEB”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
include = web*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|GEMFIRE-gemfire]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”GEMFIRE”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = gemfire*.log*
exclude_fields=hostname

[filelog|VIEW_BRIDGE-view_bridge]
tags = {“vmw_vr_ops_appname”:”vROps”,”vmw_vr_ops_logtype”:”VIEW_BRIDGE”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = view-bridge*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|VCOPS_BRIDGE-vcops_bridge]
tags = {“vmw_vr_ops_appname”:”vROps”,”vmw_vr_ops_logtype”:”VCOPS_BRIDGE”,”vmw_vr_ops_clustername”:”vropscluster” vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = vcops-bridge*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|SUITEAPI-api]
directory = /data/vcops/log
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”SUITEAPI”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
include = api.log*;http_api.log*;profiling_api.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|SUITEAPI-suite_api]
directory = /data/vcops/log/suite-api
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”SUITEAPI”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
include = *.log*
exclude_fields=hostname
event_marker=^\d{2}-\w{3}-\d{4}[\s]\d{2}:\d{2}:\d{2}\.\d{3}

[filelog|ADMIN_UI-admin_ui]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”ADMIN_UI”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/casa
include = *.log*;*_log*
exclude_fields=hostname

[filelog|CALL_STACK-call_stack]
tags = {“vmw_vr_ops_appname”:”vROps”,”vmw_vr_ops_logtype”:”CALL_STACK”, “vmw_vr_ops_clustername”:”vropscluster“,”vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“,”vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/callstack
include = analytics*.txt;collector*.txt
exclude_fields=hostname

[filelog|TOMCAT_WEBAPP-tomcat_webapp]
tags = {“vmw_vr_ops_appname”:”vROps”,”vmw_vr_ops_logtype”:”TOMCAT_WEBAPP”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/product-ui
include = *.log*;*_log*
exclude_fields=hostname

[filelog|OTHER-other1]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”OTHER”,”vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“,”vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = aim*.log*;calltracer*.log*;casa.audit*.log*;distributed*.log*;hafailover*.log;his*.log*;installer*.log*;locktrace*.log*;opsapi*.log*;query-service-timer*.log*;queryprofile*.log*;vcopsConfigureRoles*.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|OTHER-other2]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”OTHER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = env-checker.log*
exclude_fields=hostname
event_marker=^\d{2}\D{1}\d{2}\D{1}\d{4}\s\d{2}:\d{2}:\d{2}

[filelog|OTHER-other3]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”OTHER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log
include = gfsh*.log*;HTTPPostAdapter*.log*;meta-gemfire*.log*;migration*.log*
exclude_fields=hostname

[filelog|OTHER-watchdog]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”OTHER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master”, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/vcops-watchdog
include = vcops-watchdog.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|ADAPTER-vmwareadapter]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”ADAPTER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/adapters/VMwareAdapter
include = *.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|ADAPTER-vcopsadapter]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”ADAPTER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/adapters/VCOpsAdapter
include = *.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

[filelog|ADAPTER-openapiadapter]
tags = {“vmw_vr_ops_appname”:”vROps”, “vmw_vr_ops_logtype”:”ADAPTER”, “vmw_vr_ops_clustername”:”vropscluster“, “vmw_vr_ops_clusterrole”:”Master“, “vmw_vr_ops_nodename”:”vropscluster“, “vmw_vr_ops_hostname”:”techlabvro001.techlab.local“}
directory = /data/vcops/log/adapters/OpenAPIAdapter
include = *.log*
exclude_fields=hostname
event_marker=^\d{4}-\d{2}-\d{2}[\s]\d{2}:\d{2}:\d{2}\,\d{3}

  • Next we need to copy this file into the vROps appliance via WinScp into the /var/lib/loginsight-agent folder. Note: Take a backup of the original liagent.ini file first
  • Next restart the liagentd service in Putty by typing /etc/init.d/liagentd restart
  • Following this we can go to our LogInsight server and check whether we have data coming in
  • Go to Dashboards and click on the dropdown on the left hand side

LogInsightvROps2

  • You should now see data starting to come in

LogInsightvROps3

  • Note: If you had previously configured vRealize Operations 6.0.x to send its logs to Log Insight directly by editing the logger configuration, you should now undo this configuration. Leaving it in place will result in some logs being sent to Log Insight twice, and may even confuse the content pack

vRealize Orchestrator configuration. Part 5 Input Presentation and User Interaction elements

vRARobot2

Input Presentation

Input presentation defines how requests for input parameters are presented to users

Examples

  • Create steps and sections for a wizard style input presentation
  • Define the description
  • Attach decorators to input parameters such as default values, validation, Hide or show parameter, required parameter and tree or list view

Orchestrator Presentation tab

In Orchestrator workflows, you can use the Presentation tab to configure workflow presentation workflow options such as

  • Define the layout of the user input dialog box that appears when users run a workflow
  • Define the constraints on the input parameters

The sequence of variables presented to the users is defined in terms of steps which appear in the numbered list at the left of the user presentation box for the workflow and groups that define the order in which item is presented in each step

vCO466

The importance of Input Presentation

Without input validation, data input errors made by users could cause workflows to fail

Output presentation can greatly reduce the amount of error checking and error handling needed

Input Fields

  • Mandatory Input Fields

Setting the mandatory input property parameters requires a user to enter an input before the workflow execution continues

  • Regular Expression Validations

You can set parameter properties to constrain the format of input parameters to meet a specific pattern that is defined by regular expression

User Interaction Elements

User interaction elements are used for the following tasks

  • Business process approvals
  • Requesting user inputs that the user could not know of when starting the workflow
  • Creating breakpoints during workflow developments
  • Are you sure confirrmations

The user interaction element enables users to pass new input parameters into the workflow. You can design how the user interaction element presents the request for input parameters and design constraints on the parameters which users provide

  • You can set permissions to determine which users can provide the inputs
  • You can set timeouts for the responses
  • The workflow resumes
  • While the workflow is waiting for the user to respond, the workflow token is in the waiting stage

Interactions can be answered by

  • vCenter Orchestrator client
  • The vSphere Web Client
  • The weboperator webview or your custom webview
  • The Web service API

The following URLs are used when handling user interactions

Holds the availability user interactions in vCenter Orchestrator

  • https://vcenterorchestrator:8281/api/catalog/System/UserInteraction

Filters only the waiting user interaction changes

  • https://vcenterorchestrator:8281/api/catalog/System/UserInteraction/status=0

User Interaction Timeouts

If a user does not provide the input parameters within the timeout period, the user interaction returns an exception. You can define the exception behaviour in a scripted function

Screen Shot 2016-02-09 at 09.40.50

User Interaction email use cases

You can use vCenter Orchestrator email integration to send notfication that the workflow is waiting for an answer to a user interaction element.

Using the workflow keyword in a scripting element gives you the Workflow token of the current execution.

So you can use workflow.getAnswerUrl() or workflow.getInteractionUrl() and include the generated URL in an email message

You can also receive email in workflows. The NET plug-in provides a basic POP3 client that can be used to check a mailbox for new messages

An example of how to receive emails is in the workflows library in Mail > Retrieve Messages

Lab Practice

  • Assign a Timeout Value to a User Interaction
  • Customize the User Input Presentation

Instructions

 

 

  • Switch to Design view
  • Click on the Workflows tab
  • Duplicate the versioning workflow which was the workflow to create a VM with approval

vRO460

  • Press CTRL+E to edit the workflow.
  • Switch to the Schema tab and click Generic group in the left pane.
  • Drag the Scriptable task element and drop it between the Start and Admin input element

vRO461

  • Double-click the Scriptable task element and rename it to Timer.
  • Click the pencil icon above the Timer element to edit the element
  • Switch to the OUT tab and click Bind to workflow parameter/attribute:

vRO462

  • Click Create parameter/attribute in workflow:
  • Name – timerDate
  • Type – Date
  • Select Create workflow ATTRIBUTE with the same name.
  • Leave Value not set
  • Click OK

vRO463

  • Switch to the Scripting tab and create the following script:
timerDate = new Date();
System.log( "Current date : " + timerDate );
timerDate.setTime( timerDate.getTime() + (120000) );
System.log( "Timer will expire at " + timerDate);

 

  • It should now look like the below

vRO464

  • The timeDate.setTime sets the current time and then 120,000 milliseconds are added to the current time – in our example, User Interaction will wait for 2 minutes for a response. Here are some other examples of the times that can be added to a current time (all times are in milliseconds):

86,400,000 = 24 hours

3,600,000 = 1 hour

60,000 = 1 minute

  • Click Close
  • Click the pencil icon above the Admin input element to edit the element.
  • Switch to the Attributes tab and click NULL for timeout.date.

vRO465

  • Select timerDate.
  • Click Select.

vRO466

  • Switch to the Exception tab and click Not set for Output exception binding.

vRO467

  • Click Create parameter/attribute in workflow:

vRO468

  • Name – errorCode
  • Type – string
  • Select Create workflow ATTRIBUTE with the same name.
  • Leave Value not set.
  • Click OK.

vRO469

Lab Practice  Customising the User Presentation

  • On the AdminInput element, switch to the Presentation tab.
  • Select the (Boolean) isApproved field

vRO470

  • At the bottom in the General tab paste the following text:

This operation creates a Virtual Machine named ${vmName} in ${vmFolder} Virtual Machine folder.

Do you approve this operation?

Your response must be provided by ${timerDate}

vRO471

  • Click Close
  • Drag and drop a Scriptable task on top of the Admin input

vRO472

  • Rename the Scriptable task to Log Timeout
  • Click the pencil icon above the Log timeout element to edit the element.
  • Switch to the Scripting tab and create the following script:

System.log(“User did not respond, operation timed out”);

vRO473

  • Click Close.
  • Click Validate to validate the workflow.

vRO474

  • Click Close.
  • Click Save. Do not close the current Orchestrator window (first window).
  • Open a second Orchestrator client window and log in
  • In the second vCenter Orchestrator window switch to the Run view by clicking on the dropdown menu located at the top:
  • Click the House icon and click on 0 Workfows waiting for interaction

vRO475

  • Once you run the workflow with a timer for approval in the first vCenter Orchestrator window, you will come back here to view the status
  • Switch to the first Orchestrator window and Run the workflow.
  • Provide the name for the vmName
  • Do not change/enter any other values in the Common parameters window.
  • Click Submit.
  • You will now see a window pop up with the notice that the response is required in 2 minutes

vRO477

  • Switch to the second window and notice that there is now 1 workflow waiting for interaction

vRO476

  • If we wait 2 minutes and then select yes, hopefully there should be no workflows waiting for interaction and we should hopefully see that it timed out
  • Notice how the workflow ended – through the Log timeout element. This happened because the approval did not take place in time.

vRO478

  • Click the Logs tab in the right pane and see the messages provided as seen in the above screenprint

Lab Practice – Customising the User Input Presentation

  • Switch to Design View
  • Click on the Workflow tab
  • Duplicate the previous workflow
  • Switch to the Presentation tab.
  • Click the Presentation field

vRO479

  • Below, in the General tab, type the following message:

This workflow creates a VMware vSphere Virtual Machine

<a href=”http://vmware.com”>To learn more about VMware visit vmware.com</a>

vRO480

  • Click Create new step to create a new step and type Infrastructure items: You must press Enter to commit the change. Clicking will not commit the change.

vRO481

  • Click the Presentation field:
  • Repeat the previous step and create the following new steps:
  • Compute power
  • Datastores and VM disk
  • Operating system
  • It should look like the below screenprint

vRO482

  • By dragging and dropping the steps, rearrange the input presentation as follows:

vRO483

  • Click Save
  • Click the vmName field
  • In the General tab, type Provide a Virtual Machine Name

vRO484

  • Modify all of the following input fields as follows
  • VC:ResourcePool – Choose a Resource pool
  • VC:HostSystem – Choose a Host
  • VC:Network – Choose a network
  • VC:VirtualMachineGuestOsIdentifier – Choose a Guest O/S
  • vmNbOfCpus – Provide a number of CPUs. Must be <=2 CPUs
  • vmMemorySize – Provide a number for RAM. Must be <=512MB
  • VC:Datastore – Select a Shared datastore
  • vmDiskSize – Select VM’s hard disk size in GB. Must be <=2
  • diskThinProvisioned – Should disk be Thin Provisioned? Must be Yes.
  • Click Save and Close
  • Run the Workflow
  • You will see the first screen

vRO485

  • Click through the screens to see how you have changed the layout
  • Do not submit the workflow. We are now going to modify more of the presentation so we can validate the input
  • Switch back to the presentation tab
  • Click the VM field
  • Switch to the Properties tab and click Add Property

vRO486

  • Select Mandatory input and click OK.

vRO487

  • Click again on the Add property.
  • Select Maximum string length and click OK.

vRO488

  • Change the value to 15 (instead of 256).
  • Click again on the Add property.
  • Select Matching regular expression and for the value, provide the following: [a-zA-Z]+-M6-L4

vRO489

  • You should now have the below

vRO490

  • The logic for the above value is as follows: Allowable characters are: all lower case (a-z) and all upper case (A-Z) letters Mandatory characters: -M6-L4
  • Have a play with the other parameters 🙂
Optimization WordPress Plugins & Solutions by W3 EDGE