Browsed by
Author: Ruud Harreman

[NSX/vSphere] NTP DNS change

[NSX/vSphere] NTP DNS change

To state the obvious; In every environment you should have configured NTP! That said; I recently stumbled upon a nice feature of the NTPD daemon which is widely used in Linux (ESXi/Photon). At my current assignment there is a massive upgrade throughout the entire network/infrastructure. One part of this upgrade is replacing the NTP servers. As a good and decent sysadmin I entered DNS names throughout the entire environment instead of using IP addresses. But here comes te tricky part….

Read More Read More

vSAN Performance Monitor – Buffer Fullness

vSAN Performance Monitor – Buffer Fullness

VMware has some really nice flings on flings.vmware.com although there are some rumors of the viability of these projects under the Broadcom flag for now they still exist :). The vSAN Performance monitor fling provides some verry cool Grafana dashboards which gives you a great inside of the performance on your vSAN cluster. vSAN Performance Monitor | VMware Flings After deploying the OVA you’ll get a VM with photonOS and 3 containers. Each with their own function. The installation of…

Read More Read More

vSAN Encryption “issue” after vCenter upgrade 7.0U3 > 8.0U1

vSAN Encryption “issue” after vCenter upgrade 7.0U3 > 8.0U1

At this customer we use the vSphere native key provider (NKP) as the key provider for the vSAN datastores. After upgrading the vCenter to 8.0U1 we encountered this error on all the vSAN Clusters. We then proceeded to the vSAN Skyline health to see what’s the inconsistency was about; As stated the DEK is encrypted with an out of date KEK. Skyline has a nice button to fix the inconsistency under the ” How to troubleshoot and Fix” If we…

Read More Read More

Configuring WTS via PowerCLI

Configuring WTS via PowerCLI

We had to build a vSAN environment with witness traffic separation(WTS). We had a total of 52 host that needed this configuration. But I wasn’t completely thrilled to perform the action mentioned in the manual on every host. Configure Network Interface for Witness Traffic (vmware.com) So we identified the steps and start scripting; High-over we have the following steps per cluster So the first step is to create a vSwitch with the appropriate portgroups After the first steps it’s time…

Read More Read More

Thick provisioned disks on vSAN

Thick provisioned disks on vSAN

We migrated a bunch of thick provisioned VMs from a SAN to a new vSAN. But after migration I saw the the disks weren’t thin provisoned as stated in the storage policy. To get these disks “thin provisioned” we needed to assign a temporarily policy with thin provisioned enabled. After switching to the temp profile we can switch back to the storage profile we want, and everything is working as expected. We needed to adjust nearly a 100 VMs, so…

Read More Read More

Dell OMEVV plugin and Lifecycle Manager

Dell OMEVV plugin and Lifecycle Manager

This post will not contain the complete configuration steps you have to take to configure the Dell OMEVV plugin in your environment but is focused on an issue we encountered when using a proxy for update/lifecycle manager Problem We had a issue while configuring Dell OMEVV with Lifecycle manager. The integration of the OMEVV plugin in vCenter was not a problem, but as soon as we tried to select the OMEVV plugin in the vSphere vCenter lifecycle manager we ended…

Read More Read More

[ACI-To-NSX] Part 3; Migrate or migraine

[ACI-To-NSX] Part 3; Migrate or migraine

So now we covered all the basic and the preparation for the migration it’s time for the actual migration. We had the luxury we could start with the acceptance environment which had his own VRF(Bridge-Domain/subnets/EPGs) within ACI so we could really test our migration. Migration As a lot of environments nowadays, this environment contained sensitive data. Therefore, at no point the environment security must be compromised. The first migration strategies were focused on a L2 Bridge between ACI and NSX…

Read More Read More

[ACI-To-NSX] Solve the unsolvable

[ACI-To-NSX] Solve the unsolvable

Although the title is a bit overdramatic, at first we did think we had some pretty hard issues to tackle before we could even think about migrating. But after systematically working through the list, we solved them all. One of our first steps was to get the current contracts/EPGs out of ACI. Like almost every product nowadays ACI has an API. I did not have rights to the ACI environment, but the customer was able to pull out the requested…

Read More Read More

[ACI-TO-NSX] It all begins with the basics

[ACI-TO-NSX] It all begins with the basics

The last few months I have been busy with the migration from an outdated Cisco ACI environment to a brand new VMware NSX-T cluster. In the coming weeks I will make a few blogpost about this migration. But let’s begin with the start. I will briefly explain how Cisco ACI works before I take you on my journey in this transition. [This is a simplification of how ACI works, but for this post it contains enough info. I’m not an…

Read More Read More

NSX-T Missing addressets and rules

NSX-T Missing addressets and rules

We had an issue with a customer were sometimes after a vMotion some of the traffic was dropped from the VM for a short period of time (aprox. 5 minutes). After that short period everything was working as expected. (NSX-T 3.2.0.1). When we looked in loginsight we could see that traffic was dropped based on a rule that had a higher number as the allow rule. So we had some strong indication that this had something to do with firewall…

Read More Read More