At this customer we use the vSphere native key provider (NKP) as the key provider for the vSAN datastores. After upgrading the vCenter to 8.0U1 we encountered this error on all the vSAN Clusters. We then proceeded to the vSAN Skyline health to see what’s the inconsistency was about; As stated the DEK is encrypted with an out of date KEK. Skyline has a nice button to fix the inconsistency under the ” How to troubleshoot and Fix” If we…
We had to build a vSAN environment with witness traffic separation(WTS). We had a total of 52 host that needed this configuration. But I wasn’t completely thrilled to perform the action mentioned in the manual on every host. Configure Network Interface for Witness Traffic (vmware.com) So we identified the steps and start scripting; High-over we have the following steps per cluster So the first step is to create a vSwitch with the appropriate portgroups After the first steps it’s time…
We migrated a bunch of thick provisioned VMs from a SAN to a new vSAN. But after migration I saw the the disks weren’t thin provisoned as stated in the storage policy. To get these disks “thin provisioned” we needed to assign a temporarily policy with thin provisioned enabled. After switching to the temp profile we can switch back to the storage profile we want, and everything is working as expected. We needed to adjust nearly a 100 VMs, so…
This post will not contain the complete configuration steps you have to take to configure the Dell OMEVV plugin in your environment but is focused on an issue we encountered when using a proxy for update/lifecycle manager Problem We had a issue while configuring Dell OMEVV with Lifecycle manager. The integration of the OMEVV plugin in vCenter was not a problem, but as soon as we tried to select the OMEVV plugin in the vSphere vCenter lifecycle manager we ended…
So now we covered all the basic and the preparation for the migration it’s time for the actual migration. We had the luxury we could start with the acceptance environment which had his own VRF(Bridge-Domain/subnets/EPGs) within ACI so we could really test our migration. Migration As a lot of environments nowadays, this environment contained sensitive data. Therefore, at no point the environment security must be compromised. The first migration strategies were focused on a L2 Bridge between ACI and NSX…
Although the title is a bit overdramatic, at first we did think we had some pretty hard issues to tackle before we could even think about migrating. But after systematically working through the list, we solved them all. One of our first steps was to get the current contracts/EPGs out of ACI. Like almost every product nowadays ACI has an API. I did not have rights to the ACI environment, but the customer was able to pull out the requested…
The last few months I have been busy with the migration from an outdated Cisco ACI environment to a brand new VMware NSX-T cluster. In the coming weeks I will make a few blogpost about this migration. But let’s begin with the start. I will briefly explain how Cisco ACI works before I take you on my journey in this transition. [This is a simplification of how ACI works, but for this post it contains enough info. I’m not an…
We had an issue with a customer were sometimes after a vMotion some of the traffic was dropped from the VM for a short period of time (aprox. 5 minutes). After that short period everything was working as expected. (NSX-T 3.2.0.1). When we looked in loginsight we could see that traffic was dropped based on a rule that had a higher number as the allow rule. So we had some strong indication that this had something to do with firewall…
The last few months I participated in a couple of NSX-T migrations. Although we ran into different issues during the migrations, we were able to finish all of the migrations successfully. Today I want to share some of the lessons I learned during these migration. In Dutch we have a phrase “(Een open deur intrappen/Kicking down an open door)” which means something like “stating the obvious”. Some of the things I’m going to describe might seem like open doors but…
Due to some issues with the migration coordinator and OSPF(maybe I make a post about that later), we decided to go for another migration strategy for another NSX-V to NSX-T migration. In short we are using the migration coordinator but we will manually cutover the edges so we have more control over the north to south routing. That means we are using the “In-Place Migration of Specific Parts of NSX-V; Migrating Distributed Firewall Configuration, Hosts, and Workloads: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/migration/GUID-3BEAB1C6-3B6D-4253-A6A0-50774F5A5C3E.html One of…