VMware NSX : Data plane , Control Plane and VXLAN Configurations

We have completed the NSX Manager deployment in the previous post and now we are going to deploy the NSX Controllers which are treated as the Control Plane of the NSX. NSX Controllers are Virtual machines. There should be at least three Controllers for the redundancy.

It is important to understand that NSX Controllers use the scale out mechanism and slicing which divides the equal workload across the Controller Nodes. All Controllers are active at the same time and if one controller fails other nodes are taking over the workload which was allocated to the failure node.

Click on the + sign of the NSX Controller nodes option

Once you get the Add Controller window provide the details such as Name, select the NSX Manager, Datacenter, Cluster/Resource Pool, Datastore, Host, Folder, Connected PortGroup, IP pool and Password. If you haven’t configure the IP pool of your datacenter yet click on the Select option. Read More

VMware AppDefence Overview : Transforming Security through Virtualization

Datacenter security is one of the main concern for a company and it’s workloads. There are lots of security enhancements in the networks to protect your workloads from these security threats. VMware recently introduced VMware AppDefence as a datacenter endpoint security product that protects applications running in a Virtual environment.

VMware AppDefence primarily monitors the applications against their intended state and automatically respond to the deviated status indicating a threat.

Key Highlights of VMware AppDefence:

  • Simply, it’s datacenter endpoint security
  • Improve threat detection in SOC (Security Operations Center)
  • Automated Incident responses
  • Streamline Application Security reviews

Leveraging VMware AppDefence Delivers three main advantages over existing endpoint solutions:

  • Authoritative knowledge of application intended state: Within the VMware vSphere hypervisor AppDefence has the authoritative understanding how the endpoints are meant to behave in the normal operation. If there is a change AppDefence is the first to know the changes. It has contextual awareness to understand what is the actual threat
  • Automated, precise threat response: When there is a threat detected AppDefence will automatically trigger the the security operations along with the VMware NSX to prevent the security breach, these actions can be taken automatically:
    • Block process communication
    • Snapshot an endpoint for forensic analysis
    • Suspend an endpoint
    • Shut down an endpoint
  • Isolation from the attack surface: It does not allow Malware to stop the AppDefence even though the endpoint is compromised. Most of the Malware disable the security endpoints, Antivirus solutions after the infection

VMware AppDeffence does not produce lots of Alerts to the Security Operations Center and it takes automated responses to the threats. It helps SOC and Application engineering teams to streamline their security review processes.

Understanding VMware AppDefence: Tom Corn Perspective

References:

VMware NSX : NSX Manager Deployment

 

Software Defined Networking is playing a key role of the software defined datacenter technologies. Hope that you may already heard of VMware NSX and it’s features and use cases in a Software Defined Datacenter. VMware acquired the company called Nicira which helped to originate the Software Defined Networking in mid 2000s. After acquiring this company in 2012 VMware released the network Virtualization platform called NSX as a combination of VMware in house R&D projects and Nicira technologies.

That is the bit of history about this greatest technology and if you are interested there are lots of articles in the internet. I’m not writing this to bring you the history of the technology and I’m planing to discuss few articles of the NSX Configuration. So let’s start from the beginning. Read More

Fast Lane Support with MyVMware Mobile App – Overview of VMware BCS and MCS Support

 

If you are responsible for any running Mission critical or Business critical workloads in your VMware Virtual datacenter you better to have Fast Lane support with Mission Critical or Business Critical support from VMware. It reduces the amount of time for your support request escalation along with the personalized reactive and proactive support services. It’s a separated subscription service and depend on the company requirement. I will discuss the features later in this post.

MyVMware Mobile App is a great tool to log High Priority support request without using your computer and web browser. You can download this app from itunes for your iPhone/iPad and Google play store for Android mobiles and tabs.

You need to have the corporate MyVMware account to operate this application. Once you installed the App on your device login using the corporate MyVMware username and password. Read More

A Server error occurred. [500] SSO error:null

 

Previously, I wrote a post about re-pointing the PSC and after a while I logged in to the same environment and I ended up with this error message on my screen. I was so frustrated as I have done few changes to this environment and thought something went wrong while I was doing these changes. See below error message that I received from my vCenter Server appliance.

So , I started to troubleshoot this issue. Simply it says check the vSphere Web Client logs for more details, that is the simplest way which we can start this. so I opened a ssh session to my vCenter server appliance and enabled the shell. I used below command to check the vSphere client log

Read More

Nested Virtualization: VCSA 6.5 deployment on Oracle Ravello Cloud

 

I was building a lab on Oracle Ravello Cloud and I wanted to install VMware vCenter Virtual Appliance 6.5 on a deployed ESXi host. I started the deployment as usual and the deployment failed in the middle of the VCSA configuration. It was not able to power on and below error message deployed in the ESXi host client. “Failed to power on virtual machine <VM_NAME>. You are running VMware ESXi through an incompatible hypervisor. You cannot power on virtual machine until this hypervisor disabled“. See below error message.

So I tried to manually Power on the Virtual Machine and was not able to do that and ended up with the same error message again and again. Read More

Reconfiguring Embedded vCenter Server Appliance to an External Platform Service Controller

 

In my test lab I have deployed VMware vCenter Appliance (VCSA) 6.0 with an embedded Platform Service Controller and I wanted to reconfigure this with an external Platform Service Controller. At the initial stage I was doubt about this and I started to checking the possibilities of change the configuration.

I had a question and I wanted to know whether there is a way to find the pointed Platform Service Controller in my vCenter. There are two ways that you can find the pointed Platform Service Controller.

I logged in to the vCenter and checked the config.vpxd.sso.admin.uri advanced vCenter parameter and we can easily find the pointed Platform Service Controller Read More

VMware Cloud on AWS Technical Overview

 

VMware has released the VMware Cloud on AWS recently and I’m so excited to read the white paper of the solution and I have been explaining and sharing the details with my junior colleagues at the office. I was really interested about this and I have been watching some YouTube videos at the initial stage of the release. So I thought to write this article based on the white paper to share the details of the initial overview of the product. Hope this will help my colleagues to understand and get the insight of this release.

With the partnership of AWS VMware brings the enterprise-class Software Defined-Data center experience to the customers. It allows you to run the VMware based cloud applications on the optimized AWS bare-metal hypervisors. It has been released as an on-demand service and customers can manage their Virtual Machines along with the upgraded VMware tools on the VMware Cloud on AWS platform.

Read More

VCSA 6.x WinSCP error : Received too large (1433299822 B) SFTP packet. Max supported packet size is 1024000 B

I was doing some changes in my VCSA 6.0 vCenter server and I wanted to copy some files from the VCSA appliance. Hope you know that we are mostly use WinSCP to connect to the vCenter server and copy files in and out from the appliance.

When I was trying to connect to the vCenter server appliance from WinSCP I was getting this error message.
I was finding a fix for this and was able to find the below steps to fix the above error message.

Read More

ESXi PSOD due to a PCPU becomes too busy

One of the ESXi hosts failed with a “Purple Screen Of Death” and below analysis found as the root cause of the failure.

It was sitting in a vSphere 5.5 and lower patch level version to 30xxxxx. We were not able to identify any hardware failures or any error related to the server hardware. Also I can confirm that it was configured with the correct drivers.

This is the part of an error logs we found in the failed ESXi host

2017-09-12T05:25:54.232Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:54.433Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:54.633Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:54.832Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:55.034Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:55.235Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:55.434Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:55.634Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:55.833Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:56.032Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:56.231Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:56.429Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:56.628Z cpu37:66166510)MCE: 1118: cpu37: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.
2017-09-12T05:25:56.629Z cpu37:66166510)MCE: 222: cpu37: bank7: status=0xcc000f4000010091: (VAL=1, OVFLW=1, UC=0, EN=0, PCC=0, S=0, AR=0), ECC=no, Addr:0x526e3600 (valid), Misc:0x390261e840 (valid)

 

This was identified as the root cause: PCPU becomes too busy logging all the correctable error messages to perform routine background tasks, leading ESXi to assume that PCPU is unresponsive.

Possible tasks to correct the Error: To fix this PSOD error we had to update the 5.5 Patch version to 3568722, however the latest patch version available to 5.5 is 5230635.

You can read More about this in below KB articles: