WilliamLam.com

VCF 9.1 - Auditing vCenter Server Connections using the Connection Utilization API

by // Leave a Comment

vCenter Server has had the ability to audit vSphere logins, whether through the API or UI, for nearly two decades using vSphere Events, which provide detailed information on who connected, when the login occurred and the client IP address associated with the session.

While looking up something in the latest vSphere 9.1 Automation REST API, I came across a new Connection Utilization API that provides visibility into all HTTP and HTTPS connections established with vCenter Server.

While most organizations deploy vCenter Server on a dedicated management network as a best practice, it does not eliminate the possibility of unexpected or unauthorized connections. Having additional visibility into those connections and the ability to audit them can help organizations quickly identify and investigate suspicious activity.

[Read more...]

Quick Tip: Resolving OVFTool "Failed to Send File" Errors on macOS

by // Leave a Comment

I frequently deploy and re-deploy VMware Virtual Appliances (OVA), which I fully automate using OVFTool from my macOS x86 system. Recently, I noticed that deployments would consistently fail roughly 3 out of 5 times with a generic error message like the following:

Deploying VCF Installer sddcm02 ...
Opening OVA source: /Volumes/Storage/Software/VCF910/PROD/COMP/SDDC_MANAGER_VCF/VCF-SDDC-Manager-Appliance-9.1.0.0.25371088.ova
The manifest does not validate
Opening VI target: vi://[email protected]/
Deploying to VI: vi://[email protected]/
Transfer Failed
Transfer Failed
Error: Failed to send file [sddcm02-2.vmdk] to the host [172.30.0.10], please check the network connection
Warning:
- The manifest is present but user flag causing to skip it
Completed with errors


While annoying 😩, I never really bothered digging into it because, after a few retries, the deployment would eventually succeed 😅

Even after upgrading to the latest OVFTool version 5.1.0 (supports VCF 9.1), the issue still continued to persist. I finally decided to enable verbose debugging during a failed deployment and reached out to OVFTool Engineering to see if they could help me understand what was happening, especially when it would eventually succeed!

[Read more...]

VCF 9.1 - Are You Using the Correct ESXCLI Command to Enable NVMe Tiering?

by // 2 Comments

Historically, enabling NVMe Tiering prior to VMware Cloud Foundation (VCF) 9.1 was not very user friendly, as it required users to remember three distinct ESXCLI commands.

# Enable or Disable NVMe Tiering
esxcli system settings kernel set -s MemoryTiering -v TRUE

# Configure the Tiering % 
esxcli system settings advanced set -o /Mem/TierNvmePct -i 100

# Configure NVMe device for with NVMe Tiering
esxcli system tierdevice create -d /vmfs/devices/disks/${NVME_TIERING_DEVICE}

By now, most users have probably made a mental note of these commands, with some even incorporating them into their automated ESX Kickstart deployments (example), so it is something you do not have to remember.

VCF 9.1 introduces a new method for enabling and configuring NVMe Tiering that is significantly simpler and no longer requires a system reboot. As a result of these improvements, the ESXCLI commands used in previous releases will no longer properly enable NVMe Tiering in VCF 9.1 and later.

I have seen an increasing number of users, both internally and externally, report that they have enabled NVMe Tiering, only to discover that it was never properly activated due to the use of the legacy ESXCLI commands.


Users will typically share a screenshot from vCenter Server similar to the one above, and there are two dead giveaways that NVMe Tiering was not properly enabled.

  • The first is the traditional memory capacity view, which does not reflect the combined memory capacity based on the configured NVMe Tiering ratio.
  • The second is the new Memory Tiering widget in the vSphere UI, where the Tier 1 capacity, representing the NVMe Tiering device capacity, shows a value of 0.

[Read more...]