WilliamLam.com

Specifying Default Domains for vSphere Web Client Login

by // 4 Comments

If you add an additional identity source to vCenter SSO, such as Active Directory during vCenter Server setup, you might have noticed that you need to specify the full domain name and user id to be able to login to the vSphere Web Client.

It took me awhile to figure out where to set the default domain as I thought it would have been in the VCSA web management interface as I deployed my VCSA using an automated script. I thought I share this quick tidbit in case someone was running into a similar issue.

To specify a default domain for one of your identity sources, you will need to login to vSphere Web Client as "root" or an administrator who has access to the vCenter SSO Configurations. Click on Administration tab and then to Configuration under "Sign-On and Discovery" on the left hand side of the screen.

You should see your AD identity source at the top as well as the two default identity source provided by vCenter SSO (these can not be removed). If you want to add an identity source as a default domain, you will need to highlight your identity source and then select the CD icon with the arrow, which will add that to list of default domains at the bottom of the screen. 

Once your domain is listed at the bottom, you will need to perform one additional step which is to actually save the configuration by clicking on the little "disk" icon. I did not realize this until I logged out and nothing changed.

Note: By default, when you add to the default domain list, you will append to the very end of the list. You have the ability to arrange the order by highlighting the domain and using the up/down arrows.

Go ahead and log out and log back in and now you only have to specify the username as the default domain will automatically be used.

Automatically Join Multiple VCSA 5.1 using New vCenter SSO (Single Sign-On)

by // 12 Comments

You may have recently heard about the new vCenter SSO (Single Sign-On) feature that is now part of the latest release of vSphere 5.1 which provides centralized authentication and directory services (supports multiple identify sources) across your vCenter Servers. vCenter SSO also provides a true single pane of glass for managing and viewing all your vSphere infrastructure and solutions, unlike it's predecessor Linked Mode feature, which many used to get a centralized view of all their vCenter Servers but without the true single-sign on capabilities.

Note: If you would like to learn more about the new vCenter SSO, I would recommend you take a look at the What's New vCenter Server 5.1 whitepaper by Justin King. 

I really love the new vCenter SSO feature, especially in my home lab where I have several vCenter Server 5.0 and 5.1 hosts running and I can view all of them in a single interface! One thing I tend to do a lot in my lab is automated deployments (you probably might have already guessed) and though the configuration web interface for vCenter Server is pretty easy to use, there is still a lot of clicking involved (as you know, I hate clicking a lot).

Just like with automating VCSA 5.1 deployments, I also looked into automating the joining of a VCSA to an existing vCenter SSO server. The example below will outline configuring a single VCSA to act as the primary vCenter SSO server and then configure two additional VCSA which will then connect to this primary vCenter Server providing them SSO capabilities.You can also run through this manually through the configuration web interface for each VCSA, but as mentioned earlier, it is manual and did I forget to mention ... tedious!

Disclaimer: This is for educational purposes only, this is not officially supported by VMware. Please test this in a development environment before using it on actual systems.

Step 1 - Configure your primary VCSA which will be the main SSO server. You will be leveraging the same script as shown in this article

Step 2 - Next, you will need to configure you secondary and tertiary (or n-others) VCSA using a similar script as in Step 1, but instead of configuring for an embedded SSO server, it will connect to the external SSO server which is specified by the IP Address or hostname of your primary VCSA.

Here is a script with the minimal commands needed for configuring your additional VCSA:
Note: Make sure you update the PRIMARY_VC variable to reflect the IP Address or hostname of your primary VCSA that was configured in Step 1

You will notice the output to be very similar, but it actually queries for the primary VCSA's lookupservice SSL thumbprint to configure the VCSA to use an external SSO server.

Once you have successfully deployed and configure your additional VCSA servers, you should now be able to login to your primary VCSA and view all your vCenter Servers in the inventory.

Is this not a cool feature!? You no longer have to manage dozen of vSphere C# Clients to get a view of your vSphere infrastructure!

How to Create an SE Sparse (Space-Efficient) Disk in vSphere 5.1

by // 8 Comments

You probably may have heard, that with the upcoming release of vSphere 5.1, a new virtual machine disk format will be introduced called called SE Sparse (Space-Efficient). One of it's features is to provide the ability to reclaim unused blocks from within the guestOS. I would highly recommend you check out a recent blog post vSphere 5.1 Storage Enhancements – Part 2: SE Sparse Disks by Cormac Hogan for more details about the new SE Sparse disk format as well as other storage improvements in vSphere 5.1.

As Cormac points out, this new disk format will initially be leveraged by VMware View (in a future release from my understanding), as there are additional integrations required to use this feature than just using the new SE Sparse disk format. Having said that, the SE Sparse disk format is a feature of the vSphere 5.1 platform and with that, you do have the ability to create an SE Sparse disk.

Disclaimer: This is for educational purposes only, this is not officially supported by VMware. Please test this in a development environment before using it on actual systems.

There are two methods in which you can create an SE Sparse disk, directly on the ESXi Shell of an ESXi 5.1 host or remotely connecting to an ESXi 5.1 host.

Option 1 - Using vmkfstools on ESXi Shell 

Though it may not be documented, you can easily create a new VMDK with the new SE Sparse disk format by running the following command (10GB disk in this example):

vmkfstools -c 10g -d sesparse WindowsXP.vmdk

Here is a screenshot of new SE Sparse disk descriptor file to prove we have successfully created a new VMDK using the new format:

Option 2 - Using vSphere 5.1 API w/modified remote version of vmkfstools

As mentioned, the SE Sparse disk format is a feature of the vSphere 5.1 platform and as so, you can also leverage the vSphere 5.1 API to create a new VMDK using the virtualDiskManager and specifying the new SeSparseVirtualDiskSpec.

Note: Even though the vSphere API reference mentions the ability to set grain size via grainSizeKb property, I have found that it is not possible and just leaving it blank will automatically default to 1024K (1MB) which might be a system default for now.

You can download the modified version of the remote vmkfstools called vmkfstools-lamw which requires the the installation of vCLI 5.1 or vMA 5.1.

Here is an example of creating the same 10GB VMDK using the new SE Sparse disk format:

./vmkfstools-lamw --server 172.30.0.187 --username root -c 10G -d sesparse "[datastore1] WindowsXP.vmdk"

After you have created your new SE Sparse disk, the next logical step is assign it to a virtual machine. Since this is a new feature in vSphere 5.1, you will need to use the new vSphere Web Client to perform the operation as the legacy vSphere C# Client is not aware of this new disk type. You will also need to ensure that the virtual machine is running the latest ESXi 5.1 compatibility and later (virtual hardware version 9).

Once you have added our newly created disk from the datastore, it should now show up in the vSphere Web Client as Flex-SE for the disk type.

Additional Resources: