WilliamLam.com

Automatically Join Multiple VCSA 5.1 using New vCenter SSO (Single Sign-On)

by // 12 Comments

You may have recently heard about the new vCenter SSO (Single Sign-On) feature that is now part of the latest release of vSphere 5.1 which provides centralized authentication and directory services (supports multiple identify sources) across your vCenter Servers. vCenter SSO also provides a true single pane of glass for managing and viewing all your vSphere infrastructure and solutions, unlike it's predecessor Linked Mode feature, which many used to get a centralized view of all their vCenter Servers but without the true single-sign on capabilities.

Note: If you would like to learn more about the new vCenter SSO, I would recommend you take a look at the What's New vCenter Server 5.1 whitepaper by Justin King. 

I really love the new vCenter SSO feature, especially in my home lab where I have several vCenter Server 5.0 and 5.1 hosts running and I can view all of them in a single interface! One thing I tend to do a lot in my lab is automated deployments (you probably might have already guessed) and though the configuration web interface for vCenter Server is pretty easy to use, there is still a lot of clicking involved (as you know, I hate clicking a lot).

Just like with automating VCSA 5.1 deployments, I also looked into automating the joining of a VCSA to an existing vCenter SSO server. The example below will outline configuring a single VCSA to act as the primary vCenter SSO server and then configure two additional VCSA which will then connect to this primary vCenter Server providing them SSO capabilities.You can also run through this manually through the configuration web interface for each VCSA, but as mentioned earlier, it is manual and did I forget to mention ... tedious!

Disclaimer: This is for educational purposes only, this is not officially supported by VMware. Please test this in a development environment before using it on actual systems.

Step 1 - Configure your primary VCSA which will be the main SSO server. You will be leveraging the same script as shown in this article

Step 2 - Next, you will need to configure you secondary and tertiary (or n-others) VCSA using a similar script as in Step 1, but instead of configuring for an embedded SSO server, it will connect to the external SSO server which is specified by the IP Address or hostname of your primary VCSA.

Here is a script with the minimal commands needed for configuring your additional VCSA:
Note: Make sure you update the PRIMARY_VC variable to reflect the IP Address or hostname of your primary VCSA that was configured in Step 1

You will notice the output to be very similar, but it actually queries for the primary VCSA's lookupservice SSL thumbprint to configure the VCSA to use an external SSO server.

Once you have successfully deployed and configure your additional VCSA servers, you should now be able to login to your primary VCSA and view all your vCenter Servers in the inventory.

Is this not a cool feature!? You no longer have to manage dozen of vSphere C# Clients to get a view of your vSphere infrastructure!

How to Create an SE Sparse (Space-Efficient) Disk in vSphere 5.1

by // 8 Comments

You probably may have heard, that with the upcoming release of vSphere 5.1, a new virtual machine disk format will be introduced called called SE Sparse (Space-Efficient). One of it's features is to provide the ability to reclaim unused blocks from within the guestOS. I would highly recommend you check out a recent blog post vSphere 5.1 Storage Enhancements – Part 2: SE Sparse Disks by Cormac Hogan for more details about the new SE Sparse disk format as well as other storage improvements in vSphere 5.1.

As Cormac points out, this new disk format will initially be leveraged by VMware View (in a future release from my understanding), as there are additional integrations required to use this feature than just using the new SE Sparse disk format. Having said that, the SE Sparse disk format is a feature of the vSphere 5.1 platform and with that, you do have the ability to create an SE Sparse disk.

Disclaimer: This is for educational purposes only, this is not officially supported by VMware. Please test this in a development environment before using it on actual systems.

There are two methods in which you can create an SE Sparse disk, directly on the ESXi Shell of an ESXi 5.1 host or remotely connecting to an ESXi 5.1 host.

Option 1 - Using vmkfstools on ESXi Shell 

Though it may not be documented, you can easily create a new VMDK with the new SE Sparse disk format by running the following command (10GB disk in this example):

vmkfstools -c 10g -d sesparse WindowsXP.vmdk

Here is a screenshot of new SE Sparse disk descriptor file to prove we have successfully created a new VMDK using the new format:

Option 2 - Using vSphere 5.1 API w/modified remote version of vmkfstools

As mentioned, the SE Sparse disk format is a feature of the vSphere 5.1 platform and as so, you can also leverage the vSphere 5.1 API to create a new VMDK using the virtualDiskManager and specifying the new SeSparseVirtualDiskSpec.

Note: Even though the vSphere API reference mentions the ability to set grain size via grainSizeKb property, I have found that it is not possible and just leaving it blank will automatically default to 1024K (1MB) which might be a system default for now.

You can download the modified version of the remote vmkfstools called vmkfstools-lamw which requires the the installation of vCLI 5.1 or vMA 5.1.

Here is an example of creating the same 10GB VMDK using the new SE Sparse disk format:

./vmkfstools-lamw --server 172.30.0.187 --username root -c 10G -d sesparse "[datastore1] WindowsXP.vmdk"

After you have created your new SE Sparse disk, the next logical step is assign it to a virtual machine. Since this is a new feature in vSphere 5.1, you will need to use the new vSphere Web Client to perform the operation as the legacy vSphere C# Client is not aware of this new disk type. You will also need to ensure that the virtual machine is running the latest ESXi 5.1 compatibility and later (virtual hardware version 9).

Once you have added our newly created disk from the datastore, it should now show up in the vSphere Web Client as Flex-SE for the disk type.

Additional Resources:

 

How to Register a vCenter Server 5.0 with Admin Tool on VCSA 5.1 Using SSH Port Forwarding

by // 2 Comments

The new vSphere Web Client in vSphere 5.1 supports both vCenter Server 5.0 and 5.1, but before you can connect to a 5.0 system, you will need to manually register the vCenter Server with the vSphere Web Client Admin Tool. In the previous release, you could register a vCenter Server using the Admin Tool which was available by connecting to the localhost web application as outlined here or by performing the same operation via the command-line using /usr/lib/vmware-vsphere-client/scripts/admin-cmd.sh on the VCSA.

It looks like with the latest release, the admin script no longer function ("Cannot connect to vSphere Web Client administration tool.") and since the VCSA does not contain a full blown desktop with a browser like it's ugly Windows cousin ... you will not be able to register any of your existing vCenter Server 5.0 systems. Luckily, you do not need a browser running on the VCSA to perform the registration, you can use the browser on your desktop by simply using SSH port forwarding.

In the example below, I am connecting to my VCSA 5.1 from my iMac via terminal. You will need a system that can reach your VCSA that has a web browser which will be used to access the Admin Tool.

Step 1 -  SSH to your VCSA using the following command, be sure to replace "172.30.0.194" with the IP Address or hostname of your VCSA:

ssh [email protected] -L 9443:127.0.0.1:9443 -N

If the port forward was established correctly, the prompt will just sit there as denoted by the screenshot below.

Note: If you wish for the prompt to return, you can specify the -f flag after "ssh" but this ensures you remember you have a port forwarded.

Step 2 - Open a web browser on your local desktop and connect to the following address:

https://localhost:9443/admin-app

This should launch the vSphere Web Client Admin Tool and allow you to register your vCenter Server 5.0 hosts.

Even though I was able to get this to work, I personally would still prefer to be able to perform this operation via the command-line. I am still hoping that I might have missed something, but I have been told this might be expected 🙁