WilliamLam.com

Search Results for: vsphere events

How to audit vSphere Standalone VMRC or HTML5 VMRC connections?

by // Leave a Comment

An interesting question that came in last week from one of our TAMs was how to identify and audit Virtual Machine Remote Console (VMRC) logins from vSphere? The TAM was specifically interested in being able to correlate that a particular user had logged into the VMRC of a VM during a specific period of time. Luckily, this is easily retrievable through vCenter Servers's Event sub-system that stores information about everything that happens in your vSphere environment. The Events can be accessed using either the vSphere Web Client shown below or programmatically using the vSphere API which the UI is built on top of.

audit-standalone-vmrc-and-html5-vmrc-logins-1
You can obviously filter your search in the UI and focus on a particular VM, but often times there can be dozens if not hundreds of "Events" generated for a given VM. I personally prefer to leverage Automation when needing to look for a specific type of Event and more importantly, you can further process the results to either send out reports or hook into other third party systems. Now that we know, "where" to find our data, the next thing is identifying the type of Event that is generated for a VMRC connection.

As of vSphere 5.5 Update 2b, the VMRC in the vSphere Web Client can be accessed in one of two ways: The new HTML5 VMRC by clicking onto the VM screenshot thumbnail or the Standalone VMRC by clicking on the link directly beneath the VM screenshot.

audit-standalone-vmrc-and-html5-vmrc-logins-0
Each VMRC connection method will generate a unique vCenter Server Event. For HTML5 VMRC connections, the Event is called VmAcquiredMksTicketEvent and for Standalone VMRC connections, the Event is called VmAcquiredTicketEvent. As I mentioned earlier, the vCenter Server Event sub-system can be accessed using the vSphere API and you can find the complete list of Events documented here. To demonstrate the use of this particular vSphere API, below is a PowerCLI example using the Get-VIEvent cmdlet. My fellow colleague Alan Renouf has actually blogged about working with Events using PowerCLI which I will be adapting one of his examples for our use case.

We first retrieve the VM that we are interested in by running the following command (specify the name of your VM):

$vm = Get-VM -Name "VCSA-60u2"

To retrieve HTML5 VMRC connections, run the following PowerCLI command:

Get-VIEvent -Entity $vm | Where { $_.Gettype().Name -eq "VmAcquiredMksTicketEvent"} | Select CreatedTime, UserName, FullFormattedMessage | ft -wrap -AutoSize

Here is an example of what the output would look like

audit-standalone-vmrc-and-html5-vmrc-logins-2
To retrieve Standalone VMRC connections, run the following PowerCLI command:

Get-VIEvent -Entity $vm | Where { $_.Gettype().Name -eq "VmAcquiredTicketEvent"} | Select CreatedTime, UserName, UserAgent, FullFormattedMessage | ft -wrap -AutoSize

Here is an example of what the output would look like:

audit-standalone-vmrc-and-html5-vmrc-logins-3

How Wrecking Crew Inc. leveraged vSphere's Instant Clone to instantly provision hundreds of VMs

by // 9 Comments

Okay, Wrecking Crew Inc. is not a real company but a fictitious one that was used during Alan Renouf and Li Zheng's VMworld session, #INF5803 - Deploy Hundreds of VMs Instantly via Forking (aka vSphere Instant Clone). During the session, Wrecking Crew Inc. was described as a modern online gaming company who was about to launch a new product. They found out that their game was going to be more popular than they had originally anticipated and needed to be able to quickly spin up a large number of instances of their game to handle the load.

Though this was a fictional company to help set the stage for the demo, the underlying use case is an actual challenge for many of our customers. One of the examples that Alan used was the traditional Black Friday sale which occurs on the Friday after Thanksgiving in US. As you can imagine, being able to quickly scale up your online application based on customer demand can really give retailers an real edge over their competition. In todays world, waiting a few additional seconds for a site to load can mean the difference between a sale and customer going else where for their business. Online retail is just one of the many industries and verticals that can easily benefit from the Instant Clone capability.

To help further demonstrate the use case, a recorded demo was shown utilizing the new PowerCLI Extensions which provides access to the Instant Clone feature from an Automation standpoint. I actually built the demo for Alan and Li's session and I thought I would share some more details along with the video in case you were not able to attend the session in person, which I was not able to do.

Below are the set of technologies that were used in the demo:

wrecking-crew-inc-using-instant-clone-to-provisioning-hundreds-to-thousands-of-vms-0
I wanted to also give a quick shoutout to my buddy Rawlinson Rivera for his help with Intel and getting us access to their 64 Node NVMe VSAN Cluster. Our friends over at Intel were kind enough to allow us to quickly record a demo before they had to pack and ship the hardware to San Francisco for VMworld.

To provide some additional context on what you will see in the video, a diagram is provided below. The environment initially consists of two Photon VMs which runs the Consul Cluster which provides service discovery and configuration capabilities and the Nginx Load Balancer which is highlighted in the purple and blue box. Each of those VMs run their respective application which runs inside of a Docker Container and is highlighted in the smaller boxes. On each ESXi host, we have Photon VM which contains our Node.js application that we will be Instant Cloning from. This Photon VM is also referred to as the Parent VM and where all the new forked children VMs will be spawn off of.

This Photon VM also runs an instance of Consul, Registrator and the Node.js application inside of a Docker Container. As new instances are brought online which is highlighted in the black box, they will automatically register themselves with the Consul Cluster. As the Docker Containers are started up, Registrator will be notified to automatically add the new instances to the Nginx Load Balancer, making our application servers available for use immediately. When our application server powers down, Registrator will automatically detect that the Docker Container for our Node.js application is no longer running and automatically unregister it from the Nginx Load Balancer. To simply scale up or down the application, it is simply Instant Cloning our Photon (Parent) VM and powering it on or off, there are no additional steps required.

wrecking-crew-inc-using-instant-clone-to-provisioning-hundreds-to-thousands-of-vms-1

Without further ado, here is the video of the demo. If you want additional commentary and you attended VMworld US but could not make it to Alan and Li's session, you can now watch it online here. This session will also be repeated in VMworld EMEA for those attending in a couple of weeks. I would highly recommend you check out the session as there is a lot of awesomeness in the session along with technical deep dive of the Instant Clone technology.

VMworld 2015 Demo of how Wrecking Crew Inc. leverages vSphere's Instant Clone feature from lamw on Vimeo.

For more details about Instant Clone, be sure to check out these resources below which includes a Instant Clone script repository for several GuestOSes, including Photon which was used in the demo:

Subscribe to vGhetto Nested ESXi Template Content Library in vSphere 6.0

by // 23 Comments

vGhetto-Nested-ESXi-Content-LibraryDuring the early development of vSphere 6.0, one of the features that I got an early sneak preview of was the Content Library which originated from vCloud Director's Content Catalog capability and has now been pushed down into the core vSphere platform as part of VCD's "Convergence" plan.

Although there are some initial limitations with this first release of Content Library such as not being able to  mount an ISO directly from the Content Library as example, which I do agree it should have just worked and not requiring a manual datastore browse for this operation to work. I know the Engineering team is aware of this as it was something our team had also provided feedback among other things, so hopefully this will be fixed very shortly.

Having said that, I do see a huge potential with the Content Library and all the interesting use cases it can enable not only for vSphere but also for other products such as vRealize Automation as well as vCloud Air. One area that caught my attention when I first heard about Content Library is the the fact that the publishing and subscription capability works over simple HTTP(s). I immediately had a light-bulb moment and thought would it not be cool if you could have a custom Content Library that would be hosted on some external cloud storage such as Amazon S3 as en example and be able to publish that so others could subscribe to it in their vSphere environment?

Fortunately, because Content Library works over standard HTTP(s) and with the help of one of the Content Library Engineers I was able to create my very own vGhetto Nested ESXi Template Content Library for both vSphere 6.0 and vCloud Directory based environments which is currently being hosted on Amazon S3.

  • vSphere: https://s3-us-west-1.amazonaws.com/vghetto-content-library/lib.json
  • vCD: https://s3-us-west-1.amazonaws.com/vghetto-content-library-vcd/lib.json

The library contains all of my Nested ESXi / VSAN OVF Templates that I have created over the years and by publishing them in in my public Content Library, anyone can now easily subscribe and pull down the latest OVF templates to deploy directly in their vSphere/vCD environment. You no longer have to manually download the OVFs and as I add new content, the Content Library will automatically synchronize the changes to your local environment.

The vGhetto Nested ESXi Template Content Library currently contains the following 7 OVF's which total to 1.43MB:

  • Nested-ESXi-3-Node-VSAN-6.0-All-Flash-Template
  • Nested-ESXi-3-Node-VSAN-6.0-Template
  • Nested-ESXi-3-Node-VSAN-Template
  • Nested-ESXi-32-Node-VSAN-Template (not available when subscribing from VCD)
  • Nested-ESXi-6-Node-VSAN-6.0-FD-Template
  • Nested-ESXi-64-Node-VSAN-6.0-Template (not available when subscribing from VCD)
  • Nested-ESXi-VM-Template

Here are the instructions for subscribing to my vGhetto Content Library using the vSphere 6.0 Web Client:

Step 1 - In the main Home page, click on the Content Library icon

vGhetto-S3-Nested-ESXi-Content-Library-0
Step 2 - Create a new Content Library which will be used to subscribe to my vGhetto Content Library.

vGhetto-S3-Nested-ESXi-Content-Library-1
Step 3 - Select "Subscribed content library" and enter the following URL: https://s3-us-west-1.amazonaws.com/vghetto-content-library/lib.json and make sure to select "Download all library content immediately". There is currently a limitation in the way the metadata is read from OVFs that prevents the on-demand setting to be used when subscribing to 3rd party Content Libraries.

vGhetto-S3-Nested-ESXi-Content-Library-2
Step 4 - Select the storage which will be backing your Content Library. This can be either a local filesystem path on your vCenter Server or by using a vSphere Datastore.

vGhetto-S3-Nested-ESXi-Content-Library-3
Step 5 - If the new Content Library had been successfully created, the content will start to synchronize to your local system and once the OVF/VM icon appears, then you know the Nested ESXi / VSAN OVFs templates are ready to be deployed in your environment as seen in the screenshot below.

vGhetto-S3-Nested-ESXi-Content-Library-4
Note: You will notice that even though we are pulling down all seven OVF templates, they are only consume a measly 1.43MB as these are empty VMs shells and I am also using the OVF Dynamic Disks feature which allows you to specify the size of the VMDK upon deployment.

UPDATE (4/24) - It turns out that 3rd Party Content Libraries can also be subscribed from within vCloud Director but because it does not support Dynamic Disks, the synchronized will fail. I have created a separate library specifically optimized for vCD which you can find the URL at the top and you can then subscribe to my vGhetto Content Library as seen in the screenshot below. You will notice that the 32 and 64 Node VSAN Template is not available and the reason for this is that apparently there is a limitation in the number of elements it can parse.

Screen Shot 2015-04-24 at 5.56.18 AM
This is a pretty powerful feature in my opinion and I can already see custom content libraries not only from VMware but also from our partner eco-systems providing their latest solutions (Virtual Appliances) as well as other file content as Content Library can store pretty much anything. In a future blog post, I will go through the details on how you can create your own custom Content Library, so stay tune. In the mean time, if you are using vSphere 6.0 and and would like to be able to quickly pull down the latest Nested ESXi / VSAN OVF templates, be sure to subscribe to my vGhetto Content Library!