WilliamLam.com

Nested ESXi on VMware Cloud on AWS (VMC)

by // 5 Comments

I have had a few folks ask about Nested ESXi support on VMware Cloud on AWS (VMC), so lets get that out of the way first. Nested ESXi is NOT supported by VMware on any of our platforms, whether that is an on-premises or a cloud environment like VMC or any 3rd party vendors that maybe using VMware software. For those wanting an "official" statement on Nested ESXi support, you can refer to KB 2009916.

UPDATE (02/10/20) - Updated my Automated vSphere Lab Deployment Script to support "basic" Nested vSphere environment running on VMC.

Now, we all know Nested ESXi works and it runs extremely well on vSphere. In fact, vSphere is the best platform for running any Hypervisor in a VM. This is also true for VMC, you can run a Nested ESXi VM in an SDDC, however there are some caveats compared to what you would experience in an on-prem environment. Below are some of the caveats to be aware of if you are considering running Nested ESXi on VMC.


[Read more...]

Native MAC Learning in vSphere 6.7 removes the need for Promiscuous mode for Nested ESXi

by // 41 Comments

Over the years, several solutions have been developed here and here to help reduce the impact of promiscuous mode, which is a requirement for running Nested ESXi as a workload. Although these solutions worked extremely well, it however did require users to install additional software to enable this functionality. The most recent solution was a new Learnswitch VMkernel module (released as a VMware Fling) that enables MAC learning capabilities on ESXi.

Today, I am pleased to announce that with the release of vSphere 6.7, the MAC Learning functionality is now available as a native feature of the VMware Distributed Virtual Switch (VDS) and as some of you may have guessed from the title, promiscuous mode is also no longer a requirement for running Nested ESXi! I wanted to take a moment and thank Subin, Jobin, Sriram, Rajeev & Samuel from our Network and Security Business Unit (NSBU) at VMware who worked tirelessly to get this integrated and productized into ESXi. Not only will this benefit Nested ESXi workloads but also other solutions and use cases that have historically required the use of promiscuous mode. For customers who are still running ESXi 6.0 or 6.5, you should continue to use the Learnswitch Fling until you fully upgrade to vSphere 6.7.

To use the new MAC Learning functionality, you will of course need to upgrade to vSphere 6.7 (both vCenter and ESXi) but also upgrade to the latest VDS version which is 6.6. MAC Learning can be enabled on a per Distributed Virtual Portgroup bases and today, it is only available when using the vSphere API. For those that have used the VDS API to manage their VDS, you will simply use the existing ReconfigureDVPortgroup_Task() method and in 6.7, there now a new macManagementPolicy property which allows you to enable and define your MAC Learning settings. This new MAC Management Policy will also be the new preferred method for managing security policies going forward for a DV Portgroup and the previous security policy settings should no longer be used.

Disclaimer: Nested ESXi is still not officially supported by VMware. Please use at your own risk.  [Read more...]

Nested ESXi 6.7 Virtual Appliance Updates

by // 34 Comments

I know many of you have been pinging me the last couple of days for an updated Nested ESXi 6.7 Virtual Appliance and I have just finished my strict quality control process 🙂 The only minor change with the 6.7 appliance is the VM is now configured with EFI Firmware, where as in the past it was set to BIOS. As of vSphere 6.5+ appliances, the customization scripts are automatically removed by default which means that customers can turn on Secure Boot feature post-deployment without having to perform any manual workarounds. In addition, you will find a few more updates related to the updated ESXi appliance below. I hope you enjoy these free resources to help learn and plan for your vSphere 6.7 upgrades, Happy Friday!

Note: These solutions are all developed during off hours and does take a considerable amount of time/effort to manage and update. Although they are provided to you as a free solution, the development itself is not 🙂

o

Nested ESXi 6.7 Appliance:

ESXi 6.7 Virtual Appliance (Nested_ESXi6.7_Appliance_Template_v1.ova)

Nested ESXi Content Library

If you are using my Nested ESXi Content Library, I have updated it to include the latest 6.7 Appliance. Simply refresh your Content Library to automatically pull down the image or you can create a new Content Library by subscribing to the following URL: https://download3.vmware.com/software/vmw-tools/lib.json For more details, please take a look at this blog post here.

vGhetto vSphere Automated Lab Deployment:

For those that use my vGhetto lab deployment script to automate a fully functional vSphere environment, I have created a new version of the script to support vSphere 6.7 which you can find more details here. One neat feature that was suggested by Christian Mohn awhile back was the ability to get more insights to what is happening during the VCSA deployment since the verbosity can be quite distracting on the primary screen. There is now a new $enableVerboseLoggingToNewShell variable that is enabled by default to spawn a new PowerShell console that will watch the VCSA installer logs, so you have a better idea of what is going on.