WilliamLam.com

New vSAN Management 6.6 API / SDKs / CLIs

by // 2 Comments

With all the new awesome capabilities that have been introduced in vSAN 6.6, there is just as much Automation goodness that will be available for our customers to consume to help them easily mange and operate at scale.

vSAN Management 6.6 API

Below are all the new Managed Objects that have been introduced in the new vSAN Management 6.6 API. This does not even cover all the new methods or object types. For the complete list of vSAN 6.6 APIs, be sure to check out the vSAN Management 6.6 API Reference Guide here.

  • VsanVcsaDeployerSystem – Virtual Center Service Appliance deployment APIs onto vSAN datastore, operating at both vCenter Server and ESXi Host sides
  • VsanVdsSystem – vSAN system optimized VDS related operations, especially migrations from VSS to VDS
  • VsanUpdateManager – VIB installation engine operating at vSAN cluster level (optimized for vSAN clusters)
  • VsanCapabilitySystem – APIs to query vSAN capability, available on both vCenter and ESXi
  • VsanMassCollector – vSAN system management query API's to access data and managed object properties, operating at a vSAN Cluster level in vCenter Server only
  • VsanPhoneHomeSystem – vSAN online health related query API, operating at a vSAN Cluster level in vCenter Server only

[Read more...]

Easily try out vSAN 6.6 Encryption feature using KMIP Docker Container

by // 4 Comments

One of biggest feature introduced in the upcoming vSAN 6.6 release is the native vSAN Data-at-Rest Encryption capability. My good friend Duncan Epping even posted a video recently demo'ing the feature and showing how easy it is to enable with just a couple of clicks. Just like VM Encryption which was introduced in vSphere 6.5, vSAN Encryption also requires a Key Management Interoperability Protocol (KMIP) Server which needs to be associated with your vCenter Server.

The really nice thing about this is that because both VM Encryption and vSAN Encryption uses the exact same encryption library, as long as you have a supported KMS (which you can find over on the VMware KMS HCL here, more are being certified and added), you can actually leverage the same KMS for both types of encryption across different vSphere Clusters with different requirements. For the ultra paranoid, you could even "double" encrypt by running Encrypted VMs on top of a vSAN Encrypted Datastore 😉

As with any feature that relies on 3rd party tools, it can take some time to acquire evaluational licenses. For those of you who would like to try out either vSAN or VM Encryption from a functional standpoint, you can quickly get started in under a few minutes by using the KMIP Docker Container that I had built last year. This is a great way to familiarize yourself with the workflow or even try out some of the new vSphere and vSAN APIs if you plan to automate the KMIP configuration or even deployment of encrypted VMs. Another great use case for this is doing live demos and all you need is just a couple of Nested ESXi VMs and a Docker Container Host like Photon OS or even just your laptop for example. Below are the instructions on how to get started.

Disclaimer: It is also very important to note that you should NOT be using this for any production workloads or any VMs that you care about. For actual production deployments of VM Encryption or vSAN Encryption, you should be leveraging a production grade KMIP Server as PyKMIP stores the encryption keys in memory and will be lost upon a restart. This will also be true even for the virtual appliance, so this is really for quick evaluational purposes, do NOT run anything important that you care about due to the risks mentioned earlier.

[Read more...]

Native VCSA bootstrap installer in vSAN 6.6

by // 5 Comments

Graphic courtesy of Emad Younis

Almost four years ago, I documented a really cool vSAN capability here and here, which demonstrates how to bootstrap a vSAN datastore onto a single ESXi host. This powerful capability, which was by design, enables customers to easily standup new infrastructure including the vCenter Server Appliance (VCSA) in a pure greenfield environment where you only had bare-metal hardware to start with and no existing vCenter Server.

As you can probably guess, I am a huge advocate for this capability and I think it enables some really interesting use cases for being able to quickly and easily stand up a complete vSphere environment without having to rely on an external storage array or playing games with Storage vMotion'ing the VCSA between local VMFS and the vSAN datastore for initial provisioning.

Over time, this vSAN capability has gone mainstream not only from a customer standpoint but also internal to VMware. In fact, the use of this feature has made its way into several VMware implementations including but not limited to VMware Validated Designs (VVD), VxRail, VMware Cloud Foundation (VCF) and even in the upcoming VMware Cloud on AWS. This really goes to show how useful and critical of a feature this has become for standing up brand new VMware infrastructure which runs on top of vSAN. Huge thanks goes out to the original vSAN Architects who had envisioned such use cases and designed vSAN to include this functionality natively within the product and not have to rely or depend on vCenter Server.

[Read more...]