Home > Blogs > VMware Consulting Blog

Have a Chat with Your SDDC (Automating the Management of the Management Portal, Part 2)

By Andrea Siviero, VMware Senior Solutions Architect

Andrea SivieroIn my recent post “Look Mom, no Mouse!” I introduced an amazing new way to interact with your SDDC without a mouse, but now, using a command-line with simple mnemonic instructions you can “Talk” with your SDDC to “Automate the Management of the Management Portal”.

VMware has just announced vRealize CloudClient 3.0 released for general availability (GA) (http://developercenter.vmware.com/web/dp/tool/cloudclient/3.0.0).

So now that it’s GA, I’m excited to explore with you more deeply how to use CloudClient, and also to share its benefits.

What commands do I want to show you today?

-        Create a brand new tenant and service catalog and entitle them to administrators

-        Import an existing blueprint into the brand new CloudClient-made tenant

-        Deploy blueprints from the catalog of services

So wake up your SDDC — it’s time for a lovely chat. :-)

Log in and create a tenant
CloudClient allows you to log in in an interactive way:

CloudClient> vra login userpass --server vcac-l-01a.corp.local --tenant pse --user siviero@gts.local --password ****** --iaasUser corp\\Administrator --iaasPassword ******

Or to edit the CloudClient.properties file to fill in all the details, just type this command to create an empty configuration:

CloudClient> login autologinfile

NOTE: IaaS credentials need to be passed with double back-slash i.e. corp\\Administrator

Login Screen

Figure 1: Login

Create a new tenant, identity-store and admins
When you are logged in as administrator@vsphere.local, creating a tenant is just three commands away. To set the name of the tenant, how users will get authenticated (AD or LDAP) and who will be the adminstrators:

CloudClient> vra tenant add --name "PSE" --url "PSE"
CloudClient> vra tenant identitystore add --name "PSE AD" --type AD --url ldap://controlcenter.corp.local --userdn "CN=Administrator,CN=Users,DC=corp,DC=local" --password "****" --groupbasedn "OU=Nephosoft QE,DC=corp,DC=local" --tenantname "PSE" --alias "gts.local" --domain "corp.local"
CloudClient> vra tenant admin update --tenantname "PSE" --addtenantadmins siviero@gts.local --addiaasadmins admin1@gts.local,admin2@gts.local
Create Tenant

Figure 2: Create Tenant

Create a fabric group and business group and assign resources
Now let’s annotate the returned IDs so they can be used in further commands. (They can be scripted using variables.)

CloudClient> vra fabricgroup add --name "GTS Fabric Group" --admins "admin1@gts.local,admin2@gts.local"
Create Fabric Group

Figure 3: Create Fabric Group

Search for the suitable compute resources. We will select the “Cluster Site A”:

CloudClient> vra computeresource list
Compute Resources

Figure 4: Compute Resources

Let’s finalize the “trivial” steps of assigning the compute resources to the fabric group and creating a business group wth a pre-determined machine prefix.

CloudClient> vra fabricgroup update --id f8bbfcd5-79c0-43db-a382-2473b91862e6 --addcomputeresource c47e3332-bdef-4391-9f93-269dcf14f2c5
CloudClient> vra machineprefix add --prefix gts- --numberOfDigits 3 --nextNumber 001
CloudClient> vra businessgroup add --name "GTS Business Group" --admins "admin1@gts.local,admin2@gts.local" --adContainer "cn=computers" --email admin2@gts.local --description "GTS Group" --machinePrefixId 1c1d20c3-ba91-443e-beb0-b9b0728ee29c
Assign Resources

Figure 5: Assign Resources

Here comes the fun: import/export blueprints
Until now, CloudClient commands used are merely a reproduction of what normally happens on the GUI.

Let me show where the power of it comes out: let’s assume you already created a good blueprint in a tenant with a blueprint profile and you just want to “copy&paste” it to another tenant. You cannot do it in the GUI — you need to manually recreate it — but hey, here comes the CloudClient magic: log in to the source tenant and export the blueprint in a JSON format:

CloudClient> vra iaas blueprint list

CloudClient> vra iaas blueprint detail --id 697b8302-b5a9-4fbf-8544-2f19d4e8a220 --format JSON --export CentOS63.json
Export Blueprint to JSON file

Figure 6: Export Blueprint to JSON file

Now log back to the brand new PSE tenant and import the blueprint like this:

CloudClient> vra iaas blueprint add vsphere --inputfile CentOS63.json --name "CentOS 6.3 x64 Base" --cpu 1 --memory 512
Import Blueprint from JSON

Figure 7: Import Blueprint from JSON

Request the blueprint from the catalog
The remaining steps will be trivial as before: Create a service, an entitlement, and actions and assign the blueprint to catalog. Reading the documentation will help you to get familiar with it.

Note: “Reservations” verbs are not yet implemented, so at some point you need to use the GUI to complete the process.

So please let me fast forward to the final moment when you can successfully deploy a blueprint and see it live. :-)

CloudClient> vra catalog list
Listing the Catalog

Figure 8: Listing the Catalog

Using the ID returned from catalog list, make the request:

CloudClient> vra catalog request submit --id c8a850d2-a089-4afb-b5d8-b298580cf9f9 --groupid 2c220523-60bb-419e-80c8-c5bfd81aa805 --reason fun
Checking the Requests

Figure 9: Checking the Requests

And here it is, our little VM, happy and running. :-)

Happy and Running

Figure 10: Happy and Running

The Occam’s Razor principle: “Entities must not be multiplied beyond necessity.”

In my humble opinion: Please don’t waste lot of time doing everything (Coffe/Tea?) from a command-line. vRealize Automation 6.1 has a nicely improved UI and is very intuitive to work with.

Keep the solutions as simple as possible and use vRealize CloudClient when some real “black magic” is needed.


Andrea Siviero is an eight-year veteran of VMware and a senior solutions architect member of Professional Services Engineering (PSE) for the Software-Defined Datacenter (SDDC), a part of the Global Technical Solutions (GTS) team. Prior to PSE, Andrea spent three years as pre-sales system engineer and three years as a post-sales consultant architect for cloud computing and desktop virtualization solutions focusing on very large and complex deployments, especially for service providers in the finance and telco sectors. 

Analyzing Virtual Desktop Login Time

By Gourav Bhardwaj with Matt Larson

GouravMatt LarsonOften when performing health checks a discussion arises about the login time and what constitutes login time. This article covers some of the common ways to look at login time and its underlying components.  You can look at login time using vCOps for View or a third-party user experience monitoring solution. In this example the login time is demonstrated using Stratusphere™ UX. Experienced system administrators can also use this process to troubleshoot slow login times.

 

 

Review Virtual Desktop login times using Stratusphere UX™

  1. First, ensure you are in the Stratusphere UX Interface.
    Stratusphere UX screen 1
  2. On the Inspector tab, choose Machine Diagnostic Summary, and then click Go.
    Stratusphere UX screen 2
  3. In the Date Range drop-down menu, select Last 24 Hours.Stratusphere UX screen 3
  4. In the results list, sort by Login Delay.Stratusphere UX screen 4
  5. Click the down-arrow next to the name of the machine. Click Drill-down to see machine inspection history.
    Stratusphere UX screen 5
  6. Select the down-arrow next to the hour that contains the slow login time. Click Drill-down to see inspection report details.
    Stratusphere UX screen 6

A lot of information will be provided, including the username of the user experiencing the issues, as well as information regarding processes. One important piece of information used to find what may be causing the slow logins is the CPU System Time(s) field. The graphic below shows VMWVvpsvc running long. This metric indicates some login slowness resulting from the profile being copied from the profile location using VMware’s persona management. This may be the result of a file server being in a location local to the user, but not local to the View environment.

Stratusphere UX screen 7

This information is helpful, as it says that the VMWVvpsvc was running for 94 seconds. We can assume this is mostly during login, but that only accounts for 94 seconds of a 351 second login delay. Clearly, more information is necessary. While turning to logs can be helpful (such as persona management, the system event log, the application event log, and various View and PCoIP logs), they can be time consuming to review, and often the information these logs provide is insufficient.

Using the Windows Performance Toolkit
The Windows Performance Toolkit is a set of tools provided in the Windows SDKs for both Windows 7 and Windows 8. It consists of two high level toolsets: A toolset to gather information, and a toolset to analyze information. Once users and systems have been found to have slow login times, the toolsets provided with the Windows Performance Toolkit can be employed to further ascertain what exactly is causing the slow logins.

Installation
This section details the installation process to get the tools on the system that is experiencing slow login times. This process assumes the use of the Windows 7 SDK. Below are the steps:

  1. Remove Visual C# 2010 – this may or may not be necessary. If the C# version of the vSphere Client is installed on the workstation, then that existing installation of Visual C# 2010 will need to be removed. Not to worry, the SDK puts C# back on there, and there is no impact to the vSphere client or other applications that may use Visual C# 2010.
  2. Install the Windows 7 SDK – this can be done HERE. Launch the winsdk_web.exe file and ensure that at least the Windows Performance Toolkit is selected, and then click Next. Once the installation has completed, move on to the next step.Windows SDK screenNote: In order to analyze Windows crash dumps (AKA BSOD) I keep the Debugging Tools for Windows installed as well.
  3. Install .NET 4.0 – this can be done from HERE. Again, this depends upon whether or not it is installed on the workstation in question.

This completes the installation. The installation can be verified by confirming that the program group exists on the Start Menu, or navigating to the installation directory, which defaults to C:\Program Files\Microsoft Windows Performance Toolkit, and confirm the existence of xbootmgr.exe and xperf.exe as seen in the images below.

Windows Screen 2Windows Screen 3

Using XPERF
The process to use XPERF to gather information regarding slow logins is as follows:

  1. Enable fast user switching in the registry or GPO.
  2. Create a local user account named Test, and add to the local administrators group. (Using an administrative user that is not the problematic user will also work.)
  3. From the console of the problematic workstation, log in as the user with administrative privileges.
  4. Launch a command line with elevated privileges, and navigate to C:\Program Files\Microsoft Windows Performance Toolkit.
  5. Launch the XPERF command:
    1. XPERF Command: xperf -on base+latency+dispatcher+NetworkTrace+Registry+FileIO -stackWalk CSwitch+ReadyThread+ThreadCreate+Profile -BufferSize 128 -start UserTrace -on “Microsoft-Windows-Shell-Core+Microsoft-Windows-Wininit+Microsoft-Windows-Folder Redirection+Microsoft-Windows-User Profiles Service+Microsoft-Windows-GroupPolicy+Microsoft-Windows-Winlogon+Microsoft-Windows-Security-Kerberos+Microsoft-Windows-User Profiles General+e5ba83f6-07d0-46b1-8bc7-7e669a1d31dc+63b530f8-29c9-4880-a5b4-b8179096e7b8+2f07e2ee-15db-40f1-90ef-9d7ba282188a” -BufferSize 1024 -MinBuffers 64 -MaxBuffers 128 -MaxFile 1024
  6. Using fast user switching, switch users, and login as the problematic user.
    1. Once the login has completed, stop the trace using the following command:
      xperf -stop UserTrace -d merged.etl
  7. Gather the merged.etl trace file for analysis.

Using XBOOTMGR
In some cases, it may not be possible to switch users using fast user switching. In many cases, it may be easier to have the user run XBOOTMGR. This tool, when run, reboots the system and tracks both the startup time and the login time. The analysis ends after a set period of time. Gather an XBOOTMGR analysis by performing the following:

  1. Launch a command line with elevated privileges, and navigate to C:\Program Files\Microsoft Windows Performance Toolkit.
  2. Run the following command:
    1. XBOOTMGR Command: xbootmgr -trace boot -traceflags base+latency+dispatcher -stackwalk profile+cswitch+readythread -notraceflagsinfilename -postbootdelay 120
  3. The system will prompt that it is being rebooted. Allow the reboot to occur.
  4. When the VM is started, have the user connect to the View desktop using the View client.
  5. When the user logs in, XBOOTMGR will present the user with a countdown of 120 seconds. Allow XBOOTMGR to collect data.
  6. Once complete, gather the *.etl trace file for analysis. It may take some time to merge the file.

Analysis
The trace file has been created, and now it is time to analyze the results. The analysis toolset available in the Windows 7 Performance Toolkit is slightly different than what is available in the Windows 8 Performance Toolkit.

Performance Analyzer from Windows 7 Performance Toolkit

Open with Performance Analyzer (From the Windows 7 Performance Toolkit)
Windows Performance Analyzer
The graph below shows the processes occurring during the Winlogon Init process. It is easy to see that VMWVvpsvc is running for approximately two minutes.
Windows Performance Analyzer Screen 1

By right clicking on the graph, one can Overlay Graphs from other categories. This graph shows the Winlogon process, as well as the overlay graphs for Boot Phases and CPU Usage. This can be helpful to see which boot phase the processes are running. Additionally, the CPU graph will show whether the process is running long because it has maxed out the available CPU capacity.
Windows Performance Analyzer Screen 2

These overlays can be tweaked by selecting the CheckPoints box in the top right corner of the graph.

CheckPoints Dialog
Windows Performance Analyzer from Windows 8 Performance Toolkit

Open with Performance Analyzer (From the Windows 8 Performance Toolkit).  The icon is shown below:

Windows8

Windows Screen

When looking at the same trace file as before, the graphs show that VMWVvpsvc was running for over 2 minutes. Moving the user files closer (from a network perspective) to the View desktop will help reduce the login time.

References
http://social.technet.microsoft.com/wiki/contents/articles/10128.tools-for-troubleshooting-slow-boots-and-slow-logons-sbsl.aspx

http://www.liquidwarelabs.com/products/stratusphere-ux


Gourav Bhardwaj is a VMware consulting architect who has created virtualized infrastructure designs across various verticals. He has assisted IT organizations of various Fortune 500 and Fortune 1000 companies, by creating designs and providing implementation oversight. His experience includes system architecture, analysis, solution design and implementation.

Matt Larson is an experienced, independent VMware consultant working in design, implementation and operation of VMware technologies. His interests lie in enterprise architecture related to datacenter and end user computing.

EUC Datacenter Design Series — EVO:RAIL VDI Scalability Reference

By TJ Vatsa with Fred Schimscheimer and Todd Dayton

End User Computing (EUC) has come of age and is continuing to mature by leaps and bounds. Customers are no longer considering virtual desktop infrastructure (VDI) as a tactical project but are looking at EUC holistically as an enterprise solution that accelerates EUC transformation. You can refer to the EUC Design 101 series here (Part 1, Part 2, and Part 3) or a consolidated perspective here (EUC Enterprise Solution). Having collaborated with my fellow colleagues Fred Schimscheimer and Todd Dayton (bios below) during the last few weeks, I intend to share the game changing revolution that VMware’s hyper-converged infrastructure solution is bringing to the EUC domain.

The Challenge
People familiar with VDI are well aware of the fact that a scalable production deployment requires systematic and thorough planning of the infrastructure, namely compute, storage and networking. This can be a daunting task for customers that are either chasing tight deadlines or do not have the available infrastructure or people resources. We have noticed this to be a perpetual challenge for many of our customers across different industry domains including healthcare, financial, insurance services, manufacturing and others.

The Panacea
During the last few years, hyper-converged appliances have been taking the industry by storm. By design these systems follow a modular, building block approach that scales out horizontally and is very quick to deploy. From the EUC infrastructure perspective, it has become necessary to acknowledge the efficiency of hyper-converged appliances. While there are vendors that have hyper-converged infrastructure that runs on VMware’s vSphere hypervisor, VMware’s foray into this domain, EVO:RAIL, was released for general availability during VMworld 2014 in San Francisco in September.

EVO:RAIL has been optimized for VMware’s vSphere and Virtual SAN technology with compute, storage and networking resources in a simple, integrated deployment, configuration, and management solution. EVO:RAIL is the next generation EUC building block for a Software Defined Data Center (SDDC).

Numbers Don’t Lie
During the last few months, our teams have been diligently testing and scaling EVO:RAIL for a variety of use cases such as EUC, Business Continuity and Disaster Recovery (BCDR) and X-in-a-box. The next few paragraphs will focus on our findings for Horizon 6 View desktops scalability.

You may be having lots of questions by now. So let’s take it one by one!

Q: What did the hardware configuration look like?
A: The test bed hardware infrastructure configuration was as follows:

EVO:RAIL Appliance

  • 4 x nodes
  • Each node
    • 2 x Intel E5-2620 @ 2.1 GHz
    • 192GB memory (12 x 16GB)
    • 3 x Hitachi SAS 10K 1.2TB MD
    • 1 x 400GB Intel S3700 SSD

Q: What did the software configuration look like?
A: The test bed View software configuration was as follows:

  • vSphere 5.5 + VSAN
  • Horizon View 6.0 (H6)

Table 1: Horizon 6 Configuration

Horizon 6 Configuration TableNote: vCSA=vCenter Server Appliance

Q: What did the VDI image configuration look like?
A: The test bed image configuration was as follows:

Table 2: Desktop Image Configuration

Desktop Image Configuration Table

Q: What types of View desktops did we test?
A: Horizon View 6, linked clone virtual desktops with floating assignments.

Q: What Horizon 6 configurations did we test?
A: The following configurations were tested using Reference Architecture Workload Code (RAWC):

Table 3: Load Test Configurations

Load Test Configurations

These configurations are pictorially represented in the following schematics:

Management Cluster and Desktop Cluster

 

Figure 1: Configurations #1a/#1b

The figure above represents EVO:RAIL appliances with separate Horizon 6 Management and Desktop clusters.

VDI-in-a-Box

Figure 2: Configuration #2

The figure above represents the EVO:RAIL appliance with both Horizon 6 Management and Desktop clusters in the same appliance. It also illustrates an N+1 configuration to support one node failure within the EVO:RAIL appliance.

Q: What did the results look like?
A: The following results were obtained after the configurations were stress tested using RAWC.

Test Category Results
RAWC Virtual SAN Observer
Config #1a Configuration 1a-RAWC Configuration 1a - VSAN
Config #1b Configuration 1b - RAWC Configuration 1b-VSAN
Config #2 Configuration 2 - RAWC Configuration 2 - VSAN

 

Note: Click the thumbnail images above to drill down into graph details.

Results Summary
The table below summarizes different test configurations and the tested consolidation ratios of numbers of virtual desktops to the EVO:RAIL appliance.

Table 4: Test Configuration Findings

Test Configuration Findings

We hope you will find this information to be useful and motivating. We are looking forward to you bravely adopting and implementing a VDI-in-a-box solution using VMware’s EVO:RAIL hyper-converged appliance in your Software Defined Data Center (SDDC).

Until next time, Go VMware!


Author

TJ VatsaTJ Vatsa is a Principal Architect and CTO Ambassador at VMware, representing the Professional Services organization. TJ has been working at VMware since 2010 and has over 20 years of experience in the IT industry. At VMware, TJ has focused on enterprise architecture and applied his extensive experience to cloud computing, virtual desktop infrastructure, SOA planning and implementation, functional/solution architecture, enterprise data services and technical project management. Catch TJ on Twitter, Facebook or LinkedIn.

Contributors

Fred SchimscheimerFred Schimscheimer has worked at VMware since 2007 and is currently a Staff Engineer in the EUC Office of the CTO. In his role, he helps out with prototyping, validating advanced development projects as well as doing product evaluations for potential acquisitions. He is the architect and author of RAWC – VMware’s first Reference Architecture Workload Simulator.

 

Todd DaytonTodd Dayton joined VMware in 2005 as the first field “Desktop Specialist” working on ACE (precursor to VDI). In his current role as a Principal Systems Engineer and CTO Ambassador, he continues to evangelize End User Computing (EUC) initiatives and opportunities for VMware’s customers.

vCAC 6 Custom Properties, Build Profiles and Property Dictionary Simplified

By Eiad Al-Aqqad

Eiad Al-AqqadThis post originally appeared on Eiad’s Virtualization Team blog.

vCloud Automation Center offers a lot of built-in extensibility features to help you achieve your desired result while minimizing the amount of coding required. Using vCAC custom properties, build profiles, property dictionary is just one example of how you can customize the product, minimize coding, and customize the input form. As property dictionary seems to be the most missed or misunderstood feature of vCAC, followed by build profiles and custom properties, I will try to simplify the explanation of these great features as much as possible. At the end of the article, I will point out more resources for in-depth information on each of these features.

vCAC Custom Properties
Custom properties is the building block for build profiles and property dictionary. VMware documentation defines custom properties as:

“VMware vCloud Automation Center™ custom properties allow you to add attributes of the machines your site provisions, or to override their standard attributes.”

What that means is that vCloud Automation Center utilizes particular variables (custom properties) that contain values that vCAC uses during machine provisioning (such as machine name, machine IP address, port group to use, and so on). vCAC exposes this information as custom properties that you can query or edit to overwrite the default values by a specific value or by a user input. This is a very powerful tool, as you can shape out the request form to ask the user for input (not required by the default request form) and execute upon it without requiring you to do any coding. You can also create your own custom properties to use with your own custom workflows.

Let’s look at a quick example of using vCAC custom properties. The image below shows the default blueprint/VM request form in vCAC:

Default Blueprint Request Form

As you can see, the default VM request form does not ask for a machine hostname or IP address. What if you wanted to allow the user to choose the VM hostname or IP address? You can do that using custom properties, and your request form will look like the screen below:

VCAC Custom Properties

In the above screenshot, I have used the Hostname and VirtualMachine.NetworkN.Address custom properties to allow the user to provide the desired VM hostname and IP address that vCAC will use when creating the VM. I did this by going to Infrastructure ==> Blueprint ==> Properties, then adding the two custom properties as shown in the image below.

VCAC Custom Hostname Property

While the above is using existing vCAC custom properties that vCAC uses when deploying a VM, you can always create your own custom properties to pass to your own workflow or just to track information within the request. For a list of custom properties available in vCAC 6, see: vCloud Automation Center 6 Custom Property Reference.

vCAC Build Profiles
Build profiles is simply a collection of the custom properties under a single title. Imagine if you have 20 different custom properties that you need to include with every Windows blueprint. It would be nice to bundle them all in a build profile then go to these blueprints and assign a single build profile instead of assigning 20 different custom properties to every Windows blueprint. This will save work and provide better consistency. You can create a build profile by going to Infrastructure => Blueprints => Build Profiles => New Build Profile, then add the desired custom properties to that build profile as shown in the image below.

Creating a Build Profile

The next step is to add that build profile to your blueprint as per the image below.

Add Build Profile to Blueprint

vCAC Property Dictionary
I am not sure why property dictionary seems to be the most misunderstood or missed feature of vCAC. It’s quite simple to use and can unleash a lot of power. Allowing users to provide values to custom properties as shown in previous examples is quite useful, but most of the time you want to limit the user choices using drop down menus or check boxes. Property dictionary is all about enabling you to do just that.

vCAC property dictionary lets you define characteristics of custom properties to tailor their display in the user interface. You can customize the property display in the user interface, as in the following examples:

  • Associate a property name with a user control, such as a check box or drop-down menu.
  • Specify constraints such as minimum and maximum values or validation against a regular expression.
  • Provide descriptive display names for properties or add label text.
  • Group sets of property controls together and specify the order in which they appear.
  • Create a relationship between different controls, where for example a location drop down menu can update the storage and network drop down menus to show only values that is valid for that location.

To see how useful property dictionaries can be, let’s take an example where we want to create the drop down menus as illustrated in the below diagram:

Drop Down Menu Sample

The goal of this exercise is to create three drop down menus that will ask the user for location, storage path, and network path to use. Let’s ignore the relationship between the different drop down menus for now and try to focus on just creating these drop down menus. To create the property dictionary required to create these drop down menus, go to: Infrastructure => Blueprints => Property Dictionary.

For each drop down menu you want to create, repeat the steps below. In this example I will create the location drop down menu:

  1. Click New Property Definition, then fill the information as shown in the below screenshot. Please note the name must match the custom property name you want to use.

Location Property Definition

  1. Click the green check mark to save your property definition.
  2. Under Property Attributes, click Edit.
  3. Click New Property Attributes, and then fill in the Property Attributes as shown in the image below.

Property Attribute Drop Down

  1. Repeat the above steps for storage and network as shown in the images below.

Property Definitions

Network Property

Storage Property Attribute

  1. Now that you have all the required property definitions and property attributes created, let’s create a property layout, which is a way of organizing how these drop-down boxes will be ordered when shown to the user. I wanted the drop boxes to be ordered as follows: Location, Storage, Network. To do this, I had to click New Property Layout and fill the information as shown in the below screenshot:

New Property Dictionary Layout

  1. Under Property Layout > Property Instances, click Edit, and organize your property instances as shown in the image below.

Organize Property Instances

  1. Let’s create a build profile that includes all the custom properties involved in our property dictionary example as shown in the image below.

Build Profile Property Dictionary Sample

  1. Now all you are left with is adding this build profile to your blueprint as shown below.

15vcac-adding-property-dictionary-build-profile-to-blueprint-470x232

  1. Now let’s check how the input of our blueprint looks:

16 vCAC-Property-Dictionary-in-action-470x324

Notice in the above example, the three drop-down menus that were created for location, storage, and network are operating independently. There is no relationship between them. In other words, choosing a particular location does not filter which options you have for storage or network. The capability of doing such filtering is part of the property dictionary relationship, which I cover in the following two posts:


Eiad Al-Aqqad is a consulting architect within the SDDC Professional Services practice. He has been an active consultant using VMware technologies since 2006. He is a VMware Certified Design Expert (VCDX#89), as well as an expert in VMware vCloud, vSphere, and SRM. Read more from Eiad at his blog, Virtualization Team, and follow him on Twitter @VirtualizationT.

Look Mom, No Mouse! (Automating the Management of the Management Portal)

By Andrea Siviero, VMware Senior Solutions Architect

Andrea Siviero

The concept of a Software-Defined Data Center (SDDC) has impressed me since the first time I deployed it.

vRealize Automation’s purpose-built infrastructure and application service delivery capabilities combined with its Advanced Service Designer and library of vCenter Orchestrator plugins and workflows make automating almost anything as a service relatively easy.

During my work consulting for enterprise-level customers, I’m frequently exposed to new challenges. One customer engagement inspired my fantasy: how to automate the management of the management portal. This looks like a tongue-twister joke, but actually is an interesting question.

 

SDDC Service Catalog

As soon as you start exploring this sweet idea you find yourself with a REST client opened to interact with your SDDC using APIs, and you can do almost anything!

REST Client

However, there is some downside to this approach, which I would like to simplify with a simple phrase: IT Admins don’t “naturally” talk API. :-)

Not long ago, I was sitting in a VMware CTO Ambassador session, and suddenly a bright light appeared in front of my eyes: The CloudClient.

Cloud Client

CloudClient is a plugin based architecture with a “command line interface” for traditional provisioning and day two operation support, eliminating the challenges of dealing with SSO / CAFE API and no need to speak JSON (unless you want to).

Providing higher-level “verbs” instead of dealing with myriad of JSON / URIs, makes my job supporting customers a little easier and allows a centralized point to talk not only with vRealize Automation but with the other SDDC components like vCenter Orchestrator/Site Recovery Manager and Application Director.

Moreover, CloudClient provides a Java SDK so it can be easily integrated within a third-party solution, without slowing down the SDDC adoption in the stellar complexity of an enterprise customer.

For instance, you can browse catalog items like in the picture below and request them by simply saying “vcac catalog list.” More interestingly, with the admin account, you can create a new tenant — and adding items to the catalog as easy as chatting with your SDDC.

Cloud Client Catalog View

Before you get too excited about it, bear in mind that at this stage CloudClient is a Limited Availability Feature Pack which is only currently available through VMware’s Professional Services organization to clients under specific conditions.

A Fool With a Tool is Still a Fool

Getting a tool for doing a project is the beginning, not the end, of your journey. Any time a discussion goes toward tools, any tools really, it’s a good idea to challenge the tool itself.

What I mean is that solutions, not tools, help you achieve your business needs,. It’s important to have the right team in place to develop solutions, which will ensure you implement the right tools for your needs.


Andrea Siviero is an eight-year veteran of VMware and a senior solutions architect member of Professional Services Engineering (PSE) for the Software-Defined Datacenter (SDDC), a part of the Global Technical Solutions (GTS) team. Prior to PSE, Andrea spent three years as pre-sales system engineer and three years as a post-sales consultant architect for cloud computing and desktop virtualization solutions focusing on very large and complex deployments, especially for service providers in the finance and telco sectors. 

How-to: Create a vCOPS for View At-A-Glance High-Level VDI Dashboard

By Anand Vaneswaran

Anand VaneswaranVDI environments are complex because there are so many moving parts. As a result, there is a real need for architects, admins, managers, or operations professionals to see a high-level breakdown of the most important stats—stats that are especially important when we receive that escalated phone call about an issue that could potentially affect a large number of users.

In this first post of a three-part blog series, I’ll provide details about a high-level VDI custom dashboard in vCenter Operations Manager for View that was renamed vCenter Operations Manager for Horizon when Horizon 6.0 was released. (I’ll also assume you’re all well versed in VDI.)

To start, some of the stats or information I deeply care about in my test environment are as follows:

Download

Download the Step-by-Step

  1. Viewing the number of tunneled connections that are coming in through my security servers.
  2. Viewing the overall health of my connection servers.
  3. Keeping tabs on the resources (CPU, RAM, Disk) of my most critical VDI servers (Connection and security servers, vCenter server, View Composer, etc.).
  4. Monitoring resources (CPU and RAM) on my ESXi hosts running VDI workloads. (I will go one step further and break it down into hosts for my full clone pools, and linked clone pools.)
  5. Finally, looking at my LUNs and keep tabs on a number of metrics, but most importantly VM-to-LUN densities.

When compiled together, the information listed above comprises the end-state dashboard I want to achieve. The dashboard will have two generic scoreboard widgets on either side to depict the number of user connections through my security servers and the workload percentage of my connection servers. In addition, two Health-Workload scoreboard widgets on either side will depict the health of security and connection servers. The scoreboard is set up so that when you click a particular object in the Generic Scoreboard widget, the scoreboard is automatically populated with the health of that relevant object.

Finally, I want four Heat Map widgets: one to provide information about critical server resources, two to give me updates on ESXi host resources, and one to give me details about VM-to-LUN densities. I chose to populate my dashboard with an assortment of these built-in Generic Scoreboard, Health-Workload, and Heat Map widgets because I find that these types of widgets provide the most efficient means of graphically conveying the state of an environment, in essence, a point-in-time snapshot of your environment at any given time.

Now, if you’re ready to build, get detailed, step-by-step instructions for creating the dashboard.


Anand Vaneswaran is a senior technology consultant with the End User Computing group at VMware. He is an expert in VMware Horizon (with View), VMware ThinApp, VMware vCenter Operations Manager, VMware vCenter Operations Manager for Horizon, and VMware Horizon Workspace. Outside of technology, his hobbies include filmmaking, sports, and traveling.

How-to: Find Composer Certificate in VMware Horizon View Administrator

By Gourav Bhardwaj with Matt Larson

GouravMatt LarsonWhile performing a Health Check on a customer’s VMware View 5.2 environment, one item that came up was to verify that the SSL certificate was configured appropriately. VMware recommends the replacement of self-signed certificates with certificates that are signed by a Certificate Authority.

When entering a new environment, or performing a health check, the most well-known approach to determining the certificate used by View Composer is using the sviconfig command referenced here, which is also used to replace the certificate.  During the replacement process, the existing certificate will be listed.  That being said, running this command requires stopping the Composer service. If there are any Composer downtime constraints; the following alternate process can be used to determine the current certificate.

In VMware Horizon View Administrator, you can determine whether the certificate is signed by a well-known certificate authority.  In the case below, the certificate is self-signed.

Composer1Block

Looking at the Certificates Management Console, multiple certificates are listed, but how do you know which one is in use?

Screen shot

To find which certificate is in use, check the registry to see the thumbprint of the certificate bound to the port used by Composer.  Find this by navigating to \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo\0.0.0.0:18443 key in the registry, and noting the SslCertHash.

Screen Shot

Match the hash listed in the registry to the hash listed on one of the certificates listed in the Certificates Management Console.  The match is the certificate currently used by Composer.

Composer_4

As seen in the console, this certificate is the self-signed certificate that was created during the Composer installation process.  It is also expired.  To change the certificate, follow the article listed earlier in reference to sviconfig.

Stay tuned for more posts about evaluating the health of the virtual desktop environment.


Gourav Bhardwaj is a VMware consulting architect who has created virtualized infrastructure designs across various verticals. He has assisted IT organizations of various Fortune 500 and Fortune 1000 companies, by creating designs and providing implementation oversight. His experience includes system architecture, analysis, solution design and implementation.

Matt Larson is an experienced, independent VMware consultant working in design, implementation and operation of VMware technologies. His interests lie in enterprise architecture related to datacenter and end user computing.

Running Microsoft SharePoint FAST Search on vSphere

By Girish Manmadkar

Girish-ManmadkarI recently worked with an enterprise customer to resolve end user reports of performance issues related to Microsoft SharePoint 2010 and FAST Search deployed on vSphere 5.1. The end users were reporting problems with initial page response and file upload and download. The customer requested architecture guidance, including a performance health check across the entire infrastructure stacks. The result of this engagement is the following architectural guidance, designed to help customers with similar deployments achieve maximum performance for Microsoft FAST Search on the VMware platform.

Specifics
The customer deployed the SharePoint FAST Search Farm with the following key components:

Software Resources

  • VMware vSphere 5.1 Update 2
  • Windows 2008 R2
  • SharePoint 2010
  • Microsoft SQL server 2008 protected with MSCS in 3 node cluster

Hardware (Virtual) Resources

Role

RAM

Local Disk

#CPU

NIC

Total VMs

Total #CPU

Total Mem (GB)

SQL
2012 Cluster Node A, B & C

32

C: 80
GB

4

2

3

 

 

E: 100
GB

12

96

WebFront End
Server

8

C: 80
GB

2

2

5

 

 

E: 50
GB

10

40

Application
Server

16

C: 80
GB

4

2

4

 

 

E: 50 GB

16

64

Services
Application Servers

16

C: 80
GB

4

2

2

 

 

E: 50
GB

8

32

Fast
Administration Server

16

C: 80
GB

4

2

1

 

 

E: 50
GB

4

16

Query
Indexer

16

C: 80
GB

4

2

5

 

 

E: 50
GB

20

80

Allocated Total Memory = 328 Gig
Allocated Total vCPU = 70

Sample FAST Servers Architecture

Discovery
During discussions and white board sessions with the customer, we encountered following issues with the deployment:

  • Storage
    • The virtual machines running query and index services were sharing the LUN and the data stores.
    • Thin provisioning was being deployed at the vSphere and EMC storage array layer.
    • The RDMs used for the SQL server MSCS environment were configured with incorrect (MRU/fixed) multi-pathing options.
  • Virtual machines had no lock pages for SQL and no memory reservations.
  • Various SQL server databases were being deployed as shared SQL instances for the entire FAST Search environment.
  • The networking configurations were set incorrectly for certain SCSI adapters.
  • Typical traffic within the guest operating systems, VMotion, and backup were not channeled properly.
  • There were no anti-affinity rules in place for the application servers within the vSphere farm.
  • The CPU subscriptions across the overall farm seemed unbalanced.

Approach/Recommendations
Throughout a series of discussions we learned more about the architecture and identified the following steps to improve performance:

  1. Reconfigure multi-pathing per EMC’s recommendations for vSphere5.1 to round robin. (This change showed immediate performance improvement.)
  2. Enable memory reservations with “Lock Pages in Memory” for SQL workloads.
  3. For a write-intensive application like FAST Search, use four (4) vSCSI controllers to separate volumes for operating systems, binaries, data, LOG and TEMPDB disks with window full format option to avoid additional write penalty.
  4. Absolutely avoid CPU over commitment in the production environment.
  5. Adopt best practices on vSphere to separate various networking traffic, including dedicated backup, which in this case was previously sharing VM traffic.

Conclusion
For any business-critical application to run with optimum performance, you must put performance ahead of consolidation and avoid over commitment of CPU and memory. Once you implement these principals for the production environment, any performance issues for business-critical applications on vSphere will be alleviated.


Girish Manmadkar is a veteran VMware SAP Virtualization Architect with extensive knowledge and hands-on experience with various SAP and VMware products, including various databases. He focuses on SAP migrations, architecture designs, and implementation, including disaster recovery.

Success Factors for Deploying EUC

By Ken Copas

Ken Copas

Building out an end-user computing (EUC) environment right means the infrastructure is nearly invisible to end users. But as with anything that appears easy and elegant on its surface, there are quite a few complexities underneath the hood.

While there are many factors to consider, here are a few questions to ask before building out your EUC environment.

Is the Tail Wagging the Dog?

This scenario happens very frequently: The supporting infrastructure is purchased and implemented before a plan and design is performed to determine the appropriate hardware requirements. Best practice is to understand what you’re trying to accomplish from a business perspective first, architect the required supporting infrastructure and design the blueprint with professional services, and then purchase and implement the gear.

Take that same concept and apply it to a proof-of-concept (POC) environment, whether it’s the full Horizon Suite or individual View, Workspace (our unified application publishing platform), or Mirage (our physical and virtual image management solution) components. While it can be fast and easy to install and set up a working POC of these VMware products, this temporary environment is only for the purpose of “kicking the tires.” These POC environments should never be exposed to production users and expected to perform and scale appropriately in a production environment. To use VMware products correctly, again there needs to be a plan and design in place, which requires a great deal of up-front assessment, current environment analysis, and due diligence around your business use cases.

You’ll need absolute subject matter expertise to determine what storage to use (by the way, getting storage right is a key success factor), what’s the aggregate I/O throughput, CPU and memory requirements–all of these decisions play a huge part in how the production environment will perform and scale.

Why Not Pick and Choose?

Here’s a good one: what would happen if you only deployed VDI with Horizon View (our virtual desktop solution) without Horizon Workspace or Mirage?

While in addition to your standard production VDI environment, you would have the capability to run full desktop OS images on a variety of mobile devices such as laptops, tablets or even smartphones, users will most likely encounter issues with screen real estate and experience interface frustrations with mouse and keyboard options.

As I’m sure you are aware, the desktop OS itself can require significant compute, memory, and disk resources that can cause performance issues when using VDI on mobile devices. There are many other factors that can cause performance degradation as well. Adding Horizon Workspace to your EUC environment may give you access to applications in an environment that’s native to your device with improved response time and it can provide an overall better user experience.

How you address questions like these will have a profound impact on user satisfaction with your EUC environment, which at the end of the day is ultimately the key measure of success. So again, be sure to allow the time and attention required for proper plan and design.

What’s your Roadmap?

This is a great question. VMware has a unique holistic view of this space, as well as a comprehensive roadmap, which I have yet to see from any other company. The completeness of vision, in my mind, is huge for customers to consider as they think through potential EUC solutions.

Even if you don’t go with VMware, you need to understand where your vendors are taking you. How does their roadmap address your needs? Look at where that vendor is going to be in two to three years and make sure you fully understand how that company will help you get where you want to go.

Who are your people?

One last piece of the equation is something you shouldn’t take for granted: talent. Standing up an EUC solution incorrectly can mean longer project timetables, missed deadlines, frustrated users, and business disruption. This technology has its own set of potential pitfalls and nuances. Make sure you have genuine subject matter expertise in place, whether in-house or professional services sourced from your trusted advisors.


Ken Copas currently serves as a practice manager for End User Computing Professional Services at VMware. Prior to joining VMware, Ken’s corporate experience includes serving as the practice director of cloud computing and IT services management for GlassHouse Technologies, as a business development executive for IBM and as an IT executive for NetJets, Inc. Ken holds a degree in Computer & Information Science from the College of Engineering at The Ohio State University, as well as a Master’s in Business Administration from the Fisher College of Business at The Ohio State University.

End User Computing 101: Tying It Together with Mobility, BYOD, and Proper Methodology

By TJ Vatsa, Principal Architect, VMware Professional Services

TJ Vatsa

In the first two posts in this End User Computing (EUC) series (End User Computing 101 and Tips for Successful Deployments and End User Computing 101: Network and Security) I delved into EUC infrastructure, server power, network and security, devices, and appliances. Today, I’ll wrap up this three-post series by covering mobility and BYOD, application and image management, and touch on EUC project scenario and methodology.

First, let’s take a closer look at the mobility and Bring-Your-Own-Device (BYOD) space. If this is not well planned, deploying a mobility and BYOD policy (and the infrastructure to handle the influx of personal devices) can be a harrowing journey. With users today demanding anytime, anywhere access to business productivity applications, mobile devices, and data on personal devices, not having a policy in place can be even more detrimental.

Enterprise Mobility Management Platform

Components and framework to consider for managing mobility at the enterprise level

(For additional design considerations and tips for establishing a secure, manageable, and scalable enterprise Mobility & BYOD policy, read How to Set Up a BYOD/Mobility Policy.)

Applications and Image Management

These days, it’s not enough for users to have access inside the four walls of an office building. Users need anytime and anywhere access to their applications and associated data. While this may sound like a business and mobility use case, IT directors and managers need to analyze this requirement from the perspective of a unified application launch-pad a.k.a. a follow-me virtual workspace. This can mean virtualized applications, Software-as-a-Service (SaaS) applications, application publishing, web pages, virtual desktops, RDSH (Remote Desktop Session Host) desktops, to name a few.

Applications

When you look from the perspective of applications and data entitlement and policy management, it’s important to have a single source of truth—essentially, a repository for enterprise policy. This repository should not only facilitate one-stop-shop for policy definition, entitlement, and management, but also for operational excellence and auditing. VMware’s Workspace Portal provides these capabilities and a lot more.

Image Management

For desktop operational excellence in terms of swift provisioning, efficient management and centralized security, using VMware’s Horizon View means you won’t have to deal with “application and desktop image sprawl.”

As such, whether you use VMware or not, it’s imperative for enterprises to deploy a platform that provides centralized image management, image recovery, integrated PC break-fix and troubleshooting, and automated OS migration (to name a few).

It’s important to use desktop image management, not only for physical, but for virtual desktops as well. (VMware’s Horizon Mirage is one option to help make this happen.)

Weaving it together: EUC Project Methodology

Now that we’ve covered key EUC details, bringing it together with VMware’s Professional Services (PS) organization and our approved partner network is the best route to an agile methodology. It’s important that the methodology takes business and IT initiatives into consideration and turns them into successful business outcomes. This approach is composed of multiple iterative sequences.

Project Methodology

Each iteration focuses on requirements and vision, analysis, design, inventory details of implementations, and operational excellence. This approach not only enables early feedback, risk mitigation, and effective progress management, it also enables effective scope management and the perpetual enforcement of IT governance.

This iterative process begins with an analysis and assessment initiative that helps define the baseline by categorizing and prioritizing business and technical requirements. These requirements become part of detailed use cases that may also have business specific pre- and post-execution contingencies.

The use cases are then abstracted into a logical enterprise architecture design that is mapped to the available physical infrastructure. Once the physical design is ready, the pilot/blueprint implementation is initiated. This ensures compliance with business outcomes as defined by business sponsors. Upon successful user acceptance testing (UAT), VMware’s PS organization and partners test blueprints that are then rolled into the production environment with accompanying knowledge transfer (KT) sessions and role-based user training.

TJEUC img 8

 

By conforming to proper EUC infrastructure considerations, creating appropriate mobility and BYOD policies, adhering to best application and image management practices, and using a typical EUC project scenario that follows VMware’s iterative architecture methodology, you will set yourself up for success and effectively transform EUC and mobility initiatives within your organizations.


TJ has worked at VMware for the past four years, with over 20 years of experience in the IT industry. During this time he has focused on enterprise architecture and applied his extensive experience in professional services and R&D to cloud computing, VDI infrastructure, SOA architecture planning and implementation, functional/solution architecture, enterprise data services and technical project management. TJ holds a Bachelor of Engineering (BE) degree in Electronics and Communications from Delhi University, India and has attained industry and professional certifications in enterprise architecture and technology platforms. He has also been a speaker and a panelist at industry conferences such as VMworld, VMware’s PEX (Partner Exchange) and BEAworld. He is an avid blogger who likes to write on real-life application of technology that drives successful business outcomes.