Home > Blogs > VMware vSphere Blog

VMware Experts Database Workshop – Oracle Edition – April 2016

The most recent edition of the VMware Experts Database Workshop completed last week in Palo Alto. This event was focused on Oracle as the Cloud Platform Business Unit and VMware Execs partnered with Pure Storage to host 11 prominent and specially selected Oracle technology technical experts for a “Dawn to Midnight Oracle on vSphere” experience. Each of the invited individuals works with the Independent Oracle Users Group (IOUG) and the VMware Special Interest Group (VMware SIG) of that organization. The workshop program is a precursor to inclusion in the various BCA oriented advisory groups and the respective NDA internal/external email lists that constitute signature components of the program. After over 20 presentations and open discussions, customized labs and various extracurricular activities including a night at AT&T Park the group departed Palo Alto with a true sense of the level of the total commitment that VMware has towards all Business Critical Applications and Databases running on vSphere. Wednesday was a particularly memorable day and will forever be known as the “Wednesday of the Titans” as it began with a presentation on “Oracle on vSphere Licensing” from the worlds foremost expert on the subject, David Welch from House of Brick. Dave’s presentation was followed by an amazing open discussion led by VMware CEO Pat Gelsinger and finally the game at AT&T park featured Madison Bumgarner facing Zach Grienke on opposing mounds.

VMware SIG website
VMware SIG Handle
Mike Corey = @michael_corey
Mike Corey Website

VMWorld 2016 Preview – The Software-Defined Data Center – Mission Critical Applications & Databases

Continuing on the theme of making the VMware Software-Defined Data Center real, here is a preview of my abstracts for VMWorld 2016 submitted along with our partners Hitachi Data Systems and NetApp. One session will feature SAP HANA with the Dynamic Tiering option and the other session will feature Oracle 12c with the in-memory option. Both these sessions will showcase full stack SDDC architectures; NSX, vRealize Operations, vROPs Management Packs, and software-defined storage (virtual volumes). For the Oracle session NetApp will be a co-presenter and for the SAP HANA session Hitachi Data Systems will be the co-presenter. Get ready because VMWorld voting opens May 3rd – 24th

Title: The SDDC Stack Day 2 Operations: Oracle 12c RAC Business Intelligence In-Memory Option, SUSE Enterprise Linux, VMware NSX, vRealize Operations – Blue Medora Management Packs, Virtual Volumes on NetApp All Flash Array – AFF8060

Abstract: This session will focus on the Day 2 operations of a fully virtualized Oracle RAC 12c Business Intelligence stack using the in-memory option at multi-terabyte scales, up to 4TB, running SUSE Linux Enterprise Edition 11 on standard Intel x86 servers. The virtualized infrastructure will incorporate several major tenants of the Software-Defined Data Center, compute, network, storage, and operations. We will be deploying VMware NSX, highlighting micro-segmentation techniques by adhering to the network guidelines in the Oracle Enterprise Deployment Reference Topology. The software defined storage will be configured using vSphere 6.0 virtual volumes on a NetApp AFF8060 Flash Array. Day 2 Operational data will be captured and analyzed in VMware vRealize Operations Management and the Blue Medora NetApp vROPs storage management pack and Oracle OEM Adapter.

Title: The SDDC: Full Stack on vSphere SAP Business Warehouse Powered By HANA, NSX, vRealize Operations with Blue Medora Management Packs, SDS – Virtual Volumes on Hitachi Unified Compute Platform and SUSE Linux Enterprise Server.

Abstract: This Software-Defined Data Center is no longer a concept, it is reality. In this session we fully virtualize an industry leading mission critical application and database; SAP Business Warehouse Powered By HANA with the Dynamic Tiering Option running SUSE Linux Enterprise Server for SAP Applications on Intel x86 servers. We will go beyond the use of vSphere to virtualize compute and extend this reference architecture to cover virtual networks and software-defined storage. We will cover the rationale and specific use case behind VMware NSX micro-segmentations for mission critical architectures. We will define and create software-defined storage via VMware Virtual Volumes, using The Hitachi Unified Compute Platform. In addition we will show the value of vRealize Opeations in conjunction with the Blue Medora SAP HANA Management Pack plug-in for vROPs when managing mission critical workloads.

6 Nifty And Versatile Tools To Get You Started With VMware Virtual SAN

I was so excited to see that the Hands-On-Labs (HOL) had finally been updated to Virtual SAN 6.2 that it prompted this blog. I just couldn’t stop at HOL! The VMware storage & availability team offers many other nifty tools to get you started with VMware Virtual SAN. If you haven’t yet, check out these 6 tools to get you on the path to hyper-convergence.

1] Virtual SAN Product Walkthrough

This is a simple and easy way to get your feet wet. This series highlights features and benefits of Virtual SAN 6.1 including how to enable Virtual SAN, how to create and assign a storage policy and Virtual SAN’s resiliency to host failures. A major plus is that the interface is very simple to use and navigate.

2] Virtual SAN Hands-On-Labs (HOL)now updated to Virtual SAN 6.2

HOL-LOGOHands-on Labs are the fastest and easiest way to test-drive the full technical capabilities of Virtual SAN. These evaluations are free, up and running on your browser in minutes, and require no installation. We’re excited that the HOL has been updated to Virtual SAN 6.2. This lab contains new features including erasure coding (RAID-5/6), checksum, sparse swap and dedupe/compression. You can also see the new health check views, performance metric views and capacity views.

Also included is a workflow that will guide you through configuring Virtual SAN stretched cluster and remote-office/branch-office (ROBO) implementations, and how these features work with HA to restart VMs in the event of a failure.

Continue reading

vSphere HTML5 Web Client Fling v1.2 (h5client) – Moving away from Client Integration Plugin (CIP)

Today we’re pleased to announce our second full update to the h5client fling.  Once again, in case you missed it, this blog post helps introduce how to install the first version of the fling (These instructions should all still apply if you’re installing from scratch): http://blogs.vmware.com/vsphere/2016/03/vsphere-html5-web-client-fling-getting-started.html

Update instructions are available at the fling page (Instruction’s tab): https://labs.vmware.com/flings/vsphere-html5-web-client


You can read more detailed notes about version 1.2 on the Fling page, but this week we want to highlight something very different: Avoiding dependency on the Client Integration Plugin (CIP).  One of the new features this week is the ability to browse Datastores, and download a file.  In the vSphere 6.0 Web Client, doing so required the installation and running of CIP, which has had its own problems, separate from the Flash runtime.  File download has been implemented within the h5client without any external plugin dependency.

File download is only one of the features that requires CIP, so we still have a ways to go in order to remove all the dependencies on CIP, but we’re making this a strong goal.  We are definitely interested to hear your feedback about this direction, and if you can preface your Feedback tool submissions with “CIP:” that would be very helpful too.

Separately, we’re also incredibly interested in learning more about your deployments.  Please take 5 minutes to fill out this survey:


Of highest interest is learning more anyone that has deployed into Production in a large environment.  Please include your email address in the survey so that we can contact you for further feedback.

New features in v1.2:

  • Browse files in a Datastore ([Datastore] -> Manage -> Files)
  • Download a file from a Datastore
  • URL redirects: your old bookmarked URLs now work, simplifying adoption of h5client.  Examples (base URL only)

https://<h5client ip or domain name>/vsphere-client

https://<h5client ip or domain name>:9443/vsphere-client

Will now automatically redirect to the h5client standard:

https://<ip or domain name>:9443/ui

The port redirection requires running the “firewall.sh” script, which is step 5 in the updated fling Instructions

Interested in announcements and providing more feedback to VMware on this project?  Sign up for our mailing list here: http://goo.gl/forms/IqGJ5twYHf

Dennis Lu & Vishwa Srikaanth

Product Managers, vSphere Web Client


Supported vSphere vCenter and ESXi Ciphers

Hi everyone,

One question that comes up regularly is “What ciphers are supported on vCenter and ESXi?”. I’m happy to share that we have published a VMware Knowledge Base article outlining the supported ciphers!

With all of the challenges around SSL/TLS the past year or two, having a solid idea of what ciphers are being used is becoming critical information that is necessary for IT and security teams to do their jobs.

Rather than list the ciphers here, I’ll just point you at the KB as it will be the central repository for this information and will be updated as necessary.

Please note that on some products like VCSA you’ll find more than one OpenSSL binary. For example, the VCSA will ship with a default OpenSSL binary from SUSE, the OS provider and from VMware. VMware uses OpenSSL we develop and ship and not the OS binaries. When this list was created it was done using the VMware binaries. This is helpful to understand in case your scanning tools only check against the OS binaries and report a false positive.

If you have questions, please respond directly to the KB using the provided feedback mechanism at the end of the KB article.

Thanks for reading!

If you liked these posts, please let me know! If you have comments, please reply here, to @vspheresecurity or @mikefoley on Twitter or via email to mfoley@VMware.com or mike@yelof.com

Top Ten things to consider when moving Business Critical Applications (BCA) to the Cloud (Part 3 of 3)

In the first part we looked at public, private and Hybrid Cloud and their characteristics. In this part we will look at the common characteristics of business critical applications. In the second part , we looked at how some of these characteristics relate to the different types of Cloud infrastructure. In this final part we will look at he lifecycle of a business critical application in the cloud and the conclusion. Continue reading

Reducing Data Center Downtime

In Benchmark Study tests (2014), vSphere® with Operations ManagementTM users experienced 30% more uptime on tier 1 applications than users of standalone vSphere1.

Extending their vSphere virtualized environment to include vSphere with Operations Management is the easiest and most direct way for data center managers to deliver high application availability with minimum downtime.

Continue reading

Platform Services Controller Topology Decision Tree

There have been several common themes recently when we’ve been talking to Customers, Partners, and our colleagues within VMware. One of those themes is that there has been quite an uptick in Customers planning their move to vSphere 6. A side effect of this is that there have been a deluge of discussions and questions around the Platform Services Controller. One of the many areas where we’re trying to do better at providing prescriptive information is with helping Customers design their vSphere 6 environment including the PSC.

Introducing the Platform Services Controller Topology Decision Tree

Continue reading

vSphere HTML5 Web Client Fling v1.1 – h5client Continuous Improvement

Today we’re pleased to announce our first full update to the h5client fling.  In case you missed it, this blog post helps introduce how to install the first version of the fling (These instructions should all still apply if you’re installing from scratch): http://blogs.vmware.com/vsphere/2016/03/vsphere-html5-web-client-fling-getting-started.html

You can read more detailed notes about version 1.1 on the Fling page Change Log, but in this space we’d like to highlight one particular thing: Our focus on continuous improvements for h5client.  Releasing as a Fling gives us the opportunity to take user feedback faster, but a very important component of this tight cycle is making it easy for you to stay current.

Making an OVA deployment was the first step.  The second step is to provide the in-place upgrade flow that you’ll now find on the Fling’s Instructions page (https://labs.vmware.com/flings/vsphere-html5-web-client).  Some of you have already tested this flow, and we thank you for your help!  

Please sign up for our mailing list if you’re interested http://goo.gl/forms/IqGJ5twYHf

We will make further improvements to the upgrade flow (upgrade notifications in the UI, easily upgrade from the UI, etc), so this is only the beginning.  The biggest thing we need is your help in sticking with the mindset of always staying current with the h5client.

We’d also love to hear about how you’ve deployed the h5client.  We have heard of at least one very large customer that has deployed the Fling directly into their Production environment.  We’d like to hear more stories like this, so please take 5 minutes to fill out this survey: http://goo.gl/forms/wmOvmLVwV4

New features in v1.1:

  • Add Devices (CD/DVD Drive, Network Adapter, Hard Disk)
  • Migrate to cluster (and set migration priority)
  • Add new cluster (basic)
  • Bug fixes
  • Minor improvements to existing flows

Stay tuned to this space for more news about h5client.  You won’t want to miss our next update.

Dennis Lu & Vishwa Srikaanth

Product Managers, vSphere Web Client

vSphere 6.0 Update 2 – What’s New

VMware just recently released Update 2 for vSphere 6.0. Update 2 is full of new features and bug fixes for both ESXi and vCenter Server. For a complete list of features and bug fixes make sure to review the release notes for ESXi and vCenter Server. There are few features that stood out to me in this update. The Embedded Host Client is now integrated into ESXi and fully supported as of Update 2. VSAN 6.2 is feature rich with everything but the kitchen sink in this release. Two factor authentication support for the vSphere Web Client is now available in the PSC UI. Here’s a breakdown of what’s new in vSphere 6.0 Update 2.​


VMware Embedded Host Client (EHC)

The Embedded Host Client (EHC) started out as a fling and now is a supported product in vSphere 6.0 Update 2. The EHC is now installed as part of ESXi 6.0U2 and provides the ability to manage any ESXi host using a web browser. After a host is installed with or upgraded to 6.0 U2, open a web browser and enter https://<FQDN or IP of host>/ui.  More information on the Embedded Host Client can be found by reviewing the release notes.

vSphere 6.0 Update 2 - What's New ESXi EHC

Virtual SAN 6.2 (VSAN)

Note: VSAN is a separate product and is licensed separately

If you thought this update couldn’t get any bigger, think again. Virtual SAN 6.2 is here and Jam-packed with new features. This release of VSAN now supports compression and deduplication. When enabled on a disk group redundant copies of data are reduced to single copy. There’re also new services related to performance, space savings and health of the cluster.  The Health service monitors the VSAN cluster for issues and provides diagnostics. Performance service collects and analyzes performance statistics.  Performance service starts at the cluster down the to the disk level. You want space savings reports, that’s included. Space reporting displays information of used and free space with a detailed breakdown. These are just a few of the new features in Virtual SAN 6.2. For more information check out the Virtual Blocks blog.

vSphere APIs for I/O filtering (VAIO) Enhancement

vSphere 6.0 Update 2 also includes updates to vSphere APIs for I/O filtering (VAIO). If you are not familiar with VAIO I highly recommend you read the following blog post by Ken Werneburg.

  • VASA provider in a pure IPv6 environment
  • VMIOF 1.0 and 1.1

High Ethernet Link Speed

ESXi hosts can now support 25G and 50G ethernet speeds.

vCenter Server

Two-factor authentication for vSphere Web client

vCenter Single Sign On allows authentication to the vSphere Web Client via username and password. vSphere 6.0 Update 2 introduces two-factor authentication supporting RSA SecurID and Smart card.  RSA SecurID is configured using the SSO-Config utility. It also requires RSA Authentication Manager in your environment. Once setup, login to the vSphere Web Client with your username and RSA passcode.  Mike Foley has an excellent two part blog post walking through RSA SecurID setup.

Smart card authentication as mentioned above is also supported. Many large enterprises and government agencies use smart cards to meet security regulations. Smart Cards such as Common Access Card (CAC) are used at a machines with a smart card reader. Smart Card Authentication can be configured from the Platform Services Controller UI or using SSO-Config utility. Stay tuned as Mike Foley will be discussing Smart card authentication in a future post.

vSphere 6.0 Update 2 - What's New Smart Card

In addition to two factor authentication, the vSphere Web Client now supports the ability to add a login banner.  The Login Banner can be configured from the Platform Services Controller UI by adding a title and message.

vSphere 6.0 Update 2 - What's New Login Banner

An added layer of consent ensures the user can not login without acknowledging the Login Banner.

vSphere 6.0 Update 2 - What's New Login Banner Consent

vCenter Server Appliance update status might be stuck at 70 percent

vSphere 6.0 Update 1b had a bug when using the virtual appliance management interface (VAMI) to update. The UI would hang at 70 percent, although the update had completed. The only way to verify the status of the upgrade was by checking the update log – /var/log/vmware/applmgmt/software-packages.log. This bug has been fixed in vSphere 6.0 Update 2 displaying 100 percent in the VAMI when the update is complete.

Support to change vSphere ESX Agent Manger Logging Level

vSphere Web Client support for Windows 10 operating system

vCenter Server now supports the following external databases

  • Microsoft SQL Server 2012 Service Pack 3
  • Microsoft SQL Server 2014 Service Pack 1

vCenter Server now supports multiple embedded to multiple PSC migrations in a single SSO domain

vSphere 6.0 Update 1 introduced the ability to reconfigure and repoint using CMSSO-UTIL. This is handy when going from a vCenter with an embedded PSC to an external PSC deployment in the same SSO domain. vSphere 6.0 Update 1 would not allow having two external PSCs and trying to repoint. The result was the following error:

vSphere 6.0 Update 2 - What's New ESXi EHC Repoint Error

vSphere 6.0 U2 now allows having multiple external PSCs with the use of the repoint command. The diagram below represent two embedded deployments replicating to each other. This deployment model is considered deprecated. The term deprecated means the topology will be supported in vSphere 6.0 but not in future releases. To get out of this deprecated topology two external Platform Services Controllers have been deployed. Now we can using the reconfigure command in CMSSO-Util to remove the embedded PSC and repoint vCenter Server to the external PSC.

vSphere 6.0 Update 2 - What's New Deprecated Embedded to External PSC

As you can see vSphere 6.0 U2 is loaded with lots of new features, go download and give them a try.