Home > Blogs > VMware vSphere Blog > Tag Archives: vcenter

Tag Archives: vcenter

Load Balancing vSphere Clusters with DRS

Recently, a customer reported that DRS was not working to load balance the cluster. Under normal circumstances, a minor imbalance is nothing to be concerned about. This is because the main objective for DRS is not to balance the load perfectly across every host. Rather, DRS monitors the resource demand and works to ensure that every VM is getting the resources entitled. When DRS determines that a better host exists for the VM, it make a recommendation to move that VM.

However, some customers still prefer to have an even distribution of utilization across all hosts within a cluster. This article is intended to provide recommendations to accomplish this goal, bearing in mind that in most cases this will result in additional vMotion activity.

Continue reading

vSphere HTML5 Web Client Fling v1.2 (h5client) – Moving away from Client Integration Plugin (CIP)

Today we’re pleased to announce our second full update to the h5client fling.  Once again, in case you missed it, this blog post helps introduce how to install the first version of the fling (These instructions should all still apply if you’re installing from scratch): http://blogs.vmware.com/vsphere/2016/03/vsphere-html5-web-client-fling-getting-started.html

Update instructions are available at the fling page (Instruction’s tab): https://labs.vmware.com/flings/vsphere-html5-web-client


You can read more detailed notes about version 1.2 on the Fling page, but this week we want to highlight something very different: Avoiding dependency on the Client Integration Plugin (CIP).  One of the new features this week is the ability to browse Datastores, and download a file.  In the vSphere 6.0 Web Client, doing so required the installation and running of CIP, which has had its own problems, separate from the Flash runtime.  File download has been implemented within the h5client without any external plugin dependency.

File download is only one of the features that requires CIP, so we still have a ways to go in order to remove all the dependencies on CIP, but we’re making this a strong goal.  We are definitely interested to hear your feedback about this direction, and if you can preface your Feedback tool submissions with “CIP:” that would be very helpful too.

Separately, we’re also incredibly interested in learning more about your deployments.  Please take 5 minutes to fill out this survey:


Of highest interest is learning more anyone that has deployed into Production in a large environment.  Please include your email address in the survey so that we can contact you for further feedback.

New features in v1.2:

  • Browse files in a Datastore ([Datastore] -> Manage -> Files)
  • Download a file from a Datastore
  • URL redirects: your old bookmarked URLs now work, simplifying adoption of h5client.  Examples (base URL only)

https://<h5client ip or domain name>/vsphere-client

https://<h5client ip or domain name>:9443/vsphere-client

Will now automatically redirect to the h5client standard:

https://<ip or domain name>:9443/ui

The port redirection requires running the “firewall.sh” script, which is step 5 in the updated fling Instructions

Interested in announcements and providing more feedback to VMware on this project?  Sign up for our mailing list here: http://goo.gl/forms/IqGJ5twYHf

Dennis Lu & Vishwa Srikaanth

Product Managers, vSphere Web Client


vSphere HTML5 Web Client Fling v1.1 – h5client Continuous Improvement

Today we’re pleased to announce our first full update to the h5client fling.  In case you missed it, this blog post helps introduce how to install the first version of the fling (These instructions should all still apply if you’re installing from scratch): http://blogs.vmware.com/vsphere/2016/03/vsphere-html5-web-client-fling-getting-started.html

You can read more detailed notes about version 1.1 on the Fling page Change Log, but in this space we’d like to highlight one particular thing: Our focus on continuous improvements for h5client.  Releasing as a Fling gives us the opportunity to take user feedback faster, but a very important component of this tight cycle is making it easy for you to stay current.

Making an OVA deployment was the first step.  The second step is to provide the in-place upgrade flow that you’ll now find on the Fling’s Instructions page (https://labs.vmware.com/flings/vsphere-html5-web-client).  Some of you have already tested this flow, and we thank you for your help!  

Please sign up for our mailing list if you’re interested http://goo.gl/forms/IqGJ5twYHf

We will make further improvements to the upgrade flow (upgrade notifications in the UI, easily upgrade from the UI, etc), so this is only the beginning.  The biggest thing we need is your help in sticking with the mindset of always staying current with the h5client.

We’d also love to hear about how you’ve deployed the h5client.  We have heard of at least one very large customer that has deployed the Fling directly into their Production environment.  We’d like to hear more stories like this, so please take 5 minutes to fill out this survey: http://goo.gl/forms/wmOvmLVwV4

New features in v1.1:

  • Add Devices (CD/DVD Drive, Network Adapter, Hard Disk)
  • Migrate to cluster (and set migration priority)
  • Add new cluster (basic)
  • Bug fixes
  • Minor improvements to existing flows

Stay tuned to this space for more news about h5client.  You won’t want to miss our next update.

Dennis Lu & Vishwa Srikaanth

Product Managers, vSphere Web Client

Two Factor Authentication for vSphere – RSA SecurID – Part 1


This is Part 1 of a 2 part blog series. In this post we’ll talk about setting up RSA SecurID Authentication Manager, some architectural assumptions and what you’ll need to take with you to Part 2.

Two Factor Authentication

Two factor authentication (2FA) has become ubiquitous nowadays. For those of you still in the Dark Ages where you have your password written on a Post-It Note stuck to the bottom of your keyboard, 2FA is “something you have”, like a hardware or software token and “something you know” which would be a secret PIN.

Continue reading

SSLv3 Protocol Disabled by Default in vSphere 5.5 Update 3b


Why has the SSLv3 protocol been disabled by default in vSphere 5.5 Update 3b?

Across the industry, enterprise software products and solutions are dropping use of and support for the SSLv3 protocol. The Internet Engineering Task Force (IETF) officially deprecated the SSLv3 protocol in RFC 7568 due to its obsolescence and inherent unfixability. Instead, IETF recommends the latest version of TLS.

VMware is therefore dropping support for SSLv3 on both the server side and the client side in vSphere. The release of vSphere 5.5 Update 3b from VMware disables SSLv3 by default to meet current standards and compliance.

Continue reading

Configuring NSX-v 6.2 as a Load Balancer for the vSphere Platform Services Controller

VMware released NSX-v (NSX for vSphere) 6.2 back on August 20, 2015. With its release the NSX team introduced support to use NSX-v as a load balancer for the vSphere Platform Services Controller (PSC) for highly available deployments (Release Notes). This is a key new feature that enables customers to further leverage existing NSX-v deployments to simplify their vSphere infrastructure while providing additional HA capabilities for the PSC. This can be a fairly straightforward undertaking when there is an existing vCenter being used for management (e.g. a management cluster).

There is a second scenario, however, that requires some consideration. What if you’re deploying a new vSphere and NSX-v environment where a management vCenter does not already exist? Romain Decker, a Solution Architect in VMware’s Software-Defined Datacenter (SDDC) Professional Services Engineering team has put together a great blog post on the VMware Consulting Blog that walks through that exact scenario and provides a step-by-step instruction on how to work around this chicken and egg scenario using the ability to easily repoint a vCenter Server to an alternate PSC in vSphere 6.0 Update 1.

To learn more about configuring  NSX-v as a load balancer for the vSphere Platform Services Controller, read Romain’s full blog post at:

Configuring NSX-v Load Balancer for use with vSphere Platform Services Controller (PSC) 6.0

What is vCenter Server Watchdog?

If you’ve done any research into the high-availability options available for vCenter Server 6.0, hopefully you have had a chance to read the VMware vCenter Server 6.0 Availability Guide written in collaboration with Technical Marketing and Global Support Services as well as KB 1024051. And you might have noticed particular sections that refer to the vCenter Server Watchdog. But what exactly is the vCenter Server Watchdog?

Enabled “out of the box” in 6.0, the vCenter Server Watchdog provides better availability by periodically verifying the status of vCenter Server.  It does this in two ways:

  1. The PID Watchdog monitors the processes running on vCenter Server
  • The API Watchdog uses the vSphere API to monitor the functionality of vCenter Server.

If any services fail, the Watchdog attempts to restart them. If it cannot restart the service because of a host failure, vSphere HA restarts the virtual machine running the service on a new host.

That’s sounds slick, right? Well, let’s dive in and take a look at each of these watchdogs in detail. Continue reading

Reconfiguring and Repointing Deployment Models in vCenter Server 6.0 Update 1

In my last blog post, we discussed some of the new features and capabilities found in vCenter Server 6.0 such as how you can quickly and easily update the vCenter Server Appliance 6.0 to Update 1.

Now, it’s time to focus our attention on a two key enhancements found in vCenter Server 6.0 Update 1 – both the appliance and Windows-based form factors:

  • Reconfigure – You can now reconfigure an embedded deployment node to an external deployment model, also known as MxN.reconfigure
  • Repoint – Simplified repointing of a management node in an external deployment model from one external Platform Services Controller to another external Platform Services Controller.
  • repoint

Why is this important?

The reconfiguration enhancement enables you to take an existing embedded deployment and transition it to a more optimal external deployment model – MxN.  There is also the simplified ability to repoint a management node to another Platform Services Controller which enables you to quickly recover from an external Platform Services Controller failure and to distribute load to alternate nodes that are in the same SSO domain.

Before moving forward with either the reconfigure or repoint operations, there is a key set of requirements that you need to meet.

Reconfiguration Requirements

  • The vCenter Server instance must be an embedded deployment model.
  • The target Platform Services Controller must be a replication partner of the existing embedded Platform Services Controller in the same SSO Domain.

Note: In vCenter Server 6.0 Update 1, we only support a single transition from embedded deployment to a external deployment (MxN) model for per SSO domain. See the Known Issues section of the Release Notes for additional details.

Update: In vCenter Server 6.0 Update 2 we now support multiple transitions from embedded deployments to external deployment models in an SSO domain.

Repointing Requirements

  • The vCenter Server instance must be an external deployment model.
  • The target Platform Services Controller must be a replication partner of the existing external Platform Services Controller in the same SSO Domain.

We’ve introduced an update to cmsso-util in vCenter Server 6.0 Update 1. This utility can be found in:

  • VCSA: /bin/cmsso-util
  • Windows: <Drive>:\Program Files\VMware\vCenter Server\bin\cmsso-util

This utility automates the entire process by passing the new required namespace (either reconfigure or repoint) and its arguments.  For example, with the VCSA, the namespaces would be:

  • VCSA: /bin/cmsso-util reconfigure
  • VCSA: /bin/cmsso-util repoint

Okay, so, how do we do it? Well, let’s see both namespace options in action in the vCenter Server Appliance (VCSA). Note that the cmsso-util namespaces and arguments are the same for a vCenter Server 6.0 Update 1 instance installed on Windows.

Continue reading

Updating vCenter Server Appliance 6.0 to Update 1

Earlier this month, we released vSphere 6.0 Update 1. In this update we introduced some awesome new features for vCenter Server. Let’s take a look at some of these just below:

  • Installation and Upgrade using HTML 5 Installer for VCSA: The following installation and upgrade scenarios are now supported for vCenter Server Appliance using its HTML 5 installer:
    1. An installation using HTML 5 installer with a vCenter Server target is supported.
    2. An upgrade using HTML 5 installer with a vCenter Server target is not supported.
    3. An upgrade using command line with a vCenter Server target is supported.
  • Backup and Restore with External Platform Services Controller: vCenter Server deployments with an external PSC (also called MxN) have support for backup and restoration.
  • Appliance Management User Interface: An all new HTML5-based management interface for the appliance at https://<FQDN-or-IP>:5480. 
  • Platform Services Controller Interface: An all new HTML5-based management interface for the Platform Services Controller at https://<FQDN-or-IP>/psc/.  See my earlier blog on the Platform Services Controller Interface.
  • Interoperability: Virtual SAN and SMP-FT are interoperable.
  • Hybrid Cloud Manager: Hybrid Cloud Manager has been updated for vSphere, and can be accessed directly from the vSphere Web Client.
  • VCSA Authentication for Active Directory: VMware vCenter Server Virtual Appliance has been modified to only support AES256-CTS/AES128-CTS/RC4-HMAC encryption for Kerberos authentication between VCSA and Active Directory.
  • Support for SSLv3: Support for SSLv3 has been disabled by default.
  • Customer Experience Improvement Program: The opt-in Customer Experience Improvement Program (CEIP) provides VMware with information that enables VMware to improve the VMware products and services and to fix problems. When you choose to participate in CEIP, VMware will collect technical information listed below about your use of the VMware products and services in CEIP reports on a regular basis. This information does not personally identify you.

One additional feature that we introduced in vCenter Server 6.0 Update 1 is an in-place process for Updates in a major release (e.g. vCenter Server 6.0 to vCenter Server 6.0 Update 1) instead of the migration-based approach that was required in prior VCSA updates (e.g. vCenter Server 5.5 to vCenter Server 5.5 Update 1).

With these new capabilities — and, of course, resolved issues — there’s been a ton of interest in how to update the VCSA to 6.0 Update 1. So, let’s get started and look at the process…

Continue reading

VMworld 2015: Extreme Performance Series

Who loves virtual Performance? Who wants to learn more about it?

Everybody of course!

I’m very excited about this year’s Extreme Performance Series mini-track being hosted at VMworld San Francisco and Barcelona. These sessions are created and presented by VMware’s best and most distinguished performance engineers, architects and gurus. I’ve tried to provide my personal thoughts on each session but these few words will never do them justice. Hope too see you all there!

Continue reading