Over the last few months, many customers have been testing and familiarizing themselves with vSphere 5.5 however deployment into a production environment is usually stalled until the availability of the first update or service pack. As we are nearing the typical time frame of when such an update or service pack may become available, I wanted to share some findings that may affect your deployment selection of vCenter Single Sign-On when deploying or upgrading to vCenter Server 5.5
During the installation of vCenter Single Sign-On server you are asked on the deployment option of the vCenter Single Sign-On instance. Below is the intended use case for each deployment option.
Many of you have now kicked the tires with vSphere 5.5 either in your home lab or on some servers at work and you’re anxious to get all the new goodies running in your production environment. Perhaps some of you early adopters are already running in full production, but we’re guessing many of you are just contemplating your major upgrade now.
VMware’s Tech Support staff tend to see a surge during the month of March in number of calls to support. But guess what? Many of the issues we’re anticipating are already resolved, and we’ve been busy compiling and documenting solutions to common problems that you can handle yourself.
Those of you installing or upgrading your vSphere hosts, and vCenter Server instances to version 5.5 will find the following KB articles and Support Insider posts of great interest.
You have probably heard the terms “Big Data” and “Hadoop” mentioned somewhere in the industry lately – they are both very popular subjects of discussion at the moment. This blog gives you an introduction to the core technology and explains some of the contributions that VMware continues to make to the Hadoop world.
I recently installed App HA in my lab and found some of the documentation unclear and at times hard to follow. I’m going to work with our Tech Pubs group to improve it. In the meantime I wanted to share what I learned to help make your installation easier.
First, pay attention to the pre-reqs!
Have DRS enabled on the cluster where you will be deploying the App HA appliance
Enable “VM and Application Monitoring” in your cluster HA settings
Create an IP Pool for the subnet(s) where you will install the Hyperic vApp
Have 3 static IP addresses ready for the App HA appliance, vFabric Hyperic Server & vFabric Hyperic Server DB
If you’ll want to use the email notification feature, make sure to configure email settings in vCenter
With those out of the way we are ready to get started. Here are the steps we are going to complete. I’ve broken this out into multiple posts to make navigating it easier.
I’m happy to announce the availability of a whitepaper that I had been working on much of the past year. Since I joined VMware back in January of 2013, an almost weekly request was for a whitepaper that help IT team explain the security of the VMware vSphere hypervisor, a.k.a. ESXi, to a security professional.
VMware vSphere Mobile Watchlist allows you to monitor the virtual machines you care about in your vSphere infrastructure remotely on your phone. Discover diagnostic information about any alerts on your VMs using VMware Knowledge Base Articles and the web. Remediate problems from your phone by using power operations or delegate the problem to someone on your team back at the datacenter.
IMPORTANT NOTE: A VMware vSphere installation (5.0 and above) is required to use VMware vSphere Mobile Watchlist. Access to your vSphere infrastructure may need a secure access method like VPN. Contact your IT department for further assistance.
While VMware highly recommends the deployment of all vCenter Server components into a single virtual machine (excluding the vCenter Server database), large enterprise customers running multiple vCenter Server instances within a single physical location can simplify the vCenter Single Sign-On architecture and management by reducing the footprint and required resources and specify a dedicated vCenter Single Sign-On environment for all local resources in each physical location.
For vSphere 5.5 the VMware recommendation is to centralize vCenter Single Sign-On when you have 8 or more vCenter Server instances in a given location (this is a soft recommendation).
Centralized vCenter Single Sign-On Architecture
Figure 1: A Centralized vCenter Single Sign-On Server environment
There can be increased risk when centralizing a vCenter Single Sign-On server (to why it is not recommended for smaller environments) due to the increased number of components affected if the vCenter Single-Sign-On server was to become unavailable, in short all vCenter Server components of all vCenter Servers registered will incur authentication loss (when compared to just the single vCenter Server instance when installed locally) and so availability of the vCenter Single Sign-On centralized server(s) is highly recommended. Continue reading →
Joining me will be Simon Mijolovic (we just call him “Simon”), the Staff Program Manager for virtual appliance security and Greg Murray, Product Manager for, among many things, virtual appliances at VMware.
Simon will be going over the changes that were made to make our virtual appliances secure out of the box (91-95% DISA STIG compliant!).
Greg will be there to gather feedback on what YOU want to see out of our virtual appliances. Do NOT miss this opportunity to be heard by the folks that can do something about it!
I’m not sure what John Troyer @jtroyer was thinking when he handed me the keys to his baby for the day but I’m sure it will be fun and interesting! I hope you can join us whether it’s live on Talkshoe or later as a downloaded podcast!
A wrap-up of the podcast will be located on the podcast archives within a few days.
I’m looking forward to talking with many of you tomorrow!
A minor update to the vCenter Server 5.5 has been released
VMware vCenter Server™ 5.5.0a | 31 OCT 2013 | Build 1378901
vCenter Server Appliance 5.5.0a | 31 OCT 2013 | Build 1398493
Issues resolved with this release are as follows
Attempts to upgrade vCenter Single Sign-On (SSO) 5.1 Update 1 to version 5.5 might fail with error code 1603
Attempts to log in to the vCenter Server might be unsuccessful after you upgrade from vCenter Server 5.1 to 5.5
Unable to change the vCenter SSO administrator password on Windows in the vSphere Web Client after you upgrade to vCenter Server 5.5 or VCSA 5.5
VPXD service might fail due to MS SQL database deadlock for the issues with VPXD queries that run on VPX_EVENT and VPX_EVENT_ARG tables
Attempts to search the inventory in vCenter Server using vSphere Web Client with proper permissions might fail to return any results
vCenter Server 5.5 might fail to start after a vCenter Single Sign-On Server reboot
Unable to log in to vCenter Server Appliance 5.5 using domain credentials in vSphere Web Client with proper permission when the authenticated user is associated with a group name containing parentheses
Active Directory group users unable to log in to the vCenter Inventory Service 5.5 with vCenter Single Sign-On
Attempts to log in to vCenter Single Sign-On and vCenter Server might fail when there are multiple users with the same common name in the OpenLDAP directory service
Attempts to log in to vCenter Single Sign-On and vCenter Server might fail for OpenLDAP 2.4 directory service users who have attributes with multiple values attached to their account
Attempts to Log in to vCenter Server might fail for an OpenLDAP user whose account is not configured with a universally unique identifier (UUID)
Unable to add an Open LDAP provider as an identity source if the Base DN does not contain an “dc=” attribute
Active Directory authentication fails when vCenter Single Sign-On 5.5 runs on Windows Server 2012 and the AD Domain Controller is also on Windows Server 2012
The realese notes can be found here with full details, download now from www.vmware.com