Home > Blogs > VMware TAM Blog > Category Archives: Support

Category Archives: Support

Four Unique Enterprise Customers Deploy VSAN

By Frank Gesino

Frank_GesinoAt VMworld 2016, we had a great opportunity to showcase four customer use cases for VMware Virtual SAN™. The session “Four Unique Enterprise Customers Deployment of VMware Virtual SAN” was hosted by VMware SE Manager Peter Keilty (SDS East, Office of the CTO, Americas Field Storage and Availability). Peter was very familiar with all four use cases, as he was intimately involved in the design and implementation for all four customers. He was also a key contributor of presentation content.

VMware Storage Solution Architect David Boone was the lead engineer for all four customers’ Virtual SAN use cases. With Peter, David provided design and implementation guidance—from POC through production—and also helped provide content for this presentation.

The customers who participated in the session were: Team Lead/System Engineer Glenn Brown (Stanley Black & Decker); AVP of Corporate IS Mike Caruso (Synergent); AVP, Sr. Staff Specialist Tom Cronin (M&T Bank); and Team Lead of IT Infrastructure Andrew Schilling (Baystate Health). They all did a fantastic job providing insight into their unique use cases and the value and ROI of Virtual SAN.

We were lucky to have two TAM customers included in this panel discussion: Stanley Black & Decker (TAM Earl Henry), and M&T Bank (TAM Joe DePasquale).

You can view and listen to this full session here.

Below is a brief overview of each customer’s Virtual SAN use case. Please take a look, and dive deeper into the entire session for more details on each

 

Picture1

The Power of the SDDC: Remote Office Hyper-Converged Solution with Centralized Management

Stanley Black & Decker selected Virtual SAN as the hyper-converged infrastructure (HCI) storage solution for 18+ critical remote offices. Their most recent implementation is using Virtual SAN enabled VMware vSphere® clusters in two larger distribution centers to leverage vSphere replication for bidirectional asynchronous replication to mutually protect Virtual SAN data at each location.

Picture1

 

 

Picture2

11 Virtual SAN Enabled vSphere Clusters

Synergent uses Virtual SAN enabled vSphere clusters for its business-critical applications, including check processing applications, home banking applications, Microsoft Exchange, domain controllers, VMware NSX®, and virtual NAS. Essentially, every core application is running safely on Virtual SAN. In addition, Synergent deployed VMware Horizon® View™ Standard Edition on Virtual SAN to achieve low cost, high performance, and linear scalability of compute, memory, and storage resources for Virtual Desktop.

Picture3

 

 

Picture4

Using Virtual SAN to Create a Management OOB Network for DR and Lab Cluster

M&T Bank is using vSphere and Virtual SAN to meet its high availability needs to support its production environment. By moving VMware vCenter™ and other third-party management components from its production environment to a Virtual SAN enabled vSphere management cluster, M&T Bank will still have these critical tools available for use in the event of a production outage. Virtual SAN delivers the shared storage capacity and performance these demanding workloads require. This use case leverages the latest vSphere and Virtual SAN 6.2 release to take advantage of all-flash, deduplication, compression, and the inherited redundancy (distributed RAID 5, DRS, HA, and FT).

Picture5

 

 

93eac4b630c748338b305e06ee0472b8

The Power of the SDDC: Active-Active-Active Borderless and Always-On Virtual Data Center

With VMware Virtual SAN, Baystate Health was able to realize significant consolidation and space savings. Baystate currently has 2 PB of data and plans to consolidate it across three data centers and about 40 storage blades. This will save data center real estate by a factor of 10 to 1. Currently there is ~700 TB of Virtual SAN capacity.

Picture7

 


Frank joined VMware in 2014 as a Senior Technical Account Manager base in Hartford, Connecticut. Before joining VMware, he dedicated his career leading the design and implementation of value-driven technology solutions for his customers.  Frank holds a PMP certification and recently obtained his VCP6-NV.

VMware Knowledge and Skills Assessment – Setting Your Customer Up For Success

At the 2015 Datacenter Conference, Gartner stated that the CIOs they surveyed ranked skills as the number one barrier to achieving their objectives. – CLEAR report

By Heath Johnson

HeathJohnsonI have been a TAM with VMware for a little over a year now. During this time, I have been working closely with my customers on some large-scale deployments of VMware’s EUC products. These projects have high visibility within my customer’s organization, affecting almost all end-user endpoints. My job as a VMware TAM is to make sure major projects like these have the desired business outcomes.

In order to assure success, one of the first things I wanted to understand were the skills of the people that will be implementing and managing the project. These are usually two different skill sets. Implementation requires the ability to follow a design and to know how to configure the products’ multiple settings in detail. Any missed configuration settings can cause an unforeseen disaster. Day two operations; that is, management and operations, have a different skill set requirement. This usually requires a good understanding of the overall architecture so that you can quickly follow a troubleshooting methodology if things go wrong.

As a TAM customer, one of the deliverables I can offer my customers is a Knowledge and Skills Assessment, or KSA. This assessment is a short survey for your IT staff that asks them key questions about their interests, training, and abilities. VMware will then analyze the answers and determine the skill sets of the individual staff. With this data, we are able to generate a report on the IT skills within an organization and to help our customers identify skills gaps. The report not only looks at the individual, but also the department or group as a whole.

Course Recommendations for increasing IT Skills

Using this report, I was able to work with the managers at my customer site and help them design a training plan to better prepare their staff for the work ahead. A training plan is a long-term solution for better enabling your staff to succeed. In the TAM program, we go beyond just making a class recommendation. We implement a phased-in approach.

Phase 1 – Plan for the future

My customer was already well past budget season, and could not afford traditional classroom training for their staff right away. But they could plan for the next budget cycle. I worked with VMware Education on classes recommended for specific individuals. I also worked with the managers on career goals for the team so that classes could target the needs of the business as well as personal goals. Based on these discussions, a budget for next year was created that included formal classroom training.

Phase 2 – Immediate needs

VMware provides a lot of free training. Based on the objectives in phase 1, I pointed individual staff members to resources that would help them sharpen their skills for projects they were actively working one. Here are a few of my recommendations:

VMware Hands-on Labs (HOL)

hol.vmware.com

Not all of our customers have a private lab environment. But what they do have is free access to VMware HOL. We have a preconfigured lab environment for almost all of our products. Now some people think you can only follow the lab guide in HOL. Not true! If you are wondering what happens when you change a setting in vCenter or when you click a certain button, try it out in HOL first. Use HOL as your personal test environment. I even sat down with one of my customers and walked through an entire lab scenario until they were comfortable with the product.

TAM Exclusive Webinars

As part of the TAM program, we provide private webinars for our TAM customers. A lot of these sessions are under nondisclosure agreements (NDAs) and take a deep dive into our products. They are often presented by our own internal SME or product managers. And because they are under NDA, topics may even include future roadmaps.

“Getting More” webcast series

www.vmware.com/go/getmore

This is another free training resource for our customers that focuses on vROPs and vRA. Between reviewing the list of recent recordings and the upcoming webcast schedule, I can help my customers select the right sessions for their training needs.

Onsite guide

As a TAM, I am also an onsite guide for my customers regarding the products they own. A day onsite rarely goes by without my customer asking, “Can I do something like X?” Most of the time I can guide them to find the answers to their questions, and at other times I have to reach out to my internal SMEs for an answer. Either way, having an onsite guide is invaluable to our customers. And sometimes these questions turn into our future products through our feature request program, which is curated by a TAM.

Going forward, my customer is set up for successful outcomes because they now have a training plan in place. And next year, we can review the status of their training needs to meet any new business goals.

Are you planning a major project implementation? Are your staff properly skilled for today’s changing IT world?

Ask your TAM for a KSA today. And kick off your project with success.

Heath is a VMware Technical Account Manager based in south central Wisconsin. Heath has been with VMware since 2015 and has been working with VMware products since 2004. When he’s not working with our Enterprise customers, he is spending time with his family, flying airplanes, flying drones, cycling, or enjoying the outdoors. You can follow Heath on his personal blog at www.FlyingVirtually.com or on Twitter @heathbarj

Quick Guide – Best Practices for Uploading Your Logs to VMware Support

VMware Phillip BardavilleBy Philip Bardaville

When you have a problem that needs immediate attention, successful uploads of logs from your system are the best way to a speedy resolution. I’ve laid out, below, some best practices that you will find useful.

Firstly, be proactive. Always open a support ticket immediately with VMware either via the web, your vCenter Support Assistant, or phone, and start collecting log bundles. Once you’re done, upload these to your support request number. This saves time, as the technician on our side can get to your request quicker. The “first touch” on a ticket is typically requesting logging information. If you have already done that, you can move forward more quickly.

Continue reading

Basic VMware Security Tools and Practices

By Melba Lopez

I had the pleasure of joining my first ever internal security conference called MooseCon (Making Our Organization Security Experts Conference). There were a variety of topics discussed, but one particular talk by Noah Wasmer, Senior Vice President of Mobile Products, stayed with me the most. Noah discussed recent cyber attacks in the news, and he asked, “If you were on the front page of the Wall Street Journal because of a security breach, what would that do to your business?

MooseCon

For any company, it would have a negative financial impact and shatter the trust of customers. As a Technical Account Manager (TAM) I often advise my customers to be more security-conscious and would like to share some information and resources about VMware security tools.

Continue reading

Certificates for Dummies – Part One: VCSA and PSC Certificates’ Overview and Configuring PSC with Intermediate VMware Certificate Authority (VMCA)

jean_oliveira

 

By Jean Oliveira

My name is Jean Oliveira, and I’m a Technical Account Manager in Brazil. In this role, I am often asked to assist in areas where I am not an expert, which involves research. For example, I have a customer who planned to replace VMware vCenter Server and VMware vSphere hosts’ self-signed certificates with internal signed certificates. To complete this task, he wanted to use the VMware Certificate Authority service as an Intermediate CA. My goal for this post is to help others work through this same issue in their environments.

This blog is organized into two parts:

  • Part One: VCSA (vCenter Virtual Server Appliance) and Platform Services Controller (PSC) Certificates Overview and Configuring PSC with Intermediate VMware Certificate Authority (VMCA)
  • Part Two: Replacing vCenter Server Certificates with VMCA (VMware Certificate Authority)

Before entering any command or accessing a KB, I first had to understand the new architecture behind vCenter 6.x. In the previous version of vCenter Server, each component had its own certificate:

joliveira_vcenter-components

In the new VMware architecture, there are only four certificates, with each one responsible for a set of components. The Platform Services Controller is responsible for signing and storing certificates in this new architecture.

joliveira_vcenter-architecture

In the PSC, each active certificate must be unique. A certificate is composed of the following: Common Name (CN), Organization (O), Organizational Unit (OU), Locality (L), State/Province (ST), and Country (C).

Initially, I had assigned the name “Web-Client” for all certificates generated for the Web Client service, which crashed my PSC. Based on my experience, I learned that each certificate’s Subject Name must be unique!

joliveira_certificate-details

Keeping this in mind, I used the following naming conventions:

Common Name (CN): Server FQDN
Organization (O): My organization’s name
Organizational Unit (OU): I used the “certificate service name”; for example, VPXD, VPXD-Ext, Web-Client, Machine, and so on
State/Province (ST): Sao Paulo
Country (C): BR

The next step is to join the PSC to the Active Directory domain. In the Manage/Settings/Active directory, click the Join button and enter the proper authentication as shown in the following screen.

joliveira_active-directory

Be sure to restart your PSC to apply the change.

Then, prepare the Microsoft Root Certificate Server. In my lab, I used a Windows Server 2003 R2 as a Root Certification Authority, so I had to configure it using “Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.0 (2112009)”.

My next step was to replace the PSC SSL root certificate with the certificate signed by my Microsoft Root Certificate authority, and then replace all machine and solution certificates.

To do this, I connected to my PSC through SSH. If you have trouble enabling the Bash shell, please follow “Toggling the vCenter Server Appliance 6.x default shell (2100508)”.

I located the folder, /usr/lib/vmware-vmca/bin, and ran the command, ./certificate-manager, selecting Option 2, “Replace VMCA Root certificate with Custom Signing Certificate and replace all Certificates”. You can review the following choices I made, and replace them with the correct values for your environment.

  • Do you wish to generate all certificates using configuration file: Option[Y/N] ?: Y Select Y.
  • Please provide valid SSO and VC privileged user credential to perform certificate operations.
  • Enter username [Administrator@vsphere.local]:  Enter your administrator username.
  • Enter password:  Enter the password.
  • MACHINE_SSL_CERT.cfg file exists, Do you wish to reconfigure: Option[Y/N] ?: Y Select Y to reconfigure the answer file.
  • Enter proper value for ‘Country’ [Previous value: US]: BR
  • Enter proper value for ‘Name’ [Previous value: CA]: psc-01a.corp.lab I used the PSC server FQDN.
  • Enter proper value for ‘Organization’ [Previous value: VMware]: Corporate Lab
  • Enter proper value for ‘OrgUnit’ [Previous value: VMware]: Machine-SSL I used the Service Name.
  • Enter proper value for ‘State’ [Previous value: California]: Sao Paulo
  • Enter proper value for ‘Locality’ [Previous value: Palo Alto]: Sao Paulo
  • Enter proper value for ‘IPAddress’ [optional]:
  • Enter proper value for ‘Email’ [Previous value: email@acme.com]: administrator@corp.lab
  • Enter proper value for ‘Hostname’ [Enter valid Fully Qualified Domain Name (FQDN), For Example: example.domain.com]: psc-01a.corp.lab
  • Please configure machine.cfg with proper values before proceeding to next step.
  • Enter proper value for ‘Country’ [Previous value: US]: BR
  • Enter proper value for ‘Name’ [Default value: CA]: psc-01a.corp.lab I used the PSC server FQDN.
  • Enter proper value for ‘Organization’ [Default value: VMware]: Corporate Lab
  • Enter proper value for ‘OrgUnit’ [Default value: VMware]: Machine I used the Service Name.
  • Enter proper value for ‘State’ [Default value: California]: Sao Paulo
  • Enter proper value for ‘Locality’ [Default value: Palo Alto]: Sao Paulo
  • Enter proper value for ‘IPAddress’ [optional]:
  • Enter proper value for ‘Email’ [Default value: email@acme.com]: administrator@corp.lab
  • Enter proper value for ‘Hostname’ [Enter valid Fully Qualified Domain Name (FQDN), For Example: example.domain.com]: psc-01a.corp.lab
  • Please configure vsphere-webclient.cfg with proper values before proceeding to next step.
  • Enter proper value for ‘Country’ [Default value: US]: BR
  • Enter proper value for ‘Name’ [Default value: CA]: psc-01a.corp.lab I used the PSC server FQDN.
  • Enter proper value for ‘Organization’ [Default value: VMware]: Corporate Lab
  • Enter proper value for ‘OrgUnit’ [Default value: VMware]: vsphere-webclient I used the Service Name
  • Enter proper value for ‘State’ [Default value: California]: Sao Paulo
  • Enter proper value for ‘Locality’ [Default value: Palo Alto]: Sao Paulo
  • Enter proper value for ‘IPAddress’ [optional]:
  • Enter proper value for ‘Email’ [Default value: email@acme.com]: administrator@corp.lab
  • Enter proper value for ‘Hostname’ [Enter valid Fully Qualified Domain Name (FQDN), For Example: example.domain.com]: psc-01a.corp.lab
    • Generate Certificate Signing Request(s) and Key(s) for VMCA Root Signing certificate
    • Import custom certificate(s) and key(s) to replace existing VMCA Root Signing certificate
  • Option [1 or 2]: 1 Select Option 1 to generate the certificate request for the Root Certificate Server.
  • Please provide a directory location to write the CSR(s) and PrivateKey(s) to:
  • Output directory path: /tmp/ca
  • Please configure certool.cfg with proper values before proceeding to next step.
  • Enter proper value for ‘Country’ [Default value: US]: BR
  • Enter proper value for ‘Name’ [Default value: CA]: psc-01a.corp.lab I used the PSC server FQDN.
  • Enter proper value for ‘Organization’ [Default value: VMware]: Corporate Lab
  • Enter proper value for ‘OrgUnit’ [Default value: VMware]: certtool I used the Service Name.
  • Enter proper value for ‘State’ [Default value: California]: Sao Paulo
  • Enter proper value for ‘Locality’ [Default value: Palo Alto]: Sao Paulo
  • Enter proper value for ‘IPAddress’ [optional]:
  • Enter proper value for ‘Email’ [Default value: email@acme.com]: administrator@corp.lab
  • Enter proper value for ‘Hostname’ [Enter valid Fully Qualified Domain Name (FQDN), For Example: example.domain.com]: psc-01a.corp.lab
  • CSR generated at: /tmp/ca/vmca_issued_csr.csr Save this path and name!

I used WinSCP to copy the file vmca_issued_csr.csr from my PSC Server to my Windows Root Certification Authority Server, C:\Users\Administrator\Desktop.

As stated earlier, in my lab I used a Windows 2003 R2 Root Certification Authority server and, in this Windows version, V3 certificate templates are NOT visible in the Certificate Web Server. Therefore, I had to use the command line to issue the certificates. If you are using Windows 2008 and later, this is not a problem. If you are using Windows 2003 as I was, let me save you some research time! Below are the command line steps to issue the certificates.

Before submitting the request, I had to find the vSphere 6.0 VMCA template name. To find a list of all templates, open a command prompt in the Root Certificate Server, and type:

C:\Users\Administrator\Desktop>certutil –CATemplates

After locating the vSphere 6.0 VMCA name, “vSphere6.0VMCA,” I entered the following command to request the VMCA certificate:

C:\Users\Administrator\Desktop>certreq -attrib “CertificateTemplate:vSphere6.0VMCA” -submit vmca_issued_csr.csr

I saved the certificate file as vmca_issued_cert.cer.

The next step was to create the certificate chain, which included the VMCA Certificate (generated in the previous step), and the Domain Root certificate. To complete this step, I did the following:

  • Created a new empty file, server-root.cer
  • Opened the vmca_issued_cert.cer in Notepad and copied all information to the file, server-root.cer
  • Opened the certenew.cer in Notepad and copied all information to the file, server-root.cer
  • Saved the file server-root.cer

Now I had a full chain certificate file that I copied it to my PSC Server, folder /tmp/ca.

Moving on, I returned to the SSH session and chose option 1 below:

  • CSR generated at: /tmp/ca/vmca_issued_csr.csr
    • Continue to importing Custom certificate(s) and key(s) for VMCA Root Signing certificate
    • Exit certificate-manager
  • Please provide valid custom certificate for Root.
  • File: /tmp/ca/server-root.cer Enter the full path and name to the file, server-root.cer.
  • Please provide valid custom key for Root.
  • Please provide valid custom certificate for Root.
  • File: /tmp/ca/root_signing_cert.cer The path is the same as above, and the file name is default.
  • Please provide valid custom key for Root.
  • File: /tmp/ca/vmca_issued_key.key The path is the same as above, and the file name is default.
  • You are going to replace Root Certificate with custom certificate and regenerate all other certificates
  • Continue operation: Option[Y/N] ?: Y Select Y.
  • Get site nameCompleted [Replacing Machine SSL Cert…]
  • default-site
  • Updated 9 service(s)
  • Status: 100% Completed [All tasks completed successfully]

When it finished, I restarted all services by running service-control –stop –all, and then service-control –start –all.

To verify everything was working, I looked in the certificate store.

VMware has also a good KB you can use as a guide, “Configuring VMware vSphere 6.0 VMware Certificate Authority as a subordinate Certificate Authority (2112016)”.

Stay tuned for Part Two, when I will walk you through the process for replacing vCenter certificates with VMCA signed certificates. Talk to you then!


Jean Oliveira is a Technical Account Manager for VMware based in São Paulo, Brazil. For the last +5 years he is helping their customers in the hybrid-cloud journey, saving money and achieving a higher IT maturity. When not working, he loves to be with his wife Shirley. You can connect with Jean on LinkedIn.