Enabling NFS VAAI Support in Synology 5.1

Synology enabled VAAI support for NFS in version 5.1 of their DSM software. In order to take advantage of this technology from ESXi hosts we need to do two things:

  • Upgrade DSM to at least version 5.1-5004 (2014/11/06)
  • Install the Synology NFS Plug-in for VMware VAAI

DSM

DSM can be upgraded from within the Control Panel application. Head to the Update & Restore section, check for and install updates. This will likely require a reboot so ensure anything or anyone using it is shutdown or notified.

NFSNAAI07

 

ESXi

Prior to installing the NFS plugin my two NFS datastores don’t have the Hardware Acceleration support.

NFSNAAI02

 

From the 5.1-5004 Release Notes:

VMware VAAI NAS
Added NFS support for two primitives: Full File Clone and Reserve Space.
Please note that you should install the Synology NFS Plug-in for VMware VAAI and read the instructions in README.txt to make sure installation is successful.

Once the plugin has been downloaded it is possible to use either VMware Update Manager or esxcli to install the vib. For the purposes of my home lab without Update Manager I’m going to show you the esxcli way.

Upload the vib to a datastore all hosts can access, then the command to install the vib is:

esxcli software vib install -v /path to vib/esx-nfsplugin.vib

Once installed, the ESXi host will require a reboot

NFSNAAI04

After the reboot you can check all was successful by running:

esxcli software vib list | grep nfs

NFSNAAI05

and examining the NFS datastores

NFSNAAI06

Improving the PowerShell ISE Experience with ISESteroids 2

For a long time I’ve used the built-in to Windows, PowerShell ISE for my PowerShell scripting experience. Most people tend to have a particular favourite editor for their coding, usually after trialling out a few different ones. For pretty much everything else I’ve settled on Sublime Text, but for PowerShell I use the ISE since I really like the integration with the PowerShell console.

The ISE was introduced in PowerShell 2.0 and to be honest was pretty basic back then. It’s  improved significantly since then into version 4, but still has some areas where there could be improvement or features missing that you would like to see.

Earlier in the year I tried out ISESteroids 1.0 which started to plug a number of the gaps I found in the ISE. Recently I had chance to upgrade to ISESteroids 2 and it has improved even further.

For a quick preview of what is available check out the below video.

A few things in it I particularly like:

1) More distinct (yellow) highlighting of bracket matching or other sections

ISESteroids01

(single click on this double quoted string)

ISESteroids02

2) Block commenting (this was a real annoyance for me – there is a keyboard shortcut to do it in the standard ISE, but still fiddly)

Before:

ISESteroids03

After pressing the single button below:

ISESteroids04

ISESteroids05

 

3) ScriptMap which allows you to easily navigate your way through long scripts

ISESteroids06

 

4) Manage Version History

ISESteroids07

Clicking on Compare opens WinMerge and a view of what has changed between versions

ISESteroids08

5)  Autoselection. Click repeatedly to select various code segments

ISESteroids12

ISESteroids09

ISESteroids10

ISESteroids11

 

6) Enhanced Debugging

Best explained in the following video

For a more in-depth look at some of the features, check out the below video with ISESteroids creator Dr Tobias Weltner and fellow PowerShell MVP Jeff Wouters.

Delegating Permissions to vCO Workflows and Publishing for Consumption

I needed to look into the possibilities around granting delegated access to vCO workflows and ways to consume them without necessarily using the standard vCO client. The general idea was to have one group of people authoring workflows and another group consume some of them.

vCO has the ability to delegate permissions to workflows and folders of workflows using users and groups; ideally you would have already setup vCO to use your AD for authentication so enabling this delegation via AD users and groups.

Each workflow or folder has a Permissions tab where users and groups can be added with different rights selectable; View, Inspect, Admin, Execute, Edit.

 

DelegatedPermissions02

One thing to watch out for is that (at least) View Permissions need to be set right at the top of the tree for a user to be able to authenticate with the vCO (or other) client. The top level has a similar Permissions tab, however no Pencil style edit button like all of the levels further down.

Turns out it is hidden away in a context sensitive right-click set of options on the top level, Edit access rights…

Now we’ve figured that out, let’s take a scenario where we want to give an AD group access to run workflows in one folder, but not in another. We’ll use the AD group vCO_Users.

In the screenshot above vCO_Users have been given View and Inspect rights at the top level, which will filter all the way down. That will get our vCO_User authenticated, but not able to do too much.

On the folder JM-Dev vCO_Users have been given View, Execute and Inspect rights. Consequently, in the vCO client they are able to view and run the workflow, but not edit it – note the presence of the green Run button, but the Edit button is greyed out.

On the folder JM-Dev2 vCO_Users have only the View and Inspect rights which have filtered down from the top. Consequently, they can see the workflow, but neither run it nor edit it.

So we’ve got the permissions sorted for this example, but how about that requirement to not use the vCO client?

vCO has a built in web client, known as web operator. It is enabled by navigating to the Administer section of the client and then publishing the default weboperator.

DelegatedPermissions07

Now we navigate to:

https://vcoserver.fqdn:8281/vco/vmo/weboperator/default.html

and login with some credentials of a member of the vCO_Users group

Now we can see the tree of workflows similar to the vCO client view

As this user we are able to run the workflow in the JM-Dev folder where we have the Execute permission:

but not the workflow in the JM-Dev2 folder which doesn’t have the Execute permission:

DelegatedPermissions11

I found the web interface to be pretty basic, but possibly it’s worth evaluating if it might meet your needs.

 

Automating Disk Zeroing on VM Deletion

A requirement for a project I had was to zero the VMDK of all VM disks at the time of VM removal.

smash_hard_drive

One consideration was to SSH into the host where the VM was located and use vmkfstools like the below on each vmdk to zero the disk.

vmkfstools –w /vmfs/volumes/<…>.vmdk

Looking for alternatives I found that the PowerCLI cmdlet Set-HardDisk has a ZeroOut parameter. Note the text from the help (version 5.8 R1):

Specifies that you want to fill the hard disk with zeros. This parameter is supported only if you are directly connected to an ESX/ESXi host. The ZeroOut functionality is experimental.

The points to note are:

  • You will need to connect PowerCLI directly to the ESXi host that the VM is registered on. So you will most likely first of all need to connect to vCenter to find out where the VM lives.
  • The functionality is ‘experimental’. A quick scan back through releases showed this had been the same for some time. From my observations the functionality appeared to work fine. There have been many things in vSphere over the years which have been ‘experimental’, but have usually worked fine.

So once you have identified where the VM is and connected to the ESXi host in question, it’s a case of simply looping through all of the disks and zeroing them (with a bit of logging thrown in) – note it will likely take a fair amount of time to zero each disk!


$VM = VM01
$HardDisks = Get-HardDisk -VM $VM

foreach ($HardDisk in $HardDisks){

$HardDisk | Set-HardDisk -ZeroOut -Confirm:$false | Out-Null

$Text = "Zeroed disk $($HardDisk.Filename) for VM $VM"
$Text | Out-File -FilePath C:\log\zerodisk.log -Append
}

vFACTOR London VMUG January 2015

Ever thought about presenting at a user group, but not quite found that extra incentive to give it a go for the first time? Many people I know have benefited in both a personal and professional capacity from doing so and I certainly have too. The opportunity to relate tales of a project at work or a particular piece of technology you have an interest in can often be quite an experience I’ve found, with discussions afterwards leading to new ideas about your topic or even people believing you’re an expert at something, just because you had the guts good sense to stand up in front of your peers and talk about it.

If you haven’t done it before and need an incentive to help get you over that first hurdle, the London VMUG are offering significant encouragement to get you started. At the next London VMUG in January 2015 there are a set of prizes available for five people prepared to give a 10 minute lightning talk.

That’s right, all you need to do is be selected to give a talk for 10 mins and you are guaranteed one of the five prizes below – the winner to be determined by the audience.

The odds look pretty good to me – a 60% chance of winning an Apple product and the worst that can happen to you is you come away with an Amazon voucher and the respect of your peers for giving it a go!

mackbookair

1st Prize: MacBook Air
2nd Prize: iPad Air
3rd Prize: iPad Mini
4th Prize: Amazon voucher
5th Prize: Amazon voucher

Entries need to be submitted by the 19th December and all the details can be found here.

 

Resource Action Object Not Correctly Passed Through to ASD Form in vCAC 6.0.x

When using the Advanced Service Designer to create Resource Actions it’s possible you may hit the following issue in vCAC 6.0.x if you attempt to access the Input Resource as part of the workflow Presentation. While everything will appear to work correctly in vCO, when the form is accessed by a vCAC user the Input Resource may not (I say *may* because the behaviour is inconsistent, sometimes it works, sometimes not!) be available to use. Take the following (contrived) example.

You would expect things to work like the following:

Using a vCO action displayToolsStatus which takes the input of a vCAC:VirtualMachine and queries vCenter for the VMware Tools Status to display in the vCAC form (unlikely you would actually want to do this, but it works for the example).

ResourceAction01

In the workflow to use as the Resource Action set the Presentation Properties of the displayToolsStatus input to the displayToolsStatus action…..

ResourceAction02

….using the vm Input as the parameter

ResourceAction03

However, when using the Resource Action, displayToolsStatus in the form is the default value Unable to determine since we hit the if (!vm) in the action


if (!vm) {
return null;
}

ResourceAction04

 

You can either upgrade to vCAC 6.1 where this is resolved, or go with the following workaround:

Add an additional input to the vCO workflow of the same type as the Resource Action input – hiddenVM in this example

ResourceAction05

Set the Presentation to be Hidden and have a Data Binding mapped to the Resource Action parameter (vm)

ResourceAction06

Now set the parameter of the displayToolsStatus  action to be the hiddenVM instead of the VM input

ResourceAction07ResourceAction08

Remove and re-add the ASD Resource action, make sure to still select the vm Input as the Input Resource

ResourceAction09

 

and now the form will be correctly populated.

ResourceAction10

This VMware KB post relating to a similar issue helped me get to the bottom of this.

Deploying a vShield Edge: “The virtual machine is not supported on the target datastore”

FailedEdgeDeploy02Attempting to deploy a vShield Edge (5.5) via an API call, I was greeted with the following error:

Content as string: <?xml version=”1.0″ encoding=”UTF-8″?>
<error><details>Failed to publish configuration on vShield Edge. Failed to deploy edge
appliance.</details><errorCode>10105</errorCode><rootCauseString>The virtual machine is not supported on the target
datastore.</rootCauseString><moduleName>vShield Edge</moduleName></error>

 

The API call was the second of two calls to deploy an Edge device into a vSphere Datacenter and Cluster, i.e. one Edge per datacenter, into a specified cluster.

The first Edge was deployed successfully, but not the second. Both clusters were configured in a very similar manner, the only real difference being the name of the datacenter they belonged to. Everything was hosted in a lab based solution using nested ESXi hosts.

My GoogleFu revealed not a lot more than this API reference doc and this description:

The virtual machine is not supported on the target datastore. This fault is thrown by provisioning operations when an attempt is made to create a virtual machine on an unsupported datastore (for example, creating a non-legacy virtual machine on a legacy datastore).

Much troubleshooting ensued before a resolution. Given that it was a lab all, of the ESXi hosts in both vSphere datacenters had access to the same datastores. While not typically a good idea for production, it had been an easy way for me to get the lab up and running. vSphere was quite happy for me to run things like this with VMs in both datacenters on the same datastores. vShield however, was not so happy and this turned out to be the reason it was failing to deploy with “The virtual machine is not supported on the target datastore”.

Reconfiguring the storage so that datastores were limited by datacenter then permitted successful Edge deployment in both sites.

FailedEdgeDeploy03

Calling PowerShell.exe -Command ScriptName and Parameters with Commas

Bit of an obscure one this, but I hit it recently and wasted some time on it so I thought it might be useful for someone, somewhere, someday.

If you need to call a PowerShell script via a command line style prompt (maybe in a scheduled task or an external system like vCenter Orchestrator) there are a number of different options.

I was troubleshooting a problem where an existing system was failing with a command along the lines of this:


C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command C:\Scripts\TestComma.ps1 -input1 'banana,pear'

and would fail with the following error:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe : C:\scripts\TestComma.ps1 : Cannot process argument transformation on parameter
At line:1 char:1
+ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command C:\scripts\Te …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (C:\scripts\Test…n on parameter :String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError

‘Input1′. Cannot convert value to type System.String.
At line:1 char:34
+ C:\scripts\TestComma.ps1 -input1 banana,pear
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [TestComma.ps1], ParameterBindi
ngArgumentTransformationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,TestComma.p
s1

PowerShellCommandComma01

So it looked like it was having an issue with the string being supplied as the parameter ‘banana,pear’ even though there is normally no issue with this being a string. I eventually tracked it down to being a problem with the comma – with no comma there is no issue.

Note: This is only an issue when being called by powershell.exe. When used in a standard PowerShell console or script there is no issue with this text being a string:


('banana,pear').GetType()

PowerShellCommandComma05

There are a number of ways round this:

1) Run it from cmd.exe

Sacrilege I know, but the system I was working with effectively was calling it from cmd.exe which subsequently didn’t experience the issue.

PowerShellCommandComma02

 

2) Escape the comma

Escape the comma character like so


C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command C:\scripts\TestComma.ps1 -input1 'banana`,pear'

PowerShellCommandComma03

3) Use the File parameter instead

The better solution in my opinion is to use the File parameter. I typically use this anyway rather than the Command parameter. It was introduced in PowerShell v2 and has been my preferred way of doing this kind of thing since then.


C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File C:\scripts\TestComma.ps1 -input1 'banana,pear'

PowerShellCommandComma04

 

UKVMUG November 2014

The agenda for this year’s UKVMUG at the National Motorcycle Museum in Birmingham has just been published and what a line up the organisers have put together this year! It genuinely does seem to get even more impressive every time and I know for a fact that the organisers put an unbelievable  amount of effort into making that so.

VMUG

I’m really pleased to see that this time round they have included all of the community sessions in the mezzanine area on the main agenda page. Consequently, when you look at the line up for the day, there is an unbelievable amount of  quality content choices to pick from. If you work with VMware virtualisation then you can’t fail to find something to interest you on that list.

I’ll be attending the day and have been fortunate enough to be given the opportunity to take one of the community mezzanine sessions. I’ll be going through some of my recent experiences with vCO in vCAC and how to learn from those (and many mistakes) when looking to design vCO workflows for use in vCAC. If you’re interested in that topic then please come along with questions and of course your own suggestions so we can all learn and improve.

Agenda  
TimeEventLocation
7:30 - 8:20 Registration | BreakfastTrafalgar Foyer
8:20 - 8:30 VMUG WelcomeBritannia Suite
8:30 - 9:30VMware Update/Keynote | Joe Baguley | CTO Rant-as-a-ServiceBritannia Suite
9:30 - 10:00Break | Exhibit Hall Opens | Mingle with SponsorsImperial Suite
10:00 - 10:40 Breakout Block #1 | Education Sessions
Size Matters! Availability Best Practices for Small, Medium, and Big Data Organizations - VeeamBracebridge Suite
Utilising VMware Virtual Volumes (VVOLs) and Nimble Storage for Multi-Workload Application-Centric Virtualized Environments - Nick Dyer, Nimble StorageBallacraine Suite
Simple, Scalable Virtual Platform for Your VM's with Nutanix and vSphere - Darren Woollard, NutanixWaterloo Suite
VMworld - The Unofficial Low Down on Everything VMworld - Julian WoodBritannia Suite
Best Practices for Smarter Virtualization Management: Customer Case Study with VMTurbo, VMTurboKirkmichael Suite
Side-Session 1 - Using Virtual Appliances in Your Home/Work Lab Discussion Group (Simon Seagrave)Mezzanine
Side-Session 2 - Optimal VDI for Your Users - How? Discussion/Whiteboard GroupMezzanine
Side-Session 3 - Ask the CTO Anything - Small Forum with Joe Baguley (EMEA CTO, VMware)Mezzanine
GSS Drop-in Clinic - Ask VMware Support (GSS) AnythingMezzanine
10:40 - 10:50Break | Mingle with Sponsors
10:50 - 11:50Breakout Block #2 | Education Sessions
VSAN: Gotchas and Troubleshooting - Cormac Hogan, VMwareBracebridge Suite
Overview of EVO:RAIL: The Radically New Hyper-Converged Infrastructure Appliance 100% Powered by VMware - Mike Laverick, VMwareBallacraine Suite
vRealize Operations 6 – Everything You Need to Know! - Matt Steiner, VMwareWaterloo Suite
What’s Coming for vSphere in Future Releases? - Duncan Epping, VMwareBritannia Suite
VMware NSX: Software Defined Networking in the real-world - Chris WahlKirkmichael Suite
Side-Session 1 - Ask the Expert: PowerCLI & Automation (Alan Renouf, VMware)Mezzanine
Side-Session 2 - vSphere Design Whiteboard (Darren Woollard)Mezzanine
Side-Session 3 - Sam McGeown (VMware NSX)Mezzanine
GSS Drop-in Clinic - Ask VMware Support (GSS) AnythingMezzanine
11:50 - 13:00Lunch Break | Mingle with Sponsors
13:00 - 13:40Breakout Block #3 | Education Sessions
Why Advanced Data Services Matter In Hyperconverged Platforms - Hugo Phan, Atlantis ComputingBracebridge Suite
Real-World Private Cloud: Exploring the Design and Implementation of an Enterprise Cloud Project, TintriBallacraine Suite
Hypervisor-Based QoS: Helps With The Symptoms, But By Itself It’s Not The Cure, SolidfireWaterloo Suite
VMware Horizon Architecture and Design - Barry Coombs / Peter Von OvenBritannia Suite
Virtualize your business-critical applications utilizing Software-Defined Data Center technologies including vSphere, vSAN, and NSX, BrocadeKirkmichael Suite
Side-Session 1 - VMware Disaster Recovery with Mike Laverick and Lee DilworthMezzanine
Side-Session 2 - What is Hyper-Convergence? Discussion group (Matt Northam)Mezzanine
Side-Session 3 - Designing Real-World vCO Workflows for vRealize Automation Center (vCAC) (Jonathan Medd)Mezzanine
GSS Drop-in Clinic - Ask VMware Support (GSS) AnythingMezzanine
13:40 - 14:10Break | Mingle with Sponsors
14:10 - 15:10Breakout Block #4 | Education Sessions
The Role of Network Virtualisation in the SDDC - Dan Watson, VMwareBracebridge Suite
EUC update - Peter Von Oven, VMwareBallacraine Suite
vSphere Availability Updates and Tech Preview - Lee Dilworth, VMwareWaterloo Suite
Everything Virtual Volumes (VVOLs) - Paudie O'Riordan, VMwareBritannia Suite
vCloud Air Technical Deep Dive - Simon GreavesKirkmichael Suite
Side-Session 1 - Virtual Machine Backup Best Practices, Tools & Tips - Ricky El-QasemMezzanine
Side-Session 2 - Networking Deep-Dive Discussion Group/Whiteboard with Chris WahlMezzanine
Side-Session 3 - Storage for Dummies - Paul MeehanMezzanine
GSS Drop-in Clinic - Ask VMware Support (GSS) AnythingMezzanine
15:10 - 15:20 Break | Mingle with Sponsors
15:20 - 16:00Breakout Block #5 | Education Sessions
Re-Thinking Storage by Virtualizing Flash and RAM - Frank Denneman, PernixDataBracebridge Suite
All-Flash Storage: 5X Faster, 10X Less Power, 100X Easier, Pure StorageBallacraine Suite
Cisco and VMware: Transforming Desktops into End User Workspaces, CiscoWaterloo Suite
Clouds, Portals, Automation and DJs - Ricky El-QuasemBritannia Suite
Navigating the New Security Designs - Bo Skeel, BitdefenderKirkmichael Suite
Side-Session 1 - Designing Real-World vCO Workflows for vRealize Automation Center (vCAC) (Jonathan Medd)Mezzanine
Side-Session 2 - vCloud Air: Ask the Expert - David HillMezzanine
Side-Session 3 - Ask the CTO Anything - Small Forum with Joe Baguley (EMEA CTO, VMware)Mezzanine
GSS Drop-in Clinic - Ask VMware Support (GSS) AnythingMezzanine
16:00 - 16:50Closing Keynote | Chris Wahl | Stop Being a MinesweeperBritannia Suite
16:50 - 17:00Closing Session & GiveawaysBritannia Suite

Unable to Edit vCO Workflow after Package Export / Import

While moving some vCO content over from one server to another via the process of creating a package on Server1, exporting the package and then importing the package into Server2, something went awry and I was no longer able to edit some of the workflows.

Specifically, the workflows in question looked like this with the pencil edit button greyed out:

NoEditWorkflow

A clue was given in the User permissions section with both Add to package and Edit contents unchecked:

NoEditWorkflow02

This was not the case back in the original workflow on Server1.

It is possible when exporting a package to set various permissions, if for some reason you did not want them to be available where they would be imported.

NoEditWorkflow03

However, in this instance all of the above checkboxes had been ticked during package export, so it remains a mystery what had occurred since not all workflows in the package suffered from the same fate.

The resolution was to track down the affected workflows, as well as actions and resources that also contained the same symptoms and create a new package on Server1 with just those items. Import the new package into Server2 and ensure you just overwrite the affected items, not anything else. Then check all items are successfully editable.

Tip: To track down affected workflows, add the top level folder of workflows to a package. Then on the workflows tab of the package, sort by the Rights column and you will have a view of which workflows are missing which rights. Note that workflows in the default Library folder typically do not have the edit right.

NoEditWorkflow06

 

I got a hint of what might be wrong from this VMware Communities Post