Sunday, December 30, 2012

PVLANs

About Private VLANs
The private VLAN (PVLAN) feature addresses two problems that service providers face when using VLANs:
       ·     The switch supports up to 1005 active VLANs. If a service provider assigns one VLAN per customer, this limits the numbers of customers the service provider can support.
       ·   To enable IP routing, each VLAN is assigned a subnet address space or a block of addresses, which can result in wasting the unused IP addresses, and cause IP address management problems

PVLAN Overview
Using PVLANs provides scalability and IP address management benefits for service providers and Layer 2 security for customers. PVLANs partition a regular VLAN domain into subdomains. A subdomain is represented by a pair of VLANs: a primary VLAN and a secondary VLAN. A PVLAN can have multiple VLAN pairs, one pair for each subdomain. All VLAN pairs in a PVLAN share the same primary VLAN. The secondary VLAN ID differentiates one subdomain from another
For Complete Article Visit following Link

Use Case
In our case VLAN 10 is Remote Management VLAN i.e. we have allowed VLAN10 over IPSEC tunnel .We have Jumpbox VM per Customer which has 2 NICs, 1 within Customer Network and 2 in Remote Management Network (VLAN 10). As VLAN 10 is common network between Customers using PVLANs we will be block communication between Customers over VLAN 10

Configuration Overview
Primary VLAN ID - 10 192.168.7.0(/24)
Secondary VLAN ID - 1010. It will be isolated

Virtual Machines
VM 1 :- 192.168.7.18 (Promiscuous) :- DVPort Group as Promiscuous PG
VM2 :- 192.168.7.19 (Isolated) :- DVPort Group as Isolated PG
VM3: 192.168.7.20 (Isolated) :- DVPort Group as Isolated PG

Physical Switch Configuration
Primary VLAN Configuration
vlan 10
private-vlan primary 
private-vlan association 1010
Secondary VLAN Configuration
vlan 1010
private-vlan isolated
Switch Port Configuration. In our case it is gi0/2
Configure the port as trunk and allow primary and secondary vlans
switchport mode trunk
switchport trunk allowed vlan 10,1010
Layer 3 Configuration & Connectivity for Primary vlan
interface vlan 10
ip address 192.168.7.1 255.255.255.0
private-vlan mapping add 1010

DVSwitch Configuration
Create and configure PVLANs in dvswitch with VLAN 10 as primary and VLAN 1010 as isolated
Create Port Group for the dvswitch as Promiscuous VLAN along with VLAN ID as PVLAN
Create Port Group for ISOLATED VLAN along with VLAN ID as PVLAN
Map the VMs with the PortGroups
Edit the Settings for the all the 3 VMs and the Change the Network Label for the second NIC cards
Here we have changed the second NIC card to the Isolated PG for the Jumpbox VM
Assign IPs to the VMs and Test the functionality
Assign the IP Address as mentioned
VM 1 :- 192.168.7.18 (Promiscuous) :- DVPort Group as Promiscuous PG
VM2 :- 192.168.7.19 (Isolated) :- DVPort Group as Isolated PG
VM3: 192.168.7.20 (Isolated) :- DVPort Group as Isolated PG

Results
VM1 should be able to communicate to VM2 and VM3
VM2 should only communicate to VM1 not VM3
VM3 should only communicate to VM1 not VM2

Saturday, December 29, 2012

How to Create DVSwitch using WebClient 5.1

Access the web client http://ipaddress:9443/vsphere-client and Navigate to the Distributed Switches and Click Add Button(Green Plus Sign)
It will open up the new DVSwitch Wizard
Select the version of DVSwitch. We have ESXi 5.0 so we selected the second option which is version 5.0.0
Select the Number of Uplinks. Default is 4 and Whether Default Port Group should be created or not
Confirm the settings on the Ready to Complete Screen
Now we have to Add and Manage Hosts from the Actions Menu

It will open up the Add Host Wizard
Click Add Button (Green Plus Sign) and select the Host
Select the Host and Click Next
 Select the NIC to be used as uplink for DVSwitch
Optionally you can migrate the existing Virtual Adapter to the DVSwitch. In our case we will skip it
Confirm Settings on Ready to Complete Screen
You should see the newly created DVSwitch. For our case we created the switch for testing PVLAN
Keep an eye on the next post it will be for PVLANs

Wednesday, December 26, 2012

Host Profiles

Introduction
Capture host level configuration settings and save them as a template to configure other vSphere hosts. Monitor hosts for configuration changes and automatically alert vSphere administrators if a host falls out of compliance.
  • Reduce the time spent manually configuring vSphere hosts
  • Ensure host configuration consistency and compliance
  • Standardize storage, network and security configurations across vSphere hosts
  • Enables stateless (diskless) host configurations with vSphere Auto Deploy
Procedure
Connect to vCenter Server and go to Home and Click Host Profiles
Create Profile to open the Profile creation wizard
Select option Create profile from existing Host
Select the reference host to create the profile
Enter the name and description of the profile

 
 



Monday, December 24, 2012

SRM Updates – 5.1.0.1 and 5.0.2 Released

What's New

VMware vCenter Site Recovery Manager 5.0.2 offers the following improvements:
  • Added support for protection and IP customization of the following guest operating systems:
    • Windows 8 (32-bit and 64-bit)
    • Windows Server 2012 (32-bit and 64-bit)
    • RHEL Server 6.2 and 6.3 (32-bit 
    • and 64-bit)
    • Ubuntu 12.04
NOTE: To protect virtual machines that run the above operating systems, you must upgrade ESXi Server to version 5.0 update 2 on both the protected and recovery sites.
  • The vSphere Replication management server accepts MD5 certificates. See Caveats and Limitations.
  • Upgraded OpenSSL 0.9.8m to 0.9.8t for improved security. This addresses the security advisory that was issued forOpenSSL in January 2012.
  • Auto-generated certificates use RSA keys of 2048 bits.
  • Bug fixes described in Resolved Issues.
 http://www.vmware.com/support/srm/srm-releasenotes-5-0-2.html#whatsnew

Friday, December 21, 2012

vSphere Replication for existing SRM 5.0

Procedure
Configure Database for VRM and VR Servers
Configure Storage for VRMS and VR
Configure Storage for the Protected VMs
Install vSphere Replication in SRM Setup
Configure VSR
Configure Replication for VMs
Create Protection Group
Create/Modify Recovery Plan


SRM DR IP Customizer

Navigate to following Path
C:\Program File <x86>\VMware\VMware vCenter Site Recovery Manger\bin
Generate the CSV file using following command
dr-ip-customizer.exe --vc 172.16.18.3 --cfg ..\config\vmware-dr.xml --i --cmd generate --o ProtectedVMs.csv
It will prompt for the user name and password
Once completed it will generate the csv file in the same folder where you are running the script i.e.
C:\Program File <x86>\VMware\VMware vCenter Site Recovery Manger\bin

Modify the CSV file
Insert the column and modify the adapter to 1 and specify the IP Details
Apply the CSV file generated
Drop the Settings using CSV file
dr-ip-customizer.exe --cfg ..\config\vmware-dr.xml --i --cmd drop --csv ProtectedVMs.csv --vc 10.20.2.3

Oracle 11G RAC Clustering on VMware

1. In vSphere Client, select a virtual machine.
2. Right-click the name of the virtual machine and select Edit Settings to display the Virtual Machine Properties pane.
3. Click Add to display the Add Hardware wizard.
4. In the Add Hardware wizard select Hard Disk for the Device Type, and click Next.
5. In the Disk section of the Select a Disk page, select Create a new virtual disk. Set the disk size to 20GB, select the Support clustering features such as Fault Tolerance check box, and select CRS1 to specify a datastore. Also, for vSphere 5, in the Disk Provisioning section select Thick Provision Eager Zeroed. Click Next.
6. On the Compatibility Mode page, click Next.
7. On the Advanced Options page, in the Virtual Device Node section, select SCSI (1:0). In the Mode section, select Independent. Click Next.
8. On the Ready to Complete page, click Finish.
9. Click OK.


This is the doc I am referring to


RDMs with SRM 5.0

Procedure
  1. Create the LUN for RDM disks
  2. Add the RDM Disk to the VM
  3. Initialize and Format the disk from Operating System
  4. Copy some data on the RDM LUNs
  5. Ensure newly added RDM disk shows replicated in Protection Group
  6. Perform Test/Actual Recovery