VMware Home Lab – Ravello

After a long time, I am coming back here and sharing my work, experience, and thoughts with all of you. A year back I started writing blogs about technology but it quickly went under the carpet and couldn’t able to continue the same. I felt that without having my own lab i won’t be able to engage with the community the way i wanted to. So here I am with my off-premise cloud lab.

I was doing a little bit of research to get the best lab setup for my learning and thought about Intel NUC to consider my physical hosts but quickly realized that it won’t be a good idea to have a bunch of physical hosts and dangling cables at my home. I didn’t feel the need for the on-prem lab as it was not offering me any additional benefits. So the only option left for me was to set up my VMware lab on the Public Cloud.

There were mainly 3 reasons for opting out a cloud-based solution.

  • Pay as you Go, the Capital cost of setting up the on-prem home lab was very high for me.

 

  • Scalability, ability to scale up/down compute resources is simply a cakewalk for us, all thanks to virtualization and cloud infrastructure. Scalability by default allows you to optimize your resources and results in an efficient infrastructure, However, that’s not the case with the hardware infrastructure. 

 

  • Hardware refresh, a typical lifecycle of any hardware is around 3-5 years and after that, it requires an upgrade to catch up with the trend. It is certainly not a good idea to have a bunch of hardware (Host, switches, Routers etc.) and periodically upgrading them. you simply can’t afford hardware maintenance cost just to keep your Lab infrastructure running.

927091980

#Ravello

Ravello was a startup founded by few KVM hypervisor developers and after that, it was acquired by Oracle. The unique ability of nested virtualization provided by #ravello allows us to host ESXi as a virtual machine on HVX hypervisor. I guess it is the only cloud provider which is offering nested virtualization thus becoming the only option for hosting VMware home lab on the public cloud. I figured it out about Ravello a few months back but at that time Ravello offering was not available for trial in India. However, the good news is that it’s now available for 30 days trial and has very competitive rates. It provides all the key feature which requires you to get started.

The interesting thing which I liked most about Ravello is, it provides key network services like DNS, DHCP, L2/L3 networking layer, VLAN and firewall services on the fly, Which essentially means that you can save few $$$ by not to deploy additional VM just to use these services for your lab environment.

As of today, I am able to setup 3 ESXi hosts, 1 VCSA 6.5, and a windows server 2016. Able to quickly configure my lab environment with public IPs so that I can seamlessly access all my workloads over the internet as an when required. In fact, I was impressed with the new ESX #H5client which was accessible on my smartphone and giving seamless experience on my mobile phone though it’s not a required thing for production infrastructure.

Take a look at below screenshot of ESXi which was accessed over the internet on a mobile browser.

Lab

The plan is to build this lab environment with different use cases, test vSphere upgrades with different test scenarios, and to build/test cloud-based automation solutions around it. I will keep sharing interesting use cases and “how to” stuff as I go along with this.

Feel free to post your queries, feedback or suggestions on “Virtual Reality” 

Thanks,

 

 

 

My Failed Attempt with PowerShell DSC + VMware !

The Idea: 

  1. Have a DSC Configuration for vSphere which get status of  vSwitch Security Policies like Forged transmit, Promiscuous mode and MAC address change.
  2. All 3 security settings must be set to Reject.
  3. DSC Configuration should set above 3 settings to Reject if it is not.
  4. And finally apply this configuration to all ESXi host in vCenter. 

In recent days I am learning PowerShell DSC. No doubt it is a great tool but need more DSC resources for various technologies. I am sure that PowerShell community will rise above all and work toward making DSC more powerful.

My initial idea was to create a vSphere Security Configuration for vSwitch Security policies using PowerShell DSC. However, It didn’t work out for me as expected. Initially i struggled with Script resource and variable scope in GetScript, TestScript and SetScript block. Basically I was not able to pass variable in Script Block. This issue is documented here. Thankfully with the help of my colleague Rohit Sharma, We were able to resolve variable scope issue. Bottom line of that issue is, we have to use $using to pass the data in script block(Get,Set and Test).

It was a great relief for me to resolve above issue but…. Problems didn’t stop here. GetScript Block returns hash table values. So, If you try to return any PowerShell Object, Variable or any other object then this script block will throw an error. Ultimately you have to return hash table.

Well, That was sorted out. GetScript and TestScript looked to be working fine but another problem occurs at SetScript block. This time we figured out that session which was connected with Connect-VIServer is no longer available in SetScript block, which means that it will not execute any PowerCLI commands and will throw an error

DSC

“You are not currently connected to any servers. Please connect first using a Connect cmdlet.”

Why is it throwing this error? I figured out that DSC Script resource has 3 script block; GetScript, TestScript and SetScript. These script block does not execute anything but pass its value to Get-TargetResource(), Test-TargetResource() and Set-targetResource as a parameter respectively. These functions uses Invoke-command cmdlet on remote computer or localhost. That was the reason for sing $using: for local scope variables and also reason for not passing connected VMware sessions to SetScript block.

Below is the Code for reference. Feel free to test this in POC/Test environment. 

 

As of now i am still struggling to fix these issues. Looks like DSC Script resource has some limitations.

What Next?

  1. Will Understand “How to create custom DSC Resources using PowerShell Classes and Object?”
  2. Will try to build a custom resource by my own.

Hopefully I will be able to resolve this issue and will come out with a DSC Configuration for vSwitch Security policy.

Thanks

 

 

ESXCLI+PowerCLI: Perfect fusion for ESXi

powershell-cim_1

Hello Everyone,

In this post I will discuss about managing ESXi hosts using ESXCLI and PowerCLI. Yes, You got it right. ESXCLI is one of the widely used command line interface for ESXi whereas PowerCLI is a PowerShell based snap-in for VMware.

ESXCLI is intended to provide a single set of commands to perform host based administrative tasks. ESXCLI has set of namespace for various components like network, storage, device etc. Refer below pic to see available namespaces.

How to run ESXCLI?

Well working with ESXCLI is very simple. Take a putty session to host and type esxcliOnce you run this command then it will show you all the available namespace under ESXCLI. Further more you can type child namespace and it will show you available namespace and commands under that.

Ex. 1

~ # esxcli network nic list

The above command will list NIC details (MAC, Adapter type, Link status etc.)

ESXCLI
ESXCLI Namespace

When you have very small environment or performing specific tasks on 1-2 esxi then taking a putty session and running ESXCLI command is not a big pain. However there are scenarios where you want to perform management tasks on large number of ESXi hosts then above approach may not be a feasible one. Such scenarios could be-

  1. Getting certain reports across all the hosts (Firmware, driver version or specific configuration detail)
  2. Setting up standard configuration across multiple hosts or entire environment.

etc.

So in such type of scenario you would like to automate the task. For that obvious choice would be PowerCLI.

Tip: PowerCLI is a PowerShell snap-in for VMware. There is no specific training required for PowerCLI. 

How to execute ESXCLI Commands using PowerCLI?

PowerCLI has a cmdlet called Get-ESXCLI, This cmdlet can be executed against remote ESXi hosts. This can be done by passing a value (hostname) to -VMhost parameter. Refer below command-

PowerCLI C:\> Get-Esxcli -VMhost TestEsxi.poc

The above command will give you available ESXCLI namespace on TestEsxi.poc host.

For a moment let us consider Ex 1. ~ # esxcli network nic list

Same result can be achieved via executing below command in PowerCLI.

PowerCLI C:> (Get-Esxcli -VMhost "TestEsxi.poc").network.nic.list()

How to automate same task for multiple hosts?

Below is the PS script which will automate same task for multiple host. I don’t think that below script needs any explanation, It is very simple and straight forward script. First, You Get content from a .txt file. This file contains ESXi Host names. In later part you are just taking hostname one by one and dynamically passing it to cmdlet.

Please refer below screenshot for same, Though it does not harm anything to your environment but still i would highly recommend you to run this in POC first. Also please note that you have to connect vCenter first.

PowerCLI C:> Connect-VIServer -Server vCenterName

 

ESXCLItest.PNG
ESXCLI Test

Conclusion:

ESXCLI is a great tool for ESXi management and capability to integrate with PowerShell is just awesome. Next time if you have to collect few reports from multiple ESXi hosts then try to automate those reports using PowerCLI and ESXCLI.

FAQs:

  1. How to Learn PowerShell?
  2. How to install PowerCLI within PowerShell Console?
    • Check out this blog for your reference

Hope you liked this post, Please comment and share your feedback in comment section.

Thanks,

Resource Pool – Conclusion

In my previous posts about resource pool I have stressed on Resource Pool hierarchy. I have also highlighted one tip related to resource pool hierarchy, If you have not noticed that then below is the tip once again-

Tips: It is best practice to not allow VMs and resource pools to be siblings with each other. Otherwise, when there is contention, it is very likely for the VMs inside the pool to loose out in competion with VMs outside the pools.

So, Here I am trying to explain you why it is so and what impact it will have. Before I begin I would also like to state that Shares comes into picture only when there is a resource contention. If there is no resource contention then VMs will get resources whatever they require.

So coming back to the point, Let us assume that we have 3 resource pool with default share values High, Normal and Low. So in in the event of resource contention resource allocation would be in 4:2:1. Refer below Pic once again.

Shares
Resource Sharing: High, Normal and Low.

So far pretty straight calculation. Now assume that I have 11 VMs and I put 2 VMs in High, 1 VM in Low and 8 VM in Normal. So what you may think is in event of resource contention High priority VMs will get more share then normal resource pool VMs and Normal VMs should get more shares then Low resource pool VMs. Ideally that is what we wish for but unfortunately that does not happen. Have a look at below table which shows that how much shares each VM will get.

This clearly shows that with above distribution of VMs will give more shares to Low resource pool’s VM.

VM Share Resource Pool
VM-1 28.5 High
VM-2 28.5 High
VM-3 3 Normal
VM-4 3 Normal
VM-5 3 Normal
VM-6 3 Normal
VM-7 3 Normal
VM-7 3 Normal
VM-8 3 Normal
VM-9 4 Normal
VM-10 4 Normal
VM-11 14 Low

Share Distribution
Resource Distribution

You must be wondering how did it happen. So In case of shares, hierarchy and VM distribution is very important. When I add 2 VMs in High resource pool then as per 4:2:1 share, High gets 57% of share and as it has 2 VMs it evenly distributes this to both the VMs and each VM gets 28.5% of share.

Same applies for Normal and Low, Normal had 8 VMs so share value of normal resource pool 29% is evenly distributed among 8 VMs and ended up getting 3-4%. Now in case of low resource pool which had only one VM hence it gets 14% share.

Imagine if i have 3 resource pool and one VM-x which is not part of any resource pool. which means that VM and all 3 resource pool are in same hierarchy with respect to their parent cluster. Hence VM-x is sibling to other 3 clusters. Now If I give VM-x share value as Normal which is default however. In this case Normal share will be distribute evenly between Normal resource pool and VM-x and gets 14.5% respectively. Hence VMs in resource pool will get shares out 14.5% and not from 29%. This will enable VM-x to get more resources then VMs in normal resource pool. This example clarifies the point, why we should not have resource pool and VMs as siblings.

This has also been explained by Duncan Epping in his post “The Resource Pool Priority-Pie Paradox” .

Conclusion:

  1. Do not use resource pool to organize your VMs. For organization of VM we have folders.
  2. While planning out resource pool make sure that you distribute VMs carefully.
  3. VM level reservation and Resource Pool level reservation works slightly different from each other. refer http://frankdenneman.nl/2010/05/18/resource-pools-memory-reservations/ 
  4. Strategies and review your resource management design periodically. As infrastructure may change dynamically.

Thanks for putting your effort in reading this article. Please comment and share your feedback in below comment section. Also feel free to post questions if you have any.

Enjoy!

Resource Pool- Part 2

Hello Everyone! In my first post I have explained about resource management and little bit about resource pool, Share, Limits and Reservations. I would highly recommend you to visit that post “Resource Pool – Part 1” if you have not done yet.

In this section I will talk about-

  • Resource Pool Hierarchy 
  • Create a resource pool 
  • Add/Remove VM(s) from resource pool
  • Expandable resource pool

Resource Pool Hierarchy

It is important to understand Resource pool hierarchy because if you don’t consider this while planning out resource pool then it may have adverse effect on Virtual machines. So let us refer below picture.

**Pic Courtesy: VMware 

RS Hierarchy
Resource Pool Hierarchy 

So what we are seeing here is root resource pool, Siblings, Parent resource pool and child resource pool. Here, DRS cluster named as CL-1 itself is a root resource pool because it is containing aggregate resources which are coming from ESXi hosts. Based on available resources it distribute resources to its child objects which can be virtual machines or resource pool.

CL-1 has 2 resource pool RP-Marketing and RP-QA respectively. These 2 are siblings to each other because they are sharing the same hierarchy. All 3 VMs which are in RP-Marketing are sibling to each other and sharing  the same relationship with their parent resource pool.

Also, resource pool can be nested with one another. If you refer the above pic then you will notice that RP-QA-UI is a child resource pool under RP-QA. In this case RP-QA is parent resource pool of RP-QA-UI resource pool.

Info: However, You can not define any more than 8 resource pool deep. Each Host can support up to 1600 resource pools which is also maximum number of resource pool per cluster.  #vSphere6

I will discuss later on why we need to keep resource pool hierarchy in mind during planning for it.

Tips: It is best practice to not allow VMs and resource pools to be siblings with each other. Otherwise, when there is contention, it is very likely for the VMs inside the pool to loose out in competion with VMs outside the pools.

As of now let us discuss on how to create resource pool and how to move VM(s) to it.

How to create a Resource pool ?

Steps are pretty much simple for creating a resource pool

  1. In the vSphere Web Client navigator, select a parent object for the resource pool (a host, another resource pool, or a DRS cluster).
  2. Right-click the object and select New Resource Pool.
  3. Type a name to identify the resource pool.
  4. Specify how to allocate CPU and memory resources.
  5. Finish

How to create Resource Pool
New Resource Pool Wizard 

How to move virtual machine to a resource pool?

  1. Locate respective VM from Web Client.
  2. Right Click and Select Migrate.
  3. Select Migration type as “Change Compute Resource Only”
  4. Select respective resource pool in which you would like to move this VM.
  5. Select Network, Do not change the network if it is not needed.
  6. Finish.

You can also migrate multiple VMs all together to a resource pool. In Virtual machine Tab select required VMs and migrate as per above process.

What is expandable resource pools?

If you review above pic titled “New Resource Pool Wizard” then you will notice that there is a check box labeled as Reservation Type Expandable. You must be wondering what this option is all about. Let’s discuss this further more.

Well as you have already know that VMs residing in resource pool gets resources from its parent resource pool. So let us assume that resource pool runs out of resources due to badly planned resource pool or unexpected resource demand, VMs residing in are not able to get reserved amount of resources then what will happen? Do we have any way to tackle this out? and answer is yes. It is expandable reservation

Expandable reservation allows resource pools to grow because they allow more VMs to power on even if their aggregate reservation exceeds the resource pool reservation. When you enable this check box for reservation type as expandable then it gets the resources from its parent in the event of resource contention. This process continues till VMs get required resources.

For example, refer below pic once again.

RS Hierarchy

Let is assume that we have 2 VMs in RP-QA-UI, Each VM having reservation of 2 GB of memory each. which means each VM will require 2GB + Overhead memory to power on the VM. Currently VM-Marketing is powered on and when we try to power on VM vcy169-w2k3net-lsi it fails to power on due to “insufficient resources” . Clearly there is not enough resources available for this VM. If its parent resource pool which is RP-QA-UI is set to expandable resource pool then admission control check its parent resource pool which is RP-QA, if there are resources available on RP-QA then admission control power on the VM. Admission control does this job until it check complete hierarchy. if there are still not enough resources available then it fails to power on.

In above example RP-QA-UI did not had enough resources hence it got the resources from its parent which is RP-QA. This has happened because resource pool reservation was expandable.

That’s it for now in this section. I will post one last section for resource pool and will discuss more on its planning and use cases.

Hope you liked this post. Please provide your feedback to me under comment section if you have any.

 

Resource Pool – Part 1

“Virtualization is all about Optimization, Efficiency, Scalability and Availability!”

Resources are something which comes at a cost. No matter how much resources you have if you don’t manage it well you become inefficient in your game. Hence resource management becomes key part to achieve Optimization, Efficiency, Scalability and Availability. In this post I will talk about resource pool, one of the key component which plays an important role in resource management. Also this post will certainly help a VMware Rookie to understand more about resource pool.

When we talk about resources in the context of resource pools then it means that we are specifically talking about CPU and Memory. 

In virtualization you deploy multiple virtual machines on top of hypervisior which in turn uses same hardware resources. Simply one hardware and multiple OS on top of that that’s cool stuff right! But how it is decided that what amount of resources a VM should get from available resources? What will happen when multiple VMs are competing for the same amount of resources at the same time? How can we ensure that VM(s) must get required amount of resources?. All these scenarios can be dealt with the help of resource pool.

In order to understand resource pool we need to understand Shares, Reservations and Limits first.

Shares: Shares represents relative importance of a virtual machine with respect to other VM(s)/Resource Pool. Shares are typically specified in 3 categories which is High, Normal, Low and these shares are specified with 4:2:1 ratio respectively. which means High share will get 4/7 resources out of total available, Normal will get 2/7 and low will end up getting 1/7 resources in the event of contention. By default, Shares are set to Normal for VM or Resource Pool.

Shares
Default Shares: High, Normal and Low

Reservation: Reservation is minimum guaranteed amount of resources (CPU/Memory) specified for a VM. If this guaranteed amount is not available to VM then VM fails to power on. Usually for critical VMs it is good to have reservation specified. By default there are no reservation set for VM or Resource Pool.

Limit: Limit specifies upper bound of  resources which can be allocated. This mean that a VM can not utilize resources more than specified limit even it has resource available to it. By default there are no reservation set for VM or Resource Pool.

It is not mandatory to have resource pool to configure Shares, Limits and Reservations on VM(s). You can configure these setting on VM(s) individually.

What is Resource Pool? 

Resource pool is a logical container which help us to prioritize importance of virtual machines. This is done by using 3 key attributes which are Shares, Reservations and Limits. VM(s), vApp and Resource pool itself can be a member of resource pool. Also, Resource pool gets resources from its parent and then allocates resources based on its attributes.

Resource Pool can be created on Standalone ESXi Host or DRS Cluster.

So far we have discussed about key attributes for resource pools and very basics of it. In next section I will talk about how to create resource pools and will compare and contrast different use cases for resource pools.

Stay tuned for my next post. Enjoy!