EP12 – Observations From The Other Side

In episode twelve of The VCDX Podcast, I am joined by two special guests to talk about their recent experiences of being observers in the latest VCDX defenses.

News & Updates

The forthcoming online VCDX Workshop

March 2020 Defense Applications close on Monday, January 4th. Don’t wait until the deadline to submit!!

Interview Notes & Links

This week’s special guests are:

Q&A

As always, if you have any questions you want answering on the Podcast, please send them to me via the two options below:

I’m always looking for feedback and ways to improve the podcast, so please, contact me with any thoughts and feedback you might have. If you enjoyed this episode, please remember to subscribe (using the links below) and let others know about it on social media.

Getting Started With Oracle Cloud VMware Solution (OCVS) – Deployment Overview

In the most recent ‘Getting started with Oracle Cloud VMware Solution (OVCS)’ post; Getting Started With Oracle Cloud VMware Solution (OCVS) – Deploying The SDDC With HCX we deployed ourselves a VMware vSphere Software-Defined Data Center (SDDC) along with VMware HCX into Oracle Cloud. In this post, I’m going to do a high-level review of the SDDC deployment which includes the VMware vSphere components (vCenter, ESXi Hosts), NSX-T Manager, and VMware HCX. Subsequent posts will dive deeper into the configuration.

SDDC Deployment Overview

OCVS - SDDC 

  1. Login to the OCVS console
  2. Select the correct Region that you wish to deploy the OCVS SDDC into. (This should be the same region that the SDDC and Bastion host were deployed into)
  3. Click on the burger icon at the top left of the screen to display the menu
  4. Scroll down on the left-hand side menu and select VMware Solution
    • Select the name of your newly deployed SDDC

We are now presented with the SDDC information. This page contains all of the important URLs, IP Addresses, Usernames, Passwords that you’ll need to access and manage your environment.

OCVS - SDDC Details
Read the rest of this entry »

Getting Started With Oracle Cloud VMware Solution (OCVS) – Deploying The SDDC With HCX

Following on from my recent post; Getting Started With Oracle Cloud VMware Solution (OCVS) – Deploying A Bastion Host which documents the steps needed to deploy a bastion host on Oracle Cloud, that will be used to access our OCVS SDDC. We can now deploy the SDDC, including VMware HCX (optional).

As you will see, the deployment process is very simple and straightforward. Once we have successfully deployed the SDDC and HCX, in the next blog post in this series, we’ll take a closer look at how the solution is deployed within Oracle Cloud.

Prerequisites

  • SSH Keys
    During the deployment of our bastion host, we created a set of keys (public and private) that were used to access the bastion host via SSH. The same approach is used with the ESXi hosts in the SDDC. Instead of providing a root password, we need to supply our public key.

Deploying the SDDC

OCVS - Select VMware Solution
Read the rest of this entry »

Getting Started With Oracle Cloud VMware Solution (OCVS) – Deploying A Bastion Host

As part of my new role at VMware, I recently got access to Oracle Cloud VMware Solution (OCVS as it’ll be called from now on) to check out their solution and begin to understand how it all works. If you aren’t familiar with OCVS, you can read more about it here; Oracle Cloud VMware Solution

As part of my discovery and learning process, I thought I would try and share some of my thoughts and findings as I go about learning this new, cool, solution.

By default, after deployment, the OCVS SDDC is not available directly via the internet, which means my first task is to deploy a bastion host that will be used to enable external access into the Oracle Cloud environment. While the process isn’t complicated, I thought I’d document the process step-by-step, to make it easier for others in the future. I used this official Oracle Cloud Bastion Host document as a guide throughout the process. (Note: A bastion host may not be required if you are using an Oracle FastConnect or an IPSec VPN to securely connect to the Oracle Cloud environment.)

When it comes to bastion hosts, there are many options for you to choose from. In this post, I’ll only document how to deploy a Linux virtual machine which can then be used to provide an SSH Tunnel, or used to install Apache Guacamole onto. If you really wanted to, you could deploy a Windows server and RDP to that instead. The type of bastion host you use is entirely up to you.

Below is a simple diagram of how the environment will be configured at the end of this post. I’ll have a single virtual server (bastion host) that is available on the internet via a public IP address.

OCVS - Bastion Host Network Design
Read the rest of this entry »

VMware Cloud Foundation Public Cloud-Hosted Services

In the past few months, there has been a surge in public cloud providers announcing their hosted VMware Cloud Foundation services. Here are a few examples:

In an attempt to try and keep up with the various cloud services that are becoming available, I’ve created the following page: Comparison: Public Cloud-Hosted – VMware Cloud Foundation Services to help me learn more about each individual service offering. Data on each service has been collected in order to have data points from all service providers available in a single place.

At the moment, the table includes information from the following cloud services:

The page will evolve over time as new services/features become available, so follow me twitter @Simonlong_ for updates. If a cell is empty it’s because I haven’t been able to find the information yet. If you notice any incorrect information, please contact me via twitter @Simonlong_ and I will do my best to update ASAP.

What is Datrium ControlShift?

Recently, Datrium has made a series of announcements, one being the introduction of our new product called ControlShift.

Following on from my previous post, ‘What is Datrium DVX?‘ and ‘What is Datriun CloudDVX?‘ I’ll explain in simple English what CloudShift is and highlight some of my favorite features.

Datrium ControlShift

ControlShift is a cloud-based, workload, and disaster recovery (DR) orchestration service. Using DR Plans (run-books), workloads, and data to be easily moved and/or recovered between multiple on-premises environments and/or VMware Cloud on AWS.


Datrium ControlShift

Like CloudDVX, ControlShift is a SaaS service managed by Datrium running in AWS. Customers do not need to install/manage/upgrade additional software, this is all managed by Datrium. For DVX customers, once ControlShift is enabled, it is seamlessly integrated with the Datrium DVX vCenter Plugin, shown below.

ControlShift Button

For non-DVX customers, ControlShift is accessed via a unique customer URL. Once logged into ControlShift, we are presented with the ControlShift Dashboard

Datrium ControlShift Dashboard

Within the CloudShift Dashboard, we can see an overview of the whole Datrium environment. We can see all of our vSphere Protected Sites, our DVX systems, our CloudDVX instance and if deployed, our VMware Cloud on AWS SDDC. The arrows between the sites in the Topology diagram illustrate the direction of replicated data between sites. In this example, all sites are replicating to CloudDVX. However, replication between on-premises is available when using Datrium DVX. Having data replication between sites and the cloud allows us to be able to quickly move workloads between sites or bring up workloads in the event of a site failure.

ControlShift Dashboard
Read the rest of this entry »

HCX Manager on ‘VMC On AWS’ Is Not Available After Deployment

I’m just putting together this short post more for my own benefit more than anyone else’s. This has happened to me a few times, so I wanted to document it down somewhere so I don’t forget it again.

After deploying HCX within VMC on AWS, I am unable to access the public HCX Manager URL.

HCX Manager Unreachable
After speaking with the VMC on AWS support team, they informed me that I needed to add a Firewall entry to the Management Gateway Firewall.

HCX Management Gateway Firewall Rule
The rule configuration was as follows:

  • Name: HCX External Access (you can name this whatever you wish)
  • Sources: ANY
  • Destinations: HCX (this is a predefined entry)
  • Services: HTTPS (TCP 443), ICMP (Echo Request)
  • Action: Allow

Once the Firewall rule was published, I was able to access HCX Manager. Hopefully, they’ll automate this process in the future or add it to the documentation somewhere.

HCX Manager Login Page

Why Datrium’s Automatrix Platform Is “Too Good To Be True!”

During my time at Datrium, I’ve been hearing more and more CIO’s and Head’s of IT say the following line whilst our Sales teams are pitching the Datrium Automatrix Platform.

This sounds too good to be true!

The reason why Automatrix is classed as “too good to be true” is because of what we as an IT industry have become accustomed to. We accept and expect IT systems to be complex to manage, maintain and require training to operate. It’s a given that you will need to use multiple vendor solutions in order to meet your business requirements.

So when a solution is presented to us that contradicts our many years of IT experience, we immediately pass it off as “too good to be true”, even if in fact, it is true!

Take for example VMware. We all know and love VMware and their products. However, it didn’t always use to be this way. Back in the early early days of VMware, adoption of VMware Server, as it was called then, was almost limited to use as a Disaster Recovery option as it wasn’t deemed something that could be used in production. Not because it wasn’t production-ready, but because it was “too good to be true” and no one believed that it could do what VMware said it could do.

It’s frustrating when you know first-hand how good something is, but other people don’t seem to want to listen to what you are telling them, especially when you know that they will benefit from it.

I recently read a fantastic article from James Clear; Why Don’t Facts Change Our Minds and I think much of what James talks about in his article relates to what I am seeing within the industry.

Truth and accuracy are not the only things that matter to the human mind. Humans also seem to have a deep desire to belong. Humans are herd animals. We want to fit in, to bond with others, and to earn the respect and approval of our peers. We don’t always believe things because they are correct. Sometimes we believe things because they make us look good to the people we care about.

If a brain anticipates that it will be rewarded for adopting a particular belief, it’s perfectly happy to do so, and doesn’t much care where the reward comes from — whether it’s pragmatic (better outcomes resulting from better decisions), social (better treatment from one’s peers), or some mix of the two.”

I think because of what James talks about, IT folk find it difficult to go against the status quo, even if a new product can be highly beneficial to a business. And I get it. We all want to fit in and be accepted by others, even if it holds many of us back.

its-better-to-walk-alone-than-with-a-crowd-going-in-the-wrong-direction

Summary

During my time in the industry, I’ve actually found that going against the crowd, whilst as difficult as it is, can often bring us the most success. Not everything works out, but when it does, it’s massive and usually a game-changer for you and your company.

So if you see/hear something that you think “This is too good to be true!”, don’t just push it aside. It could actually be true and you are going miss out on all of the value you will get from it. Take the pragmatic approach. Dig deeper. This could be a diamond in the rough.

Datrium is not “too good to be true!”. It is actually true! We can prove it. If you’ll let us of course.

Here are some fun (non-IT) examples of where I wished I had taken the pragmatic approach rather than listening to my social circles.

  • Cold Brew Coffee – Growing up in England, Coffee was always hot. If it was cold, you’d pour it away. Now I can’t get enough of the stuff!
  • Tempur-Pedic Mattress – Quite possibly one of the best purchases I ever made. They cost an arm and a leg, but OMG it’s soo comfortable. Even though TV commercials told me how good they were, I thought they were “Too good to be true”. Then I had a hotel room with one in and I’ve never looked back.
  • Yeti Tumbler – How good can a cup really be? Do I really need my drink to be kept cold/hot? I thought not. I got one as a gift for my birthday and I’ve pretty much used it every day since. I’ve even brought one for other people I know who’d love it, but like me, thought it was “Too good to be true”.

 

 

 

 

Why I’ve Hardly Blogged Over The Past Year, And It’s All Datrium’s Fault!

Keeping It SimpleLately, I’ve had a few people ask me “How come you aren’t blogging much anymore?”  My typical response to that question is usually “I’ve not really had much to post about!” Which, when I think about it, really doesn’t make sense. I joined Datrium a year ago, and since joining, it’s been a near-vertical learning curve, working on some ground-breaking technologies. So why don’t I feel like I have anything to blog about?

Well, over the past 10 years, my main reason for blogging was to share knowledge with others around, usually, complex technical issues and configurations. Some examples from the past few years:

So, this leads me to why I’ve not really posted much since joining at Datrium.

Why blame Datrium?

Read the rest of this entry »

vMotion Error – Failed to receive migration

I recently ran into a situation, when after adding a new ESXi Host into a vSphere Cluster that will be used for Nested ESXi, I was unable to vMotion live VM’s onto the new Host. The error message I was getting was ‘Failed to receive migration’

A quick Google search didn’t yield any results, so I had to resort to reading the logs. In the Virtual Machine log file (vmware.log) I noticed this error message: (Scroll to the right)

2019-01-10T20:31:06.254Z| vmx| I125: Msg_Post: Error
2019-01-10T20:31:06.254Z| vmx| I125: [msg.cpuid.vhv.enablemismatch] Configuration mismatch: The virtual machine cannot be restored because the snapshot was taken with VHV enabled. To restore, set vhv.enable to true.

Doing a quick search of the term: vhv.enable showed me that this is required to be set on hosts that are being used for Nested ESXi. Thanks William Lam (https://www.virtuallyghetto.com/2012/08/how-to-enable-nested-esxi-other.html)

So I ran the following command on the new ESXi Host:

echo 'vhv.enable = "TRUE"' >> /etc/vmware/config

After that configuration was added to the config file, vMotions began to function as expected.