Category Archives: VMware

Trend Deep Security – Agentless Deployment with NSX – Issues with Web Reputation Service

So I’ve just had the pleasure of deploying Trend Deep Security via the Agent-less method, utilizing the NSX free license which allows guest introspection, but no other features.

Starting in NSX 6.2.3, the default license upon install will be NSX for vShield Endpoint. This license enables use of NSX for deploying and managing vShield Endpoint for anti-virus offload capability only, and has hard enforcement to restrict usage of VXLAN, firewall, and Edge services, by blocking host preparation and creation of NSX Edges.

The Issue

With the basic Deep Security License you get the following coverage;

  • Anti-Malware
  • Web Reputation Service

However upon deploying Trend and jumping through the various hoops. (flakey support for NSX free license). You will find that you have multiple errors showing against your VM’s.

Trend-Agentless-Issue-1

The Cause

After speaking with Trend, I received the following response, which seems kind of obvious; Continue reading Trend Deep Security – Agentless Deployment with NSX – Issues with Web Reputation Service

PowerCLI – Setup Host networking and storage ready for ISCSI LUNs

So I am no scripting master, my PowerShell knowledge is still something I want to expand. During an install last week I had a number of hosts to setup from scratch, so I decided to do this via PowerCLI, as a lot of the tasks were repetitive. Setting up the vSwitch networking and iSCSI configuration for each host

For those of you new to scripting, I’ve included screenshots to accompany the commands so you can see whats going on in the GUI.

Note: the full code without the breaks is at the end of this post

#Setup which host to target 
$VMhost = 'hostname'

Continue reading PowerCLI – Setup Host networking and storage ready for ISCSI LUNs

Further ESXi 6.0 CBT bug info – Reset your CBT!!!

Following on from the recent (November 2015) ESXi 6.0 CBT bug, which has now been fixed in the latest released patch ESXi600-201511401-BG, some further information has come to light, provided by Anton Gostev, of Veeam.

You can read the snippet of important information from the Veeam forum post following the issue (Official Veeam KB2075);

All, we have completed the first day of testing in the same exact lab and using the same heavy write I/O test that made the original issue easily reproducible. After a few TB of increments, the above-mention patch appears to fully resolve the original issue when installed on ESX 6.0 Update 1a build 3073146.

However, we found that simply installing the patch is not sufficient, and CBT reset is required for all of your VMs. This is because existing CBT map files may contain issues created earlier due to the original bug, which may result in inconsistent full backups in future. Having CBT reset will also force the following job run use "full scan" incremental pass, thus fixing any existing inconsistencies in backups and replicas, as discussed earlier in this topic.

Provided CBT reset has been performed, Active Full backups is not required.

Performing Active Full backups by itself cannot be considered as a substitute to CBT reset with this particular CBT issue.

Thanks!

You can either follow the CBT Reset instructions from Veeam or look over to Chris Wahl’s latest blog post “Resetting VMware’s Changed Block Tracking (CBT) File with PowerCLI”.

Regards

Dean

Exam Experience – VMware VCP6-DT #vDM30in30

Today I took the VCP6-DT exam. It will be retired on 30th November 2015. And is replaced by the VCP6-DTM exam, as part of the VMware exam overhaul.

So why take an expiring exam?

Well VMware is kindly going to upgrade it to the VCP6-DTM anyway.

2015-11-26_21-31-47

I’ve spent a number of years as a VMware customer running a large VDI deployment, from administration to re-architecture of the environment. I never took the exam due to a number of reasons. One being the course requirement, and the fact my employer would not send me on a £2500+ training course. Since then I’ve done my VCP6-NV and my VCP5-DCV, so slowly I’ve chiselled away at going through the topics and preparing myself for the VCP6-DT, so with them offering to upgrade it, and the fact I don’t really touch some of the newer products (app volumes, air watch etc). I decided to stick with the VCP6-DT.

So whats the difference between the VCP6-DT and VCP6-DTM?

Continue reading Exam Experience – VMware VCP6-DT #vDM30in30

ESXi 6.0 CBT Issue KB 2136854 – Resolved #vDM30in30

I wrote about the latest CBT issue (November edition) a couple of days ago, and as promised by VMware a patch has been released.

Original issue – KB 2136854

Patch to resolve the issue – ESXi600-201511001 (2137545)

Note: Before applying this patch on HP Proliant Gen 9 servers, see VMware ESXi 6.0 host fails to detect local disk after patching or applying Update 1 on HP Proliant Gen 9 servers (2120539).

103112_Solve_5_Major_Issues

Cheers VMware, lets hope this is the last of the CBT issues!!!
Regards

Dean