Archive for December, 2009

For some time now there have been a number of changes I’ve wanted to see in NetWorker to better support customers with VMware.

Over at nsrd.wordpress.com, Preston de Guise has done a wish list for NetWorker features he hopes to see in 2010 and while we both blog about NetWorker Prestons blog is far superior in terms of NetWorker content, my NetWorker posts these days tend to be mainly focused around virtualization support, so having said that im going to take his idea and do my own version of a wish list.

Dear EMC.

Could you please add to your NetWorker New Years Resolution the following items?

1. To release as soon as possible a version of NetWorker: Which utilizes the new vSphere API’s which replace the VCB framework to allow incremental backups of the FULLVM export using CBT (Change Block Tracking)

2. To improve the way which NetWorker allows clients to be created: When the “Virtual Client” box is checked,  by default NetWorker only allows a client to be configured if it can resolve the name of the system via a DNS  (even an entry in the hosts file will do the trick). This makes life difficult when you want to perform VCB backups of virtual machines which are not configured in DNS and requires an entry in the hosts file to be able to create the client.

3. To improve the way NetWorker maps client name and virtual machine name: To be fair NetWorker has been around for a LONG time and until recent years has always operated using the Server/Client model which relies heavily on DNS in order to be able to connect and perform backups via  the backup agent. Now NetWorker assumes that all clients configured are done so using either short name or the fully qualified domain name, which causes the following problems in a VMware environment.

A. If you configure the virtualization hypervisor support in NetWorker Management Console you’ll see you have a well constructed map showing which virtual machines are configured in NetWorker groups (This is a really great way of identifying which systems are not protected). The trouble here is NetWorker talks to Virtual Center to generate the list of virtual machines and then maps this with clients configured in groups, but assumes the virtual machine name as it exists in Virtual Center  is the same as the “clientname” as configured in NetWorker which means a number of systems show as not being part of a group.

B. The VCB framework currently allows us to configure two methods for looking up virtual machines, Name (as exists in Virtual Center) and IP, If you leave the setting to the default value of IPADDR: then VCB backups work perfectly, but if you configure the framework to use NAME: then NetWorker once again assumes the client name configured in NetWorker  will also exist in Virtual Center as “clientname” which doesnt work when customers have created or renamed virtual machines using some kind of meaningful description eg. “clientname (sql server)”.

In my honest opinion both these issues could be overcome if when creating a client instance (and having ticked the “virtual client” check box) an additional field could be populated with the name of the client as configured in virtual center and this could only apply when the “VCB” proxy backup type was selected from the apps and modules tab.

4. Allow VCB Backups to be encrypted: NetWorker has a nice feature which allows a password phrase to be configured at backup server level, any client with the encryption directive applied has its data encrypted using AES 256bit encryption before its written to tape. Historically VCB clients with any kind of directive applied would fail and as of NetWorker 7.6 there is only a single supported directive which allows Microsoft Windows system folders to be excluded from backup. In my honest opinion an enterprise backup system should be able to encrypt all backup data.

Advertisements

Useful study material for VCP-410 Exam

Posted: December 1, 2009 in VMware

Ive just recently sat and passed the VCP-410 exam and thought Id post my thoughts after the fact.

The exam overall is probably a touch harder then the VCP-310 exam, I felt there were more questions where multiple choices were required, and im sure the number of questions has increased from 70  to 85.

Having taken the exam now, I can say I dont think the 2 day “whats new” course is quite enough to prepare you for the exam so make sure youve spent a fair amount of time familiarizing your self with vSphere and touched up on the basics.

Ill briefly summarize the documentation I used to prepare below, but if you’re looking for a more comprehensive list, then you should check out Simon Longs recommendations on material here, hes even created some online practice exams which are really good.

iSCSI SAN Configuration Guide : Make sure you read up and understand how iSCSI differs from Fibre Channel and understand how CHAP fundamentals.

Fibre Channel SAN Configuration Guide : Make sure you understand the concepts of LUN masking and also the requirements for booting off a SAN volume.

vSphere Licencing Guide : Make sure you know what changes have been made in vSphere around licensing and how this affects datacenters with a mixture of ESX 3 and ESX 4 systems.

High availability : Like I said early in the post, brush up on basics as questions which involve HA are not vSphere specific and you should definitely have a good understanding of how HA works.

Resource Management : Now resource management covers both DRS and Resource Pools, once again these questions where not so much based on vSphere but more on good old basics. Make sure you have a good understanding of Resource Pools and fairly familiar with reservations and resource shares.

Configuration Maximums: Definitely check out this document as there were a tone of questions based on the information in this document.

Summary

Out of the 85 questions in this exam I only remember twice thinking to my self, “ah thats a bit of a tricky question“, overall I think VMware want you to pass this exam and what I mean by this is the questions are nothing like the you would find in a Microsoft exam.

Also something that has been well covered by a number of blogs is the VMware Certified Professional 2nd Shot/Upgrade promotion which gives you a free second shot at the exam if you fail the first time around. Follow the link to register.

If you are an existing VCP on VI3 then you only have untill December 31st to take the VCP-410 exam without needing to attend one  of the courses listed below.

  • If you are NEW to VMware
    • Attend the VMware vSphere 4: Install, Configure, Manage course OR attend the VMware vSphere 4: Fast Track
    • Take and pass the VCP on vSphere 4 exam
  • If you are currently a VCP on VMware Infrastructure 3
    • Take and pass the VCP on vSphere 4 exam.  This option will only be available until December 31, 2009.  Beginning in 2010, VCPs on VI3 must attend the VMware vSphere 4: What’s New class in order to upgrade.
  • If you are currently a VCP on ESX 2.x
    • Take and pass the VCP on VMware Infrastructure 3 exam
    • Take and pass the VCP on vSphere 4 Exam. This option will only be available until December 31, 2009.  Beginning in 2010, VCPs on VI3 must attend the VMware vSphere 4: What’s New class in order to upgrade.
  • If you are not a VCP on VI3, but have attended one of the prerequisite classes (Install & Configure; Deploy Secure & Analyze; or Fast Track).
    • Take and pass the VCP on VMware Infrastructure 3 exam OR attend the VMware vSphere: What’s New course.Take and pass the VCP on vSphere 4 Exam.

By far one of the more popular posts Ive done over the last few months has been this post where I showed how the iSCSI initiator in vSphere 4 could be configured to provide multiple paths to each LUN and in turn the path selection policy “Round Robin” could be configured to load balance across multiple paths (up to 8 paths is supported).

One of the only things to disappoint me with the initial vSphere release was this configuration could only be applied to a standard vSwitch, when trying associate the VMKernel ports on a dVSwitch with the iSCSI initiator the following error occurred ” Add Nic Failed in IMA

Over the last couple of days Ive been itching to test this out and last night I finally got a chance. Also something I wanted to do was perform these tasks using the vSphere CLI opposed to how I did it last time which was via esxcli on the service console.

Ill skip through the part where I created the dVSwitch, but the same concepts apply, 2 nics, 2 port groups. In my test lab VMK1 and VMK2 were the VMKernel ports associated with the port groups as shown in the screenshot below.

Step 1.

Associate VMK1 and VMK2 with vmhba33

 

Step 2.

Now lets check to make sure that both VMK1 and VMK2 are indeed associated with vmhba33

At the time of writing this post I dont have a iSCSI system I can easily point my vSphere system at to confirm this works but the fact that I can now successfully run the commands without error is promising.

Ill setup a Celerra Simulator over the next day or so and confirm everything works as expected.

I would be interested in hearing from anyone who’s also got this up and running.

Just as a wrap up, heres a couple of errors you might come across and how to fix them.

Get Hba Oid Failed error when trying to add vmk’s to the iSCSI initiator, this was because the iSCI initiator was disabled.

If you’re using vSphere 4 Update 1 and your still getting error Add Nic Failed in IMA then its likely because you have not configured the fail over of the physical NICS correctly.