Tag Archives: VMware

vCloud Air: OnDemand IaaS by VMware


Cloud computing is currently a highly discussed topic in many IT strategy meetings. The ability to spin workloads in third party cloud and pay only for what you actually use certainly make sense from financial point of view. There are many great use cases for that.

Imagine you have a big event, something like Super Bowl and your current infrastructure would likely struggle to handle such load for the duration of the event. You have two options how to prepare for it, you can buy new assets – compute, storage and network spending a lot of dollars or you can build your application stacks in third party cloud and leave it running for certain period of time and then tear down when the event is over. The second option also gives you virtually unlimited resources if you need to use them. How cool is that?

There are many Infrastructure as a Service offerings in the market, one of the most popular include Amazon AWS, Microsoft Azure or Google Cloud Compute. It was only matter of time that other vendors would start offer the same thing to address the competition.

One of such vendors is VMware. Initially, the popular hypervisor vendor offered two flavors of their public cloud offering named vCloud Air. First was a Dedicated Cloud, targeted on customers who wanted to essentially lease the entire servers for better physical isolation and security. The second was a Virtual Private Cloud, which is cheaper, but the hypervisor would run other companies’ VMs as well and provide logical isolation.

In either case, both of the offering were targeted on larger customers and you and me did not have an easy option to just spin couple of VMs for testing without committing to some long term payment plant.

With the new OnDemand access flavor that model changes and you now have a true option to pay as you go. This flavor allows any individual from flesh and bone (with credit card) to spin a workload in VMware’s data center and pay only for what he uses.


vCloud Air Common Use Cases

To support this idea, they even get you a nice started pack of $300 dollars worth of resources. It is like with gas provider, where they would get you certain number of gas for free to try their service out. Good move to attrack people like me to poke around and spin some workloads.

I think that many enterprise companies will consider this option, as their infrastructure teams are familiar with vSphere and this cloud is built upon the same foundations as their data centers, making migration and interoperability a little bit easier for both sides.

How does it feel to spin a couple of VMs in this environment? Lets have a look.

Signing Up

First, you need to go to super secret URL only know by 5 individuals in the world. I like my audience so I am going to share that URL with you and it is at http://vcloud.vmware.com.

The landing pages gives you couple of information what vCloud is, couple of testimonial and general information. Click on Service Offering/Virtual Private Cloud OnDemand to get started.

Lets take advantage of that $300 voucher shall we? For that we need a VMware Account First. You you have one log in now, otherwise make the clickie-clickie action and create one.

During the registration you need to enter a valid credit card and billing information.


Creating a new account for vCloud Air

At this point you will have an options to select the Support Level Plan. I’ll go with the basic one OnDemand Online Support. Make sure that the promo code ondemand2015 has been applied. As so many people are trying to get the hands on, you likely end up in the queue with Sing up request pending. So wait for it.

Ok, it took around 5 minutes to get the confirmation email with the login page URL and initial links to set the password.


You need to reset your temporary password

Entering to the vCloud

Now that you we have set the credentials, lets go back to to main login page at https://vca.vmware.com. If you would like to use VMware Remote Console, install it & enable the plugin in your browser.


The Login Screen looks nice and clean, thumbs up for that.

Building our first vPC

After login you are presented by main dashboard, that includes Services, Subscriptions and Tools. After Clicking the Virtual Private Cloud Ondemand, you have an option to select in which physical location you want to build your vPC. Since I am located in UK I’ll go with UK Slough 1 6 option. Slough is small town in Berkshire.


After couple of seconds a new vPC instance will be build. After the gears stop spinning you will receive the following handy infrastructure to play with.

Default vPC topology

Default vPC topology

The infrastructure is composed of one Gateway, that provides access to your private cell. This gateway is connected to public segment which is according Ripe a chunk of larger pool that VMware allocated for this particular cloud.

The second network, is a private segment where would build your VM. We will get to that later. I want to show you around the interface.

The first tab you find under vPC is the Resource Usage which shows you how much you resources you consume and how much for last hour/day or month. You also have option to view detailed report. Give that your financial department to sponsor your vCloud adventures.


Creating new virtual machine

Next, looking at Virtual Machines tab, you have an option to spin your first workload or migrate it from your private data center. Lets keep things simple for now and select the first option.

Creating the first workload

Creating the first workload

As any good cloud offering, you will be presented by a catalog of virtual machines that you can select from. Most of the Linux flavors are free, and you pay same extra fees for Windows VMs for licensing. You also have an option to create an empty machine, called shell VM from scratch. I’ll go with CentOS 6.4 32 Bit for now.

Selecting a VM from catalog

Selecting a VM from catalog

In customization page, you have the options to name your VM and specifie resource it will consume. You also get a nice cost calculation to get an idea how much your new puppy it will cost you. In production workload size should meet the application demand that this VM will run. I am testing the functionality so I have selected the minimums, send me some bitcoins and next we will go crazy with 16vCPUs and 120GB RAM.

I’ll attach the VM to the default-routed-network.

Workload customization and estimated cost

Workload customization and estimated cost

The creation of this small VM took roughly 3 minutes. And the status is shown under main Virtual Machine tab.

New VM is up and running

New VM is up and running

If you got your hands dirty with Amazon AWS, you know that after creating a workload it will receive an elastic IP address that is publicly routable, and using an RSA key pair you can log in though SSH.

The vCloud Air, by default works a little bit differently, are you recalling some mumbling earlier in this post about Remote Console Plugin? That is exactly what we are going to use to access the VM. At least initially. While selecting the VM, open Actions menu and select Open In Console.

Accessing the console through Remote Console Plugin

Accessing the console through Remote Console Plugin

Allow pop-ups and vuala, you are at the VM console. It is that easy.

Sitting at the console

Sitting at the console

I was not able to figured out that the default credentials looking at my magic ball that I have on my table, but I know where to look for it.

For that we need to look further at the VM details.

Discovering the auto generated password

Discovering the auto generated password

Go back to Remote Console and login. To confirm that we indeed ended in the default routed network, lets look at NIC settings and try to reach default gateway.


Tip: You are stuck in Remote Console, press CTRL+ALT to escape the window.

The default Edge configuration will not respond to ping, but you can verify layer 2 by examining the VM ARP table.

Connecting VM to Internet

Our VM is very lonely at the moment, it can only speak to the Edge Gateway in some sort of way. Wouldn’t be great if it could speak to everyone on the Internet? For that to happen, we need to perform some additional configuration on Edge Gateway.

First, we enable the communication from the VM to the internet by configuring Dynamic NAT Translation. On the main page navigate to Gateways tab and select the existing gateway.

Default vPC Gateway

Default vPC Gateway

You will be presented by Gateway specific options, such as NAT Rules, Firewall Rules, Networks, and Public IPs. Before you can add a NAT Translation, you need to add new Public IP address. So start by requesting one.

In the background a new job will be initiated in vCloud Director, which is doing the heavy lifting under this light web UI.

Note: I had some problems assigning a public IP address in my first VDC1, where the job would never finish and I could not do anything with the gateway anymore, therefore I have opened a ticket with vCloud support and they were able to fix the issue with public IP assignments

After the task finishes you are actually assigned the same public address that your edge gateway currently uses.

Public IP successfully assigned

Public IP has been successfully assigned

Lets revisit theĀ  NAT Rules tab and create our first entry that will dynamically translate our internal VM to the public IP address above.

Adding Source NAT entry

Adding Source NAT entry

Simple as that, click Next and Finish.

Although the dynamic NAT rule is in place we are still unable to reach any external resource. We need to modify the default edge firewall policy to allow this communication.

Go to Firewall Rules tab and Add a new entry called Internal-to-Internet.

Allowing default internal network to talk to anything on the Internet

Click Next and Finish. With all per-requisites in place the VM can finally reach the internet.

VM is happy happy now

The default vDC private network automatically assigns an address from a pool to newly create virtual machines. These pools are configured in vCloud Director under each Organization VDC Networks respectively. But by default they not include DNS server configuration. For now I will cheat a little bit and edit the list of servers manually in VM at /etc/resolv.conf. You are now fully equip to install additional packages.

Coping and Pasting to virtual console sucks, wouldn’t be great if we could SSH to our box? For that we need three things in place. OpenSSH installed and configured on the box, static NAT entry and a Firewall Policy. There are bunch of great tutorials out there showing how to setup the first part.

For the second part, we are going to create a DNAT entry for VM that will map an external IP address and its port 22 to VM internal address. The second entry will show in the list.


Newly added destination NAT for our SSH traffic.

Finally, add a new firewall rule to allow communication from outside on port TCP/22. For added security define only a single or a range of public addresses that you are connecting from.


Newly added firewall rule to allow SSH inbound.

Lets connect to our VM via SSH and install Apache web server shall we?


Installing and starting apache

As with any new service, we need to add SNAT entry and Firewall rule to permit communication from the Internet.

You also need to modify the host firewall, iptables in this case to allow communication from outside to httpd service.

After repeating the same steps as above you have a web server running in vCloud Air. How cool is that?

Your first vSphere VM running in cloud.

Your first vSphere VM running in cloud.

Lets stop for a moment and imagine the possibilities, if you can build VM you can build an entire application stack. If you can build an entire application stack, you can build an entire virtual data center. And that is the way to go my friends.

This concludes the basics how to build inside this third party cloud. In next article I am going to focus on scaling and creating more complex network topologies as well as exploring some additional features and parameters available exclusively through the vCloud Director interface.


What you can learn from Networking for VMware Admins


It was not so long ago when I was searching for good resource that would uncover what is happening at the hypervisor level from network point of view and how it all clicks together to provider connectivity to ever increasing number of virtual machines. I am happy to say that I have found that resource. It is called Networking for VMware Administrators by Chris Wahl and Steve Pantol.

Networking-for-VMware-Administrators 1

The book starts by discussing the very foundation of networking, what networks is and what benefits it provides. Continuing with with common models and protocol stacks like ISO OSI and TCP/IP and the concepts of layering.

Comparing ISO OSI to TCP/IP

Comparing ISO OSI to TCP/IP

Diving more deeply into the individual layers authors start with physical layer. Ethernet technology is explained in great detail as well as common physical connectivity options like copper or fiber. You will also gain some knowledge about most used network connectors such as RJ-45 and modules like older GBIC or SFP.

10Gbps Twinax Cable used for short interconnections

10Gbps Twinax Cable used for short connections

The chapters build on top of each other and after the foundation and physical network properties next chapter covers data-link operations in great detail. You learn about switching and common network challenges like preventing network loops with spanning tree or increasing network through put by utilizing link aggregation technologies.

Another layer that could not be forgotten is Layer 3 or Network layer. In this chapter IP addressing and routing is explained in detail. Other common services such as automatic address configuration thought DHCP or name resolution with DNS are well touched giving you as a reader better overall perspective.

With the foundation lied down in first 5 chapters the book continues to touch popular converged network infrastructures. Concept of stateless computing from Cisco is explained – the Unified Computing System as well as the HP’s Blade Chassis C7000. Both are compared to give you better insight on one over the other.

Cisco Unified Computing System

Cisco Unified Computing System

The true discussion on virtual networking begins with Chapter 7: How Virtual Switching Differs from Physical Switching. This is an excellent entry point chapter, which describes similarities and differences between both. It touches on common virtual vSwitch terms such as virtual machines’s NIC cards (vNIC), Port-Group, physical uplinks (pNIC), VM kernel ports (vmk) and generally how does the virtual architecture fits with physical.

vSwitch Architecture

vSwitch Architecture


vSwitch Forwarding Logic

Better yet, this chapter outlines various configuration options on vSwitch like number of uplinks, MTU and Security Settings. Last but not least trunking and VLAN tagging options are explained.

Chapter 9 focus on vSphere Distributed Switch which is commonly found in enterprise environments. It explains how it differs from Standard vSwitch in control and data plane operations. And elaborates on many extra features it provides. You can expect to gain knowledge on link discovery protocols CDP and LLDP, exporting traffic flows with NetFlow, monitoring traffic in virtual environment using Port Mirroring, segmenting traffic using VLANs and Private VLANs and finally Load Based teaming and Network IO Control for intelligent traffic management.

After you gain this strong foundation, you are free to enter to realm of third party virtual switch. Cisco Nexus 1000V is the topic of next chapter. Authors explain the reasons why you might consider using this third party switch from Cisco in your environment. It touches on core architecture concepts like Virtual Supervisor Module (VSM) and Virtual Ethernet Module (VEM) and various modes of deployment options.

Nexus 1000V deployment options

Nexus 1000V deployment options

If you are more practical type of person, you will definitely like the lab scenarios that authors put together. A step by stem approach is outlined how to build a basic vSphere environment using Cisco UCS as main computing platform. In later chapters you will also discover how to migrate workloads from standard virtual switch to distributed virtual switch without causing downtime.

After discussing general networking technologies with relevant examples, Chapter 14 moves our direction toward IP based storage, starting with iSCSI. General uses cases are explained as well the idea of initiators and targets. Best practices for setting up iSCSI storage adapters are also well explained giving you good confidence when planning in production environment.

The storage topics are then closed by discussing NFS based storage and its uses cases. I especially like the right depth of topics around storage. Practical demonstration at the end of the chapter is also a huge benefit to better put things together.

The next to last chapter deals with additional vSwitch design options, showing many different scenarios with or without IP based storage in place and using 1 Gbps or 10 Gbps network adapters.

One of many vSwitch design options

One of many vSwitch design options

Finally, the last chapter discusses additional design options when dealing with heavy load vMotion migrations. You will learn how to design multiple VM kernel adapters for moving workloads around in case you need to. Network IO Control is also revisited in relation of egress traffic shaping and protecting v host from traffic overload, in case of multiple hosts decide to migrate loads onto same destination hypervisor.

Although I am primarily a network guy I must admin I enjoyed this well written book from the first page to last. It gave exactly what I was looking for, a good foundation of vSphere networking which is the base for advanced technologies like virtual overlays with VXLAN.

VCP-DCV Series Part 2: What is vSphere

I do not know why but each time someone mentions the word vSphere I remember on old movie with Dustin Hoffman called Sphere. Unfortunately for you I do not have a space craft that crashed to be examined, but still the VMware’s vSphere is also interesting.

vSphere is a collection of products from VMware that help you manage data center resources more efficiently. It aggregates common physical resources such as CPU, RAM and storage and presents tham as virtual resoures for applications to consume.


vSphere architecture

vSphere Editions

There are three different vSphere offerings, a higher edition contains all lower edition features and something on top.

  • vSphere Standard
  • vSphere Enterprise
  • vSphere Enterprise Plus

More information about editions and their pricing can be found here. For our lab purposes we are going to use 60-Day trial Enterprise Plus license for vCenter and ESXi hosts.

Addional Resources

If you are looking for good visio stencils that cover VMware products, head up to technodrone.

VCP-DCV Series Part 1: Introduction

In the current “cloudy” era of computing, there is growing need for engineers that are able to break the silos between different infrastructure teams such as network, compute and storage to delivery the next generation apps and services to consumers.

This approach brings many benefits to the business. Suddenly network people are interested and understand what server people mean by implementing a distributed virtual switch. Server people now better understand storage people when talking about IO performance and benefits of local storage caching.

In the end it will eventually make all sense. We are not living in closed isolated enviroments any more. People and teams are getting closer together to create a unified engineer who is specialized in one particular area but has presense in other technology towers as well and is able to speak to his peers to reach a common understanding. This is what gives such people the edge they need to be succesfull in this new world of thinking.

This is what the next generation engineer looks like (or atleast feels like :D)

I come with a networking background, in the old world you could call me “the network guy”. The idea of putting togerther a virtualization series came from experimenting and fuzzing with cumpute virtualization itself. I have realized many benefits of virtualization long time ago before knowing that it is one of key elements of every modern data center.

There are many virtualiation vendors out there, from Microsoft, Citrix, or VMware. I have selected the last one, VMware as it has a major share in the market, and I have seen it used by many customers.

If you also want to break the silos, learn something new and have fun, this series is the right place to start. It will give you perspective on data center virtualization from a different angle, from someone who is primarily specialized on networks that sits in the middle and connects these compute pieces together.

The series will explain the nuts and bolts of a typical VMware vSphere implementation in real world. I hope you will also find it useful when preparing for your VCP-DCV exam if that is your goal.

Fixing vCenter dirty shutdown

From time to time when I am hurry I tend to break the best practices in my home lab. Recently one of them was shutting down couple of vcenter servers and ESXi hosts unlugging the virtual power cords :-). Usually they boot and work well again, but this time I received a lovely error saying something went nuts with vcenter server, and I was unable to boot any VMs.

The operation is not allwed in the current connection state of the host.The solution was restarting the vCenter Services in servces.msc console.


My VCP-NV Experience

I am pleased to announce that I successfull passed the VMware VCPN610 exam on 26.10.2014 and received a VCP-NV certificate. It was a long hard journey and I would like to share my experience how I prepared for the actual exam.

VCP-NV Certificate

When VMware announced first their new certification path covering network virtualization, it was no question that I will persue this path. I was so excited. Since there is no offcial free courseware available to prepare for the actual exam I did the hard way, reading through the offical exam blueprint which was about 25 pages long.

Then, expanding on blueprint, I started to research each topic in more detail. It really help that blueprint itself will direct you to right resource. However I wanted to know far more, not just the product it self but also the story behind it. I read various publications from Martin Casado and his friends tracing back to Stanford where the idea begun. It was a long time before VMware bough Nicira in 2012 for 1.2B dollars. Nicira was created by Martin and they had product called Nicira Network Virtualization Platform, which eventually became NSX flavor for multi hypervisor support. Just looking at this investment you can see how big is NSX for VMware at the moment, and trust me software defined networking is just beginning to shape our networks..

Besides official technical resources, what really helped fill the gaps were many sessions from this years VMware World, convering anything from Distributed Swtich deep dive to explaining various NSX components and services in greater detail. You can find these sessions on youtube. I already had some previous knowledge about vSphere but book from Chris Wahl – Networking for VMware Administrators helped me reinforce the core networking topics in vSphere. I highly recommend this book for either network admins seeking more information about VMware and for server admins seeking to know more about networking.

Networking for VMware Administrators

Great publication for 2 VMware Experts

The essenatial resources, and I am very thankfull for that were the VMware Hands on Labs, which are free and allow you to play with the technology it self and look under the hood. Nothing is hidden. Depending on your previous experience I recommend to go throug these follovings labs:

If you check the blueprint you can notice that thera are quite a large number of topics. My tip for exam VCPN610 is to know the core foundation of NSX and that includes

  • Familiarity with core VMware products – vSphere, ESXi, vCNS, vCAC,
  • Difference between Standard Virtual Switch and Distributed Virtual Switch
  • What are VMkernel port, portgroup, uplink ports,
  • Difference between south-north and east-west traffic patterns
  • Difference between underlay and overlay network
  • NSX architecture, components and services and their relationships
  • Differenct between tradional 3-Tier network architecture and Leaf-Spine
  • Data, Control and Management Plane of NSX
  • NSX Maxims – how many VXLAN supports, how many NSX Edges can you run…
  • Physical network requirements, what is VTEP

There are lot more topic to cover, however during the exam I found these the be the most important. There are very generous pre-requesties for this exam. If you are currently a Cisco CCNA or CCNP certified in Routing and Switching or Data Center Track you can sit the exam till 28.02.2015. After that date you need to sit of an official course to be qualified to take the exam.

If you think that this new technology is something you are interested in and want to expand your knowledge skills in software defined networking this track is the right choice. Stay tuned for more articles covering NSX that may help you toward you goal.

Breaking the Status Que with VMware NSX

Before I am going to present you a cutting edge technology called VMware NSX, I would like to step back and give you some broader perspective why is this product so special.

Not long time ago, before server virtualization we use to have a model where every application lived on separate physical machine. We would have separate server for email services, separate server for file services, separate server for web services, we would have a lot of independent machines. You get the point.

If one server would go down, we have service outage and we would need to rebuild server and restore files from backups. It was time consuming process and it required more labor. When we would need to deploy a new application we would need to wait weeks just for hardware. Clearly there were areas to improve.

Few years ago, server virtualization was introduced and it brought huge benefits derived from hardware abstraction. For the first time It decoupled hardware from software. We could run many virtual machines on single physical hardware. And this possibility was accomplished by using software called hypervisor.

Hypervisor is a small piece of software that runs on server and his ultimate role to abstract computing resources. Operating system thinks it speaks directly to hardware but in fact it is really speaking to hypervisor.

Before and After Compute Virtualization

Before and After Compute Virtualization

But this was just the beginning, we could now take many servers and a create cluster. To application or OS this cluster would just look like a giant hardware resource pool which provides CPU, RAM and Storage for consumption. We could start to do things like dynamic resource scheduling, rapid VM provisioning, we would have programmatic way to provision the resources. For the business, it would mean that we can decrease time to deploy new services from days or weeks to minutes. Show me one CEO who would not fall for that.

Virtualization, my friends, change the computing landscape forever. And I am so pleased to share with you that it is happening once again, this time network is the one that will be transformed.

The fundamental idea of network virtualization is to bring network abstraction, to decouple physical infrastructure from applications that run on top of it. Do not be confused, you still need physical switches, but the way how the overall infrastructure is leveraged will be different.

In this world, the underlying physical network provides simple IP transport services, similar as servers provide physical resources to hypervisor. On top of this layer, a network hypervisor manages the use of these physical resources and programmatically presents them to applications for consumption.

Comparing compute to network virtualization

Comparing compute to network virtualization

It would not be feasible to control each hypervisor independently, therefore we need a component that will program this abstraction layer centrally. And this component is called controller. We moved from distributed model, where every device thinks for itself to central based control. Think of this component as the brain of the network, the master mind.

We can interact with this master mind in multiple ways. It provides an Application Programming Interface. There are two types North-bound API and South-Bound API. The first one is used for application calls such as create a logical network, create a logical switch, change firewall rules. The second is use when controller need to command network components such as virtual switches in hypervisor.

Network Controller it the Brain from Pinky  & Brain

Network Controller it the Brain from Pinky & Brain

See, in this way, controller can program any arbitrary topology. The magic is than executed at hypervisor which is running on every server. You can build multi-tier networks with API calls, instead of going to each device and type complex CLI commands.

You must the thinking, you can program the hypervisor vSwitch but what about the undelaying transport infrastructure? How will my Cat 6k5 know that I am create a new virtual network? And the thing is it wont.

Hypervisors will tunnel traffic to create overlay between each other so the transport network will be spared of complexity of our new virtual network. Underlay would just route packets from one hypervisor to another.

VXLAN tunnels create an overlay network

VXLAN tunnels create an overlay network

VMware NSX is a product that can help you realize a vision of software defined network. It is a network virtualization platform and it very extensible. In a nutshell it can help you create complex virtual networks in software through API calls.

You can create simple logical switches that span across your entire data center, virtual distributed routers that can route packet right at the hypervisor level, distributed virtual firewall and many others. You can “literarily” encapsulate entire Data Center infrastructure and move it around the globe, without ever needing to change your current application itself.

Example of 3 tier application using virtual network

Example of 3 tier application using a virtual network

VMware is not alone in this big game, it has partners that can bring additional services and capabilities, such as deep application level inspection, vulnerability assessment or other higher level services.

I will draw the line in the sand here and leave the possibilities to your imagination.

You can expect more posts to come covering this platform in near future, meanwhile enjoy this video about NSX.