vthistle.com

You are here: Home / Archives for Lab

VMware Horizon View & LetsEncrypt

By

As most tech people, I like to build, destroy, rebuild and repeat. It’s what we do, its how we learn to do things. One of my latest deep-dives has been into Horizon View 7.X. A few years ago, I went down this path as well, and I bought a cert so that I could go through the setup.

Enter LetsEncrypt – Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. They provide certificates with a lifetime of 90 days and renewing a certificate is done within a couple of minutes, which is perfect for testing and home labs.

I started researching how I could use the LetsEncrypt certs with Horizon View and I couldn’t find much. Before we dive into how we make this happen, I first want to start out by saying using LetsEncrypt with Windows isn’t the simplest thing to do, So I used a CentOS Linux box – Super Small footprint for a cert generator. I’m not a Linux expert, so using and getting to know CentOS was also a learning experience.

So, in this article, I will go through the steps to get the cert, as well as applying them to Horizon View.

Installing LetsEncrypt

As mentioned above, I am using a CentOS machine to obtain the certs.

  • Log into the CentOS machine as root
  • First, we have to install and enable the EPEL repository
    • sudo yum install epel-release
  • Now, we can install certbot – certbot is just an application that goes out and gets the certs
    • sudo yum install certbot

Now that we have Certbot configured, we can now move on to Request the Certificate

Request a Certificate

*Note: change the items in red to match your needs

  1. Run the following command on your Linux box.
    • certbot certonly –manual –email xxxx@gmail.com -d server.vthistle.net –rsa-key-size 2048
  2. Agree to the ToS
  3. Decide if you want to share your email with LetsEncrypt
  4. Answer the question about “Are you ok with your IP being logged” as the IP requesting the cert
  5. Create a page on a web sever with the challenge key to prove you are in ownership of the site

  6. When the request has been validated, you will see a “CONGRATULATIONS
  7. Browse to /etc/letsencrypt/live/site.domain.com/
    1. You will find the following files:
      • cert.pem —-> Server Certificate
      • chain.pem —> Root and Intermediate Certs
      • fullchaim.pem –> Server, intermediate and root chain
      • privkey.pem —> Private key for Server Certificate

Convert PEM to PFX with Private Key

  1. Copy the files listed above from your Linux box to a windows box and use OpenSSL
  2. Run: openssl.exe pkc12 -export -out view.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
  3. You will then copy your “view.pfx” file that you can use on your Horizon View Server

Adding the new Cert to the Connection/Security Servers

  1. The process to replace the certs on the Connection Server and Security Servers are the same: open MMC.exe -> File -> Add/Remove Snap-in… -> Select Certificates -> Add:
  2. Change the “friendly name” of the default certificate to something other than vdm
  3. Go through the import wizard and ensure you check the box to “Mark this key as exportable
  4. Change the “Friendly Name” to vdm and restart the “VMware View Connection Server” service

Complete – Your View Connection Server is now using you 90 day LetsEncrypt certificate. 

NFS 4.1 – Synology – VMware

By

I was recently studying for my VMware 6.5 Delta Cert and realized NFS 4.1 was on the blueprint. I don’t do much (if any) NFS at customers sites – so I wanted to upgrade my lab from NFS 3 to 4.1. have a small homelab, which consists of the following gear: 2 Intel NUCs, Synology 713+ and a Iomega PX300D. I run NFS off of the Synology, mostly because I was lazy and didnt want to setup iSCSI.

To enable NFS 4.1 on the Synology, I had to update some config files.  *From Synology Support – Do this at your own risk! :

  1. Enable SSH from Control Panel |  Terminal and SNMP
  2. Connect to the Synology using your favorite SSH utility
  3. cd /usr/syno/etc/rc.sysv
  4. sudo vi S83nfsd.sh
  5. Go to line 91 (in my case) – go to “/usr/sbin/nfsd $N” and add “-V 4.1”
    1. Finished product will be: “/usr/sbin/nfsd $N -V 4.1”
  6. Save the file and Exit.
  7. Restart the NFS Service: sudo ./S83nfsd.sh restart
  8. Verify NFS 4.1 is now enabled
  9. In the vSphere Web Client: Unmount the NFS datastore & remount as NFS 4.1
  10. Disable SSH on your Synology

Complete!

#vExpert2017 Announcement

By

vExpert

The vExpert title is given to individuals who have contributed to the VMware community over the past year. The title is awarded to individuals for their commitment to sharing knowledge and passion for VMware technology.

The official VMware announcement is located here.

I am honored and humbled to say I am a vExpert in 2017 for a second year in a row.

I’d also like to congratulate all of the vExperts for 2017. Especially my eGroup colleague’s Jirah Cox and Mike Dent. You guys push me to learn more and more every day and I couldn’t ask for better guys to work with!

I encourage you to follow #vExpert on your favorite social channels.

2017 has started off great for recognition for eGroup engineers. The same group that were selected as VMware vExpert were also selected as Nutanix Technical Champions for 2017. #NutanixNTC

I look forward to the year ahead for both of these great communities!

-Dave

vCenter – Upgrade from VCSA 6 to VCSA 6.5 – CLI

By

I recently have been on a mission to eradicate all vCenter Servers running on Windows and replacing them with the vCenter Server Appliance (VCSA). I’ve been very successful with this with the customers I have worked with, with very little push back. The only down fall with the 6.0 release was that Update Manager (VUM) still had to be on a Windows Sever. I got around this in most cases by creating a vCenter “Helper” Server. I would install VUM, PowerCLI and RVTools – All the essentials!

So, after doing a TON of these migrations by using the GUI, I thought I would give the CLI a shot.

Since vCenter 6.5 was introduced today (11/15/2016), I thought I would try to go through the upgrade process via the CLI. I will be going from VCSA 6.0U2 to VCSA 6.5. This upgrade will migrate your database, as well as migrate you from a Linux appliance onto VMware Photon OS.

Why do it from the CLI? Because, its the cool thing to do!

Note: Make sure all of your plugins are compatible with vCenter 6.5!

Note: Make sure SSH is enabled on your source vCenter prior to upgrade/migration.

First you will need to pick the template that you want to start from. VMware does a great job of telling you what you need to do to get this to work from these templates. To find it, mount the ISO and go to “X:\vcsa-cli-installer\templates\upgrade\vcsa6.0” – Pick  the template that works for your scenario and save it locally so that you can make changes that are necessary. I will be using the “embedded_vCSA_on_ESXi.json” template.

I’m not going to spell out what each option is, because VMware has done a great job of spelling that out in the Documentation Center for vSphere/vCenter 6.5.

Second, lets go through the upgrade. If you have VUM deployed on a windows server, you will want to run the upgrade script from the VUM server.

On the VUM server, run the Migration Assistant – Can be found at “X:\migration-assistant\VMware-Migration-Assistant.exe”. When the Migration Assistant starts, it will ask you for the Service Account password for the account you used to connect VUM to vCenter. *Note: Don’t close this window until the migration is completemigration-assistantNow we are going to execute the upgrade via the CLI – 
vcsa-upgrade-1-cli

  1. This will kick off 8 Steps:
    1. Verification of the template you specified above
    2. Verify Configuration
    3. Execute OVF Tool Command (Deploy the new appliance)step_3
    4. Install Services (on the new appliance)step4
    5. Export Data (from old vCenter)step5
    6. Configure vCenter Servicesstep6
    7. Import Data (to new appliance)step7
    8. Result and Log Filesstep8

SUCCESS!!

The HTML5 version still has limited functionality – but damn its fast! In my opinion even the FLASH site is quick. Yes, you get to choose!choose

Home Lab?

By

Like many of us in the virtualization field, I wanted to have a home lab accessible to me anytime I wanted. This led me down the the road of visiting Amazon and piecing together a “white box” server with the intention of buying another one in a few months.. A few months went on and I never purchased that additional server. I realized three things, A) servers are loud, B) servers use a good amount of power and C) I was never going to be able to keep up with ever changing hardware. The power was the kicker for me. When the server was powered on all month, my electric bill averaged about $30-40 more a month. When I received the first electric bill, I began turning the server off when I wasn’t using it. I then realized I was bugging my wife to turn it on for me multiple times a month. It was a never ending game of “is the server on”. There was no way I was going to purchase another one..

What do I use my lab for you ask? I mostly use it to study for VCP / VCAP / VCIX exams, as well as building out designs and testing those designs before taking them out to a customer.

Which led me down the path of a nested lab, hosted in vCloud Air OnDemand. There are many reason that led me down this path A) I didn’t have to worry about keeping up with the hardware, B) I didn’t have a constant HUM in my garage C) I would never have 100GB of RAM laying around or 4TB of storage and D) I can spin up multiple virtual datacenters all over the US to test features such as cross-vcenter migrations.

So how did I do it? Follow along to find out

Register and activate your vCloud Air OnDemand Account

At the time I originally spun up my vCloud Air Lab, they were offering 300 hours free (additional bonus) – you can register for an account on VMware’s vCloud site.  Once you have registered an account, you can log into the vCloud account by going to the vCloud login site. Once you are logged in, you will be ready to consume those OnDemand resources.

VMware_vCloud_Air

Click on “Virtual Private Cloud OnDemand” and then select the region that you would like to have your environment hosted in.

 

Decide on a design

“If you fail to plan, you are planning to fail” – Ben Franklin

Before you can begin building your environment, you will need to decide on a design for your lab. I decided my lab “Base” environment would house two (2) nested ESXi servers, vCenter Windows Server, one (1) domain controller and one (1) File Server

Upload Media

Before we can begin the install, we will need to upload the media using the vCloud Director Interface. To get started, Click on the VDC and then click “Create Virtual Machine”. VM

Then Click on “Create my Virtual machine from Scratch”

From the Catalogs heading, click on “My Organization Catalog”. This is where your media will be housed. Due to having an updated browser, I was unable to update via the webclient. badbrowse

At this point, you have to use the OVFTool – There are many resources that can assist you with this. VMware has a KB2110191 that will walk you through uploading the media. There are also two other handy sites that I used to upload the media. William Lam has a great script he had built out on his blog, VirtuallyGhetto which will allow you to run the the script on a MAC. Michael Ryom also has created a powershell script and has shared it on his site. I tested and use the Michael Ryan powershell script (as seen below)

Tools

Once the files are uploaded,  you will be able to see them in your catalog.ISO

Creating a lab “vApp”

I like to create a vApp in my lab environment to ensure I don’t forget to turn off my lab when I’m not using it. I set the Runtime to auto shutdown after 6 hours. vapp

The next step is to create new VM’s to sit inside your vApp. I created two (2) ESXi servers as mentioned above.

newVM

Once the vApp is created, you can then connect the ISO to the VM, as you would in a typical VMware environment.

Once the two (2) ESXi Servers are built, I moved on to building my virtual Domain Controller. I built this using the images build into the public catalog. Once, this is completed, I moved onto building another Windows Server to host vCenter.

 

What does this cost? 

I am expecting to pay around $15-20 bucks per month. Which is much cheaper than buying the additional hardware, the electric bill and hasling the wife to turn on my servers. That by iteself is worth it for me. Happy building!