Friday, January 4, 2019

Level up - Taking your career to the next level

Leveling up is widely known as a video gaming term for moving up to the next level and becoming a bigger, faster, stronger player. I used to be a gamer,  more on that later.

It's 2019 now and people in my network are setting goals for the new year, one goal that I hear periodically is, I want to <insert career goal here>.
Great! I say, having a goal is step one, cause if you aim at nothing you'll hit nothing every time.
Let's dive into this goal a little deeper.

Goal Setting

One goal that comes up often around me is, "I want to work for VMware." I probably hear this goal the most being a VMware Employee. I have discussed this topic many times with multiple people throughout my career with VMware.  I have to admit, it was my goal at one point too.

As a mentor, one of the first questions I'll ask you is to take a step back and ask yourself. Why? Why do you want this career goal? Really think about it. Does your why align with the VMware mission, vision, and values?
I spent several years at a hospital architecting, implementing and operating a VMware environment and I loved it, it was a great job. So why leave a great job? Why did I want to join VMware? I wanted to help other organizations become successful with VMware as well. It was time for me to move on and share my knowledge with others. Also, I'll add this is what worked for me, this is not a guaranteed path to successfully getting hired at VMware. There is also, being in the right place at the right time. And networking with the right people.

So, how did I accomplish this goal?
Well, first of all, I needed to develop a plan, because a goal without a plan is just a wish.  Also, this plan needs to be very specific and intentional. I've heard statistics that for every 1 job at VMware over 4,000 people apply. Wow! How can I stand out as the 1 person in 4,000? For me, the answer was certifications and networking. When I first started looking to join VMware, I had my VCP 5. That Cert helped me land the job I was currently in, but, looking around at my peers a lot of people had this certification as well. So my first goal was to level up to higher cert where there were fewer people in the "pool". I set my sites on VCAP certifications. This VCAP cert was difficult but attainable, and at the time very relevant to the career I was looking to get into. I also discussed this certification goal with other people in my network. Taking note that very few SE's or TAM's that currently worked for VMware had this VCAP certification either.

Next, I set a time limit on my certification goal. I planned on taking it at VMworld. This time limit meant I had to spend an enormous amount of personal time studying things I had no experience with. My employer at the time only had vSphere Enterprise Plus licensure and Fiber Channel Storage. A large portion of the exam was on features or systems I had no experience with. Including advanced technologies like NFS storage, iSCSI, N-Port ID virtualization, Power CLI, Host Profiles, vSphere Replication, Flash Read Cache etc. The list of things I had no experience with was enormous. Time is finite. I still had to work my day job as a systems engineer. I also had a growing family, with 4 little ones. This meant one thing. I had to to make some sacrifices.  Remember at the beginning of this blog. I said I used to be a gamer.  I made a choice to spend all my free time diving deep into all things VMware. This meant when my family went to sleep I stayed up and read architecture guides, blog posts, and built and rebuilt a home lab.

This entire process is deep arduous work, and this is where some people stop trying and start limiting themselves. I usually hear completely valid excuses about the lack of time to do this type of work. Don't get me wrong, family life is important. But you also need to be accountable for all of your time.  You also need to budget your time wisely. This goal became my focus, my one thing.

A few years ago at a VMware internal conference, there was a special guest speaker that talked about goal setting as well. Her name is Elizabeth Gilbert, during the conference she spoke of her goal of becoming a writer. She was challenged by a person she looked up to with this quote.

"What are you willing to give up to have the life you keep pretending you want?"

Ouch, That one hurts. But she is right, sacrifices must be made. Gaming, TV, Facebook, all must go. You can't be a Top tier Fortnite player and attain career goals at the same time!


Another excuse I've heard is "I'm not good at X or Y, I don't understand it...."
I've never claimed to be a quick learner either. I'd spend countless hours reading documents over and over. Then I'd try it in a lab, and fail, and pour through countless log files looking for errors and in the end, I'd reverse engineer how some of this technology works. One of my co-workers Duncan wrote about this very thing.

"And if that means you need to read that paper about Transparent Page Sharing 18 times… then that is what you do. "

This quote resonates with me deeply, and still applies to me while I'm at VMware. I continue to read and re-read things over and over and pour through logs files and watch VMworld session recordings over and over until I figure it out, and each time I get something new out of it.

Back to that VCAP Exam. Now that I knew when I was going to take it, I needed to ensure that I would pass the exam. I did this by taking many practice exams and measuring my self against the exam blueprints provided by VMware. That year at VMworld I passed and attained this step in my plan. I now stood out in a pool of many, as one of the few with a VCAP certification. This one step opened so many doors. I had countless headhunters sending me messages when I posted that one certification on my LinkedIn profile.

Which leads me to the next step in the plan. Finding that dream job or next career move.
I know several people that have applied for jobs and gone through multiple interviews only to be turned down. Its hard, I've been there too. I applied and interviewed numerous times for a year and a half straight. Each time I was in the final round over and over. This can get you down. But don't give up. Continue to hone your strengths and dive deep into your weakness. But at the same time don't limit yourself to only one path. I know multiple people that say they only want to work for VMware and only apply at VMware. Sometimes you need to take that fork in the road, to get to your ultimate goal. I did, I ended up joining a VMware Partner Reseller for a short period before I received the call from VMware. Don't pass up other opportunities that might eventually lead to your ultimate goal.

Lastly, I want to call out the value of Networking with your friends, peers and the #vCommunity. Networking with others had a MAJOR part in getting me to where I am today. That topic is another whole blog post.

What is your goal this year?
How will you stand out?
What will you give up to attain your goal?

But most of all just go DO IT!!!!

Comment below or hit me up on Twitter.

Notice the Red bolded words: This goal setting method is nothing new Google SMART goals or read about it here. https://en.wikipedia.org/wiki/SMART_criteria







Monday, June 11, 2018

VMware - A Force for Good - a non-technical blog post

I've been with VMware for almost 3 years now, and so far its been an amazing journey. Not only do we make world-class software solutions, At VMware, we also work hard to become a force for good in our communities. One of the things I love most about working for VMware is the culture, that culture is defined by our company values. We call these values EPIC 2

Execution:  We do it together
Passion: We challenge the status quo
Integrity: We build trust
Customers: Our customers make is possible
Community: Give more!

This blog post is specifically about this last value, Community.

This last weekend I had the pleasure of creating and representing Team VMware at the Trek Bicycles Trek 100 charity bike ride. This is the 5th year I have done this ride, and it is the 3rd year I have created Team VMware. (VMware is not an official sponsor)  All donations from this charity bike ride go to the MACC fund and help kids fight cancer. And also provides funds to further research on childhood cancer and related blood disorders.

Over the last 3 years, other members of the #vCommunity has joined me on this ride. And together we have raised over $6000 for this great charity. A huge Thank You to all that have sent us your support! This year my friend and local Wisconsin VMUG leader Tony Reeves joined me on the ride just like he has for the last four years. 
Together this year the two of us took time away from our families to raise support and ride together as a team in this fight against cancer. Tony and I both have been affected closely by cancer. I lost my mom to cancer in 2012 and Tony lost his mom to cancer in 2006. This is why every year we join forces do this ride. This year between the two us with help from our friends in the #vCommunity, and family we raised almost $1000. (Note, if you want to help us break past the $1000 mark, we are still accepting donations for this year. Feel free to hit one of the links below to donate. )

We had a great time together and perfect weather this year, and we were joined by several thousand other cyclists from around the world. Best of all, doing this ride you get to see the beautiful southern Wisconsin countryside. This bike ride starts at Trek bicycle headquarters in  Waterloo WI and proceeds north. The ride is fully supported in case you have a breakdown. And there are rest stops every 8-13 miles.

After completing the 100km journey this year Tony and I want more of our friends in the #vCommunity to join us. So I have a challenge for all of you.

The Challenge

We challenge you to join us next year on the Trek 100, You have the next year to do some physical training and prepare to join us on a 65-mile bike ride for this awesome cause.

Or

I know many of you already are supporting great causes in your local community. We want to hear about it. So I'm asking you to write a blog about how you are a force for good in your community. Don't have a blog?  You can submit your story to me and I'll post it here.

Together lets become a force for good!



Heath









Heath's Donation link
http://donate.maccfund.org/site/TR/Events/General?px=1001487&pg=personal&fr_id=1040
















Tony's Donation link
http://donate.maccfund.org/site/TR/Events/General?px=1003615&pg=personal&fr_id=1040









Note: All things written here are of my own opinion and is not sponsored by VMware in any way.

Friday, August 25, 2017

Notes on Upgrading vRealize Business for Cloud to 7.3 with vIDM

If you installed vRBC like some of my customers did by using the vIDM appliance for SSO. You will run into a minor permissions issue after you upgrading to 7.3. This issue is mentioned in the release notes.
http://pubs.vmware.com/Release_Notes/en/vRBforCloud/73/vRBforCloud-73-release-notes.html

In this post I'll walk you through the upgrade process. Going from 7.2 to 7.3

vRBC 7.1 and higher allows you to use two authentication sources. vRA or vIDM. Here is a screenshot showing my home lab vRBC VAMI interface configured with vIDM for SSO.



When you install vIDM and configured it with vRBC 7.2 or lower it will automatically create two new security groups in vIDM. These two security group are what allow access to the vRBC application. If you have vIDM configured to use your Active directory you can add AD users or groups to these vIDM groups to grant access to the application.

  • VCBM_ALL
  • VCBM_VIEW


When it comes  to upgrading the vRBC appliance to the latest 7.3 or higher versions it is super easy.

  1. Go to the vRBC management interface  https://<yourVRBCfqdn>:5480
  2. Click on the Update tab.
  3. Click on Check updates
  4. Click on Install updates
  5. Watch magic happen....








After the update process completes and you login to the vRBC web application, you will be greeting with a warning that fades away. This warning is actually important. Because if you are an Admin you now only have read only access.


You are not associated with any of the vRealize Business for Cloud roles.
Contact the system administrator to add your username in a vREalize Business group for the appropriate access.

What happens during the upgrade is vRBC 7.3 and higher is now looking for three new security groups in vIDM. These new groups are as follows.


  • vRBC_Administrator
  • vRBC_Controller
  • vRBC_ViewOnly
In order for these new groups to appear in your vIDM you need to unregister your vRBC appliance from vIDM and then re-register it.

  1. Go to the vRBC management interface  https://<yourVRBCfqdn>:5480
  2. On the registration tab click on vIDM
  3. Then enter the credentials for your vIDM server and click on Unregister
  4. Once it completes successfully, Click on Register.
Once you are done with this process you can now go back to  vIDM and you will see the three new security groups.

You can now migrate any local vIDM users or AD Users/Groups you had previously configured with the old groups into the new security groups and grant access to vRBC again. You can also safely delete the old security groups. Once complete the warning will go away, and if you are an admin on vRBC you will now have write access in vRBC.

Hope this helps someone with this error.


Heath








Thursday, February 23, 2017

Amazon AWS IoT Dash Button - Automated vSphere Lab deployment - Powered By virtuallyghetto.com




A few weeks ago I was browsing Amazon's website and came across the AWS IoT programmable button. Being the gadget geek that I am I had to order one, even though I didn't know what I was going to do with it.



Then one evening while catching up on my Twitter feed I found several people talking about my co-workers (William Lam's) latest post. William was showing off his awesome Powershell ninja skills with making an automated Powershell VMware lab deployment. (if you haven't seen it yet go check it out)
I thought to myself, I bet I could program the AWS IoT button to execute Williams Powershell script. Doing so I can deploy a VMware lab with the push of a button. Overkill? Yes, but still geeky fun.

Well in the process, I learned a ton about AWS IoT.



Getting your new AWS Button on your local WIFI

The button quick start guide tells you to download the AWS IoT app for your smart phone. After downloading the app you hold the button down for 6+ seconds, this places the button into a mode where it creates its own WIFI Access point. Then you connect your smartphone to this AP and run the App. The app then lets you select the WIFI you would like the button to connect to and set the password for the WIFI.




AWS Account Setup

If you don't already have an AWS account, now is a good time to set one up and check it out. They have a free tier for geeks to play with and learn.
In order to connect everything I would need to register my IoT button with my AWS account and assign it a task.


Learning about Lambda Functions

The first quick start demo that AWS teaches you is to setup your button to send you an email when you press it. Lambda functions are scripts that are executed on AWS servers to complete a task. They can be programed in .Json, python, Java, and C# . I stepped through the pre-made script and configured a Lambda script to email me. Testing the code on the AWS site worked and I received an email.





Configure the button press to execute the Lambda Function


This part didn't go so well for me, I figured out how to connect the button to the function but it wouldn't ever work. Ends up that the AWS documentation was missing a crucial step. I noticed my button when pressed would light up flash white, then red. I did some searching and found that the button needed to have a certificate and private key uploaded to it. So back to step one but this time I didn't use the App to configure it, I then pointed my browser at the default Gateway of the AWS Button Wifi AP and a simple webpage shown here allows you to configure the WiFi and the Certificates. This is not on the app that I could find.

After this the button now functions and emails me every time I press it. The cool part is that it will even tell you how the button was pressed. Single, Double or Long press.

Looking at everything I learned from Lambda functions, I did not see a way to have any of these functions do anything on my home lab. They are mostly designed to execute something on AWS. I thought about using something with email and IFTT but it sounded messy.



Insert AWS Powershell

Through lots of searching I found AWS has a large powershell library to control everything in AWS. After installing the AWS powershell plugin's I dug into their commandlets.
I found I could list my IoT button and add and configure new Lambda functions. They have over 500 commandlets to work with.
I learned that the email Lambda function is actually using their SNS system. The Amazon site says, Use SNS as a message bus to send messages, alarms, and notifications from your AWS services such as Amazon RDS, CloudWatch, and S3 to other AWS services such as SQS and Lambda.
After more research I found the Amazon SQS.


Amazon SQS  (Simple Queue Service)

This was what I needed, The Amazon site says
Amazon Simple Queue Service (SQS) is a fully-managed message queuing service for reliably communicating among distributed software components and microservices - at any scale.
I figured out that I could do a lot of tasks with the IoT button, SQS was one of them.

After figured out how to set it up the queue, I could press the button. It would place the button press data in the message queue. I could then query the message queue from Powershell. So I wrote a simple powershell script that would check the message queue every 5 seconds. If if found the message, it would then execute the lab deployment script.

Here is the AWS Powershell code.


#Loop for 10 Minutes checking every 5 for a new button press.
$timeout = new-timespan -minutes 10
$sw = [diagnostics.stopwatch]::StartNew()
$Button = $Null
while ($sw.elapsed -lt $timeout) {
$Button = Receive-SQSMessage -QueueUrl <your-SQS-URL-GoesHere>
if ($Button -ne $Null){
Write-host "Button pressed"
Write-Host $Button
                  #Execute the Lab deployment Script
./vsphere-6.5-vghetto-standard-lab-deployment.ps1
Return
}
start-sleep -seconds 5
}

I posted a video of this all working on Twitter, and can be found here.
https://twitter.com/heathbarj/status/834884304777936898


If you have any crazy ideas on what I should program this button to do next, drop me a note. I'd love to hear it.

Also, Nice work William on the sweet powershell script. You made this post possible.

Heath



Thursday, November 10, 2016

VMware App Vols.


Don't forget about writable volumes.



Writeable App Vols can be useful and dangerous at the same time. Using them correctly can save you time, a precious resource few IT engineers have.

I have been working with a large enterprise customer on the implementation of the Horizon (View) Enterprise Edition Suite. This version includes almost all of the products in the VMware EUC portfolio. It's been awhile since I had wrote anything on my blog. So I decided to take a look at what I have learned in the last six to nine months while helping my customer with this virtual desktop deployment.  Most recently we have been working on the App Volumes product as it is the largest and most time consuming piece of the puzzle. 

My customer decided to bring in VMware Professional Services to help with this part of the implementation. Doing this they could leverage some real world App Vols deployment experience. My customer has identified over 400+ applications that need to be packaged and delivered to non-persistent desktops. VMware has multiple ways to deliver all of these applications. They could use an App Volumes App Stack, RDSH, ThinApp, or base image installation.

The value of using an App Stack is the single instance storage of the application. The customer I'm working with today is planning to deploy 4000+ virtual desktops. Let's do the math for the storage required for a typical office application suite. I'll estimate the application install size at 4GB of disk. 4GB X 4000 Desktops  = 15.6 TB. I'll let you do the math on how much your storage costs are for that. That's just one application. By deploying as many applications as possible into a single instance of an App Stack can save a customer a lot of money.

The trick to packaging App Stacks is figuring out the common use cases. Not all 4000 users need all of the applications. Some applications have specific licensing requirements. And sometimes out of the 4000 users only one or two need a specific application to do their job.

That's where writable volumes comes in. Our VMware Professional services recommended using the writable volume for these "snowflake" users that need one or two applications that are specific to their needs. My customer will give these snowflake users a writable volume  and install these special applications they need manually. 

However be careful with the use of these writable volumes, VMware recommends you use them sparingly. The main reason for this is, Disaster Recovery. You need to consider how are you backing these up. How will you restore them? Are you using a cloud pod architecture? How will you replicate them to the other sites?

Hopefully this helps you in your journey with deploying App Volumes in your environment.

Heath

Sunday, April 10, 2016

What's it like working for VMware? - Part 2

So many shiny objects.....


The first few weeks of joining VMware are overwhelming, to say the least. Like a kid in a candy store, I had so much information at my disposal I didn’t know where to start. I wanted to dive deep into everything but doing this is like jumping into the ocean with no life preserver and not knowing how to swim. I quickly learned that first I needed to focus on my customers' needs. I also learned, from talking with my new peers, that the “shiny object” problem never goes away. You just try to get used to this new normal and enjoy it.



Working with inspiring people

One of the coolest parts of my job is working with so many people that are way smarter than me. It’s awesome to be able to ask a question on Socialcast (VMware’s internal social network) and have access to Product Managers, Engineers, Architects and VMware Rockstars. They are all willing to help answer my questions so that I, in turn, can help my customers succeed with VMware solutions. I would always learn so much from these same people when I had access to them as a customer at VMworld and now I have access to even more of them all the time. Every day it is inspiring to work with such a great team that is driving innovation in the industry. Just this week I was able to meet up with some of my colleagues for dinner. One of them just started working for the VSAN sales team. His passion for VSAN was contagious. It's passionate people like this that make working for VMware amazing.

Challenges

The toughest challenge is getting up to speed on all the VMware products I didn't purchase as a customer but now need to learn quickly to help expertly guide my customers. For me it is also the most fun part because I now get to dive deep into various VMware products, especially those that I was not exposed to as a VMware customer. Also, looking back when I was a customer I only had to understand the mission and vision of the hospital I worked for. I only had one business infrastructure to keep track of. Now that I've gone from being a VMware customer to working in VMware Professional Services, I now have multiple customers with very different missions and visions. As an Enterprise TAM I split my time 2.5 days per week between these two customers. This can be challenging for some people and, to be honest, it’s not easy. But I am a challenge‐driven person and this challenge drives me to work hard and learn all I can about my customers' businesses. I have jumped into it with focused intensity and am quickly gathering the business goals of my customers. As a VMware TAM I am helping my customers map these goals to the VMware solutions they have purchased and create business outcomes.

Why I love it

Remember in part 1 of this blog series I talked about loving my job at the hospital because I was helping sick or injured people get better? The hospital I left is continuing to succeed with the infrastructure that I helped to design and build. But now with two customers it’s twice as much fun. Each of my customers has a major impact on the world and I get to be a part of what they do on a daily basis.
Also, I'll admit it, I'm an IT geek. Working for the leader in compute virtualization is exciting. I get to see what goes on behind the curtain at VMware. I get to be part of the conversation and innovation on future releases and new features. Getting access to all of the latest software bits to try out in my home lab is fun as well.
In 2015 Fortune magazine named VMware #40 on the list of Top 100 companies to work for. I am excited to be working for a company that rises to the ranks of the best with their benefits and perks for employees.

Ready for a challenge?

Are you ready to step up your game? Are you ready for a big challenge? Do you want to join VMware? Make it your goal this year to join VMware. Start by setting attainable career goals. Next, find a mentor, someone you can trust that will push you to succeed. Then put a timeline to those goals and stick to it. Without a timeline you'll just keep putting it off. Work on your social network, join your local VMUG and get to know people in your area. Don't have a local VMUG? Start one!

When I began my journey I didn’t know exactly where it would take me but I’m glad I did it. The rewards are huge and I’m not looking back.

Do you have questions about working at VMware?  Add a comment below and I'd love to talk with you about it.





Saturday, March 26, 2016

What's it like working for VMware? - Part 1

 My Background

I have been a VMware customer since ESX Version 2. I still have a boxed copy of
VMware ESX 2 and Workstation 5 in my home office. When I was first introduced
to VMware I knew this was the future of the modern datacenter. Over the last 12
years it has been fun as a customer to see VMware grow.



Why I Chose VMware

For 6 years I worked for an academic medical center and helped to create a
highly robust VMware focused datacenter. The rewards for creating a very stable
environment for a hospital were great. Doctors and nurses were able to help
patients get better and provide patient‐focused care in part because I provided
my portion of a reliable computer system. Even being on‐call was exciting.
Occasionally a doctor would page me at 3 a.m. because he/she was having
trouble connecting remotely and I could feel the energy and excitement through
them as they were preparing for emergency surgery. I know you’re wondering
how being called at 3 a.m. could be fun! But I was able to help a doctor access
the technical tools he/she needed to help save a life.
After 4 awesome years I needed a new challenge. I wanted to take my career to
the next level. I wanted to work for VMware. I wanted to help more companies
experience the value that VMware can bring to an organization. Reliable,
automated, secure, virtual datacenter computing.

Setting a Career Goal

You may have noticed that I worked for the hospital for 6 years but it was only 4
years into it that I was beginning to look for a career change. I knew VMware was
full of extremely smart, talented people and I longed to join the ranks. In order
to make that happen I needed to step up my game and that was going to take
some time.
I have been VCP certified since version 3 so my first goal was to earn
my VCAP‐DCA (VMware Certified Advanced Professional). I completed that goal
while attending VMworld 2014. That was not an easy exam but it was the most
fun I had ever had taking an exam. The exam is not multiple choice but a live lab
environment that you have to configure following a specific set of instructions.
My experience with that exam could be a whole blog post as well!



Along with completing higher level VMware certifications I also worked on my
personal networking skills. As the saying goes, “It’s not what you know, It’s who
you know” and that is true at VMware as well. I became great friends with all of
the contacts I had inside VMware as well as with other VMware customers
through the VMUG program.

About 5 years into my career at the hospital I worked for, I reached out to a close friend that
had been a VMware Systems Engineer for VMware for many years. I asked a lot
of questions about life at VMware. He was able to provide a lot of insight,
knowledge, and guidance. Then one evening, my friend left me a voicemail and
told me about an opening in the VMware TAM program. He recommended that I
apply.

Interview Process

I did apply and went through a lot of interviews, both over the phone and
in‐person. The interviews were challenging and nerve‐wracking. One of my close
friends and co‐workers knew I was interviewing and he laughed at
how often I would check my phone for a new email from VMware. In the end my
hard work paid off and all of my networking connections at VMware provided
my future manager with great referrals about my personal skills while my
certifications supported my technical knowledge. After a while I was officially
offered the position as a VMware Technical Account Manager and I gladly
accepted.

On my next blog post I'll talk about what it is like going from VMware customer to employee.


Sunday, November 1, 2015

Home Lab Part 2, and career update

Updates

Wow, it has been a crazy couple of months. I can't believe it has been two months since my last blog post. I have had way too much going on to take the time to sit down and write a blog post. But today my friend @timcurless asked about my latest addition to my home lab so I promised I would write about it.

Career Update

As some of you may know, in August I accepted a position with VMware as a TAM (Technical Account Manager). Working for VMware is everything you can imagine: exciting, crazy, fun, busy, and there are way too many shiny objects to chase. You can't possibly chase them all. Anyway, I'll write more about working for VMware later.

Home Lab Part 2 - New ESXi Server

My first home lab server is a 1U SuperMicro X7DBR-E 2x Xeon E5440 2.83ghz Quad Core with 32 GB of RAM. I bought it off of eBay for less than $200. It has worked well for a starter home lab but it is time to add on.

One thing I did not like about the rack mount 1U server is the noise level. So when I thought about adding on, this was my first requirement. The rest of my requirements were pretty simple. I have one goal with my home lab. That goal is to get some stick time with all of VMware's software so that I can better support my customers. It doesn't need to run at top speed but I don't want it to slow down my testing either. Enterprise class rack-mount servers don't usually take into account power consumption. At home I don't need my power bill going crazy for a home lab testing. So low power consumption is important.

So here were my requirements:


  1. Silence
  2. Low power consumption
  3. Capable of running ESXi 6.x
  4. Enough network ports to run NFS\iSCSI on independent ports
  5. IP KVM
  6. 32 GB of RAM or more


After much research I chose to build my own server from scratch. Here is my parts list.

Supermicro A1SRi-2758F
http://www.newegg.com/Product/Product.aspx?Item=N82E16813182855

Kingston 32 GB RAM
http://www.newegg.com/Product/Product.aspx?Item=N82E16820239958

RaidMax Case
http://www.newegg.com/Product/Product.aspx?Item=N82E16811156340

First of all, this is the first time I have ever seen a mini ITX motherboard. Wow, these things are tiny!
Here is a picture of mine in the case with a dollar bill for size reference. Notice there are no fans on the motherboard as the cooling is completely passive.


This is what it looks like in the ESXi fat client.


There is one fan on the case at the back and it is completely silent.  The spinning hard drives in my Synology are the loudest thing in my home lab now. The old 1U rack-mount server has been moved to the garage because it was too loud to be in my home office.



Power consumption was a big deal for me also. So, because I am a geek, I ,of course, have a Kill a watt to measure the power consumption of all my electronics.


Here is the power consumption while it is running at 5ghz and 23GB RAM used.
27 Watts!

So far this server is perfect for my home lab and hopefully VMware will continue to support the Intel Atom processor. I will be sure to ask engineering for continued support, now that I work for VMware ;-)
I love the motherboard and all the features that it comes with.
The IP KVM was all I needed to install ESXi 6. I didn't have to load any custom drivers at all everything is a native load of ESXi 6.

Couple of things to note.
I installed ESXi onto a USB Stick. So this server is currently setup to boot from USB.
It has 2x SATA3 6Gbps ports and 4x SATA2 ports 3Gbps, ESXi does recognize them on a native install of ESXi 6. I currently don't have any drives to plug into it to test it with. Right now all I need is my Synology NAS, Though at some point I would like to play with VSAN. Sounds like a future blog post.

Thats all for now.
drop any questions in the comments below.

Heath

Thursday, July 30, 2015

VMware Home Lab - Part 1



Since I started working for a VMware partner in March, I have slowly been building my home VMware lab. My most recent addition has been a new layer 3 switch. I needed layer 3 switching so I could setup VMware NSX in my home lab with multiple VLANs and fully test micro-segmentation. I made a quick list of requirements for what I was looking for in a switch before I went hunting.

My Requirements


  • Silence - (Fan-less design)
  • Low power consumption - (This switch is rated to draw 110V=19.8W)
  • Enough ports to operate 3 or 4 hosts with 4 - 1GB NICs each and my Synology NAS 415+.
  • Support for VLANS
  • Support for LACP/LAG
  • Layer 3 routing
  • Low cost
After doing some research online, I decided on the Cisco SG300-28. It gave me the most ports possible and still remaining fan-less and meeting all of my other requirements. The price was right too, I caught a sale online and was able to purchase it for $318. That comes out to $11.35 per port. Not bad for all these features.

The switch has a CLI interface that is very similar to a Cisco Catalyst switch. It also comes with a nice GUI web interface for configuring it as well. So it keeps all admins happy.

One big gotcha that I ran into right away is that by default layer 3 mode is disabled. Below is the setting in the web interface to enable layer 3. 

After getting the switch setup in layer 2 mode I went to enable layer 3 and this neat little warning comes up. As Lenny Pepperbottom would say How neat is that?

So, after configuring all of my settings enabling layer 3, this switch deletes your config and starts over from scratch. Great switch, but that's rather annoying. But it gave me extra practice on setting the switch up again.

Next time I'll talk about how I enabled Link aggregation on my ESXi hosts and also enabled LACP on my Synology NAS array.







Monday, July 20, 2015

Audit your guest VM's to check for unused Advanced VM Settings

I'm a big fan of using PowerShell in VMware systems management. Whenever I have a long repetitive task I look for a way to script it so I can speed up the process.

I was working on some security auditing tasks and one of the requirements in the VMware hardening guide is to make sure that none of your VM Guests have any advanced settings that may be left over from VMware Workstation or VMware Fusion. VMware actually says that security conscience organizations should explicitly disable these settings.

See VMware hardening recommendation here.
http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-60E83710-8295-41A2-9C9D-83DEBB6872C2.html

In any environment it would take a long time to check every VM one at a time and look for all of these settings.

I did some research and put together a few script that can check every guest VM and look for all of these settings and export the findings into a single .csv file to sort. This is a great tool to help you audit your enviroment, and provide proof to your security team.

Disclaimer, I'm not an expert PowerShell coder. I'm sure there are more efficient ways to do this. Feel free to drop a comment on how to make this code better.
All code is downloaded and used at your own risk. Be sure to understand what the code is doing.

Below is the PowerShell script needed to run this audit.

 
# Change as needed to connnect to a different Virtual Center
Connect-VIserver yourvcentername

#Define Which Cluster to scan
$Cluster = yourclustername

#define the Settings you want to look for in each VMX file
$AdvSettings = "tools.guestlib.enableHostInfo","isolation.tools.ghi.autologon.disable","isolation.bios.bbs.disable","isolation.tools.getCreds.disable","isolation.tools.ghi.launchmenu.change","isolation.tools.memSchedFakeSampleStats.disable","isolation.tools.ghi.protocolhandler.info.disable",
"isolation.ghi.host.shellAction.disable","isolation.tools.dispTopoRequest.disable","isolation.tools.trashFolderState.disable","isolation.tools.ghi.trayicon.disable","isolation.tools.unity.disable","isolation.tools.unity.disable","isolation.tools.unityInterlockOperation.disable",
"isolation.tools.unity.push.update.disable","isolation.tools.unity.taskbar.disable","isolation.tools.unityActive.disable","isolation.tools.unity.windowContents.disable","isolation.tools.vmxDnDVersionGet.disable","isolation.tools.guestDnDVersionSet.disable"

#Create the Column Header
$CreateColumnHeader ="Name", "Key", "Setting"
$psObject = $null

$psObject = New-Object psobject

foreach($o in $CreateColumnHeader)

{
Add-Member -InputObject $psobject -MemberType noteproperty -Name $o -Value $Null
}

$psObject|Export-Csv  .\Output.csv -NoTypeInformation


#read each VMX file,and export results to csv file
Foreach ($AdvSetting in $AdvSettings)
{
Get-Cluster $Cluster | Get-VM  |Select Name, @{N="Key";E={$AdvSetting}}, @{N="Setting";E={($_ | Get-AdvancedSetting -Name $AdvSetting).Value }} | ConvertTo-Csv | Select-Object -Skip 2 | Out-file -Append -FilePath .\Output.csv -Encoding ASCII
}


Friday, July 10, 2015

Don't forget to check the HCL

A few weeks ago I had a customer that implemented some new hardware into their VMware enviroment. They ran into some major problems with VMotion.

 Now your probably thinking they purchased some commodity hardware that was completely unsupported. Actually they purchased some brand new HP DL380 Gen 9 servers. All the components in this server are in the HCL. In fact the version of VMware that they were running is still fully supported by VMware.

So where did they go wrong?
If you check the VMware HCL for a HP DL380 Gen 9 server you will see that it is supported for ESXi versions  5.1 - 6. My customer was running version ESXi 5.0. The customer was able to install version 5.0 and get it running without issue. Where they ran into problems was with VMware EVC mode and VMotion.

What is EVC  mode?
EVC mode is a software solution for a hardware problem. Intel and AMD CPU's are constantly changing and adding new features and instruction sets with each new"family" or generation of CPU's.
This is a problem for VMware Virtualization when you use VMotion. With VMotion all servers in a cluster must have the same exact CPU instruction sets available. If they don't and a VM guest is using a newer instruction set it will not be able to be moved to a older CPU without that doesn't have that feature. The solution that VMware came up with is EVC mode. Turning this feature on in your cluster "masks" or hides the instruction sets of the new CPU's and only allows the VM Guests to see instructions that are the same across all the hosts in a cluster.

Back to the Customers Issue
For my customer they were running one older HP DL380 Gen 8 server that had a Sandy Bridge Intel Processor. EVC mode was enabled and running as "Sandy Bridge Mode", however EVC mode in version 5.0 is not compatible with  a new Intel Haswell processor. In fact older versions of EVC doesn't even know about the new instruction sets that are available in Haswell or Ivy Bridge. Because of this EVC didn't even know how to mask or hide them. With EVC mode enabled is seemed to work for a little while, but the customer learned that they could only VMotion from the Gen8 host to the Gen9 host, not the other way around. It was a one way trip. If they tried to move a VM guest from a new host to an old host, this Error occurred.



The Fix
After doing some research on the issue I checked the HCL for the Gen 9 HP server and discovered that it was not compatible with ESXi 5.0. So we proceeded to upgrade Virtual Center and the ESXi hosts to version 5.5. After completing the upgrade and enabling EVC mode in the cluster again. Along with a hand full of cold boots of VMware Guests, the issue was resolved.

When your making any hardware changes, always check the HCL first.

VMware Hardware Compatibility List
http://www.vmware.com/resources/compatibility/search.php



Level up - Taking your career to the next level

Leveling up is widely known as a video gaming term for moving up to the next level and becoming a bigger, faster, stronger player. I used to...