Nutanix AOS 5.0.1 enabled for 1-click upgrades

Earlier this year Nutanix released AOS 5.0, which contained dozens and dozens of new features and enhancements. As Nutanix customers know, we have 1-click upgrades for AOS. Prism will automatically notify you when there is an updated AOS version available. While customers can immediately download new releases from the portal and use 1-click upgrades, Nutanix delays the automatic notification on major releases until the first maintenance release comes out. This allows customers that want the absolute latest code to download it manually, but gives more conservative customers time for the release to mature before it’s automatically downloaded by Prism.

As of this week, AOS 5.0.1 will now automatically appear in Prism as a 1-click upgrade option. So if you have been holding off on AOS 5.0 until the first maintenance release, you need not wait any longer. Check Prism for software updates and you should see AOS 5.0.1 available.

Released: Nutanix AOS 4.7.5 and other tools

Nutanix has released an updated version of the AOS 4.7 family, which is now bumped up to AOS 4.7.5  If you have already upgraded to AOS 5.0.x, which came out earlier this year, you can ignore this post. Those of you with Nutanix support portal access can download the 4.7.5 release notes here. Since this is a minor release, it’s mostly bug fixes and minor new features. One new feature that is noteworthy, is a new 1-click SATA-DOM firmware upgrade feature for Nutanix NX and Dell XC platforms with hypervisors other than Hyper-V. Nutanix takes security extremely seriously, and as such, this update addresses a variety of CVEs. So even if the new features or other bug fixes don’t seem all that interesting, personally I would recommend the upgrade due to the security patches.

In addition to AOS 4.7.5, minor revs to related products are out as well:

  • Prism Central 4.7.5 can be downloaded here. The Prism Central release notes are available here and the Upgrade Guide is available here.
  • Nutanix Cluster Check (NCC) is now at version 3.0.0.2. It can be downloaded here and the release notes can be found here.
  • Foundation 3.7, which is the Nutanix Cluster deployment tool, is now out. Download Foundation 3.7 here and read the release notes here.
  • AHV version 20160601.50 which can be downloaded here and the upgrade instructions can be found here.

Nutanix customers really enjoy the 1-click upgrade for many components, so when we release a new batch like this, it takes minimal time to update the environment. And no VM downtime is required, which makes scheduling maintenance windows easier.

Microsoft SQL 2016 Unattended Install

Continuing my 2017 series on unattended Microsoft SQL installs, this post will cover SQL 2016 on Windows Server 2012 R2. If you want the unattended install for SQL 2012, check out my post here or for SQL 2014, go here. I’m using the same drive configuration for SQL 2016, as I did for 2014. These drives are:

C: OS
D: SQL Binaries
K: SQL Databases
L: SQL Logs
T: TempDB
Z: CD-ROM

So let’s get started on getting SQL 2016 installed via an unattended script. New to SQL 2016 is the removal of the .Net Framework 3.5 dependency. However, you must be running SQL 2016 CU2 or later per this KB article to resolve a database mail issue. You can easily install the baseline SQL 2016 via this unattended install, then download and install the latest CU or Service Pack afterwards. I’m assuming you have your various drives mounted, formatted, and ready to go. Next, download the two files below and save them to the root of your D drive.

SQL-2016-base.ini
SQL-2016-base.cmd

1. Open the SQL-2016-base.ini file with your favorite editor and modify all of the paths. They are sprinkled throughout the file, so be sure to check every line. New to SQL 2016 is the ability to customize TempDB files during the installation process. This allows you to follow SQL best practices and optimize the performance of SQL out of the gate. This is a great improvement. As you can see from the snippet below, there are various TempDB parameters you can tweak. All environments are different, so adjust these parameters as necessary.
2017-03-01_13-39-242. Save the ini. If your CD-ROM is not using the Z: drive, open the SQL-2016-base.cmd file and change the path as needed. If you aren’t using a D drive and have these scripts elsewhere, change the path to the ini file.

3. Open a command prompt and run the SQL-2016-base.cmd file with an argument of the group which you want to be added to the SQL studio to administer the instance. Use the format domain\group. If you just want a local group, you can use BuiltIn\Group. Note: This is a change from SQL 2012/2014 where you could use MachineName\Group.

2017-03-01_13-44-124. Sit back and relax, and give it 10 minutes or more. You will see the SQL installer GUI flash through various screens in an automated fashion. If the install was successful, at the end you should see the following status. Setup result 3010 means you need to reboot the VM. Reboot the VM now. If you don’t reboot with the setup code 3010, then the next piece we install will fail.

2017-03-01_13-45-265. Unlike previous versions of SQL, the main installer no longer has the SQL Studio components. So you can’t perform a single unattended install and come away with a working SQL Studio configuration. So, go back to the mounted SQL 2016 ISO and click on Setup.

6. In the left pane click Installation. In the right pane, click on Install SQL Server Management Tools. This will not launch the tools installer, but will rather redirect you to a Microsoft webpage here to download the latest version of the SQL management studio.

2017-03-01_13-48-41

7. After the download has completed, I find it best to launch it the old fashion way and use the GUI. Click through the wizard and wait for the install to complete. If you do want to launch it via the command line, you can use the following switches:

SSMS-Setup-ENU.exe /install /passive /norestart /log log.txt

However, there is no visual indication of what is going on and the command appears to instantly complete. So the only way you know what’s going on is by looking at the log and waiting for the install to complete. Frankly, I’d rather watch a GUI than monitoring a log file.

And there you go! Due to Microsoft changes in the installer, installing SQL 2016 is slightly harder due to the separate SQL Management Tools installer. But, even so, that’s only an extra 5 minutes of work.

Microsoft SQL 2014 Unattended Installation

Continuing my 2017 series on unattended Microsoft SQL installs, this post will cover SQL 2014 on Windows Server 2012 R2. If you want the unattended install for SQL 2012, check out my post here. I’m using the same drive configuration for SQL 2014, as I did for 2012. These drives are:

C: OS
D: SQL Binaries
K: SQL Databases
L: SQL Logs
T: TempDB
Z: CD-ROM

So let’s get started on getting SQL 2014 installed via an unattended script. First, SQL 2014 requires .NetFramework 3.5. Unfortunately, in the basic Windows Server 2012 R2 install, this is an optional feature that is not installed. Frankly I think the easiest way is via the GUI, although you can use PowerShell as well.

  1. Open the Add Roles and Features wizard.
  2. Click through the wizard until you get to the Features section.
  3. Expand .Net Framework 3.5 Features and tick the box next to .NET Framework 3.5. 2017-02-28_14-52-04
  4. Click Next, then enter the path to the .Net Framework 3.5 binaries. At this point, mount your Windows Server 2012 R2 ISO to the VM, then use the path CD-Drive:\sources\sxs2017-02-28_14-53-34
  5. Wait for the installation to complete, and just to be safe, reboot the VM.

At this point .Net Framework 3.5 is installed, and I’m assuming you have your various drives mounted, formatted, and ready to go. Next, download the two files below and save them to the root of your D drive.

SQL-2014-base.ini
SQL-2014-base.cmd

Open the SQL-2014-base.ini file with your favorite editor and modify all of the paths. They are sprinkled throughout the file, so be sure to check every line. Save the ini. If your CD-ROM is not using the Z: drive, open the SQL-2014-base.cmd file and change the path as needed. If you aren’t using a D drive and have these scripts elsewhere, change the path to the ini file.

6. Open a command prompt and run the SQL-2014-base.cmd file with an argument of the group which you want to be added to the SQL studio to administer the instance. Use the format domain\group. If you just want a local group, you can use MachineName\Group.

2017-03-01_12-41-26   7. Sit back and relax, and give it 10 minutes or more. You will see the SQL installer GUI flash through various screens in an automated fashion. If the install was successful, at the end you should see:

2017-02-28_16-02-58

And there you go! If you are installing multiple SQL servers using the same configuration, I highly recommend the unattended method.

Microsoft SQL 2012 Unattended Installation

A few years ago I wrote a blog post detailing an unattended SQL 2012 installation process. That article needs a bit of updating, so I’m creating a fresh post. I will also follow up on this post with SQL 2014 and SQL 2016. This time around I’m using Windows Server 2012 R2, and giving you direct download links to my example files. Customers were telling me that cut/paste from the blog resulted in strange quotes in some languages, which had to be replaced with regular quotes. This unattended script will install a basic SQL 2012 server. If you wish to install additional components, then you can modify the .ini file. Before you rush through the installation, you will need to modify the .ini file which you download. At the minimum, change the paths to your desired locations. In my script I’ve used multiple drives:

C: OS
D: SQL Binaries
K: SQL Databases
L: SQL Logs
T: TempDB
Z: CD-ROM

So let’s get started on getting SQL 2012 installed via an unattended script. First, SQL 2012 requires .NetFramework 3.5. Unfortunately, in the basic Windows Server 2012 R2 install, this is an optional feature that is not installed. Frankly I think the easiest way is via the GUI, although you can use PowerShell as well.

  1. Open the Add Roles and Features wizard.
  2. Click through the wizard until you get to the Features section.
  3. Expand .Net Framework 3.5 Features and tick the box next to .NET Framework 3.5. 2017-02-28_14-52-04
  4. Click Next, then enter the path to the .Net Framework 3.5 binaries. At this point, mount your Windows Server 2012 R2 ISO to the VM, then use the path CD-Drive:\sources\sxs2017-02-28_14-53-34
  5. Wait for the installation to complete, and just to be safe, reboot the VM.

At this point .Net Framework 3.5 is installed, and I’m assuming you have your various drives mounted, formatted, and ready to go. Next, download the two files below and save them to the root of your D drive.

SQL-2012-base.ini
SQL-2012-base.cmd

Open the SQL-2012-base.ini file with your favorite editor and modify all of the paths. They are sprinkled throughout the file, so be sure to check every line. Save the ini. If your CD-ROM is not using the Z: drive, open the SQL-2012-base.cmd file and change the path as needed. If you aren’t using a D drive and have these scripts elsewhere, change the path to the ini file.

6. Open a command prompt and run the SQL-2012-base.cmd file with an argument of the group which you want to be added to the SQL studio to administer the instance. Use the format domain\group. If you just want a local group, you can use MachineName\Group. 2017-02-28_15-26-36   7. Sit back and relax, and give it 10 minutes or more. You will see the SQL installer GUI flash through various screens in an automated fashion. If the install was successful, at the end you should see:

2017-02-28_16-02-58

And there you go! If you are installing multiple SQL servers using the same configuration, I highly recommend the unattended method.

VMworld 2016: vCenter Performance

Session: INF8108

Teaser: 5.5 to 6.0 is 300% faster for vCenter operations From 6.0 to 6.5(?) is another 100% higher.

HTML5 vs. Flex client: Shows a chart with dramatically faster HtML5 performance over Flash client.

VCSA vs. windows – When you have a datacenter with heavy load the VCSA far out performs Windows vCenter.

Why move to multiple vCenters?

  • Concurrency
  • Business separation?
  • Geography
  • VDI vs. server workloads
  • Large inventory
  • If VC is 70% CPU or memory, split it

Future: External load balancer will be built-in when using multiple vCenter servers. No more external load balancer needed.

Multi-site

  • When? If latency is 40ms or greater between sites.

PSC Performance Considerations

  • Default size of 2 vCPU and 4GB is sufficient for a majority of customers

vCenter Server Performance Considerations

  • vCenter can accept 2000 concurrent sessions – hard limit
  • VPXD can handle 640 tasks before they get queued – another hard limit
  • Per-host and per-datastore limits: A host can perform up to 8 provisioning operations at once.
  • A datastore can perform up to 128 vMotions at once
  • A datastore can perform up to 8 storage vMotions at once
  • A 10Gb NIC allows a host to do 2x more vMotions than a 1Gb NIC
  • Latency between vCenter and hosts (ROBO) is not a huge issue.
  • Latency between vCenter and the database can impact performance (>10ms)

Impact of Changing Stats level on DB/network traffic

  • Changing between level 1 and level 2, there is a 4x increase in storage/network usage
  • Changing from level 2 to level 3 is another 2x increase

Database Performance

  • Occasional 3-4s query time is fine
  • 10s or more queries are BAD

Is something slow?

  • Check memory/heap size of vSphere-client process on vCenter
  • Memory/CPU of machine running web browser
  • Are plugins functioning?
  • Connection between browser and vCenter
  • vCenter CPU should not exceed 70% on average (spikes are perfectly normal)

If using Windows vCenter, use the SysInternals Process explorer to map Java processes to vCenter services

For VCSA use VIMtop to look at performance

If you increase VCSA memory, heap sizes will automatically be increased upon reboot.

 

VMworld 2016: What’s new with vSphere

Session: INF8375

What happened since VMworld 2015?

  • End of availability of C# client in next major release
  • HTML5 web client fling
  • 6.0 U2 – Q1 2016
  • Pricing and packaging changes – No more vSphere “enterprise” edition, or vSOM standard and enterprise.
  • End of sale of vSphere 5.0 and 5.1 (August 24, 2016)
  • Open source of PowerShell by Microsoft. Future PowerCLI for Mac/Linux.
  • Unix to Linux Migration

Tech Previews

  • vCenter Server Appliance migration tool from Windows vCenter
  • vCenter Install, Upgrade and Patching – Enhanced patching (VUM replacement)
  • vCenter High availability – RTO < 10 minutes (active/passive)
  • VM Level encryption – Encrypted VMDKs and configuration files
  • Automation – Predictive capability in DRS. Evolves DRS to use vRealize operations data.
  • Proactive HA – Detects potential host issues and evacuate host prior to failure.
  • Network aware DRS
  • HTML5 Client

New Friends Coming Online

  • vSphere Integrated Containers – Native docker interface, container management portal, container registry.
  • VMware Integrated Open Stack 3.0
  • Photon Platform – Web-scale enterprise container infrastructure. Scales to 1000s of nodes, 1Ms container

VMworld 2016: VM and App Protection

Session: INF8939

4 Step Program for Success

  • Define – Gather requirements – RPO/RTO
  • Research and design – look at various technologies
  • Acquire and implement – Document
  • Test and operate – Continuous testing, continuous research

Disaster recovery and business continuity

  • DR is recovery of data
  • BC is the full business process of recoverying

Define Requirements

  • What are you  trying to protect? apps, VMs, DBs, etc.
  • What are you protecting against? data loss, data corruption, disaster, etc.
  • What is your RPO? zero, minutes, hours, days
  • What is your RTO?
  • How long do I need to keep data? retention policy, archiving, etc.

Protection Tiers

  • Tier 1 – mission critical
  • Tier 2 – Required for longer term business continuity
  • Tier 3 – Nice to have but not required

Tape Backup

  • Cheapest medium
  • RPO of hours to days
  • RTO – depends on how much data
  • Good for archival/long term retention

Hardware Snapshots

  • Snap/restore data in seconds from GB to TB
  • Application consistent storage snapshots – not needed for all VMs
  • Data on primary storage can be expensive

Array Replication

  • Async or sync
  • Only changed data sent
  • Flexible RPO options
  • RTO is based on how data is restored

Site Recovery Manager

  • Integrates with vSphere for site failover
  • Able to test and re-test
  • Requires array integration

Continuous Data Protection

  • Flexible RPO options
  • RTO based on amount of data
  • Only changed data sent

Disk-2-Disk

  • May be appliance or software based
  • Most  integrate with traditional backup
  • Integrates with CDP

Cloud/Hybrid

  • Typically continuous backup so low RPO
  • Backup and recovery limited by bandwidth
  • May have longer recovery times
  • Can take a long time to seed backups

vSphere Metro Cluster

  • Zero RPO/RTO (time to restart apps is  not zero)
  • Great for site protection
  • Layer 2 stretching
  • No application specific backup/restore

Fault Tolerance

  • Limited in supported vCPUs
  • Requires high bandwidth between hosts
  • Does not protect against OS/App failures

 

VMworld 2016: Extreme Performance: DRS

Session INF8959

300,000 vCenter deployments, 94% with DRS enabled

Quick Facts

  • Faster power on for large clusters: 6.5 is 3x faster than 5.5 and 6.0.
  • 5x lower CPU utilization in 6.5 than previous versions
  • 6.5 has better VM placements

DRS ensures resource availability – DRS does this in two ways

  • Effective initial placement – Use the right host
  • Efficient load balancing – Moving VMs to different hosts
  • DRS collects 20 VM performance metrics and 5 host metrics – CPU ready time, memory swapped, memory active, shared memory, CPU used max, CPU used average
  • Application performance is the primary goal of DRS

Factors Impacting DRS Performance

  • Migration threshold – Left makes it less aggressive
  • Rules — Too many rules may prevent DRS balancing the cluster
  • Reservations, limits, shares – Do not set reservations unless absolutely necessary
  • VM Overrides – Custom DRS settings for a VM.

DRS Faults

  • When DRS tries to fix something, but can’t.

DRS Performance Case Studies

  • Case 1:  How does DRS react to spikes in workload? DRS reacts to spikes and will move loads.
  • Case 2: Does DRS prefer moving heavy or light VMs? DRS prefers to move medium workloads to restore balance faster.
  • Case 3: Why is memory utilization not balanced? DRS considers active memory+ 25% of idle memory.  It will not perfectly “balance” memory across all hosts.

Observations

  • Always right size your VMs
  • Occasional swapping is not bad, constant swapping is bad

 

VMworld 2016: vSphere Encryption Deep Dive

External Threats

  • Nation states, profit motive, highly skilled, social engineering

Internal Threats

  • Snowden.
  • Admins who abuse privileges
  • Physical access to data

VMware’s Vision for security – Secure Access, Secure Infrastructure, Secure Data

VM Encryption Preview

  • Encryption managed via storage policies – Encryption done in ESXi kernel, uses AES-NI, and uses XTS-AES-256.
  • No modification within the guest. VM agnostic.
  • Policy driven. Full support of vMotion and vMotion is encrypted.
  • Uses an external KMS (KMIP compliant)
  • VMDKs are encrypted along with external files such as VMX, snapshots, etc.

Who manages VM encryption?

  • Security admin will manage your KMS and keys
  • Subset of vSphere admins will manage encryption within vSphere

vCenter RBAC has been enhanced for granular encryption control. For example, prevent admins from downloading encrypted VMDKs or opening a console to an encrypted VM.

Key Managers

  • KMIP 1.1 compliant key managers
  • Tested a variety such as Thales, HyTrust, etc.

Key Management Best Practices

  • KMS keys are pushed to all hosts for HA purposes
  • Multiple key managers are supported
  • Expired keys will not be used for new encryption operations. No deep re-encryption needed with new VM key. Shallow re-key operation.
  • No KMS means no booting of encrypted VMs
  • KMS needs to be as reliable as DNS. It must be highly available.

Core Dumps

  • Core dumps are encrypted with a host key
  • Logs are not encrypted
  • You can re-encrypt the core dump with a password (e.g. GSS support needs)
  • Always collect support bundle with a password
  • Uses OpenSSL for core re-keys

Backup, Restore and VM Best Practices

  • SAN mode backups are not supported (use hot-add).
  • No API changes for backup products
  • Backup proxy VM must be encrypted.
  • Backup service account needs cryptographer.directaccess permission
  • Backup data is not backed up encrypted
  • Have a policy in place to re-encrypt a restored VM
  • Backup solution should provide its own encryption solution
  • Don’t encrypt vCenter or your PSCs

Encrypted vMotion

  • 3 modes: Disabled, Opportunistic, Required
  • Configure vMotion encryption from vCenter GUI
  • One-time usage key for each vMotion
  • Set vMotion encryption via PowerShell as well

 

© 2017 - Sitemap