vSphere 6.0 Toolkit Update

In my new role at Nutanix I’ve had the pleasure of working with end customers, and configuring their vSphere 6.0 environment. During this process, SSL certificates have come up. Surprisingly, thus far my clients have chosen the VMCA method of deploying certificates. This is great, as it automates certificate deployments in a vSphere 6.0 environment. Even with the VMware certificate tools, there are some manual steps for configuring the VMCA. My vSphere 6.0 toolkit automates most of those steps.

However, while going through the process we stumbled upon a slight bug in my Toolkit when using an intermediate certificate authority. I’ve since fixed that bug, and uploaded the latest vSphere 6.0 SSL Toolkit here.

I’ve been exceptionally busy the last few months, which is why blogging and updating the Toolkit script has taken a back seat. But I did want to get this script update pushed out so other customers don’t run into VMCA problems.

If you are unfamiliar with my vSphere 6.0 SSL Toolkit, then read up on my full vSphere 6.0 installation series here.

VMworld 2015: vSphere 6.1 Upgrade & Deployment Pt. 1

Session INF4944

Goal: Deliver and enhanced customer experience for deploying and upgrading vCenter environments.

vCenter server 6.0 platforms: Windows and VCSA support the same scale and performance

Enhanced Linked mode is brand new in 6.0 and supported on Windows or VCSA. Policies and tags are now supported in Linked Mode.

Deployment Models

  • PSC is no longer just SSO, but adds certificates and licensing
  • PSC supports data replication
  • Embedded deployment: PSC and vCenter running on single VM
  • External PSC: vCenter and PSCs on separate VMs
  • vCSA is the recommended deployment package

vCenter Server Install

  • Both Windows and VCSA have similar simplified installs.
  • Supports GUI or scripted installs
  • Simple

vCenter Best Practices

  • Sizing
  • Windows OS and DB compatibility
  • Use FQDN
  • vCSA install target will support vCenter and ESXi in 6.0 U1
  • Time sync is important
  • DNS forward and reverse lookups
  • If using VDS use ephemeral port group
  • Ensure routing works

vCenter Server Upgrade

  • Multi-stage process: SSO/PSC, vCenter, ESXi, VMs, VMFS/VDS
  • Order is important KB2109760
  • Don’t forget about plug-ins, add-ons, VMFS, VDS, etc.
  • Approach upgrades with a holistic view of your infrastructure
  • vCSA upgrade is migration based and required temporary IP
  • Windows vCenter upgrade is in-place

Upgrade Paths

  • Windows Server – From 5.0 on up is supported. Prior to 4.0 you need to upgrade to 5.x.
  • vCSA upgrade from 5.1 later only

Upgrade best Practices

  • Sizing – 6.0 is larger.
  • Windows OS and DB compatibility
  • VCSA Oracle DB deprecation (use embedded DB)
  • Backup DB and VM prior to upgrade
  • Stick to recommended topologies
  • Time sync is very important
  • DB password issues: don’t use dash, question mark, underscore, left paren, equal, exclamation

Repointing from embedded deployment to external PSC – In 6.0 U1

  • First upgrade to 6.0 U1
  • Then deploy external PSC and replicate with embedded PSC
  • Repoint VC to the external PSC

vCSA Management UI (U1)

  • https://vcsa IP/:5480

PSC Management UI (U1)

  • https://PSC IP/psc


Ready, set, go! Download vSphere 6.0 NOW

After some teasing at VMworld 2014, and a few more sessions at PEX 2015, vSphere 6.0 is finally available for download! If you are in a big hurry to download, here are some useful links. vSphere 6.0 release notes can be found here. As always, TEST TEST TEST before putting this into production.

Also remember that I’m working on a long vSphere 6.0 install/configure series of blog posts, along the lines of what I did for vSphere 5.5. Now that vSphere 6.0 is GA, expect to see new posts on a more frequent basis. I’m also working on a new version of my vCenter SSL toolkit, which will debut sometime in the coming month.

Primary Download Links:

ESXi 6.0 and related ISOs
HP ESXi 6.0 Installer ISO
vCenter 6.0 for Windows and Appliance
PowerCLI 6.0
vSphere 6.0 Replication
Data Protection 6.0
VSAN 6.0


vSphere 6.0 Documentation (Full ZIP)
vSphere 6.0 PowerCLI Documentation

Related products also updated today:

VMware vRealize Automation 6.2.1
Site Recovery Manager 6.0
vRealize Infrastructure Nagivator 5.8.4
vCenter Operations Manager 5.8.5 in Virtual Appliance
vRealize Orchestration Appliance

VMware Horizon 6.1 (Release notes)
VMware Integrated OpenStack

Have fun!

vSphere 6.0 Install Pt. 1: Introduction

At VMworld 2014 VMware revealed bits and pieces of what’s new in vSphere 6.0. A lot of information was still under NDA and not disclosed, so attendees didn’t get the full picture of the new virtualization platform. But now that it’s announced, all can now be revealed. Unlike the last several years where the release has been in the fall of each year, this release cycle has been extended. Hopefully some extra QA was involved, so there aren’t so many issues with the GA release.

I’ve created a shortened permalink that you can use for quick reference: vexpert.me/Derek60 for this series. Feel free to use however you like…PowerPoint slides, email, etc. If you find this series helpful, please spread the word. This will be very similar to my vSphere 5.5 series, where we walk through some of what’s new, installation process, SSL certificate replacement, and other processes. The articles will be released slowly over the next couple of months.

Series Agenda

Like my vSphere 5.5 series it will cover at least the following topics:

  • Upgrade or fresh install?
  • Deep dive on the Platform Services Controller (PSC)
  • vCenter upgrade best practices and tips
  • ESXi upgrade best practices and tips
  • Right sizing your Windows vCenter VM
  • VMware Certificate Authority (VMCA)
  • Creating vCenter SSL certificates
  • Using a SQL 2012 AlwaysOn Failover Cluster for the vCenter database
  • Installing the full vCenter stack of software on Windows
  • Configuring VUM
  • ESXi host SSL certificate replacement
  • Deploying the vCenter Server Appliance (VCSA)

While I have two entire blog posts dedicated to upgrade best practices and tips, the step-by-step instructions will assume a fresh install. This is the VMware recommended approach, but doesn’t work for everyone. Upgrade how-to’s are complex, IMHO, since customer configurations will wildly vary. This is particularly true with SSO and the many deployment options, coupled with little VMware best practices around SSO.

Blog Series

vSphere 6.0 Install Pt. 1: Introduction
vSphere 6.0 Install Pt. 2: Platform Services Controller
vSphere 6.0 Install Pt. 3: Certificate Management
vSphere 6.0 Install Pt. 4: vCenter Upgrade Best Practices
vSphere 6.0 Install Pt. 5: ESXi Upgrade Best Practices
vSphere 6.0 Install Pt. 6: Install Windows PSC
vSphere 6.0 Install Pt. 7: Config SQL DBs
vSphere 6.0 Install Pt. 8: Toolkit Configuration
vSphere 6.0 Install Pt. 9: SSL Templates
vSphere 6.0 Install Pt. 10: Install VCSA PSC
vSphere 6.0 Install Pt. 11: VMCA as Subordinate
vSphere 6.0 Install Pt. 12: PSC Machine Certificate
vSphere 6.0 Install Pt. 13: Directory Services Certificate
vSphere 6.0 Install Pt. 14: Windows vCenter Install
vSphere 6.0 Install Pt. 15: VCSA vCenter Install
vSphere 6.0 Install Pt. 16: User Solution Certificates

Permalink to this series: vexpert.me/Derek60
Permalink to my Toolkit script: vexpert.me/toolkit60

Database Support

VMware now officially supports SQL 2012 AlwaysOn failover clusters (using shared storage) for the vCenter database. It does NOT support AlwaysOn Availability groups or database mirroring. To that end I recently wrote a soup to nuts guide (12 parts) on how to install a SQL 2012 Failover Cluster on Windows Server 2012. If that’s something you want to do, you can dive head first into that while waiting on me to post the next vCenter installation installments. Many of you may not be clustering experts, so it should be enough to get you all the way up, with a ton of best practices incorporated. Here’s a quick reference chart for all of the SQL 2012/2014 HA/DR options.

9-29-2013 5-44-04 PM

Derek’s Toolkit Script

This year I’ve updated my PowerShell Toolkit script that I cover in-depth in a future post, which takes most of the pain away in creating your certificate requests and making the files the VMware certificate automation tool needs. As I go through the series it will also do tasks like creating your ODBC connectors. The script will be updated on a regular basis. A screenshot from my 6.0 tool will be available in the coming weeks, as it gets developed when VMware GAs their code.



You can also download the latest version at: vexpert.me/toolkit60 (coming soon)


As I add new installments to the series this landing page will be updated with links to each part. Feedback is always welcome, so leave comments about your experiences. This can help other people that may have the same problem. One last comment…and I can’t stress this enough. You must, must, must read the vSphere 6.0 release notes.

You can find the next part in this series, the Platform Services Controller, here.