What to check before upgrading to vSphere 6.5

Last week vSphere 6.5 was released (GA). This release has a lot of new cool features (see this link for more information). In the past I saw vSphere environments that are upgraded without proper preparation resulting in a rollback because compatibility issues with hard-or software. So I created a simple list with steps to check before upgrading to vSphere 6.5:

  • Check the hardware against the VMware Compatibility Guide, link
    • There is a PowerCLI script to check the hardware against the VMware Compatibility Guide, link
    • Devices deprecated and unsupported in ESXi 6.5, link
  • Check if all vSphere products are supported by vSphere 6.5. The following product are not supported yet (when writing this blog):
    • VMware NSX
    • VMware Integrated OpenStack
    • vCloud Director for Service Providers
    • vRealize Infrastructure Navigator
    • App Volumes
    • Horizon Air Hybrid-Mode
    • Integrated OpenStack
    • vCloud Networking and Security
    • vRealize Business for Cloud
    • vRealize Configuration Manager
    • vRealize Hyperic
    • vRealize Networking Insight
  • Check the “Important information before upgrading to vSphere 6.5 article, link
  • Check the update sequence for vSphere 6.5 and its compatible VMware products, link
  • Check if all the third-party products are supported by vSphere 6.5. For example last week Veeam Backup & Replication 9.5 is released. This release has no support yet for vSphere 6.5. Veeam Availability Suite 9.5 Update 1 will add support for vSphere 6.5.
  • The existing vSphere 6.0 license keys are supported for vSphere 6.5. No new license key are needed. More info: link
  • Check the vSphere 6.5 upgrade documentation, link
  • Always install vSphere 6.5 first in non-production environments and test all the critical stuff for some time. vSphere 6.0 had some nasty Change Block Tracking (CBT) bugs that you don’t want in your production environment.
  • Check the supported and deprecated topologies for VMware vSphere 6.5 article, more info: link
  • The vSphere Windows (C#) Client is  deprecated. Use the vSphere Web client of the new HTML5 based Client.
  • VMFS6 is the new filesystem of vSphere 6.5. VMFS6 cannot be inline or offline upgraded from VMFS5 to VMFS6. More info: link
  • TLS protocol versions 1.0, 1.1, and 1.2 are enabled by default in vSphere 6.5. More information about disabling TLS 1.0 can be found here: link.

 

Unable to remove the Guest Introspection service

In my lab environment I had problems with the Guest Introspection service. The installation was failed. Trying to remove the Guest Introspection service failed every time in the Service Deployments tab.

2016-11-08_15h59_00

After performing the following steps, I was able to remove the Guest Introspection service :

  • Put the ESXi host in maintenance mode
  • Drag the ESXi host outside the cluster
  • Drag the ESXi host back to the cluster
  • Reboot the host
  • Exit maintenance mode
  • Click on resolve in the Service Deployments section

After performing these steps the Guest Introspection service is removed from the host.

 

What’s New in vSphere 6.5

Today at VMworld Europe 2016, vSphere 6.5 is announced.

Update: November 15, 2016 vSphere 6.5 is GA.

In this blog we highlight some major feature announcements on the following products and technologies:

  • vCenter Server Appliance (VCSA)
  • Virtual SAN (VSAN)
  • Host Profiles
  • Auto Deploy
  • vSphere Security
  • vSphere Fault Tolerance (FT)
  • vSphere DRS
  • Storage IO Control (SIOC):
  • Content Library
  • vSphere Operations Management
  • vRealize Log Insight
  • PowerCLI

Here is an overview of the new feature highlights in vSphere 6.5:

vCenter Server Appliance (VCSA):

vcsa-appliance

  • VMware Update Manager (VUM) for the vCenter Server Appliance (VCSA). VUM is integrated by default in the VCSA and uses the internal embedded database.
  • Native High Availability for the vCenter Server Appliance (VCSA only). Create a High Available VCSA environment and eliminate the single point of failure. The HA configuration is active/passive with a witness in between and looks like:

vcsa-high-available

  • Improved Appliance Management.
    • Monitoring: Built in monitoring for CPU, memory and network interface
    • vPostgres database visibility
    • Remote Syslog configuration
    • vMon: Enhanced watchdog functionality. Watch the vCenter Server services
    • Client Integration Plugin (CIP) for the vSphere Web Client is no longer required anymore
    • vSphere Management Interfaces such as the vSphere Client (HTML 5 Web Client):

management-interfaces

  •  Native Backup & Restore of the VCSA. Removes dependency on 3rd party backup solutions. Easily restore the backup to a new VCSA. The following protocols are supported:
    • HTTP(S)
    • SCP
    • FTP(S)
  • VCSA Installer improvements:
    • Run the VCSA depolyment installeren on Windows, Mac and Linux
    • The installer supports install, upgrade, migrate and restore
  • VCSA Migration: Migrate from vCenter 5.5 or 6.0 tot 6.5 with the options to migrate the:
    • Configuration only
    • Configuration, events and tasks
    • Configuration, events, task and performance metrics

Host Profiles:

  • Manageability
    • Editor enhancements: filter and favorites
    • Bulk edit host customization using CSV files
    • Copy settings between profiles
    • Streamlined remediation wizard
  • Operational
    • Pre-check proposed changes
    • Detailed compliance results
    • DRS integration – rolling remediation
    • Parallel remediation

Auto Deploy:

  • Operational
    • GUI for Image Builder, Deploy rules
    • Interactive deployment of new hosts
    • Post-boot scripts for advanced configs
    • EUFI and IPv6 support
  • Performance and Resiliency
    • Scalabillity improvements 300+ hosts
    • VCSA HA & backup support
    • Round robin reverse proxy caching
    • Backup and restore state with PowerCLI

vSphere Security:

  • Enhanced Logging.  Expose vCenter events to a Syslog server (such as vRealize Log Insight) without turning on verbose logging in vCenter Server and blowing up the database.
  • VM Encryption. Encrypt the VM virtual disk(s) and VM files  by using an encryption policy. The VM guest is not modified. The encryption is done at the hypervisor level.
  • Encrypted vMotion. Virtual  Machine vMotion data is encrypted during a vMotion on a per VM basis.
  • Secure Boot for ESXi and Virtual Machines. Requires hardware that support EUFI and a secure Boot firmware.

vSphere HA:

  • Admission Control. Simplified configuration workflow. It automatically calculates the % of resources to reserve.
  • Restart Priorities: Additional restart priorities added such as highest and lowest for more flexibility and greater control.
  • HA Orchestrated Restart. Enforce VM to VM dependency chains. This is great for multi-tier applications the require VMs to restart in a particular order.
  • Proactive HA. vCenter plugin that connects to the hardware vendor monitoring solution (Dell Open Manage, HP Insight Manager or Cisco UCS). When there is for example a memory failure detected by the hardware vendor monitoring tools, the VMs from that hosts are migrated using vMotion to another hosts.

vSphere Fault Tolerance (FT):

  • Improved DRS integration. DRS will better place the secondary VM
  • Performance Improvements:
    • Host level network latency reduction. Allows to run more applications with FT.
    • Multi-NIC Aggregation. It is possible to pack more NICs like (vMotion for FT) for better performance.

vSphere DRS:

  • Network-Aware DRS. Adds network bandwidth calculations in DRS. This avoids an over-subscribing host network link.
  • Advanced DRS Policies exposed in the UI.

Storage IO Control (SIOC):

  • Setting IO limits in Storage Policy Based Management (SPBM) and apply the policy to the VMs.

Content Library:

  • Mount an ISO file from the Content Library
  • OS Customization during VM deployments from the library.
  • Update an existing template with a new version
  • Optimized HTTP sync between vCenter Servers

Virtual SAN 6.5

  • 2-node Direct Connect and Witness traffic separation. Ability to connect two nodes directly using ethernet cables. Stretchen VSAN with Direct Connect is not supported at the moment. Benefits:
    • Reducing costs (no need for 10 GbE switches).
    • Simplicity.
    • Separate VSAN data traffic from witness traffic.

vsan

  • Licensing:
    • The VSAN standard license includes the All-Flash option
    • New VSAN advanced for ROBO licensing
  • Virtual SAN iSCSI access. iSCSI access is built for supporting MSCS with shared storage and physical workloads that needs to have storage. There is no support in this release to targeting the VSAN storage to other ESXi clusters.

vSphere Operations Management:

  • vSOM is a combines of vSphere Enterprise plus with vRealize Operations Manager standard edition as a single offer.
  • New Home dashboard

vrops-new-dashboard

  • New DRS Dashboard
  • Update Workload Utilization Dashboard

vrops-utilization

  • Other improvements are:

vrops-additional

vRealize Log Insight version 4

  • New Clarity User Interface. This new interface looks much better and cleaner

log1

  • Alert enhancements

log2

  • Other Enhancements

3

PowerCLI

  • No more snapins are used, it’s now fully module based.

powercli

  • Module improvements. Here are some examples:
    • Added cross vCenter storage vMotion support
    • The VSAN module is extended with 13 additional cmdlets
    • Complete new Horizon View module. It is now possible to run from it from anywhere, in earlier releases it was only possible to run it from a Connection Server. On this release are only 2 cmdlets available (Connect and Disconnect). Once connected you can use the API.
  • Microsoft open sourced PowerShell. It possible to run PowerShell from Windows, a MAC and Linux. VMware will release a PowerCLI Core version as fling.
  • The vSphere Management Assistent is being deprecated. Use the vCLI. It has support for different OSes. Use vCLI for:
    • ESXCLI commands
    • vicfg- commands
    • Other Perl Commands
    • Datacenter CLI

Conclusion

vSphere 6.5 is packed with great new features. My top is new features are:

  • HTML5 client
  • vCenter Server Appliance (VCSA) with Update Manager integration
  • vCenter Server Appliance (VCSA) native High Availability
  • Virtual SAN (VSAN) Direct Connect
  • A new PowerCLI module for Horizon View

I’m curious what you’re new top features are! Please let me know.

VMware extends the hybrid cloud with Amazon Web Services (AWS)

VMware and Amazon Web Services (AWS) will partnering together to bring a new a VMware vSphere-based service, running on the AWS Cloud, that will make it easier and faster to run applications, across a hybrid cloud environment.

overview

It’s called the “VMware Cloud on AWS”. The infrastructure looks like:

components

The VMware Cloud on AWS includes the following components:

  • vCenter. The environment is managed by a vCenter that is running in the cloud or on-premises.
  • ESXi on dedicated hardware in AWS Cloud (no nesting is used!).
  • Virtual SAN offers shared storage with replication and DR orchestration.
  • NSX for spanning on-premises and cloud using advanced network and security services.

This service is delivered, operated, sold and supported by VMware. Low level infrastructure management such as installing patches on ESXi servers and upgrading the vCenter is done by VMware.

The vSphere Web Client is based on HTML5 protocol. In the Web Client the on-premises datacenter and VMware AWS cloud is listed (single pane of glass).

vcenter

Other CLI tools such as PowerCLI can be used against the environment.

When you want to resize a on-premises cluster you need to buy extra hardware (server, network and disk capacity) to resize the cluster.  In the AWS datacenter you can simple select the “resize” option.

elastic

This option demonstrates the flexibility and elastic scalability of the AWS cloud.

Below is the location map of the AWS regions that support the VMware Cloud datacenters:

regions

The on-premises datacenter can be connect to the AWS datacenters using IPsec tunnels or direct connect to create a hybrid cloud.

Some use cases are:

  • Maintain and Expand the to the VMware Cloud on AWS
  • Consolidate and migrate to the VMware Cloud on AWS
  • Workload Flexibility between the on-premises an AWS cloud

usecase

During VMworld Europe 2016 more information wil be available on the VMware Cloud on AWS partnership.

Upgrading VMware Update Manager to 5.5 U3e fails

When upgrading VMware Update Manager (VUM) to 5.5 Update 3e the following error occurs:

VMware Workstation unrecoverable error: (vthread-3) GetProcAddress: Failed to resolve ENGINE_load_aesni: 127

update-manager-error

This issue occurs when upgrading to VMware Update Manager to 5.5 Update 3e. I’ve seen this error when upgrading to 5.5U3e at different customer sites.

Here is a quick workaround:

  • Uninstall VMware Update Manager and the VMware Update Manager plugins. The database is preserved, all the configuration data is stored in this database.
  • Install VMware Update Manager and point to the existing VUM database
  • Install the VUM plugin

Within a couple of minutes you’re running VMware Update Manager 5.5 U3e.

There is also a VMTN forum post about this issue, link