Deploy an OVA/OVF fails with certificate error

When trying to deploy an OVA/OVF with the vSphere Web Client the following error is displayed:

The operation failed for an undetermined reason. Typically this problem occurs due to certificates that the browser does not trust. If you are using self-signed or custom certificates, open the URL below in a new browser tab and accept the certificate, then retry the operation.

This error occurs with vSphere 6.5 because the certificates are not trusted. The self-signed certificates are used and are not added to the trusted root certification store.

To deploy a OVF/OVA to the vCenter Server appliance trusted root CA must be added to the certificate store. The following steps will work with Chrome and Internet Explorer:

  • Open the vCenter URL: https://vcenter-FQDN

  • Select the “Download trusted root CA certificates” and save the archive(ZIP) file
  • Extract the archive (ZIP)

  • Start – Run – MMC
  • File – Add Snap-ins – Certificates – Computer Account – Local  computer
  • Open Trusted Root Certification Authories – Certificates
  • Import the two *.crt certificates

  • Close the browser and re-open the browser and navigate to the vCenter Server using the FQDN.
  • Now the URL is marked as secure (green lock) and you’re able to import the OVA/OVF

 

vMotion between two vCenter Servers with different SSO domains

Last week i did my first vMotion between two vCenter Servers with different SSO domain by using PowerCLI. This functionality is also known as “cross vCenter vMotion” and is not included in the vSphere Web Client yet. Without downtime it’s possible to live migrate VMs from one vCenter Server to another. Cool stuff!

Before starting the following requirements must be met:

  • VMware vSphere 6.0 and later for the source and destination environment
  • PowerCLI 6.5 and later
  • vSphere Enterprise Plus license per ESXi host
  • An active connection to the source and destination  vCenter Server

I created a simple script to vMotion the VMs between the two SSO domains. See the more information section for more advanced PowerCLI scripts from for example William Lam and Romain Decker.

In the script the following variables must be defined:

  • Source vCenter Server, username and password
  • Destination vCenter Server, username and password
  • VM name will be moved
  • Destination vSwitch (this example is using a Standard vSwitch!)
  • Destination Portgroup
  • Destination datastore

Only VMs with one NIC are supported

PowerCLI example script

Import-Module VMware.PowerCLI

#Variables
$sourceVC = 'vc03'
$sourceVCUsername = 'ivobeerens@oracle.vsphere.local'
$sourceVCPassword= 'P@ssw0rd'

$destVC = 'vc01'
$destVCUsername = 'ivobeerens@vsphere.local'
$destVCpassword = 'P@ssword'
$destESXi = 'esx01.local'

$vmname = 'SRV121'
$Switchname = 'vSwitch2'
$NetworkName = 'vlan3114'
$datastorename = 'iaas-d029-05'

# Connect to the vCenter Servers
$sourceVCConn = Connect-VIServer -Server $sourceVC -user $sourceVCUsername -password $sourceVCPassword
$destVCConn = Connect-VIServer -Server $destVC -user $destVCUsername -password $destVCpassword

$vm = Get-VM $vmname -Server $sourceVCConn
$networkAdapter = Get-NetworkAdapter -VM $vm -Server $sourceVCConn

$destination = Get-VMHost -name $destESXi -Server $destVCConn
$destinationPortGroup = Get-VirtualPortGroup -VirtualSwitch $Switchname -name $NetworkName -VMHost $destination
$destinationDatastore = Get-Datastore -name $datastorename -Server $destVCConn

Move-VM -VM $vm -Destination $destination -NetworkAdapter $networkAdapter -PortGroup $destinationPortGroup -Datastore $destinationDatastore

With this script I migrated a couple of VMs between to vSphere 6.5 environment with different SSO domains without any downtime.

More information:

  • PowerCLI blog on the Move-VM cmdlet, link
  • William Lam, Automation Cross vCenter vMotion, link
  • Romain Decker Cross vMotion script from, link

What to know about VMware Cloud on AWS

At VMworld 2017 in Las Vegas VMware Cloud on AWS (VMConAWS) is announced. This partnership between VMware and AWS makes it possible to create a VMware Software Defined Datacenter (SDDC) in Amazon Web Services (AWS). In this blogpost  I highlight some information on “What is the VMware Cloud on AWS”.

  • VMware Cloud on AWS is a cloud service that is fully configured and will be provisioned, operated and maintained directly by VMware. VMware handles all patching and updates. As customer you manage the VMs, not the platform.

  • The following VMware products are included in VMware Cloud on AWS offering (compute, storage and networking):
    • vSphere ESXi on dedicated bare-metal hardware with support for VMs and containers
    • vCenter Server for management
    • vSAN All Flash storage
    • NSX for spanning on-premises and Cloud, advanced networking and security
    • vRealize products are NOT included in this offering but can integrated
  • In order for the on-boarding process to complete successfully there is a strict requirement that every organization be linked to an AWS account. Any services consumed within AWS will be billed through this Amazon account, while SDDC consumption will be billed through VMware.
  • The minimal purchase is cluster of 4 ESXi hosts. The maximum cluster size is 16 hosts.
  • It’s a dedicated platform that is not shared with other customers.
  • You can add additional on-demand hosts and also remove hosts on-demand down to 4 ESXi hosts.
  • Each ESXi host is has:
    • 2 pCPU sockets, 18 cores per socket = 36 cores total  and 72 with hyper-treading
    • 512 GB RAM
    • 14 TB NVMe RAW capacity storage (around 10 TB  of usable storage per host). In a 4 node cluster 21 TB of usable storage is available with FTT=1 (RAID=1) protection
    • The vSAN datastore is configured as a single datastore
    • 10 Gbps+ (ENA)
  • To extend storage you need to add extra ESXi hosts
  • The following VMware features are enabled:
    • vSphere HA,
    • vMotion,
    • DRS
    • Elastic DRS
  • Cluster functions are configured by VMware

  • It’s possible to connect the on-premises VMware datacenter with VMware Cloud on AWS by using for example  a L3 IPsec VPN and enable Hybrid Link Mode (HLM) between the two vCenter servers for single pane of glass hybrid cloud management.
  • In the future a Amazon direct connect is supported (1 Gbps or more)
  • There no need for NSX and vSAN in the on-premises datacenter.
  • Some use cases are:
    • Disaster Recovery (DR) and Backup.
    • Test and Development
    • Extend the on-premises data centers to the cloud with a consistent operational model, retaining your familiar VMware tools, policies and management.
    • New application development and test that access native AWS services
    • Burst capacity
  • On the moment the are two consumption models available:
    • On-demand/hourly consumption model
    • 1 or 3 years reserved model.
    • More on pricing can be found here, link
  • The initial release has support for cold migration. Cross cloud vMotion will be available in a future release
  • VMware Cloud on AWS is based on open API’s.
  • Currently VMware Cloud on AWS is only available in AWS US West (Oregon) region. Other regions will follow in 2018.
  • You can bring your own licenses because it’s a dedicated platform.

More information:

  • VMware Cloud on AWS website, link
  • VMware Cloud on AWS: Live End to End Demo, link
  • VMware on AWS from a Veeam perspective, link
  • VMware Cloud on AWS pricing versus on-premises vSphere, link