Configure VM autostart in the ESXi Embedded Host Client

For a standalone ESXi host I manage the host with the ESXi Embedded Host Client (HTML client). So no vCenter Server is used to manage this host. The standalone ESXi host is 24×7 up and running and has some critical infrastructure VMs for my lab and home environment. The critical VMs are automatically powered-on when when the ESXi host is booted with the autostart option in the host client.

In the latest versions of the Host Client (In vSphere 6.7 version 1.25 is included that already contains the autostart improvements) the autostart configuration is greatly improved what result in an easier configuration of autostart. if you are on vSphere 6.0 or 6.5 I suggest to upgrade to the latest ESXi Embedded Host Client before configuring autostart.

The upgrade of the Host client is easy, no maintenance mode and reboot of the ESXi host is needed. The upgrade can be done by following these steps:

  • Download the latest VIB for here, link
  • Upload the VIB on a datastore on your ESXi host
  • SSH to the ESXi host
  • Enter the following command to update the host client
esxcli software vib update -v /vmfs/volumes/<datastore>/<vibname.vib>

  • Refesh the host client webpage (https://<esxihostname>/ui/)
  • Check the version information in the host client (Help -> About)

Configure autostart in the ESXi Embedded Host Client

  • Open the ESXi host client by using the following URL:  https://<esxihostname>/ui/
  • Go to: Manage -> System -> Autostart->Edit Settings
    • Enable: Yes
    • Start delay: 60 seconds
    • Stop delay: 60 seconds
    • Stop action: shut down
    • Wait for heartbeat: yes
    • Save

  • Below the screen are the VMs listed. First enable autostart per VM by using the “Enable  autostart for this VM” button.
  • Once the autostart is enabled per VM, the order can be configured by increase or decrease the start order. The autostart order is displayed in the “autostart order” field.
  • Configure the autostart and order for the VMs you want to automatically start when the ESXi server is booted.
  • Reboot the ESXi host to test the autostart

With older versions of the ESXi Embedded Host Client it is “more complicated” to set the start order per VM. To set the autostart order with older versions:

  • Enable autostart as described above

  • In the Virtual Machines section, right click on the  field row and “Select columns”. Select the following columns:
    • Autostart order
    • Start delay
    • Stop delay

  • Right click on the VM with the “Autostart order” status on Unset and select “increase” to enable autostart and set the order

  • Configure the autostart and order for the VMs you want to automatically start when the ESXi server is booted.
  • Reboot the ESXi host to test the autostart

Upgrading a vCenter Server Appliance (VCSA) to version 6.7

Last week VMware launched vSphere 6.7. In this blog post I show how easy it is to upgrade a vCenter Server 6.x appliance to a new vCenter Server 6.7 appliance using the graphical interface (GUI) upgrade. The GUI upgrade uses a two stage process:

  • Stage 1: Deploy a new vCenter Server 6.7 appliance
  • Stage 2: Transfer the services and configuration data from the old to the new appliance

Upgrading the vCenter Server Appliance includes deploying a new appliance (version 6.7). The configuration and data is transferred from old (6.0 or 6.5)  appliance to the new vCenter Server 6.7 Appliance.  The old appliance is still available in a powered down state in the vCenter Server inventory after the upgrade.

vSphere 6.7 is the last release to include vCenter Server for Windows. After this release, vCenter Server for Windows will not be available! So make sure that all new deployments and upgrades are using the the vCenter Server Appliance (VCSA)!

New enhancements

Some cool enhancements of the vCenter Server 6.7 appliance are:

  • The vCenter Server with Embedded PSC supports Enhanced Linked Mode. This gives the following benefits:
    • No load balancer required for high availability and fully supports native vCenter Server High Availability.
    • SSO Site boundary removal provides flexibility of placement.
    • Supports vSphere scale maximums.
    • Allows for 15 deployments in a vSphere Single Sign-On Domain.
    • Reduces the number of nodes to manage and maintain.
  • vSphere 6.7 supports repointing a vCenter Server to another external Platform Services Controller in the same SSO site and different SSO site within the same SSO domain
  • vSphere 6.7 supports repointing a vCenter Server (Appliance only) to another external Platform Services Controller in a different SSO domain.
  • The vSphere Appliance Management Interface (VAMI) on port 5480 has some great new enhancements:
    • Upgraded Clarity interface
    • Dedicated monitor tab
    • Services tab. See the status of the VCSA services and the ability to: stop, start and restart services. So no CLI is needed for that anymore!
    • Backup scheduler. The backup scheduler let you schedule a backup of the VCSA and select how many backups are retained. The supported protocols for backup locations are: FTP, FTPS, HTTP, HTTPS and SCP.
  • The vSphere Client (HTML5) has updated and includes new workflows on Update Manager and vSAN for example.

Before upgrading

Before upgrading make sure to check this:

  • Check the compatibility of the VMware and third party products you are using. When writing this blog the following VMware products are not compatible (yet) with vSphere 6.7:
    • NSX
    • Horizon. Horizon 7.4 is not compatible with the Instant Clone API used in vSphere 6.7. Instant Clone support for vSphere 6.7 will be available in an upcoming Horizon release.
    • VMware Integrated OpenStack (VIO)
    • VMware vSphere Integrated Containers (VIC)
    •  vCloud Director
  • For the upgrade order of multiple VMware products see the “Update sequence for vSphere 6.7 and its compatible VMware products (53710)” KB, link
  • It’s only possible to upgrade the vCenter Server Appliance version 6.0 or 6.5 to 6.7.
  • For vSphere 5.5 you must first upgrade to vSphere 6 or vSphere 6.5 before upgrading to vSphere 6.7
  • Make sure you have enough capacity in the cluster to add an extra vCenter Server Appliance (VCSA). The old appliance can be removed when the upgrade is successful. Here’s an overview of the hardware specifications needed.
  • In vSphere 6.7, only TLS 1.2 is enabled by default. vSphere 6.7 disables TLS 1.0 and TLS 1.1 protocols for improved security. Some applications might support only the older protocols. To revert TLS 1.0 and TLS 1.1 protocols use the TLS reconfigurator tool. The tool can be found in the appliance under: /usr/lib/vmware-TlsReconfigurator/VcTisReconfigurator.
  • Windows 2003 and XP are no longer supported.

Platform Services Controller (PSC) hardware sizing

OptionEnvironmentvCPUMemory (GB)Default Storage (GB)
Platform Services Controller2460

vCenter Server Appliance (VCSA) hardware sizing

OptionEnvironmentvCPUMemory (GB)Default Storage (GB)
TinyUp to 10 hosts or 100 VMs210250
SmallUp to 100 hosts or 1000 VMs416290
MediumUp to 400 hosts or 4000 VMs824425
LargeUp to 1000 hosts or 10000 VMs1632640
X-LargeUp to 2000 hosts or 35000 VMs2448980
  • Use a temporary fixed IP address
  • Make sure that you have the SSO administrator and root account information of the existing VCSA
  • Have a backup of the VCSA
  • Disable Fully Automated DRS during the upgrade

The upgrade steps

In the following steps a single vCenter Server  Appliance with an embedded PSC and vCenter Server role will be upgraded to version 6.7.

  • Mount the VCSA ISO (VMware-VCSA-all-6.7.0-8217866.iso)
  • Navigate to the <drive letter>:\vcsa-ui-installer\win32\ folder and open the installer.exe
  • Choose for the upgrade option. With the option you can upgrade a PSC and vCenter Server appliance

  • The upgrading process will enter “stage 1”, deploy the appliance

  • Connect to the source vCenter Server 6.x appliance

  • Enter the SSO and root username of the VCSA and the ESXi server that manages the source appliance

  • Set up the target appliance VM name and root password. The upgrade will maintain the original FQDN name of the VCSA. This name will be used as VM name in the VCSA inventory and can be changed later!

  • Select the (new) size of the new appliance.

  • Configure the network settings. Make sure to use an new temporarily IP address for the upgrade. After the upgrade the new appliance will use the original IP address!

  • Click on finish to start stage 1

 

 

 

 

 

  • After a while the following message appears and you’re ready to continue to stage 2

  • Stage 2 will copy data from the source vCenter Server Appliance to the new deployed appliance.
  • A pre-upgrade check will be run with informational messages will be shown such as:
    • Disable Fully Automated DRS during the upgrade
    • An NSX extension has been found that may not work after the upgrade

  • The data that needs to migrated can be selected. A new cool thing is that the amount of time that’s involved is displayed.

  • Configure the VMware Customer Experience Improvement Program (CEIP)

  • Ready to start and complete fase 2

  • The source VCSA will be shut down.

  • The data transfer and appliance setup is running

  • A couple of messages will be displayed about for example Auto Deploy and that TLS 1.0 and TLS 1.1 are disabled in vSphere 6.7.

  • Stage 2 is completed and the vCenter Server Appliance is deployed.

  • Now you can access the vCenter Server by using vSphere Client (HTML5), the vSphere Web Client or VMware Appliance Management Interface by using the original FQDN of the vCenter Server Appliance.

After the upgrade the VCSA 6.7 version is: 6.7.10000 build 8217866

Proactively manage your vSphere environment with Runecast Analyzer

I’ve got the opportunity to test Runecast Analyzer. Runecast Analyzer Proactively use VMware KBs, best practices and security hardening guidelines to identify problems in your VMware environment. In this blogpost you find my experience of testing Runecast Analyzer.

Deployment

The deployment of Runecast Analyzer is easy. It’s an on-premises deployment on you’re vSphere environment. Within a couple of minutes the Runecast is up and running. First download and deploy the virtual appliance OVA in an existing vSphere 5 or higher environment. During the deployment 3 appliance configuration sizes options are available:

DeploymentvCPUMemory (GB)Storage (GB)Network
Small2490100Mbit=>
Medium4890100Mbit=>
Large83290100Mbit=>
After choosing the appliance size and set the IP address you’re ready to access the appliance using a web browser.
Updating
After the appliance is deployed, the updating of the KB definitions, updates, application and OS updates can be configured in the VA admin interface of the appliance. When using the automatic updating you’re always up-to-date.
When the appliance has no internet connection, offlines updates are available on the RuneCast website.
Scan the vSphere environment
Add one ore more vCenter Server(s) and you’re ready to fire you’re first scan of the VMware environment. The scan can be manually performed of scheduled.
After the scan of the environment the issues are displayed in a dashboard.  The issues are categorized in critical, major and medium.

Version 1.7 adds a new dashboard called “issues by layer”. This dashboard categories the issues in 5 main layers: Management, VM, Compute, Network and Storage.

The detected issues are added in the five layers. This dashboard is interactive. By selecting the layer and issue you can drill-down and find the affected component and root cause.

It is possible to integrate RuneCast in the vSphere Web client. The plugin displays all issues detected by RuneCast Analyzer with the details and their root causes.

The vSphere Web Client HTML5 page looks awesome.

Meltdown and Spectre

Runecast is continuously monitoring the VMware KB articles and is able to detect Spectre and Meltdown issues. The great thing is that when VMware is updating or adding a Spectre or Meltdown KB issue, Runecast monitors that and alert you when the vSphere environment is affected. In the following example the Spectre/Meltdown issues are found.

You can drill down to see what hosts are effected.

Log Analytics

Runecast Analyzer includes log analytics. Runecast collects the syslogs from the ESXi hosts and do a smart analytics to discover possible problems found in KBs.

Hardening

Runecast Analyzer uses VMware Security checks (https://www.vmware.com/security/hardening-guides.html) and DISA STIG 6 to check the compliance of the vSphere environment. The results are reports in a dashboard.

vSAN support

Version 1.7 adds support for VMware vSAN environments. It scans vSAN clusters and test their configurations against VMware KB articles and best practices. When issues are found guides are added how to fix them.

For example in a customer vSAN environment Runcast Analyzer found the following vSAN problem:

When drilling down the guide tells me that this issue is fixed in ESXi 6.5 Update 1 (vSAN 6.6.1). After patching  the issue was solved without occurring in the vSAN environment. This is what you called “proactive management”.

Conclusion

With Runecast Analyzer every VMware vSphere admin can proactively identify possible (security) problems in there vSphere environment. The installation is easy and fast. As VMware consultant I use Runecast on frequently basis which gives me a great overview of the state of the vSphere environment i’m working with.

Every new release has great features are added such as vSAN and vSphere Web Client HTML5 support .

In my opinion Runecast Analyzer is a must have tool for every VMware vSphere admin to proactively monitor there environment.

Wanna try?

There is a 14-day free trial available from this link.