Vmware

Information

Beginning with the TS251R004 firmware release, the HP MSA VAAI plug-in is no longer supported as the HP MSA controller firmware now uses T10 compliance in an ESX Environment documented in TS251R004.

The HP P2000 G3 and the HP MSA 2040 are two widely used entry-level storage arrays. The P2000 G3 is VAAI capable since firmware version T230. But, contrary to the HP MSA 2040, you have to install the software plug-in for VMware VAAI if you use the P2000 G3. According to the “HP MSA 2040 Storage Configuration and Best Practices for VMware vSphere” whitepaper the MSA 2040 supports VAAI nativly without an additional plugin.

During the installation of a really small vSphere environment, I used the 60 days instand-on license. This allows me to use some fancy vSphere Enterprise Plus feature during the installation. Specifically I use host profiles to configure the ESXi hosts. At the end of the installation process I removed the host profiles and installed the Essentials Plus license. The enviroment consisted of two HP ProLiant DL360 Gen8, a dual-fabric SAN with a HP MSA 2040, two Brocade 300 FC switches, some more stuff and a vSphere Essentials Plus license. The customer and I decided to install VMware vCenter 5.5.0b and ESXi 5.5.

While playing around in my lab, I wanted to enable VMware Fault Tolerance (FT)  for a VM. In the absence of physical HW I use a nested enviroment, which is running on a HP ProLiant DL160 G6 (2x Intel Xeon E5520, 32G RAM, a RAID 0 with 4 SATA drives). FT isn’t available in nested enviroments, because HW virtualization features are required. This screenshot was taken from the web client.

During a vSphere 5.0 > 5.5 upgrade I got this message:

The SSL certificate for this product is expired. See Knowledge Base article kb.vmware.com/kb/1009092

The customer hasn’t installed CA-signed certificats, so the expired certificates are the out-of-the-box self-signed certificates. The certificates are valid for two (VirtualCenter 2.5) respectively 10 years (since vCenter 4.x), depending on the Version. The only way to continue the installation is to renew the certificates. After renewing the certificates, you can simply continue the setup due the fact, that the vCenter service is stopped at this point of the setup and it loads the new certificates during startup. It’s the setup which checks the validity of the certificates. KB1009092 describes in great detail what to do, so I will not repeat what is already written there. You should note, that you can’t use the ESXi busybox to renew the certificates. The necessary OpenSSL binary isn’t included. The KB articles recommends OpenSSL for Windows. I simply used my Linux root server. But you can also use a small Linux VM. After renewing the certificates for vCenter, Inventory server and Web Client I simply continued the setup and it ran without problems by. The deployment of CA-signed certifcates is planned.

Over the last months I wrote different PowerCLI One-liners who I want to share. Nothing fancy and one or two are ugly. But they worked for me. :)

Changing the multipathing policy for all hosts and datastores in a cluster

Get-Cluster PROD | Get-VMhost | Get-scsiLun -CanonicalName “naa.60030*”| Set-ScsiLun -MultipathPolicy "roundrobin"

Get a list of all VMs in a cluster and the datastore in which the VMs resides

Get-Cluster | Get-VM | select name, @{N="Datastore";E={Get-Datastore -VM $_}} | sort name