Install the vCenter Server Appliance (VCSA) Without Ephemeral Port Groups

Trying to install VMware vCenter in appliance/VCSA form straight to a new ESXi host? Having a problem where it isn’t listing any networks, and it’s telling you that “Non-ephemeral distributed virtual port groups are not supported” in the little informational bubble next to it? Thinking this is Chicken & Egg 101, because you can’t have an ephemeral port group without a Distributed vSwitch, and you can’t have a dvSwitch without a vCenter, so how do you install vCenter when you need something that only vCenter can create? Yeah, me too. Here’s the secret, though: don’t remove the default “VM Network” port group, or if you did, put it back, and restart the installer (or just back up to select the host …

Read More

9 Things You’ll Love About vSphere 6.0

vSphere 6.0, finally. It’s been in beta for what seems like an eternity. Betas are like Fight Club, where the first rule of participation is that you may not talk about your participation. But today’s the day that changes, as VMware just announced 6.0. A lot of rough edges were smoothed in this release, and all the limits have increased again (64 hosts per cluster, etc.). Beyond that, though, there’s much to like. Here are nine things I think are pretty neat about 6.0. 1. Centralized Services (PSC, Content Library, Update Manager) VMware has acknowledged that there’s a fair amount of “meta-administration” (my term) that goes on for vSphere. To help curb that they’ve created the Platform Services Controller, which is …

Read More

Upgrading to VMware vCenter Server Appliance 5.5 from Windows vCenter 5.1

My coworkers and I recently undertook the task of upgrading our vSphere 5.1 environment to version 5.5. While upgrades of these nature aren’t really newsworthy we did something of increasing interest in the VMware world: switched from the Windows-based vCenter Server on a physical host to the vCenter Server Appliance, or vCSA, which is a VM. This is the story of that process. If you aren’t familiar with the vCSA it is a vCenter implementation delivered as a SuSE-based appliance from VMware. It has been around for several major versions, but until vSphere 5.5 it didn’t have both feature parity with Windows and the ability to support very many hosts & VMs without connecting to an external database. Under vSphere …

Read More

VMware vCenter Server Appliance 5.5.0 Has An Insecure NTP Server

Update: I have updated this article to reflect some new information provided by VMware. I have also published new notes and discussion as a separate blog post. On January 10, 2014 a vulnerability in ntpd, the Network Time Protocol daemon, was made public (US CERT VU#348126): UDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected. I have encountered several vCenter Server Appliances, version 5.5.0 build 1476327 and older, that were exposed to the general Internet, and have …

Read More

Updates to My vCSA 5.1 to 5.5 Notes

I just updated my notes on upgrading the VMware vCenter Server Appliance from 5.1 to 5.5. I added a couple of things that have become issues: Remove all non-standard users from SSO before the upgrade. If you added users to the 5.1 Single Sign-On system directly those users will be copied to the 5.5 vCSA as members of SYSTEM-DOMAIN. Unfortunately they will then become trapped, undeleteable & unchangeable, as VMware didn’t think to make the SYSTEM-DOMAIN an editable domain. You can see them, and you can still log in, but you cannot remove them or change their passwords. Your only recourse is to remove the permissions for that user from vCenter, which still means they can log in, but won’t have …

Read More

Notes on Upgrading the VMware vCenter Server Appliance 5.1 to 5.5

I’ve done a few upgrades of the VMware vCenter Server Appliance (vCSA) 5.1 now, to the GA release of 5.5 (build 1312297). Here are my observations: You need a second IP temporarily for the upgrade. The way it works is that you deploy a new vCSA, then the two of them talk to each other to do the upgrade. When they’re done copying stuff around the process will shut the old one off and reboot the new one so it’s fully functional. While the need for a second IP is fairly obvious, I managed to overlook it. Don’t specify a hostname for the new vCSA in the OVF/OVA deployment wizard if you don’t want to change the name of the …

Read More

VMware vCenter Server Appliance & NTP

If you’re trying to configure NTP on the VMware vCenter Server Appliance (vCSA) 5.1 builds 799730, 880472, or 947940 according to the official documentation you might be seeing what I’m seeing: vcenter:~ # yast2 ntp-client add server=0.us.pool.ntp.org Error: Cannot update the dynamic configuration policy. vcenter:~ # yast2 ntp-client enable Error: Cannot update the dynamic configuration policy. This appears to be a SuSE bug. Seems serious but it isn’t, the commands actually do complete correctly. If you want to check the work just use the command: cat /etc/ntp.conf to check for lines starting with “server” near the bottom. /sbin/chkconfig ntp on will enable the service at boot, and /etc/rc.d/ntp start will start it immediately if it isn’t started. /usr/sbin/ntpq -p will …

Read More