Author: sargonkhizeran

Uncategorized

Aria Operations (vROPs) can report how many Secure Boot enabled VMs you have

sargonkhizeran

There was a recent Microsoft Windows Update released for Windows Server 2022, when applied to VMs that have Secure Boot enabled, on reboot the VM boots directly into the BIOS and never hits the OS bootloader.

This not only posed a challenge but there are environments that may have couple of hundred VMs to a few thousands. For those those customers that have entitlement to Aria Operations or Aria Operations Cloud (formerly vRealize Operations) customers can generate a inventory report of VMs that contain that value with a few customizations.

Before I get into the steps I have to give credit to Brock Peterson for showing me the ropes on this. Check out his personal blog BrockPeterson.com.

In this example I’m running vROps 8.10.2 on-prem. The first step will be to modify the existing Active policy. From the vROps homepage go to Configure >> Policies. From here you should see the name of the default policy that comes out the box when you install vROps. Also notice the ‘Status’ column and it’s labeled as ‘Active’

From here you have two options in how you want to get to the edit. For the first option you can edit the entire policy by clicking ‘Edit Policy’

or

If you know which part of the policy you want to modify, you can click on the individual setting from within the policy itself

We will select ‘Metrics and Properties’

Begin typing ‘Virtual Machine’ and select the first one that says ‘Virtual Machine’

The following Metrics and Properties relating to Virtual Machines will appear, you can drill down and find the desired setting or you can even use a filter option.

From Properties>>Configuration>>Security>> ‘EFI Secure Boot enabled’ by default is set to ‘Deactivated’, click on the drop-down menu and select ‘Activated’

Click ‘Save’ and exit out, you may want to wait 5-10 minutes for vSphere to perform a collection an scan of the objects.

The next step will be adding the newly activated property to a ‘View’ so that we can generate a report that contains that modified View.

Click on the ellipses to open a menu and select ‘Edit’

When the Edit View appears, you want to go to ‘2. Data’ section and in step 2 you can either perform a keyword search or drill down the options.

From there on Step 3 highlight the property and drag it into the existing View and place it in your desired location. I personally chose to have it come after ‘Hardware Version’

In the ‘Configuration’ section, the ‘Metric name’ is the default name, however you can choose to change it in the ‘Metric label’

Click ‘Update’

In the Preview Source you will see a sample of the report with your data already generated.

Now you can go to the ‘Reports’ section and find the ‘Inventory Report – Virtual Machines’ and run the report.

In the following example, this is a preview of the PDF version of the report. However you can export to CSV and help track those VMs and attend to any maintenance or troubleshooting.

Home Lab

Power Protection for the Homelab – APC SMC1000C UPS with Synology DiskStation

sargonkhizeran

California in 2023 so far has been receiving much-needed rainfall. I want to be sensitive to the devastation it has caused in many parts of the state, I’m fortunate to be in an area where there is no immediate risk, choosing to stay indoors and catch up with personal hobbies..feels like another shelter in place.

Gusty winds accompanied by rain can have severe impact on electrical infrastructure above and below ground in our cities. There could be accidents on electric poles or emergency power shut offs by utility providers. Our home lights start to flicker, depending on your area you may lose power or decide to want to conserve energy during this time.

I wanted to share a solution that has kept my homelab stable during occasional power blips.

About 2 years ago as my server and networking infrastructure was growing, I was becoming more aware of how to protect equipment from loss of power, power surges, or overloading circuits. I came across a good deal on an APC Smart-UPS C 1K tower-style UPS. I got it for 50% off from Walmart along with a protection plan, so it was really hard to pass up..but I digress.

The the following image is what the back of my UPS looks like, I do not have a Network Management Controller on mine (kind of bummed me out), so this does not allow for LAN management and using APC software to monitor and alert.

The red highlighted ethernet port is assigned an internal IP address and requires internet connectivity to reach out to APC Schneider Electric’s SaaS solution https://smartconnect.apc.com

The purple highlighted port is USB and with that port I’m using it to connect directly into my Synology DS1515+ (Network Attached Storage)

A little bit about Smart Connect functionality, I have my Gmail registered and I receive alarms such as the following, sometimes the order the e-mails come do not align with the actions, you can get an idea what is happening here.

Here is a glimpse of the APC Smart Connect console, while there have been changes with APC and it’s model for remote managing, so far I’ve paid nothing for the service but believe there are upcoming changes to that.

Protecting the Synology DiskStation

That USB port referenced above in back of the APC is hooked up directly to one of my Synology DS1515+.

From the Synology DiskStation Interface you can access your Control Panel >> Hardware & Power >> UPS Here you can find all the settings related to Power and where we tell our Synology we have a UPS connected to it.

You can see I have enabled ‘UPS support’ and below that Synology detects the UPS hardware. I set a number of minutes on UPS until the DiskStation can gracefully shutdown.

My Synology notification system does show notifications

Of Course you can also select to be notified on these events via email, this can also be managed under the ‘Notifications section in the Control Panel

While my read/writes are not high on the NAS, my VMFS file system for the VM environment is idle but of course storage can cause file system corruption so be aware of that.

Hope you find this helpful! Cheers!

Home Lab

VMware – Error when using ‘Erase Partition’ on (vSAN) Storage Device – Failed to update disk partitions

sargonkhizeran

I’ve been going through upgrades in the homelab and one of the changes has been to prepare for destructing an existing vSAN cluster and creating a new vSAN cluster. While going through vSAN ESA configuration, disks were not showing as available, I needed to go in and delete the existing partitions for the old vSAN cluster.

When in vSphere from a host and attempting to ‘Erase Partition’ from a storage device, we encounter the following error, below that is the error in Tasks.

SSH into the host and run the following command to verify disks are still part of a vSAN Disk Group

esxcli vsan storage list

In my case, I had all 3 disks appear, the following command removes the disks from the group. First you will need to obtain the VSAN Disk Group UUID

esxcli vsan storage remove -u <VSAN Disk Group UUID>

After running the command it will take you back to CLI prompt and you can confirm the disk group is empty by re-running the first command ‘esxcli vsan storage list’

Go back into the Storage Devices and retry the Erase Partition, I live dangerous so I did all 3 at once 🙂

It completed, validated in Tasks that partitions were updated succesfully.

Let the vSAN configurations continue.

Home Lab

[Video] Upgrading Supermicro E300 to VMware vSphere 8 w/ vSAN Cluster

sargonkhizeran

Alright..dove right in and decided to get my management cluster upgraded to 8 after getting pre-requisites upgraded such as vROps, LogInsight, vRealize Lifecycle Manager & NSX.

My NVME drives in the hosts are not on the VMware vSAN HCL, but thankfully was able to ignore that in the Remediate settings options. I do have TPM 2.0 chips with Host Encryption enabled, so far no errors.

Next steps will be to explore vSAN ESA..

Home Lab, Uncategorized

VMware vCenter 8 Upgrade Step-by-Step – Part 1 – vCenter Upgrade

sargonkhizeran

First step will be to take a snapshot of the vCenter, if you are running Enhanced Linked Mode, ensure you power all vCenters off and take cold-snapshots from the Host UI.

Because the upgrade deploys a new vCenter appliance, we will be renaming our existing VM object from ‘vCenter’ to ‘vCenter_old’

Accessing good old fashioned ui-installer wizard, will be selecting ‘Upgrade’

This will be a various of steps, for Step 1. It will be ‘Deploy a vCenter’, this step is to begin the deployment of a new VCSA (vCenter Server Appliance)

After accepting EULA, the next step will be to ‘Connector to Source Appliance’ this would be the hostname of the VM (not the VM object name in vCenter)

I will then put in the landing vCenter I want to deploy the new appliance too.

For Step 5 you will select a Folder location for the VM, followed by Step 6 which is select a Compute Resource.

Step 7 will ask for the name of the new VM appliance and desired root password

For Step 8 you will select the deployment size of the new appliance. These in every environment will vary and always plan for anticipated future growth.

The next step will be to deploy a datastore, I will personally be deploying and will select a storage location, I will select storage and will enable ‘Thin Provisioning”

The next step to select the portgroup assigned to the desired network and a temporary IP address for the VCSA because at the end of the upgrade, all the network settings remain the same for the new appliance.

This is the final configuration for this part of the upgrade, it will be followed by confirmation and then waiting for installation to complete.

Once the installation is completed, you should receive the following confirmation, from here you can prompt, notice that you do have a temporary VAMI interface to the new vCenter in the event you have to do any troubleshooting. The installer should continue.

The beginning of the wizard should only prompt one option and that is the 2nd step. Click Continue.

These are the warnings that appeared in my environment, these should allow me to proceed

The next step is to select what information do you want copied over, I personally want to choose both, my environment is smaller. Click Next.

For the final steps, it will be the option to join CEIP followed by confirming you performed backup and then kicking off process.

During the process you will lose connectivity to your vCenter, you can always look for one of the hosts the vCenter is residing in and monitor from console.

And just like that…we upgraded to 8 successfully.

For future blogs I will try and dive into vSphere 8 features more in depth.