Author: sargonkhizeran

Aria, Home Lab

Configuring ESXi Syslog in Aria Operations for Logs 8.12.0

sargonkhizeran

Shipping logs off to a repository for the benefit of troubleshooting, root cause analysis, post mortem reporting and today with AI (Artificial Intelligence) technologies, particular findings and trendings in logs can be proactively shared to an operator.

For the following article will demonstrate integrating vSphere with Aria Operations for Logs and ensuring your hosts get updated to point to your instance. Keep in mind that my instance is deployed as a ‘Small’ which is primarily targeted for POC environments, in an enterprise you should have a minimum of 3 appliance nodes and should have a VIP assigned. I do have ESXi 8.0 installed and have configured vSAN ESA.

From the vSphere console the following advanced setting for a host will shows Syslog.global.logHost is configured with a blank entry. After we are done, this will be populated.

Access your Aria Operations for Logs instance via Virtual IP or single instance name, if you receive the following prompt, this is generally an indication your instance has never been configured.

Click ‘Configure vSphere Integration’

You will be taken to where you can integrate a vCenter instance, (Do not use a local SSO account, create a service account separately)

If we leave the checkbox highlighted in yellow, this is what will be pushed out to configure ESXi hosts send logs to Aria Logs.

When clicking ‘Advanced option’ it will display and allow you to select specific hosts and even a syslog protocol. Just note, you must click ‘Test Connection’ and Accept thumbprint from the vCenter before it can poll hosts.

For our write up, I will only select esxi01 with UDP. Click ‘Save’ and ESXi hosts will be configured in addition to any vCenter logs. Once completed your vSphere Integration will like this. You can click next vSphere for refresh, VC Collection status is healthy and if you click ‘View Details’ it will show hosts configured and not configured in vCenter.

When you go back to the host and check the Advanced Setting, you will now see it populated with Aria Logs instance

If you want to go back and makes changes to what ESXi hosts and collections, you can go back into the vSphere Integration and then have options, in our case, I will come back and configure my 2 other hosts.

By now you should have logs from hosts and vCenter shipped to Aria Operations for Logs.

Home Lab, NSX

Joining Individual VMware NSX Managers to form a Cluster via CLI

sargonkhizeran

I’ve deployed 3 NSX Managers individually from the NSX OVA onto a single vCenter. By having 3 individual Managers, I have the option to create multiple clusters from each one (probably excessive and incorrect in my case). Instead my goal is to join all 3 individual managers to form a 3-node cluster and then assign a VIP.

For this process, I will be following VMware documentation that is provided here: Form an NSX Manager Cluster Using the CLI

My 3 NSX managers I will be referencing and joining are nsxcon1, nsxcon2 & nsxcon3

Here is an example of nsxcon1 UI reviewing the ‘Appliances’ section, you can see there is only a single appliance and an additional one cannot be added until a ‘Compute Manager’ (such as a vCenter) can be added.

I did verify CLI connectivity to each of the appliances by running

get cluster status

This command will return cluster health for the NSX Manager and any appliances that are part of the cluster, for this example, it’s only a single appliance

From the first NSX controller you will want to obtain the thumbprint by

get certificate api thumbprint

That will provide you the thumbprint of the targeted appliance

Moving onto the other node (nsxcon2) which we want to join to nsxcon1, we will use the following command

mgr-new> join <Manager-IP> cluster-id <cluster-id> username <Manager-username> password <Manager-password> thumbprint <Manager-thumbprint>

Here is an example of what it looks like when populated in that command and ran from the node we want to join to our primary one.

*Please ensure you have taken appropriate backups as this will take this node and try and join it to another cluster, being this should be a vanilla install, should not be too much to have to re-deploy.

After a couple of minutes we do receive the following prompt

We can then go back to nsxcon1 and verify with ‘ get cluster status’ and see that the cluster status is ‘DEGRADED’ however this is normal while the node is completing it’s process with joining and updating the embedded database.

We can take our ‘join’ command earlier we used on nsxcon2 and then run it on nsxcon3 again.

After running it, going back to nsxcon1 and checking cluster status..we now have 3 appearing

After a few minutes, our GUI has been fully populated with all NSX Managers reporting as stable

As a cherry on top, we will click on ‘Set Virtual IP’ and assign a dedicated IP address which also has it’s down DNS record.

There is our new virtual IP which has been assigned to one of the nodes

Aria, Home Lab

Deploying VMware Aria Suite Lifecycle Manager with Easy Installer

sargonkhizeran

During this Greenfield deployment of my home lab, I’m going to be rolling with the latest Aria Easy Installer, like its predecessor (vRealize Suite Lifecycle Manager) this too includes initial deployment of the Aria LCM appliance, Aria Automation & VMware Identity Manager.

I’ve performed some pre-requisite work such as reserving IP’s, Forward and Reverse DNS entries, and will be deploying this on a 3-node vSAN ESA cluster. The steps below will be using the Windows UI interface of the installer.

Ensure you check out the latest Release Notes for Aria Suite Lifecycle 8.12 and if you would like to learn more about Aria Suite, be sure to check out VMware’s site: Aria Platform Lifecycle

Click Install

These are the products that are part of the initial deployment of the Aria Suite

The next screen will be to Accept EULA or CEIP (optional)

For the ‘Appliance Deployment Target’ you will want to connect to a vCenter Server, if you want to take additional security measures and avoid using default @vsphere.local accounts, you may create one in vCenter and use that for the association. The following document provides the details on the permissions; VMware Aria Suite Lifecycle: Assign a user role in Center

I will be using an AD account I’ve created and because my LDAP is the default Identity Source, I just have to put the user account and not append domain.

On the next screen select ‘Compute Resource’ and click Next.

For our install we will be installing it on our vSAN datastore

Next screen will be ‘Network Configuration’

For the ‘Password’ Configuration ensure you document everything this password is used for. This is critical for future troubleshooting, lifecycle and if you are doing any kind of password rotation.

Populate information regarding initial appliance deployment for Aria LCM

The next step is the Identity Manager Configuration, there is an option to import a version deployed outside of Easy Installer and there are additional options below regarding syncing Active Directory.

The final configuration is for Aria Automation Part 1

Aria Automation Part 2

The final part will be to kick-off and monitor the installation. You should notice your vCenter will begin deploying VMs.

The status now shows it completed successfully, I had 3 VMs deployed (your results may vary if you configured clustered options for your appliances.

Once completed you can verify accessibility to all the appliances, below is the splash page when logging on to Aria LCM

Uncategorized

Aria Operations (vROPs) can report how many Secure Boot enabled VMs you have

sargonkhizeran

There was a recent Microsoft Windows Update released for Windows Server 2022, when applied to VMs that have Secure Boot enabled, on reboot the VM boots directly into the BIOS and never hits the OS bootloader.

This not only posed a challenge but there are environments that may have couple of hundred VMs to a few thousands. For those those customers that have entitlement to Aria Operations or Aria Operations Cloud (formerly vRealize Operations) customers can generate a inventory report of VMs that contain that value with a few customizations.

Before I get into the steps I have to give credit to Brock Peterson for showing me the ropes on this. Check out his personal blog BrockPeterson.com.

In this example I’m running vROps 8.10.2 on-prem. The first step will be to modify the existing Active policy. From the vROps homepage go to Configure >> Policies. From here you should see the name of the default policy that comes out the box when you install vROps. Also notice the ‘Status’ column and it’s labeled as ‘Active’

From here you have two options in how you want to get to the edit. For the first option you can edit the entire policy by clicking ‘Edit Policy’

or

If you know which part of the policy you want to modify, you can click on the individual setting from within the policy itself

We will select ‘Metrics and Properties’

Begin typing ‘Virtual Machine’ and select the first one that says ‘Virtual Machine’

The following Metrics and Properties relating to Virtual Machines will appear, you can drill down and find the desired setting or you can even use a filter option.

From Properties>>Configuration>>Security>> ‘EFI Secure Boot enabled’ by default is set to ‘Deactivated’, click on the drop-down menu and select ‘Activated’

Click ‘Save’ and exit out, you may want to wait 5-10 minutes for vSphere to perform a collection an scan of the objects.

The next step will be adding the newly activated property to a ‘View’ so that we can generate a report that contains that modified View.

Click on the ellipses to open a menu and select ‘Edit’

When the Edit View appears, you want to go to ‘2. Data’ section and in step 2 you can either perform a keyword search or drill down the options.

From there on Step 3 highlight the property and drag it into the existing View and place it in your desired location. I personally chose to have it come after ‘Hardware Version’

In the ‘Configuration’ section, the ‘Metric name’ is the default name, however you can choose to change it in the ‘Metric label’

Click ‘Update’

In the Preview Source you will see a sample of the report with your data already generated.

Now you can go to the ‘Reports’ section and find the ‘Inventory Report – Virtual Machines’ and run the report.

In the following example, this is a preview of the PDF version of the report. However you can export to CSV and help track those VMs and attend to any maintenance or troubleshooting.

Home Lab

Power Protection for the Homelab – APC SMC1000C UPS with Synology DiskStation

sargonkhizeran

California in 2023 so far has been receiving much-needed rainfall. I want to be sensitive to the devastation it has caused in many parts of the state, I’m fortunate to be in an area where there is no immediate risk, choosing to stay indoors and catch up with personal hobbies..feels like another shelter in place.

Gusty winds accompanied by rain can have severe impact on electrical infrastructure above and below ground in our cities. There could be accidents on electric poles or emergency power shut offs by utility providers. Our home lights start to flicker, depending on your area you may lose power or decide to want to conserve energy during this time.

I wanted to share a solution that has kept my homelab stable during occasional power blips.

About 2 years ago as my server and networking infrastructure was growing, I was becoming more aware of how to protect equipment from loss of power, power surges, or overloading circuits. I came across a good deal on an APC Smart-UPS C 1K tower-style UPS. I got it for 50% off from Walmart along with a protection plan, so it was really hard to pass up..but I digress.

The the following image is what the back of my UPS looks like, I do not have a Network Management Controller on mine (kind of bummed me out), so this does not allow for LAN management and using APC software to monitor and alert.

The red highlighted ethernet port is assigned an internal IP address and requires internet connectivity to reach out to APC Schneider Electric’s SaaS solution https://smartconnect.apc.com

The purple highlighted port is USB and with that port I’m using it to connect directly into my Synology DS1515+ (Network Attached Storage)

A little bit about Smart Connect functionality, I have my Gmail registered and I receive alarms such as the following, sometimes the order the e-mails come do not align with the actions, you can get an idea what is happening here.

Here is a glimpse of the APC Smart Connect console, while there have been changes with APC and it’s model for remote managing, so far I’ve paid nothing for the service but believe there are upcoming changes to that.

Protecting the Synology DiskStation

That USB port referenced above in back of the APC is hooked up directly to one of my Synology DS1515+.

From the Synology DiskStation Interface you can access your Control Panel >> Hardware & Power >> UPS Here you can find all the settings related to Power and where we tell our Synology we have a UPS connected to it.

You can see I have enabled ‘UPS support’ and below that Synology detects the UPS hardware. I set a number of minutes on UPS until the DiskStation can gracefully shutdown.

My Synology notification system does show notifications

Of Course you can also select to be notified on these events via email, this can also be managed under the ‘Notifications section in the Control Panel

While my read/writes are not high on the NAS, my VMFS file system for the VM environment is idle but of course storage can cause file system corruption so be aware of that.

Hope you find this helpful! Cheers!