Career and Virtual Musings
VMware vSphere’s lifecycle enhancements continue to get better with every release. The following video goes through upgrading from 8.0 Update 1 over to 8.0 Update 2.
Please note that the following feature used is only good for single self-managed vCenters, configurations using vCenter HA or Enhanced Linked Mode (ELM) are not supported.
VMware’s Skyline product teams continue to make improvements to Skyline product portfolio, best of all, the product is Free!
You can review the Release Notes for 4.0 here and if your looking for documentation on deploying and configuring the appliance, visit VMware Docs: About VMware Skyline Health Diagnostics
You may be asking, “I already have Skyline, I deployed the collector and I access Skyline Advisor” You are correct, I like to consider SHD as another toolkit that you can run on-premises and most helpful for those “air gapped” sites and where security is strict about what goes in and out. The SHD appliance is key and helping you get a health check, troubleshooting and pro-active insights.
I’m starting this blog after a clean install of SHD. At the homepage, from Analyze >> ‘+ New Analysis’
Although there are various options such as Health Checks, Upgrade Checks & Log Analysis.
For now we will perform a ‘Direct Connect Diagnostics to the vCenter appliance
Input appliance authentication information for the vCenter and click ‘Next’
For me, I left this default
At the very end click ‘Run’ and it should then appear as a Task on generating and pulling down log bundles from the vCenter. Once completed you will find the results looking like this, next click ‘Refresh’ and the ‘Show Report’ option should become available.
The report is now available to display results, being this is vCenter was just recently deployed there is not much being called here. As you can see there is an ‘Error’ with hosts disconnecting..scroll down
You can see that the appliance parsed through the logs already and pointed out some specifics
Now report does open in another browser window, if you go back to the SHD page, you can go to Show Reports and you have an option to open it again or even download it to share out to peers or support for review.
Shipping logs off to a repository for the benefit of troubleshooting, root cause analysis, post mortem reporting and today with AI (Artificial Intelligence) technologies, particular findings and trendings in logs can be proactively shared to an operator.
For the following article will demonstrate integrating vSphere with Aria Operations for Logs and ensuring your hosts get updated to point to your instance. Keep in mind that my instance is deployed as a ‘Small’ which is primarily targeted for POC environments, in an enterprise you should have a minimum of 3 appliance nodes and should have a VIP assigned. I do have ESXi 8.0 installed and have configured vSAN ESA.
From the vSphere console the following advanced setting for a host will shows Syslog.global.logHost is configured with a blank entry. After we are done, this will be populated.
Access your Aria Operations for Logs instance via Virtual IP or single instance name, if you receive the following prompt, this is generally an indication your instance has never been configured.
Click ‘Configure vSphere Integration’
You will be taken to where you can integrate a vCenter instance, (Do not use a local SSO account, create a service account separately)
If we leave the checkbox highlighted in yellow, this is what will be pushed out to configure ESXi hosts send logs to Aria Logs.
When clicking ‘Advanced option’ it will display and allow you to select specific hosts and even a syslog protocol. Just note, you must click ‘Test Connection’ and Accept thumbprint from the vCenter before it can poll hosts.
For our write up, I will only select esxi01 with UDP. Click ‘Save’ and ESXi hosts will be configured in addition to any vCenter logs. Once completed your vSphere Integration will like this. You can click next vSphere for refresh, VC Collection status is healthy and if you click ‘View Details’ it will show hosts configured and not configured in vCenter.
When you go back to the host and check the Advanced Setting, you will now see it populated with Aria Logs instance
If you want to go back and makes changes to what ESXi hosts and collections, you can go back into the vSphere Integration and then have options, in our case, I will come back and configure my 2 other hosts.
By now you should have logs from hosts and vCenter shipped to Aria Operations for Logs.
I’ve deployed 3 NSX Managers individually from the NSX OVA onto a single vCenter. By having 3 individual Managers, I have the option to create multiple clusters from each one (probably excessive and incorrect in my case). Instead my goal is to join all 3 individual managers to form a 3-node cluster and then assign a VIP.
For this process, I will be following VMware documentation that is provided here: Form an NSX Manager Cluster Using the CLI
My 3 NSX managers I will be referencing and joining are nsxcon1, nsxcon2 & nsxcon3
Here is an example of nsxcon1 UI reviewing the ‘Appliances’ section, you can see there is only a single appliance and an additional one cannot be added until a ‘Compute Manager’ (such as a vCenter) can be added.
I did verify CLI connectivity to each of the appliances by running
get cluster statusThis command will return cluster health for the NSX Manager and any appliances that are part of the cluster, for this example, it’s only a single appliance
From the first NSX controller you will want to obtain the thumbprint by
get certificate api thumbprintThat will provide you the thumbprint of the targeted appliance
Moving onto the other node (nsxcon2) which we want to join to nsxcon1, we will use the following command
mgr-new> join <Manager-IP> cluster-id <cluster-id> username <Manager-username> password <Manager-password> thumbprint <Manager-thumbprint>
Here is an example of what it looks like when populated in that command and ran from the node we want to join to our primary one.
*Please ensure you have taken appropriate backups as this will take this node and try and join it to another cluster, being this should be a vanilla install, should not be too much to have to re-deploy.
After a couple of minutes we do receive the following prompt
We can then go back to nsxcon1 and verify with ‘ get cluster status’ and see that the cluster status is ‘DEGRADED’ however this is normal while the node is completing it’s process with joining and updating the embedded database.
We can take our ‘join’ command earlier we used on nsxcon2 and then run it on nsxcon3 again.
After running it, going back to nsxcon1 and checking cluster status..we now have 3 appearing
After a few minutes, our GUI has been fully populated with all NSX Managers reporting as stable
As a cherry on top, we will click on ‘Set Virtual IP’ and assign a dedicated IP address which also has it’s down DNS record.
There is our new virtual IP which has been assigned to one of the nodes
During this Greenfield deployment of my home lab, I’m going to be rolling with the latest Aria Easy Installer, like its predecessor (vRealize Suite Lifecycle Manager) this too includes initial deployment of the Aria LCM appliance, Aria Automation & VMware Identity Manager.
I’ve performed some pre-requisite work such as reserving IP’s, Forward and Reverse DNS entries, and will be deploying this on a 3-node vSAN ESA cluster. The steps below will be using the Windows UI interface of the installer.
Ensure you check out the latest Release Notes for Aria Suite Lifecycle 8.12 and if you would like to learn more about Aria Suite, be sure to check out VMware’s site: Aria Platform Lifecycle
Click Install
These are the products that are part of the initial deployment of the Aria Suite
The next screen will be to Accept EULA or CEIP (optional)
For the ‘Appliance Deployment Target’ you will want to connect to a vCenter Server, if you want to take additional security measures and avoid using default @vsphere.local accounts, you may create one in vCenter and use that for the association. The following document provides the details on the permissions; VMware Aria Suite Lifecycle: Assign a user role in Center
I will be using an AD account I’ve created and because my LDAP is the default Identity Source, I just have to put the user account and not append domain.
On the next screen select ‘Compute Resource’ and click Next.
For our install we will be installing it on our vSAN datastore
Next screen will be ‘Network Configuration’
For the ‘Password’ Configuration ensure you document everything this password is used for. This is critical for future troubleshooting, lifecycle and if you are doing any kind of password rotation.
Populate information regarding initial appliance deployment for Aria LCM
The next step is the Identity Manager Configuration, there is an option to import a version deployed outside of Easy Installer and there are additional options below regarding syncing Active Directory.
The final configuration is for Aria Automation Part 1
Aria Automation Part 2
The final part will be to kick-off and monitor the installation. You should notice your vCenter will begin deploying VMs.
The status now shows it completed successfully, I had 3 VMs deployed (your results may vary if you configured clustered options for your appliances.
Once completed you can verify accessibility to all the appliances, below is the splash page when logging on to Aria LCM
