Bitdefender – GravityZone

Bit1

Following on from a Sponsored visit at LonVMUG, I decided to take a closer look at Bitdefenders GravityZone product as it sparked an interest I have in trying to locate the most optimal and performant AV solution in a virtualized environment whilst at the same time offering relative deployment simplicity. I’ve previously deployed Trend Deep Security (agentless) and whilst the product itself performs well when compared with a full fat agent deployment in a virtualized environment, I did find displeasure in having to perform a whole sequence of prerequisite changes in order to upgrade a core component of a previous client infrastructure (Trend Deep Security 9.5 didn’t work with vSphere 6 so a core Virtualisation upgrade resulted in a spawned off project to upgrade to Trend 9.6) . As you may or may not know, agentless AV deployments aren’t really fully agentless when they place a dependency on the vShield Endpoint driver that is installed inside the virtual machine. In effect this could be classified as an installation requirement and therefore an agent of sort as it is not installed into virtual machines via VMware tools by default.

With BitDefenders GravityZones, they offer a light agent deployment that to me sits somewhere between a full fat agent and a typical agentless deployment. The great news is that it takes away the dependency and complexity that vShield introduces to environments that just want to keep things simple. At the end of the day, AV needs to be easy to deploy, guaranteed to work and effective at doing its job.

I’ve successfully deployed Bitdefender into my homelab and will have a deeper look at how its feature set compares with competitor products.

Nostalgia for Nostalgia – Prince of Persia OVF still working within vSphere 6

Many years ago, I used to demo the capabilities of VMware by using the freely accessible Nostalgia OVF from the VMware marketplace (I think it was available through vCenter 2.5 at the time). It was such a small and lightweight appliance containing a simple set of well known games that made demonstrating the power of a relatively new production ready technology (it was 2006) all the easier. I remember sitting in various meetings with clients and decision makers talking about and showing vMotion, Fault Tolerance and HA whilst playing Prince of Persia. I also remember using CPU Hog to enforce DRS activity as the icing on the cake to combine vMotion and intelligent resource placement. It was such as a simple but effective way of getting the message across about the capabilities of what could be done and how VMware was to be a game changer in server deployment, cost reduction and resource optimization.

Earlier this week, I had a Nostalgic moment, wondering if I can still do the same thing today that I did all those years ago – re-performing some new tests but leveraging a number of other product features available in the VMware portfolio (SRM, vSAN stretched cluster etc).

I set out to find the Nostalgia OVF but despite a search through the Virtual Appliance Marketplace (via Solution Exchange) I didn’t have any luck .

I then stumbled across an old VMware community post here that sent me in the right direction of the OVF

http://download3.vmware.com/software/appliances/Nostalgia.ovf

After running through the typical OVF deployment process and entering the above URL, the VM appeared within vSphere 6, residing on my vSAN datastore and waiting to be powered on. The results can be seen below:-

Nostalgia3 Nostalgia2 Nostalgia

 

 

 

 

 

 

 

 

Not quite sure when my next post will be, lets see how long it takes me to relive some of my childhood gaming memories ;o)

 

Handling of problematic disks in vSAN 6.1 – HomeLab warning

Just a quick note of caution for any other home lab users who are considering using vSAN 6.1. As part of the prep work for building the environment, it is important that if using consumer grade disks and/or bypassing some of the other HCL requirements, if there are sustained periods of high latency (which can be expected depending on how hard you push your kit), you should disable the device monitoring and unmounting process which could otherwise take your disk group offline. Whilst initially I thought this was the silver bullet to the problems I’ve been experiencing, in my scenario, it’s only been the Consumer grade SSD that disappears, not the entire Disk Group containing both the Samsung (consumer) and Intel (Enterprise) SSD.

I’ve copied the key commands below directly from Cormacs blog but I have applied *BOTH* settings in my environment.

  • Disable VSAN Device Monitoring (and subsequent unmounting of diskgroup):
    # esxcli system settings advanced set -o /LSOM/VSANDeviceMonitoring -i 0    <— default is “1″
  • Disable VSAN Slow Device Unmounting (continues monitoring):
    # esxcli system settings advanced set -o /LSOM/lsomSlowDeviceUnmount -i 0   <— default is “1″

The official VMware article on this can be found here KB2132079

Cormac Hogans blog article can be found here

The homelab rebuild.. vSAN Progress and initial VMs..

Further to my previous post regarding rebuilding my home lab with the Intel SSDs as the caching tier for an all flash vsan, unfortunately within a day, one of the ESX hosts fell over with the usual Permanent Disk Loss error and I had a sad face. I rebooted the host and re-applied the storage policy to bring the hosts back into compliance and thought I’d give everything one last chance before reverting to the magnetic disks. Since then (3 days and counting), the environment has stayed up and online and in fact I have pushed it harder than ever before by running multiple clones (at least 3 at a time) to properly kick the tyres at risk of building lots of VMs only for me to have to svMotion them over to my external array which is time consuming.

On average, a 40GB Windows 2012 Virtual Machine is taking no more than 7 minutes to clone and at the time, as I’ve only got Gb connectivity between hosts as part of the vSan cluster, the network is actually the bottleneck here at 125MB/s (and that would be assuming it was flat out and there was not overhead/transmit issues)

1Gb = 125MB/s
125MB/s x 60 = 7500MBs / Minute
40GB / 7500MB = roughly 5.5 minutes

A quick breakdown of the VM build so far:

2x Win2k12 Domain Controllers, running DNS and acting as a CA
1x VCSA
1x SQL 2014 VM – hosting the ViewComposer DB
2 x View Connection Servers
1 x View Composer for Horizon View
1 x AppVolumes Server

I’ve been particularly light on the customisation side, but have green lights where green lights need to exist on the solutions I’ve built thus far. The most time consuming piece was the Certification piece, involving the replacement of the machine cert on the VCSA alongside working out how to reissue the Certs for the view connection and composer servers after I’d already performed the installs. From experience I’ve always had fun with certificates in Horizon View deployments, but this time round wasn’t as painful as I knew most of the pitfalls and gotchas. For those that administer Horizon View, this is a joy to see post installation:-

 

ViewGreen

 

I used some of the following blogposts/links as reference for redeploying certificates:-

https://blogs.vmware.com/vsphere/2015/06/creating-a-microsoft-certificate-authority-template-for-ssl-certificate-creation-in-vsphere-6-0.html

https://blogs.vmware.com/vsphere/2015/07/custom-certificate-on-the-outside-vmware-ca-vmca-on-the-inside-replacing-vcenter-6-0s-ssl-certificate.html

https://pubs.vmware.com/horizon-62-view/index.jsp#com.vmware.horizon-view.certificates.doc/GUID-DC255880-8AB2-45BF-93D9-14942DBE13AB.html

VMUG – first time participant

What an experience and a warm welcome I received during my first VMUG. The day kicked off with an entertaining start and a jam packed agenda with a great list of sponsors and valuable content. As a newbie, I was asked to introduce myself and as a consequence was rewarded for doing not a lot more than saying my name and was given a copy of Mastering vSphere 6, which is quite apt given my recent certification achievement for VCP6.

As I glanced around a very popular event, I felt somewhat star struck to come face to face with some industry experts, most notably Mike Laverick from whom I owe a lot of my career success to as a result of being a regular follower of his own passion for blogging in the early days of his rftm-ed blog.

There were also three VCDX’s in the room, again something I aspire to achieve over the next couple of years work/life dependent of course!

Plenty of swag was also there to be had, including hip flasks, Captain vSan t-shirts, USB keys, portable chargers and the token notebooks and pens. These came courtesy of sponsors such as Tegile, Bitdefender and Velostrata.

image1

I’ll try and include some of the content topics in subsequent blog posts very soon.

Unable to connect to the MKS: Console access to the virtual machine cannot be granted since the connection limit has been reached

Today I was in the process of managing my VMs and as I use a Mac with the VMware Remote Console, it can sometimes be a little flakey in terms of stability. This isn’t normally a big deal for me as typically I’ll reopen the MKS session and pick up from where I left off. For some reason, today was a little different and after the usual “crash”, I attempted to connect back across and was presented with “Unable to connect to the MKS: Console access to the virtual machine cannot be granted since the connection limit of 1 has been reached”.

mka

I then tried the integrated console but received a similar message of “You have reached the maximum number of connected consoles: 1. Please contact your administrator.”

mk2

I knew that restarting the VM would clear the issue, or powering it down to increase the number connections permitted (KB2015407) would be a work around but the problem was I didn’t know what state the VM was in as I was mid installation so couldn’t really justify pulling the plug.

At that point I thought I’d try a quick vMotion between the hosts and as if by magic, my subsequent attempt to connect to the console in either way sprung back into life!

Citrix User Group XV

Yesterday, I went to my first Citrix User Group in London. It was indeed an eye opener and I did stumble upon others I’ve spent time with in the industry before. App Layering played a big part in today’s events and discussions as to whether this was another knee jerk/stop gap opportunity were discussed. Appsensebigot played service to the wonder of saving CPU and Memory consumption as part of using the natively available Easylists to block adverts (aka AdBlock Plus) within IE, which from experience is a great way of getting natural buy in for a native applications extension from somewhat reluctant management when considering what to introduce as a way to reduce compute overhead in VDI/SBC environments.

I also met Rubén Spruijt who provided two extremely useful presentations for which I share similar interests and beliefs. He has a very positive outlook on technology and is not afraid to speak the truth on what he believes will make a difference in the future.

Jim Moyle stepped in for another missing presenter and came up with some great slides on I/O optimisation/sizing for Windows which was a joy to watch! He really got to the nitty gritty of IO distribution and the impact it has on SSD shelf life and how to understand the true calculations required particularly in VDI environments.

Today, I’m off to VMUG to see what this has to offer too, so I’m certainly sticking to my guns around staying actively involved where I can!

All Flash vSan – Mac Mini Upgrade – Permanent Disk Failure Fix?

I’ve been experiencing the disappearing drive act, more commonly known as Permanent Disk Failure whereby under duress, the host will mark the SSD as failed simply because it just can’t keep up and goes walkabouts. This was almost reproducible on demand by either committing a large snapshot or just powering everything on at the same time (basically heavy IO).

 

After some research into whats causing it (apart from my environment not being on any sort of HCL), it seems that the SATA AHCI controller on the Macs really can’t cope too well and even though I thought I’d bought a decent SSD drive to compliment vSAN (a Samsung 850 Pro), this actually appeared to be more of an achilles heel than the controller. Rather than start replacing my lab with more power hungry, noise demanding hardware to work around the issue, I thought I’d give it one more roll of the dice and whilst again not technically on the HCL for an all Flash vSan, have purchased some Intel DC3700 SSDs to act as the vSAN cache tier to the pre-existing 850 Pro SSDs.

 

IMG_5921IMG_5923

Goodbye Hitachi magnetic disk, hello Intel SSD.

 

If the 850s continue to provide me with problems, I’ll revert to SATA Magnetic disk, although in theory, I shouldn’t be driving the 850s hard enough now for their bottle neck to rear its ugly head – although having said that, in an All Flash vSan, all reads are directed to the capacity tier (gulp). Another consideration I had thought of was to look at ROBO and whilst vSphere 6.1 supports it, it doesn’t when using All Flash. For the time being I’ll be sticking with three Mac Mini hosts.

 

VCP 6 Qualified

CXTx1tYWAAARVLW

Today I sat 2V0-621D and upon completion of the test, it advised me I had passed successfully (woohoo). I now plan to continue on my learning path, juggling as do many people a hectic personal life, educational and work balance. I see 2016 as a big year for vSphere 6 with many customers making the leap from traditional Windows vCenter to VCSA. For me, taking the exam was an important milestone to bolster the experience I have with a properly certified status to reaffirm my commitment to the technology as I have done since my first VMware exam back in 2008.

VMware Certification – 8 years a VCP

VCP-DCV

I’ve been VCP certified since 2008 on VI3 and continued to develop my interest in VMware by following up with vSphere 4, 5.5 and on Friday 15th Jan 2016, I’ll be attempting my fourth VCP accreditation in a bid to become a VCP in vSphere 6.

I’ll admit that this time round, it has been far more of a study challenge for me as I’ve not had as much exposure on vSphere 6 through the clients I’ve been working with, largely due to many companies inability to keep moving at the pace that VMware releases new versions and the compliance challenges with the requirements Matrix due to overlapping and dependent technologies. Take for example Trend Micro Deep Security, with vSphere 6 hitting the market in March 2015 and Trend not releasing v9.6 to be compatible with vSphere 6 until August 2015, as most companies go, they rightfully didn’t want to be the first to deploy a new product and in this case, Trend was the new product, requiring a typical 3 month wide birth until proven in the field by other more willing audiences (I won’t mention their legacy Horizon View 5 implementation).

In order to prepare correctly, I hit my home lab and bumped it up from 5.5 to 6.1 but not without challenge. I decided to jump straight into vSAN using the Mac Mini setup that closely matches Peter Bjork:-

A killer custom Apple Mac Mini setup running VSAN

but I had already made a previous purchase/investment in consumer grade SSDs (SAMSUNG 850 Pros), and almost immediately hit performance issues with drives simply disappearing, not to mention very high read/write latency on the capacity magnetic disks. Long story short, the entire vSAN fell over, I lost a few VMs in the process, but this ultimately helped me to learn how vSAN worked and how I could piece things back together again, realising the importance of the HCL and how a vSanDatastore needs to be treated with more respect than a typical VMFS datastore (i.e. don’t just place things on there using the datastore browser).

Anyhow, back to education, I found the following very useful study guide posts on VCP6-DCV (thanks Vladan) and have worked through them meticulously in my lab environment, alongside the reference/blue print material from VMware so fingers crossed for a successful outcome on Friday!

http://www.vladan.fr/vcp6-dcv/