EMC ViPR Authentication Providers Search: One Level vs Subtree

ViPR-logoI was setting up ViPR to use Active Directory to authenticate users and one option was a bit unclear. You use the Search Base and Search Scope options to define which AD users ViPR will authenticate.  The Search Scope option provides two choices:  One Level and Subtree.  I was a bit confused by One Level, would it search just the specified OU/CN or would it search up to one level below?

One Level will search JUST the specified base DN, so for example to allow only users in ou=corp,dc=domain,dc=local you would use that as the search base and set the search scope to one level.  If you wanted users in all OU’s under corp you would just set the search scope to Subtree.

There is another very useful option when setting up the Authentication Provider; Group Whitelist.  You can populate the Group Whitelist with only those groups (and thus group members that you want to be able to log in.  Say for example you wanted all users except sales to have access to log into ViPR, and sales was in an OU nested under corp.  If you set your search base to ou=corp,dc=domain,dc=local and search scope to subtree they could log in.  However, if you added/created in AD group that did NOT include sales and placed it in the group whitelist field those user accounts that were not in the group, in this case sales, would not be able to authenticate.

vipr-ad-search

There you go, easy peasy AD integration in ViPR!

evo-header

Hands on (lab) with EVO:RAIL

It looks as though the VMware Hands-On Labs from VMworld are starting to roll out.  Short of having a physical EVO:RAIL to work on, I decided to do the next best thing and get some experience with it via the VMware Hands-On labs..  If you want to get some hands on yourself, head over to http://labs.hol.vmware.com/HOL/catalogs/lab/1503.

The HOL starts with the assumption that you have a working network and IP scheme, your top-of-rack switch is configured and your EVO:RAIL is connected and powered on (likely also assumes you have NTP and DNS working since those are critical to any environment and should never be skipped).

  •  Open a browser and navigate to the EVO:RAIL home page.  Click the Yes, Let’s Go! button and accept the EULA by clicking the Yes, I do button

evo-rail-start

 

Continue reading

The Under $800 VMware Quad-Core 32GB Home Lab

Because I am a geek, and my needs change, and this is what I like to do I often check out new hardware, cost features etc.  One of the things I wish I did on my 8-core lab was go for a smaller form factor case.  Pricing, as always is subject to change.  I actually prefer to buy most of my hardware on Amazon because I seem to have an easier time returning items that are defective but I’ll link to NewEgg.  You may be able to find a part or two for a bit less somewhere else which is always good.

Here is a run down on the parts for this VMware home lab build which should be capable of booting nested 64-bit VMs or as a stand alone ESXi host running other VMs since it is cheap (you can get almost 2 of these for the price of my 8-core build).  My goal was a slim line case, the In Win case comes equipped with a power supply and 2x internal 3.5″ drive bays.  The 2x drive bays gives you the option to add 2x of the ICY drive caddys so you can mount a total of 4 drives inside this small form factor case.  In this build I opted for a single SSD and HDDs so if you build several of these you could do a VSAN lab.  Originally I had 3x HDDs in here so if you go the nested build route you can use the on-board RAID controller to configure the 3x HDDs in a RAID-0 for a total of about 1.5TB of usable datastore space stripped across the 3 drives an single SSD datastore (think “gold” and “bronze” tier – OS’s on the SSD and everything else on the HDDs?).  Of course the drive configurations are just an example, I went with a single drive here for cost reasons.  You could also drop the drives all together if you were using a NAS/SAN in your home lab and just boot via USB.  The on-board NIC will need drivers, however best I can tell the Siig 2-port card uses an Intel i350 chipset which appears to be on the HCL.  You could also go with a used HP NC7170 as I did in my original build and drop almost $70 of the price via Amazon (http://www.amazon.com/HP-NC7170-network-adapter-383738-B21/dp/B0009MWAI4) to get a working lab setup under $750, in fact you can get down almost to $700 if you drop the drive caddys as well!  One caveat with the used NICs, they may not come with the low profile face plate, so that may send you on a bit of a hunt to find one.  According the Siig site, those NICs ship with the low profile face plate.

For the CPU I went cheapest quad-core available that is 64-bit with virtualization support with RVI – the Athlon X4 740 Trinity CPU with 2x 16GB RAM kits (each kit containing 2x 8GB memory modules) to finish out the build.  According to AMD, all Trinity series processors have the VT/RVI feature to allow you to boot 64-bit VMs in a nested hypervisor (http://goo.gl/jPkUMC) I’ll assume you will boot from USB, and that you have plenty of them from conferences past to keep my price under $800 :)

Part TypeNewEgg URL / Part NumberPrice (As of 9/5/14)
In Win BL631 SFF mATXCase - In Win BL631 SFF mATXN82E16811108065$64.99
GIGABYTE GA-78LMT-USB3Motherboard - GIGABYTE GA-78LMT-USB3N82E16813128565$58.99
AMD Athlon X4 740CPU - AMD Athlon X4 740N82E16819113329$74.99
AMD Radeon R3 Value Series 16GB RAM (qty 2 kits of 2) - AMD Radeon R3 Value Series 16GB Kit (2x 8GB)N82E16820403053$319.98
ICY Drive CaddyDrive caddy (qty 2)N82E16817994141$25.98
Kingston SSDNow V300 240GB SSDSSD - Kingston SSDNow V300 240GB SSDN82E16820721108$99.99
SAMSUNG Spinpoint M8 ST500LM012 500GBHDD - SAMSUNG Spinpoint M8 ST500LM012 500GBN82E16822152289$49.99
SIIG Dual Port Gigabit Ethernet Server PCIe x4 NICN82E16822152289$102.99

Total

$797.90

My VMworld Cisco Roving Reporter chat with Lauren Malhoit (@malhoit)

While running about at VMworld from the community hang space supporting the #vBrownBag and checking out EMC sessions and talks I had the honor of being asked to chat with Lauren Malhoit about the conference – this years Cisco Roving Reporter.  For those that haven’t seen them before, they are quick talks – just a few minutes long.  We chatted a bit about VMware:EVO and the #vBrownBag podcast.  You can check out mine below:

 

My First VMworld Experience – It’s all about the people

2014 marked my first VMworld, quite an amazing event.  Leading up to the event I booked sessions to attend and made note of Hands on Labs I wanted to take.  I was fortunate enough to fly into San Francisco (also my first time in SF) with a great friend, Luigi Danakos, and then met up with Shawn Cannon as he landed just about the same time we did.  We hopped a cab to Moscone, dropped our stuff off and registered for the event.  Once we hit the VMunderground Opening Acts put on by the #vBrownBag crew, I knew why I was here.

It wasn’t for the keynote, that was a great experience and I am very excited about EVO:Rail and EVO:Rack.  It wasn’t for the sessions, though I surely enjoyed the How to Build a Well Run Hybrid Cloud session with Rick Scherer and Tyler Britten.  It was the experience of meeting, talking and just hanging out with the community.  The EMC Hybrid Cloud session was so much more fun and interesting with Erin Banks and Tommy Trodgen, whom I met for the first time.  Supporting the #vBrownBag Tech Talks would have just felt like work had it not been for meeting, working with and having fun with Cody BunchAlastair Cooke, Gregg Robertson, Anthony Hook, Kyle Murley and Jon Harris and then talking off Monday night to catch a San Francisco Giants game, over looking the bay with Gregg (his first American baseball game!), Anthony and Jon.

vmworld-baseball

I was watching the keynote on day 2, chatting with a guy next to me; turns out that I often interact with him on the Spiceworks forums. I got to meet Rene Van Den Bedem and Larry Smith.  Then Kellan Damm, Byron Schaller, Mike PrestonEric Wright, Angelo Luciani and Melissa Palmer.  Lest I forget meeting Frank Denneman and Scott Lowe.

IMG_0309

There are so many wonderful people who I met at VMworld that have been a huge help to me I can’t possibly list them all.  And just when you get to the point where you think, what more could I possibly do – you end up at dinner with Phoummala Schmit, Emad Younis, Kyle Ruddy, James Green, and Alexander Nimmannit.  You get a text from your friend and head out to vBeers Hans De Leenheer, Kasia Lorenc and Stephen Foskett before packing up and flying out with another friend you shared an apartment with all week and have an awesome Lyft to the airport and breakfast – thank you Matthew Brender.

My one tip for anyone that hasn’t been to a VMworld, go and leave plenty of time to meet the community, that was the most amazing experience of VMworld.

Attending a conference with anxiety attacks

So…umm…yea talk about it they say…  I get anxiety attacks.  There I said it.  It hasn’t always happened, actually it started quite recently.  Given my CDO (OCD in alphabetical order) and general troubleshooting background I can tell when it first happened (May 2014 during a meeting).  Not too many people know, well now you all do and that is okay since I want it to be in the open to see if that gets whatever fear/thought etc…triggering it out of the way.  Symptoms range from general nervousness, sweating, increased heart rate to things I’d rather not talk about (but they suck).

The first reaction, as is the case in many instances, was treated not as anxiety problems but general medical conditions.  A few rounds of antibiotics, drugs, blood tests etc all that showed nothing was physically wrong (so that’s good!).  If you saw me at VMworld this past week, I was generally always having at least a slight/minor episode/attack whatever you call it.  I’m able to mostly keep it at the tolerable levels.  Thankfully, only twice was it really bad – once I just left and went back to my apartment took a shower and kind of reset mentally and the second time Larry Smith happened to walk over and had a great conversation that took my mind from where ever it was to a different place where I felt more comfortable (I’ve not entirely pinned down where either of those two places are yet).

So what do you do when you get anxiety attacks?  For me a couple of things helped.  First I can just hyper focus on something – adding random numbers on signs, deep conversation (seemingly 1 on 1 is best) or removing myself from the situation.  The later is obviously not the preferred option.  I had a pretty good one the last night at vBeers, went outside the bar for a bit and chatted and got comfortable again to go back in.  If you have anxiety attacks and haven’t figured out how to get past it, give those a try.  I’ve not entirely pinned down the scenario in which it happens.  Sometimes it’s in large groups of people (VMworld) and sometimes it’s not (beach).  Some times it is indoors (meeting, conference etc…) and sometimes not (friends’ cookout).  With people I know, and with people I don’t know.  With people who rank above me (professionally) and those that do not.  Understanding exactly when it will happen is not quite a science, which can make it hard to know it’s coming, which probably adds to the anxiety.

So, brain, now the world knows so cut the s**t and get back to geeking out.

How to Build and Deploy a Well Run Hybrid Cloud #INF3037-SPO w/ @vmtyler & @rick_vmwaretips #VMworld

Notes from the How to Build and Deploy a Well Run Hybrid Cloud #INF3037-SPO session at VMworld: IT has to transform into a service broker (or as I have always thought of it, IT is a service provider).  By working with the business IT should be able to provide the services needed to its users, whether its providing internal/local resources or public – IT can/should be the broker to those resources. emc-hybrid-cloud-reasons Why hybrid?  That is what businesses want; enterprise apps are still being deployed privately – security, control, and licensing are some common reasons.  Building a hybrid cloud allows IT and the business to leverage either resource as needed allowing IT to operate as a service provider (ITaaS) EMC-ehc-pub-priv

 

By enabling ITaaS with EMC Hybrid Cloud for VMware, businesses can expect

Continue reading

VMworld Day 1 – EVO:Rail and lots of vCloud Air

evo-railDay 1 of VMworld, also my very first live VMworld brought some exciting announcements.  These announcements weren’t your typical major vSphere release type announcements, these were much more strategic and for me actually pretty exciting (an hour keynote about 64 node clusters or super-duper-extreme-vMotion would have been a bit of a yawn fest, I expect enhancements like that now).  EVO:Rail and EVO:Rack were the two that were most exciting to me.  EVO:Rail is a solution for VMware partners to deliver hyper-converged infrastructure to their customers.  The boast here is customers will be able to go from zero to working environment in 15 minutes.

Each EVO:Rail hyper converged infrastructure appliance, or HCIA, will consist (at a minimum) of 4 compute nodes with a total of 192GB of RAM (48GB each), 3x 1TB+ 10K SAS drives, 400GB+ enterprise grade SSD and a certified disk controller (which VMware just updated the list of to ensure performance) and 10Gbps networking.  A typical HCIA is expected to support +/- 100 VMs (based of course on your workload).

evo-rail-concept

 

EMC is one of the first EVO:Rail partners (I will be trying to get hands on with one ASAP) along with Dell, SuperMicro, Fujitsu, Inspur, and NetOne.  As you can see above, under the covers this is a HCIA with vSphere and VSAN.  As of today, NSX is NOT included in this configuration (I need to find out if vCNS is or if it is typical virtual switches). EVO:Rail, unlike last  years VSAN announcement, was targeted at partners to enable them to deliver solutions rather than put the burden of installation and configuration on the customer.  I heard a few comments during the keynote along the lines of “there goes my job” but, while simple to deploy, EVO:Rail still needs to be supported and delivered to the customer based on their needs.

I didn’t write about EVO:Rail intentionally yesterday as I wanted to really think about this and determine if I was excited because it was new, or excited because I think it will be a great solution – I am definitley excited because it is a great solution.  Chad Sakacc has an amazing write up here.

Also announced was a rebranded suite of products called vRealize (I realize I’m not good at marketing but man what a horrible name, sorry but it is) that is available as a SaaS based offerings under the recently announced vCloud Air product line (formerly vCHS).  Most notable in my opinion is vCloud Automation Center, now called vRealize Automation for on-premises installs or VMware vRealize Air Automation (at least we don’t have to argue over vCake, vKack, or vSee-A-See anymore).  The SaaS based offering is a somewhat new avenue for VMware.  They had a service called VMware Go but that was cattled a couple of years ago and they still have SocialCast and should be a nice offering for customers that do not have the staff to support onsite vCAC.

All these announcements, however can’t match how amazing it has been to meet so many people in the VMware community, people who have become friends and people I look up to all over social media.  Last night several of us (Jon Harris, Anthony Hook and Gregg Robertson) took in a game at AT&T park.  This, for me is the best part of VMworld.

vmworld-baseball

Introducing EMC RecoverPoint for VMs #VMworld #EMCElect

How do you handle DR? If you are a storage admin you are likely focused on array, LUN or storage pool replication and ensuring all that data is replicated.  However with so much storage, whether local, DAS, SAN, NAS or VSAN you may not need to replicate an entire LUN or array.  Additionally, what if your mission critical VMs span multiple datastores that reside on different LUNs, as they are likely to do for performance and workload reasons?  Keeping track of where each VM is physically stored would be a manual process if you were replicating at a LUN level – imagine storage DRS migrating a VMDK to a different datastore and you weren’t replicating the LUN backing it – you could lose an entire mission critical VM.

Now that virtual machines are “first class citizens” on the array, there is a need to be able to identify and protect at the VM level, not just the the back-end storage.  Today EMC is announcing RecoverPoint for VMs.  The same advanced technology used to protect storage, can now be applied granularly to VMs.

recoverpoint-box

 

vAdmins may be aware of something like vSphere Replication (if its still called that?), and it is similar to that in that both can replicate specific VMs.  RecoverPoint is designed to be easy to install, and manage.  Once installed, you can make changes to the VM such as adding or removing VMDKs from a VM.  Those changes are automatically updated so there is no need to update replication tools.  Additionally, moving a VM to a new host or using storage vMotion/SDRS to migrate VMDKs to a datastore requires no changes – your VM is still protected.

recoverpoint-vms-install

RecoverPoint for VMs will be available in October and can (should) be able to be downloaded for you to try.  It is licensed on a per VM basis with a minimum of 15 licenses required.    You can watch a technical overview here (https://community.emc.com/videos/12056 – note I’ve not watched as the wifis here in my apartment at VMworld is horrible)