May 3, 2012 Blogs
I have implemented a vSphere Web Client solution recently for my own (small and non-profit) hosting environment.
I wanted to give users access to their vSphere VMs without requiring the full-blown vSphere Client. I’ve been trying to get WSX working as a stand-alone Web App (using William’s fantastic how-to), but it seems WSX still contains some bugs on vCenter communication. For now, I chose to use the vSphere Web Client for my users.
Design
Although the physical servers are situated in the datacenter (primary site), the vCenter Server is placed on a machine in my home network (secondary site), because the physical hardware is rather restricted (only two boxes with 16GB RAM each). I run Vyatta site-to-site OpenVPN between sites.
For argument’s sake, I want the Web Client to be load balanced and highly available. This way, I get to play around with KEMP’s technology and create a geo-redundant load balanced vSphere Web Client. I understand that there are lots of SPOFs and supportability issues in this scenario, but that’s beyond the scope of this discussion.
After evaluating both pfSense (Viktor van den Berg wrote a nice how-to here) and the KEMP Virtual LoadMaster (nice tutorial by Eric Sloof here), I decided to use the KEMP VLM for (geo-)redundancy and load balancing.
Implementation
vSphere Web Client
First, I installed two Windows boxes with the vSphere Web Client. These machines (vwc01 and vwc02) are placed on two separate sites but are both connected to a single vCenter instance, vc01.
| Interfaces | vwc01 | vwc02 |
| Local Area Connection | 10.10.20.21/24 | 10.10.20.22/24 |
vCenter Server and Database
Again, I am creating a load balanced vSphere Web Client for fun, so I realize I have a couple of SPOFs left. Primarily, the vCenter Server and Database are a SPOF, especially since it runs on a separate site. This makes the site-to-site OpenVPN a major SPOF as well. If the link between sites fails, all components are quite useless. The LoadMaster and vSphere Web Client in the datacenter can’t connect to the vCenter Server, and while the ones in my home network will still function, there wouldn’t be any ESXi-hosts for vCenter to connect to. But again, I do realize this and really just want to create some KEMP setups for me to play around with.
| Interfaces | vc01 |
| Local Area Connection | 10.10.20.30 |
KEMP Virtual LoadMaster HA
I configured the KEMP VMs with the following interface parameters:
| Interfaces | vlm01 | vlm02 |
| eth0 | 10.10.20.128/24 | 10.10.20.129/24 |
| eth1 | 10.10.30.128/24 | 10.10.30.129/24 |
| HA Shared IP | 10.10.30.120 | 10.10.30.120 |
| HA Partner IP | 10.10.30.129 | 10.10.30.128 |
| HA Checks | eth1 | eth1 |
I’m using 10.10.30.0/24 for heartbeat only, it is a separated and isolated network. 10.10.20.0/24 is the network where all services reside. For simplicity, I used a stretched VLAN between sites. I could’ve created two separate networks, but as this is just an exercise in ‘getting it to work’ more than anything else.
And HA parameters:
| HA Parameters | vlm01 | vlm02 |
| HA Mode | HA (First) Mode | HA (Second) Mode |
| HA Version | Upgraded (CARP) |
| HA Timeout | 9 seconds |
| HA Initial Wait Time | 0 |
| HA Virtual ID | 2 |
| HA Update Interface | Eth1: 10.10.30.120 |
This results in a fully functioning HA pair:
on vlm01
on vlm02
KEMP Virtual LoadMaster Virtual Services
Next, I created a ‘virtual service’ to enable vSphere Web Client load balancing.
- Virtual Address: 10.10.20.20
- Port: 9443
- Name: vSphere Web Client
- Protocol: tcp
I then modified the service settings:
- Service Type: HTTP/HTTPS
- Persistence Mode: Source IP Address
- Persistence Timeout: 1 Day
- Scheduling Method: weighted response time
- SSL Acceleration: Enabled (incl. Reencrypt)
Finally, I added the ‘Real Servers’ and their ‘Check Parameters’:
- Check HTTPS Protocol on Port 9443
- Check URL: /vsphere-client
- Real Server Address: 10.10.20.21 and 10.10.20.22, the IP-addresses for either vSphere Web Client VM.
- Real Server Port: 9443
We can view some statistics about the Virtual Services and Real Servers:
Client Access
I registered the virtual service IP address (10.10.20.20) in my local DNS (client.virtuallifestyle.nl) in order for my users to easily connect to the vSphere Web Client.
To check if the KEMP VLM really is load balancing:
Breaking stuff
Now, this blogpost wouldn’t be as fun if I just left it at this. I obviously need to break stuff:
Here’s what happens when I disable one of the vSphere Web Client nodes:
Likewise, here’s what happens when I disable one of the KEMP Virtual LoadMaster nodes:
Guess what happens if the primary site fails completely:
Lastly, here’s what happens when I disable one of the vSphere Web Client nodes and one of the KEMP Virtual LoadMaster nodes across sites (i.e. vWC01 and VLM02):
Concluding
The point of this exercise was to find out if I could create a geo-redundant configuration of a stateless application like the vSphere Web Client using KEMP’s Virtual LoadMaster. Even though this implementation does have a bunch of rough edges (razor-sharp ones at that), but it definitely works. The VLM’s installation and configuration, even in a CARP HA scenario is a laugh and can be completed in under 5 minutes while delivering a powerful set of load balancing and redundancy functionality.
Dave Stork has published a couple of posts (‘Differences in Exchange Load Balancing recommendations by Microsoft and vendors‘ and ‘Exchange, Load balancers and recommendations‘) on using LoadMaster in Microsoft Exchange environments. Please read up on his experiences, tips and tricks, it’s well worth the read!
May 1, 2012 Blogs
I got an e-mail from VMware Press notifying me of this sweepstake:
VMware Press, the official publisher of VMware books and training materials, has launched a 60 day Facebook sweepstakes beginning May 1 and running through June 30th. Prize offerings include a $100 Amazon gift card and three VMware Press books of the winner’s choice; nine second prize winners will win an eBook of their choice. Good luck – enter now!
Seems like a good way to fill up your (digital) bookshelf!
Apr 16, 2012 Blogs
I finally managed to find a reader interested in ‘USENIX Short Topics in System Administration Series #24, ‘Cloud Computing with VMware vCloud Director‘:
Happy reading, @eroozen
Apr 13, 2012 Blogs
Just a little post to let you know that I just noticed that VMware’s released a ‘My VMware’ app in the iOS App Store. Go get it in the App Store.
It looks informationsavvy, and that’s just what I want; more details about my account, support contracts and licenses.
Apr 11, 2012 Blogs
So a while ago I promised to give away some books to my readers to enjoy instead of having the books collect dust on my analog book shelf.
I found new homes for the following books:
Sadly, no-one wanted this one: (you can still get it from me!)
And the winners are…
All winners have been notified and have received their books already!
- Adam Robinson from the United States
- Kees Koekkoek from the Netherlands
- Sjors Robroek from the Netherlands
- Igor Wormsbecher from the Netherlands
Igor was so kind to e-mail me this picture:
Sjors left a pic in the comments below: “directly on top of the “to read” pile, hopefully in preparation of vcap5”
I hope the others will e-mail (or post a pic in the comments), too!
I’d like to wish these guys a lot of fun reading these books and learning from them, just as I did.
Thanks!
I also want to thank Mike Laverick, Cody Bunch, Duncan Epping, Frank Denneman, Forbes Guthrie, Scott Lowe and Maish Saidel-Keesing for writing these awesome books. Thanks guys!
Mar 13, 2012 Blogs
I was cleaning out my bookshelf the other day, and noticed I have a few hard copies of books for which I also own the digital version. I usually read books on my iPad, so it really is a shame that all these nice and shiny books remain unused.
I figured, why not just give them to you?
Prizes
#Winning!
The giveaway is really simple. Just subscribe to my RSS-feed (use this button: 
) and leave a comment below. Make sure the comment contains the name of the book you’d like to win and your name. That’s it. Nothing else. You could buy my a ‘new iPad’ or the new Apple TV, obviously, but that won’t increase your chances of winning.
Everyone can enter the giveaway (starting now!), just make sure you enter a valid e-mail address in the comments field. I will of course never sell, give away or do anything else with your contact details other than publish the names of those who won and contact you to get the details needed to ship the books. I solemnly promise to shift-delete your records after you’ve received your prize. Scouts’ Honor.
The contest will close March 20th, 20:00 CET (GMT+1). I will contact the winners at that time; Winners must respond by March 22th, 20:00 CET (GMT+1) or the prize is forfeited.
The winners will be chosen at random using the random.org ‘True Random Number Service‘. The numbers entered are the internal comment identifiers automatically assigned to your comment by the WordPress framework.
Mar 12, 2012 Blogs
The rest of the week I’ll be attending the ‘VS-5.0-ACMT‘ training at XTG in Gouda, The Netherlands. XTG has gratuitously offered me a spot on the training! I’m looking forward to four days with Gabrie and Marcel van Os :-)
The training course is actually an XTG in-house developed four-day hands-on deep dive into VMware vSphere 4 and 5, focussing on configuration, management and troubleshooting. It’s aimed at VMware VCP-certified professionals looking for more in-depth knowledge on vSphere. The training covers a lot of command line tools for logging, network and storage configuration and vCenter Server management for monitoring and troubleshooting purposes.
Course Modules
- Module 1: Introduction
- Module 2: Logging and monitoring
- Module 3: Networking
- Module 4: Storage
- Module 5: VMs
- Module 6: vCenter Server and the VCSA
- Module 7: HA & DRS
- Module 8: Deployment (optional)
Review
I will review the training on my blog during or shortly after the weekend when the experience is still fresh in my memory.
Feb 23, 2012 Blogs
The initial version was released in December 2010. Since then, version 1.0.1.72 and 1.0.1.175 (update 1) have been released, adding a couple of new features:
1.0.1.72, June 2011
- Integrate remote support and diagnostic operations from vCenter in conjunction with Dell’s Proactive Systems Management
- Direct link to dell.com for warranty renewal
- Updated connectivity to M1000e CMC
- Future updates will not require total re-installation of the virtual appliance
- Trial license available
- Support for LC 1.5, OpenManage 6.5, and ESX 4.1 U1
1.0.1.175 u1, October 2011
- Support for vSphere (ESXi) 5
- Bug Fixes
- Enhancements to deployment and usability functionality
- Support for 12G servers
- Delivered as a patch (so no full OVF)
1.5, March 2012?
Dell is expected to release version 1.5 of the product at the end of March 2012. Expected new features are:
- Released as both an update within the appliance and as a full OVF
- New license option for 25 and 100 hosts.
- Support for the 12th generation (12G) of Dell PowerEdge Servers
- 12G servers do not require OMSA, creating an ‘Agent Free’ option utilizing the iDRAC and Lifecycle Controller
- Deploying ESXi to (dual) SD-card Modules
- Lockdown mode support
- New Compliance Wizard (to check if ‘Collect System Inventory on Restart’ is enabled, to install and configure OMSA and to fix the Connection Profile)
- Improvements to the initial firmware installation process
- Various bug fixes
- Option to exit maintenance mode automatically of a host after firmware update complete
Check out two screenshots on the Compliance Wizard and exit the maintenance mode after firmware update:
Other News
I noticed there’s a new free one host version is located. Get it here: http://marketing.dell.com/software-download.
I’ll keep you posted if version 1.5 is actually released!
