After a little mishap in November (found a bug in the system, yay!) I could finally sit (and pass) the VCIX-NV exam yesterday. I will skip through telling about the obvious stuff like length and number of questions as they can be easily found in the exam blueprint.
It looks like VMware modified the NSX beginner lab 1403 so that the tasks now are completely independent of each other and can be done in pretty much any order. Unfortunately this process lost all of the initial configuration steps that were included in the actual lab.
Today I sat the VCAP-DTA exam and obviously don’t have any results yet 🙂
Overall I am extremely pleased with the exam experience, it had a very logical structure without jumping from A to B too much. You can see the experience VMware gained through the VCAP-DCA and VCAP-CIA exams there, while I was jumping around from one part of the blueprint and logical structure of the data center in the VCAP-DCA and the exam felt like all over the place, the VCAP-DTA almost tells a story with a very comprehensive logical flow.
I also liked the implementation of the troubleshooting section in general, it is much more relaxing to know what the issue is and not wondering at every task if something is set up the way it should be or if it is a hidden troubleshooting scenario like in the VCAP-DCA.
As described in the blueprint I had to do 23 tasks (of which some were further broken down into independent sub tasks of some sort) and got allotted 180 minutes to complete them to the best of my knowledge and ability.
On most VCAP reviews you will always read one sentence: “Time management is key!”. While this is also true for the VCAP-DTA I felt much more relaxed during the exam compared to the VCAP-DCA or VCAP-CIA. This might just be because having done 5 VCAPs I kinda get the hang of it by now but I do like to think that part of it also lies in the structural approach this exam takes. I could comfortably look at all tasks and if I had had the knowledge for all of them I could also have implemented them. As I am too lazy to update my information for the exam center I am not getting the 30 minutes extra time for not being a native English speaker, so if you have that “advantage” you should be fine for time.
There are a couple of things that I disliked though. This includes that I had no way to verify my solutions on ALL troubleshooting tasks I got, basically making it a game of educated guessing rather than real troubleshooting. I also struggled with several disconnects (I believe I had around 8 or 9 in total) which cost me a good 10 minutes of the total time. Documentation also still is in PDF format with Adobe Acrobat being the only available reader, even though that should change in the future. This makes scrolling in the documentation or zooming incredibly slow and documentation therefore rather useless. Some questions also could need some clarifications as sometimes there is no default configuration and you have several options in front of you of which all could make sense, making it a best guess game again.
Overall these points should not be contributing too much of me passing or failing the exam though, if I fail it is not because I lost 10 minutes of time or because I could not look up something in the documentation, after all this is supposed to be an advanced level exam where you simply have to know your ****.
I could have done a lot more for preparation, my exposure to Horizon View so far has been starting the View Client to connect to a desktop and seeing the administrative interface for roughly 4 hours in total. As my home lab server had a hard disk failure and I had not done backups of my environment yet I basically just read up on the tasks that were mentioned in the blueprint. I would NOT recommend that as a general practice though.
As for study resources I used:
- Steve Dunne’s study notes overview to be found at http://www.virtuallyvirtuoso.com/vcap-dta-study-notes/
- Chris Becket’s study notes to be found at http://virtual-fabric.com/
- VMware ThinApp 4.7 Essentials
- Implementing VMware Horizon View 5.2
- Mastering VMware vSphere 5 – Yes you will need to manage vCenter too 😉
- VMware View 5: Building a Successful Virtual Desktop
- Exam Blueprint
As I am currently studying for the VCAP-DTA I try to get all the literature safaribooks has to offer on the theme together to properly break down the blueprint.
One of the books I read so far has been VMware Horizon View 5.3 Design Patterns and Best Practices by Jason Ventresco.
As the title suggests this book is not overly suited for the VCAP-DTA as this is a practical exam and the content of the book is oriented for design work. It is a good read for people studying for the VCAP-DTD though. The 6 chapters cover a major part of the blueprint listing pros and cons of various design decisions. It also does some example calculations for compute and storage resources which might come in handy during the exam.
The content that can be delivered on 130 pages is of course limited but the author manages to talk about the most important subjects of the exam which would be general benefits, risks and design considerations, pool design, RDP vs PCoIP, network bandwidth constraints, sizing of compute resources, storage consideration, profile management and the various client options.
The only thing the book is lacking to not only be a good but a great read for exam preparation would be a design walk through as it is done in the vCloud Architecture Toolkit for example.
Nonetheless I would recommend everyone studying for the VCAP-DTD to have a look at the book as it contains alot of valuable and relevant information for the exam.
At the end of October I took the VCAP-CID exam and as this is still the time right after vSphere 5.5 being released I didn’t actually study as hard for it as I wanted to (didn’t even find any time to actually read the blueprint properly, strongly advising people attempting to take the exam to do so nonetheless).
I was assured that the exam is based on version 5.1 of vSphere and vCloud Director.
This was my 4th VCAP exam so by now I am used to sit the exam for a long time and just powering through those 3 hours (I haven’t figured out on how to get the 30 minutes extra for not being a native English speaker even though I am residing in an English speaking country right now).
As with the VCAP-DCD you can not go back on questions, your answer is final and you will want to pace yourself through it as it is less time than the VCAP-DCD while still presenting more questions. You will also still face the 6 design tool questions.
As a rule of thumb I spent 12 minutes per Visio style question (maybe 30 seconds longer when I just needed some more connections) and then clicked next to see the full exam. Which left me with a little over one minute per drag and drop or multiple choice question. I felt that a lot of the hiccups I experienced in the VCAP-DCD have been corrected for the Visio type of questions. I could move elements around without whole parts of the design going off screen and therefore having to start all over again. Also connecting the single elements seems to have improved a little (it still isn’t perfect though).
The only real study resource I used was the vCloud Architecture Toolkit (vCAT), a free download going through all. I also read the vCloud Director chapter in Scott Lowes vSphere Design 2nd Edition but that information is by no means intended to be a study resource for this specific exam.
Gregg Robertson put together a very decent list of resources for those who can put more time into studying which can be found at thesaffageek.co.uk.
For those who want some extra tips and tricks for studying.
- Know the VMware process of designing, you will be tested on this, your own process is no good in this exam if it differs from the VMware view
- Be able to distinguish between conceptual, logical and physical designs
- Know how changes in the vCloud Director layer actually translate to the vSphere layer
- Know how design decisions will affect availability, security, manageability, performance, recoverability
- Be familiar with disaster recovery concepts
- Be familiar with translating business needs into actual decisions while fulfilling the requirements, trying mitigate risks and work around constraints and be able to map those needs to the allocation models within vCloud Director
- Know all the different cloud concepts, there is more than one
- Be able to look at things from a business point of view and explain certain user roles involved in a cloud deployment
- Know the software minimum requirements, recommended configuration and configuration limits for the vCloud and vSphere stack
The blueprint states the following skills needed to cover this objective.
- Create and manage Organizations
- Manage Organization policies and settings
The process to create an Organization in vCloud Director is described in the English version of the vCloud Director Administrator’s Guide on pages 28 – 32 and the following kb article. Creating an Organization in VMware vCloud Director http://kb.vmware.com/kb/1026316 To create an Oganization in vCloud Director simply click the according link on the home screen which will bring up a wizard.
Next fill out the organization name, keep it short as this will be part of the URL that is called to access the organization. You can actually set a longer name in the Organization full name field which will appear in the browser header and an optional description.
The next screen gives you the choice for directory services, you can choose between none which basically means you will need to create the users in vCloud Director manually and they are stored in the vCloud Director database. You also have the choice to connect to the same LDAP system as the vCloud Director provider. You can choose different OUs for different organizations but you won’t have the flexibility as with the last option which is a completely independent ldap service. Further information on configuring ldap for vCloud Director can be found in the vCloud Director Administrator’s Guide on page 123 and the following kb article.
Setting up Kerberos authentication for vCloud Director http://kb.vmware.com/kb/2015986
The next screen will give you the option to add or create local users in case ldap services are down.
Next up is the choice if the organization admin can publish catalogues or not.
The next screen will allow you to override the default smtp settings to send emails for this organization.
The last screen will let you configure the policies for the organization. This includes the maximum runtime, template and storage leases, the storage clean-up policy, quotas, limits on resource intensive operations and console connections and account lockout policies.
When you click “Finish” on the summary page your Organization will be created and you will be able to use it as a container for Organization VDCs.
The vCloud Director Administrator’s Guide describes the following management tasks for an Organization on the pages 105 – 110 in the English version.
- Enable or Disable an Organization
- Delete an Organization
- Add a Catalog to an Organization
- Editing Organization Properties
- Managing Organization Resources
- Managing Organization Users and Groups
Disabling or Enabling an Organization can be done using the “Manage & Monitor” tab by right clicking the Organization. This will prevent or allow users to login into the Organization. It won’t affect the ability of administrators to allocate resources or make changes to the network. All vApps will also continue to run just fine.
From this menu you can also delete the Organization and edit the properties of the Organization. You will need to change the ownership of all objects within that Organization that the current users own to be able to delete it.
To add a catalogue to an Organization go to the quick start page and choose option 7 “Add a catalog to an Organization”.
Choose an Organization in the Wizard to add the catalogue to.
Name the catalogue.
And finally choose the publishing option if you are allowed to that depending on the Organization options.
You will be able to edit most properties you selected during the creation process by choosing the “Properties” option when right clicking the Organization. If you actually want to change the Organization name though you will need to disable the Organization first.
You also have the option to change the LDAP settings for the Organization, to choose if catalogues can be published to all Organizations, email notification settings and the policies you choose at creating the Organization.
To manage the resources of an Organization you will need to create, modify or delete Organization VDCs which is described in detail in objective 3.3.
To add and manage users for an Organization you can double click the Organization in the “Manage & Monitor” tab and add either vCloud Director local users or import users and groups from an LDAP source.
You will have some more options to manage those users when you right click them. You will be able to enable and disable accounts, unlock a locked account or delete an account. Depending if the account is a local account or an LDAP account you will also be able to reset the password, change the role, edit the contact info and quotas by choosing the “Properties” option.
The blueprint states the following skills needed to cover this objective.
- Configure storage tiers
- Create, manage and delete org VDCs
As I already covered how to add more storage to a Provider VDC we will concentrate on how to change attached storage profiles for a Organization VDC. As every Organization can consist of several Organization VDCs you will be able to assign different storage profiles, which need to be pre-existent in your vSphere environment, to these VDCs so that your Dev&Test VDC is not eating up all your precious space and performance for your production workloads.
The assigning process can be done either directly during the creation process of an Organization VDC which will be described in the second part of this post or at any later stage by opening the Organization VDC and choosing the “Storage Profiles” tab.
In the same menu you can also disable a storage profile, delete it, change the default profile to be used or changing the size limit for the Organization VDC in the properties option.
Fast provisioning and thin provisioning settings can also be changed after creation an Organization VDC using the “Manage & Monitor” tab and right clicking the Organization VDC choosing the “Properties” option.
The second goal of this objective is to create, manage and delete Organization VDCs. The process is described as well in the following kb article and in the English version of the vCloud Director Administrator’s Guide on pages 32 – 40.
Creating an Organization Virtual Data Center in VMware vCloud Director
As Organization VDCs are created using a specific allocation model with different use cases for each model some more information can be found using the following resources.
Allocation Models for Organizations using vCloud Director
So let’s start by creating one. This can be done by choosing option 6 on the quick start page.
You will then need to choose an organization and a Provider VDC to host the Organization VDC.
The next step is to choose an appropriate allocation model.
You then will be able to configure the resource settings, limits and reservation for CPU, memory and the maximum number of VMs that can be deployed in that Organization VDC. This screen differs a bit between the different allocation models. You will only be able to choose a specific vCPU speed in the PAYG model and you won’t be able to set any reservations in the Reservation Pool model. There will also be a rough estimation on how many VMs this Organization VDC will be able to host scaled in 3 different VM instances; “small”, “medium” and “large”.
Next up will be the storage configuration. Here you can add the storage profiles and thereby the datastores available to the Organization VDC as well as setting the default instantiation storage profile. An upper limit on how much space can be used for each storage profile can be configured as well. You can also choose the options for thin and fast provisioning in this screen.
This leaves the network pools to set. You will be able to choose 1 network pool from which the vApp networks will be created. If you already pre-configured a vShield Edge device in that network pool you will see a list of all the configured services that Edge device offers.
On the next screen you will be able to choose if you want to deploy a new Edge device and also configure it on the spot even though you may choose to do the configuration part later as well. Advanced settings like IP settings, IP Pools and rate limits can also be configured on the spot.
If you choose to deploy an Edge Gateway you will need to select the external networks that gateway can provide access to.
If needed you can create a routed organization network and also share it across the whole organization.
The last step will be to name and enable the organization VDC.
The different options for managing the Organization VDC are described on page 52 – 63 in the English version of the vCloud Administrator’s Guide.
These include the following tasks:
- Enable or disable an Organization VDC
- Delete an Organization VDC
- Add a storage profile to an Organization VDC
- Modify the Organization VDC name and description
- Edit the Allocation Model settings
- Edit storage settings
- Edit network settings
All these tasks can be done by using the “Manage & Monitor” tab. To enable or disable the VDC just right click on it and choose the according option. You can also delete the VDC this way as long as it is disabled and all vApps, Templates and media was deleted or removed as well.
The process to add a storage profile to the Oganization VDC was described in the beginning of this post.
To change the name and description of the VDC select the “Properties” option when right clicking the VDC and choose the “General” tab.
You will not be able to change the actual allocation model for an Organization VDC but you can change the settings of the current model, e.g. the CPU reservation by selecting the “Allocation” tab.
If you want to enable or disable thin and fast provisioning you will need to select the “Storage” tab.
The “Network Pool & Services” tab will let you change the network pool backing the Organization VDC as well as the actual number of networks provisioned for this VDC.
The blueprint states the following skills needed to cover this objective.
- Create and manage network pools
- Create Provider external networks
- Manage and remove network resources
By default vCloud Director 5.1 will try to create a VXLAN backed network pool whenever you create a Provider VDC. If you want to use VXLAN backed pools the cluster should be prepared to actually use VXLAN which is described in detail in objective 2.3.
Duncan Epping gives a great overview about the 3 other network pools that can be created in vCloud Director.
There is also a kb describing the process.
Creating network pools in VMware vCloud Director
Additional information can also be found in the English version of the vCloud Director Administrator’s Guide on pages 23 – 25. Remember that you can assign only 1 network pool to each Organization VDC but share the same pool across different Organization VDCs. If you are opting for the network-isolation backed pool remember to increase the MTU on the distributed virtual switch backing that pool. These pools are used to back up the networking demands of the organizations in vCloud Director. So let’s walk through the process of creating a new network pool.
Click on option 4 on the quick start page.
The first step in the wizard is to decide which network pool will be created.
The next steps differ for each pool type. While the VLAN backed pool will need information about a VLAN range, the isolation-backed pool will require only 1 VLAN and the number of isolated networks that need to be created. For the port group backed network pool you will need to choose pre-created port groups from the vSphere layer.
The rest of the process is the same for all network pool types which consists of naming the pool and possibly giving it a description and clicking “Finish” on the summary page.
You will be able to manage and modify network pools by clicking on the “Manage and Monitor” tab.
By right-clicking and selecting “Properties” you will be able to expand the pool by adding additional resources like VLANs, port groups or simply networks to it. You can also rename the network pool this way and increase the MTU to the recommended size of 1600 as described in the vCloud Director Administrator’s Guide on page 25.
The steps to create a Provider external network are described in the English version of the vCloud Director Administrator’s Guide on pages 22-23 and the following kb article.
Creating External (Provider) Networks in VMware vCloud Director
All we need to do is click option 3 on the quick start page.
The next step is to pick a vCenter server attached to vCloud Director and a appropriate port group providing access to the external network. This needs to be pre-configured on the vSphere level. According to the Administrator’s Guide this should be an auto-expanding static port group. Don’t worry as the exam is based on vSphere 5.1 this is already in place by default but for those more curious about this feature there is more information in the following 2 links.
Choosing a port binding type
Next up is configuring the actual network settings like standard gateway, subnet mask, DNS servers and the IP pool.
The last step in the creation process is naming the external network.
After clicking “Finish” on the summary page the new external network will be created. You can check the result on the “Manage and Monitor” page within vCloud Director.
The last goal for this objective is to manage and remove network resources. I am assuming that this is also related to network pools like the rest of this objective as vShield Edge devices are covered in more detail in objectives 4.1 and 4.2.
You can get an overview of the Organization networks connected to the network pools by clicking on the Organization VDC in the “Manage & Monitor” tab. The “Org VDC Networks” tab contains the information the different Organization networks and the related network pool status. By right clicking on an Organization network you will reveal the management options depending on the network type. For internal and routed networks you will be able to manage the services the vShield Edge device delivers to that network. You will also be able to reset the network, view the IP allocations and connected vApps and also manage the static IP pool settings and name by choosing “Properties”. You can delete an Organization network in this screen as well when no virtual machines are connected to that network anymore.
To change the allocated network pool for an Organization VDC simply the properties windows of that Organization VDC in the “Manage & Monitor” tab. This step is needed when you want to delete a network pool.
To actually find out which Organization VDCs are using a network pool you can simply click it in the “Manage & Monitor” tab.
By right clicking a network pool in the Network Pools overview you will be able to repair and delete the network pool. You can also change the settings of a network pool like already described in the last goal to change the MTU for a network backed pool for example.
The blueprint states the following skills needed to cover this objective.
- Create and manage vSphere port groups
- Configure vSphere network options including MTU and VLAN
- Prepare vSphere cluster for VXLAN
The goal to manage and create vSphere port groups is done at the vSphere level. There are 2 different scenarios here, as vCloud Director could be combined with an Enterprise License instead of an Enterprise Plus license on the ESXi hosts backing the Provider vDCs we will go through the process of creating and managing port groups on both vSwitches and dvSwitches.
Let’s tackle vSwitches first. To add a part group consistently to a cluster you will need to complete the process on all of the hosts. The first step is to go to the host you want to create the new port group on, go the Configuration or Manage tab depending on the client you are using and click the “Add networking” button.
You will then be asked what kind of port group you want to add, select Virtual Machine port group. Select an existing vSwitch or create a new one. Select the appropriate uplink ports and finally assign a VLAN to the port group and name it.
You will now be able to choose this port group to create a port group backed network pool in vCloud Director.
This port group can now be managed through the Web Client. You will be able to edit the MTU on the vSwitch level of that port group. The VLAN can be changed by editing the port group directly.
Security features (promiscuous mode, MAC address changes, forged transmits), traffic shaping options and failover options can be configured on the switch level and propagated to the port group or be overridden on the port group level.
Creating a port group on a dvSwitch is actually very similar. Just click the “New Distributed Port Group” button, enter a name and configure the settings including VLAN.
To edit the port group or dvSwitch settings click on the appropriate buttons, the same principles as for a vSwitch apply (MTU on the dvSwitch and VLAN on the port group).
Information on why you would want to increase the standard MTU of 1500 can be found in the vCloud Architecture Toolkit (if the exam asks you to configure VXLAN or VCD-NI backed pools be sure to check out the MTU size of the dvSwitch you are creating).
Oddly enough the blueprint does not mention that you will need to create dvSwitches or vSwitches, the process also is rather easy. For a dvSwitch simply right click the datacenter in the Web Client and choose “New Distributed Switch”, a wizard will pop up which will ask for a name and some basic settings (Note that you cannot configure the MTU through that wizard, you will need to edit the dvSwitch settings after you created it).
The process to create a vSwitch has been explained in the top part of this post already. This leaves the task to prepare the vSphere cluster for VXLAN. This process is not described in the administrator’s guide or the installation guide. But there is a white paper and a blog post which describe the process.
To configure VXLAN the classic vSphere Client is needed as the required plugin for the configuration is not available in the Web Client.
Click the preparation link to start the configuration process.
Next click on “Edit” and choose all applicable clusters.
Choose the dvSwitch that will handle the traffic and assign the appropriate VLAN ID.
Select the correct Failerover Policy in the next wizard screen (depending on your hardware configuration) and configure the MTU to 1600.
After hitting finish the status should look like this.
If no DHCP is providing IP addresses to the Virtual Tunnel Endpoints they need to be configured manually. This can be done by using the Web Client.
Last up is setting up the segment ID and multicast address. The segment ID pool will define how many isolated networks can be created.
There should be no errors anymore after creating a provider VDC in vCloud Director now as the clusters are fully prepared for VXLAN.