Archive

Archive for the ‘VCAP’ Category

VCAP-CIA objective 3.1 – Manage Provider VDCs

August 7th, 2013 No comments

The blueprint states the following skills needed to cover this objective.

  • Create and Provider VDCs
  • Merge or Expand Provider VDCs
  • Manage Provider VDC options

Creating a Provider vDC is described on pages 21 and 22 in the English version of the vCloud Director Administrator’s Guide. There is also a video showing the process in the kb noted below.

Creating a Provider Virtual Data Center in VMware vCloud Director
http://kb.vmware.com/kb/1026296

Let’s go through creating a Provider VDC step by step.

On the landing page click option 2 to open the wizard. Enter a descriptive name and choose the maximum supported hardware version which is affected by the build of the hosts in your cluster. Make sure the Provider VDC is enabled.

createpvdc1

The next step is selecting the compute resources, namely choosing a vCenter Server and according Resource Pool to supply these CPU, memory and network resources from the vSphere layer to the actual vCloud workloads.

createpvdc2

You will then need to add storage resources to the Provider VDC, be careful when choosing the * (Any) profile as this also includes the local datastores of the hosts which can cause problems. You can find more information on this profile in the following kb article.

About the *(Any) Storage Profile
http://kb.vmware.com/kb/2045534

createpvdc3

The last step is to provide the root credentials to prepare the hosts for the use for vCloud Director.

createpvdc4

After you click okay on the final summary page you can see the creation process in the Manage and Monitor tab.

createpvdc5

The next 2 goals are described on the pages 45 – 51 in the English version of the vCloud Administrator’s Guide. Let’s start with merging 2 Provider VDCs. This is a very simple process you can start by going to the Manage and Monitor tab, choosing the Provider VDC option and right clicking the Provider VDC that should be the merge destination.

mergepvdc1

A wizard will pop up where you can choose which Provider VDC to merge with the selcted one.

mergepvdc2

To actually expand a Provider VDC you will need to either add compute resources which can be done by adding another Resource Pool, or additional storage which can be done by adding Storage Profiles to the Provider VDC. For both options a wizard is going to pop up and guide you through selecting the additional resources.

expandpvdc1

expandpvdc2

The last goal is to manage Provider VDC options. The vCloud Administrator’s Guide lists the following options and procedures that can be edited for a Provider VDC.

  • Enable or Disable a Provider vDC
  • Delete a Provider vDC
  • Modify a Provider vDC Name and Description
  • Merge Provider vDCs
  • Enable or Disable a Provider vDC Host
  • Prepare or Unprepare a Provider vDC Host
  • Upgrade an ESX/ESXi Host Agent for a Provider vDC Host
  • Repair a Provider vDC ESX/ESXi Host
  • Enable vSphere VXLAN on an Upgraded Provider vDC
  • Provider vDC Datastores
  • Add a Storage Profile to a Provider vDC
  • Edit the Metadata for a Storage Profile on a Provider vDC
  • Add a Resource Pool to a Provider vDC
  • Enable or Disable a Provider vDC Resource Pool
  • Detach a Resource Pool From a Provider vDC
  • Migrate Virtual Machines Between Resource Pools on a Provider vDC
  • Configure Low Disk Space Warnings for a Provider vDC Datastore
  • Send an Email Notification to Provider vDC Users

Some of these tasks or procedures are prerequisites to be able to edit other options so I will only show a few examples here. Some have even already been described above.

We will start by modifying the name and description of a Provider VDC. Simply right click a Provider VDC in the Manage and Monitor tab when selecting the Provider VDC option. Click on properties and change the settings to your new requirements.

renamepvdc

Note that you can also change the highest supported hardware version in the renaming wizard. You will not be able to assign new storage or compute resources though.

renamepvdc2

You can disable and delete a Provider VDC by right clicking it in this view, as well as enabling VXLAN. The option to send an email notification to all Provider VDC user can also be found here by clicking the Notify… option.

notifyusers

When you left click on one of the Provider VDCs you get a new screen with tabs on the top. All hosts options can be seen by selecting the Hosts tab and right clicking the host. You will be able to enable or disable hosts, prepare or unprepare hosts, redeploy all VMs off from a host, upgrade the host agent or repair the host.

hostoptions

To edit the meta data of a Storage Profile select the Storage Profiles tab, right click the according profile and select properties. You can also enable and disable Storage Profiles that way.

spmetadata

You will not be able to set storage warnings in the Datastores tab, you need to choose the Datastores option on the left pane to do that as these alarms are valid for all Provider VDCs that have access to these datastores.

You can enable, disable and detach Resource Pools by right clicking them in the Resource Pools tab.

rpoptions

To migrate VMs to another Resource Pool choose the Open option, CTRL click all the VMs in the Resource Pool which need to be moved and choose the Migrate to option. You will have the choice to automatically select a destination Resource Pool or do a manual selection.

Categories: Certification, VCAP Tags:

VCAP-CIA objective 5.1 – Manage vCloud Director SSL Certificates

August 1st, 2013 No comments

The blueprint states the following skills needed to cover this objective.

  • Create and process certificate requests
  • Replace default certificates

SSL certificates are an absolute requirement for vCloud Director to work. You will need 2 different certificates, one for the vCloud Director Web Interface and one for the Console Proxy. There are 2 options for SSL certificates, self-signed and CA signed. The process to create the certificate requests and generate the certificates is described in the vCloud Director Installation and Upgrade Guide on pages 17 – 20 in the English version. There is also the following kb article describing the process in detail.

Generating SSL certificates for VMware vCloud Director
http://kb.vmware.com/kb/1026309

To create untrusted self-signed certificates simply run the following 2 commands on the vCD cell.

keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey –keyalg RSA -alias http
keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey –keyalg RSA -alias consoleproxy

This generates the certificates which are valid for 90 days by default (use the -validity parameter to set a different value).

createssl1

You can list the contents of the keystore using the following command.

keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -list

You should expect to see both certificates in there.

createssl2

To actually replace the certificates now you can follow the guidelines in the English version of the vCloud Director Administrator’s Guide on page 16. It is basically a 3 step process.

  1. Stop the vCD cell
  2. Run the configuration script again
  3. Provide the path to the new keystore file and passwords for the keystore and certificates

createssl3

After a restart of the cell the new certificates should be loaded and accessible.

createssl4

The process to create CA signed certificates is slightly different. Instead of creating the certificate itself we are going to use the key tool to create requests which have to be handed over to a CA which will provide back the actual certificate files. These will be imported to a keystore again like the self-signed certificates. The procedure to actually replace the certificates for the cell stays the same.

The requests can be creating by using the following 2 commands.

keytool -keystore certificates.ks -storetype JCEKS -storepass passwd –certreq -alias http -file http.csr
keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -certreq –alias consoleproxy -file consoleproxy.csr

You will need an existing certificates.ks keystore with self-signed certificates for the consoleproxy and http interface in it for these commands to work.

createssl5

Upload these files to your CA and request the certificates. You will need to get back the 2 requested certificates, the root certificate for the CA and any intermediate CA certs if they exist. These need to be imported into the keystore using the following commands.

keytool -storetype JCEKS -storepass passwd-keystore certificates.ks -import -alias root -file root.cer
(optional) keytool -storetype JCEKS -storepass passwd-keystore certificates.ks -import -alias intermediate -file intermediate.cer
keytool -storetype JCEKS -storepass passwd-keystore certificates.ks -import -alias http -file http.cer
keytool -storetype JCEKS -storepass passwd-keystore certificates.ks -import -alias consoleproxy -file consoleproxy.cer

When the complete chain is imported you should list the contents of the keystore to make sure everything is in there.

keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -list

createssl6

When everything is in place you can run the configure script as described above to actually replace the certificates. You should also import the root certificate into the trusted certificates store of the clients actually using vCloud Director to get rid of the security warnings.

createssl7

Categories: Certification, SSL, VCAP Tags:

VCAP-CIA objective 2.2 – Manage vSphere storage resources

July 28th, 2013 No comments

The blueprint states the following skills needed to cover this objective.

  • Decommission storage
  • Create and manage storage profiles

The goal to decommission storage can prove to be a tricky one when done wrong, as this might get your host into an APD state. APD handling has been improved alot with ESXi 5.1 which is used in the exam but should you should still try to remove the storage correctly in order to not risk any point loss or even worse a host loss during your exam.

The following kb article shows the correct procedure to use which includes unmounting the datastore and detaching the device. If the storage device actually is an NFS share all that is needed is the unmount.

Unmounting a LUN or detaching a datastore/storage device from multiple ESXi 5.x hosts
http://kb.vmware.com/kb/2004605

unmountds

detachds

This does cover the vSphere side of things. If asked to decommission a datastore from vCloud Director you will need to disable the datastore and remove it from all Provider vDCs. This can be achieved by editing the according storage profile for the datastore to not containing it anymore. If the “* (Any)” profile is used it will be sufficient to remove the datastore on the vSphere level. In the screenshots below we are going to disable the iSCSI16GB datastore, so no new VMs can be deployed to the datastore anymore. Afterwards we are going to remove it from the Provider vDC by editing the storage capabilities of the datastore on the vSphere level so it is not contained in the according iSCSI storage profile anymore.

removestorage1

removestorage2

removestorage3

removestorage4

removestorage5

The creation and management of storage profiles is done at the vSphere level. Once you have created and enabled storage profiles they can be assigned to a Provider vDC and Organization vDCs. This process is described in the vCloud Director Administrator’s Guide on pages 49 and 63 in the English version. Additional information can be found in the following blog posts.

http://blogs.vmware.com/vsphere/2012/11/using-storage-profiles-with-vcloud-director.html
http://blogs.vmware.com/vcloud/2012/11/vcloud-director-any-storage-profile.html
http://www.yellow-bricks.com/2011/07/13/vsphere-5-0-profile-driven-storage-what-is-it-good-for/
http://cormachogan.com/2012/10/17/vcloud-director-5-1-storage-profiles/

The first step is to enable storage profiles on the clusters or hosts used for vCloud Director.

storageprofile1

storageprofile2

If your storage is not VASA (vSphere Storage APIs – Storage Awareness) capable you will need to create user defined capabilities first.

storageprofile4

storageprofile5

The third step is assigning these capabilities to your datastores.

storageprofile7

The final step is actually creating the storage profiles.

storageprofile3

storageprofile6

Your datastores are now mapped to the profiles by the assigned capabilties which covers the vSphere side of things. You are now ready to use these storage profiles in vCloud Director. You will be able to choose them during the creation of a Provider vDC. If you want to edit an already existing Provider vDC to use some newly created storage profiles you can do so in the Manage and Monitor tab.

storageprofile8

Categories: Certification, VCAP Tags:

VCAP-CIA objective 2.1 – Add vSphere compute resources to vCloud Director

July 27th, 2013 No comments

The blueprint states the following skills needed to cover this objective.

  • Add new vCenter servers to vCloud Director
  • Prepare/unprepared hosts in vCloud Director
  • Add ESXi hosts to vCenter
  • Manage ESXi hosts and DRS resource pools in vCenter

All 3 objectives of this section of the blueprint will require knowledge of the underlying vSphere architecture and less vCloud Director itself.

Before you can add a new vCenter Server to vCloud Director you will need to deploy a vShield Manager Appliance for that vCenter and establish the connection. Once that is done the procedure on how to add the vCenter to vCloud Director is described in the vCloud Director Administrator’s Guide on pages 20 and 21 in the English version.

There are several ways to add a vCenter Server but the one requiring the least clicks should be to just click “Attach a vCenter” and enter the correct data.

addvc1

You will need to provide the DNS name or IP of the vCenter Server, the port the vpxd service is listening on, 443 by default, a vCenter administrator and its password, a display name for vCloud Director, an optional description and the URL to the Web Client to open vSphere objectives when right clicking them in vCloud Director.

addvc2

For the vShield Manager appliance you will also need the IP or DNS name and an admin user and the password, admin and default when nothing was changed,

addvc3

When everything was successful you will find the added vCenter in the Manage & Monitor tab in the vSphere Resources.

addvc4

Preparing a host is described on page 102 in the English version of the vCloud Director Administrator’s Guide. To be able to prepare a host you must make sure the host is not in maintenance mode. You also cannot prepare hosts if you do not have a provider vDC. If the host is part of a cluster of a provider vDC you will find it at the Manage & Monitor tab in the left pane under the Hosts option. Simply right clicking the host, choosing “Prepare Host” and providing root credentials completes the process.

The host is taken into maintenance mode in the vSphere layer, an agent is installed on the host, the maintenance mode is ended and the host will be able to serve as a compute resource for the cloud environment from now on. To reverse the process simply right click the host again, select “Unprepare Host” and wait until the process is finished.

preparehost1

preparehost2

Adding a host to vCenter Server is a pretty straight forward task which can be done via the Classic Client or the new Web Client. All you need to know are the root credentials for that host and the target cluster it should be put in. As the exam allows only for limited time and performance could be slow due to the exam being hosted offsite I would advise using the Classic Client for every action possible to do with it as it performs a little faster than the Web Client. I will still show a screenshot on how to add a host in the Web Client in case there is no access to the Classic Client in the exam.

addhost1

The goal to manage hosts and resource pools is extremely vague and could mean alot of things. All what is needed can be found at the “Manage” tab or “Configuration” tab depending on what client you are using. You can manage a resource pool by right clicking on it and choosing “Edit settings”. You should make yourself familiar with the concepts of shares, limits and reservations again.

To get an overview of what could be asked read the vCloud Director Administrator’s Guide pages 99 – 104 in the English version which includes the following tasks.

  • Register vCloud Director with a vCenter Server
  • Modify vCenter Server Settings
  • Reconnect a vCenter Server
  • Enable or Disable a vCenter Server
  • Remove a vCenter Server
  • Prepare and Upgrade a vCenter Server Attached to vCloud Director
  • Modify vShield Manager Settings
  • Enable or Disable an ESX/ESXi Host
  • Move Virtual Machines from one ESX/ESXi Host to Another
  • Prepare or Unprepare an ESX/ESXi Host
  • Upgrade an ESX/ESXi Host Agent
  • Repair an ESX/ESXi Host
  • Enable or Disable a Datastore
  • Remove a Datastore
Categories: Certification, VCAP Tags:

VCAP-CIA Objective 1.4 – Configure Alarms and Notifications

July 27th, 2013 No comments

The blueprint states the following skills needed to cover this objective.

  • Configure SMTP and notification settings
  • Configure warning alerts
  • Create System maintenance message

SMTP settings can be configured on vCenter Chargeback Manager and vCloud Director using the GUI. The screenshots below show where the settings can be entered.

vcdsmtp

 

cmsmtp

The way to configure the system warning alerts is described in the vCloud Director Administrator’s Guide on pages 51 and 103. Both pages describe the same procedure with a different way to get to the datastores. There are 2 thresholds that can be set, a yellow and red one. When these thresholds are crossed vCloud Director will send out an email warning about the low disk space automatically.

datastorealert

The configuration of a system maintenance message is described in the following kb and will be shown in the screenshots below. You can also find this information in the vCloud Director Administrator’s Guide on page 96 and 97 in the English version.

Configuring the VMware vCloud Director cell maintenance message
http://kb.vmware.com/kb/1026337

cellmaint

Categories: Certification, VCAP Tags:

VCAP-CIA Objective 1.3 – Maintain vCloud using command line tools

July 22nd, 2013 No comments

The blueprint states the following skills needed to cover the objective.

  • Manage and maintain vCloud Director cells using the cell management tool
  • Install and manage a vCloud Director installation using the configure script
  • Manage vCloud services using Red Hat command line tools including service, chkconfig and netstat
  • Collect logs for troubleshooting using the support script

The usage of the cell management tool is explained in the vCloud Director Installation and Upgrade Guide on pages 35 – 42 in the English version. It is located in the /opt/vmware/vcloud-director/bin directory on each cell and requires root credentials on the target server system administrator credentials for vCloud Director.

The cell tool offers different sub commands, the first bulletin of the blueprint configurable via the “cell” sub command. We will also have a short look at the other commands.

cellmain

There seems to be only 1 particular kb article on how to use the cell management tool for quiescing a cell before shutting it down.

Using the vCloud Director Cell Management Tool to quiesce and shut down a server
http://kb.vmware.com/kb/2034994

An example output can be seen in the following screenshot.

cellshutdown

The next sub command is “dbextract” which can be used to dump database contents without the need of a database management tool. There are several switches like “-exportSettingsFile” to further specify what exactly the dump will contain. Examples are in the /opt/vmware/vcloud-director/etc directory. If you want a full database dump you can use the syntax in the screenshot, just be sure to have a valid directory as the destination as the tool will not create one for you and will fail if the path does not exist.

dbexport

The next sub command is “certificates” which allows you to replace SSL certificates on the cell. Remember that a restart is needed after replacing the certificates. As there is a whole objective dedicated to vCloud Director certificates I will only show the help output of this and the next sub command.

replacecerts

You can also create new SSL certificates using the “generate-certs” sub command. This might be an easier way than actually using the keytool.

generatecerts

Last but not least you also have the possibility to recover a lost admin password as long as you can remember the database password using the “recover-password” sub command.

recoveradminpw

This should cover the cell management tool, so we can move on to the second bulletin, the configure script which is also located in the /opt/vmware/vcloud-director/bin directory.

This binary can be used to update the vCloud Director cell configuration either by typing in the information manually or using the switch -r in combination with a response file as was covered in the previous objective. You can find an example of re configuring the cell using the manual way.

configure

This leads us to the third bulletin. Which is not VMware specific at all but involves basic Linux administration skills. The service tool is used to run scripts located in /etc/init.d in a controlled way, to start, stop and restart services loaded by these scripts or give you an indication if the service is actually running. You can find a man page for the service command at http://linux.die.net/man/8/service or by simply typing “man service” via connected to the vCD cell.

service

Auto start options for services are controlled by the “chkconfig” command. The most important switches would be –list, –add, –del, on and off. More information can be found in the according man page, e.g. http://linux.die.net/man/8/chkconfig.

To find out if the expected service is listening on a specific port you can use the netstat command in conjunction with the ps command. Additional parameters can be found in the man page as well. http://linux.die.net/man/8/netstat

netstat

We are listing on 192.168.10.24 and 192.168.10.23 with a VMware vCD process which is a good sign. If you see anything else in here and your cell fails to start you might want to check with chkconfig if the according process is automatically starting and take it off the auto run list to prevent it from breaking your cell.

Even though it is not mentioned in the blueprint you might also want to read up a little bit on iptables, the default firewall used in RHEL. The man page can be found at http://linux.die.net/man/8/iptables.

The last bulletin is rather easy again. The process is described in the following kb article and shown in the last screenshot which also concludes this objective for today.

Collecting diagnostic information for VMware vCloud Director 1.x / 5.1.x
http://kb.vmware.com/kb/1026312

supportbundle

Categories: Certification, VCAP Tags:

VCPA-CIA Objective 1.2 – Configure vCloud Director for scalability

July 21st, 2013 5 comments

The blueprint states the following skills needed to cover this objective:

  • Generate vCloud Director response files
  • Add vCloud cells to an existing installation using response files
  • Set up vCloud Director transfer storage space
  • Configure vCloud Director load balancing

A response file is automatically created after the installation of the first cell in /opt/vmware/vcloud-director/etc and is called response.properties. The process to add a vCloud cell to an existing installation is described on page 29 – 30 in the English version of the vCloud Director Installation and Upgrade Guide.

The procedure is also described in the following kb article.

Installing VMware vCloud Director software on additional servers
http://kb.vmware.com/kb/1026382

We will need access to the response file during the installation so this file could be copied to the transfer storage which needs to be mounted to the additional cells anyway and can be deleted after the installation process.

Before we continue with the server group installation we should do a couple of things.

  1. Create a DNS entry for the new cell as the services will not start otherwise
  2. The transfer storage NFS share should already be set up, if not here is what I did in my lab environment, the async parameter in the export config costs reliability but enhances the speed.
    • add disk – create a partition with cfdisk – create a filesystem with mkfs.ext3 or mkfs.ext4
    • create a mountpoint, e.g. /nfs/datastore1
    • edit /etc/fstab to auto mount the filesystem, e.g. /dev/sdb1 /nfs/datastore1 ext3 defaults 0 0
    • edit /etc/exportfs to export the share, e.g. /nfs/datastore1 *(rw,async,no_root_squash)
    • service nfs restart
  3. Edit the /etc/fstab file to auto mount the transfer storage on every cell
  4. Check permissions on the transfer storage, these should be user and group vcloud, if they are not set them with “chown -R “vcloud:vcloud” /opt/vmware/vcloud-director/data/transfer”
  5. Check permissions on the installation binary are set to executable, otherwise change them with “chmod u+x installation-file” and install the vCloud director binaries
  6. Generate the proper SSL certificates using the keytool
    • /opt/vmware/vcloud-director/jre/bin/keytool -genkey -keystore /opt/ssl/certificates.ks -storetype JCEKS -storepass passwd -keyalg RSA -validity 731 -alias http
    • /opt/vmware/vcloud-director/jre/bin/keytool -genkey -keystore /opt/ssl/certificates.ks -storetype JCEKS -storepass passwd -keyalg RSA -validity 731 -alias consoleproxy
    • /opt/ssl was the path I chose to save the keystores, you might do or be requested otherwise in the exam
  7. Run the configure script with the -r option pointing at the response.properties, e.g. /opt/vmware/vcloud-director/bin/configre -r /opt/vmware/vcloud-director/data/transfer/response.properties
  8. If you are done with all the cells delete the response.properties from the transfer storage directory

fstab

 

configuration

 

vcdstarted

This leaves the load balancing configuration on the vCloud Director side as I would suppose the actual load balancer configuration should not be part of the exam itself as it is not covered in the Installation and Upgrade guide which is referenced in the blueprint. If you need more information on the actual load balancer configuration I will post some links to different blogs showing how to configure pfsense, F5 and vShield Edge to be an actual load balancer for vCloud Director.

What is relevant for the exam according to the blueprint can be found at Administration -> System Settings -> Public Addresses as can be seen in the screenshot below.

loadbalancer

This concludes the second objective of the VCAP-CIA, as promised here are the links for some example load balancer configuration guides and best practices.

http://www.viktorious.nl/2012/04/22/vcloud-director-howto-load-balancing-with-free-pfsense-appliance/

http://www.yellow-bricks.com/2012/02/16/using-f5-to-balance-load-between-your-vcloud-director-cells/

http://fojta.wordpress.com/2012/09/09/load-balancing-vcloud-director-cells-with-vshield-edge/

http://www.gabesvirtualworld.com/vmware-vcloud-5-1-networking-part-4-cell-load-balancing/

http://blogs.vmware.com/vcloud/2012/11/how-to-configure-a-load-balancer-using-vcloud-networking-and-security-edge-device-vshield.html

http://download3.vmware.com/vcat/documentation-center/index.html#page/Architecting%20a%20vCloud/3a%20Architecting%20a%20VMware%20vCloud.2.168.html

Categories: Certification, VCAP Tags:

VCAP-CIA Objective 1.1 – Configure centralized logging

July 19th, 2013 No comments

The blueprint states the following skills needed to cover this objective:

  • Determine use cases for and configure local and syslog options for vCloud Director
  • Configure and administer logging options for VMware vShield™ Manager
  • Configure Log4j options for vCloud Director Tools

The first and third goal are described in several kb articles but does not really have a good description in the official documentation. There is a nice explanation in the VMware vCloud Architecture ToolKit 2.0 but this example does not seem to have made it to version 3.1.

Pages 25 – 27 of the English version of the vCloud Director Installation and Upgrade Guide seem to be the only spot in the official product documentation mentioning the setup of a syslog server during the initial setup of a cell. This will be saved into the response file for the other cells to use.

If this step was omitted during initial setup it can be set in the global.properties file located in /opt/vmware/vcloud-director/etc.

Just add the proper syslog server after “audit.syslog.host =” and restart the vcd service.

The VMware knowledge base describes how to activate the shipment of additional log files in the log4j.properties configuration file.

Enabling Centralized Logging in VMware vCloud Director 1.5.x / 5.1.x
http://kb.vmware.com/kb/2004564

Below you can find pictures of the configuration file in my environment, a TCP dump from the cell proving that it is now sending logs to the syslog server and the actual logs on the syslog server itself.

logj4properties

 

loggingtraffic

 

syslogger

Further information about the threshold levels and local logging options can be found in the following kb article.

Configuring logging for VMware vCloud Director cells
http://kb.vmware.com/kb/1026815

Configuring a syslog server for vShield Manager is described in the English version of the vShield Administration Guide on page 19. There doesn’t seem to be a kb article explaining the process as this is really rather simple. Open up the vShield Manager configuration and pop in the correct values at the configuration pane under Settings & Reports.

vsmsyslog

Configuring the log shipping for firewall rules is done in the vCloud Director web interface. Just go to administration -> system settings -> general.

firewallsyslog

This should conclude the first objective of the VCAP-CIA, if you are interested you can find an even more advanced setup example in the vCAT 2.0 Tool.

http://www.vmware.com/files/pdf/vcat/Public-VMware-vCloud-Implementation-Example.pdf

The interesting part for this objective starts on page 41 in the English version.

Categories: Certification, VCAP Tags:

VCAP-CIA lab preparations

July 14th, 2013 No comments

As I will be preparing the VCAP-CIA next and this exam, like the VCAP5-DCA, is performance based I will need access to a lab.

Section 1.11 of the blueprint covers the exam environment which is quite large compared to the VCAP5-DCA environment.

3x vCenter 5.1: 4GB = 12 GB
7x 5.1 Host: 3BB = 21 GB
4x vCD cell: 1GB = 4 GB
3x vSM: 1GB = 3 GB
——————————
40 GB RAM

Even if one host and vCenter are assumed to be the actual management cluster and can be ignored on building the lab this still totals out to 32 GB of RAM in total with possible swapping as the vCenter Servers in 5.1 will be on a lot of pressure on just 4 GB of RAM and everything else is also configured at the bare minimum. And this is without counting the additional software like Chargeback or the vMA.

As I do  not have access to shared storage yet (since I want to buy a proper NAS which is out of budget for now) I will also need to cope with the resources needed for a virtualized storage solution.

I intend to purchase an SSD for host swapping, so a little over commitment of resources should not hurt the performance too bad, but the actual host should at least have 32 GB of RAM. As I used laptops for the last couple of years I did not have a case and power supply lying around to re-use which meant that I would either need to buy a complete box or assemble it myself.

Getting parts in Ireland for a reasonable price actually seems to be quite a challenge, so I decided to buy a full blown box. I will add another 4 port NIC to the host and should be good to go, as I prefer to pay a little more and actually have someone else to build the box since I don’t have access to a proper working bench and tools anymore anyway.

I decided for an 8 core even if that would mean I would spend a little bit more money on the power bill but no matter what I will test in that small lab I don’t think I will ever be CPU capped again. I went for the 32 GB RAM even though non ECC, if one DIMM really turns out to be bad it will be cheap to be swapped out anyway. As for now I will use the OpenDedup Nasapp (http://www.opendedup.org/index.php) for shared storage within the virtualized environment to provide NFS storage but this might change as I still have a HP N40L with a 2 TB disk standing around in the office which I might turn into a NAS box until I can afford something better.

I opted against an environment build with autolab for this environment as it seems to be too far away from the actual test environment. Below you can find a picture of the build right now which I will add more VMs to when I start breaking down the objectives of the blueprint (adding 3 more vCD cells when covering objective 1.2 for example).

esxi

 The actual build of the lab was inspired by a blog post of Timo Sugliani (http://blog.tsugliani.fr/featured/create-your-own-virtual-vcloud-lab-part-1/). I chose 6 hosts for now to have the possibility to test all allocation models while still being able to move machines around in a cluster and prepare or unprepare some hosts. For later objectives on the blueprint I will add another vCenter server, vShield Manager appliance and a couple of hosts to tackle the provider vDC and organization vDC management abilities requested in the blueprint.

Right now only local authentication is possible as there is no LDAP server running in the lab which is also a feature that will be added at a later stage when it becomes relevant.

This simple setup for now should still be able to cover most parts of the blueprint, so the next couple of posts will actually be starting to breakdown the objectives in an order which I personally deem least time consuming to learn and demonstrate.

Categories: Certification, Homelab, VCAP Tags: