Saturday, 26 May 2012

VBR6: How to Configure Replica Seeding in Veeam Backup v6 for Offsite Replication


The procedure for configuring Replica Seeding in Veeam Backup and Replication 6, is different from the procedure used in Veeam Backup and Replication 5. In Veeam v5, there was the tick box under 'Initial replication' for 'Perform initial replication over this removable storage.' In Veeam v6, the seed is taken from a Veeam backup.

Fig.: VBR5 New Replication Job – Replica Destination & Initial Replication

Step by Step Walkthrough

Part 1: Transporting Seed Data to a DR Site

1.1: Create a backup of the server to be replicated.
Note: If you already have a backup, this is excellent, we can use this.
1.2: Copy the relevant vbm and vbk files to removable media (for example USB hard drive.)
Note I: The vbm file is important as this is the file that Veeam Backup reads from a backup repository to determine the backups that are present (if you have not copied the vbm  file it is possible to import the backup from a vbk using the Import Backup function.)
Note II: If using reverse incremental, copying the the vbm and vbk (which holds the latest backup) is enough, the vrb files are not required to be copied also.
Note III: For traditional incrementals, the vib files that proceed the full backup vbk are required to be copied also. If you do not copy the vib files you will see an error like:
Error: Client error: File does not exist. File: [C:\0 Incremental\ExampleBackupIncremental2012-05-27T121234.vib]. Failed to restore file from local backup. VFS link: [summary.xml]. Target file: [MemFs://Tar2Text]. CHMOD mask: [12060536].

1.3: Transport removable media to the DR site, and plug into an available server.

Part 2: Setting up the Seeded Replica

At this stage there are two options:

Option 1: Configure a DR Site Server as a Backup Repository
Option 2: Restore to DR VMware host and Map Replica

2.1: Setting up Replica Seed from DR Site Backup Repository

2.1.1: Add a backup repository on a DR site server.
Note: If you already have a backup repository in the DR site, this is excellent, we can use this.
2.1.2: If not already added, add the backup files to the DR Site repository and rescan the repository so the software can see the backups.
2.1.3.1: Create a New Replication Job ticking the “Low connection bandwidth (enable replica seeding)” box.
2.1.3.2: Follow through the wizard, selecting Virtual Machines, Destination, Job Settings.
2.1.3.3: New Replication Job: Seeding, tick the “Get seed from the following backup repository” box and choose the DR site backup repository
2.1.3.4: Follow through the wizard to completion

2.1.4: Finally, kick of the newly created replica backup job to create the replica from the seed!

2.2: Setting up Replica Seed from a Restore and Map

In this instance, the replica VM is restored from backup – perhaps using a Veeam Backup server located in the DR site – to a DR site host.
Then a replication job is set up similarly to 2.1.3 above, except for at step 2.1.3.3, we tick the “Map replicas to existing VMs” instead, and edit to map the original VM to the replica VM.

Sunday, 20 May 2012

NetApp: FAS2000 New Series Disk Options


The following post briefly lists storage models, disk shelf, and disk options available in the new NetApp FAS2000 series range:

Fig. 1 FAS2040 front and back

Fig. 2 FAS2240-2 front and back

Fig. 3 FAS2240-4 front and back

Fig. 4 DS4243 front and back

Fig. 5 FAS2000 series and DS4243 shelf – rack units and disk slots

Fig. 6 FAS2000 series and DS4243 shelf – internal disks supported
Note 1: The new DS2246 disk shelf only supports internal 450GB SAS 10k and 600GB SAS 10k disks, and since the FAS2000 series does not support external SAS disks, this shelf is excluded.
Note 2: The DS4243 also supports SSD 100GB drives but these are not supported by FAS2000 series models as external drives and so not listed here.

Fig.7 FAS2000 series – external disks supported
Note 1: The DS14mk2 AT and DS14mk4 FC shelves are now end-of-availability (or special order only.)
Note 2: The FAS2000 series models support 300G, 400G, 600G FC external drives from DS14mk4 shelves.

Additional note: The end-of-availability FAS2020 only supports up to the Data ONTAP 7.3.7 RC release.

Saturday, 19 May 2012

NetApp: Instructions for running the NetApp Data Collector against a Single Storage System


From a workstation or server that has internet connectivity to download files, and IP connectivity to the NetApp storage appliance:

1) Download and install .Net Framework 4.0 (if not already installed)
The easiest way to obtain the download is to Google “download .NET 4” and the download link is normally the first result.

Fig. 1: dotNetFx40_Full_setup.exe
2) Download the NetApp DataCollector from:

3) Double-click “NetApp Data Collector.exe” to run
Fig. 2: NetApp Data Collector.exe
4) NetApp Data Collector: Single Storage System
From the NetApp Data Collector Window:
-         Leave the radio button on ‘Import from a single’
-         Choose correct transport - http/https
-         Enter ‘Hostname’
-         Enter ‘Username’
-         Enter ‘password’
-         Click ‘Test’ and if okay …
-         Browse to a ‘Directory to Store Data’ (the desktop is fine)
-         Click ‘Import’

Fig. 3: NetApp Data Collector Window
The result is a zip file containing lots of text files with information regards the filer.

Appendix: NetApp Data Collector Output Files

*May differ slightly depending on model and version of Data ONTAP

AGGR-SHOW_SPACE / AGGR-STATUS / CIFS-DOMAININFO / CIFS-SHARES / DF / DF-A / DF-R / DF-S / ENVIRONMENT / EXPORTS / FC-DEVICE-MAP / FCP-CFMODE / FCP-INITIATOR-STATUS / FCP-TARGET-ADAPTERS / FCP-TARGET-CONFIGURATION / IFCONFIG-A / INITIATOR-GROUPS / ISCSI-PORTALS / ISCSI-TARGET-PORTALS / LUN-CONFIGURATION / OPTIONS / QTREE-STATUS / RC / SIS-STAT / SIS-STAT-L / SIS-STATUS-L / SNAP-LIST-N / SNAPMIRROR-DESTINATIONS / SNAPMIRROR-STATUS / SNAP-RESERVE / SNAP-RESERVE-A / SNAP-SCHED / SNAP-SCHED-A / SNAPVAULT-DESTINATIONS / SNAPVAULT-SNAP-SCHED / SNAPVAULT-STATUS-B / SNAPVAULT-STATUS-C / SNAPVAULT-STATUS-L / SOFTWARE-LICENSES / STORAGE / SYSCONFIG-A / SYSCONFIG-D / SYSCONFIG-HARDWARE-IDS / SYSCONFIG-M / SYSCONFIG-R / UNOWNED-DISKS / VFILERS / VOL-STATUS

Sunday, 13 May 2012

Corrupted Windows 7 VDI Base Disks with XenDesktop 5.5 MCS


This is perhaps a good example of why not to use iSCSI/FC storage for a large pool of Windows 7 XenDesktops.

The Scenario

In this scenario of around 120 pooled desktops, to get around the issue with SCSI reservation conflicts/locks, the virtual desktops had been spread across three FC VMFS datastores.

Fig. 1: Citrix Desktop Studio → Configuration → Hosts
This configuration means that each datastore holds a copy of the baseDisk which makes up Hard disk 1 or SCSI (0:0) of every pooled desktop on that datastore.

An NFS storage environment is much more scaleable, there is no need for multiple datastores to try to minimize the SCSI reservation issues, and hence no need to have multiple copies of the baseDisk – with NFS there would be just one datastore and one baseDisk. A very rough rule of thumb with iSCSI/FC datastores is a limit of 20 VMDKs per datastore, whereas NFS is unlimited.

Also, XenDesktop – at least in version 5.5 – does not have the logic to load balance VDIs across the datastores. A new catalog of 15 VDIs across 3 datastores will indeed place 5 VDIs per datastore, but subsequently adding 1 more at a time to the catalog will put the VDI in the first datastore each time and not use the other two.

The Problem

It is noticed that VDIs on one of the three datastores are failing to boot, and Windows 7 keeps looping through the Startup Repair dialog.

Fig. 2: Windows 7 Startup Repair → Restart your computer to complete the repairs.
The Resolution

The problem seen above is caused by a corrupted baseDisk – why the corruption happened is another matter.

There are two resolutions:
1) {Recommended} Recreate the catalog from scratch – this will recreate all the baseDisks in every datastore.
2) Copy a known working baseDisk from another datastore, and replace the corrupted baseDisk VMDK with the known good one.

Saturday, 12 May 2012

A Theory Into Why It Should Be Cheaper Driving North


This post has nothing to do with IT, just happened to have been a curiosity conjured during my travels up North and back down South on various IT projects.

Hypothesis

The Earth is not a perfect sphere, it is a spheroid that bulges out at the equator – the Earth's equatorial radius is greater than the Earth's polar radius. From high-school physics we know that Potential Energy = mass x gravity x height and so it follows that we might expect the potential energy of an object on the Earth's surface (sea-level) at the equator, to be greater than the potential energy of an object on the Earth's surface closer to the poles, since we can think of sea-level at the equator as being higher (further away from the Earth's core/center of mass) than sea-level close to the poles.

Application of the Hypothesis

If I travel from London to Glasgow achieving an MPG of 50 (Diesel), by how much would I expect the MPG to be affected on the drive back from Glasgow to London (because of the need to burn more fuel to acquire the additional potential energy)?

This application is based on a complete fantasy scenario where there are no traffic problems, the road is upon a perfectly flat spheroidal Earth (it could be argued that even with undulations in the carriageway, would still need to acquire more potential energy on the drive to London,) and I travel from sea-level in London to sea-level in Glasgow, and is really more of a mathematical exercise that attempts to calculate if there would be any noticeable difference. Apologies in advance for any flaws in the calculations!

The Mathematics
An old copy of Maple 7 was used for the calculations, and some of the lines below in red represent the Maple Execution Group Inputs with some formulas in blue.

Constants:

Latitudes in degrees North:
GlasgowLatitude:=55.8700;
LondonLatitude:=51.5171;

The Earth's equatorial radius a and polar radius b in metres:
a,b:=6378137,6356752;

Mass of the automobile in kg:
mass:=1000;

Calorific value of diesel in J/kg:
45'300'000

Density of petroleum diesel in kg/l:
0.832

Litres in a UK gallon:
4.54609188

Distance London to Glasgow in miles:
405.1

Formulas:

Radians as a function of Degrees:
Radians:=Degrees->Degrees*Pi/180;
Earth's gravity (in ms-2) as a function of Radians:
Gravity:=phi->9.780327*(1+0.0053024*sin(sin(phi))-0.0000058*sin(sin(2*phi)));
Radius (in metres) at a given geodetic Latitude as a function of Radians (or distance from the Earth's center to a point on the spheroid surface):
f:=phi->sqrt( ( (a^2*cos(phi))^2 + (b^2*sin(phi))^2 ) / ( (a*cos(phi))^2 + (b*sin(phi))^2 ) );
PotentialEnergy in Joules with mass (in kg) gravity (in ms-2) and height (in m):
PotentialEnergy:=mass*gravity*height

The Calculations:

GlasgowLatitudeRadians = 0.9751154533
LondonLatitudeRadians = 0.8991430162
GlasgowGravity = 9.818471842 ms-2
LondonGravity = 9.816854446 ms-2
*Notice that the gravity in Glasgow worked out as very slightly stronger!
GlasgowRadius = 6363522.841 m
LondonRadius = 6365075.641 m
And Potential Energy for the 1000kg automobile:
GlasgowPotentialEnergy = 62480069830 J
LondonPotentialEnergy = 62485021110 J
And the potential energy difference for LondonPE minus GlasgowPE:
PEDifference = 62485021110 - 62480069830 = 4951280 J
Kilos of diesel required:
KilosOfDiesel = 4951280 / 45300000 = 0.1092997793
Litres of diesel required:
LitresOfDiesel = KilosOfDiesel / 0.832 = 0.1313699271
Gallons of diesel required:
GallonsOfDiesel = LitresOfDiesel / 4.54609188 = 0.02889733216

The Result:

A journey from London to Glasgow of 405.1 miles at 50 MPG uses:
GallonsToGlasgow = 405.1/50 = 8.102
To get back to London requires an additional 0.02889733216 gallons of diesel making the MPG:
MPGtoLondon = 405.1/(8.102+0.02889733216)
= 49.82229924

Conclusion

The difference would be barely noticeable!

Cloud Based Systems Monitoring with LogicMonitor – Configuration Example for VMware vCenter


Introduction

LogicMonitor is a powerful but easy and simple to setup, cloud based systems monitoring solution (Monitoring as a service - MaaS), and all you need from your site or a customers site, is SSL access from an on-site collector to LogicMonitor's Cloud Data Center.

The list of hosts and applications that LogicMonitor can monitor is massive and constantly growing, and includes:
Cisco, Citrix Netscalers, Citrix XenServer, Databases, Dell Hardware Health, ESX Servers and vSphere vCenters, F5 Big IP Clusters, FreeBSD monitoring, HP Hardware Health, HP P4000/Lefthand SANs, IPMI Support, Java Applications, Kemp LoadMaster Load Balancers, Linux and Unix, Monitoring Log Files for Application Response Times, NetApp, Netscreen, pfSense Firewalls, Postfix, Sensatronics, SNMP, Sonicwall Firewalls, Specific URLs or Webpages, Varnish HTTP Accelerator, Web Servers, Windows, ….

Walkthrough

This following walkthrough assumes that you have either a trial version of LogicMonitor (to obtain, go to www.logicmonitor.com and click on the 'TRY IT FREE' button) or paid for version, and have already run through the initial first time login setup wizard. The configuration example is for a new customer site, with the collector installed on the VMware vCenter to be monitored.

1. Logon to the VMware vCenter and point your web browser to http://YOURCOMPANYNAME.logicmonitor.com and login.
2. Go to the Settings Tab in the WebUI → Collectors → and click the Add button
3. Adding Collector: Introduction → click Next
4. Adding Collector: Download collector → choose Windows collector → and for now click Yes to the “Will you use this collector to monitor other Windows hosts?”
Click on the Download Windows collector link
Click Run if receive the File Download - Security Warning
Click Run if then receive an Internet Explorer – Security Warning
And the LogicMonitor Collector – InstallShield Wizard will start

5. LogicMonitor Collector – InstallShield Wizard
Enter credentials as desired (for just monitoring VMware vCenter and guests, the use LocalSystem Account will be fine) → and click Next > → and click Install → then click Finish
6. Adding Collector: Download collector → click Next
7. Adding Collector: Collector Down Notification Setting → accept defaults for now and click Next
8. Adding Collector: Verification → tick the 'The collector is installed' box – this should come back with the 'Congratulations – the collector … has successfully registered' → then click Finish
Click OK to the 'Do you want to add a host for monitoring?'
9. Add Host Wizard: Host Name → enter host name or IP address and click Next
10. Add Host Wizard: Monitoring collector → select the collector that will monitor the host and click Next
11. Add Host Wizard: Network connectivity → if everything is okay, click Next
12. Add Host Wizard: Finish → click Submit → and for now click 'No, Thanks' to the 'Do you want to add another host now?'
13. From the Hosts Tab in the WebUI → select the newly added vCenter → select the System Tab to verify that the vCenter has been detected as a VMware vCenter
14. From the Host Tab in the WebUI → select the newly added vCenter → click on the More and Edit … in the top right of the WebUI
15. Edit host properties → click the Add button → add the Properties esx.user and esx.pass providing the username and password of an account that has read-only access as defined from the topmost level down the vCenter infrastructure hierarchy (security recommendation is for read-only access account) → and click Submit
And we're done! 
Note: To monitor ESX host hardware requires the hosts to be added in separately.

LogicMonitor out-of-the-box monitors the following metrics from vCenter server:
ESX ClusterAvailable CPU Resources, Available Memory, Failover Status
ESX Datastore Disk Usage
ESX Host CPU Usage, Disk Data Rates, Disk Latency, Disk Operations, Memory, Memory Shared, Memory Status, Memory Swap Rate, Memory Usage Percent, Network Data Rates, Network Packet Rates, Network Packets Dropped, Uptime
ESX Virtual Machines: OverviewVM Local Disk Operations, VM Memory Usage, VM Virtual Disk Operations, VM CPU Ready
ESX Virtual Machines CPU, CPU Ready, Disk Data Rates, Disk Operations, Memory – VMKernel Swap Rates, Memory Usage, Memory Used Percent, Network Data Rates, Network Packet Rates, Provisioned Disk Usage, Uptime, Virtual Disk Latency

Further information

Friday, 11 May 2012

P4000 Multi-Site SAN Migration from One Subnet to Two Subnets


Scenario: A P4000 Multi-Site SAN is initially set up as a Multi-Site Cluster across one iSCSI subnet, for a Campus SAN high availability scenario across a distance of not more than 250 metres. Subsequently, it is decided to move one half of the Multi-Site Cluster to a DR site 12km away, and re-IP the DR site storage systems.

Lab Setup:

SITE01
Cluster VIP on 10.10.1.50
VSA01 on 10.10.1.101
VSA02 on 10.10.1.102
WIN7MACHINE on 10.10.1.1 (with access to a Network RAID-10 volume to test data connectivity is not interrupted at any stage.)

SITE02
VSA03 on 10.10.1.103
VSA04 on 10.10.1.104

SITE03
FOM on 10.10.3.101
Brief Step-by-Step Walkthrough:
1. Establish a second subnet for SITE02 (here using 10.10.2.0/24 ) with IP connectivity to the SITE01 subnet (which is 10.10.1.0/24 here,) and SITE03 subnet (used by the Failover Manager on 10.10.3.0/24.)

2. Re-IP the storage systems in SITE02 (here using 10.10.2.101 and 10.10.2.102) in turn using the P4000 CMC.
2.1 Edit the TCP/IP Configuration.

2.2 Accept OK twice to change the storage system's IP address.
2.3 Click Cancel twice to the 'Search Network' and 'Network Search Failed' prompts.
2.4 Change the Storage System's network connection to place it on SITE02's subnet (either re-patch or change switch port VLAN assignments.)
2.5 Close and reopen the CMC, and in 'Find Systems', update the List of IP addresses to search for.

2.6 Log back into the Management Group.
We will ignore the “VIP error: System is not reachable by any VIP in the cluster” for now.
And repeat for additional storage systems.
3. Finally select the Cluster > iSCSI tab > iSCSI Tasks > 'Add VIP & Subnet Mask...' > and create a second Virtual IP Address on the SITE02 subnet.
4. Then all that remains (if not done already) is to physically shut down the SITE02 Storage Systems, move them to the DR site, power back up and check connectivity is all okay.
Note: Network RAID-10 (2-Way Mirror) volumes on a Multi-Site cluster remain available even when all storage systems in a site are down or unavailable. At no stage in this walk-through was access to volumes interrupted.

Sunday, 6 May 2012

Considerations when Upgrading from VMware vSphere 4.1 to 5 with a Citrix XenDesktop Environment


A brief post based on experience.

Recommended: In-place upgrade of vCenter

The in-place upgrade from vCenter 4.1 to vCenter 5 is a quick and easy process. With the upgrade there would be less than one hours downtime whilst desktop groups should be in maintenance mode and the Citrix XenDesktop Controller will not be able to control the power state of virtual desktops, but end users can still continue to work (if a user is already logged on, maintenance mode takes effect as soon as they log off.)

A vCenter rebuild would have incurred having to add the new vCenter as a host in Citrix Desktop Studio, and further re-add all desktops, and re-create any catalogs.

Recommended: In-place upgrade of ESXi hosts

The in-place upgrade from ESXi 4.1 to 5 is a quick and easy process via vCenter 5 Update Manager, and saves having to reconfigure hosts and remount any NFS datastores (NFS is recommended for VDI deployments due to its scalability,) especially in environments where Host Profiles and/or Auto Deploy is not an option due to host licensing (i.e. not Enterprise Plus.)

The Citrix XenDesktop Controller communicates with the vCenter Server, and the recommendation regarding upgrading the ESXi hosts is just here for completeness.

Warning: When installing/upgrading VMware Tools to vSphere 5

Use the Custom Installation option to deselect the SVGA 3D Driver under the VMware Device Drivers feature set.

See the following articles for more information:
http://support.citrix.com/article/CTX124877 - Unable to Connect to XenDesktop Virtual Desktop Agent on Vista or Windows 7 with WDDM Driver
http://support.citrix.com/article/CTX123952 - Unable to Connect to XenDesktop Virtual Desktop Agent on Windows 7 with VMware Tools ESX 4.0 Update 1

Installing VMware View 5.0 Security Server & SSL Certificate with PCoIP


Considerations:

DMZ or not?
DMZ is highly recommended for security reasons and a best practice.

Domain or workgroup?
No best practices supporting one or the other. On the domain has advantages regards manageability, just needs additional firewall ports opened from the DMZ to talk to DC & DNS server(s).

Are clients already using an internal web address?
If yes then clients will need to be migrated to using the external address; alternatively can create an additional View Connection Server for the link to the Security Server and external URL. Remember the View Connection Server just brokers the connection.

How many clients?
One Security Server can support up to 2000 connections, beyond this will need additional Security Servers and hardware load balancing with something like F5 load balancers (F5 also make a load balancer virtual appliance.)

Pre-requisites:
  • Public IP address
  • Public DNS A record – say view.company.com
  • Internal (DMZ) IP address for View Security Server
  • NAT from Public IP to Internal IP
  • SSL certificate for view.company.com
  • VMware-viewconnectionserver....exe (here using VMware-viewconnectionserver-x86_64-5.0.1-640055.exe)
  • Windows 2008 R2 operating system (from VMware View 5.0 Installation Guide - “if you want to use the PCoIP Secure Gateway component, the operating system must be Windows Server 2008 R2”)
  • Pentium IV 2.0GHz processor or higher (recommended 4 CPUs)
  • Minimum 4GB RAM for Security Server (at least 10GB RAM for deployments of 50 or more View desktops)
External Firewall Ports Required Open (from VMware View 5.0 Architecture Planning document):
Abbr.: Any source to Security Server on ports 80, 443, TCP 4172, UDP 4172.

Internal Firewall (DMZ to LAN) Ports Required Open (from VMware View 5.0 Architecture Planning document):
Abbr. 1: Security Server to Transfer Server on ports 80, 443.
Abbr. 2: Security Server to View Connection Server on ports 8009, 4001.
Abbr. 3: Security Server to View Desktop on ports 3389, TCP 4172, UDP 4172, TCP 32111.

Installation
The following step-by-step walkthrough specifically runs through installing one View Security Server into an existing View 5 environment, with an Autocsr Domain Wildcard SSL certificate (for say *.company.com) obtained from Globalsign. There is no Transfer Server in this environment.

1. Set up pairing on View Connection Server
1.1 Login to the View Administrator Console portal at http:///admin
1.2 Under View Configuration > Servers, select the View Connection Server > More Commands and click 'Specify Security Server Pairing Password...' and then enter the pairing password.

2. Install View Security Server
2.1 On the View Security Server, double click on the VMware-viewconnectionserver-x86_64-5.0.1-640055.exe and follow through the prompts to install the View Security Server, entering the pairing password when prompted.
This stage will require the public IP address and public URL to be input.

3. Install SSL Certificate and Intermediate
3.1 Obtain PKCS#12 wildcard certificate *.pfx from SSL certificate provider, and intermediate.cer file.
3.2 On the View Security Server add keytool to the System Path:
Right-click 'My Computer' > Properties > Advanced System Settings > Environment Variables … >
Edit Path and add: ;C:\Program Files\VMware\VMare View\Server\jre\bin
Click OK > OK > OK

3.3 Copy the keystore file DomainWildcardSSLPKCS#12.pfx to C:\Program Files\VMware\VMare View\Server\sslgateway\conf
3.4 In the folder C:\Program Files\VMware\VMare View\Server\sslgateway\conf use a text editor to create and save a file called locked.properties with the following contents:

keyfile=DomainWildcardSSLPKCS#12.pfx
keypass=THEPASSWORD
storetype=pkcs12

Example:
3.5 Restart the VMware View Security Server service.
3.6 Start > Run > MMC
Add the Certificates (Local Computer) Snap-in and import the intermediate.cer file to 'Intermediate Certification Authorities.'

4. Configure View Connection Server
Finally, back in the View Administration Console, edit the View Connection Server properties so that the ExternalURL and PCoIP External URL settings match with the View Security Server, and tick the 'Use PCoIP Secure Gateway for PCoIP connections to desktop'.
And we're done!

Essential Further Reading

VMware View Installation View 5.0 PDF currently available from:

VMware View Architecture Planning View 5.0 PDF currently available from: