vMiss.net - Secret Diary of a VM Girl

Secret Diary of a VM Girl

Setup and Use of the Cisco UCS Platform Emulator

This article provides an overview of how to use the UCS Platform Emulator.  It describes initial configuration and use, as well as a few tips and tricks I have picked up along the way.

Why would you want to use the UCS Platform Emulator anyway?  Great question.  You may be an administrator looking to use the platform in an environment where you can break things and not worry about impacting production.  Perhaps you are evaluating the UCS Platform and want to get a feel for day to day operations.  Whatever the use case, if you want to spin up a UCS environment and play with configuration, the UCS Platform Emulator is the tool to do it with.

The UCS Platform Emulator provides the ability to configure virtual hardware which is then accessed via UCS Manager, which is the UCS platform’s management tool.

This article is broken up into a number of sections. Click the link to go directly to a section.

Initial Setup of Emulator

Logging into the UCS Platform Emulator

Managing Virtual Equipment

Removing

Adding

Saving an Equipment Configuration

Launching UCS Manager

Saving the UCS Manager Configuration

Importing (Restoring) the UCS Manager Configuration

Troubleshooting

 

Initial Setup of Emulator

First, download everything you will need from the Cisco website by clicking HERE.  Note, you will need to login to the Cisco site to download.  You should download the OVA or Zip file, and the user guide.  Hopefully the information in this post will help you skip reading most of the user guide.  Make sure to select the version of UCS Manager you are looking to emulate, as there are several currently available as well as archived.  I’m going to be using UCS Manager 3.1(1ePE1).

You will also need to decide what your virtualization platform of choice is.  You can use VMware Player, VMware Fusion, ESXi, or Hyper-V.  The tool is deployed as an OVA.  Deploy the OVA into your environment and start the virtual machine.  This article assumes you know how to deploy an OVA.  By default, the VM will use DHCP, but you can put in static IP addresses if you would like.

If you want to continue with DHCP, hit a to view your current IP address.

Screen Shot 2016-07-13 at 10.13.04 AM

If you want to use a static address, hit n for modify network settings.

Screen Shot 2016-07-13 at 1.33.24 PM

Logging into the UCS Platform Emulator

Navigate to the IP address of the VIP in a browser, and you will be greeted with the UCS Emulator interface. There are two main parts of the interface, the Equipment Inventory and UCS Manager. First, we are going to start with the equipment interface.

Screen Shot 2016-07-13 at 10.21.04 AM

Managing Equipment

The UCS Emulator comes with equipment already “installed”. This may work for you, or you may need further customization. There’s a lot of things I don’t want in there, so I’m going to start with removing what I don’t need. Click Equipment in the Inventory pane on the left to get started.

Screen Shot 2016-07-13 at 10.21.27 AM

Removing Equipment

Let’s start by getting rid of a rack server. Click the green circle under Insert/Remove. You will see a little box that says “Remove?” With a Green Checkmark and a Red X. You may be tempted to click the Red X, but it is asking you to confirm you are removing the hardware, so click the Green Checkmark.

Screen Shot 2016-07-13 at 11.29.25 AM

Now you will see the message that your removal has launched successfully.Screen Shot 2016-07-13 at 11.30.08 AM

This may take a bit of time, but when the device is ready to remove, the green circle will be red, and you will be able to click the Red X under Delete Device.  It will not ask you to confirm deletion, it will just delete the device.

Screen Shot 2016-07-13 at 11.31.36 AM

 

Your device will be deleted.  Continue to use this process for everything else you would like to delete in the inventory.

Screen Shot 2016-07-13 at 11.32.59 AM

Note, that if you delete a blade chassis, it will also delete all the blade servers in it.

Adding Equipment


Now that I’ve gotten rid of everything I don’t need, I’m going to add some equipment. To add something simply click the + button next to what you would like to add and select the model. I’m going to add a new chassis and call it Chassis1.

Screen Shot 2016-07-13 at 11.35.27 AM

 

Now I need to edit my chassis.  I can click on the Chassis in the equipment link.  Yes, it will say Chassis CH3 because I deleted the two that were already in the inventory.

Screen Shot 2016-07-13 at 11.36.48 AM

 

Now we need to add all of the components to the chassis.  We need to add blades, power supplies, fans, and IO modules.  To add something, click the item in the bottom pane and drag it to the Chassis1 pane.  Enter the slot you are putting the hardware in (or a range like 1-4 if you want to fill 4 psu slots with the same device) and repeat these steps for all components.  You must have appropriate power supplies and fans in the system, or it will not be happy once you start UCS Manager.

skitch

When it comes time for the blades, I like to pick the configurations from the template section, as it has a number of configurations for various servers.  After we have everything we want in our chassis, we need to connect it by clicking the Connect button next in the Manage Links of Chassis pane.  It will then give you the box with the Green Checkmark and the Red X.  Click the Green Checkmark to connect the chassis.  After we see everything connected, we can go ahead and duplicate that chassis if we need multiple ones.

connect chassis

Now, after you’ve cloned any additional chassis, view the chassis one by one in the equipment pane and click connect in the Manage Link of Chassis Pane.

Screen Shot 2016-07-13 at 12.18.13 PM

Now that all of our chassis are connected, it is time to insert them into UCS Manager.  Click the red circle under Insert/Remove, then click the Green Checkbox to insert the chassis.  Repeat this for all chassis.Screen Shot 2016-07-13 at 12.21.33 PM

You’ll notice the blades have also inserted themselves when you inserted their chassis.  Now, once you’re greeted with green circles representing all of your hardware, you are ready to launch UCS Manager.

Screen Shot 2016-07-13 at 12.32.26 PM

Launching UCS Manager

You can launch UCS Manager by clicking the UCS Manager symbol on the top of the Hardware Inventory pane.

Screen Shot 2016-07-13 at 12.33.57 PM

Click Launch UCS Manager.  You may be promoted to install JRE if you do not already have it.

Screen Shot 2016-07-13 at 12.34.47 PM

If you’re using a Mac, something to note is that your Mac may not want to run UCS Manager.

Screen Shot 2016-07-13 at 12.38.05 PM

The easiest way to get around this is to locate the file in your finder and open it from there.  Right click the file in finder and select open.

Screen Shot 2016-07-13 at 12.38.27 PM

It will ask you if you want to open it since it is from an identified developer, click Open, and you will be good to go.  It will then ask if you want to run UCS Manager.  Of course you do, so click yes!

Screen Shot 2016-07-13 at 12.38.46 PM

Finally log into UCS Manager with the username/password UCSPE/UCSPE.

Screen Shot 2016-07-13 at 12.39.17 PM

Then you’ll be asked about setting up anonymous reporting.  I didn’t bother because, well, it’s an emulator.

Welcome to UCS Manager!  If you click equipment on the navigation pane on the left, you will see your chassis and fabric interconnects.

 

Screen Shot 2016-07-13 at 1.00.28 PM

Expand one of your chassis by clicking the triangle next to it.  Then click the triangle next to servers to see the specs of a server.  As you can see our chassis is full of B200 M4 servers, just like we configured it.

Screen Shot 2016-07-13 at 1.00.51 PM

Saving and Loading Hardware Configurations

After all this work, you may want to save your virtual hardware configuration. To do this, head back to the UCS Platform Emulator page and click equipment. Then click the fourth icon from the left and select Export XML. The XML file will open in a new window. This will be handy if you want to re-load your configuration or transfer it to another simulator. You can import it by clicking the first icon on the right and selecting Import from a Saved XML.

Screen Shot 2016-07-13 at 1.14.45 PM

Saving the UCS Manager Configuration

Once you restart the VM, or restart the services, your configuration is gone.  I repeat, your configuration is gone.  The emulator does not save the UCS Manager state.  Luckily, UCS has backup functionality built right in.  Navigate to the Admin tab in the left pane, and you will see Backup Configuration under Actions.  Click Backup Configuration, and Create Backup Operation.
Screen Shot 2016-07-13 at 9.02.03 PM
Admin State Enabled means back up right now, so make sure to click the Enabled radio button if you are backing up to a network location.  The UCS Emulator Platform does not support Full State backups, so select any of the others.  I like to select All Configuration and Preserve Identities.  You can backup to a server, or locally.  I just back up locally by selecting Location of Backup File as Local File System.  Browse to the location you would like to select, and type a file name at the end ending with XML – and no spaces in the name.
Screen Shot 2016-07-13 at 9.06.35 PM

You will get a popup that says your Backup File has successfully downloaded. Save the Port Channels!

Importing (Restoring) UCS Manager Configuration

Navigate to the admin tab in the left pane. You will see Import Configuration under Actions. Select Create Import Operation and select your configuration file. As with backing your configuration, Admin State Enabled means do it right now. Then click OK. You will see a message that the configuration has imported successfully and you can pick up where you left off. Your Port Channels are back!
Screen Shot 2016-07-13 at 8.55.57 PM

Troubleshooting

This section lists some issues you may run into during use of the UCS Platform Emulator.

Help! I’m clicking but nothing is happening when I’m setting up my hardware configuration in the web interface!

Keep in mind this is just a little VM running all of this virtualized hardware. Every once in a while it may simply…not work. It did not seem to be very happy when I rolled through connecting eight chassis fairly quickly, or when I was trying to connect them all. To restart the UCS Emulator processes, go back to the console screen and type s and hit enter. If you’re using DHCP like I am, your IP addresses may have changed so make sure to verify them. Remember, restarting the processes or VM will destroy any configuration you have done with UCS Manager.

Screen Shot 2016-07-13 at 10.49.31 AM

Hey, my chassis are all Red and Orange and stuff. What do I do?

I haven’t figured out exactly what’s up with this yet. When I didn’t add PSUs and Fans it was much much worse.  While some of the chassis are loaded with faults, they aren’t that bad from a usability perspective. There’s some thermal and power issues with some of the servers it looks like. Overall, the chassis says operable so I wouldn’t worry too much.  Also, when you configure something not quite right UCS Manager will probably throw a fault at you, so it is a good idea to take a look at them every once in a while.

Screen Shot 2016-07-13 at 1.19.12 PM

Um…what’s the username and password for UCS Manager?

UCSPE/UCSPE.  ALL CAPS :).

I rebooted the emulator VM and IT’S ALL GONE!

Did you backup the configuration inside UCS Manager?  No?  Start over, and make sure you do that next time!

Updating an Expired vCenter Server License

Sometimes we’re in a hurry when installing a vSphere environment and forget little things like entering license keys.  Hopefully it only happens in development and test environments, since you have verification testing for production environments, right?  Anyway, it should be as easy as just grabbing the license key and plopping it in, right?  Well, sort of.Screen Shot 2016-07-08 at 8.52.02 AM

I copied my license key and pasted it in, but it didn’t quite make it.  Only the first five characters did, and I could not add it to vCenter.  Don’t panic.  There’s still a way to get that key into vCenter.  Why bother you ask?  Well, once the vCenter Server license has expired you won’t be able to do much.  While things will still “work” to some extent, you won’t be able to do much.  Say goodbye to adding hosts to your inventory.  If your ESXi host licenses are also expired, then you will really be in trouble.  For now, we are going to focus on updating the vCenter Server license.  To enter your vCenter Server license, you must type out each and every character.  Copy and pasting will not work.  After you see all of the characters represented, click Add License Keys.  Don’t just click Next!

Screen Shot 2016-07-08 at 8.52.41 AM

 

After you see a message that the key has been added successfully, go ahead and click Next.  You can then Assign your license to your vCenter and you are off to the races!  In the Product field, you will see a radio button next to the license you just entered.  The green checkbox next to the name of your vCenter tells you you are all set.

Screen Shot 2016-07-08 at 8.55.06 AM

Remember, ESXi licenses and vCenter Server licenses are not the same thing.  Ensure you have the license key for vCenter Server Standard, not an ESXi license key.  Enjoy your fully operational vCenter.

Both vCenter and ESXi license are critical to the smooth operation of a vSphere environment.  I strongly suggest verifying licenses as part of the verification and testing process before your production environment is live.

A Guide to vSphere Command Line Management Tools

Command line management has always been a big part of a vSphere management. Back in the earlier days of ESX, many used the service console for running scripts, typing commands, or using third party management tools. The introduction of ESXi killed the service console, and attempted to lock down command line management (many remember typing unsupported to gain access in the early days of ESXi), but eventually command line management also became a huge part of ESXi environments as well. Let’s take a look at some of our options within ESXi in version 5.5 and above, and ideas on how and when to use them.

Screen Shot 2016-06-20 at 7.46.18 PM

ESXi Shell Access with SSH
Your first option for vSphere host command line management is to connect directly to an ESXi host using SSH. In Windows environments, the tool of choice is usually PuTTY. You may hear a VMware administrator say they are PuTTY-ing to a host, but they probably mean they are connecting with SSH. You can also use your server

So, once you’ve connected to the host, what can you do with it? You can run any of the esxcli and vicfg- commands (esxcfg- commands will work too) to troubleshoot and configure a host. You can also take advantage of utilities like esxtop and vscsiStats.

While this works for occasional use, it may not be the be all end all in your environment, especially if your environment is a large one. You are required to connect to each host individually, and while you can store sessions for re-use, it may not be the best choice if you have to preform the same task on 60 hosts (yeah, been there, done that, it wasn’t fun).

vSphere Management Assistant (vMA)
I like to think of this as ESXi shell access on steroids. Instead of having to connect to each host via SSH, you can ssh to the vSphere Management Assistant, often referred to as the vMA.

The vMA has a couple of options for authentication, allowing you to connect to hosts and vCenters using AD authentication or its own integrated fast pass authentication. Once you’ve used the vifp addserver command to connect to your hosts of choice, it is as simple as setting your target with the vifptarget command, and using the same types of commands you would use if you were connecting to the host via SSH from your management workstation. One important difference is that here, esxtop is run as resxtop.

The vMA can make it much easier if you need to do something like use esxcli commands to modify host settings. Since the vMA runs on a linux virtual machine, you have scripting options here that you don’t necessarily have directly connected to the host with SSH. You can use scripts to connect to multiple servers, as well as issue commands on multiple hosts, while you’re still limited to the host you have connected to when you are connected directly to the host.

While you can do a lot with esxcli and other commands at this level, there is one major component of a vSphere environment you can’t manage, and that’s distributed virtual switches. While you can edit uplinks, you won’t be able to create a new one, since the switch itself exists on the vCenter control plane, not the host one.

VMware vSphere Command Line Interface (vSphere CLI)
Think of the VMware vSphere Command Line Interface (vSphere CLI) as an installable vMA. You can install it on a Windows or Linux system. It can be a good choice if you are trying to create a system with management tools installed locally for your administrators. It provides the same features and functionality in a slightly different package. Personally I think I used the vSphere CLI once or twice, but it can be a key management tool for some environments.

These management tools use many of the same commands, with the esxcli commands being a key part of administration via these methods. There is one more command line tool that can be used with vSphere, and it is extremely powerful.

vSphere PowerCLI 
vSphere PowerCLI is a PowerShell add in with a vast number of commands to manage your vSphere environment. Besides using PowerCLI to check and set basic settings, you can write some pretty advanced and powerful scripts to configure your environment for you. For example, I could write a script to configure host networking every time I add a new host to my environment to ensure things are always configured consistently. I can take things one step further and use PowerCLI to apply a host profile to my new host as well. The beauty of a PowerCLI script is you can write it once, and use it over and over again. It can be an extremely useful tool in any environment, large or small. If you plan on using AutoDeploy in your environment, PowerCLI is an absolute must for creating and editing your images.

PowerCLI can take some getting used to, especially if you aren’t already familiar with PowerShell in a Windows environment. The good news is after PowerCLI’s quick installation, its relatively easy to get started, and there are lots of resources built right into PowerCLI to help you. If you’re looking to teach yourself some PowerCLI using some common tasks in a vSphere environment, check out the blog series I’ve started called Fumbling Through PowerCLI.

Since PowerCLI is based on PowerShell, it requires a Windows workstation for installation and use. While many usually connect to PowerCLI via vCenter, you can also connect directly to a host in the event your vCenter is not functioning. This makes PowerCLI one of the most versatile tools in the vSphere administrative arsenal.

The tools used to manage a vSphere environment will depend on a number of factors. First and foremost, is the skill set of the administrative staff. Those from a Linux background may choose to leverage something like the vMA, while those with a Windows background may choose to use PowerCLI. Whatever the task, there’s a vSphere command line tool that is up for the job.

Get Set With PowerCLI and Distributed Virtual Switches, Part 1

This article is a continuation of the series I like to call Fumbling Through PowerCLI. My goal is to provide an overview of learning and using PowerCLI by logically working through how to accomplish common administrative tasks. I also like to demonstrate how we can use features within PowerCLI to teach ourselves, and well, fumble through it.

Looking back on our work with standard virtual switches (link), we can find out the command we have to work with by issuing Get-VICommand *switch.

Screen Shot 2016-06-03 at 4.27.35 PM

This time we want to focus on the VDSwitch commands, which will mange our distributed virtual switches. If you want to manage distributed virtual switches from a command line, PowerCLI is really your best option. Remember, the distributed virtual switch control plane resides on the vCetner server, so while there are some esxcli commands to view some characteristics of distributed virtual switches, there is no way to mange them using the esxcli tool on a host.

Let’s start by using the command Get-VDSwitch to see if we have any distributed virtual switches in our environment.Screen Shot 2016-06-03 at 4.29.26 PM

It turns out we have a number of them in our environment. What if we are just concerned what switches a particular host is connected to? We can use the command Get-VDSwitch -VMhost host1.lab.local to see what distributed virtual switches host1 is connected to. In fact, let’s see what switches are connected to each host.  While we are at it, we might as well take a look at host2.lab.local and see what distributed virtual switches it is connected to.Screen Shot 2016-06-03 at 4.32.31 PM

It seems like we have a number of distributed virtual switches which are not in use. Let’s clean things up a bit by removing the distributed virtual switch named Migrate. To find out how to do this, use the command Get-Help Remove-VDSwitchScreen Shot 2016-06-03 at 4.34.17 PM

We can remove the distributed virtual switch named LACP2 by issuing the command Remove-VDSwitch -VDSwitch LACP2. PowerCLI will then confirm we want to remove the switch.

Screen Shot 2016-06-05 at 5.13.06 PM

Now we are going try to remove the switch named ThisistheFinalvSwitch with the command Remove-VDSwitch -VDSwitch ThisistheFinalvSwitch -Confirm:$False. Our goal by adding the -Confirm switch is to skip the confirmation.Screen Shot 2016-06-05 at 5.25.13 PM

Oh no, an error. It looks like ThisistheFinalvSwitch is in use.   As we can see above, it is in use by host2.lab.local. We can also confirm in vCenter.

Screen Shot 2016-06-05 at 5.59.00 PM

After we disconnect the host from the switch, we can try our command again.Screen Shot 2016-06-06 at 9.17.47 AM

This time it worked successfully, and it did not ask us for a confirmation before removing the switch.

Now, since we have cleaned things up, we are going to create a new distributed virtual switch. First we will use the command Get-Help New-VDSwitch to find out the syntax and what information we need.Screen Shot 2016-06-06 at 9.19.37 AMAs you can see, there are a number of options and and a number of ways to go about creating the switch. One thing to note is the -ReferenceVDSwitch parameter. This would allow you to create a new switch with the properties of an existing switch.

We’re going to keep things simple for our new distributed virtual switch, and create one using the command new-vdswitch -NumUplinkPorts 2 -Name ProductionApp1 -mtu 9000 -Location Lab.Screen Shot 2016-06-06 at 9.26.23 AM

Now we have our switch. Our next steps are to add a host. We can use the command add-vdsswitchvmhost -vdswitch ProductionApp1 -vmhost host2.lab.localScreen Shot 2016-06-06 at 9.38.49 AM

As we can see our host is now added to our distributed virtual switch.  We can verify this by using the Get-VDSwitch command from earlier.Screen Shot 2016-06-06 at 10.11.04 AM

Some of the next tasks we need to accomplish are adding uplinks and port groups. Stay tuned for the next part of this series to find out how (hint: we’re going to start using variables!).

This article is part of the Fumbling Through PowerCLI Series.
A Guide to Fumbling Through PowerCLI
Continuing to Get Set With PowerCLI and Standard vSwitches
Get Set With PowerCLI and Distributed Virtual Switches, Part 1

24 x 7 IT Connection – Cloud Security Starts With You

It can be easy to get caught up in cloud mania, especially with how accessible cloud solutions can be.  It can be as easy as entering a credit card number to get started, but there are so many more considerations in an enterprise cloud deployment.  24 x 7 IT Connection takes a look at one of the most important, and often overlooked areas of cloud architecture, security.

By now, we are all used to hearing about the latest security breach some company has fallen victim to.  Sony, Target, Anthem, all are household names who have fallen victim and had data stolen.  In some cases, innocent customers of these companies have been the ones impacted, and are at higher risk for identity theft since so much of their private information has found its way onto the Internet.

Security threats have been around since the dawn of the internet, but it took years for many companies to take them seriously.  They come in all different sorts of sizes and shapes, from viruses and malware to hypervisor escapes and ransomware, threats have evolved as fast as their mitigations, if not faster.

Click here to read the full article on 24 x 7 IT Connection.