Wednesday, October 17, 2012

"Target disk UUID validation failed" Error while configuring vSphere Replication on a Pre-seeded VMDK

vSphere Replication gives you the option of performing a host based replication of Virtual Machine from one data-center to another over a network link. This feature was introduced with vCenter Site Recovery Manager 5.x. This allowed customers to use vSphere Replication as the primary replication engine to replicate data from one Site to another and then use the SRM engine to provide automation to the entire DR process.

Since, you have the option to set replication per virtual machine, you can also, pre-seed the VMDK files of a virtual machine on a LUN in the target Datastore (by restoring a full image from a backup). This allows you to save time and replication bandwidth, since you do not have to replicate all the data over the WAN. This will allow you to just replicate the changes from Primary Site to DR Site by Syncing both the images.

Most of the customers, who would use the pre-seeding method would register the restored VM's on the DR site and power them on to check if the backup was good and can they pre-seed that image. Once this VM is registered and powered on, you will be asked a question whether this VM "was copied" or "was moved". If you proceed with the default option of "was copied", the UUID of the VMDKs would change to a random value.

Now when you try to setup the first time Sync using the vSphere Replication configuration wizard, this configuration would fail with the following error "Target disk UUID validation failed".

This error comes up because when the replication engine compares the VMDK descriptor files of Source and Destination VMDK files, they both have different UUIDs. This causes the replication configuration and the first time sync to fail.

To solve this issue, you can simply use the ESXi shell or putty session to get the UUID from the descriptor VMDK from the Primary Site VM. Keep this UUID noted as you would need to replace the UUID of the target VMDK descriptor with this source UUID. Once done, you would be able to setup the Replication again using the same seed vmdk without an issues.

Here is how a UUID would look like in a VMDK descriptor:-

ddb.uuid = "60 00 C2 94 dd 43 63 90-18 77 3f 23 6d 8e f0 22" 

Please ensure you do this for all the disks (vmdks) attached to the Virtual Machine in question. Please ensure you have a backup available before you play around with this, in-case you do not have hands on experience.
No comments: Labels: , , , ,

Monday, October 15, 2012

VMware Site Recovery Manager - Accessing Test Network during Disaster Recovery Drills!

Like most of my blog posts, this topic was also a question which was raised by one of my customer during an SRM Plan & Design engagement. I did not find a blog or a document which speaks about this topic and hence I thought of documenting this on vXpress and help the community use this solution if they face a similar situation.

Well, the topic is pretty much self explanatory, however let me go ahead and dissect it for those who are wondering what is TEST Network with respect to SRM. 

The most popular feature of VMware SRM is that, it allows you to perform DR drills, using the Test Recovery option which allows you to Test your DR side Virtual Machines, Applications, Networks and the Workflows which you define in the Recovery Plans. These Recovery Plans are created during the configuration of SRM and they are modern day DR Run-books which execute as soon as you run a Test Recovery of Actual Recovery from the SRM Console. Lets look at the difference between the TEST & RECOVERY highlighted in RED in the screenshot below:-


Once you have created a Recovery Plan, which defines the workflow which need to be executed when you press either of those buttons, you are ready to either perform a 

a) Test Drill - Just a test of your DR site virtual machines, to see if your DR solution is actually working. In this process, the Production Virtual Machines keep running on the Primary Site, while copy of these machines in the DR side are mounted on the ESXi servers and are powered on in a snapshot mode (This snapshot is deleted when you cleanup test recovery, so that you do not save any changes on the DR VM's while testing). The replication of data whether Storage Based of vSphere Replication (host based) is not impacted with this Test Drill at any time.

b) Recovery - This button if used, means you actually had a bad day at office... It means you met a disaster, and finally decided that your production site is Down (due to a fire, power outage, earthquake, floods etc). Once you press this button and agree to the warnings, you force the DR machines to power on based on your Recovery Plan and start operations from your DR Site.

Now there is a minor difference in both the cases. In case of Recovery your primary VM's are down, hence you power on your secondary VM's to continue business operations. The Secondary Site network can be an extended network from the Primary site or can be a different sub-net as well. You would not have duplicate Host Names or IP issues since the primary machines are DOWN.

In case of the Test Drill, since the Primary machines are still UP, you power on the DR machines in a ISOLATED TEST NETWORK. This can be created either by choosing the AUTO option while defining DR and Test Networks in the Recovery Plan or by provisioning an ISOLATED VLAN with IP addresses which can be assigned to these test machines and Testing can be performed.

So far I hope it was easy to understand and implement...

Now,since the product has this capability of Test DR Drills, you would want to Test your Recovery Plans, which include, Virtual Machines, Operating Systems, Data, VM Interoperatbility etc, which can be powered on in a bubble environment and tested as and when needed. This can be done even when your production is up and running so this is COOL. However, you need to understand that this testing needs that all the elements which you need to perform a test should be a part of this ISOLATED network, hence anything outside this network cannot be tested or included in this trust zone to avoid DNS conflicts which could lead to data loss/corruption etc. For eg. If you are testing a 3 tier application which has a Web VM which is virtualized and protected via SRM, an application VM (virtualized and protected via SRM), and a database which is PHYSICAL and is not protected via SRM, then you cannot really test the application completely as the physical database cannot run in the Test Mode like VMware Virtual Machines.

Even if you have the capability in your database to run on a snapshot mode, it is not recommended to include that DB in your Test environment unless you are changing the DB networking to the isolated Test Network. Do not create any routes between your Test network and LAN as this can cause trouble which is irreparable. 

Phewwww.... Alright, now since you would follow the right rules, lets talk about accessing this test network. Lets say you are capable to test these Applications, VM instances etc and you want your testers to access this environment from your Primary Site (in most of the cases here is where the application teams, users etc would be sitting). You have a couple of options here:-

a) Jumpstart Terminal Server - You can provision a W2K8 R2 VM on the DR site with RDS ( aka termial server) license and allow your testers to access this machine and use the web browser to access the application. This VM can be used without a Terminal Server License if you do not want multiple Testers to access this VM via RDP. This VM would be provisioned with 2 vNics. One connected to your TEST Network Isolated port Group and the other to your DR Site LAN. Needless to say that your Primary site users should have access to the secondary site LAN via MPLS cloud etc.

b) VMware View Desktops - VDI is another way of making this possible, since you can provision desktops in this network PG and ensure that you create a seperate pool for DR testers and allow them to connect when needed. 

c) vSphere Client Access - You can allow the Testers to Login to the DR site vCenter with limited access and then can directly launch the console of the Test Virtual Machines and play around. This should be very well planned and tested to avoid any unauthorized access.

d) VMRC Weblink - You can generate a Virtual Machine Remote Console weblink and give them to the Testers to use in case they need to, however this will also give them direct access to the virtual machine files and data which you may or may not want to share.

I am sure you can think of other ways as well, but remember that you think and freeze a method during the planning phase to ensure that you can test your deployment in a pilot before going live in the production environment. 

Here are a few screenshots from a PPT which I prepared for explaining this scenario.



SRM Setup between Primary & DR Site using vSphere Replication of Storage Array Based Replication


Performing a Test Recovery which will continue the Storage Replication and Bring the DR Machines up in a Test Network in a Snapshot Mode





The Primary Site has gone down and the Recovery is executed. The business has failed over to the DR Site and the Virtual Machines are connected to the DR Network


Well, I know this might bring up more questions in your mind and if it does then feel free to use the comment column and I will be happy to discuss these options. Choose the best for your DR environment and I can ensure that you would never face any issues whatsoever.
6 comments: Labels: , , , , , , , , ,

Wednesday, October 10, 2012

vShield Endpoint Now Available to vSphere Customers!!

With the Introduction of vSphere 5.1, all the editions (essential plus or higher) of vSphere have the vShield Endpoint component bundled along with them. This basically means that you would no longer have to shell out dollars to use the functionality of Endpoint. This enables you to offload the Anti-Virus tasks to a service virtual machine, which runs on each ESXi server to ensure that all the malicious activities and data can be scanned on this service VM. This protects your virtual machines against virus attacks and other malicious activities. This will also avoid any Storage, CPU or RAM bottlenecks which might be seen in the environment due to traditional Anti-Virus Scans using an anti-virus agent inside each virtual machine.

As mentioned before, with the release of vSphere 5.1, Endpoint functionality is available at no extra cost to customers with valid SnS contract for Essentials Plus or higher. vSphere 5.1.x, 5.0.x and 4.0 U3 customers can download Endpoint from the respective vSphere download pages. No Endpoint license is needed.

Once you have the EndPoint service VM, you can use vShield Manager to configure this for all the ESXi servers in you data-center  Now, you would need to go to your anti-virus vendor and get to the version of antivirus which supports the Endpoint appliance. This will allow you to migrate from the primitive methodology of anti-virus scans and make your virtual infrastructure more robust, secured and efficient.

The diagram below gives you a visualization of how this works using Trend Micro Deep Security:-

Courtesy: Trend's Website


Below is the list of the popular Antivirus vendors who have already developed a solution around vShield Endpoint:-





On the Roadmap (Source: Google Search)

> Symantec Endpoint
> F-Secure
> Sophos
> Lumension


I can see that most of the existing and new security vendors would develop around Virtualization as they all understand that their products need to adopt the Virtualization and Cloud agility as well. Looking at the benefits this is a more futuristic approach of providing endpoint security in a data-centerI can see this change taking us towards the era of, Anti-Virus as a Service (AVaaS) where-in Security vendors would provide customized endpoint products to data-centers and end users as a commodity service. 

Another contribution to the Cloud from VMware. Kudos!!
***********************************************
Update to Article    Monday, December 3rd, 2012
***********************************************

As per the latest market update, Symantec today announced availability of its first anti-malware software protection that supports VMware's security architecture known as vShield, becoming the latest anti-malware vendor to do so following similar moves by Trend Micro, Kaspersky Lab and McAfee, among others.
Symantec Endpoint Protection (SEP) 12.1.2 can be used to scan, detect, block and remediate against anti-malware....

More can be read here -

http://www.networkworld.com/news/2012/120312-symantec-vshield-264655.html

3 comments: Labels: , , ,

VMware vCloud Suite makes Software Defined Data-centers a Reality!!

In one of my previous posts I wrote about VMware vSphere 5.1 - What's new with this version?, however now it is time to talk about VMware's vCloud Suite which was launched at VMworld 2012, San Francisco. As you might have heard it was the most comprehensive release of VMware or for that matter any software vendor which enables Cloud Computing. However, this has just been beefed up further by VMware with the announcements made at VMworld 2012 Barcelona.

VMware with its innovative products around the Infrastructure, Application and End User layer has been helping the customers with creative solutions to take care of technology and business issues. However, with the birth of vCloud Suite, VMware has just solved the puzzle by bringing together all the pieces and create a complete picture of how a Comprehensive, Multi-Platform, Multi-Cloud Service Provisioning & Management solution should look like.

Pheww... that sounds a lot right? But yeah, its true... With all its acquisitions and new product developments,  VMware created some confusion in the market place. This confused state of mind was because of the fact that a few people and organizations could not really understand the vision of where VMware is going. This vision, however was much bigger, and way ahead of a lot of claiming competitors, as this really transforms the term cloud computing into a Software Defined Data-center. 

 Without further a-do let me give you a high level overview of what VMware has to offer with its vCloud Suite and how it will change the dynamics of the Virtualization & Cloud Industry.

 To begin with, lets see what all VMware vCloud Suite has to offer in its new Avatar..


vCloud Suite 5.1 (Announced at VMworld 2012, San Francisco)



A lot of VMware customers and partners looked at this suite and said WOW, this makes sense. And if all of this functionality comes together in a package then I would want it. However, there were questions around the future of this Suite as there was still a huge acquisition which did not show up on this suite. Yup, DYNAMIC OPS, if you are new to this affair then read the acquisition announcement on this link...

It was not too late before the Virtualization and Cloud community got the answer to this question. Not even 2 months and VMware unveiled a beefed up version of its vCloud Suite 5.1 yesterday at VMworld 2012 in Barcelona.

Yup, if the features which are mentioned in the picture above were not enough for you and you wanted more, then I can bet the next picture would "Sweep you off your Feet". Lets see what the vCloud Suite 5.1 looks like now. The Orange boxes in the image show the changes from the previous announcement.

vCloud Suite 5.1 (Re-Announced at VMworld 2012, Barcelona)

Well that Suite is certainly way more than what I expected. Talk about the the most enhanced hypervisor, a proven cloud framework, software defined networking/security, application provisioning, disaster recovery, management capabilities & to top it all a provisioning solution which allows you to provision on  multiple-clouds and  multiple-platforms. I am sure this will suffice the needs of most of the cloud service providers, enterprise customers and the small and medium businesses which are looking towards adopting the Cloud.

One last thing, lets have a look at a block diagram which completes this picture. I got this one from office of the VMware CTO - Steve Herrod.



So get ready to get your data-centers revamped with the all new vCloud Suite and take a giant step forward towards the cloud with confidence.With this, I would close this article and would look forward to blog more on each individual piece and how it makes your data-center agile, automated and managed.

I would leave you with a few more links which would provide you more information on each of these building blocks:-





3 comments: Labels: , , , , ,

Tuesday, October 2, 2012

Applications you can Virtualize on VMware vSphere Platform



Everytime I jump into any consolidation project, the first question I face is usually about whether the applications which are currently running on a Physical Server can be Virtualized or not. In-fact  their have been situations when I have got a list of 800 applications from one of our Partners to know if they can be virtualized... 

Well I have written about my stand on such questions in one of my post "VMware vCenter Server - Physical vs. Virtual". Here is the extract from that article.....

"People often ask me this question not only for vCenter but for all the other applications which they want to Virtualize. My answer to them is usually this "PLEASE ASK THE APPLICATION VENDOR". The team and the organization who have developed the application know the best about the attributes of the application hence they should be able to tell you whether an application can be virtualized or not."

Well as mentioned, the application vendor is the best person to tell, however here is the link to Major global software vendors broadly support customers running their applications on VMware environments.

"3693 Applications and Countinghttp://vmware-alliances.force.com/supportedapps

Currently there are 3600+ applications certified to run on vSphere and there are more adding this list. The good part is that if you do not find your application here, you can submit the name of the app on this page and VMware along with the ISV community would work on getting the name on the list after conducting the required tests... 

This list is the one which has been created with the help of VMware Alliances and though its comprehensive, it might not be complete. I appreciate this repository from VMware as this speaks about the confidence of VMware customers in Virtualizing the business and infrastructure applications running in their data-centers.

Hope this would help some taking decisions around Virtualizing those applications which you thought were not supported. 


4 comments: Labels: , , , , , , ,
Subscribe to: Posts (Atom)