VMware vSphere Central

This has been cross posted from my own blog vGemba.net. Go check it out.


VMware have a website resource available called vSphere Central that collates some excellent documentation and resources on various aspects of vSphere. In this post I will run through what is available.

Overview of vSphere Central

vSphere Central is a collection of documentation, walkthroughs, mind maps, ebooks, videos, etc. which cover various aspects of vSphere. At a high level the following main categories are covered:

  • vSphere 7
  • vSphere Upgrade
  • vCenter Server
  • ESXi Host and Virtual Machine
  • Security & Compliance
  • Resource Management and Availability
  • Developer and Automation Interface
  • Hardware Acceleration

Under each of these main categories are further sub topics. I have created a mind map of these:

vSphere Central Mind Map

Click image to view larger size.

Continue reading

Deploying vSphere Replication with Ansible

Recently, myself and some colleagues where tasked to automate the installation and configuration of a VMware DR solution. This involved the deployment and configuration of SRM and vSphere Replication to be production ready once all automation was complete. This proved a little tricky due to lack of APIs for some of the products, however in this blog post I wanted to show how I deployed vSphere Replication using Ansible, which was the automation tool of choice for this project.

Create Pre-Requisites

If you have deployed vSphere Replication before, then you know that there are some pre-requisites that may be required, depending on your design decisions. I won’t discuss here how we created AD groups, accounts etc as this was all done using another role but these are all pretty easily automated.

The main requirement was to have a separate NIC for replication traffic on my appliances. The new role created was the port groups for replication. This can be done using the OTB vmware_dvs_portgroup Ansible module. Here I am creating creating the port group , assigning the teaming policy and various other requirements.

Continue reading

Reservations of VMs per ESXi host.

To paraphrase 1998s The Waterboy (best sports film of all time)..
Reservations are the devil.

The more you deep dive into reservations and resource pools the more you don’t want to touch them.

I wont go into great detail about the dangers as vFrankEric Sloof and Duncan Epping (to name but a few) have been telling us for years.

Basically unless you REALLY know what you are doing and you have a REALLY good reason to use them… Don’t.

However, back in the real world reservations are still being demanded by some vendors. Most notably anything to do with VOIP. Which is understandable as you don’t want these guys fighting for resources. I will say though, some of the numbers they ask for can be eye watering.

Continue reading

Triggering Infoblox ABX from vRA Cloud API request

I recently created a post to show how to integrate the Infoblox plugin into vRA Cloud. This worked fine when I used the blueprinting component of Cloud Assembly. However, when the request was made direct using the IaaS API, the VM was created fine but it did not get an IP from my IPAM IP pool.

I had noted from the VMware docs, if you wanted to set a static IP address from the YAML based blueprint, you would use the property:  assignment: static, however this property did not work as expected in the body of the API.

Continue reading

Integrating Infoblox into vRA Cloud

I was recently tasked with integrating Infoblox into vRA Cloud. There didn’t seem to be a lot of information on this so I thought I would write a blog post 🙂 Hopefully others find it useful.

This article will make assumptions that you are familiar with vRA Cloud and that you already have an IP range setup in Infoblox. Actually, the process to integrate is very simple , however we do have some pre-requisites that we need to deliver before we can begin. Make sure that you have downloaded the ABX plugin from  https://marketplace.vmware.com/vsx/solutions/cas-infoblox-plugin-for-abx-0-0-1 and also ensure you add the following extensibility attributes in Infoblox:

  • VMware NIC index (Integer)
  • VMware resource ID (String)
  • Tenant ID (String)
  • CMP Type (String)
  • VM ID (String)
  • VM Name (String)
Continue reading

VMware Fling – Virtual Machine Compute Optimizer

This has been cross posted from my own blog vGemba.net. Go check it out.


I recently found a VMware Fling that helped me find some VMs that were incorrectly configured VMs in regards to vCPU and vNUMA rightsizing. I feel Flings are not that well known so want to highlight this one and show the value in checking them out.

What are VMware Flings?

According to the Flings website they are:

Flings are apps and tools built by our engineers and community that are intended to be explored

Think of them as tools/utilities/scripts/apps that are built by VMware Engineers and the Community for the benefit of us the users. They can target a niche problem or something wider.

Continue reading

The Importance of VCSA Services


This has been cross posted from my own blog vGemba.net. Go check it out.

This week I was trying to deploy an OVA on a vCenter and it was throwing strange error messages. I chalked it down to the Flash client being dumb, but then I could not add a new Role for some permissions.

Once I started I discovered the issue it reminded me the importance of checking the basics.

This was on a VCSA 6.5 Update 1 with an external PSC.


As I said above the first sign of an issue was on the deployment of an OVA. In the Flash client I kept getting this error when selecting Deploy OVF Template:

This version of vCenter Server does not support Deploy OVF Template using this version of the vSphere Web Client. To Deploy OVF Template, login with version of vSphere Web Client.

OVA Deployment Error

I tried then using the HTML5 client and it would just sit at Validating at step three in the wizard:

OVA Deployment Error

I had a look at the VMware Knowledgebase and found KB2151085 but this was originally a new VCSA and had not been upgraded. I ran out of time to investigate further so ended up using PowerCLI to deploy the OVA I needed.

The next day I needed to create a new Role in vCenter and encountered further issues. The first was when I went to the Roles screen in the Flash client. It said I did not have permissions. I then tried using the SSO admin and had the same:

Roles Error

Again I checked the HTML5 client and found an empty screen:

Roles Error

As a final check I went to an existing folder and tried to add an existing permission to the folder. Going to the Add Permission wizard in the Flash client I got the error:

An internal error has occurred – Error #1034

Roles Error

and the error stack showed:

Roles Error

Googling Error #1034 showed a couple of entries and they fixed it by rebooting the appliance.

The Fix

At this point I knew I had a serious problem. My first thought would be to reboot the appliance but this would have involved a Change ticket with approvals and an out of hours reboot which I wanted to avoid.

I spent time wondering if there was a permissions error but I was trying the SSO local administrator account which has access to everything. I spent some time looking at the SSO configuration and the Groups but could not find the issue. I could rule out permissions as the cause.

Next I spent time looking at KB2151085 from above. I performed the steps listed even though I knew is was a bigger issue but wanted to rule it out. Of course that didn’t help.

At this point it was lunch time. As many of you know there is nothing better to help you figure out a problem than walking away from it for a while. So I went for a walk! When I got back I decided to get back to basics and check on the health of the appliance.

I checked the following in the VAMI:

  1. Health Status (all green)
  2. NTP status
  3. DNS setup
  4. Database utilization (had issues when VCSA disk partitions fill up)

That all looked good.

Then I moved to the vCenter UI. I had a look at the System Configuration under Administration and noticed in the Services Health a Warning:

Roles Error

Clicking on the Objects tab I could see the VMware vCenter Serverservice was in Warning. Looking further down the list I noticed something. The service vAPI Endpoint was stopped:

Roles Error

I knew the vAPI Endpoint is a critical vCenter service. Checking the properties of the the service showed it should have been running as the Startup Type was Automatic:

Roles Error

I started up the service and went back to the Roles screen using my domain account and could see Roles now:

Roles Error

I then check a simple OVA deployment and it worked.

Wrap Up

This taught me a lesson. I spent too long on Google and searching for a complex error and fix. I need to start with the basics first.

I also took note in our wiki of the services that should be running on the vCenter and PSC so that others not as familiar will know what should and should not be running.

I also wanted to blog this as the specific error codes matched other issues and KB articles that were not relevant. If anyone else hits similar problems I hope they land on this post and it helps them.

vCommunity – “What does ‘insert your employer’ gain from you participating?”

As you may be aware there is a multitude of vendor community advocacy programs, for example, VMware vExperts, Veeam Vanguards, Cisco Champions and Microsoft MVPs to name a few. Some of you reading this might be part of one or more these programs or interested to learn more about them. This post is not intended to detail what is required to join/participate in these programs. This post is intended to help answer the inevitable question from your employer :

“What does <insert your employer’s company> gain from you participating/attending/presenting at these programs?”.

To answer that question I need to explain the what being part of the vendor Community programs entails.

Continue reading

What the VMware User Group means to me and how we improve it for all

First to start with an admission, I love the VMware User Group, I just think it’s brilliant. I’ve no illusions that it’s the major reason why i’ve been fortunate enough to end up working at VMware.

Act 1 – Absolute beginner

When I was first starting out in my VMware career I found it invaluable. I absorbed the content like a sponge, it was all new to me and I never attended an event without walking away with some nugget of new useful information.

Act 2 – Finding my feet

As time passed my experiences evolved; It was no longer just about listening to the speakers, it was getting access to the folks who literally wrote the book on subjects. Getting a chance to ask my questions of the people who knew it best solved some major issues for me.  I still turned up at every event, suffered through the awkwardness of the breaks, and at the end of the day made a quick exit before the true networking began.

Act 3 – Going public

Then five years ago I was asked if I would be willing to join the leadership team to help run the Scottish VMUG, at that point I would guess there were probably 3-4 people max in the community who knew who I was. I really believed in the process though and it had been invaluable for my learning so I felt it appropriate to put back in what I’d taken out. Being a leader the events changed somewhat. I was able to look at an event through a prism and see my experiences seemed pretty common to how others react, we work in an industry of introverts so that shouldn’t come as a surprise. A room full of strangers all with one common unifying thread, in the most part unwilling, or perhaps more accurately uncomfortable talking to each other.

So for the last couple of years as a leader I embarked on a crusade, the 3rd act of my User Group life unlocking the connections between people. I’d stand up at the start of a VMUG and I’d tell everyone in the room, if this is your first time at a VMUG or if you just don’t know anyone else in the room, come and find me during the breaks and I’ll talk to you. At one event I warned everyone, if during a break I see you on your own on your phone then I’m coming to talk to you. I bounded up to one guy who was reading his phone, he was adamant his colleagues were just at the toilet and he didn’t need my company, but I wasn’t so easily dissuaded, in the end I don’t think he grudged my company but if he did he hid it well.


At my last event as a leader, there were lots of people in groups and there were two guys talking together but slightly away from all other groups. I knew I’d met them both before but couldn’t remember much about them and did not remember they worked together. I started chatting to them and within about 10 minutes the conversation turned to a topic of which I knew there were others that were passionate about, I pulled one person in, then another, before long there was a group of about 8 people and I felt I’d done my part and walked away. Later on that night one of the original two guys told me “you’re the nicest, of the leaders” he was right on many levels with that statement…but he then qualified it with a reason why.

Last week someone said something very similar to me about their recent experiences. I had to point out that just because the leadership are passionate about the VMUG and willing to stand at the front of a full room, doesn’t necessarily mean they’re comfortable with everything. We/They all suffer the same insecurities and difficulties, personally I’ve always been more afraid of the small intimate networking situations than I have been of speaking to a packed room.

The Lowest Ebb

I remember a few years ago being at a corporate event in London. I was late to arrive, during the breaks I was able to fake essential work on my laptop but at the post event networking event there was nowhere left to hide. It was clear there were people that worked together and other people who seemed to know each other. I found myself on the outside of every group of conversation. I loitered nearby but was never either brave enough to get involved nor was I invited in to the conversation. I found myself paralysed and completely incapable of breaking the cycle. Eventually I quit, I turned around and walked out of the building. I highly doubt anyone even noticed. It was the loneliest and one of most embarrassing moments of my career.

Now the reason he said I was “the nicest of the leaders”?  He said I was the nicest one because I always seemed to go out of my way to speak to everyone, particularly the people on their own, the shy, the timid, the first timers. He’s right I do go out of my way to do that, not because I find that easy or comfortable, instead I found that being a leader provided me a safety blanket. I was able to step outside of my fears/insecurities and throw myself into a situation and channel my inner JFK

It’s ridiculous, I didn’t have any invisibility cloak of protection, it was a pure placebo but for whatever reason it worked. I remember the sobering feeling of my lowest point all too well and that powered my desire to do anything to prevent someone else from suffering such ignominy. I was able to put myself into my most uncomfortable situation not because I enjoyed it but in the hope that it might save someone else from suffering the lows I have.

The Big Finish

Adults are rubbish at talking to strangers, add in the fact we’re all introverts, it’s a potent mix that threatens to derail the true power of this community. My new career at VMware has me aligned to a number of different VMUG’s rather than just my comfort blanket in Scotland. I’ll be visible and attending 3-4 VMUGs across the UK this year and I’m hoping to carry my crusade onwards.  The true power of this community is in the people, anything we can do to unlock that the better for all involved

So my ask of everyone else? Don’t be scared to talk to the person beside you. We’re all in this together, and remember just by being here there’s a bond that unites us all. As uncomfortable as you find that initial approach, you never know how appreciated it might be by the other person

Introduction to Cloud Assembly

What is Cloud Assembly?

At VMworld 2018, VMware announced their new Automation service, aptly named Cloud Automation Services (CAS) and earlier this year in January, it was announced as General Availability.

So what is CAS? Well it’s a multi cloud solution driven by the infrastructure as code methodology and delivered by VMware as a SaaS model. CAS is made up of 3 components, Cloud Assembly which allows for infrastructure and application delivery in line with devops principles, Service broker which provides a service catalog and finally code stream which focuses on the pipeline and continuously delivery. Some of these names will be familiar, e.g code stream but you should note that these are not just upgrades of previous products and they have been written from scratch for a brand-new experience.

In this post, I wanted to focus on Cloud Assembly and give a brief introduction to the service. I have been using vRA for a number of years and one main problem was the pain of installation. In short, different products stitched together (think of the SQL and postgres DB fight) meant it was a real pain to deploy consistently as part of an overall private cloud product.

Continue reading