Category Archives: VCAP-DTD

Nutanix and VMware APIs for Array Integration (VAAI) – Quick Tip



In the second of my series of Quick Tip’s with Nutanix I wanted to cover off  VMware APIs for Array Integration (VAAI).

The Nutanix platform supports VAAI which allows the hypervisor to offload certain tasks to the array. This vSphere feature has been around a while now and is much more efficient as the hypervisor doesn’t need to be the “man in the middle” slowing down certain storage related tasks.

Nutanix support all the VAAI primitives for NAS

  • Full File Clone
  • Fast File Clone
  • Reserve Space
  • Extended Statistics

If you are not aware of what these primitives mean, I’d suggest reading the VMware VAAI Techpaper.

For both the full and fast file clones an  NDFS “fast clone” is done meaning a writable snapshot (using re-direct on write) for each clone is created. Each of these clones has its own block map meaning that chain depth isn’t anything to worry about.

I’ve taken the following from Steven Poitras’s Nutanix Bible

The following will determine whether or not VAAI will be used for specific scenarios:

  • Clone VM with Snapshot > VAAI will NOT be used
  • Clone VM without Snapshot which is Powered Off –> VAAI WILL be used
  • Clone VM to a different Datastore/Container –> VAAI will NOT be used
  • Clone VM which is Powered On –> VAAI will NOT be used

These scenarios apply to VMware View:

  • View Full Clone (Template with Snapshot) –> VAAI will NOT be used
  • View Full Clone (Template w/o Snapshot) –> VAAI WILL be used
  • View Linked Clone (VCAI) –> VAAI WILL be used

What I haven’t seen being made clear in any documentation thus far (and I’m not saying it isnt there, I’m simply saying I havent seen it!), is that VAAI WILL only work when the source and destination resides in the same container. This means consideration needs to be given as to the placement of ‘Master’ VDI images or with automated workloads from vCD or vCAC.

For example, if I have two containers on my Nutanix Cluster (Master Images and Desktops) with my master image residing in the master images container, yet I want to deploy desktops to the Desktops container VAAI will NOT be used.

I don’t see this as an issue, however more of a ‘Gotcha’ which needs to be considered at the design stage.

Nutanix Networking – Quick Tip

I

‘ve spent the past 4 months on a fast paced VDI project built upon Nutanix infrastructure, hence the number of posts on this technology recently. The project is now drawing to a close and moving from ‘Project’ status to ‘BAU’. As this transition takes place, I’m tidying up notes and updating documentation. From this, you may see a few blog posts  with some quick tips around Nutanix specifically with VMware vSphere architecture.

As you may or may not know, a Nutanix block ships with up to 4 nodes. The nodes are stand alone it terms of components and share only the dual power supplies in each block. Each node comes with a total of 5 network ports, as shown in the picture below.

Back_of_Nutanix

Image courtesy of Nutanix

The IPMI port is a 10/100 ethernet network port for lights out management.

There are two 2 x 1GigE Ports and 2 x 10GigE ports. Both the 1GigE and 10GigE ports can be added to Virtual Standard Switches or a Virtual Distributed Switches in VMware. From what I have seen people tend to add the 10GigE NICs to a vSwitch (of either flavour) and configure them in an Active/Active fashion with the 2 x 1GigE ports remaining unused.

This seems to be resilient, however I discovered (whilst reading documentation, not through hardware failure) that the 2 x 10GigE ports actually reside on the same physical card, so this could be considered a single point of failure. To work around this single point of failure, I would suggest incorporating the 2 x 1GigE network ports into your vSwitch and leave them in Standby.

With this configuration, if the 10GigE card were to fail, the 1GigE cards would become active and you would not be impacted by VMware HA restarting machines in the on the remaining nodes in the cluster (Admission Control dependant) .

Yes, performance may well be impacted, however I’d strongly suggest  alarms and monitoring be configured to scream if this were to happen. I would rather manually place a host into maintenance mode and evict my workloads in a controlled manner rather than have them restarted.

Managing a ‘Master’ VDI Image across multiple sites | Made easy with Nutanix



You are working on a large virtual desktop deployment using Active/Active datacenters, you have multiple use cases and multiple master images. With an Active/Active setup, your users have the possibility of being in DC1 one day, and DC2 the next.

So, what do you do when you have a requirement for the image to be available in case of a site failure? Nutanix make this easy for us, using protection domains and per-VM backups.

What is a protection domain?

A protection domain is a VM or group of VMs that can be backed up locally on a cluster or replicated on the same schedule to one or more clusters. Protection domains can then be associated with remote sites.

It is worth noting that protection domain names must be unique across sites and a VM can only reside in one protection domain.

A protection domain on a cluster will be in one of two modes:

  • Active – Manages live VMs, makes, replicates and expires snapshots
  • Inactive – Receives snapshots from a remote cluster

A Protection Domain manages replication via a Consistency Group.

What is a consistency group?

A Consistency Group is a subset of the VMs within the Protection Domain. All VMs within a Consistency Group will be snapshotted in a crash-consistent manner and have snapshots created at each replication interval.

What is a snapshot?

A snapshot is a read-only copy of the state and data of a VM at a point in time. Snapshots for a VM are crash consistent. This means that the VMDK on disk images are consistent with a single point in time. The snapshot represents the on disk data as if the VM crashed. These snapshots are not however application consistent meaning the application data is not quiesced at the time of the snapshot. With some server workloads this could cause us some issues for recovery, however for our VDI master image this is not an issue – the master image is likely going to be powered off the majority of the time. Snapshots are copied asynchronously from one cluster to another.

What are per VM Backups?

A per VM backup give the ability to designate certain VMs for backup to a different site, such as a group of desktop master images. Not all legacy storage vendors offer the ability to replicate at a VM level, normally an entire LUN or Volume replicated at a single time.

 Where am I going with this?

There are many solutions to replicate data, however Nutanix provides this capability, albeit at a small cost, within its platform. No additional components are necessary and it even has an SRM plugin. The key feature is Nutanix integrates with vSphere to make this is a seamless process.

Andre Leibovici posted a great article Disaster Recovery – Failover and Failback with Nutanix which explains the process and includes a video which is below.

Working with vSphere 5.5 and Nutanix  check out my Nutanix Configuration with vSphere 5.5 post

My Study… What’s Next?

I’ve decided, after a week break from study to pursue my next exam milestone(s), in the form of the VCAP exams for Data Center Virtualisation. It seems to make logical sense to focus on the Data Center design exam first, having just spent a lot of time studying for the desktop design exam. I’ve spent the past 18 months, more hands off the day to day administration of vSphere and focusing predominately on design work so, the VCAP-DCA will take a bit more effort wiping away the cobwebs, therefore I’m aiming to complete in the early part of next year.

I plan on completing study guides covering off the objectives in the same way I did for the VCAP-DTD. I appreciate many have done this before me, and there are too many sites to mention here, however I find this way of studying the most beneficial, therefore will continue, If I can help others in the process, all the better!

Before this however, and partly due to a change in direction in my work role to focus more towards private cloud, I took advantage of a recent discount offer and booked my VCP-IaaS exam, which I’ll study for alongside my VCAP-DCD studies. I’ve decided not to focus as much time writing study guides for the VCP exam, however decided I’d share a list of materials I’ll be using to focus on the VCP-IaaS.

  • The exam blueprint, the first port of call for any exam. I’ll download and review the blueprint, then refer back to this throughout my study to ensure I can confidentially cover off all the requirements in each objective.  I’ll also read all the suggested official documentation in the blueprint.
  • My home lab. You need hands on exposure on all exams. I’ll predominately be using the vCD appliance (which I already have setup) however I’ll install vCD in a RHEL server a few times, to ensure I can cover this off.
  • TrainSignal (or PluralSight if you prefer) offer three vCloud focussed training courses:
    • VMware vCloud Director 5.1 Essentials by Chris Wahl
    • VMware vCloud Director Essentials by David Davis and Jake Robinson
    • VMware vCloud Director Organisations by Jake Robinson

As the first title suggests, Chris Wahl’s series is based on 5.1, whereas the exam focuses on 1.5. There is still bucket loads of good information in here, so well worth watching. If you do not subscribe to TrainSignal, it truly is worth it, subscribe here!

If I use any further materials, then I’ll update this post. The VCAP-DCD study guides should also start coming fairly soon!

VCAP-DTD | What materials I used to study

As part of my recent studies towards the VMware VCAP-DTD I used various training materials, so, I thought I would cobble a post together letting everyone know what I used, and what I thought was best.

Before anyone asks, no, I didn’t use an exam cram, that’s what makes the VMware VCAP exams different to many other industry qualifications, it’s one you can be proud of achieving through dedication and hard work as you can’t cheat!

I was lucky enough to attend the two day instructor led View design workshop to kick off my studies, however I think this course can really be hit or miss depending on the students in attendance. Unfortunately, I found myself in a fairly quiet group, so most of the banter I looked forward to, discussing other peoples design decisions didn’t happen and at times I found myself and the instructor having one to one design discussions with the rest of the group looking on and sometimes looking a bit lost. Don’t get me wrong, this is not a dig toward the instructor, in fact I thought he was actually very good, if it wasn’t for his persistence with the remainder of the students it would have been a boring couple of days with little takeaway. Overall, I’d recommend the class, however just hope you get an active group if you are planning on attending. Even though the course wasn’t spectacular discussion wise, the course material was good and very comprehensive and ended up played a major part in my study.

After the course, with the exam booked (with plenty of time to study further) I downloaded the blueprint and used this as the base of my study. I can’t recommend highly enough to know the exam blueprint inside out. Everything asked of you in the exam is covered off in the blueprint. Read all the suggested material as everything is in there. Head over to Jason Langer’s site, he has kindly downloaded all the material and bundled together in a single zip file, even putting all the files into their respective objective folders. Good work Jas, thanks!!!

After reading through all the official VMware material, I re-visited some of the books I had in my collection around VMware View.  I’ve mentioned these before, they can be found here.

At this point, I started my own study guides, which of course can be found here. Where I took each objective from the blueprint and wrote study notes on each element to ensure I was going to be comfortable with every section of the blueprint. The info in my study guides is a mixture of real world experience and information obtained from all the above sources, but hopefully written in a way which is simple to understand and to digest. Hopefully it will assist many of you looking to sit the exam. They are not intended to suggest that the official courses are not worthwhile, or the books are not worth reading, far from it. I’ve just cobbled together my study notes and posted them in the hope they help others as they helped me pass the tough, but passable VCAP-DTD.

I also signed up to Trainsignal. At $49 a month with no contract tie-in, or $39 a month when you sign-up for a year, I think these are simply fantastic value for money. Whilst perhaps the material they have doesn’t have direct relevance to the VCAP-DTD exam, they do have a series on View, although more aimed at the VCP-DT, they have a series on VMware vSphere design by the one and only Scott Lowe which is simply brilliant and is a fantastic aid in this exam. I’ve started some of the other courses on their site recently to assist with other studies and I cannot recommend them highly enough. With their recent acquisition by Pluralsight, you now have a whole heap more content available at the same price as before!! If you are not already a member I’d seriously recommend you take a look here

I also wrote a post on the exam experience which can be found here

VCAP5-DTD Exam Experience

So, today, Tuesday 10th September 2013, I sat my first ever VCAP exam (the VCAP-DTD) and I’m delighted to say I passed. I thought, as I have blogged about the exam already and worked through the exam blueprint, I would talk a little about the exam and hopefully try and pass on some useful tips/information.

Disclaimer: I’ve obviously accepted the NDA before sitting the exam, so I will not release any direct information on the exam, so please don’t ask!

I’ve already blogged about the exam in some detail over on my VCAP5-DTD page so I won’t repeat that here, go take a look if you are not already up to date.

The exam itself is, as others have said in their exam experience blogs, is tough. Very tough. It not only tests your ability to design large scale and complex VMware View environments, you need to be able to design the supporting components that the View infrastructure will reside on (vSphere, Network and Storage).

The multiple choice questions are more complex and tougher than those set out in the VCP exams, as you would expect being the advanced certification, however I believe these questions are very fair. The drag and drop style questions are tricky too and require some working out, don’t whizz through these questions, take your time, as I would image these are some big hitters on the overall exam scoring (I don’t know this, I’m just assuming). The Visio style diagram questions are again tough, (see a pattern emerging here?) however contain all the information you need and more to successfully answer the question.

In no particular order, here is what I would recommend to any people planning to sit the exam:

  • Time is of the essence in the exam, with 195 minutes available, I ran out of time when reviewing some the of the questions I flagged to return to at the end. Ensure you don’t get bogged down with the Visio style questions.
  • Take care to read the questions multiple times. At times, you may think you don’t have all the required information. It will be there, in-fact I found there was more than needed, so ensure you understand what the question is asking of you, especially with the Visio and drag and drop style questions.
  • Take extra laminate sheets in for your workings out. You WILL need them, I took 3 sheets and used up both sides of all, with little space for the last few questions.
  • In contrast to what I stated over on the VCAP5-DTD page, I did have access to a calculator within the exam. Perhaps they realised some of the maths you need to do is simply too much of an ask given the type of exam and time restraints. Perhaps others can let me know if they have experienced any different lately?
    • Even with a calculator, be prepared to size your designs from raw numbers.
  • Know how to size environments of all sizes. Ensure you know how many infrastructure components (vCenter, Security Servers, Connection Servers, Load balancers) are required to support varying sizes of scenarios.
  • Understand the storage options available to you in VMware View, and be prepared to be questioned on all of them.
  • Be prepared to answer question on VMware ThinApp and ensure you understand Load Balancing concepts and methods of 2 factor authentication.
  • Read the exam blueprint, know it inside out. It’s there for a reason and covers everything you need to pass the exam. I did, and I passed at first attempt.

With regard to study materials, what would I suggest? My VCAP5-DTD study guides of course, they helped me pass! Aside from these be sure to check my list of books, I used them all at various points, also check out the APAC vBrownBag’s previous recordings as these were also very valuable. Finally, after some general advice from my esteemed Xtravirt colleague Gregg Roberston, practise diagramming different scenarios. I got some Magic Whiteboard from Amazon and drew out countless scenarios until I could do them fairly quickly. It think this helped in the exam.

So, onto the next exam(s)… VCP-IAAS, VCAP-DCA and VCAP-DCD – Yes I am a glutten for punishment.

Thanks for reading and if you are sitting an exam soon, good luck!

VMW-LGO-CERTIFIED-DESKTOPDESIGN-K

VCAP-DTD | Objective 6.3 | Determine Management Requirements for a View Client Design

Determine patching requirements

Depending on the client being used there are a number of methods that can be utilised.

Zero clients have no operating system and no local storage, therefore no OS patches are required, not anti virus or anti spyware. There maybe occasional firmware updates to the hardware, however this will be managed by the vendors propriety software. Wsye for example, have Wyse device manager, Samsung utilise MagicRMS.

Thin Clients will again have their own management software that will allow for updates to be sent, however for those clients running embedded versions of Windows, patch updates and AV solutions will need to be managed via another product. Windows WSUS is an option, however there are more comprehensive solutions available such as Shavlik, Lumension and even SCCM.

Fat clients can continue to be managed as they have been managed previously.

Normally little consideration needs to be given to mobile devices as software is updated from their respective App stores. If your design will need to accommodate a large number of mobile devices, then a MDM solution should be considered.

Establish software distribution requirements

Most thin and zero clients will already come pre-installed with the View client so nothing will need to be installed here, the updates will be managed though the broker software.

For traditional fat clients, then GPO could be used, alternatively, Lumension or SCCM.

Identify client peripheral requirements

This has already been discussed in Objective 6.1, refer back to this post.

Establish security requirements

This has already been discussed in Objective 6.1, refer back to this post.

VCAP-DTD | Objective 6.2 | Determine Session Connectivity Requirements for a View Client Design

Establish session mobility requirements (e.g., Follow Me, etc)

Does the business already have an investment in a follow me solution?

How do people print now?

Will that solution integrate with the built-in ThinPrint features of VMware View, or will a further investment be required?

Print jobs can severely affect bandwidth and responsiveness, if possible, use follow me/location based printing to avoid transferring bits over the RDP or PCoIP remote display channels.

Some consideration here, should also be given as to what will happen when a user disconnects from an active session. For example, a user is in a client meeting at a remote location, connected to their View desktop via an iPad. They have made various notes throughout the meeting and at the end simply disconnect. They then travel home or back to a corporate office and login again, will their disconnected session take them to where they left off?

If this is required you need to carefully think about how long you leave ‘disconnected’ sessions available for, as potentially, these desktops could just be sat there for a number of hours or day consuming resource when they don’t need to be.

Establish remote access requirements

The requirements for remote access should come from the business. It will be up to you to determine the number of security servers, the connection protocols, and consider using tags for remote access.

In most cases not all users will require remote access, therefore they could potentially be a separate use case, but that would probably be too easy. If  remote access is required, will the business be happy with the users getting the full feature desktop they have when residing on the corporate LAN or will a different restricted desktop be made available (where tags will come in to play).  I’ve seen people struggle with tags so here area few snippets that you should be aware of when using tags.

  • The tags are applicable to Connection Servers only and not Security Servers
  • Any Security Servers paired to a Connection Server works exactly like the Connection Server
  • If a load balancer is used in front of a group of Security Servers or Connection Servers they must be tagged in the exact same way
  • A single Connection Server or single Desktop Pool can have multiple tags
  • Multiple Connection Servers and Desktop Pools can have the same tag
  • Desktop Pools that do not have any tags can be accessed through any Connection Server
  • View Connection Servers that do not have any tags can only access the desktop pools that also do not have any tags
  • Tags have a higher priority to user entitlement pools
Depending on the remote location, thought will need to be given as to which connection protocol will be used, and therefore will you give users the ability to choose their own protocol?
VMware and Teradici have provided the following guidelines for remote access:
NewImage

Determine applicable session behaviour requirements for the design (e.g., disconnect, logoff, timeout)

This type of information should be given to you again from the business, else you will need to probe for the answers in the design workshops. As briefly mentioned earlier, if disconnected machines are never logged off, sessions can (but not in the same way as with old terminal server sessions) become stale, and consume resource for no reason.

It is likely you will use different policies for different pools. For example, a dedicated assignment pool may not have any disconnect sessions, or potentially they logoff times will only be once a week to keep inline with company policy. Floating desktops or kiosk style may have a much shorter policy and perhaps could be logged off every evening or at the end of every business day. Discuss the options with the business to make suitable plan.

Identify display protocol requirements to satisfy the design

VMware have worked hard with Teradici to promote the PCoIP protocol and will try to push this over RDP where possible. Refer to the above table to determine which protocol is suitable for your desktop pool assignments. Perhaps with more IT savvy users you let them choose their type of protocol instead of forcing the users to use one desktop internally and potentially another externally.

Is multimedia required within the desktops? If so, you will want to try and ensure that all desktops requiring multimedia content are using the PCoIP protocol for improved performance. If the desktop is a simple task worker desktop with a few applications on then you will probably find that RDP is sufficient and will allow for users connecting in.

Ensure GPO is reviewed to make the most out of your chosen connection protocol. For example, disable the build to lossless feature in limited bandwidth situations etc.

VCAP-DTD | Objective 6.1 | Create a Physical View Client Design

Determine the number and types of access endpoints required for the design (e.g., zero client, thin client, fat client, etc.)

You will normally be presented this type of information during the initial design workshops. In most cases, one of your requirements will be, “the solution must support x users” or “the solution must support x concurrent sessions”. If in the rare situation a business doesn’t know how many users/desktops the infrastructure will be required to support, then you can use capacity planning tools to assist in information gathering.

It is worth clarifying from the start the expected growth required from the design so that these factors can be accounted for.

Each type of endpoint has it’s benefits and drawbacks.

Thin Clients

  • Power on and present the View desktop seamlessly
  • Lower cost and reduced support requirement
Zero Clients
  • No operating system
  • No local storage
Thick Clients
  • Repurpose traditional PCs or laptops (no cost outlay)
  • Apple Mac systems (BYOD)

It’s not mentioned in the blueprint, however tablets should also be considered:

Tablets

  • Apple iPAD
  • Android
For each device the following should be investigated against the design:
  • What OS version is installed, will it require AV and patching?
  • Will it require firmware updates?
  • Will it support multiple monitors?
  • What are the multimedia requirements?
  • Is there a need for local permanent storage?
  • What are the peripheral port access requirements?
  • Are there any special network requirements such as VPN?
  • Where will the device be located, will there be any support and access constraints?
  • Are the user devices mobile?
  • What is the end user capabilities and profile?
  • Will local mode desktops be used?

Identify security requirements for the View Clients

Generally security requirements will already be governed and the View solution will need to fit those requirements. The main considerations client wise, will be if there is a requirement for VPN  and smart card authentication as these will limit the choices of end clients available to use.

Items such as security servers, two factor authentication etc aren’t really an issue for client devices.

Determine connectivity requirements for the View Clients

At this stage we should already be aware of where our users will be connecting from and specifically (for client selection) have a looked at the protocol they will be using, PCoIP or RDP?

Establish multimedia capabilities

If our design determines the requirements for multimedia then we need to ensure that the end clients will support it too!

Multimedia redirection (MMR) redirects the output of multimedia codecs that are running on the remote desktop tot he local client. The local client system renders the full motion video and audio. Windows XP and Vista support MMR, Windows 7 does not.

If there is a requirement for HD video within a Windows 7 desktop, then typically 2vCPUs and 1GB RAM will be required for PCoIP to play 420p and 720p formatted videos. For 1080p, the windows may need to be smaller to get HD quality.

Network latency will be critical for acceptable multimedia performance, and on some links may prove challenging.

Establish peripheral requirements

USB redirection is provided with the View Client running on Windows 7, Windows XP and Windows XP embedded. VMware recommends that an assessment is carried out capturing the USB requirements for all users. Include all USB devices, including:

  • Blackberrys
  • iPhones
  • USB drives
  • USB printers
  • USB Webcams
  • USB headsets
  • etc etc etc etc

During the PoC phase all of these devices should be tested and verified as working.

Printer redirection is key and often overlooked. Ensure the client device supports print redirection and meets the location awareness requirements.

The client device that gets selected will need to supply enough ports. Support for some peripherals may require drivers to be installed on the desktop.

VCAP-DTD | Objective 5.5 | Create a Tiered Physical View Storage Design

Based on business and technical requirements, determine tiered storage configuration

View Composer supports the use of tiered storage. Generally, in most scenarios, the replica is placed on a separate high performance datastore such as an EFD. Doing so will give us a slight saving in shared storage and will give you much faster read operations. The replica storage must still be shared so that all hosts running desktops within the linked clone pool can access the replica’s disks.

It’s worth noting here, if the replica disk is placed on local storage, all the linked clones in that pool must be placed on local storage.

When moving the replica to a separate datastore you reduce each linked-clone dat store by the size of the replica. A replica is required for each pool, so if you have multiple pools allocated to the same datastore, the saving is equal to the sum of all replicas.

When placing the replica on EFD storage, you reap the following benefits:

  • EFD supports much higher I/O than SAS or SATA disk
  • EFD responds to high read rates, such as boot storm or logon operations
    • During a boot lor login event the ration is 80/20 RW
    • A large percentage of reads are from the replica, therefore placing it on faster storage enhances performance massively
I thought it worth mentioning that desktop VMs cannot write to the replica, therefore it is important to understand that an EFD will not improve write I/O.

Determine content to be tiered and appropriate placement within tiers

Aside from replica, the Windows profile can be redirected to a persistent disk. Typically profiles and user data are redirected to network shares, leveraging a lower-tier storage such as NFS data stores.

Replica – EFD

OS Disks – FC/iSCSI/NFS

Persistent disks – NFS (typically)

Disposable Disk (If used) – same datastore as the OS disk.

Establish sizing for each storage tier in the design

Help with sizing will come from the analysis already done on the existing environment. Remember that placing the replica on EFD will reduce the shared storage requirements overall. Keep in mind a replica is required for each pool!

Further work will be done on this when I finish the objectives and run through a mock design.