VMware ESX

There are 3 posts tagged VMware ESX (this is page 1 of 1).

Trust your ESXi hypervisor!

When it comes to security there is always the concerns about the security of the ESXi hypervisor. Its always the hypervisor that is nominated as the layer that can’t be trusted within the IT infrastructure. The whitepaper by Mike Foley  tries to give you more insight on how the VMware ESXi hypervisor from a security perspective and what things to look at when securing the hypervisor.

The topics covered in the white paper are:

  • Secure Virtual Machine Isolation in Virtualization
  • Network Isolation
  • Virtualized Storage
  • Secure Management
  • Platform Integrity Protection
  • VMware’s Secure Development Lifecycle

The document can be downloaded here.

My road to becoming a VCDX

“Desire is the key to motivation, but it’s determination and commitment to an unrelenting pursuit of your goal – a commitment to excellence – that will enable you to attain the success you seek.” – Mario Andretti 

Finally found some time to write down my experience on achieving my VCDX. It’s been a long road to achieving my VMware Certified Design eXpert (VCDX) certification and as the quote above states it takes determination and commitment to achieve this goal. It was a bumpy road, not only during my project, but also when doing the VCDX defenses. I didn’t achieve it the first time, but with determination and commitment I continued the journey. Sure, it was disappointing and it took me some time to get over it and regain confidence, but in the end it pays off when you receive the email stating that you’ve successfully passed for VCDX. That’s a great feeling and proves that with desire, commitment and determination you can come a long way.

Hopefully this post will help others to in achieving it the first time. But even if you didn’t pass the first time, that shouldn’t stop you from trying a second time. It isn’t a nice feeling when being told that you didn’t pass, but don’t look at it as failure, look at it as feedback. Learn from it and use that to your advantage.

Design is an art, it takes time and patience… 

For me it al started when doing a VMware vSphere 4.1 project for a customer with a large virtual infrastructure that needed to be upgraded to vSphere 4.1. Not to say that your project needs to be big. This project incorporated 60 clusters and 360 ESXi hosts. That’s what I call a big environment, but isn’t necessary for a VCDX project. What does help is that you choose real-life project.

Tip #1: Choose a real-life project.

Something to get your teeth into and that guides you along the way of design. Design is a step-by-step, iterative process and helps you in determining why certain choices were made in your design. Seek peers to review the design along the way. Ask your customer to be critical and speak to them on the choices you’ve made in the design. Present the results in the end and ask them to challenge what you’ve come up with.

And like I already stated it doesn’t need to be a large, complex environment. As long as you have a project that takes you along the following route:

1. Gather customer requirements and constraints;

2. Create a vSphere logical design that meets the requirements and takes the constraints into account;

3. Translate this logical design into a physical implementation again taking the requirements and constraints into account.

Take into account that during your design you will go up and down this list. In most designs there will be contradictions between the requirements, constraints and the things that are physically possible. This is were your architect skills will come into play and the guidance that you need to provide to your customer and in the end this process will provide you the why for choices you’ve made in your design.  Guess what is interesting during your VCDX design defense….

Tip #2  Keep a log of all the design decisions that were made during the design phase

Tip #3 : Use the VCDX blueprint when creating your design

The blueprint has been based on design areas that required in a vSphere design. Therefor it is a very useful document when creating a design. Use this information when going through your design process and try to focus on all the design areas that are mentioned in the blueprint.

Also it is useful to keep in mind that the choices you make for your design should be based on the requirements and constraints that apply to the customers environment. It is your job to explain why certain design choices have been made taking those customer requirements and constraints into account. In other words there is no single perfect design. That is not what the panel is looking for. The panel is looking for the validation of choices you made during your design phase. Show them the thinking process you went through when making a design decision.

Tip #4 : There is no single perfect design. The best design is the design that meets the requirements and constraints of your client. 

Keep this tip in mind when designing. There is no perfect design. The best design you can create is the one that you’ve agreed upon with your customer. You need to take all the requirements and constraints into account and create a design that meets those elements. Don’t try to struggle with the fact that is must be a “perfect design”. The only perfect design is the design that takes the customers needs into account. And again you need to be able to recollect why you made certain choices for the customer in you design.

Going doing the certification path.

Trying to achieve your VCDX is a choice. It needs to be your decision and you will need to commit to go along on this journey. It takes time and a lot of effort before you eventually stand in front of the panel. With time and effort comes planning, so…

Tip #5: Make a planning, set a goal for yourself

Do this at the start. Doesn’t matter when. If your a VCAP, VCP or don’t have VMware certification at all, anytime you can decide to go for your VCDX certifcation, but do create a planning and commit to it. Try to analyse what you still need before applying for the VCDX defense. This can be certifications, a vSphere design, more VMware vSpere knowledge, etc. Create a breakdown structure of the things you need to do with a date that you’ve got in mind. Write them all down, put it on a wall and look at it from time. Setting a goal will help you motivate yourself to do the things necessary to achieve VCDX in the end.

Tip #6 : The application is a summary of your design, use it as strategy approach for your defense panel

The panel is to show your design skills to the panel. The application is usefull for strategy approach with the question in mind : What do you want to show the panel? Walk through your requiremetns, constraints and assumptions and see look at the ones that had the biggest impact on your design. Those are the ones that are the most interesting and the most fun to talk about during your defense.

For more information I would like to refer to the VCDX Candidate Tips  which is full of useful tips.

Tip 7 : Seek help from others. 

Your not alone. You probably work with a lot of talented people that can challenge and help you to grow. Don’t just use them for a mock defense, but also let them help you achieve your VCDX. Ask for advice, let people read what you are doing and share the experience.

I’m not perfect, but there is no failure. There is only feedback!

Unfortunately I didn’t achieve my VCDX the first time. “We regret to inform you…” were the words that haunted my mind for quite some time. During that time I had a lot of things going through my mind. But when the dust from the “Cloud of Dissapointment” settles, it is time to pick up the pieces. And actually there is a lot of information in the experience you went through. I must admit, it wasn’t a fun experience, but it did have a lot of information in there. Here are some tips to help re-set your goal.

#Tip 8 : Have some time between the VCDX defenses. Don’t take another VCDX defense between 4 -6 months after you didn’t pass. 

Instead of looking at it as failure, turn it around, look at it and see it as feedback. It wasn’t that you weren’t good enough. You already made it through the application phase and were allowed to go to the defense panel. You are good enough, but you  just need to bring your A game, in stead of the B game that you brought to the defense that didn’t let you pass to become VCDX. And the information to bring your A game is all in the feedback that you got during the defense and in the email with the notice that you didn’t pass. OK, I’ll admit, the feedback in the email isn’t much. It has pointers, but combined with the experience you have, you can probably work out the areas that need your attention for your next try. Go through your design and adres the areas you need to work on using the following tip…

#Tip 9 : Using a real-life project doesn’t mean you can’t tweak things to your “advantage”

Some decisions in you design maybe are hard to explain or aren’t there because the customer didn’t have the information. That shouldn’t stop you from adding and tweaking your design to your “advantage”. Panels only have the information that is presented to them through the application, which basically means that you can create an ideal situation. If there a things in your design that you would like to have tweaked, feel free to do so, but do keep in mind that you need to clarify it with the requirements and constraints that the customers provided to you (or that you also added ) It needs to fit and you need to be able to explain it to the panel. Create your own world, but without losing the grip on reality!

# Tip 10 :  Learn for the past, work hard in the present, focus on the future

Please learn from the experiences that you had during the defense you did not pass. This is valuable information before walking into the defense panel again. You already know what is expected of you, you already know what you did wrong the last time, but stop and I repeat STOP going back to “the bad experience”. There is no point in re-living the bad experience over and over again. In stead learn your lessons. Use them to your advantage. Work hard to getting things back on track to your VCDX and focus on the future. Try to imagine what it would be like standing in front of the panel again. You can do this!

To conclude my write-up try to look at gaining your VCDX as a learning experience. There are lots of lessons in there and there are barriers that you need to break before you achieve your goal. If it was that easy to gain your VCDX then there wasn’t any fun in doing it at all. So when you sit down again and think about your bucket list, write this one on it : Achieve VCDX! (I know you want this, you wouldn’t have read my complete article if you didn’t want to do this… Have fun!)

 

Auto Deploy in vSphere 5.1

Auto Deploy has been added to the vSphere portfolio with the release of 5.0. Now with vSphere 5.1 the functionality and resiliency has been improved and makes Auto Deploy the tool for deploying ESXi onto baremetal servers.

Auto Deploy works in combination with PXE booting. During network boot the PXE server will re-direct the baremetal server to the Auto Deploy server. With 5.0 there was only one option Stateless Install. Now with 5.1 two more options have been added: Stateless Caching & Stafull Install. 

Each option has different method of installing the ESXi operation system to the baremetal server:

  1. Stateless Install; The baremetal server will need to boot to PXE each time the server is restarted. A connection to the Auto Deploy server will be made and ESXi is streamed to the server in memory. If the Auto Deploy server can’t be reached, the server won’t boot ESXi.
  2. Stateless Caching; Stateless caching will try boot ESXi into memory just like Stateless Install. However the last known installation will also be cached to a local disk. In the event that the Autodeploy server can’t be reached the baremetal server will boot the last know configuration.
  3. Statefull Install; The first time the baremetal server boots it needs to connect via PXE boot to the Autodeploy server. The Autodeploy server will then install ESXi onto local disks. After that the baremetal server will boot ESXi from local disk.

Auto Deploy in vSphere 5.1 adds more resiliency by providing the option to install or cache to local disk. This has matured Auto Deploy for usage in an enterprise environment. For more information see the whitepaper “vSphere 5.1 – What’s New Platform