VCAP-DCV Design exam notes

Reading Time: 4 minutes

 

As the VCAP-DCV Design 2020 certification is going to be released (but the 3V0-624 exam is not scheduled to be retired yet) on Jan 1, 2020.

Recently I made another post about my experience with this exam where I failed, check it here.

For your information, at the moment the 3V0-624 is the current exam code for the VCAP-DCV 6.5 Design certification (Also named VCAP-DCV Design 2019), always check the code for the exam no matter which is the certification name.

I decided to share with you some notes for this kind of exams no matter which version.

This information will be more helpful for people that have never taken this exam rather than those who are experienced in these advanced exams.

Audience

The Design exams (VCAP-XXX Design) are mainly for IT Architects (sounds cool?) but, why for architects? Well, if you check the blueprint, you will see a couple of sections and not many objectives. The truth is hidden inside each section, which is huge and covers many aspects.

Could you pass this exam without being an IT architect? Of course!

trust_me_architect

Many did it (not in my case yet) by studying and having a lot of design experience, or also helped doing designs with other peers for example. Also, you can gain all the knowledge of all areas and study your main gaps.

The goal is to design VMware solutions to meet specific goals and requirements, ideally, you should have advanced knowledge of storage, network, compute, end-user computing environments and other components.

You will have to develop a conceptual design given a set of customer requirements, determining which requirements needed to create a logical design and after that creating a physical design with these items.

Technical background

As you are aiming for a VMware certification, you must think in all solutions, features, and elements from vSphere.

Here is a list of the solutions that appear in the Blueprint and are related to VMware of course:

  • vSphere
  • vSAN
  • SRM
  • vROps
  • VVOLs
  • vCenter Converter

Inside each solution, you should know at least the most of the features, functionalities that they offer, dependencies between them and test them (if you can).

Apart from knowing about these technologies related to VMware, there are obviously the core areas that compose a general IT infrastructure: Storage, networking and compute.

So, be prepared to dig on each area and know about dependencies between each other and with other solutions.

Advanced knowledge is desirable (and you will be tested) on each area would deserve more than post so, I am not going to explain anything right now about it 🙂

Aiming for the exam

Your main guide must be the blueprint, no matter what other unofficial guides say (although they are very helpful). In the blueprint you will have all the sections and objectives that will be qualified.

This exam requires to read a lot (more if your daily job isn’t designing solutions) and not just books to gather information about how to gather requirements from the customer and match them to terminologies like RAMPS or RRAC (I will explain a bit of those later), also all the technical papers that the blueprint mention (+50).

Conceptual, Logical and Physical Design, you will see this a lot and once you understand it, you will see why.

You must check all the references (documents) that the blueprint mentions because most of them will appear in the exam.

Some key points from all the features, elements or products I think will be:

  • Dependencies: Know the dependencies between solutions. What do you need to enable vSAN, apart from at least 1 SSD/Flash and 1 SAS/SATA disk? It also requires vCenter and DNS.
  • Advantages and disadvantages: Does SRM perform replication? Is HA better to ensure availability than FT? Which solution can achieve a 5-minute RPO? vSAN
  • Maximums and limitations: vSphere 6.5U1 supports a maximum of 4 PSCs per site, behind a LB. Also a maximum of 10 PSCs per vSphere Domain.
  • Upgrade paths: How would you upgrade a vSphere 6.0 environment to 6.5 with external PSC?
  • Determine RCAR: Differentiate between requirements, constraints, assumptions, and risks.
  • RAMPS: Build recoverability, availability, manageability, performance, and security into a vSphere Logical Design.
  • Gather and analyze business and application requirements from customer interview data, determine customer priorities for defined objectives and categorize those requirements by infrastructure qualities.

In the post, I mentioned to you at the beginning there are some resources which are quite helpful in order to learn and improve your non-tech skills.

Summary

There is so much information to digest if you don’t have a certain level of knowledge in vSphere and the “art” of designing solutions, which could lead you to study a lot of products, methodologies, and features in probably, a great amount of time.

But don’t be impatient, it will take you time but, review each section and check the concepts, products or features that you’re not familiar with.

Check videos and other unofficial guides that probably will make other fellows from the community.

This exam is about theory so, you will be tested as an architect who designs solutions based on customer or application requirements and how to match them to a VMware design.

It is difficult to generalize all the things that can appear in past, present, and future VCAP-DCV Design certifications but I tried to give you as much information as I can.

 

 

 

 

 

 

Runecast Analyzer: Deploy, configure and quick review

live_demo
Reading Time: 5 minutes

Today, I’ll show you how easy is to install, configure Runecast Analyzer (v 3.1.1.0) in your environment and we will review quickly what can we offer this solution.

Runecast?

Runecast is a company founded in 2014 more recognizable because the CEO is Stanimir Markov which is VCDX #74 but in his team has other virtualization veterans who help them to create this solution.

It’s a solution made by and for IT Admins which will scan your VMware environment (vSphere, vSAN, and NSX-T and V) and inform you about issues, best practices, hardware compatibility and apply security hardening in your VMware environment.

With all of this information it will save a great amount of time to any IT admin in order to resolve or identify a known (or not) issue, perform an upgrade of any new release of vSphere, apply the correct configurations according any Security standards (PCI-DSS, HIPAA, DISA SITG, etc.) and more…

The main functionalities of this application are:

I will do another post showing and explaining in detail these features, meanwhile, you can check each one on their website.

 

Use it in your environment or try it in a demonstration

If you want to install and configure this virtual appliance to deploy in your environment, go to https://www.runecast.com/quick-and-secure-deployment and in the upper-right menu click the Free trial button.

You will need to create an account (it’s free) but once you created it, you will have access to the OVA file by downloading it:

Ova_download

 

Runecast has also a Live Demo where you can try all the features without installing anything, just go to the website: https://demo.runecast.com and login with the credentials provided.

live_demo

You will see immediately a test environment where you can check all the features that it has in just seconds, quite handy if you want to test this solution quickly.

 

Deploy and configure

Once you download the OVA file, deploy it in your virtual environment like what you will do with other virtual appliances:

  1. Right-click in your DC and “Deploy OVF Template…”
  2. Select the OVA file you downloaded in the previous section.
  3. Select name, folder, compute resource
  4. Accept the EULA, choose the deployment configuration (in my case Small)
  5. Configure the resources necessary for the appliance (storage, network and finally all the networking properties).

Once the OVF package has been imported (it took 2 min approximately), it will appear a VM in your vCenter:

vm_vcenter

 

Now, power on the VM and check in the VM console which is the IP that you give to the application in order to access the appliance (https://192.168.1.81):

runecast_vmconsole

 

The first time you access through the website, you must use the following credentials (the same as in the Live Demo):

live_demo

 

Now, it will ask you some information to connect to your vCenter, just enter the information (I created a new user to connect to the vCenter) and click Continue:vcenter_info

And provide a schedule, I let the default setting as it’s a reasonable schedule. Continue by selecting “Start analysis”:

schedule

This, will scan your VMware environment and let you know in the dashboard all kind of issues, configuration, etc.:

runecast_main
The screenshot was taken from the Live Demo that Runecast provides

 

Features

Here I’ll show you some screenshots from the solution and how they look:

  • Security Hardeningrunecast_securityhardening

It matches the security standard that you select to your environment and let you know which configuration you must apply in order to be compliant with that security standard.

  • Best Practicesrunecast_bestpractices

Guides you about which Best Practices can be configured in your VMware environment against the VMware Best Practices.

  • Config KBs Discoveredrunecast_configkbs

One of the most pro-active features is Config KBs Discovered, it lets you know which configurations you have currently applied in your environment and the KBs that are published in the VMware DB.

  • Hardware Compatibilityrunecast_hcl

This feature will help you to deal with any kind of upgrades in just seconds, do you know if your hardware is listed in the Hardware Compatibility List for some product? It will give you all the information in just a moment.

  • Log Inspector runecast_loginspector

Log inspector will look for patterns in your ESXi logs in real-time in order to analyze and provide a solution before anything happens.

What a better way to apply a fix for something that you didn’t even notice?


And that would be all for this quick post about Runecast Analyzer and how can it help in a VMware environment for vSphere, vSAN, and NSX.

If you thought that Runecast Analyzer is a single-use tool, you’re wrong, it has many features that make it easier to manage a VMware environment in a daily-basis.

Remember that you can try it for 30-days with all the features or use the live demo on their website.

 

VCAP6.5-DCV Design failed exam experience

fail-better
Reading Time: 3 minutes

Recently I took the 3V0-624 exam (a.k.a. VMware Certified Advanced Professional 6.5 – Data Center Virtualization Design Exam) and I failed (266/500).

fail-better

I took it on September, 4th (a month and a half ago) and as I was on holiday and now preparing things for VMworld Europe I won’t be able to study after the event.

I recognize, I study a bit in a rush. In just one month for someone who is daily tasks aren’t about architecture, it can be hard (or not). In my case, this rush was influenced due to leaving on vacation for more than 2 weeks. Then, I decided to give it a try before leaving but, the outcome wasn’t what someone would like!

Let me share my experience in the exam, some thoughts, resources, and notes that maybe can help you.

Know yourself

What I want to say in this section is knowing your limitations and experience against the exam. I am not going to do a comparison against the blueprint right now but, check the blueprint and be honest to yourself.

This exam is called “Design” and that means having a broad knowledge on many areas (like networking, storage, computing, hardware, etc.), a different mindset than an engineer (the famous “holistic” view that architects have).

So, basically, check all the sections in the blueprint and match them against your knowledge. Are there too many gaps? Then, you probably need more experience and a lot of time to study (or both) but definitely, the experience becomes very handy for this exam.

(I recommend you to check the blueprint from the VCAP6-DCV Design which is quite better than the 6.5 version (in fact, it has the resources split into sections instead of giving you a list of 50+ resources like in the 6.5 version).

I am not an architect but I did some projects from the scratch (small ones) and participated in others that were normal (I don’t want to say big because it is subjective) as a technical reference so, I had some of the knowledge regarding how to approach a project

Expect to gather the requirements, find “RRAC” (Requirements, Risks, Assumptions and Constraints) and also I had knowledge in DC architecture, vSphere (obviously) and other products from VMware (this is a VMware exam so don’t expect another thing!).

Study Resources

There are many resources that you can find on the internet:

Blog posts:

 

The books I read:

  • VCAP5-DCD guide
  • IT Architect: Foundation in the Art of Infrastructure Design: A Practical Guide for IT Architects
  • VMware vSphere Design 2nd Edition

Obviously I reviewed all the technical papers from the blueprint and you should too (at least check if you understand the main concept).

The exam

As the official webpage states, there are 60 questions and you have 135 minutes (2 hours and 15 minutes) to complete the exam. This is plenty of time for anyone I think.

I read other experiences and almost anyone had a lot of time left in the clock before finishing the exam. When I took it, I reviewed the questions and there were almost 30 minutes.

Questions can be large so, maybe you want to read it a couple of times or even when you’re answering it.

The format of the exam is multiple-choice, matching and drag and drop. That means that all questions won’t have a single choice solution.

Even I had time to finish the exam without looking at the clock too much, I failed with a score of 266 (passing score is 300 like many other VMware exams). That means that I need to review which were my weakest points, resolve my doubts and catch up with all I studied a couple of months ago.

Notes

As far as I know, this exam goes until ESXi 6.5 U1 (which is the latest release before the blueprint came out).

Review dependencies between all products and features within vSphere (especially the ones related to the RAMPS concept).

The conceptual, logical and physical design concepts must be mastered.

Review limitations on each feature (HA, DRS, FT, etc.) or product (vSAN, SRM, etc.).

The vBrownbag videos and books like the “VCAP5-DCD guide” can be very helpful even though are “older”. About books. the “vSphere Design 2nd edition” along with the “IT Architect series: Foundation in the art of infrastructure design” will give you a general vision of all concepts that an architect must know.

Check the blueprint from the VCAP6-DCV Design as the objectives are the same as the 6.5 version but better explained and with references on each section.

 

So, that’s all I wanted to say and I hope that even I didn’t pass in this first attempt, it can help other people willing to take it in the future.

Sometimes you have to fail better before succeed.

VMworld 2019 Europe local guide

Reading Time: 8 minutes

VMworld 2019 Europe is almost here! And I made a local guide with tips about transport, restaurants, places to go, etc. to ensure you can enjoy more your experience in VMworld.

General information

This event will take place from the 4th (Monday) to 7th (Thursday) of November at Fira Gran Via in Barcelona, Spain.

VMworld is always an amazing opportunity to learn from all the events that will happen there like the Hands-on Lab, Breakout sessions, General sessions, etc.

Also, it is a great way to connect with a lot of people from the community, vendors or other persons that you are interested in.

People are really friendly so, don’t be shy (you can try first on Twitter!) and try to speak to members from the vCommunity. Besides, be sure to meet the vBrownbag team in the VMTN Tech talks area 🙂

If you are interested in attending this amazing international event and enjoy many other advantages, you can register here.

Some notes

In Spain, tipping is entirely optional and it’s not very common so, it’s up to you if you want to leave a tip in case the service was exceptional or you think it deserves it.

In restaurants, shops, etc. the VAT tax is included. Therefore, you don’t have to worry to calculate an extra amount of money.

Also, once you pay with credit card (VISA branded cards are the most used here) they will make you enter the PIN code of your credit card (a bit different than the US).

I know it’s late but, hotels near Fira are nice and a bit expensive. The best zone I think it is near Sants where there are cheaper hotels, nice transport connections, and great ambient.

The official language in Barcelona is Spanish but most of the population speak in Catalan. Saying that, don’t worry if you don’t understand some signboards from the street or public places.

Transportation

There are 3 different train services: Renfe (Local Train), TMB (metro/subway/underground) and FGC (Regional Train).

Renfe and TMB are the most used because they have more combinations than the FGC and also better schedules. So, basically, you will see in this guide mentioning train for Renfe and metro/subway/underground for TMB.

Coming from the airport

Once you land at El Prat airport, there are a few ways to go to the city of Barcelona:

  • You can take a taxi (expensive but more convenient for people with less time or when the hotel is located in an isolated area). It will costs between 20-30 € from the Airport to Sants (always depending on the traffic). Put the hand luggage on the taxi trunk costs an additional euro.
    You can use the app myTaxi to order one.
    Uber and Cabifiy are not available in Barcelona.

You can go to the Aeroport (airport) stop of the R2 Nord line (you must go to Terminal 2 to take the train). This line will take you to Sants-Estacio and will be great for people staying near Sants.

This line is less frequent than the next option but it takes less time. Pricing is subjected to zones. In that case, From Aeroport to Sants-Estacio the price for a single ticket will be 4.20 €.

  • By metro (TMB):

Use the L9 Sud line, this is the Metro (subway/underground) service and can be combined with other lines (like L5 at Collblanc stop for example) within the same ticket.

This metro service is more frequent than the train service and it costs 4.60 €. This can be the best option for most people because you can use the same single ticket to go to other places by combining lines.

  • By bus (Aerobus):

The least recommended option as it will be crowded but it depends on your preferences and where do you want to go.

The Aerobus will take you to “Plaça Catalunya” (Catalunya Plaza) but it costs a bit more than other services (5,90 € at the moment), you can review more information in this link.

T-10 card

If you plan to visit Barcelona, consider buying a T-10 ticket (which includes 10 single tickets or 10 journeys) as it will save you half the price of many single tickets. This T-10 card can be used for many people as you want so, consider it if you are a group.

T-10 cards are sold by zones (because they have other public services integrated), as you are going to stay in Barcelona, you only need 1 zone. Price for a T-10 1 Zone card is 10.20€, versus buying 10 single tickets (1 zone) will cost 2.20 € x 10 = 22€.

T-10 tickets can be used on any public transport (bus, Metro, Renfe and FGC services) with some exceptions covered here:

  • You cannot use the T-10 ticket from the airport on the Metro Line L9 Sud. This means the T10 ticket is not valid at the stops Aeroport T1 or Aeroport T2 on the airport metro link.
  • The T10 ticket is also not valid on the Aerobus express bus.

Moving inside of Barcelona

The Metro (subway/underground) is your best choice whatever you stay in Barcelona if you want a cheaper, frequent and reliable service.

With the metro (remember the name) you can travel through lines at the same cost. The main stops to consider will be Fira in L9 Sud, Plaça Espanya in L1/L3 and Sants-Estacio in L5/L3.

The fastest way to VMworld?

The closest stop to the VMworld event is Fira in L9 Sud or the Europa-Fira stop which is another stop from the L9-Sud line that also combines with another train service (FGC trains) which is a different transport service than the metro and it has different stops.

If you stay near Sants, the Sants-Estacio stop in L5 will be your choice. Then, in Sants-Estacio station take the L5 to Collblanc stop and after that, change the line to L9 Sud until you arrive at Fira stop.

You can see in the following map the VMworld precinct highlighted in yellow and the closest stops (marked in blue): Europa-Fira stop which combines FGC and Metro services and, Fira stop at L9 Sud.

FiraGranVia-map

Last year VMworld provided a free metro card; As I don’t know if it will be the same but if you are aiming to visit Barcelona and visit other places, consider to buy a T-10 travel card (10 single rides) which is multi personal and quite cheaper than buying 10 single tickets.

 

Events around VMworld

Fred Hofer has a magnificent post where it summarizes all the events and parties that will happen on these dates, check it here

I organized the vFit runs, review my post for more detailed information

In my case besides the vFit event (Monday and Wednesday morning), I will attend the vSoccer event on Monday night and vBreakfast on Tuesday.

 

Outside VMworld (Sightseeing)

Here is a summary of the places that you could visit if you come to Barcelona:

La Sagrada Familia

Probably the most iconic building in Barcelona. It is an unfinished church designed by Gaudí, an architect who made many iconic buildings here in Barcelona.

Location: https://cutt.ly/5eoPoBU

Las Ramblas

The most famous pedestrian street of Barcelona, you will see many kiosks and artists there while walking in the middle of the city. Note: Keep an eye on your belongings if you are watching an exhibition as pickpockets could be near you.

Location: https://bit.ly/35zkqXQ

font-montjuic

La Font Màgica de Montjuïc (Magic fountain of Montjuïc)

This fountain is amazing at night. You should check the exhibitions scheduled with lights and streams creating shapes. It is located near the Veeam party that will be on Tuesday so, maybe you can go earlier and check it out!

Location: https://bit.ly/2VBo9zc

Park-guell

Park Güell

A gorgeous park with some designs from Gaudí and other architects that are interesting. You must buy a ticket in order to gain entrance to the Monumental Area (where you can see some monuments from Gaudí).

Location: https://bit.ly/319oIS3

casa-batllo

Casa Batlló

A famous building designed by Gaudí also named “House of bones”. Look at the facade which is something that you probably never seen before with the sculpted stonework, the windows or the painting. It is also a museum where you can visit (you need to buy a ticket) the inside of this building.

Location: https://cutt.ly/ieoPssI

la-pedrera

Casa Milà – La Pedrera (The stone quarry)

Another famous building designed by Gaudí. It has unique balconies and a courtyard that defines the style of Gaudí and also his last private residence.

Location: https://cutt.ly/reoPjYM

port-olimpic

The Olympic port of Barcelona (since recent events in the past months, I will avoid going at night)

It is one of the most exciting leisure and touristic spots throughout Barcelona, with a wide offering of shops, clubs, and restaurants. It’s the gateway to the Barcelona beaches and also there is the Barcelona zoo near to it.

Location: https://cutt.ly/seoPx1J

In general, avoid going alone in the night, especially in “Las Ramblas”, “El Raval” or near “Olympic Port of Barcelona”.

Also, avoid the neighborhood known as “La Mina” which is farther from Barcelona but it still accessible by Metro.

Restaurants

The food in Barcelona is nice and some of you probably know it.

Let me suggest a couple of restaurants near Fira Gran Via (VMworld):

  • Gran Varela: A restaurant with great food (especially octopus). Also, the wines are great!
  • In Gran Via 2 (a shopping center pretty close to Fira Gran via) I can suggest you:
    • A great Japanese (Udon)
    • A good Italian (La Tagliatella
    • Beers and tapas (Cañas y tapa)
  • Restaurant La Vid: A nice restaurant where you can try local food like the bread with spread tomato, the Spanish omelet, or the ham! This is also the restaurant that will be hosting the vBreakfast event on Tuesday morning.

 

The best places aren’t near Fira Gran Via but if you want to try better food, here are a couple of restaurants that are really nice:

    • Bacoa Burger: Amazing and customized burgers, also hand-made fries and sauces.
    • König: Amazing restaurant where you can try almost everything: tapas, amazing beer, flatbread, and many other options!
    • La Bella Napoli: Not many choices on the menu in this Italian restaurant but the food quality is amazing.
    • Buenos Aires Grill Restaurant: Steak, ribs, Argentinian Beef, special cuts?
    • Ramen-Ya Hiro: Best ramen in Barcelona without a doubt! The queue won’t be short to get the Ramen…

Local food

Let me put a short section about local food here. The food you must try while staying here would be: Paella, Spanish omelet, Bread with (spread) tomato and of course Ham (Jamón)!

Despite there many restaurants that they prepare all these dishes, I will avoid the ones in Las Ramblas because they’re usually not the best option…

Bread with (spread) tomato can be found in almost any bar or restaurant so, just ask for it. They are also served at breakfast!pa_amb_tomaquet

 

If you don’t want to lose a lot of time by going far from VMworld to taste many of these dishes, I would suggest you go Restaurant La Vid, which I talked in the previous section.

 

Also, on these dates, it is common for street vendors to sell hot toasted chestnuts wrapped in newspaper, give it a try!

chestnuts

Finally, you should try a sweety called “panellets” (special almond balls covered in pine nuts), you can find them in bakeries:

panellets

 

There are many other places and foods not included here. If you want something specific just let me know in the comments or via DM on Twitter.

Conclusion

That will be a summary of things to do at VMworld and in the city of Barcelona.

Be sure to enjoy VMworld with all the events, parties, people and more things that can give you but overall, have fun!

If you think that something is missing, let me know.

See you at VMworld!

 

 

 

vFit at VMworld 2019 Europe

Reading Time: 2 minutes

Yes! I am happy to announce that the vFit event will happen also at VMworld Europe this year!

Eric Wright (@discoposse) is the creator of this event and you can check how it went at VMworld US here! I love his idea of engaging folks who attend tech events to do some exercise at tech events and why not at VMworld Europe?

Enjoy a run with our great community outside VMworld. You can meet people, share a great moment to run outside the event centers and enjoy the city of Barcelona.

So, this year in Barcelona I will be the organizer for the #vFit event and I hope you can join me and other community folks in the 2019 #vFit runs at VMworld Europe.

 

Basic information

Anyone can join this event to run with a group of community folks at approximately 6.21min per km / 10min per mile. May be a second group if enough walkers join, we will discuss it once when we meet there.

The meet up for the runs will be at the exit of Europa-Fira station: https://bit.ly/354kRsN
There are two exits at Europa-Fira (showed in blue), you must go to the one which has 3 “big” buildings. Our meet-up will be at the red circle that you can see in the following map:
Europa_Fira_map
Here you have a Google Street View just in case you’re not sure if you picked the correct exit: https://bit.ly/30N3o4x

So, as said we will have the meet up at the red circle that is in front of one of the Europa-Fira exits.

 

Schedules

Usually, this is a daily run event but, as I am the one organizing it, I can’t commit to doing a daily run because I have other duties to do at VMworld.

Therefore I decided to do 2 runs and the time of each meet up is:

  • Monday, November 4 – 06:45 AM CEST
  • Wednesday, November 6 – 06:45 AM CEST

On Wednesday many people will be crashed by Tuesday parties however I will be there anyway!

Why not Tuesday?

I’ll be heading to the vBreakfast event on Tuesday and also on Monday night there is the vSoccer event so, some rest is needed 🙂

Then, on Tuesday you can rest or even go for a run yourself.

 

Route

The route goes from Europa-Fira station (where we meet up) to Montjuic (uphill) and then coming back from the other side (downhill) to end at the Europa Fira station.

The route is about 5.5 km / 3.41 miles and we will see some streets from “La Marina” district (where VMworld is hosted) and the Montjuïc Park.

Here you have the route if you want to check it out:

Route map for VFit Running EMEA 2019 by Dan Belmonte on plotaroute.com

How do I join?

Just to know how many people are going to attend, register here on any date: https://www.eventbrite.com/e/vfit-emea-2019-tickets-74746226977

But the main point is to be there at the time specified in the schedules section.

Use the #vFit to share it with the community!

If you need more information, just send me a DM on Twitter or comment on this post and I’ll be glad to help you.

See you there!

Veeam – Backup VMs in remote sites

Reading Time: 6 minutes

I was wondering why I haven’t talked about Veeam when I use it almost every day in my job, not only administering backups but doing new implementations.

Recently, I had to implement a design where I need to backup VMs in remote sites but not back up them in a centralized storage, they will be backed up on each remote site storage.

So, by deploying a VM with the Backup proxy service and also use it as the backup repository we can accomplish the goal. We will save bandwidth and increase the speed to restore and backup those remote virtual machines by using the local storage on each remote site.

 

Scenario

The scenario I am talking is the following, a dedicated VM with Windows Server 2016 Standard (a.k.a. W2016 STD) to act as a backup proxy and backup repository and Veeam B&R installed on the main site (the cloud we will say).

This is the high level design:

Veeam_scenario

So, we are going to back up all the VMs that are hosted in the remote ESXi hosts and also save the backup data in the local storage.

As said before, in this way we save bandwidth and gain speed in the backup and restore process in case we need to perform any of it.

We will assume that we have a vCenter deployed with Veeam B&R installed. The Veeam B&R has configured the vCenter and then all remote ESXi hosts.

 

Implementation

The implementation is pretty straightforward, we will have a dedicated VM to be deployed on each remote site and then perform the following high-level steps:

– As a backup repository, we are going to add a hard disk to the remote VM and use that hard disk as the backup repository for the site. We will seize the capabilities of Windows Server 2016 and use ReFS as the filesystem for the added hard disk.

– Install a backup proxy service, we just need to deploy the backup proxy service from the Veeam B&R console to the VM that we are using. The backup proxy will be who processes jobs and delivers backup traffic.

So, let’s go each step!

 

Backup proxy service

First, our Windows Guest OS VM is joined to the domain, so we won’t have any kind of problem for resolving the name or accessing with domain account credentials.

Let’s add the proxy by going to the Backup Infrastructure tab > Backup Proxy > Add VMware Backup Proxy…

As this is a new server for Veeam, we will have to add it as a “server” by pressing “Add New…”:

Then, this window will appear, just enter the FQDN of your server:

Choose credentials and chooseApply “to install the transport service:

After that, you will be able to choose the newly added server (Proxy_EUR.itgaiden.com) from the drop-down menu:

Now, let’s configure the Transport mode and Datastores for this proxy (as in the previous screenshot):

And for the datastores, choose the ones that are connected to the ESXi host where the VM is hosted by selecting Manual Selection and adding them:

choose_manual_datastores

After configuring that, you will have the same configuration as in this screenshot:

Finally, just hit Next and apply any kind of traffic rule if you want:

Now, finish, and the proxy will be fully configured and ready.

 

 

We configured these options because they are the best for our deployment which is using a Windows VM that will have a backup repository which will save the backups.

For more detailed options about the Backup Proxy service go here.

After configuring each backup proxy we will have a bunch of them in the Backup Proxies tab:

Backup_Proxies

Backup repository configuration

In this step, I suggest following this article to perform this step.

Basically, we just have to add a new hard disk to our dedicated VM as Thick Provision Eager Zeroed, format the disk as ReFS and finally, add the Backup Repository to the Veeam B&R Console.

In that article, it’s also explained the benefits of ReFS so, I think it’s more detailed and easy to follow it.

After we configure all the backup repositories, we will have the same amount as the backup proxies:

veeam_backup_repositories

As you can see in the previous screenshot, the path (D:\Backups) is the disk that we added to the VM on each remote site. We have configured the backup repository to that path because, as explained before, we have a disk formatted in ReFS and it’s explained in the article.

Backup job configuration

After configuring the backup proxy and backup repositories on each site, we are ready to the last step, configuring the backup job to perform backups.

Go to Home tab and then Backup… Virtual Machine:

Now, step by step, pick a name for the job:

Proceed to select the VMs you want to backup (in our case the ones in the EUR site):

 

Let’s continue and in the Backup proxy, click Choose… and select the correspondent backup proxy (EUR_proxy):

 

Press OK and go to Advanced. Configure it like that if you want Synthetic  full backups:

 

And then the monthly health check (recommended):

Accept and here is the summary for the backup proxy step (we will keep 7 restore points in our case):

Configure any option as you like (not in my case):

And finally, proceed with the schedule that you want after finishing the configuration for this job!

And that would be all for this remote site. We had to to the same with the other remote sites and our job will be done!

 

Conclusion

Finally, with this design you will be able to back up remote sites and store the backups in the local storage from each site.

If you don’t want to use a dedicated VM as a backup proxy, you can install the service on a VM that has low usage and install the backup proxy service, however, it’s recommended to use a dedicated VM which will have the backup proxy service and the backup repository (the virtual hard disk attached).

 

 

Migrating ADFS from 2012 R2 (3.0 v) to 2016 (4.0 v.)

Reading Time: 5 minutes

I will explain today how to migrate ADFS from 2012 R2 (3.0 v) to 2016 (4.0) without almost no downtime. The overall process consists in adding the new ADFS server to the farm, assign the primary role to the new ADFS, make some changes and then we’re done.

 

The current environment is:

  • 1 x WAP Server (W2012 R2)
  • 1 x ADFS Server (W2012 R2)

No applications published, just an Office 365 Relying party trust.

A DNS A record that points sts.teselia.com to the ADFS IP address.

 

And the future environment will be:

  • 1 x WAP Server (W2016) -> Not in this post
  • 1 x ADFS Server (W2016) -> In this post

Planning for your ADFS Migration

  1. Active Directory schema update using ‘ADPrep’ with the Windows Server 2016 additions (not necessary in my case)
  2. Build a Windows Server 2016 server with ADFS and join into an existing farm.
  3. Promote one of the ADFS 2016 servers as “primary” of the farm, and point all other secondary servers to the new “primary”.
  4. Change DNS records to the new servers’s IP address.
  5. Raise the Farm Behavior Level feature (FBL) to ‘2016’
  6. Test that the setup works correctly.
  7. Remove the old ADFS server (W2012 R2) from the farm.

Upgrading Schema

Now, time to upgrade the schema of the AD:

Put the installation media from W2016 Datacenter:

Adprep /forestprep

In my case, it was already updated (my domain is in W2012 R2 so it seems that I don’t need it).

 

Installing and configuring ADFS

Once we deployed a new Windows Server 2016 and it’s joined to our domain…

Install the role of ADFS in your target server and then continue with the post-deployment config:

 

Provide can account with Domain Administrator permissions:

 

Provide your federation service name. You can review it in the current ADFS primary server and click Properties in the root folder of the ADFS console:

 

In our case “sts.teselia.com”:

 

Specify your SSL certificate (usually your wildcard):

 

Then, I will use an account (Managed service account recommended):

 

Review your configuration and after the pre-requisite checks proceed with the “Configure” button:

 

After the server is installed you will have some warnings that will be fixed later by rebooting the server and making this new server as the primary ADFS server in the farm:

Then, we will proceed to reboot our server (ADFS01.teselia.com).

 

Configuring as a “PrimaryComputer” in the ADFS farm

Once the machine has restarted, open the ADFS Management Console, and you’ll notice it’s not the primary federation server in the farm.

Open a PS console and execute:

Set-AdfsSyncProperties -Role PrimaryComputer

 

After that, I can access the ADFS console from our new ADFS server without the warning:

 

Execute this on the other ADFS servers (we will point the new ADFS server as the PRIMARY):

Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName sts.teselia.com

Then, we will check that in our old ADFS server it’s correct:

Details to bear in mind

So, in my case, I have a DNS A record that points sts.teselia.com to an IP address (the ADFS server)

After pointing the new, I had to modify the hosts file from the WAP server in the DMZ to point to the new server!

Also, I modified the DNS  record from the internal DNS with the new server’s IP address.

 

 

Error with 0365 relying party trust

After migrating the service from ADFS 3.0 (W2012 R2) to ADFS 4.0 (W2016), I faced a  problem when updating the O365 relying party trust.

The solution was to apply a fix described by Microsoft:

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/2960358

Basically, what you have to do is to add a couple of registry values in this new ADFS server because it’s Windows Server 2016 and is running ADFS 4.0 version.

Once you applied the fix, reboot it and works flawlessly!

 

Testing the new setup

To check that it’s really working, try to log into your Office 365 portal and it must show you the portal from your federation service.

As the WAP service isn’t migrated yet, it should respond correctly but if the configuration is not correct, it won’t be able to gather the configuration from the ADFS service.

Removing the old ADFS server

Once you tested that it works correctly, as both ADFS servers will have the configuration replicated, you can remove the role from the old one (that now holds the secondary role) and then remove it from the domain.

With that done, you will have a fresh new Windows Server 2016 ADFS server and none “old” ADFS servers.

 

 

And that’s all, I will do in the future another post about the WAP service migration that it’s easier than this one, I hope that this can help someone.

Exam 70-743, Upgrading MCSA Windows Server 2016 experience

Reading Time: 2 minutes

I will explain quickly my experience regarding the Exam 70-743, Upgrading Your Skills to MCSA: Windows Server 2016 exam from Microsoft I took last April.

It’s been a while since I took an exam from Microsoft (the latest was in 2013 I think) where you probably know that these kind of exams are multiple-choice or single-choice.

Through my career, I saw a lot of people cheating with these exams by memorizing the questions you can find on the internet and finishing it in just 20 minutes.

Despite I envied these persons because they weren’t putting the same effort as I did, in the end, this was translated in almost no knowledge about what they practiced nor familiar with all the features that Windows Server offers.

So, I encourage you to study the materials and practice in order to learn and bring value to yourself if you want to use these technologies from Microsoft.

The blueprint and webpage for this exam is the following one: https://www.microsoft.com/en-us/learning/exam-70-743.aspx

 

About the exam

In my case, although I am experienced with Windows Server this kind of upgrade exams, which consists in a 3 in 1 exam, can be scary for someone who’s new or hasn’t touched many roles that Windows Server has.

Even I installed almost all roles from Windows Server 2016 there are some of them that aren’t so common and you should practice it in a homelab (best way to stick in your mind).

There are around 60 questions (the quantity may differ) chosen from the following exams:

Regarding the questions there is a mix of Drag and Drop, Radio buttons, Checkboxes, …you know, the usual ones in this kind of exams.

Important: Be aware that the feature “Nano Server” was removed/deprecated in Windows Server 2016 time ago, here is the official post from Microsoft: https://docs.microsoft.com/en-us/windows-server/get-started/deprecated-features

Also read the changes that this exam suffered, in the official change document that Microsoft provides (is in the blueprint): https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2IoQP

So, even if you see a lot of information about Nano Server in guides or courses in my case I didn’t find any question in the exam related to it (as it was deprecated years ago).

 

Resources and suggestions

As a resource, I mainly used this course from Pluralsight (not free): https://app.pluralsight.com/paths/certificate/upgrading-your-skills-to-mcsa-windows-server-2016-70-743

There are a lot of videos there, I checked the ones I felt more insecure and practiced in the lab. Also, I do recommend that you use Powershell to install and configure everything you can and in this way, you will get used to it.

As this is a 3 in 1 exam, the range of features and roles to know is huge, knowing a bit of everything will help you to pass but, without practice, you won’t get anywhere…

Having experience helps a lot but if it’s not your case, focus on the roles and features you never used or are not used to use (ADFS, NPS, RRAS, Hyper-V, etc.).

 

So…

To conclude, I can say it’s a fair exam and a bit challenging maybe but if you practice a lot with all the roles that Windows Server 2016 offers and know the differences from Windows Server 2012 R2.

Also, the most important I think…practice with Powershell. It won’t only help you with the exam also, in your future!

 

 

 

 

 

Cohesity Build Day Live

Reading Time: 7 minutes

I am going to share some thoughts and opinions about a recent video from the Cohesity Build Day Live recorded recently with the Build Day Live! team.

Disclosure: This post is sponsored by Cohesity.

First, just let me introduce briefly you what is Cohesity:

Cohesity is a platform focused on managing and consolidating secondary applications and the data. It provides a unified view and access to converge that secondary data, such as system backups and analytics in a simpler way to an IT administrator.

 

Now, let’s deep into the topic.

In the video, you will see how Alastair Cooke and Bharath Nagaraj building a Cohesity cluster from the scratch, configuring jobs, updating the physical appliance, restoring some data and showing some other cool stuff.

I really like this kind of videos because, you can see how they install a cluster, configure it or resolve any problems that can happen in real time without cuts.

Also, you can notice how much time it can take to deploy and configure a Cohesity cluster in some minutes, or even upgrading the whole cluster (node by node) while running some protection jobs (backup jobs).

Hardware

In this case, they use a  physical unit for deploying their solution, so it’s a 2U enclosure with 4 servers/nodes inside (blade server type).

It comes, like most other solutions, with 1GB ports for Management purposes and 10GB ports for Production Data.

As this is an HCI solution, it comes with the storage and computes resources necessary to process and store all data (PCIe Flash card and hard drives in each node).

 

Cluster configuration and UI

To configure the cluster you won’t need a lot of data to fill or knowledge to do it, they configure the cluster easier than I thought and straightforward.

In a real scenario, a Cohesity engineer will do it for you thus, this is just to let you know of the simplicity of it.

The UI is simple and clean, the home dashboard looks nice with some graphics regarding your Storage Reduction, Health, Throughput, Protection Runs, etc.

Backup

As you probably guess, it backups your vSphere/Hyper-V/Nutanix environment like other products do, so you can configure a Backup Policy with a schedule, time retention, etc. to back up your data and then you configure a Protection job which will be the backup job that is associated to a policy.

Just register the hypervisor of your choice and basically, you’re ready to back up your virtual servers (VMs).

One option I really liked when registering a hypervisor was, the option of selecting “Auto Cancel Backup if Datastore is running low on space”, so the DataPlatform solution is aware of the datastore’s space and can avoid you a big problem there…

 

About granularity, there is a lot of options to select when you create a protection job (DB, Virtual/Physical Servers,  but regarding what you can see in the video they protected only VMs and Office 365 mailboxes in different backup policies.

It’s great that when you are creating a protection job (a.k.a. backup job). you can select an object like a cluster or a folder with some particular VMs and then check the “Autoprotect” option to ensure that new VMs that are added to that object (folder, cluster, etc.) will be automatically protected.

 

Regarding long term retentions, you can choose to add an external target like a NAS or any cloud (AWS, Azure, GCP, etc.) to store your archive backups there.

This is an option that adds great value to your strategy because when storing great amounts of data for several years, you usually don’t want to store it locally or even in a NAS.

In my opinion, having a flexible option to store it in any cloud can save you a lot of headaches despite the money that you must pay for the cloud service (which nowadays almost every company does).

So, within a Backup policy select the Archival option and then you add as many external targets to store your long term backups.

 

Restore

Your backup strategy is useless unless you can restore from it…

I do like some points about this section that makes so simple to restore, from a single file (even download it) to restore tons of virtual machines to your virtual environment.

– Single file restore

If you want to recover a file, you don’t have to search for the date, where it was, etc. As simple as searching for the name of the file (or the portion you remember) and it will be searched in the entire cluster for you:

And then, when you found that file, look at the options that we have:

First, search for the date and then, you can choose the usual option (Recover to Server) or … download it at the moment (a cool option there).

It looks like a painless and simple way to restore files that probably a non-tech person could do.

– Instant mass restore

Now, going bigger, let’s talk about the Cohesity instant mass restore of virtual machines. As the Cohesity platform is designed in a distributed architecture where there isn’t a centralized bottleneck, they can restore tons of VMs quite faster than other products.

When recovering a lot of VMs, in the background (you could look at your vSphere environment) it will mount an NFS datastore and bring up all you requested VMs (quite fast to be honest).

– Office 365

Finally, the last thing to show you is the option to backup your Office 365 environment. You can integrate Cohesity with your Office 365 and perform protection jobs that will be associated with a policy and consolidate all the data within the same platform.

Upgrading

The process is straightforward, selecting a package from your local computer or getting it from the Internet, this makes it so easy to do it for yourself.

One thing that stuck in my mind was that, while there were running some protection jobs you are able to upgrade the whole cluster (node by node) non-disruptively.

As the entire solution is designed to tolerate one node failure (N+1 redundancy) thus, you can upgrade one node without disruption in the service.

As we said before, the Cohesity platform is based in a distributed architecture so, in case a reboot is required after upgrading one of the nodes, you will only lose the bandwidth coming from that node and not impacting the rest of the environment.

Helios

Cohesity Helios is the console that lets you manage and view all your clusters from one console. As it’s in the cloud, you only have to register your Cohesity appliance and at the end, it will show up in the Helios console.

Helios Dashboard is similar to a Cohesity management dashboard but with the ability to manage all your clusters from that single pane of glass.

And it’s just not that… Helios lets you install applications!

Yes, you can choose to install applications in one of your clusters without anything else. What Helios will do is to deploy an app within a container (using Kubernetes) in that cluster without having to worry about the underlying infrastructure.

Just install, configure and run your app (as it sounds).

For example, running Splunk to gather data analytics in your clusters without having to worry about to deploy it is really a nice feature to look at it. 

I’ve never seen a feature like that and it really surprised me when I saw it. A nice additional value that you can consider when using Helios with your Cohesity platform.

Other use cases

As the Cohesity platform is cloud and hypervisor agnostic, you can protect objects on any cloud Azure/GCP/AWS or any hypervisor Hyper-V/VMware/Nutanix but, do you imagine what else can you do?

Well, you can use it to migrate VMs between different environments! It’s a great use case where you can choose to backup all your vSphere environment and move it to Nutanix for example or moving it to Azure.

Obviously, there is work to do after it but, the amount of simplicity that gives you with that, for me, it’s massive.

That’s all…

We saw a lot of things from the Cohesity platform, how can help your company to achieve that data consolidation by: backing up from different clouds and environments (cloud and hypervisor agnostic) , establishing an SLA in your services (configuring policies), recovering tons of VMs and other features like Helios, a cloud console that brings you a unified view for your Cohesity environment, analytics for all your data and even the ability to deploy applications without needing any kind of resources.

If you are interested in more content, check the Cohesity Build Day Live web page or the official web page from Cohesity.

 

vCSA 6.x installer error: “No networks on the host. Cannot proceed with the installation.”

Reading Time: 2 minutes

This is a quick post of an error I found sometimes while deploying a new vCenter server appliance with an embedded PSC on the vCSA 6.x installer.

The problem

In my case, I was trying to install vCSA 6.5 without DNS (this is why the system name has an IP address and the DNS is itself). Also, notice that the network section is empty:

If you try to continue with the installation, it will show you an error:

No networks on the host. Cannot proceed with the installation.

 

Solution

I checked the ESXi host and obviously, it has other port groups created in a standard virtual switch, then, which was the problem? Why I can’t see them in the drop-down list?

 

Checking on the internet I found this: https://serverfault.com/questions/886776/vcenter-server-appliance-6-5-installer-error-no-networks-on-the-host-cannot-p

So, that web page mentions the “VM network” port group that is a default port group that is created once you deploy an ESXi host. In my case, it was auto-deployed with different port groups and that one didn’t exist.

Hence, I decided to create a port group called “VM Network” in the host that I am trying to deploy the vCSA and…it worked!

Now, as you can see, I can see that port group and I was able to continue the installation with success!

It seems that with you must have this port group if you are deploying a vCSA at least from your PC, so, bear in mind if you are trying to deploy a new vCSA and you don’t have the default port groups when deploying a vCenter Server.

 

I hope this helps if someone has this issue.