Category Archives: Uncategorized

What does VMTurbo, Starwind, Unitrends and the Habs have in common? Friday shorts that’s what!

And another installment of Friday Shorts – a spot for me to share some awesomeness I’ve found on the interwebs, upcoming events and info from some awesome blog sponsors, and just random thoughts around events and news that might not quite fit within the niche of this blog – basically a mashup of my brain!

First up – free passes to VMworld

VMTurboLogoSmVMworld is sneaking up faster than you think!  Have you got your conference pass yet?  If not why not help ease the pain on your company by letting VMTurbo pick up the conference pass for you?  Along with ensuring performance and maximizing efficiency in your data center the folks at VMTurbo are doing their best put a full VMworld US conference pass in the hands of three people – you can sign up here and the drawings for the three passes take place on May 29th, June 19th, and July 10th!  Good luck!

More freebies from Unitrends

unitrendsSo VMTurbo has you covered for the conference pass how’s about getting a little money to help cover the travel costs from Unitrends (trust me you will need it – the prices of hotels are crazy this year in San Fran).  Just this week Unitrends released Unitrends Free – a completely free, full featured backup solution for up to 1TB of data – I reviewed it here if you missed it!  Anyways, asides from putting a completely free backup product into your lab or data center Unitrends has a gig going right now where you can win a $1500 Visa Giftcard, just for downloading and registering FREE software.  You have till the end of June on this one so best get signed up!

Upcoming Starwind webinar

starwind_softwareStarwind Software, a long time mwpreston.net sponsor and creator of Starwind Virtual SAN have a webinar coming up on May 20 titled Snapshots vs Replication – chosing the right data protection strategy, presented by Chris Evans. If your interested I definitely recommend checking it out as making the choice between snapshots and replication and/or both are key in developing a fool proof data protection strategy!  Also, if you haven’t checked out Starwind Virtual SAN I would take a look at it as well.  I’ve used their free version in the lab numerous times for different projects!

EMC virtual VNX

EMC-LogoConference season is among us and with that comes a slew of releases and announcements.  One that caught my attention coming out of EMCworld was the release of a community edition of the VNXe software.  Shipped as an OVA you can simply load it into your environment and get the functionality and software stack of a VNXe, but without the dedicated storage hardware and controllers.  I love messing around with all different types of storage and VSA’s in the lab so I’ll for sure be looking at this a little closer!

Au reviour les habitants

priceAnd last but not least, and certainly the saddest news of the week is the second round exit from the Stanley Cup playoffs for my beloved habs!  Honestly the bleu, blanc, et rouge had a great season, picking up 110 points and finishing 2nd overall in the eastern conference.  Their goalie, Carey Price had a career year – picking up nominations for both the Hart (League MVP) and Vezina (Best Goalie), and more than likely will take both these trophies home this summer.  That said expectations around hockey in Montreal are high and a second round exit overshadows all the success that they had!  Anyways we know Carey probably doesn’t care about those two trophies and is now out of the running for the only one he wanted.  All that said the Habs have a great core, and they are young – so hopefully we see improvements for years to come – they will need to pick up another top 6 forward though if they want to go anywhere in the post season!  At the end, they are now on the links and hopefully that means a little more time for me to work on this blog :)  Au revoir! Ole!

Unitrends Free equals Free Unitrends!

Recently Unitrends have released a free product cleverly titled Unitrends Free.  The product, which is unlimited in terms of VMs, sockets, scheduling will allow members of the Unitrends community to protect 1TB of VMs absolutely free, forever!  I had the chance to get on the beta for this product and loved every bit of it.  It’s a great product with a beautiful UI – and given the price (FREE) I would certainly recommend you give Unitrends Free a shot to see if you have a place for it.

Installation

Installation of Unitrends Free is a breeze – after meeting a couple of requirements in terms of .net 3.5 and 4.0 configurations you simply point the installer to either and ESXi host or vCenter server within your environment – from there you specify desired storage locations and IP information for your Unitrends appliance.  You can also chose to size your backup storage at this point – allowing you to add a disk to the appliance.

Installations storage

From there the magic of automation takes over as your Unitrends Free appliance ovf is deployed, powered on, network configured, virtual disk for backup storage is added and finally a browser is opened putting you directly into a configuration wizard where items such as NTP, SMTP, hostname, and root passwords are setup.

installwizard

Once completed we move directly into the newly redesigned Unitrends Free user interface.

Speaking of UI

Wow!  They say that first impressions count and this one really did with me.  I love the design and intuitiveness of this user interface.  It’s very clean, lots of whitespace, and very very easy to use.  The default dashboard makes it easy to see all the important aspects about  the health of your backup environment; the performance and speed, the unprotected VMs, any active jobs as well as the status and capacity of your storage.  To top that if you are a member of the Unitrends Community forum you can see to the top posts here as well (which is where support for the product is provided BTW).  All of this, on one single section of the UI.

UnitrendsUI[1]

Getting up and running

addvCenter[4]Pretty is definitely a selling factor but functionality is key  There are only a few things you need to do to get running with UF.  First, we simply need to add our vCenter server or ESXi host as what Unitrends calls a ‘Protected Asset’.  This is done on the ‘Protected Assets’ tab inside of the ‘Configure’ section by clicking ‘Add’.  From there enter in the standard fqdn/ip and authentication information for vCenter and save.

Now that we have configured our vCenter we can begin the process of setting up a backup job.  Clicking ‘Create Job’ from the ‘Jobs’ section will get us there.  The backup job creation is very intuitive; first selecting which VMs we want inside the job from the tree view and then defining a few job settings revolving around scheduling and backup verification.

createjob1[1] createjob2[1]

Your backup job status can be monitored  through the ‘Active Jobs’ tab in the “Jobs’ section of the UI, however to get a very clean quick overview of our complete environment we can head to the ‘Protect’ section – As shown below we can see that we have a successful backup for the OnIceEntertaintment VM on Thursday but we have yet to process a backup of the Scoreboard VM.  A very nice overview of just how protected our environment is.  And, if we desired, we could simply select our VM from this view, click ‘Backup’ and create a job directly from here as well.

protectionoverview

Unitrends Free also offers deduplication and compression as it pertains to storing your backed up VMs.  I can tell you that the OnIceEntertainment VM was just over 2GB in size, and when Unitrends was all said and done with it the amount of data laid down during the first full backup to the storage, after deduplication and compression, was just under 1GB – a 50% reduction – not bad.  An incremental backup after laying down another 1GB file to the VM resulted in another 200MB of space being utilized – not too shabby : 0.  The first full backup of my VM took a mere 2.5 minutes, with the incremental taking only 1.5 minutes.  Even though it is a small VM these are still pretty impressive performance statistics.

Backups are processed in what Unitrends calls an Incremental Forever strategy – meaning we have an initial full backup followed by daily incremental backups.  The appliance will automatically create synthetic full backups from the existing incremental backups in order to ensure very quick restores in the event you need them.

incrementalforever

Recovery

RecoverOptions Let’s face it – we can backup to our hearts delight but when push comes to shove it’s the recovery that we really need to be top notch!  Unitrends Free provides three different recovery options as it pertains to your virtual machines; recovering the entire VM, individual file level recovery, and instant recovery.

Recovering the entire VM is pretty self explanatory – you simply select your restore point, provide the location in which you want to restore to and Unitrends will restore a complete duplicate of your VM.  In my testing, the 3GB OnIceEntertainment VM was restored in only 3.5 minutes.

That said, if you can’t wait the 3.5 minutes Unitrends also provides the instant recovery option.  Instant Recovery reserves a portion of your appliance backup storage for use as an NFS datastore which gets mounted directly to your hosts.  From there, VMs are recovered and powered on within vSphere utilizing the actual backup files stored on the Unitrends appliance.  What this does is provide a super fast way to recover your VMs – mine was up and responding to pings within 2 minutes.  From there the VM is relocated to a datastore (utilizing Storage vMotion) of your choosing during the restore wizard.  Instant Recovery is a great way to get VMs up and running quickly, while ensuring that they eventually get moved back to a production datastore.  Instant Recovery also provides an “Audit Mode” which allows us to simply ensure that the backup itself is indeed restorable.  When/if you wish to end your Instant Recovery job you can do so by clicking ‘Tear Down’ from the Instant Recovery tab.

instant recovery

If you aren’t looking for a complete VM restore and just need a simple file that may have been deleted off of your VM then the File Level Recovery option is the way to go.  The FLR does not actually perform an restoration of files to your VMs, but provides accessibility to your desired restore point utilizing either a CIFS or iSCSI connection to your Unitrends appliance.  The intention is that you and/or the app owner would simply connect to either the CIFS share or iSCSI target and perform the actual copying of data back to your VM or other desired location manually.  This is basically an Instant Recovery with no visibility into the VM from vSphere and only internal network access into the recovered VM from the Unitrends appliance.  Once the files have been recovered the backups are then un-mounted from the Unitrends appliance by clicking ‘Remove’

flr

Is it worth the price?

Given that the product is FREE, yes FREE I would definitely say so.  It does a lot of things well, backup, restore, reporting, etc.… and it has one of the nicest user interfaces that I’ve seen – it’s clean, easy to use, and very intuitive.  Not once did I have to ready any manuals and/or forums to perform any of the backups or restores.  Not that they don’t exist because they do – support also exists for the product as well.  Unitrends Free is designed bo be a product for the community and keeping true to the community philosophy this is offered through the Unitrends Free Community forums as well as through a multitude of knowledge base articles.  Although I only tested with vSphere the product does support Hyper-V as well, which is also FREE!    The product is unlimited in terms of the number of VMs, sockets, retention and scheduling – this is all included in the free edition.  You will be limited however to 1TB of protected capacity.

Honestly I think this is a great product and I like the way that Unitrends are marketing this as a “community” product.  As always I encourage you to go ahead and check it out for yourself  and let me know what you think – you can’t go wrong being that the price is free.

Note: I was given compensation from Unitrends in exchange for getting on their beta, checking out Unitrends Free and posting my thoughts around it!  Key here is that they are my thoughts – Unitrends in no way told me what to say or how to say it!

Silently installing Veeam v8 Update 2 – at scale with vRO

servletIt’s no surprise that most Veeam customers live with one or two Veeam Backup and Replication consoles – hey, it’s easier to manage, easier to report on, and easier to upgrade come update time if you keep your footprint to a minimum.  That said, I’m not most customers Smile  I have multiple Veeam B&R consoles – not necessarily because I have to, but it’s a preference – It allows me to split out functionality and services, I can have a self contained DR site, and I can also instantiate local backup functionality at multiple sites, leaving them to be non reliant on the main datacenter.  It’s working for me but there’s one caveat – come update time it’s a real big pain having to go out and click through a wizard 20 or so times.

Needless to say I was quite thrilled when I saw the following within the v8 update 2 release notes….

veeamsilent

w00t!  No more wizard driven day of click craziness for me.  After getting a little bit of help from Anton Gostev in the forums (if you have been in the Veeam forums you know this guy) I was off to the races in my automated install.

The command

Installing Veeam Update 2 silently is basically done in two steps; first we need to unpack the files from the installer and second we simply execute the HotFixRunner.exe file with the proper arguments.  Anton suggested placing both steps with at batch file so in the end I was left with something like such (setup.bat)…

1
2
3
mkdir c:\VeeamData\v8\unpacked
”c:\VeeamData\v8\VeeamBackup&Replication_8.0.0.2021_Update2.exe” /Q /C /T:c:\VeeamData\v8\unpacked
c:\VeeamData\v8\unpacked\HotFixRunner.exe silent noreboot log C:\VeeamData\v8\patch.log VBR_AUTO_UPGRADE=1

Basically save all the above within setup.bat, obviously changing your directory names to the where you copied the VeeamBackup&Replication_8.0.0.2021_Update2.exe file and where you want the files unpacked.  From there you simply execute setup.bat and sit back and relax while Veeam updates…

But that’s not enough for me

What about copying the update file out to the B&R servers?  What about copying setup.bat out?  We still need to do this and I for one don’t want to manually do anything Smile.  This could very easily be achieved with PowerShell or your tool of choice – but in the case I decided to lean on my good ol’ friend vRealize Orchestrator to do the trick.  Mainly because I’m sitting in the vSphere Web Client for a good chunk of the day and having the functionality right at my fingertips just seemed proper.  That, and every single one of my Veeam B&R servers are virtualized.  Another reason is because I’d like to expand on the workflow someday, giving it the ability to cancel any currently running Veeam jobs, report back on success, etc..  vRO through the use of PowerShell and REST plug-ins gives me all of this building-block functionality.  If your Veeam B&R console isn’t virtualized or you don’t want to automate with vRO go ahead and copy the files out using whatever tool you like and execute them – it’ll work just the same.

But if you want to dabble around in vRO or just want something a little more challenging go ahead and create a new workflow – The workflow I built performs three main functions; copies the update file, copies the setup file, and then executes the setup file – pretty simple.

As far as inputs and attributes this is the way I went about it.   For inputs I used only three, the VM name (this is the VBR instance I’ll be upgrading) and a username and password with permission to copy and execute on the file system.

veeamworkflowinputs

The rest of the information that the workflow needs will be stored in workflow attributes as it will always be static throughout all the installs and upgrades I’ll perform. In my case I used four attributes (shown below) defining the file paths on both the vRO server and the Veeam server for the setup.bat file and the Veeam update executable.

veeamvcoattr

Once these are defined it’s time to setup our workflow schema – Drag two scriptable tasks onto the schema editor and label them “Copy Files to VBR Server” and “Execute Setup.bat” or something more to your liking.

schema-vco

The Copy Files scriptable task handles the copying of both the Veeam update and setup.bat file.  Thankfully most the scripting for copying a file has already been completed and is stored inside a default vRO workflow titled “Copy File from vCO to Guest”.  I simply copied the script out of this workflow, pasted into my scriptable task and modified slightly to suit my needs.  You can see my final script along with a screen cap of the bindings so you can get a better understanding of which attributes/parameters need to be mapped into the scriptable task shown below.  If you run into some trouble, mainly permission issues have a look at this post by Nick Coyler which greatly helps with that issue.

vco-copyfiles

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
var host = vm.sdkConnection;
 
var guestOperationsManager = host.guestOperationsManager;
var guestAuth = new VcNamePasswordAuthentication();
guestAuth.username = vmUsername;
guestAuth.password = vmPassword;
 
var fileManager = guestOperationsManager.fileManager;
result = false;
var attr = new VcGuestFileAttributes();
var srcFile = new File(vroPathToSetup);
var uri = fileManager.initiateFileTransferToGuest(vm , guestAuth ,guestPathToSetup, attr, srcFile.length, true);
result = fileManager.putFile(vroPathToSetup, uri);
 
var attr2 = new VcGuestFileAttributes();
var srcFile2 = new File(vroPathToVeeam);
var uri2 = fileManager.initiateFileTransferToGuest(vm , guestAuth ,guestPathToVeeam, attr2, srcFile2.length, true);
result = fileManager.putFile(vroPathToVeeam, uri2);

From here we move onto the “Execute setup.bat” scriptable task.  Again this script was borrowed and modified slightly from the “Run program in guest” workflow that is shipped with vRO –  the script and screencap of attribute/parameters are shown below

executesetup

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
var host = vm.sdkConnection;
 
var guestOperationsManager = host.guestOperationsManager;
var guestAuth = new VcNamePasswordAuthentication();
guestAuth.username = vmUsername;
guestAuth.password = vmPassword;
guestAuth.interactiveSession = false;
 
var guestProgramSpec = new VcGuestProgramSpec();
guestProgramSpec.programPath = guestPathToSetup;
guestProgramSpec.arguments = "";
guestProgramSpec.workingDirectory = "";
 
var processManager = guestOperationsManager.processManager;
result = processManager.startProgramInGuest(vm , guestAuth , guestProgramSpec);

And we are done…

updatecontextPretty simple right – once you have saved your workflow you can go ahead and execute it right away.  Or if you prefer, map the workflow within the vSphere Web Client to your VM inventory object – allowing you to simply right-click a Veeam B&R server and execute the script all without having to leave the web client.  Either way you are left with a quick, easy, and consistent way to upgrade all of your B&R servers without ever having to log into them – achievement unlocked

Keep in mind

  • You can only use this for virtualized Veeam servers – any physical servers could be automated, but you may need to chose another tool to do the copying and executing of the files
  • You need to ensure that no jobs are running when you perform the upgrade – This is something I’d love to build into the workflow but just need time (story of my life) – for now, manually cancel any currently running Veeam jobs before executing the workflow
  • The workflow reports success right away, before the upgrade is complete – again, I need time for this one.  For now, you can monitor the patch.log file that setup.bat creates – it should say something along the lines of exit code 0 returned when the upgrade as completed…

Happy update day!

Scheduling Veeam Backup Free Edition backups

veeamlogoAs you might be aware Veeam has released Update 2 for it’s Backup and Replication software.  With that comes a slew of updates, integration with Endpoint Backup, vSphere 6 support, features, enhancements, bug fixes – you know the usual suspects that you might find inside of an update pack – you can see them all in the release notes here.  Speaking of release notes – it’s always a good idea to read completely through them before even considering an upgrade – not just to find any known problems or gotchya’s, but at times, mostly all the time you will find a feature or change to the product that isn’t marketed and publisized as much as the rest.  Now Veeam B&R update 2 is largely about Endpoint Backup integration and support for vSphere 6.0 –which is awesome – but as I was doing my once over of the release notes I noticed this….

veeamfree

Veeam has a long history of releasing so-called Freemium products – giving a way a scaled back portion of their complete solution absolutely free, while offering a paid license for those looking for enterprise features.  Veeam Backup Free Edition is exactly this – allowing administrators to create full backups of their VMs using VeeamZip technologies – absolutely free.

The one caveat to this was you were never able to schedule your VeeamZips – so creating a backup was something that had to be manually triggered.  I’m sure many of you (as have I) have tried – only to see the infamous “License is not installed” message when running the Start-VBRZip PowerShell cmdlet.  Well, as of update 2 you can kiss that message goodbye and begin scheduling that cmdlet to your hearts delight.

Start-VBRZip

This is a relatively easy process but in the interest of completeness let’s go over it anyways.  First up we need to create a PowerShell script that will execute the Start-VBRZip cmdlet, which inturn VeeamZips our VM.  The script I used is below…

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Param(
  [Parameter(Mandatory=$true)][string]$VM,
  [Parameter(Mandatory=$true)][string]$Destination,
  [Parameter(Mandatory=$true)][ValidateSet(0,4,5,6,9)][int]$Compression,
  [bool]$DisableQuiesce=$true,
  [Parameter(Mandatory=$true)][ValidateSet("Never","Tonight","TomorrowNight","In3days","In1Week","In2Weeks","In1Month")][string]$Autodelete
)
#Load Veeam Toolkit
& "C:\Program Files\Veeam\Backup and Replication\Backup\Initialize-VeeamToolkit.ps1"
#Validate any parameters
$vmentity = Find-VBRViEntity -Name $VM 
if ($vm -eq $null)
{
  Write-Host "VM: $VM not found" -ForegroundColor "red"
  exit
}
if (-Not (Test-Path $Destination))
{
  Write-Host "Destination: $vmname not valid" -ForegroundColor "red"
  exit
}
if ($DisableQuiesce -eq $true)
{
    Start-VBRZip -Entity $vmentity -Folder $destination -Compression $Compression -AutoDelete $Autodelete -DisableQuiesce
}
else
{
    Start-VBRZip -Entity $vmentity -Folder $destination -Compression $Compression -AutoDelete $Autodelete
}

A couple things about the script – you can see that it takes 5 parameters; the VM to backup, the destination to back it up to, the level of compressions to apply, whether or not to queiesce the VM and the auto-delete policy to apply to the backup.  From there we simply load the Veeam toolkit, do a little error checking and then initiate the backup with Start-VBRZip.  Pretty simple stuff – you can go ahead and try it by saving the script and calling it like so…

VeeamZip.ps1 –VM “VM1” –Destination “E:\backups” –AutoDelete “Never” –Compression 5 –DisableQuiesce $false

Scheduling the script

scheduledtaskPick your poison when it comes to scheduling this script to run – I’ve chose the standard Windows Task Scheduler to do the job. So go ahead and create a scheduled task with whatever schedule you like within Windows –  The only really tricky part is passing the arguments to the script – the way I have done it is by selecting ‘Start a program’ as my action, passing the path to PowerShell.exe in my program script, then enclosing my string arguments in single quotes, and the complete arguments string in double quotes like below

Program/script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Add arguments: “c:\VeeamZip.ps1 –VM ‘VM1′ –Destination ‘E:\backups’ –AutoDelete ‘Never’ –Compression 5 –DisableQuiesce $false”

From there it’s a matter of creating as many scheduled tasks as you have VMs you want backed up, or modifying the script to backup all your VMs – Either way, as you can see, the Veeam Backup Free edition has received a nice little feature buried within the Update 2 release notes!!!!

VXLAN on Ravello between Google and Amazon EC2

v2Ravello_Logo_largeA week or so ago I did a post around a cross vCenter vMotion lab that I had setup utilizing both Amazon EC2 and Google Cloud through Ravello Systems new beta which allows us to run nested ESXi.  It was a fun project to work on, migrating VMs back and forth through the clouds, but I tried to keep a lot of the technical detail out of the post – focusing more on what Ravello had to offer.  One key aspect of the setup was creating a VXLAN tunnel in order to bridge the two VM networks inside of each cloud – allowing me to complete the vMotion without performing any additional network configuration on my VMs once they had migrated.  Anyways, I thought I’d go into a little more detail on how I accomplished this.

Now, keep in mind here I don’t claim to be any sort of network guy – it’s probably my biggest lack in terms of IT skill-sets, therefore I could be going about this all wrong – any advice, comments, just leave the in the box below – I always appreciate any feedback I get.  I also appreciate any help I get, and had a lot with this project – CTO of Ravello Systems Alex Fishman had a couple of calls with me offering up his experience (very very smart guy).  Also, there’s a blog post on Ravello’s blog which goes over the setup as well – that said, I thought go into a little more detail in the case that someone else at the same level of network knowledge as myself might be looking for help.

So to start let’s have a brief look at the Ravello setup.  Firstly we need a couple of applications, one published to the EC2 cloud and one published to the Google Cloud.  Each application (in this case) contains two VMs – one to act as a client and one to act as the gateway/vxlan bridge.  I’ve used Ubuntu 14.04 server for these but you could use any OS you like, so long as the vxlan module is loaded and supported.  The table below outlines each VM and the networking associated with it in my test setup.

Cloud VM Network IP Notes
Amazon EC2 ec2-vxlan eth0 IP: 192.168.0.1
SN: 255.255.255.0
GW: None
Internal
Network Gateway
eth1 IP: 10.0.0.1
SN: 255.255.255.248
GW: 10.0.0.3
External network w/ Elastic IP attached
ec2-client eth0 IP: 192.168.0.100
SN: 255.255.255.0
GW: 192.168.0.1 (in OS) None in Ravello
Internal
Google google-vxlan eth0 IP: 192.168.0.1
SN: 255.255.255.0
GW: None
Internal Network Gateway
eth1 IP: 10.0.0.2
SN: 255.255.255.248
GW: 10.0.0.3
External Network w/ Elastic IP attached
google-client eth0 IP: 192.168.0.200
SN: 255.255.255.0
GW: 192.168.0.1 (in OS) None in Ravello
Internal

I’ve used a /29 subnet on the external networks as I really only need 3 total IPs available, one for each of the vxlan VMs as well as a third for a gateway – Honestly again you could use whatever you wanted here.  I understand that sometimes a picture is worth a thousand words so here is a side by side of both the Amazon and Google network canvas.

ec2networking googlenet

So a pretty simply setup when looking at the canvas – essentially the vxlan VM will need two NICs, one connected to the internal lan (eth0 in this case) and one connected to an externally routed network (eth1).  Before we finish up within the Ravello canvas and establish a tunnel let’s first look at the EC2 side of things so we can better understand the settings on the vxlan and client VMs that end up making our network canvas look like the above.

ec2-nic1 ec2-nic2

Looking closer at the network configuration of the ec2-vxlan VM (sorry, couldn’t get it all on one screen cap so I put them side-by-side) we can notice a couple of things; eth0, the internal lan (which will act as a gateway for the client VMs) is setup on the 192.168.0.1/24 network with no gateway.  Also, we have selected public IP for this nic under external access but left the ‘Even without external services’ unchecked.  What this does is ensure that this VM can only be accessed by routing through our vxlan tunnel and cannot be accessed directly from the internet.  The second nic (eth1) is the nic we will use to establish our vxlan bridge.  This nic is subnetted in a way that allows very few IPs within the network, as we only need three anyways (one for ec2, one for google, and one for a gateway).  This nic has an Elastic IP tied to it within the External Access settings.  Since we will need to use this public IP later when we establish the tunnel it’s best that it not change often, and an elastic IP will never change, thus why we used it.

externalservices

Another note in regards to the vxlan VM is the external services provided.  For this case I’ve simply allowed all external traffic on all ports into eth1 – probably not the greatest feat in terms of security but it sure does ensure I get the communication I need. (might be able to change to just other IP).

Note that you will need to setup the Google side of things inside Ravello exactly the same as shown above, obviously replacing the IP addresses of eth1 with those shown in the table earlier.  Once done with that we have completed our setup within Ravello and it’s now time to setup the tunnel.

Again, let’s start with EC2 and work our way over to google.  Take note of both your EC2 and Google elastic IP’s as we will need them for the configuration below.

First is our network configuration (/etc./network/interfaces).  Below is a shot of mine – the key here is that even though we specified an IP in the Ravello interface for eth0 we are not doing it within Ubuntu – we will be using this IP on our bridge instead, however we still want eth0 to be active so we set it as manual.  So as far as network interfaces your setup should be similar to below – of course with address being 10.0.0.2 on the Google cloud.

# The primary network interface
auto eth0
iface eth0 inet manual
auto eth1
iface eth1 inet static
        address 10.0.0.1
        netmask 255.255.255.248
        gateway 10.0.0.3

Once we have our network interfaces set up we can continue with the setup of the vxlan and bridge.  First we will walk through the EC2 side and then move to google.

We begin by adding the vxlan device with “ip link add mtu <MTUSIZE> <VXLAN DEVICE NAME> type vxlan id <VXLAN ID>”.  For example on the EC2 side I ran..

ip link add mtu 65000 vxlan1 type vxlan id 1

Then let’s create a new forwarding database entry on our vxlan device to allow all traffic through using “bridge fdb append <MAC> dev <VXLAN DEVICE NAME> dst <DESTINATION ADDRESS>”.  For example, I used the following on my EC2 instance – ensuring I use the public IP of the Google Cloud.

bridge fdb append 00:00:00:00:00:00 dev vxlan1 dst 31.220.68.229

From here we can add our bridge using “brctl addbr <BRIDGE NAME>” – again, I ran…

brctl addbr br0

Then add both our vxlan and our internal interface to the newly created bridge with “brctl addif <BRIDGE NAME> <INTERFACE> <INTERFACE>”

brctl addif br0 vxlan1 eth0

Now we can assign our internal IP that we wish to use for the internal lans gateway to our bridge, and then simply bring up our bridge and vxlan interfaces.  Lastly, I ran these commands…

ifconfig br0 192.168.0.1/24
ifconfig br0 up
ifconfig vxlan1 up

That does it for the Amazon configuration, the Google configuration is exactly the same, except substituting the Amazon public IP as our destination when adding the forwarding entry.  Once we do this you should be able to ping back and forth between the test client VMs, each located in their separate cloud.  Now think of the possibilities – nested ESXi in each cloud, with a layer 2 VM Network that stretches through the vxlan tunnel – pretty sweet stuff!

One thing that could be a PIA is that this config won’t persist across reboots.  I’ve tried in many ways to get the interfaces added to the persistent rules, but found the quickest way to get this to run on boot is to simply create a small bash script containing the commands; both Google and Amazons are shown below.

ec2script googlescript

Save each bash file in their respective /etc./init.d/ directories and make them executable.  I called the configVXLAN Then run the following on both Amazon and Google to ensure it gets ran on startup

update-rc.d /etc/init.d/configVXLAN defaults 99

And that is it!  A functioning stretched Layer 2 network between Google Cloud and Amazon EC2 using Ravello!  The possibilities are endless…  Again, I’m not a big networking guy, so if you know of any way I can improve this (use NSX?) just let me know…  Thanks for reading!

A Google Cloud to Amazon vMotion – The Ravello Way!

v2Ravello_Logo_largeToday Ravello Systems, a company based out of Palo Alto and Israel announced a new beta, a beta that I think is going to go over very well within the VMware community – one that will allow us to spin up vSphere labs, complete with vCenter Server, ESXi hosts, Domain Controllers, Storage and Network services and all the VMs that go with the punch inside of Google and Amazon’s cloud.  To be honest I was kind of skeptical when I first started working with Ravello?  I mean, come on, an ESXi host in Amazon, let alone and ESXi host running VMs inside of Amazon, an ESXi host running VMs with little to no performance penalty, all running within Amazon – you can see why I might of cringed a bit.  But Ravello gave me a shot to try it for myself – and during the introductory chat as they were showing me how things worked I thought, hey, what a use case for the new cross vCenter vMotion capabilities in vSphere 6!  A lab in Amazon, a lab in Google Cloud, and VMs migrating between them – how cool is that?

Who and what is Ravello Systems?

Now, before I get into the details of the vMotion itself I want to take a step back and explain a little bit about Ravello Systems themselves, and what they have to offer.  Ravello was founded in 2011 with the sole purpose of supporting and driving nested virtualization to the next frontier and did so when they launched their product globally in August of 2013 (You had to of seen the scooters at VMworld :) )  They didn’t just want to simply provide an environment for nested virtualization though, they wanted to make it simple and easy for companies to replicate their data center infrastructure into the public cloud.  The core technology behind all of this is their HVX hypervisor – essentially acting as a Cloud VM, sitting in either Amazon or Google and providing overlay networking and storage to the VMs that are placed on top of it.

RavelloHVX

As per the diagram above the VMs present can be built from scratch or imported via an OVA within Ravello’s very easy to use intuitive interface – but perhaps more interestingly you can utilize the Ravello Import Tool(??), point it to your ESXi host or vCenter, and import VMs directly from your environment into the cloud!  But they don’t stop there, Ravello can also detect and create every network your VM is attached to, deploying an exact duplicate of your network infrastructure!  Now if this wasn’t good enough for you the beta today announces the ability to support Intel VT through HVX – which means we can now run VMs on top of ESXi on top of HVX on top of Amazon or Google!  True inception leaving us with a setup shown in the diagram below.

RavelloHVXVT

A great place to break things!

There is a reason why Ravello dubs their technology as having the ability to create “Smart Labs”!  Throughout my early access to the solution I broke and fixed so many things within my applications – and Ravello always gave me a way to rebuild or reconstruct my labs in a very efficient manner.

RavelloSaveToLibraryFirst up we are able to save our VMs to the library – which is essentially a personal set of VMs and images that we can re-use in all of our applications.  For example I only had to build my ESXi 6.0 image once – after saving this to the library I was able to simply drag and drop this VM as many times as needed to as many applications as needed, simply re-ip and re-naming after I was done.

RavelloSaveToBlueprintHaving the ability to re-use VMs is cool but the blueprint functionality that Ravello provides is really where I see value!  We are able to take a complete application, in my instance an ESXi host, domain controller, vCenter Server, etc and save the entire application as a blueprint.  Blueprints are then available to be used as starting points for new applications – meaning I can build a complete lab on Amazon, save as a blueprint, and then publish a new application to Google which is an exact identical copy, networks and all.  Blueprints are an excellent way to test out the different public clouds as well as version or snapshot your entire lab before making any major changes – if things go awry you can simply republish your saved blueprint to a new application.

RavelloBlueprints

Enough talk – Let’s see the vMotion!

Alright!  Let’s get to it!  Let me first warn you, the environment I built to do this was quick and dirty – not a lot of polishing going on here.

The two applications we will be using are Google-vxlan and EC2-vxlan – I’ll let you guess which public clouds each is published to.

ravellovmcanvas

As shown above these applications are pretty similar; each containing an Ubuntu server (used to establish the vxlan tunnel between EC2 and Google), a pfSense appliance that provides a VPN for my vMotion networks, a vCenter Server (the Windows version), and an ESXi host (just one for now).  The EC2 application also contains a jumpbox VM which provides entry into the local network as well as DNS services.

ravelloNetworkingboth

As far as networking goes the setup at both Amazon and Google is almost identical with the exception of the jumpbox.  The 192.168.0.0/24 network is available at both EC2 and Google.  The 10.0.0.0/24 network is the only network that is routed to the internet, therefore my only access into the labs outside of the Ravello GUI – this is why the jumpbox also has a connection to this network – to act as an RDP gateway of sorts.  The two Ubuntu servers have an elastic public IP attached to them in order to ensure the public IP doesn’t change and mess up my vxlan config.  The free trial of Ravello gives you two elastic IPs, and four other DCHP public IPs (subject to changing every now and then).  The vxlan tunnel is established between the two elastic IPs in order to provide Layer 2 connectivity between Amazon and Google.  The pfSense boxes each have a dynamic public IP attached to them with an IPSEC tunnel established between the 192.168.1.0/24 and the 192.168.2.0/24 networks.

vsphereshotOn the VMware side of things I have two vCenters with embedded PSCs (i know – bad practice) – one in Amazon and one in Google, which are attached to the same SSO domain and configured in Enhanced Linked Mode.  Therefore whatever is at Google can be seen at Amazon and vice versa.  As far as vMotion goes I’ve simply enabled this one my existing management interfaces (more bad practice – but hey, it’s a lab).  There is local storage attached to the ESXi hosts and one VM named EC2-VM1 present.

So my goal was to migrate this VM from Amazon to Google and back again, taking both the compute and storage with it.  Now just writing about a vMotion is not that exciting so I included a video below so you too can see it move :)  It’s my first attempt at a video and had some screaming kids while I made it so yeah, no narration – I’ll try and update with a little tour of the Ravello environment later :)

So there you have it – a VM moving from Amazon to Google and back, all while maintaining its’ ping response – pretty cool!

Is Ravello worth it?

esxi-home-labSo, with all this the question now remains is Ravello worth the cost?  Well, considering as how Ravello estimates the cost of a two ESXi Node, vCenter and Storage lab to be on average $0.81 – $1.71 per hour (usage based, no up front costs) I would certainly say it is!  The ability to run nested ESXi hosts on top of the public cloud provides a multitude of use-cases for businesses – but honestly I see this being a valuable tools for the community.  I plan on using Ravello solely for my home lab usage over the next year or so – it’s just so much nicer to break things and simply re-publish an application than it is to try and rebuild my lab at home.  If you want to give Ravello a shot you can sign up for the beta here – Even after the beta expires you simply swipe your credit card and pay Ravello directly – no Amazon accounts, no Google bills – just Ravello!  You will be limited during the beta’s and free trials in the amount of CPU, RAM and concurrent powered on VMs but they definitely give you enough resources to get a decent lab setup.

Ravello has a great solution and certainly expect more from me in regards to my lab adventures in the public cloud.

Disclaimer: Ravello gave me early access to their ESXi beta in order to evaluate their solution – I first signed up for a free trial and did get the amount of RAM and number of VMs available to me increased.  They didn’t however require that I write this post nor write anything for that matter, or provide any $$$ for anything that was written – these are all my words!