vSphere Web Client Error with FireFox on the Mac…

30 Jul

Yesterday after deploying two new vCenters (with the same FQDN as the previous vCenters) FireFox on the Mac gave me this error when ever I loaded up the Web Client:

RSL failed to load. Error #2032

All my other web-browsers (Chrome, FireFox, IE on Windows, Chrome, Safari on the Mac) were happy. Fortunately, a full reset of FireFox fixed my issue – all I had to do after the reset of FireFox was re-install my LastPass plug-in…

Article: How to reset FireFox…


No Comments

Posted in vSphere


NE VMUG Bound – 7th August

29 Jul

Screen Shot 2014-07-29 at 23.01.45

Next week sees me heading up to my home area of the North-East of England for the next NE VMUG. This VMUG marks a change of location for the group to the International Centre for Life (Times Square, Newcastle Upon Tyne, UK NE1 4EP). 

I’m really pleased to see two community sessions along side two vendor sessions – in a bit of scoop for the VMUG, Frank Denneman of PernixData (nee VMware) will be there to speak about PernixData FVP technology. Richard Munro will be talking about vCHS, he’s the Chief Technologist & Technical Director

The event kicks of at 11am, and will be followed by vBeers…

To Register you need to toddle over here -

No Comments

Posted in VMUG


Back To Basics: Storage Vendor Plug-ins: Dell EqualLogic Virtual Storage Manager (VSM)

29 Jul

This post is long over due. It was originally written when I still had my colocation lab back in about Feb of this year. Back then the Dell VSM was not publically available, and so I wasn’t able to release this content. It was around the time I was writing the storage articles in the back to basics series. Then I moved to a home lab, and some changes were made to the VSM just prior to its GA. The guys I know over in Nashua, New Hampshire very kindly looked at the content to ensure it was still good. And then, I complete neglected to publish it. That’s scant reward for all the efforts made by Dell to assist in this process, for which I humbly seek forgiveness. Special credit (and promises of dinner and beer, no doubt empty promises!) goes to David Glynn of Dell who has always stepped up the plate when it comes to this sort of content – no doubt I will be making more empty promises of free food and beer, when it comes to me writing the next book on SRM!

Anyway, this is quite a lengthy bit of content so I’m going to spinning out over a couple of posts this week. As you know many storage vendors now provide plug-ins to the vSphere Web Client. In the simplest cases this eases the provisioning of storage to the hosts, but many also will install the VASA provider,  allow you to manage storage snapshots, as well as configure replication. This first post covers the setup/configuration of VSM prior to using it.

Dell EqualLogic provide a plugin that integrate deeply with VMware’s vCenter management system. Providing not just status and monitoring information about the storage, but enabling the vSphere administrator to leverage the capailities of the EqualLogic array, to provide local and remote data protection. Dell’s VSM provides over fifty role-based access controls (RBAC) enabling the creation of very granular permission levels. In some environment the Storage Team may prefer to limit who on the Virtualzation team can create new datastore, and in other environment a junior VMware admin maybe permited to create snapshots, but the task of recovering a VM is limited to a senior admin.

  • Creating and mounting of new datastores
  • Resizing (enlarge only) and deleteing of existing datastores
  • Create hypervisor consistent hardware based snapshot, to protect virtual machines
  • Recover of groups of VMs or selectively restore individual VMs
  • Enabling and managing replication of datastores for recovery of VMs at a DR site
  • Granular role based access controls

Dell’s technology is called Dell VSM which standards for Dell Virtual Storage Manager – Dell also provides a Site Recovery Adapter (SRA) for Site Recovery Manager (SRM) and a Multipathing Entension Module (MEM) for ESXi (Link to MEM section?) for increased performance. Dell also has a number of integration toolkits for other OS vendors, follow this link for more info

For those of you who have not yet made the change to the vSphere Web Client, Dell continues to support the previous version, VSM 3.5.x, which integrates with the legacy vSphere Client, and provides much of hte same functionality.

Installing and configuring VSM

Configure the vCenter Runtime IP Address

Before you import the Dell VSM appliance the vCenter “RunTime” IP address should be first configured, if it has not yet set. This can be configured after importing the appliance, but the appliance will not power until it is configured. It’s this Runtime IP address that allows the appliance to register itself with vCenter when it first powers on.

1. Select >vCenter in the Home page, Select >vCenter Servers in the Inventory list, Select your >vCenter server

2. Select the Manage Tab, and the Settings column

3. Select General, and click the Edit button

4. In the subsequent dialog box, select the Runtime Settings option

5. In the vCenter Server Managed Address field, type the IP Address of the vCenter Server

IMPORTANT: Notice how in this case the vCenter Service (VPXD) needs to be restarted.

Screen Shot 2013-11-29 at 16.23.03.png

Read the rest of this entry »


I don’t normally do politics…

24 Jul

Anyone who knows my blog, knows I tend askew using it as platform for expressing my polticial opinons. I recognise that folks who come here, don’t come for a lecture on international or domestic events. So this is unusual departure from me, and I’m hoping it will be last time I feel so motivated to express them here. Personally, I find the political venting that goes on place like Facebook tiresome, although I admittedly I’ve been known to lapse into that myself.

This blogpost is really here to express my dismay over the way events are unraveling in the aftermath of downing of the plane in Ukraine. I feel our poltical leadership here in Europe has lost sight of what really matters – the victims of the atrocity itself. Although there were many nationalities on that fateful flight, its fair to say our cousins in the Netherlands have born the worst in terms of grief and loss. It’s to that countries credit that its people have shown such restaint, dignity and fortitude – which is in such stark contrast to the way our leadership are behaving.

I’m speaking of the British Prime Ministers recent spat with the French administation; the way our opposition here has chosen to sabre-rattle over party funding by Russian donors of the Conservative Party. These two situations have been unedifying examples of how our latest crop of professional career politicans put their positions before those who they were elected to serve. On the opposite side of the fence we have all observed obstrifcation and vacilation by both the Seperatists and Putin’s administration. In particular Mr Putin has been more concerned with protecting his position, whilst at the sametime trying to throw sand in the eyes of the International Community. If Mr Putin had condemn the incident, and promised to everything in his power to bring those responsible to justice then perhaps I would have been more forgiving. Instead he has opted to ride out international commendation in the hope that it will just all blow over. Judging by the lack of European unity over the situation, he just might be right…

I’ve no doubt that Mr Putin himself played no direct role in the event that occured last week. Although I think its fair agrument to say he created the circumstance within which the chance of horrible incident like this could occur. Of course, in Putin’s eyes the seperatists are gallant “freedom fighters” struggling for national free-determination. I doubt very much he feels the same way about the rebels in Chechen, who are of course “terrorists”. And I do wonder what Russia’s response would have been had it been Aeroflot flight down in Chechen, by rebels armed with Western missles. The boot would have been decidely on the other foot. Such is the state of politics in our post 9/11/War on Terror era. Where nation states are capable of labelling such groups “terrorists” or “freedom fighters” as it suits their needs.

Finally, I do think as Europeans we have make choice here. Do we stand by the principles that so many of countrymen faught for some 100 or 70 year ago? Or do we allow the economic relationship with have newly solvent Russia – the cheap gas, and the miltrary deals – to be more important than the fact its citizens were accidently executed at 37,000 feet? Personally, I feel we have in recent year blinked to often, and we should not look away again.


Back To Basics: MOTD and Terminating Sessions…

11 Jul

Sending Messages of the Day Users

It is possible to send a message to the users of the Web Client each time they log in using the “Message of the day” facility. You can set a message by navigating to:

1. >Home >vCenter >Inventory Lists >vCenter Servers

2. Select the vCenter instance, in this case

3. Select the Manage tab, and the Settings column

4. Select the Message of the Day option, and click Edit button.

Screen Shot 2014-07-08 at 12.00.45.png

In the Web Client the pop message appears as yellow banner across the top of the web-browser like so:

Screen Shot 2014-07-08 at 12.04.10.png

The legacy vSphere desktop client will produce a pop-up window like so:

Screen Shot 2014-07-08 at 12.06.38.png

Viewing/Terminating vCenter User Sessions

It is possible with the Web Client to view active and idle sessions on the vCenter Server. Additionally, from the Web Client sessions can be terminated – these session could be from either the Web Client, legacy vSphere Client or PowerCLI.

1. >Home >vCenter >Inventory Lists >vCenter Servers

2. Select the vCenter instance, in this case

3. Select the Manage tab, and the Sessions column

4. From the list of users, select the user and click the Terminate Selected Sessions button in the botton right-hand corner.

Screen Shot 2014-07-08 at 12.29.40.png

In tests it appears as this termination is more reliable and effective with the legacy vSphere Client, as Web Browser seem capable of maintaining their session with the vSphere Web Client.

Screen Shot 2014-07-08 at 13.06.52.png


HP ML350e: Upgrade from ESX 5.5 (133182) to ESX 5.5 U1 (1746018)

10 Jul

Today, I had wont to upgrade my ESX 5.5 installation to ESX 5.5 U1b. No particular reason, I just thought an upgrade was a bit overdue – plus I’m about to embark on a new project and I thought it was perhaps safest to be on the latest and greatest before going any further. The first installation had been made with a custom HP ISO, so it made sense to go for the same option. As you might recall from a post earlier this year, I experienced PSOD when using the generic vanilla ESX 5.5 media.

I download the HP edition of the U1b code, and proceed to do a DVD still upgrade. I only have 3 hosts so I thought I’d go down the simple route. However, my first attempt didn’t go as smoothly as I hoped.

Screen Shot 2014-07-10 at 12.48.17

Fortunately, I wasn’t on my own – folks on the community forums had been caught out by this before. The error appears during the checking devices phase after selecting the storage that contains the installation (local disk, SAN disk or USB/SD disk)…

It turns out the work around is to find the offending Broadcom VIB on HP website, and then INSTALL it as an individual VIB, and then try the upgrade. This effectively overwrites the old driver – and when the upgrade takes place – its doesn’t get touched because its the same version.

To grab the driver I went over to - and downloaded the I extracted this zip using the Mac’s native utilities to find the offline ZIP bundle.

Screen Shot 2014-07-10 at 16.08.21

I transferred this over to my “software” datastore which is available to every node in the cluster, and then SSH to one of my hosts to do the update using ESXCLI:

esxcli software vib install –depot=/vmfs/volumes/software/

Note: That’s two – - for the depot switch by the way. That went through without a fuss.

Screen Shot 2014-07-10 at 16.25.47

I rebooted the ESXi host and after that DVD upgrade went though as normal…

Screen Shot 2014-07-10 at 17.28.21

Screen Shot 2014-07-10 at 17.39.34

Screen Shot 2014-07-10 at 17.39.48




Posted in vSphere


Back To Basics: Roles – Viewing, Removing, and No Access Privilege

09 Jul

Viewing Role Assignments

Once a role, custom or otherwise is in use – its possible to view the assignment from >Home >Roles and selecting the role. From there you can see the name of the role, where it has been assigned in the vCenter inventory and which Active Directory groups have been assigned to the role.

Screen Shot 2014-07-03 at 15.03.59.png

Removing Roles

From the role interface it is possible to delete a role. Care must be taken at this point because deleting a role will also remove all its assignments. In previous editions of vSphere this wasn’t possible – and it was a requirement for first remove any roles assigned to inventory objects before removing the role.

Screen Shot 2014-07-03 at 15.03.59.png

No Access Privilege

In the best of all possible worlds roles are assigned in the vCenter Inventory and inherited down the tree structure. Occasionally, however a group or user may require less privileges or indeed no priveleges at all. For this purpose the “No Access” privelege can be used to block inheritence. For example, in this case the user MikeL who is member of the vCenter Admins group has access to the entire vCenter Inventory as this group was granted rights to the entire vCenter instance.

Screen Shot 2014-07-08 at 11.26.56.png

As consequence the user MikeL can see the “Infrastructure” and “vInception” VM Folders and Resource Pools.

Screen Shot 2014-07-08 at 11.33.29.png

Screen Shot 2014-07-08 at 11.33.48.png

The “No Access” privilege acts as wild card, and over-rides all other privileges. So if a user is member of two groups which have been assigned to the same vCenter inventory object – if one group has “Administrator” as the role, and the other group has “No Access” as the role – then “No Access” is the effective permission.

There are two options here. To assign a unique privilege for the user MikeL, using the No Access privilege or alternatively create an Active Directory Group that contains MikeL (and others) to block access. If the group method is deployed then MikeL can be temporarily allowed access by removing him from the group, and new users who by and large need vCenter Admin access, can be excluded on a case by case basis by adding them to the group.

In this case the “Infrastructure” resource pool permissions were modified adding a group called “vCenter – No Access” with the “No Access” role assigned.

Screen Shot 2014-07-08 at 11.44.52.png

Screen Shot 2014-07-08 at 11.46.12.png

This process was repeated for the remaining for vCenter objects until the VM Folders and Resource Pools were no longer visible to MikeL or the other members of the vCenter – No Access group.

Screen Shot 2014-07-08 at 11.53.35.png


Back To Basics: Creating Custom Roles

07 Jul

As we saw earlier the “Virtual Machine User (Sample)” role allows for basic actions on the VM such as power on/off and opening a console. It does also allow for user to connect floppy drives and CD-ROM devices. As an example we are going to create a custom role that denies that specific privilege and reassign it to the VM Folder. By far the easiest way to create a new role is find one that closely matches your requirements first, and then clone it – and modify the custom role.

1. In the Roles view, select a role and click the Clone Role Action button

Screen Shot 2014-06-06 at 12.11.08.png

2. Type a new friendly name for the Custom Role such as CorpHQ – Virtual Machine User

3. Scroll down to and expand the >Interaction privilege and remove the option to Configure CD Media, Configure Floppy Media and Device Connection

4. Now that the new custom role has been created, we can navigate to the CorpHQ Folder, and modify the privileages. You can do this by selecting the Active Directory Group on the list and clicking the pencil icon to Change Role on permission.

Screen Shot 2014-06-06 at 12.22.02.png

From here you can now modify the original role that was assigned with the new custom role:

Screen Shot 2014-06-06 at 12.23.30.png

For a user like this change in privileges will result in the CD-ROM and Floppy options becoming dimmed and unavailable.

Screen Shot 2014-06-06 at 12.33.08.png

Viewing Role Assignments

Screen Shot 2014-07-03 at 15.03.59.png


Back To Basics: Role-based Access Controls (Intro & Creating)

03 Jul


In small environments many organisation feel little pressure to excessive “delegate” responsibility within vCenter – with many being able to use individual user accounts with full-administration capabilities. However, the large the organization the more likely this flat model will be seen as unwieldy, offering little control and poor audit trails. Additionally, modern datacenters now operate under regimes of rigorous change-management controls or automation – these models need comprehensive role-based access controls to limit the scope of either administrator or automated actions. They are required for secure environments that must demonstrate audit trails to external scrutiny, and to ensure automate process which may malfunction are limited in the capacity to do damage.

vSphere’s security model can leverage the groups reside in Microsoft Active Directory Domains, LDAP and the local SSO instance. The model for security in vCenter is that Groups are assign to Roles, and from those rolesPermissions are granted. There are no restrictions in terms of the groups models in Active Directory – so Domain Local, Global, and Universal Groups can be used. vCenter ships with a number of pre-defined example roles. Custom Roles are available, and its common that most administrator will copy a pre-existing role, to create new custom role.

The roles themselves can be then assigned to objects in the hierarchy of the vCenter Inventory. By default these are inherited down the tree to include all sub-objects as you would expect to find in a file system like NTFS or EXT3. Controls do exists to stop this inheritance, as well as blocking access to an entire subtree using the “No Access” role type. Below is a list of the common built in roles and short description of the tasks they can carry out. These roles are viewable from >Home >Administration >Roles

Screen Shot 2014-05-23 at 15.38.44.png

Read the rest of this entry »


Back at my desk….

02 Jul

Well, I can’t believe it so long since I blogged on – my last post was almost a month ago. Anyway, I have my reasons – a.) i was very busy and b.) i went away on holiday. Myself and wife had  some lovely R&R in Lake Garda, Italy. Sadly, I was waylaid by cold/flu whilst on holiday – but for the sake of the holiday I battled through that. I ended up extending my holiday for another week to get over my cold. I guess that’s just Murphy’s Law – it seems that once you stop (go on holiday) you become more susceptible to picking up bugs!

Anyway, I was back at my desk on Monday – doing the usual catch-up on email and such like. Last night I had the good fortune to be interviewed by Steve Bruck of the vNews podcast – the topic is a subject close to my heart – FeedForward

On the show Steve questions me to find out more about the program, and we talk about the impact of, and importance of diversifying your skills beyond just technical knowledge and know-how.

vNews July 2014 – Special Edition Interview with Mike Laverick and FeedForward Initiative



No Comments

Posted in VMUG