IBM Firmware – not too fun

It doesn’t matter what vendor you choose you have to deal with firmware for servers.

PastedGraphic-6BEFORE

unknownAFTER

How did this happen? with a lot of trial and error.

I first tried the GUI utility “IBM ToosCenter Bootable Media Center”. Be careful with this tool if you change the workdir.. make sure you still have workdir in your path or the ISO image will fail to write.

I tried versions:
9.64
9.41
2.31

I tried to write to USB directly, write to CD, create iso file. The boot image failed to boot beyond GRUB loader.

PastedGraphic-7

After several trials and errors I had to resort to update via IMM interface. To summarize the process. You will update the IMM firmware by uploading the exe or bin files. Then you will restart the IMM). The other firmware next and lastly the DSA.  Be sure to document your IMM settings, either by backup IMM config to file or screenshots of IP addresses. Also make sure your java is up to date. The IMM after the update, complained of cookies needed in the browser, even though that setting is on by default in firefox.

Good Luck

** update. Don’t forget to reboot the server and watch the boot process. Some parts of the firmware upgrade is trickier than others. But then I was going almost a 5 year gap for firmware dates 2010-2014.

After several reboots the last firmware was applied. This was verified in the IMM
– look under the VPD Vital Product Data firmware section.

Joining VCSA 5.5 to AD Domain with Secure Token Service (STS)

The easiest choice is:

1. Active Directory with (Integrated Windows Authentication)

a. Use the Machine name.

” If you’re adding AD authentication, simply make sure the VCSA is added to the domain, then use Integrated Windows Authentication using the computer account. Couldn’t be simpler.”

Normally, you would do the above.

I had some problem with this as the error messaged stated the VCSA was improperly joined to the domain. I had to remove and rejoin, without success. So eventually I explored another method.

==

Following KB: 2058298 “Creating and using a Service Principal Account in vCenter Single Sign-On 5.5”
Service Principal Account (SPN) is a new feature in vCenter Single Sign-On (SSO) 5.5. The SPN account acts as the Secure Token Service (STS) for token issuing.
This article provides steps to configure and use a SPN when creating an Active Directory Identity Source for SSO 5.5.
1. verify domain
C:\>echo %UserDNSDomain%
You see output similar to:
child-domain.vmware.com
Type setspn -Q sts/DNS_domain_name and press Enter. This verifies that no other SPNs have been created on this domain.
For example:
C:\>setspn -Q STS/child-domain.vmware.com
You see output similar to:
No such SPN Found.
Note: If a SPN is found, consult your Active Directory administrator.
(Here I created a SSOServiceAccount set to domain admin)
Next step is to setspn
C:\>setspn -S STS/child-domain.vmware.com SSOServiceAccount
From here you “Set the Active Directory Identity Source with SSO 5.5”
Creating an Active Directory Identity Source for use with SSO 5.5

To create an Active Directory (Integrated Windows Authentication) Identity Source:
Log in to the vSphere Web Client as administrator@vsphere.local or as another user with SSO administrator privileges. The default vSphere Web Client URL is:

https://client-hostname:9443/vsphere-client

Navigate to Administration > Single Sign-On > Configuration.
In the Identity Sources tab, click the Add Identity Source icon (Add Identity Source icon) under the option menu.
Click Active Directory (Integrated Windows Authentication).

Select the Use SPN option.
Enter this information:

Domain name: DNS_Domain_name
Service Principal Name (SPN): STS/DNS_Domain_name
User Principal Name (UPN): Domain User assigned SPN@DNS_Domain_name.com
Password: Password

For example:

Domain name: child-domain.vmware.com
Service Principal Name (SPN): STS/child-domain.vmware.com
User Principal Name (UPN): SSOServiceAccount@child-domain.vmware.com
Password: WelcomeToSSO55

And there you have it..you can now log onto SSO and you will be able to see the AD you joined in the SSO. Delegate SSO Admin Rights (in the web client “vCenter Users and Groups”. Add AD groups to Administrator group.

How to “fix” VCSA IP settings from command line.

More and more often customers are looking for an easier method to deploy their vsphere management.

Vcenter traditionally has been an application loaded on top of Windows. .. but “the times they are a changing”

There are more use cases that the business requirements will allow for deployment of vcenter appliance.

But here is a quick post to help you “fix” your IP configuration for your appliance. Sometimes during the deploy of the VCSA OVA there is a miss communication or fat finger incident.. Here is how to address that.

It also allows you to change hostname, DNS, default gateway and proxy.

Summary:

Open a console session of the VCSA
Login as: root
Default password is: vmware
Execute the following command: /opt/vmware/share/vami/vami_config_net

/opt/vmware/share/vami/vami_config_net

 Main Menu

0)    Show Current Configuration (scroll with Shift-PgUp/PgDown)
1)    Exit this program
2)    Default Gateway
3)    Hostname
4)    DNS
5)    Proxy Server
6)    IP Address Allocation for eth0

After executing the command, a menu is displayed. Within the menu It is possible to change the IP address, hostname, DNS, Default gateway and proxy server.
After allocating a static IP Address to the VCSA, the post configuration can be done by using the following URL:

https://static-ip-address:5480

Symptoms:

VCSA was powered on.

ping was not responsive

Verified IP address

cat /etc/sysconfig/networking/devices/ifcfg-eth0 showed

cat /etc/sysconfig/networking/devices/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=’static’
STARTMODE=’auto’
TYPE=Ethernet
USERCONTROL=’no’
IPADDR=’10.72.60.53′
NETMASK=’255.255.255.192′
BROADCAST=’10.72.60.63′

EMC Elect 2015

347028-graphic-EMC+Elect+2015-hires.jpgI am truly honored to be chosen as a recipient of this recognition. There is always so much change happening in the world of storage. It doesn’t matter who you are a home consumer, SMB business, or large Enterprise Business. Understanding how that  change impacts you, your work, and your lifestyle.. that is the impact. That is the empowerment and that is the difference.

Old, new and not even on silicon.. Sharing about what technology does and doesn’t do … makes a difference in what technology can do and WILL do. That is a positive feedback loop. Contributing to advancement.

Here is the official announcement link:

“…

But finally the EMC Elect of 2015 were selected. Out of the 450 nominations leading to 200 finalists, the 102 official directory of its members for 2015 in alphabetical order are: …”

https://community.emc.com/community/connect/emc_elect/blog/2015/02/22/the-emc-elect-of-2015–official-list?et=blogs.comment.created#comment-36868

VNX and NFSv4

Just a note to self: (Actually when discussing NFS with your customer)

If you are using VNX make sure you use OE 7.1 and greater. Why??

NFS4 is enabled by default but just not turned on!!

$ server_nfs <movername> -v4 -service -start where: <movername> = name of the Data Mover

There are other considerations to implement NFSv4

  • NFSv4 Domain
  • Access Policy: Mixed is recommended
  • Delegation Mode off
  • You can even restrict access to NFSv4 only, as normally a file system is exported to all versions of the NFS protocol

Please see:

EMC White Paper: h10949-configuring-nfsv4-vnx-wp.pdf

HOT HOT HOT… Hot Spare that is! VNX VNX2

The other day I had a customer purchase a brand new DAE for his VNX.. awesome.. A full shelf of 25 drives.  900 GB SAS drives 2.5″ form factor.  Well do some quick math.. you have 5 R5 groups (4+1)

But… what a sec.. What about hot spare? You can run parity and have R5 for protection.. but you still need to be in compliance with your hot spare policy.  This customer has the older 3.5″ DAE (15 slots) and the newer drives are 2.5 ” .. what to do..

Will you have a valid hot spare on hand?

After some online research:

Based on the discussion and the reference white papers for both VNX and VNX2 – drive size isn’t of importance. The other factors are: drive type and density. VNX2 is global and won’t take into consideration the drive speed, so you could potentially have slower speed drive of same type for a replacement. This is unknown to the Admin as the policy is set differently.

https://community.emc.com/thread/123197?start=0&tstart=0  — A great discussion about this and a fantastic resource for EMC related issues. The following is take from the above thread.
Hot spare algorithm
The appropriate hot spare is chosen from the provisioned hot spares algorithmically.  If there were no hot spares provisioned of appropriate type and size when a drive fails, no rebuild occurs.  (See the Drive Rebuilds section.)  The RAID group with the failed drive remains in a degraded state until the failed drive is replaced; then the failed drive’s RAID group rebuilds.
The hot spare selection process uses the following criteria in order:
  1. Failing drive in-use capacity – The smallest capacity hot spare drive that can accommodate the in-use capacity of the failing drive’s LUNs will be used.
  2. Hot spare location – Hot spares on the same back-end port as the failing drive are preferred over other like-size hot spares.
  3. Same Drive type – Hot spare must be of the same drive type.
Failing drive in-use capacity
It is the in-use capacity of the failing drive’s that determines the capacity of the hot spare candidates.  Note this is a LUN-dependent criterion, not a raw drive capacity dependency.  This is measured by totalling the capacity of the drive’s bound LUNs.  The in-use capacity of a failing drive’s LUNs is not predictable.  This rule can lead to an unlikely hot spare selection.  For example, it is possible for a smaller capacity hot spare to be automatically selected over a hot spare drive identical to, and adjacent to the failing drive in the same DAE.  This occurs because the formatted capacity of the smaller, hot spare (the highest-order selection criteria) matches the in-use capacity of the failing drive’s LUNs more closely than the identical hot spare drive.
Note that a hot spare’s form factor and speed are not a hot spare criteria within the type.
For example, a 3.5” format 15K rpm drive can be a hot spare for a failing 2.5” 10K rpm SAS drive.
PastedGraphic-14
For the VNX2

PastedGraphic-13

Bottom line this is good to know because the customer had open slots in their existing 15 slot 3.5 ” DAE and if drive form factor did matter they would need to buy another DAE for the 2.5″ drives!

Here is the Hot Spare drive matrix. It illustrates the Failed drive and compatible spare.

mcx_hs_matrix

VExpert 2015 announced

vexpert

vExpert 2015

VMware has announced the vExpert list for 2015. Each year I read the FANTASTIC information shared by all the vExperts and I am always learning something new. This year I made a huge effort to share more and do more to vocalize all things VMware to educate my customers and wow.. I am truly honored that I was included in the list this year.

http://blogs.vmware.com/vmtn/2015/02/vexpert-2014-announcement-2.html

Thank you everyone for all your support!

@digital_kungfu

VMWARE PEX 2015

There is almost so much going on it is difficult to find enough time to attend every session that is of interest.

The challenge is if your interest falls in multiple areas.. then more often than not the in-depth sessions will have conflicts.

http://blogs.vmware.com/partner/tag/partner-exchange-2015

pex2015-300x153

VMware PEX (Partner Exchange) is a much different venue than VMWorld.

It isn’t that the topics are that much different. There are core areas: Virtualization, EUC, BCDR, SDDCU, Hybrid Clouds,

But hands on opportunity to talk to engineering staff and product management. You never know who you run into.

* Of course there are discounted exams, hands on training, Networking opportunities etc.