Tag: vSphere

NSX

NSX with Log Insight Integration

by esxsi1 Comment on NSX with Log Insight Integration

This post covers the steps required to configure NSX with Log Insight integration. The versions used are NSX 6.2.5 and Log Insight 4.0, for assistance with getting these products up and running see the NSX Install Guide and vRealize Log Insight Install Guide posts. Log Insight is available to NSX customers entitled to use v6.2.4 and above, at no extra cost. The Log Insight for NSX license allows for the collection of vSphere and NSX log data.

The first step is to install the NSX Content pack on the Log Insight instance, then we’ll configure NSX Manager, the NSX Controllers, and any NSX Edges to use Log Insight as a syslog server.

NSX Content Pack

Browse to the IP address or FQDN of the Log Insight appliance and log in as admin.

loginsight

Click the menu option in the top right hand corner of the page.

admin

If you need to configure vSphere integration click Administration and vSphere under the Integration menu on the left hand navigation pane. Enter the connection details of the vCenter Server. To configure only specific hosts to send logs to Log Insight click Advanced options. Test the connection and when you’re ready click Save.

vsphereint

To install the NSX Content Pack select Content Packs from the menu option in the right hand corner of the page. Under Marketplace locate the VMware NSX-vSphere Content Pack.

contentpacks

Select the content pack, accept the license agreement and click Install.

contentpacksinstall

The next message informs you to setup vSphere Integration, which we covered above, and log forwarding for the NSX Manager, Controllers, and Edge components, which we’ll cover next. Click Ok.

contentpacksinstall2

The NSX Content Pack gives us additional dashboards accessible by clicking the drop down menu next to General on the Dashboards page. We won’t see any data there yet, as we need to configure the NSX components to use syslog.

nsxcontent

NSX Manager

Browse to the IP address or FQDN of the NSX Manager and login as admin.

nsxmanager

Click Manage Appliance Settings.

log1

From the General tab locate Syslog Server and click Edit.

log2

Enter the syslog server name or IP address and use port 514 protocol UDP. Click Ok to save the settings.

log3

NSX Controllers

Configuration of a syslog server for NSX Controllers is done through an API call. For the initial configuration a REST client is required. In this example we’ll use Postman for Google Chrome. Download the Postman app from the Chrome Web Store. When you first open the app click skip to use without creating an account. On the Authorisation tab set the authorisation type to Basic Auth. Enter the admin username and password of the NSX Manager.

log7

Click the Headers tab, in the key field type Content-Type, in the value field type application/xml. (The Authorization key in the screenshot automatically generates after configuring authorisation).

headers

To view the configured syslog server of an NSX Controller enter the URL https://NSX/api/2.0/vdn/controller/controller-1/syslog, replacing NSX with the NSX Manager name, you can also update the controller if required (i.e. controller-2, controller-3, and so on). Ensure Get is selected and click Send, the output will list the syslog configuration and is displayed in the Response field.

log7

To configure the syslog server change Get to Post in the drop down menu. Then click the Body tab and select raw. Enter the following text, replacing LOG with the correct syslog server.

<controllerSyslogServer>
<syslogServer>LOG</syslogServer>
<port>514</port>
<protocol>UDP</protocol>
<level>INFO</level>
</controllerSyslogServer>

Click Send. The new syslog server will be set. Change the controller-1 section of the URL to controller-2 and click Send to configure the same syslog server for controller-2, and again for controller-3. It is important that each NSX Controller is configured with the IP address of the Log Insight server. You can change Post to Get to view the syslog server configuration again once complete.

NSX Edges

NSX Edge Service Gateways and Distributed Logical Routers can be configured for syslog in the vSphere web client. From the home page click Networking & Security, select NSX Edges.

log4

Double click the ESG or DLR and open the Manage tab, Settings, Configuration. In the Details pane next to Syslog servers click Change.

log5

Enter the syslog server name or IP, ensure the protocol is UDP and click Ok.

log6

The syslog configuration is now complete, after a few minutes you should see events start to appear in the Log Insight dashboards.

loginsightnsx

vCenter

Reconfiguring vCenter Server for External PSC

by esxsi1 Comment on Reconfiguring vCenter Server for External PSC

VMware vSphere 6.0 reached end of general support 12 March 2020, with vSphere 6.5 scheduled for 15 October 2022, both referenced in the VMware Lifecycle Matrix. See also How to Install vSphere 7.0. Upgrade to vSphere 7 can be achieved directly from vSphere 6.5.0 and above, whereas vSphere 6.0 requires an intermediate upgrade to 6.5 or 6.7 first. For more information see the VMware Upgrade Matrix. Finally, the Windows vCenter Server and external PSC deployment models are now depreciated and not available with vSphere 7.0.

An external Platform Services Controller (PSC) can provide scalability and high availability across sites. A vCenter Server initially deployed with an embedded PSC can be reconfigured to use an external PSC by following the steps outlined below. Multiple external Platform Services Controllers can be deployed and an environment can be mixed between the appliance and Windows versions of vCenter Server and PSC.

externalpsc

Considerations

  • The vCenter Server must be running at least version 6.0 Update 1.
  • The process involves the installation of an external PSC as a new target for vCenter Server. The PSC must be in the same Single Sign-On site and domain as the vCenter Server.
  • Ensure you have good backups of your vCenter Server. If the vCenter Server is virtual take a snapshot before starting the process, likewise after deploying the new PSC take a snapshot.
  • If the process fails for any reason revert back to the snapshots.
  • An external PSC deployment model cannot be converted into an embedded PSC.
  • If vCenter HA is enabled then disable and reconfigure after the process is complete. For more information see Configuring vCenter 6.5 High Availability.
  • The commands outlined below are the same for the vCenter Server Appliance and Windows vCenter Server, unless specified. Take into account the following environmental variables:
    • For Windows all commands should be run as an administrator in an elevated command prompt.
    • For the appliance use the root account for all commands, enable BASH and launch the shell by running shell.set -enabled True followed by shell.

Process

The first step is to determine the Single Sign-On site by running the following commands on the vCenter Server: vCenter Server Appliance: /usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost. Windows vCenter Server: "C:\Program Files\VMware\vCenter Server\vmafdd\vmafd-cli" get-site-name --server-name localhost.

Make a note of the SSO site. Next deploy the new external Platform Services Controller, if you require assistance with this see the Deploying an External Platform Services Controller post. The new PSC must be configured with the same Single Sign-On site and domain as the vCenter Server you want to reconfigure.

joindomain
joinsite

Once the external PSC is up and running go back to the vCenter Server. Confirm the Platform Services Controller services are running, for Windows first navigate to the correct directory by using:

cd "C:\Program Files\VMware\vCenter Server\bin".

For both the appliance and Windows versions run the following command:

service-control --status --all

Check that the VMware License Service, VMware Identity Management Service, VMware Security Token Service, VMware Certificate Service, and VMware Directory Services are running.

cmd

To reconfigure the vCenter Server to use the new PSC use the following command, replacing newpsc with the IP or FQDN (case sensitive) of the new PSC, username, domainname, and password with the relevant SSO domain and user details.

cmsso-util reconfigure --repoint-psc newpsc --username username --domain-name domainname --passwd password

If the external PSC is configured to use a custom port then add [--dc-port port] where port is the port number. Check the configuration results.

results

Confirm the vCenter is accessible by logging in to the vSphere web client. The process is complete, if you disabled vCenter HA then you can now go ahead and reconfigure.

vCenter

Deploying an External Platform Services Controller

by esxsiLeave a Comment on Deploying an External Platform Services Controller

VMware vSphere 6.0 reached end of general support 12 March 2020, with vSphere 6.5 scheduled for 15 October 2022, both referenced in the VMware Lifecycle Matrix. See also How to Install vSphere 7.0. Upgrade to vSphere 7 can be achieved directly from vSphere 6.5.0 and above, whereas vSphere 6.0 requires an intermediate upgrade to 6.5 or 6.7 first. For more information see the VMware Upgrade Matrix. Finally, the Windows vCenter Server and external PSC deployment models are now depreciated and not available with vSphere 7.0.

This post will walk through the process of deploying an external Platform Services Controller (PSC) appliance. The PSC was introduced with vSphere 6.0 to deal with infrastructure services such as Single Sign-On, Certificate Authority, and licensing.  For more information on the Platform Services Controller review this KB.

The PSC can be either embedded within the vCenter Server, or external to allow scale out for larger environments. When deciding if an embedded or external PSC is appropriate review the vCenter Server deployment models here. The external PSC can be installed as a virtual appliance, or installed on a Windows server (virtual or physical). Environments can be mixed, for example a PSC virtual appliance can be deployed where a physical Windows vCenter currently exists. You may also want to review the following posts:

Installation Process

Downloaded the VMware vCenter Server Appliance here: v6.0, v6.5.

Mount the ISO on your computer. The VCSA 6.5 installer is compatible with Mac, Linux, and Windows. Browse to the corresponding directory for your operating system, e.g. \vcsa-ui-installer\win32. Right click Installer and select Run as administrator. As we are installing a new instance click Install.

psc1

On the welcome page click Next. Accept the license agreement and click Next.

psc3

For the deployment type we need to select Platform Services Controller under the External Platform Services Controller heading. Click Next.

psc4

Enter details of the vCenter or ESXi host where the appliance will be deployed, click Next.

psc5

Select a location for the virtual appliance and click Next.

psc6

Select the compute resource for the virtual appliance and click Next.

psc7

Enter a name for the virtual appliance and configure the root password, click Next.

psc8

Select the storage to use and click Next.

psc9

Select the VM network to use and configure the network settings, click Next.

psc10

Review the deploy Platform Services Controller summary page and click Finish. The Platform Services Controller appliance will now be deployed.

stage2

In stage 2 we configure the new appliance, click Next.

config

Configure the NTP server(s) and click Next.

config1

The SSO configuration page is where we determine if the PSC should be joined to an existing SSO domain or if you are creating a new SSO domain. Enter the SSO domain details and click Next.

config2

Tick or untick the Customer Experience Improvement Program and click Next.

config3

On the summary page click Finish and Ok. The PSC virtual appliance will now be configured.

config4

Once complete we can access the Platform Services Controller in 2 different ways. For the appliance management portal browse to https://IP:5480 where IP is the IP or FQDN of the virtual appliance. Login with the root account.

root

Here we can configure settings specific to the virtual appliance, such as networking, SSH, syslog, etc.

root2

To access the user interface browse to https://IP/psc where IP is the IP or FQDN of the virtual appliance. Login with the administrator@vsphere.local account created or defined in the installation wizard.

psc

Here we can configure Platform Services Controller related settings, such as permissions, certificates, etc. To join the PSC to an Active Directory domain browse to Appliance Settings, and Manage. Under Active Directory click Join.

domain

The Platform Services Controller has now been deployed and configured. Multiple PSC instances can be placed behind a load balancer to provide High Availability, as outlined in this KB.