Windows Update and Hyper-V Cluster

I understood today Windows Update Client is most powerful Sith Lord and no any Jedi stop him :)

After stupid mistake (Set Automatic Windows Update Enabled) I saw that all virtual servers moved to another node but only one of VM in Saved State status and never activated . (its another story why VM couldnt moved or activated )

Actually I’m VMware guy and expect that without all VMs moved, source node shouldn’t be rebooted but its ! Actually i have some expectation from VMM but completely forgot Cluster Service , still all resources failover managed by it.

Again , no way to stop Windows Update Client ;)

Disable auto update or change something about resource failover policy

Cool … I know, its my bad , nothing about design …
VM

System Center DPM 2012 R2 Install Error ID: 812

Error id 812 is indicate that you have a problem with SQL Server Reporting Services

This is very clear and also its too clear that you forgot to configure SSRS

MSSQL installation do not auto configure SSRS

DPM also failed with default SSRS configuration because DPM use https to connect SSRS and default SSRS configuration work with http

Also another complexity is you have to create/generate self signed certificate

To create self signed certificate i advise you download selfssl why because automatically you can create and import it to trusted container of your server

Use such command in cli and pls pls do not care about error message what it out

Selfssl.exe /N:CN=MACHINENAME /V:365 /T

Also more important one is if your server in domain pls use FQDN for create self signed certificate otherwise you will see that you can not call reporting server url

And pls recreate reporting db  after you introduce and configure self signed certificate because otherwise you will get some can’t encrypt messaged from SSRS

After all you will install DPM lovely :)

Bye

Create a VM Network When Subscription is created in Windows Azure Pack with SMA part2

and finally i succeed the create a VM Network, activate NVGRE GW with NAT and set some settings how i want

in part one i explained almost everything to create a runbook, now i completed the code in part2

you can find out some stupid variables like $a , $z and also some different ideas to generate some needs which are very clear to understand but all are my own if you have better way or more short way use it pls :)

Important parameters are “-ForOnBehalfOf” , “-OnBehalfOfUser” , “-OnBehalfOfUserRole”

For such parameters and value what you will set please fallow your SCVMM -> Job section . You will find the owner informations there

Pls command me something wrong or need to explain more


workflow VahoTest2
{
    param
    (
        [object]$resourceObject,
        [object]$params
    )

    #Get some values to use it inside InlineScript
    #We will generate User and UserRole to use it create a VM Network
    #We have to generate first 27 character of AdminId underscore whole SubscipritonId
    $WAPSubscriptionId=$resourceObject.SubscriptionId
    $WAPAdminId=$resourceObject.AdminId

    InlineScript
    {

    # I dont know why but maybe because of design Owner of the VM, Network and other objects are
    # generated via first 27 character of AdminId underscore subscriptionId
        $SubscriptionID =  $USING:WAPSubscriptionId
        $UserRole = $USING:WAPAdminId
        $UserRoleCut = $UserRole.Substring(0,27)
        $Under = "_"
        $Dot = "."
        $NameForSearch = $UserRoleCut + $Under + $SubscriptionID

     # Try to generate random name for VMNetwork we will create
        $NetworkName = "VirtualNetwork"
        $NetworkNameSuffix = Get-Random -Maximum 9999999
        $NetworkNameTemplate = $NetworkName + $Under + $NetworkNameSuffix

     # Connect to SCVMM Server
     # Important thing is -ForOnBehalfOf because for WAP SPF need to connect SCVMM
     Get-SCVMMServer -ComputerName your.scvmm.fqdn -ForOnBehalfOf | Out-Null

     #To get a SCVMM user role for only related SubscriptionId and User
     $z = Get-SCUserRole | where {$_.Name -match $NameForSearch}
     $a = $UserRoleCut

     # Create a Virtual Network For Customer
     # Actually i set static LogicalNetwork in this runbook becauase Provider Address Spaces is my NVGRE enables one
     # After such command executed empty VM Network object will be appear in SCVMM
     $NewVMNetwork = New-SCVMNetwork -Name $NetworkNameTemplate -LogicalNetwork "Provider Address Spaces” -OnBehalfOfUser $a -OnBehalfOfUserRole $z

     # To assign ip block to customer need to randomize the octests
     # Actually we are using network Virtualisation and can overlap it but treditional logic, sorry :( 

     [string]$octet1 = 10
     [string]$octet2 = Get-Random -Maximum 254
     [string]$octet3 = Get-Random -Maximum 254
     [string]$octet4 = 0
     $subnetmask = "/24"

     $GenerateVMNetworkSubnetID = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + $octet4 + $subnetmask

     # Because of we are dealing with NVGRE,Network Virtualisation we do not have to set some VLAN ID
     # Just create a subnet object, thats it
     $CreateVMNetworkSubnet = New-SCSubnetVLan -Subnet $GenerateVMNetworkSubnetID

     # Right now in SCVMM VM Subnets tab is empty for create VM Network above
     # We need to add VM Subnet
     [string]$RSID = Get-Random -Maximum 254
     $NameVMSubnetUnderVMNetworkTemplate = $NetworkNameTemplate + "_Subnet" + "_" + $RSID
     $CreateVMSubnetUnderVMNetwork = New-SCVMSubnet -Name $NameVMSubnetUnderVMNetworkTemplate -VMNetwork $NewVMNetwork -SubnetVLan $CreateVMNetworkSubnet -OnBehalfOfUser $a -OnBehalfOfUserRole $z

     # SCVMM can do the IP Address Management, now we will define our ip range , dns
     # No need to deal with GW it will be auto created
     # First need to create some veriables
     #$GenerateVMNetworkSubnetWithoutMask = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + $octet4
     $RangeStart = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + "50"
     $RangeEnd = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + "254"

     # Create the IP Pool
     $ipAdressPoolName = $NetworkNameTemplate+"_Pool"
     $dnsIP = "8.8.8.8"

     # After this command executed you have to see an IP Pool under VM Network
     $staticIPAddressPool = New-SCStaticIPAddressPool -Name $ipAdressPoolName -VMSubnet $CreateVMSubnetUnderVMNetwork -Subnet $GenerateVMNetworkSubnetID -IPAddressRangeStart $RangeStart -IPAddressRangeEnd $RangeEnd -DNSServer $dnsIP -OnBehalfOfUser $a -OnBehalfOfUserRole $z

     # Now time to deal with NVGRE GW Service
     # This will be little static, maybe next time i will update it more dynamic and possible to load balance the service
     # Lets set static veriables
     $NVGREGWName = "internetgwservice2"
     # A statement below basicly put the NVGREGWName in front of the _Gateway string, we will use it next
     $NVGREGWNameTemplate = "{0}_Gateway" -f $NVGREGWName
     # NVGRE GW have an editional interface for internet access and distribute pulic ip address to Tenant Networks
     # Set you static IP Pool Name below
     $NVGREGWStaticIPPoolForIntenet = "Internet01"
     # A statement below basicly put the already created VM Network Name in front of the _Gateway string, we will use it next
     $VMNetworkNATConnName = "{0}_NatConnection" -f $NetworkNameTemplate
     # Now we are getting whole information about NVGREGW
     $NVGREGWOwn = Get-SCNetworkGateway -Name $NVGREGWName
     # After execute command below in SCVMM you can check the VM Network properties Connectivity Tab
     # Default Connect directly to an additional logical network & Direct Routing should be choosed
     #I command out first ActivateNVGREGWForVMNetwork because i got Error (11418) You do not have permission to access one or more of the objects required by this operation.
     #$ActivateNVGREGWForVMNetwork = Add-SCVMNetworkGateway -Name $NVGREGWNameTemplate -EnableBGP $false -NetworkGateway $NVGREGWOwn -VMNetwork $NewVMNetwork -OnBehalfOfUser $a -OnBehalfOfUserRole $z
     $ActivateNVGREGWForVMNetwork = Add-SCVMNetworkGateway -Name $NVGREGWNameTemplate -EnableBGP $false -NetworkGateway $NVGREGWOwn -VMNetwork $NewVMNetwork
     # To get public ip address and activate NAT to get ip pool
     $NVGREExternalIPPOOL = Get-SCStaticIPAddressPool -Name $NVGREGWStaticIPPoolForIntenet
     # Check the Connectivity Tab again, NAT should be choosed and you have an IP Address Now
     #$ActivateNAT = Add-SCNATConnection -Name $VMNetworkNATConnName -VMNetworkGateway $ActivateNVGREGWForVMNetwork -ExternalIPPool $NVGREExternalIPPOOL -OnBehalfOfUser $a -OnBehalfOfUserRole $z
     $ActivateNAT = Add-SCNATConnection -Name $VMNetworkNATConnName -VMNetworkGateway $ActivateNVGREGWForVMNetwork -ExternalIPPool $NVGREExternalIPPOOL
    }

}

Create a VM Network When Subscription is created in Windows Azure Pack with SMA part1

In this article i would like to describe how to create a VM Network under subscription of WAP (Windows Azure Pack) with using SMA when subscription is created but looks like its better to divide it two parts. Actually i m not very good about PS (powershell) and this is the first time use PS Workflow if you are like me, its better to start to read Microsoft Scripting Guy article first.

Shortly Azure Pack SMA is one of the good think i have ever seen after PowerShell for Microsoft. Shortly its a automation or orchestration tool . To install it please read this article from Romain Serre.

Actually you can find out a lot of article about SMA but i believe that this article different is explain something more clear for newbies like me.

First login WAP Service Management Portal, “AUTOMATION” section you will find out all things about create runbooks.

Screen Shot 2015-01-30 at 23.33.50

 

To create a runbook , press to New-> RUNBOOK -> QUICK CREATE

Screen Shot 2015-01-30 at 23.36.15

 

Set any name how you want, description but most important part is TAGS section , it should be “SPF” always , i will explain it a bit latter, but first important thing is never forget to tag your runbook.

Second important thing when you start to develop your workflow code pls do not change the workflow name latter, because for make a test you will run you runbook and an error will be appear that workflow name is different then what you run . If you would like to change the workflow name pls create a new workflow how you want and copy/past your code there.

After you create your first runbook pls filter it and be ready to edit for example , you can see that i clicked RUNBOOKS from top of the page and filter my runbook. I have some old runbooks and one of them is suspended other completed and newly created runbook is appeared never run, zero job and not published.

its very clear that to use runbook you need to publish, without publish your runbook it will never appear.
3rd important thing is when you develop your runbook it should never expect something from you when its run (means interaction like answer something yes or no , wait some input from console),  if its then you should see such exception and runbook status will be suspended, i will show you from where you can see the such exception and script out

Screen Shot 2015-01-30 at 23.53.35

Screen Shot 2015-01-30 at 23.47.03

Click on your create runbook and wait for new screen appear

Screen Shot 2015-01-31 at 00.11.32

Very easy you can fallow your runbook how many times its run , status and some other informations. Click “AUTHOR” and wait a new screen appear and then click “DRAFT” because we have not published something yet, need to write some code.

Screen Shot 2015-01-31 at 00.15.25

WAP have an editor, for example you can see that it can automatically manage () and {} also after you start to set variables it will auto complete it when you need it next time.

Now start to talk about example code below;

We know that we created a VahoTest runbook (or your one) and next we will care about param section.

Param section manage parameters but i really confused and couldn’t understand well i saw some parameters like $resourceObject and params, because they are different then what you set a parameter. For example you can set a parameter like Name, like “param ([string]$name)” and you can request parameter “VahoTest -name something” but $resourceObject and params are little different. Actually i write down such script to understand whats inside and after all i saw that they carry many key and value for different events.

I have to explain that SMA provide event base runbook execution, we will see it shortly and configure  do something when VM is created or do something when subscription create or do another thing when something deleted.

 

 

Screen Shot 2015-01-31 at 00.55.17

 

VMNetwork creation event happened and $resourceObject and params are carry something. You will see the full things when execute the script on your side.

InlineScript, workflows do not support all powershell cmdlets because of that InlineScript section comes to rescue, you can use it for commands which are not supported by workflow.

To access variables out of InlineScript section you need to use $USING:

Here maybe its good time to read something about workflow limitations.

Last lines are about testing and troubleshooting , for more please read this article.

After copy/past the code below, save it then click “PUBLISH” button. You will see that now nothing under “DRAFT” and its moved to “PUBLISHED” . When you want to edit again, come to “DRAFT” and click “EDIT RUNBOOK”


workflow VahoTest
{
    param
    (
        [object]$resourceObject,
        [object]$params
    )
 
    InlineScript
    {
        $params=$USING:params
        $resourceObject=$USING:resourceObject
 
        Foreach ($param in $params)
        {
            $param
        }
 
        Foreach ($resources in $resourceObject)
        {
            $resources
        }
    }
 
    write-output (Get-Date)
    write-warning "Warning Message"
    write-error "Error Message"
    write-verbose "Verbose Message"
}

Screen Shot 2015-01-31 at 01.18.58

Now time to assign runbook for any type of event we need, In my example above playing with “VM CLOUDs” . Click “AUTOMATION” link, you can see already created things.

In my example i want to execute runbook when VMM start to create VM Network (its easy then create a subscription or VM :) ). You can imagine anything you want, for example its a good exercise to see what key/values are passed to $resourceObject and params for different kind of events

Screen Shot 2015-01-31 at 01.24.03

Please go to WAP from tenant portal try to create a VM Network manually, you will see that SMA will trigger the runbook , back to the admin portal find runbook , click on it and then click “JOBS” , check the job output. Thats it !

Screen Shot 2015-01-31 at 01.47.44

Now we are ready to switch part 2

VM

Python ,vCloud Director REST API Series for Beginners – Just get the list of Org

Hola Everybody, (I’m not Spanish or Catalan but under effect this days)

In my first article about vCloud REST and API , i just tried to describe how to get the token with very bad coding example in WordPress. Its good to find a way to share codes from WordPress, thanks for this article.

In this article I added getting org list from vCloud Director also made error handling and XML parse with ElementTree

I’m expecting in next article start to create something inside vCloud Director with REST API and python and extend the code


# coding=utf-8
def get_vcloud_token(vcd_hostname, password, api_version):
    import urllib2
    import base64

    vcloudsession_url = "https://" + vcd_hostname + "/api/sessions"
    encode_credentials = base64.b64encode(password)

    # Prepare headers we will post
    vcloudapi_version = "application/*+xml;version=" + api_version
    vcloudapi_auth = "Basic %s" % encode_credentials
    data = ""
    authheaders = {'Accept': vcloudapi_version, 'Authorization': vcloudapi_auth}
    request_format = urllib2.Request(vcloudsession_url, data, authheaders)
    make_request = urllib2.urlopen(request_format)
    # We will not need to read whole html out
    # result = make_request.read()
    # Just need to catch key provided by vCloud Director from header response
    token = make_request.info()['x-vcloud-authorization']
    # this function will turn result to get and use it where it called
    return token

def get_vcloud_org_list(exisiting_token):
    import urllib2
    import xml.etree.cElementTree as ET

    vcloudapi_url = "https://v.dorukcloud.com/api/" + "org/"
    api_version = "5.5"
    vcloudapi_version = "application/*+xml;version=" + api_version

    # Now use the requested token before for query the org list
    afterauthheader_org = {'Accept': vcloudapi_version, 'x-vcloud-authorization': exisiting_token}

    # Be careful, there is no PUT request here, we will make a GET because of that second parameter
    # described with headers = afterauthheader_org and if you do not set headers then second parameters
    # will be accepted as a data
    make_org_list_call = urllib2.Request(vcloudapi_url, headers=afterauthheader_org)

    # Also lets improve our code with exception handling
    try:
        make_org_list_request = urllib2.urlopen(make_org_list_call)
        # Now we take the response as a file like object
        org_list_response = make_org_list_request.read()
        org_list_in_xml = ET.fromstring(org_list_response)
        # Here because of result is file like its a string we are importing it and ET will parse it
        org_list_in_xml = ET.fromstring(org_list_response)

        # Pls print response to understand how is the result
        # You will see that its an XML out and OrgList is will be the root tag or root element, it will have some child(s)
        # it will be Org and Org will have some attributes like Name , Href and type
        # we will take the name attributes of each child(s)

        # Create an empty array
        org_name_array = []

        for child in org_list_in_xml:
            # Add child.attrib['name'] inside the array
            org_name_array.append(child.attrib['name'])

        return org_name_array

    except urllib2.URLError,e:
        print 'I guess wrong URL, SORRY ! '

# This is another function defined and name is main, you can see that inside main function we are calling get_vcloud_token function

def main():
    token_result = get_vcloud_token("you_vcloud_url", "Sit_Lord@System:password", "5.5")
    #This lines for tests , you can use it after remove the #
    #print token_result

    org_names = get_vcloud_org_list(token_result)

    #This lines for tests , you can use it after remove the #
    #print type(org_names)
    #for i in org_names:
    #    print i

main()

Python , RESTClient and vCloud Director REST API Series for Beginners – Just login and take token

Today is 16 November 2014 and i m so new to python, RESTClient and vCloud Director API. This article is for beginners , hope help a lot for newbies

Update : in this article i have a bad view about coding , next article have better and if something wrong pls read it too .

First start from RESTClient

Before start we need to learn about little REST ,Methods and Headers . Please read when you are free this and thisquicktips and methods .

I do not have any programming background because of that explaining everything with my way. We have well known protocol which is HTTP/HTTPS and  using it for make some query and execute tasks . Softwares like vCloud Director provide us interface to do it. Methods , actually we are using each day it via web browsers , if you like to see http://www.vmware.com web site actually your are doing HTTP GET and if you would like to fill out some forms you are making HTTP POST. Headers are very important here , actually we mostly know header information like “User-Agent” , “X-Forwarded-For” , list to headers

Okay, ready now . Please download RESTClient plagin for Firefox and execute it

Screen Shot 2014-11-11 at 08.00.08

Now to make something with REST API on vCloud Director , we need to login first and  after provide credentials vCloud Director will provide us a token to use it next calls .

First change the Method to POST and write down you vCloud Director url , example https://your_vclouddirector_url/api/sessions

Second, i told you headers are very important , you will see now , on top pls click Headers and then Custom Header

Screen Shot 2014-11-11 at 08.15.44

then Name part type Accept and Value part application/*+xml;version=5.5

Version part should need to be change for which version vCloud Director you are using , in my example i am using 5.5 , you can use 5.1 then type it like that
Here also i wonder what is accept and related value , accept is client site (means we are) requesting something and accept only xml base content-type, here little special thing for vCloud Director . Check headers explanations

Screen Shot 2014-11-11 at 08.17.11

Now need to add our credentials for authenticate and get token from vCloud Director

Again from the top, select Authentication and choose Basic (you could do that add like custom header what we did before)

Screen Shot 2014-11-11 at 08.26.34

Now its time to provide your credentials , here don’t forget user name should be like user@organization , here if you use System Administrator to do something you have to use admin_name@System , RESTClient will convert it base64 encoding automatically. Base64 is

Screen Shot 2014-11-11 at 08.34.54

and we are ready to go please click SEND and see the response

Screen Shot 2014-11-11 at 08.36.14

important part is x-vcloud-authorization response header , this is very important because for 30 mins it will be our key to query without credential . This article is cover only How to get Token , now do it with python , also not for you if you see any ” its quotas , i don’t know why its appearing like that :(

Token Request Python Code

# Welcome to Python
# Python is very easy to use, no need to use $ to set veriables and use , ; end of the line.

# urllib2 is module, actually its a another code, have some functions inside. Used for web browser like functionality inside code.
# We are importing such modules to use inside our own code(to call , run and get result)

import urllib2

# base64 is module, job is endoing and decoding , we need this when provide password to connect vCloud Director

import base64

# Using import cause need to use functions with module name, means to use urllib2, you need to call module like urllib2.request
# If you import module like ‘from urllib2 import xxx” means you can use xxx function only, no whole code will be loaded. Ex: request
# Setting vCloud Director API URL, use your own one ! https://your_vcloud_url/api/
# This link will be used for make next calls after we have a token
# You can set the stings inside “” or ”
# For numbers no need to set value between “” or ”, just type it a = 5
# u is indicating its a unicode , here its not important but you should need it when using different languages letters like Turkish

vcloudapi_url = u”https://your_vcloud_url/api/”

# Setting vCloud Director Session URL
# This link will be used for only get a token

vcloudsession_url = “https://your_vcloud_url/api/sessions”

# vCloud Pass,  use your own pass !

vcloud_pass = “Sit_lord@System:password”
# Now, remember RESTClient API and vCloud Director API needs. We have to set headers inside the request
# vCloud Director version, mine is 5.5 , if you have different one change it like 5.1

vcloudapi_version = “application/*+xml;version=5.5″

# You know RESTClient automaticly encoded authentication values to base64, now do it with python

convertto_base64 = base64.b64encode(vcloud_pass)

# Encoded value will be used for authenication, set the encoded value to vcloudapi_auth veriable

vcloudapi_auth = “Basic %s” % convertto_base64

# We have a empty veriable, which name is data. actually it used for make POST request

data = “”

# Creating headers for our web request
# Actually we are creating key and value pairs here

authheaders = { ‘Accept’ : vcloudapi_version , ‘Authorization’ : vcloudapi_auth}
# Now using urllib2 module Request function, combining url , method and headers to generate how we will request something from vCloud Director

request_format = urllib2.Request(vcloudsession_url, data, authheaders)

# Send request

make_request = urllib2.urlopen(request_format)

# Read web server answer

result = make_request.read()

# Take the token header from response of web server
# x-vcloud-authorization is header
# This token will be used for next requests , after that no need to send credenitals to vCloud Director for 30 mins , this is default
# info() — return the meta-information of the page, such as headers
# Additional getcode() and geturl() can be used, getcode() return the HTTP status code of the response
# geturl() return the URL of the resource retrieved, commonly used to determine if a redirect was followed

token = make_request.info()[‘x-vcloud-authorization’]

# write out token

print token

Then you should see something like that

Screen Shot 2014-11-16 at 16.11.41

 Now time to understand functions and turn the code with function

# for create a function you need to define it like below, start with def and then function name and give the parameters what you need to have, of course you should not need to get something you can leave it like this ()

# to use this function need to feed it with related parameters, otherwise it will be not work
# Sorry maybe it will not appear correct but the code block within every function starts with a colon (:) and is indented.

def get_vcloud_token (vcd_hostname,username,password,api_version):

import urllib2
import base64

vcloudsession_url = “https://” + vcd_hostname + “/api/sessions”
encode_credentials = base64.b64encode(password)

#Prepare headers we will post
vcloudapi_version = “application/*+xml;version=” + api_version
vcloudapi_auth = “Basic %s” % encode_credentials
data = “”
authheaders = { ‘Accept’ : vcloudapi_version , ‘Authorization’ : vcloudapi_auth}
request_format = urllib2.Request(vcloudsession_url, data, authheaders)
make_request = urllib2.urlopen(request_format)
result = make_request.read()
token = make_request.info()[‘x-vcloud-authorization’]
#this function will turn result to get and use it where it called
return token

# This is another function defined and name is main, you can see that inside main function we are calling get_vcloud_token function

def main():

token_result=get_vcloud_token(vcd_hostname=”your_vcloud_url”,username=”Sit_Lord”,password=”password”,api_version=”5.5″)

print token_result

# To execute main function type the name() without or with parameters
# Now main function will be called and inside main another funtion will be called too !

main()
Now, thats it , next articles will be more more easy …
Also i will try to find out another way to share the code to be more clear …

VM

 

WAP, NVGRE and Hair pinning

Hello All ,

Today we faces connectivity issue between tenant networks behind same NVGRE GW.

Think that you have two tenants , Company A and Company B and two virtual networks and also NAT rule configured for remote access 3389 (RDP) to Company A VM can connect Company B VM but problem is two virtual networks are behind the same NVGRE GW.

Problem is single interface and To and From is behind a single interface , means source vm network coming from NVGRE outside interface and want to get in same interface to access other vm network .

This image could explain , BRIDGE is describing NVGRE , squares are vm networks and VM s behind

vepa

Pls check related settings on NVGRE GW node , active or passive , i guess its not important

 

PS C:\Users\Administrator.DORUKCOSN> Get-NetNatGlobal
InterRoutingDomainHairpinningMode : External

 

Then set it Local

PS C:\Users\Administrator.DORUKCOSN> Set-NetNatGlobal -InterRoutingDomainHairpinningMode Local
PS C:\Users\Administrator.DORUKCOSN>

Then go go go , try it now

External comes default , be care about it

Regards
VM

About FC SAN – Collection

After made some modification in our SAN network i need to describe all

First  about the design(Architectural) point of view very clear explanation from brocade. Actually my design is between mesh and core-edge

About the limitations need to read each FOS version scalability guidelines , this is for version 7.x  (FOS is Fabric OS , Firmware or Operating System of brocade switch) its important because how many switch(domain id) supported per fabric, how many access gateway per fabric, how many node per fabric, number of zone

if you dont know what is Domin, Domain ID, E Port, N Port pls read IBM Redbooks (Chapter 2 and for Domain ID page 405 Principal Switch Selection)

About Brocade Access Gateway read this (1.1.1 Basic Concept, 1.1.2 Port Mapping, 1.2 NPIV_ID Virtualization, 1.3 Benefits, 1.3.4 Cost Reduction , 1.5 Limitations)

Most important question mark in my mind was multiple connection between Brocade Access Gateway to Fabric SWITCH for availability , read section 2.4.1 in same document , i tested and F port to N port mapping are switched and communication is continue without any issue at the fail-over time

About Brocade Access Gateway port mapping use same document or fallow related link

For ag commend reference

For change FC switch to Access Gateway execute commands bellow

First you have to disable switch (this is also needed if you update the licenses on switch too)

Jango-Fett:admin> switchdisable

Disable auth policy

Jango-Fett:admin> authutil –policy -sw off    Warning: Activating the authentication policy requires either DH-CHAP secrets or PKI certificates depending on the protocol selected. Otherwise, ISLs will be segmented during next E-port bring-up. ARE YOU SURE  (yes, y, no, n): [no] y
Auth Policy is set to OFF

Use such commend if you want to sure that you really disabled

Jango-Fett:admin> authutil –show
AUTH TYPE     HASH TYPE     GROUP TYPE ————————————–
fcap,dhchap     sha1,md5     0,1,2,3,4 Switch Authentication Policy: OFF Device Authentication Policy: OFF
Then switch to access gateway mode, switch configs will be deleted and rebooted

Jango-Fett:admin> ag –modeenable
WARNING: Access Gateway mode changes the standard behavior of the switch. Please check Access Gateway Administrator’s Guide before proceeding. Enabling agmode will remove all the configuration data on the switch including zoning configuration, FAWWN configuration and security database. Please backup your configuration using configupload. This operation will reboot the switch.
Do you want to continue? (yes, y, no, n): [no] y
Access Gateway mode was enabled successfully Switch is being rebooted…

Additionally need to know about licensing  because from community i can see many question about ISL , people says ISL need license but actually ISL Trunking need optional license

 

vCloud Director 5.5 ValidationException INVALID_VRP_CPU_MHZ too

Hello All 

After upgrade we faced problem create vDC or update vDC resources with allocation model. Actually my subject is INVALID_VRP_CPU_MHZ too because another article help me to solve the issue 50 percent,  explain the solution about it (Thanks to him)

*Generally what we faced vCloud Director always have a problem about upgrades, before we faced wrong type temporary table column issue and this time INVALID_VRP_CPU_MHZ, also index rebuilds are can be failed too, waiting 5.6 for see the this time we will faced upgrade issue or not :D

But problem is related two vDC which cause an issue (their cpu resource is setter Infinity 4294967295000 ) i can not change the value what i wetted with sql commands via vCloud Director GUI

After VMware investigation not just only table vrp also org_prov_vdc table related column should be fixed too ! 

Then everything start to work perfect again
Hope this help when people face with same situation 
VM

SSL fingerprint mismatch

Actually i do not have something more then what you find from google but have some correction or if you have some misunderstanding maybe i can help

We have two vCloud Director cells , mostly configurations are single cell

We fallowed this article http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2021877
if you have pfx pls start from step 2

in article alias numer shown like one but i saw that its like a GUID number, very long id

Also if you create a new key store, mostly no need to add root and intermediate certificates but if you want you can import too ! I have some links for keytool which can be helpful

Included root certificates in java http://superuser.com/questions/55470/which-trusted-root-certificates-are-included-in-java
How to import root and intermediate certificates to keystore http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html and http://www.sslshopper.com/tomcat-ssl-installation-instructions.html

What is not described if you have multiple cells you have to apply “To update the vCloud Director cell service:” section for all , when you start to activate its saying DB updated bla bla and you fill like no need to touch other cells , but you have too …

Actually load balancer persistence  option do not solve any problem

Also this problem is not available in older versions

SSL Offload, many word on google actually no way to do SSL Offload because cell do not accept connection from port 80 BUT on load balancer you can configure port 443 and access backend via 443 too !

Need to know something about pfx , pkcs

http://en.wikipedia.org/wiki/PKCS

http://security.stackexchange.com/questions/29425/difference-between-pfx-and-cert-certificates

Regards
VM

Follow

Get every new post delivered to your Inbox.

Join 103 other followers