VMware Certification Naming Changes

Last week VMware Education announced a change in naming the various certifications, where the year in which the certification is achieved is reflected in the name of the certification.

Until now the name of the certification reflected the version of the product that it was related to (for example VCP6-DCV referred to the vSphere 6.0 release). This may cause confusion about the currency of a specific certification, since the pace where product releases are made available is not very strict, which is also reflected in the certification (-exams). For example my VCP4-DCV certification was 15 months older than my VCP5-DCV certification, but the latter was over 3 years older than my VCP6-DCV certification.

Also both my “DCV” and “DTM” certifications are valid but one is called VCP6 and the other is called VCP7 (as they relate to vSphere 6.0 and Horizon 7.0 respectively).

So changing the name to reflect the year where the certification was achieved does make sense and will result in certifications like VCP-DTM 2019 and VCAP-DCV Deploy 2020.

It is important to understand that the change is only with regard to the naming of the certification. This means that there are no changes in requirements to achieve a certification or for re-certification (so a certification is still valid for 2 years and can be renewed by taking a newer exam in the same track or taking an exam in a different track). Also the name of the certification exam wil still reflect the product version that the exam questions are based on.

More detailed information about this announcement can be found in the FAQ document on the VMware certification website.

vSAN 6.7 Encryption

In vSphere 6.5 VMware introduced the possibility to encrypt Virtual Machine data on a per VM basis. This is achieved by using VAIO filtering and a specific policy is used to indicate whether a VM needs to be encrypted or not.

With vSAN 6.6 another way of encryption was introduced which means that the entire vSAN datastore is encrypted and as a result every VM that is stored on the vSAN datastore gets encrypted (and hence no specific policy is required).

For both encryption methodologies a KMS server (or cluster of KMS servers for production environments) that supports the KMIP protocol needs to be installed and configured in vCenter. Although both vSphere and vSAN encryption can use the same configured KMS server/cluster there is a small but important difference in the way the keys that are required for encrypting the data are communicated to the ESXi hosts.

In the case of vSphere (VM) encryption, ESXi needs to be able to communicate to vCenter to get the specific Key Encryption Key (KEK) for a VM when this VM needs to start (or is created). So when vCenter is not available, such actions possibly cannot be initiated.

For vSAN encryption however, an ESXi host only needs to communicate with vCenter when vSAN encryption is enabled. At that moment the KEK ID’s required to store the Data Encryption Keys (DEK) that are used to encrypt the disks are sent from vCenter to the ESXi hosts. Using these KEK ID’s the host will communicate directly with the KMS server to get the actual KEK.

To show this mechanism I have created a little demo video. For my own educational purpose I have used the vSphere (and vSAN) 6.7 version which allows me to use the new vSphere (HTML5) client functionality.

Read more

Upgrading my vSAN Cluster

Some time ago I decided to upgrade my home lab environment running vSphere (from 6.0 U3 to 6.5 U1) and vSAN (from 6.2 to 6.6.1).

I started with upgrading the vCenter appliance which is quite a smooth upgrade process. The only problem I had is that initially the upgrade wizard did not give me a choice to select “Tiny” as the size for the new appliance. This appeared to be an issue with the disk usage of the existing appliance. After deleting a bunch of old log files and dump files from the old vCenter appliance I retried the upgrade wizard and this time the “Tiny” option was available – which is a better fit for my “tiny” lab ūüôā – and the upgrade process went just fine.

Next up was the ESXi upgrade (I have three hosts). First try was doing an in-place upgrade using Update Manager.

Read more

VMware vSAN Specialist exam experience

Recently VMware Education announced the availability of the “vSAN Specialist” exam which entitles those who pass it to receive the “vSAN Specialist 2017” badge. The badge holder is a “technical professional who understands the vSAN 6.6 architecture and its complete feature set, knows how to conduct a vSAN design and deployment exercise, can implement a live vSAN hyper-converged infrastructure environment based on certified hardware/software components and best practices, and can administer/operate a vSAN cluster properly“.

As I consider myself to be a vSAN specialist I thought this one should be rather easy to achieve, so after I read about it last week, I immediately scheduled my exam at Pearson VUE and took it today.

Read more

VMware VVOL’s with Nimble Storage

VMware Virtual Volumes (aka VVOL) was introduced in vSphere 6.0 to allow vSphere administrators to be able to manage external storage resources (and especially the storage requirements for individual VM’s) through¬†a policy-based mechanism (called Storage Policy Based Management – or SPBM).

VVOL in itself is not a product, but more of a¬†framework that VMware has defined where each storage vendor can use this framework to enable SPBM for vSphere administrators by implementing the underlying components like VASA providers, Containers with its Storage Capabilities and Protocol Endpoint in their own way (a good background on VVOLs can be found in this KB article). This makes it easy for each storage vendor to get started with introducing VVOL support, but also means that it is not easy comparing different vendors with regard to this feature (“YES we support¬†VVOL’s …” does not really say much about the way ¬†an individual vendor has implemented this feature in their storage array and how they compare to other vendors).

In this blog I want to show¬†the way Nimble Storage (now part of HPE) has implemented VVOL support. For now I will focus on the initial integration part. In a future blog I will show how this integration can be used to address the Nimble Storage capabilities for individual VM’s through the use of storage policies.

Read more

Creating a new vSAN 6.6 cluster

Last month VMware released vSAN version 6.6 as a patch release of vSphere (6.5.0d). New features included Data-at-Rest encryption,  enhanced stretched clusters with local protection, change of vSAN communication from multicast to unicast and many more.
Perhaps al ittle less impressive but yet very useful change is the (simple) way a new vSAN cluster is configured. To illustrate this I have recorded a short demo of the configuration of a new vSAN 6.6 cluster.

Read more

Deleting a vSAN datastore

I am a big vSAN fan and use it in my own Home Lab for most of my VM’s (main exception being¬† VM’s used for backing up … they are on my QNAP fileserver connected via iSCSI). My vSAN cluster configuration is quite static and the only thing that might change in the near future is increasing the capacity by adding an additional ESXi host to the cluster.

Currently I am running with vSAN version 6.2 and since the environment is very stable and it is my “production” environment I don’t plan to upgrade to the latest and greatest version yet. Still, I do want to work with the newer versions and functions (like iSCSI target) to become familiar with them and stay up-to-date with my vSAN knowledge, so I have a test (virtual) vSphere 6.5 Cluster with vSAN 6.5 installed, currently in a 2-node (ROBO) setup with an additional witness appliance.

With the release of vSAN 6.6 (check out the release notes here) I wanted to upgrade my vSAN 6.5 environment. Actually I decided to create a new vSAN 6.6 cluster from scratch with my existing ESXi hosts, which means I first had to delete my existing vSAN 6.5 datastore.

Read more

New vSphere 6.5 feature – DRS CPU Over-Commitment percentage

Over-commitment of resources is a well known feature of vSphere and allows you to use the available physical resources as efficient as possible, resulting in a possibly higher consolidation ratio (number of VM’s per ESXi host). This feature is especially interesting with regard to CPU resources, as this is a type of resource that has a very low average¬†utilization in many server environments. Using overcommitment of CPU allows you for example to configure a number of VM’s on a host with a total of ¬†let’s say 50 virtual CPU’s (vCPU’s) where the specific host only has 16 physical cores available. This is an example based on a general best practice to allow for a 3-to-1 overcommitment ratio (3x as many vCPU’s configured as available physical cores). Sometimes you might want to reduce this (if you have very CPU-intensive workload running on your hosts) or you could even decide to allow for a higher overcommitment ratio of 5-to-1 (for workload that uses relatively little CPU).

DRS (Distributed Resource Scheduler) is a feature of a vSphere cluster that makes sure that all workload (VM’s) running on all hosts in that cluster is provided with the resources it needs. Balancing the load within the cluster is done by using vMotion migration of VM’s from hosts that have relatively little resources to hosts where resources are more plentiful available.

Starting with vSphere 6.5 a new setting is available in DRS that allows you to configure the allowed CPU over-commitment ratio. If you enable this feature, you can configure a setting of up to 500% (a 5-to-1 over-commitment ratio).

Now … how does this work and does this have any impact on availability you may ask.

Read more

VMware VCP certification questions

During the VMware courses I teach I often get questions about the way to get certified and stay certified as a VCP. This blog post will try to explain your options.

First of all you need to be aware that several VCP certifications exist. The “classic” VCP (which focuses on vSphere) is called VCP-DCV nowadays (DCV being short for DataCenter Virtualization) and for those focusing on other VMware product lines additional certifications exist (specifically VCP-DTM for Desktop and Mobility, VCP-NV for Network Virtualization and VCP-CMA for Cloud Management and Automation).
Although these other certifications do not focus on vSphere they still require people that want to achieve them to at least have a solid base knowledge of vSphere. Therefore VMware has created a Foundation exam that every individual that wants to earn their first VCP certification (any type) needs to pass in addition to passing the specific VCP exam.

Read more

VMware Certification Manager

Recently VMware introduced the VMware Certification Manager website. Linked to your MyLearn account this portal gives you a very clear overview of your existing certifications (with expiration dates) and the history of exams you have taken in the past as well as a list of possibly expired certifications.

The portal also gives you access to logo material¬† related to your certification status, allows you to create .pdf versions of your certifcations and create transcripts which you can share through several social media (like sharing it on your website … check out my certification transcript for example).

Finally you will be able to check out any new VMware certifications you would like to pursue and the paths you can (need to ) take to achieve these.

Just go to http://www.vmware.com/certification and click the “Certification Manager” link on the right, provide your MyLearn credentials and see for yourself.

Happy certifying !