PSC/Embedded VC Snapshots - How to not break your replication

Body

As discussed in this blog post, PSC replication primarily involves the vmdird - VMware Directory Service.

This VMware Directory Service provides a multitenant, peer-replicating LDAP directory service that stores authentication, certificate, lookup, and license information. If your domain contains more than one PSC or embedded VC instance, an update of vmdir content in one vmdir instance is propagated to all other instances of vmdir.

All of this vmdir information is stored in a data.mdb file. This data.mdb file and its contents are essentially what are replicated.


Location of data.mdb

The size of this file is usually about 15-20MB per node – it really should not be beyond 150-200 MB in 99% of the cases.

How Replication is Broken

There are two ways that we see vmdird replication breaking:

Categories:
Click here to read more

Encrypting a VM using a Storage Policy

Youtube
Body

In our previous posts, we configured a KMS to use with a vCenter, and configured a VM storage policy for encryption.

Here, we are going to encrypt a VM using a VM encryption storage policy.
To start, we need to login to the vCenter vSphere Client and go to the Hosts and Clusters section.

In this example, I am going to encrypt the "RHEL7_1" VM.
To encrypt an existing VM, we are going to have to change its storage policy from its current one, to a VM Storage Policy for Encryption. The VM does need to be powered off for this operation, since we are changing the storage policy affiliated with the VMDKs.

The simplest way to run through this is to Right Click on the VM in question > VM Policies > Edit VM Storage Policies

Categories:
Click here to read more

Creating a VM Storage Policy for Encryption

Youtube
Body

Virtual machine storage policies control which type of storage is provided for the virtual machine and how the virtual machine is placed within storage. They also determine data services that the virtual machine can use.

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.storage.doc/GUID-A8BA9141-31F1-4555-A554-4B5B04D75E54.html

In our previous posts, we installed a KMS and configured it for use with vCenter. Here, we are going to configure a new VM Storage Policy to use for encryption.

We start by heading to Policies and Profiles, by heading to Menu > Policies and Profiles
In there, we are going to select VM Storage Policies and then Create VM Storage Policy.

Categories:
Click here to read more

Enhanced Linked Mode Replication on vSphere 6.x and 7.x

Youtube
Body

A platform services controller, or a PSC (which can be an external appliance, or embedded into VC) handles vSphere single sign-on (SSO), licensing, tagging, global permissions, custom roles, and certificate management. More Info:

https://blogs.vmware.com/vsphere/2017/10/platform-services-controller-psc-6-x-faq-now-available.html

We often read about PSCs replicating between each other, but more often than not, it is unclear WHAT exactly is being replicated between the PSCs. When you deploy multiple PSCs (or vCenters with embedded PSCs) in the same SSO domain, the PSCs will be replicating VMDIR data with each other, depending on how replication is configured.

Based on VMware documentation available here:

 https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.psc.doc/GUID-FE4E0496-A14C-4331-A7D6-1200F7C068A5.html 

VMDIR data includes: authentication, certificate, lookup, and license information. If your domain contains more than one Platform Services Controller instance, an update of VMDIR content in one VMDIR instance is propagated to all other instances of VMDIR (i.e the other PSCs or embedded VCs).

In this example, we are using 3x 6.7 PSCs, all part of the same "vsphere.local" domain.

Categories:
Click here to read more