Stretched cluster with NSX

Last NLVMUG I was talking about stretched clusters. My presentation elaborated somewhat on how VMware NSX can help you deal with challenges that arise when deploying a stretched cluster solution. In this blogpost I want to have a closer look at this specific topic.

A quick understanding about what a stretched cluster solution actually is; it is a vSphere cluster configured in one vCenter instance containing an equal number of hosts from both sites. This allows for disaster avoidance (vMotion) and disaster recovery (vSphere HA) between two geographical separated sites. From the backend infrastructure perspective, your (synchronous replicated) storage and network solutions must span both sites.

Looking into network designs used for stretched clusters, you will typically face challenges like:

  • How do you design for VM mobility over 2 sites, requiring Layer-2 networks between the 2 sites?
  • Stretched Layer-2 networks (VLANs) introduce a higher risk of failure (think Layer-2 loops).
  • How to properly segment applications and/or tentants (customers/business units)?
  • Netwerk flows. What about your egress and ingress connections?

Let’s begin with how a VMware NSX install-base could look like if it is deployed within stretched cluster infrastructure.

Stretched cluster with NSX architecture

A stretched cluster with VMware NSX could look like the following logical overview.

Read More

Synology DSM6.0 VLAN support

I’ve noticed some distress on the web because, with the release of Synology DSM version 6.0, it is no longer possible to use the vconfig command. This command was used to configure VLAN tagging on your interfaces.

It is however still perfectly possible to create multiple sub-interfaces on a physical interface or bond without using the vconfig command. All you need to do is create additional config-files for each of you sub-interfaces. Each sub-interface represents a VLAN ID. The config-files are found in /etc/sysconfig/network-scripts/.

Note: shell access is required to your Synology. So you should enable SSH for instance.

In the example below, you will see my Synology has a bond using eth0 and eth1. My setup required to have some additional VLAN tagged sub-interfaces on top of my physical bond interface.

As you can see, I have a sub-interface for VLAN 100, 120, 130 and 20. You only need to copy a config-file using the naming format ifcfg-<phy int>.<vlan-id>, and adjust it to your needs. A (copied) config-file looks like this:


Read More

Stretched cluster VM & datastore affinity

When using a vSphere stretched cluster solution, it is important to have your VM(s) and its VMDK(s) affinity aligned in the same datacenter. So if the storage controller in datacenter 1 serves the read/write copy of the datastore, you would like the VM to run on a vSphere host in the same datacenter. This will avoid the storage read IO’s to traverse the inter-datacenter connections, resulting in an obvious impact on performance. With the VM – datastore affinity in place, you will also mitigate the risk of potential VM outage if a datacenter partition (aka split-brain scenario) will occur.

Let me show you what I mean by using a simple logical overview of a stretched cluster infrastructure. The following example is based on an uniform storage backend. More information on uniform and non-uniform metro storage solutions is read here.

What you don’t want:

VM affinity

What you do want:

VM affinity


It is perfectly possible to automate the alignment upon… VM creation for example. Needless to say, you will require DRS to run. Preferably in fully automated mode.


Read More

vSphere and NFV tuning considerations

In my current role, I am involved in a lot of discussions around network functions virtualization, a.k.a. NFV. Talking about NFV in this post, I mean telco applications. By that I mean applications specifically designed for and used by Communications Service Providers (CSPs) as core applications to, for instance, enable your (mobile) phone to actually be able to call another phone. 🙂

NFV with regards to telco applications is not that mainstream so it seems. The old school native way, having telco specific hardware running line cards, payload servers, etc., obviously is not sustainable looking at the current way we like to do ICT.  On the other hand, it looks like telco application vendors are still finding their way on how to properly adopt virtualization as a technology. So it looks like the level of virtualization adoption for network functions is a few years back in comparison to IT application server virtualization.

But development is rapid, and so it is for NFV. There already is a NFV Architecture Framework created by ETSI. ETSI was selected in November 2012 to be the home of the Industry Specification Group for NFV. The framework is a high-level functional architecture and design philosophy for virtualized network functions and the underlying virtualization infrastructure as shown in the following diagram:


Although there are words that NFV is mostly deployed using a KVM hypervisor working closely with OpenStack as the API framework for NFV,  VMware is looking to hook into the needs of the communications service providers to properly ‘do’ NFV using VMware solutions. Hence the vCloud for NFV suite.

VMware vCloud NFV is a Network Functions Virtualization (NFV) services delivery, operations and management platform, developed for Communications Service Providers (CSPs) who want to reduce infrastructure CapEx and OpEx costs, improve operational agility and monetize new services with rapid time to market.


Let’s have a closer look at tuning considerations for vSphere to properly run NFV workloads!

Read More

Containers, VMs and unikernels

Last week I had an interesting discussion with a colleague on containers (Docker mostly), VMs, as well as a more recent development in this space called unikernels. Regular geek speak. I’ve mashed up the most interesting parts of the discussion, together with some background information.



Containerization is lightweight OS virtualization that groups and isolates certain processes and resources from the host operating system and other containers. Containers share the operating system kernel and may share binaries and libraries.

The following image depicts the difference between VMs and containers.
VMs versus containers


Read More

NLVMUG 2016 sessions

This March the 17th, the annual NLVMUG UserCon will be held in ‘s-Hertogenbosch. Last year an amazing turnout  of 900+ attendees was reached! It turned out to be one of the largest VMUG world wide. Let’s top that this year!

Make sure you don’t miss out and register here!


It’s gonna be a full agenda with around 23 sessions divided between VMware, sponsor and community speakers. Next to that there’s  also the boot-camps and 2 keynotes. Speaking at keynote 1 will be VMware’s own Kit Colbert! You can use the breaks to have a look at all the stands. Be sure to talk to as much interesting vendors as possible. Hear them out on what they could bring to your IT challenges.

It will be an action packed day. One could say the NLVMUG is starting to look like, a sort-off, mini VMworld.

Rutger and myself will be there, presenting in our own VMUG community sessions. Check out our time slots:

Read More

Host disconnect after ESXi 5.5 U3b (SSLv3 POODLE)

Today I was preparing a new blade chassis in an existing vCenter environment. After applying the predefined Critical Host Patches baseline (default task for new hosts), the hosts would not reconnect to vCenter.

Turns out VMware decided to disable SSLv3 for ESXi 5.5 Update 3b and higher, because of the POODLE vulnerability. The dependency is clearly stated in the release notes and in the VMware Product Interoperability Matrix below. (more…)

Read More

vRops: Beware of the filters

The other day we were messing around with VMware vRealize Operations Manager a.k.a. vRops. My customer wanted to have a clear overview of virtual machines being over- or undersized.

I like to use default views within vRops and adjust them to my needs. The same goes in this example using the predefined Virtual Machine Rightsizing CPU, Memory, and Disk Space view. As I was tuning this view to our liking, it only showed the virtual machines that were oversized.

I am just as curious about undersized virtual machines, but those were missing. I was expecting to see 4 virtual machines instead of 2…

vrops filters

Maybe it’s just me, or me still in ramping-up mode after a short vacation, but I missed the filters that were applicable to this view. Even though the description says it all… 🙂

List of Virtual Machine Rightsizing CPU, Memory, and Disk Space. This list is filtered to only VMs that are oversized and are currently powered on.


Read More

Homelab Synology backup strategy

A while ago I finally had some attention for my much beloved data. I gave some thought on how my data would be safe if disaster would struck, like my Synology NAS catching fire. Or worse, my house…

So when I speak of  ‘my beloved data’, I am talking about:

  • Homelab data (VM’s etc.)
  • Personal documents
  • Photos & videos

I could live with my homelab data being lost. I would not be a happy man, but a complete homelab reinstall would be possible without any backup. However, if one can avoid the loss of data, one should. 🙂

More important however, are my personal documents and my photos/videos. Those are invaluable to me! I wanted to make sure that all this data is centralized on my Synology NAS and I have the requirement for an off-site backup. The off-site backup would have to be affordable while growing in GB’s. The RTO would not matter that much as long as I’m able to recover the data.
Also, I would like to reduce the number of cloud storage solutions (Google Drive, Onedrive, Dropbox) and their associated clients.

The diagram below shows the setup I came up with:



Read More

My VCDX experience

Friday the 30th of October Rutger and myself got the great news that we both passed the VMware Certified Design Expert (VCDX) defense! What a trip it was! In this blog post I would like to take you through my experience of the whole process…


For the ones not familiar with the VMware VCDX program, here’s a quick introduction…

VCDX-DCV requires enterprise-class vSphere and data center virtualization skills. This elite group is comprised of design architects highly-skilled in VMware enterprise deployments The program is designed for veteran professionals who want to validate and demonstrate their expertise in VMware technology.

Certification is achieved through the unique design defense process, where all candidates must submit and successfully defend a production-ready VMware Solution before a panel of veteran VCDX holders. This process ensures that those who achieve VCDX status are peer-vetted and ready to join an elite group of world-class consulting architects.

All in all it is a pretty time consuming track which goes back to the days where I was learning for the VMware VCP5-DCV certification. After that I went ahead and aimed for both VCAP5 certifications (soon to be replaced by the VCIX exams). Just about a year ago, I actually decided to step it up a notch and go for the pinnacle of VMware certification being VCDX!

However, It did take me up to 6 months to actually start with my application. If I would do the whole thing again, I would definitely started way earlier with it than I did. Oh well, once up & running I managed to stay focused and put in the effort required.

I’ve talked to a fair amount of current VCDX holders over time and always knew I wanted to be part of this. I wanted to know if I could do this. What was the worst that could happen, right?! To fail perhaps? Then I would go for a second chance. No shame in that.


Read More