Monthly Archives: November 2019

ISO Management Pack

ISO/IEC 27001 is the standard in the ISO/IEC 27000 family of standards providing requirements for an information security management system (ISMS). To be compliant, it asks for VMware vSphere to have certain properties. vRealize Operations makes this easier by having the alerts predefined.

The first step is to download it. For convenience, the direct link is on the Compliance page itself. Click on Market Place Download link.

It will take you to the marketplace.vmware.com. Login to download it. The management pack itself is not chargeable.

Once the .pak file is downloaded to your computer, come back to vRealize Operations screen, and click on Install.

The install wizard is pretty straight forward. If it’s your first time installing, then the above 2 check box work either way.

The process is only a few minutes, as it’s a relative small add-on. You can enable your policy at the end of the install (apology not shown on).

Once completed, you can see the alerts and symptoms that are added. Simply search for ISO in the name. You will also see that the provider is not vCenter adapter, but the ISO adapter.

To customize it, simply modify the settings or create a new set of alerts.

How to upgrade to vRealize Operations 8.1

This post was contributed by someone I respect for his dedication to vR Ops. Varghese Philipose, Staff TAM and Ops Ambassador, has done many upgrades. He is part of the awesome TAM team in Middle East, and they have successfully done >100 upgrades. I’ve been to Dubai several times and meet their customers. The enthusiasm from the customers on how vR Ops have helped them is the proof of the TAM team dedication.

The post was reviewed by Armen Hovhannisyan, from R&D team in Armenia, home of vR Ops. I’m fortunate enough to have spent many visits and learned directly from the creators.

The upgrade assessment tool (APUAT) generates 2 type of reports:

  • First report is relating to Metric reductions, usage of reduced metrics in custom content and proposed workaround.
  • The second report is doing pre-upgrade system checks and returning failures, if there are Upgrade blocking system issues.

Because of the above, we recommend to run the tool before upgrade from all vROps versions.

Download upgrade assessment tool vRealize Operations 8.1 – Upgrade Assessment Tool  (Filename: APUAT-8.1.0.15796701.pak)

  • Launch a browser. Go to
    https://master-node-FQDN-or-IP-address/admin, where the address is the master node Administrator interface.
  • Click Software Update in the left panel.
  • Click Install a Software Update in the main panel.
  • Follow the steps in the wizard to locate and install your PAK file. Check Install the PAK file even if it is already installed.
  • Install the Upgrade Assessment Tool.
  • Wait for the software update to complete.
  • Access to Pre-upgrade assessment report – steps as below:
    • Navigate to the Support > Support Bundles tab.
    • Download the light support bundle that was generated from the installation of the Upgrade Assessment Tool.
    • In the downloaded support bundle, open the cluster_timestamp_nodeaddress/nodeaddress_timestamp_nodeaddress/apuat-data/report/index.html file.
    • A list of all potentially impacted user content, if any , will be displayed in the Impacted Components Summary page.
    • In the tab of “System Validation Checks”, you will find the report of system validation checks for upgrade and recommendations (if any).

An example output from the System Validation Checks tab:

  • Validating all nodes in the cluster have a consistent online status
  • Validating product version
    • Make sure to run vRealize Operations Manager – 6.6.1, 6.7, 7.0 and 7.5 Virtual Appliance upgrade, as product version is 7.5.0
    • Ensure product and upgrade versions meet the requirements.
  • Verifying directories count to be under 30k in /tmp
  • Verifying vRealize Operation Manager is deployed on ESX/ESXi 6.0 or later (with the exception of ESX/ESXi 6.5 that must be with a patch not lower than ESX/ESXi 6.5 Update 1) and managed by VMware vCenter Server 6.0 or later (https://docs.vmware.com/en/vRealize-Operations-Manager/8.0/rn/vRealize-Operations-Manager-80.html).
  • Checking root account.
  • Checking admin account
  • Checking /dev/sda partition size.
  • Checking /dev/sdc partition size.
  • Checking /usr/lib/vmware-vcops/user/plugins/inbound size.

There is no need to SSH to every node separately, if APUAT doesn’t report an issue.

Login to My VMware. Download the correct upgrade file.

  • Upgrading from 8.0: use this.
  • Upgrading from 6.x or 7.x: use this.

If you have a large vROps cluster with more than 4 nodes, speed up by pre-copying upgrade files to all nodes. Follow steps in KB 2127895

If possible, remove all impacted Management Packs, if any, prior to initiating the upgrade.

Take a snapshot.

  1. Login to vR Ops \Admin UI.
    Take the cluster offline. Shut down all nodes in this sequence: Remote Collectors, Data nodes , Replica Node and Master Node. Now you know why I prefer to keep the deployment simple 😉
  2. Login to vCenter.
    Take snapshot of all the nodes.
  3. Power on vR Ops nodes in the sequence starting Master Node, Replica Node, Data Nodes and Remote Collectors.

Upgrade:

  1. Login to vR Ops \Admin UI
  2. Take the cluster offline, if it comes online after powering ON. This reduces the time taken for upgrade
  3. Initiate vR Ops In-place upgrade
  4. Once the upgrade is completed, verify functionality. If all functionality is reported correctly, take the cluster offline, shutdown nodes and delete the VM snapshots.
  5. Once snapshots are removed, power on the nodes in sequence
  6. Once all nodes are powered on, bring the vROps cluster Online.

Because of vR Ops 8.1 included vRealize Suite 2019 you should upgrade your vRealize Suite license from 2018 to 2019 as well.

Approach to define SLA

How do you measure your SLA if you have different classes of service? For example, your offer a higher availability for Gold, and lower one for Silver. This is common and expected.

You offer 99.99% for Gold, and 99.9% for Silver. Both are measured against the same benchmark, which is the ideal, perfect availability (No Downtime).

Just because something is up, does not mean it’s fast. A VM can be up, but if it’s so slow, it is as good as dead. So you need another kind of SLA to complement Availability SLA. You need Performance SLA.

Another reason why you need another SLA is availability is a given. It does not matter what the number is. If it’s down, you better hurry to bring up!

Performance SLA needs to follow a consistent approach with other SLA. The higher the class of service, the higher the SLA. They can’t be the same number, else it’s confusing.

So it will look something like this

Gold: Performance SLA is 99.9%
Silver: Performance SLA is 99%

Another word, a VM in Silver environment will expect that it does not get what it demands as often as a VM in Gold. If the VM Owner wants to have better or more consistent performance, then simply pay more and upgrade to gold cluster.

This approach is easier than setting up a different SLA for each tier. Take for example

Gold: VM Memory Contention: 0.5%
Silver: VM Memory Contention: 1.0%

You notice the problem already?

That’s right! It’s hard to explain why 0.5 and 1, and not other numbers. It’s also hard to explain the gaps between them.

There is a 2nd problem. If you set different standards, it is possible that Silver will perform better than Gold, because it has lower standard!

It’s much easier to set a high standard (similar to the No Downtime situation) and just measure the failure to meet. You expect Silver to fail more often.

Operationally, having a single threshold is easier to set up. No need to play with vRealize Operations policy. You can also have mixed classes of VM in the same cluster, as the SLA threshold is the same.

Hope it addresses why Operationalize Your World applies a single threshold.

BTW, I encourage you not to modify the threshold. It’s more important to establish the baseline, and see its relative movement over time. Reason is infra performance don’t have perfect correlation with the business. It’s more important to know your performance pattern, than aiming for a perfect number. Don’t be obsessed with the number.