LAB GUIDE
April 14, 2014
VCE CONFIDENTIAL
VCE CONFIDENTIAL
Introduction
In order to successfully administer a Vblock System, you need to be able to monitor the environment,
provision resources on demand and integrate the Vblock Systems into the existing datacenter operational
processes and procedures.
The labs included in this guide focus on how to monitor the Vblock System physical and virtual infrastructure to
understand the environment and to quickly identify where a problem may exist and how that problem may
impact the Vblock System services. The labs cover the most common administrative and management tasks that
a Vblock System administrator will make for normal day-to-day operations. Additional tasks for organization
operation tasks are also covered but these may vary based on the model of Vblock System deployed as well as
the steps outlined by the organization.
VCE as well as the individual component parent companies provide tools to monitor and manage the availability,
performance and configuration compliance of both the physical and virtual Vblock System environment. These
tools provide complete visibility into the Vblock System infrastructure to identify how resources are being
consumed and whether SLAs are being met. These tools provide system administrators with an extensible
management framework to simplify the transformation to the VCE Vblock System Cloud.
VCE is working to introduce that single pane of glass for Vblock System administration. VCE Vision Intelligent
Operation Intelligent Operations has been recently introduced to provide that single interface for Vblock System
administration. In its current state VCE Vision Intelligent Operation cannot perform all of the required
monitoring and management tasks so native element managers are still required. As the capabilities are added
to VCE Vision Intelligent Operation, the need for native component interfaces will diminish. The goal of Vision
Intelligent Operations is to treat the Vblock System as the single entity that it is with multiple active
components.
This lab guide is provided in a run book manner with each of the specific section objectives performed as tasks
that would be executed during the course of normal maintenance and administration. Each lab provides a
specific customer use case or scenario so the tasks are applicable to any datacenter deploying a Vblock System.
The tasks are not all inclusive and sometimes vary to actual production as to account for the limitation of the
training environment or to achieve specific learning objectives. These conditions will be identified in the
appropriate sections for this book.
VCE CONFIDENTIAL
VCE CONFIDENTIAL
Lab Architecture
VCE Vblock Infrastructure Management
VCE CONFIDENTIAL
In this class you will be introduced to and work with the VCE proprietary Vblock System management utility, and the
element managers of each of the components that make up a Vblock System.
The components of Vblock Infrastructure Platforms can be directly controlled using these independent tool sets:
VCE Vision
The VCE Vision software suite provides an integrated set of software products for managing a Vblock System. It enables
Vblock System customers to discover their Vblock System, identify where it is located, and what components it contains. It
reports on the health or operating status of the Vblock System. It also reports on how compliant the Vblock System is with a
VCE Release Certification Matrix and allows customers to automatically update any firmware or software that is not
compliant.
VMware vCenter
Provides unified management of all the hosts and VMs in the data center from a single console to an aggregate
performance monitoring of clusters, hosts, and VMs. VMware vCenter Server gives administrators deep insight into the
status and configuration of clusters, hosts, VMs, storage, the guest operating system, and other critical components of a
virtual infrastructure.
Individual element managers can be polled individually or can be integrated into a customers existing management
framework to provide significant intelligence about the resource relationships and dependencies, and the state of business
services running on the Vblock System.
VCE CONFIDENTIAL
For the lab exercises in this guide you will access the Vblock System Management interfaces using the appropriate interface
to access the components that compose the training Vblock System. Network connectivity addresses will be supplied on a
per team basis for the particular Vblock System setup used during your class.
VCE CONFIDENTIAL
VCE CONFIDENTIAL
VCE CONFIDENTIAL
C)
D)
E)
LAB 11.
A)
B)
C)
D)
E)
F)
G)
LAB 12.
Deploying Virtual Machines .................................................................................... 84
Creating a New Datastore ......................................................................................................... 84
A)
Provision an Additional LUN (OST)............................................................................ 84
B)
Create a New Datastore (OST) .................................................................................. 85
Creating a Virtual Machine ........................................................................................................ 86
C)
Creating a New VM in vSphere Web Client (OST) .................................................... 86
D)
Accessing and configuring the first Linux VM (OST) ................................................. 87
Capacity Management ............................................................................................................... 88
E)
VMware Capacity Monitoring (TST) ........................................................................... 88
Monitoring Storage .................................................................................................................... 90
F)
Monitor a Storage Pool (TST) .................................................................................... 90
G)
Monitoring a RAID group (TST) ................................................................................. 90
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
10
LAB 15.
A)
B)
C)
D)
E)
F)
LAB 16.
Protecting Vblock System Production Data ........................................................ 117
A)
Protection in Unisphere ............................................................................................ 117
Consistency Groups ............................................................................................................ 118
B)
Creating Application LUNs ....................................................................................... 118
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
11
C)
D)
LAB 17.
A)
B)
C)
LAB 18.
Proactive Monitoring ............................................................................................. 123
A)
Validating SNMP Setting within the UCS ................................................................. 123
B)
Validating SNMP on the MDS switches ................................................................... 124
C)
Validating SNMP on Nexus 5K Switches ................................................................. 124
D)
Validating SNMP on VNX ......................................................................................... 125
E)
Validating SNMP trap forwarding in EMC Unisphere ............................................... 125
F)
Configure UCS Threshold Policies ........................................................................... 126
G)
Syslog Management ................................................................................................ 127
H)
Using VCE Vision SNMP in Network Management Systems .................................. 128
I) Testing System Library Configuration .......................................................................... 129
VCE CONFIDENTIAL
12
LAB 1.
Lab resources for this activity are located remotely and will be accessed using the EMC Virtual Data Center
(VDC). In the section of the lab, you will connect into the VDC and log in to the management server where you
will launch the component interfaces required for this exercise.
If a Remote Desktop Connection dialog indicating certificate errors pops up, Click Yes to connect despite the
warning.
5) When it comes time to disconnect from the VDC at the end of each day, there are two ways to exit from
your Remote Desktop Connection to the Windows Management Host. One will leave your programs
running, allowing for later reconnection. The other will cleanly close all programs.
a) Closing the Remote Desktop Connection window will pop up the following message:
i)
VCE CONFIDENTIAL
13
Pre-Lab Notes
Please use IE (Internet Explorer) whenever a browser is needed. In your own environment other browser like
Firefox can be used, but in our simulated lab environment conflicts result from multiple students sharing
resources. For example, multiple instances of Firefox by the same user ID is not supported on a single shared
Windows Management Host.
Please do not change any of the configuration parameters, setting or options unless explicitly asked to do so.
These systems are in a shared configuration and unsolicited changes could adversely affect both your lab as well
as others.
VCE CONFIDENTIAL
14
Pre-Lab Considerations
Assumptions:
As a prerequisite to the steps outlined in this guide, you may assume that
basic power and cabling requirements have been met (as per the VCE Vblock
System Installation Guide), and that all components of the Vblock System have
successfully powered on without error by a VCE engineer or consultant.
Disclaimer:
This Lab Guide is current at the time of its creation and may not include
updates that supersede tasks outline in this guide. This document provides
procedures that may not conform to your installed Vblock environment due to
either differences in the Vblock System model or other special configurations
for our education setup. These documented procedures should be considered
reference only and are only fully qualified for this education lab environment.
VCE CONFIDENTIAL
15
The following illustration shows the components of the Vblock 340 System that will be used for student labs
VCE CONFIDENTIAL
16
LAB 2.
Scenario: The Vblock System has just been deployed in the Counterfake Inc. environment. You were exposed to
the environment from the test plan execution. As you prepare to take over the administration and management
you need to inventory the system to establish a baseline of the initial configuration. Because of its size and
number of components, the first thing would be to establish a baseline of how the system was delivered. This
provides the ability to compare changes to the environment in the event something stops working.
g)
2) Navigate through the GUI to validate the UCS Configuration. This is basic topology information for the
Vblock System Compute resources. The topology for the Vblock UCS starts with the Chassis and blade
Servers and then transitions to rack mount servers and Fabric Interconnects.
a) UCS Configuration - Select the Equipment tab on the GUI Navigation pane (left pane)
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
17
With the General tab selected in the Work pane (right-side) notice if the Slot ID matches the
Server/Team number?
ii) Notice the physical position of the server in the graphical picture of the chassis
iii) Notice the Product Identifier (PID) of your server
iv) Notice in the Summary section the number of Cores and Threads
e) Select the Inventory tab then the Storage sub-tab. Identify the PID of the installed Storage Controller
4) View the blade servers in the chassis
a) Select Chassis 1 in the Navigation pane
b) Select Servers tab in the Work pane
c) Notice the pie charts in the Work pane
i)
ii) Identify if there any Servers currently associated with a Service Profile
iii) Hover the mouse over the pie chart to get a count of associated servers
5) View the IO Modules in the chassis
a) In the Navigation pane for Chassis 1 expand IO Modules
b) Identify how many IO Modules are present
6) Get details about the IO Modules.
a) In the Navigation pane select IO Module 1
b) Select the Fabric Ports tab in the Work pane
c) Notice the Fabric ID of IO Module 1
d) In the Navigation pane select IO Module 2, notice if the Fabric ID of IO Module 2 is different than for IO
Module 1?
7) View the Server ports of Fabric Interconnect A
a) In the Navigation pane, expand Fabric Interconnects
i)
VCE CONFIDENTIAL
18
Note the Product Name field, it should be either Cisco UCS 6120XP or Cisco UCS 6248UP
10) View the mode the FC Ports are running in for Fabric Interconnect A
a) In the Navigation pane, select Fabric Interconnect A
b) For Fabric Interconnect model number Cisco UCS 6248UP only:
i)
d) Sort the ports by Role by selecting the If Role column header in the Work pane
i)
d) Sort the ports by Role by selecting the If Role column header in the Work pane
i)
In the Work pane notice the VSAN that the Port-Channel is configured in
VCE CONFIDENTIAL
19
ii) Notice the Port-Channel Admin Speed setting, click the dropdown to see other available settings
f)
g) Notice there may be no Ports that are members of the Port-Channel, which in this case is expected. The
data paths to the Vblock in the lab environment are through the FC-Uplinks ports
h) In the Navigation pane, expand FC Port-Channel 10, are the same FC Interfaces displayed as in the
previous question?
13) View the defined VSANs
a) In the Navigation pane, expand VSANs within Fabric A
b) Select UIM_VSAN_A_10
i)
In the Work pane notice the VSAN that the Port-Channel is configured in
VCE CONFIDENTIAL
20
After the Password: prompt, enter the Password of emc123%%, enter <CR>
2) Display the UCS configuration. In VCE Vblock Systems, UCS Fabric Interconnects are installed in pairs. The
Primary Fabric Interconnect automatically appends an -A, while the subordinate Fabric Interconnect
appends a -B to the system name for the display at the command prompt. In the example below, the
Unified Computing System is named UCS and we are logged into Fabric Interconnect A.
show configuration
This command returns a summary of the UCS configuration in XML format. By pressing the spacebar you
can navigate through the configuration in its entirety. Entering question mark ? will give you a
complete help list for the more command.
3) Display the UCS cluster information. This command returns the system name, mode and cluster IP address.
show system
4) Display a list of fabric interconnects. Note the CLI has built in help available by entering a question mark ?
to list options of what can be typed. Additionally, the tab <tab> key can be used to autocomplete options
on the command line that have only been partially entered. If the entered letters are not sufficient to make
a unique completion then the options available are listed. For example try
show
show
show
show
show
show
?
fa<tab>
fab<tab>
fabric-interconnect ?
fabric-interconnect d<tab>
fabric-interconnect detail
This command returns the detailed characteristics about the pair of fabric interconnect switches. It
includes Serial Number, installed memory and connectivity information.
5) Display cluster state
show cluster extended-state
This command returns the state of the fabric interconnect cluster. By using the extended state option
you also get to see member and heartbeat state information.
6) Display chassis information:
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
21
VCE CONFIDENTIAL
22
scope chassis 1
show fault
This command provides a list of UCS Chassis errors in a chronological order with a severity, ID and
description of each fault.
14) Display the audit log
scope security
show audit-logs
The audit log allows you to view the changes made to the UCS systems. It provides the time the action
took place as well as the user, action type and a description of the action.
15) Display backup information
scope system
show backup
This command returns the details of the UCS metadata configuration backup.
To get details about the host and remote location append the detail option to your command.
Note, the CLI also supports command history using the up and down arrows. An up arrow would
present the previous command as the base for appending the option.
16) Exit from the CLI and close the window
exit
exit
The first exit command exits from the scope, and the last exit command from the top context exits the
CLI and closes the ssh session.
C) EMC Unisphere for VNX (TST): Capture VNX Storage Configuration Information
1) Log into the VNX Unisphere GUI
a) Double-click the Unisphere VNX Client icon on the desktop
b) In the Connect Host name or IP address field, enter the VNX Control Station IP address of 192.168.1.15.
c) Click the Connect button
d) Click either the Accept for Session or Accept Always button in response to the non-trusted certificate
warning
e) Click Accept in response to the GNU General Public License query
f)
Log in using the VNX Control Station User Name of admin and Password of emc123%%
ii) Hover the mouse over the two section of the horizontal bar chart to see them free space available in
unused disks and pools
iii) Examine the Capacity for File graph and notice how much capacity is available for File storage
3) View the installed disks
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
23
a) From the Dashboard, click the link to your VNX system, or select the VNX from the Systems list on the
Navigation bar at the top of the screen.
b) Hover your mouse over the System button on the Navigation bar and wait for the system options to
display
c) Click on Disks from the hardware section to display the installed disks
d) Are there more than one disk Drive Type(s) installed in this system (hint: you may need to scroll)
e) Look at the LUN IDs column and notice disks with no LUNs, one LUN and multiple LUNs
4) View hot spare disks.
a) Hover your mouse over the System button on the Navigation bar waiting for the system options to
display
b) In the Hardware section click on Hot Spare Policy, view the drives set aside based on the policy to be
used as hot spares
c) Notice how many hot spares are configured in this system
5) Examine Storage Pools
a) Hover your mouse over the Storage button on the Navigation bar. waiting for the storage options to
display
b) Click to select Storage Pools from the Storage Configuration section
c) Notice how many storage pools are configured
d) Notice the different RAID Type(s) in each Storage Pool
e) Double-click to open Properties for the first Pool in the list.
f)
Select the Disks tab and notice how many LUNs are configured for this pool
7) View the connected hosts that are allowed to utilize storage on the VNX
a) Hover your mouse over the Hosts button on the Navigation bar.
b) Select Host List from the menu
c) Click on your teams assigned host from the list and look at Details at the bottom of the screen
i)
Click the Storage Group the host is part of to display the Storage Group Properties
VCE CONFIDENTIAL
24
2) Each naviseccli command must specify the VNX Block side user name, password, scope, and VNX Storage
Processor IP address where the command will be executed. Alternatively a Navi Security File can be created
so this information does not have to be specified for each command.
3) Review the Navisphere CLI command syntax:
<Name of the binary> -address <Storage Processor A or B IP address> -user <A
VNX BLOCK side user name> -password <VNX BLOCK password for the specified
user> -scope <a scope of 0 denotes a local array user account and opposed to
LDAP> <sub-command>
4) Verify the VNX storage array is functioning properly. Use the VNX Storage Processor IP address of
192.168.1.16 a User name of admin and Password of emc123%%
naviseccli -address <vnx_SP_IP> -user <user> -password <pass> -scope 0 faults
-list
This checks the status information for faulted components on the system and should return as operating
normally
5) Create a security file. The VNX user name, password, and scope can be stored in an encrypted security file
located in the home directory of your Windows user account. This security file negates the need for
specifying a VNX user name, password, and scope for subsequent Navisphere Secure CLI command.
naviseccli -addusersecurity -user admin -password emc123%% -scope 0
6) Display VNX system information
naviseccli -address 192.168.1.16 getall | more
Be sure to pipe the output to more (|more) as there is a significant amount of information displayed.
The command displays SP, Cache, LUN, RAID group, and drive type to name a few.
Add an entry to the user security file to simplify command entry and avoid explicitly showing the
password
7) Display SP information.
naviseccli -address 192.168.1.16 getsp
Command returns the SP signature, version, serial number and amount of memory each SP has; both SP
should match as memory is mirrored
8) Displays the back-end bus configuration including the devices residing on the back-end bus
(be patient, this command may take a while to display)
naviseccli -address 192.168.1.16 backendbus -analyze | more
This command returns the current and maximum back-end bus speeds for each back-end bus on the
system and the devices on the back-end bus
9) Display disk status for all disks.
naviseccli -address 192.168.1.16 getdisk -all | more
The command provides detailed output for all the disk drives in the array, information displayed
includes type, speed, capacity, RAID group and IO profile for the disk
10) Display disk status for a specific disk.
naviseccli -address 192.168.1.16 getdisk 0_0_0
Similar to the display for all devices, this command provides the information for a single disk 0_0_0 (Bus
0, Enclosure 0 and Disk 0)
11) Display LUN information
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
25
VCE CONFIDENTIAL
26
VCE CONFIDENTIAL
27
After the Password: prompt, enter the Password of emc123%%, enter <CR>
NOTE: Please DO NOT make any changes to the configuration of the equipment in this procedure. This
switch is shared among all students in the class.
2) Show the available exec commands. Execute the following command to show a list of commands
?
VCE CONFIDENTIAL
28
VCE CONFIDENTIAL
29
b) In the Host Name (or IP address) field, enter the A-Side Nexus 5548 IP Address of 192.168.1.4 Click
Open.
c) If a PuTTY Security Alert appears, click Yes to add this host to PuTTYs cache and connect
d) After the login as: prompt, enter the User Name of monitor, enter <CR>
e) After the Password: prompt, enter the Password of emc123%%., enter <CR>
NOTE: Please DO NOT make any changes to the configuration of the equipment in this procedure. This
switch is shared among all students in the class.
2) Show the available exec commands. Notice that the interface for the MDS and Nexus a very similar. Both are
built on NX-OS standards
a) Execute the following command to show a list of commands
? (Use the space bar to move down the list of commands)
3) Display BIOS, loader, kick start, and system firmware versions
show version
4) Display the current startup configuration.
show startup-config
Enter space bar to scroll to end of the output of this command
Does the interface mgmt0 value match what you used to start this putty session?
5) The above command showed the complete current startup configuration. Use the ? and <tab> command
line help to show only the last item displayed above
show startup-config ?
show startup-config i<tab>
show startup-config int<tab>
show startup-config interface ?
show startup-config interace m<tab>
show startup-config interface mgmt ?
show startup-config interface mgmt 0
Scroll up the putty display and compare this output to the end of the previous command. Are they the
same?
6) Display the management port configuration
show interface mgmt0
Confirm there is transmit (TX) and Receive (RX) traffic on the management interface
7) Display a brief description of the port status where your hosts are connected.
show interface brief
Notice which ports have a Status of up
8) View the number of VLANs currently configured on the Nexus switch.
show vlan summary
What is the number of user and extended VLANs?
9) Display the configured user accounts
show user-account
Notice how the admin and monitor accounts differ
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
30
The Licenses pane is displayed. Notice the Usage and Capacity of the vCenter Server license(s) and
the vSphere 5 Enterprise CPU license(s)
g) View the various options and be sure not to change any settings at this point in the lab.
3) Select the Home icon at the top of the screen
4) In the pane to the right, select the Home tab, then Event Console
5) Review the events for your teams vCenter
a) Click on the first (most recent event)
b) Can you describe the behavior that caused this event?
6) Leave the vSphere Web Client open for the next lab
VCE CONFIDENTIAL
31
I)
When dealing with a support call, you will often need to supply system logs, vSphere provides an easy way to
collect those logs. Additionally, you will likely want to provide configuration information, and Vision can provide
those.
1) First, collect the pertinent logs with vSphere, continuing to use the vSphere Web Client from the previous
lab
a) From Home, Click on vCenter
i)
Click Finish.
g) In this zip file, there will be a parent directory, backup, with three subdirectories: compute, network
and storage. Each contains the configuration files for each element.
h) Close both the Internet Explorer and Window Explorer windows.
VCE CONFIDENTIAL
32
LAB 3.
VCE CONFIDENTIAL
33
VCE CONFIDENTIAL
34
a) Use option 8 to inspect the current configuration. DO NOT MAKE CHANGES now, but observe other
options available to change the information. For instance, to change the community that the System
Library publishes to, delete the current community with option 10, and then create a new community
with option 2.
b) Use option 12 (done) to exit configuring SNMP
19) To display current Vblock settings: name, location and main system contact
getmany -v2c localhost csnpub sysContact sysName sysLocation
Note: the csnpub in the above command is your community string. The value csnpub is the one used in
the lab environment, but should be replaced with whatever the community string is in your
environment.
DO NOT MAKE CHANGES now, but the command setSNMPParams can be used to change these
values
20) To manually backup the configuration files:
collectConfig.sh
This will collect the configuration files for all the systems. Later in the lab we will explore how to
download the most recent collection of configuration files to your workstation. If you are working on
the system library (as you are now in the lab), you can review these configuration files in the directory
/opt/vce/fm/backup. Here you will find a log of the collector, and the configuration files the collector
has retrieved (not just the most recent time) under the compute, network, and storage directories.
21) List all files recursively in the backup directory, noting their classification and size.
ls -FlasR /opt/vce/fm/backup
22) There are a series of system log files on the Vision appliance. They can all be found through a single
collected directory in /var/log/slib - this is a collection of symbolic links to the actual log directories
elsewhere in the system, but makes it easy to get at the logs. There is also an interface to collect all of the
logs into a group archive for export called export-fm-logs
ls FlasR /var/log/slib
23) Change into the temporary directory:
cd /tmp
24) Create a directory
a) Where X is your team number followed by your last name
mkdir <TeamX_LastName>
25) Change into your new directory:
cd /tmp/<TeamX_LastName>
26) Export the Foundation Management Agent log file
export-fm-logs -f fm_logs.tar.gz
This is a tar file. You can extract it with the tar command; most Zip utilities can also extract files in the
tape archive format (tar files).
27) Extract the exported Foundation Management Agent log file
tar xzvf fm_logs.tar.gz
28) The logs are now extracted, view the contents of the FMAgent.log file
less opt/vce/fm/logs/FMAgent.log
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
35
VCE CONFIDENTIAL
36
LAB 4.
While your Vblock comes with a vSphere installed with the Vision extensions, you may find the need to manage
the Vblock from a different instance of vCenter, or through an upgrade find you need to install the VCE Vision
Intelligent Operations Plug-in for vCenter. This lab walks through that process.
C:\Program Files\VMware\Infrastructure\vSphereWebClient\plugin-packages
Right click, and select Paste from the menu to copy the vce-plugin directory into the plugin-packages
directory.
It will take the Windows Management Host and the associated VMware vSphere Web Client service
up to five minutes to become available.
VCE CONFIDENTIAL
37
a) Security requires that a full hostname is used in the plug-ins authentication, not an IP address, but the
name of the host. To do this, the IP address that is assigned to your Vision console must be in your
companies DNS records, or, as we will do here in the lab, in your local hosts lookup file. We will add the
entry here:
i)
Determine if the VCE Vision OS Appliance Console already has a DNS record. The standard output
returned should resolve the FQDN of vision.take.emc.edu to an IP address of 192.168.1.10. Type:
nslookup vision.take.emc.edu.
Log in to the VCE Vision OS Appliance with a User Name of root and a Password of V1rtu@1c3!
c) Close the PuTTy session to the VCE Vision OS Appliance command prompt window by exiting, type:
exit
d) Close the Command Prompt window by exiting, type:
exit
6) Test the REST Interfaces of VCE Vision
a) Open an Internet Explorer
b) In the URL bar enter the address
https://vision.take.emc.edu:8443/fm/vblocks
c) Select the Continue to this website link
d) Log in to the VCE Vision CAS Authentication on System Library with a User Name of admin and
Password of dangerous
i)
Note the XML displayed. This output details the type of template used when VCE Vision discovered
the Vblock.
Note: If there is no VCE Vision Plugin for vCenter under the Administration menu, close the vSphere
Web Client tab, wait 2 minutes, then re-launch the vSphere Web Client via the desktop icon.
VCE CONFIDENTIAL
38
f)
Remember that the vision network address must be the name of the Vision System Library as it resolves
in either DNS or the systems hosts file. An IP address will not work here because of how the security
mechanisms work within Vision.
In the Navigation pane, expand the Compute resources. Note, there are two UCS Fabric Interconnects,
and a single UCS Chassis discovered by VCE Vision. Return to the Home screen of vSphere
Under the Home tab select the VCE Vision System Library Event Monitor icon
j)
Under Monitoring, select the VCE Vision System Library Event Monitor
k) Validate that vSphere is connected to VCE Vision by ensuring a list of is events populated.
VCE CONFIDENTIAL
39
LAB 5.
There is a wealth of information about the Vblocks current status, and ways to monitor the system for errors or
complete failures of your components.
In this lab we will take a tour of ways to investigate the various health statuses of your Vblock.
A key part of the ability to monitor and manage these types of issues with the Vblock is the VCE Vision Intelligent
Operations product that came installed on your Vblock. Often you will be delving into the individual element
managers for detailed information, but VCE Vision groups this information in a Vblock-centric manner then
makes it easier to diagnose issues.
VCE CONFIDENTIAL
40
d) Once the logs have been retrieved, click the Type dropdown menu and explore the various log types
C) UCS Fault Detection (TST)
Using the UCS System Manager, investigate any faults present.
1) Access the UCS Manager browser window on the Windows Management Server
a) Use the Internet Explorer browser icon on the desktop. In the browser address bar enter the UCS Fabric
Interconnect Cluster IP of 192.168.1.1
b) Select the Launch UCS Manager button to launch the GUI. Be patient as it may take some time to
download the GUI the first time it is launched
c) Log in using the User Name of admin and Password of emc123%%
2) On every screen of the UCS Manager, there are four icons at the top left of the screen - each representing a
different fault level (Critical, Major, Minor and Warning). Clicking on one of them will bring up the Faults,
Events and Audit log screen. Selecting the Admin tab in the navigation pane can also access it.
a) Select the Admin tab in the Navigation pane
b) In the Navigation pane, set the Filter dropdown menu to All
c) Highlight the Faults, Events and Audit Log heading
d) At the top of the Content pane, select the Faults tab
i)
Under the Faults tab, in the Show and Category section, ensure All is a checked
e) One at a time, select each alert in the list, investigate the issue.
f)
Select/Deselect some of the categories and fault level icons floating on top of the alert list.
3) This will list out the events that have occurred in the Vblock. Locate some of the events that represent
actions done in the Provisioning lab.
a) In the Navigation pane, highlight the Faults, Events and Audit Log heading
b) In the Content pane, select the Events tab
c) Are there any events that can be correlated with the faults previously viewed?
d) Under the Events tab in the Content pane select the Filter button, a Filter window is launched
e) From the Created at filter dropdown list select wildcard
f)
Enter the year, month and day of a fault from the Faults list. For example, 2014-04* will select all of the
events that happened in April of 2014.
VCE CONFIDENTIAL
41
VCE CONFIDENTIAL
42
LAB 6.
Security
What makes a Vblock system more secure than other data center solutions?
This module will cover the hardening of the Vblock system as well as adding new users and roles to the Vblock
system. In addition, is ensuring that tenants compute and storage are sequestered in the multi-tenancy
environment is also a challenge to be addressed. This will allow for the internal data security.
The security options called out in this section of the lab are a small sampling of the types of security
improvements that can be made in your Vblock System.
A) vCenter Password Retention (TST)
1) Access the vSphere Web Client
a) Double-click on the vSphere Web Client desktop icon. Use it to log in to your vCenter Appliance system
with the User Name of admin and Password of vmware
b) If a Certificate Error warning comes up, choose Continue to this website
2) In the Navigator pane, navigate to Home > vCenter > vCenter Servers
3) In the Navigator pane, select team-X-vcsa where X is your team number
4) In the Content pane, select the Manage tab
a) Under the Manage tab, select the Settings sub-tab
b) Under the Settings sub-tab, select Advanced Settings
c) Click the Edit button, a new Edit Advanced vCenter Server Settings window opens
d) In the Edit Advanced vCenter Server Settings window in the search box enter vim, then press <Enter>
e) Verify vCenterVirtualCenter.VimPasswordExpirationInDays is set to 30 days
f)
VCE CONFIDENTIAL
43
a) Browse through the help by touching the spacebar, the help includes advice about best practices for
passwords
b) Quit the viewing the output
q
3) Display command help for chage command. The chage command is used for setting up password aging. For
example chage -M 90 would set the maximum number of days before password change to 90.
info chage
a) Browse through the help by touching the spacebar, the help includes advice about best practices for
passwords
b) Quit the viewing the output
q
c) If the root VCE Vision CAS Authentication on System Library password needed be changed, the
slibCasChangepw.sh shell script is in the /opt/vce/fm/bin/ directory would be used.
ls -FlasR /opt/vce/fm/bin/slibCasChangepw.sh
d) Exit the putty session
exit
C) Adjusting Syslog maximum log file size (TST)
By adding a Syslog server, logs are sent to the server to facilitate reporting alerts and troubleshooting and also
helps ensure there is Auditing and Accountability which help secure your Vblock System.
1) Access the UCS Manager browser window on the Windows Management Server
a) Use the Internet Explorer browser icon on the desktop. In the browser address bar enter the UCS Fabric
Interconnect Cluster IP of 192.168.1.1
b) Select the Launch UCS Manager button to launch the GUI. Be patient as it may take some time to
download the GUI the first time it is launched
c) Log in using the User Name of admin and Password of emc123%%
2) View the Syslog server settings
a) In the Navigation pane, select the Admin tab
b) In the Navigation pane, expand the All heading
c) Expand Faults, Events and Audit Log
d) Highlight Syslog
3) In the Content pane, view the File section
a) Notice the Size (KB) is set to the maximum value of 4194304 kilobytes
b) The minimum possible value is 4096 kilobytes. Limiting the size of the log file can help reduce risk from a
DoS (Denial of Service) attack. Such attacks are characterized by an explicit attempt by attackers to
prevent legitimate users of a service from using that service.
VCE CONFIDENTIAL
44
g) Where X is your team number followed by your last name, enter VLAN<TeamX_LastName>User
h) Expand the Network sub-tree underneath the All Privileges tree
i)
ii) Notice the Description of the Assign network privilege displayed at the bottom of the Create Role
dialog
iii) Click the OK button
3) Clone a second new role
a) In the Roles pane notice the new VLANUser role
b) Select the new role VLAN<TeamX_LastName>User
c) Click the Clone role action icon (just to the right of the + sign)
d) For Role name enter VLAN<TeamX_LastName>200User where X is your team number followed by
your last name
e) Expand the Network privilege sub-tree and notice Assign network is already checked
f)
After the Password: prompt, enter the Password of emc123%%, enter <CR>
VCE CONFIDENTIAL
45
config terminal
3) Create the QoS Policies. On the Vblock, the QoS policies are as follows:
a) CoS 2 - NFS (If NFS is being used)
b) CoS 4 Vmkernel
c) CoS 6 - ESXi Service Console
4) Configure the NFS QoS Policy.
policymap type qos SET_COS_2
class class-default
set cos 2
5) Configure the Vmkernel QoS Policy
policymap type qos SET_COS_4
class class-default
set cos 4
6) Configure the Service Console QoS Policy
policymap type qos SET_COS_6
class class-default
set cos 6
7) Create the Port Profile for the Service Console.
port-profile type vethernet vblock_esx_mgmt
vmware port-group
switchport mode access
a) For VLAN ID, enter the value assigned by your instructor for the Service Console:
i)
VCE CONFIDENTIAL
46
a) For VLAN ID, enter the value assigned by your instructor for ESX VMotion:
i)
In the Navigator pane, expand the second level team-X-n1kv where X is your team number
g) In the Navigator pane, you should now see the two port-profiles you defined on the Nexus 1000v. If not
visible, try refreshing the display with the refresh icon
VCE CONFIDENTIAL
47
LAB 7.
Trusted Multi-Tenancy
So far in this course, you have been working in a fully privileged environment, logging in as the special user
admin which has the administrator role that has full read-and-write access to the entire system. The lab
configuration has eight Sub-Organizations defined, one for each Team. The Organization model has been used
as a way to separate one Teams work from another, but there were no restrictions in place.
A user can be assigned one or more Locales. Each Locale defines one or more Organizations (domains) the user is allowed
access, and access would be limited to the organizations specified in the locale. You can hierarchically manage organizations.
A user that is assigned at a top level organization has automatic access to all organizations under it.
In this lab, you will create hierarchical organizations, and new user accounts associated with those organizations, and conduct
operations to illustrate how resources can be isolated in a multi-tenant environment.
VCE CONFIDENTIAL
48
c) In the Navigation pane, expand Service Profiles, expand root, expand Sub-Organizations
d) In the Navigation pane, expand sub-organization TeamX
e) Confirm that the new TeamX<LastName> organization you created is visible here as well
B) Create Locales (TST)
1) Continue in the UCS Manager from the previous lab
2) Navigate to Local creation
a) In the Navigation pane, select the Admin tab
b) From the Filter dropdown menu select User Management
c) Expand User Services
d) Right-click Locales, and select Create Locale
3) Create a Locale
a) In the Create Locale screen, for Name enter TeamX<LastName> where X is your team number, click
Next
b) In the Assign Organizations screen expand the display of Organizations, clicking on the double down
arrow to the right of Organizations
i)
Expand root
ii) Drag and drop the TeamX sub-organization where X is your team number into the Design area
below the TeamX locale
iii) Click Finish
iv) Click OK to acknowledge operation success
4) Create another Locale lower in the hierarchy
a) In the Navigation pane, right-click Locales , and select Create Locale
b) In the Create Locale screen, for Name enter TeamX<LastName>Sub where X is your team number, click
Next
c) In the Assign Organizations screen
i)
Expand Organizations, expand root, expand TeamX where X is your team number
ii) Drag and drop the TeamX<LastName>Sub sub-organization into the Design area below the locale
TeamX<LastName>Sub
iii) Click Finish
iv) Click OK to acknowledge operation success
5) View the new Locales In the Navigation pane, expand Locales and see the two new locales displayed
VCE CONFIDENTIAL
49
j)
VCE CONFIDENTIAL
50
but we are exploring the pool creation here dont worry about how we derived the address in step 4, we will
cover it later.
For UUID Assignment click the dropdown arrow to display the menu
ii) Notice the TeamX_UUID pool from the parent TeamX sub-organization
iii) Notice the default UUID pool from the root level
iv) Notice the TeamXsub_UUID from the TeamXsub organization
v) Resources are supposed to be available at the current level and above in the hierarchy
vi) Click Cancel button to abort creating a Service Profile Template
11) Explore from the middle TeamX organization
a) In the Navigation pane, right-click TeamX sub-organization and select Create Service Profile Template
i)
For UUID Assignment click the arrow to display the dropdown menu
VCE CONFIDENTIAL
51
Select the Exit button located at the top-center portion of the Content pane
In the Navigation pane, select the Team2 organization (or if you are team2, select Team3)
ii) In the Content pane, under Actions, notice that Create Service Profile Template and most other
options are grayed-out, since this user is not in a locale that has access to this resource
15) Explore your teams organization
a) In the Navigation pane, select the TeamX organization where X is your team number
i)
In the Content pane, under the Actions section, notice that Create Service Profile Template and
most other options are now available in this organization in your hierarchy tree
ii) In the Content pane, under the Actions section, select Create Service Profile Template
iii) For UUID Assignment click the arrow to display the dropdown menu
iv) Notice TeamX_UUID from the TeamX organization at the current level as a choice
v) Notice default from the root level above the selected level as a choice
vi) Notice the below organization resource is not included as a choice
vii) Click Cancel to abort creating a Service Profile Template
16) Close the UCS Manager browser window as you will return to using the admin user
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
52
a) Select the Exit button located at the top-center portion of the Content pane, and select OK
VCE CONFIDENTIAL
53
LAB 8.
Service Profile Templates provide a mechanism to standardize and reuse configurations. There are two kinds of
Templates, Initial and Updating. Initial Templates require manual one-by-one updating of Service Profiles. For
large numbers of Service Profiles based on a single Template, Updating Templates offer the benefit of
automatically updating Service Profiles. There is no scheduling or control of these updates once applied. Limited
control can be introduced by following the VCE recommended practice of a setting the Maintenance Policy to
User Acknowledge. Initial Templates are only applied a single time to a Service Profile, either when the Service
Profile is first created from the Template, or when a the Service Profile is bound (bind operation) to the Template.
In this lab changes will be made using both types of Templates to show the difference.
ii) Under the Properties section notice that the Type is set to Initial Template
iii) Under the Properties section click Maintenance Policy to display the policy detail
iv) Notice Maintenance Policy is set to User Ack. This means that a change to a Service Profile
Template that requires a reboot to a blade must first be Acknowledge by a User
3) Delete the extra vNICs from your Service Profile Template
a) Select the Network tab in the Content pane
b) Highlight vNIC vNIC-4 and vNIC vNIC-5
c) Click the Delete icon at the bottom of the screen to delete 2 of the extra vNICs
d) Click Yes button to verify the deletion of 2 objects
e) Notice the deletion change marked for vNIC vNIC-4 and vNIC vNIC-5
f)
VCE CONFIDENTIAL
54
4) Notice that there are now only 4 vNICs listed on the Network tab. Since this is an Initial type of Service
Profile Template, deleting the two vNICs has no impact on Service Profile derived from this Template.
5) Leave the UCS Manager open to be re-used later in the next lab exercise
B) Modifying the Service Profile by Bind to an Initial Service Profile Template (OST)
Before making a change to a Service Profile you will review the current Network Adapter configuration from both
vSphere and the Host itself.
3) Leave the vSphere Web Client open to be reused later in the lab
4) Return to the UCS Manager by clicking on the UCS Manager icon in your Windows Taskbar
5) Navigate to your team Service Profile
a) In the Navigation pane, select the Server tab
b) In the Navigation pane, set the Filter dropdown menu to Service Profiles
c) In the Navigation pane, expand Service Profiles, expand root, expand Sub-Organizations
d) In the Navigation pane, expand your TeamX sub-organization
e) In the Navigation pane, highlight your TeamX_SAN_Boot_SP Service Profile
f)
ii) Click the KVM Console, click Run to ignore no trusted certificate
iii) A popup Unencrypted KVM Session window appears, select the Accept this session radio button,
then Apply
iv) Once initialization completes, click the <Esc> key to wake up the KVM Console window
v) Click F2 to Customize System/View Logs
(scroll if needed to see the function key choices at the bottom of the screen)
vi) Log in using the User Name of root and Password of emc123%% for the ESXi Server
vii) Use the arrow keys to select Configure Management Network, press <Enter> to go into the change
dialog (if needed scroll the display to show the top of the window on the screen)
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
55
viii) Network Adapters should be selected by default, press <Enter> to go into the change dialog. Notice
the same 6 Network Adapters as seen from the vSphere Web Client
ix) Press <Esc> to exit the listing of Network Adapters
g) Leave the KVM Console open because it will be reused later in the lab
6) Return to the UCS Manager by clicking on the UCS Manager icon in your Windows Taskbar
7) Re-bind to the same Initial Template
(Note: this will not achieve the desired effect and is included only as a learning tool)
a) Based on where you previously left off on the Servers tab, the TeamX_SAN_Boot_SP Service Profile
should be selected in the Navigation pane, and the General tab should be selected in the Content pane
b) In the Content pane under the Properties section, notice the Service Profile Template is already set to
your TeamX_SAN_Boot Service Profile Template that you modified in the previous lab exercise
c) In the Content pane, at the bottom of the Actions section, select Bind to a Template
i)
Use the dropdown menu to select TeamX_SAN_Boot as the Service Profile Template
VCE CONFIDENTIAL
56
a) Return to the KVM Console by clicking on the UCS Manager - KVM Console icon in your Windows
Taskbar
b) Wait until the reboot completes which will be 5-8 minutes
c) Click the <Esc> key to wake up the console, click F2 to Customize System/View Logs
d) Log in using the User Name of root and Password of emc123%% for the ESXi Server
e) Use the arrow keys to select Configure Management Network, type <Enter> to go into the change
dialog
f)
Network Adapters should be selected by default, type <Enter> to go into the change dialog
1) Return to the UCS Manager by clicking on the UCS Manager icon in your Windows Taskbar
2) Navigate to your teams Service Profile
a) In the Navigation pane, select the Server tab
b) In the Filter dropdown select Service Profile
c) In the Navigation pane, expand Service Profile, expand root, expand Sub-Organizations
d) In the Navigation pane, expand the TeamX sub-organization where X is your team number
e) In the Navigation pane, select your TeamX_SAN_Boot_SP Service Profile
3) Unbind the Initial Service Profile Template from the Service Profile
a) In the Content pane, select the General tab
b) Under the Actions section notice Create a Service Profile Template is grayed out, you must first unbind
this Service Profile from its Template in order to allow this operation
c) At the bottom of the Actions section select Unbind from the Template
i)
VCE CONFIDENTIAL
57
In the Clone Name field enter TeamX_updating where X is your team number
ii) For Org select TeamX where X is your team number from the dropdown menu
iii) For Type click the Updating Template radio button
iv) Click OK to proceed with the operation
v) Click OK to acknowledge the operation success message
5) Bind your team Service Profile to the new Updating Service Profile Template
a) At the bottom of the Actions section select Bind to a Template
i)
Use the dropdown menu to select TeamX_updating where X is your team number as the Service
Profile Template
1) Return to the UCS Manager by clicking on the UCS Manager icon in your Windows Taskbar
2) Review the default Maintenance Policy setting
a) In the Navigation pane, select the Server tab
b) In the Filter dropdown select Policies
c) In the Navigation pane, under root expand Maintenance Policies
d) In the Navigation pane, select the default maintenance policy
e) In the Content pane, notice that the Reboot Policy is Immediate. This is the default policy and not the
VCE best practice recommendation of User Ack. Leave the policy as is.
3) Navigate to your teams Service Profile Template
a) In the Navigation pane, select the Server tab
b) In the Filter dropdown select Service Profile Templates
c) In the Navigation pane, expand root, expand Sub-Organizations
d) In the Navigation pane, expand your TeamX sub-organization
e) In the Navigation pane, select your Service Template TeamX_updating Service Profile Template
4) Verify the Template type and modify the Maintenance Policy settings
a) Select the General tab in the Content pane
b) Under Properties notice that the Type is set to Updating Template
c) Under the Actions section select Change Maintenance Policy to display the policy detail
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
58
Notice the deletion change marked for vNIC vNIC-2 and vNIC vNIC-3
Network Adapters should be selected by default, type <Enter> to go into the change dialog
VCE CONFIDENTIAL
59
LAB 9.
The Vblock has a number of identifiers used for addressing including MAC addresses, UUIDs, and World Wide
Names. With a converged virtual infrastructure, these addresses need to be managed in a different way than in
traditional environments.
The UCS maintains pools of each type of address, using these pools to allocate new addresses when needed for
things such as provisioning new adapters. This lab will explore each address, how it is constructed and how to
expand the pool of addresses the UCS has configured currently.
The first group is made up of 2 leading zeroes 00 followed by 0025B5 which is the
Organizationally Unique Identifier (OUI) for Cisco.
The second group represents the customers first Vblock System or Cisco UCS domain. 0002
would represent the second Vblock or Cisco UCS domain, etc.
The last group is not used, so all zeroes 0000
The Suffix has the last 2 groups and usually the least significant (rightmost) digits are the variable range used
when defining pools. Best practice is the upper digits (and also some portion of the prefix) to distinguish between
different domains within your environment. For example, in the lab, we ensure that each team generates unique
addresses by including the team number in the first group:
000X-ZZZZZZZZZZZZ
where:
Other approaches following the same pattern work well. Often the UUIDs will have company, division, system id,
group id and team id in them. It also allows you to look at a UUID and quickly identify which division or team the
system belongs to, or even what OS is running on the system. For example:
CCDD-SSYYOOTTEEXX
CC - Company ID
DD - Divison ID
SS - Site ID
YY - Vblock or UCS System ID
OO - OS ID
TT - Team ID
EE - Team member ID
XX - Variable
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
60
Notice the first 3 groups of the UUID defined in the Prefix field following our lab convention
described above
ii) In this case there is only one block and the From/To values are the same
iii) There is only a single UUID in the pool and it is in use, so more will be needed for the lab exercises
that follow. Additional UUIDs can either be added by expanding an existing pool, or by creating an
additional pool.
4) Expand an existing UUID pool
a) Click on the green + (plus sign) icon on the rightmost border of the Content pane
b) In the From field enter 000X-000000000002 where X is your team number, and 2 is an increment over
the current UUID suffix block
c) In the Size field, enter 6
d) Click OK to proceed with the operation
e) Click OK to acknowledge operation success
5) Notice the second UUID Suffix Block with a range of 6 addresses
6) Leave UCS Manager open for the next lab exercise
B) Expand MAC Address Pool (OST)
Network adapters have unique addresses assigned to them as well called the MAC address. There are many
more of these since each blade (with its single UUID) can have many, many virtual NICs, each with a MAC
address. The address is made up of 6 groups of two hexadecimal digits. The first 3 groups should be a uniquely
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
61
assigned OUI, and the remaining groups can be used for the same type of pattern. For example, in our lab
environment, our MAC addresses are:
00:25:B5:01:XA:ZZ
where:
In your environment you can adopt a similar construct. Example would include designating the Vblock system,
OS and fabric in the address. The important part is to adopt a design pattern for the address scheme and keep it
consistent across your organization.
ii) Notice Assigned is 1 counting the number of MAC addresses in the pool that are in use
b) In the Content pane, select the MAC Addresses tab
i)
Notice each of the MAC addresses in the Assigned To field, only a single MAC address is assigned to
a vNIC. While there are multiple MAC addresses, there is only a single vNIC on the A-Side of the
Service Profile, hence only a single MAC is assigned.
ii) In this case there is only one block with a range of 4 addresses
4) Expand an existing MAC Address Pool for Fabric Interconnect A
a) Click on the green + (plus sign) icon on the rightmost border of the Content pane
i)
For the First MAC Address field, use the MAC address from the previous block plus one in the last
nibble
VCE CONFIDENTIAL
62
The leading nibble is the Network Address Authority (NAA), and indicates IEEE 803.2 extended
which is used by Cisco to denote its initiator WWPNs
The next 3 nibbles of 0:00 can be vendor encoded but will be zero here
The third through fifth groups 00:25:B5 is the Cisco OUI
The sixth group 01 is the Vblock or UCS domain number
The first nibble of the seventh group X is the team number
The second nibble of the seventh group A is 0 for WWNNs and for WWPNs indicates either
Fabric A or B
VCE CONFIDENTIAL
63
In your own organization, again, you can designate things differently. It is recommended you follow the same
practice here that you did with MAC addresses, allowing for the same ability to identify addresses quickly, and
associate them quickly.
VCE CONFIDENTIAL
64
i)
Under Properties, notice the block address From/To values are equal, there is only 1 address
Under Properties, notice the block address From/To values are equal, there is only 1 address
VCE CONFIDENTIAL
65
1) Collect which VNX WWPNs have successfully logged into MDS Switch A
2) Access the A-Side MDS Switch CLI
a) Double-click the putty Icon on the desktop
b) In the Host Name (or IP address) field, enter the A-Side MDS Switch IP Address of192.168.1.6
c) Click Open
d) If a PuTTY Security Alert appears, click Yes to add this host to PuTTYs cache and connect
e) After the login as: prompt, enter the User Name of monitor, enter <CR>
f)
After the Password: prompt, enter the Password of emc123%%, enter <CR>
3) The Fabric Login (FLOGI) table records all successful logins to the Fabric
a) Show all fabric logins on Fabric A
show flogi database
b) This displays all the WWNs that have logged into each the MDS switch
c) Notice the headings with WWPNs first followed by WWNNs
4) Filter the show flogi database output to show only VNX ports
a) Each of the VNX WWNs will include 50:06:01:6. The leading 5 is the NAA designation of an IEEE
Registered Name, followed by 0:06:01:6 which is the OUI for the VNX. These WWPNs identify the frontend Fibre-Channel ports on the VNX.
b) The CLI show command provides filtering and search options following the pipe | character
c) Show the options using online help, type:
show flogi database ?
(Type <space> to scroll down and display the second screen of options)
d) Filter for only VNX ports, type:
show flogi database | include 50:06:01:6
e) Filter for VNX with header, type:
show flogi database | include 50:06:01:6|NAME
5) Save the WWPN information in your Notepad file
a) What will be configured later
i)
VCE CONFIDENTIAL
66
iv) Zoning is already configured for this environment; your vHBA is zoned to two VNX ports, one on VNX
Storage Processor (SP) A and one on SP B
v) Both WWPNs will be entered into the new Boot Policy you will be creating in the next lab
b) Record both VNX WWPNs into the Notepad file
i)
In the CLI window, click and drag your mouse over the first WWPN (PORT NAME) to copy it to the
clipboard
ii) Bring your Notepad file to the foreground by clicking on the Notepad icon in the Windows taskbar
iii) Enter a title including vHBA-0 on the first line following
iv) On the next line paste the first WWPN
v) Copy and paste the second WWPN (PORT NAME) on the following line
vi) Your new lines in your Notepad session should look similar to the example below, with your specific
WWPNs:
VNX WWPNs for Fabric A VSAN 10 for vHBA-0:
50:06:01:60:46:E0:5B:BF
50:06:01:68:46:E0:5B:BF
vii) Save your Notepad file to the desktop with a name of array_ports.txt
6) Verify Zoning that Fabric A zoning is in place
7) You now have VNX Target addresses for Fabric A which you will associate with each other in the next two
UCS Manager lab exercises. In order for them to see each other they must be added to a zone in the active
zoneset. Since this is a class environment and the risk of someone inadvertently corrupting the active
zoneset, zoning has been predefined. If you correctly followed the instructions for naming conventions,
there are zones already contains both your initiators and targets. In this step you will verify that the initiator
and targets on Fabric A in your notepad file can see each other.
8) Showing all the zones makes it difficult to find the WWN you are looking for, type:
show zone
9) To list the zone names that include the WWPN of your initiator, type the following command replacing X
with your tem number:
show zone member pwwn 20:00:00:25:B5:01:XA:08
a) Note the naming convention using the last 2 nibbles of the initiator WWPN as part of the zone name
10) Log out of your MDS Switch A putty session, type:
exit
VCE CONFIDENTIAL
67
11) By understanding nibble 8 and 12 of the VNX Storage Processor WWPNs just collected, it could be used to
validate cabling without having to log into Unisphere
a) If nibble 8 is between 0-7 than the storage processor is A
b) If nibble 8 is between 8-F than the storage processor is B
c) Nibble 8 identifies the SP and port base number, example: 50:06:01:68:nn:nn:nn:nn
d) Nibble 12 identifies the port range, example: 50:06:01:6n:nn:nC:nn:nn
Using the table below, VNX WWPN 50:06:01:68:nn:nC:nn:nn is SP B Logical Port number 24.
Logical
Port
Number
12th Nibble of 0
Denotes Port
Range of 0-7
Logical
Port
Number
12th Nibble of 4
Denotes Port
Range of 8-15
Logical
Port
Number
12th Nibble of 8
Denotes Port
Range of 16-23
Logical
Port
Number
12th Nibble of C
Denotes Port
Range of 24-31
SP A0
SP A1
SP A2
SP A3
SP A4
SP A5
SP A6
SP A7
SP B0
SP B1
SP B2
SP B3
SP B4
SP B5
SP B6
SP B7
50:06:01:60:nn:n0
50:06:01:61:nn:n0
50:06:01:62:nn:n0
50:06:01:63:nn:n0
50:06:01:64:nn:n0
50:06:01:65:nn:n0
50:06:01:66:nn:n0
50:06:01:67:nn:n0
50:06:01:68:nn:n0
50:06:01:69:nn:n0
50:06:01:6A:nn:n0
50:06:01:6B:nn:n0
50:06:01:6C:nn:n0
50:06:01:6D:nn:n0
50:06:01:6E:nn:n0
50:06:01:6F:nn:n0
SP A8
SP A9
SP A10
SP A11
SP A12
SP A13
SP A14
SP A15
SP B8
SP B9
SP B10
SP B11
SP B12
SP B13
SP B14
SP B15
50:06:01:60:nn:n4
50:06:01:61:nn:n4
50:06:01:62:nn:n4
50:06:01:63:nn:n4
50:06:01:64:nn:n4
50:06:01:65:nn:n4
50:06:01:66:nn:n4
50:06:01:67:nn:n4
50:06:01:68:nn:n4
50:06:01:69:nn:n4
50:06:01:6A:nn:n4
50:06:01:6B:nn:n4
50:06:01:6C:nn:n4
50:06:01:6D:nn:n4
50:06:01:6E:nn:n4
50:06:01:6F:nn:n4
SP A16
SP A17
SP A18
SP A19
SP A20
SP A21
SP A22
SP A23
SP B16
SP B17
SP B18
SP B19
SP B20
SP B21
SP B22
SP B23
50:06:01:60:nn:n8
50:06:01:61:nn:n8
50:06:01:62:nn:n8
50:06:01:63:nn:n8
50:06:01:64:nn:n8
50:06:01:65:nn:n8
50:06:01:66:nn:n8
50:06:01:67:nn:n8
50:06:01:68:nn:n8
50:06:01:69:nn:n8
50:06:01:6A:nn:n8
50:06:01:6B:nn:n8
50:06:01:6C:nn:n8
50:06:01:6D:nn:n8
50:06:01:6E:nn:n8
50:06:01:6F:nn:n8
SP A 24
SP A 25
SP A 26
SP A 27
SP A 28
SP A 29
SP A 30
SP A 31
SP B 24
SP B 25
SP B 26
SP B 27
SP B 28
SP B 29
SP B 30
SP B 31
50:06:01:60:nn:nC
50:06:01:61:nn:nC
50:06:01:62:nn:nC
50:06:01:63:nn:nC
50:06:01:64:nn:nC
50:06:01:65:nn:nC
50:06:01:66:nn:nC
50:06:01:67:nn:nC
50:06:01:68:nn:nC
50:06:01:69:nn:nC
50:06:01:6A:nn:nC
50:06:01:6B:nn:nC
50:06:01:6C:nn:nC
50:06:01:6D:nn:nC
50:06:01:6E:nn:nC
50:06:01:6F:nn:nC
12) Collect the VNX WWPNs that have successfully logged into MDS Switch B
a) In the Host Name (or IP address) field, enter the B-Side MDS Switch IP Address of192.168.1.7
b) Click Open
c) If a PuTTY Security Alert appears, click Yes to add this host to PuTTYs cache and connect
d) After the login as: prompt, enter the User Name of monitor, enter <CR>
e) After the Password: prompt, enter the Password of emc123%%, enter <CR>
13) Filter the show flogi output to show only VNX ports and the header, type:
show flogi database | include 50:06:01:6|NAME
14) Save the WWPN (PORT NAME) information in your Notepad file
a) Record both VNX WWPNs into the Notepad file
i)
Bring your Notepad file to the foreground by clicking on the Notepad icon in the Windows taskbar
VCE CONFIDENTIAL
68
50:06:01:60:46:E0:5B:BF
vHBA-0
50:06:01:68:46:E0:5B:BF
VNX WWPNs for Fabric B VSAN 11 for vHBA-1:
vHBA-1
50:06:01:61:46:E0:5B:BF
vHBA-1
50:06:01:69:46:E0:5B:BF
In the Content pane, under Boot Order in the Storage section there should be four SAN targets
i)
SAN primary (vHBA-0) has a primary and secondary target (sees 2 VNX Ports)
ii) SAN secondary (vHBA-1) has a primary and secondary target (sees 2 VNX Ports)
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
69
iii) These should match the VNX WWPNs that you saved in your Notepad file
MDS
Switch A
SP A
MDS
Switch B
SP B
vHBA-0
vHBA-1
4) Add CD-ROM and SAN Boot Targets to your new boot policy
a) In the Navigation pane, select your new boot policy NewPolicyX
b) In the Content pane, expand the Local Devices action menu
c) Click Add CD-ROM This is needed to support virtual media for installing the host Operating System (ESXi)
d) In the Content pane, expand the vHBAs action menu
e) Click Add SAN Boot
i)
In a case sensitive manner name the vHBA: vHBA-0, and leave Primary selected
In a case sensitive manner name the vHBA: vHBA-1, and notice the choice of Secondary is
mandatory since another primary was already chosen
VCE CONFIDENTIAL
70
ii) A Host ID is given to a LUN when placed in a VNX storage group. Host IDs are unique per VNX
storage group. They start at zero and increment as LUNs are added to a storage group. The LUN
used for booting off the array will be the first in the VNX storage group so it will always have the
address of 0 in the Vblock System Infrastructure.
(a) From your Notepad file, copy the first VNX WWPN for vHBA-0
(b) Paste this WWPN it into the Boot Target WWPN field
(c) This will be the primary path, leave the Type radio button set to Primary
(d) Click OK to proceed with the operation
iii) Add the second of four boot targets, again Add SAN Boot Target, and select sub-menu Add San
Boot Target To SAN primary
(a) Leave the Boot Target LUN ID set to 0
(b) From your Notepad file, copy the second VNX WWPN for vHBA-0
(c) Paste this WWPN it into the Boot Target WWPN field
(d) Notice that the Type cannot be changed from Secondary because the Primary was already
set
(e) Click OK to proceed with the operation
iv) Add the third of four boot targets, again click Add SAN Boot Target
(a) Notice there is no sub-menu choice to select adding to primary or secondary. The content
pane shows that it will be adding a primary Target to the secondary SAN because both
primary and secondary target have already been defined for the primary SAN.
(b) Leave the Boot Target LUN ID set to 0
(c) From your Notepad file, copy the first VNX WWPN for vHBA-1
(d) Paste this WWPN it into the Boot Target WWPN field
(e) This will be the primary path, leave the Type radio button set to Primary
(f) Click OK to proceed with the operation
v) Add the fourth of four boot targets, again click Add SAN Boot Target
(a) Leave the Boot Target LUN ID set to 0
(b) From your Notepad file, copy the second VNX WWPN for vHBA-1
(c) Paste this WWPN it into the Boot Target WWPN field
(d) Notice that the Type cannot be changed from Secondary because the Primary was already
set
(e) Click OK to proceed with the operation
vi) Click Save Changes to save the boot target additions
(a) Click Yes to acknowledge the successful operation
(b) Ask your instructor to validate that your SAN Boot policy is correct
5) Minimize UCS Manager browser
VCE CONFIDENTIAL
71
In the browser address bar enter the UCS Fabric Interconnect Cluster IP of 192.168.1.1
b) Select the Launch UCS Manager button to launch the GUI. Be patient as it may take some time to
download the GUI the first time it is launched
c) Log in using the User Name of admin and Password of emc123%%
2) Create a Service Profile
a) In the Navigation pane, select the Servers tab
b) In the Filter dropdown select Service Profiles
c) In the Navigation pane, expand root, expand Sub-Organizations
d) In the Navigation pane, select your TeamX sub-organization where X is your team number
e) In the Content pane, click on Create Service Profile (expert)
3) Complete the Identify Service Profile screen
a) For Name enter sp_TeamX where X is your team number
b) For UUID Assignment select your TeamX_UUID pool where X is your team number from the dropdown
menu
c) Previously, your team added 6 UUIDs to this pool
d) The first non-zero number in parenthesis after the pool name means there are UUIDs available
e) (6/7) this means the pool has 7 UUIDs and 6 of them are available
f)
Click Next
Click the Add button for vNICs under the first Panel for LAN interfaces (not iSCSI vNIC)
VCE CONFIDENTIAL
72
iii) For MAC Address Assignment select your TeamX_MAC_Fabric_B in the drop down.
There should be 7 available out of 8 addresses displayed after the pool name via: (7/8)
iv) Change Fabric ID selection to Fabric B
v) Under VLANs Select column, check all of the VLAN checkboxes, be sure to scroll multiple times
vi) Click OK
e) Click Next
5) Complete the Storage screen, configure the Storage policy
a) For Local Storage select the TeamX_No_Local
b) Select Expert radio button for how to configure
c) Select your Team WWN pool from
d) For WWNN Assignment select your TeamX_WWNN pool from the dropdown menu.
It should show a WWNN address available after the pool name: (1/2)
e) Create vHBA-0 on Fabric A
i)
Click the + Add symbol at the bottom of the vHBA area to add a vHBA
Click the + Add symbol at the bottom of the vHBA area again
VCE CONFIDENTIAL
73
11) Complete the Operational Policies screen, skip any changes, click Finish
12) Click OK to acknowledge operation success
13) Leave UCS Manager open for the next lab
B) Associate a new service profile (OST)
Now that we have a service profile, we would normally associate it with a new blade. Since each student is not
allocated a spare blade, you will reuse the same blade already associated with a service profile as a means to
test that you correctly created your new service profile. The first step will be to disassociate the blade from the
current service profile, followed by then associating the blade with the new service profile.
WARNING: Understand that disassociating a Service Profile not only shuts a host down, but it also
may scrub the bios and local disks. For the lab environment, there is no local storage, so with boot
from SAN, you will be able to return to the original Service Profile.
Observe the status progression, wait a few minutes until all changes complete and the Overall Status
becomes Unassociated
g) Do not move to the next step until the blades status is Unassociated!
5) Associate the new Service Profile
a) In the Content pane, under Actions select Associate Service Profile
b) Click the radio button to select the new Service Profile sp_TeamX where X is your team number
c) Click OK to proceed
d) Click on Yes to confirm your choice
e) Review the Associate Service Profile message confirming the planned change will trigger a User
Acknowledgement before a Reboot, click Yes when ready to proceed
f)
VCE CONFIDENTIAL
74
Log in using the VNX Control Station User Name of admin and Password of emc123%%
Verify the WWN highlighted is that of your team number, where X is your team number. If you do not
see the World Wide Name of your teams vHBA logged in the Initiators view, notify your instructor. It
is most likely an incorrect entry in the Boot Policy or the WWPN pool for your teams Service Profile in
UCS Manager.
VCE CONFIDENTIAL
75
VCE CONFIDENTIAL
76
20:00:00:25:B5:01:X0:01:20:00:00:25:B5:01:XB:08
c) Highlight the first object in the Initiators view with this name.
10) Register the vHBA-1 initiators first login to VNX Storage Processor port
a) Click the Register button at the bottom of the Initiators view. If the Register button is grayed out, then
you are selecting the wrong initiator, confirm the last 4 hexadecimal digits are XB:08 where X is your
team number.
b) In the Initiator Information section, select:
i)
VCE CONFIDENTIAL
77
4) Leave Unisphere for VNX open for the next lab exercise
j)
VCE CONFIDENTIAL
78
i)
Under the Default Owner heading select the SPA radio button if it is not already selected
When installing ESXi, the installer will prompt you for a LUN to install ESXi on, the Unique ID field will be
displayed at this time and can be used to accurately select the correct device
VCE CONFIDENTIAL
79
Click on the Browse button and select Computer in the left icon pane, or repeatedly click the Up
One Level icon or select from the Look in: dropdown to view Computer
Under Client View, check the Mapped checkbox to the left of the new virtual media drive
g) Verify that the new ESXi ISO is now mapped as the Virtual CD/DVD in the Details box at the bottom of
the window
8) Click the Reset host icon at the top of the window
a) Click OK to ignore the reset power-up warning which does not apply in this case
b) Select the Power Cycle radio button
c) Click OK to proceed with the Reset operation
d) Click OK to acknowledge the operation initiation success
9) Select KVM tab
10) Wait for the ESXi installer to start
a) When prompted press <Enter> to continue the ESXi installation
b) Press <F11> to accept the EULA
c) On the Select a Disk to Install or Upgrade screen
i)
Use the down arrow key to scroll and select the single Remote storage device
ii) Select the 20.00 GiB VNX DGC RAID 5 disk using the arrow key. Confirm that the 20.00 GiB boot disk
is selected.
iii) Press <F1> to display device details. The Full Disk Name field can used to match the VNX UID field
mentioned back when the boot LUN was created.
iv) The storage unit gigabyte, symbolized by GB, is used to describe a storage capacity of 1,000,000,000
bytes. The storage unit gibibyte is a binary multiple of the byte. The storage unit gibibyte,
symbolized by GiB, is used to describe a storage capacity of 1,073,741,824 bytes. VMware uses the
GiB nomenclature when describing the capacity of the device to install ESXi upon.
v) Press <Enter> to exit the detailed display
d) Press <Enter> to Continue
i)
Leave the highlighted US Default keyboard layout selected, press <Enter> to Continue
VCE CONFIDENTIAL
80
Login to ESXi
i)
Use the arrow keys to select Configure Management Network, press <Enter> to go into the change
dialog (if needed scroll the display to show the top of the window on the screen)
VCE CONFIDENTIAL
81
VCE CONFIDENTIAL
82
e) Review the Associate Service Profile message confirming the planned change will trigger a User
Acknowledgement before a Reboot, click Yes when ready to proceed
f)
Notify your instructor if any of the tests have a FAILED status. All tests should have a status of OK
VCE CONFIDENTIAL
83
Log in using the VNX Control Station User Name of admin and Password of emc123%
VCE CONFIDENTIAL
84
vii) Click Yes to confirm the LUN creation. Wait for the creation to complete
viii) Click OK to acknowledge the successful LUN Creation message
ix) Click Cancel to exit the Create LUN dialog
4) Add the new LUN to your teams Storage Group
a) Select the Student Datastore in the Storage Pools display
b) Select the LUNs tab in the Details window below the Pools section
c) Select the LUN ID 12X where X is your team number
d) Click the Add to Storage Group button
e) Select the team-X-esxi Storage Group where X is your team number, and then click on the right arrow.
The team-X-esxi Storage Group was moved from the Available Storage Groups pane to the Selected
Storage Groups pane.
f)
Click OK to proceed
ii) Select the DGC Fibre Channel Disk that is 4GB in capacity
iii) Click Next
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
85
On the Partition configuration screen, be sure the configuration is set to Use all available partitions,
and click Next
VCE CONFIDENTIAL
86
e) If you get A connection error occurred message, simply click Next again until the wizard advances to the
next screen
10) On the Setup networks screen
a) For Destination network, select VM Network
b) Click Next
11) On the Ready to complete screen
a) Check the Power on after deployment checkbox at the bottom of the screen
b) Click Finish
12) View the Recent Tasks window in the Global Information pane on the far right
a) Watch the progress of the OVF deployment
b) Wait for it to complete
c) If the task fails, try redoing the steps in the Deploy OVF Template wizard again
13) Leave the vSphere Web Client open for the next lab
5) In the Navigator pane, select the vm1 Virtual Machine you just created
6) In the Content pane, select the Summary tab
7) From the Actions dropdown menu select Power On
8) Launch the console by selecting Actions dropdown menu item Open Console
9) If prompted with a certificate warning select Continue to this website
10) In the console window, login to your VM with a username of user and a password of user1234
11) Check the network address with the command ifconfig the eth0 network adapter should be configured
with the inet address of 192.168.2.1 and a network mask of 255.255.255.0.
12) Add a user to the system
a) Enter the command, type:
sudo adduser appuser
b) Enter, the password, type:
user1234
c) Enter, then confirm the password, type:
vceteam
d) For Full Name, type:
Application User
e) Press <Enter> to accept the default (empty) values for Room Number, Work Phone, Home Phone, and
Other
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
87
f)
Capacity Management
From the previous section we know the system will likely use up the capacity in the datastore once the Linux VM
has been running for a while while we benefited from thin provisioning, we laid down a 200GB OS on a
datastore that is only 4GB a recipe for problems. First, we will review the situation through monitoring, and
then we will address it by expanding our storage for the datastore.
E) VMware Capacity Monitoring (TST)
1) Use the vSphere Client to display vCenter Server overview and advanced performance charts
2) Continuing in vSphere Web Client, return to Home by selecting the Home icon
3) Go to the summary screen of the storage view by selecting vCenter > Storage in the Navigator pane
a) Expand the inventory and select the appserver_datastore in the inventory.
b) Select the Summary tab in the content pane.
4) Note that the datastore has a red icon flag next to it note in the summary screen the message about the
datastore usage on disk.
a) Investigate the alarm:
i)
b) Under the Monitor tab, click the Performance sub-tab to view space utilization and performance charts
i)
View all of the charts on this screen to familiarize yourself with this pane
ii) Notice the total space used by virtual disks on the datastore
iii) Under the Performance sub-tab, change the View dropdown menu selection to Performance
(1) Change the Time Range dropdown menu to Realtime
(2) View the all the charts on this screen to familiarize yourself with this pane
5) Display the overview performance charts for your ESXi host:
a) Click on the Home icon
2014 VCE Company LLC. All rights reserved.
88
d) In the Content area click on the Monitor tab, and select the Performance sub-tab
e) The Overview performance charts are displayed
i)
f)
Look at all of the charts to familiarize yourself with the available information
In the Performance Chart Legend select the Measurement column header to sort the entries
ii) Select the entry for your team-X-esxi.take.emc.edu host for CPU usage in MHz. Note how you can
call out specific entries.
g) Display the memory performance chart with custom settings:
i)
Directly above the chart being displayed, click the Chart Options link. The Customize Performance
Chart dialog box is displayed
At the top right of the Performance sub-tab, display the chart names in the View dropdown
ii) Switch between the charts in the list, including the custom chart that you created
i)
In the Content pane click the Monitor tab and the Performance sub-tab
VCE CONFIDENTIAL
89
Monitoring Storage
F) Monitor a Storage Pool (TST)
1) Continue in the EMC Unisphere for VNX browser window
2) Select the VNX in the dropdown menu
3) Select the Storage tab, Storage Configuration, then Storage Pools
4) In the Pools tab, select the Student Datastores pool (expand the list of Pools displayed if it is not visible),
and then click the Properties button, a new window is opened.
5) From the Storage Pool Properties window, there are four tabs that can be used to monitor different aspects
of the storage pool
a) The General tab shows the physical and virtual capacities, including total capacity, consumed capacity
and the percentage full
b) Select the Disks tab to view the state of the individual drives that make up the storage pool
c) Select the Advanced tab
i)
Select Percentage Full Threshold, verify it is set 60%. This will cause an alert to occur when the pool
reaches 60% capacity. This will generate an alert in EMC Unisphere for VNX, that will also propagate
through to VCE Vision
d) Select the Tiering tab, and notice there is only a single tier
e) Click OK when done
6) In the Pools tab, select the Tiered Storage pool, and then click Properties
a) Now under the Tiering tab notice there are now two tiers in the Tier Details display
b) Explore other tabs and click OK when done
G) Monitoring a RAID group (TST)
1) Continue in the EMC Unisphere for VNX browser window
2) Select the VNX in the dropdown menu
3) Select the Storage tab, Storage Configuration, then RAID Groups
4) Monitoring a RAID group on a Vblock System
a) Select the RAID Groups tab
b) Right-click the first RAID Group in the list and select the Properties button
c) Explore the General, and Disks tabs and how they can be used to monitor different aspects of the RAID
group such as total capacity and free capacity
d) Explore the Partitions tab. In a RAID group, a LUN is a partition (the green portion) that spans all the
drives in the RAID group. Partitions are created starting on the outer rims of the platters, moving inward
for each new LUN created.
e) Click OK when done
Capacity Expansion
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
90
c) Click OK to close the Storage Pool Properties dialog. Note that you can also use the Expand button right
on the Pools detail window to expand an existing Storage Pool.
5) In any case, since the requirement is to make more space available to the virtual machines, the next step
would be to expand an existing LUN, or create a new LUN. One method of doing this is to use the simple
LUN Provisioning Wizard in the Wizards list to the right of the screen. However, we will perform the
process manually to gain an understanding of all of the steps involved.
I)
VCE CONFIDENTIAL
91
7) Click Next
8) Review the configuration and formatting and select Finish
9) Observe the task running in Recent Tasks pane under the All heading. When it is complete, the red flag for
appserver_datastore in the navigation pane should disappear, indicating it is no longer running low on
space
10) In the Content pane, select the Summary tab, note the usage bar on the right and note the usage bar graph.
11) Select the Manage tab
12) From the Settings sub-tab select Device Backing
a) Under the Capacity column heading, note the capacity is now 50GB
Under Select a virtual machine to clone, expand the team-X-vcsa vCenter, expand the Vblock
datacenter, select the vm1 virtual machine
Select your team-X-esxi.take.emc.edu host as the resource (you can assign a template to a host or a
cluster)
Leave the default settings (use the same storage settings for the template that exist in the VM itself)
VCE CONFIDENTIAL
92
5) View the Recent Tasks pane, All tab to the far right
a) Watch the progress of cloning the VM to a template
b) When the clone to template operation is complete, we can move on to the next section
Under Select a template to deploy from, expand the team-X-vcsa vCenter, expand the Vblock
datacenter, select the AppImage template
ii) Place a check in the Power On Virtual Machine after creation checkbox
iii) Click Next
c) On the Select a name and folder screen
i)
VCE CONFIDENTIAL
93
VCE CONFIDENTIAL
94
14) Test connectivity to the peer VM. The virtual machines vm1 and vm2 are on the same vlan, and should be
able to communicate. For a count of 1, ping vm1s IP address from vm2. This should result in 0% packet loss
which implies connectivity, type:
ping c 1 192.168.2.1
15) Type <Control><Alt> to release the mouse from the terminal control and switch back to the vSphere Web
Client.
VLAN Creation
VLANs give us the ability to create an isolated network for specific traffic or groups of applications. We have our
new application servers online, but we connected them to a default network. Lets isolate these application
servers so they have their own private network to communicate on. To do this, we want to create a new VLAN.
While this task doesnt require getting to hosts outside of our current Virtual Distributed Switch, it is easy to
imagine that this group of application servers could spread across a broader set of hosts or even Vblocks, so lets
make sure we have a VLAN that can be used by a related application anywhere in the Counterfake environment.
To do this, we need to create the VLAN on the UCS, and make sure its in the upstream switches, as well as
adding it to our VMware infrastructure. First let us tackle the individual elements.
Enter the TeamX in the VLAN Name/Prefix field, where X is your team number
ii) Verify the Common/Global radio button option is selected, which means the VLANs apply to both
Fabric Interconnect A and B. The Common setting also ensures the Fabric Interconnects use the
same configuration parameters in both cases.
iii) Leave the Multicast Policy Name as is
iv) Enter the VLAN ID 200X where X is your team number
v) Leave the Sharing Type option as None
vi) Click the Check Overlap button to make sure the VLAN ID does not overlap with any other IDs on the
system
(1) The list of overlapping VLAN IDs should be empty
(2) Click OK to exit the Check Overlap dialog
vii) Click OK to exit the Create VLANs dialog
viii) Click OK to acknowledge the success message
b) Verify that the new VLAN appears in the list of VLANs in the Navigation pane (expand VLANs if not
already expanded)
5) Modify the VLAN in the Service Profile Template for your team. Your ESXi host is still bound to the updating
template you previously defined. You will define this new VLAN in the original initial Service Profile
Template, which you will later bind to the Service Profile for the blade hosting your ESXi server.
a) In the Navigation pane, select the Servers tab
b) In the Navigation pane, in the Filter dropdown select Service Profile Templates
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
95
c) In the Navigation pane, expand root, expand Sub-Organizations, expand TeamX where X is your team
number
d) In the Navigation pane, expand Service Template TeamX_SAN_Boot
i)
VCE CONFIDENTIAL
96
Notice all other policies are not set except Stat Threshold Policy is set to default
From the VLANs list, check all the boxes under Select except for the default VLAN
i)
Notice this includes your new app specific vLAN TeamX which is not in the original LAN template
g) Notice MTU and other policies all default to the correct values
h) Click OK to proceed with the creation
i)
j)
Notice the new vNIC Template at the top of the Content pane
From the VLANs list, check all the boxes under Select except for the default VLAN
i)
Notice this includes your new app specific vLAN TeamX which is not in the original LAN template
VCE CONFIDENTIAL
97
VCE CONFIDENTIAL
98
6) Give the VLAN a name. This name should match the name used in the UCS Add VLAN section where X is your
team number, type:
name TeamX
7) Exit the VLAN, type:
exit
8) Exit the Configuration Terminal, type:
exit
9) Verify the VLAN was successfully added, where X is your team number, type:
show vlan id 200X
10) Close the putty session, type:
exit
11) We will now configure the B-Side Nexus 5548 switch.
12) From the Windows Management host open a putty ssh session to the Nexus-5548 switch
a) Double-click the putty icon on the desktop
b) In the Host Name (or IP address) field, enter the A-Side Nexus 5548 IP Address of 192.168.1.5 Click
Open.
c) If a PuTTY Security Alert appears, click Yes to add this host to PuTTYs cache and connect
d) After the login as: prompt, enter the User Name of admin, enter <CR>
e) After the Password: prompt, enter the Password of emc123%%., enter <CR>
13) View the existing VLANs, type:
show vlan
14) Enter the Configuration Terminal in order to make changes
configure terminal
15) Add a VLAN. This number should match the number used in the UCS Add VLAN section where X is your
team number type:
vlan 200X
16) Give the VLAN a name. This name should match the name used in the UCS Add VLAN section where X is your
team number, type:
name TeamX
17) Exit the VLAN, type:
exit
18) Exit the Configuration Terminal, type:
exit
19) Verify the VLAN was successfully added, where X is your team number, type:
show vlan id 200X
20) Close the putty session, type:
exit
VCE CONFIDENTIAL
99
1) This step has to be performed once the Nexus 1000v Virtual Supervisor Module (VSM) switch.
2) From the Windows Management host open a putty ssh session to the Nexus 1000v switch
a) Double-click the putty Icon on the desktop
b) In the Host Name (or IP address) field, enter the Nexus 1000v VSM IP of 192.168.1.7X where X is your
team number
c) Click Open
d) If a PuTTY Security Alert appears, click Yes to add this host to PuTTYs cache and connect
e) After the login as: prompt, enter the User Name of admin, enter <CR>
f)
After the Password: prompt, enter the Password of emc123%%, enter <CR>
VCE CONFIDENTIAL
100
6) In the Navigator pane, expand team-X-vcsa, and the Vblock datacenter under it.
7) Select your ESXi host team-X-esxi.take.emc.edu
8) In the Content pane, select the Manage tab
9) Under the Manage tab, select the Networking sub-tab
10) Click on the Virtual switches heading in the Networking sub-tab, and select vSwitch0, this is our VMware
virtual switch
11) Under Virtual Switches, hover over the small global icon
, it should provide a tooltip of Add host
networking. Click the
icon, and the Add Networking popup appears.
a) On the Select connection type screen
i)
Select Virtual Machine Port Group for a Standard Switch radio button
Click Finish
12) Observe the task running in Recent Tasks pane under the All heading.
13) When the task is complete, note the new network connected to vSwitch0 in the diagram at the bottom of
the screen
At this point, vm1 and vm2 are on different VLANs. Lets check click on Launch Console in the content
pane (this will be the vm1 console)
VCE CONFIDENTIAL
101
If a browser tab named vm1 is not already open, click the Launch Console link.
j)
Login to the console with a User Name of user and a Password of user1234
k) Try to ping vm2, which is on a different VLAN. The command below is a continuous ping, the ping should
fail. Let the command continue to run after executing, type:
ping 192.168.2.2
l)
So they are indeed isolated! Lets put vm2 into our new VLAN as well. Type <Control><Alt> to get the
mouse point back and switch over to our vSphere window.
Wait for the task to complete and the Network adapter 1 to change to our new network appNetwork
VCE CONFIDENTIAL
102
Disk.UseDeviceReset 0
NFS.MaxVolumes 256
Net.TcpipHeapSize 30
Net.TcpipHeapMax 128
NFS.HeartbeatFrequency 12
NFS.HeartbeatTimeout 5
NFS.HeartbeatMaxFailures 10
When you set advanced configuration options for VMware vSphere ESXi, NFS performance is enhanced. VCE
recommends that you apply the NFS-related options before connecting any NFS share to the VMware vSphere
ESXi hosts.
You can configure the settings on each host individually using the VMware vSphere client or run the VMware
vSphere PowerCLI script to configure the settings on all VMware vSphere ESXi hosts.
Wait while the wheel shows work in progress, when done, the value will be changed in the display
VCE CONFIDENTIAL
103
9) Observe that a reboot is needed for some changed settings to take effect
a) Enter net.tcpiph into the search box (to the right of the pencil icon), press <Enter> to search
b) Select and highlight the row for Net.TcpipHeapMax
c) Click the pencil icon
d) Notice the description states that changing this parameter requires a reboot
i)
In a production environment, once completing changing multiple settings, you would reboot the
VMware vSphere ESXi host for the new parameter(s) to take effect
ii) Since this exercise was merely an example of how to change parameters, DO NOT REBOOT or save
any changes
e) Click Cancel to exit the Edit Advanced Option dialog without making a change
B) Configure File System and NFS Exports (OST)
1) Log into the VNX Unisphere GUI
a) Double-click the Unisphere VNX Client icon on the desktop
b) In the Connect Host name or IP address field, enter the VNX Control Station IP address of 192.168.1.15.
c) Click the Connect button
d) Click either the Accept for Session or Accept Always button in response to the non-trusted certificate
warning
e) Click Accept in response to the GNU General Public License query
f)
Log in using the VNX Control Station User Name of admin and Password of emc123%%
VCE CONFIDENTIAL
104
Click OK
ii) For Access Hosts: where X is your team number use 192.168.1.6X/24
iii) The appended /24 is for the CIDR notation (Classless Inter-Domain Routing) to the Root Hosts and
Access Hosts IP Address
i)
Click OK
VCE CONFIDENTIAL
105
ii) For VLAN ID, enter the value assigned by your instructor for the Vblock ESXi NFS network
(1) For Vblock Setup A use VLAN ID 1109
(2) For Vblock Setup B use VLAN ID 1209
(3) For Vblock Setup C use VLAN ID 1309
(4) For Vblock Setup D use VLAN ID 1409
(5) For Vblock Setup E use VLAN ID 1509
(6) For Vblock Setup F use VLAN ID 1609
iii) Select Next
d) On the IPv4 Settings screen
i)
Click Finish
Click Finish
VCE CONFIDENTIAL
106
Server: enter the VNXs Data Mover Interface IP address of your Data Mover of 192.168.1.14
VCE CONFIDENTIAL
107
2) Navigate to your VNX system, select Settings from the top level tool bar
3) Select Network
4) Select Settings for File
5) Select the Create button at the bottom of the screen
6) Locate the entries for Private NFS Interface Hostname and Private NFS Interface Address and Private NFS
Netmask of 255.255.255.0. Use these values for Name, Address and Netmask respectively.
7) Enter the NFS VLAN identified in the last lab in the VLAN ID
8) Click Ok
F) Create new network in vSphere
1) Continuing in vSphere from the previous section
2) Navigate to vCenter > Hosts and Clusters
3) In the navigation window, expand team-X-vcsa and the Vblock datacenter under that. Select your ESXi host.
4) In the content pane, select the Manage tab.
5) Select the Networking tab under that.
6) Click on Virtual switches, and select vSwitch0 this is our VMware virtual switch
7) Under Virtual Switches, hover over the small global icon, it should provide a tooltip of Add host networking.
Click that icon.
8) In the Add Networking popup, select Virtual Machine Port Group for a Standard Swtich
9) Click Next
10) Under Select an existing standard switch, be sure vSwitch0 is selected, and click Next
11) In the Network label, enter NFS, and in the VLAN ID enter the VLAN ID we discovered on the UCS in the
previous section
12) Select Next
13) Review the settings, and select Finish
14) Note the new network connected in the bottom diagram
G) Create new NIC the Application VMs
1) Continuing in vSphere from the previous section
2) Expand your ESXi server to reveal the two applications VMs, and select vm1
3) Click on Summary
4) In the content pane, in the section labeled VM Hardware, click Edit Settings
5) In the Edit Settings window, at the bottom, click on the New Device dropdown, and select Network
6) Click on Add
7) When the Network adapter 2 appears, select the drop down list and select the NFS network from the list
8) Select OK at the bottom
9) Now we need to repeat this for the second VM, so in the navigation pane select vm2
10) Click on Summary
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
108
11) In the content pane, in the section labeled VM Hardware, click Edit Settings
12) In the Edit Settings window, at the bottom, click on the New Device dropdown, and select Network
13) Click on Add
14) When the Network adapter 2 appears, select the drop down list and select the NFS network from the list
15) Select OK at the bottom
16) Watch the Recent Tasks and wait for both Reconfigure Virtual machine tasks to complete
17) With vm2 still highlighted, select Launch Console in the top of the content pane
18) When the console appears, login to the VM
19) Change to the network configuration directory with the command cd /etc/network
20) Change the interface file by copying the appropriate file based on your team number:
sudo cp interfaces_TeamX_server2 interfaces
21) Reboot so the system can register its new interface card
22) Type Control-Alt to get the cursor back from the console and switch back to vSphere Web Client
23) Select the vm1 VM in the navigation pane
24) Select the Summary tab
25) Select the Launch Console button in the top of the content pane
26) When the console appears, login to the VM
27) Change to the network configuration directory with the command cd /etc/network
28) Change the interface file by copying the appropriate file based on your team number:
sudo cp interfaces_TeamX_server2 interfaces
29) Reboot so the system can register its new interface card
VCE CONFIDENTIAL
109
a) Verify the IP address for eth1 against the entry for VM1 NFS Interface Address and Netmask
12) Verify that we can communicate with the VNX NFS interface by pinging the address from our Lab Logins
Sheet labeled Private NFS Interface Address: ping c1 IPADDRESS
13) Verify that we can ping the other VM on this new network by pinging the IP address labeled VM2 NFS
Interface Address from the Lab Login sheet: ping c1 IPADDRESS
14) Make a directory to contain the mount point: sudo mkdir /nfs_fs
15) Mount the NFS file system from VNX: sudo mount IPADDRESS:/vbX /nfs_fs where X is your team number,
and IPADDRESS is the address listed in the Lab Logins Spreadsheet labeled Private NFS Interface Address
16) Check the contents of the NFS mount: cd /nfs_fs; ls
VCE CONFIDENTIAL
110
In the Interfaces list, locate the interface with the address from the Lab Logins Sheet labeled NFS Private
Interface Address and select it
5) With a VNX CIFS Server, the initial password must be changed before it can be used. On your workstation,
Select the Start menu and navigate to Windows Security > Change a Password
6) In the User field, enter the username prefaced by the IP address from the Lab Logins Spreadsheet labeled
VNX cge-0 the IP address we used for our CIFS Server interface, followed by a backslash and the username
Administrator for instance, the field may be 192.168.1.14\Administrator
7) Enter the password start in the first Password field, and enter emc123 in both of the new password fields.
8) Press the arrow icon next to the second password field
9) Press Ok when the system informs you the password has been changed.
B) Create a Volume
1) Continuing with Unisphere from the previous section
2) Navigate to Storage > Storage Configuration > Volumes
In the Volume Create dialog that comes up, under Type, select the Slice radio button.
Under Volume Name enter TeamXY where XY is your setup and team number
VCE CONFIDENTIAL
111
Under Name, enter pool_XY where X is your lab setup and Y is your team number
Under Volumes, select the TeamXY volume you created in the previous section
Leaving the rest of the settings to the defaults, click Ok to create the File System Pool
Name the filesystem fsXY where X is your setup and Y is your team number
Select the Pool that you just created, pool_XY where X is your setup and Y is your team number.
VCE CONFIDENTIAL
112
In the Name field, name the share cifs_team_XY where X is your setup and Y is your team number
Under File System, select the file system you just created, fsXY where X is your setup and Y is your team
number
Now click the Ok button to mount the file system on the CIFS Server
G) Mount CIFS on VM
Now let us mount the CIFS share on our Linux VM to be sure we can see it there as well.
VCE CONFIDENTIAL
113
This is useful for restoring a file that you originally had backed up offsite
Sometimes during maintenance, if the configuration of the VCE Vision system becomes broken, you can
restore it to the state prior to the change (or the state at midnight on any of the previous 10 days):
/opt/vce/fm/install/restoreConfig.sh
It will prompt you with the dates of all available restoration snapshots.
VCE CONFIDENTIAL
114
Navigate to the address below - in your environment, you would use the hostname you gave to
the vision system: https://vision:8443/fm/configcollector
password: dangerous
This will bring up a download window, as the browser downloads a zip file containing all of the
configuration files.
Save this file on the desktop and use Windows (File) Explorer to investigate its contents.
Access the UCS Manager browser window on the Windows Management Server you connected
to through the Internet Explorer icon as instructed in LAB 2 A)LAB 1 UCS Manager GUI (TST):
Capture Compute Resource Configuration on page 17
Press OK
VCE CONFIDENTIAL
115
3) The bootflash can be replaced with scp, tftp, ftp or sftp if you have those types of file servers configured in
your environment. The general format is protocol://username@hostname/filename-or-path
F) Backup of the MDS Switch
1) Access the MDS Switch A NX-OS CLI on the Windows Management Server you connected to through the
Internet Explorer icon as instructed in LAB 2 F)LAB 1 CLI for MDS Switch (TST): Capture Storage Area
Network (SAN) Configuration on page 28
The bootflash can be replaced with scp, tftp, ftp or sftp if you have those types of file servers configured
in your environment. The general format is protocol://username@hostname/filename-or-path
VCE CONFIDENTIAL
116
A) Protection in Unisphere
The storage subsystems provide a number of key features for building a production data protection strategy. One
of those features is snapshotting. Lets create a snapshot of our VM created earlier.
1) Access the EMC Unisphere for VNX browser window on the Windows Management Server you connected
to through the Internet Explorer icon as instructed in LAB 2 C)LAB 1 UCS Manager GUI (TST): Capture
Compute Resource Configuration on page 23
Navigate to Storage > LUNs by hovering over the Storage icon, and selecting LUNs
Locate the LUN that we created earlier by selecting the Host Information column to order by host,
finding your team host (team-X-esxi.take.emc.com) and selecting the 50GB LUN that you created
In the LUN Properties, select LUN Name and give it a more descriptive name. We could have done this
during creation as well, but this allows us to rename any LUN. Name it after your team: team-Xdatastore1
Click OK, and click Yes on the confirmation dialog that displays
Locate the snapshot you just created it will be listed by the name you used: team-X-datastore1
Snapshots use a variable amount of space as applications write new data to the underlying
LUN, the data that would be overwritten is copied to the snapshot, so the snapshot grows as the
protected LUN is modified. The amount of allocation a snapshot is using is listed in the Snapshot
Summary.
This is also where one could create a mount point of an existing snapshot this can be used to
test the snapshot, or to restore individual pieces of the snapshot.
VCE CONFIDENTIAL
117
Consistency Groups
This mechanism works for stand-alone LUNs, but when there are multiple LUNs that are interrelated, taking
snapshots of each LUN wont produce a consistent image. This allows you to group multiple LUNs together,
telling the VNX that they are, in fact, interrelated and that snapshots must be consistent across the whole set of
LUNs. Lets quickly create a couple of LUNs to be used at Counterfake for an Oracle database. Since they will be
used by a database, both LUNs will require protection through a consistency group.
Click Next
D) Protection in vSphere
We have a snapshot of the LUNs being used for database, we also have a series of virtual machines we have
created, and VMware allows the user to manage creating snapshots of these servers.
2014 VCE Company LLC. All rights reserved.
VCE CONFIDENTIAL
118
1) Access the vSphere Web Client browser window on the Windows Management Server you connected to
through the desktop icon as instructed in LAB 2 H)LAB 1 vSphere Web Client (TST): Explore vCenter
Configuration on page 31
2) Navigate to vSphere > VMs and Templates
3) Click on Actions
4) Select Take Snapshot
5) Give the snapshot a name: appserver-initial
6) Click ok, and watch the running task in the right hand panel, waiting for completion
7) When it is complete, take another snapshot of the same VM by selecting Actions and the Take Snapshot
option
8) Wait for this second snapshot to complete by observing the task status in the right hand panel
9) When complete, select Action > Manage Snapshots
10) Note the history of the VM, where the currently running snapshot is in the history
VCE CONFIDENTIAL
119
1) Access the vSphere Web Client browser window on the Windows Management Server you connected to
through the desktop icon as instructed in LAB 2 H)LAB 1 vSphere Web Client (TST): Explore vCenter
Configuration on page 31
From the Home screen, in the select the Vblock icon in the center panel
Select Actions at the top of the right hand panel and select Compliance Scan.
This will start the compliance scan wizard, which allows the administrator to select a specific
release matrix and validate the Vblock against that matrix.
Select the most recent certification matrix at the bottom of the list
Run the scan by finishing the wizard, clicking Finish on the last Screen
Click on the Manage tab, and watch for the compliance scan to complete - you can click on the Refresh
button to force a refresh.
Wait until Complete
The compliance scan will result in an overall system score based on how well the Vblock matches against
the release matrix.
After a short wait, the new compliance scan just ran will show up in the compliance scan list
Click on the Compliance Report button (located at the top of the list).
This will bring up the compliance scan report, which includes a summary window, as well as the ability
to investigate each major component involved in the scan.
Explore the report, looking in particular at the various components and how their current
firmware levels compare against the latest release matrix.
VCE CONFIDENTIAL
120
1) On your Management Workstation, under Start > Programs > putty, open PSFTP
Change the local working directory to our source location with lcd z:\vision\system
library
Login using the VCE Vision OS Appliance Console with User Name of root and a Password of
V1rtu@1c3!
Quit PSFTP and open a putty Session to the VCE Vision OS Appliance Console
You will need to provide the VCE Vision CAS Authentication on System Library with a User
Name of admin and a Password of dangerous
This will display the components that are optional for your system.
Note: Each item in the list will list a True or False to indicate whether it is installed in your
compliance Checker already
For each item in the list that is set to false, perform these tasks
VCE CONFIDENTIAL
121
Verify that the rule now has toggled to True on the next page
When everything is set to True, select the number next to Save and Quit
Run the install command again to import the new content: ./install_content.sh
You will need to provide the VCE Vision CAS Authentication on System Library credentials from
the Lab Logins Spreadsheet
VCE CONFIDENTIAL
122
On the Admin tab, expand All > Communication Management > Communication Services
System Contact is a text field where information needed to contact the person responsible for
the SNMP implementation can be documented.
System Location is a text field of up to 510 characters and should contain the host on which the
SNMP agent (server) runs.
In the SNMP Traps area, there should be registered host, which will be the VCE Vision Console IP
Address from the Lab Logins Spreadsheet. The Community should be set to csnpub.
*The default SNMP v1 or v2c community name or SNMP v3 username Cisco UCS Manager
includes on any trap messages it sends to the SNMP host.
VCE CONFIDENTIAL
123
After the Password: prompt, enter the Password of emc123%%, enter <CR>
This should show the community name of csnpub, and the group network-operator.
There should be traps being sent to the VCE Vision console IP address, version 2c on port 162.
Now validate the syslog server setup. This is the target host the switch will forward its syslog output.
Validate the B-Side MDS switch. Repeat steps 1-4 for MDS-Switch B-Side switch with an IP address of
192.168.1.7
After the Password: prompt, enter the Password of emc123%%, enter <CR>
This should show the community name of csnpub, and the group network-operator.
There should be traps being sent to the VCE Vision console IP address, version 2c on port 162.
Now validate the syslog server setup. This is the target host the switch will forward its syslog output.
Validate the B-Side Nexus 5548 switch. Repeat steps 1-4 for Nexus-5548 B-Side switch with an IP
address of 192.168.1.5
VCE CONFIDENTIAL
124
Select System > Monitoring and Alerts > Notifications for Block and select the Notification Templates
tab.
Select Create and name the template after your team (TeamXY)
On the General tab, select General Events and then select each severity and category type.
For SNMP Management Host, type the IP address of the VCE Vision OS Appliance Console from the Lab
Logins Spreadsheet
Open a putty session to the Vision Console using the lab login sheet
Click Test to test the response and verify that the Vision console is receiving the test trap
Note that one can also tie notification to email or paging systems with the other tabs
VCE CONFIDENTIAL
125
Select Collection Policies > Collection Policy chassis and right-click the label
Validate that the Collection Interval is set to 30 seconds, and the Reporting Interval is set to 15
minutes
Navigate to Equipment > Chassis > Chassis 1 > Servers > Server 1 in the Navigation pane.
Navigate to Motherboard > Motherboard Power Counters > Motherboard Input Voltage in the
content pane
Identify the minimum and maximum values across all the Avg values of the servers in the chassis
Calculate the average of these minimum and maximum values (Add the two values and divide by
2)
Navigate to Admin > Stats Management and select Root in the content pane
Right-click on Root in the content pane, and select Create Threshold Policy
Type input_volt_TeamX in the Name text field (16 character max) of the Threshold Policy
creation wizard (where X is your team number) and click the Next button
Select Motherboard Power Statistics in the Stat Class dropdown menu and click the Next
button
Select Motherboard Power Statistics Input Voltage in the Property Type drop down
Type the average value you calculated in step 4b into the Normal Value text field
In the Alarm Triggers (above normal value) section, click the Critical checkbox
In the first text field for Critical, type in a value that is 0.1 units more than the average value you
previously calculated
In the second text field for Critical, type in a value that is 0.4 units more than the average value
you previously obtained
In the Alarm Triggers (below normal value) section, click the Info checkbox
In the first text field for Info, type in a value that is 0.2 units less than the average value you
specified in step 5h
VCE CONFIDENTIAL
126
In the second text field for Info, type in a value that is 0.4 units less than the average value you
calculated
Click the Finish button at the bottom of the creation wizard (again)
Click OK
G) Syslog Management
All of the components in the Vblock that support syslog, are forwarding syslog messages to the VCE Vision
console. On the console, we can instruct VCE Vision to forward these messages to any other remote syslog
server. In this lab we will verify the UCS syslog settings, review syslog messages on the Vision console, and setup
a syslog server on our management stations.
1) Continue using the UCS Manager session you started in the previous lab or restart it using the instructions
found in step 1 of the previous lab
Navigate to Admin > Faults, Events and Audit Log > Syslog in the Navigation pane
In the Hostname field, you should find the IP address of the Vision Console
3000 is the port - we use that in this lab environment to avoid some conflicts
On your management workstation, start the Kiwi Syslog Server Console using the icon on your desktop
Select UDP and uncheck the Listen for UDP Syslog messages
Select TCP and select the Listen for TCP Syslog Messages
Click OK
In the Hostname field, the IP address should be the Vision console IP address from the Labs
Login Spreadsheet
Click Save Changes if you had to change any values (and then Click OK on the pop up)
You should be receiving the syslog messages coming from your Vblock. Note that the other
teams have configured their management stations as syslog servers as well; Vision can forward
to any number of syslog servers
VCE CONFIDENTIAL
127
The VCE Vision MIBs are located on the System Library appliance for easy access
For any Vision-enabled Vblock, the process to obtain the MIBs involves:
Copying the zip file from the system library located in the directory
/opt/vce/fm/doc/mibs to the computer with the targeted network management
system
Using PSFTP (Putty FTP), download the lab System Library MIBs file to the management station
Open psftp, and type open <IPADDR> where IPADDR is the VCE Vision OS Appliance Console IP
Address from the Labs Login Spreadsheet
Type cd /opt/vce/fm/doc/mibs
Type lcd C:\ to change the local working directory (this is where psftp will save your files)
Type mget mibs-dist* (mget allows the use of the * wildcards; you could also type get with
the full filename)
The file will now be located on your management host in the C:\ directory.
Browse into the ZIP file, and copy all of the files in the directory MIB to
C:\Program Files (x86)\ireasoning\mibbrowser\mibs
From the Start menu, select All Programs > iReasoning > MIB Browser
The process to load the VCE MIBs is to click File > Load MIBs.
The iReasoning has a 10 MIB limit for this edition; first be sure there are no MIBs already loaded
by Selecting File > UnLoad MIBs - the list should be empty, if not, select all the MIBs and unload
them.
Using the following table, load each MIB into the browser, one at a time.
MIB Module
Description
ENTITY-MIB
ENTITY-STATE-TC-MIB
VCE-SMI-MIB
VCE-VBLOCK-HEALTH-MIB
VCE CONFIDENTIAL
128
VCE-PORT-INTERCONNECT-MIB
VCE-VBLOCK-LOCATION-MIB
VCE-FM-AGENT-MIB
VCE-AGENT-CAPS-MIB
RFC1155-SMI
I)
Keep the iReasoning MIB Browser open for continued operations in the next lab
Once entered, click on the Advanced button next to the Address box
In the Advanced tab enter csnpub for the community strings (READ/WRITE), and ensure that the
SNMP Version is set to 2.
In the SNMP Class tree panel on the left, under ios.org.dod.internet > mgmt > mib-2, right click on
system
This will retrieve the initial results, and begin appending it to the Results table on the
right hand panel.
To view the logical containment, retrieve the tree under entityLogical > entLogicalTable.
End of Exercises
VCE CONFIDENTIAL
129