Tag:

storage

Deploying & Configuring the VMware LCM Bundle Utility on Photon OS: A Step-by-Step Guide

by Tommy Grot June 3, 2025

written by Tommy Grot 4 minutes read

The need for streamlined VMware appliance updates is undeniable. Managing a VMware Cloud Foundation environment and its appliances can quickly become a complex and time-consuming task, especially in an offline, disconnected VCF environment. This post provides a detailed, step-by-step guide to deploying and configuring the VMware Lifecycle Manager (LCM) Bundle Utility on Photon OS, offering a significant improvement in update management efficiency. We’ll cover everything from initial setup to verifying successful configuration, providing clear instructions and practical advice for administrators comfortable with Photon OS command-line interfaces. Let’s get started!

If you’re interested in creating an offline depot for VCF, check out Aaron Rombaut; he wrote an excellent blog post tailored for VCF offline depots.

What is Required:

Photon OS ISO (Only Supported on Photon**)
Virtual Machine with 2+ vCPUs & 4GB+ Memory & 1TB Storage
PuTTY
WinSCP

** The LCM Bundle Utility is currently not supported on other Linux distributions or Windows, particularly due to the new Broadcom Token Implementation

You will need to obtain the full ISO x86_64 image.

Download	Size	sha512 checksum
Full ISO x86_64	4.4G	6a7a258399a258da742032987c043ab25503698d35edafaf1ae000f12127da1a161d8b84caa17fd8f23d129e81e1faa7ab087c20ab9229772a643f8f9475305f

Create New Virtual Machine ->

Virtual Machine name ->

Select the compute resource ->

Select your Storage ->

Select Default ->

Select VMware Photon OS (64-bit)

Configure the virtual machine with the following specifications: 2 vCPUs, 4GB of memory, a 1TB disk, and network access. The number of CPUs and memory can be increased later if required.

Deploy!

Now, that you have deployed the virtual machine, lets connect to it via VMRC and mount the Photon OS ISO.

Install ->

EULA ->

Select the 1TB disk. I kept the partitioning on Auto, but you can manually partition it if you prefer.

Select, Photon Real Time ->

Since my Photon LCM VM is deploying on an NSX segment with DHCP, I left it on automatic, but the configuration will vary depending on your implementation.

Set Host name ->

Password ->

Start Install ->

Installing…

Lets boot up to the new Photon VM!

Connect to the Photon OS VM via Remote Console and log in.

Let’s edit the sshd_config file to allow root to connect via SSH.

vi /etc/ssh/sshd_config

Update the following config and uncomment

Port 22
AddressFamily any
ListenAddress 0.0.0.0

Change PermitRootLogin to yes from no

Restart SSH Service

systemctl restart sshd.service

Now that we have completed deploying Photon OS and preparing the virtual machine so that we can SSH into it, we needed to update the SSH configurations within the sshd_config file to allow root to SSH and allow port 22 to listen. Next, we will upload the LCM Bundle Utility via WinSCP

Connect via PuTTY, and then we will untar the lcm-tools-prod.tar.gz.

We will need to make the bin directory with lcm-bundle-transfer-util executable

chmod u+x -R bin/

Change directory to conf. Next, we will use vi to edit the application-prod.properties file and update the required fields below.”

You will need to tailor the Depot Properties to accommodate the Broadcom Download Token. More information is available here.

################### Depot properties ########################
lcm.depot.adapter.certificateCheckEnabled=false
lcm.depot.adapter.port=443
lcm.depot.adapter.host=dl.broadcom.com
lcm.depot.adapter.remote.rootDir=/<Token Here>/PROD
lcm.depot.adapter.remote.repoDir=/COMP/SDDC_MANAGER_VCF
lcm.depot.adapter.remote.index.filename=index.v3
lcm.depot.adapter.remote.offline.index.filename=index.offline
lcm.depot.adapter.local.baseDir=${lcm.bundle.download.default.dir}/tmp
lcm.depot.adapter.local.input.spec.dirname=asyncPatchSpecs
lcm.depot.adapter.local.compatibility.path=v1/products/bundles/type/vcf-lcm-bundle
lcm.depot.adapter.enableBundleSignatureValidation=true
lcm.bundle.manifest.dirname=manifests
lcm.bundle.dirname=bundles

lcm.depot.adapter.lcmManifestFile=lcmManifest.json
lcm.depot.adapter.remote.productVersionCatalog.filename=productVersionCatalog.json
lcm.depot.adapter.remote.lcmManifestDir=/COMP/SDDC_MANAGER_VCF/lcm/manifest
lcm.depot.adapter.enableBundleChecksumValidation=true

lcm.depot.adapter.enableLatestToolVersionCheck=true
lcm.depot.adapter.remote.bundletransferconfig.repoDir:/COMP/SDDC_MANAGER_VCF/obtu

Now that we have updated the applications-prod.properties file, let’s run it. I have extracted my PlannerFile and uploaded it to /root/plannerFile.json.

./lcm-bundle-transfer-util --download --plannerFile /root/plannerFile.json --depotUser <Email-Here>

It is working on Photon OS! The download process has begun.

Deploying the VMware Lifecycle Manager Bundle Utility on Photon OS is a worthwhile investment for any administrator responsible for a VMware Cloud Foundation environment. This guide has provided the foundation for simplifying your appliance updates, reducing operational overhead, and ensuring a more stable and efficient infrastructure. Embrace this approach and take control of your VCF updates!

June 3, 2025 0 comments 447 views

VMware Cloud Foundation

VMware Cloud Foundation: Don’t Forget About SSO Service Accounts

by Tommy Grot May 14, 2025

written by Tommy Grot 5 minutes read

VMware Cloud Foundation (VCF) delivers a modern, automated infrastructure. A vital, but frequently neglected, element of its operation is enabling password rotations. The svc-nsx-vc-fqdn service account within the vCenter Server SSO domain and SDDC Manager. This account is critical for NSX or LCM functionality and integration between solutions, and its failure – typically due to an expired or incorrect password – can cause significant disruption to your VCF environment. This post will highlight the importance of svc-nsx-vc-fqdn, explain the impact of a failed account, and provide proactive measures to ensure its ongoing health and prevent costly outages.

Error Message – “NSX is integrated with vLCM feature of vSphere system. Cannot disable two way authentication and service account creation functionality”

Verifying Service Account with CURL

When the SDDC Manager Password Management UI displays an invalid or outdated timestamp for the svc-nsx-vc-fqdn service account, it indicates a potential synchronization issue between SDDC Manager and the underlying vCenter SSO domain. This can lead to authentication problems and network connectivity issues within your VMware Cloud Foundation environment. As illustrated below, the ‘Last Modified Date’ is incorrectly displayed as 11/10/23 1:03PM. Let’s examine this issue in more detail.

Addressing SDDC Manager UI Timestamp Discrepancies

To troubleshoot this, administrators can use the curl command to directly query the VCF SDDC API and verify the existence and timestamp of the svc-nsx-vc-fqdn object. This bypasses the SDDC Manager UI and provides a more accurate view of the account’s state.

SSH Into SDDC Manager – ( Prepare your command using your SSO account credentials. While ‘[email protected]‘ may be a default account, you must retrieve the current, rotated password using the lookup_password utility within SDDC Manager.
Elevate to root ” su – “
Run the Bearer Token curl to retrieve a access token

TOKEN=$(curl -d '{"username" : <sso_username>, "password" : "<sso_password>"}' -H "Content-Type: application/json" -X POST http://127.0.0.1/v1/tokens | jq -r '.accessToken')

Once we have gotten the Bearer Token we are now able to execute the next CURL command with syntax below:

curl -k -X GET -H "Authorization: Bearer "$TOKEN"" --insecure 'https://localhost/v1/system/credentials/service' | json_pp

So, now that we have execute the CURL command above you will get a detailed JSON API back which has all the creation times and ensuring that the SSO Service account still exists and has not disappeared even though the SDDC Manager UI is showing — or incorrect timestamp of last time it was active / updated / modified.

{
"creationTime" : 1699646593061, #This is the timestamp representing when the object was created
"credentialType" : "SSO" #This is indicating that it is apart of the SSO Domain
"entityId" : "17bd9679-a83b-485c-9b97-ac079827224d", # Unique identifier which is stored in the VCF SDDC Database.
"entityType" : "VCENTER", #Displays that this SSO object is related to vCenter
"id" : "b69362ad-c797-4689-b763-f1fc4aed5dff",
"modificationTime" : 1699646593061, #Timestamp showing when last time this object was modified
"serviceId" : "0dd05d81-6eaa-442b-9d47-fb1134ffdbe6", #This is the ID between NSX Managers and vCenter
"serviceType" : "NSXT_MANAGER",
"targetType" : "VCENTER",
"username" : "[email protected]" # Username of service account which is integrating the two solutions
}

Now that you have executed the curl command, you should see output similar to the example JSON I’m providing above, where I’m commenting on the specific API fields of interest and explaining what they mean.

As demonstrated in the JSON outputs for other credentials, the ‘secrets’ field typically contains the encoded password within the API. However, for this specific SSO Account, this field is absent, allowing us to manually set the password on both sides of vCenter and NSX and SDDC and re-establish the connection.

Remediation of Service Account

After verifying that the SSO accounts still exist within SDDC, if you attempt to rotate them using the SDDC Password Manager UI, the initial rotation will often stall at approximately 50% and present a retry or cancel popup. Waiting the 15 minutes suggested in some KB articles and then retrying will result in the process reaching 100%, followed by a rapid failure. This is due to timing differences and synchronization processes between vCenter, NSX and SDDC.

First, lets set a basic password within vCenter SSO for the “[email protected]” Set it to VMware1!VMware1! , after you hit save wait few seconds

After the password has been updated manually via vCenter Users and Groups for the “[email protected]”.

Then log into your NSX Manager – > System -> Fabric -> Compute Managers -> Edit on vCenter Object and click edit on the FQDN | IP Address, and input your svc sso account and password.

Note: Ensure that ‘Create Service Account’ is enabled and ‘Enable Trust’ is also selected. If you encounter an error during the connection process, toggle the ‘Create Service Account’ option, enter the password, save the configuration, and then re-enable the Service Account.

Finally, lets go back into the SDDC Manager -> Password Management -> Filter based on vCenter

Enter the remediated password you previously set within vCenter and NSX. Executing this operation should result in a successful completion task within a few minutes.

Now that two-way communication between vCenter and NSX has been re-established, you can resume standard operations, including enabling vLCM for baseline-controlled patching or image-based deployments.

Beyond the technical steps, this highlights the importance of treating credential management as a proactive, ongoing process. Regular audits, automated password rotation, and diligent verification using methods like the curl command we’ve explored, aren’t merely reactive fixes—they’re essential components of a robust security posture and a resilient infrastructure. Prioritizing these practices ensures that your VMware Cloud Foundation environment remains a reliable and secure foundation for your critical applications and workloads.

May 14, 2025 0 comments 341 views

VMware Cloud Foundation

Securing Software Updates for VMware Cloud Foundation: What You Need to Know

by Tommy Grot March 24, 2025

written by Tommy Grot 2 minutes read

Starting March 24, 2025, Broadcom will implement a significant change in the distribution of VMware software binaries for key products. This update aims to enhance security and ensure compliance with industry standards for all our VMware Cloud Service Providers (VCSPs).

From this date onwards, downloading updates and patches for VMware Cloud Foundation, vCenter, ESXi, and vSAN File Services will be handled through a secure new process. This change is crucial for maintaining the integrity and confidentiality of software components, protecting against potential vulnerabilities, and ensuring reliable access to the latest features and bug fixes.

Stay tuned for more details on the implementation and any necessary steps to ensure a smooth transition. Your trusted cloud services are about to get even stronger!

Prepare for VMware Utility

Links for PowerShell Gallery

You will need to download and install PowerCLI addons for PowerVCF and VMware.Powercli for your desktop or virtual machine. As shown in the example below I needed to download both.

VMware Depot How To:

Log into Broadcom Support Portal, in the main dash board toward the bottom right you will see Quick Links -> Generate Download Token ->

Select your Site ID and click Generate Token

Once you have generated a token, you will need to download the VMwareDepotChange Script from VMware KB

Now that you have the script downloaded, you will want to execute the command below, before running the script.

The SSL connection could not be established, see inner exception.

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

The SSL connection could not be established, see inner exception.
See pre-requisites. Ensure you have set the PowerCLI to ignore invalid certificates or have established SSL trust.

First we will select 1. Choose deployment type and connect:

Now, the interactive prompt will ask you if it is a VCF Deployment? (Y)

After you have connected to your SDDC Manager and vCenter, next we will select Option 2. Enter your token. Below is an example of the output. (My Token is masked out)

Next we will select Option 4 Update, this will connect to the SDDC Manager and vCenter and update the depot from the old vmware depot to dl.broadcom.com/etc/…

After you have updated the depot, log back into VCF/SDDC Manager and go to Administration -> Depot Settings and Authenticate, once you have finished wait 5 minutes and you will be able to download again!

March 24, 2025 0 comments 514 views

VMware Cloud Foundation

VMware Cloud Foundation 5.2: A Guide to Simplified Upgrade with Flexible BOM

by Tommy Grot March 11, 2025

written by Tommy Grot 5 minutes read

VMware Cloud Foundation (VCF) has revolutionized the way organizations deploy, manage, and secure their on-premises infrastructure. With the recent release of VCF 5.2, VMware continues to push the boundaries of hybrid-cloud innovation, offering enhanced features, improved scalability, and streamlined management capabilities.

One of the most significant enhancements in VCF 5.2 is the introduction of Flexible Bill of Materials (BOM), a game-changing approach to infrastructure upgrades. Gone are the days of rigid, one-size-fits-all upgrade paths; with Flexible BOM, administrators can now customize their upgrade process to meet the unique needs of their organization.

In this blog post, we’ll delve into the world of VCF 5.2 and Flexible BOM, exploring the benefits, best practices, and step-by-step procedures for a successful upgrade. Whether you’re a seasoned VCF administrator or just starting your hybrid-cloud journey, this guide will provide you with the insights and expertise needed to elevate your infrastructure to the next level

Flexible BOM Process

Downloading The Bits:

The files will be downloaded with a internet connected laptop/desktop or virtual machine.

Note: I am using “03102025” as the directory structure for this process, you can use any name you like for the folder.

First, let’s open up the Offline Bundle Utility Tool (LCM) and start preparing commands to enter, you may copy below and replace to fit your system and your credentials.

(Since, I am using windows for downloading the bundles you will want to run the LCM with out the ./lcm-bundle… as executable, so it would just be “lcm-bundle… for windows” )

lcm-bundle-transfer-util --download --manifestDownload --depotUser <email> --outputDirectory C:\03102025

lcm-bundle-transfer-util --download --bundleManifests --depotUser <email> --bundleManifestsDir C:\03102025

lcm-bundle-transfer-util --download --compatibilityMatrix --depotUser <email> --outputDirectory C:\03102025

Note: If you do not have a VXRAIL Platform, you and disregard the –pdu dell_depot_email, remove it from the syntax as below in the screenshot.

lcm-bundle-transfer-util --depotUser <email> --download productVersionCatalog --outputDirectory C:\03102025

Uploading The Bits:

Once you have downloaded all the updates and manifest files, upload them to the SDDC manager appliance. Keep all the files extracted in the /home/vcf/ directory.

For actual bundles those will be uploaded to the /nfs/vmware/vcf/nfs-mount/ due to the large size and /home/vcf/ is limited on space.

File Structure Table

Note: This will provide simplified way of uploading and ingesting the VCF files and updates following the table below.

`--bundleManifests`	/home/vcf/bundleManifests	Upload the bundleManifests directory into /home/vcf/
`--compatibilityMatrix`	/home/vcf/Compatibility/	Upload the Compatibility directory into /home/vcf/
`productVersionCatalog`	/home/vcf/	`Upload the productVersionCatalog`.json in /home/vcf/ directory
`--sourceManifestDirectory`	/home/vcf/lcm/	Upload the lcm directory into /home/vcf/

bundleManifests

./lcm-bundle-transfer-util --update --sourceManifestDirectory /home/vcf --sddcMgrFqdn FQDN --sddcMgrUser [email protected]

./lcm-bundle-transfer-util --upload --bundleManifests --bundleManifestsDir /home/vcf/

./lcm-bundle-transfer-util --update --compatibilityMatrix --inputDirectory /home/vcf --sddcMgrFqdn FQDN --sddcMgrUser [email protected]

./lcm-bundle-transfer-util --upload productVersionCatalog --inputDirectory /home/vcf --sddcMgrFqdn FQDN --sddcMgrUser [email protected]

After you have completed the above steps for updating the BOM and Products, Manifests. Next we will go to the workload domain you want to patch. Select Plan Patching -> Select the Products you want to upgrade/patch.

./lcm-bundle-transfer-util –generatePlannerFile –sddcMgrFqdn <your FQDN> –sddcMgrUser [email protected] –outputDirectory /home/vcf –domainNames vcf-m01 -p 5.2.1.0

An Example of the plannerFile.json below:

[{"id":"f486b010-2441-4ee3-93a3-1cae8d375e1e","type":"VMWARE_SOFTWARE","description":"This VMware Software Upgrade bundle contains vSphere ESXI 80U3d, for more information, refer https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3d-release-notes.html","version":"608.169.14-83637536","severity":null,"vendor":"VMware","releasedDate":"2025-02-24T12:00:00Z","isCumulative":false,"isCompliant":null,"sizeMB":606.376953125,"downloadStatus":"PENDING","components":[{"description":"ESXI bundle element","vendor":"VMware","releasedDate":"2025-02-24T12:00:00Z","toVersion":"8.0.3-24585383","fromVersion":"1.1.1-1","imageType":"PATCH","id":"54bf5dce-40e1-408b-9a1d-6ebb63b3dabe","type":"HOST"}],"applicabilityStatus":"PENDING","applicabilityOrder":2,"isPartiallyUpgraded":false},{"id":"d70ed6b4-26b7-4e40-a516-57492b7ddb72","type":"VMWARE_SOFTWARE","description":"This VMware Software Upgrade bundle contains NSX 4.2.1.3, For more information, refer https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/release-notes/vmware-nsx-4213-release-notes.html","version":"310.71.51-83059794","severity":null,"vendor":"VMware","releasedDate":"2025-02-03T12:00:00Z","isCumulative":false,"isCompliant":null,"sizeMB":9070.224609375,"downloadStatus":"PENDING","components":[{"description":"NSX-T Manager patch bundle element","vendor":"VMware","releasedDate":"2025-02-03T12:00:00Z","toVersion":"4.2.1.3.0-24533884","fromVersion":"1.1.1-1","imageType":"PATCH","id":"2b89cce2-b0e9-4595-964e-0df5711b0a9d","type":"NSX_T_MANAGER"}],"applicabilityStatus":"AVAILABLE","applicabilityOrder":1,"isPartiallyUpgraded":false}]

Once you have generated the file, copy it from the SDDC Manager onto your internet connected machine.

lcm-bundle-transfer-util --download --plannerFile C:\03102025\plannerFile.json --depotUser <your username for VMware Depot>

Once your bundles have been downloaded, you will want to transfer them to the system that will be upgraded. After everything is uploaded into the NFS Directory on SDDC Manager, you will want to make sure that you elevate to root by su for ingesting bundles.

Now we will go back to the SDDC Manager, upload the actual bundles into the /nfs/… share and ingest them with command below.

./lcm-bundle-transfer-util --upload --bundleDirectory /nfs/vmware/vcf/nfs-mount/03102025/

If you have a VXRAIL VCF Deployment you will want to upload the Partner Bundles with the command below:

./lcm-bundle-transfer-util --upload "uploadPartnerBundle" --bundleDirectory directory-path

Once all update bundles have been uploaded, go back to the SDDC Manager User Interface, and you should see that the Update Now button shows up and lets you proceed with the upgrade!

March 11, 2025 0 comments 702 views

VMware Cloud Foundation

VMware Cloud Foundation 5.2: Unlocking Secure Hybrid Cloud Capabilities with Microsoft Certificate Authority

by Tommy Grot February 18, 2025

written by Tommy Grot 5 minutes read

In the ever-evolving landscape of cloud computing, security remains paramount, especially as organizations strive to build robust hybrid cloud environments. VMware, a pioneer in virtualization and cloud infrastructure, has released an update that strengthens its portfolio—VMware Cloud Foundation 5.2. This new version brings a plethora of enhancements, focusing on improved security features, and integration is with Microsoft Certificate Authority or also OpenSSL but we will utilize Microsoft Certificate Authority.

The Power of Secure Certificates

Certificates play a pivotal role in establishing secure connections within cloud environments. They ensure data encryption, authenticate users and devices, and prevent man-in-the-middle attacks. With this latest release, VMware Cloud Foundation 5.2 leverages the power of MCA to provide organizations with a centralized, automated, and scalable certificate management system.

Integrating Microsoft Certificate Authority

Microsoft Certificate Authority (MCA) is a robust solution for managing digital certificates, offering advanced security features and seamless integration with various cloud platforms. By integrating MCA into VMware Cloud Foundation 5.2, organizations can:

Automate Certificate Deployment: Streamline the process of issuing and deploying certificates across multiple clouds and on-premises data centers.
Centralized Management: Gain a unified view and control over all certificates from a single location, simplifying administration.
Enhanced Security: Benefit from MCA’s advanced security features, including long-term key protection and certificate revocation, to safeguard cloud infrastructure.
Cost Efficiency: Reduce the overhead of managing certificates independently in different environments.

What’s Ahead for Hybrid Cloud Security

VMware Cloud Foundation 5.2 marks a significant step towards simplifying and strengthening security in hybrid cloud deployments. By embracing this update, organizations can future-proof their infrastructure, ensuring data and user privacy. Stay tuned for more insights into this exciting release and its impact on the cloud computing landscape.

Procedure

This walk through assumes that you have already configured a Certificate Authority server, if you did not, ensure to get that created first but in the mean time lets get started!

First, we will go connect via RDP to the Microsoft CA Server

Ensure to install the Following:

Certificate Authority
Certificate Enrollment Policy Web Service
Certificate Enrollment Web Service
Certification Authority Web Enrollment

Once all the Roles are installed, give the CA Server a reboot. Next we will Configure a Role for IIS to do the Enrollment via Web Service using Basic Authentication.

Open up server manager, add the required feature under IIS.

Basic Authentication

After you have installed all the required roles above, next we will enable Basic Authentication under IIS

Navigate to Sites -> Default Web Site -> CertSrv
Under IIS, double-click Authentication.
On the Authentication page, right-click Basic Authentication and click Enable.
In the navigation pane, select Default Web Site.
In the Actions pane, under Manage Website, click Restart for the changes to take effect.

After you have enabled the Basic Authentication, we will need to ensure that the CA Server Web Enrollment has a CA Signed Certificate with the FQDN, IP in its SANs (Subject Alternative Name). The SDDC Manager requires a secure connection between the appliance and the certificate authority.

This walk through will not cover how to create a Web Server Certificate for your CA IIS Site Binding, assuming you already have it configured.

Right Click -> Default Web Site -> https 443 Binding -> Attach the new certificate for the CA Server Web Enrollment.

After all the perquisites are done we will configure a Template for SDDC Manager to utilize.

Clone the Web Server Template and we will configure it:

Configure name for the template, I used VMware SDDC

Click Start Run, enter certtmpl.msc, and click OK.
In the Certificate Template window, under Template Display Name, right-click Web Server and select Duplicate Template.
In the Properties of New Template dialog box, click the Compatibility tab and configure the following values.

For the VMware SDDC Template – I configured 2 years, and the Template Display Name – VMware SDDC

Setting	Value
Certification Authority	Windows Server 2008 R2
Certificate recipient	Windows 7 / Server 2008 R2

In the Properties of VMware SDDC Template dialog box, click Extensions tab and configure the option below:

Click Application Policies and click Edit
Click Server Authentication, click Remove, and click OK.
Click Basic Constraints and click Edit.
Click the Enable this extension check box and click OK.
Click Key Usage and click Edit.
Click the Signature is proof of origin / nonrepudiation check box, leave the defaults for other options and OK.

Start up Run, enter certsrv.msc, and click OK
In the Certification Authority, in the left pane, right-click Certificate Templates, and select New Certificate Template to Issue.
In the Enable Certificate Templates dialog box, select VMware SDDC, and click OK.

Permissions

Before you can start using your new template that you created, next we will need to add permissions to the following VMware SDDC Template for the service account to utilize, my service account is [email protected]

Setting	Value
Full Control	Deselected
Read	Deselected
Write	Selected
Enroll	Selected
Autoenro;;	Deselected

Below we will configure the Microsoft CA and provide your FQDN that is for your Certificate Authority. I created a A record in my DNS for certs.virtualbytes.io and created a CA signed certificate for it for SDDC to accept it.

Once you have configure everything your SDDC Manager is now able to create CSRs, Certs and assign them to the products within VCF!

February 18, 2025 0 comments 362 views

VMware Cloud Foundation

VMware Cloud Foundation – Memory Tiering: Optimizing Memory Utilization for Enhanced Performance

by Tommy Grot February 5, 2025

written by Tommy Grot 4 minutes read

In the ever-evolving landscape of virtualization, efficient memory management is crucial to ensuring optimal performance and resource utilization. VMware ESXi, a powerful hypervisor, introduces an innovative feature called Memory Tiering that revolutionizes how virtual machines (VMs) interact with system memory. This blog post delves into the intricacies of ESXi Memory Tiering, exploring its benefits, implementation, and real-world impact on data center operations.

NVMe PCIe Storage and Memory Tiering

High-Speed Interface: NVMe PCIe is a high-speed, low-latency storage interface designed for SSDs (Solid-State Drives). It provides significantly faster data transfer rates compared to traditional SATA-based SSDs.
Direct Access to Memory: When combined with Memory Tiering, NVMe storage allows direct access to the host’s system memory (RAM) over the PCIe bus. This bypasses the traditional storage controller, resulting in even lower latency and higher throughput for memory operations.
Performance Benefits: With NVMe, the slower tier of memory (e.g., SSDs or persistent memory) can still offer decent performance. This is because NVMe SSDs have much faster read/write speeds, enabling quicker movement of pages between tiers.

Why NVMe Matters for Memory Tiering

Reduced Latency: Lower latency access to storage means faster page movement and improved overall system responsiveness, which are crucial for time-sensitive applications.
High Throughput: NVMe SSDs offer higher data transfer rates, enabling efficient handling of large memory pages and bulk data transfers during VM operations.
Cost-Effectiveness: By utilizing NVMe storage in the slower tiers, organizations can achieve cost savings while maintaining high performance for critical workloads.

Best Practices

Storage Configuration: Ensure that the ESXi host has the necessary PCIe slots and support for NVMe devices. Properly configure the storage to align with memory tier requirements.
Performance Monitoring: Continuously monitor VM performance and memory utilization to fine-tune Memory Tiering policies and ensure optimal page placement.
Hardware Compatibility: Verify that all hardware components, including memory modules, storage drives, and PCIe cards, are compatible with NVMe to avoid performance bottlenecks.

The integration of NVMe PCIe storage enhances VMware ESXi Memory Tiering’s capabilities, making it a powerful solution for data centers seeking to maximize memory utilization and application performance.

How To Configure Memory Tiering:

SSH into Each ESXi Host, If you ESXi Hosts are managed by VCF/SDDC Manager, you will need to lookup the password in SDDC Manager.

Enable Memory Tiering with the command below, if you want to revert and disable it set it back to FALSE and put it in maintenance mode / reboot the host.

esxcli system settings kernel set -s MemoryTiering -v TRUE

Choose the NVMe device to use as tiered memory and note the NVMe device path (i.e. /vmfs/devices/disks/).

Locate the NVMe Disk which mine is below as an example

esxcli system tierdevice create -d /vmfs/devices/disks/t10.NVMe____INTEL_SSDPED1D280GAH____________________000142FC3BE4D25C

Create the tier partition on the NVMe device. esxcli system tierdevice create -d /vmfs/devices/disks/

esxcli system settings advanced set -o /Mem/TierNvmePct -i 200

Go to -> Configure under the host -> Advanced System Settings – Filter For Mem.TierNvmePct

This is where you will set the percentage of NVMe will be set for its ratio configure that specific host

Configuring the DRAM to NVMe Ratio

As noted in the NVMe Device Recommendations section, by default, hosts are configured to
use a DRAM to NVMe ratio of 4:1. This can be configured per host to evaluate performance
when using different ratios.
The host advanced setting for Mem.TierNvmePct sets the amount of NVMe to be used as
tiered memory using a percentage equivalent of the total amount of DRAM. A host reboot is
required for any changes to this setting to take effect.
For example, setting a value to 25 would configure using an amount of NVMe as tiered memory
that is equivalent to 25% of the total amount of DRAM. This is known as the DRAM to NVMe
ratio of 4:1. A host with 1 TB of DRAM would use 256 GB of NVMe as tiered memory.
Another example, setting this value to 50 would configure using an amount of NVMe as tiered
memory that is equivalent to 50% of the total amount of DRAM. This is known as the DRAM to
NVMe ratio of 2:1. A host with 1 TB of DRAM would use 512 GB of NVMe as tiered memory.
One last example, setting this value to 100 would configure using an amount of NVMe as tiered
memory that is equivalent to 100% of the total amount of DRAM. This is known as the DRAM to
NVMe ratio of 1:1. A host with 1 TB of DRAM would use 1 TB of NVMe as tiered memory.
It is recommended that the amount of NVMe configured as tiered memory does not exceed the
total amount of DRAM.

Reference – https://knowledge.broadcom.com/external/article/311934/using-the-memory-tiering-over-nvme-featu.html

February 5, 2025 0 comments 458 views

Omnissa Horizon

Omnissa Horizon Upgrade 2406 to 2412

by Tommy Grot January 29, 2025

written by Tommy Grot 2 minutes read

Omnissa Horizon has established itself as a leading solution for Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) environments. Building on the success of its predecessor, the Horizon 2406, we are excited to announce the release of the Horizon 2412 upgrade. This latest iteration offers a range of enhancements designed to further improve performance, scalability, and manageability for organizations leveraging VDI and DaaS solutions. With advanced features and improved capabilities, the Omnissa Horizon 2412 is poised to deliver even greater value to users, administrators, and IT professionals alike

Lets Upgrade!

Take a Snapshot of your Horizon Connection Server

Copy the Omnissa-Horizon-Connection-Server-x86_64-2412-8.14.0-12990578933.exe to your Horizon Connection Server.

Next ->

Your preference to join the CEIP -> Next

Install!

Follow up on the New Documentation site on Omnissa’s Site

New Look! For the Admin Login, really clean and streamlined and snappy interface I must say!

Now, that the Horizon Connection server is upgraded, we will now upgrade the Agent on our Image for our Pool, if you have a non-persistent image then you will need to unpack your template and update the gold image, but for my deployment I have persistent so I updated the VM it self.

Agent Upgrade

Next ->

Depending on your Deployment I would stick with IPv4 if you do not have IPv6 Routing capabilities.

Select your features you want enable on the Image.

Install!

Now we will re-deploy my Unified Access Gateway with the same IP address and configuration as my old 2406, but before turning off and removing the old UAG I exported my json file of my configuration to re-import it into the new 2412 UAG.

Now we will Import the settings, so when you import the json file you will need to also re-import your certificate file, mine is a PFX and reapply it because after the import and reboot of the Horizon Connection and UAG I kept running into this error, and it was due to that the certificate was not imported within the json file and it needed a re-import. After reboot and all I was able to login!

Really nice and clean UI of the new Horizon 2412 Upgrade!

January 29, 2025 0 comments 1.1K views

VMware Cloud Foundation

VMware Cloud Foundation 5.2.1.1

by Tommy Grot December 18, 2024

written by Tommy Grot 2 minutes read

VMware Cloud Foundation 5.2.1.1 Release Information

VMware Cloud Foundation 5.2.1.1 includes bug fixes and a new version of SDDC Manager.

You can upgrade to VMware Cloud Foundation 5.2.1.1 from VMware Cloud Foundation 5.2 or later.

Upgrading from 5.2.1:

SDDC Manager is the only component that requires an upgrade. See Independent SDDC Manager Upgrade using the SDDC Manager UI.

Upgrading from 5.2:

See Flexible BOM Upgrade in VMware Cloud Foundation. When selecting the target version for SDDC Manager choose the version listed in the BOM update table below.

Known issues:

In order to upgrade from 5.2 to 5.2.1.1, you must download the bundles for both SDDC Manager 5.2.1.0 and SDDC Manager 5.2.1.1.
The Bundle Management window in the SDDC Manager UI displays “VMware Cloud Foundation Update 5.2.1.0” instead of “VMware Cloud Foundation Update 5.2.1.1” for the 5.2.1.1 bundle. The description of the bundle correctly describes it as the upgrade bundle for 5.2.1.1. This is a cosmetic issue only and does not impact the upgrade.

VMware Cloud Foundation 5.2.1.1 contains the following BOM updates:

Software Component	Version	Date	Build Number
SDDC Manager	5.2.1.1	05 DEC 2024	24397777

Resolved Issues

The following issues are resolved in this release:

VMware Cloud Foundation 5.2 does not support the “License Now” option for vSAN add-on licenses based on capacity per tebibyte (TiB).
Remove unresponsive ESXi Host fails when SDDC Manager certificate does not have subject alternative name.

Upgrade Process

Take a snapshot or have a backup of SDDC Manager if anything goes wrong.

Update is downloading, should be ready within 10 minutes

Now that the upgrade is staged and the bundle has been automatically ingested you can start the upgrade!

The whole upgrade took – 20 minutes 22 seconds

Once your SDDC Manager is upgrade you may proceed to NSX and ESXi upgrades for this release, which the same upgrade process exists in my other blog posts.

December 18, 2024 0 comments 1.2K views

Hardware Reviews

Dell PowerEdge R740XD2 – Storage Upgrade

by Tommy Grot December 16, 2024

written by Tommy Grot 3 minutes read

A Powerful Workhorse for Data-Intensive Workloads

In the world of data centers, where performance and efficiency are paramount, Dell Technologies has introduced the PowerEdge R740xd2 server—a robust machine designed to handle the most demanding computing tasks. This server is a force to be reckoned with, offering unparalleled processing power, advanced scalability, and enhanced security features. That is why I upgraded from a Dell PowerEdge R740XD to the XD2, as well running TrueNAS Scale! Let’s dive into what makes this hardware a standout choice for businesses seeking to optimize their data infrastructure.

Key Features:

1. Performance Boost:

The R740xd2 is equipped with the latest Intel Xeon Scalable processors, delivering up to 48 cores per CPU. This massive processing power enables it to effortlessly handle large-scale computing, making it ideal for data-intensive applications such as machine learning, high-performance computing (HPC), and complex simulations. With support for up to 2 TB of memory, this server ensures lightning-fast data access and processing speeds.

2. Scalability and Flexibility:

One of the standout features of the PowerEdge R740xd2 is its modular design, allowing for easy expansion and customization. The server supports various configuration options, including different CPU models, multiple storage drives, and a wide range of peripheral devices. This flexibility ensures businesses can tailor their servers to specific needs, accommodating future growth without significant disruptions.

3. Enhanced Storage Capabilities:

Data centers rely on robust storage solutions, and the R740xd2 does not disappoint. It offers a variety of storage options, including hot-plug NVMe SSDs, SAS drives, and M.2 slots for additional flexibility. With support for up to eight internal hard drives or solid-state drives (SSDs), this server can deliver high throughput and low latency, ensuring fast data retrieval and improved performance.

4. Security at Every Level:

Dell has implemented several security measures in the R740xd2 to protect sensitive data. The server includes a Trusted Platform Module (TPM) 2.0 for hardware-level security, as well as support for Dell Data Guard for advanced data protection and encryption. Additionally, the R740xd2 is compatible with various security protocols and offers remote management capabilities, ensuring your data remains secure even in remote deployments.

5. Efficient Design:

Despite its powerful capabilities, the PowerEdge R740xd2 is designed with energy efficiency in mind. Dell has incorporated advanced power management features, allowing the server to operate at optimal levels while minimizing power consumption. This not only reduces operational costs but also contributes to a more sustainable data center environment.

Use Cases:

AI and Machine Learning: The R740xd2’s processing prowess makes it an ideal platform for training and deploying AI models, enabling businesses to stay ahead in the era of intelligent computing.
Data Analytics: With its ability to handle vast amounts of data, this server is perfect for organizations conducting complex analytics, helping them gain valuable insights from their data repositories.
Cloud Services: The scalability and performance of the R740xd2 make it a strong candidate for building and hosting cloud infrastructure, enabling businesses to deliver services at scale.

Conclusion:

The Dell PowerEdge R740xd2 is a server designed to tackle the most challenging computing tasks with ease. Its impressive performance, scalability, and security features position it as a leader in the data center hardware market. Whether you’re an enterprise, a research institution, or a cloud service provider, this server can be a valuable asset, ensuring your data-intensive workloads are handled efficiently and securely.

December 16, 2024 0 comments 193 views

Events VMware Cloud Foundation

VMware Explore 2024 – General Session – Shaping The Future Of Cloud And AI Innovation

by Tommy Grot August 28, 2024

written by Tommy Grot 3 minutes read

Las Vegas, the city that never sleeps, is about to shine even brighter as we step into a new era of technology. VMware Explore 2024 has arrived, and with it, a gathering of some of the most brilliant minds from around the globe, ready to shape the future of infrastructure and innovation.

At VMware Explore 2024, the company’s CEO, Hock Tan, took the stage to present a vision for the future of the company and reassure customers about its commitment to innovation and their success. In this blog post, we’ll recap Tan’s key messages from the general session and explore how VMware is positioning itself for the future while maintaining a strong focus on its customers’ needs. Along with announcing the large community that backs VMware – VMUG and VMware vExperts.

Hock Tan said that the CEOs’ decisions to push their companies into public clouds have left their IT departments with post-traumatic stress disorder, while silos of datacenter tech have left tech teams “screwed”. Which is 100% true, organizations are not ready for the cloud and the insane costs, cloud should be utilized to provide on-demand resources when an organization requires them.

The Future of VMware:
Tan began by highlighting VMware’s rich history and its role in revolutionizing virtualization and cloud computing. He acknowledged the company’s impressive track record of innovation, including recent innovations like VCF 9 and many other updates within Private AI and business operations, which have expanded VMware’s capabilities in areas like cloud management and multi-cloud.

He then set the tone for the rest of his presentation by emphasizing that while VMware has come a long way, there is still much to be done. Hock Tan said, “We’re just getting started,” hinting at a bold and ambitious future ahead for the company. He went on to describe VMware’s strategy as one that focuses on three key pillars: cloud, modern applications, and digital infrastructure.

Cloud and Virtualization:
Tan discussed how VMware has been at the forefront of cloud computing since its early days with virtualization. He highlighted the ongoing evolution of cloud technologies and how VMware is adapting to meet the changing needs of businesses. This includes investing in hybrid cloud solutions and expanding its presence in public, private, and edge clouds. Tan also mentioned VMware’s commitment to open standards and interoperability, ensuring that their products can seamlessly integrate with various cloud environments.

In his presentation at VMware Explore 2024, Hock Tan offered a compelling vision for the future of VMware, highlighting its commitment to innovation and customer success. By focusing on cloud, modern applications, and digital infrastructure, VMware is positioning itself to meet the evolving needs of businesses. Tan’s reassurance to customers that Broadcom wants to help and continue investing in their success are likely to alleviate any concerns about the company’s future direction. As VMware continues to execute on its strategy, it will be fascinating to see how the company evolves and adapts to the ever-changing landscape of technology.

August 28, 2024 1 comment 499 views

Newer Posts

Older Posts