Achieving Micro segmentation with Log Insight

Achieving Micro segmentation with Log Insight

Achieving Micro segmentation with Log Insight

The other week I presented at both Melbourne and Sydney VMware User Group conferences. This was a one day conference that consists of vendors, community, and partner presentation. The focus is on technical content for users by users. I submitted a presentation on Log Insight and NSX which was accepted. The fact is that most … Continue reading “Achieving Micro segmentation with Log Insight”

VMware Advocacy

A full cloud stack – Autolab 2.6 – Part 1

As done in my previous Labs, I’ll use Ravello as main plaform to develop a complete stack for a cloud service – doesn’t matter if for private or public use, the stack will be the same.

I’ll begin using Autolab 2.6 from Ravello blueprint to save some time, as this will be illustrated in this first post.

Then, I’ll add a NSX component. In my previous post I built 2 clusters, one of them for management, the other one for production, resources to be managed by the first cluster, and NSX resided in the management cluster. So, it was double-nested, first by the ESXi, second by ESXi nested in Ravello.

This means a heavy load of the whole environment.

Now, I’ll use the Ravello environment as management cluster, and a cluster for production, following the post edited by Sam McGeown

Other posts will follow, showing vCloud Director 8.0 install and AirVM for management, since vCD 8 doesn’t provide a GUI.

I will jump the initial phase of Autolab deployment since it’s the topic of my next post (and many others around the Net).


The follwing image is my lab. Please do not consider the last 2 ESXi, I needed them to perform the previous nested installation of NSX.


Now we’ll begin starting the first 2 VMs, NAS and Domain Controller. As soon as they’re started, we’ll proceed with the remaing 3, the vCenter and 2 ESXis. We’ll turn on just 2 instead of 3 as per Autolab blueprint because I don’t want to destroy my previous vCenter environment, made, as described above, of 2 custers of 2. Anyway, 2 ESXis will be enough.

Time to download NSX. IMPORTANT: initially I downoladed 6.2: DO NOT! You must use 6.1 since the first one won’t start in Ravello, no matter if changing NIC or adding RAM. Probably it depends on the underlying “magics” casted by Ravello. At least, this is what happened to me. You’re warned 🙂

After NSX download from, I’ll receive a OVA file – not accepted by Ravello upload. I must open the OVA in OVF decompressing in by 7-zip in a folder:

Then import it in Ravello Library (if you didn’t before, you must download and install the GUI VM Import Tool).

To make things as simple as possible, I’ll use the same settings that Sam used:

  • Hostname: nsx
  • IP:
  • Subnet:
  • Gateway:
  • DNS:
  • Search: lab.local

Ready to deploy in our environment, start up and enter in console to configure and setup, after accessing with admin/default, same for enable:

Once rebooted, access is allowed from one of the 2 windows machines, DC or VC:

Accessing with the default credentials – admin/default – we’ll be presented with the home page, choosing “View Summary” you’ll have the main data screen. Be sure that the first 3 services are running – SSH is not important since we’ll configure it from this GUI.

The tab “Manage” up right will allow you to configure the device. Starting with General, where to setup syslog server (optional), adjust NTP server if not already setup before, and locale settings.2016-03-07_010024.jpg

Moving down using the left side menu, we can set network (any modification will need a reboot as shown below), and SSL certificate will allow you to create a new one to send it to any Certification Authority, to upload an existing one, or just leaving the fake one generated during installation.

We can set up a FTP Server for backups – optional – and schedule them. Lastly (for this section), the Upgrade line, a simple “Ugrade” button:

Now it comes the connection with vSphere elements – if NSX services are not started, the system won’t allow these settings. Lookup service will ask details for authentication to SSO (and acceptance of the server thumbprint): the success wil be shown with a green leed in “Status” line. Same procedure for vCenter connection – in this case, in addiction to the green led we’ll refresh the inventory clicking the arrows beside it.

The whole NSX installation proces will end up adding a new item inside vCenter – using webclient, since C# one wn’t show it.


Even if I settle up AD to be used as LDAP in vCenter, and LABAdministrator as enterprise global administrator, NSX didn’t allow me to make changes if not administrator@vsphere.local logged in.

In the next part that will come in a few days, we’ll configure NSX in order to deploy Controllers, will prepare hosts, and deploy VXLAN and Edges. Following we’ll add vCloud Director and a GUI to manage it.

The future of the ESXi Embedded Host Client

The future of the ESXi Embedded Host Client

The future of the ESXi Embedded Host Client

As many of you know, the ESXi Embedded Host Client project is something that is very near and dear to my heart. I have always felt that we needed a simple web interface that customers can just point their web browser to an ESXi host after a new installation and be able to quickly get started. One […]

VMware Advocacy

NSX 6.2 inside Autolab 2.6 – Part 1

The Ravello Systems blueprint of Autolab 2.6 is a great point of start for any deployment vSphere based.

In this case, I’ll report my experience where I used Autolab 2.6 for NSX 6.2 deployment.


I will jump over the steps needed to deploy Autolab in Ravello, I’ll report it in another post. This first part will reach the point of deployment of NSX inside the Autolab’s vCenter.

We’ve to move away from standard in the moment when, to have 2 clusters, 3 hosts are nomore enough – 3 hosts is the standard of Autolab.

Luckily the guys at Labguides had a good intuition, so that they added at IPXE’s ESXi menu the “install fourth ESXi” line. So, my task was only to deploy a brand new application from blueprint, save one of the standard ESXi, delete that application and deploy this new ESXi in my current installation, modifying all the networks and hosts stuff.

So, installed the fourth as I did with previously ones, I planned to have 2 Clusters: Management and Prod.

The Management cluster will serve NSX Manager, the Prod is the resource cluster, so it will take care of the Edges.

I’ll put the Host1 and Host2 inside cluster “Management”, and Host3 to cluster “Prod”- before moving it I had to set it in Maintenance Mode


That’s the new host ready to be inserted in my Prod cluster:


Now proceeding with Add host:

We’ll answer “yes” to the security alert, and going straight forward with all the defaults:

Now we can assist at the import process.

In my case, I had to reboot the host to permit HA agent to be installed on it.

Since the Add Host wasn’t automated by Autolab as the previous ones, but manual, I had to add NIC1 in teaming to the first vSwitch, to create the other vSwitch and to recreate all the storage connections.


From the beginning, I had to modify, for Management network, NIC teaming, setting vmnic0 as active and vmnic1 as standby, overwriting switch failover order:


And then create the following portgroups: IPStore2



and vMotion:

We’re going to recreate the second switch, the one dedicated to VMs:

It’s time to reorder the storage connections too. We’ve to add, to the new host, the following:


I’ll jump this part since the purpose of the post is the NSX installation, and not recreate from scratch an host to be compliant with Autolab environment. Anyway, it’s simply a “copy&paste” process from the existing ones to the new one. Regarding iSCSI datastores, we’ll have to set up the HBA interfaces.

Time to deploy NSX. After download the OVA file we’ll use vCenter to deploy it on Management cluster. We’ll use the webclient and not C# client since the first one will give us more options (if we didn’t before, to deploy using webclient we need to download the client integration plug-in – link appears during deployment).

Using IE11 I wasn’t able to use the plugin, and neither Windows Authentication. Following several forum’s advices ( is one of them), I downloaded and used Chrome.

By the way, I don’t know if this is only my problem, but my vC server didn’t start automatically the vSphere Web Client service, although set as automatic.

It’s important to check the box accepting the extra configuration options.

Autolab sets its storages not larger than 58GB, that is less than NSX requires in its “thick” deploy. We can use “thin”, and iSCSI2 that is the larger DS available. Storage policy will be the default one – we’re not using vSAN neither VVol

At this point I encountered a boring error: “A connection error occurred. Verify that your computer can connect to vCenter server”:


Since my computer IS the vCenter, this didn’t make sense. Googling the error I discovered a related KB – – stating that it depended on a bad DNS configuration. This did’n make sense too, since I connected the webclinet using the DNS name, but I double checked pinging tha name, and I understood that my server was using IPv6 – solution was to disable IPv6 on my VC NIC:

It works now, and I’m able to continue.

The network to map is the “Servers” one, but it’s not important: we only have one physical network, so it doesn’t matter. In the last page we’ll be asked a password for default CLI user, a password for privileged and Network infos. We’ll assign the NSX the IP, providing an entry in DNS too, as nsx.lab.local. The same DC server acts as NTP server.

In our installation we won’t use IPv6 (ok… shame on me!)

And this is the summary and deployment:

I don’t choose to start it automatically because I could be forced to modify the resources assigned to nsx: my ESXi’s could offer 24GB of RAM and 12 CPUs – yes, I modified the default values of Autolab.

IMPORTANT: you must change the vNIC from VMXNET3 to E1000, according to Martijn Smit’s post: . DO IT BEFORE STARTING THE VM – it won’t work changing it after, I had to redeploy. AND you should do it via SSH’ing the ESXi, not deleting and recreating from GUI because if so, the VM will rename it in eth1.

Actually, the nsx doesn’t start:

I must reduce assigned RAM from 16GB to 12GB and CPU from 4 to 3, otherwise it won’t start.

After the first boot, although, if you shut down, you’ll be allowed to use 16GB and 4CPU, as adviced.

And that’s the result of our efforts:


Logging in, this is the main window:


And the summary page:


This is the end of this first part. In the next one we’ll configure the NSX manager and we’ll deploy our Edges and VXlans.

Thank you for following!