Contact

Subscribe via Email

Subscribe via RSS/JSON

Categories

Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan

Elsewhere

TV Updates

Think it’s been a while since I posted any TV watching updates. :)

Broadchurch – Season 3

An amazing season and a wonderful end to a great show. Everything about this season was great. The plot, the characters, the music, just everything … you will be missed!

Medici: Masters of Florence

Happened to see this on Netflix and checked it out. Nothing great, but worth a watch if you have nothing else to do. The actor who played the main chap (Cosimo) had a dead look about himself. Not sure if that’s intentional. The music is great, including the opening title sequence (which is there on Apple Music). The stories were enlightening in that I wasn’t aware of how much interaction there was between the Church and banks. The show started slowly but became better as it progressed. I remember binge watching the last few episodes coz I was curious what would happen. 

Peaky Blinders

On the last episode of Season 1 currently. A good show so far – enjoying it. Not too fast but not too slow either. Good characters, great set/ lighting/ camera work. Good music. I began watching it coz it’s created by Steven Knight, who directed “Locke” which was an amazing movie. Cillian Murphy & Sam Neill are great. Looking forward to Tom Hardy in the next season. 

Baahubali

Wanted to put this somewhere and didn’t seem to be worth a blog post of its own. I re-watched “Baahubali: The Beginning” a few days ago – mainly to refresh myself and also for the benefit of my daughter who hadn’t seen it. Then saw “Baahubali: The Conclusion” yesterday. Both movies are filled with typical South Indian heroism where the hero can do just about anything and everyone else just watches in awe; and all the women are mesmerized by the hero, with the heroine usually being a strong/ arrogant character until she meets the hero after which he manages to “break” her (kind of like how you’d break a bull) and then she too is all smitten by him. The latter had an overdose of heroism, which frankly I couldn’t bear, but has a lot more special effects and some amazing scenes. Definitely watch it for these. Whatever I feel about the heroism, the director S.S. Rajamouli is a genius for envisioning this sort of stuff.

I guess I hate these heroism kind of movies coz I grew up watching these in Hindi and Tamil movies which were filled with these, and to my child mind that seemed to be how the world is – where if you are a good person you are a hero and have special powers and can do good and move mountains, and everyone looks up to you – but as I grew up and reality hit, I realized that the world isn’t like this. So my mind sort of revolts at this misinformation. I have nothing against super hero movies  coz these usually have an origin story or something that explains why the heroes are “super”; I am only against movies where regular heroes are just able to do super things for no reason except that they are a hero and this is a movie. That gets to me. I know movies are unreal and movies such as Baahubali are fantasy – but when it becomes too fantastical my mind is unable to digest it and I lose interest in the movie. 

Self-learning; picking up new stuff

I realize over time that I am not good at learning things. As in, if I have to pick up something because say it’s a new topic and I must read about it, or maybe there’s an exam/ certification I wan’t to clear and so must study for it – I just can’t do these kind of tasks. I am also not good at just picking up stuff by doing it – like say maybe learn Linux but installing a distro and spending some time with it. I just don’t work that way. 

I knew this from before but used to consider this a negative quality of mine, mixed with fears that maybe I am not good enough. But nowadays I realize that while it still is not a good way to be, that’s just how I am and there’s no point overly thinking about it. Just have to take it in the stride. 

Like now for instance – I attended a Citrix course some months back and want to do its certification. Thought I’d get the list of objectives and course material and read through it and prepare myself. But I am just unable to focus. Knowing this nature of mine I had previously tried setting up a Citrix lab to get a hang of stuff. While that was a better success than this current idea of reading, that too didn’t get to the point I want to because I am not good at creating my own objectives – especially when I know it’s a “fake” one. It’s sort of like how I enjoy walking, but ask me to do a treadmill or just walk outdoors for exercise and I can’t do it. I’ll walk if there’s a need to – I don’t hate walking, in fact I love walking and think I am quite good at it – but I am not going to go for walks just for kicks. Weather and mood permitting I might for a walk just to listen to some podcast or an audio book; but that wouldn’t be coz I want to walk, it would be coz I want to listen to something and walking will let me do it peacefully. 

This is a difficult situation to be in when you are an IT professional. If your workplace is one where there’s plenty of new projects happening or things to do, it is a good state coz I know I will jump into these and quickly pick stuff up and do wonders; but if your workplace is not of that sort then I will get bored and get into a rut soon – stagnating and becoming pretty useless. This nature leaves me at the mercy of my environment than letting me be a self-driven person. That sucks!

Anyways, time to go back and read Citrix. Enough distractions via blogging. :)

[Aside] Citrix VDI Best Practices for XenApp and XenDesktop 7.6 LTSR

This is an amazing document! Skimming through the PDF version and I am blown away. Some day when I have to make Citrix related decisions, this is the document I will be turning to. (Came across it via the Citrix blog, so thank you!)

There’s also a XenDesktop handbook but I haven’t read it yet. 

Rakshadhikari Baiju Oppu – a slice of life

Saw the mallu movie “Rakshadhikari Baiju Oppu” today. It was a delightful watch. Slightly long and the ending was kind of sad; but I loved it. It’s the sort of movie that doesn’t really have any story. It’s like the director/ story writers just captured a slice of life in a village and its characters (centered around a chap called Baiju, played by Biju Menon). The movie reminded me of Adam Sandler’s “Grown Ups”. They are not the same but very similar. Both movies, to me, have a similar feel – as if someone dipped into the water of and bottled a bit of it for us to see and enjoy. 

“Rakshadhikari” touches on many things. Friendship, sports, studies, life, love, failed love, new gen, old gen, happiness, sadness … and Baiju is sort of the central character in all of this. He is not the hero or main person or anything like that. He’s not a Rajnikanth :) just someone who is there and whom everyone looks up to, makes fun of, can depend upon … As one of his friends said before the intermission he is a lucky man who’s happy. People run around trying to find happiness – Baiju just is happy. It’s not like he is doing anything to gain respect or be happy – he just does what he likes and is. 

The movie isn’t preachy. Nor tries to take a side in old vs new or nature vs technology etc. It makes fun of FB and relationships over FB but at the same time highlights the benefits of social apps like WhatsApp that let two old friends keep in touch. Even the hospital that takes over the playground in the end isn’t portrayed in a negative light. Hospitals are useful and that is subtly mentioned in a scene. And the only message the movie ends with in the end is that all this progress and running towards wealth and career and ambition etc is good but we must not forget playgrounds and chilling out.. simple. The movie doesn’t even end on a high note like a typical “movie” might do – with some forced happy ending. Life isn’t always happy; it’s more sadness than happiness, one might say, but it moves on and you take it in that (sportsman) spirit and go along with it… and that’s how the movie too ends. 

Check it out! I liked it. 

[Aside] PVS Caching

Was reading this blog post (PVS Cache in RAM with Disk Overflow) when I came across a Citrix KB article that mentioned this feature was introduced because of the ASLR feature introduced in Windows Vista. Apparently when you set the PVS Cache to be the target device hard disk, it causes issues with ASLR. Not sure how ASLR (which is a memory thing) should be affected by disk write cache choices, but there you go. It’s something to do with PVS modifying the Memory Descriptor List (MDL) before writing it to the disk cache, and then when Windows reads it back and finds the MDL has changed from what it expected it to be, it crashes due to ASLR protection. 

Any how, while Googling on that I came across this nice Citrix article on the various types of PVS caching it offers:

  • Cache on the PVS Server (not recommended in production due to poor performance)
  • Cache on device RAM
    • A portion of the device’s RAM is reserved as cache and not usable by the OS. 
  • Cache on device Disk
    • It’s also possible to use the device Disk buffers (i.e. the disk cache). By default it’s disabled, but can be enabled.
    • This is actually implemented via a file on the device Disk (called .vdiskcache).
    • Note: the device Disk could be the disks local to the hypervisor or could even be shared storage to the hypervisors – depends on where the device (VM) disks are placed. Better performance with the former of course. 
  • Cache on device RAM with overflow to device Disk
    • This is a new feature since PVS 7.1. 
    • Rather than use a portion of the device RAM that is not usable by the OS, the RAM cache portion is mapped to the non-paged RAM and used as needed. Thus the OS can use RAM from this pool. Also, the OS gets priority over PVS RAM cache to this non-paged RAM pool.
    • Rather than use a file for the device Disk cache, a new VHDX file is used. It is not possible to use the device Disk buffers though. 

The blog post I linked to also goes into detail on the above. Part 2 of that blog post is amazing for the results it shows and is a must read for these and the general info it provides (e.g. IOPS, how to measure them, etc). Just to summarize though: if we use cache on device RAM with overflow to device Disk, you get tremendous performance benefits. Even just 256 MB device RAM cache is enough to make a difference.

… the new PVS RAM Cache with Hard Disk Overflow feature is a major game changer when it comes to delivering extreme performance while eliminating the need to buy expensive SAN I/O for both XenApp and Pooled VDI Desktops delivered with XenDesktop. One of the reasons this feature gives such a performance boost even with modest amounts of RAM is due to how it changes the profile for how I/O is written to disk. A XenApp or VDI workload traditionally sends mostly 4K Random write I/O to the disk. This is the hardest I/O for a disk to service and is why VDI has been such a burden on the SAN. With this new cache feature, all I/O is first written to memory which is a major performance boost. When the cache memory is full and overflows to disk, it will flush to a VHDX file on the disk. We flush the data using 2MB page sizes. VHDX with 2MB page sizes give us a huge I/O benefit because instead of 4K random writes, we are now asking the disk to do 2MB sequential writes. This is significantly more efficient and will allow data to be flushed to disk with fewer IOPS.

You no longer need to purchase or even consider purchasing expense flash or SSD storage for VDI anymore. <snip> VDI can now safely run on cheap tier 3 SATA storage!

Nice!

A follow-up post from someone else at Citrix to the two part blog posts above (1 & 2): PVS RAM Cache overflow sizing. An interesting takeaway: it’s good to defragment the vDisk as that gives up to 30% write cache savings (an additional 15% if the defrag is done while the OS is not loaded). Read the blog post for an explanation of why. Don’t do this with versioned vDisks though. Also, cache on device RAM with overflow to device Disk reserves 2 MB blocks on the cache and writes in 4 KB clusters whereas cache on device Disk used to write in 4 KB clusters without reserving any blocks beforehand. So it might seem like cache on device RAM with overflow to device Disk uses more space, but that’s not really the case …

As a reference to myself for later: LoginVSI seems to be the tool for measuring VDI IOPS. Also, yet to read these but two links on IOPS and VDI (came across these from some blog posts):

Time and all that …

This is something I wrote while killing time in the metro today … was in a bit of a “mood” so this is not one of my typical techie posts. Feel free to skip. You have been warned! :)

Listening to Stephen King’s “The Dead Zone” read by James Franco. I pre-ordered it after watching “11.22.63”. From the book blurb I thought it would be more sci-fi or horror, but so far it’s been slow, thoughtful, and quite well-written (yes I know I have no right to say that, just that I expected the book to be something else and am pleasantly surprised by what it has turned out to be). I don’t know where the story is going yet… there seems to be one main strand with a few little strands strewn over so far and am guessing they all intersect at some point. I am only some 3 hours into a 16 hour book, so plenty of time left! 

Listening to this book reminded me of ‘time’ from “11.22.63” (same author) as well as “Slaughterhouse-Five” (same narrator). Both talk about ‘time’ differently but with the same idea. Both books treat ‘time’ as frozen/ pre-determined and “11.22.63” especially has this idea of time fighting back if you try and change it. I liked that and wish the book had elaborated more on it. 

If you view ‘time’ as frozen (i.e. this moment has already happened, the future has happened) then ‘time’ is ‘fate’. The question of changing your fate or trying to change your luck then becomes a case of trying to work against ‘time’. Which is sort of interesting coz then you can see ‘time’ working against your efforts. I hate that but also find it fascinating because that makes ‘time’ or ‘fate’ kind of sentient or purposeful (like they are really “out to get you” :p). 

A long time ago I had come across Dilbert comics author Scott Adams’ “affirmations” concept. Basically you think of something you want and keep repeating that idea as a sentence many times a day. For example: “I will get a score of 100/100 in my exam on Saturday”. Write this sentence down say every day morning for say 20 times. That’s affirmations. The exact details are variable – as in maybe you could type it down or just say aloud to yourself; or maybe no need to do it in the morning but just at some point during the day or at regular intervals through the day… you get the point. I had tried it many years ago and nothing happened. At that point I felt maybe I wasn’t doing it correctly and so left it (and in fact later on things kind of turned out to be opposite to what I had wished for – story of my life! :p). Didn’t think much of it and left it. 

Some months ago I came across this idea again from one of his books and also a few podcast interviews. Tried it again this time, with more earnestness, and this time I felt there was a sudden “kick back” from time in terms of changing things such that the things I were affirming for were no longer possible. And then I saw “11.22.63” and the concept of ‘time’ fighting back entered my mind and it’s been sitting there since then. I’ve tried a few other things similar to affirmations (both before and after watching “11.22.63”) and every time there’s been a kick back – often a strong one to completely derail what I was wishing for. These kind of events reaffirm my thinking that time is frozen, and if you try taking a blow torch to thaw it a bit, it fights back! :) I guess words like “frozen” and “blow torch” are not the right ones – it’s more like the path is bound with strings tied to other strings in a sort of self-correcting machine mechanism, and if you try to make changes the mechanism kicks in and sorts things out to ensure you stay on path.

It’s a depressing way of thinking, but everyone has a path set out, and there’s not much we can do to budge from it. And in the few instances where we do feel we’ve managed to change things, that’s probably coz that change itself was written in the path.

[Aside] PVS vs MCS

Haven’t read most of these. Just putting them here for when I need ’em later.

GPO audit policies not applying

I didn’t realize my last post was the 500th one. Yay to me! :)

Had an issue at work today wherein someone had modified a server GPO to enable auditing but nothing was happening.

The GPO had the following.

And it looked like it was applying (output from gpresult /scope computer /h blah.html).

But checking the local policies showed that it wasn’t being applied.

Similarly the output of auditpol /get /category:* showed that nothing was happening.

This is because starting with Server 2008/ Vista Microsoft split the above audit categories to sub-categories, and starting with Server 2008 R2/ 7 allowed one to set these via GPO

My understanding from the above links is that both these sort of policies can mix (especially if the newer ones are not defined), so not entirely sure why the older audit policies were being ignored in my case. There’s even a GPO setting that explicitly let’s one choose either set over the other, but that didn’t have any effect in my case. (The policy is “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” and setting it to DISABLED gives the original policy categories precedence; by default this is ENABLED).

The newer audit policy categories & sub-categories can be found under the “Advanced Audit Policy Configuration” section in a GPO. In my case I defined the required audit policies here and they took effect.

Something else before I conclude (learnt from this official blog post).

By default GPOs applied to a computer can be found at %systemroot%\System32\GroupPolicy. Local audit policies are stored/ defined at %systemroot%\system32\GroupPolicy\machine\microsoft\windows nt\audit\audit.csv and then copied over to %systemroot%\security\audit\audit.csv. However, audit policies from domain GPOs are not stored there. This point is important to remember coz occasionally you might found forum posts that suggest checking the permissions of these files. They don’t matter for audit policies from domain GPOs.

In general it is better to use auditpol.exe /get /category:* to find the audit policy settings rather than an group policy tools.

Sad times…

My father in law passed away yesterday morning. It wasn’t unexpected. He was unwell and suffering for over 3 long years, so I am glad he’s finally managed to move on. Of course I wish he didn’t have to have the disease (cancer) or suffer in the first place; but given the fact that he was going through pain I can’t even begin to imagine and the humiliation of hospital visits and your body no longer being yours, I am happy he has moved on. 

Death is a shitty thing though for the people you leave behind. 

His wife has been sad and crying since then. Obviously. She’s going to miss him and whatever us children do it’s not going to replace him or her relationship to him. But more than all that, what saddens me is the constant throng of people and relatives. I guess it’s just me and my introvert nature – I can’t imagine what I’d do if I were in pain such as this and had people around me. I would be able to be myself around them, and I’d just hate having so many people around. 

Well actually, I can’t even imagine what sort of pain I’d be in. I don’t get close to people, and even the ones I do get close to haven’t really resulted in any deep inseparable bond sort of thing. (Again, just me I guess. I aim of this “ideal” in relationships and how I am. I dream of an abstract but intense relationship. Reality doesn’t work that way so I don’t know how I would even react to the loss of any loved on). 

Sitting here in Kerala, one it’s so boring; and two, I can’t help think that all this “process” is just holding everyone back. Today is day 2 but we are all still stuck in day 1. (By “we” I mean his wife and daughter etc – people with feelings). We are waiting for the son to arrive before the last rites can commence. He is due to arrive today night, so all that stuff will begin tomm morning. And that’s a ritual in itself. First his body will be brought from the cold freezer in the hospital. Then there’s a whole bunch of rituals to be done by son & daughter & other interested parties, after which the body will be cremated. During all this time there’ll be people and relatives – oh so many people! After cremation there’s more rites I think, but I am not sure. Then some 5 days later (or maybe it’s 3 coz I am not sure if they start counting from the day of death which was yesterday) there’s some more rites. Then we have to put his ashes and remains in a river somewhere. Then a few more days later (the whole thing ends in abt 11-12 days) there’s some more rites and rituals. And with that everyone is able to move on… I think. 

The thing that strikes me is how we are all just holding on to him. I don’t know why, it feels so unreal to me. Like why do we ‘need’ to do all this to remember someone? A loved on dies, it’s a private thing. Let that person go – the body at least – and then mourn in private or with friends and relatives, and try to just move on. I am not saying forget the person, but just move on. Try to get on with life. Incorporate that person into your life, make him or her a part of you/ your memories/ your base, and then just get on with it. Spending 12 days in rituals (I am speaking of Kerala Hindus by the way, specifically the community of my in-laws, things could vary for others) holding on to the one who is no more, crying, remembering, mourning… it just feels so impractical or negative. 

Right now for instance, we had to remove all the furniture from the main room because tomm morning that’s where the body will be kept. His wife burst into tears seeing that. I empathize with her. It is a sad sight – seeing things removed off your house (“their” house, their furniture, their dreams and reality) to place to dead body of your loved one in its place. It’s heart wrenching. And it leaves your last memory of everything in a bad place. Your last memory of your loved one is all this – not just pleasant ones if your time with him. 

And now I have a relative trying to socialize with me so I have to abruptly stop this flow of thoughts. Bah! 

Never mind he’s left. :)

My wife’s sad that she will have to do last rites tomm as she doesn’t want the last image of her father to be him in this dead state all skinny and lifeless. I get that. When I am dead I wouldn’t want anyone’s memories of me being my lifeless body or this sad state. Yes I would want them to miss me. Every day. Think of me, miss me, terribly miss me in fact – but I would still want them to be able to live life as usual and I would want their memories of me to be the good and bad times we had together, not a corrupted image of me lifeless with nothing more of “me” in it. And I would definitely want them to move past my physical body. That’s not me any more. That’s just what I was. Now I live on inside you, as part of you. Keep me alive that way instead of feeling sad that I am not physically around any more. If I love you I wouldn’t want you to be sad, and definitely not on my accord. 

Anyways. Death is a shitty business. And I have to go through the motions for the next 11-12 days. Definitely not looking forward to it. 

I didn’t know my father in law much though. He was a good person though and I’d like to think we respected each other. We didn’t speak much. I am an introvert and prefer reading a book or watching a movie instead of interacting with people. He was an introvert too, lost in his books and farming and teaching etc (to be honest I don’t know what else as I wasn’t too close to him). But he was a good person. A person filled with morals and all that good sort of stuff. He cared for his kids and family, wanted the best for them, secure their future, try and do what he could. Most of all I think he was a very simple person. You know he is wasn’t cunning or wily and that whatever he said or did was simple and from his heart. That’s probably *the* quality of his that I admire and remember most. It’s rare to come across people whose actions and words reflect their inner thoughts. Most people (myself included) aren’t simple. He was. 

Someone needs to arrange lamps now for tomm’s ceremonies. I guess that’s one good thing of having people around. You can ask someone to help out as everyone’s there to help out. I would rather not having people or rituals, but considering you are stuck with both it’s good to know that both work out for each other. Your role (as family) is mainly to participate in everything – rituals and socializing. 

Had to go socializing again now. Someone I have no idea of has come to visit. So go through the usual motions of hi hello and receive condolences etc. And then they sit and stare into the emptiness for a while and you to do the same (except in this case I am bored now and typing this post!). That’s a very funny thing about this business. Everyone just sitting around staring into the emptiness. I know why we do it – it’s to express sadness. Wouldn’t make sense to have a loud conversation or chit chat, so best is to just stare into the ether with a sad look. 

I think it’s time to stop blogging. More visitors coming in. More socializing to do. More staring.  Sigh. 

PVS Steps

I need a central place/ post where I can write down (and keep adding) the steps required for a PVS image. Consider this as a continuation to a previous post. So here goes:

  1. Install the OS.
  2. Install Updates and Device Drivers; including integration tools such as VMware Tools, XenServer Tools, etc. 
  3. Install any applications & VDA. (No shutdown or domain join at this point – but you could domain join if needed, just don’t reuse that name later in the catalog)
  4. Install the Target Device software (this is the Provisioning Services target device software).
  5. Launch the imaging wizard. (No need for snapshots as we are capturing to a new vDisk)
    1. The wizard will ask for a Target Device name. This can be different from the name of the machine/ VM. This is a PVS representation of the device.
    2. Give a vDisk name too.
    3. Upon creation this vDisk will be in private mode – which means only 1 machine can boot off it, and the disk is read/write.
  6. Power off the VM.
    1. If this VM will be used as the Master Target Device going forward, delete or remove the original hard disk. And go to the device object in PVS and change the “Boot from” to vDisk.
    2. Alternatively: If this VM will not be used as the Master Target Device, create a new VM (maybe give it the same name as the Master Target Device in PVS) and put its MAC address to the Master Target Device in PVS. Also change the “Boot from” to vDisk.
    3. Note: If the “Boot from” is not changed to vDisk the VM will try to boot from the local disk and fail if it’s not present.
  7. Power on the VM. It will boot from the vDisk now (which is still in private mode). Make any more changes if required. Example domain join and add more applications etc. Whatever changes we make now will be written to the vDisk.
  8. When everything is finalized power off the VM.
  9. Convert the vDisk to standard mode. This means multiple machines can boot off it and the disk is read only (the writes will be made to a write-cache disk).
    1. Note: the VM must be powered off to be able to change the disk type. There has to be no connections to the vDisk.
  10. Now create a template based on the hardware specs you want for your VMs. Memory, CPU, etc. This template won’t have any storage. It will network boot.
  11. From PVS console launch the XenDesktop Setup wizard. At one point it will ask for the template & vDisk we created above.
    1. Quick note on the disk options.
    2. With MCS we had the option of choosing random or static. Within random we had the option of using RAM as a cache. And within static we had the option of (a) using a personal vDisk or (b) a dedicated VM or (c) discarding changes.
    3. With PVS our options are again random or static. No sub-options within random (i.e. no RAM cache etc). And within static the only options are (a) personal vDisk or (b) discard changes.
  12. That’s all. New VMs will be created that can stream from the above vDisk. And AD accounts will be created for them.

Pool Machine booting up … :)

Migrating VMkernel port from Standard to Distributed Switch fails

I am putting a link to the official VMware documentation on this as I Googled it just to confirm to myself I am not doing anything wrong! What I need to do is migrate the physical NICs and Management/ VM Network VMkernel NIC from a standard switch to a distributed switch. Process is simple and straight-forward, and one that I have done numerous times; yet it fails for me now!

Here’s a copy paste from the documentation:

  1. Navigate to Home > Inventory > Networking.
  2. Right-click the dVswitch.
  3. If the host is already added to the dVswitch, click Manage Hosts, else Click Add Host.
  4. Select the host(s), click Next.
  5. Select the physical adapters ( vmnic) to use for the vmkernel, click Next.
  6. Select the Virtual adapter ( vmk) to migrate and click Destination port group field. For each adapter, select the correct port group from dropdown, Click Next.
  7. Click Next to omit virtual machine networking migration.
  8. Click Finish after reviewing the new vmkernel and Uplink assignment.
  9. The wizard and the job completes moving both the vmk interface and the vmnic to the dVswitch.

Basically add physical NICs to the distributed switch & migrate vmk NICs as part of the process. For good measure I usually migrate only one physical NIC from the standard switch to the distributed switch, and then separately migrate the vmk NICs. 

Here’s what happens when I am doing the above now. (Note: now. I never had an issue with this earlier. Am guessing it must be some bug in a newer 5.5 update, or something’s wrong in the underlying network at my firm. I don’t think it’s the networking coz I got my network admins to take a look, and I tested that all NICs on the host have connectivity to the outside world (did this by making each NIC the active one and disabling the others)). 

First it’s stuck in progress:

And then vCenter cannot see the host any more:

Oddly I can still ping the host on the vmk NIC IP address. However I can’t SSH into it, so the Management bits are what seem to be down. The host has connectivity to the outside world because it passes the Management network tests from DCUI (which I can connect to via iLO). I restarted the Management agents too, but nope – cannot SSH or get vCenter to see the host. Something in the migration step breaks things. Only solution is to reboot and then vCenter can see the host.

Here’s what I did to workaround anyways. 

First I moved one physical NIC to the distributed switch.

Then I created a new management portgroup and VMkernel NIC on that for management traffic. Assigned it a temporary IP.

Next I opened a console to the host. Here’s the current config on the host:

The interface vmk0 (or its IPv4 address rather) is what I wanted to migrate. The interface vmk4 is what I created temporarily. 

I now removed the IPv4 address of the existing vmk NIC and assigned that to the new one. Also, confirmed the changes just to be sure. As soon as I did so vCenter picked up the changes. I then tried to move the remaining physical NIC over to the distributed switch, but that failed. Gave an error that the existing connection was forcibly closed by the host. So I rebooted the host. Post-reboot I found that the host now thought it had no IP, even though it was responding to the old IP via the new vmk. So this approach was a no-go (but still leaving it here as a reminder to myself that this does not work)

I now migrated vmk0 from the standard switch to the distributed switch. As before, this will fail – vCenter will lose connectivity to the ESX host. But that’s why I have a console open. As expected the output of esxcli network ip interface list shows me that vmk0 hasn’t moved to the distributed switch:

So now I go ahead and remove the IPv4 address of vmk0 and assign that to vmk4 (the new one). Also confirmed the changes. 

Next I rebooted the host, and via the CLI I removed vmk0 (for some reason the GUI showed both vmk0 and vmk4 with the same IP I assigned above). 

Reboot again!

Post-reboot I can go back to the GUI and move the remaining physical NIC over to the distributed switch. :) Yay!

Certificates, Subject Alternative Names, etc.

I had encountered this in my testlab but never bothered much coz it was just my testlab after all. But now I am dabbling with certificates at work and hit upon the same issue. 

The issue is that if I create a certificate for mymachine.fqdn but I visit the machine at just mymachine, then I get an error. So how can I tell the certificate that the shorter name (and any other aliases I may have) are also valid? Turns out you need to use the Subject Alternative Name (SAN) field for that!

You can’t add a SAN field to an existing certificate. Got to create a new one. In my case I had simply requested a domain certificate from my IIS server and that doesn’t give any option to specify the SAN.

Instructions for creating a new certificate with SAN field are here and here. The latter has screenshots, so check that out first. In my case, at the step where I select “Web Server” I wasn’t getting “Web Server” as an option. I was only getting “Computer”. Looking into this, I realized it’s coz of the permissions difference. The “Web Server” template only has Domain Admins and Enterprise Admins in its ACLs, while the “Computer” template had Domain Computers too with “Enrol” rights. The fix is simple – go the Manage Templates and change the ACL of “Web Server” accordingly. (You could also use ADSI Edit and edit the ACL in the Configuration section). 

[Aside] NetScaler – CLI Networking

Just putting these two here as a reference to myself (no idea why coz I am sure I’ll just Google and find them later when I need to :p)

As an aside (to this aside):

  • The NetScaler config is stored as ns.conf at /nsconfig
  • Older versions have a .0, .1, .2, etc suffixed to the filename. 
  • Backups are stored in /var/ns_sys_backup.
  • More info on backups etc

[Aside] Useful CA/ Certificates info

Notes on Master Image Preparation (PVS & MCS)

Reading some links on creating a Master Image; here’s notes to myself regarding that. These are the links I refer to:

Note these are very rough/ brief. These really are rough notes to myself as I am trying to make organize my mind. 

In case of PVS: Master Target Device – this is the VM whose image is used  to create a virtual hard disk (vDisk). This vDisk is what PVS uses to stream to its VMs.

Unlike MCS, the Master Target Device does not have to be a VM. PVS works against both VMs and physical machines. It does not care about the compute; all it does is look at the machine and create a vDisk by capturing its contents. You network boot into the machine you want to capture, and PVS creates an image by streaming its contents to the PVS server to create a vDisk. 

The Master Target Device or its disk can be removed after vDisk creation.

Here’s my understanding of the order in which to do stuff:

1. Install the OS

2. Install Updates and Device Drivers; including integration tools such as VMware Tools, XenServer Tools, etc. 

In case of MCS:

3. Install any applications (optional) & VDA & domain join (optional) & shutdown the machine. 

4. Add it to MCS to create a catalog. Recommended that we take a snapshot and point MCS to this snapshot. Else MCS will make its own snapshot (and we can’t change the snapshot name). 

In the case of PVS:

3. Install any applications & VDA. (No shutdown!) (No domain join!)

4. Install the Target Device software (this is the Provisioning Services target device software).

5. Launch the imaging wizard. (No need for snapshots either as we are capturing it to a new vDisk). 

5a. Note: The Target Device name can be different from the name of the machine/ VM. 

6. After the vDisk is created we use a VM (existing or new one) to network boot and use this vDisk. Then we can domain join etc. PVS has a lot more steps. Check out http://www.carlstalhood.com/pvs-master-device-convert-to-vdisk/

Update: I have a post that goes into more detail with PVS.

Components of the Provisioning Services target device software include an imaging wizard to capture the image, a NIC filter driver used for streaming images from the PVS server to the target devices (remember: the target device software is not used only for capturing the image – i.e. the master target device, but also by the target devices after an OS is loaded), a virtual disk to store the OS and applications (again, used by the target devices). There’s also a system tray utility.