How To Export VMware Licensing From vCenter Server

Here’s a helpful script to Export VMware Licensing From vCenter Server, which I wrote this back a bit ago and many of my VMware peers have found quite useful in the field. I finally got asked again by someone, so I decided to post it, instead of trying to email zipped code through antivirus systems. Enjoy! Happy licensing!

Script: http://www.virtuallyread.com/knowledge-base/getvmwarelicenses-ps1/

Disclaimer: ensure a semi-current Powershell / PowerCLI installation

Using the VMware Log Insight – Cisco ASA Content Pack to gain visibility and alerting

For those unaware, VMware Log Insight, is VMware’s syslog monitoring and alerting platform. It collects and automatically identifies structure in all types of machine-generated log data (application logs, network traces, configuration files, messages, performance data, system state dumps, etc.) to build a high performance index for performing analytics, so you can find pertinent information quickly.

With that being said, I do a lot of Log Insight use and am a big fan of the Content Packs that provide 3rd party integration. After showing this to clients for the last few months and having them rave about the dashboards and alerting in Log Insight, I decided to dedicate a post to configuring and using the Cisco ASA Content Pack for Log Insight.

The VMware Log Insight – Cisco ASA Content Pack provides new visibility, insight and alerting capabilities into firewall events, successful and denied connections, top source and destination dashboards for websites, bandwidth consumers, mail, chat, streaming, VPN connections and more. For a full overview of VMware Log Insight capabilities, check out the technical marketing material on the product site at https://www.vmware.com/products/vrealize-log-insight.html.

To configure your Cisco ASA for use with VMware Log Insight:

  1. Log into the Cisco ASA and enter configuration mode

  2. Configure the logging host

  3. Configure the logging trap level

  4. Configure the logging facility level

  5. Save the configuration

#logging host inside ip.of.log.insight
#logging trap informational
#logging facility 20

 

After configuring your ASA for use with Log Insight, you need to install the Cisco ASA Content Pack for Log Insight by clicking on the menu, which is the icon with three lines to the right of the username in the upper-right, then click Content Packs and then click on the Marketplace navigation on the upper-left of the screen as shown below. Find the Cisco ASA icon in the Log Insight Content Pack Marketplace and click it to install it.

 

 

After you’ve installed the Content Pack, log out of Log Insight and log back in. Navigate to the Content Pack Dashboards and click on the Cisco ASA Overview link.

The Cisco ASA Overview dashboard provides you with dashboards of All ASA Events over time with a histogram, a breakdown of events grouped by device, events by class and severity level, as well as, top destinations and sources. From here you can click on any graph and click Interactive Analytics to see a filtered view of the actual log events.

 

 

As you can see in the Interactive Analytics view of ASA events grouped by severity level, the Cisco ASA firewall is denying connection attempts for telnet to the outside interface of the firewall. The next thought is, “…geez, VMware, I wish I could easily setup an email alert for this filtered event on my Cisco ASA”. Well, I’m happy to add that WE CAN SETUP ALERTS IN LOG INSIGHT! YES!
 

 

Let’s take a look at how we setup a Log Insight alert for an event from our Cisco ASA.
To add an alert for Severity 3 events, go into the Interactive Analytics view for ASA events grouped by severity 3.

 

 

Click on Alerts, which is the red bell icon to the upper-right and then click on Create Alert from Query.

 

 

Fill in the New Alert form providing the name, description and recommendation, an email address or alias and then the criteria for the alert. You can match on any instance of an event, when an event is seen for the first time in the last x hours, or by how many occurrences happen in a given period and by group if desired. In any case, for this alert, I’d like to know anytime it’s more than one occurrence in five minutes.

 

 

Now that we’ve set an alert in Log Insight for our Cisco ASA, let’s take a look at some of the dashboards and information that the Content Pack provides visibility into.

 

Navigate to Denied Connections under the Cisco ASA Content Pack and you’re greeted by a dashboard of Top Denied Destinations, Top Denied Sources, Top Denied Protocol Groups and Top Denied Websites. Each of these can be drilled down into by right-clicking on a graph section and clicking Interactive Analytics to see the data. The Top Denied Sources is quite useful to determine where attacks are originating and can quickly provide you with a list of sources to take action on.
 

 

The Successful Connections Dashboard shows some really useful views of Top Accessed Destinations, Top Websites, a list of Latest Successful Connections and a graph of Reasons for successful TCP teardowns.

 

Besides looking to see that Facebook, Hulu or Youtube is probably the top accessed website from your firewall, the Latest Successful Connections is a great way to see if a new firewall rule or configuration change is working for clients accessing a new site or the like.

 

 

Clicking on the Traffic Overview dashboard reveals a fantastic histogram graph of bandwidth usage, which can be useful for forecasting and planning. The middle of the screen shows a graph of Top Connections With High Bandwidth Usage, to see who the big consumers are. Once again, you can drill down on any of those users to see what was being used. The user in this graph is my son’s Chromebook and I’m sure the bandwidth usage is from Youtube, no doubt. …was there any doubt? /grin
 

 

Lastly, the VPN Activity dashboard is great for analyzing past and for alerting on current VPN events. You can setup alerts for failed VPN connection attempts, which is always something to keep an eye on.

 

 

Wrapping it up, there’s quite a bit that VMware Log Insight can do for Cisco ASA users. The alerting capabilities for ASA events make Log Insight a great solution for environments where it’s deployed, as the Content Pack is free of charge, easily deployed and provides new visibility and “insights” into what’s happening on your ASA. …with or without you knowing. /grin

 

How long does it take to upgrade VMware NSX?

Estimating the time needed for NSX upgrades and maintenance windows has been a topic that’s needed attention for some time now. Many of the VMware NSX field engineers know from experience how long an NSX upgrade may take based on environment size, but I’ve found that there’s little documentation around how to determine the time required to perform an upgrade, based the size of the environment.

VMware NSX-v upgrades are performed in order of NSX Managers, then Controllers, onto Edge Gateways and then the vSphere hosts themselves. So, a good method of determining how long an upgrade will take, is by calculating all the individual component upgrade times, adding some buffer for the unexpected and then summing it all up. I’ve detailed the NSX upgrade process here in a previous blog post, with step-by-step screenshots, to provide you with what to expect. Official VMware NSX documentation should be used to perform the actual upgrade.

*As a special note, NSX-t upgrades are done in reverse order, starting with hosts / transport node first and then on to Edge Gateways, Controllers and then NSX Manager

After performing a fair amount of upgrades in the field, NSX Managers and Controllers have been very reliable in terms of component upgrades. Edge Service Gateways in an HA pair, on occasion, will fail an NSX component upgrade, but the resolution of powering the VM off, powering it back on, waiting for services to start and then retrying the upgrade, has been fairly quick remediation.

NSX component upgrade times as follows:

  • NSX Manager – 30 minutes
  • NSX Controller – 5-10 minutes (each)
  • NSX Edge Service Gateway – 15 minutes (each)
  • NSX vSphere Host – 15 minutes (each)

*Ensure to add time for DRS evacuations and reboot to each host time if applicable. NSX host upgrades after 6.3 are reboot-less, but evacuation still applies.

Each of these times have a small buffer for testing return to service of each component. Conditions can vary based on load and scale. If you have a test NSX deployment, you’ll be better able to see how your environment performs and tune in times a bit closer doing a dry run there. Disk I/O and performance on the Manager and Edge VMs take a fair amount of time, but the number of NSX vSphere upgrades are usually the biggest single factor in upgrade times. Remember, host density and host memory have a lot to do with estimating NSX vSphere upgrade times. Hosts with high VM densities can take in excess of an hour to evacuate and physical servers with >1TB of memory take quite a bit of time to “count up” at BIOS boot. All things to consider and add in to your estimate.

Here’s an example time estimate calculation for an NSX 6.3 upgrade on a five (5) host cluster:

  • NSX Manager (1) – 30 minutes
  • NSX Controller (3) – 30 minutes
  • NSX Edge Service Gateway HA Pair (2) – 30 minutes
  • NSX vSphere Hosts (5) – 75 minutes

The estimated time for this example would be 165 minutes or 2 hours and 45 minutes, which is very close to the actual 2.5 hours it took to perform the upgrade in this lab. As I mentioned, make sure to check out the preview of the upgrade and (please) use the official documentation to create your upgrade “runbook”. As always, opening a support ticket with VMware support containing the version details of your upgrade, number of components, and an architectural drawing will greatly reduce the time needed to engage support, should you need it.