C.R.I.B. The Logical Layout of My HomeLab

C.R.I.B. – Stands for Computer Room In a Box. This is the name I have given my homelab. I’ve used my C.R.I.B. to educate myself, experiment with things, and demo products to my customers.

As you’ve read in previous posts, my homelab has evolved over the years. Currently, I run one physical Supermicro Super Server attached to a Synology DS 1512+ Array, connected to a gigabit switch. Many of my friends and co-workers have asked how I run everything on one physical box — which I am going to call pESX. I’ve tried to explain it and draw it out on a whiteboard. However, until you’ve seen it drawn out, the explanation gets confusing — unless you’re familiar with nested virtualization.

I utilize nested virtualization to expand the capabilities of the C.R.I.B. without additional physical hardware. If you are unfamiliar with nested virtualization, it is the ability to run ESX as a virtual machine — which I will call vESX. (William Lam has written numerous articles on how to do it. Just google “William Lam” and “nested virtualization” if you want more info.) The entire CRIB is accessible from my home network — which is a lifesaver, as I do not have to work in my office. I can access it via VPN or the couch.

CRIB
Computer Room In a Box
A pfSense virtual machine (GATEWAY) was implemented to act as firewall and router to the entire virtualized environment, including the nested layer. The pESX is on the base network with a vmkernel attached to the pfSense Virtual Machine to allow for manipulation and modification of the firewall rules and network configuration. All traffic in and out of the virtual environment will pass through the pfSense VM. The firewall in the pfSense provides isolation as well as communication between the various networks.

All of the infrastructure virtual machines sit on the first virtualization layer – this is considered as the “Management Cluster”. However, this cluster, is only made up of the one physical ESX Host (pESX). Normally, we would want multiple hosts for HA redundancy. (But this is a lab, and I’m on a budget.) The vESX Virtual machines sit in this layer as well. The vESX VMs have a direct connection to the base network for access to the iSCSI storage Array. vESX make up the ESX Compute Resources of the “Payload Cluster”. These clusters; the Management Cluster and the Payload Cluster, are a VMware architectural design best practice. The infrastructure is made up of your basic VMs; a Domain Controller (DC), a SQL Server (SQL), the Management vCenter (vCSA6), a Log Insight Server (LOG), and a VMware Data Protection VM (VDP) for backups. In addition to these VMs, the vRealize Automation (vRA) VMs and Payload vCenter (PAYVC01) also sit in the management cluster. This self-service portal deploys to a vCenter (PAYVC01) endpoint controlling the compute resources of the Payload Cluster.

The Payload Cluster is made of three virtual ESX Hosts (vESX) and provide the various resources; network, CPU, RAM, & Storage, for consumption by vRA or other platform products. There is an Ultimate Deployment Appliance (UDA) VM providing the ability to deploy scripted ESX images. This provides the ability to quickly rebuild the hosts, if needed.

This is just the base. I am in process of deploying NSX into the environment to provide the ability to deploy multi-machine blueprints within vRA. In addition, I intend on exploring SRM integration with vRA.

Tool: Microsoft Remote Connectivity

While onsite with a customer yesterday, I was introduced to a new free tool provided by Microsoft called the “Remote Connectivity Analyzer”.

So what does this do? How can it be of use to me?

I’m glad you asked. Our scenario was that the company used Office365 for their emails. I’ve watched companies make the move to cloud provided email for years now. But where this gets to be problemsome, is when you need to configure applications to send/receive email. Our specific scenario involved configuring vRA to use Office365. Now, I already know that if Office365 is set up to use EWS (Exchange Web Services) this won’t work. So boys and girls, if the customer uses Office365 and they are setting up vRA – ask them if O365 is using EWS. If so, stop. Save yourself a headache.

But back to the problem. So when we go to configure the email server (inbound or outbound), we only have the ability to plug in the configuration and click a little “Test Connection” button. If it fails, you get a generic error message and then you have to scour logs to try and decrypt what went wrong. Do you not have enough ports open? Are they blocking subnets? Is the email account enabled? Now you have to try and troubleshoot the problem with multiple teams.

Our first foray was to try and check if we could ping outlook.office365. We SSH’d into the vRA Cafe and pinged. We were good. We attempted telnet by running the command: curl -v telnet://outlook.office365.com:993. We were good. We had the network team verify that traffic was making it to and from. Again, good.

MS Remote Connectivity Analyzer
MS Remote Connectivity Analyzer
The next step was to validate the email configuration. The email team checked over our settings — which surprise, we’re good. Then they introduced us to the Remote Connectivity Analyzer. Using this tool, they were able to see test the connection between the admin’s workstation and outlook.office365. What we found was that the email account was set up as a shared email mailbox, and not an individual user box.

But what was fascinating was that the analyzer ran tests to check EVERYTHING. So the next time you run into issues with trying to configure email, give this a shot.

FINE PRINT: The test machine will need to have internet access to give this a whirl.

How to upgrade a simple vRA 7.0 instance to vRA 7.0.1

Just this week, VMware released vRealize Automation 7.0.1 (vRA). It contains many bug fixes and some enhancements to the vRA platform. I was excited for it to come out and was anxious to perform an upgrade in my home lab.

I will advise caution and planning in any upgrade of your environment. But I would stress heavily on the planning. You should know your dependencies before you attempt an upgrade, and always. ALWAYS, read the Release notes before you start the upgrade process.

The following process is for a simple vRA instance. This is the Proof Of Concept build, sometimes referred to as a “Lab” or “Sandbox” build. However, these steps can be modified for a fully distributed vRA instance.

Here is how I upgraded my lab.

1) Take snapshots of the vRA Cafe Appliance, IaaS VM, and SQL VM.

2) Shutdown the vRA Services
     SSH into the vRA Cafe Appliance and shutdown the vco-server, vcac-server, apache2, and the rabbitmq-server services.

  1. Run the below commands to stop the above listed services:
    • #service vcac-server stop
    • #service apache2 stop
    • #service rabbitmq-server stop
    • #service vco-server stop


    You can check that the services have stopped using the status syntax: #service vco-server status

  2. Log into the IaaS Virtual Machine and stop the below listed vRA services.
    • All VMware vCloud Automation Center agents
    • All VMware DEM Workers
    • VMware DEM Orchestrator
    • VMware vCloud Automation Center Manager Service


3) Download the vRealize Automation Appliance 7.0.1 Update Repository Archive ISO.

4)Upload the ISO to a datastore, and mount the iso to the vRA Cafe Appliance’s CDRom.

VM Settings
5) Open a browser and log into the vRA Cafe. Then Navigate to the “Update Tab” –>> “Settings”.

6) Change the Update Repository to “Use CDRom Updates”. Click on “Save Settings”.

Use CDRom Updates
Use CDRom Updates

7) Select the “Status Tab”.

8) Click on “Check For Updates”.

Check For Updates
Check For Updates

9) An update should be found (as shown in the photo above). Click on “Install Updates”.

10) Wait for the update to complete. This took approx 30 minutes for my lab.

Install Updates
Install Updates

11) Once the updates complete, you will be notified to reboot the vRA Cafe Appliance.
Reboot Notice
Reboot Notice

12) Once the vRA Cafe Appliance has completed the reboot, log back into the vRA VAMI and verify the version.
Updated Version
Updated Version

This completes the vRA Cafe Appliance upgrade. Now it is time to focus on the IaaS Server.

13) Open a console or RDP session into the IaaS Server and log into the machine with the vRA Administrator Service Account.

14) Open a web browser and browse to the vRA Cafe Installer page. “https://[vRA Appliance FQDN]:5480/installer”

15) Download the “DBUPGRADE SCRIPTS”.

16) Verify the Java Path in the Environmental variables.

Java Path
Java Path

17) Open the File Explorer and browse to the folder where you downloaded the “DBUPGRADE.zip” scripts file. Extract the DBUpgrade.zip file.

18) Open an elevated Command Prompt.

19) Change the directory to the location of the DBUpgrade Extraction Folder.

20) NOTE: Verify that the vRA Administrator Service Account has the SQL sysadmin role enabled.

21) Run the following command to update the SQL Database:
      # dbupgrade -S sql.dwarf.lab -d vra -E -upgrade

Replace sql.dwarf.lab with the FQDN of your SQL server.

DBUpgrade Script
DBUpgrade Script

The process may take a few minutes to complete.

22) Return to the vRA Cafe Installer page. “https://[vRA Appliance FQDN]:5480/installer”. Download “IaaS_Setup”.

23) Browse to the downloaded file in File Explorer. Right-Click the file, and “Run as Administrator”.

vRA 7.0.1 IaaS Installation - 1
vRA 7.0.1 IaaS Installation – 1

vRA 7.0.1 IaaS Installation – 2
vRA 7.0.1 IaaS Installation – 2

vRA 7.0.1 IaaS Installation – 3
vRA 7.0.1 IaaS Installation – 3

24) Select “Upgrade”
vRA 7.0.1 IaaS Installation – 4
vRA 7.0.1 IaaS Installation – 4

vRA 7.0.1 IaaS Installation – 5
vRA 7.0.1 IaaS Installation – 5

25) Fill in the Blanks.
vRA 7.0.1 IaaS Installation – 6
vRA 7.0.1 IaaS Installation – 6

NOTE: For the SQL Connection. If you are not using SSL, uncheck the option to “Use SSL for Database Connection”; else you will experience the following error.
vRA 7.0.1 IaaS Installation – 7
vRA 7.0.1 IaaS Installation – 7

26) For my lab, I had to remove the SSL connection between the IaaS Server and the SQL Database Server.
vRA 7.0.1 IaaS Installation – 8
vRA 7.0.1 IaaS Installation – 8

vRA 7.0.1 IaaS Installation – 9
vRA 7.0.1 IaaS Installation – 9

vRA 7.0.1 IaaS Installation – 10
vRA 7.0.1 IaaS Installation – 10

vRA 7.0.1 IaaS Installation – 11
vRA 7.0.1 IaaS Installation – 11

27) The upgrade installation will take some time to complete. I recommend going and grabbing a drink. The process took approx 30 mins for me for it to complete.
vRA 7.0.1 IaaS Installation – 12
vRA 7.0.1 IaaS Installation – 12

28) The upgrade finishes.
vRA 7.0.1 IaaS Installation – 13
vRA 7.0.1 IaaS Installation – 13

29) Click finish and reboot the IaaS Server.

30) When the server comes back online. Log back in and verify that all vRA services have restarted.

vRA Services
vRA Services

31) Log back into the vRA Cafe Appliance and check all Services are returned to “Registered”.
Cafe Services
Cafe Services

If everything happened without any issues, then you have successfully upgraded vRA from 7.0 to 7.0.1. Go log into your portal and check it out!

vRA Portal Login
vRA Portal Login