Either way, after a great Christmas and New Years break, I was able to reflect on the year that was 2017, and I’ve gone ahead and set myself some goals for 2018. It will be interesting to evaluate these during and at the end of the year to see what ended up happening.

All in all, 2017 was a big one for me. A lot happened, life is never slow and the weeks soon turned in to months and next thing I know we were taking down the Christmas Tree once again.

Anyhow, here’s a summary of a few 2017 highlights for me:

Blogging

Given you’re here, let’s talk about the blog. I kicked off this blog at the start of 2016, and at that point in time I was still technically a Microsoft Systems Administrator at the local University and I had only just started focusing on the VMware and infrastructure realms. In 2017 I wanted to try to get 2 blog posts out a month, and I’m happy to say that I did achieve that, with a total of 25 posts for the 2017 calendar year.

In 2017 I placed the website behind Cloudflare, which I cannot recommend enough, especially as they offer a free SSL certificate which took 5 minutes to configure. I also installed Jetpack in January 2017 as this seemed to be the go-to people are using for measuring site statistics. If people have better suggestions for a WordPress site, I’m all ears.

I entered the Top vBlog 2017 event and managed to come in at a smooth 190! I actually was pretty happy with this for a first year and I didn’t advertise my site via any socials or at my workplace. There were 273 entries in total. I’m hoping to gain more exposure for sure in 2018 and it would be great to see that number get lower as I hope to make more connections and more importantly keep pushing content that is interesting and helpful to the community.

I also signed up for Blogtober in 2017, which is aimed to set a goal for bloggers to get 5 or more posts out in the month of October. I had every intention of spreading this out, but I had a crazily busy first half of October. With that said, I was able to get 5 posts out by the end of the month, so I’m glad I entered and will be looking for similar challenges in 2018.

The site statistics are interesting to reflect on. The image below is site views. While probably very low in comparison to the other 272 Top vBloggers, it was interesting to see I was able to increase month on month, with the exception of November (I didn’t put a post up in November) and December, which naturally tails off over the last two weeks.

vExpert

In 2017, I applied for and was lucky enough to be awarded with the VMware vExpert achievement. It’s a fantastic community to be a part of, and I haven’t even broken the surface of some of the benefits of being alongside other legends and experts in this community who put so much time in to helping and mentoring others. I’m about to re-apply for 2018 and hoping to make the cut, and I’m excited to see what opens up during 2018 via this programme.

Travel

2017 was my first full year working for a company based out of a different country, and with all but 1 customer being in a different state or country that I am located in. Add this in with attending conferences and team catch ups, naturally meant a bit of travel was involved.

The graphics below summarise my travel for 2017. The ‘Total’ stats on the summary are correct for 2017, I couldn’t find where in TripIt to select a year, and I only started recording trips from 2017 anyway. I was away for 52 days in total, which ended up being 14.6% of they days in a year, or 22.1% of a working year (assuming 4 weeks of leave and 5 public holidays). Needless to say this is nowhere near what some of the people in our field do, especially those that end up on a lot of long haul flights, but it was a big jump from someone who used to fly 2 or 3 times a year. I expect the travel percentage to stay in the 20-30% realm for 2018.

VMworld

2017 was a year of a lot of first for me, and one of those was the opportunity to attend VMworld 2017 US. It was also added in to my first long haul flight, first time in to USA and therefore the first time in to Las Vegas as well. I gave myself a few days before hand to have a look around (I landed on the Thursday before VMworld), but unfortunately I fell quite ill on the afternoon before leaving on a 27 hour door-to-door hike. I tried to naturally bounce back, but I had to resort to going to a walk in clinic on the Sunday to get some antibiotics.

With that said, I did manage to see a small amount of Las Vegas over 3.5 days before the conference, and of course many a bar during the evenings after VMworld.

The VMworld conference itself was absolutely fantastic. I attended the Hackathon on one of the Vester teams, and Wi-Fi issues aside it was still a great night to meet some industry superstars and meet some awesome people that made up the team I was on.

I also was a last minute addition to the vBrownbag Tech Talks and managed to put together a short talk which I really enjoyed delivering, and again thanks to anyone that came along to attend and/or support me.

There were a small bunch of us from Aus / New Zealand that caught up regularly, and I relied on some of the veterans to guide me along the way which was really appreciated. I’d still do some things differently, and with any luck I’ll be back there in 2018 or 2019 to do it all again. I’d love to see another city in USA apart from Las Vegas, but I wouldn’t say no to heading back in 2018 if offered!

UserCon

Another worthwhile mention for 2017 was the Melbourne VMUG UserCon, held in March 2017, which I was again lucky enough to attend. This was my favourite event I attended in Australia in 2017, with a rockstar lineup of international and local speakers and attendees, and hopefully I can be back there for at least Melbourne in March, if not Sydney as well (though, Melbourne is better guys!).

And now to a few of my own goals for 2018.

Certifications

• Achieve 3-4 new certifications. 1-2 will be in the VMware stack as this is still a major focus for me and for my role, but I’d like to achieve at least one outside of the VMware suite
  • At some point I should probably upgrade VCP-DCV to 6.5 / 6.Next

Speaking

I’d like to speak at at least one event this year, hopefully more. It is a little harder being situated down in Tasmania, there aren’t really any local meetups down here like Powershell, VMUG, DevOps, etc. But the opportunities will present themselves, I just need to take them.

Conference Attendance

Attending conferences were a big part of my 2017. At least for a Tasmanian! I think I attended 4 or 5 locally in ANZ, and 1 international (VMworld). I’d like to do the same amount, if not a couple more in 2018. There is a lot of value in meeting new people, keeping face-to-face touch with existing contacts and friends, and of course learning some of the new technologies and getting direct access to experts.

Reading

If I can read 50% of the books I bought in the last 18 months, technical and non-technical, I’ll be happy. I buy a lot of eBooks in sales thinking “yep, I’ll read that”, and they just seem to sit there until I log in or trip over them again and completely forgot I bought them! Maybe it’s time to invest in a decent reader to use on the planes.

Family

I find myself easily consumed, especially in things related to IT, and often find myself forgetting what really is important in life – Family. There have been many posts on the work/life balance, but one I’d like to reference is from Anthony Spiteri around 18 months ago. This post resonated with many people, myself included. I continue to be unable to switch off, but I’d like to think I’m getting better. In the recent holiday period of 10 days, I think I spent around 6 hours on the computer which is a record for me. I was still heavily connected in on social media, and in 2017 I dropped my Facebook usage down a lot, to almost being non-existent. I’ve got a few goals of things I’d like to achieve with the wife and kids this year, so we’ll see how that goes.

Guitar

I’ve been an on and off guitar player for around 15 years now. More often off than on. In 2017 I don’t think I picked up a guitar. Not even once. It’s something I enjoy and I need to get back in to it. I’ve recently had my main 3 guitars cleaned, re set up and restrung. I got them back today, so I’m keen to ensure they get some use this year!

Health

This is one that I know a lot of people struggle with, and even more so in the IT field. With that said, there are also the fair share of very healthy and fir people working in this field, so there is no excuse. I’d say over the last 5 years, I’ve put on 3-5 kilograms per year. It’s time to fix that. I’d like to drop 10KG in 2018. If I drop 15KG, that’s worth a gold star.

My initial aim is to go for a 30 minute walk for at least 5 days a week, but the biggest improvement I need to make is in what I consume. Especially when I travel. The challenge is on.

Networking

I’ve made a lot of good friends in this industry simply through networking, and I’m sure there are many more out there to make. For personal and professional reasons, I hope to meet many new people across 2018 and with any luck I’ll be able to call a few of those people friends at the end of the year as well.

That’s all from me. Have you had a chance to reflect on the past year and set yourselves some goals or challenges for 2018? No matter how big or small, make your first goal be to set yourself some goals!

When deploying the first controller in one of the sites, I ran into a failure. When clicking on the failure, the message I received was “Waiting for VC lease”:

I jumped on to NSX Manager via SSH and watched the log during the attempted controller deployment. I’ve shortened this down for the purposes of the post, but I believe I have the key components of the log here. The sections where I have “….” were several java errors:

2017-12-03 22:51:31.235 GMT ERROR taskScheduler-29 VCUtils:247 – Error while waiting for HttpNfcLease updates.
(vim.fault.CannotCreateFile) {
faultCause = null,
faultMessage = (vmodl.LocalizableMessage) [
com.vmware.vim.binding.impl.vmodl.LocalizableMessageImpl@2f41b6e5,
com.vmware.vim.binding.impl.vmodl.LocalizableMessageImpl@7cd56139
],
file = Failed to create directory NSX_Controller_d5e0c004-6730-4d56-94bd-c83c5a67c792 (Cannot Create File)
}

….

….

2017-12-03 22:51:32.170 GMT INFO DeploymentMonitor DeploymentMonitor:130 – Purge work for finished job jobdata-373 in status: FAILED
2017-12-03 22:51:32.170 GMT INFO DeploymentMonitor DeploymentMonitor:134 – Job jobdata-373 for controller controller-4 failed!
2017-12-03 22:51:32.171 GMT INFO edgeVseMonitoringThread EdgeVseHealthMonitoringThread:279 – Finished Health check for 0 edge vms in 0 millisec
2017-12-03 22:51:32.173 GMT INFO DeploymentMonitor DeploymentMonitor:174 – about to remove controller from database: controller-4 VM id null ip 192.168.36.51 uuid null version 7073587 VSM id 4208D4D9-FE35-BC85-A677-B232384628D2
2017-12-03 22:51:32.174 GMT INFO DeploymentMonitor RelationshipManagerImpl:830 – Recursively removing domain object controller-4 updateParent false

Hmm. What stuck out to me here was (Cannot Create File).

I decided to try the NSX controller deployment again, but this time instead of just letting DRS place the deployment, I selected a particular host to try the controller deployment to. This way I could also watch the hostd.log file of the ESXi host during the deployment to see if I could spot anything else.

Sure enough, in the hostd.log file I saw the following – “Virtual SAN node SiteA-ESXi01.lab.virtualtassie.com maximum Memory congestion reached.”

Here is the full section of hostd.log:

2017-12-03T22:51:31.246Z info hostd[2C840B70] [Originator@6876 sub=Solo.Vmomi opID=24c670de-01-01-01-14-0ef2 user=vpxuser:vpxuser] Throw vim.fault.CannotCreateFile
2017-12-03T22:51:31.246Z info hostd[2C840B70] [Originator@6876 sub=Solo.Vmomi opID=24c670de-01-01-01-14-0ef2 user=vpxuser:vpxuser] Result:
–> (vim.fault.CannotCreateFile) {
–> faultCause = (vmodl.MethodFault) null,
–> faultMessage = (vmodl.LocalizableMessage) [
–> (vmodl.LocalizableMessage) {
–> key = “vob.vsanprovider.object.creation.failed”,
–> arg = <unset>,
–> message = “Failed to create object.
–> ”
–> },
–> (vmodl.LocalizableMessage) {
–> key = “vob.vsan.lsom.congestion”,
–> arg = (vmodl.KeyAnyValue) [
–> (vmodl.KeyAnyValue) {
–> key = “1”,
–> value = “SiteA-ESXi01.lab.virtualtassie.com”
–> },
–> (vmodl.KeyAnyValue) {
–> key = “2”,
–> value = “Memory”
–> }
–> ],
–> message = “Virtual SAN node SiteA-ESXi01.lab.virtualtassie.com maximum Memory congestion reached.
–> ”
–> }
–> ],
–> file = “Failed to create directory NSX_Controller_d5e0c004-6730-4d56-94bd-c83c5a67c792 (Cannot Create File)”
–> msg = “”
–> }

I went and checked the health of vSAN on this nested cluster, and sure enough it was not in a healthy state! I fixed the underlying issues with vSAN and then tried the NSX controller deployment again, and it worked perfectly. So the cause of the issue was nothing related to NSX itself, as any machine deployment was going to fail with the same issue. the lesson here being to ensure the underlying platform is always healthy before deployment!

With that said, I think the failure messages in the NSX GUI could be much more descriptive to help troubleshoot issues like this faster, but I suspect the current development focus of a product like NSX is on product fixes and enhancements. I wanted to show my process of troubleshooting to narrow down on what “Waiting for VC lease” actually meant, and hell, maybe it will help someone else in the future who is just getting started with NSX like I am.

I regularly use the CLI deployment method for vCenter and PSC nodes. I really like the ability to spend 2 minutes with a JSON file and then kick off a command to automate stage 1 and stage 2 of the node deployment for me.

Anyway, when spinning up some vCenter Servers in my lab, I came across the following error when it was configuring the services for the first time:

Format Requires a Mapping

A screenshot of the error from the command line output is below:

The node failed to configure the services and essentially needs to be redeployed.

The long story short is that this message means there is some kind of network related issue with your VCSA deployment, where it cannot contact DNS / external PSC / gateway addresses.

I had this occur twice in my lab. The first time was a failure on my part to trunk the new VLAN I was deploying the VM on, to my EdgeRouterx, so the newly deployed VCSA could not contact the gateway address for the network.

The second time I’d just gone through some issues, and to cut a long story short I had to manually move some uplinks on my single physical ESXi host from a distributed switch to a vSwitch using the CLI. I moved the vmnic across, but I forgot to set it as active, so when I deployed the VCSA on this vSwitch, it had no uplink connectivity out of the ESXi host.

So if you come across this message, check any of your network config inside out. Double check the information in your JSON file and make sure your IP addresses, DNS, NTP etc are all correct. If that looks good, take a step back and check the network configuration on the ESXi host you are deploying to. If it’s still problematic after that, take another step back to see if there might be a routing issue outside of the ESXi environment.

I hope this helps someone down the track! The message was quite vague, so I thought it was worth a post.

I’ll get to the good stuff first. If you’re hitting an issue on ESXi 6.x where the RamDisk is filling up and ScratchConfig.CurrentScratchLocation is reverting to /scratch, even with a location configured, it’s likely due to a known issue with an Emulex Driver. here are two links to Dell’s website which describe the issue and workaround.

Scratch partition stops working after hardware or software iSCSI is enabled on ESXi with the scsi-be2iscsi Emulex driver

Scratch partition stops working after hardware or software iSCSI is enabled on ESXi with the elxiscsi Emulex driver

As noted, we’ve seen it on some HPE hosts with the HPE ESXi image as well, and there are reports of this on Reddit / VMTN forums as well.

We first noticed the issue when we got some alerts for one of our customers that the Ramdisk on the host was full. This gets logged into hostd.log as well as tasks and events, and likely picked up by tools such as vROps.

2017-10-10T08:11:20.805Z info hostd[50981B70] [Originator@6876 sub=Vimsvc.ha-eventmgr] Event 247 : The ramdisk ‘root’ is full.  As a result, the file /usr/share/vua/vua could not be written.

Running vdf -h from ESXi shows the Ramdisk usage on the host

—–
Ramdisk Size Used Available Use% Mounted on
root 32M 22M 9M 68% —
etc 28M 512K 27M 1% —
opt 32M 212K 31M 0% —
var 48M 476K 47M 0% —
tmp 256M 68K 255M 0% —
iofilters 32M 0B 32M 0% —
hostdstats 1803M 2M 1800M 0% —

Though root actually wasn’t full, it wasn’t far off and this did look a little odd.

For all of our customers, we configure the advanced setting ScratchConfig.ConfiguredScratchLocation to a path on a VMFS datastore. What we noticed for these hosts, was that the ScratchConfig.ConfiguredScratchLocation was still set correctly, but the advanced setting ScratchConfig.CurrentScratchLocation had reverted to /scratch. See the image below for an example.

The Configured Scratch Location wasn’t applying correctly (normally it required a reboot). This caused the host to start using /scratch, which ultimately led to the issue.

A colleague logged the case with VMware and they investigated, and they’ve recently pointed us to this KB article – https://kb.vmware.com/kb/2151209, which simply links off to one of the Dell articles for the workaround / resolution.

So if you’re facing the issue, check out the links above as this is likely to be the problem. One user on VMTN in the thread below (last post) did mention they upgraded the Emulex driver to 11.4.x which seems to have resolved the issue for them, though there seems to be nothing “official” from VMware, Emulex or vendors yet.

https://communities.vmware.com/thread/563431?start=15&tstart=0

If you are not aware of what vRealize Infrastructure Navigator (VIN) was, it was a tool that was part of VMware’s vCloud Suite that discovered application dependencies and mapped network flow within a vSphere environment. VIN was deployed as a virtual appliance and then registered with vCenter Server. From there, VIN started mapping application dependencies using VMware Tools and the vCenter Server VIX API.

VIN was quite a handy tool, especially when looking to build Site Recovery Manager plans or NSX security groups.

Because VIN has now gone EOD/EOSL, VMware have released a new tool to take over the functionality of VIN. The new tool is a management pack for vRealize Operations Manager, called vRealize Operations Service Discovery Management Pack, or vRealize Operations SDMP for “short”. To quote the SDMP website:

vRealize Operations Service Discovery Management Pack discovers all the services running in each VM and then builds a relationship or dependencies between services from different VMs, based on the network communication.
The management pack can create dynamic applications based on the network communication between the services and brings in the functionality into VMware vRealize Operations Manager which was earlier provided by VMware vRealize Infrastructure Navigator.

Version 2.0 of SDMP was recently released, which was great as version 1 was quite limited in the support. Prior to version 2.0, if you were running vSphere 6.0, you were in a bad place as VIN wasn’t working (if your patches were up to date) and SDMP was not supported for vCenter Server 6. Regardless, SDMP 2.0 is compatible with the following:

• VMware vRealize Operations Manager 6.3 or later
• VMware vCenter Server 5.5 or later
• VMware ESXi 5.5 with common user credentials
• VMware ESXi 6.0 or later
• VMware Tools 10.1 or later

SDMP supports integration with SRM, but it doesn’t look like it has any integration with NSX. I’m not sure if that will be built in to SDMP or if VMware will rely on vRNI to provide that functionality.

One of the biggest changes between VIN and SDMP is how the tool communicates with guest machines to understand the behaviour and services running in a guest OS. SDMP requires vCenter Guest User Mappings to be configured, else “The vRealize Operations Service Discovery Management Pack cannot discover services on a VM if the guest user mapping is not defined in the vCenter Server”.

I’ve got to admit, when I first read this I was not aware of what Guest User Mappings were, so I came across this article on the VMware Docs website. It looks like these were introduced in vSphere 6.0, but in talking to the SDMP developers this feature did sneak in late in 5.5 as well.

In short, this feature allows you to configure a mapping between a vSphere SSO user and a guest OS local administrator account. This mapping is then used by vCenter Server to run commands within the guest operating system. SDMP uses this feature to run commands like wmic in Windows to determine what processes and services are running inside of each guest virtual machine.

When I first read about this, a red flag went up. I essentially need to provide a vSphere SSO account with access to a local administrator account for every guest OS within an environment, which then allows that vSphere SSO user to run commands within the guest operating system. I also need to articulate this to my customers and get their trust to provide me with local admin credentials. In talking with the developers and product manager of SDMP, this simply is the way it is and it is the method VMware have implemented into vCenter to provide access, now that the VIX API is no longer available for use.

Now that I’ve pondered on the above for a few weeks, I’m still not sure if this is a huge issue or not from a security and risk perspective. I’ve only had the chance to have this discussion with one customer, who immediately threw up the red flags as well, but then we talked through what else is at risk if an untrustworthy source had access to a privileged vsphere.local account. Some actions like powering down a VM and copying the VMDK to extract the data can be mitigated with features like VM encryption, so I still do wonder if customers see a big risk in essentially having an avenue to run a command within a guest OS.

I’d like to understand some more about this feature and whether there are legitimate concerns or not (and why not). There seems to be very little information available at this point in time.

Anyhow, User Mappings risk aside, there is still a significant management overhead of SDMP if you ask me, when compared to VIN. Firstly, I need to go through an ‘onboarding’ process, where I need to create the User Mappings for every single VM within an environment. SDMP does provide a way to do this in bulk via CSV, but I still need to go through and enter a local username and password for every guest OS. Some customers have different local admin account names across flavours or versions of OS. Most customers will also have various appliances which will have a mix of admin / root / whatever for the account name. In any case, the initial creation of User Mappings is not a small task in the typical environment we are responsible for, and there are many environments much larger than those we deal with.

On top of the initial configuration, there are ongoing efforts to maintain User Mappings. Every time a new VM is created, the mapping needs to be created. Whether the new VM is from an admin spinning up a new Linux or Windows server for an application, a developer spinning up a test environment, or the audio visual admin spinning up the latest Polycom appliance from OVA. Errors will be shown in the SDMP tool ‘relationship’ status if the User Mappings is not complete, and also a warning is logged under tasks and events for the virtual machine if SDMP is trying to query it but doesn’t have access.

The article on the VMware Docs website does state that after the initial mapping is complete, subsequent guest management requests use an SSO SAML token to log in to the guest. This means that the password for the local administrator account used to create the User Mappings can change, but access from vSphere to the guest OS will not be impacted.

What are your thoughts on SDMP and the User Mappings required to enable functionality? Are you concerned? Have your customers been concerned, or have they given up guest OS credentials easily? Will you be deploying SDMP in environments that previously had VIN deployed?

As per the VMware KB article that announced this information, if you are running vSphere 5.5/6.0 you essentially have two options. Continue using VIN on an unpatched environment (not recommended), or use a new management pack for vROps that replaces VIN functionality called the Service Discovery Management Pack. If you are already on vSphere 6.5, VIN will not work so your only option is to use the SDMP.

You can no longer download VMware Infrastructure Navigator, and as of September 26th 2017, VIN is End of Distribution (EOD) and End of Support Life (EOSL).

I’ve written an initial post on the replacement, SDMP. This isn’t a “how to” post or a technical post, though I will likely do one down the track. It’s more around the other changes associated with getting SDMP stood up as it isn’t quite as straight forward as VIN was.

So, if you have environment with VIN deployed, please be aware that is is now end of life and if you are keeping up to date with your patches, the functionality is now likely broken and VIN isn’t working anyway, so start planning the installation and configuration of SDMP.

For the past couple of years, I have used a Microsoft Surface Pro as my main computer. I started with a Surface Pro 3 when I was working for a University, and when I moved jobs to a Managed Services Provider, I thought I was happy with what I had and so I purchased a Surface Pro 4 with the dock and Type Cover. After using it extensively for the first 9 months in my new position, I kept realising I was unhappy with my decision, to the point where I was ok with admitting it to myself. There were a few key reasons for this, but the major ones were keyboard, kickstand and DPI scaling. I also made this mistake of purchasing a model with 8GB of RAM. I was constantly maxxing this out, sometimes without even running a couple of local virtual machines that we usually require in the MSP role. I also quite consistently had docking issues with the SP4. I had the newest dock available at the time, but on occasion one or both of my monitors wouldn’t get detected. I was often trying to redock, or at times even had to unplug the Display Port cables from the back of the monitors so they were detected properly. Alas, I made the decision to move back to a ‘traditional’ laptop. This was in around April 2017.

I’d been keeping an eye on things over the first few months in 2017 and knew that a few new releases and refreshes of models were due at the start of the year, due to the release of the new Intel processor and also following on from CES.

The main machine in my sight was the Dell XPS. For a long time it is known as being the best of the best when it comes to ultrabooks, but I was having a hard time justifying the price for the spec I needed when there was no sale on. I wasn’t fond of the webcam placement either, and being 100% remote worker I do often use the camera to enhance the interaction experience. I also decided early on to pass on anything Apple related. I’d just end up running windows anyway, and the limited connectivity was not something I was fond of, nor was the price point for most of the models I was looking at.

I was familiar with the Lenovo Yoga, and even though it gets great reviews I still didn’t want a ‘hybrid’. And then I came across the Lenovo X1 Carbon Gen 5. I couldn’t believe I was seriously considering an IBM/Lenovo laptop. I’m not sure why, but I’d never been fond of them. But after checking the specs on the X1 Carbon, I knew this was going to be one of the machines at the top of my list. The specs were perfect. A 14″ screen in the footprint of a 13″ machine. Wide selection of processors, 16GB ram available and nice connectivity on the laptop itself without going over the top. As I tend to do, I read reviews from the first few pages on Google, and I couldn’t find a bad thing being said about this machine. It was often compared to the XPS, and some trusted reviewers placed the X1 Carbon at the top of the list for Ultrabooks.

When I made the purchase back in May 2017, there were two codes available online. LENOVO15 (15% off when spending over $1500) and LENOVO20 (20% off when spending over $2500). There was also a promotion where the USB-C dock, which I required, was $1 when purchasing an X1 Carbon, instead of the usual $279(ish).

My original spec came to around $2250AUD, and applying LENOVO15 got me down to around $1950AUD. I then realised that if I specced up the laptop a bit more and ‘spent’ over $2500, that I could use LENOVO20, brining my buy price down to just over $2k. I decided to up the processor to the top i5 being offered, and put in a 512GB NVMe SSD. The spec of the machine I ended up with in addition to the standard options was:

• Core i5-7300U 2.60GHz
• 16GB RAM
• 512GB PCIe-NVMe SSD
• USB-C Dock

I chose to stick with the one year warranty, but I will add an extended warranty on every year so I’m covered moving forward. We use BYOD for work so I need to ensure I’m covered as damage or fault to the laptop would end up putting me out of pocket.

At first, like some reviews have said, when pulling this out of the box, you wonder if the battery is even included. It is light, thin and has a professional look about it. Opening up the lid, I noticed the hinges are strong, not flimsy with the screen bouncing around when you let it go like some cheaper laptops I’ve used in the past.

I got the laptop set up, updated and got my basic suite of apps installed and configured just how I like it. From there, I took an image of the machine and saved it off on my NAS using Acronis True Image. My aim was to regularly roll back to this image every couple of months just to ensure I’m running a clean build with no nasties. SO far I’ve had the laptop for 6 months and I’ve done a roll back twice. There are a couple of things I’ve needed to tweak or add each time, but the process works well. Within about 25 minutes, I’m back to a clean day 1 build of the machine.

The keyboard. Everyone raved about the keyboard on the X1 Carbon (including previous generations). When I saw this I was like, “yeah, ok. I’m sure it’s fine”. I’ve used the laptop heavily over the past 6 months which has included quite a lot of travel, and the keyboard is everything it is cracked up to be. I wrote the bulk of this post on a flight to Auckland from AUS. There was no way I would be doing this comfortably if I still had the Surface Pro.

Battery Life. This bad boy lives up to my expectations. The battery life is fantastic. I’m sure the advertised 15.5 hours has some caveats, but I can easily get a full work day out of the battery no issues at all. The other nice feature is the fast charging of the battery. Lenovo claim that it can charge from 0% to 80% in 60 minutes, and I would agree.

The Dock. The dock that I purchased is a USB-C dock. I was originally a tad hesitant because I had flashbacks to 5-7 years ago trying to get USB2 docks for customers who “cheaped out” to work properly, but then I soon realised this is the new norm, and that my last experience with USB docks was a long time ago, across a much older and slower protocol (USB2). The dock allows me to drive my 2 Dell 24″ Full HD monitors as well as the laptop screen at the same time, which is the maximum requirement I have. The remaining connectivity is quite good, with plenty of USB ports (some specifically for charging devices). I had several issues with the Surface Pro 4 dock and getting it to pick up both monitors after sleep mode. Not once in 6 months have I had an issue with the Lenovo dock, and I dock and undock my machine every, single, day.

Things I initially didn’t like:

The first time I used it at night, I realised there was no backlight on the keyboard when I started typing. Oh no, I thought. I quite often work in not well-lit areas and a backlit keyboard is essential. I thought to myself, “I don’t remember seeing this as a ‘con’ in any of the reviews”. So I got up and turned the light on to inspect the function keys, and then I noticed a familiar icon on the keyboard. Hooray! Function + space bar turns on the backlight on the keyboard. I’ve also since found out that this can be controlled in software using the Lenovo Settings as well (launched by default with function + F9). I’m very used to this now, but it would be nice if this came on automatically when typing.

Next thing was the location of the left Control key on the keyboard. I’m used to the far bottom left key being Control, but on the X1 carbon it is the function key. The control key is one key to the right, usually where I would think the function key would be. Turns out I use a lot of Control+Something commands, and I kept reaching for function. Damn, this was going to take some adjusting. A few days after owning the machine, I was having a good look through the Lenovo Settings program and came across this option:

Aha! They’d either planned for this from day one, or I’m not alone and they received enough complaints to have the option to switch these keys in software. Fantastic. I made the change and it has been fine ever since.

All in all, I am extremely happy with this laptop and would recommend (and have) to anyone looking to purchase an Ultrabook, especially those that travel often and need a reliable workhorse in the backpack with them. If you are in the market, check out some reviews and videos of the X1 Carbon, I don’t think you will be disappointed!

Anyhow, it’s that time of the year again and vForum Australia 2017 is just around the corner. In fact, it’s next Thursday the 2nd of November. If you live in Sydney or have the luxury of jumping on a plane for a day or two, I’d highly recommend heading along to vForum.

For the last few years, vForum has done the rounds at Luna Park, Star Casino and Moore Park. This year it is being held at the International Convention Centre at Darling Harbour.

Those of you that are familiar with vForum might notice that this year it is a one day event rather than the traditional two day event. I won’t be attending, but I’ll be interested to hear feedback on the change from those attending when compared to the format of the previous events.

For $605, you can still register for a “TechDay@vFORUM” pass which will get you the following benefits:

• All General Admission sessions
• Exclusive TechDay@vFORUM breakout sessions with deep dive technical content
• vFORUM Marketplace access
• Lunch and refreshments
• Admission to the vFORUM party

Those of you who are “Alumni” (attended 2+ vForum events as a paid attendee) can benefit from a 10% discount. If the paid pass isn’t in your budget, you can register for a general admission pass for free.

Interestingly, there also appear to be some “side” events on the same day as vForum. Namely Empower Digital Workspace and Transform Security. The pricing is the same as the vforum Techday pass, but I’m not sure if a vForum Techday pass will get you in to these events, which are also being held at the International Convention Centre. From what I can tell on the site, they are separate events and access is purchased separately to vForum.

VMware executives Sanjay Poonen, Bruce Davie and Alister Dias will be taking charge with the Keynote. On top of that there will of course be the Solutions Exchange with vendors and partners showing off their latest and greatest (along with a bit of swag and some prizes!) and there are the breakout sessions where experts will take you through a particular technology or product. My tip – Make the most of the exposure to the VMware team and the partners that are there on the day to build your networks up.

And of course, PLEASE don’t forget about VMDownUndergorund, or if you didn’t know about it, now you do! Go and grab a ticket. VMDownUnderground is held on the evening before vForum and this year is being sponsored by DellEMC. This is a small event where industry superstars get together, catch up, sink some beers and food and meet some new people. Last year I went to the event alone, and I really have a hard time jumping in to conversations with people I don’t know, but that night I met a lot of great people who I’m regularly in contact with these days. I underrated the networking you can do at an event like this.

So, are you heading to vForum next week? Have you got any goals or plans, or just going to take the day as it comes? If you are a first time go-er, I wrote about my experience last year in this post.

As a VMware customer, VMware Skyline is a platform that provides VMware visibility in to your environment with the aim of providing proactive and predictive recommendations, based on the configuration in your environment, cross referenced with VMware guidance, KB articles and lessons learned from other customers’ environments. In the event that you log a case with VMware, Skyline also provides the Global Support Services (GSS) team access to information about your environment, without needing to spend hours gathering logs, configurations or sitting on a Webex with an Engineer while they get familiar with your environment and specific configurations.

I don’t know for sure, but I imagine that from a VMware support perspective, if they look at the data for your environment after a case has been logged, that they will have tools and processes to quickly identify some issues that could be occurring in your environment and contributing to the issue that you logged a case for.

Skyline was the topic for the VMware Communities Roundtable Podcast in Episode #403, which admittedly I have not yet listened to at the time of writing, but it is in my queued list. Talkshoe.com is not currently loading, but I will link to the episode when it is loading, or you can search for it on the popular podcast apps.

Skyline was in the keynote in day one, but you’d be forgiven if you missed it. Skyline is mentioned at around the 25:40 mark:

While at VMworld, I went and spoke to some of the guys on the VMware booth who were familiar with Skyline. We had a look at the product and some of the outputs. One of the outputs was a (very) detailed report covering the customer environment configuration, compliance with the VMware Validated Designs, patching and configuration recommendations, etc. To quote one of the VMware spec sheets:

VMware will establish a regular reporting schedule with each customer to discuss observations and insights derived from the ongoing analytics, and to provide prioritized recommendations based on alignment with VMware best practices and VMware Validated Designs. Premier Support (Mission Critical, Healthcare Critical and Business Critical) customers will receive a bi-weekly Proactive Operational Summary Report.

With the size of the report I saw, bi-weekly would probably be too often for most customers, unless it was a really high level meeting.

Setup of VMware Skyline is straight forward. At the time of writing, you need to opt in to the program and to do so you need to be a Premier Support customer (Mission Critical Support or Business Critical Support) in North America. After opt in and acceptance, you deploy a collector appliance in to your environment that is the middle man between your environment and VMware’s online Skyline repository. VMware have stated Skyline will be available to customers with other production support agreements later in 2018.

If it wasn’t apparent yet, “non-identifying” data from your environment will be uploaded to VMware using the collector appliance, which VMware claim is done over an encrypted channel to a secure VMware repository in the US. Being hosted in the US might be good for some, not great for others. I’m sure customers and partners alike will also be interested to understand what data is being captured and sent, and if there is any choice in what is included and any options for additional obfuscation. Obviously the more data you choose to withhold from VMware, should you opt in to using Skyline, the more likely you are to receive less proactive recommendations, less information will be included in the reports and not all of the data may be readily available for GSS in the event of a reactive case being logged. At the end of the day, it will be a trade off decision that each customer should make, and partners will likely need to guide them through this as well to achieve the best outcome.

As of today, Skyline includes the core VMware vSphere components and VMware NSX. Additional products will be added “over time”.

My Own Thoughts

It’s great to see VMware jump on the proactive support and analytics train and take it seriously. It’s a step in the right direction, but to pull this off I believe that VMware need to put a lot of effort in to this product in the next 6-12 months to get the majority of their offerings included and also open up availability to all customers with production support agreements.

From a partner perspective, It would be fantastic to see VMware show some love here and give customers the option of allowing Partners to be a ‘middle man’ between Skyline and the customer. Providing a partner portal to Skyline where I could log in and see all of my customers’ environments, with summaries of recommendations and proactive guidance would be extremely beneficial. VMware doesn’t have the capacity to sit down with each customer and go through what these items may mean for their environments, so let the partners do what they’re good at and translate this information for the customers.

I suspect there will be a lot of discussion regarding the privacy of the platform, including the data being gathered from an environment, how it is being transferred to VMware, how and where it is being stored by VMware, and then who can access that data from VMware under which circumstances. Hopefully VMware are working on making this information available in a transparent fashion. Ultimately I do believe that these systems work. I’ve been a customer and a partner for similar platforms that have been designed well from the ground up and they truly do provide a proactive support experience for customers and partners.

What are your thoughts on Skyline? Let me know in the comments below!

When logging in to vIDM to set up the new configuration, after going to Identity & Access Management > Directories > Selected the sync directory > Sync log,  I noticed there were sync issues with Active Directory:

There wasn’t much more information here to show what the issue might be, so I wanted to check out the logs. These can be found under Appliance Settings > VA Configuration > Manage Configuration, log in to the admin portal and then go to Log File Locations > Prepare Log Bundle. A ZIP file will be prepared which you can then download and extract. Inside the logs bundle is a file named connector.log.

Inside this file, I found some warnings as per below

2017-08-18 09:20:21,920 WARN (SimpleAsyncTaskExecutor-3) [3002@VMVIDM01;admin@VMVIDM01;10.6.5.26] com.vmware.horizon.directory.ldap.LdapConnector - Failed to connect to domaincontroller.domain.com:null
javax.naming.CommunicationException: domaincontroller.domain.com:389 [Root exception is java.net.ConnectException: Connection timed out (Connection timed out)]

Caused by: java.net.ConnectException: Connection timed out (Connection timed out)

Long story short, since deploying vIDM, the customer had changed domain controllers, and vIDM doesn’t automatically query the domain for available domain controllers. Instead, a file named domain_krb.properties is created when the configuration is first done, and this file contains information about the domain including the names of domain controllers that vIDM should query.

This sentence is from the linked VMware documentation page titled “About Domain Controller Selection (domain_krb.properties file)”;

The domain_krb.properties file determines which domain controllers are used for directories that have DNS Service Location (SRV records) lookup enabled. It contains a list of domain controllers for each domain. The connector creates the file initially, and you must maintain it subsequently. The file overrides DNS Service Location (SRV) lookup.

To summarise, you’ll need to manually update the domain_krb.properties file any time there are changes to domain controllers in the environment that vIDM is using. To do this:

1. Log in to the vIDM appliance with the root account
2. run vi /usr/local/horizon/conf/domain_krb.properties and press enter
3. Make changes required to update the domain controllers listed for the domain and save the file
4. Change the ownership of the file by running chown horizon:www /usr/local/horizon/conf/domain_krb.properties
5. Restart the service by running service horizon-workspace restart

After making this change and updating the file to connect to valid domain controllers, I ran a re sync from vIDM and it went through successfully.