Hosted VMware environments and recovery solutions in IBM PureApplication Platform, Part 1
Getting started with hosted VMware environments
This content is part # of # in the series: Hosted VMware environments and recovery solutions in IBM PureApplication Platform, Part 1
This content is part of the series:Hosted VMware environments and recovery solutions in IBM PureApplication Platform, Part 1
Stay tuned for additional content in this series.
IBM PureApplication Platform delivers hybrid cloud solutions that start with fully integrated cloud-native services and cloud-enabled middleware that can run in private datacenters. In firmware V2.2.3 (released on 5 May 2017) or later, you can create automatically configured hosted VMware environments for more flexibility on how you run and manage your workloads. This article has been updated for the features of V2.2.5.
You can use these environments to deploy various workloads that interact with VMware Virtual Center 6.0 and ESXi 6.0 hosts with the convenience of PureApplication Platform to configure and manage all the software and hardware components of the environment. You can also deploy PureApplication Software, which combines pattern-engine-based orchestration for hybrid cloud with the flexibility of these new environments. This concept is referred to as the PureApplication Software workload environment. With existing storage replication capabilities in PureApplication Software, you can replicate your PureApplication Software workload environments to a second system to deliver a platform-level, zero data-loss disaster recovery solution for all types of workloads.
This series of articles provides a step-by-step guide to work with these advanced capabilities for users of the PureApplication System W1500 and W2500 models, and the PureApplication Platform or Bluemix Local System W3500 and W3550 models. In this series, the term PureApplication Platform refers to the PureApplication environment running directly on any of the W1500, W2500, W3500, or W3550 models. The term PureApplication Software is used when referring to the PureApplication Software workload environments that run within hosted VMware environments on top of PureApplication Platform.
To begin, Part 1 shows you how to get started with creating and deploying hosted VMware environments in PureApplication Platform. It shows you how to allocate resources, configure external access to VMware components, and configure and deploy virtual machines in VMware. Then, Part 2 guides you through setting up PureApplication Software workload environments. Finally, Part 3 shows how you can build a disaster recovery solution with PureApplication Software workload environments and PureApplication Platform.
PureApplication Platform organizes compute nodes and storage resources around cloud groups. In VMware Virtual Center, which runs inside PureApplication Platform, one cluster of ESXi hosts corresponds to each cloud group. For typical cloud groups, PureApplication Platform tracks the allocation of network, compute, memory, and storage resources. This resource tracking ensures that deployments have enough resources. When high availability options are enabled, it ensures that enough resources are reserved to recover workload virtual machines when a compute node fails.
Virtual Manager cloud groups
Virtual Manager cloud groups exist specifically for hosted VMware environments. PureApplication Platform does not deploy into these cloud groups. Therefore, you must manage the network, compute, memory, and storage resources yourself.
When you create a Virtual Manager cloud group, the deployment-related settings are disabled because PureApplication Platform does not use these cloud groups for deployment. For more information, see the "Adding cloud groups" topic in the IBM PureApplication Software on IBM PureApplication Platform W3550 2.2.5 documentation.
Figure 1. Creating a Virtual Manager cloud group
Virtual Manager cloud groups do not use IP groups. When you use hosted VMware environments, you or your application must select IP addresses for your deployments and avoid IP conflicts. In PureApplication Platform, IP groups are associated with VLANs. Therefore, associating IP groups with cloud groups dictates which VLANs to use for deployments in the cloud group. When you use Virtual Manager cloud groups, you can place virtual machines on any VLAN that is defined in the system. If you want to use specific VLANs with specific cloud groups, ensure that your deployments use the appropriate VLAN. For more information, see the "Adding system connections" and "Private VLAN connections" topics in the IBM PureApplication Software on IBM PureApplication Platform W3550 2.2.5 documentation.
You can add compute nodes to Virtual Manager cloud groups as you would for any other cloud group from the cloud group detail pane. Add at least one compute node to each cloud group to have a functional hosted VMware environment. For more information, see the "Viewing and modifying cloud groups" topic in the IBM PureApplication Software on IBM PureApplication Platform W3550 2.2.5 documentation.
For conventional cloud groups, PureApplication Platform automatically creates Virtual Machine File System (VMFS)-formatted datastores as required to accommodate deployments and add-on VMFS volumes. When you use Virtual Manager cloud groups, you must manually create Block VMFS volumes for this purpose. You can associate Block VMFS volumes only with Virtual Manager cloud groups.
When you create a Block VMFS volume, select one or more Virtual Manager cloud groups ensure the storage is formatted as an empty datastore, as shown in the Figure 2. You can expand the volume later if more storage is required. However, replicated or cloned copies of Block VMFS volumes cannot be enlarged. Therefore, create these volumes with the expected size from the beginning, if you plan to use them in a disaster recovery solution with another PureApplication Platform appliance.
Figure 2. Creating a Block VMFS volume
If you create Block VMFS volumes without specifying a cloud group, the volumes are unformatted and can only be used as block storage replication targets for other datastores. After this type of Block VMFS volume has been the target for replication from a Block VMFS volume that has a valid VMFS datastore, you can associate the volume with Virtual Manager cloud groups.
If a Block VMFS volume is not formatted and has not received a valid datastore by using replication, this volume cannot be associated with cloud groups. The operation fails because Block VMFS volumes that are associated with cloud groups must always correspond to a mounted datastore in VMware.
Datastores have a generated name that begins with
p_. You can
identify datastores by this name in VMware Virtual Center and on ESXi
hosts. You can find the name in the volume detail pane, as shown in the
Figure 3. Identifying datastores
You can use the Block or Block Shared volume type to provide more LUNs in your hosted VMware environments, as shown in the following figure. You can use these LUNs as disks for your virtual machines by using Raw Device Mapping. These volumes are unformatted. After you attach them to a virtual machine, format them with the file system of your choice.
Figure 4. Creating a Block volume
After you create the Block or Block Shared volume, you can view its logical unit number (LUN) identifier in the volume detail pane as shown in the following figure. Only the LUN identifier is visible in VMware Virtual Center and on the ESXi hosts.
Figure 5. Identifying LUNs
Configuring external access to VMware components
To gain access to VMware components within PureApplication Platform, make the components addressable on your network, and generate access accounts.
Setting up networking
Normally, the VMware components are only accessible internally by PureApplication Platform through the IPv6 addresses. However, the system provides two features to add IPv4 addresses for accessing VMware Virtual Center and ESXi hosts:
- Virtual Manager external IP address
- Compute Nodes IP Group
As a preferred practice, in addition to these two features, configure the System Management virtual local area network (VLAN) on the PureApplication Platform to be an IP Group network or VLAN. By using this approach, all of the VMware components can be on the same flat System Management network or VLAN, without requiring a switch configuration in your core network. When you configure the System Management VLAN, keep these tips in mind:
- You can only access and configure the Virtual Manager external IP address on the System Management network or VLAN. To configure an external IP address for the virtual manager (VMware Virtual Center), select System -> Network Configuration. It is recommended that you configure a Virtual Manager FQDN for simplified access to the vSphere web client.
- You can only access the Compute Nodes IP Group on an IP Group network or VLAN. To grant access to the compute nodes, create an IP group used for Compute Nodes with one IPv4 address for each compute node in the system. This same feature allows access to virtual machine consoles through the compute node that they are on. The IP address allows access to the VMware ESXi host that runs on the compute node.
- ICMP (ping) should be enabled between the subnet for the Virtual Manager external IP address and for the compute nodes and the ports 443 (TCP) and 902 (TCP/UDP) should be open between the two subnets. If ICMP is disabled between the subnets, IP addresses can still be attached to compute nodes to allow MKS (mouse, keyboard, screen) console access, but the compute nodes will remain registered with the virtual manager using their internal IPv6 addresses.
Creating an external application
An external application is a collection of accounts that are created on internal components of the system, including VMware Virtual Center and ESXi hosts. The user names and passwords for these accounts are automatically generated. You must configure each external application carefully for its intended purpose. When you create an external application (Figure 6), use the following parameters to define it:
- Name: Use a unique, descriptive name that identifies the intended application, or person who is using the accounts, and the purpose.
- Access Scope: Choose Cloud Groups
for this setting, and then select the Virtual Manager cloud groups
that you created for this hosted VMware environment. The user that
will be created for VMware Virtual Center receives permission to view
and work only with the resources that are associated with these cloud
groups. Although you can select conventional cloud groups, deployment
into these cloud groups is not supported and can interfere with
deployments from PureApplication Platform.
Use the Everything option only when you create an external application for monitoring purposes. When you select the Grant Compute Node Access option, the Access Scope parameter also determines which compute nodes are accessible by this external application. When you choose Cloud Groups, users are created for only the compute nodes that belong to the selected cloud groups.
- Virtual Manager Privilege Set: Choose Default for a hosted VMware environment. You can use Read Only for monitoring or reporting purposes.
- Grant Compute Nodes Access: Select this option for a hosted VMware environment. By using this option, you can connect to the ESXi hosts, which can be helpful for transferring files, such as OS installation media or pre-built virtual machine disks (VMDKs), into the environment.
- Grant Storage Access: To create a monitoring user for the storage controller in addition to the VMware accounts, select this check box. Otherwise, unless storage monitoring is required, leave this check box cleared.
Figure 6. Creating an external application
You can create as many external applications as you want. Use different external applications for each use case so that you can revoke access or regenerate passwords at a sufficiently fine granularity. After you set up an external application, click Show details. A window (as shown in the following figure) opens that lists the external users (accounts) that are associated with the external application. Each row corresponds to a user for one of the internal components of the system and gives the IP address and user name for accessing it. To see the password, click Show Passwords.
Figure 7. Viewing external users
Accessing VMware Virtual Center
In the list of external users for your external application, look in the
Name column for the value
Virtual Manager. This
row gives the IP address and user name for accessing VMware Virtual
You can supply these credentials to applications that use the VMware vSphere API to connect to VMware Virtual Center directly. You can also use the credentials to allow human users to access the vSphere Web Client.
Note: If you did not configure a Virtual Manager FQDN and
continue to use the default of 'purevc' then special configuration is
required. Before you use the
vSphere Web Client, create an entry in the hosts file of the computer that
you will access the web client from. For this entry, map the host name
purevc to the external IP address that you set up for VMware
Virtual Center. Consult your operating system (OS) documentation for
instructions on creating this host mapping. Log in to the web client at
https://<Virtual Manager FQDN>/vsphere-client/, or if you
did not specify an FQDN, use the default
Figure 8. Logging in to the VMware vSphere Web Client
In some cases, clusters and hosts might not display in the Hosts and Clusters view, and datastores might not display in the Storage view. This issue is known in the vSphere Web Client. To work around this problem, search for the inventory item from the search box in the upper right corner of the user interface.
Accessing ESXi hosts
If you selected the Grant Compute Nodes Access option when you created your external application, external users were created for each compute node. In the Name column, the value that displays for these users is Compute Node followed by the serial number and location details. In VMware, the name of the ESXi host for the compute node matches the IPv4 address that is shown in the IP Address column.
To use the VMware Host Client, log in at
https://<IP Address>/ui/, replacing
<IP Address> with the IP address that is
listed for the external user, as shown in the following figure.
Figure 9. Logging in to the VMware Host Client
You can also use Secure Shell (SSH) protocol or Secure Copy Protocol (SCP) with this ESXi user.
ESXi users: External users for compute nodes have full permission on the ESXi host. Use caution when you use these accounts to access storage and to manage virtual machines. Using them to change the configuration of the ESXi host can interfere with normal operation of PureApplication Platform.
Configuring and deploying virtual machines in VMware
After you allocate resources and have access to the Virtual Center Server, start configuring the environment and deploying virtual machines. The purpose of these new hosted VMware environments is to give you more flexibility in how virtual machines are configured, deployed, and managed. This section provides basic starting points for these things, but they can vary widely depending on your objectives.
Options for high availability
In PureApplication Platform, you can ensure high availability at the cloud group level by managing the resource consumption within conventional cloud groups. As an alternative, you can reserve compute nodes at the system level to be supplied to cloud groups as needed for failover.
Because PureApplication Platform does not monitor or manage deployments in Virtual Manager cloud groups, only system level HA is applicable for Virtual Manager cloud groups and hosted VMware environments. You can enable this by setting Reserve resources for availability to System on your Virtual Manager cloud groups. Provided you have a High Availability cloud group with spare compute nodes, PureApplication Platform will move a spare compute node into your cloud group when it detects a compute node failure. For more information, see the "Administering cloud groups" and "Viewing and modifying cloud groups" topics in the IBM PureApplication Software on IBM PureApplication Platform W3550 2.2.5 documentation.
If you prefer to keep dedicated resources within your cloud group for high availability, you can set Reserve resources for availability to None, and use VMware vSphere HA and/or DRS features to achieve your objectives. In this case, PureApplication Platform will not change the vSphere HA or DRS settings. One approach you can use if you have multiple compute nodes in the Virtual Manager cloud group is to enable vSphere HA and select one of the hosts as a dedicated failover host. If the compute nodes have different memory and CPU capacities, choose the node with the highest capacity. This way, you have high availability if a single compute node failure occurs. The compute node that you select as a dedicated failover host is placed in maintenance mode, and VMware Virtual Center prevents deployment of virtual machines (VMs) on it. Its full capacity is reserved to take on the workload of any other host if a failure occurs. For more information, see vSphere HA Admission Control and Configuring vSphere HA Cluster Settings int he VMware documentation.
Transferring files to and from the hosted VMware environment
Files that contain OS installations, such as VMDKs and ISO images, can be transferred into the environment in a few different ways. In any case, you must first identify the datastore onto which the files will be transferred.
In PureApplication Platform, the Block VMFS volumes that you create can have
meaningful names that you choose. However, the corresponding datastores in
VMware have automatically-generated names that start with
(See Figure 3 for an example.)
Once you have found the datastore name for a datastore associated with the cloud group you are using, you can transfer files any of these three ways:
- SCP the files using any compute node in the cloud group. The datastore contents are mounted in the /vmfs/volumes directory. For example, the contents of the datastore on the Block VMFS volume that is shown in Figure 3 are in the /vmfs/volumes/p_7c10af06-ca72-4547-bdfd-105a7a5de652 directory. This method is the most efficient and is best for large files.
- Use the datastore browser in the vSphere web client. (Using the web client techniques requires you to install a browser plug-in.)
- Use the datastore browser in the VMware Host Client for any compute node in the cloud group.
Creating virtual machines
You can use the vSphere Web Client to deploy OVF templates. You can also create VMs by choosing the New Virtual Machine action on a host or cluster. In the wizard that opens, you can choose to create a VM from scratch or from a template. You can also perform several different types of cloning operations.
Figure 10. Creating a new virtual machine
When you select a location for the VM, the vSphere Web Client does not allow you to select the root VM folder (datacenter) if the external application was created with the Cloud Groups access scope. In this case, expand the datacenter, and select the folder with the same name as the cluster in which you are creating the VM (see the following figure).
Figure 11. Selecting the virtual machine location
Also, select a location to store the VM files. This location is a datastore (see the following figure) on one of the Block VMFS volumes that you created and associated with the cloud group. The VM files are stored in a folder in this datastore with the same name as the VM.
Figure 12. Selecting a datastore for the virtual machine
When you configure the hardware for your VM, you can create new disks, select existing disks that you previously transferred into the hosted VMware environment, or do both. If you created a Block volume to use a LUN as an RDM disk, you can identify the LUN by its LUN identifier. For example, the LUN identifier from the Block volume that is shown in Figure 5 appears as part of the name of the target LUN in the New Virtual Machine wizard in the following figure.
Figure 13. Attaching an RDM disk
On the hardware customization step, you can also select the VLAN for your VM. For each network interface that you add, a drop-down list shows the available port groups (see the following figure). Each port group corresponds to a VLAN that is defined in PureApplication Platform. The name of each port group is the same as its VLAN ID.
Figure 14. Selecting a port group for the VLAN
Accessing virtual machines by using the remote console
The best way to access the consoles of your VMs is to download and install the VMware Remote Console, which is a stand-alone application.
You can start a session using the vSphere Web Client.
- Navigate to the virtual machine for which you want to use the console.
- Switch to the Summary tab, then click on Launch Remote Console.
Another option is the HTML5-based browser remote console in vSphere Web Client, but it has limitations in the mouse functions, as documented by VMware.
This article introduced you to the advanced features of PureApplication Platform firmware V126.96.36.199. You learned how you can get started with creating and deploying hosted VMware environments in PureApplication Platform. Specifically, you learned how to allocate resources, configure external access to VMware components, and configure and deploy virtual machines in VMware. In Part 2 of this series, you learn how to set up PureApplication Software workload environments.
The authors extend their appreciation to Gus Parvin, Jessica Stevens, Anilkumar Hegde, and Joe Wigglesworth for their help with this article.