Skip to main content

Dell EMC VxRail 4.5 Upgrade Process: The Aftermath

Part 1: Dell EMC VxRail 4.5 Upgrade Process: Before We Begin
Part 2: Dell EMC VxRail 4.5 Upgrade Process: Upgrading the Cluster
Part 3: Dell EMC VxRail 4.5 Upgrade Process: The Aftermath

In the final post in this 3-part series, we cover some of the things that need to be done post upgrade for a VxRail 4.5 cluster.

Cleanup Process After a Successful Upgrade

  1. Log into the vSphere Web Client.
  2. Navigate to Hosts and Clusters.
  3. Delete all snapshots from the VxRail Manager service VM.
    1. Right-click the VxRail Manager VM, select Snapshots > Delete All Snapshots.
  4. Delete all snapshots from the vCenter Server Appliance service VM.
    1. Right-click the vCenter Server Appliance VM, select Snapshots > Delete All Snapshots.
  5. Delete all snapshots from the Platform Services Controller service VM.
    1. Right-click the Platform Services Controller VM, select Snapshots > Delete All Snapshots.
  6. If changes were made to avoid vSAN timeout issues during the upgrade process, change the following Advanced System Setting when the upgrade is complete.
    1. Navigate to Hosts and Clusters.
    2. Select the first node in the cluster.
    3. Select Configure > System > Advanced System Settings.
    4. Locate the VSAN.ClomRepairDelay setting.
    5. Change the current value of

Read More

Dell EMC VxRail 4.5 Upgrade Process: Before We Begin

Part 1: Dell EMC VxRail 4.5 Upgrade Process: Before We Begin
Part 2: Dell EMC VxRail 4.5 Upgrade Process: Upgrading the Cluster
Part 3: Dell EMC VxRail 4.5 Upgrade Process: The Aftermath

In Part 1 of this 3-part series, we’ll address what to do prior to kicking off an upgrade of your 4.5 VxRail cluster. There are a few “gotchas” I’ve run into in the past that I address here. Hopefully it’s helpful.

Generating the SolVe Upgrade Procedure

  1. Log into Dell EMC SolVe Online.
  2. Select All Products from the menu.
  3. Click the VxRail Appliance button.
  4. Click the Software Upgrade Procedures link.
  5. Select the model of the VxRail appliances being upgraded, and click the Next button.
  6. Select the VxRail software version currently installed on the VxRail appliances being upgraded, and scroll down.
  7. Select the VxRail software version targeted for installation on the VxRail appliances being upgraded, and click the Next button.
  8. Click the Generate button to generate an upgrade procedure.
  9. Save, open and read the procedure thoroughly once it has been generated.
  10. Download the VxRail Composite Bundle for the version of software targeted in the upgrade.

Before Upgrading the VxRail Cluster

  1. Log into the vCenter Server Appliance Management Interface using

Read More

Add Download Sources to VMware Update Manager (VUM)

An ESXi host can have custom vSphere Installation Bundles (VIBs) installed. Typically, this includes things like third-party drivers or management agents. In some cases, you may want to manage those installed drivers or agents with VMware Update Manager (VUM) to deploy a specific known-good configuration across a cluster with ease. Here’s how you add 3rd party download sources to VUM in vCenter:

vSphere Web Client (Flex)

  1. On the vSphere client home screen, click the Update Manager icon.
  2. On the Configuration tab, click Download Settings.
  3. Click Add Download Source.
  4. Enter the Source URL for the Download Source you want to add.
  5. Click OK.
  6. Click Download Now to upload the package, then click Apply.

vSphere Client

  1. On the vSphere client home screen, click Menu, then Update Manager icon.
  2. On the Settings tab, click Patch Setup.
  3. Click New to create a new download source.
  4. Enter the Source URL and Description for the Download Source you want to add.
  5. Click OK.
  6. On the Settings tab, click Patch Downloads.
  7. Click Download Now to download new patch definitions.

Not every manufacturer supports integration with VMware Update Manager, but here’s what I could find.

3rd Party Download Sources for

Read More

Group Policy Security Filtering

An administrator can add both computers and users to security groups. Then the administrator can specify which security groups are affected by the GPO by using the Access Control List (ACL) editor. To start the ACL editor, select the Security tab of the property page for the GPO. Then set access permissions using discretionary access control lists (DACLs) to allow or deny access to the GPO by specified groups. By changing the Access Control Entries (ACEs) within the DACL, the effect of any GPO can be modified to exclude or include the members of any security group. For more information about security groups, see How Security Groups are Used in Access Control.

To apply a GPO to a specific group, both the Read and Apply Group Policy ACEs are required. By default, all Authenticated Users have both these permissions set to Allow. Because everyone in an organizational unit is automatically an Authenticated User, the default behavior is for every GPO to apply to every Authenticated User. However, domain administrators, enterprise administrators, and the LocalSystem account already have full control permissions, by default, without the Apply Group Policy ACE. Therefore, because administrators are also …

Read More

Group Policy WMI Filtering

Group Policy WMI Filtering was introduced with Windows XP, and is a great way to add a decision on when to apply a given group policy. WMI Filters, written in WMI Query Language (WQL), allow an administrator to specify a WMI-based query to filter the application of a GPO. WMI Filtering can be very useful when users or computers are located in a relatively flat OU structure in Active Directory, for example. WMI Filters can also allow you to apply specific policies based on server roles, operating system version, network configuration, and other criteria. Windows evaluates these filters in the following order of overall Group Policy Processing:

  1. Policies are located in hierarchy.
  2. The WMI Filters are checked.
  3. The security settings are checked.
  4. A policy is either filtered or applied depending on the results of the previous checks.

Breakdown: We locate all of the policies that exist in the user or computer’s Local, Site, Domain, and OU hierarchy. We then determine if the WMI Filter (if any are defined) returns TRUE. We then verify that the user or computer has both Read and Apply group policy permissions for the GPO. Once all of that is validated, the group policy is …

Read More

Group Policy Best Practices

I thought it might be useful to outline the approach that I take to designing group policy infrastructure in environments that I manage. Architecting group policy can be a daunting and time consuming task, so it’s good to know how it works before you start. All of what you’re about to read was gathered from Microsoft documentation, and should be accurate to the date of this writing. Everything you’re about to read has been compiled over the last 10 years from a combination of Microsoft best practices and real world experiences tweaking GPOs in production environments.

I use the terms functional and monolithic to describe the two possible approaches:

  • Functional GPOs Contain one or more settings from a single policy area and often target a single function (e.g., Browser Security, Workstation Lock)
  • Monolithic GPOs Contain a variety of settings from multiple policy areas (e.g., Administrative Templates, security, Group Policy preferences)

The majority of the corporate environments I’ve managed contain Functional GPOs when I start. Most environments should have a mix of both Monolithic and Functional GPOs. This is driven by factors such as the need for delegating certain GPOs to a particular business unit administrator, the desire to manage …

Read More

Simplifying Veeam Backups Using VMware Tags

If you’re lazy like me, you hate having to open 26 different applications when you provision a new virtual machine. Lets eliminate the need to open one of those applications, Veeam.

Traditionally, when you provision a new virtual machine, you would open Veeam Backup & Replication Console and add that specific VM to one of the Backup Jobs you have configured. You’d have to make sure that you’ve correctly configured things like encryption, application-aware backups, exceptions and credentials for the VM you’ve provisioned.

Now, I don’t know about you, but I hate extra work. Here’s how you can solve this problem with a little bit of automation using VMware Tags and Veeam Backup & Replication.

Note: VMware Tags require vCenter version 5.1 and above. Reference

Step 1: Create Backup Tags in VMware vCenter
For my needs, I created quite a few VMware Tags. One for each of the Veeam Backup Jobs I needed, and a few to dynamically change the settings of the backup job for specific virtual machines. Here’s how they’re laid out:

  1. Create a new category for your backup tags called Backup. For this category, you should set Cardinality to Many tags per object, and you

Read More

VMware Tagging and Why You Should Care

VMware Tags were introduced with vSphere 5.1, and replace the legacy Custom Attributes feature from earlier versions. Tags allow you to add valuable metadata to every object in your inventory, which makes them searchable and sortable by those tags. How can this be used, you ask? Well I’ll tell you how I use tags.

I use tags to control which backup a virtual machine is a part of, to control the settings that should be applied during the backup, to identify the priority of virtual machines for business continuity and disaster recovery purposes, to define the patch group the virtual machine is in, to identify server roles and installed applications, to create dynamic groups of machines in Turbonomic Operations Manager. One of the guys on my team even built a dynamic list of servers on our SharePoint site that allows us to see at a glance every server in our environment and filter it to find the information we need quickly.

What is a Category?
Categories allow you to group related tags together. When you define a category, you can also specify which object types its tags can be applied to and whether more than one tag in the category …

Read More