Hosted VMware environments and recovery solutions in IBM
PureApplication Platform, Part 1
This content is part # of # in the series: Hosted VMware environments and recovery solutions in IBM PureApplication Platform, Part 1
Stay tuned for additional content in this series.
This content is part of the series:Hosted VMware environments and recovery solutions in IBM PureApplication Platform, Part 1
Stay tuned for additional content in this series.
PureApplication Platform delivers hybrid cloud solutions that
start with fully integrated cloud-native services and cloud-enabled
middleware that can run in private datacenters. In firmware V2.2.3
(released on 5 May 2017) or later, you can create automatically configured
hosted VMware environments for more flexibility on how you run and manage
your workloads. This article has been updated for the features of V2.2.5.
You can use these environments to deploy various workloads that interact
with VMware Virtual Center 6.0 and ESXi 6.0 hosts with the convenience of
PureApplication Platform to configure and manage all the software and hardware
components of the environment. You can also deploy PureApplication
Software, which combines pattern-engine-based orchestration for hybrid
cloud with the flexibility of these new environments. This concept is
referred to as the PureApplication Software workload environment.
With existing storage replication capabilities in PureApplication
Software, you can replicate your PureApplication Software workload environments to a
second system to deliver a platform-level, zero data-loss disaster
recovery solution for all types of workloads.
This series of articles provides a step-by-step guide to work with these advanced capabilities for users of the PureApplication System W1500 and W2500 models, and the PureApplication
Platform or Bluemix Local System W3500 and W3550 models. In this series, the term
PureApplication Platform refers to the PureApplication environment running directly on any of
the W1500, W2500, W3500, or W3550 models. The term PureApplication Software is used
when referring to the PureApplication Software workload environments that run within hosted
VMware environments on top of PureApplication Platform.
To begin, Part 1 shows you how to get started
with creating and deploying hosted VMware environments in PureApplication Platform. It shows you how to allocate resources, configure external access
to VMware components, and configure and deploy virtual machines in VMware.
Then, Part 2 guides you through setting up PureApplication Software
workload environments. Finally, Part 3 shows how you can build a disaster recovery solution with
PureApplication Software workload environments and PureApplication Platform.
PureApplication Platform organizes compute nodes and storage resources around
cloud groups. In VMware Virtual Center, which runs inside PureApplication Platform, one cluster of ESXi hosts corresponds to each cloud group. For
typical cloud groups, PureApplication Platform tracks the allocation of
network, compute, memory, and storage resources. This resource tracking
ensures that deployments have enough resources. When high availability
options are enabled, it ensures that enough resources are reserved to
recover workload virtual machines when a compute node fails.
Virtual Manager cloud groups
Virtual Manager cloud groups exist specifically for hosted VMware
environments. PureApplication Platform does not deploy into these cloud
groups. Therefore, you must manage the network, compute, memory, and
storage resources yourself.
When you create a Virtual Manager cloud group, the deployment-related
settings are disabled because PureApplication Platform does not use these
cloud groups for deployment. For more information, see the
“Adding cloud groups” topic in the IBM PureApplication Software on
IBM PureApplication Platform W3550 2.2.5 documentation.
Figure 1. Creating a Virtual Manager cloud group
Virtual Manager cloud groups do not use IP groups. When you use hosted
VMware environments, you or your application must select IP addresses for
your deployments and avoid IP conflicts. In PureApplication Platform, IP
groups are associated with VLANs. Therefore, associating IP groups with
cloud groups dictates which VLANs to use for deployments in the cloud
group. When you use Virtual Manager cloud groups, you can place virtual
machines on any VLAN that is defined in the system. If you want to use
specific VLANs with specific cloud groups, ensure that your deployments
use the appropriate VLAN. For more information, see the “Adding system connections” and “Private VLAN connections” topics in the IBM PureApplication
Software on IBM PureApplication Platform W3550 2.2.5 documentation.
You can add compute nodes to Virtual Manager cloud groups as you would for
any other cloud group from the cloud group detail pane. Add at least one
compute node to each cloud group to have a functional hosted VMware
environment. For more information, see the “Viewing and modifying cloud groups” topic in the IBM PureApplication
Software on IBM PureApplication Platform W3550 2.2.5 documentation.
For conventional cloud groups, PureApplication Platform automatically creates
Virtual Machine File System (VMFS)-formatted datastores as required to
accommodate deployments and add-on VMFS volumes. When you use Virtual
Manager cloud groups, you must manually create Block VMFS volumes for this
purpose. You can associate Block VMFS volumes only with Virtual Manager
When you create a Block VMFS volume, select one or more Virtual Manager
cloud groups ensure the storage is formatted as an empty datastore, as
shown in the Figure 2. You can expand the volume later if more storage is required.
However, replicated or cloned copies of Block VMFS volumes cannot be enlarged. Therefore, create these volumes with the expected size
from the beginning, if you plan to use them in a disaster recovery
solution with another PureApplication Platform appliance.
Figure 2. Creating a Block VMFS volume
If you create Block VMFS volumes without specifying a cloud group, the
volumes are unformatted and can only be used as block storage replication targets for
other datastores. After this type of Block VMFS volume has been the target for replication
from a Block VMFS volume that has a valid VMFS datastore, you can
associate the volume with Virtual Manager cloud groups.
If a Block VMFS volume is not formatted and has not received a valid
datastore by using replication, this volume cannot be associated with
cloud groups. The operation fails because Block VMFS volumes that are
associated with cloud groups must always correspond to a mounted datastore
Datastores have a generated name that begins with
p_. You can
identify datastores by this name in VMware Virtual Center and on ESXi
hosts. You can find the name in the volume detail pane, as shown in the
Figure 3. Identifying
You can use the Block or Block Shared volume type to provide more LUNs in
your hosted VMware environments, as shown in the following figure. You can
use these LUNs as disks for your virtual machines by using Raw Device
Mapping. These volumes are unformatted. After you attach them to a virtual
machine, format them with the file system of your choice.
4. Creating a Block volume
After you create the Block or Block Shared volume, you can view its logical
unit number (LUN) identifier in the volume detail pane as shown in the
following figure. Only the LUN identifier is visible in VMware Virtual
Center and on the ESXi hosts.
Figure 5. Identifying LUNs
Configuring external access to VMware components
To gain access to VMware components within PureApplication Platform, make the
components addressable on your network, and generate access accounts.
Normally, the VMware components are only accessible internally by PureApplication Platform through the IPv6 addresses. However, the system provides two
features to add IPv4 addresses for accessing VMware Virtual Center and
- Virtual Manager external IP address
- Compute Nodes IP Group
As a preferred practice, in addition to these two features, configure the
System Management virtual local area network (VLAN) on the PureApplication
Platform to be an IP Group network or VLAN. By using this approach, all of
the VMware components can be on the same flat System Management network or
VLAN, without requiring a switch configuration in your core network. When
you configure the System Management VLAN, keep these tips in mind:
- You can only access and configure the Virtual Manager external IP address on the System Management
network or VLAN. To configure an external IP address for the virtual
manager (VMware Virtual Center), select System -> Network
Configuration. It is recommended that you configure a Virtual Manager FQDN for simplified access to the vSphere web client.
- You can only access the Compute Nodes IP Group on an IP Group network or VLAN. To grant access to
the compute nodes, create an IP group used for Compute Nodes
with one IPv4 address for each compute node in the system. This same
feature allows access to virtual machine consoles through the compute
node that they are on. The IP address allows access to the VMware ESXi
host that runs on the compute node.
- ICMP (ping) should be enabled between the subnet for the Virtual Manager external IP
address and for the compute nodes and the ports 443 (TCP) and 902 (TCP/UDP) should be open
between the two subnets. If ICMP is disabled between the subnets, IP addresses can still be attached to compute nodes to allow MKS (mouse, keyboard, screen) console access, but the compute nodes will remain
registered with the virtual manager using their internal IPv6 addresses.
Creating an external application
An external application is a collection of accounts that are
created on internal components of the system, including VMware Virtual
Center and ESXi hosts. The user names and passwords for these accounts are
automatically generated. You must configure each external application
carefully for its intended purpose. When you create an external
application (Figure 6), use the following parameters to define it:
- Name: Use a unique, descriptive name that identifies
the intended application, or person who is using the accounts, and the
- Access Scope: Choose Cloud Groups
for this setting, and then select the Virtual Manager cloud groups
that you created for this hosted VMware environment. The user that
will be created for VMware Virtual Center receives permission to view
and work only with the resources that are associated with these cloud
groups. Although you can select conventional cloud groups, deployment
into these cloud groups is not supported and can interfere with
deployments from PureApplication Platform.
Everything option only when you create an
external application for monitoring purposes. When you select the
Grant Compute Node Access option, the Access
Scope parameter also determines which compute nodes are accessible
by this external application. When you choose Cloud
Groups, users are created for only the compute nodes
that belong to the selected cloud groups.
- Virtual Manager Privilege Set: Choose
Default for a hosted VMware environment. You can
use Read Only for monitoring or reporting
- Grant Compute Nodes Access: Select this option for a
hosted VMware environment. By using this option, you can connect to
the ESXi hosts, which can be helpful for transferring files, such as OS
installation media or pre-built virtual machine disks (VMDKs), into
- Grant Storage Access: To create a monitoring user for
the storage controller in addition to the VMware accounts, select this
check box. Otherwise, unless storage monitoring is required, leave
this check box cleared.
Creating an external application
You can create as many external applications as you want. Use different
external applications for each use case so that you can revoke access or
regenerate passwords at a sufficiently fine granularity. After you set up
an external application, click Show details. A window (as
shown in the following figure) opens that lists the external users
(accounts) that are associated with the external application. Each row
corresponds to a user for one of the internal components of the system and
gives the IP address and user name for accessing it. To see the password,
click Show Passwords.
7. Viewing external users
Accessing VMware Virtual Center
In the list of external users for your external application, look in the
Name column for the value
Virtual Manager. This
row gives the IP address and user name for accessing VMware Virtual
You can supply these credentials to applications that use the VMware
vSphere API to connect to VMware Virtual Center directly. You can also use
the credentials to allow human users to access the vSphere Web Client.
Note: If you did not configure a Virtual Manager FQDN and
continue to use the default of ‘purevc’ then special configuration is
required. Before you use the
vSphere Web Client, create an entry in the hosts file of the computer that
you will access the web client from. For this entry, map the host name
purevc to the external IP address that you set up for VMware
Virtual Center. Consult your operating system (OS) documentation for
instructions on creating this host mapping. Log in to the web client at
https://<Virtual Manager FQDN>/vsphere-client/, or if you
did not specify an FQDN, use the default
8. Logging in to the VMware vSphere Web Client
In some cases, clusters and hosts might not display in the Hosts and Clusters view, and datastores
might not display in the Storage view. This issue is known in the vSphere
Web Client. To work around this problem, search for the inventory item
from the search box in the upper right corner of the user interface.
Accessing ESXi hosts
If you selected the Grant Compute Nodes Access option when
you created your external application, external users were created for
each compute node. In the Name column, the value that displays for these users is Compute Node followed by the serial number and location details. In VMware, the name of the ESXi host for the compute node matches the IPv4 address that is shown in the IP Address column.
To use the VMware Host Client, log in at
https://<IP Address>/ui/, replacing
<IP Address> with the IP address that is
listed for the external user, as shown in the following figure.
Logging in to the VMware Host Client
You can also use Secure Shell (SSH) protocol or Secure Copy Protocol (SCP)
with this ESXi user.
ESXi users: External users for compute
nodes have full permission on the ESXi host. Use caution when you use
these accounts to access storage and to manage virtual machines. Using
them to change the configuration of the ESXi host can interfere with
normal operation of PureApplication Platform.
Configuring and deploying virtual machines in VMware
After you allocate resources and have access to the Virtual Center Server,
start configuring the environment and deploying virtual machines. The
purpose of these new hosted VMware environments is to give you more
flexibility in how virtual machines are configured, deployed, and managed.
This section provides basic starting points for these things, but they can
vary widely depending on your objectives.
Options for high availability
In PureApplication Platform, you can ensure high availability at the cloud
group level by managing the resource consumption within conventional cloud
groups. As an alternative, you can reserve compute nodes at the system
level to be supplied to cloud groups as needed for failover.
Because PureApplication Platform does not monitor or manage deployments in Virtual Manager cloud groups, only system level HA is applicable for Virtual Manager cloud groups and hosted VMware environments. You can enable this by setting Reserve resources for availability to System on your Virtual Manager cloud groups. Provided you have a High Availability cloud group with spare compute nodes, PureApplication Platform will move a spare compute node into
your cloud group when it detects a compute node failure. For more information, see the “Administering cloud groups” and “Viewing and modifying cloud groups” topics in the IBM PureApplication Software on IBM PureApplication Platform W3550 2.2.5 documentation.
If you prefer to keep dedicated resources within your cloud group for high availability, you can set Reserve resources for availability
to None, and use VMware vSphere HA and/or DRS features to achieve
your objectives. In this case, PureApplication Platform will not change the vSphere HA or
DRS settings. One approach you can use if you have multiple compute nodes in the Virtual Manager cloud group is to enable vSphere HA and select one of the hosts as a dedicated failover host. If
the compute nodes have different memory and CPU capacities, choose the
node with the highest capacity. This way, you have high availability if a
single compute node failure occurs. The compute node that you select as a
dedicated failover host is placed in maintenance mode, and VMware Virtual
Center prevents deployment of virtual machines (VMs) on it. Its full
capacity is reserved to take on the workload of any other host if a
failure occurs. For more information, see vSphere HA Admission Control and Configuring vSphere HA Cluster Settings int he VMware
Transferring files to and from the hosted VMware
Files that contain OS installations, such as VMDKs and ISO images, can be transferred into the
environment in a few different ways. In any case, you must first identify the datastore onto which
the files will be transferred.
In PureApplication Platform, the Block VMFS volumes that you create can have
meaningful names that you choose. However, the corresponding datastores in
VMware have automatically-generated names that start with
(See Figure 3 for an example.)
Once you have found the datastore name for a datastore associated with the cloud group you are
using, you can transfer files any of these three ways:
- SCP the files using any compute node in the cloud group. The datastore contents are mounted
in the /vmfs/volumes directory. For example, the contents of the datastore on the Block VMFS volume that is shown in Figure 3 are in the /vmfs/volumes/p_7c10af06-ca72-4547-bdfd-105a7a5de652 directory. This method is the most efficient and is best for large
- Use the datastore browser in the vSphere web client. (Using the web
client techniques requires you to install a browser plug-in.)
- Use the datastore browser in the VMware Host Client for any compute node in the cloud
Creating virtual machines
You can use the vSphere Web Client to deploy OVF templates. You can also create VMs by choosing the New Virtual Machine action on a host or cluster. In the wizard that opens, you can choose to create a VM from scratch or from a template. You can also perform several different types of cloning operations.
Figure 10. Creating a new virtual machine
When you select a location for the VM, the vSphere Web Client does not
allow you to select the root VM folder (datacenter) if the external
application was created with the Cloud Groups access scope. In
this case, expand the datacenter, and select the folder
with the same name as the cluster in which you are creating the VM (see
the following figure).
11. Selecting the virtual machine location
Also, select a location to store the VM files. This location is a datastore
(see the following figure) on one of the Block VMFS volumes that you
created and associated with the cloud group. The VM files are stored in a
folder in this datastore with the same name as the VM.
Figure 12. Selecting a datastore for the virtual machine
When you configure the hardware for your VM, you can create new disks,
select existing disks that you previously transferred into the hosted
VMware environment, or do both. If you created a Block volume to use a LUN
as an RDM disk, you can identify the LUN by its LUN identifier. For
example, the LUN identifier from the Block volume that is shown in Figure 5 appears as part of the name of the target
LUN in the New Virtual Machine wizard in the following figure.
13. Attaching an RDM disk
On the hardware customization step, you can also select the VLAN for your
VM. For each network interface that you add, a drop-down list shows the
available port groups (see the following figure). Each port group
corresponds to a VLAN that is defined in PureApplication Platform. The name of
each port group is the same as its VLAN ID.
Figure 14. Selecting a port group for the VLAN
Accessing virtual machines by using the remote console
The best way to access the consoles of your VMs is to download and install the
VMware Remote Console, which is a stand-alone application.
You can start a session using the vSphere Web Client.
- Navigate to the virtual machine for which you want to use the console.
- Switch to the Summary tab, then click on Launch Remote Console.
Another option is the HTML5-based browser remote console in vSphere Web
Client, but it has limitations
in the mouse functions, as documented by VMware.
This article introduced you to the advanced features of PureApplication
Platform firmware V18.104.22.168. You learned how
you can get started with creating and deploying hosted VMware environments
in PureApplication Platform. Specifically, you learned how to allocate
resources, configure external access to VMware components, and configure
and deploy virtual machines in VMware. In Part 2 of this series, you learn how to set up PureApplication
Software workload environments.
The authors extend their appreciation to Gus Parvin, Jessica Stevens, Anilkumar Hegde, and Joe Wigglesworth for their help with this article.
Credit: Source link