Tuesday, February 6, 2018

Horizon 7 with Nvidia GRID Setup Gotchas

Been setting up POC environment for customer and this time wrong got involve with using Nvidia GRID.

Encounter some setup steps that are missing from nVidia Deployment guide.
In fact, every single setup guide uses the nVidia K1 & K2 card as a reference and those cards have EOA.

Here will share with you if you are using any of the newer cards e.g. M60, M6, M10, etc.

Here are some resources you should refer to when setting GRID on Horizon 7.x.
  1. Register an account on nVidia to download the vibs for ESXi and nVidia License server and Nvidia Driver for Windows OS.
  2. Deploying Hardware-Accelerated Graphics with Horizon 7
  3. GIRD Virtual GPU
    I love to use this guide as a reference to what profile is available for each card type.
In a summary what needs to be done on the master image:
  1. Install VMware tools
  2. Install Horizon View Direct-Connect agent (you know why this needed later)
  3. Shutdown VM
  4. Edit VM settings, add shared PCI device, select your GRID profile
  5. Take a snapshot (in case you need to revert)
  6. Power up the VM
  7. Install Nvidia GRID drivers
  8. Reboot VM
  9. Use the IP and connect using Horizon Client (a bug due to Nvidia graphics driver in use, vSphere console no longer works)
Some of the Gotchas to watch out.
1. On ESXi 6.5 and above, remember to go to each ESXi server and under Configure, make sure the 2 things need to be in place:

Security Profile: X.Org Server service is started
Alternative you can run ESXi Shell or SSH with  > /etc/initi.d/xorg start


Graphic: Change Shared to Shared Direct for both Host and Slot

2. If you are using the new Dell Gen 14 server, there is a bug stated in the release notes, page 9.

When running nvidia-smi you will receive the following error message "“failed to initialize NVML: unknown error”

In the System BIOS Settings, Integrated Devices, Memory Mapped I/O Base, set to 12TB (default 56TB)

Lastly checking everything is in place:

ESXi Shell or SSH:

> nvidia-smi
This will return all the GPU found on the nVidia card on the server.

>dmesg | grep -i nvidia
This will show you if the driver on ESXi is loaded properly and successfully.

Friday, January 12, 2018

VMware Spectre and Meltdown Information

Recently the most talk about security measurement against the two discovered vulnerabilities has raised a lot of talks. This all started and revealed by Google Project Zero.

I have also recently shared advice from VMware support and KBs to our Singapore VMUG users during our event yesterday.

Below is a summary of questions and the approach you should be doing for patching your VMware environment.

Details on Spectre and Meltdown

Side Notes

  • ESXi is only affected by Spectre and all patches for ESXi 5.5. and above has been released. Removed due to retracting of code instructed by Intel. Check update below.
  • ESXi is NOT affected by Meltdown as it does not have untrusted user access.


  1. We heard that the patches affect performance. Will these patches from VMware affect the performance of hypervisor?
    Patches from ESXi have no measurable performance impact. But guest level patching might have. Guest OS vendor is the right contact to comment on this. E.g. from Microsoft.
  2. Other than patching ESXi and OS is there other things to take note?VM hardware must be upgraded in order for the patches to work. Virtual Hardware Version 9 is a minimum requirement for Hypervisor-Assisted Guest Mitigation for branch target injection (CVE-2017-5715) due to MSR bit been exposed in this version. Hardware version 11 is best recommended as PCID on CPU is exposed in this version.
  3. I am running vCenter on Windows, do I need to patch vCenter?
    Yes, please download the latest patches together with ESXi for your vCenter. Follow the same upgrade process as per upgrading.
  4. How will VM that is running Windows XP, 2003, Windows 2000 and legacy OS be impacted?
    OS vendors should provide the patches. In this case, Microsoft does not provide the patches for legacy OS, there will be no solution.
  5. Do I need to install BIOS patch from server vendor if I have applied ESXi patches?
    Yes, it is best to apply server vendor BIOS patches if available as server vendor might provide additional components specific to their server hardware.
    Follow Server vendor BIOS update. ESXi patches has been retracted following Intel 's instruction.
  6. What if I have applied server BIOS patches do I still apply VMware ESXi patches?
    ESXi will only push microcode on the hardware if it is older.
    No more ESXi patches.
  7. I am using server custom ESXi ISO but it is not updated, can I apply the patches from VMware?
    Yes, you can apply these patches to custom ISO. Please check with your hardware vendors for any special change they might have.
    No more ESXi patches.
  8. How do I know if my CPU has an updated microcode from Intel?
    Please check https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr.

Refer to security advisories 

  1. https://www.vmware.com/security/advisories/VMSA-2018-0004.html supersede https://www.vmware.com/security/advisories/VMSA-2018-0002.html

Additional materials

Update 23rd Jan 2018
VMware has updated the response on this KB.
If you are running on ESXi 5.5, there is an update patch based on the Security Advisories.

Update 22nd Jan 2018
VMware has released some dashboard kit using vRealize Operations to help monitor performance after patches recommendations and manage BIOS patches here. If you are do not own vRealize Operations, you can use the evaluation for 60 days.

Update 15th Jan 2018

ESXi patches update has been retracted till further notice. Only vCenter update applies. Follow KB update.

Update 13th Jan 2018

Following Intel's update, please follow https://kb.vmware.com/s/article/52345 for Intel Haswell and Broadwell processors


Tuesday, December 26, 2017

App Volumes Connection

Recently done a few Horizon Proof of Concept and encounter a connection issue with App Volumes.
Here is how I resolve the error message from App Volume agent "Virtualization is disabled".

Do note that this is based on version 2.12.

This error message encounter when your App Volumes agent is not able to communicate with App Volumes Manager.

During installation for the agent and manager, you can choose whether secure or not connection. You MUST choose the same type of connection. However if you have done this incorrectly, this is the problem that is often the problem.

Here will show you how you can first confirm the type of the connection are the same between the manager and agent, and change it if it is not.

To check if the SSL is enabled on the agent, head over to the VM that has agent installed, follow the instruction stated here.

For App Volumes manager, this is not as straightforward.
Refer to this document.

If you want to disable the secure connection, make sure you have the text paste in the file as documented above.

If you are using a self-signed certificate in a default installation and want to enable secure connection after installation on HTTP, you can follow this KB.

Tuesday, October 17, 2017

ESXi 6.5 U1 Host Client Login Issue

Today I did a fresh installation of ESXi 6.5 U1. During the installation, set up the root password.

After everything is working with IP address assigned, DNS and gateway, we started to try to access using the Host Client using IE 11.

Encounter this message "cannot complete login due to an incorrect user name or password". Thought that might have entered the wrong password. Type in a notepad and copy and paste. Same error message encountered on both servers.

Did some search but never encounter anyone having the same issue other than old post found on ESXi 6.0 with the old vSphere Client. Decide to try out one of the method.

Head right down to both server and use the DCUI and select Change Password option. Use back the same password.  Walah! Host Client works now.

Very strange behaviour. Apparently during installation seems like the host client didnt register the password.

Hope this help for those encountering the same issue.

Tuesday, October 10, 2017

VMware ROBO License

Recently there was some discussion over licensing in Facebook vExpert group.

One of the users questioned about licensing 3 hosts, each placed at one location. He wants to be able to do a snapshot and monitor the health of the ESXi host. He intends to add a fourth host in future. He was also told by the account executive that vSphere Essential cannot meet this requirement.

Let me explain some of the information which might be not clear enough.

vSphere Essential and Essential Plus kit is a bundle that comes with vCenter Server Essential (which is not available for sale) and vSphere Essential/Essential Plus licensing. ]vCenter Server Essential can only manage up to three ESXi servers. The vSphere Essential kit allows you to license up to 3 hosts or 6 CPUs whichever come first. But you cannot license more than 3 hosts even if each only has 1 CPU. This is because vCenter Essential can only manage up to 3 ESXi hosts. Also, the licensing would not allow you to manage using a vCenter Server Standard edition.

Check out the site here for comparison including ROBO licenses.

vSphere ROBO office comes in packs of 25 VMs. It has 2 editions namely, Standard and Advanced. Just check out the comparison above. You might find 25 VMs is quite a number, however, you are allowed to split the license to a smaller amount via the license portal. Meaning, you can deploy the vSphere ROBO license to multiple remote sites up to a maximum of 25 VMs per site which is declared as ROBO.

In this way, customers do not need to spend buying vSphere Essential/Essential plus which is the cheapest kit available, for a remote site. This helps many customers save on cost with vSphere ROBO licensing.

Hope this explains and give you a better understand how vSphere ROBO licensing is applicable and how to use it.

Tuesday, October 3, 2017

VMware vSAN 2017 Specialist

There are two specialist certifications release by VMware, namely vRealize Operations and vSAN.

Recently I took the attempt for vSAN Specialist Exam. Before we go into it, let see what is the requirement to take this exam.

You need to have a valid VCP 6.x on any track. No course requirement but the vSAN Deploy and Manage is recommended.

There is only a Digital Badge when you passed the exam and there is no certification for this exam.  The exam code is 2VB-601: VMware Specialist: vSAN 6.x Exam.

Do check out the exam guide. However, the guide does not indicate the exam time and the number of questions. Total questions were 60 from what I encounter and the time is similar to VCP about 240 mins. Cost for me is SGD363 (this might differ for other countries).

You are required to know everyone on vSAN from 6.0 to the latest now 6.6. Everything in these versions will be tested. It will be good to understand the concept and fundamentals of the technology as well all the features that have released since.

Personally, I felt that the exam is not too easy or was it too tough to fail. It really targets at someone who has an understanding of vSAN to a certain level. If you are merely just reading feature functions and not knowing how vSAN really works, then this exam will be tough for you.

Once you passed, you will receive a notice the very next day with your Digital Badge like mine.

Good luck to those attempting.

Wednesday, September 20, 2017

vRealize Suite Lifecycle Manager 1.0

Something got a release note today known as vRealize Suite Lifecycle Manager 1.0.  What is this software about?

VMware has a bundle known as vCloud Suite.  Just a breakdown what is in vCloud Suite/
vCloud Suite is a comprises of two things: vRealize Suite + vSphere Enterprise Plus.

vRealize Suite (depending on Editions) will consist of some or all of the below:
  • vRealize Automation
  • vRealize Business
  • vRealize Operations Manager
  • vRealize Log Insight

vSphere (depending on edition) will consist of some or all of the below:
  • vCenter Standard (purchase separately)
  • ESXi
  • vSphere Replication
  • vSphere Data Protection (last major edition)
  • vSphere Big Data Extension

Looking at the above, you start to see that installing and managing the upgrade will be a big tedious process.  Lots of planning and double and triple check the compatibility matrix.

So here comes vRealize Suite Lifecycle Manager.  This handles the deployment and patching the vRealize Suite components that you own.  For your Day 0 to Day 2 tasks which can relieve admins a ton of work. Assuming that the infrastructure; vSphere, vSAN, NSX is already deployed.

Check out this blog on vRSLCM. Go to download it here.

Horizon 7 with Nvidia GRID Setup Gotchas

Been setting up POC environment for customer and this time wrong got involve with using Nvidia GRID. Encounter some setup steps that are m...