Cisco released UCS Manager 2.2

Cisco UCS.jpeg

Last week Cisco released an early Christmas present, Cisco UCS Manager (code name: El Capitan), which includes a ton of new features.

For those of you who don’t know Cisco UCS Manager (UCSM), it provides unified, embedded management of all software and hardware components of the Cisco Unified Computing System (UCS) across multiple chassis, rack servers, and thousands of virtual machines. Cisco UCS Manager manages Cisco UCS as a single entity through an intuitive GUI, a command-line interface (CLI), or an XML API for comprehensive access to all Cisco UCS Manager functions.

This new release includes a ton of new features but the ones I really like are:

  • Direct Connect C-Series to FI without FEX
    • Support direct connections of C-Series rack servers to the Fabric Interconnect without having to invest in a 2232PP FEX
    • Supported for the following rack servers connected with Single Wire Management and Cisco VIC 1225 adapter: C260 M2, C460 M2, C22 M3, C24 M3, C220 M3, C240 M3, C420 M3;
  • Direct KVM Access
    • Direct KVM access launches KVM via URL: http://<IP_address of CIMC> or https://<IP_address of CIMC;
    • System admins allow server admins to access the KVM console without requiring the UCSM IP address;
    • The CIMC IP URLs are hosted on the Fabric Interconnect;
    • Supported over out-of-band only;
  • Enhanced Local Storage Monitoring
    • Enhance monitoring capabilities for local storage, providing more granular status of RAID controllers and physical/logical drive configurations and settings
    • New Out-of-Band communication channel developed between CIMC and the RAID Controller allows for near real-time monitoring of local storage without the need for host-based utilities or additional server reboot/re-acknowledgement
    • Support monitoring the progress and state of long-running operations (e.g. RAID Rebuild, Consistency Check)
  • FlexFlash (Local SD card) Support
    • UCSM provides inventory and monitoring of the FlexFlash controller and SD cards
    • Local Disk Policy contains settings to enable ‘FlexFlash RAID Reporting’
    • Number of FlexFlash SD cards is added as a qualifier for server pools
  • Flash Adapters & HDD Firmware Management
    • UCSM Firmware bundles now contain Flash Adapter firmware and Local Disks firmware.
    • UCSM Host Firmware Policies can now designate desired firmware versions for Flash Adapters and Local Disks

These features really help in minimizing VDI solution stacks because you no longer need separate FEX, like Nexus 2232, to connect rack servers to the Fabric Interconnects to manage alle UCS servers, rack or blad, with one management platform. Besides that, you can now manage local storage which you regularly need with high end VDI solutions. The direct KVM Access is ideal for shared compute environments in which you now can offer customers direct KVM access without giving them direct access to your entire management network.

Besides this, Cisco UCS Manager 2.2(1) includes the following enhancements:

Fabric Enhancements:

  • Fabric scaling
    • El Capitan supports new underlying NxOS switch code, which enables UCS to increase the scale numbers on the 6200 Fabric Interconnects, supporting up to 2000 VLANs, 2750 VIFs, 4000 IGMP Groups, 240 vHBAs, and 240 Network Adapter Endpoints.
  • IPv6 Management Support
    • Allow management of UCS Manager and UCS servers using IPv6 addresses
    • Allow access to external services (e.g. NTP, DNS) over IPv6
    • External facing client applications (e.g. scp, ftp, tftp) and external facing services (e.g. sshd, httpd, snmpd) are now accessible over IPv6 addresses
  • Uni-Directional Link Detection (UDLD) Support
    • Uni-Directional Link Detection (UDLD) is Cisco’s data link layer protocol that detects and optionally disables broken bidirectional links
    • Supported in FI End-Host and Switching mode
    • A global policy and per-port policy are added to configure UDLD parameters including: mode, msg interval, admin state, recovery action
  • User Space NIC (usNIC) for Low Latency
    • UCS will support High Performance Computing (HPC) applications through a common low-latency technology based on the usNIC capability of the Cisco VICs
    • usNIC allows latency sensitive MPI applications running on bare-metal host OSes to bypass the kernel
    • Supported for Sereno-based adapters only (VIC 1240, VIC 1280, VIC 1225)
  • Support for Virtual Machine Queue (VMQ)
    • Enables support for MS Windows VMQs on the Cisco VIC adapter
    • Allows a network adapter to dedicate a transmit and receive queue pair to a Hyper-V VM NIC
    • Improves network throughput by distributing processing of network traffic for multiple VMs among multiple CPUs
    • Reduces CPU utilization by offloading receive packet filtering to the network adapter


Operational Enhancements:

  • Two-factor Authentication for UCS Manager Logins
    • Support for strengthened UCSM authentication, requiring a generated token along with username/password to authenticate UCSM or KVM logins
    • UCSM uses single authentication request which combines (token and password) in the password field of the authentication request
  • VM-FEX for Hyper-V Management with Microsoft SCVMM
    • UCSM will support full integration with SCVMM for VM-FEX configuration
    • A Cisco provider plugin is installed in SCVMM, fetches all network definitions from UCSM and periodically polls for configuration updates
    • Supported for SCVMM 2012 SP1, Windows Hyper-V 2012 SP1 & Windows Server 2012
  • CIMC In-band Management
    • CIMC management traffic takes the same path as data traffic via the FI uplink ports
    • Separate CIMC management traffic from UCSM management traffic increases bandwidth for FI management port
    • Support In-band CIMC access over IPv4/IPv6 (IPv6 access not supported Out-of-band due to NAT limitations)
  • Server Firmware Auto Sync
    • Server Firmware gets automatically synchronized and updated to version configured in ‘Default Host Firmware Package’
    • Global policy allows user to configure options:
      • Auto Acknowledge (default)
      • User Acknowledge
      • No Action (feature turned off)
    • Guarantee server firmware consistency and compatibility when adding a new or RMA’ed server to a UCS domain


Compute Enhancements:

  • Secure Boot
    • Establish a chain of trust on the secure boot enabled platform to protect it from executing unauthorized BIOS images
    • Secure Boot utilizes the UEFI BIOS to authenticate UEFI images before executing them
    • Standard implementation based on the Trusted Computing Group (TCG) UEFI 2.3.1 specification
  • Precision Boot Order Control
    • Support creating UCSM Boot Policies with multiple instances of Boot Devices (FlexFlash, Local LUN, USB, Local/Remote vMedia, LAN, SAN, and iSCSI)
    • Provides precision and full control over the actual boot order for all devices in the system:
      • Multiple Local Boot Devices (RAID LUN/SD Card/Internal USB/External USB) and SAN
      • Local & Remote vMedia devices
      • PXE/SAN boot in multipath environments
  • Trusted Platform Module (TPM) Inventory
    • Allow access to the inventory and state of the TPM module from UCSM (without having to access the BIOS via KVM)
  • DIMM Blacklisting and Correctable Error Reporting
    • Improved accuracy at identifying “Degraded” DIMMs
    • DIMM Blacklisting will forcefully map-out a DIMM that hits an uncorrectable error during host CPU execution
    • Opt-in feature enabled through an optional Global Policy (Disabled by default)


The El Capitan features enable several UCS Solutions including:

  • VM-FEX with SCVMM for MS Private Cloud
  • Direct Connect C-Series for Smaller Big Data Clusters
  • Direct Connect C-Series for Smaller VDI Deployments
  • Direct Connect C-Series for FlexPod Reference Architecture with ESX 5.5
  • Enhanced Local Storage Monitoring for Improved System Management Integration and SMB VDI Solutions
  • PCIe Flash Cards Support for Non-Persistent VDI
  • usNIC-based HPC Solutions on Cisco UCS B-Series
  • Ubuntu Support for OpenStack


Links to download this release are as follows:

  • Infrastructure software bundle: Click here to download
  • B-series and C-series software bundles for this release are available at the above link, under “Related Software”.
  • UCS Platform Emulator 2.2(1b):  Click here to download
    • NOTE:  From UCS PE 2.2(1bPE1) onwards, UCS PE supports uploading the B-Series and C-Series server firmware bundles.  Because of the large file sizes of the firmware bundles, UCS PE only supports uploading of only the stripped-down versions (attached to this document), which includes only the firmware metadata but not the actual firmware itself in the binaries.  The stripped-down version of the firmware bundles which contain metadata only of the B-series and C-series server firmware is reduced to approximately 50 kB in size.

VMware Fling – Real-time audio/video test

VMware Labs has released a great new fling, an application with which you can verify and test the real-time audio/video performance. The application includes a player that displays the ‘virtual webcam’ feed, and also loops back the audio if required.

This allows for testing without a third party app (which often requires user accounts such as Skype, WebEx, etc.). The application can also perform load testing by forcing the video and audio stream to continuously run again, without a third party app dropping the call after a period of time.


  • Displays webcam images at 1:1 resolution
  • Automatically starts streaming images when launched (and audio will be looped back if selected)
  • Ability to loop the audio-in back to audio-out
  • No need to create user accounts to see RTAV
  • Supports the VMware Virtual Webcam and Physical Webcams

Here you can download the real-time audio/video test application.

VMware Horizon View 5.3 is available

At VMworld 2013 in Barcelona VMware announced the new version of their EUC product Horizon View 5.3.

Now it is finally available for download!

VMware Horizon View 5.3 includes a significant number of new or improved features.

  • Direct Pass-through Graphics
    Virtual Dedicated Graphics Acceleration (vDGA) is a graphics acceleration capability that is offered by VMware with NVIDIA GPUs and this is now supported by Horizon View 5.3. This enables customers to deliver high-end 3D-grade graphics for use cases where a discrete GPU is needed. vDGA graphics adapters can be installed in the underlying vSphere host and are then assigned to virtual desktops. Assigning a discrete NVIDIA GPU to the virtual Machine dedicates the entire GPU to that desktop and includes support for CUDA and OpenGL.
  • Windows 8.1 Support
    My experience with Windows 8.1 is not that positive but VMware already included full support in Horizon View 5.3. This comes aligned with the Windows 8.1 client support in vSphere 5.5. Important: Local Mode and View Persona Management features are not supported with Windows 8.1 desktops yet.
  • Multi Media Redirection (MMR) for H264 encoded media files to Windows 7 clients
    VMware added support for multimedia redirection of H264 encoded Windows Media files to Windows 7 client end-points. H.264/MPEG-4 is currently one of the most commonly used formats for the recording, compression, and distribution of high-definition video. When using this Windows 7 endpoints will receive the original compressed multimedia stream from the server and decode it locally for display. This can decrease bandwidth usage since the data over the wire will be compressed video instead of a uncompressed screen information and it also decreases used server resources, because the server no longer use server CPU resources decoding the video content.
  • HTML5 access improvements
    With Horizon View 5.2 it was possible to use a VDI desktop without installing client software by using delivered through HTML5 capable web-browsers. With Horizon View 5.3 VMware has further improved this feature so users can now enjoy sound, clipboard access and a improved graphics performance.
  • Real-time audio-video (webcam/audio redirection) for Linux clients
    With Horizon View 5.3 VMware introduces real-time audio and video support for Linux clients (support for Windows client was already in 5.2). Real-time audio and video does not forward audio and webcam devices using USB. Instead the devices are controlled by the local client, and audio- and video-streams are transferred from the local devices and encoded, delivered back to the guest virtual machine, and decoded.
    Audio delivery is performed from the standard View agent audio-out functionality, which provides better audio quality than with USB redirection.
  • iOS 7 look & feel for iPhone/iPad client
    The iOS client now matches the look and feel of iOS 7, released at the beginning of October.
  • USB 3.0 port support
    Horizon View 5.3 offers USB port redirection support for USB 3.0 client ports.
  • Support for Windows Server 2008 VM based desktops
    Strange but true, Windows Server 2008 R2 is now supported as desktop operating system. Why? Well Microsoft does not offer SPLA licensing for Windows desktop operating systems to allow service providers to create Desktop-as-a-Service (DaaS) offerings using VMware Horizon View.
    Microsoft does offer SPLA licensing for Windows Server 2008, so this allows service providers to be fully compatible with the Microsoft licensing terms.
    Important to know is that some features are currently not supported with Windows Server 2008 R2, check the release notes.
  • Support for VMware Horizon Mirage
    This is the first step in creating a single desktop image delivery system. Administrators can now utilize VMware Horizon Mirage 4.3 to manage Horizon View virtual desktops. Mirage keeps a centralized and de-duplicated copy of virtual desktops, including user’s applications and data, and is able to re-instantiate them should you have a host or site failure. Mirage can also distribute individual and departmental application layers. With Horizon Mirage IT is effectively able to eliminate the need for complex namespace or application virtualization solutions.
  • VCAI production ready
    View Composer Array Integration is now a fully supported feature. VCAI allows administrators to take advantage of native storage snapshot features. VCAI integrate with NAS storage partner’s native cloning capabilities using vSphere vStorage APIs for Array Integration (VAAI). VCAI speeds up provisioning of virtual desktops while offloads CPU consumption and network bandwidth.
  • Linked-Clone Desktop Pool Storage Overcommit enhancements
    The linked-clone desktop pool storage overcommit feature includes a new storage overcommit level called Unbounded. When selected, View Manager does not limit the number of linked-clone desktops that it creates based on the physical capacity of the datastore.
    Important: note that the unbound policy should only be selected if you are certain that the datastore in use has enough storage capacity to accommodate future growth.
  • Supportability improvements for View Persona Management
    With Horizon View 5.3 View Persona Management feature includes several supportability improvements, including additional log messages, profile size and file and folder count tracking, and a new group policy setting called Add the Administrators group to redirected folders. View Manager uses the file and folder counts to suggest folders for folder redirection.
  • Oracle database support
    In addition to the supported databases listed in the installation documentation, VMware Horizon View 5.3 supports Oracle databases.
  • vSAN for VMware Horizon View
    As of version 5.3 VMware includes vSAN for Horizon View desktops in the Horizon Suite. vSAN reduces storage cost for VDI deployments by using inexpensive server disks for shared storage. It also can improve performance because vSAN uses SSD caching for read and write  and provides intelligent data placement within a vSphere cluster. vSAN is a scale-out converged platform and a hybrid storage solution combining SSD and traditional disks. Because it fully integrates with the vSphere kernel it has very low latency.
    Because VSAN is in beta release, this feature is being released as a Tech Preview, which means that it is available for you to try, but it is not recommended for production use and no technical support is provided.


You can download VMware Horizon view 5.3 here!

Free vSphere Hypervisor limitations removed!

Last week I ran into another discussion about the hypervisor under a XenApp deployment it had to be free or very cheap. So the customer was thinking about loading Hyper-V below it. Ok can be a viable option but the admins hoped it would be VMware ESX because they know that hypervisor and it has never let them down in the past six years. So I got the question what is possible, can we use the Free vSphere Hypervisor?  I than remembered from VMworld San Francisco 2013 the limitations of the Free vSphere Hypervisor have been lifted.

So now you can use the vSphere Hypervisor 5.5 with:

  • Unlimited number of cores per physical CPU
  • Unlimited number of physical CPUs per host
  • Maximum eight vCPUs per virtual machine
  • But most important the limitation of 32GB RAM per server/host has been removed from the free Hypervisor.

So now you can use it below a XenApp deployment or in a stack where you do not need DRS, HA and vMotion. If you do need a central management solution you can use the Essentials Kit and if you need DRS, HA, vMotion etc. you can use the vSphere 5.5 essentials kit it is for max. 3 servers with 2 physical CPUs per Server.

EssentialsKit edition.png

In Europe the Essentials Kit will cost 690 Euro for 3 years and the Essentials Plus Kit will cost 5.554 euro for 3 years. If you want to have support on your VMware vSphere Hypervisor you can now purchase Per Incident Support for it.

How to: Install VMware NSX

Hany Michael from, has made series of videos showing the installation ease of VMware NSX. Unfortunately NSX is not GA yet, but in the videos you can see how the installation goes. Check these out:

Deploying the NSX vAppliance

Deploying the NSX Controllers

Preparing ESXi hosts

Configuring a Logical vSwitch

VMGuru at Geek Whisperers

Way back in time, when we started VMGuru, we actually had no idea what we were getting ourselves into. Full of ideas and energy we went to all the events (VMworld Cannes, Copenhagen, Barcelona, Dutch VMUG, Belgian VMUG, etcetera), packed with laptops, photo- and videocameras and went to work like a bunch of crazy nerds. Most of you who have seen us, know the picture. Four guys, packed with gear, typing like mad in the community lounge, asking questions in sessions, attending demo’s at the Solutions Exchange. Since then we’ve learned a lot along the way. We dropped video from the program (it took too much time to process and edit versus the views it got), we tuned our website, we have a lot more eye for social media, like our recently opened Facebook page.

Last VMworld in Barcelona, the boys got together with on invitation of John Troyer(@jtroyer), our trusted VMware community dad, for a podcast with him, Amy Lewis (better known by us as @Commsninja) and Matthew Brender (@mjbrender), for Geek Whisperers. Of course, we were flattered to be invited. The result is about 45 minutes of fun, interview and info on how we got our blog together the way we did. Check Erik, AJ and Edwin out on this entertaining interview at

Need a ‘Cloaked’ Private, Hybrid or Public Cloud?

Where Cloud visibility and control meets security. HyTrust Acquires HighCloud Security!

Last year I had a very nice conversation with Eric Chiu about everything in the datacenter moving into software and the risky things around that move, today HyTrust Inc., the Cloud Security Automation Company,  announced that it has acquired HighCloud Security, a leader in cloud encryption and key management software. By combining HyTrust’s powerful administrative visibility and control with HighCloud’s strengths in encryption and key management, the acquisition offers customers of both companies an unprecedented level of flexibility in addressing security, compliance and data privacy requirements in all cloud environments—private, public and hybrid.


The combined offering from HyTrust and HighCloud enables ‘cloaked’ private, hybrid and public clouds and helps address three of the primary security concerns in cloud environments. These are:
• The broad level of access available to privileged users with malicious intent (or those who acquire their credentials)
• Breaches and other data center disasters caused not by criminal intent but through human error or misconfiguration
• Challenges involved in maintaining the security and privacy of the data itself

While these issues don’t always get the attention they deserve, security executives are certainly aware of the concerns that stem from in-house misuse. A recent report1 from Forrester Research notes that insiders rather than extraneous criminal elements were the top source of breaches in the past 12 months, and 36% of them were caused not by malfeasance but by inadvertent misuse of data by employees.

In this environment, HyTrust and HighCloud Security offer unique and complementary strengths to the market.

Eric Chiu, president and founder of HyTrust, said: “HyTrust represents the control point for cloud management, providing automated policy-based security for private cloud environments that can enable both trusted hybrid clouds and ‘cloaked’ public clouds. HighCloud encryption, meanwhile, can be deployed in private, hybrid and public clouds, ensuring data security and privacy as organizations migrate between these environments.”

Cloud computing, and the security concerns that go with it, remain a top priority for most organizations. According to technology analyst firm Gartner Inc., nearly half of large enterprises have deployed a private cloud service and three-fourths expect to have hybrid cloud deployments by 2015.2 A full 80% of organizations intend to use cloud services in some form within the next year, while 60% plan to increase their investment in the next two to five years.3

Chiu continued: “The service also enables a unique level of ‘walk-way’ freedom by making it possible to securely change cloud providers or decommission from the cloud without having to worry about data being left behind. This also makes it easier for corporations to achieve compliance with regulations such as HIPAA and PCI.”

While the technologies can already be used together, the HighCloud solution will in the future be integrated into HyTrust to more tightly bind administrative controls with data security in cloud environments, making encryption and key management invisible to the end user. HighCloud’s engineering team will join HyTrust, continuing to provide support and maintenance to existing customers, and moving forward with the development of HighCloud’s technology roadmap.

“HighCloud and HyTrust have had many ties over the years and solve complementary problems for customers,” said Bill Hackenberger, co-founder, president and CEO of HighCloud Security. “Together, HyTrust and HighCloud give enterprises unprecedented ability to address security, compliance and data privacy requirements for all cloud environments, private, hybrid and public.”

With this move, HyTrust adds HighCloud Security’s strong data encryption and key management to its administrative visibility and control, enabling end-to-end security for cloud environments.
Together, the combined solution will offer significant benefits to enterprises and cloud service providers, including:
• Easier compliance with HIPAA, PCI and other privacy regulations
• Controlling and alerting against actions by rogue administrators, or those who gain their credentials
• Preventing catastrophic datacenter failures caused by administrative error
• Protection against data theft or accidental exposure in the public, private or hybrid cloud
• Enabling secure migration to, from and between different cloud environments

While we all move more and more to the Software Defined Data Center it is good to have controls in place like the two man rule and have software who shields sensitive data in the hybrid or even public cloud. I support the HyTrust vision of enabling automated, policy-based security for the cloud to prevent breaches and data center disasters. Data Centers can now completely be provisioned but also destroyed with the click of a mouse button!!

If you wanna know more about HyTrust and their vision and why they acquired HighCloud Security there is a live webinar on November 20th at 2pm Eastern / 11am Pacific





VMware NSX Distributed Services

This article is number two of a series about the upcoming network virtualization spree, specifically the one coming from VMware. Check out the first article in this series, ‘Introduction to VMware NSX.

Traditional network services have evolved over the last years. Introducing more advanced firewalling, loadbalancing and remote access services. Typically, datacenter networks architecture these days look somewhat look this:


The routers can be virtualized inside a physical box, using either VRFs or vendor proprietary router virtual routers, such as Cisco VDC. However, the external and internal firewalls are usually separate monolithic hardware firewalls, which puts a large dent into the network budget.

As we move to a virtual-everything world, desktops and applications are hosted inside the datacenter more and more. The data traffic going east-west inside the datacenter is continuing to grow and is causing scalability issues on the central network services devices. Firewalls and load balancers need to be upgraded (in-place) to keep up and are bleeding the network budget.

With VMware NSX, the physical load balancers and internal firewalls will turn virtual. This will increase the scalability of your internal services enormously; every VM will have it’s own firewall instance (embedded in the ESXi kernel) and you’ll have a load balancer service per application. Here’s how the next step in virtualization will look like:


The possibilities are limitless. There will be a world where you can build a datacenter network with a single pair of proper core switches, standard switches and the rest will be purely x86 servers. Here’s how I think the datacenter network will look in a few years when virtualization has really kicked in:


Check out these great vendors making some awesome announcements about NSX integration:


paloalto-150x105.png juniper.gif f5-logo.png
catbird_logo.png Fortinet_Logo_PMS485-300x34.png logo-mcafee.png


There’s still a lot of ground to cover on NSX and you will find a lot of information here as I love this technology and love the possibilities it gives when designing datacenter architectures.

One thing that has set me off a little bit, is the fact that VMware is keeping NSX closely to their chest. Evaluations are currently not on the table and integration partners are excluded from implementation tracks and there is no way to get a hold of NSX but through VMware’s Professional Services. Maybe it’s the difficulty implementing NSX, maybe it’s VMware not being ready with NSX but feeling compelled to put it out at an early stage, who knows. All I know it’s very disappoint for those of us who want to turn NSX inside and out.

They say partners will start getting in the loop around Q3 2014, but I wish they’d move that timetable up a few quarters.


This article was written by Martijn Smit, Datacenter engineer at Imtech ICT. This article was republished from his blog with his permission

Also check out Martijn’s website


Introduction to VMware NSX

This article is number one of a series about the upcoming network virtualization spree, specifically the one coming from VMware.

I spent 14 to 17 October at VMworld 2013 in Barcelona, basically getting my mind blown by the futuristic possibilities of network flexibility. Things are changing for the network, flattening the entire stack, distributing network services throughout the virtual network (instead of the monolithic central hardware), lowering network costs and making it more flexible and simple to manage.

In this post, I will go over the basics of the components that are used to form the VMware NSX virtual network.

  • NSX Manager (management-plane);
  • NSX Controller (control-plane);
  • NSX Hypervisor Switches (data-plane);
  • NSX Gateways;
  • Distributed Network Services.


NSX Manager

Configuring the NSX virtual network mostly goes through APIs. The idea is that cloud automation platforms (i.e. vCenter Automation Center) or self-developed platforms will leverage NSX to automate deployment of virtual networks.

The NSX Manager produces a web-based GUI for user-friendly management of the NSX virtual network. This GUI can be used next to your cloud automation platform for manual configuration and troubleshooting. You can view the status of the entire virtual network, take snapshots of the virtual network for backup, restores and archival.

Everything the NSX Manager does to manage the virtual network, goes through API calls towards the NSX Controllers.

NSX Controller

The NSX Controller is a very scalable control layer that takes on the functionality of the network control-plane. It is responsible for programming the Hypervisor vSwitches and Gateways with the configurations and real-time forwarding state. Whenever there’s a change in the virtual network (a VM boots, change of portgroup), the controller programs the virtual network to understand these changes.

The NSX Controller cluster typically consists of three NSX Controllers, but when those three are not enough (and can’t keep up with the workloads), up scaling is as easy as deploying a new NSX Controller virtual appliance and adding it to the NSX Cluster.

The Hypervisor vSwitches are divided between the NSX Controllers. The responsibility for a vSwitch is done through an election process, where 1 NSX Controller wins the master role and another NSX Controller wins the slave role. The other NSX Controllers within the cluster can be called upon the master for assistance in the workloads. The slave monitors the master and takes over if the master fails.

Hypervisor vSwitches

Virtualization today already has had vSwitches from the beginning. How else would virtual machines connect (in a scalable fashion) to the network to provide services?

Each hypervisor has a built-in, high performance and programmable virtual switch inside. In the NSX virtual network, the NSX Controllers programs these vSwitches with the current state of the network (configuration and forwarding state). If a NSX network is distributed (VMs in the same network spanned over different hosts), the controllers program the vSwitches to set up IP encapsulation tunnels (STT or VXLAN) between these hosts to extend the virtual network.

NSX Gateways / Edge devices

An NSX Gateway is basically the border or edge of the virtual network. It is where the virtual network communicates with the physical network that we see today. A NSX Gateway can be a virtual appliance linking traffic to VLANs, but it can also be a physical device by some vendors.

Here’s a small list of the top vendors:

  • Arista (7150S);
  • Brocade (VCS Fabric: VDX 6740 and 6740T);
  • Juniper (EX9200 & MX-series);
  • Dell (S6000-series);
  • HP (announced something, no details).

To my (and many others with me) disappointment, Cisco is absent from this list. They have a ‘different view’ and going for their own thing (Cisco ONE), which is discussed here. I hope they come to their senses and allow certain types of network switches to be part of a NSX network. (Perhaps the Nexus 5ks!?)

Distributed Network Services

The best part about the distributed network services functionality is the services registry. This service registry makes plugins possible. So far, I’ve heard great stories from Palo Alto and TrendMicro. Those of you not familiar with any of these products (be it that Palo Alto mostly does insanely great physical firewalls), should gather some info. More on distributed network services at a later date!

Introductory video

Check out this awesome introductory video on NSX.


Next article in this series, VMware NSX Distributed Services.


This article was written by Martijn Smit, Datacenter engineer at Imtech ICT. This article was republished from his blog with his permission

Also check out Martijn’s website


VMware vCloud Suite 5.5, vSAN and NSX walk-through

VMware has launched three new websites which will help you to get up to speed with VMware vCloud Suite 5.5, vSAN and NSX.

An extensive website gives you a detailed overview of the entire vCloud Suite with all the new features VMware released at VMworld. VMware vSphere DataProtection, VMware App HA, vSphere Flash Read Cache and all the other ingredients of the vCloud Suite.

The total walk-through includes:vCloud Suite.png

- vSphere DataProtection
- vSphere App HA
- vCloud Director
- vSphere Replication
- vSphere Flash Read Cache


The NSX website provides a step-by-step overview of VMware NSX, the Security and compliance issues and NSX partner integration.

Here’s the table of content for the NSX walk-through:VMware NSX.PNG

- Introduction to VMware NSX
- VMware NSX
- NSX for vSphere
- Security and Compliance
- NSX Partner Integration



Besides NSX there’s also a website on VMware vSAN. This website provides a step-by-step overview of VMware vSAN, configuring, storage policies and high availability.

Here’s the table of content for the vSAN walk-through:VMware vSAN.PNG

- Configuring vSAN
- Deploying VMs using VM Storage policies
- Changing VM Storage policies
- Failure Resilience & Availability
- Interoperability – vSAN and vSphere HA


You can check out the walk-throughs here:

- VMware vCloud Suite 5.5
- VMware vSAN
- VMware NSX

New fling AND a pass for VMworld 2014?

Perhaps you are already using a fling from VMware, for example the View pool manager or the Autodeploy GUI. But it isn’t enough. You want more. You have the need to automate some manual task and there just isn’t a tool for it right now.

Well, here’s your chance. VMware invites you to share ideas for new VMware Flings from August 26 to November 15, 2013. The submitter of the winning Fling idea, as chosen by the VMware judging panel, will be awarded a Free Pass to VMworld 2014. Even more exciting is that VMware will build and release a new Fling based on the winning idea.

For example: You have a VMware Horizon View setup with multiple vCenter Servers and equal Update Managers. You now have to manage multiple Update Managers servers and multiple dashboards to check for the compliancy of your environment. But there is nothing different between the Update Manager servers, except that they are configured for a different vCenter server.

If only there was a tool that could manage multiple Update Manager servers and pull the compliancy information into a single dashboard.

Well, that is just the thing that you would enter at the fling contest.

For this specific example I already entered a suggestion at, but perhaps you need another tool.

Just go ahead and enter it at and perhaps we will see you at VMworld 2014.

Imtech ICT achieves Cisco Master Cloud Builder

cisco-cloud-computing.jpegDuring the last few weeks we have been very busy with presentations, certifications and customer cases but we are very proud to announce that Imtech ICT achieved the Cisco Cloud Builder Master specialization.

Imtech ICT is the first Cisco partner in the Netherlands and third in Western Europe with the Cisco Cloud Builder Master specialization. The specialization is the result of a lengthy evaluation process Imtech ICT has shown to have Master level in the field of designing , implementing and managing cloud-ready infrastructure capabilities.

More and more applications are offered from the cloud and Imtech ICT has developed a clear vision about the combination of private and public clouds which play an important role for these applications. The Cisco Cloud Builder Master specialization emphasizes that Imtech ICT has the necessary knowledge and expertise to implement this vision. This is done by designing and building ‘Cloud-ready’ infrastructures based on Cisco solutions and the solutions of its eco-partners in the field of backup and storage , desktop and server virtualization , cloud management and provisioning.

This required a major investment in knowledge and expertise to our customers to ensure a stable, secure and scalable cloud environment. The specialization received is a recognition for the hard work and a confirmation for our customers that they have made ​​the right choice with Imtech ICT.

Imtech ICT has already gained a lot of experience in the realization of cloud infrastructures , based on the validated designs of Flexpod, for various clients including ASP4all and city of Utrecht. The evaluation process is completed by an audit performed by an independent third party.

All good things come to an end …

VMworld 2013.png

It is done! VMworld 2013 in Barcelona is over and today I will fly back home. It was a great VMworld with a lot of announcement, releases and a lot of networking. For me it was a great educational experience and one of the few opportunities to meet up with the community friends I normally only chat or e-mail with.

The things that really stood out for me and I can use in my daily work directly or start testing were:

If you want to check all VMworld announcements, check out this article.

Last year I’ve vented some issues with the event being held in Barcelona because I went home with mixed feelings. But the setup this year was much more compact.

I will go home with lots of new knowledge, ideas and contacts. Enough to make good use of in the coming year, so in that sense it was certainly successful. Thanks again for VMware for another VMworld and until next year.

VMWorld TV: Wrap up VMworld Europe 2013 day 3

VMworld 2013.png

VMworld TV gives you a wrap up of all of VMworld Europe 2013 in Barcelona. If you want to know what happened in Barcelona check out the video below.

VMworld TV: Frank Denneman about Pernix Data

VMworld 2013.png

Many may know Frank Denneman from VMware and his HA?DRS-book he wrote with Duncan Epping. Frank now works for Pernix Data and talks to VMworld TV to explain and demo the Pernix Data solution.

VMworld TV presents: SLOOFISMS

VMworld 2013.png

Explore the unique world of superstar blogger Eric Sloof with this compilation of his one-of-a-kind vocabulary, known as ‘Sloofisms’.

VMworld TV: Wrap up VMworld Europe 2013 day 2

VMworld 2013.png

VMworld TV gives you a wrap up of all of VMworld Europe 2013 in Barcelona.
If you want to know what happened in Barcelona check out the video below.

VMworld 2013 Europe – Party Impressions

Last night was the VMworld 2013 Europe Party in the Fira Hall 6. In the slideshow below you will see an impression of last night. We had several good performances on stage, including Taio Cruz!