At the time of writing this post we are currently at work on our next release of our Storage Replication Adapter for the FlashArray. In a discussion with a customer who needs the feature that we are adding (what a nice coincidence!) the question came up, “what is the best way to test?”. They want to test the SRA without fouling up their production SRM environment.
So a simple answer is well deploy two new vCenters and a SRM pair. But that requires certain hosts and similar network configuration and authentication, etc. etc. So they wanted to use their existing vCenters but NOT their existing SRM servers.
SRM used to be a fairly rigid tool (for good reason, let’s not break your DR). But in the past few years VMware has really opened it up. Loosened the tight vCenter version to SRM version, shared recovery sites, and multiple SRM pairs per vCenter pair. This is where we come in.
I’ve written about generating the JSON Web Token for Pure1 REST API authentication before. Mostly around PowerShell. Though of course many may not want to use PowerShell and prefer to opt for something like Python.
So here is the process.
We have a script posted on the support site here. But that actually doesn’t return the JWT, it creates a session. So it takes the next step after the JWT. But if you just want to generate the JWT so something else can authenticate it won’t do the trick. So I made some modifications and threw it on GitHub as a gist. You can get it here:
For the un-initiated, Pure1 VM Analytics is a tool where you can deploy a collector and authenticate it with one or more vCenters. That collector then sends performance and topology data back to Pure1. We then display it in an easy-to-understand view to help you view your end-to-end environment. Identify performance bottlenecks, heavy hitters, whatever.
For this to work, the collector needs authentication to vCenter of course, but not a lot. Read Only will do. If you want it to see the entire vCenter and every object, the simplest option is to create a new user, and assign it read-only permissions to the vCenter object and propagate it down to everything:
Then select your user, choose read only and make sure to select “Propagate to Children”
In the 4.2.0 release of the vSphere Plugin, we added Pure1 integration which provided additional insight into your Pure Storage and vSphere Environment. In order to use this though, you need to connect the plugin with Pure1 of course. The authentication method is based on a process which involves something called a JSON Web Token. This is a secure option, but a bit more involved than a user name and password. I made the process of generating this fairly easy, but if something goes wrong you get a fun error message like below:
I’ve been working with the Pure1 REST for about a year now and have really enjoyed what it brings. I’ve integrated it into a few things: PowerShell. vRO. vSphere Plugin. One of the “tricky” things about it though is the authentication. Instead of a username and password it requires the use of a RSA256 public/private key pair. This is inherently more secure, but of course requires a bit more know-how when it comes to pair generation.
I simplified a fair amount of it in PowerShell, but didn’t quite get to the finish line. The generation of the key pair could be done but it came in the form of a PFX–which basically combines the public key and private key into one file. Unfortunately, Pure1 requires the them to be separated as all it needs is the public key, not your private key. While this is “better” it does leave Windows users at a bit of a disadvantage–there is no built in mechanism to generate this without installing OpenSSL directly. The process could not be done entirely in PowerShell. Or so I thought…
But you likely know that and probably have your reasons and you didn’t come here for a lecture, you came here for an answer! Can I deploy the OVA to vCenter 6.0? Is it supported?
Let’s first clarify a few things. There are two different things when it comes to vCenter support with the collector. What it can be deployed TO and what it can collect FROM.
Let’s start off with what versions of vCenter it can collect from. We support collecting back to vCenter 5.5. The ESXi host versions that we support for collection in that vCenter lines up with whatever versions of ESXi that that particular vCenter supports. We support collection from versions up to the latest release of vCenter at the time of this writing–vCenter 6.7 U3. So collection support is from 5.5-6.7.x. As new vSphere releases come out we will add those at that time.
This was only deploying the OVA, not configuring it. Once deployed, you need to (or might want to):
Change the default password
Test phone home
Wouldn’t it be nice to do that all from PowerShell instead of SSH or the VM console? Of course it would! So I got to work on it! I have now updated my cmdlet Deploy-PfaAppliance to be able to reset the default password upon deployment and added a new cmdlet called Get-PfaAppliance to retrieve appliances and then configure them.
Another quarter, another vSphere Plugin release from Pure! This is the release I have been really looking forward to as it sets the stage for a lot of the future work I want to build into the plugin. To recap:
4.0.0 was our initial release of our plugin that only had the basic configuration support and VMFS management.
4.1.0 was the 2nd release that added vVol support back into the plugin.
4.2.0 enhances the plugin to add more vVol stuff into it as well as Pure1 Integration! So we are finally to the point where we are adding features into it that were never in the previous flash plugin. Yay!