Saturday, 30 March 2019

HPE SimpliVity 380 Gen10 data at rest encryption (DARE)

HPE SimpliVity 380 Gen10 data at rest encryption (DARE)


Below given procedure is to configure an HPE SimpliVity 380 Gen10 server to support data at rest
encryption by enabling the encryption feature on the HPE Smart Array controller in "Local Mode".
Please note that this feature doesn't require separate license. But if you wish to need professional support in case of any issue, license entitlement is recommended.

⚡WARNING: Smart Array based encryption can only be enabled before the system is deployed. Do not attempt this procedure on a deployed system containing data.

Login to the iLO of Simlivity hardware. I am having "HPE SimpliVity 380 Gen10". Hardware is having OmniStack 3.7.7.
















Click on "Power Switch" and select "cold boot". Server will be rebooted.


















Select "F10" for "Intelligent provisioning".






Select "Smart Storage Administrator".




 A warning will get displayed for reboot post configuration.




 Select Smart Array Controller--> HPE Smart Array P816.



Select "Configure".




Now select "Physical Drives" and "Advanced controller settings".

















Select "Encryption Manager" then click on  "Perform initial setup".

















Select "Setup Type" as "Full setup" and enter password by yourself. Also make note of this password as it may need during decryption.

















Select "Key Management Mode" as "Local Key Management Mode" and enter a key made by yourself and click "OK". Also make note of this key as it may need during decryption.




















Click "Yes" to proceed further.



















Accept terms and conditions.



















Now select "Logical devices".



















Now select "Convert Plaintext Data to Encrypted Data".

















I have selected "No Discard existing data" as this is first time deployment. And don't forget to select all logical drives. Click "OK"



















Click "Yes".


















Click "Finish". Now drive encryption will start post reboot, hence reboot the server.
















VCSA 6.7 U1 unable to send alert mails to different domain

I have recently migrated from Windows based vCenter server 6.0 U3 to VCSA 6.7 U1. With windows based vCenter, I was able to receive alerts on my mail box. Post migration alerts were not coming. 
After analyzing the logs I understand that, my VCSA 6.7 U1 is in XYZ.domain.com which is not exposed. And I was trying to send mail to ABC.domain.com which is exposed in internet. So VCSA 6.7 U1 was unable to resolve the DNS of ABC.domain.com. Below are the changes which I have done to send mail to other domain from VCSA 6.7 U1.
Take a backup of "sendmail.cf". Create new file "service.switch" and perform entry as given below.
[root@xxxxxxx01 ~]# cat /etc/mail/service.switch
hosts files
Later search "O ResolverOptions" in sendmail.cf. Default option will be "#O ResolverOptions=+AAONLY".
un-comment this option and update as below.
O ResolverOptions=-DNSRCH
Restart the sendmail service "service sendmail restart" and wait for 2 mins.
Now VCSA 6.7 will stop doing DNS resolution of ABC.domain.com and you will start getting alert mails on mail@ABC.domain.com.



VM recovery by vSphere Replication on same Site

To setup replication for a VM on same site
Login to vCenter Web Client and click on “Site Recovery”:



 Click on “Open Site Recovery” at Primary vCenter, it will open Site recovery console in next tab:


Click on ‘View Details” and select PR vcenter:
Click on “Replication” tab:



















Click on “+New” to setup replication for a VM and select VM:

Select datastore:

Select RPO and “Point in Time”:

Enable Network compression:

Click on finish. It will start Sync operation. 

Post Sync it will display status “OK”.



To recover VM using vSphere Replication
  Select VM which need recovery.
During maintenance activity we have to “pause” replication and post maintenance enable replication to click on “Resume”.
To perform recovery, click on “Recover”:



  

Option
Description
Synchronize recent changes
Performs a full synchronization of the virtual machine from the source site to the target site before recovering the virtual machine. Selecting this option avoids data loss, but it is only available if the data of the source virtual machine is accessible. You can only select this option if the virtual machine is powered off.
Use latest available data
Recovers the virtual machine by using the data from the most recent replication on the target site, without performing synchronization. Selecting this option results in the loss of any data that has changed since the most recent replication. Select this option if the source virtual machine is inaccessible or if its disks are corrupted.



(Optional) Select the Power on the virtual machine after recovery check box.
Currently disabling power On option and proceeding with “Use latest available data”. Click next.
**Here Points in time recovery displays we have 5 currently retained instances available.
Select the recovery folder and click Next
(Optional) Select the Power on the virtual machine after recovery check box.







Select the target compute resource and click Next.

Click Finish.


**Keep refreshing the browser to get the latest status.

vSphere Replication validates the provided input and recovers the virtual machine. If successful, the virtual machine status changes to Recovered. The virtual machine appears in the inventory of the target site




vSphere Replication presents the retained instances as standard snapshots after a successful recovery. You can select one of these snapshots to revert the virtual machine. vSphere Replication does not preserve the memory state when you revert to a snapshot.

Post recovery VM will be visible in the chosen computing resource:

Go to snapshot manager and choose the snapshot which you want to go back as last known good configuration:

If a replicated virtual machine is attached to a distributed virtual switch and you attempt to perform a recovery in an automated DRS cluster, the recovery operation succeeds but the resulting virtual machine cannot be powered on. To attach it to the correct network, edit the recovered virtual machine settings.
vSphere Replication disconnects virtual machine network adapters to prevent damage in the production network. After recovery, you must connect the virtual network adapters to the correct network. A target host or cluster might lose access to the DVS the virtual machine was configured with at the source site. In this case, manually connect the virtual machine to a network or other DVS to successfully power on the virtual machine.


After a successful recovery, vSphere Replication disables the virtual machine for replication if the source site is still available. When the virtual machine is powered on again, it does not send replication data to the recovery site. To unconfigure the replication, click the Remove icon.

Similarly can be done for the recovery at secondary site.