Building a nested VMware homelab

During my work with VMware products I always needed a platform to test new products, updated versions and software dependencies. In the past I used the virtual environment of my employer to deploy, install and configure the necessary systems. This always had a large downside: Me and my colleagues used the same environment to perform our tests so we had some conflicting systems now and then.
For the past couple of months, I have been experimenting with different lab setups, but nothing really satisfied my needs. So I decided to approach my homelab design the way I would approach any other client design: collecting requirements. (Even if it may not correspond to the level of detail of a real customer design.)

Conceptual Design

Here is the list of the central requirements for my homelab:

  • R001: Small physical footprint.
  • R002: Low energy consumption.
  • R003: Low noise level.
  • R004: Powerful enough to handle different use cases at the same time:
    • VMware vSAN (including All-Flash, multiple disk groups and automatic component rebuilds)
    • VMware NSX (including NSX DLR and NSX Edges)
    • VMware Horizon (including virtual desktops)
  • R005: Portable solution for customer demonstrations.
  • R006: Isolated environment without dependency or negative impact to other infrastructure components.
  • R007: IPMI support to power it on and off remotely.

Logical Design

To have the automatic rebuild of components (see R004) with vSAN even in case of a host failure, at least four nodes are required. Regarding R001, R002 and R003, a full sized 19-inch solution with four physical servers is not an option. Regarding the 10Gbit/s requirement for vSAN All-Flash (see R004), a solution consisting of several mini PCs is out of the question. Also, such a solution is not ideal for regular assembly and disassembly (see R005) due to the different components. To avoid dependencies on infrastructure components (see R006) despite the different use cases (see R004), a completely nested environment including AD, DNS and DHCP behind a virtual router seems to be the best option to me.

The network design of the physical ESXi host is as simple as possible and as complex as necessary. I configured two vSphere Standard Switches (vSS). The first one (vSwitch0) contains the VMkernel NIC enabled for management traffic and Standard port group for the VMs which need a connection to the Home network. vSwitch1 handles all the nested virtualization magic.

Logical network design

To do so I configured this vSS to accept promiscuous mode, MAC address changes and forged transmits. I also configured it for jumbo frames (MTU 9000) so I can use it for the VXLAN overlay networks using VMware NSX-V. All VMs which form the nested environment attach to vSwitch1.

Six VMs are deployed natively on the physical ESXi host. The first VM is a virtual router which acts as gateway to the outside world for the nested systems. It is configured with two network interfaces. One facing the Home network while the other connects to the nested environment. The second VM is a domain controller running AD, DNS, DHCP and ADCS. The remaining four VMs are the nested ESXi hosts which later form the vSphere cluster for all other workloads. The nested router and the nested domain controller can be reverenced as „physical“ workloads running outside of the virtualization.

Physical Design

I went for a single Supermicro SuperServer E300-8D as a starting point. This not so small beauty convinced me by the good initial values but also by the numerous Expansion possibilities. I replaced the two out of stock fans with Noctua ones and also added a third one for better overall cooling.

Supermicro SuperServer E300-8D

I was able to reuse most of the components from my homelab experiments and a nice system with 128GB RAM, a 64GB SATADOM device, a 1TB mSATA SSD and a 2TB NVMe SSD came together.

Datastores attached to the physical ESXi host

For all who are interested, here is the complete bill of materials of my current homelab configuration.

ItemSKUQuantity
Supermicro SuperServer E300-8DSYS-E300-8D1
Noctua premium fan 40x40mmNF-A4x20 PWM3
Kingston ValueRAM 32GBKVR24R17D4/32MA4
Supermicro SATADOM 64GBSSD-DM064-SMCMVN11
Samsung 850 EVO mSATA 1TBMZ-M5E1T0BW1
Samsung 970 EVO NVMe 2TBMZ-V7E2T0BW1

Wrap-Up

With this space and power saving configuration I have enough resources to run a nested 4 node vSAN cluster that uses NSX-V to run VMware Horizon on it. In one of my next posts, I’ll go deeper into the configuration of nested ESXi hosts and the associated implementation of VMware vSAN.

Updating ESXi 6.x to 6.7 using CLI

Recently I was asked to update some ESXi 6.7 U1 hosts to the latest patch release. A quick look at the list of build and version numbers showed me that there is an actual express patch (EP6) which could be installed. Before performing this update in production I decided to update my test ESXi host first. If the update completes successfully and there are no issues after a few days I will continue to update the production hosts to EP6.

The following list outlines the steps necessary to perform the update using CLI (this is just a test ESXi host so there is no vSphere Update Manager (VUM) available). This procedure should be the same for other versions of ESXi 6.x even if a restart of the ESXi host may be necessary at the end.

Step 1: Make sure SSH is enabled on the host

Because I perform the update using CLI I need to login to the host via SSH. Therefore I need to check if SSH is enabled or not. There are at least three ways to check:

  • Try and error: Use your favorite SSH client and simply try to connect to the management IP of your ESXi host.
  • VMware Host Client: Use your webbrowser of choice and connect to the management IP of your ESXi host. Navigate to Host > Manage > Services. Check if the TSM-SSH service is in Running state, else start up the service using the corresponding button.
Enable SSH using VMware Host Client
  • Direct Console User Interface (DCUI): Use the IPMI of your server vendor, a KVM system or direct connected peripherie to access the DCUI. Navigate to Troubleshooting Mode Options > Enable/Disable SSH and check if SSH is enabled, else enable it.
Enable SSH using DCUI

Step 2: Enable firewall rule for web traffic

Connect to the ESXi host via SSH and enable the firewall rule to allow web traffic. This is necessary to use the VMware Online Depot in the next steps.

esxcli network firewall ruleset set -e true -r httpClient

Optional Step 3: Check the current ESXi build and version

To confirm the current version of your ESXi host use the following command.

esxcli system version get
ESXi version before the update

Step 4: List all available profiles in the VMware Online Depot

To get al list of all available profiles in the VMware Online Depot use the following command.

esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

This list can be very extensive so it is recommended to work with filters. Appending a | grep -i ESXi-6.7.*standard  lists only the profiles for Version 6.7 including VMware Tools.

esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep -i ESXi-6.7.*standard
List of ESXi 6.7 related profiles

Step 5: Apply the selected profile from the VMware Online Depot

Select the desired profile and apply it to the ESXi host using the command below.

esxcli software profile update -p <profile-name> -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
CLI update finished

Optional Step 6: Reboot ESXi Host

If the update finishes with Reboot Required: true use the following command to reboot the host. Make sure there are no running VMs and optional the host is in maintenance mode.

reboot

Optional Step 7: Check ESXi version again to ensure the update  completed successfully

I finished the update with a final check of the running ESXi build and version using esxcli again.

esxcli system version get
ESXi version after the update

Wrap-Up

With just a few commands it is possible to update an existing host to the current available EP6 using only the VMware Online Depot. Just make sure that host is configured with correct DNS settings and is able to access the internet. If this is not possible, a corresponding offline bundle can still be used for the update.

virBeaver.com and the reason why I start this blog

Who is this virBeaver and what is it up to with this blog? I would like to answer this question with my first post:
My name is Tim Maier, I am 29 years old and currently live in Stuttgart, Baden-Württemberg, Germany. I was born in Biberach an der Riss and due to the obvious association with the rodent I had nicknames all around the beaver throughout my life (beaver means Biber in German).

I studied business informatics at the DHBW Heidenheim from 2008 to 2011. It was a dual course of study, i.e. theory and practice in a three-month transition between university and company. In the first two years of this course I gained a good insight into the various technical departments of a medium-sized system integrator, before I decided in the third year to go deeper into the areas of virtualization and storage.
After my studies I was directly taken over by the system integrator and worked for the next five years as a system engineer in numerous internal and customer-related projects. Due to the size of the company, it was always necessary to consider the infrastructure projects as a whole and so the area of backup was quickly added to my area of responsibility. During this time, I also completed the first of many manufacturer certifications, including the VMware Certified Professional (VCP).

At the end of 2016 I decided to take on a new challenge and changed to a large German system integrator as a PreSales Consultant for IT infrastructure. For me it was exactly the right decision at that time to get a different view on business processes and projects. By focusing on IT design and architecture, it was necessary to expand my skills and broaden my horizons. Therefore it was only logical to aim for further certifications like VMware Certified Advanced Professional (VCAP).
After a little more than a year, however, I slowly realized that corporate structures and the rapidly changing IT world do not always fit together perfectly. Again and again, internal structures and specifications prevented me from doing what was important to me: finding a solution for my customers that fits their requirements and solves their problems.

For this reason I decided to take up a new (old) challenge with the beginning of 2019. I switched back to the company I had already been with during my studies. There I am now responsible for the overall support of our customers in the area of IT infrastructure as a Solution Architect Software-defined Datacenter (SDDC).

But enough about me. The idea of starting my own blog has been around for quite some time, but when I prepared for VCAP in the summer of 2018 and mostly used blogs and other online resources of the #vCommunity, the motivation increased. Due to the nicknames around the beaver, the corresponding name and domain was quickly found. The moment a corresponding logo and banner were finished (a huge thanks to my better half for that and for everything else!), it was clear: Now it’s only up to me.
My blog will mainly be about things from my daily work, i.e. topics around the SDDC with a focus on VMware technologies.
And now enjoy reading and maybe there’s something interesting for you in one of the posts.