Stikkordarkiv: vRLI

How to deploy vRealize Log Insight with reduced disk size

This blog post is a result of me ranting to a colleague about vRealize Suite Lifecycle Manager (vRSLCM) not supporting deployment of the extra small vRealize Log Insight node. I do not know the official reason for this, but I guess it is because the extra small node is only meant for proof-of-concept and test deployments.

The reason for reducing the storage footprint on Log Insight is because it will eventually fill all its available storage space with log data. And using 500 GB of storage space in a lab environment is probably never desirable.

Use the Extra Small version of the appliance in a proof-of-concept or test environment, but not in a production environment. This configuration supports up to 20 ESXi hosts (~200 events/second or ~3GB/day) .

From the Log Insight documentation Sizing the vRealize Log Insight Virtual Appliance

During this spontaneous brainstorming session where I wanted to deploy Log Insight with a smaller storage footprint than default. We did a few tests and found that it was easy to achieve this as long as we don’t use vRSLCM. Or could we?

RESOURCESMINIMUM REQUIREMENT 
Memory4 GB 
vCPU2
Storage Space530 GB
Extra Small Log Insight Deployment Requirements

This table shows default setup for the extra small node. In the next section I have listed the steps on how to choose your own storage size.

Deploying vRealize Log Insight with smaller disk size.

vRealize Log Insight Live Storage after replacing default 500 GB disk with a 100 GB disk

Deploying Log Insight appliance with a smaller disk size is supprisingly easy. Just follow these few steps.

  • Download the VMware vRealize Log Insight Virtual Appliance
  • Deploy it using vCenter «Deploy OVF Template»
  • Before you power on the VM remove Hard disk 2
  • Add a new Hard disk 2 with your desired size.
  • Power on the VM.

As you can see from the Live Storage picture, I don’t get 100 GB of usable storage space so it is probably a good idea to give it more disk space than 30 GB.

This is off course not a supported setup, but it can be a good solution for reducing the size of your vRealize Log Insight deployment in a lab or for other testing purposes.

Deploying vRealize Log Insight extra small node with vRSLCM

There is probably not many use cases for this way of doing it, but that doesn’t mean we should test it. So here is a few of the questions we asked ourself and tested before we found a solution.

Questionanswer
Can I deploy vRealize Log Insight extra small node with vRSLCM?No
Can i deploy small node using vRSLCM and then change storage size later? No (no option to stop autostart of VM)
Is the Extra small setup having a smaller disk than the small appliance?No
Can I deploy vRealize Log Insight manually using downloaded ova and reconfigure the VM with a smaller disk? Yes
Can do a switcheroo? Delete VM deployed by vRSLCM before the process realizes that the VM is available and deploy an extra small node using method described previously?Yes

This is the steps needed

vRealize Suite Lifecycle Manager Node Size Options for Log Insight
  • Deploy small vRealize Log Insight node using vRSLCM.
  • Power off the VM as soon as it is powered on by the deployment.
  • Delete the VM.
  • Follow the manual deployment procedure in the section above. Make sure the settings is identical to the ones used with the vRSLCM deployment.
  • When the new VM is powered on, vRSLCM will continue with its deployment steps and should complete successfully.

Im not sure of the timeout limit in vRSLCM but it was long enough for me to do the deployment without failing. And if it should stop with a failure, my guess is that you can click retry and it will continue.

Another option that is probably also possible is to deploy Log Insight manually in and then import it into vRSLCM later, but I have not tested this.

References

Sizing the vRealize Log Insight Virtual Appliance
Minimum Requirements
How To Deploy Log Insight With Less Than 500GB Of Storage

VMware vRealize og vCloud Suite kampanje

Fra 01.09.2020 startet VMware en kampanje med 50% rabatt på nykjøp og oppgradering til vRealize og vCloud Suite. Kampanjen varer til 22.01.2021 og er en gyllen mulighet til å få produktene i pakken til en rabattert pris.

Hva er i vRealize Suite standard pakken

vRealize Suite Standard inneholder fire tjenester. vRealize Suite Lifecycle Manager med VMware Identity Manager, vRealize Operations Manager og vRealize Log Insight.

Produktene i vRealize Suite Standard
Produktene i vRealize Suite Standard

vRealize Suite og vCloud Suite pakkene er helt lik med unntak av at vCloud Suite inneholder vSphere Enterprise plus.

vRealize Suite Standard VS vCloud Suite Standard
vRealize and vCloud Suite Pakkene
vRealize SuitevCloud Suite
vRealize Suite Lifecycle ManagervRealize Suite Lifecycle Manager
vRealize Operations ManagervRealize Operations Manager
vRealize Log InsightvRealize Log Insight
VMware Identity ManagerVMware Identity Manager
vSphere Enterprise Plus


Hva kan vRealize Suite brukes til

vRealize Suite inneholder verktøyene du trenger for å full oversikt og kontroll i datasenteret ditt, on-prem eller i sky. For mer info se VMware sine produktsider. Eller sjekk ut noen av VMware innleggene mine

VMware Identity Manager portal satt opp med SSO til alle tjenestene i vRealize Suite I tillegg til NSX og vRealize Network Insight
VMware Identity Manager portal satt opp med SSO til alle tjenestene i vRealize Suite I tillegg til NSX og vRealize Network Insight

Hvem kan utnytte rabatten?

De fleste kan utnytte denne rabatten da den gjelder på ny kjøp av vRealize Suite og oppgradering for dem med eksisterende vRealize Operations Standard lisenser (pr CPU)
Man kan også benytte rabatten ved oppgradering av vSphere lisenser til vCloud Suite, se listen under for detaljer.

ProduktnummerProdukt Beskrivelse
VR19-STD-PROVMware vRealize Suite 2019 Standard (Per PLU) Promo
CL19-STD-PROVMware vCloud Suite 2019 Standard Promo
CL19-STD7-STD-UG-PROUpgrade: VMware vSphere 7 Standard to vCloud Suite 2019 Standard Promo
CL19-ENT7-STD-UG-PROUpgrade: VMware vSphere 7 Enterprise to vCloud Suite 2019 Standard Promo
CL19-EPL7-STD-UG-PROUpgrade: VMware vSphere 7 Enterprise Plus to vCloud Suite 2019 Standard Promo
VR19-OSTC-STD-UG-PROUpgrade: VMware vRealize Operations 8 Standard (Per CPU) to VMware vRealize Suite 2019 Standard (Per PLU) Promo
vRealize og vCloud Suite oppgraderingsvalg

Referanser

https://www.vmware.com/se/promotions/2020-vrealize-suite.html
https://blogs.vmware.com/management/2020/08/vrealize-vcloud-suite-promo.html
https://www.vmware.com/products/vrealize-suite.html

Limitations when using Workspace One Access for «free» with vRSLCM?

Workspace One Access or vIDM «Content Catalog» vRealize shortcuts with SSO login

When you install vRealize Suite Lifecycle manager It comes with the Workspace One Access (VMware Identity Manager) And in this appliance you get a lot of options and no limitations in any way. So it is up to you to avoid using any features that you are not allowed to use. If you do then you might be in breach of the EULA.

So I went on a google search for answers to this question and boy I can tell you that it is not straight forward. I have also tried to get VMware to give me a statement or point me to the correct documentation where they say what I can and can’t do.

Why is this an issue?

As I said you are not limited in any way and you could use all its functionality. But if you do you would then be in breach og the EULA according to an VMware Product Manager. So a problem arises, you could easily be in a breach without knowingly doing so.

After some investigation I was pointed to the VMware Product Guide where the following is stated.

Official documentation

Workspace ONE Access feature. A license to use VMware NSX Data Center (any edition) or NSX Cloud (any edition) includes an entitlement to use the Workspace ONE Access feature, but only for the following functionalities:

  • directory integration functionality of Workspace ONE Access to authenticate users in a user directory such as Microsoft Active Directory or LDAP
  • conditional access policy
  • single-sign-on integration functionality with third party Identity providers to allow third party identityproviders’ users to single-sign-on into NSX
  • two-factor authentication solution through integration with third party systems. VMware Verify,VMware’s multi-factor authentication solution, received as part of Workspace ONE Access, may not beused as part of NSX, and
  • single-sign-on functionality to access VMware products that support single-sign-on capabilities.

A license to use VMware vRealize Log Insight includes an entitlement to use the Workspace ONE Access feature, but only for the following functionalities:

  • directory integration functionality of Workspace ONE Access Standard to authenticate users in a user directory such as Microsoft Active Directory or LDAP
  • conditional access policy
  • single-sign-on integration functionality with third party Identity providers to allow third party Identityproviders’ users to single-sign-on into vRealize Log Insight
  • two-factor authentication solution through integration with third party systems. VMware Verify,VMware’s multi-factor authentication solution, received as part of the Workspace ONE Access feature,may not be used as part of vRealize Log Insight, and
  • single-sign-on functionality to access VMware products that support single-sign-on capabilities.

So is this now solved?

The quick answer is NO, when you look at the text I would interpret it to only apply if I have NSX and or Log insight license. Not for vRA, vRops, vRNI, vRB and vRSLCM. I would also argue that there is a problem with the wording. If you look at point 4 and 5 and the inclusion of , and at the end, does it imply that point 5 is also not allowed?

And what about when they first say «but only for the following functionalities« and then inside a point they say «may not be used« What may not be used?

That I may not use single sign on with anything else than NSX and vRLI?
«single-sign-on functionality to access VMware products that support single-sign-on capabilities»

I honestly don’t know that to get out of this other than it doesn’t apply to this use case and that it is a shoehorn attempt to make a text fit something it is not meant to fit.

Other Clues?

When you look at the VMware download page for Identity Manger 3.3.1 it clearly stated what it can be used for. But it doesn’t go into details.
«Download VMware Identity Manager 3.3.1 (for vRA, vRops, vRLI, vRB, vRNI, NSX only)«

If any of you have any insight on this please give me an update.

To be continued…..