Public Catalog Access for vApp Authors fails post-v5.5.1 Upgrade

vAppAuthorThis one stumped me for a little bit.

The private cloud in my lab is fairly simple in layout – 2 RHEL cells with a vCNS load balancer, shared NFS server and DB server. The Organisations are provisioned such that of the 3 tenants, one is a master tenant that is only used for creating and maintaining vApp templates, via a Public Catalog for sharing the templates for cloud provisioning and vCAC blueprint testing.

Running this configuration in with no changes to the default vCloud Director (vCD) roles worked fine – delegated LDAP users in the 2 user organisations were able to select vApp templates from the Public Catalog and deploy them locally. All good.

The issue came when the cells for vCD were upgraded to the latest v5.5.1 build. All of a sudden – vApp Author users out of the box could not see the public catalog despite having the role description ‘Rights given to a user who uses catalogs and creates vApps’.

After much digging and testing, I found that during the upgrade, the default permissions for the pre-defined roles in vCD had changed. Prior to the 5.5.1 update, the specific permission ‘View Shared Catalogs from Other Organisations’ was checked by default, so users with this role had this permission by default. Post-5.5.1 upgrade, this had been removed.

Solution. Simple enough – log in to the vCD instance as a System Administrator user, select ‘Administration > Roles’. Edit the vApp Author role, and open ‘All Rights > Catalog’. Check the box next to: ‘View Shared Catalogs from Other Organisations’. Click OK and return to vCD.

All the assigned users who have this permission will be updated in global fashion, but those already logged-in to the vCD portal may need to re-authenticate to obtain the new permission settings.

vCHS in the UK

vCHS-in-the-UK1I was fortunate and privileged recently to be invited to the UK launch event for VMware’s vCloud Hybrid Service in the UK. The first of many planned deployments in the EMEA region for VMware.

VMware’s vCloud Hybrid Service became public in the US in September last year.  Swiftly afterwards, VMware announced their plans to bring the service to EMEA in 2014 and, as of Tuesday 25th February, it is generally available in Europe.

Besides being a blogger, I’m also fortunate to work for a leading VMware Partner in EMEA (Xtravirt). As we’re one of the few Hybrid Cloud certified partners (at the time of writing), I’m hoping to be working on some vCHS projects in the near future. Exciting!

Why the UK and Why now?

The feedback from EMEA customers indicated that many of them were concerned about data locality and the sovereignty of their datacenters. A Vanson Bourne survey of 200 IT decision makers conducted earlier this year on behalf of VMware indicated that:

  • 86% recognised a business need to keep data within UK borders
  • 85% said current clouds were not integrated with their own internal infrastructure
  • 81% said that they need to make public cloud as easy to manage and control as their own infrastructure

The Launch Event

The launch of the service in London was anticipated for several weeks following a beta programme that was oversubscribed ten-fold. Initially, vCHS will be available via a single UK data centre.  An additional data centre is due to come online in the 2nd quarter of this year and VMware already have plans to expand the service into more European countries.

The relative importance to VMware of this launch was perhaps best emphasized by the presence of their CEO, Pat Gelsinger, who flew in from California for it.  VMware have invested heavily in vCHS and will continue to do so as demand for public cloud services grows. Pat’s presence underlined to me the importance that VMware places on vCHS in their future.

During Pat’s talk, he gave an overview of how he and VMware see that we’re in the middle of a shift from an appliance era to one of mobile cloud. vCHS is one of the ways that VMware are using to move with that shift. He also mentioned about how he’d recently had to write a cheque for $1.5Bn for VMware’s purchase of AirWatch. I thought I’d try it out to see what it felt like…


I guess it’d be more impressive if I actually had that money in my account! If anyone else tries this, tell me if you use Dr Evil’s voice when writing it out.

Much of the remaining time at the event was dedicated to a Q&A panel involving many of the UK / EMEA’s top brass and vCHS product managers.

vCHS Benefits – A Customer Perspective

Obviously, VMware weren’t the first to market with a public cloud offering (think Amazon AWS or Microsoft Azure for instance), but a significant portion of the launch briefing was focused around how vCHS benefits existing VMware customers more than a move to a 3rd party cloud provider does.  For this, two of the service’s beta participants talked about their experiences.

Betfair’s business activities, as part of the online gaming industry, are heavily regulated within the UK. One of their IT challenges is providing the business with sufficient agility to grow and develop. However, Betfair found that the potential benefits of cloud economics are balanced against the complexity of maintaining regulatory compliance when using cloud service providers. The key differentiator that they picked out in vCHS for them was the integration with their existing virtual platform (vSphere). Being able to migrate workloads from their on-premise platform to their dedicated vCHS space and (using other parts of the vCloud Suite) presenting business users with a single interface to request and manage virtual infrastructure made their adoption of vCHS for development and testing purposes possible.

Cancer Research UK’s story is similar. Their key driver is to reduce their spend on “tin and wires” as they’re not an IT business. As a charity, regular and predictable costs are far more preferable to infrequent capital outlays for growth and hardware refreshes. Cancer Research wanted something they could just plug into and use to maximize their IT efficiency and move away from legacy systems.

Thinking about these use cases, there’s certainly clear benefits for both customers.

Use Cases

vCHS has several use cases and benefits. Key amongst the benefits is the ability to utilise existing vSphere management products and interfaces to manage your estate. Such integration is going to be a big selling point in my opinion.

As for use cases, here are just a few:

  • Use as a Disaster Recovery datacenter
  • Migrate from existing  Virtual Infrastructure and reduce your physical datacenter assets
  • SMEs could use it to host workloads that require Enterprise vSphere features and keep test and development systems in house
  • Affordable means to grow IT infrastructure without capital investement

Put another way, if you imagine an organisation with an existing virtual datacenter, their usage of it is likely to look something like this:


  • 75 – 90% (ish) is used by running services
  • 10 – 25 % might be reserved for high availability and maintenance constraints
  • A few percent might be available to support business growth

That’s a reasonable chunk of resources that are required (and must be paid for) that don’t run any workloads under normal conditions.

Imagine though if the business had datacenter resilience requirements that necessitated a second datacenter for DR:


The organisation has to pay for a lot more hardware and software that might never be required and that will have to kept up-to-date over time. (Of course, they could run workloads in both datacenters and fail over should DR be required but the amount of resources required wouldn’t reduce much.)

Using vCHS, such an organisation could very easily do any or all of the following:

  • Use vCHS for DR. They’d have to pay for storage used and they’d need a pretty chunky network connection but surely they have that anyway. In the evnt of needing to failover, they pay for the resource used.
  • Use vCHS to support business growth without having to invest in capital equipment.
  • Migrate their workloads to vCHS rather than refresh on-premise hardware and use multiple vCHS datacenters for resilience.

The opportunities are both interesting and exciting to me.

Improving vSphere Web Client Performance

With the release of the (now maturing) VMware vSphere 5.5 release, more and more operations (but not all – yet) are being migrated to the vSphere Web Client.

Functionality of the vSphere 5.1 features are all fully available in the vSphere 5.5 .Net Windows client (the traditional client) along with Site Recovery Manager and Update Manager administration functions, but any and new vSphere 5.5 features are now only available via the web client.

Lots is made of the performance of the web client, and having used it on my home lab and now in Production environments, I can see why some users report on there being some perceived performance lag in the web client compared to the Windows client (population of menus, general navigation etc).  First off, a direct comparison of similar tasks shows the Web Client is slower compared to the Windows client, but there is a couple of things you can do as an administrator to improve the situation.

  1. Use a local browser on a server via a jumpstation if connecting to the infrastructure remotely. It might sound obvious, but with the Web Client using Flash – if you are connecting over a home broadband, VPN or WAN link to your DC, then decreasing the traffic route between the browser and the vCenter server improves performance significantly.
  2. Change the Flash settings of your browser. Because of the Web Client’s reliance on Flash, there are some settings that can assist in improving the performance of the Flash plug-in within the browser. Changing the ‘Local Website Storage’ setting can increase the temporary storage available to Flash from a default 100kb setting to something higher and more performant. This setting is set low intentionally because of security in Flash, rather than specifically for the vSphere Web Client. Fortunately, Adobe give a simple live view of the flash settings for your browser – to enable simple updating of the required setting.
    1. Visit:
    2. In the live view box, select your vCenter server (either by DNS or IP address) – see image below.
    3. Change the settings slider from 100kb up to 10MB or unlimited (mine is set to Unlimited).
    4. Close the website and browser session.
    5. Reload the Web Client. Is performance better? It might be with usage…..
  3. Another tip is to change the Tomcat configuration on the vCenter server. VMware has a KB published on this, where they talk about the ‘Small’, ‘Medium’, and ‘Large’ infrastructure instances we see at installation time. This change is about changing the JVM heap size to 3GB (usually for large installations), as this then impacts the vFabric tc Server on which the vCenter server is based. I have used this a couple of times for customers who have seen performance degradation on their vCenter Web Clients.


Hopefully these tips are useful – and the performance of your vSphere Web Clients improves as a result!

Update: Apparently VMware Support may use blogging sites to forward information to customers! Item 2 in the list above is also listed on the virtuallyGhetto blog of William Lam (Twitter: @lamw).

vCloud Director 5.1 to 5.5 Cell Upgrade ‘cpio: chown failed’

Upgrading my lab environment from vCloud Director v5.1 to v5.5, I came across an interesting error whilst upgrading the cells. My lab has the following vCD configuration:

  • 2 x RHEL 6.2 Cells
  • 1 x RHEL 6.2 NFS Server
  • 2 x vShield load balancer instances
  • 1 x Windows 2008 R2 DB server running SQL Server 2005

The upgrade process was:

  1. Quiesce the cell using the Cell Management Tool commands. (Upgrade Guide)
  2. Upload the vCD .BIN file to the /install directory of the cell (using WinSCP or similar).
  3. Change the execution parameters for the vCD .BIN file. (Upgrade Guide)
  4. Running the installation .BIN file. (Upgrade Guide)
  5. Confirm the existing v5.1 cell instance can be upgraded.

This is where the interesting error came in. The error: ‘error: unpacking or archive failed on file /opt/vmware/vcloud-director/data/transfer: cpio: chown failed – invalid argument’.


Now because my ‘transfer’ folder is actually an exported NFS share from a third server that doesn’t host a vCD cell, I did a little digging around. I found references to 2 main things – no_root_squash and the version of the NFS export itself. On my NFS Server, the export was already set with the (rw, no_root_squash) parameters, but I rebooted both the cell and the NFS server anyway. The other idea was there was potential issues with NFS4 exports. So, I changed the export version in /etc/fstab to NFS3 using the following fstab line entry:

 <NFS Server IP>:nfs    /opt/vmware/vcloud-director/data/transfer/    nfs    rw,vers=3    0    0

Save changes to /etc/fstab and reboot the cell, and retry the cell upgrade using the .BIN file from earlier.

With the export set as NFS v3, the upgrade should be successful and the cell upgrade can proceed.

Getting Started with VMware Certification (The Easier Way)

It’s always been difficult to justify getting started on the journey to a VMware certification. In the past, the first certification available from VMware was the VMware Certified Professional (VCP). This in itself was a large first step to take, comprising an instructor-led prerequisite and a technical-level exam. Somewhat daunting and costly!

All that is changing with 2 important new developments from the VMware Certification Team: VMware Certified Associate (VCA) and on-line training availability.

The VMware Certified Associate-level exams are aimed at giving users a broader understanding of the 4 technology areas (Virtualization, Cloud, Mobility & Network Virtualization), to allow them to become conversant in the technologies and to prove a level of understanding in each area. There is no course prerequisite, and VMware even offers free self-paced online training in each area. Interested? Check out:

The second important area concerns the prerequisite instructor-led course for VCP certification. VMware now offers an online self-paced vSphere: Install, Configure & Manage (ICM) course available to users for a 90 day period in order to complete the VCP exam required training – enabling booking of the exam. Sound good? Even better – VMware also offers discounts on the ICM online course via the website:

Speaking to Julie Escott (VMware EMEA Education Operations Manager) at the UK VMUG Conference, she told me: “These two announcements are very important to people looking to get started with VMware certification. The Associate level exam demonstrates a broad VMware technology knowledge, and really helps people get started towards VCP and the more advanced certification tracks. We at VMware are trying to get the word out about these exciting new developments so people can take advantage of them”.

So, what are you waiting for? Getting started with VMware Certification has never been easier!