Top VCF 9 Updates: Installer, NVME, and More

Afbeelding met tekst, schermopname, ontwerp

Door AI gegenereerde inhoud is mogelijk onjuist.

Afbeelding met tekst, schermopname, Lettertype, logo

Door AI gegenereerde inhoud is mogelijk onjuist.

What are my things I would like to test

  • VCF 9 installer (VCF 9 Beta i looked good)
  • NVME Tiering
  • vSAN ESA Dedub
  • VCF 9 with Ubiquiti
  • Kubernetes Service now includes Windows containerization
  • NSX VPC Support

Afbeelding met tekst, schermopname, Lettertype, nummer

Door AI gegenereerde inhoud is mogelijk onjuist.

Afbeelding met tekst, schermopname, software, multimedia

Door AI gegenereerde inhoud is mogelijk onjuist.

The VCF Cloud Foundation Installer makes lives a lot easier! More about this coming very soon

Afbeelding met tekst, multimedia, software, schermopname

Door AI gegenereerde inhoud is mogelijk onjuist.

The VCF Operations Console is looking good! I used it in the VCF 9 beta

More about this also later!

Easy Script to Create DNS Records in VCF Lab

When you build your VCF Lab environment you want to create your DNS records automatically. I use for DNS a Windows Server.

The Script:

function ConvertTo-DecimalIP {
param ([string]$ip)
$parts = $ip.Split(‘.’) | ForEach-Object { [int]$_ }
return ($parts[0] -shl 24) + ($parts[1] -shl 16) + ($parts[2] -shl 8) + $parts[3]
}

function ConvertTo-DottedIP {
param ([int]$intIP)
$part1 = ($intIP -shr 24) -band 0xFF
$part2 = ($intIP -shr 16) -band 0xFF
$part3 = ($intIP -shr 8) -band 0xFF
$part4 = $intIP -band 0xFF
return “$part1.$part2.$part3.$part4”
}

$zone = “testlab.nl”
$startip = “192.168.200.10”

$dnsrecords = “vcf-m01-cb01″,”vcf-m01-sddcm01″,”vcf-m01-esx01″,”vcf-m01-esx02″,”vcf-m01-esx03″,”vcf-m01-esx04″,”vcf-w01-esx02″,”vcf-w01-esx03″,”vcf-w01-esx04″,”vcf-w01-esx04″,”vcf-m01-nsx01a”,”vcf-m01-nsx01b”,”vcf-m01-nsx01c”,”vcf-m01-nsx01″,”vcf-w01-nsx01a”,”vcf-w01-nsx01b”,”vcf-w01-nsx01c”,”vcf-w01-nsx01″,”vcf-m01-vc01″,”vcf-w01-vc01″
$count = $dnsrecords.count

# Convert start IP to decimal

$decimalIP = ConvertTo-DecimalIP $startIP
$i = 0

# Loop and print incremented IPs

foreach ($dnsrecord in $dnsrecords) {
$i -lt
$count;
$i++
$currentDecimalIP = $decimalIP + $i
$currentIP = ConvertTo-DottedIP $currentDecimalIP
Add-DnsServerResourceRecordA -Name $dnsrecord -ZoneName $zone -AllowUpdateAny -IPv4Address $currentIP -CreatePtr
Write-Output “DNS record $dnsrecord in $zone with $currentIP is created” -ForegroundColor Green

Simplified DNS Zone Commands for Windows

     

To very handy command’s when you are building your labs multiple times when using a Windows Server as a DNS Server

I wanted to do it through Powershell but i think this is the easiest way to do.

dnscmd /zoneexport “wardvissers.nl” “wardvissers.nl”

dnscmd /zoneadd “wardhomelab.nl” /primary /file wardhomelab2.nl.dns /load

Deploying Windows VMs with Terraform and Packer

A whale ago, I started using Packer for creating Windows Templates for using in my home lab.
I blogged about it here: Windows Server 2025 “Preview” deployment with Packer

So now I want to deploy a template with Terraform, which was created earlier by Packer.

First, we need to ensure we have the Terraform downloaded and the vSphere provider Initialized.

  1. Install Terraform: You can download it from the official Terraform website and follow the installation instructions for your operating system.

I made my life a little easier to create a PowerShell script that downloads the latest version: Download Terraform.ps1

  1. Initialize Your Terraform Configuration: Create a directory for your Terraform configuration files. Inside this directory, create a `main.tf` file (or any `.tf` file) where you will define your provider and other configurations.
    Define the vSphere Provider in Your main.tf: Add the following block to your Terraform configuration file to specify the use of the vSphere provider:

terraform {

  required_providers {

    vsphere = {

      source = “HashiCorp/vsphere”

      version = “> 2.11”

    }

  }

}

provider “vsphere” {

  user           = vcenter_username

  password       = vcenter_password

  vsphere_server = vcenter_server

  # If you have a self-signed cert

  allow_unverified_ssl = true

}

Replace ”vcenter_username”, ” vcenter_password” , ”vcenter_server” with your actual vSphere credentials and server address.

  1. Basic Terraform Commands

Terraform.ps1

# Go to the Terraform download folder

$terraformfolder = ‘d:\automation\terraform\’

Set-Location $terraformfolder

# Download Terraform plugins

.\terraform.exe init

# Test Run

.\terraform.exe plan

# Run Terraform

.\terraform.exe apply

# Clean Up what you created

.\terraform.exe Destroy

Initialize the Terraform Working Directory: Run the following command in your terminal from the directory where your Terraform configuration file is located:

terraform init

Afbeelding met tekst, schermopname, Lettertype, software

Door AI gegenereerde inhoud is mogelijk onjuist.

This command will download the vSphere provider and initialize your Terraform working directory. It sets up and downloads the necessary provider plugins for Terraform to interact with vSphere.

Verify the Installation: After running `terraform init`, you should see output indicating that the vSphere provider has been successfully installed. You can now proceed to create Terraform configurations to manage your vSphere resources.

Deploy a Template VM within vSphere

In this example, we are deploying a VM running Windows Server 2022.

Terraform Module Structure

  1. variables.tf: Define the variables for the module.
  2. main.tf: Contains the main configuration for the VM.
  3. outputs.tf: Define the outputs for the module.

Variables.tf

variable “vsphere_user” {

  default     = “<your_vcenter_username_here>”

   description = “vSphere username to use to connect to the environment – Default: administrator@vsphere.local”

}

variable “vsphere_password” {

  default     = “<your_vcenter_password_here>”

  description = “vSphere vCenter password”

}

variable “vsphere_server” {

  default = “<your_vcenter_here>”

  description = “vSphere vCenter server”

}

variable “datacenter” {

  default = “<your_datacenter_here>”

  description = “vSphere datacenter”

}

variable “cluster” {

  default = “<your_cluster_here>”

  description = “vSphere cluster”

}

variable “network” {

  default = “<vcenter_network>”

  description = “vSphere network”

}

variable “datastore” {

  default = “<your_destination_datastore_>”

  description = “vSphere datastore”

}

variable “template” {

  default = “<your_template_name_here>”

  description = “Template VM”

}

variable “customization_specifications” {

  default = “<vcenter_customization_specifications>”

  description = “Customization Spec”

}

When you run “.\terraform plan” you do a test run to check your coding

Afbeelding met tekst, schermopname, Lettertype

Door AI gegenereerde inhoud is mogelijk onjuist.

Afbeelding met tekst, schermopname, Multimediasoftware, software

Door AI gegenereerde inhoud is mogelijk onjuist.

When you run “.\terraform apply” build your virtual machine

Afbeelding met tekst, schermopname, Lettertype

Door AI gegenereerde inhoud is mogelijk onjuist.

Afbeelding met tekst, schermopname, Lettertype, software

Door AI gegenereerde inhoud is mogelijk onjuist.

Based on: https://vminfrastructure.com/2025/03/11/deploying-a-vm-using-terraform/

It works but it need some tweaking and fixing.

Adding a TPM2.0 security device does not work right now
Server 2025 customization does not work

Get LDAPS Certificates: A Guide with OpenSSL

Using OpenSSL on Any Platform to get the LDAPS Certificate from the AD Server

Using OpenSSL should work with any Active Directory Server platform. (Windows, Linux etc.). I use Windows in my case

Requirements:

  • Openssl
  • FQDN or IP of the Active Directory Server
  • LDAPS certificate installed in the Active Directory Server certificate store

Steps:

  1. Run the following command from your local computer:
    openssl s_client -showcerts -connect <ip or fqdn of your active directory server>:636
  2. In the output, copy the certificate portion of the output to a text file

rtal

3. Save the text file as my_ldaps_cert.pem.

The saved certificate can be installed into any software that needs to connect to your Active Directory using LDAPS.

Essential Insights on Windows Server 2025

Essential Insights on Windows Server 2025

  1. Free Windows Server 2025 Security Advice Book read here and download here
  2. Windows Server 2025 is Certified on VMware vSphere
  3. Windows Server 2025 known issues and notifications
  4. New & Updated Security Tools
  5. Windows Server 2022 to 2025: Active Directory Upgrade Guide

My HomeLab anno 2024

My home lab is manly used for testing new stuff released by VMware (70%) en Microsoft (20%) other stuff (10%)

For the Base I use my Home PC

Intel i5 12600k
128 GB Memory
2 x 2TB Samsung 980 and 990 Pro SSD.
Windows 11 Pro
VMware Workstation Pro

On my Home PC running
Server 2022 (Eval for DC)
ESXi801 (16 GB) (NSX Demo Cluster)
ESXi802 (16 GB) (NSX Demo Cluster)
ESXi803 (64 GB) (General Cluster) )
ESXi804 (64 GB) (General Cluster)
ESXi805 (24 GB) (Single Node vSAN Cluster)
ESXi806 (16 GB) (4 Node vSAN Cluster)
ESXi807 (16 GB) (4 Node vSAN Cluster)
ESXi808 (16 GB) (4 Node vSAN Cluster)
ESXi809 (16 GB) (4 Node vSAN Cluster)

ESXi701 (24GB) (General Cluster)
ESXi702 (24GB) (General Cluster)

In general cluster there a running the most VM’s. Also here I am testing Packer and Terraform.

Afbeelding met tekst, schermopname, software, Lettertype

Automatisch gegenereerde beschrijving

For a while I used a 2TB Samsung SSD a Storage for ESXi Server through Truenas
But I wanted a larger storage for all my VM’s.

After reading on William Liam blog Synology DS723+ in Homelab and Synology NFS VAAI Plug-in support for vSphere 8.0

So I did a nice upgrade. Afbeelding met tekst, schermopname, software, nummer

Automatisch gegenereerde beschrijving

I used not the original Synology Parts. Following parts works fine.
Kingston 16 GB DDR4-3200 notebook memory
WD Red SN700, 500 GB SSD
WD Red Pro, 8 TB

* For Read-Write caching you need 2 SSD devices.

For mouting the NFS shared I created a little powercli script.

https://github.com/WardVissers/VMware-Powercli-Public/blob/main/Add%20NFS%20DataStore%20Github.ps1

Updated ouut-of-band (OOB) updates are released for March 2024 for Windows Server Domain Controllers

Microsoft has identified an issue that affects Windows Server domain controllers (DCs), and has expedited a resolution that can be applied to affected devices. Out-of-band (OOB) updates have been released for some versions of Windows today, March 22, 2024, to addresses this issue related to a memory leak in the Local Security Authority Subsystem Service (LSASS). This occurs when on-premises and cloud-based Active Directory domain controllers service Kerberos authentication requests.

This issue is not expected to impact Home users, as it is only observed in some versions of Windows Server. Domain controllers are not commonly used in personal and home devices.

Updates are available on the Microsoft Update Catalog only. These are cumulative updates, so you do not need to apply any previous update before installing them, and they supersede all previous updates for affected versions. If your organization uses the affected server platforms as DCs and you haven’t deployed the March 2024 security updated yet, we recommend you apply this OOB update instead. For more information and instructions on how to install this update on your device, consult the below resources for your version of Windows:

  • Windows Server 2022KB5037422
  • Windows Server 2019: Available soon
  • Windows Server 2016KB5037423
  • Windows Server 2012 R2KB5037426

Note: The OOB release for Windows Server 2019 will be released in near term.

Windows Server 2025 “Preview” deployment with Packer

As Windows Server 2025 Preview is officially released, I wanted to test a  automated build of the Windows Server 2025 Preview release. So that I can deploy this in my home lab and going to test the new features if I can find the time….

About Hashicorp Packer

Hashicorp Packer is a self-contained executable producing quick and easy operating system builds across multiple platforms. Using Packer and a couple of HCL2 files, you can quickly create fully automated template(s) with latest Windows Updates en VMware Tools. When you schedule a fresh builds after patch Tuesday  you have always an up-to-date and fully secured template.

When using VMware customization tools. You can spin up vm’s in minutes.

Automated Windows Server 2025 “Preview” Build

Files you need?
The files and versions I am using at the time of this writing are as follows:

Outside of downloading both Packer and Windows Server 2022 Preview build, you will need the following files:

  • windowsserver2025.auto.pkrvars.hcl – houses the variable values you want to define.
  • windows2025.json.pkr.hcl – the Packer build file
  • Answer file – Generated with Windows System Image Manager (SIM) you can download the file below
  • Custom script file(s) – optional

Other considerations and tasks you will need to complete:

  • Copy the Windows Server 2025 ISO file to a vSphere datastore

Windows Server 2025 unattend Answer file for the automated Packer Build

Like other automated approaches to installing Windows Server, the automated Windows Server 2025 Packer build requires an answer file to provide answers to the GUI automatically and other installation prompts that you normally see in a manual installation of Windows Server.

You will find the scripts here: https://github.com/WardVissers/Packer-Win2025

The only problem that I had was: Switching from Nic from Public to Private

# Set network connections profile to Private mode.

Write-Output ‘Setting the network connection profiles to Private…’

do {

    $connectionProfile = Get-NetConnectionProfile

    Start-Sleep -Seconds 10

} while ($connectionProfile.Name -eq ‘Identifying…’)

Set-NetConnectionProfile -Name $connectionProfile.Name -NetworkCategory Private

Windows Server 2025 Preview (Build: Canary 26052)

I had some time to check out the new version of Server 2025.

For the full upcomming features check: https://ignite.microsoft.com/en-US/sessions/f3901190-1154-45e3-9726-d2498c26c2c9?source=sessions

Download Server 2025 Preview: https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver

Server 2025 will come with a lot of features (My Top 20+):

  • General – Server 2022 upgrade to .vNext (Controled bij GPO)
  • Hot Patching (Arc Enabled, Monthly Subscription)
  • Active Directory – 32k page
  • Active Directory – Numa
  • Active Directory – LDAP TLS 1.3
  • Active Directory – Improved Security for Confidential Attributes
  • Active Directory – Active Directory LDAP prefers Encryption bij Default
  • Active Directory – Kerberos Support for AES/SHA256/384
  • Active Directory – Changes to Default behavior of legacy SAM RPC Spassword change methods
  • Active Directory – Kerberos en KPINT Support cryptographic agility
  • Active Directory – New AD Forest en Domein Level (Minimal Server 2016 requirement)
  • Storage – NVME 70%/90% peformance increase
  • File Server – SMB over Internet (Quick Protocol)
  • File Server – More Control over SLTM
  • File Server – SMB Limitor (Enabeld bij Default)
  • File Server – Signing by Default
  • File Server – Minimum version SMB
  • File Server – More Secure Bij Default (Netbios disabled bij default)
  • RDS – M365 Apps stil supported for every Windows Server release 2-3 years
  • Finance – General support and Pay-as-you-go Support

Need to find some time to dig in

Handy link: https://techcommunity.microsoft.com/t5/windows-server-insiders/announcing-windows-server-preview-build-26040/m-p/4040858

Translate »