Tuesday, January 16, 2018

F5 LB common misconfigurations for vRA 7.x

Working with some customers to build vRealize Automation 7.x in production environment I have had some problems configuring F5 Load Balalancers, although these errors affected to F5 these mistakes can affect other load balancers as well. These recommendations are based on my own experiences but I based this article on others blogs posts. Just I tried to make a summary.

1- Utilize the load balancer VIP for initial installation

Please don't try to use the load balancer VIP during vRA installation. While if setup perfectly this will work, a small mistake with the VIP configuration can make the installation and configuration of vRealize Automation feel impossible. For this I would recommend you create the VIP DNS record and just point it to your first nodes. Complete your vRA installation and configuration and only after confirming your setup is stable and fully installed to point your VIP DNS record to your actual VIP IP. This will make your installation go much smoother, and allow you a much easier path to troubleshooting if you made a mistake during load balancer configuration.

2- Leaving the vRA Virtual Servers Load balancing Type to “Standard”

F5 load balancer usually offers three Virtual Servers Load balancing types “Standard”, “Performance Layer 4”, and “Layer 7”. By default, F5 vRA Virtual Servers is configured with load balancing type “Standard”, which does not work well with vRealize Automation. I saw the network team leaving this paramater to the default value of “Standard” causing vRealize automation to fail. Below is a sample errors faced when using the “Standard” Load balancing type:

“Error processing ping response Unable to connect to the remote server Inner Exception: Unable to connect to the remote server”

“Error processing ping response System.Data.Services.Client.DataServiceTransportException: Unable to connect to the remote server —> System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it :443”

The recommended configuration for the F5 Virtual Servers Load balancing type is “Performance Layer 4” and using any different type can cause issues. I would recommend sticking with the supported, recommended, and tested configuration in here.

3- Forgetting to Setup Protocol Profile (Client) to “fastL4”

Not setting up Protocol Profile (Client) to “fast L4” in the F5 can cause similar issue to the ones seen in the above point. Same bad result.

4- Leaving the default setting to HTTP Profile to “http” in Virtual Servers

By default, F5 is configured with the HTTP Profile of “http” , which does not work well with vRealize Automation. The correct value is "none". The behaviour to leave this setting with "http" is undefined, sometimes work sometimes does not work. Looks unstable. With "none" the F5 works normally.

I hope this help some of you fix some issues caused by F5 load balancer configuration when creating a vRA distributed environment.


Thursday, January 4, 2018

Exam VCP7-CMA (2V0-731) passed

Last month I sat the VCP7-CMA exam (or 2V0-731 as it is affectionately known). The exam is new but I wanted to give it a shot while a had the chance and before other things consumed the diary.

I got a 335 score, it was close but I managed to pass. For me it was way tougher than VCP6-NV. I already had taken last year VCP6-CMA (2016), but saw that the VCP7-CMA was created, then I decided to do.  After two postpone times I could take it. It was a challenge because I confess, I almost didn't study, even one day before, I tried to postpone one more time, but I couldn't.

I studied reading some pdfs in the documentation (reference architecture, foundations, installing, configuring, managing) but I still got caught off guard with stuff like business management and composite blueprints. You should pay special attention to XaaS and vRO stuff. I recommend this guide.

The exam is 85 questions in 120 minutes (for not native english speakers). I used only 80 minutes. The questions I didn't know or I had doubt, I didn't stop so much.

Be careful, because the exam is based on vRA 7.2 rather than the latest 7.3. Then some little things are different.

Last recommendation, if you want to use some dump exam, be careful, all are wrong, they have many answers wrong and are different among them. I preferred to study instead.

Now, I go for VCAP7-CMA (3V0-732).

Regards and good luck.