I sat for the VMware VCAP-DCD exam on Wednesday in preparation for the first VCDX defenses of 2016. Taking certification tests is always stressful, however looking back at this particular exam, it did not need to be. Many of the blog posts around preparation for the VCAP-DCD exam mention how difficult it is, being pressed for time, etc — fortunately, I found none of that to be true. Like any certification exam, your real-world experience is going to be the biggest factor — along with how you naturally think. I am blessed to have found the exam the easiest of the three and would gladly retake the exam over the VCAP-DCA exam any day of the week and twice on Sunday — and I’ve been an Ops-focused individual for 20 years!
My suggestions on preparation include some of the same items you’ve likely read before — the Pluralsight videos from Scott Lowe are great. They help to reinforce the topics in a clear and concise way. The vSphere Design book was another great read as well — it’s available on Safari Online if you have a subscription, as well as Amazon. The blueprint is the blueprint — avoid it at your peril. Really though, work on designs — if you are doing the work everyday in your job, the exam should be really straightforward and simple. There were no obscure, “only 2 people in the world have ever seen this scenario” questions on the exam. It was mostly, here is a set of requirements, here is what the end design needs to accomplish — diagram it out using the tool.
As far as the tool itself goes, it has some challenges. But the great thing about the tool is it is limited to what you need to focus on for that particular question. It still gives you a few “red herring” options for objects, but for the most part if you think you need something in the design and you don’t find it in the tool, then you are wrong — at least as far as the exam is concerned. So, use the tool to help you focus on the things it is looking for. Everyone has a different methodology with how they work through a design, and the exam is trying to test a broad set of people on a small subset of designs — there is going to be some differences.
As always, take your time. I did not feel rushed in the same way I did with the VCAP-DCA exam. Whereas I was rushing with minutes left to go to finish troubleshooting scenarios, I found myself completely finished answering and reviewing all the VCAP-DCD questions with just over an hour to spare. I had to sit back and focus on whether I felt completely finished or not.
The best feeling in the world is hitting that Finish button and immediately seeing a passing score! The next challenge is to finish my design paperwork for VCDX in February and get ready for that challenge!
I recently passed the VMware VCAP-DCA exam for vSphere 5.5, and as others have done, wanted to share a few of my thoughts on the exam. The absolute biggest challenge is time. At only 180 minutes long and 23 questions, you would think there would be ample time to get through every question with room to spare. Not the case for me. The first time I looked up, 60 minutes was gone, then before I knew it there was only 20 minutes left. The challenge is knowing how long to spend on any given question, since each one differs so much one from the next.
As far as studying goes, the best advice I can give you is to just practice vSphere troubleshooting and setup tasks as often as possible in a real environment or lab if you don’t have regular access to a production vSphere environment. I did take the VMware vSphere: Troubleshooting Workshop [V5.5] class back in December. It was helpful, but mostly just as a primer to the sort of questions you might be asked on the exam. The best thing to do, which I started doing back in January, was performing every task I could do using esxcli, PowerCLI and the vSphere Web Client. Using my Intel NUC lab, I went through setting up the entire environment from scratch several times — creating iSCSI mounts entirely using esxcli, creating distributed virtual switches, DRS/HA clusters, etc.
There are several study guides out on the Internet as well that are good for brushing up on the blueprint items you may be unfamiliar with. Download the ones you think will help you and go through them as much as possible. Overall, I would just say that if you are already a vSphere Administrator in your current role, the test itself will not prove too large of a hurdle. Just breathe deep and work through each question.
The questions themselves covered a broad depth of topics, but none of the questions were as arcane or obscure as a few VCP questions I got taking that test (i.e. storage encryption switch for Fiber Channel storage arrays and its effect on VMFS datastores). There were some questions you had to use esxcli to successfully complete, some that could be done either through the web client or the old thick client and a couple that you had to use the web client to answer.
I was not able to finish all of the questions in the time allowed and when I left the exam facility, I did not think I had passed. I was pleasantly surprised when the results arrived and I scored in the mid-300s — enough to pass. The VCAP-DCD exam is up in the next month in preparation for the VCDX defenses in the beginning of 2016.
If you decide to take the exam, good luck. It was a great feeling with the email saying I had passed the test!
Another great day at VMworld 2015 is in the books. For the first time, I have been able to get a behind-the-scenes look at what it takes to run the Hands-on-Lab (HoL) area for the VMworld conference. I spent most of the morning in the NOC area with colleagues monitoring the systems providing the HoL capacity. In a very good way, it was pretty boring. All of the months of hard work leading up to the conference has resulted in a pretty smooth user-experience — not withstanding the WiFi issues which are handled entirely by a 3rd party.
The afternoon saw me do something I had tentatively planned for the past several months — sitting for my VCAP5-DCA exam. Although I did not study to the level originally planned, I decided to take the test while at the conference both due to peer pressure and the convenience offered by doing it here. I had a positive overall experience taking the exam. The questions themselves were not as difficult or obscure as I was worried they would be. Having spent a significant amount of time administrating large-scale VMware private clouds over the past few years greatly helped with my confidence level during the exam itself. The one bit that is always hard is having to know and understand VMware technologies you may not have utilized in your career for whatever reasons. In my case, that mostly revolves around vSphere Replication and VUM — seriously who uses VUM anymore?
All that being said, the most difficult part of the exam is time management. The exam is only 180 minutes + 15 minutes for the survey. It is difficult to know if you are spending too much time on a single question when their difficulty and number of required steps vary so much one from the next. I tried to go through the questions in order, without skipping ahead to find the ‘easy’ questions — mostly because so many of them are based off of previous tasks you likely had to perform. I will say one thing, the lab environment experience was not as bad as I had read others having had.
Here are a few things I would have done differently had I known beforehand:
- After starting the exam, immediately log into the vCenter C# and Web Client — login takes several minutes and this will save you time later.
- Start the vMA appliance right away. Although I only had one question where the vMA appliance was required, you don’t want to be waiting for it half-way through the exam when you are starting to feel the time crunch.
- Start SSH on the ESXi hosts if that is your preferred method for using esxcli.
- Monitor how much you drink in the hours before the exam — that or get a catheter. If you have to use the restroom midway through, they will let you, but your time continues to tick away while you are gone.
I am looking forward to Wednesday at the conference. It will be my last day here, but if you see me walking around and want a Virtual Elephant laptop sticker poke me. I’ll be in the Solutions Exchange after the vBloggers session today.
The past week I found myself in need of additional capacity for a Cloud Native App deployment that my current home lab lacked and it was a perfect opportunity to activate my vExpert Ravello Systems account. I had read multiple posts on how to run a nested VMware vSphere environment within Ravello and so I jumped straight into the deep end of the pool. After logging into the system, building an initial ESXi VM image, I started building out the lab environment. The application blueprinting functionality in the Ravello interface is pretty intuitive and left me wishing some other tools I’ve used in the past were as simplistic.
The blueprint includes a small external management cluster, an internal management cluster and the workgroup cluster. Here is a screenshot of the lab environment.
External Management Cluster
The external management cluster runs the virtual machines services that are necessary to support the internal lab.
- VMware vCenter Server virtual appliance (VCSA).
- Linux VM running iSCSI for the ESXi hosts.
- Linux VM running DHCPD for the 2nd-level nested VMs.
- Windows 7 IE11 VM to act as a bastion host for accessing the environment.
The internal management cluster run the components such as VMware Big Data Extensions and vRealize Operations.
- 4 ESXi hosts running 5.5U2
The workgroup cluster runs the nested VMs deployed by Big Data Extensions, such as Hadoop, Mesos and Kubernetes clusters.
There were a couple of issues I encountered when I first started using the lab environment. I was able to find a resolution for each one in various places on the internet, but I want to share them all here for future reference.
The vCenter server will throw an error that will require user-intervention to boot due to the fact that when it is deployed as a 1st-level VM, it is running inside a KVM container. To solve the issue, follow these instructions from Ravello found on their site.
2nd-level Nested VMs
When I went to deploy 2nd-level VMs within the Ravello lab, I found they would not power on due to an incompatible hypervisor. To solve the issue, I had to add the Advanced Setting on each of the virtual machines deployed as a 2nd-level VM.
vmx.allowNested = “TRUE”
The next problem I encountered with 2nd-level VMs was the lack of DHCP functionality. The Ravello provided DHCP server for the networks within the application blueprint does not work beyond the 1st-level VMs. To solve the issue, I created a CentOS Linux VM (shown in the External Management Cluster above) and added a reserved IP address for it in the configuration.
Deploying OVF/OVA to the vCenter VM failed
After getting the vCenter configured with the ESXi hosts and HA/DRS clusters, the next step was to deploy the VMware Big Data Extensions vApp. During the configuration of the vApp (storage, network, etc), it failed to allow me to complete the deployment. After looking into the issue, it became apparent it was an issue of the public IP address being a NAT into the private network running inside Ravello.
To solve the issue, I deployed the Windows 7 IE11 VM and then opened an RDC session to the environment. From there I was able to access the vCenter server on the private IP network and perform the OVA deployment of BDE.
Note: If you need a free Windows VM that you can deploy any vSphere environment, log onto the Microsoft Edge site.
My overall experience with Ravello this past week and consuming around 1500 CPU hours was pretty good. I liked the interface for creating the environment, being able to set a shutdown/startup schedule and overall deployment of the 1st-level VMs. The negatives I encountered were solely around the performance of the 2nd-level nested VMs. Deploying a Mesos cluster through BDE took a long time — I started a small 9 node cluster, went out to dinner with my wife, and it was finishing when we got home 1 1/2 hours later.
With it being VMworld this week, I went down to the Solutions Exchange area and talked to a few people at Ravello about the performance issues I encountered and they offered me some suggestions. I will be checking the environment to see if the settings they recommended make a noticeable difference. For now I am giving them the benefit of the doubt.
Overall, I think the system is a really great opportunity for VMware evangelists to spin up a low-cost lab environment to test new functionality as 1st-level VMs. Which makes it a great place to work on certification objectives for VCP, VCAP/VCIX exams. Trying to test out Cloud Native App frameworks (Kubernetes, Mesos, Docker Swarm) is probably not the best environment.
I will continue to use the environment — especially because of the vExpert program they offer — and I am hopeful the performance will increase over time for the 2nd-level workloads.
In a recent conversation, it became clear to me that my knowledge of the inner workings of VXLAN and VSAN were not a deep as they could be. Since I am also studying for my VCAP exams, I knew additional time educating myself around these two technologies was a necessity. As a result, I’ve spent the last day diving into the IGMP protocol, multicast traffic and how they are utilized both within VXLAN and VMware VSAN. I wanted to capture what I’ve learned on a blog post as much for myself as for anyone else who might be interested in the subject. Writing what I’ve learned is one way I can absorb and retain information long-term.
IGMP is a layer 3 network protocol. It is a communications protocol use to establish multicast group memberships. It is encapsulated within an IP packet and does not use a transport layer — similar to ICMP. It is also used to register a router for receiving multicast traffic. There are two important pieces within the IGMP protocol that VXLAN and VSAN take advantage of — IGMP Querier and IGMP Snooping. Without these two pieces, IGMP would act astonishing more than a broadcast transmission and lack the efficiency required.
The IGMP Querier is the router or switch that acts as the master for the IGMP filter lists. It will check and track membership by sending queries on a timed interval.
On a layer 2 switch, IGMP Snooping allows for the passive monitoring for IGMP packets sent between router(s) and host(s). It also does not send any additional network traffic across the wire, making it more efficient for multicast traffic passing through the network.
That’s IGMP in a nutshell — so how is it used in VXLAN?
In order for VXLAN to act as an overlay network, multicast traffic is used to enable the L2 over L3 connectivity — effectively spanning the entire logical network VXLAN has defined. When a virtual machine connects to a VXLAN logical network, it behaves as though everything is within a single broadcast domain. The ESXi hosts, configured for VXLAN, register themselves as VTEPs. Only those VTEPs that register with the VXLAN logical network participate in the multicast broadcasts. This is accomplished through IGMP Snooping and IGMP Querier. If you have 1000 ESXi hosts configured for VXLAN, but only a subset (say 100) of the hosts are concerned for a specific VXLAN logical network, you wouldn’t want to send multicast broadcasts out to all 1000 ESXi hosts — that would be inefficient by increasing the multicast traffic on the network unnecessarily.
There is a really good VMware Blog 4-part series on VXLAN and how it operates here.
The implementation for VSAN is very similar to that of VXLAN. The VSAN clusters require a methodology for learning what ESXi hosts are adjacent to each other and participating as a VSAN cluster. VMware uses layer 2 multicast traffic for the host discovery within VSAN.
Once again, IGMP Querier and IGMP Snooping are play a beneficial role. VMware states that implementing multicast flooding is not a best practice. By leveraging both IGMP Snooping and IGMP Querier, VSAN is able to understand who wants to participate within the multicast group. This is particularly beneficial when multiple network devices exist on the same VLAN that VSAN is operating on.
If you have multiple VSAN clusters operating on the same VLAN, it is recommended you change the broadcast address for the multicast traffic so they are not identical. This will prevent one VSAN cluster from receiving another clusters broadcasts. It can also help prevent the Misconfiguration detected error under the Network status sections of a VSAN cluster.
For a better understanding of how VSAN operates, please check out the VMware blog entry here.
For a season network professional, I highly doubt any of this was new or mind-blowing. For someone who does not generally dive into the various network protocols — but should probably start doing so — this information was both a good refresher on IGMP and helped me understand both VXLAN and VSAN a bit better.
Did I get something wrong? Let me know on Twitter.