Building a Log Insight Cluster

brac-header

Finding a post for today’s #vDM30in30 post was a challenge. When I set out to complete the challenge I knew the later posts would become more difficult as the weeks wore on, but I didn’t think the challenge would arise so quickly (i.e. the end of week 2). For whatever reason, I could not decide on a topic that I wanted to write about until late this evening. As I was working on the portion of my VCDX design that covers Monitoring and the supporting infrastructure, I found myself thinking about how to incorporate a proper vRealize Log Insight system into the design. That led to tonight’s topic, Log Insight clusters.

I have learned a VCDX design should never include a VMware product just for the sake of including it. The need for vRealize Log Insight in the current design I am working on is justified by the requirements. As I have learned to use Log Insight more extensively over the past year and a half, the strengths of the product continue to amaze me. One such strength is the ease with which it is possible to incorporate a high availability feature into the platform. If you are unfamiliar with vRealize Log Insight, it is an analytics and remote logging platform that acts as a remote syslog server capable of parsing hundreds of thousands of log messages per day. The regular expression capabilities of the product are second-to-none — much better and more reliable than similar products like Splunk (IMHO).

The design I am working on is leveraging VMware Cloud Foundation (VCF) as the hardware and SDDC platform. With this requirement comes certain constraints, including the deployment method VCF uses for vRealize Log Insight. When VCF creates the management domain, it deploys a single vRealize Log Insight virtual appliance. Because I have a requirement to store all relevant log files in a central location, leveraging the existing vRealize Log Insight virtual appliance makes sense. However a single node is a single point of failure, which is not adequate for a production architecture, let alone a VCDX design.

So how can vRealize Log Insight be enhanced to handle a failure? Why a cluster of course! The Engineering team responsible for vRealize Log Insight were kind enough to build a clustering feature into the product and even included an internal load balancer as well! Having a cluster of nodes allows the environment to handle an eventual failure event — whether it is because the VM operating system becomes unresponsive or the underlying ESXi node fails altogether. Once configured, the VIP specified for use by the internal load balancer should be the IP and/or FQDN all of the downstream services use for sending syslog messages.

Configure a Log Insight Cluster

The creation of a Log Insight cluster is relatively straightforward and I will quickly go through the steps. Remember the Log Insight nodes have a requirement to exist on the same L2 network — no L3 support for multiple geographic clusters currently. Simply deploy three Log Insight virtual appliances and power them on. Once the OS has been started, log into the web UI for the additional instances and perform the following steps.

log_insight_01
Select Next to proceed with the configuration on the new node.
log_insight_02
Select the Join Existing Deployment option.
log_insight_03
Enter the FQDN of the existing master Log Insight node and click Go.
log_insight_04
Once joined, select the hyperlink to take you to the master node UI.
log_insight_05
Log in using the Administrator credentials for Log Insight.
log_insight_06
Select Allow to join the new node to the cluster.
log_insight_07
Configure a Virtual IP address for the Integrated Load Balancer.

Add a third node in and you have a working vRealize Log Insight cluster, capable of distributing incoming log messages between multiple nodes. Depending on the SLA for the environment, you can increase the number of nodes within the cluster to meet the requirements.

Fortunately for me, the weekend posts were written on election night and are scheduled to auto-publish. Hopefully that will allow me to spend some much needed time working on VCDX design documentation. The December 1 deadline is fast approaching!

Recommended Read – Simon Long’s SLOG

slog
Simon Long – http://www.simonlong.co.uk/blog/

As I put thought into how and what I wanted to discuss during the vDM 30-in-30 challenge, I’ve decided the weekend posts will be a break from the technical posts I have always favored. For the Saturday installments I am going to recommend other blogger sites or physical books that have enriched my career or work experience. I’ve decided Simon Long will be the first Saturday topic.

I met Simon for the first time last summer after having joined VMware in June. We shared an office for the first year and I’ve come to appreciate his knowledge and attitude for sharing information and advice. Simon was one of the early double VCDX (he may have been the first) and is currently a panelist for many VCDX panels. He has been blogging far longer than I have and many of his posts focus on VCDX related topics. If you are a thinking about pursuing the VCDX certification, his blog is one you should be reading — especially his recent posts on common VCDX mistakes.

In addition to his VCDX knowledge, Simon is heavily focused on EUC and Desktop-as-a-Service architectures. I encourage you to follow him on Twitter and reach out when you have questions.

vExpert 2016 and VCDX Preparation

VMW-LOGO-vEXPERT-2016-k

January is already over and I did not have a single post for the entire month. Yesterday, the vExpert 2016 awards were announced and I was happy to see my name on the list for a second year in a row. There are an amazing group of people in the community contributing to such a wide variety of topics and I am grateful to be considered a part of that. I really want to step up my game this year and cover in even more detail the Hadoop/Big Data and Cloud Native Apps topics happening within the VMware ecosystem and beyond!

The preparation for my VCDX defense is winding down — with a little over 10 days before I defend, there really isn’t much more I could try to learn beforehand. I feel pretty confident in how well I know the design itself and I’ve gone to considerable lengths the past few weeks to highlight areas where it is lacking and/or what I would do differently had some of the constraints not been in place. I am blessed to work with some amazing people and they have given me some great advice over the past few months on what to do and what not to do as I have journeyed down this path. The VCDX community is really strong and there are a lot of differing opinions on what a candidate should do to prepare — part of the experience for me has been which voices to ignore and which to place value in.

The part that has been the most stressful have been the slides themselves. I talked to several people, and I am grateful to each for taking the time, and the best advice I received was the following:

  1. Keep the deck short and to the point.
  2. Use it as a warm-up to get comfortable in the room.
  3. The defense is how you communicate and not on how many slides you have or how pretty they look.

All that said, I believe I took a unique approach to how I prepared my slides which play to my strengths. I am already comfortable talking in front of crowds both large and small, and my current position at VMware affords me the opportunity to defend design decisions to a really strong group of architects, including three double-VCDXs. I anticipate the experience as one to afford me an opportunity significant growth personally and professionally.

February 16th @8:30AM really could not come soon enough for me!