SyncVM – File Level Restore


Recently I did a video illustrating virtual disk synchronization capabilities with Tintri SyncVM. Our latest 4.0 Tintri OS takes SyncVM a step further by allowing file level restores from snapshots. Currently this only works on VMware, but it is compatable with both Linux and Windows.

Let’s start by navigating to my linux demo machine from the Tintri UI via the search option

After searching for the ‘cl-linux-file’ demo machine, simply right click on the VM and select ‘Restore VM/Files’

Next, simply select the ‘Guest OS File’ radio button and then select the snapshot you wish to restore a file from on the drop down menu. I chose to uncheck the ‘Auto detach disks in 48 hours’ option because I will manually detach the snapshot when I’m finished with the restore. Then click ‘Restore’

You will see the progress in the back ground of the snapshot getting added as an additional disk. Once it reaches a 100%, you can login to the VM and mount the drive.

On my linux VM instance, I have to do a rescan to detect newly added SCSI devices. This is a very simple script (named as you can see in the illustration) that scans and then mounts the disk under a mount point I simply named ‘recover’

After running, you can see that I now have a new disk on /dev/sdb1 mounted under the ‘recover’ mount point.

Now I can simply navigate to ‘/recover/home/clucas’ and restore the file named ‘large.file’ to ‘/home/clucas’ by doing a simple copy. Then just navigate to ‘/home/clucas’ and verify the file is there.

Now that the file is recovered, I can umount the drive and then detach the snapshot from my VM back in the Tintri UI.

That’s it! Very simple to easily restore files directly within the guest OS using SyncVM file restore. The process is exactly the same on Windows, however you just use the disk manager to ‘online’ the disk that was added.

Tintri SyncVM

For most of you that know me, you are already aware I left VMware around 5 months ago to join Tintri. VMware is a great company and I’m very grateful for having the opportunity. While at VMware, I had several customers that deployed Tintri storage appliances and I never met a customer who simply didn’t rave about it. When the opportunity presented itself, I was extremely excited to take on a new journey.

Having been on board now for a little over 5 months, I simply can’t believe how simple, high performing, and feature rich our product line is. The following demo illustrates a recent feature release known as SyncVM. Not only can you synchronize an entire VM to multiple points in time, you can sync individual vDisks from other VMs.

This demonstration shows the simple process of synchronizing a production DB down to a test system. Then reverts back to the test systems previous state. Stay tuned as even more advanced SyncVM features will be announced soon!


vCAC Integration with vCHS

Recently I have been helping several customers configure vCloud Automation Center in their environment. As part of the configuration, there has been desire to deploy not only in their private environment, but also into a vCHS instance.

As most may or may not be aware, the backend for vCHS is actually based upon vCloud Director. The vCloud Director REST API is what is used by vCAC for provisioning, de-provisioning, power on, power off, etc. After adding vCHS as an endpoint and discovering compute resources, you can add those resources to a Fabric Group and begin to create blueprints.   This post assumes you have a working vCAC environment with at least 1 Fabric Group, 1 Business Group, and a Service created for provisioning. 

Throughout some of the trials, I have come across some “gotchas.” The purpose of this post is to outline the following:

Configuring the vApp template in vCHS

Back to Top

First, you will need to login to your vCHS instance and manage the vPDC in vCloud Director.  Select your vPDC in the dashboard and then click Manage Catalogs in vCloud Director

Screen Shot 2014-05-07 at 4.02.30 PM

Double click on  Public Catalogs, then “right click” one of the vApp Templates and select Add to My Cloud (I just selected one of the CentOS vApps)

Screen Shot 2014-05-07 at 4.13.21 PM

This will bring up an Add to My Cloud menu.  Give the vApp a new name and proceed through the selections accepting defaults until you get to the Configure Networking menu.  The default for Networks is set to None.  You MUST select one of the networks in the drop down.  I have chosen the default-routed network.  This step is important because you cannot use a template for a vCAC blueprint with no network defined.  If you do the vCAC deployment will fail mid-way through.

Screen Shot 2014-05-07 at 4.19.20 PM

Accept the defaults on the next two menu options and then select finish.  This will copy the vApp template to My Cloud.  This process is pretty quick for the CentOS template, it could be longer for a custom uploaded or Windows template.

Next click on the My Cloud link, select vApps and you should see the item you just added (look under the Name column, you can see my ‘Chad Lucas – CentOS’ in the illustration below).  Right click the vApp Template and then select Add to Catalog.

Screen Shot 2014-05-07 at 4.29.19 PM

The Add to Catalog menu will pop up, just select the catalog to copy to (I created a vCAC catalog under My Organizations Catalogs previously).  Be sure you select the Customize VM settings radio button to allow the newly deployed VM’s from vCAC to obtain unique IP addresses from the IP Pool.  Then click OK to finish.


The capture process will take a minute to complete.  You can verify the item was added to your catalog by selecting Catlogs, My Organization’s Catalogs and then select the catalog you added the vApp Template to (again mine is vCAC)

Screen Shot 2014-05-07 at 4.51.10 PM

Now that the item is added to your catalog, you can remove the vApp from My Cloud.  This only removes the vApp from your cloud workspace, it does not delete the template added to your catalog.  Simply navigate back to My Cloud, select vApps and right click your vApp and select Delete.

Screen Shot 2014-05-07 at 4.54.04 PM

Adding a vCHS Enpoint

Back to Top

Now that we have completed a proper template for vCAC consumption, we can add the vCHS endpoint.  Before we add the endpoint, there are 3 pieces of information needed from vCHS. 1. The vCloud Director API URL  2. The Org  and 3. The credentials used to access vCHS.  To obtain the API URL and Org, navigate back to the vPDC Dashboard and left click the vCloud Director API URL link.  You only need the url to through the :443, disregard the remaining part of the url.   The Org is the full number next to the Multi-Tenant Cloud text highlighted in the illustration below.  (Note I have demarked the highlighted areas for security purposes).

** In a vCHS dedicated model, the Org is the name of the vPDC you created.  Dedicated vCHS allows for multiple vPDC’s and thus the Org is the name of the vPDC you create.  In the non dedicated virtual private cloud offering, the Org is what I’m showing in this example.

Screen Shot 2014-05-07 at 5.02.21 PM

Log into your vCAC instance and Navigate to Infrastructure > Endpoints > Endpoints.  Click New Endpoint > Cloud > vApp (vCloud Director)


At the New Enpoint page, give the End Point a name of your choosing, then enter the vCD API URL discussed above into the address field.  Select the credentials for your vCHS instance (if you haven’t already created those credentials, simply click the button to the right of the field and you can create them there).  Then enter the organization for your vCHS instance.  Again this is the M number referenced above.  Then click OK


If all of the information was entered correctly the end point will show up and you can perform your first data collection.  Mouse over your vCHS endpoint and then select Data Collection.  On the next screen simply click Start.  The collection will take a couple of minutes.  You can monitor the collection process by repeating these steps but click Refresh until you see – Status: Endpoint Data collection succeeded on


Adding vCHS resources to a Fabric Group

Back to Top

Once you vCHS endpoint has been added, you now need to add those resources to a Fabric Group.  Navigate to Infrastructure > Groups > Fabric GroupsMouse over the Fabric group and click edit.  In the next screen, select the check box for your vCHS compute resources.  Then click OK.


Creating vApp Component and vApp Blueprints

Back to Top

Now that the vCHS endpoint has been added and the resources have been added to your Fabric Group, we can create a blueprint for the vCHS template we created in the first part of this post. Now let’s get to the blue print creation.  Navigate to Infrastructure > Blueprints > Blueprints > New Blueprint > Cloud > vApp Component (vCloud Director).


Give the Blueprint a name and select the Machine Prefix from the drop down.  Note I have given this blueprint a name of New vCHS Centos


Now select the Build Information tab.  Leave the first 3 text boxes as their default.  Then click the button to the right of “Clone From:” and select the template we created in the first vCHS step of this post.  My template name if you recall is “Chad Lucas – CentOS”.  This will auto populate the minimum Machine Resource fields.  You can optionally specify Maximums if you wish.  Leave everything else as defaults and click OK.



Now that the component Blueprint is complete.  We need to create the vApp blueprint for publishing.  Navigate back to Infrastructure > Blueprints > Blueprints > New Blueprint > Cloud > vApp (vCloud Director).  **Note, we are selecting vApp (vCloud Director) this time, NOT vApp Component (vCloud Director)


Give this Blueprint a Name, select the Machine Prefix and also specify the amount of Archive (days). Note I have given the name of “New vCHS Centos – Deploy” Then click the Build Information tab.


On the Build information tab, select the correct vApp Template in the Clone From text box.  Again in my case it is Chad Lucas – CentOS


Next, click the Pencil under the Components section and select the vApp Component Blue print you created in the previous step then click the Green check mark then click OK.


Now it’s time to publish the Blueprint.  You should be at the correct screen after click OK in the previous step, however you should be at Infrastructure > Blueprints > Blueprints.  Mouse over the blueprint just created and click Publish then click OK at the Confirm Publish screen.


Entitle the Catalog Item and Add to a provisioning service

Back to Top

Now that the Blueprint is published, we need to entitle it and add it to a service.  This assumes you already have a service created.  Navigate to Administration > Catalog Management > Catalog Items.  Click the “Down” arrow next to the newly added catalog item and click Configure.


At the configure screen, make sure the status is active and then select your service from the drop down.  Mine is titled vCHS Deploy.  Then click Update.


Next click on EntitlementsAdministration > Catalog Management > Entitlements.  Then select the drop down arrow next to the service you select above and click Edit.


On the Edit Entitlement screen, select the Items and Approvals tab.  Click the plus sign next to Entitled Catalog Items then check the box next to the newly added catalog item.  Then click OK then Update.


Now navigate to the Catalog screen.  Then select the service you added the catalog item to.  Remember in my case, the service was vCHS Deploy.  If you only have one service, then the catalog item should just appear under there.


You should now be able to request this catalog item.  Select Request and at the next screen just leave the defaults and click Submit.


After submitting, you can monitor the request from the Requests tab in vCAC.  However, you can see the actual provisioning from within vCHS.  Let’s take a look there.  Log back into your vCHS instance.  Click your Virtual Datacenter.  Then click the Manage Catalog in vCloud Director.  Select My Cloud then VM’s.  You should at some point see the Machine as Busy (while it’s customizing the name etc).


After customization is complete, it will power on the VM with the naming convention from the Machine Prefix we chose when creating the blueprint.  In this example that is corp-vchs-linux-036.


You can also verify the successful deployment under the Requests tab of vCAC.


This post is pretty basic and anyone familiar with vCAC knows there is a ton of customization you can do.  I did not go into any of the governance aspects that an Enterprise implementation would surely require.  In either case I hope this provides some additional clarity for provisioning from vCAC to vCHS.


Chad Lucas

vCloud Network and Security SSL-VPN configuration

I recently went through the configuration of the vCloud Network and Security vShield Edge VPN Appliance.

The SSL-VPN Plus is a client based VPN solution from VMware.  IPSEC site to site is also available, but this demo solely focuses on configuring the client / server based SSL-VPN solution.

This demo assumes you have vShield Manager installed in your environment and a Port Group configured to use for the vShield Edge Appliance

The video goes into decent detail, but please reference these steps when doing your configuration:

  • Login to your vShield Manager interface (mine is https://vshield)
  • The default credentials are Username: admin | password: default
  • Click the ‘+’ sign next to Datacenters and left click your datacenter (mine is cllab-dc)
  • Next, click on the Network Virtualization Tab on the right hand side of the frame
  • Click the green plus sign under ‘List of Edge gateways installed in this datacenter’
  • Enter the name of the new Edge Appliance, mine is called ‘demo2-vpn’, then enter your hostname, description, tenant, and select your HA option (all are optional except ‘Name’ and I chose not to use HA for this demo)
  • Click new then enter the CLI Credentials (I left this as the default) and choose whether or not you want to enable SSH, however this has no barring on the VPN configuration
  • Click next then select your appliance size (mine is compact), make sure to leave the Enable auto rule generation checked, then click the ‘plus’ sign under edge appliances
  • Select your cluster from the drop down, mine is ‘Server-Cluster’ then select your datastore and host accordingly, then click ‘Add’
  • Click Next, and configure your default Edge Gateway interface again by clicking the ‘plus’ sign
  • Give your Edge Interface a name, mine is demo2-vpn-interface.  Leave the type as Uplink, then select the Port Group to connect to, mine is VPN-Portgroup
  • Leave the connectivity status as Connected, then click the ‘plus’ sign under Configure Subnets
  • Again, click the next ‘plus’ sign on the Add Subnet menu that pops up, then type in the IP address for your interface, mine is, click ok then type in your subnet mask and in my case it is then click save
  • Now click ‘Add’ back at the Add Edge Interface menu
  • Click next and configure your default gateway by selecting the Configure Default Gateway check box.  Select the vNIC just created, enter your Gateway IP (mine is then click next
  • Click the check box for Configure Firewall default policy, then set the Default Traffic Policy to Accept, then click next (HA is grayed out if you chose not to enable HA earlier as I did in this demo)
  • Click next and then Finish at the Summary page, the new vShield Edge appliance will now get deployed
  • After deployment is complete, double click on the new vShield Edge appliance
  • Click on the VPN button, then click the SSL VPN-Plus link
  • Click on Server Settings, then click Change
  • Be sure the Primary address is selected, and in my case that is
  • Select your port, the default is 443 which is fine, but I changed my port to 8443 to avoid a port conflict on my router
  • You can leave the default cipher as RC4-MD5 and leave the Use Default Certificate checked
  • Click Ok, then click on the IP Pool link under Configure
  • Click the green ‘plus’ link to configure the IP pool range you want to lease to your VPN clients, in my case that is To
  • Enter your IP address range, enter the subnet mask (mine is then be sure to leave the Status as enabled and configure your DNS and DNS Suffix settings (mine are as the Primary DNS and cllab.local as the suffix) then click OK
  • Next click on Private Networks to configure the internal networks you wish to provide access for your VPN clients
  • Click the green ‘plus’ sign again and enter the network, netmask, and leave the rest unchanged.  My values are for the network with a netmask of gives access to then entire 192.168.1.x subnet.  Click OK
  • Next click Authentication, then click the green ‘plus’ sign to add authentication, in my case I chose LOCAL in the drop down menu
  • You can leave the rest unchanged, but in my case I chained the Password Expires to 365 days with an expiry reminder to 360 days, then click OK
  • Next click Installation Package and then the green ‘plus’ sign to bring up the Add Installation Package menu
  • Give it a profile Name, in my case it is just demo2-vpn
  • Then type in the public addressable IP address to your network or the DNS name, in my case it is 174.x.x.x and then make sure your port matches what we configured earlier.  The default is 443, but in my case I changed this to port 8443 then click the OK button directly to the right of the port entry
  • Next select the installation packages you wish to generate, I chose Mac and Windows is enable by default.
  • Leave the rest unchanged then click OK
  • Now add a LOCAL user by click Users, then click the green ‘plus’ sign and type in the user credentials and select whether or not you want to have the password expire, change at next login, etc. In my case my user name is clucas, password was entered, and I selected to have the Password never expire.  Then click OK
  • Lastly on this section, I selected General Settings -> Change and set the session idle timeout to 120 minutes from the default of 10.  Then click OK
  • Now we need to configure a NAT for the VPN Edge Appliance, so select the NAT button directly to the left of the VPN button under the Network Virtualization Tab
  • Click the green ‘plus’ sign and select Add SNAT Rule
  • Be sure the demo2-vpn interface is select (or what your called yours) and enter the Source IP range of (or whatever network IP pool you chose to create) and translate this to the VPN Edge IP address of (yours maybe different)
  • Then click enabled then click Add then be sure to click Publish
  • Now click back on the VPN button -> Dashboard -> then click the green/white enable button, then click Yes
  • Now that the VPN Edge has been enabled, download the client by navigating to the IP/Port of the VPN Edge interface via https (in my example it is https://demo2-vpn:8443 or
  • Enter the username previously created, in my case that is clucas, then enter your password and click Login
  • Now click the demo2-vpn link (or whatever you named yours) to begin the download and installation of the client
  • Once installed, be sure you enable port forwarding on your router for port 443 or in my case 8443 to the vShield Edge Interface of
  • Launch the VMware VPN naclient and select your VPN server from the drop down list, mine is demo2-vpn
  • Click connect and enter your credentials.
You can now verify you have an IP address starting with the lowest pool number, in my case that is  You should be able to now ping your internal network, in my case that is and navigate to the various services on your network.






Chad Lucas