NCM Intelligent Operations (formerly Prism Pro/Ultimate)
Streamline Your Infrastructure Management and IT Operations
- 414 Topics
- 850 Replies
Booting VM to CD, no drives present
Hello, we have only recently implemented Nutanix in our environment so apologies if this is a noob question. My issue is this: I have a 2012 Server VM that I need to repair using the CMD prompt. I am adding a CDROM with the Server 2012 ISO mounted and set to boot. After Windows setup loads I open CMD prompt but the disk where the OS is installed can't be found. Its as if only the ISO is being seen and no other drives. What am I doing wrong?
AHV - vDisk - Part - 3 : Creating an Image of or From an Existing vDISK
In our previous post, we explored “where are vdisks stored for AHV VMs and how to access or download them”. In this post, we will briefly go through the AOS Image service, which contains all ISO images, disk images etc.What is AOS Image Service:The image service feature enables you to import the images (ISOs, disk images, or any images which are supported in ESXi or Hyper-V format) directly into virtualisation management.The raw, vhd, vmdk, vdi, iso, qcow2 disk formats are supported.You can import images from http or NFS source URL. You can use this feature to create disks for a VM from images (images that are stored in the image library or repository) and also an option to clone from an image. You must install virtIO drivers on the image prior to importing these images into the image library.By creating an image of an existing bootable disk or a non-bootable disk, we are publishing it in the AOS image service across the cluster. Any Cluster Admin can use this image to spin up further
Prism user permissions – what are the options?
When considering providing certain permissions to a user or a group the following may come handy. Nutanix user accounts can be created or updated as needed using the Prism web console. The accounts can be local or pulled from Active Directory or LDAP servers. On top of that Prism Central provides a third authentication method – SAML authentication. Users can authenticate through a qualified identity provider when SAML support is enabled for Prism Central. The Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between two parties, ADFS as the identity provider (IDP) and Prism Central as the service provider. Once the account has been created it must be assigned a role. There are three options in Prism Element: User Administrator – allows the user to view information, perform any administrative task, and create or modify user accounts. Cluster Administrator – allows the user to view information and perform any administr
Number of vCPUs vs Number of Cores (UVMs, NUMA and CVMs)
Do you still wonder which one to use Number of vCPU or Number of Cores per Socket when configuring a VM? You read something about it and it makes sense and you think you will now remember only to stumble upon the same dilemma sometime later. Shall we clear this once and for all? vCPU and cores are inherently bound to a NUMA node which, in essence, is as a processor with direct attached memory. Under some (but not all) conditions, accessing memory or devices across NUMA boundaries will result in decreased performance. Hence the goal is to configure a VM with CPU and memory values that remain within the boundaries of a single NUMA node. The exception would be a NUMA-aware application. Another thing to remember is that hot add of the number of cores is not supported on AHV meaning adjustment of number of cores value for a VM requires the VM to be a powered off. To ensure optimal performance of the VMs in the cluster follow simple rules: Use vCPUs instead of cores to increase the
How To Recover Nutanix Prism Web Console access
Returning from vacations and see that you cannot access your Prism Console? Perhaps you will see this kind of message: The Prism Central is reported as Disconnect - “Prism services have not started yet. Please try again later.” Most of the time you only have to restart the Prism Console Services, all you need to do is: Identify who is the Prism Leader in your environment and SSH to it. Run the commands to restart Prism Service Please follow the details on KB 1014. Note: In the case where the Nutanix Console requires a frequent or continuous restart, consider engaging Nutanix Support at http://portal.nutanix.com.
All things considered — upgrade sequence and preaparation guidelines
Let’s face it, upgrades are daunting, and confusing, and frequent, and unavoidable, and, well, painful. Aiming to help with the preparation process and alleviate at least some of the worries Nutanix put together Acropolis upgrade (Upgrading AOS, Prism Central, Hypervisors, and Related Software Through The Web Console).Recommended Upgrade Order:Prism Central (PC): Upgrade and run NCC on Prism Central. PC: Upgrade Prism Central. PC: Run NCC. Prism Element clusters (PE): Upgrade and run NCC. PE: Upgrade Foundation. PE: Run and upgrade Life Cycle Manager (LCM): Perform an LCM inventory (also updates LCM framework). Do not upgrade any other software component except LCM in this step. PE: Upgrade AOS. PE: Run and upgrade Life Cycle Manager (LCM): Perform an LCM inventory (also updates LCM framework). Upgrade SATA DOM firmware (for hardware using SATA DOMs) as recommended by LCM. Upgrade all other firmware as recommended by LCM (BIOS / BMC / other). PE: Upgrade AHV for AHV clusters. PE: U
Prism Central License
How can I license our Prism Central? It's running a Pro Trial license now. I've generated a Generate a cluster summary file, but when I try to upload it in the portal I get the following message: Insufficient licenses available to upgrade from your current license type of [b]Starter[/b]. Manual registration results in the same error. We have an appliance Ultimate license for 7 nodes.
How to troubleshoot Prism Central VM issues
I recently upgraded my three clusters to AOS 5.5.06, AHV 20170830.94, and Prism Central 5.5 I noticed that after this upgrade, the ability to update the VM running Prism Central is now greyed out, as is the Power Off Actions. My instance of Prism Central has 16GiB of memory and is running at 96%+ memory usage. I'd sure like to increase its memory and reboot it via the proper procedure. I SSH'd into the VM and ran top to see the big memory users and the 'insights_server' and a few 'java' tasks are consuming over 10% each. Has doc been created on troubleshooting PC 5.5 VM issues?
Upgrade paths - how to verify
Did you know there is a native Nutanix tool available to verify the upgrade path for AOS, Nutanix Files and Prism Central? Support Portal > Documentation > Upgrade Paths See the Compatibility Matrix for AOS version - Hypervisor support. AOS follows the Long Term Support Release (LTS) and Short Term Support Release (STS) tracks. Please refer to KB#5505 for more details on LTS/STS model. To view AOS EOL versions, please visit here. To view upgrade paths for old AOS releases, please visit here. To view software compatibility, please visit here. If Prism Central is registered to the cluster then Prism Central needs to be upgraded before you upgrade AOS Link to the Upgrade Paths We have also described what to expect during the upgrade and how to map out the sequence of upgrade components in the .NEXT community posts: .NEXT: All things considered — upgrade sequence and preparation guidelines .NEXT: Upgrades. Yay, not again! How to upgrade Nutanix Files.
Let's not break the trust - SSL certificates - most things you wanted to know
Finally, decided to replace self-signed certificates with CA-signed ones? Or ready to renew nearly expired ones but are unable to remember the process? Don’t you worry, we’ve got your back. To replace the SSL certificate 3 files are required: Private Key - key generated using RSA 2048 key type and signed using SHA256 hash. We also support EC DSA 256bit and EC DSA 384 bit. However, RSA 2048 is the most commonly used key type Public Certificate - Issued by a certificate authority (CA). We support x509 certificates in 64base encoded PEM format CA Certificate/Chain - The certificate of the CA that issued a public certificate above. In case the issuing CA is intermediate CA we will also need the root CA certificate. If there are multiple intermediate CAs we need the certs for all the intermediate CAs along with the root CA Table 1. Recommended Key Configurations Key Type Size/Curve Signature Algorithm RSA 2048 SHA256-with-RSAEncryption EC DSA 256 prime256v1 ecdsa-wi
User management and LDAP(S) setup in Prism Element and Prism Central.
Out of the box, Prism Element (PE) and Prism Central (PC) deploy with one local user configured, called ‘admin’. For initial setup this is useful but for the sake of security and auditing, it is strongly recommended to configure and use other accounts. For reference, User Management is covered in the Nutanix Security Guide. One option is to create individual local accounts in Prism. This is done from Settings – Local User Management. Whether on PE or PC (up to the current latest major release AOS 5.16), the role options for local users are: User Admin - allows the user to view information, perform any administrative task, and create or modify user accounts. Cluster Admin - allows the user to view information and perform any administrative task, but does not allow control of user accounts. Viewer – allows the user to view information only. The UI shows checkbox options for cluster admin and user admin. If user admin is checked, cluster admin is automatically checked also. If neither is
"VSS snapshot not supported"
I just created 4 new Server 2012R2 VMs and this morning I see yellow exclamation points on them with the message "VSS snapshot is not supported for the VM 'WinSrv12R2', because VM has IDE disks attached" These were created with 100G SATA drives and a SATA CD-ROM so I cant figure out why I'm seeing this message. Thank you
What's the difference between Snapshot & Recovery Points?
Whenever I take snapshots from Prism Central it shows under Recovery point but not under Snapshot. Not sure, if both are same Thing. Also, recovery point give an option to “Replicate” , whereas Snapshot give an option to “Restore”….are both same?
Useful Commands to use for troubleshooting PE-PC connectivity issues
USEFUL COMMANDS TO TROUBLESHOOT PE-PC CONNECTIVITY ISSUES We have lots of scenarios where you might see alerts related related to PE-PC connection failure. This generally happens when network connectivity between PE and PC clusters are disrupted due to any reasons such as PC VM being rebooted, upgrading PC cluster , network issues, HTTP proxy issues(incorrect proxy whitelists) and port issues etc. Firstly, when does PE-PC connectivity alert is raised on PE: 1)The alert is raised when PE-PC connectivity was disrupted for at least 6 minutes as of AOS 5.10.(Prios to AOS 5.10 alert is generated at a single instance of 2 minutes) Sometimes, PE-PC connectivity checks shows red heart on Prism even, if the connectivity is fine and none of the above reasons are present. In this case i.e if you verify there are no underlying PE-PC connectivity issue present, manually reset the check. Turn the check OFF and Turn it back ON from the Health page by clicking on this check like this below.
Prism Central supports user authentication. There are three authentication options: Local user authentication. Users can authenticate if they have a local Prism Central account (see Managing Local User Accounts). Active Directory authentication. Users can authenticate using their Active Directory (or OpenLDAP) credentials when Active Directory support is enabled for Prism Central. SAML authentication. Users can authenticate through a qualified identify provider when SAML support is enabled for Prism Central. The Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between two parties, ADFS as the identity provider (IDP) and Prism Central as the service provider. Note: ADFS is the only supported IDP for Single Sign-on. To configure an Active Directory authentication directory or a SAML-based identify provider and to enable client authentication, do the following:Caution: Prism Central does not allow the use of the (not se
SSL Certificates | Generating and Installing SSL certificates
Security is the backbone of every infrastructure and Nutanix Prism gives you an option to upload an SSL certificate to establish secure communication with the cluster. Every AOS includes a self-signed SSL certificate by default to enable secure communication with a cluster.How I create my own-self signed certificates? The following Knowledge Base article will guide you with the process of generating your own self-signed certificates.KB- 1537 How can I upload or replace custom or self-signed certificates to establish secure communication? The following documentation will guide you with the process to upload the certificates using Prism GUI Prism Certificate Management
What Does the Destroy Cluster Command do?
There has been always slight confusion as to what of the 2 commands to use while destroying a cluster - cluster destroy and cluster -f destroyThe difference between the two are cluster destroy : This will clean out all the data on the cluster and wipe out all the configurations. cluster -f destroy : This command does the exact same thing. Also it will bypass any check for any service on the node. It grants permission to destroy cluster even if zookeeper node is not accessible. Think of it as forcefully destroying the cluster. Always make sure to reclaim licenses before destroying the cluster to follow best practice.Licenses can be reclaimed via the portal or can also be reclaimed manually via SFDC.If licenses are reclaimed manually following commands need to be run once they are reclaimed:ncli -h truencli license reset-license
NTP issues: symptoms, diagnosis, treatment and prevention
Just like with many other services NTP is something you do not think about until it breaks. Then all these strange things start creeping into your environment. Symptoms: Users are not able to log in to the Prism web console using LDAP or other directory integrated services. Cluster services do not start. Cluster does not function correctly due to major time-skew post outage or maintenance. Log collection is inaccurate. Health checks that rely on accurate time frames and event correlation return inaccurate results. Incorrect and skewed graphs in Prism. User VMs start on hypervisor hosts with inaccurate RTC (real-time clocks) causing guest OS time skew. Third-party software products like Veeam or CommVault have trouble interacting with the cluster. Snapshots expire too early or too late when the time between a cluster and a remote site is out of sync. To resolve any doubts please run NCC check_ntp - status other than PASS indicates that troubleshooting is needed. Troubleshooting NTP
Something went wrong? How to delete Prism Central VM
Sometimes it is necessary to delete and re-deploy Prism Central (PC) VM. Instances may include errors that occurred during PC deployment or when PC version deployed is outside of Software Product Interoperability matrix. Starting with version 5.5, Prism Central becomes the primary management plane and houses features like SSP, Calm, RBAC, Microsegmentation, etc. Therefore it is important to follow the recommended process when deleting PC VM: Identify the cluster on which the Prism Central VM that you wish to delete has been deployed. Copy the Prism Central VM name from this cluster. Unregister and clean up all clusters registered to Prism Central. Check if all clusters have been unregistered from Prism Central by executing the following command from any CVM in each cluster. Delete the Prism Central VM. Check if the Prism Central VM has been deleted by logging into the cluster's Prism Element UI and browsing the VM section. For detailed instruction please refer to KB-6274 How to delete
Best Practice for Template Management
We have several AHV clusters across the WANscape all managed from Prism Central. On one AHV cluster, I created a Windows Server 2016 and a Windows Server 2019 VM from CD ISOs, patched and tweaked and these are our “Golden Images”. I clone those and run sysprep and those are what I make new VMs from. Now I have two problems: 1.) in each cluster we have an RF2 container and an RF3 container so these VMs are bound to one or the other, and 2.) how do I get these to other clusters? To address the differing containers, I end up using the image service (create image of the disks and create new VM from those disks). But now I’m wasting storage because I’m keeping copies of the same VM on two different containers. To address the differing clusters, I was thinking about setting up Protection Domains and letting Nutanix replicate them to each cluster. They would only get updated once or twice per month for Windows patches. Doing it this way would allow me to control replication schedule a
Prism Central (PC) VM is running out of space
Similarly to a CVM, Prism Central VM can run out of space.There are three main contributors:localhost_access_log.txt not being rotated properly Nutanix Insights collector log file have consumed more disk space than expected on Prism Central and Controller VMs multiple Nutanix Guest Tool installers are stored in the home directory of Prism CentralWhile the engineering team is working on improving the product behaviour, there are some things you can do about preventing a PC failure:Log in to the PC VM. Navigate to the /home partition List the contents of the directory by size and look for any large unused files that can be deleted.Some common sub-directories under /home where large files are likely to be found. Files in these locations can be deleted to free up space. Delete the files in the folder but NOT the folder itself./home/nutanix/software_downloads/ - Delete any old versions other than the versions you are currently upgrading /home/nutanix/software_uncompressed/ - Delete any ol
VM Console Connection Closed (Error 1006)
AOS Version 126.96.36.199ESXi 6.7CROME 86.0.4240.75 Opening a VM console I always get connection closed (error 1006):There was an error connecting to the VM. This could be due to an invalid or untrusted certificate chain or the VM being powered off. Please use the latest version of Chrome, Firefox or Internet Explorer if the problem persists.
Already have an account? Login
Login to the community
Login with your account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.