Thursday, 9 June 2016

VMware ESXi 6.X password policy

ESXi Password:

With VMware ESXi 6, password policy require to use more complex passwords.  ESXi enforces password requirements for direct access from the DCUI, ESXi Shell, SSH, or the vSphere web Client. 

In previous versions of ESXi, password complexity changes had to be made by editing the /etc/pam.d/passwd file on each ESXi host. 

In vSphere 6.0 now this can be done by adding an entry in Host Advanced System Settings, enabling centrally managed setting changes for all hosts in a cluster.

When we create a password, we need to include a mix of characters from four character classes: lowercase letters, uppercase letters, numbers, and special characters such as underscore.

The password policy in ESXi 6 has following requirements:
  • Passwords must contain characters from at least three character classes.
  • Passwords containing characters from three character classes must be at least seven characters long.
  • Passwords containing characters from all four character classes must be at least seven characters long.
  • An uppercase character that begins a password does not count toward the number of character classes used. 
  • A number that ends a password does not count toward the number of character classes used.
  • The password cannot contain a dictionary word or part of a dictionary word.  
We can change the default required length and character class requirement or allow pass phrases using the Security.PasswordQualityControl advanced option.

The default configuration ESXi 6 is 

"ESXi 6: retry=3 min=disabled,disabled,disabled,7,7" 

whereas in ESXi 5.5 it was  

"ESXi 5: retry=3 min=8,8,8,7,6"

It means that passwords with one or two character classes and pass phases are not allowed, as indicated by the first three disabled items. 

Passwords from three and four character classes require seven characters.

ESXi Pass Phrase:

We can also use a pass phrase for ESXi host instead of passwords, however, pass phrases are disabled by default. 

We can change this default settings, by using the Security.PasswordQualityControl advanced option for your ESXi host from the vSphere Web Client

A passphrase requires at least 3 words, can be 8 to 40 characters long, and must contain enough different characters.

Depreciated Features in SharePoint 2016

  • SharePoint Foundation - Is no longer available as all the SharePoint core functionality is built directly into the core SharePoint product.
  • Forefront Identity Manager (FIM) - FIM is depreciated. FIM was used to connect Active Directory with SharePoint for synchronization. Only Active Directory import is available. You can also connect to external Sync services like Microsoft Identity Manager (MIM).
  • Standalone Mode - Now MinRole feature come in place. Because of this Standalone Mode Installation feature is removed. If you want to build a test or development environment then you to choose single server installation but make sure SQL server is already installed before you proceed.
  • SharePoint Designer - A new version of SharePoint Designer will not going to be released. But previous versions is supported.
  • Stsadm.exe - stsadm.exe is depreciated as new and more commands added in SharePoint PowerShell.
  • Excel Services in SharePoint - Excel Services are now not available with SharePoint 2016. Excel Services functionality is now moved to Excel Online in Office Online Server Preview. The following Excel Services functionality has been deprecated:
    • Excel Services Windows PowerShell cmdlets.
    • Trusted data providers.
    • Trusted file locations and data connection libraries.
    • Opening of Excel workbooks from SharePoint Central Administration site.
  • Tags and Notes - This feature is completely depreciated now.
  • InfoPath Services - New version of InfoPath services will not going to be released but previous version of InfoPath forms are still available and supported.

Wednesday, 8 June 2016

VMware vSphere 6 virtual machine migration Part III:Storage VMotion?


With VMware Storage vMotion, we can migrate a virtual machine metadata files and its disk files from one datastore to another even if the virtual machine is powered ON and running.

The virtual machine does not change ESXi host during Storage vMotion migration, only the virtual machines files are moved from one datastore to another.
Image: VMware
Virtual machine file names on the destination datastore are changed to match the inventory name of the virtual machine. The migration process renames all virtual disk, configuration, snapshot, and .nvram files. So if you want to rename any virtual machine, instead renaming directly in vCenter inventory action menu of virtual machine, do it when you are performing Storage vMotion.


If you rename virtual machine directly from vCenter inventory, virtual machine files on datastore are not updated as per new name.

Use Cases:
  • We may have to move virtual machines between arrays for maintenance or to upgrade activities.
  • In case we want to rename a virtual machine ensuring all files are updated with new name.
  • Flexibility to change disk types (Thin/Thick), which you can use to reclaim space while performing Storage vMotion
  • Redistribute virtual machines or virtual disks to different storage volumes to balance capacity or improve performance manually or using SDRS.

Storage vMotion has following requirements and limitations:
  • Virtual machine disks must be in persistent mode or be raw device mappings (RDMs).
  • Migration of virtual machines during VMware Tools installation is not supported.
  • We cannot move virtual disks greater than 2TB from a VMFS5 datastore to a VMFS3 datastore.
  • The host on which the virtual machine is running must have a valid license covering Storage vMotion feature.
  • The host on which the virtual machine is running must have access to both the source and target datastores.
  • In case of RDMs, virtual compatibility mode RDMs, you can migrate the mapping file or convert to thick-provisioned or thin-provisioned disks to VMDK file during migration as long as the destination is not an NFS datastore. If you convert the mapping file, a new virtual disk is created and the contents of the mapped LUN are copied to this disk.
  • For physical compatibility mode RDMs, you can migrate the mapping file only.

How Does VMware Storage VMotion Work?
  • Before moving a virtual machines disk file, Storage VMotion moves the home directory which contains meta data about the virtual machine (i.e. configuration, swap and log files) to the new location. 
  • A shadow VM gets started on the destination datastore using the copied files. The shadow VM idles, waiting for the copying of the VM disk files to complete.
  • After relocating the home directory, Storage VMotion copies the contents of the virtual machine disk file (.VMDK) to the destination datastore, using “changed block tracking” to maintain data integrity during the migration process. 
  • In next step, the software queries the changed block tracking module to determine what regions of the disk were written to during the first iteration, and then performs a second iteration of copy, where those regions that were changed during the first iteration copy. 
  • Once the process is complete, the virtual machine is quickly suspended and resumed from shadow VM so that it can begin using the virtual machine home directory and disk file on the destination datastore location.
  • Before VMware ESXI host allows the virtual machine to start running again, the final changed regions of the source disk are copied over to the destination and the source home and disks are removed.
  • If you have VAAI plugin support, files can be moved between two datastores at storage level. This saves ESXi host resources by offloading task to storage devices.
  • If no VAAI plugin is available, files will be moved using data mover by ESXi host 

Monday, 6 June 2016

vRealize Operations Manager 6.X Maintenance Schedules

During planned maintenance activities, many resources in the organizations are taken offline intentionally. For example, a server might be taken offline for patch management. 

If vROps Manager collects data when a resource is offline, it might generate incorrect anomalies and alerts that affect the data for setting dynamic thresholds for the resource attributes. 

Maintenance schedules helps to identify objects that are in maintenance mode at specific times, vROps Manager does not collect data from the resource or generate anomalies or alerts for it.
If a resource undergoes maintenance at fixed intervals like weekly or monthly, you can create a maintenance schedule and assign it to the resource. 

For example, you can put a resource in maintenance mode from midnight 12 AM to 3 AM each Sunday night as in example below. 
How to add Maintenance schedule

  • In the left pane, click Administration.

  • Select Maintenance Schedules.

  • From the toolbar, click the button to add a maintenance schedule.

  • Enter a name that describes the maintenance schedule. Select a time of day when maintenance can begin.Select a time of day when maintenance must stop.Select the repeatable pattern of days when maintenance occurs, within the times already specified.

  • Click Save. You should have newly added maintenance schedule in the list.

 How to assign maintenance schedule to resources

You can turn on and configure the settings for the Time element for the object types in your existing or new policy so that you can override the settings. This allows vROps Manager to calculate analytics for the group at specific times.


  • Navigate to Policies on administration page.

  • Select policy that you want to modify and click edit icon as shown in below image. We can also create a new policy in order to meet any custom requirements. I have modified the default policy just for demo.
  • Navigate to Override Analysis Settings
  • Navigate to Time settings in middle pane. By default, this is not enabled, as shown below. Enable the settings by moving slider to right as shown in image below.
  • Once enabled, change the time settings as per your requirement and select the maintenance schedule that you created earlier as highlighted in below image.
  • Then navigate to Apply policy to groups and select the group on which you want to apply the new time settings with maintenance schedule and click Save.
  • I have modified the default policy just to demonstrate the steps, however, you can create new policy for custom requirements and apply to Custom groups if there is requirement.

New and Improved Features of SharePoint 2016

Access Services

Following access features are available when we deploy SharePoint Server 2016.

  • Support for Apps is added in Office. Apps in Office are custom add-ons which can be plugged into Word, Excel, PowerPoint, and Outlook and in SharePoint.
  • We can now use app for Office to integrate data from outside services into your Access app. It can also display data in your Access App visually, such as on a map, in a chart, or in a graph.
  • We can now also upgrade an Access App.
 How to upgrade: 

Create an Access web page, and save the web page as a package which users are using it and make design changes to a separate copy of the web app that users are not using it. When you are satisfied with your changes, you can save a new version of the web app and then upgrade the “production version” of the web app that users are using.

Important: Access web app upgrades are available only for web apps that are on Office 365 or SharePoint Online Sites. You also need to have an Access 2013 with Service Pack1 installed or higher version, so that you will be able to save Web app packages for upgrade. Access web app upgrade does not work with Desktop version of Access.

  • A new feature “Download in Excel” is now available with Access 2013 with Office 365. This feature is only available to the users who are using or working with Office 365.

  • Related Item Control has been improved. Now we can perform the following functions given below:

    • On the related Item control, we can choose from an existing view for the dialog box.
    • We can now turn off the Add Link given at the bottom of the Related Item control 
    • We can also now add a new item on the Related Item control when the parent record is not saved
  • Cascading Controls are now available with Access 2013 for Office 365 users.

Compliance Features

New compliance features are in place like Document deletion policy and In-Place hold policy.

Document Deletion Policy allows site owners to delete documents on all sites in a Site Collection such as on OneDrive for Business sites after a specific period of time. You can create and manage document deletion policies by using Document Deletion Policy Center.

The In-Place Hold policy or Retention policy allows administrators to preserve documents, email, and other files.

Customized web parts

The compile time for customized XSLT files used for Content Query, Summary Links, and Table of Contents Web Parts is improved.

Document Library Accessibility

New features for document libraries has been introduced in SharePoint Server 2016. They are:

·     Keyboard shortcuts are put in place for the following document tasks:

  • Alt + N  =  New
  • Alt + E  =  Edit 
  • Alt + U  =  Update 
  •  Alt + M  =  Manage 
  •  Alt + S  =  Share 
  •  Alt + Y  =  Synchronization

·     Announcements are added for upload progress and for files names and types when browsing files lists and folders.

Durable links

When documents are renamed or moved, links are retained for resource URLs.

Encrypted Connections

SharePoint Server 2016 supports TLS 1.2 connection encryption by default.

Fast Site Collection Creation

SPSiteMaster PowerShell cmdlet is used to create sites and site collections quickly. This feature introduces templates which lies at the same level as SQL so that round trips can be reduced.

Filenames - expanded support for special characters

SharePoint Server 2016 now supports some special characters like &, ~, {, and} characters to be used in file names that were blocked in previous versions of SharePoint.

Hybrid in SharePoint 2016

New hybrid features are introduced to enable hybrid solutions. They are:

  • Hybrid Sites – Users can now have all their data or information stored at one place where they have their profile in Office 365.
  •  Hybrid OneDrive for Business - Users can sync, share and access their files from anywhere through Office 365.
  •  Cloud Hybrid Search

    • We can now index and search all our crawled content from both on-premises content and Office 365. 
    • In this, when users query search index in Office 365, search results comes from both on-premises and Office 365 content.

Identify and search for sensitive content

Data loss prevention capability have been enhanced. We can now search for sensitive information across SharePoint Server 2016, OneDrive for Business and SharePoint Online using DLP queries and by turning on DLP policies.

Image and video previews

We can now preview images and videos in SharePoint Server 2016 document libraries either by clicking or hovering our mouse on them.

Information Rights Management

SharePoint Server 2016 uses Information Rights Management (IRM) capabilities in order to secure information by encrypting information on SharePoint libraries.

Large file support

It now supports uploading and downloading files larger than 2,047 MB. We can also configure the desired maximum file-size limit on a per-web application basis in our SharePoint farm.

MinRole Farm Topology

In MinRole feature, farm administrators can now define each server role in farm topology. Now we have six predefined server roles. They are: 
  •  Front End 
  •  Application 
  •  Distributed Cache 
  •  Search 
  •  Custom 
  • Single Server Farm

Mobile experience

It now offers an improved mobile navigation experience. The view is touch enabled, we tab tap tiles or links on the screen in order to navigate on the site and also can switch from mobile view to PC view.

New controls for working with OneDrive for Business

New controls for creating, uploading, sync  sharing of the document are added at the top of the document folders which makes common tasks in OneDrive for Business more accessible.

New Recycle Bin in OneDrive and Team sites

A link for the Recycle Bin is added in the left navigation pane of the OneDrive and Team sites.

Open Document Format (ODF)

Support is added for Open Document Format (ODF) files to use in document library templates so that users have the capability to create, edit and save files in a format they want to use.

ReFS file system support

Support has been added to support drives which are formatted with the ReFS file system.

SharePoint business intelligence

Support is added for SQL Server 2016 CTP 3.1 and the Power Pivot add-in and Power View.

SharePoint Search

SharePoint Search now supports indexing of up to 500 million items per Search Server application.

Sharing improvements

New Sharing options are added like create and share folder; sharing hints; members can share; recently shared item cache; improved invitation email; and one click email to approve or deny a request.

Site Folders view

A new Site Folders view is added that lets us access the document libraries in sites that you're following.

Sites page pinning

We can now pin sites that we see on the sites page. A pinned site shows at the top of the list of sites which we are following.

SMTP Connection encryption

Added the support for sending email to SMTP servers using STARTTLS connection encryption.

SMTP ports (non-default)

Support is added for SMTP servers to use TCP ports other than the default port (25).

Web Application Open Platform Interface Protocol (WOPI)

We can now rename files, create new files, and share files from within the WOPI iFrame on the browser page.

Popular Posts This Week