Public CA do not allow internal names and reserved IP address any more

With November 2015 public CAs do not issue new certificates that uses internal names or reserved IP addresses in subjectAltName or in commonName. Furthermore such certificates will be revoked on October 1st, 2016.

Internal names are hostnames that do not end with an Top Level Domain ending (.com, .de, …). For example: .local, .internal. Also NetBIOS names without any domain extension are affected.

Reserved IP addresses are defined by Internet Assigned Numbers Authority (IANA). You can look reservations for IPv4 here  (RFC 1918 range) and IPv6 here (RFC 4193 range).

If you are using an internal CA you are not affected. For more information about this change of public CAs click here. For more information about VMware products click here.

Public CA do not allow internal names and reserved IP address any more

useful cli for VSAN

get information using esxcli

  • esxcli vsan storage list
    details on physical devices
  • esxcli vsan policy getdefault
    details on default policy, most often referred as “none”

for cliesx vsan reference click here

convince the host that there is a SSD (if there is a really one)

  • search for the SSD using:
    esxcli storage nmp device list
    you will get a satp-type and a device-id. The satp-type can be used to mark a remote disk as SSD. In the case of VSAN, SSD should be local.
  • mark the disk as SSD:
    esxcli storage nmp satp rule add --satp=VMW_SATP_LOCAL --device=device-id --option="enable_ssd enable_local"
  • Accoring to KB you have to reboot the host, but it works without too.
  • unclaim the disk
    esxcli storage core claiming unclaim --type=device --device=device-id
  • claim the disk again (it is another order than in KB)
    • esxcli storage core claimrule load
    • esxcli storage core claimrule run
    • esxcli storage core claiming reclaim -d device-id
  • check the result
    esxcli storage core device list -d device-id

read the full KB entry here.

clear partition form disks before add to VSAN

if you get errors by adding disk to VSAN, old partitions can resist on the disk. TAKE CARE TO CLEAR THE RIGHT DISKS!! To clear them do:

  • check for partition
    partedUtil getptbl /dev/disks/mpx.vmhban\:Cn\:Tn\:Ln
  • delete them
    partedUtil delete /dev/disks/mpx.vmhban\:Cn\:Tn\:Ln N
    with N is the number of the partition listed with command before


useful cli for VSAN

VSAN configuration minima and maxima

Status at 2014.04

  • Disk groups [MIN]: 1 per host; [MAX]: 5 per host
  • Flash devices (SAS, SATA, PCIe SSD): 1 per disk group
  • Magnetic disk devices [MIN]: 1 HDD per disk group [MAX]: 7 HDDs per disk group
  • Disk formatting overhead:  750 MB per HDD
  • Nodes in cluster [MIN]: 3 hosts; [MAX]: 32 nodes
  • VMs on VSAN [MAX]: 3200 VMs
  • Components (objects (vmdk, swap, config, snapshot) consist of components) per Host [MAX]: 3000
  • Memory and CPU overhead [MAX]: 10%
  • Amount of memory to support max. configuration of a host [MIN]: 32GB
  • Nodes to allow FTT [MIN]: (2n+1) nodes
  • Copies of an object to allow FTT [MIN]: (n+1) copies
VSAN configuration minima and maxima