Solved

How to remediate ESXi (v5) host on the end of VPN without shutting down guest VMs

Posted on 2015-01-13
16
357 Views
Last Modified: 2015-02-02
I have a vCenter server installation with around 15 ESXi 5.5 hosts all located at different offices. I regularly remediate the hosts to keep them all up-to-date, using vCenter Update Manager.

However, one of the hosts is at a remote location connected by a VPN client which runs on a VM on that host.  When the VM running the VPN client is running it allows vCenter to talk to the host to perform all the usual vCenter functions, and this works perfectly well 24/7/365.  However, to remediate that host it normally has to shutdown or vMotion off all VMs so the host can enter maintenance mode.  If I shutdown the VM running the VPN client then vCenter Update Manager can no longer communicate with the host to complete the remediation.  It is a single host at the location so vMotion is not an option.

Is there any way I can remediate the host without shutting down the VPN client VM which needs to run on it for the remediation to complete?

Thanks
0
Comment
Question by:Paul Huxham
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 2
16 Comments
 
LVL 121
ID: 40546316
Is it possible to use a physical client you can connect to, using Teamviwer etc
0
 

Author Comment

by:Paul Huxham
ID: 40546323
Not really.  There's one other physical server at that site, but that's on the LAN side at the remote site so also becomes inaccessible when the VPN client is down.
0
 
LVL 121
ID: 40546355
and not accessible via Teamviewer, and Internet, we use Teamviewer, as a fallback, because our VPN server is virtual!
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:Paul Huxham
ID: 40546373
No, once the VPN is down, everything on the LAN is isolated completely.  The VM running the VPN is also the firewall, so when it's down there's no access to anything (including the Internet), so TeamViewer isn't really an option.
0
 
LVL 121
ID: 40546377
So maybe time to consider a hardware VPN appliance.

if the host was down, how would you power it back up?
0
 

Author Comment

by:Paul Huxham
ID: 40546388
The host is located in a managed datacenter so we can get the local support to power-off/on as necessary but they have no access to what's running on the host.  Yes, time for a hardware VPN perhaps!
0
 
LVL 121
ID: 40546393
If you just need to update the host, it can be done using the Offline Package, SCP the offline package to the host, execute the commands on the SSH remote console, and reboot! (update done!).

If you want to use Update Manager, then you will need a hardware VPN, of different VPN end point, which is not on the Host you are updating.
0
 
LVL 11

Expert Comment

by:Mr Tortur
ID: 40546600
Hi,
and if you go with the offline package as described by Andrew Hancock don't forget to enable your VM startup option on your esx host (select esx in vsphere client / config tab / software / vm startup options), in order for your vpn VM to automatically boot after your host boot.
0
 

Author Comment

by:Paul Huxham
ID: 40546603
Thanks Mr Tortur, but that's already set!
0
 
LVL 11

Expert Comment

by:Mr Tortur
ID: 40546736
Ok. Then there is no other option than the one already given by Andrew Hancock.
Or add another esx, or set your vpn/firewall on a physical machine..
0
 

Accepted Solution

by:
Paul Huxham earned 0 total points
ID: 40574770
So, for the benefit of anybody reading this thread, with the same question, there does not appear to be any way in this scenario to remediate a remote host while it has a running VM.  It is necessary for the host being remediated to shutdown all running VMs (and restart), so if you are relying on one of those VMs for connection between the host and vCenter, you won't be able to remediate the host remotely.

Alternatives, are to remediate the host locally from another device from the command line, or install a second host at the remote location to run the VM.
0
 

Author Comment

by:Paul Huxham
ID: 40574787
I've requested that this question be closed as follows:

Accepted answer: 0 points for huxham's comment #a40574770

for the following reason:

There isn't a solution to this problem, this summarizes the workarounds.
0
 
LVL 121
ID: 40574788
Solutions, have been provided, they may not be to your liking!
0
 

Author Comment

by:Paul Huxham
ID: 40576638
There are no solutions provided.  There are workarounds provided, but the question I asked is not achievable.  That's why I clearly summaries the workarounds in my final post (http://#a40574770) before I closed the question, for the benefit of anybody reading the thread at a later date.
0
 

Author Closing Comment

by:Paul Huxham
ID: 40583575
There are no solutions provided.  There are workarounds provided, but the question I asked is not achievable.  That's why I clearly summaries the workarounds in my final post (http:#a40574770) before I closed the question, for the benefit of anybody reading the thread at a later date.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Create your first Windows Virtual Machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, the Windows OS we will install is Windows Server 2016.
A look into Log Analysis and Effective Critical Alerting.
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question