Achievement Unlocked: VMware VCAP 6.5 DCV 3v0-624 Exam – Summary and Tips

I wanted to start off my Monday morning with a bang, so decided to schedule my VCAP 3v0-624 exam for the first in the morning. Well, I passed!

Before walking into this exam, I wasn’t sure if I prepared enough, but I felt kind of comfortable once the exam started. I’d like to share what I did to prepare for this exam, although this is my first ever VCAP-Design.

Summary of Study Material

  1. VMware Education Courses
    1. I took the vSphere: Design Workshop 6.5 course online a few months ago. This was good at providing a fundamental understanding of VMware’s approach to a virtualized design.
    2. However, I’ve taken other design courses (vCloud Director) so I felt that the approach is very similar. While I reflect positively on this class, I think if you’ve taken other design workshop classes and have a firm understanding of the design methodology, you probably can skip (or take another 6.5 class for my next point).
    3. One valuable thing was the instructor was careful to point on what has changed in vSphere 6.5 (or what’s new). This is very important in my opinion for the Design Exam. So again, positive and a good use of time.
  2. Books I read
    1. VMware vSphere 6.x Datacenter Design Cookbook
      1. I thought Hersey Cartwright’s book was solid on giving me a practical understanding of what to expect for a design and items to be thoughtful on.
      2. While Hersey did write this in the vSphere 6.0x days, it’s still very pertinent and covers many of the important business aspects which seem to be overlooked.
    2. IT Architect: Foundation in the Art of Infrastructure Design
    3. While I enjoyed reading this book, I thought there was more VCDX-preparation level material than specific material for this VCAP-Design test. Perhaps it provided me with a well-rounded approach and drove the thought process. Either way, this is one to keep around for any future planning.
  3. Material I used
    1. Print out BOTH the 6.5 Exam Guide AND 6.0 Exam Guide and review both. For my own study method, I ensure I go through EVERY topic and write them out on my whiteboard. I ensure I cover each one to the best of my abilities.
    2. vBrownBag VCAP6-DCV Video Series
      1. This was AWESOME! I spent quite a bit of time going through each video and taking notes.
      2. I felt this material was very pertinent to the 6.5 Design Exam. Although the Visio drawings are not on the test anymore, the design methodologies remain constant and everyone did a great job of walking through each subsection.
    3. VMware Material
      1. Review the VMware Validated Design Material
      2. I downloaded ALL vSphere 6.5 new documents, along with the following:
        1. vSphere 6.5 DRS Performance Whitepaper
        2. Deploying Extremely Latency Sensitive Applications in vSphere Whitepaper
        3. vSphere 6.5 Virtual Machine Encryption Performance Paper
        4. vSphere 6.5 What’s New? Whitepaper vmw-white-paper-vsphr-whats-new-6-5
        5. vSphere 6 Fault Tolerance: Architecture and Performance Whitepaper
        6. Platform Services Controller 6.0 Topology Decision Tree
        7. vSphere Availability – VMware vSphere 6.5 Document 
        8. vSphere Storage – VMware vSphere 6.5 Document
          1. I was pretty comfortable here, so did not review all of this since it’s the standard documentation.
    4. Other Material
      1.   CADs- Constraints, Assumptions (Risk, Requirements) & Dependencies- see attached.
      2. Conceptual_Logical_Physical_It_is_Simple – see attached
      3. Design Example – pretty sure I found this on the VMware Community Forum. design examples – conceptual,logical,physical
    5. vCommunity Material – honestly, this was a huge component as many others have created some great material out there. This is not in any order, all is good and pertinent.
      1. Graham Barker’s VCAP6-DCV Exam Preparation Guide – very detailed for Sections 1 and 2. I loved how he created sample tests to gauge your knowledge of each section.
      2. Matt Callaway’s VCAP6-DCV Design Study Guide – links to many of the videos but other applicable notes he created.
      3. Hersey’s write-up on exam experience and study notes – again, very good and the callout for the books too.
      4. David Stamen’s summary and important notes – I would stress the importance of David’s tips. They are SPOT ON!
      5. Rene van den Bedem’s Availability Explained post – very good and thorough.
      6. VirtualTiers Sample Quiz by Jason Grierson – really cool site that provides a sample design. Again, many of the questions are the Visio-type stitching but drives the thought-process around the design.
      7. vMusketeers VCAP6-DCV Design Quiz – a lot of work was put into this. Again, driving and testing your knowledge

Exam Tips

  1. I think many of the vCommunity members covered a lot of the specific things, but I will point out things that come top of mind.
  2. Know your Requirements, Assumptions, Constraints, and Risks. Practice, practice practice! I had a hard time understanding functional versus non-functional and then it finally clicked for me.
  3. Understand your AMPRS – Availability, Manageability, Performance, Recoverability, and Security. Again, practice these and understand what are the specific metrics and how non-functional requirements can be categorized in each respective role.
  4. Don’t be afraid of reviewing the 5.x and 6.0 VCAP-Design material. Again, all very pertinent.
  5. Be well prepared for anything that has changed in vSphere 6.5. There are many things that may have changed or enhanced so you’ll need to have knowledge of these aspects.
  6. Last of all, make sure you have working knowledge of design scenarios. I think this has to come with experience and dealing with actual customer situations. This does come with time and exposure.

Post-Exam Thoughts

  1. I thought the exam was very challenging, yet fair. Like I said before, this is my first VCAP-Design, so I cannot comment about the Visio-drawings that were required (albeit I heard these were difficult).
  2. Expect a lot of thought process on each question. TAKE YOUR TIME, you will have plenty of time. I had an hour left even after reviewing every question twice.
  3. Expect the multiple choice, select “x”, and drag and drop.
  4. Go with your instinct and ensure you read the questions clearly.

I hope this helps others – cheers!


vCloud Director Extender – Org Admin Permissions Script

On June 11th, there was a new release of vCloud Director (vCD) Extender that included a change in the organization administrator permissions. Big thanks to my peer Tomas Fojta for his collaboration and working with the Business Unit on further enhancing this permissions structure.

I have updated the PowerShell permissions script that will add these to the specified org. Note this is ONLY for version of vCD Extender, so I am leaving my previous revisions alone.

I am probably stating the obvious here, but this can also be added via the vCD API. Here are the right references to add if you so choose:

<RightReference href="{url}/right/105191de-9e29-3495-a917-05fcb5ec1ad0" name="Organization vDC Gateway: View L2 VPN" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/eeb2b2a0-33a1-36d4-a121-6547ad992d59" name="Organization vDC Gateway: Configure L2 VPN" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/66b32e08-1eeb-37ac-9266-ffbd19b39dd8" name="Right: View" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/4886663f-ae31-37fc-9a70-3dbe2f24a8c5" name="Catalog: Add vApp from My Cloud" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/438e45e9-9389-3e29-9073-638b36921a2a" name="Disk: Create" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/1e5ad20d-1023-34d1-b073-1ea30bce3854" name="Disk: Delete" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/7bbee458-b3c5-3252-ba5a-b1781b1c7b92" name="Disk: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/fd036ae5-b78b-3c9f-8f28-a7f6b33d0d92" name="Disk: View Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/2cd03d47-38e1-337a-907c-8d5b6a5258f2" name="Organization vDC Distributed Firewall: Configure Rules" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/4e61b5b8-0964-36b6-b021-da39aea724fc" name="Organization vDC Distributed Firewall: View Rules" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/9dc33fcb-346d-30e1-8ffa-cf25e05ba801" name="Organization vDC Gateway: Convert to Advanced Networking" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/d1c77fc0-a4b9-3d99-bd4b-d7fab35e4fae" name="Organization vDC Gateway: View" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/2cd2d9d7-262c-34f8-8bee-fd92f422cc2c" name="General: Administrator Control" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/0b8c8cd2-5af9-32ad-a0bd-dc356503a552" name="General: Administrator View" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/b0cfe989-521b-3d7f-9bc2-f23c74a99633" name="Organization vDC Network: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/2c8d98ef-4acc-3be4-9214-fcb9682b7a19" name="Organization vDC Network: View Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/6cb3596a-15eb-3c2f-a657-5f14f2039719" name="Organization Network: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/194c71a1-3d68-3156-b789-6a6384028b78" name="Organization Network: View" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/60be4106-1f9f-325c-8ff4-8bf2c6d9bc0a" name="Organization Network: Create or Delete" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/2dc8abec-2e0d-3789-a5f9-ce0453160b53" name="vApp: Create / Reconfigure" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/df05c07f-c537-3777-8d9b-a9cfe8d49014" name="vApp: Delete" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/c2a29357-1b2a-3f9d-9cd6-de3d525d49f3" name="vApp: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/580860cd-55bc-322d-ac39-4f9d8e3e1cd2" name="vApp: Power Operations" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/4965b0e7-9ed8-371d-8b08-fc716d20bf4b" name="vApp: Copy" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/8832800f-575f-3501-ad84-8e15f3898f11" name="vApp: Change Owner" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/5250ab79-8f50-33f9-8af5-015cb39c380b" name="vApp: Edit VM Properties" type="application/vnd.vmware.admin.right+xml"/>


Below is the updated PowerShell script. Again, another thanks to Jon Waite for letting me borrow his initial code!

# vCloud Director Extender Permissions Setup - initially created by KiwiCloud.Ninja - modified by Daniel Paluszek -
# Creation Date: 2018-June-15
# Version 2.1 - for vCD Extender and vCloud Director 9.1
# Adds specific permissions required for vCD Extender Org Admin to connect successfully to cloud instance.
# NOTE: These are tested on version vCD and vCD Extender
# Note that Organization roles (e.g. Organizational Administrator) still need to be edited to add these rights once is executed
# NOTE: You must be connected to the vCloud API (Connect-CIServer) with a System administrative user prior to running the script for this to work.
# Add your Org name and vCD instance name below
$OrgToUpdate = '&lt;INSERT-ORG-NAME&gt;'
$APIendpoint = '&lt;INSERT-IP-OR-FQDN-OF-VCD&gt;'

Function vCloud-REST(
[string]$Method = 'Get',
[string]$ApiVersion = '27',
[int]$Timeout = 40
$mysessionid = ($global:DefaultCIServers | Where { $_.Name -eq $APIendpoint }).SessionId
$Headers = @{"x-vcloud-authorization" = $mysessionid; "Accept" = 'application/*+xml;version=' + $ApiVersion}
if (!$ContentType) { Remove-Variable ContentType }
if (!$Body) { Remove-Variable Body }
[xml]$response = Invoke-RestMethod -Method $Method -Uri $URI -Headers $headers -Body $Body -ContentType $ContentType -TimeoutSec $Timeout
Write-Host "Exception: " $_.Exception.Message
if ( $_.Exception.ItemName ) { Write-Host "Failed Item: " $_.Exception.ItemName }
Write-Host "Exiting."
return $response
} # Function vCloud-REST End

# Adds required permissions for vCD Extender connectivity - still require to apply permissions in the UI once executed!
$newrights = @{}
$newrights.Add("Organization vDC Gateway: View L2 VPN", "105191de-9e29-3495-a917-05fcb5ec1ad0")
$newrights.Add("Organization vDC Gateway: Configure L2 VPN", "eeb2b2a0-33a1-36d4-a121-6547ad992d59")
$newrights.Add("Right: View", "66b32e08-1eeb-37ac-9266-ffbd19b39dd8")
$newrights.Add("Catalog: Add vApp from My Cloud", "4886663f-ae31-37fc-9a70-3dbe2f24a8c5")
$newrights.Add("Disk: Create", "438e45e9-9389-3e29-9073-638b36921a2a")
$newrights.Add("Disk: Delete", "1e5ad20d-1023-34d1-b073-1ea30bce3854")
$newrights.Add("Disk: Edit Properties", "7bbee458-b3c5-3252-ba5a-b1781b1c7b92")
$newrights.Add("Disk: View Properties", "fd036ae5-b78b-3c9f-8f28-a7f6b33d0d92")
$newrights.Add("Organization vDC Distributed Firewall: Configure Rules", "2cd03d47-38e1-337a-907c-8d5b6a5258f2")
$newrights.Add("Organization vDC Distributed Firewall: View Rules", "4e61b5b8-0964-36b6-b021-da39aea724fc")
$newrights.Add("Organization vDC Gateway: Convert to Advanced Networking", "9dc33fcb-346d-30e1-8ffa-cf25e05ba801")
$newrights.Add("Organization vDC Gateway: View", "d1c77fc0-a4b9-3d99-bd4b-d7fab35e4fae")
$newrights.Add("General: Administrator Control", "2cd2d9d7-262c-34f8-8bee-fd92f422cc2c")
$newrights.Add("General: Administrator View", "0b8c8cd2-5af9-32ad-a0bd-dc356503a552")
$newrights.Add("Organization vDC Network: Edit Properties", "b0cfe989-521b-3d7f-9bc2-f23c74a99633")
$newrights.Add("Organization vDC Network: View Properties", "2c8d98ef-4acc-3be4-9214-fcb9682b7a19")
$newrights.Add("Organization Network: Edit Properties", "6cb3596a-15eb-3c2f-a657-5f14f2039719")
$newrights.Add("Organization Network: View", "194c71a1-3d68-3156-b789-6a6384028b78")
$newrights.Add("Organization Network: Create or Delete", "60be4106-1f9f-325c-8ff4-8bf2c6d9bc0a")
$newrights.Add("vApp: Create / Reconfigure", "2dc8abec-2e0d-3789-a5f9-ce0453160b53")
$newrights.Add("vApp: Delete", "df05c07f-c537-3777-8d9b-a9cfe8d49014")
$newrights.Add("vApp: Edit Properties", "c2a29357-1b2a-3f9d-9cd6-de3d525d49f3")
$newrights.Add("vApp: Power Operations", "580860cd-55bc-322d-ac39-4f9d8e3e1cd2")
$newrights.Add("vApp: Copy", "4965b0e7-9ed8-371d-8b08-fc716d20bf4b")
$newrights.Add("vApp: Change Owner", "8832800f-575f-3501-ad84-8e15f3898f11")
$newrights.Add("vApp: Edit VM Properties", "5250ab79-8f50-33f9-8af5-015cb39c380b")

$myendpoint = $global:DefaultCIServers | Where { $_.Name -eq $APIendpoint }

if (!$myendpoint.IsConnected) {
Write-Host "Not connected to this vCloud endpoint, use 'Connect-CIServer' before running this script."

$org = Get-Org -Name $OrgToUpdate -Server $APIendpoint

if (!$org) {
Write-Host "Couldn't match organization with name $OrgToUpdate, exiting."

$rightsuri = 'https://' + $APIendpoint + "/api/admin/org/" + $org.Id.Substring($org.Id.LastIndexOf(':')+1) + "/rights"

[xml]$rights = vCloud-REST -URI $rightsuri -ContentType 'application/' -Method 'Get' -ApiVersion '27.0'

# Add the new API v27 'RightsReference' elements to the XML returned:
foreach($newrule in $newrights.Keys) {
$newright = $rights.CreateElement("RightReference", "")

# Update the Organization with the ammended rights:
vCloud-REST -URI $rightsuri -ContentType 'application/' -Body $rights.InnerXml -Method 'Put' -ApiVersion '27.0'

Happy migrating,


vCloud Director Extender Released!

I am happy to announce that vCloud Director Extender was released earlier this week as we can see below –

We can also see the release notes have been posted here:

So, what’s new with this release?

Updated Items

  1. Tested operational scale – a significant amount of testing and evaluation was put into this release to verify the number of deployments, cold or warm migrations, and L2VPN network extensions (or DC Extensions). This allows the Provider to plan accordingly based on these guidelines.
    1. Up to 20 connected on-prem Managers to a single Provider Extender Manager instance.
    2. Migrate up to 50 VM’s via warm migration simultaneously to a Provider
    3. 300 to 1500 cold migrations from a single to multiple on-prem instances to a Provider
    4. Up to 5 L2VPN extensions per on-prem instance, or up to 20 extensions from multiple tenant instances to a Provider.
  2. Support for older vCenter instances – this was a big ask from our Providers where they were working with clients that had 5.5 instances. This allows for a seamless migration to a vCloud environment.
  3. Offline seeding to a target cloud – minimizes the amount of initial sync time before cutover. Very nice addition.
  4. Co-existence with vCloud Availability for DR – another great value point for current Providers that are running vCAv DR2C for DR as a Service (DRaaS) simultaneously. Note that you can only migrate or protect a VM with one of the products, not both.
    1. Another note – I am currently running vCloud Availability for Cloud to Cloud (vCAv-C2C) in my test environment and this seems to co-exist with vCD Extender. However, this has not been certified as of yet!
  5. Testing a cutover in a war migration that does consistency checks to verify functionality.

Last of all, there was a permissions update for the organization administrator role. Please review this blog post for my updated permissions script and the necessary org admin rights.

Thank you!


VMware vCloud Availability for Cloud-to-Cloud DR – Pairing and Usability (2 of 2)

Continuation of VMware vCloud Availability for Cloud-to-Cloud DR – Pairing and Usability (1 of 2)

This post covers pairing and usability of VMware vCloud Availability for Cloud-to-Cloud DR.

Previous blog posts:

Blog Post – what is vCloud Availability for Cloud-to-Cloud DR? 

Blog Post – vCloud Availability for Cloud-to-Cloud DR – Installation and Setup

  1. Part 2:
    1. Initial authentication between the two sites
    2. Migrating a workload in the same site
    3. Protecting a workload between two sites
    4. Testing the protected workload
    5. Edit Options
    6. Failing Over

Initial authentication between the two sites

  1. This is pretty simple and very similar (if not exactly) like vCAv-DR2C. Go to Paired Clouds -> click the actions button to authenticate on the paired remote site. For me, this is SiteB. 
  2. We need to provide the organization name, the username of the org admin, and password. Note this must be an organization admin for pairing. 
  3. Complete! 
  4. Now, I can do the same on my second site, SiteB. 

Migrating a workload in the same site

  1. So let’s work through a use case where I want to migrate a vApp or VM between two different oVDCs in the SAME vCloud Director instance. This question came up on the vExpert Slack channel and I thought this was supported, but wanted to make 100% sure. The answer is yes – fully supported. So let’s go through how I made this happen.
  2. From the DR Workloads tab, let’s click on the Discovery button – 
  3. From here, our source is going to be our same site, which is SiteA/Org1, which should show host in parenthesis. 
  4. Let’s select my test vApp, which is properly named “vApp_test” for this exercise. 
  5. Now our destination is the same vCD instance, or SiteA/Org1. Let’s select it –
  6. We can now see the other org VDC available, which is my Org1-Gold-oVDC. This is the only selection available as we cannot move it to the same oVDC and I do not have more than two oVDC’s inside of this organization. From here, we can also select the Storage Profile, Target PRO, and if we want to add in any Point-in-Time instances along with data connection type. 
  7. Once we click finish, we get our setup screen… 
  8. We can now see the vApp is being configured and in the “Protecting” status. 
  9. Complete! All green and in the “Protected” state so it’s ready for migration over to my destination oVDC. 
  10. Let’s go ahead and click Failover and get the confirmation window on what we want to do. I can select the DR Network (I didn’t set up networking for this test) and if I want to turn on the target VM. 
  11. We can now see the status has changed to “Failing Over” – 
  12. From my vCD instance, I can see the vApp being imported… 
  13. Source/Original vApp is being powered off.. 
  14. Under Tasks on the vCAv portal, I can see the migration tasks underway – 
  15. Complete! We have successfully migrated over the vApp to the new orgVDC. We also see the original/source vApp was completely powered off, or in the Stopped state. 
  16. In conclusion, very simple and intuitive to migrate between the same vCD instance. Theoretically, you could deploy this at a single site and use this for local migration.

Protecting a workload between two sites

  1. So let’s cover migration between the two sites – SiteA and SiteB. In this exercise, we will be protecting a workload in SiteB and protecting it to SiteA. This is very similar to our exercise above (migrating between the same site) while we are selecting the paired site for protection.
  2. Let’s go ahead and click on Discovery and select our source site (SiteB) – 
  3. Now we can select our vApp that we will be protecting to SiteA – 
  4. Select our destination, which mine is SiteA/Org1 – 
  5. From our final screen, we can select the appropriate oVDC, storage profile, and my target RPO. For this exercise, I’ll be adding in some Point-in-Time instances too. Click OK and let’s get to protecting…
  6. I tried to grab the transition log, but it was too fast. But I do see the initial replication succeeded along with my protected vApp showing “Protected” – awesome! 
  7. I also like the event pop up we get when something changes. We can see this in the above screenshot that shows my newest protected vApp is good to go.

Testing the protected workload

  1. Testing is the ability to bring up the protected workload at the destination site in an isolated network of your choosing – this allows the application owner to verify everything is operational and could be used for regulatory purposes too.
  2. Testing is pretty easy – it can be orchestrated from either site (source or destination) and it’s with a click of a button –
  3. We get the confirmation screen and the choice of our test network we want to utilize. Once I hit the Start button, I can see the status changes to “Failover Testing Initializing.” 
  4. On my SiteA, I can see within the logs the failover testing is underway while we have a transition of a vApp inside of SiteA – 
  5. Alright, now it shows Failover Test Ready which is great. Now, my app owner can test their app on the destination and verify functionality. 
  6. One of the nice additions is the quick launch buttons on the test workload – we can hover over the two icons and see quick launch buttons to get to each site. Very nice addition. 
  7. Finally, when our testing is done, we can click the Cleanup button to remove the test VM and go back to our normal, Protected state. Pretty straightforward. 

Edit Options on protected workload

  1. Clicking the Edit button provides us with the ability to make changes to a current protected workload –
  2. From the options pane, we can see the following – 
  3. We get our standard RPO slider – from 5 minutes to 24 hour RPO selection – while providing the ability to keep point-in-time instances for further retention.
  4. Moreover, all traffic is encrypted but we can also further optimize by compressing data. Very similar to vSphere Replication, the replicators will attempt to compress the data to minimize network traffic.
  5. Last of all, we have the ability to quiesce the operating system by using VMware Tools.

Failing Over

  1. In our last example, we will fail over my core-B vApp from SiteB to SiteA. Failover can be done from either site (especially important if I lost my source site) and very straightforward.
  2. Let’s select Failover from the UI – 
  3. As discussed before, our standard options and what network we want to select. 
  4. We can see it transitioned to Failing Over… 
  5. Voila! Failed over. Now we can click the quick launch shortcut and start doing whatever we need to do. 
  6. Another thing to note – even with a failed over workload, we can reverse the replication and reprotect it back to our original site, assuming the site is still operational. This is done by selecting the Reverse button. Now, this will show as outgoing from my SiteA to SiteB.

That’s it, folks! My hope is this was informational for any providers that are considering to utilize Cloud to Cloud for migration and DR needs for their multi-site vCloud Director environments. It’s a great tool and is very intuitive for our tenants and providers.