trainsignal Vmware

VMware vSphere 5 Training

VMware vSphere 5 Training Instructors: David Davis and Elias Khnaser

Getting Started with VMware vSphere 5

Training Course


Getting Started with VMware vSphere 5 Training Course

In This Lesson:

About Your Instructors

Who Should Watch this Course?

What is VMware vSphere?

What We Cover in the Course



• 18+ years of IT experience

• Implemented VMware products in the real-world

• Worked with performance since 1990s, starting with Unix performance tuning

• Spoke at VMworld

–North America

–Europe

About Your Instructor – David Davis



• Author of hundreds of vSphere articles on the web including Virtualization Review magazine

• Author of numerous TrainSignal’s video training courses including:

– vSphere 4 and Pro Series

– vSphere Troubleshooting

– vSphere Performance

• Obtained a number of certifications and awards

About Your Instructor – David Davis



About Your Instructor – Elias Khnaser

• Technology Officer for Sigma Solutions

• I advise clients on

–Server, desktop, and application virtualization technologies

–Cloud computing strategies

–Automation of highly virtualized data centers

• I LOVE technical training

• I’ve been doing it for years

–Technical author with many books and CBTs sold to my credit [email protected]

Twitter: @ekhnaser Linkedin.com/in/eliaskhnaser

mailto:[email protected]



About Your Instructor – Elias Khnaser

• Virtualize Everything!

– I’ve been working with Citrix technologies and teaching them for 10+ years

–Authored CBTs for Citrix MetaFrame XP, VMware Infrastructure 3, 3.5 and vSphere 4

–Awarded VMware vExpert

– Frequent speaker at industry conferences and user groups

–Contributor and blogger for VirtualizationReview.com, InformationWeek, Forbes.com, and EliasKhnaser.com

–Author and co-author of several books including:



DA Books!



• Anyone who wants to learn vSphere 5

• Server admins interested in using VMware virtualization in their datacenter

• Anyone who wants to see new vSphere 5 features in action

• No vSphere experience is required

Who Should Watch this Course?



• The most advanced virtualization platform available

• The server virtualization solution that is going to a save your company money

• The platform that makes you look like a hero!

• The foundation for cloud computing

What is VMware vSphere?



• Overview of VMware vSphere 5

• Installing VMware ESXi 5

• Installing vCenter 5

• Installing vCenter 5 as a Linux Appliance (vCSA)

• Using the vSphere 5 Web Client

• What's New in vSphere 5

• Navigating vSphere Using the vSphere Client

• vCenter 5 – Configuring Your New Virtual Infrastructure

• Creating and Modifying Virtual Guest Machines

• Installing and Configuring VMware Tools

• Understanding and Using Tasks, Events, and Alarms




• Virtual Storage 101 and Storage Terminology

• vSphere Storage Appliance (VSA)

• Creating a Free iSCSI SAN with OpenFiler

• Administering VMware ESXi Server Security

• vSphere Virtual Networking

• Using the vSphere Distributed Virtual Switch (dvswitch)

• Moving Virtual Machines with vMotion

• Moving Virtual Storage with svMotion

• Performance Optimization with Distributed Resource Scheduler (DRS)

• Implementing High Availability with VMware HA (VMHA)

• Super High Availability with VMware Fault Tolerance (FT)




• Upgrading from VMware vSphere 4 to vSphere 5

• vSphere Command Line Interface (CLI) Options

• vSphere Auto Deploy

• Storage DRS

• Policy-Driven Storage

• Understanding the New vSphere 5 vRAM Pooled Pricing

• Network I/O Control (NIOC)

• Storage I/O Control (SIOC)

• ESXi Firewall

• VMware Data Recovery (VDR) 2

• Administering vSphere Using an iPad





Lab Setup


Lab Setup

• Learn virtualization, first hand

• Prove that it works “as advertised”

• Prove that it works for your company’s applications

• Prepare for a certification

Why Build a Lab?


Lab Setup

1. Virtual Virtualization Lab

2. Physical Virtualization Lab

Two Ways to Build a Virtualization Lab


Lab Setup

• Required 64-bit CPU with Intel VT or AMD-V

• Min 4GB of RAM

• May not power on a 64-bit VM

• Fault Tolerance (FT) won’t work

• Performance may suffer

Limitations to a Virtual Lab


Lab Setup

• Required to use and test vSphere’s advanced features

• Likely not needed with just one ESXi host

• Shared storage

– Low-end SAN/NAS

– Server turned into a NAS

– Virtual Storage Appliance (VSA)

Importance of Shared Storage


Lab Setup

• Workstation 7 and ESXi 5

• Windows 7

• Intel 64-bit CPU with VT enabled

• i7-2630QM @ 2Ghz

• 6GB of RAM

Note:

VMware Workstation 7 supports running ESX/ESXi as a VM and editing VM configuration files is no longer necessary

Running vSphere in Workstation


Lab Setup

• Multiple labs were used in the creation of this course

Lab #1

–Two Dell T610 Servers with 8GB of RAM and Xeon 5500 series CPUs + Iomega ix4-200D

vSphere 5 Lab Setup


Lab Setup

Lab #2

–Samsung i7 Laptop with 6GB of RAM running VMware Workstation

vSphere 5 Lab Setup


Lab Setup

Lab #3

– Fujitsu blade servers

vSphere 5 Lab Setup


Lab Setup

What We Covered

Build a vSphere lab to learn vSphere or to create a vSphere proof of concept (POC) for your company

There are multiple ways to build a vSphere lab

Virtual vSphere labs are the least expensive and most portable but also the least functional and more prone to performance issues

Physical vSphere labs vary greatly in cost but offer the most opportunity to test advanced features without potential performance issues


Course Scenario


Course Scenario

• Who is the “Wired Brain Coffee Company”?

–Multiple datacenters

–Uses vSphere for server consolidation

–Usually managed by one vCenter Server

–A simple virtual infrastructure

• Why do we use a scenario?

–Useful for scenarios

–Scenarios help you remember

–Remembering means you retain what you learn so you can use it later

Our Scenario


Overview of VMware vSphere 5



In This Lesson:

vSphere 5 Overview

vSphere 5 Components

Packaging and Versions

Cloud Computing

Ecosystem



• Virtualization hypervisor and associated suite of products

• vSphere includes ESXi and is sold in kits and per-socket licenses

• vCenter is sold separately but is required

• No more ESX Server

• ESXi is a type 1 hypervisor

vSphere 5 Overview



• ESXi

• vCenter

• vSphere Client

• vMotion

• svMotion

• Distributed Resource Scheduler (DRS)

• Storage DRS

• DPM

• VMHA

• Fault Tolerance (FT)


• vShield Zones

• Data Recovery

• Hot Add

• Distributed Switch

• VMFS

• Thin Provisioning

• Update Manager

• Storage I/O Control (SIOC)

• Network I/O Control (NIOC)

• Host Profiles

Graphic Thanks to VMware.com



• vSphere breaks down into these options:

– vSphere Hypervisor – FREE

– vSphere Essentials Kit and Essentials Plus Kit

– vSphere Acceleration Kits – Std, Ent, Ent+

– vSphere – per CPU socket & vRAM entitlement

• Standard

• Enterprise

• Enterprise Plus

• Note: advanced is no longer available

–PLUS vCenter

• Foundations (up to 3 hosts)

• Standard

• See: http://www.vmware.com/products/vsphere/pricing.html




• VMware vCloud products

• vCloud Director (vCD)

• vCloud Datacenter providers

Cloud Computing

• vCloud Express

• vCloud Request Manager

• vCloud API

Image by VMware.com

http://www.vmware.com/products/vsphere/pricing.html

http://www.vmware.com/products/vsphere/pricing.html



• VMware Partner Network

• The VMware Ecosystem is strong

• It includes:

–Hardware vendors

–Consulting companies

–VMware View partners

–Virtual appliance partners

–Third-party software companies

–Bloggers and community members

–Book authors

–Training providers

Ecosystem

Image by VMware.com



What We Covered

vSphere 5 Overview



Cloud Computing

Ecosystem


Installing VMware ESXi 5



In This Lesson:

ESXi Installation Requirements

What Happened to ESX Server?

Downloading VMware ESXi 5


ESXi Initial Configuration

Installing the vSphere Client



• VMware ESXi

–Runs directly on your hardware

– It is “the operating system”

–Talks directly to your hardware including NIC and storage controller

• Requirements:

–64-bit CPU with Intel VT or AMD-V enabled

–2098MB of RAM is the minimum but likely you’ll want 8GB+

–Gig-E or 10Gig-Ethernet controller




• vSphere 5.0 supports booting ESXi hosts from the Unified Extensible Firmware Interface (UEFI). With UEFI you can boot systems from hard drives, CD-ROM drives, or USB media.

• ESXi can boot from a disk larger than 2TB provided that the system firmware and the firmware on any addin card that you are using supports it.

• Check hardware compatibility (HCL/HCG) at www.vmware.com/go/hcl

• For testing purposes only, it is possible to run ESXi in Workstation or Fusion

• VMware Fault Tolerance (FT) has more specific hardware requirements

• vSphere storage has it’s own set of requirements


http://www.vmware.com/go/hcl



• ESX Server has been deprecated/discontinued

–Redhat Linux-based service console required more frequent updates and had a larger attack surface

–Maintaining two platforms didn’t make sense

–Took longer to install and boot

–Used more resources

• ESXi type-1 hypervisor

–Thinner

– Less updates

–More secure

–Still has a very thin local CLI

– Loads and installs super-fast

–Performs all the advanced features of ESX




• vSphere (with ESXi) is available with 60 day evaluation from www.vmware.com/tryvmware

• Or, if you have a registered license, just download the ISO from www.vmware.com/download

• ESXi is a 321MB CD ISO




1. Burn ISO to CD and put in drive

2. Make sure VT is enabled in server BIOS

3. Boot the CD

4. Answer installation questions, reboot, and you are ready to use ESXi 5

5. Perform initial configuration (recommended)

6. Connect with vSphere Client!


http://www.vmware.com/tryvmware

http://www.vmware.com/download



1. Login with F2 and root password

2. Configure IP address, SM, DG, DNS servers, hostname, and domain

3. Add to your DNS server

4. Add to vCenter by DNS name

5. Optional:

– Configure NTP on the ESXi server

– Connect ESXi server to SAN

– Configure lockdown mode

– Enable tech support mode and remote tech support mode

Note: New in ESXi 5, the root password is set at installation time




• Available in either a Windows version or a new web-based version

• Only Windows version offers 100% of features today

• vSphere Client is now downloaded from VMware.com

• An ESXi host or vCenter server will direct you

• vSphere Client is also found on vCenter installation media

• Hardware requirements to run the Windows vSphere Client are low

• Windows version requires that you install the .NET client

• Web-based version requires that you install Adobe Flash




What We Covered








Installing vCenter 5



In This Lesson:

What is vCenter Server?

vCenter Server Blueprint

vCenter Server Physical or Virtual?

vCenter Server Features

HW and SW Requirements

Database Requirements

Port Requirements

How to Evaluate vCenter 5?



• vCenter is a centralized management application and framework that serves as a proxy for managing ESXi hosts and their virtual machines

• vCenter is a requirement for enterprise features like:

–VMware vMotion

–VMware High Availability (HA)

–VMware Distributed Resource Scheduler (DRS)

–VMware Update Manager (UM)

–And more…





Core Services VM provisioning, Task Scheduler, Events Logging, Host and VM Configuration, Inventory, vApp, Alarms and Events, Statistics and Logging

Distributed Services Features like vMotion, HA and DRS

Additional Services Plugins like Update Manager, vShield Zones, Orchestrator, Data Recovery, Storage Monitoring, Hardware and Service Status

Database Interface Database connectivity

ESXi Host Management

ESXi host management

Active Directory Interface

Active Directory integration

vSphere API SDK for developers



• vCenter Server can be physical or virtual

• Physical requires a dedicated machine

• Physical is not at risk of vSphere outages

• Virtual can be backed with other VMs

• Virtual does not waste an entire server on VC

• Virtual can participate in HA and be vMotioned

• Virtual is at risk of vSphere outages




• vCenter needs to be part of a domain

• Assign static IP and hostname

• Create the back-end database

• Determine licensing options

• Correct time and date

• Server must be registered in DNS and you must be able to resolve it from all ESXi hosts

• vCenter should not be a domain controller

• Account you are installing under should have:

–Member of administrator group

–Act as part of operating system

– Log on as a service

vCenter Server Pre-installation




vCenter

ESXi Management

VM Management

Update Manager

Converter Enterprise

Templates

Access Control



Hardware Requirements:

• CPU 2 64-bit CPU or 1 64-bit dual-core CPU (2GHX or better)

• Memory 4GB or more if DB running on vCenter Server

• Storage a minimum of 4GB is needed; more if DB installed

• Networking a 1GB or better

Software Requirements:

• Windows Server 2003 Std, Ent or Datacenter 64-bit SP2

• Windows Server 2003 R2 Std, Ent or Datacenter 64-bit SP1

• Windows Server 2008 Std, Ent and Datacenter 64-bit SP2

• Windows Server 2008 R2 Std, Ent and Datacenter 64-bit

• Microsoft .NET 3.5 SP1 Framework

• Microsoft Windows Installer 4.5 (If using SQL 2008 R2 Express)




Supported Databases:

• IBM DB2 9.5 and 9.7

• Microsoft SQL Server 2008 R2 Express

• Microsoft SQL Server 2005

• Microsoft SQL Server 2008 and 2008 R2

• Oracle 10g R2 and 11g

Default DB:

• Microsoft SQL Server 2008 R2 Express

• Can be used in production for small environments of up to 5 hosts and 50 VMs

• Ideal for demos and eval




• Built-in DB calculator

• Estimates disk space required based on number of hosts, VMs, and amount of statics required

• It is an estimator and no changes are made to the DB

Database Space Calculator



• 80/443 for Web access

• 902 for heartbeat, ESXi management and VM console

• 8080 / 8443 for Web services and HTTPS Web Services

• 389 for LDAP, can be changed, 1025 to 65535

• 636 for vCenter Linked Mode, can be changed, 1025 – 65535

• 60099 Web service change service notification port

• 10443 vCenter Inventory Service HTTPS

• 10109 vCenter Inventory Service Management

• 10111 vCenter Inventory Service Linked Mode Communications

Port Requirements



• 60 day evaluation at www.vmware.com/tryvmware

• Or, with registered license, just download the ISO from www.vmware.com/download

• Available as an ISO or ZIP file


http://www.vmware.com/tryvmware

http://www.vmware.com/download



What We Covered







Port Requirements



Installing vCenter 5 as a

Linux Appliance (vCSA)


Installing vCenter 5 as a Linux Appliance (vCSA)

In This Lesson:

What is the vCenter Server Appliance?

Pros and Cons to Using vCenter as an Appliance

Deploying the vCenter Server 5 Appliance (vCSA)

Testing vCSA with the vSphere Client



• A new option in vSphere 5 for deploying vCenter Server

• A Linux-based virtual machine, optimized for running vCenter Server

• No knowledge of Linux is required

• No installation has to be performed

• Fastest way to get vSphere 5 up and running

• There is no additional cost to using this method (a vCenter license is required)




• Pros

–Supports all traditional vCenter features like DRS, SDRS, HA, host profiles, dvSwitch, etc.

–No Windows license is required

–No Windows install has to be done

–No vCenter install has to be done

–Deployment is simple & FAST

• Cons

–Doesn’t support SQL as an external database

– vCenter Server linked mode doesn’t work

– vCenter Server heartbeat doesn’t work

–No single-sign on using Windows session credentials

– vSphere Storage Appliance (VSA) isn’t compatible




• Will need an already installed ESXi server and the vSphere Client

• Download files from VMware.com

– .OVF files

–Appliance data disk

–Appliance system disk – about 4 GB

• Use the “Deploy OVF” option in the vSphere Client

• Once up and running the default credentials are:

– root/vmware

• You can perform network and timezone configuration using the text menu on the console

• You will want vCSA to have a static IP address and DNS host record on your DNS server




• The only steps absolutely required to use vCSA is:

–Test and Save the vCenter database settings (the vCenter Inventory Service, on the console)

–Start vCenter Services on the vCSA VM

• However, recommended configurations are:

–Set a static IP

–Set the timezone

–Change the root password

–Configure Windows AD authentication

–Size the embedded database for your vSphere infrastructure

–Then restart the vCSA VM




What We Covered




Testing vCSA with the vSphere Client


Using the vSphere 5 Web Client



In This Lesson:

vSphere 5 Web Client Overview

Installing the Server for the Web Client

Authorizing the Web Client Server




• A web-based version of the vSphere Client

• Built with Adobe Flex (currently in use with VMware View Administration tools)

• The web-client is the future of vSphere administration

• The current vSphere Client, built in C# will go away one day

• Offers nice “recent tasks” and “work in progress” windows

• Requires: Microsoft Internet Explorer 7 and 8 or Mozilla Firefox 3.5 and 3.6

• Requires: Adobe Flash Player version 10.1.0 or later to be installed in your browser

• Also requires Adobe Flash to be installed on the server side where you are authorizing the web client




• No plugins work with the web-client (yet)

• The web-client is not required by or related to the vCenter Server Appliance (vCSA)

• The web client (server) is required to view the vRAM pool utilization report in the regular vSphere client

• Installation of the vSphere client (server) is done from the vCenter media

• It can be installed on any system that meets the requirements but I typically put it on the Windows vCenter Server




What We Covered


Installing the Server for the Web Client

Authorizing the Web Client Server



What’s New in vSphere 5



In This Lesson:

vSphere 5 Platform Enhancements

vSphere Storage

vSphere Networking

vCenter 5.0

The New High Availability – HA

vCenter Site Recovery Manager 5

vCloud Director 1.5

vShield 5.0



• Convergence

• Auto deploy and image builder

• Unified CLI

• VM enhanced capabilities

• Support for up to 160 Logical CPUs

• Up to 2TB physical RAM

• Up to 512 VMs per host with a max of 2048 vCPUs

• Host UEFI BIOS

• Mac OS X 10.6 “Snow Leopard” guest OS support on Apple HW

• Improved SNMP Support




• Storage DRS (SDRS)

• Profile Driven Storage

• VMFS-5

• vSphere APIs for Storage Awareness – VASA

• vSphere APIs for Array Integration – VAAI

• vSphere Storage Appliance – VSA

• iSCSI UI support

• Storage I/O Control NFS support

• Swap to SSD

• Storage vMotion Snapshot support

• VMware View Accelerator

vSphere Storage



• Enhanced network I/O control

• vNetwork Distributed Switch improvements

• ESXi firewall

vSphere Networking



• Traditional install

• vCenter Linux Appliance

• Solution installation and management

• vSphere full client

• vSphere web client

• Enhanced logging support

vCenter 5.0



• VM Hardware Version 8

• Up to 32 vCPUs including multi-core support

• Up to 1TB of vRAM

• Up to 1 million IOPS

• Support for client connected USB

• USB 3

• Non Hardware Accelerated 3D Graphics support

• UEFI Virtual BIOS

• Smart Card Readers

• VMware Tools versions support matrix

• GUI configuration of multicore vCPUs

• Mac OS X 10.6 “Snow Leopard” guest OS support on Apple HW

VM Enhanced Capabilities



• Centrally manage stateless hardware

• PXE boots / streams image into local memory

• Host configuration provided by answer file and / or host profiles

• Image builder streamlines the creation of customized installation media

Auto Deploy and Image Builder

vCenter Server with Auto Deploy

Host Profiles

Image

Profiles



• Enabled with Storage vMotion

• Initial VM placement

• Automated load balancing

–Storage space utilization

– Lowest latency

• Affinity rules

–VMDK Affinity

–VMDK Anti-affinity

–VM Anti-affinity

Storage DRS

datastore cluster

2TB

datastores 500GB 500GB 500GB 500GB



• Matches storage capabilities to VM storage requirements to meet SLAs

• Leverages VASA – Storage APIs – Array Awareness

• Ideally leverage SDRS and Profile Drive Storage to reduce OpEx while meeting SLAs

Profile Driven Storage

VMFS-5

Feature VMFS-3 VMFS-5

2TB+ VMFS volumes Yes (using extents)

Yes (64TB)

Support for 2TB+ physical RDMs No Yes

Unified block size (1MB) No Yes

Atomic test and set enhancements (part of VAAI, locking mechanism)

No Yes

Sub-blocks for space efficiency 64KB (max ~3k) 8KB (max ~30k)

Small file support No 1KB

Space reclamation on thin provisioned LUNs

No (manual)

Yes (enhanced VAAI)

Monitoring of space when using thin provisioning

No Yes (enhanced VAAI)



• Server Virtualization is about consolidation, containment and availability

• Desktop Virtualization is about standardization and customization

• Desktops will always have exceptions

• Not much CapEx savings, but significant OpEx savings

VMware View Accelerator

VMware vSphere



• Fault Domain Manager – FDM

• Failure detection

–Management Network and Storage Communications

• One log file per server – /etc/opt/vmware/fdm

• No reliance on DNS

• Eliminate common issues

• IPv6 support

• Enhanced UI

• Enhanced deployment


VMware ESX

VMware ESX

VMware ESXi

Resource Pool

Failed Server Operating Server Operating Server



• vSphere replication

–Hypervisor based replication

–Bundled with SRM

– File-level consistency (except planned migration)

• Support for storage based replication

• Automated failback

• Planned migration

–Application-consistent migration

–New workflow applied to any plan

• IPv6


VMware vSphere

VMware vCenter Server

Site Recover

y Manager

VMware vCenter Server

Site Recover

y Manager

VMware vSphere

Site A (Primary) Site B (Recovery)

Servers Servers



vCloud Director 1.5

• Fast Provisioning (Linked Clones)

• vApp Custom Guest Properties

• 3rd party distributed switch support

Most Agile Access to Cloud Infrastructure

• vCloud Messages

• Microsoft SQL Server Support

• Expanded vCloud API and SDK

• vSphere 5 support

Secure Isolation and Simple Management

• vShield Edge VPN Integration The Only Hybrid Cloud

Infrastructure



vShield 5

DMZ Application 1 Application 2

Edge

vShield Edge

Secure the edge of

the virtual datacenter

Security Zone

vShield App with Data Security

• Create segmentation

between silos of workloads

• Sensitive Data Discovery

Endpoint = VM

vShield Endpoint

Offload anti-virus processing

Endpoint = VM

vShield Manager

Centralized Management



What We Covered


vSphere Storage

vSphere Networking

vCenter 5.0



vCloud Director 1.5

vShield 5.0


Navigating vSphere Using the vSphere Client



In This Lesson:

vSphere Terminology (Lingo)

Using the vSphere Client

Performing VM Guest Remote Control

Navigating the vSphere Client with Hotkeys

Searching the Virtual Infrastructure

Sorting and Filtering in the vSphere Client

Exporting Data

Running Reports



• vCenter Server

• vSphere Client

• ESXi

• vMA

• (Virtual) Data Center

• VM (Virtual Machine)

• Host / Guest

• Datastore

• Folder

• Resource Pool

• Cluster

• Networks (virtual networks)




• Has a HOME screen

• Only displays what you have licensed

• Different views when connected to vCenter vs ESXi host

• Remembers last

connection view

• “Back” functionality

– Like a web browser





• Make sure you install the VMware Tools

• Console tab or pop-up window

• Hot Keys

–Ctrl-Alt = release mouse (no VMware Tools)

–Ctrl-Alt-Ins = Ctrl-Alt-Del

–Ctrl-Alt-Enter = to switch back and forth to full screen





• “Google” for your VI

• From the Home Screen or any vSphere client window

• Search for VMs, hosts, datastores, networks, and folders

• Linked mode is supported

• Simple and advanced searching




• Sort lists by clicking on column headings

• Filter a list by keyword

• You can also export a list in a variety of formats




• List Export

–HTML, HTML with CSS, XLS, CSV, or XML

• OVF File, Events, Maps, and System Logs

Exporting Data



• Host Summary

• Performance

Running Reports



What We Covered







Exporting Data

Running Reports


vCenter 5 – Configuring Your New Virtual

Infrastructure


vCenter 5 – Configuring Your New Virtual Infrastructure

In This Lesson:

Planning the Virtual Infrastructure

Adding Datacenters, Folders, and Hosts

Configuring vSphere Licensing

Removing “Getting Started” Tabs

Configuring the ESXi Server Clock and NTP

vCenter Server Settings and Plugins

Reviewing System Logs, vCenter Sessions, and Service Status

Monitoring ESXi Host Health Hardware Status



• Proper naming and organization of the virtual infrastructure is critical

• This structure will be used to delegate permissions to users and groups

• Develop a standard naming convention for ESXi hosts and guest VMs

• Organize by

–Physical site

–Company division

–Purpose of infrastructure

–Or other system that makes sense in your organization




• vCenter inventory can contain:

– Folder

–Datacenter

• Folder can contain:

– Folder

–Datacenter

• Datacenter can contain:

– Folder

–Cluster

–Host

–Virtual Machine




• GGLT-AAABBB##

• Header portion:

GG – geographical location

L – location should be generic and not vendor or building specific to facilitate moves, building name changes due to mergers, out of business etc…

T – type

- – required delimiter to signify the end of the header portion

• Variable portion:

AAA – function / service / purpose

BBB – application

• Unique ID:

## – 2 digit sequence #

Naming Convention



• CHEV-DC01

Chicago Datacenter, Virtual server, Domain Controller, sequence #1

• CHEV-FS01

Chicago Datacenter, Virtual server, File Server, sequence #1

• CHEV-EXH01

Chicago Datacenter, Virtual server, Microsoft Exchange, sequence #1

• CHEP-ESX01

Chicago Datacenter, Physical server, VMware ESXi, sequence #1

• CHTV-CTXJDE01 - ???

Naming Convention Examples

vSphere Network Virtualization Diagram

Bandon, OR

Dallas, TX Hilton Head, SC



What We Covered


Adding Datacenters, Folders, and Hosts

Configuring vSphere Licensing

Removing “Getting Started” Tabs

Configuring the ESXi Server Clock and NTP

vCenter Server Settings and Plugins

Reviewing System Logs, vCenter Sessions, and Service Status

Monitoring ESXi Host Health Hardware Status


Creating and Modifying Virtual Guest Machines



In This Lesson:

Three Ways to Create Virtual Machines

Downloading VMs from Virtual Appliance Marketplace

VMware Guest OS Install Guide

Changing BIOS Settings in a Guest VM

Creating ISO Images of CD/DVD Install Media

Creating a Library of ISO Installation Media

Using the vSphere Datastore Browser

Using Secure Copy Protocol (SCP) with vSphere

Accessing ESXi Using SSH

Creating a New Virtual Machine with a Fresh OS Install

vSphere 5 EFI Firmware Option



1. Fresh OS install

2. Download and deploy (import) a virtual appliance

3. P2V conversion




• http://www.vmware.com/appliances

• Thousands of VMs available

• Some are unlimited free use

where others are limited trials

• Once downloaded, simply

deploy them in the vSphere

Client




• vSphere 5 supports more guest OSs than any other virtualization product

• Best resource for learning guest OS “gotchas” is the VMware Guest OS Install Guide found at http://www.vmware.com/pdf/GuestOS_guide.pdf

• Another excellent tool is the vSphere 5 Virtual Machine Administration Guide


http://www.vmware.com/appliances

http://www.vmware.com/appliances

http://www.vmware.com/pdf/GuestOS_guide.pdf



a

a

a

a

a



• A VM has a virtual BIOS, just like a physical server has a real BIOS on the motherboard

• Telling the BIOS to boot a guest OS Install CD/DVD can be tricky

• To enter the Phoenix BIOS press F2 before the guest OS begins booting

• To boot an a CD/DVD, press ESC for the boot menu

• In the BIOS you can set the boot order (CD then HD)

• Note: while we typically call this “BIOS”, VMware calls it “firmware” and you can select between the standard BIOS and the new EFI firmware option




• You can create an ISO with most CD/DVD authoring applications

• For a quick and easy ISO authoring app, I recommend:

– LC ISO Creator http://www.lucersoft.com/freeware.php

– FREE ISO Recorder (XP and Vista/7 versions)

http://isorecorder.alexfeinman.com/W7.htm




• Important to have an ISO library of commonly used OS and App CD/DVD media

• Benefits:

–No media to worry about

–No physical access to servers

–No slow network transfers or mounts

• Store this on your SAN so that all ESXi hosts can access it


http://www.lucersoft.com/freeware.php

http://isorecorder.alexfeinman.com/W7.htm



• Datastore browser allows you to access files that the ESXi server can see in the VMFS

• Access the datastore browser via:

–Web browser directly to the ESXi server

– vSphere Client




• ESXi doesn’t support FTP

• You can use SCP to copy files to and from an ESXi server

• There are lots of free SCP tools available on the web

• I am a fan of Veeam’s free FastSCP




• ESXi doesn’t support telnet (it uses clear text authentication)

• Enabling remote tech support mode on the ESXi server enables a SSH server

• From there, you can access the ESXi server via SSH with a SSH client like PuTTY

• This will give you access to manipulate files in the VMFS datastores




• Creating a new VM is easy but keep in mind the consequences of doing so:

–Cost of software license

–Management overhead

–Documentation

–Training of junior administrators and support staff

–Backups must be performed

–3rd party software licenses based on # of servers

Creating a New Virtual Machine with a Fresh OS



• To create a new VM, you need to know:

–Name of the VM (recommend a standard)

–Server and datastore to place the VM in

–Operating system (32 or 64-bit)

–Number of vCPUs

–RAM

–Disk size and type

• You need to have the ISO file available in:

– Local VMFS datastore on the server or SAN

–Physical media on the server

–Client device – ISO file on your local computer or a network share

Creating a New Virtual Machine with a Fresh OS



• With vSphere 5, you can choose from traditional BIOS firmware or new EFI firmware

• New EFI firmware doesn’t:

–Work with Windows

–Work with any kind of network boot

• New EFI firmware does:

–Allow you to use Mac OSX (on a ESXi host running on an Apple platform)

–Offers built in drivers for HW and a shell

• Note that, also new in vSphere 5, ESXi servers can be booted on systems that are using the EFI firmware, allowing ESXi servers to be booted from hard drives, CD drives, and USB devices




What We Covered










Creating a New Virtual Machine with a Fresh OS Install



Installing and Configuring

VMware Tools


Installing and Configuring VMware Tools

In This Lesson:

Why You Need VMware Tools

Installing VMware Tools in Windows

Configuring VMware Tools with VMware Toolbox

Installing VMware Tools in Linux

Searching and Sorting to Check VMware Status

Updating VMware Tools



• VMware Tools are a set of drivers installed in each VM Guest OS

• VMware’s documentation says:

“Installing VMware Tools in the guest operating system is vital. Although the guest operating system can run without VMware Tools, you lose important functionality and convenience.”

• To the novice, VMware Tools appear as a simple application

• The VMware Tools service/daemon

–Windows – VMwareService.exe

– Linux and Solaris – vmware-guestd




• VMware Tools provides:

–Time sync between host and guest

–Windows – controls grabbing/releasing mouse

–Contains the following drivers:

• SVGA

• vmxnet network driver for some guest OSs

• BusLogic SCSI for some guests

• Memory control driver for efficient memory allocation between VMs

• Sync driver to quiescence IO for backup

• VMware mouse driver




• VMware Tools provides:

–VMware Tools Control Panel – modifies settings, shrinks virtual disks, and connects/disconnects virtual devices

–Scripts – can run when the power state of the VM changes if you configure them

–VMware User Process – enables copy and paste of text between guest and host

• Windows – VMwareUser.exe

• Linux/Solaris – vmware-user

–VMware Tools Installers – ISO images, installed when ESXi is installed

–Without VMware Tools the guest shutdown and restart options in the vSphere Client do not work




• Simple and easy…

• Make sure you read the VMware Guest Install Guide for info on your specific Windows OS

Installing the VMware Tools in Windows



• USE SUPPORTED LINUX GUEST OS

• Use the RPM or TAR installer

–RPM is preferred

– For TAR file, run vmware-install.pl

• Run vmware-config-tools.pl located in /usr/bin.

• Tools are installed in /usr/lib/vmware-tools

• Configuration files are in /etc/vmware-tools

• Executables are in /usr/bin

• To start the VMware Tools Toolbox, run vmware-toolbox

Installing the VMware Tools in Linux





What We Covered


Installing VMware Tools in Windows

Configuring VMware Tools with VMware Toolbox

Installing VMware Tools in Linux




Understanding and Using Tasks,

Events, and Alarms


Understanding and Using Tasks, Events, and Alarms

In This Lesson:

Understanding Tasks and Events

Configuring SNMP and SMTP Email in vCenter

Alerting You with vCenter Alarms



• Tasks are initiated by you (or in some cases by “system”)

• Events record Tasks and events that occur on the system

–Alarm condition reached

–Datastore out of space, etc

• Tasks and Events are available at just about every level of the inventory and on every type of object

• You can filter and sort Tasks and Events

• You can export Events

• Checkout the “Events Home”

• You can create Scheduled Tasks




• Different types of SNMP in vSphere:

–Outbound traps

– Inbound statistics gathering

• Here, we are talking about sending outbound traps to a network mgmt station

• Like SNMP, SMTP is used as an alarm trigger

• vCenter does the sending, not the ESXi Server

• Very simple SMTP configuration in vCenter

• vCenter offers only the configuration of the SMTP server and username




• Alarms can alert you or take action on one of hundreds of potential conditions in the VI

• You could:

–Receive SNMP trap

–Receive SMTP Email

–Start/Stop a VM

–Execute a script

–And more

• You can also configure alarms based on Thin Provisioning and the vNetwork Distributed Switch (vDS)!




What We Covered





Virtual Storage 101 and

Storage Terminology


Virtual Storage 101 and Storage Terminology

In This Lesson:

Storage 101 – Virtual Disks and VMFS

Data Transfer

Comparing Storage Technologies

Storage Area Network (SAN) 101

Fiber Channel SAN Components

Addressing FC SAN LUNs

Understanding iSCSI Storage

Why You Need a SAN

Storage Terms You Must Know

What is in a Datastore?

ESXi Server Storage Options

VMFS Specs and Maximums



• “vSphere provides host-level storage virtualization, which logically abstracts the physical storage layer from virtual machines.” – VMware FC Documentation

• VM’s not aware

• VM uses virtual disks

• VDs can be managed easier

• VMs use virtual SCSI controllers to see VD




• Each VM, through the SCSI controller, can access VMFS datastore, NFS datastore, or raw disk (RDM)

• VMFS is the VMware File System, a specialized virtualization clustered FS – providing distributed locking

• VM’s VDs are stored in VMFS datastores

• VMFS could be local, iSCSI, or FC

• Centralized Storage is required for advanced features of vSphere like vMotion, VMHA, FT, and DRS

• Most of the time, that centralized storage is a SAN



Graphic thanks to VMware.com



• Block Level Transfer

–Presentation of storage that can be formatted and managed as local drive

– For example, a Windows host that has been presented a unit of storage from a storage area network identifies the storage as if it were a local disk and the host is permitted to format the disk

• File Level Transfer

–Presentation of storage that has been formatted and is managed from the host presenting the storage

– For example, a Windows host with a mapped drive to a shared directory does not have the ability to format the associated drive letter allocation

Data Transfer

Data Transfer

iSCSI NFS Fiber Channel


Type Communication Data

Transfer Performance

Rating Cost

NAS SMB/NFS over TCP/IP via

standard NIC (1Gbps or 10Gbs)

File level Low to High Low $

iSCSI SCSI over TCP/IP via

standard NIC or iSCSI HBA (1Gbps or 10Gbps)

Block level Medium to

High Medium

$$

Fibre Channel

SCSI over Fibre Channel via Fibre Channel HBA (2, 4 or 8 Gbps)

Block level High High $$$



• SAN could be iSCSI or Fiber Channel (FC)

• FC SAN packages SCSI commands into FC frames

• Servers connect to the SAN using HBA

• HBA connect to FC switch “Fabric”

• FC switch connects to Storage Processor (SP)

• Zones configured in the FC switch define what HBA can connect to what SP and what LUN

• ESXi fully support SAN multipathing



ESXi Host

FC Host Bus Adapter (HBA)

FC Switch “Fabric”

Storage Processor

Logical Unit Numbers (LUNs)

FC Cables



• ESXi natively supports Fiber Channel HBAs made by QLOGIC, EMULEX, Brocade, Intel and others

• Refer to the I/O Compatibility guide on the VMware Web site for model numbers: www.vmware.com/go/hcl

Fiber Channel HBAs



Fiber Channel Connectivity

ESXi with 2 Single Port HBAs

FC Switched Fabric

Storage Device with 2

Dual Port Storage

Processors

Storage Device with 2 Single Port Storage Processors

ESXi with 2 Dual Port HBAs



• FC SAN LUNs are addressed using a four-part name in the form of: vmhba#:storage_processor#:LUN#:Partition#

• There can be multiple paths to a LUN with redundant hardware configurations


SP0

LUN8

FC Storage device with 2 single port SPs.

LUN9

ESXi Host with two single port HBAs.

vmhba1

vmhba2 SP1

vmhba1:0:8:1 vmhba1:0:9:1

vmhba2:1:8:1 vmhba2:1:9:1




• Zoning is the process of allowing ESXi hosts to communicate with a storage device through the Fiber Channel switched fabric

• Zoning is performed from the management interface of the FC switch

Zoning

WWN: 210000E08B8E5C9A

WWN:500601603022C194

Zone Name: SILO101a_CX3-80a Zone Members: 210000E08B8E5C9A 500601603022C194



Zoning Sample

WWNs included in this zone

WWNs of discovered nodes Names of existing zones.



• Fiber Channel storage devices house physical hard drives that make up RAID groups from which Logical Unit Numbers, or LUNs, are carved

• A LUN is a logical allocation of storage space carved from a set of underlying physical drives that make up a RAID group

• A relationship between the ESXi hosts and LUNs is created through storage groups

Managing FC Storage



Sample SAN Management

RAID Groups are collections of physical disks from which LUNs are carved

Storage groups (host groups) create relationships between hosts and LUNs



• iSCSI (Internet SCSI) is sending SCSI disk commands and data over a TCP/IP network

• Why use it?

– Low cost

– Use existing hardware – Ethernet NIC, switch, and OS features

– Supports almost all vSphere features

• Downside – performance? reliability?

• iSCSI terms:

– iSCSI hardware initiator – a special iSCSI NIC card

– iSCSI software initiator – use your own NIC card and OS iSCSI software

– iSCSI Target – the server running iSCSI




• iSCSI uses IQN (iSCSI qualified name) to identify iSCSI Targets and Initiators

• It is laid out in this format:

– date in year-month format

– reversed domain

– a unique org assigned name (ie: hostname)

– For example:

2007-01.com.wiredbraincoffee:iscsi1




• Justification for a SAN with vSphere:

– Maintenance with zero downtime

– Load balancing with vMotion and svMotion

– Storage consolidation and central management

– Disaster recovery

– Simple array migrations and storage upgrades

– Use of advanced features like

• HA

• FT

• DRS

• DPM

Why You Need a SAN



• Datastore

– VMware file system / logical volume

– Can be NFS or VMFS and can be located on any supported storage

– Where your VMs are stored

• Disk partition – an area on a disk set aside for a datastore

• Extent – a disk area that can be added to a datastore

• Fibre Channel (FC) – high speed storage technology with FC HBA, FC switch, FC SP, and disk

• Internet SCSI (iSCSI) – SCSI over TCPIP, server is initiator and storage is the target

• LUN (logical unit number) – an address used to identify a SCSI disk




• Multipathing / Failover – allows you to use more than 1 path, offers failover and redundancy

• NAS (Network Attached Storage) – networked disk storage, ESXi uses NFS on NAS

• NFS (Network File System) – a file sharing protocol used with ESXi server (and Unix/Linux)

• Raw Device Mapping (RDM) – a special type of storage disk where ESXi controls disk access

• Spanned Volume – a dynamic volume spread across number of extents

• Volume

– A disk volume

– A logical storage unit




• Virtual disk

• Virtual memory

• VM configuration file

• Log files

• Core dumps

• Anything you add, like an ISO file




• Local Disk with VMFS Datastore

• SAN

– iSCSI Software

– iSCSI Hardware

– Fiber Channel (FC)

• NAS

– NFS

• VSA – vSphere Storage Appliance

• Checkout the vSphere SAN and I/O Compatibility Guide: www.vmware.com/go/hcl




• Optimized for storing VMs and high performance

• Cluster file system – multiple ESXi hosts

• Not a lot of features when compared to NTFS or other FS

• VMFS-5 is the latest VMFS version

• You should have only one VMFS volume per LUN

• Max disk size for a VM is 64TB

• Best practice is to format LUNs with 8MB Block size





What We Covered


Data Transfer






Why You Need a SAN






vSphere Storage Appliance (VSA)



In This Lesson:

vSphere Storage Appliance Overview

What Makes VSA Unique

VSA Cluster Design Options

VSA SAN Maintenance Mode

VSA Installation Gotchas



• vSphere Storage Appliance = VSA

• VSAs are commonly known as “Virtual Storage Appliances”

• VSA is new with vSphere 5 and it allows you to create a storage area network (SAN) using the local storage across ESXi servers

• Shared storage (a SAN/NAS) it required to implement many of VMware’s core features like vMotion, VMHA, and DRS

• Due to the cost barrier, many companies have been unable to implement these features

• The new VSA will allow all customers to affordably implement a SAN and, thus, implement advanced vSphere features








• VSA is not included with any version of vSphere

• Cost details:

–$5995 per instance (up to 3 nodes)

–Or vSphere Essentials Plus with the VSA $7995 (which is 40% off)

• Note: your pricing may vary (try to negotiate)

• Consider the alternatives and what makes VSA so beneficial before you dismiss it and go with a low-end hardware SAN

• Capex savings = no hardware SAN to buy

• Opex savings = no dedicated SAN administration needed




• A SAN that requires no additional hardware

• A software-based SAN, from VMware, that is fully supported for use with advanced vSphere features

• Fully redundant (unlike a standalone SAN)

• Easy to install (unlike…)

• Bringing highly available SAN features and advanced vSphere features to EVERYONE





• VSA provides NFS-based storage

• Each ESXi server has a special VSA VM on it

• 1:1 relationship between vCenter and VSA (and must be on the same subnet)

• ESXi servers should be fresh installs (vanilla configuration)

• VSA SANs are either 2 nodes plus vCenter or 3 nodes

• vCenter must not be running as a VM on the ESXi hosts in the cluster

• Multiple NICs are highly recommended for redundancy


vCenter Server

Manage

VSA Manager

VSA Cluster Service

VSA

Datastore 2

VSA

Datastore 1

Volume 1

(Replica) Volume 2

VSA cluster with 2 members

Volume 1 Volume 2

(Replica)


vCenter Server

Manage

VSA Manager

Volume 1 Volume 3

(Replica)

Volume 2

(Replica) Volume 3

Volume 1

(Replica) Volume 2

VSA

Datastore 2 VSA

Datastore 3

VSA

Datastore 1

VSA cluster with 3 members




• VSA SAN maintenance mode options are:

–Entire VSA cluster

–Single VSA node

• If a node is taken out of the cluster, changed blocks are tracked until the node is added again

• If a new node is added, a full sync is done




• Requirements to install VSA are quite particular:

–No VMs on the ESXi servers (including vCenter)

–You can have only 1 datastore on the server and it must be a local disk (no SAN connections)

–Only a short list of physical servers are “supported” (but it should still run)

–ESXi servers must have “the same hardware configuration”

–6GB of RAM minimum per server

–A RAID controller that supports RAID 10

• Please check the VSA installation requirements prior to install




What We Covered



VSA Cluster Design Options




Creating a Free iSCSI SAN with OpenFiler



In This Lesson:

Why Use OpenFiler?

Downloading OpenFiler

Installing OpenFiler

Configuring OpenFiler as an iSCSI SAN

Connecting vSphere to the OpenFiler iSCSI SAN



• You need a SAN to perform advanced vSphere functions like:

– vMotion

– svMotion

– VMHA

– FT

– DRS

– DPM

• SAN is the best way to manage storage

• Recommend a dedicated server

• Recommend OpenFiler for testing and developing

Why Use OpenFiler?



• Available in 32-bit and 64-bit ISO installer

• Alternatively, you can download OpenFiler as a pre-built VMware virtual appliance with no installation

• Download it from www.openfiler.com


http://www.openfiler.com/



• Configure static IP address and DNS entry to it

• Connect to it at:

https://<hostname>:446

• Default username

and password are:

– openfiler

– password

* change default pass!

(note: root account

also works)




• If using in a VM, create a second VMDK before boot

• Configure NTP

• Create partition and volume

• Verify the IQN

• Create filesystem and select iSCSI

• Allow local network

• Enable iSCSI




To configure a new ESXi Server to use iSCSI:

• Add a software iSCSI adaptor

• Configure the new iSCSI adaptor to:

– Use dynamic discovery

– Enter the IP or hostname of the OpenFiler server (add CHAP credentials if necessary)

– Perform a rescan

• If it’s the first connection to the iSCSI SAN, use Add Storage to create a VMFS datastore on the new iSCSI SAN




What We Covered

Why Use OpenFiler?






Administering VMware ESXi Server Security



In This Lesson:

Basics of vSphere Security

Default vSphere Security Roles

Adding, Modifying, and Removing ESXi Users and Groups

Using Windows AD Users and Groups to Secure vSphere

Defining and Applying Roles and Permissions

vShield Overview

Securing Guest Virtual Machines



• ESXi server has local Linux-like accounts

• vCenter, installed on Windows, uses Windows Active Directory (AD) accounts

• vCenter, as a Linux appliance, can be configured to use Windows AD accounts

• Recommend using Windows AD users and groups to define permissions to VC objects

• All vSphere Client communications are encrypted

• VLANs can be used to segment service console traffic




• Users and groups are assigned roles

• Roles are assigned to objects in the vSphere infrastructure

• Combining user/group with a role is what created a permission

• By default only root can login to ESXi and Win AD Admins on vCenter server can login to vSphere Client

–Assuming vCenter is installed in Windows

• It is not possible to run vCenter for Windows on a Windows AD domain controller

• Permissions take effect immediately, no need to log out and back in

• Permissions are inherited in a hierarchical manor, just like alarms

• Remember the PoLP!




• No access

• Read-only

• Administrator

• VM power user (sample)

• VM user (sample)

• Resource pool admin (sample)

• VCB user (sample)

• Datastore consumer (sample)

• Network consumer (sample)




• Adding, modifying, and removing ESXi users and groups

• Using Windows AD users and groups to secure vSphere

• Defining and applying roles and permissions on different levels of the vSphere infrastructure

Tasks to Perform…



• vShield Zones

• vShield App

• vShield App with Data Security

• vShield Edge

• vShield Endpoint

• vShield Manager

• vShield Bundle

vShield Overview





• Treat security of guest VM as you would any other mission critical server

• Install AV

• Keep patches up to date

• Limit login, especially administrator/root

• Limit software install

• Properly secure vSC Client, Web, and SSH access

• Keep vSphere / ESXi patches up to date (use VMware Update Manager – VUM)




What We Covered



Adding, Modifying, and Removing ESXi Users and Groups

Using Windows AD Users and Groups to Secure vSphere

Defining and Applying Roles and Permissions

vShield Overview



vSphere Virtual Networking



In This Lesson:

Virtual Networking

Network Adapters

Virtual Standard Switches (vSS)

vSS Functionality

Similarities Between pSwitch and vSS

Differences Between pSwitch and vSwitch

Types of vSwitches

Virtual Switch Ports

What is a VLAN?

MAC Address Changes

Forged Transmits



• The virtual networking features of ESXi are the cornerstone of building an IP network for virtual machines that integrates seamlessly with the existing physical server environment

Virtual Networking



• The network adapters available for use in the virtual networking architecture can be identified from the Configuration | Network Adapters page

• ESXi host performs a discovery to identify network IP addresses. This facilitates understanding which networks an adapter is connected to. Note the IP range can be inaccurate if no addresses are found

Network Adapters



• vSS are logical objects that reside in the vmkernel of each ESXi host

• Each virtual NIC connected to a virtual switch will have its own MAC address

• vSS can be bound to one or more physical network adapters




• Each virtual standard switch can contain one or more connection types or port groups that define the types of communication expected through the virtual switch

• vSS operate at Layer 2 and can provide VLAN tagging, security, checksums, and segmentation offload units

vSS Functionality



• Virtual standard switches are similar to physical switches in that both:

–Maintain MAC address tables

– Look up each frame’s destination MAC upon arrival

– Forward frames to one or more ports

–Avoid unnecessary deliveries




• Virtual switches are different from physical switches in that:

–Virtual standard switches cannot be connected to other virtual switches the way physical switches can be

–Virtual standard switches do not require Spanning Tree Protocol

–Virtual standard switch isolation prevents loops in the switching configuration

– Forwarding table data is unique to each virtual




• Internal only

–Used for communication of two virtual machines on the same ESXi host

• Single adapter

–A virtual switch bound to a single physical adapter used for communication with resources on the physical network

• NIC team

– a virtual switch bound to 2 or more physical adapters used to provide redundancy and bandwidth aggregation for communication with resources on the physical network

Types of vSwitches

VMkernel

VMkernel

VMkernel



• Virtual switches are made up of one more port groups or connection types that dictate the type of traffic supported by the virtual switch

• The uplink ports of a virtual switch are the ports that are associated with a physical network adapter

• The two port group or connection types are:

–Virtual machine

–VMkernel

• vMotion

• Fault Tolerance Logging

• Management traffic


VMkernel



• The Management network connection type allows a virtual switch to pass communication to and from the ESXi management network

• An IP address must be assigned to the Management network

Management Network Connection

VMkernel

Management network



• A Management network port labeled as vmk0 is added to vSwitch0 during the installation of ESXi

• Subsequent Management network ports will enumerate as:

– vmk1

– vmk2, etc.

• Multiple Management network ports creates redundancy through multiple points of entry at each IP address

• Building a Management network port into a virtual switch with multiple uplinks provides redundancy with a single IP address configuration

Management Network Configuration



• A virtual machine port group provides associated virtual machines with access to other systems on physical networks by providing a switch-to-switch connection between the virtual switch and physical switch

Virtual Machine Port Group

VMkernel



Virtual Machine Cov

VMkernel

Production LAN

Communication between physical and virtual machines.



• A VLAN is a logical configuration of a network on switch port to segment IP traffic

What is a VLAN?



• Using VLANs reduces hardware needs by allowing a switch to segment IP traffic into multiple IP subnets on a port by port configuration

VLANs

192.168.100.0/24

172.16.100.0/24

10.100.100.0/24



• VLANs allow IP subnets to extend beyond the distance limitations of the physical medium

• A trunk port is a port that has knowledge of all VLANs configured

• In the example here, the port that connects each switch to the nearest route is configured as a trunk port

VLANs Across Geographies

192.168.100.0/24 172.16.100.0/24 10.100.100.0/24

192.168.100.0/24 172.16.100.0/24 10.100.100.0/24

192.168.100.0/24 172.16.100.0/24 10.100.100.0/24



• Virtual switches in ESXi provide support for the 802.1q VLAN tagging standard to allow virtual machines to be seen as part of VLANs configured on physical switches

• In the example, the Red VLAN and Orange VLAN both contain physical and VMs that operate in their own independent broadcast domains

VLANs – Virtual to Physical



VLANs – Virtual to Physical

VMkernel

Physical switch port connected to uplink NIC is a trunk port



• A virtual switch can have multiple VLANs configured by creating multiple port groups that have been assigned VLAN IDs to correspond to the VLAN IDs configured on the physical switches

• vSwitch2, shown below, is configured with two virtual machine port groups named RedVLAN and OrangeVLAN with respective VLAN IDs of 100 and 101

vSwitch VLANs



• This setting denies incoming traffic to a VM when the MAC address defined in the configuration file (.VMX) does not match the MAC address inside the guest operating system

MAC Address Changes

ethernet0.addressType = "generated" uuid.location = "56 4d 13 99 c9 e1 d9 41-e3 e7 c0 c1 b1 a6 2f 42" uuid.bios = "56 4d e4 66 62 74 85 7a-83 9c f9 da d5 ethernet0.generatedAddress = "00:50:56:ac:b3:5a" ethernet0.generatedAddressOffset = "0"

Don’t match. Don’t ACCEPT.



• This setting denies outgoing traffic from a VM when the MAC address defined in the configuration file (.VMX) does not match the MAC address inside the guest operating system

Forged Transmits

ethernet0.addressType = "generated" uuid.location = "56 4d 13 99 c9 e1 d9 41-e3 e7 c0 c1 b1 a6 2f 42" uuid.bios = "56 4d e4 66 62 74 85 7a-83 9c f9 da d5 .ethernet0.generatedAddress = "00:50:56:ac:b3:5a" ethernet0.generatedAddressOffset = "0"

Don’t match. Don’t SEND.



What We Covered

Virtual Networking

Network Adapters


vSS Functionality



Types of vSwitches


What is a VLAN?

MAC Address Changes

Forged Transmits


Using the vSphere Distributed Virtual Switch (dvswitch)



In This Lesson:

vSphere Distributed Switch

Private VLANs – pVLANs

Networking Policies

Configuration Tasks



• Creates a centralized Virtual Switch that multiple ESXi hosts can subscribe to

• Reduces networking configuration and changes

• Allows you to centrally manage networking for VMs across multiple ESXi hosts

• Consistent network configuration and stats as VMs are migrated using vMotion

• dvPort groups similar to standard vSwitch port groups but on the vDS level

• Increased capabilities – security, traffic control, VLAN, and more

• Ability to add 3rd party switch – Nexus 1000V




• Primary

–Original VLAN that can be subdivided into multiple secondary pVLANs

• Secondary

–They exist only inside the primary

–Each secondary pVLAN has a VLAN ID

– It associates each packets with an ID that the physical switch can use to identify the mode (Promiscuous, Isolated, or Community)




• Promiscuous

–May send and receive packets to any secondary pVLAN

–Typically routers are attached to promiscuous ports

• Isolated

–May only send and receive packets from the promiscuous pVLAN

• Community

–May send andreceive packets between any secondary pVLAN and also with the promiscuous pVLAN

pVLANs Secondary Mode Nodes



Private VLANs



• VLAN (vDS only)

–Allows virtual networks to join physical VLANs

• Port blocking (vDS only)

–Sets blocking policies on dvPorts

• Load balancing

• Security

• Traffic shaping

Networking Policies



• Create a new dvswitch

• Add hosts and vmnics to dvswitch

• Create a dvPort group

• Migrate legacy vSwitches and VM networks to dvswitch

• Migrate VMKernel virtual adapters to dvswitch

• View dvswitch

–Mapping

–Advanced configuration

–Alarms

Configuration Tasks



What We Covered



Networking Policies

Configuration Tasks


Moving Virtual Machines with vMotion



In This Lesson:

Why You Need vMotion

vMotion Requirements

vMotioning Virtual Machines



• The most incredible feature of vSphere

• vMotion is used to move RUNNING virtual machines off of one ESXi server to another ESXi server

• VMs disk files stay where they are (on shared storage)



Uses for vMotion: • Balance the load on ESXi Servers (DRS) • Save power by shutting down ESXi

using DPM • Perform patching and maintenance on

an ESXi server • Update Manager • HW maintenance




• vSphere Essentials Plus, Standard, Enterprise, or Enterprise Plus

• Shared storage between ESXi servers – iSCSI, FC, or NFS

• VMkernel interface on both ESXi servers with vMotion enabled

• Works with standard switches or dvSwitches (should keep the same network name)

• CPU compatibility, or family compatibility if using Enhanced vMotion Compatibility (EVC) on your cluster







What We Covered





Moving Virtual Storage with svMotion



In This Lesson:

What is svMotion?

svMotion Requirements

svMotion and Thin Provisioning

Using svMotion

Migrating VMs with Snapshots – New in vSphere 5



• Move the storage of RUNNING virtual machines from one datastore to another datastore

• The running VM stays on the server that it is on

• The memory for that VM never moves

What is svMotion?

What is svMotion? Uses for svMotion:

• Balance the datastore utilization • Space • Performance

• Perform SAN maintenance or swap out




• vSphere Enterprise or Enterprise Plus is required

• Moving a powered on VM with snapshots is not supported

• Note that to use the option to “change both host and datastore”, the VM must be powered off

• Moving a large VMDK can take a long time, depending on your network connection




• When you migrate storage you have the option to change from

–Thin to thick

–Thick to thin

• Why would you want to change to a thick virtual disk from a thin virtual disk?

• Answer: Fault Tolerance (FT)




Using svMotion



• With ESXi 5 / vSphere 5, you can now perform a svMotion on a VM that has snapshots

Let me show you how…

Migrating VMs with Snapshots- New in vSphere 5



What We Covered

What is svMotion?



Using svMotion

Migrating VMs with Snapshots – New in vSphere 5


Performance Optimization with

Distributed Resource Scheduler (DRS)


Performance Optimization with DRS

In This Lesson:

Introduction to Distributed Resource Scheduler (DRS)

DRS Requirements

Creating a DRS Enabled Cluster

DRS/HA Cluster Settings

Understanding Resource Pools

Creating Resource Pools in Your DRS Cluster



• The number of VMs grows

• The utilization of those VMs grows

• All this grows disproportionally

• It constantly expands and contracts throughout the day, week, or month

• Over time, how are you going to balancing this constantly fluctuating load?




• Distributed resource scheduler is commonly known as DRS

• It doesn’t stand for “dynamic” resource scheduler

• DRS understands the resources of the virtual infrastructure

–CPU

–Memory

–Power

–Storage

• DRS ensures that a VM gets the resources it needs

• DRS does not try to achieve load balancing





• Hosts and Clusters provide the resources

• The VMs consume the resources

• Goals of DRS:

–Prevent one VM from monopolizing all resources

–Guarantee service levels

–Offer most efficient use of server hardware

–Make your life as a VMware admin easier




• DRS is enabled on a cluster

• Automation levels are:

–Manual – suggestions

–Partially automated – auto place on power on and suggestions

– Fully automated – you set the migration threshold

• You can create migration rules to keep VMs together or apart

• DRS can auto-place new VMs in the cluster




• vSphere Enterprise or Enterprise Plus

• Shared storage between hosts

• All VMs in the cluster must be on that shared storage

• DRS will use VMotion so it needs to work between hosts

• Beware of CPU compatibility issues and if so, consider Enhanced VMotion Compatibility (EVC)

• Checkout the DRS tab and Resource Allocation tab on the cluster as well as the cluster properties

DRS Requirements



• Different ways to reserve resources:

–Reservation – reserve a certain amount of CPU or memory

– Limit – set an “upper bound” of resources to this VM

–Assign shares – give shares of CPU or memory resources

• Shares set the priority of CPU and RAM for a VM

–Set as high, normal, and low with 4:2:1 ratio

–Or, you can set a custom weight

• You can also set share values and IOPS per VM

–These will be used with SIOC and SDRS (see other lessons on those topics)


Additional Resources



What We Covered


DRS Requirements

Creating a DRS Enabled Cluster

DRS/HA Cluster Settings


Creating Resource Pools in Your DRS Cluster


Implementing High Availability with

VMware HA (VMHA)


Implementing High Availability with VMware HA

In This Lesson:

Why Do You Need High Availability (HA)?

VMHA Saving the Day

VMHA Master / Slave

Requirements for VMHA

Best Practices for VMHA



• Quickly bring back up critical business applications in the event of an ESXi server failure

• Decrease downtime and improve availability

• Examples of business critical applications:

–Exchange / email

–SQL server / database

–Corporate file server and intranet / web




• Let’s say that you have an ESXi server hardware failure (bad CPU or disconnected network cable)

• Or, you could have an ESXi server software OS crash (unlikely)

• VMHA powers all VMs running on that server on other servers in the VMHA cluster and apps are up in the time it takes guest OS to boot

• VMHA monitors not only ESXi host failures but also guest OS failures

• Uniform HA protection for all VM guests and all applications, no matter the OS or app

• Smart failover to best ESXi host (requires DRS)

• Supports up to 32 ESXi servers in a cluster

• Enhanced isolation response

VMHA Saving the Day



• 1 Master host per cluster known as the Fault Domain Manager Master (FDMS)

• FDMS host is determined via an election process

• FDMS host with the most mounted datastore has better election chances

• VMHA check for host failure using the management network and via datastore heartbeat

• FDMS host

–Monitors the state of slave hosts

–Monitors the state of all protected VMs

–Manages the lists of cluster hosts and protected VMs

• FDMS is vCenter’s management interface into the cluster’s health state

VMHA Master / Slave



• Shared storage for VMs running in HA cluster

• All hosts should have access to all VM networks

• Can use DRS with VMHA or just VMHA only

• All hosts must be licensed for VMware HA

• Create a VMHA enabled cluster

• All hosts must have a static IP address

• At least two hosts in the cluster

• At least one management network, best practice says two




• Keep an eye on cluster validity

• Recommend you disable host monitoring as you make changes to your network or dvSwitches

• All networks and VMs on HA clusters must have compatible networks

• By default network isolation IP is the default gateway but you can configure others

• das.isolationaddressX where X can be a value between 1-10

• Use network redundancy between ESXi servers




• Configure redundant network paths:

–ESX – secondary SC port

–ESXi – secondary VMKernel port

• Configure the restart priority for VMs based on your most critical applications

• Configure isolation response IP info

• Configure VM Monitoring in HA cluster settings to have VMware monitor the guest OS

• Configure alarms to alert you on cluster changes




What We Covered


VMHA Saving the Day

VMHA Master / Slave




Super High Availability with VMware

Fault Tolerance (FT)


Super High Availability with VMware Fault Tolerance (FT)

In This Lesson:

Introduction to VMware Fault Tolerance (FT)

Requirements of FT

Constraints of FT

Testing to See If You Can Use FT with VMware Site Survey

Enabling VMware FT

Testing Failover with a Virtual Machine Using FT



• FT provides continuous availability for a VM

–Zero downtime

• Takes VMHA to the next level

• Works for all applications and 99% of guests operating systems

• Does this by creating a “live shadow” copy of the running VM then keeping them in “lockstep” using VMware’s vLockstep

• If an ESXi server fails, the shadow will take over and a new shadow will be created in the cluster on another ESX server




• Primary VM is called the “Primary” and the copied/lockstep VM is the “secondary”

• The virtual disk for the VM is on shared storage and never moves

• “Continuous VMotion”





• CPUs on all FT ESXi servers must match and be from a specific list of processors (see KB)

• Hardware virtualization enabled in the BIOS

• Recommended minimum # of 1GB NICs = 3

• One NIC on each server must be enabled for FT logging and vMotion

• ESXi servers must be running same build

• VMs on shared SAN, accessible by servers

• Must be enabled in a HA cluster

• vSphere Enterprise or Enterprise Plus

Requirements of FT



• Single vCPU in each VM only (no SMP)

• Requires specific hardware

• Recommended minimum of 4 VMs running FT on an ESX server

• “Line of site” between ESXi servers due to latency

• Only thick disk is supported

• Snapshots are not allowed (includes via VADP backup products)

• Cannot invoke a svMotion on a VM with FT enabled

• Linked clones are not allowed on a VM with FT enabled

• Some guests not supported and some guests require shutdown to enable

Constraints of FT



• Checkout Eric Sloof’s (www.ntpro.nl) FT Checklist…

• Site Survey saves time by automating this check

• Run Site Survey on your cluster to see if you can use FT


Image Thanks to www.LandSoCAL.com

• Once requirements have been met, enabling FT is easy

– Right-click on a VM

– Go to Fault Tolerance

– Click Turn On Fault Tolerance

Enabling VMware FT

http://www.ntpro.nl/



What We Covered


Requirements of FT

Constraints of FT


Enabling VMware FT

Testing Failover with a Virtual Machine Using FT


Upgrading from VMware vSphere 4 to vSphere 5



In This Lesson:

Upgrade Steps

Upgrade to vCenter 5

Update Manager Upgrade

ESX/ESXi Upgrade

VM Upgrade



• Verify that your ESX/ESXi servers will run vSphere 5

• Verify that your licenses will upgrade to the level of vSphere that you require

–Beware of vRAM

• Plan, plan, and plan some more

• Review the upgrade guide – which scenario are you?

Upgrade Prerequisites



1. Run vCenter Host Agent Pre-Upgrade Checker

2. Upgrade vCenter Server

3. Upgrade vSphere Client

4. Upgrade your licensing

5. Upgrade Update Manager

6. Upgrade ESX/ESXi hosts

7. Upgrade VM Tools and VM Hardware

8. Upgrade datastores to VMFS-5

Upgrade Steps



Requires VC downtime

No production down time

Database Schema will be upgraded

Upgrade to different vCenter server

Backup database

ODBC credentials

Uninstall UM and converter extensions

vSphere compatibility matrixes




Backup database

ODBC credentials

Uninstall UM client extensions




Requires host downtime

Host in Maintenance Mode

Host Upgrade Utility (GUI)

15 – 25 minutes for upgrade

ESX/ESXi Upgrade



Requires VM downtime

VMware Tools upgrade

VM Hardware upgrade to version 8

Automated upgrade via Update Manager

Manual upgrade

VM Upgrade



What We Covered

Upgrade Steps



ESX/ESXi Upgrade

VM Upgrade


vSphere Command Line Interface (CLI) Options



In This Lesson:

Administering vSphere Using the CLI

Four vSphere CLI Options

Using ESXi Tech Support Mode

Using esxcfg and esxcli Commands

Getting Started with PowerCLI

Project Onyx

vCLI Basics

Installing and Using vMA



• Faster (once you get used to it)

• Scripting for frequent tasks or mass changes (aka “automation”)

• Integration with other products

• Because it’s cool




1. ESXi tech support mode / remote TSM (SSH) – formerly known as the “hidden ESXi console”

2. PowerCLI / PowerShell and Project Onyx

3. vSphere CLI (vCLI) – from Windows

4. vSphere Management Assistant (vMA)

www.VMware.com/go/sysadmintools




• Tech support mode = ESXi console

–Now supported

• Remote tech support mode = remote ESXi console via SSH

–Enable and connect with an SSH client

• Both can be enabled on the ESXi console via DCUI or via the vSphere client


http://www.vmware.com/go/sysadmintools



• Traditional ESXi configuration commands via TSM start with esxcfg-*

• However, esxcfg-* commands have now been “depracated” and you should use esxcli instead

• esxcli is all new in vSphere 5 and can do just about anything!




• PowerCLI is using Microsoft PowerShell with vSphere

• Download the Windows PowerCLI Installer

–Gives you a command line

• Download the free Quest PowerGUI

–Gives you a GUI for PowerCLI as well as pre-created scripts




• A free tool from VMware labs that shows you the PowerCLI commands for the configs you perform, using the vSphere client

• http://labs.vmware.com/flings/onyx

Project Onyx

http://labs.vmware.com/flings/onyx

http://labs.vmware.com/flings/onyx



• vSphere CLI (vCLI) is a Windows application that gives you CLI tools for ESXi / vSphere

• It offers esxcfg and esxcli commands

Now, let’s install it and I’ll show you how it works…

vCLI Basics



• vSphere Management Assistant (vMA)

• A Linux-based virtual appliance that has “the vCLI” already in it

• vMA offers

– esxcfg and esxcli command line administration for ESXi / vSphere

– “fastpass” authentication that allows you to authenticate once and then perform multiple commands

Now, let’s install it and I’ll show you how it works…




What We Covered






Project Onyx

vCLI Basics



vSphere Auto Deploy


vSphere Auto Deploy

In This Lesson:

What is Auto Deploy?

Auto Deploy Components

Auto Deploy First Boot Process

Infrastructure Requirements

Installation and Configuration Tasks

Test and Repair Rules Compliance

Auto Deploy PowerCLI

Setting Up Syslog Server

Setting Dump Collector


vSphere Auto Deploy

• Auto Deploy allows you to quickly provision one or more stateless physical hosts with ESXi. Furthermore, Auto Deploy allows you to match certain criteria in the physical host to rule sets and deploy the appropriate ESXi image that has all the hardware drivers

• Auto Deploy allows you to automatically add ESXi hosts to vCenter and apply host profiles



vSphere Auto Deploy

• Auto Deploy Server

• Rules

–Active Rule Set

–Working Rule Set

• Image Profiles

–Default Image Profiles

–Custom Image Profiles

• Host Profiles

• Answer Files



vSphere Auto Deploy

• Stateless host PXE boots and gets an IP address from DHCP

• DHCP points the host to the TFTP server via option 66

• The host contacts TFTP server and downloads a gPXE configuration file as specified in option 67

• gPXE config file instructs the host to make HTTP boot request to Auto Deploy server

• Auto Deploy queries the rules engine for information about host

• An Image Profile and a Host Profile is attached to the host based on a rule set

• ESXi is installed into host RAM, is added to vCenter and is configured

• vCenter maintains the Image Profile and Host Profile for each host in its database



vSphere Auto Deploy

• DHCP

–Option 66: FQDN or IP address of TFTP Server

–Option 67: undionly.kpxe.vmw-hardwired

• Router Configuration

• PXE

• TFTP



vSphere Auto Deploy

• Install and configure Auto Deploy

• Install TFTP server

• Configure DHCP

• Configure DNS

• Install and configure Dump Collector

• Install and configure Syslog Server



vSphere Auto Deploy

• vCenter 5 setup files

• VMware PowerCLI

• TFTP server (we are using WinAgents TFTP)

• Windows Server 2008 DHCP and DNS

• ESXi 5 offline bundle

• A host capable of running ESXi 5

What You Are Going to Need


vSphere Auto Deploy

• Make changes to a rule:

–Copy-DeployRule -DeployRule Staging1 –ReplaceItem Prod

• Verify host accessibility:

–Get-VMHost -Name esx6.wiredbraincoffee.com

• Test and bind to a value:

–$tr = Test-DeployRuleSetCompliance esx6.wiredbraincoffee.com

• Remediate Host:

–Repair-DeployRuleSetCompliance $tr



vSphere Auto Deploy

• Get-Help cmdlet_name

• Get-Help cmdlet_name –Detailed

• Get-DeployCommand

• New-DeployRule

• Get-DeployRule

• Copy-DeployRule

• Add-DeployRule

• Remove-DeployRule

• Set-DeplyRule

• Get-DeployRuleset



vSphere Auto Deploy

• Switch-ActiveDeployRuleset

• Get-VMHostMatchingRules

• Test-DeployRulesetCompliance

• Repair-DeployRulesetComplaince

• Apply-ESXImageProfile

• Get-VMImhostProfile

• Repair-DeployImageCache

• Get-VMHostAttributes

• Get-Deploymachine Identity

• Set-DeplyMachineIdentity



vSphere Auto Deploy

• Esxcli:

–Esxcli system syslog

• Host Profiles:

–Select the host and go to View | Management | Host Profiles

– For a new profile, click Create Profile, or right-click a profile you want to modify and select Edit Profile

– In the Edit Profile dialog, set up the syslog server host profile

–Select Advanced configuration option



vSphere Auto Deploy

• Esxcli:

– esxcli system coredump network set --interface-name vmk0 --server-ipv4 192.168.2.52 --server-port 6500

– esxcli system coredump network set --enable true

– esxcli system coredump network get

• Host Profiles:

–Under Network Configuration

–Expand Network Coredump Settings and click Edit

–Enter the server port and IP address and the host NIC to use and click the check box to enable ESXi Dump Collector

–Click OK to save the host profile settings

Setting Up Dump Collector


vSphere Auto Deploy

What We Covered









Setting Dump Collector


Storage DRS


Storage DRS

In This Lesson:

Storage DRS Explained

Datastore Clusters Explained

SDRS Initial Placement

SDRS Load Balancing

Datastore Maintenance with SDRS

SDRS Affinity Rules

Configuring and Using Storage DRS


Storage DRS

• Today (without SDRS)…

–When you create a new VM, you have to manually try to find a datastore with available space and low latency

– From there, you are essentially hoping for the best storage results for the VM

–Periodically, you do your best to check to see if VMs are receiving low latency and you try to monitor datastores for low space

–This is “best effort” VM to storage management

• This is inefficient and it is costing all parties time and money

• All this manual intervention leaves lots of room for potential application outages and slowdowns

• You are using DRS for CPU and RAM but it does nothing for storage



Storage DRS

• With the New Storage DRS…

–VMs (and their VMDKs) are automatically placed on the datastore with the lowest latency and most space available

–VMs are automatically balanced by being svMotion’ed to a better datastore if they aren’t receiving the latency they need

• This will save the VMware Admin and SAN Admin lots of time (and the company, money). SDRS saves opex.



Storage DRS

• Like SDRS, datastore clusters are new in vSphere 5

• Without SDRS in use, a datastore cluster is a group of datastores

• With SDRS, a datastore cluster is the unit used to load balance VM storage across, just like a DRS cluster




Storage DRS

• Initial placement on the “correct” datastore in the datastore cluster happens at:

–Creation time

–When a clone is created

–When a VM is relocated

• SDRS VMDK affinity and anti-affinity rules are available



Storage DRS

• SDRS is triggered based on-

–High latency

– Low space

• Space is continuously collected and the default threshold is 80% utilization

• I/O latency is evaluated every 8 hours based on last 24 hour trend and the default threshold is 15ms

• Storage DRS does do a cost/benefit analysis

• SDRS works with SIOC

SDRS Load Balancing


Storage DRS

• When a datastore is put into maintenance mode, all registered VMs’ VMDKs are evacuated

• Templates, ISOs, and unregistered VMs remain




Storage DRS

SDRS Affinity Rules



Storage DRS

• It will take at least 16 hours of I/O statistics before SDRS will make its first recommendation based on latency, so don’t expect it to make recommendations immediately

• You can create a scheduled task to modify SDRS settings (perhaps during a backup period, to prevent unnecessary migrations)

• SDRS is available with a vSphere Enterprise Plus license only

• For questions about using SDRS with your SAN features (auto-tiering, replication, dedup, and thin provisioning), see Duncan’s post-

SDRS Notes


Storage DRS

What We Covered




SDRS Load Balancing


SDRS Affinity Rules

Configuring and Using Storage DRS


Policy-driven Storage



In This Lesson:

Policy-driven Storage Explained

Storage Vendor Profiles and VASA

Configuration of Policy-driven Storage



• Today, when you create a new datastore, the process of selecting what SAN LUN it will be stored on is manual

• Also, when you perform the more common task of creating a new VM, the process of selecting what datastore they will be stored on is manual

• VMware Admins have to work with SAN Admins to perform all these tasks

–Even if you are the SAN admin, it still takes additional work

• Multiple steps for vSphere and SAN Admins can be saved by using policy-driven storage, resulting in significant time and money (opex)




• Policy-driven storage allows you to:

–Define storage capabilities (ie: capacity, performance, availability, redundancy)

• Custom

• Learned from SAN hardware (via VASA)

–Associate storage capabilities with datastores

–Create storage profiles (Gold/Silver/Bronze)

–Associate a VM with a profiles

–All this allows vSphere to place a VM on a datastore that meets its needs – automatically - and it allows you to report and find if VMs are on the right storage




• Policy-driven Storage is now Profile-driven Storage

Name Change Alert






• Storage capabilities come from either VASA or they are user-defined

• vSphere Storage APIs – Storage Awareness = VASA

• VASA-capable arrays are setup as vSphere “Storage Providers”

• VASA-capable arrays then tell vSphere:

–Their capabilities

–Their performance (useful for SDRS)

“Note to self: find out if my storage supports VASA”




1. Obtain storage capabilities

–VASA (vCenter Storage Providers)

–Create user-defined storage capabilities

2. Create a VM Storage Profile

3. Assign user-defined storage capabilities to datastores

4. Assign VMs a storage profile

–When created

–On each VM’s Properties, Profiles tab

Configuring Policy-driven Storage



What We Covered



Configuration of Policy-driven Storage


Understanding the New vSphere 5 vRAM Pooled

Pricing


Understanding the New vSphere 5 vRAM Pooled Pricing

In This Lesson:

Why is vSphere 5 vRAM Pooled Pricing So Important?

3 Major Changes with vSphere 5 Licensing

vRAM Pooled Pricing in Action

vSphere 5 vRAM Entitlements

Requirements to Access vRAM Pooled Pricing Reports

vSphere 5 License Validator Script

Using vSphere License Advisor

4 Ways to Reduce Your vRAM Pool Utilization



• A significant change to vSphere licensing

• Places a soft limit on virtual machines when a pool-wide limit is reached (with vCenter Standard)

• You will be violating your end user license agreement (EULA) and receive a warning if you exceed the pool with vSphere Standard, Enterprise, or Enterprise Plus

• You will be violating your end user license agreement (EULA) and will not be able to power on a VM if you exceed the pool with vSphere Essentials and Essentials Plus (vCenter Foundations)

• This change should affect how you provision your VMs and it may affect your cost




1. vSphere is still sold per CPU socket

2. vSphere advanced edition is gone AND vSphere CPU core and physical RAM capacity per host restrictions are gone

3. Each vSphere edition now comes with a vRAM entitlement that is pooled by vCenter, per version




• vRAM pooled pricing is based on configured vRAM in use by Powered On virtual machines







• vSphere Hypervisor Free Edition = 32GB per server

• vSphere Essentials and Essentials Plus = 32GB

• vSphere Standard = 32GB

• vSphere Enterprise = 64GB

• vSphere Enterprise Plus = 96GB

• Again, vSphere 5 is still sold on a per CPU socket license (or in a kit) but now each edition has specific vRAM entitlements that will be pooled, per vCenter, per version of vSphere

• A new version of vSphere is available, vSphere Desktop Edition, that is sold based on a per VDI user desktop basis.




• August 3 Updates:

– vRAM Entitlements were increased

–Cap the amount of vRAM counted per VM at 96GB

–Calculate a 12 month average of configured vRAM rather than a high water mark




• vSphere web client (server) must be installed

• Traditional Windows-based vSphere Client must be used

• Go to Home Licensing

Reporting (tab)





http://www.virtu-al.net/2011/07/14/vsphere-5-license-entitlements



• A free tool from VMware that advises you on vSphere license usage

• Especially important if planning an upgrade from vSphere 4 to 5

• Tiny Windows install that connects to a single vCenter server

• The tool does not recognize multiple vCenter servers in linked mode

• Requires that the Java runtime engine (JRE) be installed

• Offers the ability to export data


















1. Rightsize the memory on each of your virtual machines

2. Power off virtual machines that are unused

3. Understand application memory utilization and find ways to reduce it

4. Remember that all hosts in your enterprise with vSphere licenses count toward the pool (including VMHA hosts who are in standby mode and even remote servers if you are using vCenter linked mode)

Tips:

• vSphere licenses are per socket and not per core

• You could implement chargeback to charge the groups in your company who use the most memory

• Standardize on the same license of vSphere




What We Covered










Network I/O Control (NIOC)



In This Lesson:

What is Network I/O Control?

New in vSphere 5 NIOC

Configuring Network I/O Control



• Provide QoS for network traffic by type

• Requires vSphere Enterprise Plus and use of vDS





• New feature in vSphere 4.1

• AKA NetIOC or NIOC

• QoS for the virtual network

• Uses shares, which you are already used to using in vSphere with resources pools

• Ensures best performance for critical vSphere infrastructure services when there is high network utilization

–NFS

– iSCSI

– FT

– vMotion

• For more information, see vSphere Network I/O Best Practices

http://www.vmware.com/resources/techresources/10119




• User-defined network resource pools

–Enables multi-tenancy deployment

–Bridges virtual and physical infrastructure QoS by using per resource pool 802.1p tagging

New in vSphere 5 NIOC





http://www.vmware.com/resources/techresources/10119



What We Covered


What’s New in vSphere 5 NIOC?



Storage I/O Control (SIOC)



In This Lesson:

Why You Need Storage I/O Control (SIOC)

How SIOC Works

SIOC Requirements

Enabling SIOC in vSphere

Monitoring SIOC Performance



• General consensus is that most virtualization performance issues are caused by latency in shared storage

• Storage I/O Control provides “Quality of Service” (QoS) to ensure that all VMs get the storage performance the require

• In summary, SIOC is necessary so that one VM doesn’t slow down another (regarding storage resources)




How SIOC Works

Graphics Thanks to VMware.com



• Datastores must be managed by a single vCenter server

• FC, iSCSI, and NFS are supported (RDMs are not)

• Support for NFS is new in vSphere 5!

• Datastores with multiple extents are not supported

• vSphere 4.1 or later (vSphere 5 to use NFS)

SIOC Requirements



• SIOC is enabled per datastore

• Once enabled, ESXi monitors the latency of that datastore

• To enable SIOC:

–Go to the ESXi Server

–Configuration tab

–Storage

–Select the Datastore

–Click Properties




• Set the number of shares and maximum number of IOPS per VM

–Default is Normal/1000

–Unlimited IOPS

• Note:

“If the limit you want to set for a virtual machine is in terms of MB per second instead of IOPS, you can convert MB per second into IOPS based on the typical I/O size for that virtual machine. For example, to restrict a backup application with 64KB IOs to 10 MB per second, set a limit of 160 IOPS.”




• To set the shares and maximums

–Go to the Datastores view in the vSphere Inventory

–Select the Virtual Machines tab

or

–Go to the Properties of each VM

–Resources tab

• Monitor SIOC Latency and IOPS in the Datastore Inventory, Performance tab




What We Covered


How SIOC Works

SIOC Requirements


Monitoring SIOC Performance


ESXi Firewall


ESXi Firewall

In This Lesson:

ESXi Firewall Defined

Configuration Files

Rule Set Add

Service Behavior

ESXI Shell Firewall Configuration


ESXi Firewall

• The ESXi Firewall is a new service-oriented, stateless firewall used to protect the management interface of ESXi

• The firewall can be configured either from a GUI through the vSphere client or via the command-line using esxcli



ESXi Firewall

• Rule set configuration files

• Service configuration files

Configuration Files


ESXi Firewall

Rule Set Add

Option Description

<service id='nnnn'> Numeric identifier for the service. If the configuration file contains only one service, you do not need a service ID. Use <service></service>

<id> Usually the name of the service

<rule id='nnnn'> Numeric identifier for the rule

<direction> Port direction (inbound or outbound)

<protocol> Protocol for the port (tcp or udp)

<porttype> Type of port, destination or source (dst or src)

<port> Port number or range of ports. To enter a range, use <begin> and <end> tags

<enabled> Status of the service when the rule set is applied (true or false)

<required> Whether the ruleset is required and cannot be disabled (true or false)

• /etc/vmware/firewall/


ESXi Firewall

<ConfigRoot>

<service id='0000'>

<id>serviceName</id>

<rule id = '0000'>

<direction>inbound</direction>

<protocol>tcp</protocol>

<porttype>dst</porttype>

<port>80</port>

</rule>

<rule id='0001'>

<direction>inbound</direction>

<protocol>tcp</protocol>

<porttype>src</porttype>

<port>

<begin>1020</begin>

<end>1050</end>

</port>

</rule>

<enabled>true</enabled>

<required>false</required>

</service>

</ConfigRoot>

Example: Rule Set Configuration File


ESXi Firewall

• Start automatically if any ports are open and stop when all ports are closed

• Start and stop with host

• Start and stop manually

Service Behavior


ESXi Firewall

ESXi Shell Firewall Configuration

Command Description

esxcli network firewall get Returns the enabled or disabled status of the firewall and lists

default actions

esxcli network firewall set --defaultaction Update default actions

esxcli network firewall set –enabled Enable or disable the ESXi firewall

esxcli network firewall load Load the firewall module and rule set configuration files

esxcli network firewall refresh Refresh the firewall configuration by reading the rule set files if the firewall module is loaded

esxcli network firewall unload Destroy filters and unload the firewall module

esxcli network firewall ruleset list List rule sets information

esxcli network firewall ruleset set --allowedall Set the allowedall flag

esxcli network firewall ruleset set --enabled Enable or disable the specified rule set

esxcli network firewall ruleset allowedip list List the allowed IP addresses of the specified rule set

esxcli network firewall ruleset allowedip add Allow access to the rule set from the specified IP address or

range of IP addresses

esxcli network firewall ruleset allowedip remove Remove access to the rule set from the specified IP address or range of IP addresses


ESXi Firewall

What We Covered


Configuration Files

Rule Set Add

Service Behavior

ESXI Shell Firewall Configuration


VMware Data Recovery (VDR) 2



In This Lesson:

Introduction to VMware Data Recovery (VDR) 2

New VDR Features in vSphere 5

Limitations of VDR

Installing VDR

VDR Initial Configuration

Backup and Restore with Data Recovery



• VDR is a VMware virtualization-specific backup and recovery application for VMware vSphere 4 and 5

• Easy to deploy as an appliance, integrates with vCenter, and administered from vCenter

• Provides backup and restore of guest Virtual Machines

• Advanced features like:

–De-duplication

– File level restore

– Incremental/differential backup

• Included with vSphere Editions – Essentials Plus, Standard, Enterprise, and Enterprise Plus




• Appliance and plug-in

–No physical server and no COS to install

• Fully integrated with vCenter

• Works if VMs are on or off

• Uses snapshots for anytime BU

• Supports VSS for Windows BU

• Uses VADP (vSphere API for Data Protection) framework




• Can backup entire vSphere infrastructure in a few clicks

• No agents and works on any OS

• Complete management of backup and recovery through the vSphere Client

• Included with vSphere

• Deduplication and compression are automatic




• In vSphere 4.1, VDR 1.2 offered:

– Linux file level restore

–VSS in Win 2008 and Win 2008 R2 at the app level

–Up to 10 appliances per vCenter (and up to 100 VMs per appliance)

–VDR log can be sent to the syslog server




• In vSphere 5, VDR 2.0 offers:

–Now uses Cent OS 5.5 64-bit – better scalability and stability

–Swap files not included in backups anymore

– Integrity checks and reclaim operations can be scheduled, resumed, and run in the background

–Overall performance of backups and other operations has been improved

–Email reporting has been added




• Backup datastore recommended to be no more than 1TB of de-dup data and 2 destination total (500MB if CIFS)

• 8 concurrent VMDK backups

• Maximum of 100 VMs can be backed up per VDR appliance

–You can add another VDR appliance

• Maximum of 10 VDR appliances per vCenter Server

–Maximum of 1000 VMs per vCenter that can be backed-up with VDR

• Does not provide a method to get backup data onto tape or offsite

Limitations of VDR



• 60 Day evaluation is available with vSphere

–Or, you must be using Essentials Plus, Standard, Enterprise, Enterprise Plus, or purchased a la carte with Essentials

• Download VDR on the same page that you download vSphere

• VDR is a single file in ISO format

• Either burn to media, mount the ISO, or unzip the ISO to gain access to the files inside

• Deploy the VDR appliance from the OVF file

• Install the VDR vSphere Client plug-in with the Windows installer

Installing VDR



• You must add a storage destination before powering up VDR

• You can add a VMDK virtual disk destination or network share

• A VMDK, kept with the VM, is my favorite

• Once you create a VMDK destination, format and mount it

• VMware recommends using a thick VMDK for performance reasons

• Powering on VDR is like powering on any VM

• After initial power on, use the CLI to change the root password

• Default username and password:

– root

– vmw@re




• Once powered on and password is changed, do the following from the web interface:

–Set a static IP address (can also do using CLI)

–Set the correct time zone

–Reboot

–Double check configurations once it comes back

• To power off the VDR appliance properly, use the web interface or CLI





Graphics Thanks to VMware.com



What We Covered



Limitations of VDR

Installing VDR




Administering vSphere Using an iPad



In This Lesson:

Features of the vSphere Client for iPad

Requirements for the vSphere Client for iPad

Installing vCenter Mobile Access (vCMA)

Installing vSphere Client for iPad




• Search for vSphere hosts and VMs

• Monitor the performance of vSphere hosts and VMs

• Manage virtual machines with the ability to start, stop and suspend

• View and restore virtual machines’ snapshots

• Reboot vSphere hosts or put them into maintenance mode

• Diagnose vSphere hosts and virtual machines using built-in ping and traceroute tools

Features of the vSphere Client for iPad



• vSphere and vCenter already in place

• vCenter Mobile Access (vCMA) virtual appliance available from the VMware Labs:

http://labs.vmware.com/flings/vcma

• Network connection to the vCMA

–Via LAN or Internet VPN

• vSphere Client for iPad

–Via iTunes store

• Note: this is all free except your vSphere and vCenter infrastructure






• vCMA is a free virtual appliance from VMware Labs

• It allows you to manage your virtual infrastructure from mobile devices, like smartphones and iPads

–Via web browser and the vSphere Client for iPad

• Download the OVF file and Deploy it, through the vSphere Client





• A free Apple iPad client for administering vSphere

• Requires local LAN access or VPN access to the vCMA

• Just like any iPad app, downloaded through iTunes and installed on the iPad

• Search in iTunes for “vSphere Client” or go to-

http://itunes.apple.com/us/app/vmware-vsphere-client-for/id417323354?mt=8&ls=1




• To connect:

–Get the IP address (or DNS name) of the vCMA VM

–Enter that IP address (or DNS name) in the Settings on the iPad, for the vCMA, when you first launch the client

• Connect to the vSphere infrastructure using the vSphere Client for iPad by entering your vCenter server name, username, and password

• You’re ready!













What We Covered

Benefits of the vSphere Client for iPad





trainsignal Vmware

Documents

Transcript of trainsignal Vmware