vSphere 4.1 New Features and Capabilities ESXi , Availability and Management (Part 2 of 2)
description
Transcript of vSphere 4.1 New Features and Capabilities ESXi , Availability and Management (Part 2 of 2)
© 2009 VMware Inc. All rights reserved
Confidential
vSphere 4.1 New Features and CapabilitiesESXi, Availability and Management (Part 2 of 2)
Iwan ‘e1’ Rahabok, Senior Systems Consultant
[email protected] | virtual-red-dot.blogspot.com | tinyurl.com/SGP-User-Group
16 July 2010
2 Confidential
vSphere 4.1 Deep Dive – Continued
Agenda• ESXi – deployment methods, Tech Support Mode enhancements• HA & FT – HA Diagnostics & Reliability, FT enhancements, vMotion
enhancements• DRS & DPM – DRS VM Host affinity, DPM enhancements• Management – vCenter Server & Platform enhancements
Update Manager
Future topics• USB pass through• Memory Compression• VMware Data Recovery• Orchestrator• Multi-core VM• Licence Reporting Manager• Compatibility & Upgrade
3 Confidential
ESXi
4 Confidential
Transitioning to ESXi
ESXi is our architecturegoing forward
5 Confidential
New Feature: Additional Deployment Option
Boot From SAN• Fully supported in ESXi 4.1• Was only experimentally supported in ESXi 4.0• Boot from SAN supported for FC, iSCSI, and FCoE• ESX and ESXi have different requirement:
iBFT (Boot Firmware Table) required• The host must have an iSCSI boot capable NIC that supports the iSCSI iBFT
format. • iBFT is a method of communicating parameters about the iSCSI boot device
to an OS
6 Confidential
New Feature: Additional Deployment Option
Scripted Installation• Numerous choices for installation
Installer booted from CD-ROM (default) Preboot Execution Environment (PXE)
ESXi Installation image on CD-ROM (default), HTTP/S, FTP, NFS
Script can be stored and accessed Within the ESXi Installer ramdisk On the installation CD-ROM HTTP / HTTPS, FTP, NFS
Config script (“ks.cfg”) can include Preinstall Postinstall First boot
• Cannot use scripted installation to install to a USB device
7 Confidential
PXE Boot
Requirements• PXE-capable NIC.• DHCP Server (IPv4). Use existing one.• Media depot + TFTP server + gPXE
A server hosting the entire content of ESXi media.
Protocal: HTTP/HTTPS, FTP, or NFS server. OS: Windows/Linux server.
8 Confidential
New Feature: Full Support of Tech Support Mode
There you go
2 types• Remote: SSH• Local: Direct Console
9 Confidential
New Feature: Full Support of Tech Support Mode
Enter to toggle. That’s it!• Disable/Enable
Timeout automatically disables TSM (local and remote)
Running sessions are not terminated.
All commands issued in Tech Support Mode are sent to syslog
10 Confidential
New Feature: Full Support of Tech Support Mode
Recommended uses• Support, troubleshooting, and break-fix• Scripted deployment preinstall, postinstall, and first boot scripts
Discouraged uses• Any other scripts• Running commands/scripts periodically (cron jobs)• Leaving open for routine access or permanent SSH connection
Admin will benotified when active
11 Confidential
New Feature: Full Support of Tech Support Mode
We can also enable it via GUI
Can enable in vCenter or DCUI
12 Confidential
Security Banner
A message that is displayed on the direct console Welcome screen.
13 Confidential
New Feature: Total Lockdown
14 Confidential
New Feature: Total Lockdown
Ability to totally control local access via vCenter Server• DCUI• Lockdown Mode (disallows all access except root on DCUI)• Tech Support Mode (local and remote)• If all configured, then no local activity possible (except pull the plugs)
15 Confidential
New Feature: Active Directory Service
Provides authentication for all local services• vSphere Client• Other access based on vSphere API • DCUI• Tech Support Mode (local and remote)
Has nominal Active Directory groups functionality• Members of “ESX Admins” AD group have Administrative privilege• Administrative privilege includes:
Full Administrative role in vSphere Client and vSphere API clients DCUI access Tech Support Mode access (local and remote)
16 Confidential
New Feature: Active Directory Service
17 Confidential
New Feature: Active Directory Service
18 Confidential
New Feature: Active Directory Service
1. Select “Active Directory”
2. Click “Join Domain”
3. Join the domain.
19 Confidential
New Feature: Active Directory Service
A third method for joining ESX/ESXi hosts and enabling Authentication Services to utilize Active Directory is to configure it through Host Profiles
20 Confidential
New Feature: Additional vCLI configuration commands
Storage• esxcli swiscsi session: Manage iSCSI sessions • esxcli swiscsi nic: Manage iSCSI NICs• esxcli swiscsi vmknic: List VMkernel NICs available for binding to particular
iSCSI adapter • esxcli swiscsi vmnic: List available uplink adapters for use with a specified
iSCSI adapter• esxcli vaai device: Display information about devices claimed by the VMware
VAAI (vStorage APIs for Array Integration) Filter Plugin.• esxcli corestorage device: List devices or plugins. Used in conjunction with
hardware acceleration.
21 Confidential
New Feature: Additional vCLI troubleshooting commands
Network• esxcli network: List active connections or list active ARP table entries.
Storage• NFS statistics available in resxtop
VM• esxcli vms: Forcibly stop VMs that do not respond to normal stop operations,
by using kill commands. # esxcli vms vm kill --type <kill_type> --world-id <ID>
• NOTE: designed to kill VMs in a reliable way (not dependent upon well-behaving system)• Eliminating one of the most common reasons for wanting to use TSM.
22 Confidential
New Feature: Additional commands in Tech Support Mode
vscsciStats is now available in the console.
Output is raw data for histogram.• Use spreadsheet to plot the histogram
Some use cases:• Identify whether IO are
sequential or random• Optimizing for IO Sizes• Checking for disk mis-alignment• Looking at storage latency in more
details
23 Confidential
Summary of new features in ESXi 4.1
Deployment Options• Boot from SAN• Scripted Installation (a la “Kickstart”)
Improved Local Authentication• Built-in Active Directory Service• DCUI and Tech Support Mode access by any authorized user (not just root)
Easier CLI options for troubleshooting• Full support of Tech Support Mode – both local and remote (via SSH)• Additional commands in Tech Support Mode: vscsiStats, nc, tcpdump-uw, etc.• Additional management options in vCLI: SCSI, VAAI, Network, VM
Better control over local activity• DCUI and Tech Support Mode is configurable in vCenter Server• Total host lockdown possible• Activity in Tech Support Mode is sent to syslog
24 Confidential
Availability – HA & FTDRS & DPM
25 Confidential
Availability Feature Summary
HA and DRS Cluster Limitations
High Availability (HA) Diagnostic and Reliability Improvements
Fault Tolerance (FT) Enhancements
vMotion Enhancements
• Performance
• Usability
• Enhanced Feature Compatibility
VM-host Affinity (DRS)
DPM Enhancements
Data Recovery Enhancements
26 Confidential
HA and DRS Cluster Improvements
Increased cluster limitations• Cluster limits are now unified for HA and DRS clusters• Increased limits for VMs/host and VMs/cluster
• Cluster limits for HA and DRS:• 32 hosts/cluster• 320 VMs/host (regardless of # of hosts/cluster)• 3000 VMs/cluster
• Note that these limits also apply to post-failover scenarios. Please be sure that these limits will not be violated even after the maximum configured number of host failovers.
27 Confidential
HA and DRS Cluster Limit
5-host cluster, tolerate 1 host failure• vSphere 4.1 supports 320 VMs/host• Supports 320x5 VMs/cluster? NO• Cluster can only support 320x4 VMs
5-host cluster, tolerate 2 host failures• Supports 320x5 VMs/cluster? NO• Cluster can only support 320x3 VMs
X
X X
28 Confidential
HA Diagnostic and Reliability Improvements
HA Healthcheck Status• HA provides an ongoing healthcheck facility to ensure that the required cluster
configuration is met at all times. Deviations result in an event or alarm on the cluster.
Improved HA-DRS interoperability during HA failover• DRS will perform vMotion to free up contiguous resources (i.e. on one host) so
that HA can place a VM that needs to be restarted
29 Confidential
HA Diagnostic and Reliability Improvements
HA Operational Status• Displays more information about the current HA operational
status, including the specific status and errors for each host in the HA cluster.
30 Confidential
Fault Tolerance (FT) Enhancements
FT fully integrated with DRS• DRS load balances FT Primary and
Secondary VMs. EVC required.
Versioning control lifts requirement on ESX build consistency• Primary VM can run on host with a
different build # as Secondary VM.
Events for Primary VM vs. Secondary VM differentiated• Events logged/stored differently.
Resource Pool
DRS
FT PrimaryVM
FT SecondaryVM
31 Confidential
vMotion Enhancements
• Significantly decreased the overall migration time (time will vary depending on workload)• Increased number of concurrent vMotions:
ESX host: 4 on a 1 Gbps network and 8 on a 10 Gbps network Datastore: 128 (both VMFS and NFS)
• Maintenance mode evacuation time is greatly decreased due to above improvements
32 Confidential
Enhanced vMotion Compatibility Improvements
Usability Improvements• Preparation for AMD Next
Generation w/o 3DNow!: Future AMD CPUs may not support 3DNow!. To prevent vMotion incompatibilities, a new EVC mode is introduced.
• Better handling of powered-on VMs: vCenter Server now uses a live VM's CPU feature set (instead of host's CPU features) to determine migration into an EVC cluster. This will provide better granularity in error detection.
33 Confidential
Enhanced vMotion Compatibility Improvements
Usability Improvements• VM's EVC capability: The VMs tab for hosts and clusters now displays the
EVC mode corresponding to the features used by VMs.
• VM Summary: The Summary tab for a VM lists the EVC mode corresponding to the features used by the VM.
• Earlier Add-Host Error detection: Host-specific incompatibilities are now displayed prior to the Add-Host work-flow when adding a host into an EVC cluster.
34 Confidential
VM-host Affinity (DRS)
VMs
VM groups
Hosts
Host groups
Rules
OSAPP
“ChassisA” “ChassisB”“ChassisB”“ChassisA”
4-host DRS/HA cluster
OSAPP
OSAPP
OSAPP
OSAPP
“A” “B” “A” “A” “B”
A ChassisA B ChassisB
VM-VM anti-affinity rule enhancement• VM-VM anti-affinity rules can now incorporate more than 2 VMs
35 Confidential
VM-host Affinity (DRS): VM Group
In this example, we are adding the “WinXPsp3” VM to the group.
The group name is “Desktop VMs”
36 Confidential
VM-host Affinity (DRS): ESX Group
Just like we can group VM, we can also group ESX
37 Confidential
VM-host Affinity (DRS)
38 Confidential
Rule enforcement: 2 options• Required: DRS/HA will never violate the
rule; event generated if violated manually. Only advised for enforcing host-based licensing of ISV apps.• Preferential: DRS/HA will violate the rule if
necessary for failover or for maintaining availability
Required rules
Preferential rules
VM-host Affinity (DRS)
39 Confidential
VM-host Affinity (DRS): Mapping
40 Confidential
Rules: summary page
The Cluster Settings dialog box now display the new rules type
41 Confidential
DPM Enhancements
Scheduling Distributed Power Management• Turning on/off DPM is now a scheduled task• DPM can be turned off prior to business hours in anticipation for higher
resource demands
Disabling DPM brings hosts out of standby• Eliminates risk of ESX hosts being stuck in standby mode while DPM is
disabled. Ensures that when DPM is disabled, all hosts are powered on and ready to accommodate load increases.
42 Confidential
vSphere Client Plug-In- Ability for seamless switch between multiple backup
appliances- Improved usability and user experience
VMware vSphere 4.1- Improved VSS support for Windows 2008 and
Windows 7: application level quiescing
Destination Storage- Expanded support for DAS, NFS, iSCSI or Fibre
Channel storage plus CIFS shares as destination- Improved deduplication performance
Backup and Recovery Appliance- Support for up to 10 appliances per vCenter Server
instance to allow protection of up to 1000 VMs- File Level Restore client for Linux VMs
VMware vCenter Server
VMware Data Recovery: New Capabilities
43 Confidential
Management
44 Confidential
Management – New Features Summary
vCenter Server
• 32-bit to 64-bit data migration
• Enhanced Scalability
Update Manager
Host Profile Enhancements
Orchestrator
Active Directory Support (Host and vMA)
Management Assistant (vMA)
• Scale and readiness
Converter
• Hyper-V Import
Virtual Serial Port Concentrator
45 Confidential
vCenter Server MUST be hosted on 64-bit Windows OS• 32-bit OS NOT supported as a host OS with vCenter vSphere 4.1
Why the change?• Scalability is restricted by the x86 32 bit virtual address space and moving
to 64 bit will eliminate this problem• Reduces dev and QA cycles and resources (faster time to market)
Two Options1. vCenter Server in a VM running 64-bit Windows OS
2. vCenter Server install on a 64-bit Windows OS
Best Practice – Use Option 1
vCenter Server – Migration to 64-bit
46 Confidential46
Enhanced vCenter Scalability
vSphere 4 vSphere 4.1 RatioVMs per host 320 320 1xHosts per cluster 32 32 1xVMs per cluster 1280 3000 3xHosts per VC 300 1000 3xRegistered VMs per VC 4500 15000 3x+Powered-On VMs per VC 3000 10000 3xConcurrent VI Clients 30 120 4xHosts per DC 100 500 5xVMs per DC 2500 5000 2x
Key Takeaway – Larger VMware users and prospects will interested in 4.1
47 Confidential
Update Manager
Central automated, actionable VI patch compliance management solution
Define, track, and enforce software update compliance for ESX hosts/clusters, 3rd party ESX extensions, Virtual Appliances, VMTools/VM Hardware, online*/offline VMs, templates
Patch notification and recall Cluster level pre-remediation check
analysis and report Framework to support 3rd party IHV/ISV
updates, customizations: mass install, /update of EMC’s PowerPath module
Enhanced compatibility with DPM for cluster level patch operations
Performance and scalability enhancements to match vCenter
48 Confidential
Host Profiles and Orchestrator Enhancements
Host Profiles• Cisco support• PCI device ordering (support for selecting NICs)• iSCSI support• Admin password (setting root password) • PSA configuration
Orchestrator• provides a client and server for 64-bit installations, with an optional 32-bit
client.• performance enhancements due to 64-bit installation
49 Confidential
Management - Other New Features (Continued)
Active Directory Support (Host and vMA)• No need to manage user accounts on ESX or ESXi – “stateless” • Match Hyper-V capability (it can do this today)
Management Assistant• Improved authentication capability – Active Directory support • Transition from RHEL to CentOS
Converter• Allows import of VMs from Hyper-V host
Virtual Serial Port Concentrator• Traditional low-bandwidth, secure remote console approach for managing
servers
50 Confidential
Virtual Serial Port Concentrator
What it is• Redirect VM serial ports over a standard network link• vSPC aggregates traffic from multiple serial ports onto one management
console. It behaves similarly as physical serial port concentrators.
Benefits• Using a vSPC also allows network connections to a VM's serial ports to
migrate seamlessly when the VM is migrated using vMotion• Management efficiencies• Lower costs for multi-host management• Enables 3rd party concentrator integration if required
51 Confidential
Virtual Serial Port Concentrator
52 Confidential
Virtual Serial Port Concentrator
53 Confidential
Virtual Serial Port Concentrator (vSPC)
vSPC, which will act as proxy.
Enables two VMs or a VM and a process on the host tocommunicate as if they were physical machines connected by a serial cable. For example, this can be used for remote debugging on a VM
54 Confidential
Virtual Serial Port Concentrator
© 2009 VMware Inc. All rights reserved
Confidential
Q&A
© 2009 VMware Inc. All rights reserved
Confidential
Thank You
57 Confidential
Add-on Slides
58 Confidential
Multi-core CPU inside a VM
Click this
59 Confidential
Multi-core CPU inside a VM
2-core, 4-core, 8 core.No 3-core, 5 core, 6 core, etc
Type this manually
60 Confidential
Multi-core CPU inside a VM
How to enable (per VM, not batch)• Turn off VM. Can not be done online.• Click Configuration Parameters• Click Add Row and type cpuid.coresPerSocket in the Name column.• Type a value (2, 4, or 8) in the Value column.
The number of virtual CPUs must be divisible by the number of cores per socket. The coresPerSocket setting must be a power of two.
Notes:• If enabled, CPU Hot Add is disabled
61 Confidential
Multi-core CPU inside a VM
Once enabled, it is not readily shown to administrator
This is not shown easily in the UI. • VM listing in vSphere Client does
not show core
Possible to write scripts• Iterates per VM
Sample tools• CPU-Z• MS SysInternals
62 Confidential
Compatibility
vSphere Client compatibility• Can use the “same” client to access 4.1, 4.0 and 3.5
vCenter LinkedMode• vCenter Server 4.1 and 4.0 can co-exist in Linked Mode• After both versions of vSphere Client are installed, you can access vCenter
Server linked objects with either client. • For Linked Mode environments with vCenter Server 4.0 and vCenter Server
4.1, you must have vSphere Client 4.0 Update 1 and vSphere Client 4.1.
MS SQL Server• Unchanged. 4.1, 4.0 U2, 4.0 U1 and 4.0 have identical support• 32 bit DB is also supported.
63 Confidential
Compatibility
vCenter 4.0 does not support ESX 4.1• Upgrade vCenter before upgrading ESX
vCenter 4.1 does not support ESX 2.5• ESX 2.5 has reached the limited/non support
status
vCenter 4.1 adds support for ESX 3.0.3 U1
64 Confidential
Compatibility
View• Need to upgrade to 4.5• View 4.0 composer is a 32-bit application, while vCenter 4.1 is 64 bit.
SRM• need to upgrade to SRM 4.1• SRM 4.1 supports vSphere 4.0 U1, 4.0 U2 and 3.5 U5• SRM 4.1 needs vCenter 4.1• SRM 4.1 needs 64 bit OS. SRM 4.1 adds support for Win08 R2
CapacityIQ• CIQ 1.0.3 (the current shipping release) is not known to have any issues with
VC 4.1 but you need to use a “–NoVersionCheck” flag when registering CIQ with it.• Still in the process of verifying all of CIQ functionality. Once the full cycle is
over we will issue a 1.0.4 release that does not require using this flag.
65 Confidential
Compatibility: Win08 R2
Windows 2008 R2 is compatible with:• vSphere Client 4.1• vCenter 4.1• Guest OS Customization for 4.0 and 4.1• vCenter Update Manager for Host patching ONLY. It is not yet supported for
Guest OS updates at this time• vCenter Converter• VMware vCenter Orchestrator (vCO) Client and Server, versions 4.1• SRM 4.1
66 Confidential
Support Info
VMware Converter plug-in.
• VMware vSphere 4.1 and its updates/patches are the last releases for the VMware Converter plug-in for vSphere Client.
• We will continue to update and support the free Converter Standalone product
VMware Guided Consolidation.
• VMware vSphere 4.1 and its subsequent update and patch releases are the last major releases for VMware Guided Consolidation.
VMware Update Manager: Guest OS patching
• Update Manager 4.1 and its update are the last releases to support scanning and remediation of patches for Windows and Linux guest OS.
• The ability to perform VM operations such as upgrade of VMware Tools and VM hardware will continue to be supported and enhanced.
VMware Consolidated Backup 1.5 U2
• VMware has extended the end of availability timeline for VCB and added VCB support for vSphere 4.1. VMware supports VCB 1.5 U2 for vSphere 4.1 and its subsequent update and patch releases through the end of their lifecycles.
67 Confidential
Support Info
VMI Paravirtualized Guest OS support.
• vSphere 4.1 is the last release to support the VMI guest OS paravirtualization interface. For information about migrating VMs that are enabled for VMI so that they can run on future vSphere releases, see Knowledge Base article 1013842.
vSphere Web Access.
• vSphere 4.1 is the last product release for vSphere Web Access. As a best practice, VMware recommends that you use the vSphere Client.
Linux Guest OS Customization.
• vSphere 4.1 is the last release to support customization for these Linux guest OS: RedHat Enterprise Linux (AS/ES) 2.1, RedHat Desktop 3, RedHat Enterprise Linux (AS/ES) 3.0, SUSE Linux Enterprise Server 8 Ubuntu 8.04, Ubuntu 8.10, Debian 4.0, Debian 5.0
Microsoft Clustering with Windows 2000 is not supported in vSphere 4.1.
• See the Microsoft Website for additional information.
• Likely due to MSCS with Win2K EOL. Need to double confirm.
68 Confidential
USB Devices
2 steps:• Add USB Controller• Add USB Devices
69 Confidential
USB Devices
70 Confidential
USB Devices: Supported Devices
Only devices listed on the manual is supported.
Mostly for ISV licence dongle.
External USB drives.• Limited for now
USB Drive
71 Confidential
USB Devices
Up to 20 devices per VM. Up to 20 devices per ESX host.
72 Confidential
Admin client: plug-ins
New plug-in:• Licensing Reporting Manager• Storage Monitoring
73 Confidential
vCenter 4.1 install
New option: Managing the RAM of JVM