vSphere 4.1 New Features and Capabilities ESXi , Availability and Management (Part 2 of 2)

© 2009 VMware Inc. All rights reserved

Confidential

vSphere 4.1 New Features and CapabilitiesESXi, Availability and Management (Part 2 of 2)

Iwan ‘e1’ Rahabok, Senior Systems Consultant

[email protected] | virtual-red-dot.blogspot.com | tinyurl.com/SGP-User-Group

16 July 2010

mailto:[email protected]

2 Confidential

vSphere 4.1 Deep Dive – Continued

Agenda• ESXi – deployment methods, Tech Support Mode enhancements• HA & FT – HA Diagnostics & Reliability, FT enhancements, vMotion

enhancements• DRS & DPM – DRS VM Host affinity, DPM enhancements• Management – vCenter Server & Platform enhancements

Update Manager

Future topics• USB pass through• Memory Compression• VMware Data Recovery• Orchestrator• Multi-core VM• Licence Reporting Manager• Compatibility & Upgrade

3 Confidential

ESXi

4 Confidential

Transitioning to ESXi

ESXi is our architecturegoing forward

5 Confidential

New Feature: Additional Deployment Option

Boot From SAN• Fully supported in ESXi 4.1• Was only experimentally supported in ESXi 4.0• Boot from SAN supported for FC, iSCSI, and FCoE• ESX and ESXi have different requirement:

iBFT (Boot Firmware Table) required• The host must have an iSCSI boot capable NIC that supports the iSCSI iBFT

format. • iBFT is a method of communicating parameters about the iSCSI boot device

to an OS

6 Confidential

New Feature: Additional Deployment Option

Scripted Installation• Numerous choices for installation

Installer booted from CD-ROM (default) Preboot Execution Environment (PXE)

ESXi Installation image on CD-ROM (default), HTTP/S, FTP, NFS

Script can be stored and accessed Within the ESXi Installer ramdisk On the installation CD-ROM HTTP / HTTPS, FTP, NFS

Config script (“ks.cfg”) can include Preinstall Postinstall First boot

• Cannot use scripted installation to install to a USB device

7 Confidential

PXE Boot

Requirements• PXE-capable NIC.• DHCP Server (IPv4). Use existing one.• Media depot + TFTP server + gPXE

A server hosting the entire content of ESXi media.

Protocal: HTTP/HTTPS, FTP, or NFS server. OS: Windows/Linux server.

8 Confidential

New Feature: Full Support of Tech Support Mode

There you go

2 types• Remote: SSH• Local: Direct Console

9 Confidential


Enter to toggle. That’s it!• Disable/Enable

Timeout automatically disables TSM (local and remote)

Running sessions are not terminated.

All commands issued in Tech Support Mode are sent to syslog

10 Confidential


Recommended uses• Support, troubleshooting, and break-fix• Scripted deployment preinstall, postinstall, and first boot scripts

Discouraged uses• Any other scripts• Running commands/scripts periodically (cron jobs)• Leaving open for routine access or permanent SSH connection

Admin will benotified when active

11 Confidential


We can also enable it via GUI

Can enable in vCenter or DCUI

12 Confidential

Security Banner

A message that is displayed on the direct console Welcome screen.

13 Confidential

New Feature: Total Lockdown

14 Confidential

New Feature: Total Lockdown

Ability to totally control local access via vCenter Server• DCUI• Lockdown Mode (disallows all access except root on DCUI)• Tech Support Mode (local and remote)• If all configured, then no local activity possible (except pull the plugs)

15 Confidential

New Feature: Active Directory Service

Provides authentication for all local services• vSphere Client• Other access based on vSphere API • DCUI• Tech Support Mode (local and remote)

Has nominal Active Directory groups functionality• Members of “ESX Admins” AD group have Administrative privilege• Administrative privilege includes:

Full Administrative role in vSphere Client and vSphere API clients DCUI access Tech Support Mode access (local and remote)

16 Confidential


17 Confidential


18 Confidential


1. Select “Active Directory”

2. Click “Join Domain”

3. Join the domain.

19 Confidential


A third method for joining ESX/ESXi hosts and enabling Authentication Services to utilize Active Directory is to configure it through Host Profiles

20 Confidential

New Feature: Additional vCLI configuration commands

Storage• esxcli swiscsi session: Manage iSCSI sessions • esxcli swiscsi nic: Manage iSCSI NICs• esxcli swiscsi vmknic: List VMkernel NICs available for binding to particular

iSCSI adapter • esxcli swiscsi vmnic: List available uplink adapters for use with a specified

iSCSI adapter• esxcli vaai device: Display information about devices claimed by the VMware

VAAI (vStorage APIs for Array Integration) Filter Plugin.• esxcli corestorage device: List devices or plugins. Used in conjunction with

hardware acceleration.

21 Confidential

New Feature: Additional vCLI troubleshooting commands

Network• esxcli network: List active connections or list active ARP table entries.

Storage• NFS statistics available in resxtop

VM• esxcli vms: Forcibly stop VMs that do not respond to normal stop operations,

by using kill commands. # esxcli vms vm kill --type <kill_type> --world-id <ID>

• NOTE: designed to kill VMs in a reliable way (not dependent upon well-behaving system)• Eliminating one of the most common reasons for wanting to use TSM.

22 Confidential

New Feature: Additional commands in Tech Support Mode

vscsciStats is now available in the console.

Output is raw data for histogram.• Use spreadsheet to plot the histogram

Some use cases:• Identify whether IO are

sequential or random• Optimizing for IO Sizes• Checking for disk mis-alignment• Looking at storage latency in more

details

23 Confidential

Summary of new features in ESXi 4.1

Deployment Options• Boot from SAN• Scripted Installation (a la “Kickstart”)

Improved Local Authentication• Built-in Active Directory Service• DCUI and Tech Support Mode access by any authorized user (not just root)

Easier CLI options for troubleshooting• Full support of Tech Support Mode – both local and remote (via SSH)• Additional commands in Tech Support Mode: vscsiStats, nc, tcpdump-uw, etc.• Additional management options in vCLI: SCSI, VAAI, Network, VM

Better control over local activity• DCUI and Tech Support Mode is configurable in vCenter Server• Total host lockdown possible• Activity in Tech Support Mode is sent to syslog

24 Confidential

Availability – HA & FTDRS & DPM

25 Confidential

Availability Feature Summary

HA and DRS Cluster Limitations

High Availability (HA) Diagnostic and Reliability Improvements

Fault Tolerance (FT) Enhancements

vMotion Enhancements

• Performance

• Usability

• Enhanced Feature Compatibility

VM-host Affinity (DRS)

DPM Enhancements

Data Recovery Enhancements

26 Confidential

HA and DRS Cluster Improvements

Increased cluster limitations• Cluster limits are now unified for HA and DRS clusters• Increased limits for VMs/host and VMs/cluster

• Cluster limits for HA and DRS:• 32 hosts/cluster• 320 VMs/host (regardless of # of hosts/cluster)• 3000 VMs/cluster

• Note that these limits also apply to post-failover scenarios. Please be sure that these limits will not be violated even after the maximum configured number of host failovers.

27 Confidential

HA and DRS Cluster Limit

5-host cluster, tolerate 1 host failure• vSphere 4.1 supports 320 VMs/host• Supports 320x5 VMs/cluster? NO• Cluster can only support 320x4 VMs

5-host cluster, tolerate 2 host failures• Supports 320x5 VMs/cluster? NO• Cluster can only support 320x3 VMs

X

X X

28 Confidential

HA Diagnostic and Reliability Improvements

HA Healthcheck Status• HA provides an ongoing healthcheck facility to ensure that the required cluster

configuration is met at all times. Deviations result in an event or alarm on the cluster.

Improved HA-DRS interoperability during HA failover• DRS will perform vMotion to free up contiguous resources (i.e. on one host) so

that HA can place a VM that needs to be restarted

29 Confidential

HA Diagnostic and Reliability Improvements

HA Operational Status• Displays more information about the current HA operational

status, including the specific status and errors for each host in the HA cluster.

30 Confidential

Fault Tolerance (FT) Enhancements

FT fully integrated with DRS• DRS load balances FT Primary and

Secondary VMs. EVC required.

Versioning control lifts requirement on ESX build consistency• Primary VM can run on host with a

different build # as Secondary VM.

Events for Primary VM vs. Secondary VM differentiated• Events logged/stored differently.

Resource Pool

DRS

FT PrimaryVM

FT SecondaryVM

31 Confidential

vMotion Enhancements

• Significantly decreased the overall migration time (time will vary depending on workload)• Increased number of concurrent vMotions:

ESX host: 4 on a 1 Gbps network and 8 on a 10 Gbps network Datastore: 128 (both VMFS and NFS)

• Maintenance mode evacuation time is greatly decreased due to above improvements

32 Confidential

Enhanced vMotion Compatibility Improvements

Usability Improvements• Preparation for AMD Next

Generation w/o 3DNow!: Future AMD CPUs may not support 3DNow!. To prevent vMotion incompatibilities, a new EVC mode is introduced.

• Better handling of powered-on VMs: vCenter Server now uses a live VM's CPU feature set (instead of host's CPU features) to determine migration into an EVC cluster. This will provide better granularity in error detection.

33 Confidential

Enhanced vMotion Compatibility Improvements

Usability Improvements• VM's EVC capability: The VMs tab for hosts and clusters now displays the

EVC mode corresponding to the features used by VMs.

• VM Summary: The Summary tab for a VM lists the EVC mode corresponding to the features used by the VM.

• Earlier Add-Host Error detection: Host-specific incompatibilities are now displayed prior to the Add-Host work-flow when adding a host into an EVC cluster.

34 Confidential


VMs

VM groups

Hosts

Host groups

Rules

OSAPP

“ChassisA” “ChassisB”“ChassisB”“ChassisA”

4-host DRS/HA cluster

OSAPP

OSAPP

OSAPP

OSAPP

“A” “B” “A” “A” “B”

A ChassisA B ChassisB

VM-VM anti-affinity rule enhancement• VM-VM anti-affinity rules can now incorporate more than 2 VMs

35 Confidential

VM-host Affinity (DRS): VM Group

In this example, we are adding the “WinXPsp3” VM to the group.

The group name is “Desktop VMs”

36 Confidential

VM-host Affinity (DRS): ESX Group

Just like we can group VM, we can also group ESX

37 Confidential


38 Confidential

Rule enforcement: 2 options• Required: DRS/HA will never violate the

rule; event generated if violated manually. Only advised for enforcing host-based licensing of ISV apps.• Preferential: DRS/HA will violate the rule if

necessary for failover or for maintaining availability

Required rules

Preferential rules


39 Confidential

VM-host Affinity (DRS): Mapping

40 Confidential

Rules: summary page

The Cluster Settings dialog box now display the new rules type

41 Confidential

DPM Enhancements

Scheduling Distributed Power Management• Turning on/off DPM is now a scheduled task• DPM can be turned off prior to business hours in anticipation for higher

resource demands

Disabling DPM brings hosts out of standby• Eliminates risk of ESX hosts being stuck in standby mode while DPM is

disabled. Ensures that when DPM is disabled, all hosts are powered on and ready to accommodate load increases.

42 Confidential

vSphere Client Plug-In- Ability for seamless switch between multiple backup

appliances- Improved usability and user experience

VMware vSphere 4.1- Improved VSS support for Windows 2008 and

Windows 7: application level quiescing

Destination Storage- Expanded support for DAS, NFS, iSCSI or Fibre

Channel storage plus CIFS shares as destination- Improved deduplication performance

Backup and Recovery Appliance- Support for up to 10 appliances per vCenter Server

instance to allow protection of up to 1000 VMs- File Level Restore client for Linux VMs

VMware vCenter Server

VMware Data Recovery: New Capabilities

43 Confidential

Management

44 Confidential

Management – New Features Summary

vCenter Server

• 32-bit to 64-bit data migration

• Enhanced Scalability

Update Manager

Host Profile Enhancements

Orchestrator

Active Directory Support (Host and vMA)

Management Assistant (vMA)

• Scale and readiness

Converter

• Hyper-V Import

Virtual Serial Port Concentrator

45 Confidential

vCenter Server MUST be hosted on 64-bit Windows OS• 32-bit OS NOT supported as a host OS with vCenter vSphere 4.1

Why the change?• Scalability is restricted by the x86 32 bit virtual address space and moving

to 64 bit will eliminate this problem• Reduces dev and QA cycles and resources (faster time to market)

Two Options1. vCenter Server in a VM running 64-bit Windows OS

2. vCenter Server install on a 64-bit Windows OS

Best Practice – Use Option 1

vCenter Server – Migration to 64-bit

46 Confidential46

Enhanced vCenter Scalability

vSphere 4 vSphere 4.1 RatioVMs per host 320 320 1xHosts per cluster 32 32 1xVMs per cluster 1280 3000 3xHosts per VC 300 1000 3xRegistered VMs per VC 4500 15000 3x+Powered-On VMs per VC 3000 10000 3xConcurrent VI Clients 30 120 4xHosts per DC 100 500 5xVMs per DC 2500 5000 2x

Key Takeaway – Larger VMware users and prospects will interested in 4.1

47 Confidential

Update Manager

Central automated, actionable VI patch compliance management solution

Define, track, and enforce software update compliance for ESX hosts/clusters, 3rd party ESX extensions, Virtual Appliances, VMTools/VM Hardware, online*/offline VMs, templates

Patch notification and recall Cluster level pre-remediation check

analysis and report Framework to support 3rd party IHV/ISV

updates, customizations: mass install, /update of EMC’s PowerPath module

Enhanced compatibility with DPM for cluster level patch operations

Performance and scalability enhancements to match vCenter

48 Confidential

Host Profiles and Orchestrator Enhancements

Host Profiles• Cisco support• PCI device ordering (support for selecting NICs)• iSCSI support• Admin password (setting root password) • PSA configuration

Orchestrator• provides a client and server for 64-bit installations, with an optional 32-bit

client.• performance enhancements due to 64-bit installation

49 Confidential

Management - Other New Features (Continued)

Active Directory Support (Host and vMA)• No need to manage user accounts on ESX or ESXi – “stateless” • Match Hyper-V capability (it can do this today)

Management Assistant• Improved authentication capability – Active Directory support • Transition from RHEL to CentOS

Converter• Allows import of VMs from Hyper-V host

Virtual Serial Port Concentrator• Traditional low-bandwidth, secure remote console approach for managing

servers

50 Confidential


What it is• Redirect VM serial ports over a standard network link• vSPC aggregates traffic from multiple serial ports onto one management

console. It behaves similarly as physical serial port concentrators.

Benefits• Using a vSPC also allows network connections to a VM's serial ports to

migrate seamlessly when the VM is migrated using vMotion• Management efficiencies• Lower costs for multi-host management• Enables 3rd party concentrator integration if required

51 Confidential


52 Confidential


53 Confidential

Virtual Serial Port Concentrator (vSPC)

vSPC, which will act as proxy.

Enables two VMs or a VM and a process on the host tocommunicate as if they were physical machines connected by a serial cable. For example, this can be used for remote debugging on a VM

54 Confidential



Confidential

Q&A


Confidential

Thank You

57 Confidential

Add-on Slides

58 Confidential

Multi-core CPU inside a VM

Click this

59 Confidential


2-core, 4-core, 8 core.No 3-core, 5 core, 6 core, etc

Type this manually

60 Confidential


How to enable (per VM, not batch)• Turn off VM. Can not be done online.• Click Configuration Parameters• Click Add Row and type cpuid.coresPerSocket in the Name column.• Type a value (2, 4, or 8) in the Value column.

The number of virtual CPUs must be divisible by the number of cores per socket. The coresPerSocket setting must be a power of two.

Notes:• If enabled, CPU Hot Add is disabled

61 Confidential


Once enabled, it is not readily shown to administrator

This is not shown easily in the UI. • VM listing in vSphere Client does

not show core

Possible to write scripts• Iterates per VM

Sample tools• CPU-Z• MS SysInternals

62 Confidential

Compatibility

vSphere Client compatibility• Can use the “same” client to access 4.1, 4.0 and 3.5

vCenter LinkedMode• vCenter Server 4.1 and 4.0 can co-exist in Linked Mode• After both versions of vSphere Client are installed, you can access vCenter

Server linked objects with either client. • For Linked Mode environments with vCenter Server 4.0 and vCenter Server

4.1, you must have vSphere Client 4.0 Update 1 and vSphere Client 4.1.

MS SQL Server• Unchanged. 4.1, 4.0 U2, 4.0 U1 and 4.0 have identical support• 32 bit DB is also supported.

63 Confidential

Compatibility

vCenter 4.0 does not support ESX 4.1• Upgrade vCenter before upgrading ESX

vCenter 4.1 does not support ESX 2.5• ESX 2.5 has reached the limited/non support

status

vCenter 4.1 adds support for ESX 3.0.3 U1

64 Confidential

Compatibility

View• Need to upgrade to 4.5• View 4.0 composer is a 32-bit application, while vCenter 4.1 is 64 bit.

SRM• need to upgrade to SRM 4.1• SRM 4.1 supports vSphere 4.0 U1, 4.0 U2 and 3.5 U5• SRM 4.1 needs vCenter 4.1• SRM 4.1 needs 64 bit OS. SRM 4.1 adds support for Win08 R2

CapacityIQ• CIQ 1.0.3 (the current shipping release) is not known to have any issues with

VC 4.1 but you need to use a “–NoVersionCheck” flag when registering CIQ with it.• Still in the process of verifying all of CIQ functionality. Once the full cycle is

over we will issue a 1.0.4 release that does not require using this flag.

65 Confidential

Compatibility: Win08 R2

Windows 2008 R2 is compatible with:• vSphere Client 4.1• vCenter 4.1• Guest OS Customization for 4.0 and 4.1• vCenter Update Manager for Host patching ONLY. It is not yet supported for

Guest OS updates at this time• vCenter Converter• VMware vCenter Orchestrator (vCO) Client and Server, versions 4.1• SRM 4.1

66 Confidential

Support Info

VMware Converter plug-in.

• VMware vSphere 4.1 and its updates/patches are the last releases for the VMware Converter plug-in for vSphere Client.

• We will continue to update and support the free Converter Standalone product

VMware Guided Consolidation.

• VMware vSphere 4.1 and its subsequent update and patch releases are the last major releases for VMware Guided Consolidation.

VMware Update Manager: Guest OS patching

• Update Manager 4.1 and its update are the last releases to support scanning and remediation of patches for Windows and Linux guest OS.

• The ability to perform VM operations such as upgrade of VMware Tools and VM hardware will continue to be supported and enhanced.

VMware Consolidated Backup 1.5 U2

• VMware has extended the end of availability timeline for VCB and added VCB support for vSphere 4.1. VMware supports VCB 1.5 U2 for vSphere 4.1 and its subsequent update and patch releases through the end of their lifecycles.

67 Confidential

Support Info

VMI Paravirtualized Guest OS support.

• vSphere 4.1 is the last release to support the VMI guest OS paravirtualization interface. For information about migrating VMs that are enabled for VMI so that they can run on future vSphere releases, see Knowledge Base article 1013842.

vSphere Web Access.

• vSphere 4.1 is the last product release for vSphere Web Access. As a best practice, VMware recommends that you use the vSphere Client.

Linux Guest OS Customization.

• vSphere 4.1 is the last release to support customization for these Linux guest OS: RedHat Enterprise Linux (AS/ES) 2.1, RedHat Desktop 3, RedHat Enterprise Linux (AS/ES) 3.0, SUSE Linux Enterprise Server 8 Ubuntu 8.04, Ubuntu 8.10, Debian 4.0, Debian 5.0

Microsoft Clustering with Windows 2000 is not supported in vSphere 4.1.

• See the Microsoft Website for additional information.

• Likely due to MSCS with Win2K EOL. Need to double confirm.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1013842

68 Confidential

USB Devices

2 steps:• Add USB Controller• Add USB Devices

69 Confidential

USB Devices

70 Confidential

USB Devices: Supported Devices

Only devices listed on the manual is supported.

Mostly for ISV licence dongle.

External USB drives.• Limited for now

USB Drive

71 Confidential

USB Devices

Up to 20 devices per VM. Up to 20 devices per ESX host.

72 Confidential

Admin client: plug-ins

New plug-in:• Licensing Reporting Manager• Storage Monitoring

73 Confidential

vCenter 4.1 install

New option: Managing the RAM of JVM

vSphere 4.1 New Features and Capabilities ESXi , Availability and Management (Part 2 of 2)

Documents

Transcript of vSphere 4.1 New Features and Capabilities ESXi , Availability and Management (Part 2 of 2)