vmware-vsphere-install-configure-manage-v70

VMware vSphere: Install, Configure, Manage Lecture Manual ESXi 7 and vCenter Server 7 vmware· VMware® Education Services VMware, Inc. www.vmware.com/education CONTENTS Module 1 1 Course Introduction 1-2 Course lntroduction ................................................................................................2 1-3 Importa nce .............................................................................................................3 1-4 Learner Objectives (1) ............................................................................................4 1-5 Learn er Objectives (2) ............................................................................................5 1-6 Course Outline ........................................................................................................6 1-7 Typograph ical Conventions ....................................................................................7 1-8 References (1) .........................................................................................................8 1-9 References (2).........................................................................................................9 1-10 VMware Online Resources ...................................................................................10 1-11 VMware Education Overview ...............................................................................11 1-12 VMware Certification Overview ...........................................................................12 1-13 VMware Badge Overview .....................................................................................13 1-14 Virtual Beans: Introduction ..................................................................................14 Module 2 Introduction to vSphere and the Software-Defined Data Center 15 2-2 Importance ...........................................................................................................16 2-3 Module Lessons ....................................................................................................17 2-4 Virtual Beans: Data Center ...................................................................................18 2-5 Lesson 1: Overview of vSphere and Virtual Machines .........................................19 2-6 Lea rner Objectives ................................................................................................20 2-7 Terminology (1) ....................................................................................................21 2-8 Terminology (2) ....................................................................................................22 2-9 About Virtual Machines ........................................................................................23 2-10 Benefits of Using Virtual Machines ......................................................................24 2-11 Types of Virtualization ..........................................................................................26 Contents 2-12 About the Software-Defi ned Data Center ............................................................27 2-13 vSphere and Cloud Computing .............................................................................29 2-14 About VMware Skyline .........................................................................................31 2-15 VMware Skyline Fam ily ........................................................................................32 2-16 Review of Learner Objectives ...............................................................................34 2-17 Lesson 2: vSphere Virtualizati on of Resources .....................................................35 2-18 Lea rner Objectives................................................................................................36 2-19 Virtual Machine: Guest and Consumer of ESXi Host ............................................37 2-20 Physical and Virtual Architectu re .........................................................................38 2-21 Physical Resource Sharing ....................................................................................39 2-22 CPU Virtua lization .................................................................................................41 2-23 Physical and Vi rtualized Host Memory Usage ......................................................42 2-24 Physical and Virtual Networking ..........................................................................43 2-25 Physical File Systems and Data stores ................................................................... 45 2-26 GPU Virtualization ................................................................................................47 2-27 Review of Learner Objectives ...............................................................................48 2-28 Lesson 3: vSphere User Interfaces .......................................................................49 2-29 Learner Objectives ................................................................................................50 2-30 vSphere User Int erfaces .......................................................................................51 2-31 About VMware Host Client ...................................................................................52 2-32 About vSphere Client............................................................................................53 2-33 About PowerCLI and ESXCLI .................................................................................54 2·34 Lab 1: Accessing the Lab Environment .................................................................55 2-35 Review of Learner Objectives ...............................................................................56 2-36 Lesson 4: Overview of ESXi ...................................................................................57 2~37 Learner Objectives ................................................................................................58 2-38 About ESXi ............................................................................................................59 2-39 Configuring an ESXi Host ......................................................................................61 2-40 Configuring an ESXi Host: Root Access .................................................................62 2·41 Configuring an ESXi Host : Management Network ................................................63 2-42 Configuring an ESXi Host : Other Settings .............................................................64 11 Contents 2-43 Controlling Remote Access to an ESXi Host .........................................................65 2-44 Managing User Accounts: Best Practices .............................................................66 2·45 ESXi Host as an NTP Client ....................................................................................67 2-46 Demonstration : Insta lling and Configuring ESXi Hosts .........................................68 2-47 Lab 2: Configuring an ESXi Host ............................................................................69 2-48 Review of Learner Objectives ...............................................................................70 2-49 Virtual Beans: Data Center ...................................................................................71 2-50 Key~ints .. . . ... . . . . . Module 3 . ...... ....... .. . .............................................................72 73 Virtual Machines 3 ...2 lmportance .. ................................................ .........................................................74 3-3 Module Lessons ....................................................................................................75 3-4 Virtual Beans: Vi rtualizing Workloads ..................................................................76 3-5 Lesson 1: Creati ng Vi rtual Machi nes ....................................................................77 3-6 Learner Obj ectives................................................................................................78 3-7 About Provisioning Virtual Machines ...................................................................79 3-8 Creating VMs w ith the New Virtual Machine Wizard (1) .....................................81 3-9 Creating VMs w ith t he New Virtual Machine Wizard (2) .....................................82 3-10 New Virtual Machine Wizard Settings ..................................................................84 3-11 Installing the Guest Operating System .................................................................85 3-12 Deploying OVF Templ ates ....................................................................................86 3-13 About VMware Tools ............................................................................................87 3-14 Installing VMware Tools .......................................................................................89 3· 15 Downloading VMware Tools ................................................................................90 3-16 Labs .......................................................................................................................91 3-17 Lab 3: Creating a Virtual Machine ........................................................................92 3-18 Lab 4: Installing VMware Tools ............................................................................93 3-19 Review of Learner Obj ectives ...............................................................................94 3-20 Lesson 2: Virtual Machine Hardware Deep Dive ..................................................95 3-21 Learner Objectives................................................................................................96 3-22 Virtual Mach ine Encapsulation .............................................................................97 Contents 111 3-23 About Virtual Machine Files .................................................................................98 3-24 About VM Virtual Hardware ...............................................................................100 3-25 Virtual Hardware Versions .................................................................................102 3-26 About CPU and M emory.....................................................................................103 3-27 About Vi rtual Storage .........................................................................................105 3-28 About Thick-Provisioned Virtual Disks ...............................................................107 3-29 About Thin-Provisioned Virtua l Disks .................................................................108 3-30 Thick-Provisioned and Th in-Provisioned Disks ...................................................109 3-31 About Virtual Networks ......................................................................................110 3-32 About Virtual Network Adapters ........................................................................111 3-33 Other Virtual Devices .........................................................................................114 3-34 About the Virtual Machine Console ...................................................................115 3-35 Lab 5: Adding Virtual Hardware .........................................................................116 3-36 Review of Learner Objectives ............................................................................. 117 3-37 Lesson 3: Introduction to Cont ainers .................................................................118 3-38 Lea rner Objectives..............................................................................................119 3·39 Tradit ional Applica tion Development ................................................................120 3-40 Modern Application Development .....................................................................122 3-41 Benefits of M icroservices and Containerization ................................................123 3-42 Container Term inology ....................................................................................... 124 3-43 About Containers................................................................................................125 3-44 Rise of Cont ainers...............................................................................................126 3 . .45 About Container Hosts .................................. .....................................................127 3-46 Containers at Runtime........................................................................................128 3-47 About Container Engines ....................................................................................129 3-48 Virtual Machines and Containers (1) ..................................................................130 3-49 Virtual Machines and Containers (2) ..................................................................131 3-50 About Kubernet es ..............................................................................................132 3-51 Challenges of Running Kubernetes in Production ..............................................134 3·52 Architecting with Common Application Requiremen ts ...................................... 135 3-53 Review of Learner Objectives .............................................................................136 1v Contents 3-54 Virtual Beans: Virtualizing Workloads ................................................................137 3-55 Key Points ...........................................................................................................138 Module 4 139 vCenter Server 4-2 Importa nce ......................................................................................................... 140 4-3 Module Lessons ..................................................................................................141 4-4 Virtual Beans: vCenter Server Requirements .....................................................142 4-5 Lesson 1: Centralized Management with vCenter Server ..................................143 4-6 Learner Objectives..............................................................................................144 4-7 About the vCenter Server Managem ent Platform .............................................145 4·8 About vCenter Server Appliance ........................................................................ 146 4-9 vCenter Server Services ......................................................................................147 4-10 vCenter Server Architecture ...............................................................................148 4-11 About vCenter Single Sign-On ............................................................................149 4·12 About Enhanced Lin ked Mode ...........................................................................150 4-13 ESXi and vCenter Server Communication ...........................................................151 4-14 vCenter Server Appliance Scalability ..................................................................153 4-15 Review of Learner Objectives .............................................................................154 4-16 Lesson 2: Deploying vCenter Server Appliance ..................................................155 4-17 Lea rner Objectives..............................................................................................156 4-18 Preparing for vCenter Server Appliance Deployment ........................................ 157 4-19 vCenter Server Appliance Native GUI lnstaller ...................................................158 4-20 vCenter Server Appliance Insta llation ................................................................159 4-21 vCenter Server Appliance Installa tion : Stage 1 .................................................. 160 4-22 vCenter Server Appliance Insta llation: Stage 2 ..................................................161 4-23 Getting Sta rted with vCenter Server ..................................................................162 4-24 Configuring vCenter Server Using the vSphere Client ........................................163 4-25 vCenter Server Appliance Management Interface ............................................. 164 4-26 vCenter Server Appliance Multihoming .............................................................165 4-27 Demonstration: Deploying vCenter Server Appliance .......................................166 4-28 Review of Learner Objectives .............................................................................167 Contents v 4-29 Lesson 3: vSphere licensing ............................................................................... 168 4-30 Learner Objectives ..............................................................................................169 4-31 vSphere Licensing Overview ...............................................................................170 4-32 vSphere License Service ..................................................................................... 171 4-33 Adding license Keys to vCenter Server ..............................................................172 4-34 Assign ing a license to a vSphere Component ....................................................173 4-35 Viewing Licensed Features .................................................................................174 4-36 Lab 6: Adding vSphere Licenses ..........................................................................175 4-37 Review of Learner Objectives .............................................................................176 4-38 Lesson 4: Managing the vCenter Server Inventory ............................................177 4-39 learner Objectives ..............................................................................................178 4-40 vSphere Client Shortcuts Page ...........................................................................179 4-41 Using the Navigation Pane .................................................................................180 4-42 vCent er Server Views for Hosts, Clusters, VMs, and Templates ........................ 181 4-43 vCenter Server Views for Storage and Networks ...............................................182 4-44 Viewing Object Information ...............................................................................183 4-45 About Data Center Objects.................................................................................184 4-46 Organizing Inventory Objects into Folders .........................................................185 4-47 Adding a Data Center and Organizational Objects t o vCenter Server ................187 4-48 Adding E5Xi Hosts to vCenter Server ..................................................................188 4-49 Creating Custom Tags for Inventory Obj ect s......................................................189 4-50 Labs .....................................................................................................................190 4-51 Lab 7: Creating and Managing the vCenter Server Inven tory ............................191 4-52 Lab 8: Configuring Active Directory: Joining a Domain ...................................... 192 4-53 Review of Learner Objectives .............................................................................193 4-54 Lesson 5: vCenter Server Roles and Permissions ...............................................194 4-55 Learn er Objectives ..............................................................................................195 4-56 About vCenter Server Permissions .....................................................................196 4-57 About Roles ........................................................................................................197 4-58 About Objects .....................................................................................................199 4-59 Adding Permissions to t he vCent er Server Inventory ........................................200 vi Contents 4-60 Viewing Roles and User Assignments .................................................................201 4-61 Applying Permissions: Scenario 1 .......................................................................202 4-62 Applying Permissions: Scenario 2 .......................................................................203 4-63 Activity: Applying Group Permissions (1) ...........................................................204 4-64 Activity: Applying Group Permissions (2) ...........................................................205 4-65 Applying Permissions: Scenario 3 .......................................................................206 4-66 Applying Perm issions: Scenario 4 .......................................................................207 4-67 Creating a Role ...................................................................................................208 4-68 About Global Permissions ..................................................................................209 4·69 Labs ...................................................... ............................................................... 210 4-70 Lab 9: Configuring Active Directory: Adding an Identity Source ........................211 4-71 Lab 10: Users, Groups, and Permissions ............................................................ 212 4-72 Review of Learner Objectives .............................................................................213 4-73 Lesson 6: Backing Up and Restoring vCenter Server Appliance ......................... 214 4-74 Learner Objectives..............................................................................................215 4-75 Virtual Beans: vCenter Server Operations ..........................................................216 4-76 About vCenter Server Backup and Restore ........................................................217 4-77 Methods for vCenter Server Appliance Backup and Restore .............................218 4-78 File-Based Backup of vCenter Server Appliance .................................................219 4-79 File-Based Restore of vCenter Server Appliance ................................................220 4-80 Scheduling Backups ............................................................................................221 4-81 Viewing the Backup Schedule ............................................................................222 4-82 Demonstration: Backing Up and Restoring a vCenter Server Appliance Instance ..............................................................................................................223 4-83 Review of Learner Objectives .............................................................................224 4-84 Lesson 7: Monitoring vCenter Server and Its lnventory .....................................225 4·85 Learn er Obj ectives..............................................................................................226 4-86 vCenter Server Events ........................................................................................227 4-87 About Log Levels.................................................................................................228 4-88 Setting Log Levels ...............................................................................................229 4-89 Forwarding vCenter Server Appliance Log Files to a Remote Host ....................230 Contents vii 4-90 vCenter Server Database Health ........................................................................231 4-91 Monitoring vCenter Server Appliance ................................................................232 4-92 Monitoring vCenter Server Appliance Services ..................................................233 4-93 Monthly Patch Updates for vCenter Server Appliance ......................................234 4-94 Review of Learner Objectives .............................................................................235 4-95 Lesson 8: vCenter Server High Avai labil ity .........................................................236 4-96 Learn er Obj ectives..............................................................................................237 4-97 Importance of Keeping vCenter Server Highly Available ...................................238 4-98 About vCenter Server High Availabil ity ..............................................................239 4-99 Scena rio: Active Node Failu re ............................................................................240 4-100 Scenario: Passive Node Failu re ...........................................................................241 4-101 Scenario: Witness Node Failure .........................................................................242 4-102 Benefits of vCenter Server High Availability .......................................................243 4-103 vCenter Server High Availability Requirement s .................................................244 4-104 Demonstration: Configuring vCenter Server High Availability ...........................245 4-105 Review of Learner Objectives .............................................................................246 4-106 Virtual Beans: vCenter Server Maint enance and Operations ............................247 4-107 Key Points ...........................................................................................................248 Module 5 Configuring and Managing Virtual Networks 249 5-2 Importance .........................................................................................................250 5-3 Module Lessons ..................................................................................................251 5-4 Virtual Beans: Networki ng Requirements ..........................................................252 5-5 Lesson 1: Introduction to vSphere Standard Switches .......................................253 5-6 Learner Obj ectives ..............................................................................................254 5-7 About Vi rtu al Switches .......................................................................................255 5-8 Types of Virtual Switch Connections ..................................................................256 5-9 Virtual Switch Connection Examples ..................................................................257 5-10 About VLANs .......................................................................................................258 5-11 Types of Virtual Switches ................................................................................... 260 5-12 Adding ESXi Networking .....................................................................................261 viii Contents 5-13 Viewing the Configuration of Standa rd Switches ...............................................262 5-14 Network Adapter Properties ..............................................................................263 5-15 Distributed Switch Architect ure .........................................................................264 5-16 Standard and Distributed Switches: Shared Featu res ........................................265 5-17 Additional Features of Distributed Switches ......................................................266 5-18 Lab 11: Using Standard Switches........................................................................267 5-19 Review of Learner Objectives .............................................................................268 5-20 Lesson 2: Configuring Standa rd Switch Policies .................................................269 5-21 Learner Objectives..............................................................................................270 5-22 Network Switch and Port Policies ......................................................................271 5-23 Configuring Security Policies ..............................................................................272 5-24 Traffic-Shaping Policies.......................................................................................274 5-25 Configuring Tra ffic Shaping ................................................................................275 5-26 NIC Teaming and Failover Policies ......................................................................277 5-27 Load-Balancing Method: Originating Virtual Port 10 ..........................................279 5-28 Load-Balancing Method: Source MAC Hash .......................................................281 5-29 Load-Balancing M ethod: Source and Destination IP Hash .................................283 5-30 Detecting and Handling Network Failure ...........................................................285 5-31 Physical Network Considerations .......................................................................287 5-32 Review of Learner Objectives .............................................................................288 5-33 Virtual Beans: Networking Requirements ..........................................................289 5-34 Key Points ...........................................................................................................290 Module 6 291 Configuring and Managing Virtual Storage 6-2 Importa nce .........................................................................................................292 6-3 Module Lessons ..................................................................................................293 5 . .4 Virtual Beans: Storage ........................................................................................294 6-5 Lesson 1: Storage Concepts ................................................................................295 6-6 Learner Objectives..............................................................................................296 6-7 About Datastores................................................................................................ 297 6-8 Storage Overview ...............................................................................................298 Contents ox 6-9 Storage Protocol Overview .................................................................................300 6-10 About VM FS ........................................................................................................302 6· 11 About NFS ...........................................................................................................304 6-12 About vSAN.........................................................................................................305 6-13 About vSphere Virtual Volum es .........................................................................306 6-14 About Raw Device Mapping ...............................................................................307 6·15 Physica l Storage Considerations.........................................................................308 6-16 Review of Learner Objectives .............................................................................309 6-17 Lesson 2: Fibre Channel Storage ........................................................................310 6-18 Learner Objectives..............................................................................................311 6-19 About Fibre Cha nnel ...........................................................................................312 6-20 Fibre Channel SAN Components ........................................................................313 6-21 Fibre Channel Addressing and Access Control ...................................................315 6-22 Multipathing with Fibre Channel ........................................................................317 6-23 FCoE Adapt ers ....................................................................................................319 6-24 Configuring Software FCoE: Creating VMkernel Ports .......................................320 6·25 Configuring Software FCoE: Activating Software FCoE Adapters.......................321 6-26 Review of Learner Objectives .............................................................................322 6-27 Lesson 3: iSCSI Storage .......................................................................................323 6·28 Learner Objectives ..............................................................................................324 6-29 iSCSI Components ...............................................................................................325 6-30 iSCSI Addressing .................................................................................................327 6-31 Storage Device Naming Conventions .................................................................329 6-32 iSCSI Adapters.....................................................................................................330 6-33 ESXi Network Configuration for IP Storage ........................................................332 6-34 Activating the Softwa re iSCSI Adapt er ...............................................................333 6-35 Discovering iSCSI Targets....................................................................................334 6-36 iSCSI Security: CHAP ...........................................................................................335 6-37 Multipathing with iSCSI Storage .........................................................................337 6·38 Binding VMkernel Port s with the iSCSI lnitiator .................................................338 6-39 Lab 12: Accessing iSCSI Storage ..........................................................................339 x Contents 6-40 Review of Learner Objectives .............................................................................340 6-41 Lesson 4: VM FS Datastores ................................................................................341 6--42 Learner Objectives ..............................................................................................342 6-43 Creating a VM FS Datastore ................................................................................343 6-44 Browsing Datastore Contents.............................................................................344 6-45 About VMFS Datastores .....................................................................................345 6-46 Managing Overcommitted Data stores ...............................................................346 6-47 Increasi ng the Size of VMFS Datastores .............................................................347 6-48 Datastore Maintenance Mode ...........................................................................348 6-49 Deleting or Unmounting a VM FS Datastore .......................................................349 6-50 Multipathing Algorithms ....................................................................................351 6-51 Co nfiguring Storage Load Balancing ...................................................................352 6-52 Lab 13: Managing VMFS Oatastores ...................................................................354 6-53 Review of Learner Objectives .............................................................................355 6-54 Lesson 5: NFS Datastores ...................................................................................356 6-55 Lea rner Objectives ..............................................................................................357 6-56 NFS Components ................................................................................................358 6-57 NFS 3 and NFS 4.1 ...............................................................................................359 6-58 NFS Version Compatibility with Other vSphere Technologies ...........................360 6-59 Configuring NFS Oatastores ................................................................................362 6-60 Configuring ESXi Host Authentication and NFS Kerberos Credentials ...............363 6-61 Configuring the NFS Datastore to Use Kerberos ................................................365 6-62 Unmounting an NFS Datastore ...........................................................................366 6-63 Multipathing and NFS Storage ...........................................................................367 6-64 Enabling Multipathing for NFS 4.1......................................................................369 6-65 Lab 14: Accessing NFS Storage ...........................................................................370 6-66 Review of Learner Objectives .............................................................................371 6-67 Lesson 6: vSAN Dat astores .................................................................................372 6-68 Learner Objectives ..............................................................................................373 6-69 About vSAN Datastores ......................................................................................374 6-70 Disk Groups .........................................................................................................375 Contents x1 6-71 vSAN Hardware Req uirements ...........................................................................376 6-72 Viewing the vSAN Datastore Summary ..............................................................378 6-73 Objects in vSAN Datastores ................................................................................379 6-74 VM Storage Policies ............................................................................................380 6-75 Viewing VM Settings for vSAN Information .......................................................381 6-76 Lab 15: Using a vSAN Datastore .........................................................................382 6-77 Review of Learner Objectives .............................................................................383 6-78 Virtual Beans: Storage ........................................................................................384 6-79 Activity: Using vSAN Storage at Virtual Beans (1) ..............................................385 6-80 Activity: Using vSAN Storage at Virtual Beans (2) ..............................................386 6-81 Key Points ...........................................................................................................387 Module 7 Virtual Machine Management 389 7-2 Importa nce .........................................................................................................390 7-3 Module Lessons ..................................................................................................391 7-4 Virtual Beans: VM Management ........................................................................392 7-5 Lesson 1: Creating Templates and Clones ..........................................................393 7-6 Learn er Objectives..............................................................................................394 7-7 About Te mplat es ................................................................................................395 7-8 Creating a Template: Clone VM to Template .....................................................396 7·9 Creating a Template: Convert VM to Template .................................................397 7-10 Creating a Template: Clone a Template .............................................................398 7-11 Updating Templates ...........................................................................................399 7-12 Deploying VMs from a Templa te ........................................................................400 7-13 Cloning Virtual Machines....................................................................................401 7-14 Guest Operating System Customization .............................................................402 7· 15 About Customization Specifications ...................................................................403 7-16 Customizing the Guest Operating System ..........................................................404 7-17 About Instant Clones ..........................................................................................405 7-18 Use Cases for Instant Clones ..............................................................................406 7-19 Lab 16: Using VM Templa tes: Creat ing Templates and Deploying VMs ............407 xn Contents 7-20 Review of Learner Objectives .............................................................................408 7-21 Lesson 2: Working with Cont ent Libraries..........................................................409 7·22 Learner Objectives ..............................................................................................410 7-23 About Content Libraries .....................................................................................411 7-24 Benefits of Content Libraries ..............................................................................412 7-25 Types of Content Libraries ..................................................................................413 7-26 Adding VM Templates to a Content Library .......................................................415 7-27 Deploying VMs from Templates in a Content Library ........................................416 7-28 Lab 17: Using Cont ent Libraries ..........................................................................417 7-29 Review of Learner Objectives .............................................................................418 7-30 Lesson 3: Modifying Virtual Machines ...............................................................419 7-31 Lea rner Objectives ..............................................................................................420 7-32 Modifying Virtual Machine Settings ...................................................................421 7-33 Hot-Pluggable Devices ........................................................................................423 7-34 Dynamically Increasing Vi rtual Disk Sile ............................................................425 7-35 Inflating Thin-Provisioned Disks .........................................................................426 7-36 VM Options: General Settings ............................................................................427 7-37 VM Options: VMware Tools Settings .................................................................428 7-38 VM Options: VM Boot Settings...........................................................................429 7..39 Removing VMs ....................................................................................................431 7-40 Lab 18: Modifying Virtual Machines ...................................................................432 7-41 Review of Learner Obj ectives .............................................................................433 7-42 Lesson 4: M igrating VMs with vSphere vMotion ...............................................434 7-43 Learn er Objectives ..............................................................................................435 7-44 About VM Migration ...........................................................................................436 7·45 About vSphere vMotion .............................. .......................................................437 7-46 Enabling vSphere vMotion .................................................................................438 7-47 vSphere vMotion M igration Workflow ..............................................................439 7-48 VM Requirements for vSphere vMotion M igration ...........................................441 7-49 Host Requirements for vSphere vMotion Migration (1) ....................................442 7-50 Host Requirements for vSphere vMotion Migration (2) ....................................443 Contents xiii 7-51 Checking vSphere vMotion Errors ......................................................................444 7-52 Encrypted vSphere vMotion ...............................................................................445 7-53 Cross vCenter Migrations ...................................................................................446 7-54 Cross vCenter M igration Requ irements .............................................................447 7-55 Network Checks for Cross vCenter Migrations ..................................................448 7-56 VMkernel Networking Layer and TCP/IP Stacks .................................................449 7-57 vSphere vMotion TCP/IP Stacks .........................................................................451 7-58 long-Distance vSphere vMotion Migration .......................................................452 7-59 Networking Prerequisites for Long-Distance vSphere vMotion ......................... 453 7-60 Lab 19: vSphere vMotion Migrations .................................................................454 7-61 Review of Learner Objectives .............................................................................455 7-62 Lesson 5: Enhanced vMotion Compatibility ....................................................... 456 7-63 Learner Objectives ..............................................................................................457 7-64 CPU Constraints on vSphere vMotion M igration ...............................................458 7-65 About Enhanced vMotion Compatibility ............................................................459 7-66 Enhanced vMotion Compatibi lity Cluster Requirements ...................................461 7-67 Enabling EVC Mode on an Existing Cluster .........................................................462 7-68 Changing the EVC Mode for a Cluster ................................................................463 7-69 Virtual Machine EVC Mode ................................................................................464 7-70 Review of Learner Objectives .............................................................................465 7-71 lesson 6: Migrating VMs with vSphere Storage vMotion ..................................466 7-72 Learner Objectives..............................................................................................467 7-73 About vSphere Storage vMotion ........................................................................468 7-74 vSphere Storage vMotion In Action ...................................................................469 7-75 Identifying Storage Arrays That Support vSphere Storage APls - Array Integra tion ...................................................... ....................................................471 7-76 vSph ere Storage vMotion Guidelines and Limitations .......................................472 7-77 Changing Both Compute Resource and Storage During Migration (1) ..............473 7-78 Changing Both Compute Resource and Storage During Migration (2) ..............474 7·79 Lab 20: vSphere Storage vMotion Migrations ....................................................475 7-80 Review of Learner Objectives .............................................................................476 xov Contents 7-81 lesson 7: Creating Virtual Machine Snapshots ..................................................477 7-82 Learner Objectives..............................................................................................478 7·83 VM Snapshots .....................................................................................................479 7-84 Taking Snapshots ................................................................................................480 7-85 Types of Snapshots .............................................................................................481 7-86 VM Snapshot Files ..............................................................................................483 7-87 VM Snapshot Files Example (1) ..........................................................................485 7-88 VM Snapshot Files Example (2) ..........................................................................486 7-89 VM Snapshot Files Example (3) ..........................................................................487 7-90 Managing Snapshots ..........................................................................................488 7-91 Deleting VM Snapshots (1) .................................................................................490 7-92 Deleting VM Snapshots (2) .................................................................................491 7-93 Deleting VM Snapshots (3) .................................................................................492 7-94 Delet ing All VM Snapshots .................................................................................493 7-95 About Snapshot Consolidation ...........................................................................494 7-96 Discovering When to Consolidate Snapshots .....................................................495 7-97 Consolidating Snapshots ....................................................................................496 7-98 Lab 21: Working with Snapshots ........................................................................497 7-99 Review of Learner Objectives .............................................................................498 7-100 Lesson 8: vSphere Replication and Backu p ........................................................499 7-101 learner Objectives ..............................................................................................500 7-102 About vSphere Replication .................................................................................501 7-103 About the vSphere Replication Appliance ..........................................................502 7-104 Replication Functions .........................................................................................504 7-105 Deploying the vSphere Replication Appliance ...................................................505 7-106 Configuring vSphere Replication for a Single VM ...............................................506 7-107 Configuring Recovery Point Objective and Point in Time Instances ..................507 7-108 Recovering Replicat ed VMs ................................................................................508 7-109 Backup and Restore Solution for VMs ................................................................510 7-110 vSphere Storage AP ls - Data Protection: Offloaded Backup Processing ............511 7-111 vSphere Storage APls - Data Protection: Changed-Block Tracking ....................513 Contents xv 7-112 Review of Learner Objectives .............................................................................514 7-113 Activity: Virtual Beans VM Management (1) ......................................................515 7-114 Activity: Virtual Beans VM Management (2) ......................................................516 7-115 Activity: Virtual Beans VM Management (3) ......................................................517 7-116 Key Points ...........................................................................................................518 Module 8 Resource Management and Monitoring 519 8·2 Importance .........................................................................................................520 8-3 Module Lessons ..................................................................................................521 8-4 Virtual Beans: Resource Management and Monitoring .....................................522 8-5 Lesson 1: Virtual CPU and Memory Concepts ....................................................523 8-6 Learner Objectives..............................................................................................524 8-7 Memory Virtualization Basics .............................................................................525 8-8 VM Memory Overcommitment ..........................................................................526 8-9 Memory Overcommit Techniques ......................................................................528 8-10 Configuring Multicore VMs ................................................................................530 8-11 About Hyperthreading ........................................................................................532 8-12 CPU Load Balancing ............................................................................................533 8-13 Review of Learner Objectives .............................................................................534 8-14 Lesson 2: Resource Controls...............................................................................535 8-15 Learner Objectives..............................................................................................536 8-16 Reservations, Limits, and Shares ........................................................................537 8-17 Resource Allocation Reservations: RAM ............................................................538 8-18 Resource Allocation Reservations: CPU .............................................................539 8-19 Resource Allocation Limits .................................................................................540 8-20 Resource Allocation Shares ................................................................................541 8-21 Resource Shares Example (1) .............................................................................542 8-22 Resource Shares Example (2) .............................................................................543 8-23 Resource Shares Exam ple (3) .............................................................................544 8-24 Resource Shares Exam ple (4) .............................................................................545 8-25 Defining Resource Allocation Settings for a VM .................................................546 xvi Contents 8-26 Viewing VM Resource Allocation Settings ..........................................................547 8-27 Lab 22: Controlling VM Resources .....................................................................548 8~28 Review of Learner Objectives .............................................................................549 8-29 Lesson 3: Resource Monitoring Tools ................................................................550 8-30 Lea rner Objectives..............................................................................................551 8-31 Performance-Tuning Methodology ....................................................................552 8-32 Resource-Monitoring Tools ................................................................................553 8-33 Guest Operating System Monitoring Tools ........................................................554 8-34 Using Perfmon to Monitor VM Resources .........................................................555 8-35 Using esxtop to Monitor VM Resources .............................................................556 8-36 Monitoring Inventory Objects with Performance Charts ...................................557 8-37 Working with Overview Performance Charts .....................................................558 8-38 Working with Advanced Performance Charts ....................................................559 8-39 Chart Options: Real-Time and Historical ............................................................560 8-40 Chart Types: Bar and Pie ....................................................................................562 8-41 Chart Types: Line ................................................................................................563 8-42 Chart Types: Stacked ..........................................................................................564 8-43 Chart Types: Stacked Per VM .............................................................................565 8-44 Saving Charts ......................................................................................................566 8-45 About Objects and Cou nters ..............................................................................567 8-46 About Statistics Types ........................................................................................568 8-47 About Rollup .......................................................................................................569 8-48 Review of Learner Objectives .............................................................................571 8-49 Lesson 4: Monitoring Resource Use ...................................................................572 8-50 Learner Objectives ..............................................................................................573 8-51 Interpreti ng Data from Tools ..............................................................................574 8-52 CPU-Constrained VMs (1) ...................................................................................575 8-53 CPU-Constrained VMs (2) ...................................................................................577 8-54 Memory-Constrained VMs (1) ............................................................................578 8-55 Memory-Constrained VMs (2) ............................................................................579 8-56 Memory-Constrained Hosts ...............................................................................580 Contents xvii 8-57 Disk-Constrained VMs ........................................................................................581 8-58 Monitoring Disk Latency.....................................................................................582 8-59 Network-Constrained VMs .................................................................................583 8-60 Lab 23: Monitoring Virtual Machine Performance ............................................584 8-61 Review of Learner Objectives .............................................................................585 8-62 Lesson 5: Using Alarms .......................................................................................586 8-63 Learn er Objectives ..............................................................................................587 8-64 About Alarms ......................................................................................................588 8-65 Predefined Alarms (l) ......................................................................................... 589 8-66 Predefined Alarms (2) .........................................................................................590 8-67 Creating a Custom Alarm ....................................................................................591 8-68 Defining the Alarm Target Type .........................................................................592 8-69 Defining the Alarm Rule: Trigger (1) ...................................................................593 8-70 Defining the Alarm Ru le: Trigger (2} ...................................................................594 8-71 Defining the Alarm Ru le: Setti ng the Notification ..............................................595 8-72 Defining the Alarm Reset Rules ..........................................................................596 8-73 Enabling the Alarm .............................................................................................597 8-74 Configuring vCenter Server Notifications ...........................................................598 8-75 Lab 24: Using Alarms ..........................................................................................599 8-76 Review of Learner Objectives .............................................................................600 8-77 Activity: Virtual Beans Resource Monitoring (1) ................................................601 8-78 Activity: Virtual Beans Resource Management and Monitoring (2) ..................602 8-79 Key Points ...........................................................................................................603 Module 9 vSphere Clusters 605 9-2 Importance .........................................................................................................606 9 -3 Module Lessons ..................................................................................................607 9-4 Virtual Beans: vSphere Clusters .........................................................................608 9-5 Lesson 1: vSphere Clust ers Overview .................................................................609 9-6 Lea rner Objectives ..............................................................................................610 9-7 About vSphere Clusters ......................................................................................611 xviii Contents 9-8 Creating a vSphere Clust er and Enabl ing Clust er Features ................................612 9-9 Configuring the Cluster Using Quickstart ...........................................................613 9-10 Configuring the Cluster Manually .......................................................................615 9-11 Adding a Host to a Cluster ..................................................................................616 9-12 Viewing Cluster Summary Information ..............................................................617 9-13 Monitoring Cluster Resou rces ............................................................................618 9-14 Review of Learner Objectives .............................................................................619 9-15 Lesson 2: vSphere DRS........................................................................................620 9-16 Learner Objectives..............................................................................................621 9-17 About vSphere DRS.............................................................................................622 9-18 vSphere DRS: VM Focused..................................................................................623 9-19 About the VM DRS Score ....................................................................................624 9-20 VM DRS Score List ...............................................................................................625 9-21 Viewing VM DRS Scores Using Performance Charts (1) .....................................626 9-22 Viewing VM DRS Scores Using Performance Chart s (2) .....................................627 9-23 Viewing vSphere DRS Setti ngs ............................................................................628 9·24 vSphere DRS Settings: Automation Level ...........................................................629 9-25 vSphere DRS Settings: Migration Threshold .......................................................630 9-26 vSphere DRS Settings: Pred ictive DRS ................................................................632 9-27 vSphere DRS Settings: VM Swap File Location ...................................................633 9-28 vSphere DRS Setti ngs: VM Affinity .....................................................................634 9-29 vSphere DRS Settings: DRS Groups .....................................................................635 9-30 vSphere DRS Settings: VM-Host Affinity Rules ...................................................636 9-31 VM-Host Affinity Preferential Rules ...................................................................637 9-32 VM-Host Affinity Required Rules ........................................................................638 9-33 vSphere DRS Set tings: VM-Level Automation ....................................................639 9-34 vSph ere DRS Cluster Requirement s ...................................................................640 9-35 Viewing vSphere DRS Cluster Resource Utilization ............................................641 9-36 Viewing vSphere DRS Recommendations ..........................................................642 9-37 Maintenance Mode and Sta ndby Mode ............................................................643 9-38 Removing a Host from the vSphe re DRS Cluster ................................................644 Contents xix 9-39 vSphere DRS and Dynam ic DirectPath 1/0 ......................................................... 645 9-40 Adding a Dynamic DirectPath 1/0 Device to a VM .............................................646 9-41 Lab 25: Implement ing vSphere DRS Clusters .....................................................647 9-42 Review of Learner Objectives .............................................................................648 9-43 Lesson 3: Introduction to vSphere HA ................................................................649 9-44 Learner Objectives ..............................................................................................650 9-45 Protection at Every Level ....................................................................................651 9-46 About vSphere HA ..............................................................................................653 9-47 vSphere HA Scenario: ESXi Host Failure .............................................................654 9-48 vSphere HA Scenario: Guest Operating System Fai lure .....................................655 9-49 vSphere HA Scenario: Application Failure ..........................................................656 9-50 vSphere HA Scenario: Datastore Accessibility Failures ......................................657 9-51 vSphere HA Scenario: Protecting VMs Against Network lsolation .....................659 9-52 Importa nce of Redundant Heartbeat Networks ................................................660 9-53 Redundancy Using NIC Teaming.........................................................................661 9-54 Redundancy Using Add itional Networks ............................................................662 9-55 Review of Learner Objectives .............................................................................663 9-56 Lesson 4: vSphere HA Arch itecture ....................................................................664 9-57 Learner Objectives ..............................................................................................665 9-58 vSphere HA Architectu re : Agent Communication ..............................................666 9-59 vSphere HA Architectu re: Network Heartbeats .................................................669 9-60 vSphere HA Architectu re: Datastore Heartbeats ...............................................670 9-61 vSphere HA Fa ilure Scenarios .............................................................................671 9-62 Failed Subordinat e Hosts....................................................................................672 9-63 Failed Master Hosts ............................................................................................674 9·64 Isolated Hosts .....................................................................................................675 9-65 VM Storage Failures ...........................................................................................676 9-66 Protecti ng Against Storage Fa ilures with VMCP .................................................677 9-67 vSphere HA Design Considerations ....................................................................678 9-68 Review of Learner Objectives .............................................................................679 9-69 Lesson 5: Configuring vSphere HA......................................................................680 xx Contents 9-70 learner Objectives..............................................................................................681 9-71 vSphere HA Prerequisites ...................................................................................682 9-72 Configuring vSphere HA Settings ........................................................................683 9-73 vSphere HA Settings: Failures and Responses ....................................................684 9-74 vSphere HA Settings: VM Monitoring ................................................................686 9-75 vSphere HA Settings: Heartbeat Datastores ......................................................687 9-76 vSphere HA Settings: Admission Control ............................................................688 9-77 Example: Admission Control Using Clust er Resources Percentage ....................690 9-78 Example: Admission Control Using Slots (1) .......................................................691 9-79 Example: Admission Control Using Slots (2) .......................................................692 9-80 vSphere HA Set tings: Performance Degradation VMs Tolerate .........................693 9-81 vSphere HA Setting: Default VM Restart Priority ...............................................695 9-82 vSphere HA Settings: Advanced Options ............................................................696 9-83 vSphere HA Settings: VM-level Settings ............................................................697 9-84 About vSphere HA Orchestrated Restart ...........................................................698 9-85 VM Dependencies in Orchestrated Restart (1) ..................................................699 9-86 VM Dependencies in Orchestrated Restart (2) ..................................................700 9-87 Network Configuration and Maintenance .........................................................701 9-88 Monitoring vSphere HA Cluster Status ...............................................................702 9-89 Using vSphere HA with vSphere DRS ..................................................................703 9-90 Lab 26: Using vSphere HA...................................................................................704 9-91 Review of Learner Objectives .............................................................................705 9-92 Lesson 6: Introduction to vSphere Fa ult Tolerance............................................706 9-93 Learn er Objectives ..............................................................................................707 9-94 About vSphere Fault Tolerance ..........................................................................708 9-95 vSphere Fault Tolerance Features ......................................................................709 9-96 vSphere Fault Tolerance with vSphere HA and vSphere DRS.............................710 9-97 Redundant VMDK Files .......................................................................................711 9-98 vSphere Fault Tolerance Checkpoint ..................................................................712 9-99 vSphere Fault Tolerance: Precopy ......................................................................713 9-100 vSphere Fault Tolera nce Fast Checkpoint ing .....................................................714 Contents xxi 9-101 vSphere Fault Tolerance Shared Files.................................................................715 9-102 Enabling vSphere Fa ult Tolerance o n a VM ........................................................716 9· 103 Review of Learner Objectives .............................................................................717 9· 104 Activity: Virtual Beans Clusters (1) .....................................................................718 9-105 Activity: Virtual Bea ns Clust ers (2) .....................................................................719 9-106 Key Points ...........................................................................................................720 Module 10 vSphere Lifecycle Management 721 10-2 Importance .........................................................................................................722 10-3 Module Lessons ..................................................................................................723 10·4 Virtual Beans: Lifecycle Management ................................................................724 10-5 Lesson 1: vCenter Server Update Planner ..........................................................725 10-6 Learner Objectives..............................................................................................726 10-7 Overview of vCenter Server Update Planner .....................................................727 10-8 Update Pl anner Requirements ...........................................................................728 10-9 Update Planner View in the vSphere Client .......................................................729 10-10 Interopera bility View in vSphere Client .............................................................730 10-11 Exporting Report Result s ....................................................................................731 10-12 Managing t he vCenter Server Life Cycle .............................................................732 10-13 Review of Learner Objectives .............................................................................733 10·14 Lesson 2: Overview of vSphere Lifecycle Manager ............................................734 10-15 Lea rner Objectives ..............................................................................................735 10-16 Introduct ion to vSphere Lifecycle Manager .......................................................736 10-17 Baselines and Images ................................... ......................................................737 10-18 vSphere Lifecycle Manager Home View .............................................................738 10-19 Patch Settings .....................................................................................................739 10-20 vSphere Lifecycle Manager Int egrat ion with vSphere DRS................................740 10-21 Review of Learner Objectives .............................................................................741 10-22 Lesson 3: Working with Baselines ......................................................................742 10·23 Lea rner Objectives..............................................................................................743 10-24 Ba selines and Baseline Groups ...........................................................................744 xxii Contents 10-25 Creating and Editing Patch or Extension Baselines ............................................745 10-26 Creating a Baseline .............................................................................................746 10-27 Creating a Baseline: Name and Description .......................................................747 10-28 Creating a Baseline: Select Patches Automatically.............................................748 10-29 Creating a Baseline: Select Patches Manually ....................................................749 10-30 Updating Your Host or Cluster with Baselines ...................................................750 10-31 Remediation Precheck........................................................................................751 10-32 Remediating Hosts..............................................................................................752 10-33 Review of Learner Objectives ............................................................................. 753 10-34 Lesson 4: Working with lmages ..........................................................................754 10-35 Learner Objectives ..............................................................................................755 10-36 Elements of ESXi lmages.....................................................................................756 10-37 Image Oepots......................................................................................................758 10-38 Importi ng Updates .............................................................................................759 10-39 Using Images to Perform ESXi Host Life Cycle Operations .................................760 10-40 Creating an ESXi Image for a New Cluster ..........................................................761 10-41 Checking Image Compliance ...............................................................................762 10-42 Ru nning a Remediation Precheck.......................................................................763 10-43 Hardware Compatibility .....................................................................................764 10..4.4 Standalone VIBs ..................................................................................................765 10-45 Remediating a Cluster Aga inst an lmage ............................................................766 10-46 Reviewing Remediation lmpact ..........................................................................767 io ..47 Recomm ended Images .......................................................................................768 10-48 Viewing Recommended Images .........................................................................769 10-49 Selecting a Recommended Image ......................................................................771 10-50 Customizing Cluster Images ...............................................................................772 10-51 Lab 27: Using vSphere Lifecycle Manager ..........................................................773 10-52 Review of LearnerObjectives .............................................................................774 10-53 Lesson 5: Managing the Life Cycle of VMwa re Tools and VM Hardware...........775 10·54 Learner Objectives..............................................................................................776 10-55 Keeping VMware Tools Up To Date ....................................................................777 Contents xxiii 10-56 Upgrading VMware Tools (1) ..............................................................................778 10-57 Upgrading VMware Tools (2) ..............................................................................779 10-58 KeepingVM Hardware Up To Date ....................................................................780 10-59 Upgrading VM Hardware (1) ..............................................................................781 10-60 Upgrading VM Hardware (2) ..............................................................................782 10-61 Review of Learner Objectives .............................................................................783 10-62 Virtual Beans: Conclusion ...................................................................................784 10-63 Key Points ...........................................................................................................785 xxiv Contents Module 1 Course Introduction VMware vSphere 7.0: Install, Configure, Manage Module 1: Course lntroduction1 1-2 Course Introduction Course Introduction vmware· 2 Module 1: Course Introduction 1-3 Importance As a vSphere administrator. you require knowledge about vSphere components and resources and how they work together in your environment. You also require practical skills in installing, deploying, and managing these components and resources. By developing your knowledge and skills, you can build and run a highly scalable vSphere virtual infrastructure. Module 1: Course lntroduction3 1-4 Learner Objectives ( 1) After compleUng this course. you should be able to meet the following objectives: Install and configure ESXi hosts Deploy and configure \'Center Server Appliance Use the vSphere Client to manage the vCenter Server inventory and the vCenter Server configuration Create virtual netwotl<s with vSphere standard switches Describe the storage technologies supported by vSphere Configure virtual storage using iSCSI and NFS storage Create and manage VMFS datastores Use the vSphere Client to create virtual machines, templates, clones, and snapshots Create a content library for deploying virtual machines 4 Module 1: Course Introduction 1-5 Learner Objectives (2) Manage virtual machine resource use Migrate virtual machines with vSphere vMotion and vSphere Storage vMotion Create and manage a vSphere cluster that is enabled with vSphere HA and vSphere ORS Use vSphere Lifecycle Manager to perform upgrades to ESXi hosts and virtual machines Module 1: Course Introductions 1-6 Course Outline 1. Course l nlroduction 7. Virtual Machine Management 2. Introduction to vSphere and the SoftwareDefined Dala Center 8. Resource Management and Monitoring 9. vSphere Clusters 3. Virtual Machines 4. vCenter Server 10.vSphere Lifecycle Management 5. Configuring and Managing Vi.rtual Nel\vorks 6. Configuring and Managing Virtual Storage 6 Module 1: Course Introduction 1-7 Typographical Conventions The following typographical conventions are used in this course. Conventions Usage and Examples ?'1on ospace loent1f;e$ command names. command options, parameters, oode fragments, error message$, filenames folder names. dif&e-tol)' names and paih names· • Run thoe!>xlopco1nmand. found 10 the var/log/messagesfde Monospace Bold Identifies user inputs: Boldface Identifies oser interface controls • Cl•ck me Configuration tab Italic ldent1f1es hook ti1fes • Enter ipconf i g I release • vSphere Virtual Machine Administration <> Indicates ptaceholdervanables <ESX1_host_name~ the SettJ ngs/<Yo1Jr Name> . t x t file Module 1 : Course Introduction 7 1-8 References ( 1) Title Location vSphere Installation and Serup vcenrer SeNer and Hos1 Management titfps:tfdocs.vmw@re.com'en.'VMware.vSphere/index html vSphere Virtual Machine https .//docs.vmv.•are.comrenN~~·,yare- Administration vSpherel7 Ofcom .vmware vsphere.vm a<fmln_doc/GUTD·55238059912E·411F=AOE9-A7A536972A91 html ht1PS:lldocs.\IJTTIA•are.com/enNM•Na.reVSpherel7.0/com.vmv.•are.ysphere.networking.dociGUID-35B40BOBOC13-43B2-BC85· 18C9C9 \BE204.html httpsJ/docs.vmware.eornlenNMwareVSphe!eJ7 .O/com.vmware.vsohere.stor.age.doctGU D~8AE8875820C1-4873.99C7-181 EF9ACFA70 html vSphere Networking vSphere Storage 8 http§. IIdocs.\11"11Ware.corrlellNMwarevSOOeref7 Ofcom vmware vsphere vtenterfJQsl doc/GUID·3B5AF2B t• C534-44?6·697A·D14019AQ01 OF him! Module 1: Course Introduction 1-9 References (2) Title Location vSphere Security tlttps ·tidocs .vmwsre.oom'en.'VMwareVSphel'ef7 Otcom vmware vspllere secunty docJGUI0°52188148C079-4F!ll\·8~Jli-CF!lCEODQ21!17 him! httQs;l!docs.vnlWare.corrVenNMwareVSpheref7 Olcom vmware.vsphere resmgmt doc,'GUID·98BD5A8A· 200A·494F. flAAE·7•781F5C4B87 html vSphere Resource Management VMware Compatibility Guide httos;/tvmware.com/resources/compatibility VMware Configul'8bon t.1al(imums hfu>f;-nconfigma1t vmware com Module 1: Course lntroduction9 1-10 VMware Online Resources Documentation for vSphere: https.//docs.vmware.coml VMware Communities: http://communities.vmware.com Start a discussion. Access the knowledge base. Access documentation, technical papers, and compatibility guides. Access communities. Access user groups. VMware Support: http l/www vmware com/support VMware Hands-on Labs: http·//hol.vmware,com VMware Education: http;//Www vmware comleducat1on • Access course catalog and worldwide course schedule. 10 Module 1: Course Introduction 1-11 VMware Education Overview Your instructor will introduce other Education Services offerings available to you: VMware Learning Paths: - Help you find the course that you need based on the product, your role, and your level of experience - Can be accessed al hUps //\lmware co!!]/educa!JQD VMware Learning Zone, which is the official source of digital training, includes the following options: - On-Demand Courses: Self-paced learning that combines lecture modules with hands-on practice laoo - VM\vare Lab Connect: Self-paced. technical lab environment that lets you practice skills learned during instructor-led training - Celtification Exam Prep: Comprehensive video-based reviews of exam topics and objectives to help you take your certification exam For more information, see httos//vmwarelearn1ngzone_vm\'lare.com. Module 1: Course lntroduction11 1-12 VMware Certification Overview VMware certifications validate your expertise and recognize vcDx \IM#t, • ~ D•tClfl E""'"' ""fWlllcl your technical knov1ledge and skills with VMware technology. VC IX ,v,,~,o cc•ll'"·j ''<-•C"•:t1ot , £•r.cn ......l ...><>t' , ,~.,.., VCAP ""'"'"'~Ce~ "°""'v.~J Ptol'~.$o:<'Oll ~~~~~~~~~~~~~~~~~- 0...>,,Ill VCP De~!Oy I \.°M"'!f~ (Cf111~ "'tO'M510nto' Alll'llnlW~l>O'I VCA ·:~n·'~-".<.;.:>;1;.rn -- --- -"i"'~" ------ 1',,...,,,,,..r<; ~l"tl llr".,..•"1~1'(1>1>9 I ..... .... ""'"' VOk~ \ltll•• llotlinn Technology Tracks VMware certification sets the standards for IT professionals who work with VMware technolo!,'Y· Certifications are grouped into technology tracks. Each track offers one or more levels of certification (up to five levels). For the complete list of certifications and details about how to attain these certifications, see https: //\ 111\\'are. co111/ce 11i tic at ion. 1 12 Module 1: Course Introduction 1-13 VMware Badge Overview VMware badges are digftal emblems of skills and achievements. vmware· vmware Pf:IOFUSIQNAL tt1PlEM£NTATION EXPERT ti.-11- QI l 0 Ull "11 1 ""4~ IA•1cr. X1X1 vmware· SP£ClALIST ... . . vmware IT A<;ADt;.MY fh .. ..-~ .. I Digital badges have the following features: • Easy to share in social media (Linkcdlo, Twitter, facebook, biogs, and so on) • Tetl1ered to VMware to validate and verify achievement • Contain metadata with skill tags and accomplishments • Based on lvlozilla's Open Badges s tandard For the complete list of digital badges, sec hup:iiww\\ .pcarson,uc.comlv111warcibad>!ing. Module 1: Course lntroduction13 1-14 Virtual Beans: Introduction Virtual Beans is a coffee company that owns a chain of cyber cares. Each care sells coffee drinks, snacks, and packaged coffee beans. Each cafe Is also equipped with a variety or video games and high-speed Internet access. Virtual Beans has an online store (vmbeans.com)where you can purchase coffee beans and various accessories. Virtual Beans is a last-growing company. After much success over the years, it went from a single, small cafe to a company that owns a chain of cafes spanning multiple cities. The online web store is also a huge success. Virtual Beans recently purchased vSphere 7 for its data center. You work as a system administrator al Virtual Beans. You will be part of the IT team in charge of deploying vSphere 7 in the data center. You are new to vSphere, but you have two years experience \Vorking for Virtual Beans. 14 Module 1: Course Introduction Module 2 Introduction to vSphere and the Software-Defined Data Center Module 2 : Introduction to vSphere and the Software-Defined Data Center Module 2: Introduction to vSphere and the Software-Defined Data Center 15 2-2 Importance As a vSphere administrator, you must be familiar with the components on v1hich vSphere is based. You must also understand the following concepts: Virtualization, the role of the ESXi hypelVisor in virtualization and virtual machines Fundamental VSphere components and the use of vSphere in the software-defined data center Use of vSphere clients to administer and manage vSphere environments 16 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-3 1. 2. 3. 4. Module Lessons Overview of vSphere and Virtual Machines vSphere Virtualization of Resources vSphere User Interfaces Overview of ESXi Module 2: Introduction to vSphere and th e Software-Defined Data Center 17 2-4 Virtual Beans: Data Center Virtual Beans has a data center at its company headquarters. The company's goals are as follows: Use the latest version of vSphere. Create a cost-effective. leading-edge data center. Create a secure, scalable, high-performing, and highly available infrastructure. As a Virtual Beans administrator, you must decide how to implement these goals. But first, you must understand how a vSphere data center \VOrks. Create a vSphere infrastructure that follov1s VMware best practices. Open a second data center to seive as a backup site to the primary data center and to host new applications. 18 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-5 Lesson 1: Overview of vSphere and Virtual Machines Lesson 1: Overview of vSphere and Virtual Machines vmware· Module 2: Introduction to vSphere and the Software-Defined Data Center 19 2-6 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Explain basic virtualization concepts Desclibe how vSphere fits into the software-defined data center and the cloud infrastructure Desclibe how to proactively manage your vSphere environment 20 Module 2: Introduction lo vSphere and the Software-Defined Data Center 2-7 Terminology (1) Vlrtuahzation ts associated with several key concepts, products, and features. Term Oafin1t1on Examples OperatJng system Software designed to allocate physic<tl f8$.0Urces to epplrcatlons tvltcrosoft W ndows, Unux Application Software that runs on an operaung system, consuming physical resources Microsoft Office, Chrome Virtual 1nach1oe Specialized apphcat1on that abstracts hardware resources into software Guesl The operating sys!em that runs 1n a VM {also called lhe gue~t ope1abng system) M1croson Windows, Linux Hyperv15or Spec1aihzed operobng $Y$le:m des>gned to run V~'\s ESXi. W0tk.sta~JOn. Futnori Host Phys-1cal comput&rthat PfOYides l'esources to th& ESX1 h~i sor Module 2: Introduction to vSphere and the Software-Defined Data Center 21 2-8 Terminology (2) Term Oef1nn1on vSphere Setver vlrtuahzation product of VMware that combines the ESX1 hypefV1sor and the VCentef Server managemeotplatfonn Cluster Group or ESX1 hosts \Vhose rf!source$ are shared by VMs vSphere vMotion Feature that supports the migration of powered-on Vl\4s from host to host without service interruption Clust111r feature th.at protects against host hardware failur&S by restaning Vfi.tls on hosts thal are ruMJng normally vSphete HA \/Sphere DRS 22 Clus1er feature lhat uses vSphere vMobon to place VMs on hosls and ens1.ue that each. VM te.cerves I.he 1esources that It n6eds Module 2: Introduction to vSphere and the Software-Defined Data Center 2-9 About Virtual Machines A virtual machine (VM) is a software representation of a physical computer and its components. The vlrtualization software converts the physical machine and Its components Into files. Virtual Machine Components APP Guest operating system VM\vare Tools OS Virtual resources. such as: - CPU and memory - NetworK adapters - DisKs and controllers - Parallel and serial ports A virtual machine {Vivi) includes a set ofspccificaiion and configuration filc.s and is supported by the physica l resource.s ofa host. Every VM has virtual devices that provide the same functionality as physical hardware but are more portable, more secure, and easier to manage. Vl'vls typically include an operating system, appUcat ions, VMware Tools, and both virtual resources and hardware that you manage in much the same way as you manage a physical computer. VMware Tools is a bundle of drivers. Using these drivers, the guest operating system can interact efficiently with the guest hardware. VMware Tools adds extra functionality so that ESXi can better manage the VM's use of physica l hardware. Module 2: Introduction to vSphere and the Software-Defined Data Center 23 2-10 Benefits of Using Virtual Machines Physical machines: Difficult to move or copy Bound to a specific set of hardware Virtual machines: Easy to move or copy Independent of physical hardware because components VMs are encapsulated into files Often have a short life cycle Require personal contact to upgrade Isolated from other VMs running on same physical har.,,,are hardv1are Insulated from physical hardi.vare changes DATA VMware 0 111 I 0 ln a physical machine, the operating system (for example, Windows or Linux) is installed directly on the hardware. The operating system requires specific device drivers to support specific hardware. If the computer is upgraded with new hardware, new device drivers are required. If applications interface directly with hardware drivers, an upgrade to the hardware, drivers, or both can have significant repercussions if incompatibilities exi~1. Because of these potential repercussions, hands-on technical support personnel must test hardware upgrades against a wide variety of application suites and operating systems. Such testing costs time and money. Virtualizing these systems saves on such costs because VMs are l 00 percent software. Multiple VMs are isoltited from one tmother. You can have a database server and an email server rulllling on the same physical computer. The isolation between the VMs means that softwaredependenc)' confl icts are not a problem. Even users with system administrator privileges on a VM·s guest operating system cannot breach this layer of isolation to access another VM . These users must explicitly be granted access by the ESXi system administrator. As a result ofVM 24 Module 2: Introduction to vSphere and the Software-Defined Data Center isolation, if a guest operating system running in a VM fails, other VMs on the same host are unaffected and continue to run. A guest operating system failure does not affect access and perfo11nance: • Users can still access the other V1vfs. • The operat ional VJVls can access tbe resources that they need. • The otJ1er VJV!s can still perform. With VMs, you can consolidate your physical servers and make more efficient use of your hard\\rare. Because a Vfvl is a set ot" files~ features tl1at are not available or llOt as efficient 0 11 physical architectures are available to you, for example: • You can rapidly and consistently provision VMs. • \Vith VMs, you can use live migration, fault tolerance, high availability, and disaster recovery scenarios to increase uptime and reduce recovery time from failures. • You can use multitenancy to mix VMs into specialized configurations, such as a DM Z. \Vith VMs, you can support legacy appUcations and operating systems on newer hardware when n1ai11te11ance contracts 011 tl1e existing hard\\ are expire. 1 Module 2: Introduction to vSphere and the Software-Defined Data Center 25 2-11 Types of Virtualization Virtualization Is the pr~ss of creating a software-based representation of something physical, such as a server. desktop, network, or storage device. Virtualization is the single most effective way to reduce IT expenses while boosting efficiency and agility for an business sizes. • • 11111111 • 11111111 11111111 • 11111111 • • 11111111 • 11111111 11111111 • • • 11111111 t· I· 11111111 11111111 11111111 11111111 • • Server Virtualization Network Virtualization Storage Vlrtualization Desktop Virtuahzation Server virtualization addresses inefficiencies by allowing multipl e operating systems to run on a single physical server as VMs, each with access to the underlying server's computing resources. Network virtualization is the complete reproduction of a physical network in software. Applications run on the virtual network exactly as if on a physical network. Storage virrnaliuition is the process of creating a software-based representation of network storage devices into what appears to be a s ingle unit. By deploying desktops as a managed service, you can re.spond more quickly to changing needs and oppo1tu11itics. 26 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-12 About the Software-Defined Data Center In a software-defined data center (SODC), all infrastructure is vlrtualized, and the control of the data center is automated by software. vSphere is the foundation of the SOOC. ~Vi te Mono~ment OOUCI Dnd Automotioo Man.:.~nt Swrvte• Catalog Bu~if\(lU U~l!'t Elo <(}') v'1@a!l;ro lnfrat.ttuc;tu.fe St-11- S•tVtC:e Port•I VW"lu.al 0l)er<ilJ(Hi~ r vRe.:i!l:.e AulomaUO/\ 0 V"1W • rtt vSpl\!!"te S.ito flccovoty M.)n1>g!O'r t.ay~r / Phy&!c..'11 Socurit" Conunu1ty VMwMC vSAN l VMv1are NSX Cornpute LdVl.!'f I vSpt1e1tReplication 0 ~ NSX Mjcroo;•~t;itlon VJ1M!l70 Orc:l'll.'l~trator A so ftware-defined virtual data center (SDOC) is deployed with isolated computing. storage. neru orking, and secttrity resoltrces that are fitster than tl1e traditional, har(t\vare-based data center. 1 All the resources (CPU, memory, disk. and network) ofa software -defined data center arc abstracted in to files . This abstraction brings the benefits of virtuaJiz.at.ion at all levels of the infrastructure. independent of the physic;i J infrastructure. An SDDC can include the following components : • Service management and automation: Use service management and automation to track and analyze the operation of multiple data sources in the multiregioo SDDC. Deploy vRealize Operations Manager and vRcalize Log Ins ight across multiple nodes for continued availability and increased log ingestion rates. • Cloud management layer: This layer includes the service catalog, which houses the facilities to be deployed. The cloud management layer also includes orchestrat ion, which provides the Module 2: Introduction to vSphere and the Software-Defined Data Cente r 27 workflows to deploy catalog items, and the sel f-service portal for end users to access and use the SDDC. • Virtual infrastructure layer: This layer establisbcs a robust virtualized environment tbat all other solutions integrate with. The virtual infrastructure layer includes the virtualization platform for rhe hypervisor, pools of resources, and virmalization control. Additional pl'Ocesses and technologies build on the infrastructure to support Jnfrastructw·e as a Service (IaaS) and Platform as a Service (PaaS). • Physical layer: The lowest layer of the solution includes compute, storage, and network companents. • Security: Customers use this layer oftbe platfon11 to meet demandi.ng compliance rcquiremcnrs for virtual ized workloads and to manage business risk. 28 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-13 vSphere and Cloud Computing Cloud computing exploits the efficient pooling of an on-demand. sen-managed. and virtual infrastructure. BBB I • Private Cloud Public. Cloud As defined by the National Institute of Standards and Technology (NIST), cloud computing is a model for the ubiquitous, convenient, and on-demand network access to a shared pool of configurable computing resources. For example, networks, servers, storage, applications, and services can be rapidly provisioned and released with minimal management effort or little service provider interaction. vSphere is the foundation for the technology that supports shared and configurable resource pools. vSphere abstracts the physical resources of the data center to separate the workload from the physical hardware. A software user interface can provide the framework for managing and maintaining this abstraction and allocation. VMware Cloud Foundation is the unified SDDC platform that bundles vSphere (ESXi and vCenter Server), vSAN, and NSX into a natively integrated stack to deliver enterprise -ready cloud infrastructure. VMware Cloud Foundation discovers the hardware, installs the VMware stack (ESXi, vCentcr Server, vSAN, and NSX), manages updates, and performs li fecyclc management. Vtvfware Cloud Foundation can be self-deployed oo compatible hardware or preloaded by partners Module 2: Introduction to vSphere and the Software-Defined Data Center 29 and can be used in both private and public clouds (VM ware Cloud on AWS or VMware cloud providers). Use cases: • Cloud infrastructure: Exploit the high performance, avai labil ity, and scalabil ity of the SDDC to run mission-critical applications s uch as databases, web applications, and virtual desktop infrastructure (VDI). • IT automation: Automate infrastructure and application delivery with self-se rvice capabilities. • VD!: Provide a complete solution for VD! deployment at scale. It si1npli fies the planning and des ign with standardized and tested solutions fully optimized for VDT workloads. • Hybrid cloud: Build a hybrid cloud with a common infrastructure and a consistent operational model, connecting your on-premises and off-p ren1ises data center that is compatible, stretched, and distributed. T o find out more about VNlware cloud computing, go to http://wv.w.vmware.com/cloudcon1pt1t i 112/ 0\'Cl'\'ie\v .l1t111I . 30 Module 2: Introduction to vSphere and the Software -Defined Data Center 2-14 About VMware Skyline VMware Skyline is a proactive support technology that provides predictive analysis and proactive recommendations to help you avoid problems. VMware Skyline provides the following benefits: Issue avoidance; Personalized recommendations· - Proactively identifies potential issues based on environment-specific configuration1 details, and usage. - Resolution is specific to your environment No add~iona l cost -Resolves issues before they occur, improving enllironment reliability and stability. - You receive additional value with your current support subscription (Basic, Production, or Premier support). Shortens time to resolution: - Environment·specffic, data-driven analytics accelerate problem resolution. VMware Skyli ne shortens the time it takes to resolve a problem so that you can get back to business quickly. VMware Technical Support engineers can use VMware Skyline to view your environment's configuration and the specific, data-d1iven analytics to help speed up problem resolution. Module 2: Introduction to vSphere and th e Software-Defined Data Center 31 2-15 VMware Skyline Family The VMware Skyline ramily includes Skyline Health and Skyline Advisor. Skyline Hnalth Skyline Advisor All V~Aware Customer& Producbon and Premier Support Customers Key capabilities; \/Sphere and vSAN findlngs Key capabilities: Supports vSphere. vSAN. NSX for vSphere, vReatize Opetations fi..1anager. and VMware Avaitable in the \'Sphere Cfleot • SupportsvSphere 6 7 U1 and later H01izon SupportsvSphere 55 ;;ind loter Tags VMwi're Val1d.ated Oes.Jgn, VllRa1I, ~nd VMware Cloud Foundation deployments Automates log transfe1s w ith Log Assist Uses cloud-based ID and access Premier Support Customecs Key capabilities: Advanced f1nd1n9s and reporting • Tailored remedtahon plans \Vi th Basic Support. you can access Skyline findings and recommendatio ns for vSphcrc and vSAN by using Skyline Health in the vSpbere Client (version 6.7 and later). \Vith .Productio n o r Premier Support, you must use Skyline Advisor and the run functionality of Skyline (including Log Assist). 32 Module 2: Introduction to vSphere and the Software-Defined Data Center \Vith Premier Support, you receive additional Skyline features that are not available with Production Support. for example: • An advanced set of proactive findings and recommendations • Scheduled and custom operational summary reports that provide an overview of the proactive findings and recommendations • All additional benefits of Premier Support. including the following services: Designated support team Direct access to senior-level technical support engineers Assistance with multivendor troubleshooting Onsite support services, such as Mission Critical Support (MCS), Healthcare C1·itical Support (HCS), and Carrier Grade Support (CGS) Skyline supports vSphere, NSX for vSphere, vSAN, VMware Horizon, and vRealize Operations lvlanager. A Skyline management pack for vRealize Operations Manager is also available. lf you install this management pack, you can see Skyline proactive findings and recommendations within the vRealize Operntions Manager client. The identification and tagging of VxRail and VMware Validated Design deployments help you and VMware Technical Support to better understand and support multiproduct solutions. Skyline identifies all ESXi 5.5 objects within a vCenter Server instance and provides additional information in VMware lrnowledge base article 51 491 at https://kb.,•mware.cornlkb/514'> I. This article details the end of general support for vSphere 5.5. For versions ofvSphere, vSAN, NSX for vSphere, VMware Horizon, and vRealize Operations lvlanager that are supported by Skyline, see the Skyli ne Collector Release Notes at ht1ps:.//<loc.:s.\ ··n1v..arc.co11\. Module 2: Introduction to vSphere and the Software-Defined Data Center 33 2-16 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Explain basic virtualization concepts Desclibe how vSphere fits into the software-defined data center and the cloud infrastructure Desclibe how to proactively manage your vSphere environment 34 Module 2: Introduction lo vSphere and the Software-Defined Data Center 2-17 Lesson 2: vSphere Virtualization of Resources Lesson 2: vSphere Virtualization of Resources vmware· Module 2: Introduction to vSphere and the Software-Defined Data Center 35 2-18 Learner Objectives After completing this lesson, you should be able to meet the following objective: • Explain how vSphere interacts with CPUs, memory, networks, and storage 36 Module 2: Introduction lo vSphere and the Software-Defined Data Center 2-19 Virtual Machine: Guest and Consumer of ESXi Host 1 1111 D CPU 0 111 I 10001 .. ... ~ ~~ ' ' Memory Disk Network A virtual machine is an abstrnction in software of a physical machine. A VM turns components into files that act like physical components . For the list of all supported operating systems , see VMware Compatibility Guide at https://\V\\T\\ \'lll\\'are.co11llresot1rces/co111patibiIi tv. 1 • Module 2: Introduction to vSphere and the Software-Defined Data Center 37 2-20 Physical and Virtual Architecture Vlrtuahzation technology abstracts physical components into software components and provides solutions for many IT problems. Physical Arch itecture Virtual Architecture ESXi (Hypervisor li.64 Arehltcc:tutc x64 Architccture 10001 .. .... . You can use virtualization to consolidate and run multiple workloads as VMs on a single computer. The slide shows the di flcrences between a virtualized and a nonvirtualized host. In traditional architectures, the operating system interacts directly with the installed hardware. The operating system schedules processes to run, allocates memory to applications, sends and receives data on network interfaces, and both reads from and writes ro anached storage devices. In comparison. a virtualized host interacts with the installed hardware through a thin layer of soilware called the virtualization layer or hypervisor. The hypervisor provides physical hardware resources dynamically co VMs as needed to support the operation of the VMs. \Vith the hypcrvisor. VMs can operate with a degree of independence from the underlying physical hardware. For examp le, a VM can be moved from one physical host to anothcr. ln addition, itS virtual disks can be moved from one type of storage ro another without affecting the functioning of the VM. 38 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-21 Physical Resource Sharing Multiple VMs, running on a physical host, share the compute, memory, network, and storage resources of the host. I x64 ~ + Architecture i Physical Re!.OUfCff ~ o-O \Vi th virtua liiation, you can run multiple Vl\1s on a single physical host, with each VM sharing the resources of one physical computer across multiple environments. \/Nls share access to CPUs and are scheduled to run by the hypervisor. In addition, Vt.1s are assigned their own region of memory to use and share access to the physical network cards and disk controllers. Different Vlvls can run different operating systems and applications on the same physical computer. \I/hen multiple VMs nm on an ESXi host, each VM is allocated a portion of the physical resources. T he hypervisor schedules VMs like a traditional operating system allocates memory and schedules applications. These Vlvls n m on various CPUs. The ESXi hypervisor can also overcommit memory. Memory is overcommitted when your Vlv!s can use more virtual RAM than the physical RAM that is available on the host VMs, like applications, use network and disk bandwidth. However. VMs are managed with elaborate control mechanisms to manage how much access is available for each VM . With the Module 2: Introduction to vSphere and the Software-Defined Data Center 39 default resource allocation seuings, all Vl\1s associated with the same ESXi host receive an equal share of available resources. 40 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-22 CPU Virtualization In a physical environment, the operating system assumes lhe ownership of all the physical CPUs in the system. CPU virtuali:zation emphasizes performance and runs directly on the available CPUs. Virtual Archttectvre Phystcal Arehltecture GB 0 ~ . ·~ x64 Architecture DODD E 00 0000 11 x64 Architecture DODD The virlualization layer runs instructions only when needed to make VMs operate as if they were running directly on a physical machine. CPU virtualization is not emulation. \Vith a software emulator, programs can run on a computer system otl1er than the one for which !hey were originally written. Emulation provides portabi lity but might negatively affect perfonnance. CPU virtualization is not emulation because the supported guest operating systems are designed for x64 processors. Using the bypervisor the operating systems can run natively on the hosts' physical x64 processors. \Vhen many virtual VMs are running on an ESXi host, those VMs might compete for CPU resources. \Vhen CPU contention occurs, the ESXi host time slices the physical processors across all vinual machines so that each VM nms as if it had a specified number of virtual processors. Module 2: Introduction to vSphere and the Software-Defined Data Center 41 2-23 Physical and Virtualized Host Memory Usage In a physical environment, the operating system assumes lhe ownership of all physical memory in the system. Memory virtualizalion emphasizes performance and runs direcUy on the available RAM. Physical Virtual Archi t~ctu re x64 Architecture Ard\it~rc x64 Architecture looollooollooolloool looolJooollooo llooo I ....... ..... .. ··· ···· '''''' ' ! t i++•• • • • ••• • ''*''' ' • • ••••• \Vhcn an application starts, it uses the interfaces provided by the operating system to allocate or release virtual memory pages during the execution. Virtual memory is a decades-old technique used in most general-purpose operating systems. Operating systems use vi1tual memo1y to present more memory to applications than they physically have access to. Almost all modem processors have hardware to support virtual memory. Virtual memory creates a unifom1 virtual address space for applications. \Vi th t11e operating system and hardware, virtual memory can handle the address translation between the virtual address space and the physical address space. This technique adapts the execution environment to support large address spaces, process protection, file mapping, and swapping in modern computer systems. In a virtualized environment, the VMware virtualization layer creates a contiguous addressable memory space for the VM when it is started. The allocated memory space is configured when the VM is created and has the same properties as the virtual address space. IVith this configuration, the hypervisor can run multiple VMs simultaneously while protecting the memory of each Vl\1 from being accessed by otbers. 42 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-24 Physical and Virtual Networking Virtual Ethernet adapters and virtual sv1itches are key virtual networking components. Physical Architecture Virtual Architecture x64 Arehltoeturo x64 Architecture A VM can be configured with one or more viJ1u.~I Ethernet adapters. VMs use virtual s witches on the same ESXi host to communicate with one another by using the same protocols that are used over physical switches, witl1out the need for additional hardware. Virtual swi.tches also support VLANs that are co1npatibJe with standard VLAN implementat ions from other networking equipment vendors. \Vith V~1ware virtual networking. you can link local VMs together and link local VMs to the external network through a virtual switch. A virtual switch, like a physical Ethen1et switch, forwards frames at the dat:<I link layer. An ESXi host might contain multiple virtual switches. The vi11ual switch connects to the external network through outbound Ethernet adapters, called \01lnics. T he virtual switch can bind multiple vmnics together, like NIC teaming on a traditional server, offering greater availability and bandwidth to the VMs using the virtual switch. Vi11ual switches are similar to modem physical Ethernet switches in many ways. Like a phys ical switch, each virtual switch is isolated and has its own forwarding table. So every destination that Module 2: Introduction to vSphere and the Software-Defined Data Center 43 1he swilch looks up can match only poris on 1hc same virtual swi1ch where lhe frame originated. This feature imprtwes security, making ii difficult for hackers 10 break virtual swilch isolation. Virtual switches also supporl VLAN segmenta1ion a1 lhe port level, so thal each port can be configured as an access or trunk port. providi11g access to either single or multiple VLANs. However. unlike phys ical switchc.s, virtual swi1ches do not require the Spanning Tree Proiocol because a single-tier networking topology is enforced. Multiple virtual switches cannot be inlerconnecled. and nelwork traffic cannot Oow directly from one virtual swi1ch to another virtua l switch on the sanie host. Virtual switches provide all the ports that you need in one switch. Virtual switches do not need to be cascaded because virtual switches do not share physical Ethernet adapters, and leaks do not occur between virnial switches. 44 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-25 Physical File Systems and Datastores vSphere VMFS provides a distributed s torage architecture, \Vhere multiple ESXi hosts can read or write to the shared storage concurrenHy. V i.rt:ual Architeetu te Phys.le.al Atehitectore x64 Arc ite<:ture NTFS, ext4, UFS x64 Architecture x64 Architecture Sh.a.red Stota9e: VMFS. NFS. vSAN, vSphere V1rtu-al Volumes To store virtual disks, ESXi uses datastorcs, which are logical containers that hide the specifics of physical storage from VMs and provide a uniform model for storing Vl\1 files. Datastores that you deploy on block storage devices use the VMFS format, a special high-performance file system format that is optimized for storing virtual machines. VlvfFS is designed, constructed, and optimized for a virtualized environment. lt is a highpcrformance cluster file system designed for virtual machines. 1t functions in the following ways: • Uses distributedjounialing of its file system metadata changes for fast and resilient recovery if a hardware failure occurs • Increases resource usage by providing multiple VMs with shared access to a consolidated pool of clustered storage • Is the foundation of distributed infrastructure services, such as live migration of VMs and VM files, dynamically balanced workloads across available compute resources, automated restart of V!vls, and fault tolerance Module 2: Introduction to vSphere and the Software-Defined Data Center 45 VMFS provides an interface Lo storage resources so that several storage protocols (Fibre Channel, Fibre Channel over Ethernet, and iSCSJ) can be used to access datastores on which VMs can reside. \Vi th the dynamic growth of VMFS datastores through aggregation of storage resource.s and dynamic expansion of a VlvlFS datastore, you can increase a shared storage re.source pool with no dov.rnti1ne. With the disllibuted locking methods, VMFS forges the link between the VM and the underlying storage resources. VMs can use the unique capabilities of VMFS to join a cluster seamlessly, with no 111a11agen1e11t overl1ead. 46 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-26 GPU Virtualization GPU graphics devices optimize complex graphics operations. These operations can run at high performance without overloading the CPU. Virtual GPUs can be added to VMs for the following use cases: Rich 20 and 30 graphics VM\ltare Horizon virtual desktops Graphics-intensive applications, such as those used by architects and engineers Server applications for massivety parallel tasks, such as scientific computation applications You can configure VMs with up to four vGPU devices to cover use cases requiring multiple GPU accelerators. VMware supports AMO and NVIDIAgraphics cards. GPUs can be used by developers o f server applications. Although servers do not usually have monitors, GPU suppo1t is important and relevant to server virtualization. M odule 2: Introduction to vSphere and th e Softw are-Defined Data Cente r 47 2-27 Review of Learner Objectives After completing this lesson, you should be able to meet the following objective: • Explain how vSphere interacts with CPUs, memory, networks, and storage 48 Module 2: Introduction lo vSphere and the Software-Defined Data Center 2-28 Lesson 3: vSphere User Interfaces Lesson 3: vSphere User Interfaces vmware· Module 2: Introduction to vSphere and the Software-Defined Data Center 49 2-29 Learner Objectives After completing this lesson, you should be able to meet the following objective: • Recognize the user intelfaces for accessing the vCenter Server system and ESXi hosts 50 Module 2: Introduction lo vSphere and the Software-Defined Data Center 2-30 vSphere User Interfaces You can use the vSphere Client, PowerCLI, VMware Host Client, and ESXCLI to interact with the vSphere environment. For information on ports and protocols, see hltQ.l/oons.vmwre,com. • : • - VMware Host Client provides direct management of individual ESXi hosts. VMware Host Client is generally used only when management through vCenter Server is not possible. \Vith the vSphere Client, an HTlv!LS-based client, you can manage vCenter Server Appliance and the vCenter Server object inventory. Vlvfwarc Host Client and the vSphcre Client provide the following benefits : • Clean. modern UI • No browser plug-ins to install or manage • Integrated into vCenter Server and ESXi Module 2: Introduction to vSphere and th e Software-Defined Data Center 51 2-31 About VMware Host Client VMware Host Client is an HTML5-based user interface that you can use lo manage individual ESXi hosts direcUy when vCenter Server is unavailable. VMware Host Client is served from ESXi, and you access it from a supported browser at hnps:/IESXi_FODN_or_IP_Address/ui. https://sa-esxi-01.vclass.local/ ui Infrastructure • vSphere Site-A • I vmware· Esxr· VMware ESXi in the upper-left corner of the banner on the VMware Host Client interface helps you to differentiate VMware Host Client from other clients. 52 Module 2: Introduction lo vSphere and the Software-Defined Data Center 2-32 About vSphere Client The vSphere Client is an HTML5-base<I client You manage the vSphere environment with the vSphere c ,1ient by connecting to vCenter Server Appliance. You access the vSphere Client from a supported browser at https·/tvCenter_ Server_Appliance_FQDN_or_IP_Address/ui. vSphere Site-A • vSphcrc Client, which in the uppcr-lefl corner of tl1e banner on the vSphere Client interface, helps you differentiate vSpbere Client from other clients. \Vhen you use https://vCenter_Server_Appliancc_FQON_or_rP_Address/ui to access the vSphere Client, the URL internally redirects to port 9443 on your vCenter Server system. \'lith the vSphere Client, you can manage vCenter Server Appliance through a web browser, and Adobe Flex does not have to be enabled in the browser. Module 2: Introduction to vSphere and th e Software-Defined Data Center 53 2-33 About PowerCLI and ESXCLI PowerCU ls a command-line and scripting tool that is built on Windows PowerShell: Provides a PowerShell interface lo vSphere API • Provides more than 700 cmdlets for managing and automating vSphere The ESXCLI tool allows for remote management of ESXi hosts by using the ESXCU command set: ESXCLI can be downloaded from the VMware {code} page at https.//code.vmware com/web/tool/7 Olesxch. ESXCLI commands can be run against a vCenter Server system and target any ESX1system. You can install ESXCLT on a \l/indows or Linux system. You can run ESXCL£ commands from the \l/indows or Linux system to manage ESXi systems. For more information about ESXCL£, sec huns:i/codc.vmwarc.com, wchl tool/7.0lc'xch . For more information about PowerCLJ , see https:ilco<le. vmware.com/ webltooll l2 .0.0lvmwarepowercli. 54 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-34 Lab 1: Accessing the Lab Environment Log in to the student desl<top and access the vSphere Client and VMware Host Client: 1. Access the Student Desktop 2. Log In to an ESXi Host with VMware Host Client 3. Log In to vCenter Server with the vSphere Client Module 2: Introduction to vSphere and th e Softw are-Defined Data Center 55 2-35 Review of Learner Objectives After completing this lesson, you should be able to meet the following objective: • Recognize the user intelfaces for accessing the vCenter Server system and ESXi hosts 56 Module 2: Introduction lo vSphere and the Software-Defined Data Center 2-36 Lesson 4: Overview of ESXi Lesson 4: Overview of ESXi vmware· Module 2: Introduction to vSphere and the Software-Defined Data Center 57 2-37 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Desclibe the ESXi host architecture Navigate the Direct Console User Interface (DCUI) to configure an ESXi host Recognize user account best practices Install an ESXi host Configure ESXi host settings 58 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-38 About ESXi ESXi is a hypeivisor that you can buy with vSphere or get in a free, downloadable version. ESXi has the follo\v1ng features: High security: - Host-based firewall - Memory hardening - Kernel module integrity - Trusted Platform Module (TPM 2.0) - UEFI secure boot - Encrypted core dumps Small disk footprint Quick boot for faster patching and upgrades Installable on hard disks, SAN LUNs, SSO, USS devices, SD cards, SATADOM, and diskless hosts To ensure that your physical servers are supported by ESXi 7.0, check V.11ware Compatibility G11i<fe at https://\\l\\'\V., -111\\ are.con1/ resources!co111pat ibiIi tv. 1 You can obtain a free version ofESXi, called vSphere Hypervisor, or you can purchase a licensed version with vSphere. ESXi can be insta lled on a hard disk, a USB device, or an SD card. ESXi can also be insta lled on diskless hosts (directly into memory) with vSphere Auto Deploy. ESXi has a sma ll disk footprint for added security and re liability. ESXi provides additional protection with the following features: • Host-based fi rewall: To minimize the risk of an attack through the management interfoce, ESXi includes a firewall between the management interface and tbe network. • lvlemory hardening: T he ESXi kernel, user-mode applications, and executable components, such as drivers and libraries, are located at random, nonpredictable memory addresses. Combined with the nonexecutable memory protections made available by microprocessors, memory hardening provides protection that makes it di fficult for malicious code to use memory exploits to mke advantage of vulnerabilities. Module 2: Introduction to vS phere and the Software-Defined Data Cente r 59 • Kernel module integrity: Digital signing ensures the integrity and authenticity of modules, drivers, and applications as they are loaded by the VMkernel. • Trusted Platform Module: TPM is a hardware element that creates a trusted platform. This element a!lirms that the boot process and all drivers loaded are genuine. • UEFI secure boot: This feature is for systems that support UEFI secure boot firmware, which contains a digital certificate that the VMware infrastructure bundles (VIBs) chain to. At boot time, a verifier is started before other processes to check the VIB's chain to the certificate in the firn1\vare-. • Lockdown modes: This vSphere feature disables login and API functions from being executed directly on an ESXi host. • ESXi Quick Boot: \\lith this feature, ESXi can reboot without reinitializing the physical server BIOS. Quick Boot reduces remediation time during host patch or host upgrade operations. Quick Boot is enabled by default on supported hardware. 60 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-39 Configuring an ESXi Host The DCUI is a text-based user interface wtth keyboard-only interaction. I •.. --~·-·- - I___________••_.----·-·-~ You use the Direct Console User lnterfac·e (DCUI) to configure ce11ain settings for ESXi hosts. The DCUI is a low-level configuration and management interface, accessible through the console of the server, that is used primarily for initial basic configuration. You press F2 to start customizing system settings. Module 2: Introduction to vSphere and the Software-Defined Data Center 61 2-40 Configuring an ESXi Host: Root Access Administrators use the OCUI to configure root access settings: Set a root password (complex passwords only}. Enable or disable lockdown mode: - Limits management of the host to vCenter Server -Can be configured only for hosts managed by a vCenter Server instance 4*#i.,..,~.. ,......,l~ll"O ...••- v-~•-u.. """' ~ '"'-'tGol ~· ~, ... (..,,,....,._ The administrative user name for the ESXi host is root. The root password must be configured during the ESXi installation process. 62 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-41 Configuring an ESXi Host: Management Network Using the DCUI, you can modify nelWork settings: Host name IP configuration (IP address, subnet mask. default gateway) DNS servers _,lei-t --~ f'll!\IO'it 1e\t ""'~1 tll!1-k l'l!ti.orit Antorc Opt IOfO Conflgu-e~ 1f"Olblt:9ioot IRO Opt I MS YICM $vttCN L-OfP You must set up your TP address before your ESX i host is operational. By default, a DHCPassigned address is configured for the ESXi host. To change or configure basic network settings, )'OU use the DCUI. In addition to changing IP settings, you pcrfonn the following iasks from the DCUI: • Configure VLAN settings. • Configure 1Pv6 addressing. • Set custom DNS suffixes. • Restart the management network (without rebooting the system). • Test the management network (using ping and DNS requests). • Disable a management network. Module 2: Introduction to vSphere and the Software-Defined Data Center 63 2-42 Configuring an ESXi Host: Other Settings Using the OCUI, you can configure the keyboard layout, enable troubleshooting services, view support information, and view system logs. , ........... ~-4 i--...(.,., 1.,.. .. .,,..t.w'I . -·l ,, ~·--.. ..... ... -.--1. .... ,..... ,..,,.. o..11..... ~· r...11 ~ llU- ~1- '""' " vi.... .,,~• - l(JWI \'I• ..,.,_., lhf-11.., - ~Utl c..11-Mh"' <ti+ .... e!JM.ca .... a·-· ......... .._.. - r•~<Qt ..,., .... _ J .... .. . --.. lil.'.UI ..loo f l - From the DCUI, you can change the keyboard layout, view support information, such as tbe host's license serial number, and view system logs. The default keyboard layout is U.S. English. You can use the troubleshooting options. whicb are disabled by default, to enable or disable troubleshooting services: • vSphere ESXi Shell: For troubleshooting issues locally • SSH: For troubleshooting issues remotely by using an SSH client, for example, PuTTY The best practice is to keep troubleshooting services disabled until they are necessary, for example. when you are working with VMware technical support lo resolve a pwblem. By selecting the Reset System Configuration option, you can reset the system configuration to its so ftware defaults and remove custom exicnsions or packages thac you added to che host. 64 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-43 Controlling Remote Access to an ESXi Host You can use the vSphere Client to customize essential security settings that control remote access to an ESXi host The ESXi firewall is enabled by default: - The firewall blocks incoming and outgoing traffic, except for the traffic that is enabled in the host's firewall settings. Services, such as the NTP client and the SSH client, can be managed by the administrator. Lockdown mode prevents remote users from logging in to the host direcUy, The host is accessible only through the DCUI or vCenter Server. .... ,-.,.....,. ... ' O.w·-...--'°'"" ·~·-a .........·->-•· ~~Ul(M 1ls.-..o.i..- o-'°'-...-11eo1 ...... .,_ -·-· ,.,_. Flrew.'111 __ _ ·-........ r_c.,,...._ . c._._ · -....i· ,- - . . 1... ,........ ,.,,..... ....... ---Q .. " ~- ( ~~ ................ ~- -· "' ,.._ -~'C' An ESXi host includes a firewall as part of the default installation. On ESXi hosts, remote clients are typically prevented from accessing services on the host. Sin1ilarly, local clients are typically prevented from accessing services on remote hosts. To ensure the integrity of the bosL, few ports are open by default. To provide or prevent access Lo certain services or clients, you must modify the properties of the. firewall. You can configure firewall settings for incoming and outgoing connections for a service or a ma11agen1ent age11t. For so111e services, yoll can 111anage service details. For example, you can use the Start, Stop, or Restart buttons to change the status of a service temporarily. Alternatively, you can change the startup policy so that the service starts with the host or with port use. For some services. you can explicitly specify lP addresses from which connec.tions are allo~red. Module 2: Introduction to vSphere and the Software-Defined Data Center 65 2-44 Managing User Accounts: Best Practices When assigning user accounts to access ESXi hosts or vCenter Sel\ler systems, ensure that you follow these security guidelines: Strictly control root privileges to ESXi hosts. Create strong root account passwords that have a t least eight characters. Use special characters, case changes, and numbers. Change passwords periodically. Manage ESXi hosts centrally through the vCenter SeNer system by using the appropriate vSphere client. Minimize the use of local users on ESXi hosts: - Add the ESXi hosts to Active Director( and add the relevant administrator users to the ESX Adminsdomain group. Users in the ESXAdminsdomain group have root privileges on ESXi hosts, by default. - If local users are created, manage them centrally using the esxe l i command in the vSphere CLI. On an ESXi host, the root user account is the most powerful user account on the system. The user root can access all files and all commands. Securing this account is the most important step that )'OU can take to secure an ESXi host. \Vhenever possible, use the vSphere Client to log in to the vCenter Server system and manage )'Our ESXi hosts. In some unusual circumstances, for example. when the vCenter Server system is down, you use VMware Host Client to connect d irect!)' to the ESXi host. Although you can log in to )'OUT ESXi host through the vSphere CLI or through vSphere ESXi Shell, these access methods should be reserved for troubleshooting or configuration that cannot be accomplished by using VMware Host Client. If a host must be managed directly, avoid creating local users on the host. If possible, j oin the host to a \Vindows domain and log in with domain credentials instead. 66 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-45 ESXi Host as an NTP Client Network lime Protocol (NTP) is a client-server protocol used to synchronize a computer's clock to a time reference. NTP is important: . For accurate performance graphs • For accurate time stamps in log messages . So that virtual machines have a source to synchronize with An ESXIhost can be configured as an NTP • • I ~ client. It can synchronrze time with an NTP server on the Internet or your corporate NTP server. • . ESXi Host • I Th• NTP Client uses UDP over poet 123 to commu.nicate with the NTP se-rver. Network T ime Protocol (NTP) is an Internet standard protocol that is used to synchronize computer clock times in a uetwork. The benefit~ of synchronizing an ESXi host's time include: • Performance data can i>e displayed and interpreted properly. • Accurate tin1e stamps appear in log a1essitges, v.1hich 111ake altdit logs 111eanir1gful. • VMs can synchronize their time witl1 the ESXi host. Time synchronization is beneficial to applications. such as database applications. running on VMs. NTP is a client-server protocol. When you configure the ESXi host to be an NTP client, the host synchronizes its time with an NTP server, which can be a server on the Internet or your corporate NTP server. For information about NTP, see http:llwww.ntp.orn. For more information about timekeeping, see VMware knowledge base article 1318 at http://kb. vmware.comlkb/ IJ 18. Module 2: Introduction to vSphere and the Software-Defined Data Center 67 2-46 Demonstration: Installing and Configuring ESXi Hosts Your instructor will run a demonstration. 68 Module 2: Introduction to vSphere and the Software-Defined Data Center 2-47 Lab 2: Configuring an ESXi Host Use VMware Host Client to configure an ESXi host: 1. Add an ESXi Host to Active Directory 2. Log In to the ESXi Host as an Active Directory User 3. Enable U1e SSH and vSphere ESXi Shell Services Module 2: Introduction to vSphere and the Software-Defin ed Data Center 69 2-48 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Desclibe the ESXi host architecture Navigate the Direct Console User Interface (DCUI) to configure an ESXi host Recognize user account best practices Install an ESXi host Configure ESXi host settings 70 Module 2: Introduction lo vSphere and the Software-Defined Data Center 2-49 Virtual Beans: Data Center As a Virtual Beans administrator, you now understand essential vSphere terminology. Your initial takea\vays about vSphere are as follo\vs: vSphere is the starting point for building a software-defined data center. ESXi hosts are highly secure platforms on which Virtual Beans applications run. Check the VMware Compatibility Guide to ensure that yaur physical servers support ESXi 7 .0. Module 2: Introduction to vSphere and th e Software-Defined Data Center 71 2-50 Key Points Virtual machines are hardware independent. VMs share the physical resources of the ESXi host on which they reside. vSphere abstracts CPU, memory, storage, and netwot1<in9 for VM use. The ESXi hypervlsor runs directly on the host. Questions? 72 Module 2: Introduction to vSphere and the Software-Defined Data Center Module 3 Virtual Machines Module 3: Virtual Machines Module 3: Virtual Machines 73 3-2 Importance You can create a virtual machine in several ways. Choosing the correct method can save you time and make the deployment process manageable and scalable. 74 Module 3: Virtual Machines 3-3 Module Lessons 1. Creating Virtual Machines 2. Virtual Machine Hardware Deep Dive 3. Introduction to Containers Module 3: Virtual Machines 75 3-4 Virtual Beans: Virtualizing Workloads Virtual Beans uses internally developed applications that run in an environment with Windows and Linux systems. Virtual Beans requires that 100% of their workloads be virtualized: • Business-critical applications • Nonbusiness-critical applications In addttion. Virtual Beans application developers are creating and testing a new order-fulfillment system based on container technology. As a Virtual Beans administrator, you must familiarize yourself with the components of a virtual machine and lhe virtual devices that are supported. You also want to learn about containers because future applications will use this technology. 76 Module 3: Virtual Machines 3-5 Lesson 1: Creating Virtual Machines Lesson 1: Creating Virtual Machines vmware· Module 3: Virtual Machines 77 3-6 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Create and provision a virtual machine Desclibe how to import a virtual appliance OVF template Explain the importance of VMware Tools Install VMware Tools 78 Module 3: Virtual Machines 3-7 About Provisioning Virtual Machines You can create VMs in several ways: Use the New Virtual Machine wizard to create a single VM using: - The vSphere Client - VM\vare Host Client Use the vSphere Client to deploy VMs in the following formats: - Ne\v V"'~s from existing templates or clones - VMs, v!rtual appliances, and vApps stored in OVF formal The optimal method for provisioning VMs for your environment depends on factors such as the. size and type of your infrastn1cture and U1e goals that you want to achieve. You can use the New Virtual Machine wizard to create a single VM i f no other VMs in your environment 111eet your require1neots, such as a particular ope111ting system or hard,vare configuration. For example, you might need a \/~1 that is configured only for testing purposes. You can also create a single VM, install an ope.rating S) s te1n on it, and use that VM as a te.n1plate from which to clone other VMs. 1 Deploy VMs, virtual appliances, and vApps stored in Open Virtual ~1achine Format (OVF) to use a preconfigured VM. A virtual appliance is a VM that typically has an operating system and other software preinstalled. You can deploy VMs from OVF templates that are on local file systems (for example, local disks such as C:), removable media (for example, CDs or USB keychain drives), shared network drives, or URLs. In addition to using the vSphere Client, you can also use Viviware Most Client to create a VM by using OVF files. However, several limitations apply when you use VMware Host Client for this Module 3: Virtual Machines 79 deployment method. for information about OVF and OVA limitations for the VMware Host Client, see vSphere Single Host 1Ha11age111e111 - VMware Hosr Cliell/ at hllps://docs. vmware.comlen!V M ware-vSphcre17 .0/com. vmware. vspherc.hostclicnt .doc/GU ID509C I2B2-32 F2-1928-B8 I B-DE87C7B2A5F6.html. 80 Module 3: Virtual Machines 3-8 Creating VMs with the New Virtual Machine Wizard (1) You can use the Ne\v Virtual Machine \Vizard in the vSphere Client to create a VM. o ...... ~....-. lll~"°"'l .....t........, r::Jt4~-oOI 1-............ -·· i - , 1,.~ ·~ · (•.....,.. ....f f - C..-·--- •• - - _ _ 1 ,_.,_, 1M-.. ._ - , ... u.to-..i• •Wt.._,,,,., c..c...,,.,....,_ ..... _ . _.. 1111 c.- ....."'''"0 ...,_.....,,... J C - . . ...._ O>l+Wlwilm.kl-10..,,....... I _ , lo.._.f'#'• °""""' - -- ~--·! to_.._ ~·--- ... Module 3: Virtual Machines 81 3-9 Creating VMs with the New Virtual Machine Wizard (2) You can use the Ne\v Virtual Machine \Vizard in VMware Host Client to create a VM. ti·_. _ _...._ ••• •1~r••nw!U(""• _ .. ,....... ......... ..... ,,. ~ ~ "'"""""'" .. ,_ .. .. ) S.IK1 I tlllflt •nd pat OS ......,_ ••••• cs: ~(:--- _..._,,,._ _ _ _ po_ .. ,..._ -- _.,,,., _._............. ..." _ _ _ _ ...,..._ f b l - .... ~------.....·"""'"' -~- -·..us·- The New Virtual Machine wizard prompts you for standard information: • The VM name If using the vSphere Client, you can also specify the folder in which to place the VM. • The resource on which the VM runs If using VMware Host Client, you create the VM on the host that you are logged in to. If using the vSphere Client. you can specify a host, a cluster, a vApp, or a resource pool. T he VM can access th.e resources of the selected object. • The datastore oo which to store the VM.'s files Each datastore might have a different s ize, speed, availability, and other properties. T he available datastores are accessible from the destination resource that you select. • 82 The guest operating system to be installed into the Vt-1 Module 3: Virtual Machines • T he number of NI Cs, the network to connect to, and the network adapter type • Vi1111al disk provisioning choice Module 3: Virtual Machines 83 3-10 New Virtual Machine Wizard Settings VM configuration settings are based on prior choices that you made about the operating system. - - - - - YVI t(lj)llt.t...._inot_ Custornll:• settings c...,.,._.,.._.,_,,_.,,_....,,.. _,.._ • ,,,_"O' • l_ _ !!'!!'.!!!!!:!. w- 2,,.,-- - - - - a:~-• Q Cl'\I ~ · ·~ 6. • ;,J'"""'eo*' U • D.sc:t~I Q $4fA~0 Clluh--• .... · ·-~· . '°'°"°°"'" ' ( 84 Module 3: Virtual Machines ,... • ~· w ~-- ~ --LSIJ I ""~- 3-11 Installing the Guest Operating System Installing a guest operating system in your VM Is similar to installing it on a physical computer. (· --~ " lrUUlllng W~O<Nts.. .." .. - IOo'I -e~ 6tj!(-, V..... OOf!IPlo(d .,II!'"'_,.~""-~ d\llt"f llo;ft\ . . Uoe WOl- ~· ,/ ..... ' ~W........,.~ IN M\o .,~ • - ~-- ~- C) To install the guest operating system, you interact with the VM through the VM console. Using the vSphere Client. you can attach a CD, DVD, or !SO image containing the installation image to the virtual CD/DVD drive. On the slide, the \'lindows Server 2008 guest operating system is being installed. You can use the vSphere Client to install a guest operating system. You can also install a guest operating system from an ISO image or a CD. Installing from an ISO image is typically foster and more convenient than a CD installation. For more information about installing guest operating systems, see 11Sphere Virtual 1\1acl1ine Ad1ninistration at l1tt11s://docs. \'fl1\vare.con1ienf\lMv.1arevSpherel7.0icom. vmware.vsphere.vm admin.doc 1GUID-55238059-912E-4 I I F-AOE9A7 A5369 72A9 I.html. For more about the supponed guest opernting systems, see Vi\1ware Compatibility Guide at https:/i\VVl\V. \ '1t1\\ are.co111lresources/con1pat ibiIi ty. 1 Module 3: Virtual Machines 85 3-12 Deploying OVF Templates You ean deploy any VM or virtual appliance stored in OVF format. Virtual appliances are preconfigured VMs: They are usually designed for a single purpose. • They are also available from VMware Solution Exchange. ·- ..... .. it kill!! I E -.........___ _...__ __ ____......_..__···- -----.. _ ..,.,. _ ..., ._-.._ - ·---·--···-·___, ,.. ·~ ··--- ···-·- ...-.... -· ·- ---··.·--.....-_ ....-..--. ___..-.. ·-·-,_- -----·-~... ___ ...~ -.· .. • ~ __ ---- • ........ -----..... -............. .. -...... • ~ ~·-__ , ... .·-· ---&,! - - -- ---'=~'-"''--"-"'I • - 11111 ·- A virtual appliance is a preconfigured Vl\1 that typically includes a prcinstal lcd guest operating system and other software. A virtua l appliance is usually designed for a specific purpose, for example, to provide a secure web browser. a firewall. or a backup and recovery utility. A virtual appliance can be added or imported to your vCenter Server system inventory or ESXi inventory. Virtual appliances can be impo1ted from websites such as the Vr-4ware Virtual Appliance Marketplace at https:l/marketplace. vmwarc.coniivsx/. Virtual appliances are deployed as OVF templates. OVF is a platform-independent, efficient, extensible, and open packaging and distribution fonnat for VMs. OVF files are compressed, resulting in faster downloads. The vSphere Client validates an OVF ti le before importing it and ensures that it is compatible with the intended destination server. If the appliance is incompatible with the selected host, you cannot import it. 86 Module 3: Virtual Machines 3-13 About VMware Tools VMware Tools is a set of features that enhance the performance of a VM's guest operating system. Benefits and features include: Device drivers - SVGA display - VMXNETNMXNET3 - Balloon driver for memory management - Sync driver for quiescing 110 Increased graphics performance Improved mouse performance Guest OS heartbeat seNice Time synchronization Ability to shut down the VM VMware Tools improves management of the VM by replacing generic operating system drivers with VMware drivers tuned for virtual hardware. You install VMware Tools into the guest operating system. When you install VMware Tools, you install these items: • The Vl\1ware Tools service: This service synchronizes the time in the guest opera1ing system witl1 the time in the host operating system. • A set of VMware device drivers, with additional Perfmon monitoring options. • A se1 of scripts that helps you alllomate guest operating system operaiions: You can configure 1he scripts to run when the Vivi's power state changes. VMware Tools enhances 1he performance of a VM and makes many of the ease-of-use features in VMware products possible: • Faster graphics performance and \Vindows Aero on operating systems that suppo1t Aero • Shared folders between host and guest file systems Module 3: Virtual Machines 87 • Copying and pasting text, graphics, and files between the virtual machine and the host or client desktop • Scripting that helps automate guest operating system operations Although the guest operating system can run without VMware Tools, many VMware features arc not available until you install V~>fwarc Tools. For example, if VMware Tools is not installed in your VJ'vl, you canoot use the shutdown or restart options from the toolbar. You can use only the power options. 88 Module 3: Virtual Machines 3-14 Installing VMware Tools Ensure that you select the correct version or VMware Tools for your guest operating system. To find out which VMware Tools ISO images are bundled with vSphere 7, see the vSphere 7 Release Notes. The method for installing VMware Toots depends on the guest operating system type. Guest Operating System VMware Tooli; Installation Method l\lp• Microsoft Windows install from .,.,.indows . i so for Vista and tater guests. Linux To 3llow vSphere to man~ge the jnstalfatlon, lnst;in from l inux . i so To allow the guest OS to manage the 1nsta11a11on. use o pe r)- Vfn- tools . available 1n vauous Linux package m.lnagement systems, such .as yum. ilpt, or rpm MacOS tn~tall Solaris Install hom solar is . i so for Solans versions 10 and la!er from d ar.r.•in . i so for Mac OS X versions 10 11 and latef For more information about using Open Vl\1 tools, sec VMware Tools User Guide at https:l/docs. \llllV\ra re .comleni\l M\vare-Toolslindex .ht1nl. Module 3: Virtual Machines 8 9 3-15 Downloading VMware Tools You can download a s pecific version of VMware Toots from the VM\vare vSphere product download page. .._ _-·-- - - - .._ .. CL ••• -- ______. ___ -...--.. . --·----··- --·.. ----~ ·~-- Get Your vSphere License l<ey ....._... -- la -----··---·--..--·-----------·-------.... -- - I --· . 90 '° . ,. _.._ Module 3: Virtual Machines -- 3-16 Labs Lab: Creating a Virtual Machine Lab: Installing VMware Tools Module 3: Virtual Machines 91 3-17 Lab 3: Creating a Virtual Machine Use VMware Host Client to create and delete a virtual machine: 1. Create a Virtual Machine 2. Delete the Virtual Machine 92 Module 3: Virtual Machines 3-18 Lab 4: Installing VMware Tools Use VMware Host Client to install VMware Tools into an existing Windows VM: 1. Power On and Open a Console to the VM 2. Install VMware Tools Module 3: Virtual Machines 93 3-19 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Create and provision a virtual machine Desclibe how to import a virtual appliance OVF template Explain the importance of VMware Tools Install VMware Tools 94 Module 3: Virtual Machines 3-20 Lesson 2: Virtual Machine Hardware Deep Dive Lesson 2: Virtual Machine Hardware Deep Dive vmware· Module 3: Virtual Machines 95 3-21 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify the files that make up a VM Compare VM hardware versions Recognize the components of a VM Navigate the vSphere Client and examine VM settings Identify methods for accessing a VM console Identify virtual network adapters, including the enhanced VMXNET3 Distinguish between types of virtual disk provisioning 96 Module 3: Virtual Machines 3-22 Virtual Machine Encapsulation vSphere encapsulates each VM Into a set of VM files. VM files are stored in directones on a VMFS, NFS, vSAN, or vSphere Virtual Volumes datastore. VM1 8B 0 VM2 "" t=j 0 o~~5tore: VM.F$, NFS, vs•tt. or VM3 ~ ~eVbl~I Volu~ . 0 vSphcre encapsulates each VM into a few files or objecis, making VMs easier to manage and migrate. The fi les and objects for each VM are stored in a separate folder on a datastore. Module 3: Virtual Machines 97 3-23 About Virtual Machine Files A VM Includes a set of related files. ~ El r I D ~ V M Folder • COnti9'1'0ttlon tile VM_naMt,VMX Swapflte5 VM- l\ill'l'l9.V'5-WP BIOS file vmx •VM_ nMl'llt.V5WP VM _n.ame.nvr.tm Log filf>~ 'lmwe1•~ T•MPl~t• conf'~•Uon 11i. VM_NfN ,VlttU( Disk dOKtlplor tll• Disk dat.1 file VM_M!'M.llmdk VM.,.name• fl.21.vmdlc VM_rn1me-•.vnus Suspend mite file The slide lists some of the files that make up a Vivi. Except for the log files, the name of each file starts with the Vivi's name <VM_name>. A Vivi consists of the following files: • A configuration file (. vmx). • Swap files ( . vswp) used to reclaim memory during periods of contention. • A file conta ining the Vivi's BIOS settings ( . nv ram). • A VM's current log file ( . log) and a set of files used to archive old log entries( -# . l og). In addition to the current log file, vmware. log, up to six archive log files are maintained at one time. For example, -1 . log to -6 . log might exist at first. The next time an arcbive log fi le is created, for example, when the VM is powered off and powered back on, the following actions occur: The - 6 . log is deleted, the - 5. log is 98 Module 3: Virtual Machines recalled to - 6 . l og, and so on. Finally, the previous vmware . log is recalled to the l . log. • One or more virtua l disk files. T he first virtua l disk has files VM name . vmdk and VM name - flat . vmdk. lfthe VM has more tlrnn one disk file, the file pair for the subsequent disk fi les is called VM_ name_# . vmdk and VM_name_ #-flat . vmdk. # is the next number in the sequence, starting with I. For example, if the VM called TestOI bas two virtual disks, this Vl\1 has the TestO l . vmdk, TestOl-flat . vmdk, Te stOl _ l . vmdk, and TestOl_ lflat. . vmdk files. • If the Vl\1 is converted to a template, a VM template configuration file (. vmtx) replaces che Vivi configuration file (. vmx). A VM ccmplate is a masrer copy of the Vl\1 . The list of files shown on the slide is not comprehensive. For a complete lisc o f all the types of VM files, see v.Splzere Virt11al Mt1cl1i11e Atl111i11ist1·c1tio11 at https://llc>c~. \·m\\'arc.com/cnN \4 \varc .. vSphcrci7.0lcom.vmwarc.,sphcrc. vm admin.cloc/GUID·55238059·912h-4 11 F-AOE9A 7 A5J6972A9 I .html. Module 3: Virtual Machines 99 3-24 About VM Virtual Hardware A VM uses virtual hard\vare. UI> to) Pill'illkll Port' l IOE- COntrollt:f • Device$ UP«>JZ ~neoveo.... PurtJ Upto4~5ATA<:on~. 30 oewe' pw<:on1ro1w 1 us• m t use Controller 20 bcvices " VI) lO iO K'ICt Vlrtva1 Machine UP to• MIMe M$1tcrs 15 °fbl'Q¢ti; f!CI° ~lllCf .... Up to• SCS.l ~pti!rt C>4 De'YKn pe!" ,\Col)(ff 6 T8 d RAM (PVSCSI Only) Up .. , , , " " " ' D :r) ' Vit'IWI OiiskS. \10 «>62 T8 Each guesl OS secs ordinary hardware devices. The guest OS docs nol know rhal these devices arc virtual. All VMs have uniform hardware, except for a few variations that the system administrator can apply. Unifo1111 hardware makes VMs portable across VMware vittualization platfonns. You can configure Vtvt memory and CPU SCltings. vSphere supportS many of rhe larest CPU features, including virtual CPU perfonnance counters. You can add virtual hard disks and NI Cs. You can also add imd configure virtual hardware, such as CD/DVD drives, and SCSI devices. Not all devices are available io add and configure. For example, you cannor add video devices, but you can configure available video devices and video cards. You can add multiple USB devices, such as security dongles and mass storage devices, to a VM that resides on an ESXi host to which the devices are physically attached. \\/hen you attach a USB device to a physical hos!, the device is available only to VMs that reside on that host. Those \/1vls cannot connect to a device on anorher host in the data center. A USB device is available to only one VM at a time. \Vhcn you remove a device from a VM, ii becomes available to Olhcr VMs that reside on the host. 100 Module 3: Virtual Machines You can add up to 16 PC[ vSpherc DirectPath 110 devices LO a VM. The devices must be reserved for PCl passthrough on tbe host on which the VM runs. Snapshots are oot supported with vSpbere Direct Path 1/0 pass-through devices. The SATA cootroller provides access to virtual disks and CD/DVD devices. The SATA virtual controller appears to a virtual machine as an AHCI SATA controller. The Virtual Machine Communication Interface (VMCT) is an infrastructure that provides a highspeed communication channel betweeo a VM and the hypervisor. You cannot add or remove VMCI devices. The Vl\fCl SD K facilitates the development of appl.ications that use the VMC l infrastructure. \l/ithout VMCl, VMs communicate witl1 the host using the network layer. Using the network layer adds overhead to the communkation. With VMCI, communication overhead is minimal and tasks that require communication can be optimized . VMCI can go up to nearly 10 Gbit/s with 128 K sized queue pairs. The following types of communication are available: • Datagrams: Connectionless and similar to UDP queue pairs • Connection oriented: Similar to TCP VMCI provides socket AP ls that are similar to A Pis that are used for TCP/UDP applications. IP addresses are replaced with VMCJ ID numbers. For example, you can port nctpcrf to use VMCI sockets instead of TCP/UDP. VMCI is disabled by default. For more information about virtual hardware, sec vSphere Virtual 1Wachi11e Administration at https://docs. vmwarc.com/cn, VMwarc-vSphcrci7 .O/com. '111warc. vsphcrc.\'lll ad min.doc/GU IJ). 55238059-91 ZF.-4 I I F-AOE9-A 7i\536972/\91.html. Module 3: Virtual Machines101 3-25 Virtual Hardware Versions The virtual hardware version, or VM compatibility level, determines the operating system !unctions that a VM supports. Do not use a later version that fs not supported by the VM\vare product. Compatlb!ltty V1rrua1 Hardware Version ESXl70 17 ESX16 7 U2 aod later 15 ESXi 6 7 and later 14 ESX1 6.5 an<l la:er 13 ESXI 6 0 and later 11 Virtual hard\vare ve1s1ons 12 and 16 are specific to Wotksrat!oo and Fus,on Pro. Each release of a Vrvtwarc product has a corresponding VN! hardware version included. The table shows the latest hardware version that each ESXi version supports. Each VM compatibility level supports at least five major or minor vSphere releases. For a complete list of virtual machine configuration max imums, see VMware Configuration l\ll~lXilTIUOlS at ht1JJS://confi l!nla'i.. \'lTI\Ali.\re.com. 102 Module 3: Virtual Machines 3-26 About CPU and Memory You can add. change. or configure CPU and memory resources to improve VM perfonnance. The maximum number or virtual CPUs (vCPUs) that you can assign to a VM depends on the following factors: • The number of logical CPUs on the host • The type of installed guest operating system A VM running on an ESXi 7.0 host can have up to 256vCPUs. The maximum memory size of a VM depends on the VM's compatibility setting. The maximum memory size of a VM with ESX1 7.0 compatibility running on ESXi 7 .0 is 6 TB. You size the VM's CPU and memory according to the applications and the guest operating system. You can use the multicorc vCPU fcarurc tO control the number o f cores per virtual socket in a VM. \Vith this capability, operating systems with socket restrictions can use more o f the host CPU's cores, increasing overall performance. A VM cannot have more virtual CPUs than the number oflogic.al CPUs on the host. The number of logical CPUs is rhc number of physical processor cores, or hvicc rhat number if hype1thrc.ading is enabled. For example. ifa host has 128 logical CPUs, you can configure 1J1e VM for 128 vCPUs. You C<ln set most of the memory pai:ameters during VM cre;Jtion or after the guest operating system is insta lled. Some actions require that you power off the VM before changing the settings. The memory resource setti ngs for a VM dcrcnn.ine how much of the hosr's memory is allocated to tbe VM. Module 3: Virtual Machines103 The virtual hardware memory size dctem1ines how much memory is available to applications that run in the VM. A VM cannot benefi t from more memory resources than itS configured virtual hardware memory size. ESXi hosts limit the memory resource use to the maximum amount useful for the VM so that you can accept the default of unli1nit.ed memory resources. You can reconfigure the amount of memory allocated to a VM to enhance perfonn<mce. Maximum memory size for a VM depends on the VM's compatibility setting. 104 Module 3: Virtual Machines 3-27 About Virtual Storage Virtual disks are connected to virtual storage adapters. The ESXi host offers VMs several choices in storage adapters: BusLogic Parallel LSI Logic Parallel LSI Logic SAS VMware Paravirtual SCSI AHCI SATA controller Virtual NVMe Storage adapters provide connectivity for your ESXi host to a specific storage unit or network. ESXi supports different classes of adapters, including SCSI, iSCS I, RAID, Fibre Channel, Fibre Channel over Ethernet (FCoE), and Ethernet. ESXi accesses the adapters directly through device drivers in the VMkernel: • BusLogic Parallel: The latest Mylex (BusLogic) BT/KT-958 compatible host bus adapter. • LSI Logic Parallel: The LSI logic LS153C!Oxx Ultra320 SCSI 1/0 controller is supported. • LSI Logic SAS: The LSI Logic SAS adapter has a se.rial interface. • VMware Parnvirtual SCSI: A high-pe1fonnance storage adapter that can provide greater throughput and lower CPU use. Module 3: Virtual Machines105 • AHCI SATA controller: Provides access to virtual disks and CD/DVD devices. The SATA virtual controller appe<1rs to a Vlvl as an AHCI SAT A controller. AHCI SATA is available only for VMs with ESXi 5.5 and later compatibility. • Virtual NVMe: NV/vie is an Intel specification for attaching and accessing t1ash storage devices to the PCI Express bus. NVl\1e is an alternative to existing block-based server storage 110 access protocols. 106 Module 3: Virtual Machines 3-28 About Thick-Provisioned Virtual Disks Thick provisioning uses all the defined disk space at the creation of the virtual disk. VM disks consume alt the capacfty, as defined at creation, regardless of the amount of data in the guest operating system file system. Thick-provisioned disk types are eager zeroed or lazy zeroed: In an eager-zeroed thick-provisioned disk, every block is prefilted with a zero. In a lazy.zeroed thick~ p rovisioned disk, every block is filled with a zero when data is wntten to the block. El Host ! 0 •' 111 I ""'' 20GB .,......... ~ In a lazy-zeroed thick-provisioned disk, space required for tl1e virtual disk is allocated during creation. Data remaining on the physical device is not erased during creation. Later, the data is zeroed out on demand on first write fi'om the VM. This disk type is the default. In an eager-zeroed thick-provisioned disk, the space required for the virtual disk is allocated during creation. Data remaining on the physical device is zeroed out when the disk is created. Module 3: Virtual Machines107 3-29 About Thin-Provisioned Virtual Disks El El With thin provisioning, VMs use storage space as needed: Virtual disks consume only the capacity needed to hold the current files. Host • The VM always sees lhe full allocated disk size Run the umnap command to reclaim unused space from the array. Reporting and alerts help manage allocations and capacity, You can mix thick and thin formats. More efficient use of storage, for example: Provisioned space for virtual disks: 140 GB Available datastore capacity: 100 GB Used datastore capacity: 80 GB .: I.___....._.....I 111 ""'' 0 48 """"' 0 1$11:$. 0 : 111 ..... -- --- .. •' Thin 80GB --- -- . ·-- ----- ~ ~------ • • A thin-provisioned disk uses only as much darasrore space as the disk initially needs. If the thin (iisk i1eeds inore space later, it ca11 expar~(i to tJ1e n1axin1ltm capacity alloc-ated to it. Thin provisioning is o ften used with storage array dcduplication to improve storage use and to back up VMs. Thin provisioning provides alarms and reports that track allocation versus current use of storage capacity. Storage administrators can use thin provisioning to optimize the a llocation of storage for virtual en,•ironments. \'lith thin provision ing, users can optimally but safely use available storage space through overallocation. 108 Module 3: Virtual Machines 3-30 Thick-Provisioned and Thin-Provisioned Disks Virtual disk options differ in terms of creation time, block allocation, layout, and zeroing out of allocated file blocks. Stow and propottJon.aJ to disk s12e fully preallocated Fully preallocated Allocated and zeroed oul on demand at (1Tst wnte to bloek. Hlg.her c;hance of H1ghet ctlanceof con11guous contiguous file blocks file block.s Layout vanes acc<xdlng to the dynamic state of 1he volume at time or bloclk allocation file bloieks are zeroed out when each block is f.rst File blocks are allocated and zeroed out when disk. IS Ft!e bJocks are zeroed out when blocks are allocated created Module 3: Virtual Machines109 3-31 About Virtual Networks VMs and physical machines communicate through a virtual network. When you configure networking for a VM, you select or change the following settings: Network adapter type Port group to connect to Network connection state Whelherto connect to lhe network when the VM powers on For more information about virtual networks, sec vSphere Networking at https:l/docs. \llll\\ra re .comleni \l M\vare-\o·Snhere/7.()/co111.\tJll\\' a re. \rspl1ere.net\\r(1rkinu:.<foc/(i UI035 B40BOB-OC I3-13B2-BC85-J8C9C9 I BE204.hh11I. 110 Module 3: Virtual Machines 3-32 About Virtual Network Adapters When you configure a VM, you can add network adapters (NICs) and specify the adapter type. Whenever possible, select VMXNET3. Nctworl< Adaptor Typo Dcscnpbon E1000.E1 OOOE Emulate<I version of an Intel G19ab1t Ethernet NIC, with drivers availab.e 1n mos• newer guest operatrng systems VMXNET3 Flex.Ible SR-IOV pass-through Available only with VMware Tools can runcflon as either a Vianee or VMXNET adapter AflO\VS VM a.nd physical adapter to exchange data without using the VMkernel as an Intermediary Allows VM access to physfeal PCI netv1ortc functions on platforrns with an 1/0 memory management unit vSphere DirectPalh VO PVRDMA ParaVirtualt?ed device that provides Improved virtual devtce perlormanc& It prOYi.dos an ROMA-like interface fo< vSphere guests. The types of network adapters that are available depend on the following factors: • VM compatibility level (or hardwMe version), which depends on the host that created or most recently updated it. f'or example, the VMXNET3 virtual NfC requires hardware version 7 (ESX/ ESXi 4.0 or later). • \l/hether the VM compatibility is updated to the latest version for the current host. • Guest operating system Module 3: Virtual Machines111 The following NIC types are supported: • E IOOOE: Emulated version of the lotel 82574 Gigabit Ethernet NIC. E lOOOE is the default adapter for \Vindows 8 and \Vindows Server 20 12. • E l 000: Emulated version of the lntel 82545EM Gigabit Ethernet NlC, with drivers available in most newer guest operating systems, including \Vindows XP and later and Linux versions 2.4. 19 and later. • Flexible: ldentifie.s itself as a Ylance adapter when a YM s tarts, but initializes itself and functions as e ither a Ylancc or a VMXNET adapter. depending on which driver initializes it. \Vi th \ rM ware Tools insialled, the YMXNET driver changc.s the Vianee adapter to the higher performance YMXNET adapter. • Ylance: Emulated version of the AMD 79C970 PCnet32 LANCE NIC, an older 10 Mbps NIC with drivers available in 32-bit legacy guest operating systems. A VM configured with this network adapter can use its network immediately. • YMXNET2 (Enhanced): Based on the VMXNET adapter but provides bigh-perfon11ance features commonly used on modern networks, such as jumbo frames and hardware offloads. VMXNET2 (Enhanced) is available only for some guest operating systems on ESX/ESXi 3.5 and later. It is not supported for ESXi 6.7 aod later. • YMXNET3: A paravirtualized NIC designed for perfonnance. YMXNET3 offers all the features available in YMXNET2 and adds several new features, such as multiqucue support (also known as Rece ive Side Scaling in \V indows), fPv6 oflloads, and MSl/MSJ-X interrupt delivery. • SR-IOY pass-through: Represen~1tion ofa virtual function on a physical NIC with SR-JOY support. T his adapter type is suitable for VMs that require more CPU resources or where latency might cause failure. If VMs arc sensitive to network delay, SR-IOV can provide direct access to the virtual functions of supported physical NlCs, bypass ing the virtual switches and reducing overhead. SR-IOY pass-through is available in ESX i 6.0 and later for Red Hat Enterprise Linux 6 and later, and Windows Server 2008 R2 with SP2. An operating system release might contain a default virtual function driver for certain NICs. For others, you must download and install it from a location provided by the NIC or host vendor. 112 Module 3: Virtual Machines • vSphere DirectPath 1/0 allows a guest operating system on a VM to directly access physical PCI and PCie devices coonected to a host. Pass-through devices help your environment use resources efficiently and improve performance. You can configure a pass-through PCI device on a VM by using the vSphere Client. VMs configured with vSphere Directl'ath 1/0 do oot have the following features: Hot adding and removing of virtual devices Suspend and resume Record and replay Fault tolerance High availabi lity vSphere DRS: Limited availability The Vivi can be part of a cluster but cannot migrate across hosts. Snapshots. • \Vith PVRDMA, multiple guests can access the RDl\1A device by using verbs API , an industry-standard interface. A set of these verbs was implemented to expose an RDMAcapable guest device (PVRDMA) to applications. The applications can use the PVRDlvIA guest driver to communicate with the underlying physical device. PVRDMA supports ROMA, providing the following fiuict ions: OS bypass Zero-copy Low latency and high bandwidth Less power use and faster data access Module 3: Virtual Machines1 13 3-33 Other Virtual Devices A VM must have a vCPU and virtual memoiy. The addition of other viltual devices makes the VM more useful: CO/DVD driVe: For connecting to a CD, DVD, or ISO image. USS 3.0 and 3.1: Supported with hostconnected and client.connected devices. Floppy drive: For connecting a VM to a noppy drive or a floppy image. Generic SCSI devices: A VM can be connected to additional SCSI adapters. vGPUs: A VM can use GPUs on the physical host for high--computation activities. 0 0 - 10001 Virtual CPU (vCPU) and virtual memory arc rhc minimum required virtual hardware. Having a virtual hard disk, \•irtual NICs. and other virtual devices make the Vl\1 more useful. For informat ion about adding virtual devices to a \fM, sec vSphere Virtual A1achi11e Ad111inistrntior1 at hltps://docs. vm\varc.co111/cn/Vf\1'"'arc· vSphere/7.0lcom.\•mware.vsphere.vm adm in.doclGUJD-55238059-912E-4 I I F-1\ 0f.9A 7 A536972A91.html. 114 Module 3: Virtual Machines 3-34 About the Virtual Machine Console The VM console provides the mouse, keyboard, and screen features to control the VM. You can use the standalone VMware Remote Console Apphcation (VMRC) to connect to client devices. u Q ~ P. wtN10-02 ...._ ~-....11 !J :>!l0•- 0 !> - w ,,._ .. __ ifj~ "w El!: w....IOC!la ~- ; -- ----- -- ·-- .. --· ........ -_ ... ___ ··u-- • # • & r:::I ......,~ '-'· "J -1~ # -:....• · - : ......:a..u 11>1<10~ I """""'·'~'- .. .... :..,"'j · - 'l'l~:l • 0 -·· ;;·Q -., ._ r.- Ill Ill c:o _, ~ -- ' •• You can open the VM console from the vSphcrc Client. You use the VM console to access the BIOS of the \l}.1, install an operating system on a Vl'vl, power the VM on and off. and reset the VM. The VM console is normally not used ro connect to the Vl\1 for daily tasks. Remote Desktop Connection, Virtual Network Connection, or other options are normal! y used to connect to the virtual desktop. The VM console is used for tasks such as power cycling, configuring hardware, and troubleshooting net.work issues. Module 3: Virtual Machines115 3-35 Lab 5: Adding Virtual Hardware Use VMware Host Client to examine a virtual machine's configuration and add virtual hardware to the virtual machine: 1. Examine a Virtual Machine's Configuration 2. Add Virtual Hard Disks to the Virtual Machine 3. Compare Thin-Provisioned and Thick-Provisioned Disks 116 Module 3: Virtual Machines 3-36 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify the files that make up a VM Compare VM hardware versions Recognize the components of a VM Navigate the vSphere Client and examine VM settings Identify methods for accessing a VM console Identify virtual network adapters, including the enhanced VMXNET3 Distinguish between types of virtual disk provisioning Module 3: Virtual Machines1 17 3-37 Lesson 3: Introduction to Containers Lesson 3: Introduction to Containers vmware· 118 Module 3: Virtual Machines 3-38 Learner Objectives Alter completing this lesson, you should be able to meet the following objectives: Describe the benefits and use cases for containers Identify the parts of a container system Differentiate between containers and virtual machines Module 3: Virtual Machines119 3-39 Traditional Application Development In data centers, traditional applications are enhanced with modern application capabilities and models. But uaditional application development is dilferent lrom modem application development Trat11t1onal Appt1cat1on Development Waterfall d"""IOjlment DeveJopme.nl cycles ace relatively long {several mooths) Requirements can change~ time HandOWJt to 1he operattons team The operations team 1s tespons1ble for the code tn p1oduct1on Ttain1ng 1s not prCMded Monoltthrc applic1;1hons All funchon41lrty 1s handled by a single large application Typ1caUy, monohlhtCilP-Pl•c:ahonscan only be scaledvertica.ly, not hortZontally Separate development, staging and production (!nvironment$ lncon5-lstenc:1esbetween environments occur Issues 1n pcoduchon do not occur dunng staging \Vaterfall development: Wate.rfall development cycles take from 6 to 12 months to deliver a product. Because this cycle is relatively Jong in the context of software development, requirements are at risk of changing. In addition, initial requirements might be misunderstood, but this misunderstanding might be realized only at the end of the project. Handover to the operations team: \Vhen a product is ready for production, it is handed over to the operations team. The operations team deplO)'S and manages the software from that point. Without proper training and documentation, the team can find it difficult to skill up and effectively manage the so ftware. Monolithic applications: Traditional applications are developed to run as a single large monolithic process. Large does not refer to the lines of code buc to the large number of functionalities and responsibilities. Typically, traditional applications arc deployed to a single VM using manual processes. And they arc not typically designed to be scalable. The only option is to increase CPU, disk, and memory to achieve higher performance. Separate environments: Developers start developing on their workstations. Eventually, code moves to testing, s~1ging, and production environments. Each environment is manually 120 Module 3: Virtual Machines configured, resulting in a relatively large amount of effort in a ll identical environme nts . Each environment creates diffe rent software libraries, packages, and configurations. Th is variation causes issues fo r developers who must determine why the application works in one enviromnent but not in the others. Module 3: Virtual Machines121 3-40 Modern Application Development Modem application development Is transforming modern business. Modorn Appl1c-at1on Development Typically use m1croseMces styJe ar<:hl1ectures MOtlohthlc appl1cat.ton5are broken into many s.mal!er standalone modular fu~tlons Of services ft\at make it easier for developel'$ to be innovat111e when producing and changing code Minimize time to market Streanthnethe process of deplO)'Jng new code into a staging environment for test1ng •dentify and address bugs almost 1mmedtately. Quickly deploy sma11, incremental changes 1n tne producbon environment and ea"S1lywithdraw rf problems &ns.e Deliver upda~s and features quickly. Increase product quahty and avoid nsl< F-ewet resouree requ remantsand more producttYlty Mlnrmlze the time 1t takes to bulld, test. and release new features 122 Automate lests, ge-t user feedback, and improve software 1te-tat1vely. Apply cont1nooos deve1opmen1 and continuous integration 1n small .terallons to reduce labof' Module 3: Virtual Machines 3-41 Benefits of Microservices and Containerization Containers are an ideal technology for supporting mlcroseivices because lhe goals of containers (light\veight, easily packaged, can run anywhere) align v1ell with the goals of a microseivices architecture. Monolithic Architecture Microservices Architocturo i.m t.ni Applications tl1at run on cloud-based environments arc des igned with fail ure in mind. They arc built to be resilient, to tolerate network or database outages, and to degrade gracefully. Typically, cloud-native applic.ations use microscrvice-based architectures. The tem1 micro docs not co.,-elate to lines of code. Jt refers to functionality and responsibility. Each microservice s hould be responsible fo r speci lie parts of the system. In the example, the application is broken into multiple services, including a UI and user, order, and product services. Each service has its own database. \Vith this architccnirc, each service can be scaled independently. For example, during busy times, the order service might need to be scaled to handle high throughput. The Twelve-Factor App principles describe characteristics of microservice and cloud-native applications. Module 3: Virtual Machines123 3-42 Container Terminology Several terms and concepts apply to containers. Term Dofintnon COfltalner An appt1c..Wn ~ckaged wnh dependencies Container engine A 1unhme engine lh.at manages the cootasners Docker The most recognized runtrme-engine for conta ner support. alld it is often used as a synonym for many aspects of conta111er tec:hnolog es Cootainer host A virtuaJ machine or physical 1nac-h1ne on wtucll the conta ners and container engine run Kuberne1es Google-deva&oped orchestration f01 containers 124 Module 3: Virtual Machines 3-43 About Containers A container is an encapsulation or an application and dependent binaries and libraries. The application is decoupled from the operating syscem and becomes a seiverless function. Among the reasons that containers were popularized by software developers are: They make coding easier, locally and anywhere. You can deploy and lest appllcabons quickly • •• • •• in a staging environment. No operating system or load is required. Module 3: Virtual Machines125 3-44 Rise of Containers Application developers are quickly adopting container technok>gy as their tool of choice. 1.5 B 1B 500 M 2015 -· -·-·- - -- .... 2016 2017 2018 2019 2020 2021 .... Conwincrs arc a new format of virtualizcd workload. They require CPU, memory, network, sect11ity, and storage. Containers satisfy developers' need for speed by removing dependencies on underlying operating sys1ems: • Change the paradigm on security by using a discard and reslart approach 10 patching and upgrades. • Use structured tooling to fully automale update.s of application logic running inside. • Provide an easy user experience for developers thal is infrastructure-agnostic (meaning that it can run on a.ny cloud). The opportunities containers present are many, given the infrastructure and operational complexity that they offer. 126 Module 3: Virtual Machines 3-45 About Container Hosts The container host runs the operating system on which the containers run. Container hosts can be of the following types: Standard OS with a container engine installed: - Ubuntu with Docker OS developed specifically with containers in mind: - Photon OS - Fedora CoreOS Virtual machine or physical machine: - Among the many benefits of using VMs are VM I Guest OS (Container Host) Hyperv1sor easy management and scalability. Infrastructure Administrators provide container hosts. which arc the base structure that developers use LO run their conta iners. A robust microservices system includes more deliverables, many of which are built using containers. For developers to focus on providing services to customers, operations must provide a reliable container host infrastructure. In vSphcrc with Kubcrnetcs, the container hosts arc Photon-based VMs. Module 3: Virtual Machines127 3-46 Containers at Runtime Containers have the following characteristics: A container can run on any container host with the same operating system kemel that is specified by that container. A running container is accessed using its FODN or its unique IP address. Each container can access only its own resources in the shared environment. When you log into a container using a remote terminal (such as SSH), you see no indication tha t other containers are running on the same container host. 128 Module 3: Virtual Machines 3-47 About Container Engines A container engine is a control plane that is installed on each container host. The control plane manages the containers on that host. Container engines perform several functions: Build container images from source code (for example. Dockerfile). Alternatively, load container images from a repository. Create running containers based on a container image. Commit a running container to an image. Save an image and push it to a repository. VM I Guest OS (Container Host) S top and remove containers. Suspend and restart containers. Hyperv1sor Report container status. Infrastructure Docker is the most commonly used container engine. The container engine runs as a daemon process on the container host OS. \\/hen a user requests that a container is run, the container engine gets the container image from an image regi stry (or locally, if already downloaded) and runs tbc container as a process. Module 3: Virtual Machines129 3-48 Virtual Machines and Containers ( 1) VMs provide virtual hardware that the guest OS uses to run applications. Multiple applications run on a single VM but they are logically separated and isolated. With containers, developers take a streamlined base OS file system and layer on only the required binaries and libraries that the application depends on. App 1 and App2 Oepl'1"!denc1es VM/GuestOS VM I Guest OS (Container Host) Hypervbot H~!sor Infrastructure Infrastructure \Vith virtualiiation, multiple physical machines c.an be consolidated into a single physical machine that nms multiple VMs. Each VM provides virtual hardware that the guest OS uses to run applications. tvlultiple applications nm on a single VM but these applications are still logically separated and isolated. A concen1 about VMs is that they are hundreds of megabytes to gigab)1es in size and contain n1a11y binaries a11d libro:tries tl1at are not rele-va11t to the 111ain application runni11g 011 t·hem. \Vith containers, developers take a streamlined base OS fi le system and layer on only the required binaries and libraries that the application depends on. When a container is nm as a process on the container host OS, the container can see its dependencies and base OS packages. The container is isolated from all other processes on the container host OS. The container processes are the only processes that run on a minimal system. From the container host OS perspective, the container is another process that is nmning, but it has a restricted view of the file system and potentially restricted CPU and memory. 130 Module 3: Virtual Machines 3-49 Virtual Machines and Containers (2) VMs and containers work in dilferent ways. Virtual J.1ach1ncs Containers Encapsulation of an entire operating system EncapsuJatlon of an appllcauon and dependent t)inarie:s or llbranes Scheduled by the container hoss OS Scheduled by the hypeMsor Rt1n on the tiypervlsor Starting a vt\1 means startlng an operating system (seconds to minutes) Run on the container llost OS Starting a container mea1lS starting the application process (mtlliseconds to seconds) Conwincrs arc the ideal technology for microscrvices because the goals of containers (lightweight, easily packaged, can nm anywhere) align with the goals and benefits of the microservices arcbjtecture. Oper;uors get modularized application componenlS that are small and can fit into existing resources. Developers can focus on the logic of modularized application components, knowing that the infrastructure is reliable and suppo1ts the sca lability of modules. Module 3: Virtual Machines131 3-50 About Kubernetes Containers are managed on a single container host. Managing multiple containers across multiple container hosts creates many problems: Managing large numbers of containers Restarting failed containers Scaling containers to meet capacity Netwol1<ing and load balancing Kubernetes provides an orchestration layer to solve these problems. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. Kubernetcs automates many key operational responsibilities, providing the developer with a reliable environment. Kuberneres performs the following functions: • Groups containers that make up an application into logical units for easy management and discovery • Automatically places containers based on their resource requirements • Restarts failed containers, replaces and reschedules containers when hosts foil, and stops containers that do not respond to your user-defined health check • Progressively rolls out changes to your application, ensuring that it does not stop all your instances at the same time and enabling zero downtime • Allocates IP addre.sses, mounts the storage system of your choice, load balances, and generally looks aft.er the containers 132 Module 3: Virtual Machines Kubcrnetcs manages containers across multiple container hosts, similar to how vCcntcr Server manages all ESXi hosts in a cluster. Ruooing Docker without Kubernetes is like running ESXi hosts without vCenter Server to manage them. Module 3: Virtual Machines1 33 3-51 Challenges of Running Kubernetes in Production The top challenges of running Kubernetes are reliability, security, networ1<ing , scaling, logging, and complexity. ..,. ...."'"' '°" ,.,. '°" "" ""' •• "" Kubcrnctcs orchestrates containers that support the application. However, running Kubcrnctcs in production is not easy, especi<tlly for operations te.ims. The top challenges of running Kubernetes are related to reliability, security, networking, scaling, logging, and complexity. How do you monitor Kubemetes and the underlying infrastructure? How do you build a reliable platform to deploy your applications? How do you handle the complexity that this layer of abstraction introduces? For years, VMware has helped to solve these types of problems for IT. VMware can offer its expertise and solutions in this area. 134 Module 3: Virtual Machines 3-52 Architecting with Common Application Requirements • Aopl _.:\ti 0-RVPI )Pl'r Architects With native Kubornet0$ contructs ~ ~ Platform Operators Focus on Mapping Pt111a ~len1 SG<:urity Pobcy . . Votvrries Resources/ Avn !abilltv Zo~ Kubemetes oontructs to the SOOCand publlc clouds vSo'1ere NSX l nfr~M1vc:tvre Application developers prefer using Kubcrnctcs rather than programming to the infrastructure. For ex.ample, an application developer must build an ELK stack. The developer prefers to deal with the Kubemetes APL The developer wants to use the resources, load balancer. and all the primitives that Kubernetes constructs, rather than worry about the underlying infrastructure. But the infrnstructure is still there. lt must be mapped for Kubernetes to use it. Usually, that mapping is done by a platform operntor so the developer can use the Kubernetes constructs. The slide shows how the mapping is done with the VMware software-defined data center (SDDC). The resources and availability zones map to vSphere clusters, security policy and load -balancing map to NSX, persistent volumes map to vSphere datastores and metrics map to \Vavefront. Each of these items provides value. Module 3: Virtual Machines1 35 3-53 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Desclibe the benefits and use cases for containers Identify the parts of a container system Differentiate between containers and virtual machines 136 Module 3: Virtual Machines 3-54 Virtual Beans: Virtualizing Workloads As a Virtual Beans administrator, you want to start creating VMs with different configurations and testing your applications. Your key takeaways are: The VMware Compatibility Guide can help you determine what versions of Windows and Linux guest operating systems are supported m ESXi 7.0. Virtual machines support a wide selection of virtual hardware devices, ror example, vGPUs and NVME adapters. vSphere provides the underlying infrastructure on which containers and Kubernetes run. Module 3: Virtual Machines1 37 3-55 Key Points A VM is a set or files that are encapsulated into a !older and placed on a datastore. VMs can be provistoned using the vSphere Chen\ and VMware Host Client. VMware Tools increases the overall pertormance of the VM's guest operating system. The virtual hardware version, or VM compatibility level, determines the operating system functions that a VM supports. Containers are the k:leal technology for microservices because the goals of containers align with the goals and benefits of the microservices architecture. Questions? 138 Module 3: Virtual Machines Module 4 vCenter Server Module 4 : vCenter Server Module 4: vCenter Server 139 4-2 Importance VCenter Server helps you centrally manage multiple ESXi hosts and their virtual machines. If you do not properly deploy, configure. and managevCenter Seiver Appliance. your environment might experience reduced administrative efficiency or ESXi host and virtual machine dov1ntime. 140 Module 4: vCenter Server 4-3 Module Lessons 1. Centralized Management with vCenter Server 2. Deploying vCenter Server Appliance 3. vSphere Licensing 4. Managing the vCenter Server Inventory s. vcenter Server Roles and Permissions 6. Backing Up and Restoring vCenter Server Appliance 7. Monitoring vCenter Server Appliance 6. vCenter Server High Availability Module 4: vCenter Server 141 4-4 Virtual Beans: vCenter Server Requirements Virtual Beans has the following requirements for vCenter Server (the management platform): Use Active Directory for user and group authentication. Restrict user access to vCenter Server: -System administrators: Administrative rights to the entire vSphere environment -Operators: Provision VMs and monitor, and troubleshoot vSphere problems When the new data center comes online, manage both data centers from a centralized management console. As a Virtual Beans administrator, you are responsible tor installing and configuring vCenter Server, and setting up user access. 142 Module 4: vCenter Server 4-5 Lesson 1: Centralized Management with vCenter Server Lesson 1: Centralized Management with vCenter Server vmware- Module 4: vCenter Server 143 4-6 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe the vCenter Seiver archite<:ture Recognize how ESXi hosts communicate with vCenter Seiver Identify vCenter Seiver services 144 Module 4: vCenter Server 4-7 About the vCenter Server Management Platform vCenter Server acts as a central administration pmnt for ESXi hosts and virtual machines that vCente1 Server are connected in a network: D irects the actions of VMs and hosts • Runs on a Linux-based appliance 'll'Sphore .l1_11__0___ 11_1l.l1_11__0___ 11_1l.l1_11__0___ 11_11 \Vith vCentcr Server, you can pool and manage the resources of multiple hosts. You can deploy vCcntcr Server Appliance on an ESXi host in your infrastructure. vCcnter Server Appliance is a preconfigured Linux -based virtual machine that is optimized for running vCentcr Server and the vCenter Server components. vCenter Server Appliance provides advanced features, such as vSphcre DRS, vSphere HA, vSphcrc Pa ult Tolerance, vSpherc vMotion, and vSphcrc Storage vMotion. Module 4: vCenter Server 145 4-8 About vCenter Server Appliance vCenter Server Appliance is a prepackaged Linux-based VM that is optimized for running vCenter Server and associated services. The \/Center Server Appliance package contains the following software: Photon • PostgreSQL database • vCenter Server services During deployment, you can select the vCenter Server Appliance size for your vSphere environment and the storage size for your database requirements. vCcntcr Server is a service that runs in vCcnter Server Appliance. vCcntcr Server acts as a central administrator for ESXi hosts that are connected in a network. 146 Module 4: vCenter Server 4-9 vCenter Server Services vCenter Setver seivices include: vcenter Server • vSphere Client vCenter Single Sign-On License service vCenter Lookup Service VMware Certificate Authority Content Library vSphere ESXi Dump Collector When you deploy vCenter Server Appliance, all these services are included. ---·--·-- --.-·-----__ --------------- ---------_.,. -------- -~ .. • ---- ---- ----- ---· --- --·-· --- --·---- --- ---~- ~- Although installation of vCcntcr Server services is not optional. administrators can choose whether lo use their functionalities. Module 4: vCenter Server 147 4-10 vCenter Server Architecture vCenter Server is supported by the vSphere Client, the vCenter Server database, and managed hosts. ~---- -.e-er ~, ~nee ...-=='!-=....., ~onos --11 -•--:] 8 -·I--- ~:;;s!;~'::.ilib•• 1111 v ......... 1111 0 111 1 I H~fS'Xl-1 0 1111 llSXIH--lnl ...Cl'<'lle•~ AOpllliroc. llllUllOK ~ ~(1(1 Vitt.... ~.... . 1 ~· The vCenter Server architecture relies on the following components : • vSphere Clieot: You use this c lient to connect 10 vCeotcr Server so that you C>ln manage your ESXi hosts centrally. \Vhen an ESXi host is managed by vCentcr Server, you should always use vCentcr Server and the vSphcrc Client to manage that host. • vCent.er Server database: The vCenter Server database is the most important component. The database stores inventory items, security roles, resource pools, performance data, and other critical information fo r vCenLer Server. • lvlanaged hosts: You can use vCenter Server to manage ESXi hosts and the Vlvls that nm on them. 148 Module 4: vCe nter Server 4-11 About vCenter Single Sign-On vCenter Single Sign-On provides authentication across multiple vSphere components through a secure token mechanism: 1. User logs in to the vSphere Client. 2. vcenter Single Sign-On authenticates credentials against a directory service (for example. Active Directory). 3. A SAML token is sent back to the use(s browser. 4. The SAML token is sent to vCenter Server. and the user is granted access, • • Module 4: vCenter Server 149 4-12 About Enhanced Linked Mode Wilh Enhanced Linked Mode, you can log in 10 a single inslance of \/Cenler Seiver and manage lhe inventones of all the vCenter Server systems in the group: • Up to 15 VCenter Server instances can be linked in one VCenter Single Sign-On domain. • An Enhanced Linked Mode group can be created only during the deployment of \/Center Server Appliance. ""' ............... '""'' 0 Q t1 2 .~C: -=c:,.c_ :==-· ~ .. :i\~ Q ~W-01 o<JIU IK.i Q; ,. oi.i...-.. . - "' •• - . .... ..-. 00 """"' l.t•, ......... - l >;,>,IC l.)o UooRoll_ _ _ - - - - . •• a.... - --......... •"' " e.N r - r111111>1 ...s~ ,,.. • '"" ~1111.11. c...... llC:... You canno1 create an Enhanced Linked Mode group after you deploy vCen1cr Server Appliance. Enhanced Linked lv!ode provides the following features: • You can log in 10 all linked vCenter Server instances simultaneously wilh a single user name and password. • You ean view and search 1hc inventories of al l linked vCcntcr Seiver instances in the vSphcrc Client. • Roles. permission, licenses, tags, and policies arc replicated across li.nkcd vCentcr Server instances. To join vCenter Server instances in Enhanced Linked Mode, connect the vCenter Server instances to the same vCenter Single Sign-On domain. Enhanced Linked lvlode requires the vCenter Seiver Standard licensing level. This mode is not supported with vCenter Seiver Foundation or vCenter Server for Essentials. 150 Module 4: vCenter Server 4-13 ESXi and vCenter Server Communication The vSphere Client communicates directly with vCenter Server. To communicate directly with an ESXi host, you use VMware Host Client " • - ••• . - • . •=~ W•• ES)(! Ho\l vCcntcr Server provides direct access to the ESXi host through a vCentcr Server agent called virtual provisioning X agent (vpxa). The vpxa process is automatically installed on the host and started when the host is added to the vCenter Server inventory. The vCenter Server service (vpxd) communicates with the ESXi host daemon (hostd) through the vCenter Server agent (vpxa). Clients that communicate directly with the host, and bypass vCenter Server, converse with hostd. The hostd process runs directly on the ESXi host and manages most of the operations on the ESXi host. The hostd process is aware of all VMs that are registered on the ESXi host, the storage volwnes visible to the ESXi host, and the status of all VJ'vls. Most commands or operations come from vCenter Server through vpxa. Examples include creating, migrating, and powering on virtual machines. Acting as an intermediary between the vpxd process, which runs Oil vCenter Server, and the hostd process, vpxa relays the tasks to perfonn Oil 1he host. \Vhen you are logged in to the vCenter Server syslem through the vSphere Client, vCenter Server passes commands 10 the ESX i host through !he vpxa. Module 4: vCenter Server 151 The vCcnter Server database is also updated. 1f you use \/~1 ware Host Client to communicate directly with an ESX.i host, comniunications go directly to the hostd process and the vCenter Server database is not updated. 152 Module 4: vCenter Server 4-14 vCenter Server Appliance Scalability Metric v Center Server Appliance 7.0 Hosts per vCen1er Server nst.ance Powered-on VMs per vCenter Server Instance Registered \A4s per '/Center Server instance 2,500 Hosts per cluster 64 VMs per cluster 8000 40,000 45,000 Module 4: vCenter Server 153 4-15 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe the vCenter Seiver archite<:ture Recognize how ESXi hosts communicate with vCenter Seiver Identify vCenter Seiver services 154 Module 4: vCenter Server 4-16 Lesson 2: Deploying vCenter Server Appliance Lesson 2: Deploying vCenter Server Appliance vmware· Module 4: vCenter Server 155 4-17 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Deploy vCenter Server Appliance into an infrastructure • Configure vCenter Server settings 156 Module 4: vCenter Server 4-18 Preparing for vCenter Server Appliance Deployment Before deploying \'Center Server Appliance. you must complete several tasks: Verify that all vCenter Server Appliance system requirements are met. Get the fully qualified domain name (FQON) or the static IP of the host machine on which you mstall vCenter Server Appliance. Ensure that clocks on all VMs in the vSphere networ1< are synchronized. For more information, sec VMware £SXi lnstallatio11 a11d Setup at https:l/docs. \ llll\\ra re.comleni \l M\vare-\o·Snhere/ 7.()/co111.\tJll\\'a re .esx i. instalI .doc/C.T U ID- B2FO I BF5-078A-~C7E-B505-5DFFEDOB8C38 htm l. Module 4: vCenter Server 157 4-19 vCenter Server Appliance Native GUI Installer - The GUI installer has several features: With the GUI installer, you can perform an interactive deployment of vCenter Server Appliance. • The GUI installer is a native application tor Windows, Linux, and macOS. The installer has no dependency on bro\vsers or plug-ins. It performs validations and prechecks durtng the deployment. . t • • tM>o... ~w....... . - ~ •t-• • o-i..a ............... • Ooit1• .·-_,,,. _ ,.... . • ~] (-.1....... '"'.. ti• - 1,... IQ.,t/"11ltUf IU ...... t .. ,....... uncITT ,,,,,. l(t'llnQIJ II)!~ 0 p W• r;,, ,,..., /' l'l>ltPt ·-.. • Ootlil.., ..ao- ...- ·~ "'!>( ... ~ ~ L tn.io.~tQ .. 011)0....~""""' ._. orv~•11~ "'- ' The GUI ins1allcr performs valida1ions and prcchccks duri ng 1hc deployment phase to ensure that no mistakes are made and th<tt a compatible environment is created. 158 Module 4: vCenter Server 4-20 vCenter Server Appliance Installation The vCenter Seiver Appllance Installation is a t\vo-slage process: • Stage 1: Deployment of OVF • Stage 2: Configuration The deployment can be fully automated by using JSON templates with the CL I installer on Windows, Linux, or macOS. The Install option installs a new vCcntcr Server Appliance. The Upgrade opt ion upgrades an existing vCenter Server Appliance instance, or upgrades and converges an existing vCcntcr Server Appliance instance with external Platform Services Controller. The !\1igrate option migrates from an existing \\lindows vCenter Server instance, or migrates and converges an existing Windows vCcntcr Server instance with external Platform Services Controller. The Restore option restores from a previous vCenrcr Server Appliance backup. Module 4: vCenter Server 159 4-21 vCenter Server Appliance Installation: Stage 1 Stage 1 begins with the UI phase: Accept the EULA. • Connect to the target ESXi host or vCenter Server system. Define the \'Center Server Appliance name and root password. Select compute size, storage size, and datastore location (thin disk). • Define networking settings. Stage 1 continues wilh the deployment phase: OVF is deployed to the ESXi hosl • Disks and networking are configured. 160 Module 4: vCenter Server - ·~- ·~- ..... ·- ----... .. --- ----· - -~ ---··- - - - m 4-22 vCenter Server Appliance Installation: Stage 2 Stage 2 is the configuration phase: Configure time synchronization mode and SSH access. Create a vCenter Single Sign.On domain or join an existing SSO domain, Join the Customer Experience Improvement Program (CEIP). _................. ~., S.SC conl111i.t•!la• I·=---·--' -·-• --- ·----__ ..__ ---_....._ -·~- - • • • ... l n stage 2, you configure whether to use the ESXi host or NTP servers as the time synchronization source. You can also enable SSH access. SSH access is disabled by default. Module 4: vCenter Server 161 4-23 Getting Started with vCenter Server After you depk>y vCenter Server Appliance, use the vSphere Client to log 1n and manage your vCenter Seiver inventory: https://vCenter_Seiver_FQDN_or_IP_address/ui. ..... • + -N'T'r ---- 162 Module 4: vCenter Server - ··· 90' --· 4-24 Configuring vCenter Server Using the vSphere Client Using the vSphere Client, you can configure vCenter Server, including settings such as licensing, statistics collection, and logging. - ~~· u ..n 111 Q 2 .... I !6w. ___ , . ._" o~.-..- (.} s.TVC0-0l.Y(l(l$S IOCal I --......-----°"'• ~ loC.l~l l=I v vCoi"'!tl<! Se1wi< $etll!>Q! ---... - --·-__ ·-__ __ ----.. ••• .............. ~ Ool•t.-• ,. .t;...... - ......""'-.. ..,__. .... ..... ..._,, ~ -- - . ,..,.._ ....,,.,.,_ ,,...._ ... r---·-•"• ---"° .c;--· -.. • -·~ '~ -111 ......~ •-.o-.. """' ... _,. - .... ._,~ .... .... ... ~ .c••-·--u..--.... To access the vCcnicr Server system settings by using the vSphcrc Client, select the vCcntcr Server system in the navigation pane, click the Configure tab, and expand Settings. Module 4: vCenter Server 163 4-25 vCenter Server Appliance Management Interface Using the vCenter Server Appliance Management Interface (VAMI), you can configure and monitor your vCenter Server Appliance instance. Tasks include: Monitoring resource use by the appliance Backing up the appliance Monitoring vCenter Server I V Mwa1e vC~ntet Sefver Mana!)e<nent services Adding additional networi< adapters The vCcntcr Server Appliance Management Interface is an HTML client designed and monitor vCenter Server Appliance. LO configure The vCenter Server Appliance Management Interface connects directly to port 5480. Use the URL https://FQDN_or_ll'_address:5480. 164 Module 4: vCenter Server 4-26 vCenter Server Appliance Multihoming With vCenter Server Appliance 7 .0 multihom1ng, you can configure multiple NI Cs to manage network traffic. For example, vCenter Server High Availability requires a second NIC for its pliltate network . .... . ...... ,..... . . ~ ......... .. . ,.,.,.~. -..... ..__.., -·-·- ----·- -----·--· - --... ---- . ' NM~s.-i~'I- .... ~ - ....... ~· ··~ • ••• -""-- ~ ' ·-.,_ a A maximum of four NlCs arc supported fo r multihoming. All four multihoming-supportcd NTC configurations are preserved during upgrade, backup, and restore processes. Module 4: vCenter Server 165 4-27 Demonstration: Deploying vCenter Server Appliance Your instructor will run a demonstration. 166 Module 4: vCenter Server 4-28 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Deploy vCenter Server Appliance into an infrastructure • Configure vCenter Server settings Module 4: vCenter Server 167 4-29 Lesson 3: vSphere Licensing Lesson 3: vSphere Licensing vmware· 168 Module 4: vCenter Server 4-30 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Vtew licensed features for vCenter Server or an ESXi host • Add license keys to vCenter Server Module 4: vCenter Server 169 4-31 vSphere Licensing Overview Licensing vSphere components is a two-step process: 1. Add a license to the \/Center License Seivice. 2. Assign the license to the ESXi hosts. \/Center Server Appliance instances, and other vSphere components. 170 Module 4: vCenter Server 4-32 vSphere License Service The License Seivice runs on vCenter Server Appliance. The License Seivice perfonns the following functions: Provides centralized license management • Provides an inventory of vSphere licenses Manages the license assignments for products that integrate with vSphere, such as Site Recovery Manager. .. ~ ' .... . ...... _ .. _, -··- -·-· --- - __-.._ --- ~--- •• ·---.._...--· _ --·..----· ·--·-·---· -- ---- -- ---· --- -----· --·- --- ·-·-·-· -· ---· The License Service manages the license assignments for ESXi hosts, vCentcr Server systems, and clusters with vSAN enabled. You can monitor the health and status o f the License Service by using the vCemer Appliance Management Interface. Module 4: vCenter Server 171 4-33 Adding License Keys to vCenter Server You must assign a license lo vCenter Server before its 60-day evaluahon penod expires. Select Menu > Administration > Licenses to open the Licenses pane . -~'"'"(.'""'' ·- ··-·---- -·.... ~· -~ ·~- y • LICenses ~- ............ ..... • ... • -.,.._. -- • • • • - ipm,.• ...,,.... New Licenses 1--- Ent('r hccnse!' keys ~·- ln the vSphcrc environment. license reporti ng and management arc centralized. All product and feature licenses are encapsulated in 25-<:haracter Iicense keys that you can manage and monitor from vCenter Server. You can view license information by product, license key, or asset: • Product: A License to use a vSphere software component or feature, for example, evaluation mode or vSphcrc Enterprise Plus. • License key: The serial number that corresponds to a product. • Asset: A machine on which a product is installed. For an asset to run certain software legally, the asset must be licensed. 172 Module 4: vCenter Server 4-34 Assigning a License to a vSphere Component You can assign a license to an asset, such as vCenter Server. - ·- .....•. ··•···..... ---- --··----·__ ··----- ·- .,.. ... II :1 • • -- -- T • ·- G O. - . - - .............. ,. . '"'" ·--· - l·.- -- Module 4: vCenter Server 173 4-35 Viewing Licensed Features You assign valid license keys to your ESXi hosts and vCenter Server Instance using the Licensing pane. This pane shows tile type of license and available features . ...!!. g ft • ------- ..........------ -·--·--------··--·---.... ·---·---··--·-·-·-· ---------·-···__ ----·-------·--- ·-___ -------· --··-..··-- o ..- • ..--~ :;,,,_.., .......... " f - • .... .,...,_ ---~-· -~ • .. • ......, Before purchasing and activating licenses for ESXi and vCcnter Server, you can install the software and run it in evaluation mode. Evaluation mode is intended for demonstrating the software or evaluating its features. During tJ1e evaluation period. tbe software is operational. The evaluation period is 60 days from 1.be time of installat ion. During this period, 1he software notifies you of the time remaining until expiration. The 60-day evaluation period cannot be paused or restarted. After the evaluation period expires, you can no longer perform some operations in vCenter Server and ESXi. For example, you cannot power on or reset your vi11ual machines. In addition, all hosts are disconnected from the vCenter Server system. To continue to have full use ofESXi and vCenter Server operations, you must acquire license keys. 174 Module 4: vCenter Server 4-36 Lab 6: Adding vSphere Licenses Use the vSphere Client to add vSphere licenses to vCenter Server and assign a license to vCenter Server: 1. Add vSphere Licenses to vCenter Server 2. Assign a License to the vCenter Server Instance Module 4: vCenter Server 175 4-37 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Vtew licensed features for vCenter Server or an ESXi host • Add license keys to vCenter Server 176 Module 4: vCenter Server 4-38 Lesson 4: Managing the vCenter Server Inventory Lesson 4: Managing the vCenter Server Inventory vmware· Module 4: vCenter Server 177 4-39 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Use the vSphere Client to manage the vCenter Seiver inventory Create and organize vCenter Seiver inventory objects Add data center and organizational objects to vCenter Seiver Add hosts to vCenter Seiver Recognize how to create custom inventory tags for inventory objects 178 Module 4: vCenter Seiver 4-40 vSphere Client Shortcuts Page From the vSphere Client Shortcuts page, you can manage your vCenter Server system Inventory, monttor your infrastructure environment, and complete system administration tasks. .. _....,_ a-·-- -·-....... __ .. ___ ·-ti<-- ··---·-··-,··_ "''-·--· ............. ·-:'>....:....- --·- ·- -·- --Ill - -- I ~ M ., -- ---- -..- --- - -- =°' !I -• .................. r ••• ~· I ~- -" • Select Menu > S hortcuts. The Shortcuts page has a navigation pane on the left and Inventories, Monitoling, and Administnttion panes on the right. Module 4: vCenter Server 179 4-41 Using the Navigation Pane You can use the navigation pane to b1owse and select objects in the vCenter Server inventory. - •'<••-~ - - , nlln!l l · to·-···-~ I·•--. ·~ ... _ - . =-·-. --_,_ ..... -·- - - - ·------.........··-------·• ·-- . .._ ~oo --· -- -·- - ~----- · ---- _,_ - 180 Module 4: vCenter Server ... -:l.'... ------······-- • 0- -~ - • 4-42 vCenter Server Views for Hosts, Clusters, VMs, and Templates Host and cluster objects are shown in one vif!W, and VM an<l template objects are displaye<l in another view. Host ond Clusters Inventory Vtcw -·-- ·-I ···-- VMs <tnd Template& Inventory VMJ"I\• -··-·-·- -- The Hosts and Clusters inventory view shows all host and cluster obj ects in a data center. You can further organize the hosts and clusters into folders. The VMs and Templates inventory view shows all VM and template objects in a data center. You can also organize the VMs and templates into folders. Module 4: vCenter Server 181 4-43 vCenter Server Views for Storage and Networks Storage Inventory View The Storage inventory view sho\VS all the details for _- - datastores in the data center. The Networking Inventory view ......... sho\vs all standard s\11itches and distributed switches. ~ Network Inventory View ICI Q I:! o .. oc.. ooot.... - ~ ~ ... Proouct1on > v Ui,.,,...r...-..!11 ""'-~ a~~- 0--00--- -·Cl·-'"-- g .. -~~- .,.,_. - -- ·- ,.. -,,_ --- As wirh the other inventory views, you c.an. organize your datastorc and network objects into folders. 182 Module 4: vCenter Server 4-44 Viewing Object Information Because you can \lie\v object information and access related objects, monitoring and managing object properties is easy. ·-·o---·----a•-O•••- ·-. -- -- -· . ---- ----· ... __ -••.• ·-· -------··- ·--- ·--- - -·. ' ~ ...__ ' • • •• • ... • --~ Module 4: vCenter Server 183 4-45 About Data Center Objects A virtual data center is a logical organization of all the inventory objects required to complete a fully functional environment for operating VMs: • You can create multiple data centers to organize sets of environments. • Each data center has its own hosts, VMs. templates, datastores, and networl<s. vCenter Serve.t Toronto Oat• Los Angele$ Munir;h Dai. P&ri$ D4 t~ Center Data Center Center Center You might create a data center object for each data center geographical location. Or, you might create a daw center object for each organizational unit in your enterprise. You might create some data centers for high-performance environments and other data centers for less dem;mdiog YMs. 184 Module 4: vCenter Server 4-46 Organizing Inventory Objects into Folders Objects in a data center can be placed into folders. You can create folders and subfofders to better organize systems. Los Angeles Data Center You plan the setup of your virtual environment depending on your requirements. A large vSpherc implementation might contain severa l virtual data centers with a complex arrangement o f hosts. clusters, resource pools. and networks. It might include multiple vCentcr Ser\ier S} Stems. 1 Smaller implementations might require a single virtual data center with a less complex topology. Regardless of the scale of your virtual environment, consider how the VMs that it supports are used and administered. Populating and organizing your inventory involves the following tasks: • Creating data centers • Creating clusters to consolidate the resources of multiple hosts and VMs • Adding hosts to the clusters or co the data centers Module 4: vCenter Server 185 • Organizing inventory objects in folders • Sening up networking by using vSphere standard switches or vSphere distributed switches • Configuring storage systems and creating datastore inventory objects to provide logical containers for storage devices in your inventory 186 Module 4: vCenter Server 4-47 Adding a Data Center and Organizational Objects to vCenter Server You can add a data center, a host. a cluster, and folders to vCenter Server. You can use folders to group objects of the same type for easier management. ti Q llJ ,:2 l;.• .... -· . !) sa·vcsa-01 vc1as.s.1oca1 Uc···· ' . 1-'-·-·~ " -------< b----0.?:> ..... Nola«\',.,.. ~-y,...,.. ......... ., ::...oltvO'"" - _,....,. - !l ...·~-"- ':J NI• ""I~ f••d1W .__ Module 4: vCenter Server 187 4-48 Adding ESXi Hosts to vCenter Server You can add ESXi hosts to \/Center Server using the vSphere Client. ' "'" .~ .. r,...,, . . " n--- D J ..... ..;.. r.::-:-:'."'.'."-:------, - ·--· 188 Module 4: vCenter Server • a ........ ___ .., __ -·-- - • • 4-49 Creating Custom Tags for Inventory Objects You can use tags to attach metadata to objects In the vCenter Server inventory. Tags help make these objects more sortable. --·__ _ ,, You can associate a set of objects of the same type by searching for objectives by a given tag. You can use tags to group and manage VMs, clusters, and datastores, for example: • - - ... ·----· -- ...Jo-·.._ ·--- ·-·-- -J · - ~- _ Tag VMs that run production workloads. Tag VMs based on their guest operating system. -~- ..• .... ·-·-· -- .,.__ .... ··- -- -- ~-- Module 4: vCenter Server 189 4-50 Labs Lab: Creating and Managing the vCenter Server Inventory Lab: Configuring Active Directory: Joining a Domain 190 Module 4: vCenter Server 4-51 Lab 7: Creating and Managing the vCenter Server Inventory Use the vSphere Client to create and configure objects in the vCenter Server inventoiy. 1. Create a Data Center Object 2. Add ESXi Hosts to the Inventory 3. View lnformalion About the ESXi Hosts 4. Configure the ESXI Hosts as NTP Clients 5. Create a Folder for U1e ESXi Hosts 6. Create Folders for VMs and VM Templates Module 4: vCenter Server 19 1 4-52 Lab 8: Configuring Active Directory: Joining a Domain Join vCenter Server to the vclass.local domain: 1. Join vCenter Server to the vclass.local Domain 192 Module 4: vCenter Server 4-53 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Use the vSphere Client to manage the vCenter Seiver inventory Create and organize vCenter Seiver inventory objects Add data center and organizational objects to vCenter Seiver Add hosts to vCenter Seiver Recognize how to create custom inventory tags for inventory objects Module 4: vCenter Server 193 4-54 Lesson 5: vCenter Server Roles and Permissions Lesson 5: vCenter Server Roles and Permissions vmware· 194 Module 4: vCenter Server 4-55 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Define the term permission in the context of vCenter Server Desclibe the rules for applying permissions Create a custom role Create a permission Module 4: vCenter Server 195 4-56 About vCenter Server Permissions Using the access control system, the vCenter Server administrator can define user privileges to access objects in the inventory. The following concepts are important: Privilege: An action that can be performed Object: The target of the action User or group: Indication of who can perform the action Role: A set of privileges Permission: Gives one user or group a role (set of privileges) for the selected object - j ----------- - ------------ 1 1 ' 1 10°-t·M--+--~1 Pe<mi--1-n ..... ' '' f Ill : ________________________ ! The authorization LOperform tasks in vCcnLcr Server is governed by an access control system. Through this system, the vCenter Server administrator can specify in detail which users or groups can perform which tasks on which objects. A pemussion is set on an object in the vCenter Server object hierarchy. Eacn permission associates the object with a group or user and the group or user access roles. For example. you can select a VM object, add one pennission that gives the Read-only role to group I, and add a second pennission that gives the Administrator role to user 2. By assigning a different role to a group of users on different objects, you control the tasks that those users can perfonn in your vSphere environment. For example, to allow a group to configure memory for the host, select that host and add a permission that grants a role to that group that includes the Most.Configuration.l\1emory Configuration privilege. 196 Module 4: vCenter Server 4-57 About Roles Privileges are grouped into roles: A privilege allows access to a specific task and is grouped with other privileges related to it. Roles allow users to pertorm tasks. vCenter Server provides a few system roles, which you cannot modify. ____ .., ------.... ·-·-__- .. __ --·----~ , . __ -__ ----- ·_ _ ·---··----..-....__ ----... _ -----_____ --·-·----,,_ ------w. . . -·-·-·--.. ---··-•• _.,_ ' ... - • I . I i!llM ....... •'""--'-.,_ ._.,. ~... °"'"'"_ ~-~ u- ·- A role is a set of one or more pri vileges. For example, the Virtual Machine Power User sample role consists of severnl privileges in categories such as Datastore and Global. A role is assigned to a user or group and determines the level of access of that user or group. You cannot change the privileges associated with the system roles: • Administrator role: Users with this role for an object may view and perform all actions on the object. • Read-only role: Users with this role for an object may view the state of the object and details about the object. Module 4: vCenter Server 197 • No access role: Users with this role for an object may not view or change the object in any way. • No cryptography administrator role: Users with this role for an object have the same privileges as users with the Administrator role, except for p1ivileges in the Cryptographic operations category. All roles are independent of each other. Hierarchy or inheritance between roles does not apply. 198 Module 4: vCenter Server 4-58 About Objects Objects are entities on which actions are performed. Objects include data centers, folders, clusters, hosts, datastores, nel\vorks, and \jjrtual machines. All objects have a Permissions tab, T he Permissions tab shows which user or group and role are associated with the selected object. '-"' 0 vSO(le<.;o C~<i'~C Q 13 ,~ • 2 0 IJ ~<to»·O! Ol.llU""'-· a ...... ,..~ ~- a-..ci<ICI-• .,, SA-Cluster-01 ' .1 Vti'l'l-loc:M-~ i..OUl.~••m e 11~uiu..·-- a \?l+~U)C.AI.~ ' • -· • · ' • • .,_.. + ·' • 1 - ............... - ..~l- .. ...... e.~ . -· o .. ---- ~--- -"'I.Ill~ Module 4: vCenter Server 199 4-59 Adding Permissions to the vCenter Server Inventory To add a permission: 1. Select an object. 2. Select a user or group rrom a domain. 3. Select a role. 4. Propagate the permission to the child objects. --- • You can assign pcnn issions to objects at dilTercnt leve ls o f the hierarchy. For example, you can assign permissions to a host object or to a folder object that includes all host objects. You can also assign permissions to a global root object to apply tl1e permissions to all objects in all solutions. For information about hierarchical inheritance of permissions and global permissions, see vSphere 5'ec11rity at https://c.tocs. \'lll\\'are.com/enNrv1'"'arevSpherei7. ()/com vmwnre. vsphere.5ecuritv.doclG UI D-52 l 881 ~8-C579-4F6i\-83 3 5CFBCEO DD2 I6 7. html 200 Module 4: vCenter Server 4-60 Viewing Roles and User Assignments The Roles pane shows which users are assigned the selected role on a particular object. -. ...... ·---· -·---__ .. __ -· .... _ ..__ __ ·--· --------·-·--·----·----.. ·-·-Cl'-------- ---·-------_____ --···- •• ._,, ~- .._. • .. _ ( I f_ _ ~-- ------...--··---J___- ----·--------- ............ • ... ........ ~~-·OC•- _,_._ You can view all the objecis to which a role is assigned and all the users or groups who are granted the role. To view infom1ation about a role, click Usage in the Roles pane and select a role from the Roles list. Tbe information provided 10 the right shows e~cb object to which the role is assigned and the tisers an(t grol1ps Vi1ho \Vere gral1te<t the role. Module 4: vCenter Server 201 4-61 Applying Permissions: Scenario 1 A permission can propagate dov1n the object hierarchy to all subobjects, or it can apply only to an immediate obje<:t. v O sa.vcsa-01 vdassJoc.al v []jlr"'11ng+ - - - - - - - - - - - - Greg: Read-Only (Propagate to children) Cl PrQductJon Bi Pl'Qd03·1 ~Pl'Qd03·2 - - -- - - - -- Greg: Administrator ~ Pl'Qd04-2 ~Pl'Qd0<-3 ijl Pl'O<fTemJ)lale v CJ TIMI and Dev Eli Oev01 {5Jc.v02 &0ev03 ln addition to specifying whether permissions propagate downward, you can ovcnidc permissions set at a higher level by explicitly setting different permissions for a lower-level object. On the s lide, user Greg is given Re.ad-only access in the Training data center. This role is propagated to all child objects except one, the Prod03 -2 V~1. for this VM, Greg is an adn1jnistrJtor. 202 Module 4: vCenter Server 4-62 Applying Permissions: Scenario 2 When a user is a member or multiple groups with permissions on the same obiect, the user Is assigned the union of privtleges assigned to the groups for that object. v o ~-vcsa-o1 vc&assJocai [ Ill Training ••---------1 "' OPrc>ducbOft Group1 : VM_Power _On (Propagate to children) Group2: Take_ Snapshots (Propagate to children) EP "'""00.1 Et;. PYod03-2 & & v ?rod04·2 ?rod04·3 Ci) PfoefTems:i&ate Cl Te:st and Dev Eb Dt-01 fP Dt-02 Greg Members of Group2: Greg Susan carta Members of G roup1: {5J 0.-03 On the s lide, Group I is assigned the Vlvl_Powcr_On role, a custom role that contains only one privilege: the ability to power on a VM. Group2 is assigned the Take_Snapshots role, another custom role that contains the prh•ileges to create and remove snapshots. Both roles propagate to the child objects. Because Greg belongs to both Group I and Group2, he gets both VlvLPower_On and Take_Snapshots privileges for all objects in the T raining data center. Module 4: vCenter Server 203 4-63 Activity: Applying Group Permissions ( 1) If Group1 has the Administrator role and Group2 has the No Access role, what permissions does Greg have? v ••------1[ o ....c..-o•w:._.._•sJoc __ Ill Training • v ClP<oducbOft Groupl: Administrator (Propagate to children) - Group2: No Access (Propagate to children) EP "'""00-1 Et;. PYod03-2 & & v P<od04·2 P<od04·3 Ci) PfoefTems:i&ate Cl Te:st and Dev E/J DtYOI fP DtY02 {5J O.Y03 204 Module 4: vCenter Server Members of Groupl · Greg Susan Members of Group2 : Greg Carta 4-64 Activity: Applying Group Permissions (2) Greg has Administrator pnvileges. Greg 1s assigned the union of privileges assigned to Group1 and Group2. v ••------1[ o ....c..-o•w:._.._•sJoc __ Ill Training • v ClP<oducbOft Groupl: Administrator (Propagate to children) - Group2: No Access ( Propagate to children) EP "'""00-1 Et;. PYod03-2 & ?rod04-2 & ?rod04·3 v Ci) PfoefTems:i&ate Cl Te:st and Dev Eb Dt-01 fP Dt-02 Members of Groupl · Greg Susan Members of Group2 : Greg Carta {5J 0.-03 Module 4: vCenter Server 205 4-65 Applying Permissions: Scenario 3 A user can be a member of multiple groups with permissions on different objects. In this case, lhe same permissions apply for each object on \Vhich the group has permissions, as though the permissions were granted directly to the user. a sa-1t<so-Olvc1assJoc.al [t Trarwng Group1: Administrator ( Propagate to children) 0Proouctl0n 8J ProdOl-1 G Pc'odo3-2 Group2: Read ~Only a: Prod04~2 ~ .._,.., ~ ProcJTl!molate "' 0 Te<;t ana Oev Bi°""" Bi Oe.02 Bi°""°' M embe r s of Group1: Greg Members of Gtoup2: Greg Susan Carla You can override pcm1issions set for a higher-level object by explicitly seuing different penn issions for a lower-level object. On the s lide, Group I is assigned the Administrator role at the Training data center and Group2 is assigned the Read-only role on the VM object. Prod03- l. T he permission granted to Group I is propagated to child objects. Because Greg is a member of both Group I and Group2, he gets administrator privileges on the entire Training data center (the higher-level object), except for the VM called Prod03 -I (the lower-level object). For this VM, he gets read-only access. 206 Module 4: vCenter Server 4-66 Applying Permissions: Scenario 4 A user (or group) is given only one role ror any given object. Permissions defined exptic1tly for the user on an object take precedence over all group permissions on lhat same object. E O sa-vcsa-01vc1as.s.10ea1 Group1: VM_ Power _ On (Propagate to children) Ill Tr.ining ••---------!-- Group2: Take_ Snapshots (Propagate to children) v Cl PrOduction Greg: No Access ( Propagate to children) BJ PYod03·1 ~ PYod03·2 &,Prod04·2 6,PJ0004·3 ca ProdTemOlate v Cl THt and O.v BJ 0.•01 BJ 0.•02 BJ 0.v03 Members of Group1: Greg Members of Group2: Greg Susan Carla On the s lide, three permissions are assigned to the Training data center: • Group I is assigned the VM_l'ower_On role. • Group2 is assigned the Take_Snapsbots role. • Greg is assigned the No Access role. Greg is a member of both Group I and Group2. Assume that propagation to child objects is enabled on all roles. Although Greg is a member of both Group I and Group2, he gets the No Access privilege to the Training data center and all objects under it. Greg gets the No Access privilege because explicit user penni ssions on an object take precedence over all group pennissions on that san1e object. Module 4: vCenter Server 207 4-67 Creating a Role Create roles for only neeessaiy tasks. For example, you can create a Virtual Beans VM Provisioning role that allows a user to deploy VMs from a template. Use raiders to contain the scope of permissions. Virtual Beans VM Provisioning role: Dat<tstore > Allocate space Resource > Assign Virtual machine to resource pool Virtuat machine > For instance, assign the VirtuaJ Beans VM Edit lnventory > Create from existing Provisioning role to user nancy@vmbeans.com Interaction >Power on and apply it to the Production VMs folder. Pl'Qvi$b'IJn9 > Allow read•oolv disk access eustomiZe guest De:PIOV templ.&le A.ead customization specifications The Virtual Beans VM Provisioning role is one o f many examples of roles that can be created. Define a role using the smallest number of privileges possible to maximize security and control over your environment. Give the roles names that explicitly indicate what each role allows, to make its purpose clear. 208 Module 4: vCenter Server 4-68 About Global Permissions Global permissions support assigning privileges across solutions from a global root object. Span solutions such as vCenter Server and vRealize Orchestrator • Give a user or group privileges for all objects in all object hierarchies Globul Root ObJect l vCenteir Servt:>r Instance l Content Library Data Center Folder Tag Category l l l Library Item Data Center Often, you apply a permission to a vCenter Server inventory object such as an ESXi host or a VI\{ When you apply a permission, you specify that a user or group has a set of privileges, called a role, on the object. Global pent1i ssions give a user or group privi leges to view or manage all objects in each of the inventory hierarchies in your deployment. The example on the slide shows that the global root object has pen11issions over all vCenter Server objects, including content libraries, vCenter Server instances, and tags. Global permissions allow access across vCenter Server instances. vCenter Server permissions, however, are effective only on objects in a particular vCenter Server instance. Module 4: vCenter Server 209 4-69 Labs Lab: Configuring Active Directory: Adding an Identity Source Lab: Users, Groups, and Permissions 210 Module 4: vCenter Server 4-70 Lab 9: Configuring Active Directory: Adding an Identity Source Add velass.local as an identity source: 1. Add velass.local as an Identity Source Module 4: vCenter Server 211 4-71 Lab 10: Users, Groups, and Permissions Assign roles and permissions so that an Active Directory user can perform functions in vCenter SeNer. 1. View Act.ive Directory Users 2. Assign Object Permission to an Active Directory User 3. Assign Root-Level Global Pennission to an Active Directory user 4. Log In as an Active Directory User s. Use an Active Directory User to Create a Virtual Machine 212 Module 4: vCenter Server 4-72 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Define the term permission in the context of vCenter Server Desclibe the rules for applying permissions Create a custom role Create a permission Module 4: vCenter Server 213 4-73 Lesson 6: Backing Up and Restoring vCenter Server Appliance Lesson 6: Backing Up and Restoring vCenter Server Appliance vmware- 214 Module 4: vCenter Server 4-74 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Create a vCenter SeNer Appliance backup schedule • Restore vCenter SeNer Appliance from backup Module 4: vCenter Server 215 4-75 Virtual Beans: vCenter Server Operations As a Virtual Beans administrator, you are responsible for the maintenance and daily operation of vCenter Server. To align with Virtual Beans policies, you perform the following tasks: Back up vCenter Server data monthly. Make vCenter Server highly available· - 99.99 percent available (dov1ntime per year of 52.56 minutes) Monitor vCenter Server performance to avoid potential problems in the infrastructure 216 Module 4: vCenter Server 4-76 About vCenter Server Backup and Restore vCenter Setver backup and restore operations prote<:t data. These operations work in the following ways: Use the vCenter Server Appliance Management Interface Remove dependency on third-party backup solutions Support FTPS, HTTP, HTTPS, SFTP, FTP, NFS, andSMB Include the option to encrypt backups Restore directly from the vCenter Seiver Appliance GUI installer Restore a vCenter Setver instance to a brand-new appliance The vCcntcr Server Appliance Management Interface supports backing up key parts of the appliance. You can protect vCenter Server data and minimize the time required to restore data center operatioJ1s. The backup process collects key tiles into a tar bundle and compresses the bundle to reduce the network load. To minimize the storage impact. the transmission is streamed without caching in the appliance. To reduce tl1e total time required to complete the backup operation, the backup process handles the di ffere nt components in parallel. You can encrypt the compressed file before. transmission to the backup stornge location. \Vhen you choose encryption, you m ust supply a password that can be used to decrypt the file during restoratio11. The backup operation always includes the vCenter Server database and system configuration files, so that a restore operntion has all the data to recreate an operational appliance. Optionally, you can specify that a backup operation should include S tatistics, Events, and Tasks from the current state of the data center. Current a larms are always included in a backup. Module 4: vCenter Server 217 4-77 Methods for vCenter Server Appliance Backup and Restore You can use different methods to back up and restore vCenter Server Appliance: File-based backup and restore: - Use the vCenter Server Appliance Management lntertace to create a file-based backup. - Restore the backup through the GUI installer of the appliance. - Schedule the file-based backup and restore. Image-based backup and restore: - Use vSphere Storage APls • Data Protection with a third-party backup product to pertorm centralized, efficient. off-host, LAN-lree backups. 218 Module 4: vCenter Server 4-78 File-Based Backup of vCenter Server Appliance You can perform a file-based backup manually. ---· -- -·-- - -- - [ .....·-··-wtfJt "".... Pel - ---- --- ··--- -·__ ·•-w--·-· ,. --- ...._, __ ... -·-... You use the vCenter Server Appliance 1'1anagemeot Interface to pcrfoni1 a file-based backup of the vCenter Server core configuration, inventory, and histotical data of your choice. The backedup data is streamed over the selected protocol to a remote system. The backup is not stored on vCenter Server Appliance. \Vhen specifying the backup location, use the following syntax: protocol : <se rve r - address< : port- number>/ folder /subfolder. Module 4: vCenter Server 219 4-79 File-Based Restore of vCenter Server Appliance Use the vCenter Server Appliance GUI installer to restore a vCen1er Server Appliance to an ESXi host or a vCenter Server instance. The restore procedure occurs in stages: 1. A new appliance is deployed. 2. The newly deployed vCenter Server Appliance 1s populated wtth the data stored in the file-based backup. When you use the file-l>ased restore method. reconciliation is automatically performed. ·- -- w • -. You can perform a file-based restore only for a vCcntcr Server Appliance instance that you previously backed up by using the vCenter Server Appliance Jvlanagement Interface. You can perfonn the restore operation by using the GUI installer ofvCenter Server Appliance. The process consists of deploying a new vCenter Server Appliance instance and copying the data from the filebased backup to the new appliance. You can also perfonn a restore operation by deploying a new vCenter Sen•er Appliance instance and using the vCenter Server Appliance Management Interface to copy the data from the filebased backup to the new appliance. 220 Module 4: vCenter Server 4-80 Scheduling Backups You can schedule au1omatic fiJe.. based backups. The backup scheduler supports: A retention policy to keep all backups or a defined number of backups • Daily, weekly, or custom schedule Failed backups trigger an alarm in !he vSphere Client. --·· , ~·~ .. - ... ..... ' ---·-- ~ ~ ··--·-·-------------... --.... " _ _ .... _ _ , t ... - - - - · - - - " " ' "'f11" ~-----! ' ,,. _ ------····- ___ .. .. ......... . . ·-· -----..--o ··----- -·-·- - ·---- ----·-..... -· , . You can se1 up a tile-based backup schedule co perform periodic backups: • The schedule can be set up with information about the backup location, recurrence, and rctcniion for Ilic backups. • You can set up only one schedule at a time. Module 4: vCenter Server 221 4-81 Viewing the Backup Schedule You can view the existing defined backup schedule from the vCenter Server Appliance Management l ntelface. The backup schedule can be edited, disabled, or deleted. """"'· • .s-•..111 ["'9f'ti. • 222 Module 4: vCenter Server rMMIQ'1 ..:I,..., .no tonflgv~ 4-82 Demonstration: Backing Up and Restoring a vCenter Server Appliance Instance Your instructor will run a demonstration. Module 4: vCenter Server 223 4-83 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Create a vCenter SeNer Appliance backup schedule • Restore vCenter SeNer Appliance from backup 224 Module 4: vCenter Server 4-84 Lesson 7: Monitoring vCenter Server and Its Inventory Lesson 7: Monitoring vCenter Server Appliance vmware· Module 4: vCenter Server 225 4-85 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Vtew vCenter Sel\ler logs and events Manage vCenter Seiver services Monitor vCenter Server Appliance for seivice and disk space usage Use vSphere alarms for resource exhaustion and service failures 226 Module 4: vCenter Server 4-86 vCenter Server Events The vCenter Server events and audit trails allow selectable retention periods in increments of 30 days: User-action Information includes the user's account and specific event details. All actions are reported, Including file ID, file path, source of operation, operation name, and date and hme of operation. Events and alarms are displayed to alert the user to changes in the vCenter Server seNice health or when a seMce fails. .- ·• . -• • ·-- -- •• •• - ~ •• • ..• • Module 4: vCenter Server 227 4-87 About Log Levels You can set log levels lo control the quantity and type of information logged. Examples of when to set log levels: • When troubleshooting complex issues, set the log level to verbose or trivia. Troubleshoot and set it back to info. For controlling the amount of information being stored in the log files. Option Oe!lcr1pt1on None Error (errors only) Tufns o"logg1ng Warning (errors and Displays watnlno and a1Tor log en1rles Displays onJy error log entries warnings} Info (normal logging) Displays 1nfonnat1on, error and warning log enuies Verbose Displays tnformauon, error. warning, and verbose log entries Trivia (extended verbose} Displays 1nformat1on erro1 warning verbose and tnvia log entries Changes to the logging settings take effect immediately. You do not have to restart the vCcntcr Ser\1er S)'Ste1n. 228 Module 4: vCenter Server 4-88 Setting Log Levels You can configure lhe amount or detail that vCenter SeNet collects in log files: You can edit the log levels in the vSphere Client. · More verbose logging requires more space on your VCenter SeNer system. O U O ·-o·--- • I ___ ___ --- _-- ------ -- I - ·- .. ·- ...._ ,, -... ___ .. __ -·--·--·· --- --- ........ --1= ----· .. ____ ------ ·-- --- -·-L=- -- ~- ---- To configure logging levels. follow these steps: I. ln the vSphere Client, select the vCenter Server instance in the navigation pane. 2. Click the Configure tab. 3. Under Settings, select General. 4. Click EDIT. 5. Under Edit vCentcr general settings, select Logging settings in the left pane. 6. Select an option !Tom the Log level drop-down menu. Module 4: vCe nter Server 229 4-89 Forwarding vCenter Server Appliance Log Files to a Remote Host vCenter Server and ESXi can stream their log information to a remote Syslog server: You can enable this feature in the vCenter Server Appliance Management Interface. • With this feature, you can further analyze .Center Server Appliance log files with log analysis products, such as vRealize Log Insight. ----·-- ~- -- _.._ -- --· • -· - 230 ... ---- --- --·-·- -· -- ":' ,-,----·-t Module 4: vCenter Server - 4-90 vCenter Server Database Health vCenter Setver ch~ks the status of the database every 15 minutes: By default, database health warnings trigger -- an aJarm \Vhen the space used reaches 80 percent The alarm changes from warning to error \Vhen lhe space used reaches 95 percent. vCenter Setver setvices shut down so that you can configure more disk space or remove unwanted content. You can also monitor database space utilizatfon using the vCenter Setver Appliance Management Interface. ---..J ... - _,, -- - .. - ,. . . .. ---- - .. - -- L Module 4: vCenter Server 231 4-91 Monitoring vCenter Server Appliance The vCenter Server Appliance Management Interface has a built-in monitoring lntertace. c,pu and Memory View Oi.SkS View = -- The CPU and Memory views provide a historical v iew of C PU and memory use. Using the Disks view, you can moni tor the available disk space. 232 Module 4: vCenter Server 4-92 Monitoring vCenter Server Appliance Services You can use the vCenter Server Apphance Management Interlace to monitor the health and state or the vCenter Server Appliance services. You can restart, starl, or stop services from this interlace. -·----·- --·-- -------·-_ ..,,,,,._.. ----· ··__ ..._ "'---··--·-·· -·--...... ..--... ...___ -·------------- -- --- --..--- ·--..-_ --- ·-----· .,_ h- Module 4: vCenter Server 233 4-93 Monthly Patch Updates for vCenter Server Appliance VMware provides monthly security patches for vCenter Server Appliance: Critical vulnerability patches are delivered on a monthly release cycle. • Important and lmv vulnerabilities are delivered with the next available vCenter Seiver patch or update. You can configure the VCenter Server Appliance to perform automatic checks for available patches in the configured repository URL at a regular interval. --·- ·---- -__ __ ..-. __ ___.. .=. .............. _..... ~-:::: ·· ~·-- . ......... ~·· ~-- If a vCcntcr Server patch or update occurs in the same time period as the monthly security patch, the monthly security patch is rolled into the vCenter Server patch or update. 234 Module 4: vCenter Server 4-94 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Vtew vCenter Sel\ler logs and events Manage vCenter Server services Monitor vCenter Server Appliance for service and disk space usage Use vSphere alarms for resource exhaustion and service failures Module 4: vCenter Server 235 4-95 Lesson 8: vCenter Server High Availability Lesson 8: vCenter Server High Availability vmware· 236 Module 4: vCenter Server 4-96 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Recognize the importance of vCenter Server High Availability Explain how vCenter SeJVer High Availability works Identify vCenter SeJVer High Availability requirements Module 4: vCenter Server 237 4-97 Importance of Keeping vCenter Server Highly Available VMwaro Produc.ts High availab1lrty is an important characteristic for many VMware and third-party solutions that depend on vCenter Server as the primary management platform: vCenter Server is the foundation for the virtual desktop infrastrocture. • Backup and disaster recovery solutions rely on vCenter Server. 11Rc<1!1:e Orctt~.;n;;lOI' l .,.J I l ' "'' Third-Party Integrations vSphere is a virtualization platfonn that forms the foundation for building and managing an organization's virtual, public, and private cloud infrastructures. vCenter Server Appliance sits at the heart of vSphere and provides services to manage various components of a virtual infrastructure, such as ESXi hosts, virtual machines, and storage and networking resources. As large virtual infrastructures are built using vSphere, vCenter Server becomes an important element in ensuring the business continuity of an organization. vCenter Server must protect itsel f from a set of hardware and software failures in an environment and must recover transparently from such failures. 238 Module 4: vCenter Server 4-98 About vCenter Server High Availability vCenter Setver High Availability protects vCenter Setver Appliance against both hardware and software failures. vCenter Setver High Availabiltty forms a cluster or nodes: • Active node: Runs the active vCenter Server Appliance instance Passive node: Automatically takes over the role of the Active node if a failure a<:curs Witness node: Provides a quorum to protect against a split-brain situation vCenter Setver High Availability is built in to vCenter Server Appliance and is included with the standard license. •............... Wrtn<:':;~ (Quorum) \Vi th vCentcr Server High Availability, )' OU can recover quickly from a vCcntcr Server failure. Using automated foilover, vCenter Server foilover occurs with minima l downtime. Module 4: vCenter Server 239 4-99 Scenario: Active Node Failure If the active node fails, the passrve node takes over the role of the active node. The cluster 1s considered to be running in a degraded state . • -- OB/ File Repllcation '''L---------------------- Witness (Quorum) ' ' ---------------------·' 0 The animation demonstrates what happens if an active node fails. To play the animation. go to https:llvmwarc .brava is.com/s/PlUBZn2zC07 HESgN 2fin-I . The active node runs the active instance o f vCentcr Server Appliance. The node uses an IP address on the Management network for the vSphcre Client to connect to. If the active node fails (because ofa hardware, sofiware, or network failure), the passive node takes over the role of the active node. The IP address to which the vSphcrc Client was connected is switched from the foiled node to the new active node. The new active node starts serving client requests. Meanwhile, the user must log back in to the vSphere Client for continued access to vCenter Server. Because only two nodes are up and rutming, the vCenter Server High Availability cluster is considered to be nmning in a degraded state and subsequent fo ilover cannot occur. A subsequent failure. in a degraded c luster means vCenter Server services are no longer available. A passive node is required to return the cluster to a healthy state. 240 Module 4: vCe nter Server 4-100 Scenario: Passive Node Failure If the passive node fails, the active node continues to operate normally. However, the cluster is considered to be running in a degraded state . • OB/Fiio ~eplicatlon lf thc passive node fails, the active node continues to operate as normal. Bcc.ausc no disruption in service occurs, users can continue to access the active node using the vSphere Client. Because the passive node is down, the active node is no longer protected. The cluster is considered to be running in a degraded state because only two nodes are up and ruru1ing. A subsequent failure in a degraded cluster means vCenter Server services are no longer available. A passive node is required to return the cluster to a healthy state. Module 4: vCenter Server 241 4-101 Scenario: Witness Node Failure If the \vilness node fails, the active node c-0ntinues to operate normally. However, the cluster is considered to be running in a degraded state. l I OB/Fi e Replication The witness node is used to main1ain quorum. lf the wi1ness node fails, the active node continues to operate without disruption in service. Because only two nodes arc up and running, the cluster is considered to be running in a degraded state and failover cannot occur. A subsequent failure in a degraded cluster means vCenter Server services are 110 longer available. The witness node is required to retu1n the cluster to a healthy state. 242 Module 4: vCenter Server 4-102 Benefits of vCenter Server High Availability vCenter Server High Availability provides many benefits: vCenter Server Appliance is made more resilient. Protection against hardware, host, and application failures is provided. Recovery occurs in minutes. End-to-end downtime is minimized. Active-passive archttecture provides transparent failover: - Recovery point objective: No data loss. - Recovery time objective: Within minutes. One-click automated high availability is set up. Nodes can be geographically distant (less than 10 milllseconds latency). No shared storage is required. No third-party technologies are required. Module 4: vCenter Server 243 4-103 vCenter Server High Availability Requirements Component Requirements ESXI VerslOn 6.0 or latl!tf M1n1mumof three ESXt h0s1s is recommended vCenter Server Appliance VersK>n e 5 or later Oeploymen1 su:e s.rnatl or larger ts required to meet the RTO Enougll disk space to collect and store support bundles for all Lhrea nodes on the active node. Network connechv1ty Network latency between the three nodes must be fess than 10 milliseconds The vCen!er HA network ruust be on a ddfe1enl subnet than the management netWOtk L1cens1ng A srn9le vCenter Server Standard hcense For more information about the vCcnter Server High Availability requirements, sec vSphere Availability at https:lldocs.vmware.comleniVMwarevSphere/7 .Olcom. vmware. vsphcre.avail.doclGUI D-63 F 45987 -8884-48 I 8-8872C9753 B2E02 I 5 .hun l. 244 Module 4: vCenter Server 4-104 Demonstration: Configuring vCenter Server High Availability Your instructor will run a demonstration. Module 4: vCenter Server 245 4-105 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Recognize the importance of vCenter Server High Availability Explain how vCenter SeJVer High Availability works Identify vCenter SeJVer High Availability requirements 246 Module 4: vCenter SeJVer 4-106 Virtual Beans: vCenter Server Maintenance and Operations As a Virtual Beans administrator, you plan to maintain vCenter Server and keep it up and running. Virtual Beans Requirement Back up \!Center Server data monthly Make vCenter Servet highly avail.able. ti.ionit0<vCentor Server regularly. Plan Use the VAMJto schedulemonthlybackupsofVCenter Server. Because the NFS protocol is supported, you can use one of lhe NFS filesystems in your data center to store the backups._ Configure vCenter Seiver Hjgh Availability to protect against vCenter Sel'\ter failures. Because recovery time is minimal you are confident that 99.99 percent availability (downtime per year of 52.56 m1nutes) can be achieved Use the VSphcre Client and VAMI daily to monitorVC:enter Serwr health and perfortTiance. Module 4: vCenter Server 24 7 4-107 Key Points vCenter Seiver Appliance uses the Photon operating system and the PostgreSOL database. You use the vSphere Cbent to connect to vCenter Server instances and manage vCenter Server inventory obje<:ts. A permission, defined in vCenter Seiver. gives one user or group a role (set of privileges) for a selected obje<:t You can use the vCenter Seiver Appliance Management lntelface to monitor appliance resource use and pelform a file-based backup of the appliance. vCenter Seiver High Availability is built in to vCenter Seiver Appliance and protects the appliance from both hardware and software failures. Questions? 248 Module 4: vCenter Server Module 5 Configuring and Managing Virtual Networks Module 5: Configuring and Managing Virtual Networks Module 5: Configuring and Managing Virtual Networks 249 5-2 Importance When you configure ESXi networking properly, virtual machines can communicate with other virtual, and physical, machines. In this way, remote host management and IP-based storage operate effectively. 250 Module 5: Configuring and Managing Virtual Networks 5-3 Module Lessons 1. Introduction to vSphere Standard Switches 2. Configuring Standard Switch Policies Module 5: Configuring and Managing Virtual Networks 251 5-4 Virtual Beans: Networking Requirements Virtual Beans has the following requirements for its network infrastructure: Use the existing VLAN infrastructure and create VLANs as needed for the vSphere environment. Use the available bandwidth efficienUy: - Infrastructure services must gel enough bandWidth. - Infrastructure traffic should not interfere with the performance of business-critical and nonbusiness-critical application traffic. Avoid single points of failure. As the Virtual Beans administrator. you must configure VSphere neti.vorking to meet these requirements. 252 Module 5: Configuring and Managing Virtual Networks 5-5 Lesson 1: Introduction to vSphere Standard Switches Lesson 1: Introduction to vSphere Standard Switches vmware· Module 5: Configuring and Managing Virtual Networks 253 5-6 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify virtual switch connection types Configure and view standard switch configurations Distinguish between the features of standard and distributed switches 254 Module 5: Configuring and Managing Virtual Networks 5-7 About Virtual Switches Virtual switches connect VMs to the physical network. They provide connectivity between VMs on the same ESXi host or on d ifferent ESXi hosts. They also support VMkemel services, such as vSphere vMotion migration, iSCSI . NFS, and access lo the management network. Module 5: Configuring and Managing Virtual Networks 255 5-8 Types of Virtual Switch Connections A virtual switch has specific conne<;tion types: VM port groups VMkernel port: For IP storage, vSphere \/Motion migration, vSphere Fault Tolerance, vSAN, vSphere Replication, and the ESXi management network Uplink ports Virtual Machine Port Groups VMkernel Ports Virtual Switch Uplink Ports The ESXi managemcn1 network port is a V1vfkcrncl port that connects to network or remote services, including vpxd on vCenter Server and Vivi ware Host Client. Each ESXi management network port and each VM kerncl port must i>c configured with its own fp address, netmask, and gateway. To help configure virtual switches, you can create port groups. A port group is a template that stores configuration information to create virtual s witch ports on a virtual switch. VM port groups connect \/Ms to one another with common networking properties. VM port groups and VMkernel por!S connect to the outside world through the physical Ethernet ;\dapters thM are connected to the virtual switch uplink ports. 256 Module 5: Configuring and Managing Virtual Networks 5-9 Virtual Switch Connection Examples More than one nehvork can coex.ist on the same virtual switch or on separate virtual swrtches. MAN19cment vSphere vMotion iSC$1 ISCSI \Vhcn you design your networking environment, you can team all your networks on a s ingle virtual switch. Alternatively, you can opt for multiple virtual switches, each with a separate network. The decision partly depends on the layout of your physical networks. For example, you might not have enough network adapters to create a separate virtual switch for each network. instead, you might place your network adapters in a single virtual switch and isolate the networks by using VLANs. Because physical NI Cs are assii,'lled at tl1e virtual switch level, all ports and port groups that are define-0 for a particular switch share the same hardware. Module 5: Configuring and Managing Virtual Networks 257 5-10 About VLANs ESXi supports 802.1 Q VLAN tagging. Virtual switch tagging is one of the supported tagging policies: Frames from a VM are tagged as they exit the virtual switch. Tagged frames arriving at a virtual switch are untagged before they are sent to the destination VM. VMkemel The effect on performance is minimal. 1 ESXi provides VLAN support by assigning a VLAN ID to a port group. ~°;gl Physical S\vitch ---- Physical N!C 1 lillii vvv•I ~-- Trunk Port mm VLANs provide for logical groupings of switch ports. Al l virtual machines or ports in a VLAN communicate as if they are on the same physical LAN segment. A VLAN is a software-configured broadcast domain. Using a VLAN provides the following benefits: • Creat ion of logical networks that arc not based on the physical topology • Improved pe1formance by confming broadcast traffic to a subset of ports Oil a switch • Cost savings by partitioning the network without the overhead of deploying new routers VLANs can be configured at the port group level. The ESXi host provides VLAN support through v irrnal switch tagging, which is provided by giving a port group a VLAN ID. By default, a VLAN ID is optional. T he VMkcmcl takes care of all tagging and untagging as the packets pass through the virtual switch. The port on a physical s witch to which an ESXi host is connected must be defined as a static trunk port. A trunk port is a port on a physical Ethernet switch that is configured to send and receive 258 Module 5: Configuring and Managing Virtual Networks packets ragged with a VLAN ID. No VLAN configuration is required in the Vl\1 . In fact, the VM does not know that it is connected to a VLAN. For more information abou1 how VLANs are implemented, see VMware knowledge base article I003806 at hun://kb.vmw<1re.comlkbll 003806. Module 5: Configuring and Managing Virtual Networks 259 5-11 Types of Virtual Switches A virtual network supports standard and distributed switches. Both switch types are elastic: Ports are created and removed automatically. Standard switch· Distributed sw~ch ; - Virtl1al S\•1itch that is configured for a single - Virtual switch that is configured for an host. entire data center. - Up to 2,000 hosts can be attached to the same distributed switch. - The configuration is consistent across all attached hosts. - Hosts must either have an Enterpnse Plus license or belong to a vSAN cluster. 260 Module 5: Configuring and Managing Virtual Networks 5-12 Adding ESXi Networking You can add new standard sw~ches to an ESXi host or configure existing ones using the vSphere Client or VMware Host Client. - ........... , 0..-......- .... a"""-.... Cl··-· Iii_ g ........ __ dt-111-Gl••'°"- . - - -......- ·....._ _ ... _ 1- - 1 -·--····-, ... ___ . ---....... -·~;-;::: --- ..... --- ·-----·- __..____ _ -·--... ---· .. ·------· ..... ---·-__ _ -·....... -.. ·----------· - ·.·.·1 ~·- ._. • .:..:::") ..., ... ·------·· -·--....•. Module 5: Configuring and Managing Virtual Networks - 261 5-13 Viewing the Configuration of Standard Switches In the vSphere Client, you can view a host's standard switch configuration by selecting Virtual Switches on the Configure tab. a--·aa-.u...- -··--·___ .. ~ .-· --· -- ~- -· , ,_,,_..._....- - ..... . ........ [··-·"'.. ·--"" - .... -·- i.-... [,_.,.,_ I _;.J ._.,..,._ Q _ _ ... ~·· - · •.».'1:1.. !ii __••, ......... __- [~, ~-.. <\•'< ,. ~·· • .. . ,. • The slide shows the standard switch vSwitchO on the sa-csxi-01.velass.local ESXi host. By default, the ESXi installation creates a virtual machine pott group named V~1 Network and a VMkemel po11 named IV!anagement Network. You can create additional port groups such as the Production port group, which you can use for the production virtual machine network. For performance and security, you should remove the VM Network virtual mach.ine port group and keep VM networks and management networks separated. 262 Module 5: Configuring and Managing Virtual Networks 5-14 Network Adapter Properties The Physical adapters pane shows adapter details such as speed, duplex, and MAC address selbngs. Atthough the speed and duplex settings are configurable, the best practice is to leave the settings at autonegotiate. - . -~~.,... . --.. ----· a---. . . . ·-·-·-... -·- -.._ ,,_ _,_ ·-·--·.. ...-· ·--··-·-·- ·-·-·- ·- ---.....-··• -·_ ---.. .. .... -----·-----.._.,,_ ---- . -"----... _ -· o--·~..... = , • ~ • ... .,_ .,_ You can change the connection speed and dup.lex of a physical adapter to 1ransfcr data in compliance with the traffic rate. If the physical adapter supports SR-IOV, you can enable it and configure the number of virtual functions 10 use for vi1tual machine networking. Module 5: Configuring and Managing Virtual Networks 263 5-15 Distributed Switch Architecture Management Port 11Sphere vMotlon Port vSphere VMotlon Port ~ Management Port Distributed Ports and Port Groups Distributed Switch (Control Plane) Uplink Port G roup Hidden Vlrtval Switehes {J/0 Plane) Virtual PhySiC-41 NICS ( Uplinks) Host 1 Host 2 vCcntcr Server owns the configuration ofthc distributed switch. T he configuration is consistent across a ll hosts that use the distributed switch. 264 Module 5: Configuring and Managing Virtual Networks 5-16 Standard and Distributed Switches: Shared Features Standard and distributed s\v1tches have several features in common. Featura Standard Switch Distributed Switch Layer 2 swnch Yes IPl.6 support Yes Yes Yes NIC teaming Yes Outbound treffic$haping Ye• Yes Yes Yes VLAN segmentii1t1on{802 10 ~g91n9} C1cso D1sc0Yery Protocol {CDPJ Yes Yes Yes Module 5: Configuring and Managing Virtual Networks 265 5-17 Additional Features of Distributed Switches Distributed switches include several reatures that are not part of standard switches. Featura Standard Switch 01su-1butad Switch lnb0<md tra~ s~aplng No No Yes VM netv1ork port bloc.It Private VLANs Load-based teaming O.at,a center level management vSphere vf\.1otion m191allon of virtual networking stale PP.r por1 policy settings NO No No No No Yes Yes Yes Yes Yes Ne!Flow No No Yes Yes Yes Port mirroring No Yes Access to NSX-T port groups No NO Yes Yes 4 Pon .state morutoring of netwotk stahstlc$ Link Layer Olscoveiy Protocol (LLDP) Duri ng a vSpherc vMotion migration, a distribuled switch tracks the virtual networking State (for example, counters and pott statistics) as the virtual machine moves from host to host. The trncking provides a consistent view of a virtual network interface, regardless of the virtual machine location or vSphere v~1otion migration history. Tracking simplifies network monitoring and troubleshooting activities where vSphere vl\l!otion is used to migrate virtual machines between hosts. 266 Module 5: Configuring and Managing Virtual Networks 5-18 Lab 11: Using Standard Switches Create a standard switch and a port group for virtual machines: 1. View the Standard Switch Configuration 2. Create a Standard Switch with a Virtual Machine Port Group 3. Attach Virtual Machines to the Virtual Machine Port Group Module 5: Configuring and Managing Virtual Networks 267 5-19 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify virtual switch connection types Configure and view standard switch configurations Distinguish between the features of standard and distributed switches 268 Module 5: Configuring and Managing Virtual Networks 5-20 Lesson 2: Configuring Standard Switch Policies Lesson 2: Configuring Standard Switch Policies vmware· Module 5: Configuring and Managing Virtual Networks 269 5-21 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Explain how to set the security policies for a standard switch port group Explain how to set the traffic shaping policies for a standard switch port group Explain how to set the NIC teaming and failover policies for a standard switch port group 270 Module 5: Configuring and Managing Virtual Networks 5-22 Network Switch and Port Policies Policies that are set at the standard switch level apply to all port groups on the standard switch by defaull Available network policies; Security Traffic shaping Policy levels; Standard switch level: Default policies for all the ports on the standard switch. Port group level: Effective policies defined at this level override the default policies that are NIC teaming and faUover set at the standard switch level. Networki ng security pol icy provi de$ protection again st MAC address i mpersonation and llll\Vanted port scanni11g. Traffic shaping is useful when you want to l i mit the amount of traffic 10 a VM or a group of VMs. Use the teami ng and fai lover policy to determi ne the following in formation: • How the network traffic o f VMs and \/Mkernel adapters that are connected 10 the switch is distributed be1ween physical adapters • How the craff'ic should be rerouted if an adapter fails. Module 5: Configuring and Managing Virtual Networks 271 5-23 Configuring Security Policies As an administrator, you can define security policies at both the standard switch level and the port group level: Promiscuous mode: You can aUo\v a virtual switch or port group to forward all traffic regardless of the destination MAC address changes: You can ae<:ept or reject inbound traffic when the MAC address is altered by the guest. Forged transmits: You can accept or reject outbound traffic when the MAC address Is allered by the guest. VM Network - Edtt Settings ......... The network security policy contains the following exceptio ns: • Promiscuous mode: Promiscuous mode allows a virtual switch or port group to fo rward all traffic regardless of their destinations. T he default is Reject. • lvlAC address changes: T he default is Reject. If this option is set to Reject and the guest attempts to change the MAC address assigned to the virtual NIC, it stops receiving frnmes. • Forged transmits: A frame's source address field m ight be altered by the g uest and contain a lv!AC add ress other than the assigned virtual NI C MAC address. Yo u can set the Forged Transmits parameter to accept o r reject such fra mes. The default is Reject. In vSphere 7, these security settings are set to Reject by defa ult. In general, these policies give you the option of disallowing certain behaviors that might compromise security. For example, a hacker m ight use a promiscuous mode device to capture network traffic for unscrupulous activities. O r, someone might impersonate a node and gain unauthorized access by spooling iis MAC add ress. 272 Module 5: Configuring and Managing Virtual Networks Set Promiscuous mode. to Accept to use an application in a VM that analyzes or sniffs packets. such as a network-based intrusion detection system. Keep the l\•IAC addres s changes and Forged transmits set to Reject co help protect against attacks launched by a rogue guest operating S)'Stem. Set J\1AC address changes and Forged transmits to Accept if your applications change the mapped tvfAC address, as do some guest operating system-based firewalls. Module 5: Configuring and Managing Virtual Networks 273 5-24 Traffic-Shaping Policies Network traffic shaping is a mechanism for limiting a virtual machine's consumption of available network bandwidth. Average rate, peak rate, and burst size a_re configurable. Pebk Bbndwidth Time A virtual machine's network bandwidth can be controlled by enabling the network tra ffic shaper. The network trnffic shaper, when used on a standard switch, shapes only outbound network traffic. To control inbound traffic, use a load-balancing system or turn on rate-li miting features on your physical router. 274 Module 5: Configuring and Managing Virtual Networks 5-25 Configuring Traffic Shaping A traffic-shaping policy is defined by average bandwidth, peak bandwidth, and burst size. You can establish a lraffio-shaping policy for each port group and each distributed port or distributed port group: Traffic shaping ls disabled by default. Parameters apply to each virtual NIC 1n the standard s\vitch. On a standard switch, traffic shaping controls only outbound traffic, that is, traffic traveling from the VMs to the virtual switch and out onto the physical network. VM Network - Edit Sen1ngs Status Ttamc~ • .,..., l:»atlmwitn (ldlll/s) ......-("""'•) 9lr-S1 srze (KB) ·~ En-• - ~~~~~~~~~~~~ 102400 - The ESXi host shapes only outbound traffic by establishing parameters for the following traffic characteristics: • Average bandwidth ( Kbps): Establishes the number or kilobits per second to allow across a port, averaged over rime. The average bandwidth is the allowed average load. • Peak bandwidth (Kbps): The maximum number of kilobits per second to allow across a port when it is sendi ng a burst of traffie. T his number tops the bandwidth that is used by a port whenever the port is using the burst bonus that is configured using the Burst size pa.ramctcr. • Burst size (KB): The maximum number of kilobytes to allow in a burst. If this parnmeter is ser. a port might gain a burst bonus if it docs not use all irs allocated bandwidth. \Vhcnevcr the port needs more bandwidth than specified in the Average bandwidth field, the port might be allowed to temporarily transmit data at a faster speed ifa burst bonus is available. T his parameter tops the number of kilobytes that have accumulated in the burst bonus and so transfers at a faster speed. Module 5: Configuring and Managing Virtual Networks 275 Network traffic s haping is off by default. Although you can establish a traffic-shaping policy at e ither the virtual switch level or the port group level, settings at the pon group level override settings at the virtual switch level. 276 Module 5: Configuring and Managing Virtual Networks 5-26 NIC Teaming and Failover Policies With NIC teaming, you can increase the network capacity of a vtrtual switch by including t\vo or more physical N!Cs in a team. ---- _ ... ...... __ ___ ...... , .. -·-• ·-· -- .... .. D --------- -- - ~.pr.,..,..._. ---·--~·-- ......... "-'""'..,,~ ...... ---------· - NlC teaming increases the network bandwidth of the switch and provides redundancy. To determine how the traffic is rerouted when an adapter foils, you include physical NI Cs in a failover order. To determine how the virtual switch distributes the network traffic between the physical NICs in a team. you select load-balancing a lgori thms depending on the needs and capabilities of your environtnent: • Load-balancing policy: This policy determine.s how network traffic is distributed between tbe network adapters in a NlC team. Virtual switches load balance only the outgoing traffic. Incoming traffic is controlled by the load-balancing policy on the physical switch. • Failback policy: By default, a foilback policy is enabled on a N!C team. If a fuiled physical NlC returns ooline, the virtual switch sets the NJC back to active by replacin g the standby NIC that took over its s lot. Module 5: Configuring and Managing Virtual Networks 277 If the physical NIC that stands first in the failover order experiences intermittent failures, the fai lback policy might lead to frequent changes in the NIC that is used. T he physical switch sees frequent changes in MAC addresses, and the physical switch port might not accept traffic immediately when an adapter comes online. To minimize such delays, you might consider changing the following settings on the physical switch. • Notify switches policy: IN ith this policy, you can determine how the ESXi host communicates failover events. \\/hen a physical N IC connects to the virtua l switch or when traffic is rerouted to a different physical NIC in the team, the virtual switch sends notifications over the network to update the lookup cables on physical switches. Notifying the physical switch offers the lowest latency when a failover or a migration with vSphere v!Vlotion occurs. Default NIC teaming and failover policies are set for the entire standard switch. These default settings can be overridden at tbe port group level. The policies show what is inheri ted from the settings at the switch level. 278 Module 5: Configuring and Managing Virtual Networks 5-27 Load-Balancing Method: Originating Virtual Port ID With the load-balancing method that is based on the originating virtual port ID, a virtual machine's outbound traffic is mapped to a specific physical NIC. --------. ... " " II I I I I ~ :------ ---~----------: I I I I I I I I I r---------------• • .. ""'"" NIC. 0 To play the animation, go to htqis://,•mwarc.bravais.com'sl7jEkuYvYOl70xc'v\lbmnnZ. The load-balancing method that uses the originating virtual port ID is simple and fast and does not require the VMkcmcl to examine the frame for the necessary information. T he Nl C is detcm1incd by the LD of the virtual port to which the VM is connected. With this method, oo single-N!C VM gets more bandwidth than can be provided by a single physical adapter. This method has advantages : • Traffic is evenly distributed if the number of virtual NICs is greater than the number of phys ical NICs in the team. • Resource consumption is low because, in most cases, the virtual switch calculates uplinks for the V:t-1 only once. • No changes on tlie physical switch are required. Module 5: Configuring and Managing Virtual Networks 279 This method also has disadvantages: • The virtual switch is not aware of the traffic load on the uplinks, and it does not load balance the traffic to uplinks that are less used. • The ba.ndwidth that is available to a VM is limited to the speed of the upli nk tJ1at is associated with the relevant port 10, unless the \ tM has more than one v.ir1 ual N IC. 280 Module 5: Configuring and Managing Virtual Networks 5-28 Load-Balancing Method: Source MAC Hash For the load-balancing method based on source MAC hash, each virtual machine's outbound traffic is mapped to a specific physical NIC that is based on the virtual NIC's MAC address. -------. l lf" : I I ~ :-- ---- ~~----------: I I I I I I I I I •• " ,---------------+ • VI'°"" NIC. - To play the animation, go to httPs:/lvmware.bravais.com/s/MmjsUVkaURaNJz\llnsao2. The load-balancing method based on source MAC hash has low overhead and is compatible with all switches, but it might not spread trnffic evenly across all the physical NI Cs. In addition, no single-NJC virtual machine gets more bandwidth than a single physical adapter can provide. This method has advantages : • VMs use the same uplink because the tvlAC address is static. Powering a Vtvl on or off does not change the up lin k that the VM uses. • No changes on the physical switch are required. Module 5: Configuring and Managing Virtual Networks 281 This method has disadvantages: • The bandwidth that is available to a VM is lim.ited to the speed oftbe uplink that is associated with the relevant port ID, unless the VM uses multiple source MAC addresses. • Resource consumption is higher tban with a route based on the originating virtua l port because the virtual switch calculates an uplink for every packet. • The virtual switch is not aware of the load of the uplinks, so uplinks might become overloaded. 282 Module 5: Configuring and Managing Virtual Networks Load-Balancing Method: Source and Destination IP Hash 5-29 With the IP-based load-balancing method. a NIC for each outbound packet is selected based on its source and destination IP addresses. ';Ill - - - - - - -. 1111 : r-·----4inr., T---------. ~• I I I I I I I I -I I , _______________ ..,.. I I I Virtue! ,. 1111 Virt'Jol NIC. Switch A'l~iea! .. Sw>d> ~ ..,_ , .... ~ !Cs To play the animation, go to hups:/1Vmwarc.bravais.com/s155sfUlJvzGzuBG\VETPu9. The LP-based method requires 802.3ad link aggregation support or EtherChmmel on the switch. The Link Aggregation Control Protocol is a method to control the bw1dli ng of several physical ports to fonn a single logical channel. LACP is part of the fEEE 802.3ad specification. EtherChannel is a port tnmking teclmology that is used primarily on Cisco switches. With this technology, you can group several physical Ethernet links to create one logical Ethernet link for providing fault tolerance and high-speed links between switches, routers, and servers. \Vith this method, a single-NIC virtual machine might use the bandwidth of multiple physical adapters. The IP-based load-balancing method only affects outbound traffic. For example, a VNI might choose a particular NIC to communicate with a particular destination Vlvl. The return traffic might not arrive on the same NIC as the outbound traffic. The return traffic might arrive on another NIC in the same NIC ream. Module 5: Configuring and Managing Virtual Networks 283 This method has advantages: • The load is more evenly distributed compared to the route based on the originating virtual port and the route based on source MAC hash because the virtual s witch calc.ulates the uplink for every packet. • VMs that communicate with multiple fp addresses have a p0tentially higher th.rougbput. This method has disadvantages: • Resource consumption is the highest compared to the other load-balancing algorithms. • The virtual switch is not aware of the actual load of the uplinks. • Changes on the physical network are required. • The method is complex to troubleshoot. 284 Module 5: Configuring and Managing Virtual Networks 5-30 Detecting and Handling Network Failure The VMkemel can use link status or beaconing, or both, to detect a netwol1< failure. Network failure is detected by the VMkemel, which monitors the link state and performs beacon probing. The VMkemel notifies physical switches of changes m the physical location of a MAC address. Failover is implemented by the VMkemel based on configurable parameters: Fail back: How the physical adapter is returned to active duty after recovering from failure. Load-balancing option: Use explicit failover order. Always use the vmnic uplink at the top of the active adapter list. Jvlonitoring the link status that is provided by the network adapter detects failures such as cable pulls and physical switch power failures. This monitoring does not detect configuration errors, such as a physical switch port being blocked by the Spanning Tree Protocol or misconfigured VLAN membership. This method cannot detect upstream, nondirectly connected physical switch or cable failtrrcs. Beaconing introduces a 62-b)1e packet load approximate ly every 1 second per physical NlC. When beaconing is activated, the Vlvlkemel sends out and listens for probe packets on all N!Cs that arc configured as part of the team. This technique c.an detect failures that link-status monitoring alone cannot. Consult your switch manufacturer to verify the support of beaconing in your environment. fo r information on beacon probing, see VJvlware knowledge base article I005577 at hllp://kb. \'!l1ware.comlkbl I005577. A physical switch can be notified by the VMkemel whenever a virtual N\C is coonected to a \rirtltal switch. A physic-al switcl1 c~1n also be notifie-<t whenever a failover eve11t ca11ses <t virtual N!C's traffic to be routed over a different physical NlC. The notification is sent over the network to update the lookup tables on physical switches. ln most cases, this notification process is Module 5: Configuring and Managing Virtual Networks 285 beneficial because, without it, VMs experience greater latency a fter failovcrs and vSpherc vtv!otion operation. Do not set this option when the V~1s connected to the port group are running unicast-mode Microsoft Network Load Balancing (NLB). NLB in multicast mode is unaffected. For more information about tbe NLB issue, see VMware knowledge base article 1556 at http://kb. vmware.comlkh/ I 556. \Vhen using explicit failovcr order, always use the highest order uplink from the list of active adapters that pass failover-detection criteria. The fai lback option determines how a physical adapter is returned to active duty a ficr recovering from a failure: • Lf Failback is set to Yes, the failed adapter is returned to active duty immediately on recovery, displacing the standby adapter that took its place at the time of fa ilure. • I f Failback is set to No, a failed adapter is left inactive even after recovery, until another currently active adapter fai ls, requiring its replacement. 286 Module 5: Configuring and Managing Virtual Networks 5-31 Physical Network Considerations Your virtual networking environment relies on the physical ne1Wor1< infrastructure. As a vSphere administrator, you should discuss your vSphere net\vorking needs with your networt< administration team. The follov11ng issues are topics ror discussion: Number of physical switches Ne1Wor1< bandwidth required Physical switch configuration support ror 802.3ad, for NIC teaming Physical switch configuration support for 802.10, for VLAN lagging Physical switch configuration support ror linkAggregation Control Protocol (LACP) Ne1Wor1< port security Link Layer Discovery Protocol (LLOP) and Cisco Discovery Protocol (COP) and their operation modes, such as listen, broadcast, listen and broadcast, and disabled Module 5: Configuring and Managing Virtual Networks 287 5-32 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Explain how to set the security policies for a standard switch port group Explain how to set the traffic shaping policies for a standard switch port group Explain how to set the NIC teaming and failover policies for a standard switch port group 288 Module 5: Configuring and Managing Virtual Networks 5-33 Virtual Beans: Networking Requirements As a Virtual Beans administrator, you have a few decisions to make about your network Infrastructure. As you plan your network, you consider these key takeaways about vSphere networking: You must create port groups for the VLANs that you \Yant to use In your VSphere environment. You can use NIC learning in the virtual switch to avoid a single point of failure. You can separate infrastructure service traffic from your application traffic by putting each traffic type on its own VLAN. Segmenting traffic can improve performance and enhance security by limiting network access to a specific traffic type. You should research the benefits of using distributed switches 1n your environment. Distributed S\Vitches have additional features over standard sv1itches. Module 5: Configuring and Managing Virtual Networks 289 5-34 Key Points Virtual switches can have the following connection types: VM port group, VMkernel port, and physical uplinks. A standard switch is a virtual switch configuration for a single host Network policies set at the standard switch level can be overridden at the port group level. A distributed S\Vitch provides centralized management and monitoring for the networking configuration of all ESXi hosts !hat are associated with !he switch. Questions? 290 Module 5: Configuring and Managing Virtual Networks Module 6 Configuring and Managing Virtual Storage Module 6: Configuring and Managing Virtual Storage Module 6: Configuring and Managing Virtual Storage 291 6-2 Importance Under$tanding the available storage options helps you set up your storage according to your cost, performance, and manageability requirements. You can use shared storage for disaster recovery, high availability, and moving virtual machines between hosts. 292 Module 6: Configuring and Managing Virtual Storage 6-3 Module Lessons 1. Storage Concepts 2. Fibre Channel Storage 3. iSCSI Storage 4. VMFS Oatastores s. NFS Oatastores 6. vSAN Oatastores Module 6: Configuring and Managing Virtual Storage 293 6-4 Virtual Beans: Storage Virtual Beans Cllrrent storage infrastructure consists of NAS storage and iSCSI storage arrays. Virtual Beans has the following goals for its storage infrastructure: Run the production and development workloads on shared storage systems. Use existing NAS and iSC·Sf storage arrays 1n the vSphere enVlronment. These atTays are managed by the storage administrator at Virtual Beans. Evaluate other options in vSphere 7 for cost-effective, high-performance storage. As a Virtual Beans vSphere administrator, you must configure storage for use in the vSphere environment and provide recommendations to management on other storage options in vSphere 7 . 294 Module 6: Configuring and Managing Virtual Storage 6-5 Lesson 1: Storage Concepts Lesson 1: Storage Concepts vmware· Module 6: Configuring and Managing Virtual Storage 295 6-6 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Recognize vSphere storage technologies • Identify types of datastores 296 Module 6: Configuring and Managing Virtual Storage 6-7 About Datastores A datastore is a logical storage unit that can use disk space on one physical device or span several physical devices. Datastores are used to hold VM files. VM templates, and ISO images. vSphere supports the following types of data stores: VMFS NFS vSAN v$phere Virtual Volumes Host Host Datastore A datastorc is a generic tcnn for a container that holds files and objects. Datastorcs are logical containers, analogous to fi le systems, that hide the specifics of each storage device and provide a uniform model for storing virtual machine files. A VM is stored as a set of files in its own directory or as a group of objects in a datastore. You can display all datastores that are 3\•ailable to your hosts and analyze their properties. Module 6: Configuring and Managing Virtual Storage 297 6-8 Storage Overview ESX1 hosts should be configured with shared access to datastores. Virtual Disks El lvMI (3 I111 0 111 I 1111 0 uq BBB EIBEi 1111 1111 l l Disk LUN LUN Transport 111 1 pu o uq 1111 0 pu o uq - -l - oatastor'e Type l 0 1 l l Bacl<Jng LUN Depending on 1he type of storage that you use, datastorcs can be format1cd with VMFS or NFS. In the vSphere environment, ESXi hos1s support several storage technologies: • Direct-attached storage: Internal or external storage disks or arrays attached to 1he host through a direct connection instead of a network connection. • Fibre Channel (FC): A high-speed transport protocol used for SANs. Fibre Channel enc.apsula1es SCSI commands, which are transmitted bet,veen Fibre Channel nodes. In general, a Fibre Channel node is a server, a storage system, or a 1ape drive. A Fibre Channel switch interconnects multiple nodes, forming the fabric in a Fibre Channel network. • FCoE: The Fibre Channel traffic is encapsulated into Fibre Channel over Ethernet (FCoE) frames. These FCoE frames are converged with other 1ypes of traffic on the Ethernet network. • iSCSI: A SCSI transport protocol, providing access to s1orage dcvicc.s and cabling over standard TCP/IP networks. iSCSI maps SCS I block-oriented s1orage over TCP/IP. lnitia1ors, 298 Module 6: Configuring and Managing Virtual Storage such as an iSCSJ hos! bus adapter (HBA) in an ESXi host, send SCSI commands lo carge1s, localed in iSCSJ s1orage sys1ems. • NAS: Storage shared over standard TCP/rP nciworks at the file system level. NAS storage is used 10 hold NFS dacastores. The NFS pro!ocol does no! suppor! SCSI commands. • iSCS.l, network-attached storage (NAS), and FCoE can nm over h.i gh-speed n.ciworks providing increased storage performance levels and ensuring sufficient bandwidth. \Vith sufficient bandwidth, multiple !ypcs of high-bandwidth protocol traffic can coexist on the same network. r For more infonnation about physical NlC support and maximum ports supported, see \tri...fv.tare Configuration f\'1axi1nums at l1rlps://conligmax.\ ttl\varc.cL)n1. 1 Module 6: Configuring and Managing Virtual Storage 299 6-9 Storage Protocol Overview Each datastore uses a protocol with varying support features. Oalastore 'type Storage Protocol Boot lrom SAN Suppon vSphere vMotton Support vSphere HA Support vSphere ORS Support VMFS Fibre Channel Ye• Ye.; Yes v.. FCoE Yos Yes Yes y.,. 1SCSI 1SERINVM...0F (ROMA) OAS (Sl\S, Sl\TA NVMe) Yes No NIA Yes Yes Yes Yes Yes Yes Yes· NFS FCIEthemet (•SCSI, NFS} No No Yes Yes No Yes Yes No Yes Yes vSAN No Yes Yes Yes NFS vSphere Virtual Volumes VSAN Datas.tore * Direct-attached storage (DAS) supports vSphere vMotion when combined with vSphere Storage vMotion. Direct-attached storage, as opposed to SAN storage, is where many administrators install ESXi. Direct-attached storage is also ide.al for small environments because of the cost savings associated with purchasing and managing a SAN. The drawback. is that you lose man)' or tbe fe:nures that mak.e virtualizatioo a worthwhile investment, for example, balancing the work load on a specific ESXi host. Direct-attached storage can also be used to store noncritical data: • CD/DVD ISO images • Decomn1issione.ct VMs • VM templates 300 Module 6: Configuring and Managing Virtual Storage ln comparison, storage LUNs must be pooled and shared so that all ESXi hosts can access them. Shared storage provides the following vSphere features: • vSphere vMotion • vSphere HA • vSphere DRS Using shared SAN storage also provides robust features in vSphere: • Central repositories for Vlv! files and templates • Clustering ofVMs across ESXi hosts • Allocation o f large amounts (tcrabytes) o f storage 10 your ESXi hosts ESXi suppot1s different methods of booting from tl1e SAN to avoid handling the maintenance of additional direct-attached storage or if you have diskless hardware configurations, such as blade systems. If you set up your host to boot from a SAN, your host's boot image is stored on one or more LUNs in the SAN storage system. ~'hen the host starts, it boots from the LUN on the SAN rather than from its direct-attached disk. For ESXi hosts, you can boot from software iSCSI, a supported independent hardware SCSI adapter, and a supported dependent hardware iSCSJ adapter. The network adapter must support only the iSCSI Boot Finnware Table (iBFT) fonnat, which is a method of communicating parameters about the iSCSI boot device to an operJting system. Module 6: Configuring and Managing Virtual Storage 301 6-10 About VMFS ESXi hosts support VMFSS and VMFS6: Features supported by both VMFSS and VMFS6: - Concurrent access to shared storage 1-iost - Dynamic expansion - On-disk locking Features supported by VMFS6: - 4K native storage devices ' r l l l l r - Automatic space reclamation VMFS DC'ltastore Vl\1 FS is a clustered file system where multiple ESXi hosts can read and write to the same storage device simultaneously. The clustered file system provides unique, vim1alization-based services: • Migrat ion of running VMs from one ESXi host to another without downtime • Automatic restarting of a foiled VM on a separate ESXi host • Clustering of VMs across various physical servers Using VMFS, IT organizations can simpli fy VM provisioning by efficiently storing the entire VM state in a central location. Multiple ESXi hosts can access shared VM storage concurrently. The size of a VMFS datastore can be increased dynamically when VMs residing on the VlvlFS datasrore are powered on and running. A VM FS datastore efficiently stores both large and small files belonging LOa Vivi. A VMFS da1as1ore can support virtual disk tiles. A virtual disk lile has a maximum of62 TB. A v·M·Fs datastorc uses subblock addressing to make efficient use of storage for small files. 302 Module 6: Configuring and Managing Virtual Storage VMFS provides block-level distributed locking to ensure that the same Vl\1 is not powered on by multiple servers at the same time. If an ES Xi host fai ls, the on-disk lock for each VM is released and \/Ms can be restarted on other ESXj hosts. On the s lide, each ESXi host has two \/Ms running on it. The lines connecting the \/Ms to the VM disks (VMDKs) are logical representations of the association and allo~tion of the larger \llv!FS datastore. The Vlv!FS datastore includes one or more LUNs. The \llvls see the assigned storage volume only as a SCSI target !Tom within the guest operating system. The \/!vi contents are only files on the \llv!FS volume. VMFS can be deployed on tl1ree kinds of SCSI-based storage devices: • Direct-attached storage • Fibre Channel storage • iSCSI storage A virtual disk stored on a VMFS datastore always appears to the VM as a mounted SCSI device. The virtual disk hides the physical storage layer rrom the \/M's operating system. For the operating system in the VM, VMFS preserves the internal lilc system semantics. As a result, the operating system running in the VM sees a native fi le system, oot VMFS. These semantics ensure correct behavior and data integrity for applications running on the \/Ms. Module 6: Configuring and Managing Virtual S torage 303 6-11 About NFS NFS is a file-sharing protocol that ESXi hosts use to communicate with a network· attached storage (NAS) device. NFS supports NFS 3 and 4.1 over TCP/IP, Host Host l l 1 L 1 l NFS Datastore NAS is a specialized storage device that connects 10 a network and can provide fi le access services to ESXi hosts. NFS datastores arc treated like VMFS datastores because they can hold VM files, templates, and JSO images. In addition, Ii.kc a VMFS datastore, an NFS volume allows the vSphere vMotion migration ofVMs whose files reside on an NFS datastore. The NFS client built in to ESXi uses NFS protocol versions 3 and 4. 1 to communicate with the NAS or NFS servers. ESXi hosts do not use the Network Lock Manager protoc.ol, which is a standard protocol that is used to support the file locking of NFS-mounted fi les. VMware has its own locking protocol. NFS 3 locks are implemented by creating lock files on the NFS server. NFS 4.1 uses server-side file locking. Because NFS 3 and NFS 4.1 clients do not use the same locking protocol, you cannot use different NFS versions to mount the same datastore on multiple hosts. Ac.cessing the same virtual disks from two incompatible clients might result in incorrect behavior and cause data corruption. 304 Module 6: Configuring and Managing Virtual Storage 6-12 About vSAN vSAN is hypervisor-converged, software-defined storage for virtual environments that does not use traditional external storage. By clustering host-attached hard disk drives vSAN (HDDs) or solid-state drives (SSDs), vSAN creates an aggregated datastore shared by VMs. vSphere l l o "'11111 o 1111 3·64 l 11111111 o "'I :- ~ - ~ - ~: I t I HOO/FlbSh/SSO ------------------------ ! I~ ' I \Vhen vSAN is enabled on a cluster, a single vSAN dalastore is created. This datastore uses the storage components of each host in the cluster. vSAN can be configured as hybrid or all-tlash storage. In a hybrid storage arch itec1ure, vSAN pools server-attached HDDs a11d SSDs to create a dis1ribu1ed shared da1as1ore. This darascore abstracts the storage hardware to provide a software defincd storage tier for VMs. flash is used as a read cache/write buffer to accelerate pcrfom1ancc, and magnetic disks provide capacity and persistent data storage. Altemately, vSAN can be deployed as an all-Aasb storage architecture in which nash devices are used as a write cacbe. SSDs provide capacity, data persistence, and consistent, fast response times. In the all-Aasb architecture, the tiering of SSDs results lo a cost-effective implementation: a writeintensive, enterprise-grade SSD cache tier and a read-intensive, lower-cost SSD capacity tier. Module 6: Configuring and Managing Virtual Storage 305 6-13 About vSphere Virtual Volumes vSphere Virtual Volumes provides several functionalities: Native representation or VMDKs on SAN/NAS: No LUN s or volume management • Works with existing SAN/NAS systems A new control path for data operations at the VM and VMDK level Snapshots, replications, and other operations at the VM level on external storage BBBBBB YSph~e 1111 0 11111111 11111111 0 0 Replication snapshots ' ·'JI''* Encryption 8 I\ .c 6 vSphcre Virtual Volumes virtualizcs SAN and NAS devices by abstracting physical hardware resource.s into logical pools of capacity. vSphere Virtual Volumes provides the following benefits: • l-0\ver storage cost • Reduced storage management overhead • Greater scalability • Better response to data access and analytical requirements 306 1111 •&•&QllJ;a.1 Automates control of per·VM service levels by using storage policies Standard access to storage with the vSphere AP\ for Storage Awareness protocol endpoint Storage containers that span an entire array Virtual Volumes Module 6: Configuring and Managing Virtual Storage 6-14 About Raw Device Mapping Virtual Disk Although not a datastore, ra\v device mapping (ROM) gives a ROM ~ ~ VM drrecl access to a physical . • LUN. The mapping file (- rdm . vmdk) that points a VM to a LUN must be stored on a VMFS datastore. c .vmdk c · r<fm.vmc::Jk. ·rlot.vmdk ' VMFS or NFS .vmdk Raw UJN L· I VMFS NTFS/ext4 Raw device mapping (RDM) is a file stored in a VlvlFS volume that acts as a proxy for a raw physical device. Instead of storing Vivi data in a virtual disk file that is stored on a VMFS datastore, you can store the guest operating system data directly on a raw LUN. Storing the data is usetirl if you run applications in your \/Ms that must know the physical characteristics of the storage device. By mapping a raw LUN, you can use existing SAN commands to manage storage for the disk. Use RD!vl when a VM must interact with a real disk on the SAN. This condition occurs when you make disk array snapshots or have a large amowlt of data that you do not want to move onto a virtual disk as a part of a physical-to-virtual conversion. Module 6: Configuring and Managing Virtual Storage 307 6-15 Physical Storage Considerations Before implementing your vSphere environment, discuss the storage needs with your storage administration team. Consider the following factors: LUN sizes 1/0 bandwidth required by your applications 110 requests per second that a LUN is capable of Disk cache parameters Zoning and masking Mull1pathing setting for your storage arrays (active-active or active-passive) Export properties for NFS datastores For information to help you plan for your s1orage needs, sec vSplrere Storage at https:l/docs. \ llll\\ra re.comleni \l M\vare-\o·Snhere/ 7.()/co111.\tJll\\'a re. \:spl1ere.storage .doc/LI U ID- 8A E88758-20C 1-4873-99C7- I 8 I EF9J\CFA 70,html. http:-i:!/,foes. \ '111\\ arc.C<lmlcniVM \Vare-vS1lhCrc/ 7.()/con1. \ 1111\1\ra rc . v"iphcre .stor<1g..: .clc>c/GU I 1)- 8A E88758-20C 1-4873-99C7- 18 I EF9J\CFJ\ 70.html Another good source of information is the \ 1Sphe.re Stor•1ge page at https://sltlr..1gel1ub.\'lll\\'are.cor11/ . 308 Module 6: Configuring and Managing Virtual Storage 6-16 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Recognize vSphere storage technologies • Identify types of datastores Module 6: Configuring and Managing Virtual Storage 309 6-17 Lesson 2: Fibre Channel Storage Lesson 2: Fibre Channel Storage vmware· 310 Module 6: Configuring and Managing Virtual Storage 6-18 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe uses of Fibre Channel with ESXi Identify Fibre Channel components and addressing Explain how multipathing with Fibre Channel worl<s Module 6: Configuring and Managing Virtual Storage 311 6-19 About Fibre Channel Fibre Channel stores VM files remotely on a Fibre Channel SAN. A Fibre Channel SAN is a specialized high· speed network that connects your hosts to high- performance storage devices. The networl< uses the Fibre Channel protocol to transport SCSI traffic from VMs to the Fibre Channel SAN devices. ESXi supports: 32 Gbps Fibre Channel • Fibre Channel over Ethernet (FCoE) To connect to the Fibre Channel SAN, your host should be equipped with Fibre Channel host bus adapters (HBAs). Unless you use Fibre Channel direct connect storage, you need Fibre Channel switches to route storage traffic. lf your host cootai.ns FCoE adapters, you can connect to your shared f ibre Channel devices by using an Ethen1et network. In this configuration. a host connects to a SAN fabric, which consists o f Fibre Channel switches and storage itrrays, using a Fibre Cha11nel adapter. LUNs fro111 a storJge arnty become available to the host. You can access the LUNs and create datastores for your storage needs. These datastores use the VMFS format. Alten1atively, you can access a storage array that supports vSpbere Virtual Vol umes and create vSphere V irtual Volumes datastores on the array's storage containers. 312 Module 6: Configuring and Managing Virtual Storage 6-20 Fibre Channel SAN Components A SAN consists of one or more servers that are attached to a storage array using one or more SAN switches. Oisk Arrr:1 Stor.:ig-ct System Physical H ard Oisks LUN$ (logi~ un.it numbers) SPS (Slor.:19e processors) FC S"'ltcl\ ~•c_{F_;_•_~_ c_••_f"bric'" •_••_'>~~~~~--<[ _ •witd'los "tho Serve-rs \\'Ith Host Bus Ad~ptor$ ..... Each SAl'I/ server might host numerous applications that require dedicated storage for applications processing. Module 6: Configuring and Managing Virtual Storage 313 The following components are involved: • SAN switches: SAN switches connect various el.cments of the SAN. SAN switches might connect hosts to storage arrays. Using SAN switches, you can set up path redundancy to address any path failures from host server to switch, or from storage array to switch. • Fabric: The SAN fabric is the network pon ion of the SAN. When one or more SAN switches are connected. a fabric is created. The Fibre Channel (FC) protocol is used to communicate over the entire network. A SAN can consiscof multiple interconnected fabrics. Even a simple SAN ofien consiscs of two fabric.s for redundancy. • Connections (HBAs and storage proc.essors): Host servers and storage systems are connected to the SAN fabric through pOrlS in the fabric: A host c.onnects to a fabric pot1 through an HBA. Storage devices connect to the fabric pons through their storage processors. 314 Module 6: Configuring and Managing Vir1ual Storage 6-21 Fibre Channel Addressing and Access Control Disk Array WWN (World W ide Name): Unique. 64· blt 11 0 § address assigned to fibre channel node. 12 LUNs §§ i S0:06:01:60 :10!.20:AD-:87 LUN masking: Zoning: Done at switch level, used to segment the fabric. 21 :00:00:E0 :88~19: AB:31 FC Switch Done at SP 0( server level and makes a LUN invisible when a target is scanned. 21!00!00~ E0 :88:19: B 2~33 A port connects from a device into 1he SAN. Each node in the SAN includes each host, storage device, and fabric component (router or swi1ch). Each node in the SAN has one or more ports that connec1 it 10 the SAN. Ports can be identified in the following ways: • \Vorld \\fide Port Name (\\/\VPN): A globall y unique idcn1ifier for a port 1haLallows certain applications to access the port. The Fibre Channel switches discover the \V\VPN of a device or hos1and assign a port address to the device. • PortJD: \Vithfo SAN, e<.ch port has a unique port JD that serves as the f ibre Channel address for that port. The Fibre Channel switches assign the port ID when the device logs in to the fabric. The port ID is valid only while the device is logged on. You can use zoning and LUN masking to segregate SAN activity and restrict access to storage devices. You can protect access to storage in your vSphere environment by using zoning and LUN masking with your SAN resources. For example, you might manage zones defined for testing Module 6: Configuring and Managing Virtual Storage 315 independently within the SAN so that they do not interfere with activity in the production zones. Similarl y, you might set up different zones for different depanmeots. \Vhen you set up zones, consider host groups that are set up on the SAN device. Zoning and masking capabilities for each SAN switch and disk array, and the tools for managing LUN masking, are vendor-specific. See your SAN vendor's doctunentation and vSphere Storage at https:/l<locs.\ 111\\·al'e.co111/en/ V M\\'are-\'Sflhcre/7.0/coni. \ 111\\ :.J.rc. vspl1ere.storage.d<.'lc/G lJID1 1 1 8AE88758-20C 1-4873-9QC7- 18 I EF9ACFA 70.htinl. 316 Module 6: Configuring and Managing Virtual Storage 6-22 Multipathing with Fibre Channel Disk Array Multipathing is having more than one path from a host to a LUN. Multipathing provides the following functions· Continued access to SAN LUNs if hardware fails Load balancing Host Host A Fi bre Channel path describes a route: • From a specific l{BA port in the host • Through the switches in the fabric • lnto a specific storage port on the storage anay By default, ESXi hosts use onl y one path from a host to a given LUN at any one time. If the path actively being used by the ESXi host fails, the server selects another avai lable path. The process of detecting a failed path and switchi ng to another i s called path failover. A path fails if any of the components along the path (HBA. cable, switch port, or storage processor) fail. Module 6: Configuring and Managing Virtual Storage 31 7 Distinguishing between active-active and active-passive disk arrays can be useful: • A11 active-active disk array allows access to the LUNs simultaneously through the available storage processors without signific.ant performance degradation. All the paths are active at all times (unless a pa1h fai ls). • In an active-passive disk array, one storage processor is actively servicing a given LVN . The other storage processor acts as a backup for the LUN and might be actively servicing other LUN 1/0. 1/0 can be sent only to an active processor. If the primary storage processor foi ls, one of the secon(tary storage processors be.co111es acti,,e~ either auto111aticalJy or tJyough ad1r1i11istrative intervention. 318 Module 6: Configuring and Managing Virtual Storage 6-23 FCoE Adapters If your host contains FCoE adapters, you can connect to your shared Fibre Channel devices by using an Ethernet network. Mardw:ito FCoE filt'l9>1~ IP Fr•m•• to LAN Otvlce5 Softwaro FCoE F<; F1fmtt; 10 FC StOl'i19@Attay& The Fibre Channel traffic is encapsulated into FCoE frames. These FCoE frames arc converged with other types of traffic on !lie Ethernet network. \Vhen both Ethemct and Fibre Channel traffic are c.arricd on the same Ethcmet link, use of the physical infrastrocturc incre,1scs. FCoE also reduces the total number of network ports and cabling. Module 6: Configuring and Managing Virtual Storage 319 6-24 Configuring Software FCoE: Creating VMkernel Ports Step 1: Connect the VMKemel to the physical FCoE NICs that are installed on your host: The VLAN ID and the priority class are d iscovered during FCoE initialization. The priority class is not configured 1n vSphere. ESXi supports a ma~i mum of lour networlc adapter ports for software FCoE. F>hy~tt1! Jld11~er. vmnioc2 VMl<'eo1twl !.ab~I : FCoE·2 Vt.AN ID: 20 IP !ldclr~,, ; 1n.17.12.1SO Subnet maU:: 25S.2SS.255.0 VMkornol Port .. vSpherG Virtual Sv11tch vmnk:2 320 M odule 6: Configuring and Managing Virtual Storage l CJ , .......... NIC with FCoE Support 6-25 Configuring Software FCoE: Activating Software FCoE Adapters Step 2: Add the .software FCoE adapter and configure it as needed. --·-·-·-- . ·- ... Storage Adapters ~--~------------~ I~--- F* Add sottw.vo ~Mor ......... " o --01-1ou • ....., ·=~!.<-'·-~ ·- '"1 · -1'111(,1--);~ • - --=~ • ·----------·-------·- -- -~---- • ·-·-· ...... - You add the software FCoE adapter by selecting the host, clicking the Configure tab, selecting Storage Adapters, and c licking Add Software Adapter. Module 6: Configuring and Managing Virtual Storage 321 6-26 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe uses of Fibre Channel with ESXi Identify Fibre Channel components and addressing Explain how multipathing with Fibre Channel worl<s 322 Module 6: Configuring and Managing Virtual Storage 6-27 Lesson 3: iSCSI Storage Lesson 3: iSCSI Storage vmware· Module 6: Configuring and Managing Virtual Storage 323 6-28 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify uses of IP storage with ESXi Desclibe iSCSI components and addressing Configure iSCSI initiators Recognize storage device naming conventions 324 Module 6: Configuring and Managing Virtual Storage 6-29 iSCSI Components An iSCSI SAN consists of an iSCSI storage system, which contains LUNs and storage processors. Communication between the host and storage array occurs over a TCP/IP network. iSCSI StOfa.QO Syrtom [fr] [fr] [fr][fr][fr]~[fr] PhySical Hafd DiSk.s I I I I I I I 888 1..UN& S1or.190 Procossors ~-r_c_P_11_P_"_••_w_••_•~~~~~-tc: S.rvers with lSCS I tnltia.tofS (H.ardwa..e- 01 Si;iftw,.r9) An iSCS I SAN consists of an iSCSl storage system, which contains one or more lUNs and one or n1ore storage-processors. Con1n1l1nicatio11 be-t\ve.en the l1ost an<t the st.0~1ge atTit)' occurs 0\1er a TCP/IP network. The ESXi host is confi gured with an iSCSI in itiator. An initiator c.a n be hardware-based, where !he initiator is an iSCSI HBA. Or the initiator can be software-based, known as the iSCSI software initiator. An initiator transmits SCSI commands over the n> network. A target receives SCSI commands from the JP network. Your iSCSI network can include multiple initiators and targets. iSCSl is SAN-oriented for the following reasons: • The initiator finds one or more targets. • A target presents lUNs to the initiator. • The initiator sends SCSI commands to a target. Module 6: Configuring and Managing Virtual S torage 325 An initiator resides in 1hc ESXi host Targets reside in the sioragc arrays 1ha1arc supported by the ESXi host. To res1rict access 10 targets from hosis, iSCSI arrays can use various mechanisms, including IP address, subnets, and authentication requirements. 326 Module 6: Configuring and Managing Virtual Storage 6-30 iSCSI Addressing 0 1Sk AfrbY iSCSI target l\&t'l"IO: iqn. 1992-08.com.mycompany:storL-47cf3G2S 0, 0 11 12 eui.fedcba9876543210 iSCSI alias: storl IP ad dress: 192.168.36. 10 1 iSCSI initiator name: i(ln, 1998· 0 1.com. vmware:train 1•64ad4c29 0' eul.1234 5-67890abcdet iSCSI alitis: train! IP oddrO$$: 192. 168.36.88 Host The main addressable. discoverable entity is an iSCSl node. An iSCSI node can be an initiator or a target. An iSCSl node requires a name so that storage can be managed regardless of address. The iSCS I name can use one of rhc following formats: The iSCSI qualified name (IQN) or the extended unique identifier (EUI). The !QN can be up to 255 characters long. Several naming conventions are used: • Prefix iqn • Date code specifying t.he year and month in which the organization registered the domain or sub(to111ain na111e that is use<t as the na1ni11g authority string • Organizational naining authority string, which consists of a valid, reversed domain or st1b(ton1ain O(Lt11e • (Optional) Colon(:), followed by a string of the assigning organiz.1tion's choosing, which must make each assigned iSCSI name unique Module 6: Configuring and Managing Virtual Storage 327 EU! naming conventions are as follows: • Prefix is eui. • A 16-character name follows the prefix. The name includes 24 bits for a company name that is assigned by the IEEE and 40 bits for a unique ID, such as a serial number. 328 Module 6: Configuring and Managing Virtual Storage 6-31 Storage Device Naming Conventions Storage devices are Identified in several ways. Runtime name. Uses the vmhbaN:C:T:L convention. This name ts not persistent through reboots . Target: Identifies ll1e iSCSI target address and port. LUN: A unique identifier designated to individual or collections or hard disk devices. A logical unit is addressed by the SCSI protocol or SAN protocols that encapsulate SCSI, such as iSCSI or Fibre Channel. St0<age Adapte<S . . . r+- ..."'"- ra- -... -·-·- -·-· ----·-~ , __ . _,..,....._ , _ ,_, ""' .......... Q*~(l!oo\-- • _,..... ... -nn....~c.c.e-.. ~ ~ - - · ~a.-,, • ...1c.a._,. ---..... . ·-- ·-~-·nc ••••D>,llJ~ ~-" --~·) -~-.....-•IJliCIG.t -·.::.~~ ...-.....,-...... ... - .." ' f - - t t ? J O e t ~'O•f'-1 I : :m••t- • f'la>~I . ~. ~. • •' ; • • • • • . ,._. ·- ,..,_....,,......,. ...,.__._,. ·- . • ~( ...-1.orn•~ • '" • • • • • • - -.- ... . ··-·-·-· ·· -~ ;. { . On ESXi hosts, SCSI storage devices use various identifiers. Each identifier serves a specific purpose. For example. the VMkernel requires an identifier, generated by the storage device, which is guaranteed to be unique to each LUN. If the storage device cannot provide a unique identifier, the VMkernel must generate a unique identifier to represent each LUN or disk. The following SCSI storage device identifiers arc available: • Runtime name: The name of the first path to the device. The runtime name is a user-friendl y name that is created by the host after each reboot. It is not a reliable identifier for the disk device be.cause it is not persistent. The runtime name might change if you add H"BAs to the ESXi host. However, you can use this name when you use command-line utilities to interact with storage that an ESXi host rccognize.s. • iSCSI name: A worldwide unique name for identifying the node. iSCSI uses the JQN and EUI. IQN uses the format iqn . yyyy- mm . naming -authority : unique name. Storage device names appear in various panels in the vSphere Client. Module 6: Configuring and Managing Virtual Storage 329 6-32 iSCSI Adapters You must set up software or hardware iSCSI adapters before an ESXi hosl can work wilh iSCSI storage. To access iSCSI targets, your host uses iSCSI fnitiators. 1SCSJ lr.IN!l !)I" !SCSI H8A d"""f lCP/IP 'WIC Drivel' NIC ''"~!• •ntl.'.; •'! LUii Host HOS! Host Software ISCSJ Dependent HardWllre tSCSJ lndependcnt Hardware 1SCSJ The iSCSI initiators transport SCSI requests and responses, encapsulated in the iSCSI protocol, between the host and the iSCSI target. Your host supports two types of initiators: software iSCSI and hardware iSCSI. A software iSCS.I initiator is VMware code buil t in to the VMkernel. Using the initiator. your host cim connect to the iSCSl storage device through s tandard network adapters. The software iSCSl initiator handles iSCSI processing while communicating with the network adapter. With the software iSCSJ initiator, you can use iSCSJ technology without purchasing specia lized hardware. A hardware iSCS I initiator is a specialized third-party adapter capable of accessing iSCSl storage over TCP/IP. Hardware iSCSl initiators are d ivided into two categories: dependent hardware iSCSI and independent hardware iSCSI. A dependent hardware iSCSI initiator, also known as an iSCSI host bus adapter, is a s~~ndard network adapter that includes the iSCS I offload function. To use this type of adapter, you must configure networking for the iSCSI traffic and bind the adapter to an appropriate VMkemel iSCSJ port. 330 Module 6: Configuring and Managing Virtual Storage An independent hardware iSCSI adapter handles all iSCSI and ne1work processing and management for your ESXi host. Ln rb.is case, a Vt-1kernel iSCSJ port is 001 required. For configuration informa1ion, see vSphere Storage at https://docs., mware.comleniVMwarcvSphcre/7 .Olcom.vmwarc. vsphcrc.>1omgc.doc/G LI D-8AEX8758-20C1-4871-99(' 7• 181 EF9ACFi\ 70.hlml. Module 6: Configuring and Managing Virtual Storage 331 6-33 ESXi Network Configuration for IP Storage A VMkemel port must be created for ESX1 to access software iSCSI. The same port can be used to access NAS and NFS storage. To optimize your vSphere networking setup, separate iSCSI networ1<s from NAS and NFS networks: Physical separation is preferred. If physical separation is not possible, use VLANs. ---.. ---... ------- - ...., _____ _ ·--- -···- ... . ...... - ·.-- ... -·-- ............. ... --· _.,,_ ... 9 .. ,.,.. • •_,,_ •• , "'' ..._)W,. ~ t----· --·---"" ·-·-~- • Networking configuration for software iSCSI involves creating a VMkemel port on a virtual switch to handle your iSCSl traffic. Depending on the number of physical adapters that you want to use for the iSCSJ traffic, the networking setup can be different: • If you have one physical network adapter, you need a \fMkemel port on a vi.rtual switch. • If you have two or more physical network adapters for iSCSJ, you can use these adapters for host-based multipathing. For performance and security, isolate your iSCSJ network from other networks. Physically separate the networks. If physically separating the networks is impossible, logically separate the networks from one another on a single virtual switch by configuri ng a separate VLAN for each netv.1ork. 332 Module 6: Configuring and Managing Virtual Storage 6-34 Activating the Software iSCSI Adapter To add the software iSCSI adapter: 1. Select the host and click the Configure tab. 2. Select Storage Adapters and click Add Software Adapter. --... . ------·-_, L··· - You must activate your so ftware iSCS I adapter so that your host can use it to access iSCSI storage. You can acrivate only one software iSCSI adapter. NOTE If you boot from iSCSI using the software iSCSI adapter, the adapter is enabled, and the network configuration is created at tlie first boot. If you disable the adapter, it is reenabled each time you boot the host. Module 6: Configuring and Managing Virtual Storage 333 6-35 Discovering iSCSI Targets The iSCSI adapter disc-Overs storage resources on the network and determines which resources iSCSI Storage are available for access. An ESXi host supports the following discovery methods: • Static • Dynamic or Sendlargets The Sendlargets response returns the ION and all available IP addresses. Host ------·· ---..------ ........ ......... ..·-_ __ ...- ------" -·-.....--··-·- ... ...... ,.._ The ESXi host supports the following iSCS I target-discovery methods: • Static discovery: The initiator does not have to perform discovery. The initiator knows in advance all rhe targets that it will contact. It uses their IP addresses and domain names to communicate with them. • Dynamic discovery or SendTargets discovery: Each time the initiator contacts a specified iSCSI server, it sends the SendTargets request to the server. The server responds by supplying a list of available targets to the initiator. The names and rP addresses of these targets appc.ar as static targets in the vSphere Client. You can remove a static target that is added by dynamic discovery. If you remove the target, the targec might be returned to the list during the next rescan operation. The target might also be returned to the list if the HBA is reset or the host is rebooted. 334 Module 6: Configuring and Managing Virtual Storage 6-36 iSCSI Security: CHAP iSCSI initiators use CHAP for authentication purposes. By default, CHAP is not configured. ESXi supports two types of CHAP authentication: • Unidirectional · Bidirectional ESXi also supports per-target CHAP authentication. --- ·-·--· __ --· ---· __ -·- --·· -·- ,, , ....... ~ vmhb065 · Edit Authcnuc.atlon ___ ...... -- n. -~-----,.. .... ....,.... .... ""' "'___ °' ..... OW."t °"""' . . . . ."'"' _ ........ - ··- --- °'""""00.-Cl_.....,__°""I~,,.~ ..,,,...........,ow-~"""'" ~-- CAll(.Q . . You can implement CHAP to provide authentication between iSCSf initiators and targets. ESXi supports the following CHAP authentication methods: • Unidirectional or one-way CHAP: The target authenticates the initiator, but the initiator does not authenticate the target. You must specify the CHAP secret so that your initiators can access the target. • Bidirectional or mutual CHAP: 'i\lith an extra level of security, the initiator can authenticate the target. You must specify different target and initiator secrets. CHAP uses a three-way handshake algorithm to verify the identity of your host and, if applicable, of the iSCSl target when the host and target establish a connection. The verification is based on a predefined private value, or CHAP secret, that the initiator and target share. ESXi implements CHAP as defined in RFC 1994. Module 6: Configuring and Managing Virtual S torage 335 ESXi supports CHAP authentication at the adapter level. All targeis receive the same CHA P secret from tbe iSCS! initiator. For both software iSCS I and dependent hardware iSCSI in.itiators, ESX i also supports per-target CHAP authentication. Before configuring CHAP, check whether CHAP is enabled at the iSCS I storage system and check. the CHAP authentication method that the system supporlS. If CHAP is enabled, you must enable it for your initiators, ''e1ifying that the CHAP authentication credentials match the credentials on the iSCSI storage. Using CHAP in your iSCSI SAN implementation is recommended, but consult with your ston1ge vendor to ensure that best practices are followed. You can protect your data in additional ways. For example, you might protect your iSCSI SAN by giving it a dedicated standard switch. You might also configure the iSCSI SAN on its own VLAN to improve performance and security. Some inline network devices might be implemented to provide encryption and fiu1her data protection. 336 Module 6: Configuring and Managing Virtual Storage 6-37 Multipathing with iSCSI Storage Software or dependent hardware !SCSI uses multiple NICs: iSCSIS~• Each NIC is connected to a separate VMkemel port. Each VMkernel port binds with the iSCSI initiator. Independent hardware iSCSI uses two or more hardware iSCSI adapters. \Vhen setting up your ESXi host for multipath.ing and failover. you can use multiple hardware iSCSI adapters or multiple NICs. The choice depends on the type of iSCSI initiators on your host. \Vith soflware iSCs·1 and dependent hardware iSCSl, you can use multiple 'N'ICs that provide failover for iSCSI connections between your host and iSCSI storage systems. \Vith independent hardware iSCSI , the host typically has two or more available hardware iSCSl adapters, from which the storage system can be reached by using one or more switches. Alternatively, the setup might include one adapter and rwo storage processors so that the adapter can use a different path to reach the storage system. After iSCSJ multipathing is set up, each port on the ESXi system has its own IP address, but the ports share the same iSCSI initiator IQN. \Vhen iSCSI rnultipathing is configured, the Vlvlkemel routing table is not eon>ullcd for identifying the outbound NlC to use. Instead, iSCSI rnultipathing is managed usi.ng vSpberc multipathiog modules. Because oftbe latency that can be incurred, routing iSCSI traffic is not recommended. Module 6: Configuring and Managing Virtual Storage 337 6-38 Binding VMkernel Ports with the iSCSI Initiator With port binding. each VMkernel port that is connected to a separate NIC becomes a dlfferent path that the iSCSI storage stack can use. Storage Adapters + - .a.;d SO~ AQ- ..• -lDffl• ... .... • • MoOerc ~~ I • ~' "°'.... "'" ·-·· ~ llt'IWI ll.11-1'1~ • ~ "'"""*'-'" • ·~ O\ll)')a.ouo..-,.....- - ' •' • • MOGl!l "llX.I; ll:il'U:>JX.&40&),.trCICltlEGln:IGllll _.._ u....,_,_ Pl-OCMll'WK ~... Pl':Tll Oyl\llmiC Ori;t"~ su1.c + ... a ....... r 0 - j'IP~~ • 0 '2: ""S.-,.1~11 .r °"~ -. ·-· ·• I Nt1wa1< Pon . .\ . . . . . .)11.;y ._. • '-" • • ... • ... • • ' •' .;.,ei:ior... Bi'Mlirool A<1Y111\t..a --....- ....,_ , •J 1.• •' ""•• ' ·- °"'' °"" • • •I • \Vi th software iSCSI and dependent hardware iSCSI, multipathing plug-ins do not have direct access to physical NICs on your host. For tl1is reason, you mu;1 first connect each physical NIC to a separate VMkemel port. Then you use a port-binding technique to associate all VMkemel ports with the iSCSI initiator. For dependent hardware iSCSI. you must correctly install the physical network card, which should appear on the hosfs Configure tab in the Vi1tual Switches view. 338 Module 6: Configuring and Managing Virtual Storage 6-39 Lab 12: Accessing iSCSI Storage Configure access to an iSCSI datastore: 1. Vtew an Existing ESXi Host iSCSI Configuration 2. Add a VMkernel Port Group to a Standard Switch 3. Add the iSCSI Software Adapter to an ESXi Host 4. Connect the iSCSI Software Adapters to Storage Module 6: Configuring and Managing Virtual Storage 339 6-40 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify uses of IP storage with ESXi Desclibe iSCSI components and addressing Configure iSCSI initiators Recognize storage device naming conventions 340 Module 6: Configuring and Managing Virtual Storage 6-41 Lesson 4: VMFS Datastores Lesson 4: VMFS Datastores vmware· Module 6: Configuring and Managing Virtual Storage 341 6-42 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Create a VMFS datastore Increase the size of a VMFS datastore Delete a VMFS datastore 342 Module 6: Configuring and Managing Virtual Storage 6-43 Creating a VMFS Datastore You can create VMFS datastores on any SCSJ.based storage devices that the host discovers, including Fibre Channel, iSCSI. and local storage devices. 0 GI tt o-·-··""'°"""'... q di ICM-l'.>6tbeenter .o~•- • ···~·-==== lo .. • •, --~ 1-·!tl:M.~O •~-~•-"'-" -·--· -·--·-!"". .___ -------- ._ ____ ...---··------..----__ ___ ___ ... .._._.. ___ __ .... __ ___ - --· -- -·----------- -- -· ~ • --~- , , _ , " ~ ....._ .. ........,.. ,.. .. .. '*°""""·.. -~ ., _____ ,.. _.,. • • .......... - Module 6: Configuring and Managing Virtual Storage 343 6-44 Browsing Datastore Contents You use the datastore file browser to manage the contents of your data stores. - ICM·Dotastore ' ........ • " ....,._ ~-~ ~~·~~~I r'~~~~~~~~.,-~~~~~~~~~~~~~~~~~~~~~~...., - ... ~ o-cwCU••U.. 0-01..-- c-• c .. ,,,_ c- The Datastorcs pane lists all datastorcs currently configured for all managed ESXi hosts. The example shows the contents of the VMFS datastore named Class-Datastore. The contents of the datastorc arc folders that contain the files for virtual machines or templates. 344 Module 6: Configuring and Managing Virtual Storage 6-45 About VMFS Datastores A VMFS datastore primarily serves as a repository for VM files. This type of datastore is optimized for storing and accessing large files, such as virtual disks and memory images of suspended VMs. A VMFS datastore can have a maximum volume size of 64 TB. Module 6: Configuring and Managing Virtual Storage 345 6-46 Managing Overcommitted Datastores A datastore becomes overcommitted when the total provisioned space of thin-provisioned disks is greater than the size of the datastore. To actively monitor datastore capacity; Set alarms to send notifications about: - Oatastore disk overallocation - VMdiskuse Use reporting to view space usage. To actively manage datastore capacity: Increase datastore capacity when necessary. Use vSphere Storage vr\11otion to mitigate space use problems on a particular datastore. Using thin-provisioned virtual disks for your Vl\1s is a way 10 make the most o f your datastore capacity. But if your datastore is not sized properly. it can become overco1nmitted. A datastore becomes overcomn1itted when the full capacity of its thin-provisioned virtual disks is greater than the datastore's capacity. When a datastore reaches capacity, the vSphere Client prompts you to pro,•ide more space on the underlying VMFS datastore and all VM UO is paused. !vlonit.or your dat'Jstore capacity by setting alanns to alert you about how much a datastore's disks are fully allocated or how much disk space a Vl\1 is using. Manage your datastore capacity by dynamically increasing the size of your datastore when necessary. You can also use vSphere Storage v!vlotion to mitigate space use issues. For example, with vSpherc Storage viVlotion, you can migrate a VM off a datastorc. The migration can be done by changing from virtual disks of thick format to thin format at the target datastore. 346 Module 6: Configuring and Managing Virtual Storage 6-47 Increasing the Size of VMFS Datastores Increase a VMFS datastore's size to give it more space or to possibly improve performance. In general, before changing your storage allocation: Perform a rescan to ensure that all hosts see the most current storage. Add an extent to the existing VMFS. VMFSOI 88 LVN 6 LUN 7 Record the unique identifier of the volume that you want to expand To dynamically increase the size of a VMFS datastore: Add an extent (LUN). • Expand the datastore within its extent. VMFS02 Expa.nef lho datastore on the ex1st1ng extent. You can expand but you cannot shrink a VMFS dot.9store. An example of the unique identifier of a volume is the NAA ID. You require this information to identify the VJvlFS datastore that must be increased . You can dynamic.ally increase the capacity of a VM FS datasto rc if the datastorc has insufficient disk space. You discover whether insufficieot disk space is an issue when you create a YM o r you try to add more disk space to a YM. Use one of the following methods: • Add an extent to the VrvlFS datasto re: An extent is a partitio n o n a LUN. You can add an extent to any VMFS datastore. T he datastore can stretch over multiple extents, up to 32. • Expand the YMFS datastore: You expand the size of the YMFS datastore by expanding its underlying extent firsL Module 6: Configuring and Managing Virtual Storage 347 6-48 Datastore Maintenance Mode Before taking a datastore out of service, place the datastore in maintenance mode. Before placing a datastore m maintenance mode. you must migrate all VMs (powered on and powered off) and templates to a different datastore. __ - Sh01ecl·VMFS o.. _,,, ...,_.. , !).-...""""'"' .._,, .... • _ .. (......,... ''"'' II' I hi "' ....... ) o0• ... - - ... -i:i-- -I ::: Enter Maintenance Mode Warn1nQ ht.. ___ ........ - _ ___-- ....... ___ .,. ......... __ w - .. ·- ,,,__, - - -.......,_oat-• ·~···o,.. .. ...,___ .... ......,. __ .... .....,. _ _,.. _.,_ _ _ 'i: By selecting the Let. me migrate storage for all virtual machines and continue entering maintenance mode after migration check box, all VMs and templates on the datastore are automatically migrated to the datastore of your choice. T he datastore enters maintenance mode after all VMs and templates are moved off the datastore. Datastore maintenance mode is a function of the vSphere Storage DRS foat1u·e, but you can use maintenance mode without enabling vSphere Storage DRS. For more i11formation on vSphere Storage DRS, see vSphere Resource Ma11ageme111 at htt1»:lldocs. vmw:ire.comlenlVMwarevSphcrel7.0/com. vmwarc.\•Sphere. rcsm<?mt.doc/G UID -98 B D 5 A&A -260A ·-194F-BA A"-· 747~ 1 F5C4B87.html. 348 Module 6: Configuring and Managing Virtual Storage 6-49 Deleting or Unmounting a VMFS Datastore An unmounted datastore remains intact but cannot be seen from the hosts lhal you specify. It continues lo appear on other hosts, where ii remains mounted. A deleted dalaslore is desl.royed and disappeara from all hosts that have access to it. The deleted datastore permanently removes all files on the datastore. <Q~Aff o-.c:.w·°'-·~ ll!icwo - If~.,,... SNfto >'WF\ as.. ~... Ote>-w.w.OI.-~ .. _,,,_ Uomounting a VMFS datastorc preserves the files on the datasiorc but makes the datastorc inaccessible to the ESXi host. Do not perform any configuration operations that might result in 1/0 to the da~1s1orc while the unmounting is in progress. You can delete any type ofVMFS datastore, including copies that you mounted without resignaturing. Although you can delete the datastorc withorn unmounting, you should unmount the datastore first. Deleting a Vlv!FS datastore destroys the pointers to tbe fi les oo the datastore, so the files disappear from all hosts that have access to the datastore. Module 6: Configuring and Managing Virtual S torage 349 Before you delete or unmount a VMFS datastore, power off all VMs whose disks reside on the datastore. If you do not power offrhe Vl\1s and you try to continue, an error message !ells you that the resource is busy. Before you unmount a VNIFS datastore, use the vSphere Client ro verify the following condirions: • No virtual machines reside on the datastore. • The darastorc is not part of a datastorc cluster. • The datastore is not managed by vSphere Storage DRS. • vSphere Storage 110 Control is disabled. • The datastore is not used for vSpbere HA heartbeat. To keep your data, back up the conrents of your VtvfFS datastore before you delete the datastore. 350 Module 6: Configuring and Managing Virtual Storage 6-50 Multipathing Algorithms Arrays provide active-active and active-passive storage processors. Multipathing algorithms interact with these storage arrays: :: vSphere offers native path selection, loadbalancing, and failover mechanisms. Third-party vendors can create software !or ESXi hosts to properly Interact with the storage arrays. :1 ::. :i :: nli!i!i~ Storage Aft-ay =:: :: = Storage Ptoces.sors iP999 Ill 0 Ill ___ ._ Ill 0 Swittnes _. ESXI Host$ 111 The Pluggable Storage Architecture is a Vl\~kernel layer responsible for managing multiple storage paths and providing load balancing. An ESXi host can be attached to storage am1ys with eitl1er active-active or active-passi,,e storage prcx:essor co11figurations. VMware offers native load-balancing and failover mechanisms. VMware path selection policies include the following examples: • Round Robin • Most Recently Used (MRU) • Fixed Third-party vendors can design their own load-balancing techniques and failover mechanisms for particular storage array rypes ro add support for new arrays. Third-party vendors do not need co provide internal inforrnation or intellectual property about the array to VMware. Module 6: Configuring and Managing Virtual Storage 351 6-51 Configuring Storage Load Balancing Path seleetion policies provide: . Scalability - Round Robin • Availabiltty: - Most Recently Used - Fixed -..-= - """'-"'-"""' -c~'Dr.Mt~ ·- -- --- ----- -·--- - - -----· ·---·- .............- ··- 1- -1 ... ··--- ~l MJt---- ·. -- ·-·-·- dre #~"')'""' ... , • ~ _ ,.,.,..__........, I .. 1- - - - I _, • 1 1-1 111 -·-t Multiple paths from an ESXi host to a datastorc arc possible. For multipathing with Fibre Channel or iSCSI, the following path selection policies are supported: • Fixed: T he host always uses the preferred path to the disk when that path is available. lf the host cannot access the disk through the preferred path, it tries the alternative paths. This policy is the default policy for active-active storage devices. • Most Recently Used: T he host selects the first working path discovered at system boot time. When the path becomes unavailable, the host selects an alternative path. The host does not reven to the original path when that path becomes available. The lvfost Recently Used policy does not use the preferred path setting. This policy is the default policy for active -passive storage devices and is required for those devices. • Round Robin: The host uses a path selection algorithm that rotates through all available paths. In addition to path failover, the Round Robin multipathing policy supports load balancing 352 Module 6: Configuring and Managing Virtual Storage across the paths. Before using this policy, check with storage vendors to find our whether a Round Robin configuration is supported on their storage. Module 6: Configuring and Managing Virtual Storage 353 6-52 Lab 13: Managing VMFS Datastores Create and manage VMFS datastores: 1. Create VMFS Datastores for the ESX1 Host 2. Expand a VMFS Datastore to Consume Unused Space on a LUN 3. Remove a VMFS Datastore 4. Extend a VMFS Datastore 5. Create a Second VMFS Datastore 354 Module 6: Configuring and Managing Virtual Storage 6-53 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Create a VMFS datastore Increase the size of a VMFS datastore Delete a VMFS datastore Module 6: Configuring and Managing Virtual Storage 355 6-54 Lesson 5: NFS Datastores Lesson 5: NFS Datastores vmware· 356 Module 6: Configuring and Managing Virtual Storage 6-55 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify NFS components Recognize the differences between NFS 3 and NFS 4 1 Configure and manage NFS datastores Module 6: Configuring and Managing Virtual Storage 357 6-56 NFS Components An N FS file system is on a NAS device that is called the N FS server. N"FS Server /ISO NAS Device or a server v.oltl'I S«lra.ge I 'I • 8 ''2-163.81.J l ~ 192.168.f:lt .72 ESXI H!M.t \'<Ith NIC MilllPOed to 1- - - • Vir"Warsv.itdl VMkcmet Port OfJln<t<J Ol'I' Vlrtue1 Sw1u:h ""' The NFS server contains one or more directories rhat are shared with the ESXi host over a TCP/IP network. An ESXi host accesses the NFS server through a VMkernel port that is defined on a \rirtltal S\Vitch. 358 Module 6: Configuring and Managing Virtual Storage 6-57 NFS 3 and NFS 4.1 An NFS datastore can be created as either NFS 3 or NFS 4 .1. NFS 3 NFS 4 .1 ESX1 mOll•ged mult1p•thirig Native multJpaih1ng:and $ession trunking. AlJTH_ SYS (root) au-lhenheal1on Optional Kert>etos. ~ulhenl1cahon Vf\iw.3~e proplietary ctient-side file Ci1ent-side error tracking locking Server-side file looking Server-side error tracking Compatibility issues between the two NFS versions prevent access to datastorcs using both protocols at the same time from di fferent hosts. If a datastore is configured as NFS 4.1, all hosts that access that datastore must mount the share as NFS 4.1. Data corruption can occur if hosts access a datastore with the wrong NFS version. Module 6: Configuring and Managing Virtual Storage 359 6-58 NFS Version Compatibility with Other vSphere Technologies vSphere supports NFS 4.1 to overcome many limitations when using NFS 3. Both NFS 3 and NFS 4.1 shares can be used, but you must consider important constraints when designing a vSphere environment in which both versions are used. vSphere Technology NFS 3 NFS 4 . 1 vSphere vfvtolion and \#Sphere Storage vMouon Yes vSphere HA and vSphere Fault Tolerance vSphere DRS andllSpnere DPM Ye• Yes Yes Yes Stateless ESX• and Hos I Profiles Yes Yes Yes vSph&re Storaoe ORS and Slorage 110 Con1rol Site Recovery ti.•anager Yes Yes No No \ISphecre Virtual Volume$and vSph.oro Repllca11on Yes vR.eahze Operations Manager Yes Yes Yes Host Profifes Yes Yes N"FS 4.1 provides the following enhotncements: • Native multipathing and sessioll tnmking: NFS 4.1 provides multipathing for servers that support session trunking. \\'hen tnmking is available, you can use multiple IP addresses to access a single NFS volume. Client LO trunking is not supported. • Kerberos authentication: NFS 4.1 introduces Kerberos authentication in addition to the traditional AUTH_SYS method used by NFS 3. • Improved built-in file locking. • Enhanced error recovery using server-side tracking of open files and delegations. • Nlany general efficiency improvements including session leases and less protocol overhead. 360 Module 6: Configuring and Managing Virtual Storage The NFS 4. 1 client offers the following new features: • Stateful locks with share reservation using a mandatory locking semantic • Protocol integration, side-band (auxiliary) protocol no longer required to lock and mount • Trunking (true NFS multipathing), where multiple paths (sessions) to the NAS array can be created and load-distributed across those sessions • Enhanced error recovery to mitigate server failure and loss of connectivity Module 6: Configuring and Managing Virtual Storage 361 6-59 Configuring NFS Datastores To configure an NFS datastore: 1. Create a VMkernel port: • For better performance and security, separate your NFS netwol1< from lhe iSCSI network. 2. Create the NFS datastore by providing the following information: NFS version: 3 or 4.1 Datastore name NFS sel\ler names or IP addresses Fotder on the NFS server, for example, /templates or / nfs_share Hosts that mount the datastore Whether to mount the NFS file system as read only Authentication parameters For each ESXi host that accesses an NFS datastore over U1e network, a VMkernel port must be configured on a vi11ual switch. The name of this port can be anything that you want. For performance and security reasons, isolate )'Our NFS networks from the other networks, sucb as )'Our iSCSl network and your virtual machine networks. 362 Module 6: Configuring and Managing Virtual Storage 6-60 Configuring ESXi Host Authentication and NFS Kerberos Credentials As a requirement of Kerberos authentication, you must add each ESXi host to the Active Directory domain. Then you configure NFS Kerberos credentials. . CJ sa·esxi-01 vclassJocal s" '. AuthentK:at1on Services v DllfftofY SttvlCM ~#lion ::.reu::oi, ~~ rvoo ,1.,;:u....._ Oree.~ Dol!l•ll httlr9 -~ T ....i.o Con:.o.- COl'lll_._ ;-e-"1 r ....,.. I NFS Kerberos Credentials I CU,,t.11 c:.:i,,., ......~ I l:lll I You must take several configuration steps to prepare each ESXi host to use Kerberos autl1e11ricatio11. Kerberos authentication requires that all nodes involved (the Active Directory server. the NFS servers, and the ESXi hosts) be synchronized so that little to no time dri ft exists. Kerberos authentication fails if any significant drift exists between the nodes. To prepare your ESXi host to use Kerberos authentication, confii:,'Ure the NTP client settings to reference a common NTP se1ver (or the domain controller, if applicable). \Vhen planning to use NFS Kerberos, consider the following points: • NFS 3 and 4.1 use different authentication credentials, resulting in incompatible UID and GID on Oles. • Using different Active Directory users on different hosts that access tl1e same NFS share can cause the vSphere vlvlotion migration to foil. Module 6: Configuring and Managing Virtual Storage 363 • NFS Kerberos configuration can be automate-0 by using host profiles to reduce configuration conflicts. • Time must be synchronize(! between all participating components. 364 Module 6: Configuring and Managing Virtual Storage 6-61 Configuring the NFS Datastore to Use Kerberos When creating each NFS datastore, you enable Kerberos authentication by selecting one of the security modes: • Kerberos5 authentication • Kerberos5i authenticatton and data integrity .___ .. .,_____ , N~ O&!oS:tOlfl __ . _ ,,_ ,,'1_ ..,, __ ,,, , ...._ ._ .. __ ..""" --·------·0.1-·-·-.... _ ··-- .... -... ____ ~---,..,,,,..., .., ~··-- I• •••- • -• ' ,. --~ ,._ ..,.____, .. ,... --1• .. e ~,_ ,~.-- ---·~~. -- · _ ....._....._ -- n.,._ _ _ _ _ _ _ . . . _ _ After pe1ib1111iog the in itial configuratio n steps, you can configure the datastore to use Kerberos authenticatio n. The screenshot shows a choice of Kerberos authenticatio n only (krb5) or authentication with data integrity (krb5i). The difference is whether only the header o r the header and the body of each NFS operatio n is signed using a secure checksum. For more information about how to configure the ESXi hosts for Kerberos authentication, see vSpltere Storage at httos://docs.vmware.com/en/VMwarevSphcre/7.0icom.\ mware.vsphere.storaee.doc/G Ul D-8AE88 758-20C I -4873-99C7l 8 I EF9ACFA 70.html. Module 6: Configuring and Managing Virtual Storage 365 6-62 Unmounting an NFS Datastore Unmounting an NFS datastore causes the files on the datastore to become Inaccessible to the ESXi host. Before unmounting an NFS datastore, you must stop all VMs whose disks reside on the datastore . =so I -~· Iq U~t Oll!:t\:Of9 COl'll•our• S!OUll!Jlt 366 Module 6: Configuring and Managing Virtual Storage IO Ccn!ro1 6-63 Multipathing and NFS Storage For a highly available NAS architecture, configure NFS multipathing to avoid single points of failure. Example of a multipathing configuration: Configure one VMkemel port. Attach NICs to the same physical switch to configure NIC teaming. Configure the NFS server with multiple IP addresses (same subnet is OK). To better use multiple links, configure NIC teams wilh lhe IP hash load-balancing policy. Ph'fi,!Clll Switch V1rtl.1.:,.I Swttth VM:ke-tnel Port~ouo Um091P H"'§h -- Examples of a single point o f failure in tJ1e NAS architecture include the NlC card in an ESXi host, and the cable between the NIC card and the switch. To avoid single points of failure and to create a highly available NAS architecture, conllgure the ESXi host witb redundant NIC cards and redundant physical switches. The best approach is to install multiple N!Cs on an ESXi host and configure them in NIC teams. NIC teams should be configured on separate exte111al switches, with each NIC pair configured as a team on the respective external switch. In addition, you might apply a load-balancing algorithm, based on the link aggregation protocol type supported on the external switch, such as 802.3ad or EtherChannel. An even higher level of pe1fonnance and high availability can be achieved with cross-stack, EtherCbannel-capable switches. \Vith certain network switches, you can team pot1s across two or more separate physical switches that are managed as one logica l switch. Module 6: Configuring and Managing Virtual Storage 367 NlC teaming across virtual switchc$ provides additional resilience and some performance opti1nization. Having more paths available to the ESXi host can improve performance by enabling distributed load sharing. Only one active path is available for the connection between tbe ESXi host and a single storage target (LUN or mount poi11t). Nthougb alternative connections might be available for foilover, the bandwidth for a single datastore and tl1e underlying storage is limited to what a single connection can pro\ride. To use more available bandwidth, an ESXi host requires multiple connections from the ESXi host to the storage targets. You might need to configure multiple datastores, each using separate connections between the ESXi host and the storage. The table shows tl1e recommended configuration for NFS multipathing. External Switches Support Cross-Stack EtherChannel External Switches Do Not Support Cross-Stack EtherChannel Configure one VMkemel port. Con figure two or more VMkerncl ports on different vim1al switches on different subnets. Configure NIC teaming by using adapters attached 10 separate physical switches. Confi&'llre NlC teaming with adapters attached to the same physical switch. Configure the NFS server with multiple IP ;1ddresses. IP addresses can be on the same subnet. Configure the NFS sen•er with multiple IP addresses. JP addre.sses can be on the same subnet. To use multiple li nks, configure NIC teams with To use multiple links, allow the VMkernel the LP hash lo;1d-balancing policy. routing table to decide which link lo send packets (requires multiple datastores). 368 Module 6: Configuring and Managing Virtual Storage 6-64 Enabling Multipathing for NFS 4.1 NFS 4.1 supports native multipathing and session lrunking. To enable multipathing, enter multiple seiver IP addresses when configuring the datastore. _..,_. ..... _,....... ·---· _ . ,..,_,.."' _ ......... ·-<wun-....,,_. __. •. --· Q - 411--... - ........... - . - - - -...... - ... _iw..,, - --..._ .... _ ~=~-- + I ,.,.. I $> -·-· ri-""· ........ . , ·- NFS 4. l provides multipathing for servers that support the session trunking. \\/hen trunking is available, you can use multiple IP addresses to access a s ingle NFS volume. Client ID trunking is not supported. Module 6: Configuring and Managing Virtual Storage 3 69 6-65 Lab 14: Accessing NFS Storage Create an NFS datastore and record its storage information: 1. Configure Access to an NFS Datastore 2. View NFS Storage Information 370 Module 6: Configuring and Managing Virtual Storage 6-66 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify NFS components Recognize the differences between NFS 3 and NFS 4 1 Configure and manage NFS datastores Module 6: Configuring and Managing Virtual Storage 371 6-67 Lesson 6: vSAN Datastores Lesson 6: vSAN Datastores vmware· 372 Module 6: Configuring and Managing Virtual Storage 6-68 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Explain the purpose of a vSAN datastore Desclibe the architecwre and requirements of vSAN configuration Explain the purpose of vSAN storage policies Module 6: Configuring and Managing Virtual Storage 373 6-69 About vSAN Datastores BBBBBB vSAN is a software-defined storage solution providing shared storage for vSphere clusters without using traditional external storage. A vSAN cluster requires: A minimum of three hosts to be part of the vSphere cluster and enabled for vSAN A vSAN network Local disks on each host that are pooled to create a virtual shared vSAN datastore ....sphere ! 1m I o 111 11._1_11_ ! 3-64! 111 ~ 111 ~ 111 1 I 0_ _ 11 ... 111...,-11-0 --11-.1 HOO/Fla.$h/SS0 m: I - -----------------------I vSAN datastores help administrators use so ftware-defined storage in the following ways: • Storage policy per YM architecture: \Vith mult iple policies per datastorc, each VM c.an have di fferent storage. • vSphere and vCenter Server integration: vSAN capability is built in and requires no appliance. You create a vSAN cluster, like vSphcrc HA or vSphcrc DRS. • Scale-out storage: Up to 64 ESXi hosts can be in a cluster. Scale out by populating new nodes in the cl uster. • Built-in resiliency: The default vSAN storage policy establishes RAID I redundancy for all YMs. 374 Module 6: Configuring and Managing Virtual Storage 6-70 Disk Groups Disk groups are vSAN management constructs on all ESXi hosts in a vSAN cluster. A host can include a ma.ximum of frve disk groups. The disk groups are combined to create a single vSAN datastore. A disk group requires: One ftash device for caching • One to seven capacity devices for storage Anh DIM Groups ==c:~:i "o=.... =. =c:::i =A,,, "o; =..... FlFl l·· l ... J FlFl "Ol•l Gro.. 1111 0 (•~ l uo) ~ 0-.p 1111 Hybrid Diak Groups A ri1rl1 ~.~ ~~ 1111 0 111 1 vSAN uses the concept of disk groups to pool together cache devices and capacity devices as single management constructs. A disk group is a pool of one cache device and one to seven capacity devices Module 6: Configuring and Managing Virtual Storage 375 6-71 vSAN Hardware Requirements vSAN capabilities are native to ESXi and require no addrtional softi.vare. ~ Any server In thovSAN [sso·1. -sso ./) rsso}•'\I"" , --------+ 550 1sso tor cc.chin, Al lc.,st 1 SSO for c.iipocity . ...-- HOO (or HOD lot hybrid mode) Compatibility Guide 1 ~ 1111 0 ~ ~iHJ ... 10GGNIC -------+ 1G B for hybrid mode 111 ! • /> W n~ 1J= , ,...controllers SASISATA/NVM,.,__ _ _ _-+ Memory 8·32 GB .. A 1~901._ of RAM d~p~oding v ...-- on IM amount of dtlw.s and dJsk groups RAIO c-ontroners must work in Pi11$through Ot RAID 0 mode M~ty r~uircments may differ dep~nt on workklad needs vSAN requires several hardware components that hosts do not nonnally have: • One Serial. Attached SCS.1 (SAS), SAlt\ solid-state drive (SSD), or PCle flash device and one to seven magnetic drives for each hybrid disk group. • One SAS, SATA SSD, or PC!e flash device and one to seven flash disks with flash capacity enabled for all -flash disk groups. • Dedicated I Gbps network (10 Gbps is recommended) for hybrid disk groups. • Dedicated 10 Gbps network for all-flash disk groups. I Gbps network speeds result in detrimental congestion for an all -flash arch itecture and arc unsupported. • 376 The vSAN network must be coufii;.'llred for lPv4 or !Pv6 and support unicast. Module 6: Configuring and Managing Virtual Storage In addition, each host should have a minimum of32 GB of memory to accommodate a maximum number of tive disk groups and a max imum number of seven capacity devices per disk group. Module 6: Configuring and Managing Virtual Storage 377 6-72 Viewing the vSAN Datastore Summary The Summary tab of the vSAN datastore shows the general vSAN configuration information. ~· •SU'or1t C--.t o---..-- • vsainDotaslote !.... D!C"'-·· Ut••c.i ...... ,_ u- )Ulltlt-~.. •-o..n- - '""'~····-· o- c - . - l'C'""'"' ""°' - ,.... ...,~__,_.,~~~"l~•~ll - .., -- -- 378 - • A .... ' c..---· - ~------ Module 6: Configuring and Managing Virtual Storage .. ___ .______ 6-73 Objects in vSAN Datastores VSAN storage is object-based and policy-<lriven. VMs created on a vSAN datastore include the following objects: One VM home namespace One or more VMDK objects Thin-provisioned VM swap object One or more VM memory objects vSAN pertormance data objects iSCSI LUN objects vSAN Ob1cct Trad1tlonal Vt., Flies VMhome . nv r~m namespace ". vswp, . .log . hlog VMDK - ! lat . vn1d k VMswap . v:;wp VM 1nemory . vmem Snapshot delta - 0 0000#- Ue I Lo. VJtld k , . . vmsd . . vmx vmx- - (100 <>0#-se.spal·se. vmdk A vSAN cluster stores and manages data as flexible data containers called objects. \Vhen you provision a VM on a vSAN datastore, a set of objects is created: • VM home namespace: Stores the virtual machine mctadata (configuration fi les) • VMDK: Virtual machine disk • VM swap: Virtual machine swap file, which is created when the VM is powered on • VM memory: Virtual machine's memory state when a VM is suspended or when a snapshot is taken of a VM and its memory state is preserved • Snapshot delta: Created when a vim1al machine snapshot is taken Module 6: Configuring and Managing Virtual Storage 379 6-74 VM Storage Policies Storage policies define how objects that are included in a VM are stored. Storage policies have the following characteristics: Based on storage capabilities Defined for a VM or disk at the bme of deployment Can be applied later Can be changed at any time VM Storage Policy • capacity • Avallabll ly • Performance Cannot be deleted if they are in use ~ EJ v r--------' vSAN Oat.astnre : I I I I :----------f I: I vSphere Q vSAN VM storage policies are a set of mies that you configure for VMs. Each storage policy reflects a set of capabilities that meet the availability, performance, and storage requirements of the application or service-level agreement for that VM. You should create storage policies before deploying the VMs that require these storage policies. You can apply and update storage policies after deployment. A vSphere administrntor who is responsible for the deployment of V/Vls can select policies that are created based on storage capabilities. Based on the policy that is selected for the object Vlvl, these capabilities are pushed back to the vSAN datastore. The object is create-0 across ESXi hosts and disk groups to satisfy these policies. 380 Module 6: Configuring and Managing Virtual Storage 6-75 Viewing VM Settings for vSAN Information The consumption of vSAN storage is based on the VM's storage policy. The VM's hard disk view provides the following information: A display of the VM storage policy The location of disk files on a vSAN datastore I - ..... "'"'" J ___.... --· ...... ...... -- _, 0 ,....... .. ... • _ J ......... _,..., i~-tor.../- -- I .. - ,4._........ . _ (cA.11( 1'1 1 . . Module 6: Configuring and Managing Virtual Storage 381 6-76 Lab 15: Using a vSAN Datastore View a vSAN datastore configuration and a virtual machine's components on the vSAN datastore: 1. View a vSAN Oatastore Configuration ?.. View the vSAN Default Storage Policy 3. View a Virtual Machine on the vSAN Oatastore 382 Module 6: Configuring and Managing Virtual Storage 6-77 Review of Learner Objectives After complefing this lesson, you should be able to meet the following objectives: Explain the purpose of a vSAN datastore Descnbe the archttecrure and requirements of vSAN configuration Explain the purpose of vSAN storage policies Module 6: Configuring and Managing Virtual Storage 383 6-78 Virtual Beans: Storage As a Virtual Beans administrator, you are planning how to use NAS and iSCSI storage with vSphere: For NAS storage. you can create one or more NFS datastores and share them across ESXi hosts: - Use the datastores to hold templates, VMs, and vCenter Server Appliance backups. For iSCSI storage, you can create one or more iSCSI datastores and share them across ESXi hosts: - Use the datastores lo hold templates and VMs. 384 Module 6: Configuring and Managing Virtual Storage 6-79 Activity: Using vSAN Storage at Virtual Beans (1) As a Virtual Beans administrator, you thinK that vSAN storage is the best option for the company's new storage requirements. What are the benefits to Virtual Beans of using vSAN storage? Module 6: Configuring and Managing Virtual Storage 385 6-80 Activity: Using vSAN Storage at Virtual Beans (2) What are the benefits to Virtual Beans of using vSAN storage? Benefits include (but are not limited to): You can use lhe vSphere Client to manage the vSAN configuration. No separate user intertace is necessary. vSphere administrators do not need special storage hardware training. You can usevSAN storage policies to define specific levels of service for a VM. You can expand the vSAN capacity by adding one or more hosts to the vSAN cluster (also known as scale out). 386 Module 6: Configuring and Managing Virtual Storage 6-81 Key Points ESXi hosts support various storage technologies: Direct-attached storage, Fibre Channel, FCoE, iSCSI, and NAS. You use VMFS and NFS dalastores to hold VM files. Shared storage is integral lo vSphere features such as vSphere vMotion, vSphere HA, and vSphere DRS. vSAN clusters direct-attached server disks to create shared storage designed for VMs. Questions? Module 6: Configuring and Managing Virtual Storage 387 388 Module 6: Configuring and Managing Virtual Storage Module 7 Virtual Machine Management Module 7: Virtual Machine Management Module 7: Virtual Machine Management 389 7-2 Importance Virtual machines are the foundation of your virtual infrastructure. Managing Vfl.1s eft'ectivety requires skills in creating templates and clones, modifying VMs, migrating VMs, taking snapshots, and protecting the VMs through replication and backups. 390 Module 7: Virtual Machine Management 7-3 Module Lessons 1. Creating Templates and Clones 2. Wof1<ing with Content Libraries 3. Modifying Virtual Machines 4. Migrating VMs with vSphere vMotion s. Enhanced vMotion Compatibility 6. Migrating VMs with VSphere Storage vMotion 7. Creating Virtual Machine Snapshots 6. vSphere Replication and Backup Module 7: Virtual Machine Management 391 7-4 Virtual Beans: VM Management Virtual Beans wants to automate its processes. It requires the following processes for the \/Sphere Infrastructure: Provisioning and deploying VMs: Performing fast, error-free, consistent deployments Ma1nta1ning VMs: Patching and upgrading operating systems and applications Backing up VMs: Making daily backups of application data Disaster recovery and business continuity: Moving VMs between the primary and secondary data center As a Virtual Beans administrator, you must recognize the options available for these processes. Then. you can create effective processes for managing VMs in your data center 392 Module 7: Virtual Machine Management 7-5 Lesson 1: Creating Templates and Clones Lesson 1: Creating Templates and Clones vmware· Module 7: Virtual Machine Management 393 7 -6 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Create a template of a virtual machine Deploy a virtual machine from a template Clone a virtual machine Create customization specifications for guest operating systems 394 Module 7: Virtual Machine Management 7-7 About Templates A template is a master copy of a virtual machine. You use templates to create and provision new VMS. A template typically includes: A guest operating system One or more applications A specific VM configuration VMware Tools o- ·. - - . •~t: .... 1..- , ""··-fl-·u·---- - -___..______ --· __ _ -·-·- --~ .... _ , , ,.... ---· -·- -· .,, Creating templates makes the provisioning o f virtual mach.ines much faster and less error-prone than provisioning physical machines and creating a VM by using the New Virtual Machine \ViZ<1rd. Templates coexist with VMs in the inventory. You can organize collections of VMs and templates into arbitrary folders and apply permissions to VMs and templates. You can change VMs into templates without having to make a full copy of the Vivi fi les and create an object. You can deploy a VM from a template. The deployed VNI is added to the folder that you selected when creating the template. Module 7: Virtual Machine Management 395 7-8 Creating a Template: Clone VM to Template You can create templates using drfterent methods. O ne method is to clone the VM to a template. The VM can be powered on or off. vm vSphere Chen GufttOS • • 0 .........,,•<""IO<~ Ill t<:M·Oatacenter ., • CJ Lab remoiates OS Clt..abVM.s M1crtfl (}. PliOto1"•11 & Photon-12 Fault Tolerance VM Po!ICleS Tomplli10 The Clone to Template option offers you a choice of format for storing the • Same format as source • Thin-provisioned format • Thick-provisioned lazy-zeroed fonnat • Thick-provisioned eager-zeroed fom1at 396 Module 7: Virtual Machine Management V~1's virtual disks: 7-9 Creating a Template: Convert VM to Template You can create a template by converting a VM to a template. In this case. the VM must be powered off. tb v G "' VCM·OLYda<U.loc [h ICM-Ocltacenter OUbTem~itK Ot.aoVM' &-n (} ..........., & WIN10.ol Eb 'MitlCKM t/J W\1'110-06 {;J #lno:on-.t-IW @WIN'O·T~ (h SA-Oataeent~ - - • . _,OS • ""'"'"'"' • ~ iot«'JG.O<I OPMI ~le ecmo. • , I) oil """"""' ... ~ ,..igfote... """"' OS """° • F.-uit Toler•~ • VM Pollcll!' • Tet'l'lplite • Gon'OaliOl1ty • & £llPQtt OVF TempQI• Coenpatlb•ty VMwMe Toots.. ONSNOMe. p AOO!"\ll'S '°"GonYctn 10 T~re ~t Sy,ttml.091 The Con,«rt to Template option does not offer :1 choice of fonnat and leaves the VM's disk file intact. Module 7: Virtual Machine Management 397 7-10 Creating a Template: Clone a Template You can create a template from an existing template, or clone a template. vm vSphere Chent v ·~. 1 _' li!I Photon-Template {) sa·'o'C10-Clvctass t>cal [}] IC"4--0ai.c:4!f'ter v 0 UICI TM'd&tK I~ ~tal"-T~lalc Guett os· L:IUOVMs @ Pno! Ort-HW VMN~t SSX1 7 0 fl' New VM fYom This lempr.aw Not ru"" M...-.lnt' @ WIN"ll).T OQ6s Ill SA·Oo.lbeenter )0 398 sb-Vcsa-01 vdaU.IOC'ai <1$convett to "'1u8' Macl'IM:..• ( 1"aonetoTemolate Module 7: Virtual Machine Management sa ttUi 0 7-11 Updating Templates You update a template to include new patches, make system changes. and install new applications. To update a template: 1. Convert the template to a VM. 2. Place the VM on an isolated net\vork lo prevent user access. 3. Make appropriate changes to the VM. 4. Convert the VM to a template. IO C2 8 2 12 Photon-Template •Cl .., 0 ............Ol...wuJOtM (lOI O...Xenie1 0\801 .....•~ B:-- l(ji\ ·- .. Quo VM' EJ-io.-1- [tSAOffv'·- > 0~...ot..o;~~ I Ct!--~ "- V W ir.,_ fl* T - l fl>t I•e.-110V""°""~ ....,,,_,. fl$;;."''" 'd'OOne•l~lle.. f4 00... '° \.b"ory. To update your template to include new patches or software, you do not need to create a template. Instead, you conve1t the template to a VM. You can then power on the VM. For added security, you m ight want to prevent users from accessing the V~1 while you update it. To prevent access, either disconnect the VM from the n etwork or place it on an isolate<l network. log i n to the VN! 's guest operating system and appl y the patch or install the software. \!/hen you finish, power off the VM and convert i t to a template again. Module 7: Virtual Machine Management 399 7-12 Deploying VMs from a Template To deploy a VM, you must provide information such as the VM name, inventory location, host, datastore. and guest operating system customization data. Q PhOtorr-Tcmp&&te ... o--oi.""-loe.M i;-- lll!CM·- ....... t:u.v11_. ·- .................. ___ Photon-TempJate - Deploy From Template Iii -- l -~. - " " Jihw··· ·- , - ...__.. ---· ...__ ... !ipMll", • "*""' l\olM - l#(IM- () s+--.ot-.'°'d . . a lthl<>wi.ww CJUOft~ t:• ··,,JlS-a.·~- o '°-'°'~,.ICJC,IJ \Vhcn you place ISO files in a content library, the ISO filc.s arc available only to VMs that arc registered on an ESXi host that can access the datastore where the content library is located . These ISO files are not available to VMs on hosts that ca1mot see the datastore on which the content library is located . 400 Module 7: Virtual Machine Management 7-13 Cloning V irtual Machines Cloning a VM creates a VM that Is an exact copy of the original: Cloning is an alternative to deploying a VM. · Duling cloning, the VM can be powered on or off. Ct..ol> TIMD&llft !2PnolOll-T~ -- -~~" CM60Nt .;o, M'91'•1• "' 0Ul>VM' B> "iwJ.!Qtl·n It?~ PMll'>fl·I? .,....,,,.,,, GI W W\10-(M ~ Win().06 __ , To c lone a VM, you must be connected to vCcntcr Server. You cannot clone Vl\1s if you use VMware Host Client to manage a host directly. \Vhen you clone a V~1 that is powered on. services and applicat ions are not automatically quiesced when the Vl\1 is cloned. When dec iding whether to clone a Vl\1 or deploy a VM from a template, consider the following points : • VM templates use storage space, so you must plan your storage space requirements accordingly. • Deploying a VM from a template is quicker than cloning a running VM, especially when you must deploy many Vl\1s at a time. • \Vhen you deploy many VMs !Tom a template, all the Vlvls start with the same base image. Cloning many VMs from a running VM might not create identical Vl\1s, depending on the accivity happening within the VM when the VM is c loned. Module 7: Virtual Machine Management 401 7-14 Guest Operating System Customization You customize the guest operating system to make VMs, created from lhe same template or clone, unique. By customizing a guest operating system, you can change information, Including lhe following details: Computer name Network settings License settings Windows Security Identifier Customizing the guest operating system prevents confl icts that might occur when you deploy a VM and a clone with identical guest OS settings simultaneously. 402 Module 7: Virtual Machine Management 7-15 About Customization Specifications You can create a customization spe<:ification to prepare the guest operating system: Specificalions are stored 1n lhe vCenter Server database. • Windows and Linux guests are supported. vm vSphere Clte nt ~·'· , . ~ v ~~ • · Pollctes and Profiles i) VM CU'Stomlzatton Spactft.. ro VM Storage PoHc:ies Host Prohles VM Customization Specifications + New.. 4J lmPort... Ed.It .., !fl Storage Policy Components Pl!oton.cuswmSpec D It c ~OS unux To manage customization specifications, select Policies and Profiles from the Menu drop-down n1er1u. On the VM Customiz.1tion Specifications pane. you can create specifications or manage ex isting ones. Module 7: Virtual Machine Management 403 7-16 Customizing the Guest Operating System When cloning a VM or deploying a VM from a template, you can use a customization specification to prepare the guest operating system. Photon-Template · Oepl()f From Template ___ -· -""·-·--u.c.--.,."-·-··~ -oto .. ,.. - -....~-- Photon-Template - Deploy From Template . , l S-.Ct I Mfl'll M'ldt~ " 2 ~ I COMl»UI• , . . _ ., ~~ " I C1At01YCr•9U"t OS 0-:I OMli• Int 9Vfd 0$ ti>~~ COl'lftiCU. ..,.... YOl<I otJ)IO)' ll'lf ~ f'l'l.tlt..... •t6'•9'f h i.ct dorw OpUion• ...... .... You can define the customization scuings by using an existing customization specification during cloning or deployment. You create the specification ahead of time. During cloning or deployment, you can select the customization specification to apply to the new VM. Vl'vlware Too.ls must be installed on the guest opernting system that you want to customize. The guest operating system must be installed on a disk attached to SCSl node 0:0 in the VM configuration. For more about guest operating system customization, sec vSphere Virtual A1aehi11e 1ltl111i11istratic>t1 al ht 111s://<l<K:S. vm,vare.c<)ni/cnf\ I M'A1arcvSphcrel7 .0/com.vmwarc. vsphcrc. vm admin.doc/GUID-55238059-9 12E-4 I I F-AOE9A 7 A536972A9 1.html. 404 Module 7: Virtual Machine Management 7-17 About Instant Clones You can use Instant Clone Technology to create a powered-on VM from the running state of another powered-on VM: The processor state, virtual device state, memory state, and disk state of the destination (child) VM are identical lo lhe states of the source (parent) VM. Snapshot-based oisk sharing is used to provide storage efficiency and to improve the speed of the cloning process. Shared Memory Copy-on· Write Clllll VM Oolta Disk Through instant cloning, the source (parent) VM docs not lose its state because of the cloning process. You can move to just-in-time provisioning, given the spe.ed and state-persisting nature of this operation. During an instant clone operation, the source VJ\1 is stunned for a short time, less than I second. \Vhile the source VM is stunned, a new writable delta disk is generated for each virtual disk, and a chc.ckpoint is taken and transferred to the destination VM. The desti nation VM powers on by using the source's checkpoint. After the destination Vl\1 is fully powered on, the source VM resumes running. Instant clone VN!s are fully independent vCenter Server inventory objects. You can manage instant clone VMs like regular VMs, without any restrictions. Module 7: Virtual Machine Management 405 7-18 Use Cases for Instant Clones Instant clone VMs have various uses: Virtual desktop infrastructure Rapid scale-out: Container hosts. l>ig data, and Hadoop worker nodes DevTest: Quickly and efficiently replicate VMs and test l>eds with the same running state DevOps: Replicate VMs from staging to production, and the converse, witl1 the identical running state In vSphere 6. 7 and later, you can create instant clones or VMs only through API calls. In vSphere 7, instant clone guest customization is supported {Linux only). lnstant cloning is convenient for large-scale application deployments because it ensures memory efficiency, and you can create many VMs on a single host. To avoid network connicts, you can customize the virtual hardware o f the destination \fM during the instant cloning operation. For example, you can custom.ize the l'vtAC addresses of the virtual N!Cs or the serial and parallel port configurations of the destination VM. Starting with vSphcrc 7, you can customize the guest operating system for Linux VMs only. You can customize networking settings such as JP address, DNS server, and the gateway. You can change these settings without having to power off or restart the VM. 406 Module 7: Virtual Machine Management 7-19 Lab 16: Using VM Templates: Creating Templates and Deploying VMs Create a VM template, create a customization specification, and deploy VMs rrom a template: 1. Create a Virtual Machine Template 2. Create Customization Specifications 3. Deploy Virtual Machines from a Template Module 7: Virtual Machine Management 407 7-20 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Create a template of a virtual machine Deploy a virtual machine from a template Clone a virtual machine Create customization specifications for guest operating systems 408 Module 7: Virtual Machine Management 7-21 Lesson 2: Working with Content Libraries Lesson 2: Working with Content Libraries vmware· Module 7: Virtual Machine Management 409 7-22 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify the benefits of a content library Recognize types of content libraries Deploy a virtual machine from a content library 410 Module 7: Virtual Machine Management 7-23 About Content Libraries Content libraries are repositories of OVF templates and other file types that can be shared and synchronized across vCenter Server systems globally. • Organizations might have multiple vCentcr Server instances in data centers around the globe. On these vCenter Server instances, organizations might have a collection of templates, ISO images, and so on. The challenge is that all these items are independent of one another, with di fferent versions of these file$ and templates on various vCenter Server instances. The content library is the solution to this challenge. IT can Store OVF templates, ISO images. or any other file types in a central location. The templates, images, and file.s can be published, and other content libraries can subscribe to and download content. The content library keeps content up to date by periodically synchronizing with the publisher, ensuring that the latest version is available. Module 7: Virtual Machine Management 411 7-24 Benefits of Content Libraries Storage and consistency are key reasons to install and use a content library. Using content librartes, administrators can perform the following functions: Store, version, and share content. Perform distributed file management. Synchronize content librartes across sites and vCenter Seiver instances. Mount an ISO file directly from a content library. Perform live updates of VM templates . _.. ,..,_ D•"'••-0..- a ......... , __ __- ""- .. -· n ..... Content librhrles - ·- - - ·IPllW ...., ,,,. - .. M Shari ng content and ensuring that the content is kept up 10 date arc major tasks. For example, for a main vCcntcr Server instance, you create a central content library to store the master copies ofOVF templates, ISO images, and other file types. When you publish this content library, other libraries, which m.igbt be located anywhere in th.e world, can subscribe and download an exact copy of the data. \Vhcn an OVF template is added, modified, or deleted from the published catalog, the subscriber synchronizes with the publisher, and the librnries are updated with the latest content. Starting with vSphcrc 7, you can update a template while simultaneously deploying VMs from the template. In addition, the content library keeps two copies of the VM template, the previous aad current versions. You can roll back the template to reverse changes made to the template. 412 Module 7: Virtual Machine Management 7-25 Types of Content Libraries Types of content libraries are local, published, and subscribed . •• . ...... ~-----------~ -----·· -- AulOMill lC ' Synch '===" Metadata ----- -···-~--... . ...... - You can create a loc.~l library as the source for content LhaL you want to save or share. You create the local library on a single vCenter Server instance. You can then add or remove items to and from the local library. You can publish a loc;1J library, and this content library service endpoint can be accessed by other vCent.er Server instances in your virtual enviromnent. \Vhen you publish a library. you can configure the authentication method, which a subscribed library must use to authenticate to it. You can create a subscribed library and populate its content by synchronizing it lo a published library. A subscribed library contains copies of the published library fi les or only the metadata of the library items. The published library can be on the same vCenter Server instance as the subscribed library, or the subscribed library can reference a published librnry on a different vCenter Server instance. You cannot add library items to a subscribed li brary. You can add items only to a local or published library. Module 7: Virtual Machine Management 413 After synchronization, both libraries conta in the same items, or the subscribed library contains tbc metadata for tbe items. 414 Module 7: Virtual Machine Management 7-26 Adding VM Templates to a Content Library libraiy items include VM templates, vApp templates, or other VMware objects that can be contained in a content library. Clone e tempi.ate to the content librairy. Clone et VM to i temotate In uie COl'l(ent library. :2 ca Photon· Template ............ • , v o~~.-... D IA -- I') ... Q. QI o.t.c-Cut. 1- {la~T•-• e>-· ""' CL.o .."'• ~--0 O:wuw10~ i:'ol Yl1<111MM G ,,_...a.; <t-..w " - """' rftoe•YM-ll\ij.f~lt """~-~~ 11°"COM111,.,.... IQ0..•"1<.-v 0 IA ....."' ,, ........, ....... r.uo"" ,.._., "......" """ ... ... r.1.icT~ "'°""....._~ ~ _ -- ei~- f; WINIQ-W '~"'"' !SIVMtO·~ ~ -· .,_ '"""'Wllll 0....1 OS """"'~"' -·-, fSl'i 1 0 lftO I ·I~c- '°""""1• ~ a...to1'~1' . ,'ila-•-~111\.lltW"I' ~ .- " Vrvfs and vApps have severa l files, such as log files. disk files, memory files, and snapshot files that are part ofa single library item. You can create library items in a specific loca l library or remove items from a local library. You can also upload files to an item in a local library so U1at the libraries subscribed to it can download the fi les to their NFS or SMB server, or datastore. Module 7: Virtual Machine Management 415 7-27 Deploying VMs from Templates in a Content Library The templates 1n lhe content library can be used to deploy VMs and vApps. Each VM template. vApp template, or other type of file in a library is a library item. 0 ~ VMllbrary ca ..... -__..... You can also mount an ISO file directly from a content library. Ia"-""'"'"""""", __ •llM_....,. gc_.au.,. ~°""'" .... 416 Module 7: Virtual Machine Manag ement ...... 7-28 Lab 17: Using Content Libraries Create a content library to clone and deploy virtual machines: 1. Create a Content Library 2. Clone a VM Template to a Template in a Content Library 3. Deploy a VM from a VM Template in the Content Library Module 7: Virtual Machine Management 41 7 7-29 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify the benefits of a content library Recognize types of content libraries Deploy a virtual machine from a content library 418 Module 7: Virtual Machine Management 7-30 Lesson 3: Modifying Virtual Machines Lesson 3: Modifying Virtual Machines vmware· Module 7: Virtual Machine Management 419 7-31 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Desclibe virtual machine settings and options Add a hot-pluggable device Dynamically increase the size of a virtual disk 420 Module 7: Virtual Machine Management 7-32 Modifying Virtual Machine Settings You ean modify a VM's configuration by editing the VM's settings: Add virtual hardware· - You can add some hardware v1hile the VM is powered on. Remove virtual hardware: - You can remove some hardware only wtlen the VM is powered off. • Set VM options, • Control a VM's CPU and memoiy resources. _,_...,_-(14 Edit Settings V>-lwl--·• -......... •• --·--...... ... I .._, • ~-· , JI._.._ .... ........... __... • ~o-• • v ....... --· -_..._ ••.,.~o ~~ ... ·~· x.· ~o...,,• :>)'"-OW"- S..:"'111-• l'll . . . L """'.... Joi.. IJ..l!C....... ,,._.:,,..,_ 0 .1.-. -·-...---"'""""' U.l•I••'- w ............ ........_!Uoo> - ,.,..,.,_. ....,,,...... ., You might have LO modi fy a VM's configuration, for example, to add a network adapter or a virtual disk. You can make all VM changes while the VM is powered off. Some VJvl hardware changes can be made while the VM is powered on. vSphere 7.0 makes the following virtual devices available: • \Vatchdog timer: Viitua.l device used to detect and recover from operating system problems. If a fail ure occurs, the watchdog timer anempis to reset or power off the VM. This feature is based on Microsoft specifications: \Vatchdog Resource Table (\l/DRT) and \Varchdog Action Table (\VDAT). The watchdog timer is useful with high availability solutions such as Red Hat High Availability and the Jv!S SQL failover cluster. This device is also use fol on VMware Cloud and in hosted environments for implementing custom failover logic to reset or power off VMs. Module 7: Virtual Machine Management 421 • Precision Clock: Virtual device that presents the ESXi host's system time to the guest OS. Precision Clock helps the guest operating system achieve clock accuracy in the I millisecond range. The &'tleSt operating System uses Precision Clock time as reference time. Precision Clock is not directly involved in guest OS time synchronization. Precision Clock is useful when precise timekeeping is a requirement for the application, such as for financial services applications. Precision Clock is also useful when precise time stamps are required on events that rrack financial transactions. • Virt·ual SGX: Virtual device that exposes Intel's SGX technology to \/Ms. Intel 's SGX technology prevents unauthorized programs or processes from accessing certain regions in memory. Intel SGX meets the needs of ihe Trusted Computing Industry. Virtual SGX is useful for applications that must conce<il proprietary algorithn1s and encryption keys from unauthorized users. For example, cloud service providers cannot inspect a client's code and data in a virtual SGX·proiccted environn1enl. 422 Module 7: Virtual Machine Management 7-33 Hot-Pluggable Devices With the hot plug option, you can add resources to a running VM. Examples of hot-pluggable devices: • use controllers Ethernet adapters Hard disk devices . . With supported guest operating systems, you can also add CPU and memory while the VM is po\vered on. .•--£Gil ~U"'IJ$ -~ I '""'- "'·-·- _,_ ---- --1----· -·-· --· -·........_ -- --ft . . -·--._ --· -· -r::--·-·..... ... ·----:-!- - -'!.. I • .,._ , -- • • • -·-· _,,._, --• • I • • -· ~- .,._ . • ------ ,,._., u -=-a Adding devices to a physical server or removing devices from a physical server requires that you physically internet with the server in the data center. \Vhen you use VMs, resources can be added dynamically without a disruption in service. You must shut down a VM to remove hardware, but you can reconfigure the VJ\1 without entering the data center. You can add CPU and memory while the VM is powerc.d on. T hese leatures are called the CPU H0t Add and Memory Hot Plug, which arc supported only on guest operating systems that support hot-pluggable functionality. T hese features arc disabled by default. To use these hot-plug features , the following requirements must be satis fied: • You must install VMware Tools . • The VM must use hardware version 11 or later. • The guest operating system in the VM must support CPU and memory hot-plug features. • The hot-plug features must be enabled in the CPU or Memory settings on the Virtual Hardware tab. Module 7: Virtual Mach ine Management 423 If virtual NUMA is configured with virtual CP U hot-plug scllings, the VM is started without virtual NUlvlA. Instead, the VM uses UM.A (Uniform l\1cmory Acce.s s). 424 Module 7: Virtual Machine Management 7-34 Dynamically Increasing Virtual Disk Size You can Increase the size of a virtual disk that belongs to a pov1ered-0n VM . -- - • ,- l - ___-,.. I I -- --- ~-- 0 -· _, --·-- _ - - ..... ·-.... ... --- ---· .. .. I -·---·--. ,. ,.. , ., _ -............,_"____..... - -... . •u __,-1 -- ._~ ' ,r _.._ -- - .-....,.__ ,.,....... _ .. "-°• _,, .,....... - --~.. ~ .-· .. ~ 4'1>'W> u -·----· .....- - - .... ..__ ,._ ·~·· ·- ·-..,- • --__........ • I __ -- .,_ _ \Vhcn you increase the s ii.c o f a virtual disk, the VM must not have snapshots attached. After you increase the s ize o f a virtual disk, you might need to increase the size o f the file system on this disk. Use the appropriate tool in the guest OS co enable the file system co use the newly allocated disk space. Module 7: Virtual Machine Management 425 7-35 Inflating Thin-Provisioned Disks Thin-provisioned virtual disks can be converted to a thick, eager-zeroed format. To inflate a thin-provisioned disk: The VM must be powered oW. Right-click the VM's file with the .vmdk extension and select innate. Or you can use vSphere Storage vMotion and select a thickprovisioned disk as the destination. r,;1 Class-Oatast0f9 ....... • • .,. "'· .... ·~ --· -· ~ r:-,........-. , . _ . , ........ (II ·----·· ·---·-............ -.. --·- b----- ...--.. i..-·----·.. ••• -·· ,1~n. ;110-.. C.•-H-·• "" 1.3-·I • -·~ ~o ~-~ ....... 0 ~-"'· >• llOI... j), .....f! .. -~~ ,,_ ,·-___ e,.,. _,i~·· '-.1111...,..,llc.. ..J Jtll.- --.~'MOl DOI -~ .,_ '~e 00 •• ........... ~ • ""'""''• •• '" IC•·••- ~M 1'11!"'1 ... II •• ~=- ~- \Vhcn you i nllate a thin-p rovisioned di sk, the inllated virtual disk occupies the entire datastore space originally provisioned to it. Inflating a thin-provisioned disk converts a thin disk to a virtual disk in thick-provisioned format. 426 Module 7: Virtual Machine Management 7-36 VM Options: General Settings You can use the VM Options tab to modify properties such as the display name for the VM and the type of guest operating system that is installed. I --------- _.. ----___ -·.. .. __ _ -- ______ ___ .._ --- .,. Uoder General Options, you can view the location and name o f the configuration file (with the .vmx extension) and the location oftbe Vl\1's directory. You can select the text for the configuration fi le and the working location to copy and paste them into a document. However, only the display name and the gue.s t operating system type can be modified. Changing the display name docs not change the names of all the VM files or the directory that the VM is stored in. \Vhen a VM is created, the filenames and the directory name associated with the VM are based on its display name. But changing the display name later does not modi fy the filename and the directory name. Module 7: Virtual Machine Management 427 7-37 VM Options: VMware Tools Settings You can use the VMware Tools controls to customize the power buttons on the VM. E<1n; Setr.ngs- ___ .. ..______ __ -------- ·----°"""'--' ·--.... _ ·-__ ·-. .... ___ - ~ ··-- ... " .- ,,__ ,__~ ' l> ·••O. - o~ - .. ..........11o1...,. ..,.,_b<' ""'' ~. .... .,. ,,.,.. . • _,.. " CU"Jto1'*e POWer button 111;tion-. Otell for \lpct;ftff to VMwtte Tools. ' 5(Mdult VM•<'•·· Toots K ripu . ....--~- \Vhcn you use the VMware Tools controls to customize the power buttons on the VM, the \TM must be powered off. You can select the C heck and upgrade VMware T ools before each po wer on check box to check for a newer version of VMware Tools. lfa newer version is found, VMware Tools is upg)'aded when the VM is power cycled. \Vhcn you select rhc Synchronize g uest time with host check box, the g uest operating system's clock synchronizes with the host. For info rmation about time keeping best practices fo r the g uest operating systems that you use, sec VMware knowledge base articles 1318 at httr:ilkb.vmwarc.comlkbll 318 itnd 1006427 a1 http:i:'kb. vmware.comlkb/ 1006427. 428 Module 7: Virtual Machine Management 7-38 VM Options: VM Boot Settings Occasionally, you might need to set the VM boot options. -- ______ -·_ ___ ----- -·-..___ -__ -··---· ··-... ---·__ 1.--. ·- ·-- r t:d!l Stoll• .. __,_ .,,, ..,.,."" I ·, ' ' , _.,. --- ---- ... . ._ ~- • I ' .. . ... ------ . - lilWIDI• SCICw"• 8ooc. I_o~,,_.,Oft. I ...... . " L ~ht!Yil~ '- · . . .....cf \Vhen you build a VM and select a guest operating system, BI.OS or EFT is selected automatically, depending on the firmware-supported by the operating system. lvlac OS X Server guest operating systems support only Extensible Firmware Interface (EFI). If the operating system supports BIOS and EFI, you can change the boot option as needed. However, you must change the option before installing the guest OS. UEFI Secure Boot is a security standard that helps ensure that your PC boots use only software that is trusted by the PC manufacturer. In an OS that supports UEFI Secure Boot, each piece of boot software is signed, including the bootloader, the operating system kernel, and operating system drivers. If you enable Secure Boot for a VM, you can load only signed drivers into that VM. \Vith the Boot Delay value, you can set a delay between the time when a Vivi is mrned on and the guest OS starts to boot. A delayed boot can help stagger VM start ups when several VMs are powered on. Module 7: Virtual Machine Management 429 You can change the BJOS or EFTseHings. For example, you might want to force a \ TM to start from a CD/DVD. The next time the VM powers on, it goes straight into the B LOS. A fo rced entry into the firmware setup is much easier than powering on the VM, opening a console, and quickly trying to press the F2 key. \l/ith the Fa iled Boot Recovery setting. you can confi&'llre the VM to retry booting after I0 seconds (the default) if the VM fails to find a boot device. 430 Module 7: Virtual Machine Management 7-39 Removing VMs You can remove a VM in the following ways: Remove from the inventory: ti - The VM is unregistered from the ESXi host and vCenter Server. - The VM's files remain on the disk. @--_ --,. --·1-- . . ·'",._ .. ·- ,._" .,_ ~ ,, . \ 0 .................... lllio.o..- c~- '# QW·--~ ::::..1.e ..... - The VM can later be registered (added) to the inventory. Delete from d isk: R..._1) ~ - All VM files are permanenUy d ele te d from the datastore. - The VM is unregistered from the ESXi host and vCenter Seiver. ·0--oi--·1 ·""-·"~ tp_.,.,_ lo.II""~- •• ~."""..._,_ ------ \Vhcn a VM is removed from the inventory, iLS tiles remain at the same storage location, and the VM can be re-registered in the datastore browser. Module 7: Virtual Machine Management 431 7-40 Lab 18: Modifying Virtual Machines Modify a virtual machine's hardware and rename a virtual machine: 1. Adjust Memory Allocation on a Virtual Machine 2. Increase the Size of a VMDK Fite 3. Rename a Virtual Machine in the vCenter Server Inventory 432 Module 7: Virtual Machine Management 7-41 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Desclibe virtual machine settings and options Add a hot-pluggable device Dynamically increase the size of a virtual disk Module 7: Virtual Machine Management 433 7-42 Lesson 4: Migrating VMs with vSphere vMotion Lesson 4: Migrating VMs with vSphere vMotion vmware· 434 Module 7: Virtual Machine Management 7-43 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Recognize the types of VM migraUons that you can perform within a \/Center Server instance and across \/Center Server Instances Explaln ho\v vSphere vPY1otion works Verify vSphere vMotion requirements Migrate virtual machines using vSphere vMotion Module 7: Virtual Machine Management 435 7-44 About VM Migration Migration means moving a VM from one host, datastore, or vCenter Server instance to another host. datastore, or vCenter Server instance. Depending on the power state of the VM that you migrate, migration can be cold or hot · A cold migration involves moving a pov1ered-0tr or suspended VM to a new host. • A hot migration involves moving a po\vered-on VM to a new host. Depending on the Vfl.~ resource type, you can perform different types of migrations. Migration Type Descr1ption Compute resource only fi.1ove Vfi..I, but not its storage, to another hOSL Fot a hot migration. vSphere 'vMotion is use<! to move the VM Storage only MOY& a VM's st0tage, but not Its host to a new datastote. FOf a hot migration~ vSphere Storage vMotion is used to move the VM ti.•ove a VM to anolh&'I' host and dttl<lttore F0r a ho1 m1'3r.a11on, VSphem vfvlotion and \#Sphere Stotage vMolion are used to move the VM. Both eomput& relource and s.toragl!' A deciding factor for using a particular migration technique is the purpose of performing the migration. For example, you might need to stop a host for maintenance but keep the VMs running. You use vSphere vMotion to migrate the VMs instead of performing a cold or suspended VM migration. If you must move a VM's files to another datastore to better balance the disk load or transition to another storage an ay, you use vSphere Storage vMotion. So1ne 111igr<1tior1 tech.J1iqltes, st1cl1 as vSpl1ere ''Motion 111igration, have special hard\\•are requirements that must be met to function properly. Other techniques, such as a cold migration, do not have special hardware requirements to function properly. You can perfonn the different types of migration on either powered-off (cold) or powered-on (hot) VMs. 436 Module 7: Virtual Machine Management 7-45 About vSphere vMotion A vSphere vMotion migration moves a powered-on VM from one host to anoU1er. vSphere vMotion changes the compute resource only. vSphere vMotion provides the following capabilrties: Improvement 1n overall hardware use Continuous VM operation v1h1le accommodating scheduled hard\vare downtime vSphere ORS to balance VMs across hosts vm vm vm vm vm ESXI ESXi 0 0 vm Using vSpherc vMotion, you can migrate running VMs from one ESXi host to another ESXi host with no disruption or downtime. \Vith vSphere vMotion, vSpbere DRS can migrate running \/Ms from one host to another to ensure that the VMs have the resources that they require. \Vith vSphere vMotioa, the entire state oftbe VM is moved from one host to another, but the data storage remains in the same datastore. The state information includes rhc current memory content and all the information that defines and identifies the Vtv!. The memory content includes transaction data and whatever bits of the operating system and applications are in memory. The definition and identification information stored in the state includes all the data that maps to the VM hardware elements, such as the BIOS, devices, CPU, and MAC addresses for the Ethernet cards. Module 7: Virtual Machine Management 437 7-46 Enabling vSphere vMotion To enable vSphere vMotion, you must configure a VMkernel port \vilh the vSphere vMotion service enabled on the source and destination host. ,._ ..... ........... • -----·--.......y--· _. ........... Vl<ftuil &Witches -•<--•• - • ~- ~1 _........_ 0.i..llY.. _ 438 __ ----- ·-__,. --.....-·- Module 7: Virtual Machine Management ...... • ....c.o... '"-'.,..._ -....._._ . -·"""'1~.u's -... ---·-.. -·· --- ,_.-·-• ....... _.... .,.._,......,_ ,----..~ .......-_,_ -·~ • ••-•--·.., [· • •• ..r ... - • . ·~· _, JX-•~11' ·- -- ~· 7-47 vSphere vMotion Migration Workflow The source host (ESX101 ) and the destination host (ESXi02) can access the shared datastore that holds the VM's files. VMA VMA rNetwo•k {Network• 00 ProdurtlQl"I-) ;>-{1{i J [ ! {Jr') vSt>he(e vMotion N etwotk -+--...L-1..J-I==== Production Network -+ - - - -"'++----T"""_ _ _ _ _...__ _ 0 To play the animation, go to httrs://,•mware.bravais.com'siVb,a Db6<•wpSMKyKc940F. A vSphere vMotion migration consists of the following steps: l. A shadow VM is created on the destination host. 2. The VM' s memory state is copied over the vSphere vMocion network from the source host co the targec host through the vSphere vMotion network. Users continue to access the Vivi and, potentially, update pages in memory. A list of modified pages in memory is kepc in a memory bitmap on the source host. 3. After the first pass o f memory state copy completes, another pass of memory copy is perfonned to copy any pages that changed during the last iteration. This iterative memory copying continues until no changed pages remain. 4. After most of the VNl' S memory is copied fro m the source hose to the target host, the VM is quie.seed. No additional activity occurs on the VM. In the quiesce period, vSphere vMocion transfers the VN! device stace and memory bitmap co the destination hose. Module 7: Virtual Machine Management 439 5. Immediately a fter the VM is quiesced on the source host, the Vivi is initialized and starts running on the target host. A Gratuitous Address Resolution Protocol (GARP) request notifies the subnet that VM A's MAC address is now on a new switch port. 6. Users access the 7. The memory pages that the VM was using on the source host are marked as free. 440 V~1 on the target host instead of the source host. Module 7: Virtual Machine Management 7-48 VM Requirements for vSphere vMotion Migration For migration with vSphere vMotion, a VM must meet these requirements: If 1t uses an ROM disk, the ROM file and the LUN to which 11 maps must be accessible by the destination host. It must not have a connection to a virtual device, such as a CO/DVD or lloppy dnve, w~h a hostlocal image mounted. In vSphere 7, you can use vSphere vMotion to migrate a VM with a device attached through a remote console. Remote devices include physical devices or disk images on the client machine running the remote console. For the complete Iist o f vSphere vMotion migration requirements, see vCe11ter Server and Host J\.fanageniem at https://docs. vmware.com/en/VMware- vSphcre/7.Oicom. vmware.vsphere. vcenterhost .dociG UI D-3 B5 AF213 1-C534-4426-B9 7AD I 4019 A&O I OF.html. Module 7: Virtual Machine Management 441 7-49 Host Requirements for vSphere vMotion Migration (1) Source and destination hosts must have the following characteristics: Accessibility to all the VM's storage: - 128 concurrent migrations are possible per VMFS or NFS datastore. - If the swap file location on the destination host differs from the swap file location on the source host, the S\Yap file is copied to the ne\v location. VMKernel port with vSphere vMotion enabled Matching management network IP address families (1Pv4 or 1Pv6) between the source and destination hosts You cannot migrate a VM from a host that is registered to vCcntcr Server with an 1Pv4 address to a host that is registered with an JPv6 address. Copying a swap file to a new loc.ation can result in s lower migrations. lf thc dc.s tination host caonot access the specified s wap fde location, it stores the swap file with the VM configuration file. 442 Module 7: Virtual Machine Management 7-50 Host Requirements for vSphere vMotion Migration (2) At least a 1 Gigabit Ethernet (1 GigE) netwofl<: - Each active vSphere vMotion process requires a minimum throughput of 250 MbiVsecond on the vSphere vMotion network. - Concurrent migrations are limited to four on a 1 Gbps network. - Concurrent migrations are limtted to eight on a 1OGbps (or faster) network. - For better performance, dedicate at least two port groups to the vSphere vMotion traffic. Compatible CPUs: - The CPU feature sets of both the source host and the destination host must be compatible. - Some features can be hidden by using Enhanced vMot1on Compatibility or compatib1hty masks. Using I GbE network adapters for the vSphcrc vMotion network might result in migration failure, if you migrate VMs with large vGPU profiles. Module 7: Virtual Machine Management 443 7-51 Checking vSphere vMotion Errors When you selec1 lhe hosl and cluster, a validation check is performed lo verify lhal most vSphere vMotion requirements are met. . , ,_. __ ... -··--·c-, . , . "' _ , _ , . , . . , . , . _ --' -·- __ ,, • ~ ~ ·-···-··-·~ I lll:m .., ,.._ '"- -- • - Qw.i ·- " -~-~ -·· •"_..,_ .. -' ·-· ~ • ·~-c..- ••• -· ' - If validation succeeds, you can continue in the wizard. Ir validation docs not succeed, a lis1 of vSphere vMotion eITors and warnings displays in the Compatibility pane. \Vith warnings, you can still pcrfo nn a vSphcrc vMotion migration. But with errors, you can.not continue. You must ex.it the wizard and fix all errors before retrying the migration. If a failure occurs during the vSphere vMotion migration, the VM is not migrated and continues to run on the source host. 444 Module 7: Virtual Machine Management 7-52 Encrypted vSphere vMotion When migrating encrypted VMs, you always use encrypted vSphere vMotion. For VMs that are not encrypted, select one of the following encrypted vSphere vMotion menu items: Disabled . Opportunistic (default): EncryptedvSphere vMotion is used if the source and destination hosts support it. Required: If the source or destination host does not support encrypted vSphere vMotion, the migration fails. .... :Ml_ -·-·--- ---·--·- --··- ·-·-..- --· --" 1 51 - - - Encrypted vSphcrc vMotion secures confidentiality, integrity, and authenticity of data that is transferred with vSphere vMotion. Encrypted vSpbere v~1otion suppo11s all variants of vSphere vMotion, including migration across vCenter Server systems. Encrypted vSphere Storage vMotion is not supported. You cannot tum off encrypted vSphere v~1otion for encrypted VMs. Module 7: Virtual Machine Management 445 7-53 Cross vCenter Migrations With vSphere vMotion. you can migrate VMs between linked vCenter Server systems. Migration of VMs across vCenter Server instances is helpful In the following cases: Balancing workloads across clusters and vCenter Server instances that are in the same site or in another geographical area. Moving VMs between environments that have different purposes. rar example. from a development environment to production environment. Moving VMs to meet different Service Level Agreements (St.As) for storage space, performance, and so on. 446 Module 7: Virtual Machine Management 7-54 Cross vCenter M igration Requirements Cross vCenter migrations have lhe following requirements: ESX1hosts and vCenter Server systems must be at vSphere 6.0 or later. vCenter Server instances must be in Enhanced Linked Mode. Hosts must be time-synchronized. VS~e VMOllO,. Nt1WOilk A ~E l --- '"' i "' l 8 ~-= ~ - ~ I ,,.. r "'' - ·-··-18 ........ lt!lhltft(ltd You can perform cross vCcntcr migrations between vCcnter Server instances of different versions. For information on the supponed versions, see VMware knowledge base article 21 06952 at http://kb. vmware .cont'kb'2 I06952 . Module 7: Virtual Machine Management 447 7-55 Network Checks for Cross vCenter Migrations vCenter Server performs several netwot1< compatibility che<:ks to prevent the following configuration problems: MAC address incompatibility on the destination host vSphere vMotion migration from a distributed switch to a standard s\vitch vSphere vMotion migration between distributed switches of different versions 448 Module 7: Virtual Machine Management 7-56 VMkernel Networking Layer and TCP/IP Stacks The VMkemel networking layer provides connectivity to hosts and handles the standard system traffic of vSphere vMotion, IP storage, vSphere Fault Tolerance, vSAN, and others. TCP/IP stacks at the VMkemel level: Default TCP/IP stack vSphere vMotion TCP/IP stack Provisioning TCP/IP stack Custom TCP/IP slacks Consider rhe following key poinrs about TCP/IP sracks at rhe VMkernel level: • Default TCPtrP stack: Provides networking support for the management traffic between vCcntcr Server and ESXi hosts and for system traffic such as vSphere vMotion, JP storage, and vSpherc Fault Tolerance. • vSphere vlvlotion TCP/lP stack: Supports the traffic for bot migrations ofVMs. • Provisioning TCP/ lP stack: Supports the traffic for VM cold migration, cloning, and snapshot creation. You can use the provisioning TPC/JP stack to handl.e NFC traffic during longdistance vSphcre vlv!ot ion migration. VMkemel adapters configured with the provisioning TCP/ I}' stack handle the trafiic from cloning the virtual disks of the migrated VMs in long· distance vSphcrc vMotion. By using the provisioning TCP/IP stack, you can isolate the traffic from the cloning operations on a separate gateway. After you configure a VMkernel adapter with the Module 7: Virtual Machine Management 449 provisioning TCP/IP stack, all adap1ers on the default TCP/IP siack are disabled for the provisioning traffic. • Custom TCP/ IP stacks: You can create a custom TCP/IP siack on a host 10 forward networking traffic through a cus1om applica1ion. Open an SSH connection to the host and run the vSphere CLI command: esxcl i ne t wo rk ip nets t a ck a dd - N="stack name " Take appropria1e security measures to prevent unauthorized access to the management and system traffic in your vSphere environment. For example, isola1e the vSphere vMotion traffic in a separate network that includes only the ESXi hosts that participate in the migration. Isolate the management traffic in a network that only network and security administrators can access. 450 Module 7: Virtual Machine Management 7-57 vSphere vMotion TCP/IP Stacks Each ESXi host has a second TCP/IP stack that is dedicated to vSphere vMotion migration. --·-·-·ibdi§c I user Wotld :·- I VMkernel I 'I ' '- .- 'I . -· vSphefe vMotion ,--------- 'I I - - - - -; - - - - - - .- - - - - - - r -,- - - - - - - - . - - - - - - . - - - - - - - , - - - - - - - -, 1 - .- - 1. , . _ ~ DHCP PING hostd - -•- ., . . : - r' : ...' : VMKTCP·API -,-~ : ; ...' -----• 06fouU TCP/IP vSpht,tfO vMotlon TCP/IP • Sep.orotc Memory Hoop • Scparato Memory H~;ip •ARP Tables • ARP T<1bfe!i • ~bng rable •Routing Tabfe • Default G.ateway • Default Gateway . - . -- . -- . - . - . - . -- .- . -- . -- . - l • - . - . - .- vSphcrc vMotion TCP/TP stacks support the traffic for hot migrations ofVtvfs. Use the vSphcre vMotion TCP/IJ' stack to provide better isolation for the vSphere vMotion traffic. After you create a VMkemel adapter on the vSphere vl\1otion TCP/IP stack, you can use only this stack for vSphere v/\llotion migration on this host. The VMkernel adapters on the default TCP/IP stack are disabled for the vSphere v/\llotion service after you create a Vl\1kernel adapter on the vSphere vMotion TCP/I P stack. !fa hot migration uses the default TCP/IP stack while you configure VMkernel adapters with the vl\1otion TCP/IP stack, the migration completes successfully. However, these VMkemel adapters on the default TCP/IP stack are disabled for future vSphere v/\llotion sessions. Module 7: Virtual Machine Management 451 7-58 Long-Distance vSphere vMotion Migration Long-distance vSphere vMotion migration is an extension of cross vCenter migration. vCenter Server Instances are spread across large geographic distances and \Vhere the latency across sites is high. Use cases for long·d1stance vSphere vMotion migration: Permanent migrations I Disaster avoidance Site Recovery Manager and disaster avoidance testing Multisite load balancing Follow-the-sun scenario support ln the follow-the-sun scenario, a global support team m.ight support a certain set ofVMs. As one suppo1t team ends their workday, another support team in a different timezone takes over support duty. Tile VMs being supported can be moved rrom one geographical location to another so that the support team on duty can access those VMs locally instead of long distance. 452 Module 7: Virtual Machine Management 7-59 Networking Prerequisites for Long-Distance vSphere vMotion Long-distance vSphere vMotion migrations must connect over layer 3 connections: Virtual machine network: - L2 connection. - Same VM IP address is available at the destination. vSphere vMolion network: - L3 connection. - Secure (~you are not using vSphere 6.5 or tater encrypted vSphere vMotion). -250 Mbps per vSphere vMotion operation. -Round-trip time between hosts can take up to 150 milliseconds. Module 7: Virtual Machine Management 453 7-60 Lab 19: vSphere vMotion Migrations Configure vSphere vMotion networking and migrate virtual machines using vSphere vMotion: 1. Configure vSphere vMotion Ne~vorking on sa-esxi-01 .vclass.local 2. Configure vSphere vMotion Networking on sa-esxi-02.vclass.local 3. Prepare Virtual Machines for vSphere vMotion Migration 4. Migrate Virtual Machines Using vSphere vMotion 454 Module 7: Virtual Machine Management 7-61 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Recognize the types of VM migraUons that you can perform within a \/Center Server instance and across \/Center Server Instances Explaln ho\v vSphere vPY1otion works Verify vSphere vMotion requirements Migrate virtual machines using vSphere vMotion Module 7: Virtual Machine Management 455 7-62 Lesson 5: Enhanced vMotion Compatibility Lesson 5: Enhanced vMotion Compatibility vmware· 456 Module 7: Virtual Machine Management 7-63 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Desclibe Enhanced vMotion Compatibility Configure EVC mode on a vSphere cluster Explain how per-VM EVC mode works with vSphere vMotion Module 7: Virtual Machine Management 457 7-64 CPU Constraints on vSphere vMotion Migration CPU compatibility bet\veen source and target hosts is a vSphere vMotion requirement that must be met. CPU Charactcr1st1c.s Exact t.1atch Required By Reason Source Host and Target Host Clock speeds, each& s12es, NJA hyport.hreadlng, al'Kf number of cores The VMkern&l v1rtualt%es these character1Sibcs ri.1enuracturer (Intel or AMO) family and generation (Opteron4 Intel Westmere) A$1phcable Instruction sets contain many small Presence Of absence of SSEJ. SSSE3 or SSE4 1 instructions A4Jphcabte fv1ultimedla instructions are usable directly by appllcah0C1s VlrtualizaUon hardware assist For 32-bit VMs: NIA The Vfl.1kernel virtualtzes this charactensllc For 64-bit VMs on Intel Intel 64-bit w1th VMware implenlefltaUonuses ·ntel VT d1fference-s Applicable Depending on the CPU charac1cris1ic, an exact ma1ch bet we.e n 1he source and largct host might or mighl not be required. For example, ifhyperthreading is enabled on the source host and disabled on the destination host, the vSphere vMotion migration continues because the VMkernel haodle.s this difference i.n characteristics. Bui, if the source host procc.s sor supports SSE4. I instructions and the destination hos1 processor does not support them, the hosts are considered incompatible and the vSphere vMotion 111igra1io11 fails. SS81. I instructio.n s are application-level instructions that bypass the virtualization layer a.n d might cause application inslability if mismatched after a mignttion with vSphere vNlolion. 458 Module 7: Virtual Machine Management 7-65 About Enhanced vMotion Compatibility Enhanced vMotion Compatibility is a cluster feature that prevents vSphere vMotion migrations from failing because of Incompatible CPUs. This feature \Vorks at the cluster level. using CPU baselines to configure all processors in the cluster that are enabled for Enhanced vMotion Compatibility. A_ ..... la• ..~ ol C"f'U " - ' " ~~·II b<,-"~"'\''''"l lr'I U"' 111 111 Ill Ill • 111 x Ill Ill ' '' Slty~h-"'. '' ' Ctuster Enabled for EVC Enhanced vJ\1otion Compatibility ensures that all hosts in a cluster present the same CPU feature set to VMs, C\'en if the CPUs on the hosts differ. Enhanced vMotion Compatibility faci litates safe vSpherc vMotion migration across a range of CPU generations. With Enhanced vMotiou Compatibility, you can use vSphere vMotion to migrate Vlvls among CPUs that otherwise are considered incompatible. Enhanced vMotion Compatibility allows vCcnter Server to enforce vSphere vMotion compatibility among all hosts in a cluster by forcing hosts to expose a common set of CPU features (baseline) to Vlvls. A baseline is a set of CPU features that are suppotted by every host in the cluster. \Vhen you configure Enhanced vMotioo Compatibility, you set all host processors in the cluster to present the features of a baseline processor. After the features are enabled for a cluster, hosts that arc added to the cluster are automatically configured to the CPU basel ine. Hosts that cannot be configured to the baseline are not permitted to join the cluster. Vlvls in the cluster always see an identical CPU feamre set, no matter which host they happen to run on. Module 7: Virtual Machine Management 459 Because rhis process is automatic, Enhanced vMotion Compatibility is easy to use and requires no specialized knowledge of CPU features and masks. 460 Module 7: Virtual Machine Management 7-66 Enhanced vMotion Compatibility Cluster Requirements All hosts in the cluster must meet several requirements: Use CPUs from a single vendor, either Intel or AMO: - Use Intel CPUs with Merom microarchitecture and later. - Use AMO first-generation Opteron CPUs and later. Be enabled for hardware virtualization: AMO·V or Intel VT. Be enabled for execution-disable technology: AMO No execute (NX) or Intel execute Disable (XO). Be configured for vSphere vMotion migration. Applications in VMs must be CPU 10 compatible. Before you create an Enhanced vMotion Compatibility cluster, ensure that the hosts that you intend to add to the cluster meet the requirements. Enhanced vMotion Compatibility automatically configures hoses whose CPUs have lntcl FlexM igration and Ai\/10-V Extended Mii;,•ration tecb.nologies to be compatible with vSphere vN!otion with hosts that use older CPUs. For Enhanced vMotion Compatibility to function properly, the applications on the VMs must be written to use the CPU 10 machine instruction for discovering CPU features as recommended by the CPU vendors. vSphere cannot support Enhanced vMotion Compatibility with applications that do not follow the CPU vendor recommendations fo r discovering CPU features. To det.emtlne which EVC modes are compatible with your CPU. search the VMware Compatibility Guide at http://www.v111warc.com/resources/co111patibilitv. Search for the server model or CPU family, and click the entry in the CPU Series column to display the compatible EVC modes. Module 7: Virtual Machine Management 461 7-67 Enabling EVC Mode on an Existing Cluster You enable EVC mode on an existing cluster to ensure vSphere vMotion CPU compatibility between the hosts in the cluster. - .. .. _..,.,,, _, . , -- - C.,..fv.!- -- - .._ . .. I·· --~--~ You can use one of the following methods to create an Enhanced - v~1otion Compatibility cluster: • Create an empty cluster with EVC mode enabled and move hosts into the cluster. • Enable EVC mode on an existing cluster. For information about Enhanced vlV!otion Compatibility processor support, see VMware knowledge base article I003212 at hnp:/lkb.vmware.com/kbl I0032 L2. 462 Module 7: Virtual Machine Management 7-68 Changing the EVC Mode for a Cluster Several EVC mode approaches are available to ensure CPU compatibilrty: If all the hosts in a cluster are compatible wrth a newer EVC mode, you can change the EVC mode of an existing Enhanced vMotion Compatibility cluster. You can enable EVC mode for a cluster that does not have EVC mode enabled. You can raise or lower the EVC mode, but the VMs must be in the correct power state to do so. EVC Mode Raise !he EVC mode to a CPU baseline with more features. Lower the EVC mode to a CPU basetinewith rewer features. VM Po\ver Action Running VMs can tema n powered on New EVC mode features are not ava1lable to the VMs until they a.re oowe1ed off and powered back on again (Suspending and resuming lhe Vf!..i 1s not suffic:;enL) Power offVMs if they are powered on and running at a higher EVC mode than the one you Intend to enable. Module 7: Virtual Machine Management 463 7-69 Virtual Machine EVC Mode EVC mode can be applied to some or all VMs in a cluster: At the VM level, EVC mode facilitates the migration of VMs beyond the cluster and across vCenter Server systems and data centers. You can apply more granular definitions of Enhanced vMotion Compatibility for specific VMs. VM EVC mode is independent of the EVC mode defined at the cluster level. VM EVC mode requires vSphere 6.7 or later. \l'MEVC~ ' ESX! Clu<;.tttr \Vi th per· VM EVC mode, the EVC mode becomes an attribute of the VM rather than Lhc speci fic processor generation it happens to be booted on in the cluster. This feature supports seamJe.ss migration between two data centers that have different processors. Further, the feature is persisted per VM and does not lose the EVC mode during migrations across clusters or during power cycles. ln this diagram, EVC mode is not enabled on the cluster. The cluster consists of differing CPU models with different feature sets. The VMs with per· VM EVC mode can run on any ESXi host that can satisfy the defined EVC mode. 464 Module 7: Virtual Machine Management 7-70 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Desclibe Enhanced vMotion Compatibility Configure EVC mode on a vSphere cluster Explain how per-VM EVC mode works with vSphere vMotion Module 7: Virtual Machine Management 465 7-71 Lesson 6: Migrating VMs with vSphere Storage vMotion Lesson 6: Migrating VMs with vSphere Storage vMotion vmware· 466 Module 7: Virtual Machine Management 7-72 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Explain how vSphere Storage vMotion works Recognize guidelines for using vSphere Storage vMotion Migrate virtual machines using vSphere Storage vMotion Migrate both the compute resource and storage of a virtual machine Module 7: Virtual Machine Management 467 7-73 About vSphere Storage vMotion With vSphere Storage vMotion. you can migrate a powered-on VM from one datastore to another. Using vSphere Storage vMotion, you ca.n perform the following tasks: Move VMs off arrays for maintenance or to upgrade. Change the disk provisioning type. •• ESX1 Ill 0 Ill Change Vf\+1 files on the destination datastore to match the inventory name of the VM. Migrate between datastores to balance traffic across storage paths and reduce latencies. Redistribute VMs or virtual disks to different storage volumes to balance capacity or :f r • f@ 11 fii. I 11($ 1:1ng.1.M improve performance. vSpherc Storage vMotion provides nexibility to optimize disks for performance or transform disk type$, which you can use to reclaim space. You can place the \ fM and a ll its disks in a single location, or you can select separate locations for the VM configuration ti le aod each virtual disk. During a migration with vSphere Storage vN!otion. the VM does not change the host that it runs on. \Vi th vSphcre Storage vfVfotion, you can rename a VM 's lilcs on the destination datastorc. T he migration renames all virtual disk. configuration. snapshot, and . nvram files. 468 Module 7: Virtual Machine Management 7-74 vSphere Storage vMotion In Action vSphere S torage v'Motion uses an 1/0 mirroring architecture to copy disk blocks bel\veen the source and destination. fit ~write VO l() VMOK. - ..• .. . .. Storage VMk:ernet: Artay ... ~-SQUl'QI O..IHlore ~ Dftt!l'l~(»fl o~ 0 To play the animation, go to httrs://,•mware.bravais.com'si~nHZwq043PJ8dV3ZRV7p . The vSphere Storage vMotion migration process includes the following steps: l. lnitiat.e storage migration. 2. Use the Vl\.fkemel data mover or vSphere Storage APls - Array Integration to copy data. 3. Stai1 a new VM process. 4. Mirror 1/0 calls to file blocks that are already copied to the virtual disk on the destirnltion datastore. 5. Transition to the destination VM process to begin accessing the virtual disk copy. The storage migrntion process does a single pass of the disk, copying all the blocks to the destination disk. If blocks are changed after they are copied, the blocks are synchronized from the source to the destination through the mirror driver, with no need for recursive passes. Module 7: Virtual Machine Management 469 This approach guarantees complete transactional integrity and is fast enough 10 be unnoliccablc 10 the end user. The mirror driver uses lhe VMkernel da1a mover to copy blocks of data from the source disk to the de~1ination disk. Tbe mirror driver synchronously minors writes to both disks during lbe vSphere Storage vMotion operation. Finally. vSphere Storage vtvlotion operations are perfom1ed either internally on a single ESXi bost or offloaded lo the stornge array. Operations pe1formed internally on the ESXi host use a data mover built into the YMkernel. Operations are offloaded to the storage an ay if the an ay supports vSphere Storage APls - Array Integration, also called hardware acceleration. 470 Module 7: Virtual Machine Management 7-75 Identifying Storage Arrays That Support vSphere Storage APls - Array Integration vSphere Storage vMotion offloads lls operations to the storage array if the array supports VMv1are vSphere Storage APls - Array Integration, also called hardware acceleration. Use the vSphere Client to determine whether your storage array supports hardware acceleration. ·-· . ---- _. .... ..... ••• - -- - ---· ._ --~·· ...·----·- --........ --- ..~- -~ ' --- --- -...... ·-·-- -- -- D -- ---·-·· --- Module 7: Virtual Machine Management 471 7-76 vSphere Storage vMotion Guidelines and Limitations Guidelines: • Plan the migration and coordinate with administrators. • Perform migrations during off-peak hours. Limilahon: • Independent virtual machine disks must be in persistent mode. A VM and its host must meet certain resource and configuration requirements for the virrual machine disks (VMDKs) to l>e migrated with vSphere Storage vMotion. One of the requirements is that the host on which the VIVI runs must have access both to the source datastore and to the target datastore. During a mif,>rJ tion with vSphere Storage vMotion, you can change the disk provisioning type. Migration with vSphere Storage vMotion changes VM files on the destination datastore to match the inventory name of the VM . T he migration renames all virtual disk, configuration, s napshot, and .nvram-extension files. If the new names exceed the maximum filename length, the migration does not succeed. 4 72 Module 7: Virtual Machine Management 7-77 Changing Both Compute Resource and Storage During Migration ( 1) When you change both compute resource and storage during migration, a VM changes its host, datastores, networks. and vCenter Server instances simultaneously: • This technique combines vSphere vMotion and vSphere Storage vMotion into a single operation. • You can migrate VMs across clusters, data centers, and vCenter Server instances. •mm1 gs1.4ag,e _r\.. rc:10 ~ ~10 I In• I 0 111 I 9 Gd .----••• I ·.e :. You can migrate VMs beyond storage accessibility boundaries and between hosts, within and across clt1sters, data centers~ a11d vCe11ter Ser''er insta11ces. This type of migration is useful for perfonning cross-cluster migrations, when the target cluster VMs might not have access to the source c luster's storage. Processes on the VM continue to nm during the migration with vSphere vMotion. Module 7: Virtual Machine Management 473 7-78 Changing Both Compute Resource and Storage During Migration (2) Compute resource and storage migration is useful for virtual infrastructure administration tasks. Task Benefit of Using vSphere Storage vlilotlon Host maintenance Storage maintenance and reconfiguration Yoo can move VMs from a host when you want lo perform tlost maintenance. You can mova VMs ftom a storage device so that you can peiform mainte.nance or 1econ.figure the storage de·lice without VM downtime. Storage load red1slnbuhon Yoo can rnanuatly red1st11bu1e Vfv1s or V\nual disk$ to different storage volumes to balance ~pa.city 01 to 1mptove p&rfocmanee. 474 Module 7: Virtual Machine Management 7-79 Lab 20: vSphere Storage vMotion Migrations Use vSphere Storage vMotion to migrate virtual machines: 1. Migrate Virtual Machine Files from Local Storage to Shared Storage 2. Migrate Both the Compute Resource and Stora9e of a Virtual Machine Module 7: Virtual Machine Management 475 7-80 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Explain how vSphere Storage vMotion works Recognize guidelines for using vSphere Storage vMotion Migrate virtual machines using vSphere Storage vMotion Migrate both the compute resource and storage of a virtual machine 476 Module 7: Virtual Machine Management 7-81 Lesson 7: Creating Virtual Machine Snapshots Lesson 7: Creating Virtual Machine Snapshots vmware· Module 7: Virtual Machine Management 477 7-82 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Take a snapshot of a virtual machine Manage muniple snapshots Delete virtual machine snapshots Consolidate snapshots 478 Module 7: Virtual Machine Management 7-83 VM Snapshots With snapshots, you can preserve the state of the VM so that you can repeatedly return to the same state. For example, if problems occur during the patching or upgrading process, you can stop the process and revert to the previous state. VM snapshots are not recommended as a VM ·--........... ·-'" " ._._,. ___... -------- .._ backup strategy. Snapshots are useful when you want to revert repeatedly to the same state but do nOL want LO create multiple VMs. Examples include patching or upgrading the guest operating system in a VM. The relationship between snapshots is like the relationship between a parent and a child. Snapshots are organized in a snapshot tree. In a snapshot tree, eacb snapshot has one parent and one or more children, except for the last snapshot, which has no children. Module 7: Virtual Machine Management 479 7-84 Taking Snapshots You can take a snapshot while a VM is powered on, powered off, or suspended. A snapshot captures the following items· VM configuration • VM memory state (optional) • Virtual disks ---·-----· --- A snapshot capture does not include Independent virtual disks (persistent and nonpersistent). ..... - A snapshot captures the emire state of the VM at the time that you take the snapshot, including the following states: • Memory Stale: The contents of the V'M ' s memory. T he memory s tate is captured only if the VM is powered on and if you select the Snapshot the virtual machine's memory check box (selected by default). • Settings state: The VM settings. • Disk state: The state of a ll the VM's virtual disks. At the time that you take the snapshot, you can also quiesce the guest operating system. T his action quiesces the Jiie system of the guest operating system. This option is available only if you do not capture the memory state as part of the snapshot. 480 Module 7: Virtual Machine Management 7-85 Types of Snapshots A delta or chftd disk is created when you create a snapshot: On the VMFS datastore, the delta disk is a sparse disk. • Delta disks use different sparse formats depending on the type of datastore. Snapshot 'fype Notes Filename Bloc:k Size VMFSsparse VMFS5 with vlrtuol disks smaller than 2 TB f - d eJ La . v1nd k 5t2 bytes SEsparse • VMFS6 • V~'1FS5 with virtual disk$ larger th.en 2 TB Space efficient (thin provisioned) Supports disk reclamation(unmap) v- sesparsa . vnldk 4KB vsanSparse vSAN 001 t<-1 ot>jec t 4MB Delta disks use different sparse formats depending on the type of daiastore. • VM.FSsparse: YMfSS uses the VMFSsparse format for virtual disks smaller than 2 TB. VMFSsparse is implemented on to1>ofVl\1FS. The YlvfFSsparsc layer processes 110 operations issued to a snapshot VM. Technically, VMfSsparse is a redo log that starts empty, immediately after a VM snapshot is taken. The redo log expands to the size of its base YMDK, when the entire VMDK is rewri tten with new data after the Vlvl snapshot. This redo log is a file in rhe VMFS darastore. On snapshot creation, the base VMDK attached to rhe VM is changed ro the newly created sparse VMDK. • SEsparse: SEsparse is a default format for all delta disks on the YMFS6 daiastores. On Vlv1FS5, SEsparse is used for virtual disks of the size 2 TB and larger. SEsparse is a format that is like VlvfFSsparse with some enhancemenrs. This format is space efficient and supports the space-reclamation technique. \Vith space reclamation, blocks that the guest OS deletes are marked. The system sends commands to the SEsparse layer in the hypervisor co unmap those Module 7: Virtual Machine Management 481 blocks. The unmapping helps to reclaim space allocated by SEsparse after che guest operating system deletes the data. 482 Module 7: Virtual Machine Management 7-86 VM Snapshot Files A snapshot consists or a set of files: -Snapshot# . vm$n: Configuration state - snapahotf . vmem: Memory state (optional) - ooooof . vmok: Disk descriptor • - 000001 - de l t" . vmd~: VMFS5delta - 000001 - acapar:>e . vmdk: VMFS6 delta . vmsd: Stores names, descriptions, and relationships ror an the VM's sr1apshots ICM o.u,.1.,,,. ·L-t--•-- -l-----· --......... ---·· ·-- - ·-· -•.. -- --" --- -·--....,_--·.. l-·--·-.-·-"'..···___.. -·-- -.. ,·---·-- ·-.. 1 .....- • I _., _ _ ~ • ,, ~·· • .... • A VM can have one or more snapshots . For each snapshot, the following files are created: • Snapshot delta file: This file contains the changes to the virtual disk' s data since the snapshot was taken. \.\'hen you take a s napshot of a Vtvl, the state of each virtual disk is preserved. T he VM stops writi ng to its - flat . vmdk file. Writes arc redirected to > - ### ###delta . vmdk (or - j # # JI# #- sesparse . vmdk) instead (for which # # ll # # ll is the next number in the sequence). You can exclude one or more virtual disks fro m a snapshot by des ignating them as independent disks. Configuring a virtual disk as independent is typically done when the virtual disk is created, but this option can be changed whenever the VM is powered off. • Disk descriptor file: - 00000 I . vmdk. This file is a small text file that contains information about the snapshot. • Configuration state file: - . v msn. W is the next number in the sequence, staning wiih I. This file holds the active memory state of the VM at rhc point that the snapshot was taken, including virtual hardware, power State, and hardware version. M odule 7: Virtual Machine Management 483 • lvlemory state ti le: - . vmem. This tile is created if the option to include memory state was selected dming the creation of the snapshot. It contains the entire contents of the VMs at the time that the snapshot of the VM was taken. • Snapshot active memory file: - . vmem. This file contains the contents of the Vivi memory if che opcion co include memory is selected during the creacion of che snapshot. • The . vmsd tile is che snapshot list file and is created at che lime that che VM is creaced. II maincains snapshot information for a VM so that it C<ln create a snapshot list in the vSphere Client. This information includes the name of the snapshot . vmsn file and the name of the ''irtual disk file. • The snapshot state file has a .vmsn extension and i.s used to store the state ofa VM wben a snapshot is taken. A new . vms n file is created for every snapshot that is created on a VM and is deleted when the snapshot is deleted. The size of this file varies, based on the options selected when the snapshot is creaced. For example, including the memory state of the Vivi in the snapshot increases the size of the . vmsn file. You can exclude one or more of the VMDKs from a snapshot by designating a virtual disk in the VM as an independent disk. Placing a virtual disk in independent mode is typically done when the virtual disk is created. If the virtual disk was created without enabling independent mode, you must power off the VM to enable it. Other fi les might also exist, depending on the VM hardware version. For example, each snapshot of a Vivi that is powered on has an associated . vmem fi le, which contains the guest operating system main memory, saved as part of the snapshot. 484 Module 7: Virtual Machine Management 7-87 VM Snapshot Files Example (1) VM with no snapshots I v 8i w 10-01 Q YotJ are her• Winl0-01.vmsd Winl0-01-flat.vmdk Winl0-01.vmdk This example shows the snapshot and virtual disk fi les rhat arc created when a VM has no snapshots, one snapshot, and two snapshots. Module 7: Virtual Machine Management 485 7-88 VM Snapshot Files Example (2) VMwlth no snapshots First snapshot taken (with memory state) 486 IvBJw~ Winl0-01. vmsd t~inl0-01-f lat. vmdk 01 Q Vou•«IW<e v 8J Wlnl().01 -~'i· rP itnlO Q You are tll!l't- Module 7: Virtual Machine Management WinlO-Ol.vmdk "inl0-01-Snapshotl.vmem Winl0-01-Snapshotl.vmsn ~~in 10 ... 01-000001-se~parse. vmdk ~inlO-Ol-000001.vmdk 7-89 VM Snapshot Files Example (3) Wlnl0-01.vrnsd VMwllh no snapsriots First snapshot taken (with memory state) WJnl0-01-fl~t.vmdk Win I 0-0 l. Vllld k Winl0-01-Snap~hotl.vmem "' {jJ W,,10-01 <.J ~ SKur - Patcti IO Q You ide !'l...(e BJ W'l\W-Ol Second snapshOt taken (without momory slate) Winl0-0l-Snapahot2.vmsn °$St.curl'!\' P•lCf'! I 0 :(b Soci w1n10-01-snapshot1.vmsn Winl0-01-000001-sosparse.vmdk Winl0-01-000001.vmdk l '>.it.ctl 1 Q You Wiolo -01 -000002 -~esparse.vmdk Winl0- 01-000002.vmdk •it"""'" Module 7: Virtual Machine Management 487 7-90 Managing Snapshots In the vSphere Client, you can view snapshots for the actwe VM and take edtt, delete. and revert to actions. Manage snapshots - I ,,......... ·~ o--- • ··- _._ ·- -·r:;.. . _ ~-·-· r.: ••""' '-" »""' - .r..-........... , ...... .,. .. ......_ __ .,._ ... •• • •• " 4--, --·..-·. -··- ..... ~ o-··- - ....... ~1.f -._._. - ~ -~- ...... .,_ l 11.... "i ~ ..... ·I .. You can perfonn the following actions from the Manage Snapshots window: • E<li1 the snapshot: E<lil the snapshot name and description. • Delete the snapshot: Remove the snapshot from the Snapshot Manager, consolidate the snapshot files 10 !he parent snapshot disk, and merge with the YM base disk. • Delete all snapshots: Commit all the intermediate snapshots before the cunent-state icon (You are here) 10 the YM and remove all snapshots for that YM. • Revert lo a snapshot: Restore. or revert to, a particular snapshot. The snapshot that you restore becomes the current snapshot. \Vhen you revert to a snapshot, you remrn all these items to the stale that they were in at the time that you took the snapshot. If you wam the Yl\1 lo be suspended, powered on, or powered olT when you start it, ensure !hat the VM is in the correct state when you take the snapshot. 488 Module 7: Virtual Machine Management Deleting a snapshot (DELETE or D ELETE ALL) consolidates the changes between snapshots and previous disk state.s. Deleting a snapshot also writes to the parent disk all data from the delta disk that contains tbe information about the deleted snapshot. \Vhen you delete the base parent snapshot, all changes merge with the base VMDK. Module 7: Virtual Machine Management 489 7-91 Deleting VM Snapshots ( 1) If you delete a snapshot one or more levels above the You are here level, the snapshot state is deleted. In this example, the snap01 data is committed into the parent (base disk), and the foundation for snap02 is retained. s.oap02 Delta !2 GB) 0 To play the animation, go to httrs://,•mwarc.bravais.com'si\VhbcXR4sSwk2V17McaX[). 490 Module 7: Virtual Machine Management 7-92 Deleting VM Snapshots (2) If you delete the latest snapshot, the changes are committed to Its parent. T he snap02 data is committed into snap01 data, and the snap02 -delta . vmdkfile is deleted. ea.. Ou;l< (5 GB} snap0 2 Delta (2 GB) 0 To play the animation, go to httrs://,•mwarc.bravais.coml:;/IO.IYYQzMTv7rvxHgNcQp. Module 7: Virtual Machine Management 491 7-93 Deleting VM Snapshots (3) If you delete a snapshot one or more levels below the You are here level, subsequent snapshots are deleted, and you can no longer return to those states. The snap02 data is deleted. Base Olsk (5 GB) tnap01 O.lla 11 GBI >-----0 Delete this snapshot. Yovorehete. / sn:ip02 Dcl!:i (2 G R) 0 To play the animation, go 10 h1qis://,•rnwarc.bravais.comls/NiQxPT3 iyccmQ8\VYXKom. 492 Module 7: Virtual Machine Management 7-94 Deleting All VM Snapshots The d elete-au.snapshots mechanism uses storage space efficiently. The size of the base disk does not increase. Snap01 is committed to tile base disk before snap02 is committed. Base Disk (5 GB) snap01 Delta (1 GB) snap02 Delta (2 GB) 0 To play the animation, go to httrs://,•mwarc.bravais.comls/L3ilQHlrv" Ehlgr5p7RP. All snapsholS before the You are here point arc committed all the way up to the base disk. All snapshots after You are here arc discarded . Like a single snapshot delelion, changed blocks in the snapshot over.vrite their counterparts in the base disk. Module 7: Virtual Machine Management 493 7-95 About Snapshot Consolidation Snapshot consolidation is a method for committing a chain of delta disks to the base disks when the Snapshot Manager shows that no snapshots exist but the delta disk liles remain on the data store. Snapshot consolidation resolves problems that might occur with snapshots: The snapshot descriptor file is committed correcuy, and the Snapshot window shows that all the snapshots are deleted. The snapshot files (- de lta . vmdk) are still part of the VM. Delta disk files continue to expand until the datastore on which the VM is located runs out of space. Snapshot consolidation is a way to clean unneeded delta disk files from a datastorc. lf no snapshots are registere<l for a VM, but delta disk files exist, snapshot consolidation conm1its the chain of the delta disk files and removes them. If consolidation is oot performed, the delta disk files might expand to the point of consuming alI the remaining space on the VM 's datastore or the delta disk file reaches its configured size. The delta disk cannot be larger than the size configured for the base disk. 494 Module 7: Virtual Machine Management 7-96 Discovering When to Consolidate Snapshots On the Monitor tab under All Issues for the VM, a warning notifies you that a consolidation is required. wn IOI ~spheofe C~ent ca I'! O w..cwcn~ • :2 l.l w1n10-04 .i..i""' "' QIOI0.1..-Cll!' CLillll-lft C::t..11b\IM$ "l>N)l~ll &~t;" (iWIWICl-01 & 'Wrl:l.(;14 a wto-.o.OE. ' "~ , • • loCllO"«o "' MOnilor -......... All Issues ~ ---~-- ---t-•-··- tllglJW'llO-• ~--- o.i-ot.:xi~ l•l'liil ' _,,... :i.t~>OM lW."°' \Vith snapshot consolidation, vCcntcr Server displays a warning when the descriptor and the snapshot files do not match. After the warning displays, you can use the vSphere Client to commit the snapshots. Module 7: Virtual Machine Management 495 7-97 Consolidating Snapshots After the snapshot consolidation warning appears, you can use the vSphere Client to consol.idate the snapshots. All snapshot delta disks are commttted to the base disks. lt:Ji Cil n 0 ~rtlil!SfJOt.. ..,, Ilt ICM·tllllKef'lef Cl latl T•inot.lolK QL.llbVMs {;! Dno'lon.n .. ~- & W'foil0-02 ""'"°' ""'""""' ' O!X-" ~l:!'(OI~ """ ·~ 110 ..,~illQ~~~ 1411 ~<1 to lA!ftt SMl'V'O'l •1 ~ll Toter-~ """"""' It I> ·l ~T•~~ ~ MfVM• ~w~ ti, W11!0-06 • ,, ..... "'-· Oeiiett' At WP"\OD i..to' • For a list of best practices for using snapshots in a vSpbere environment, see VMware knowledge base aiticle 1025279 at http:i/kb.vmware.com/kbi1025279. 496 Module 7: Virtual Machine Management 7-98 Lab 21: Working with Snapshots Take VM snapshots, revert a VM to a different snapshot, and delete snapshots 1. Take Snapshots of a Virtual Machine 2. Add Files and Take Another Snapshot of a Virtual Machine 3. Revert the Virtual Machine to a Snapshot 4. Delete an Individual Snapshot 5, Delete All Snapshots Module 7: Virtual Machine Management 497 7-99 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Take a snapshot of a virtual machine Manage muniple snapshots Delete virtual machine snapshots Consolidate snapshots 498 Module 7: Virtual Machine Management 7-100 Lesson 8: vSphere Replication and Backup Lesson 8: vSphere Replication and Backup vmware· Module 7: Virtual Machine Management 499 7-101 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify the components in the vSphere Replication architecture Deploy and configure vSphere Replication Recover replicated virtual machines Explain the backup and restore solution for VMs Describe the benefits of vSphere Storage APls - Data Protection 500 Module 7: Virtual Machine Management 7-102 About vSphere Replication vSphere Replication is an extension for vCenter Server. It provides hypervisor-based VM replication and recovery. \IM L::J \f'M Target ~ 1111 0 111 I vSphere Replication is an al!emative to array-based replication. vSphere Replication protects VMs from partial or complete site failures by replicating the VMs between the following sites: • From a source site to a target site • \l/ithin a single site from one cluster to another • From multiple source sites to a shared remote target site vSpbere Replication provides several benefits as compared to array-based replication: • Data protection at lower cost per VM • A replication solution that supports ncxibility in storage vendor selection at the source and target sites • Overall lower cost per replication Module 7: Virtual Machine Management 501 7-103 About the vSphere Replication Appliance The vSphere Replication appliance provides all the components that are required to perform VM replication. VSpherc Replica11on Appliance Standard OVF Virtual Appliance Delivered with the vSphere Platform Included with Most vSphere Editions The vSphere Replication appliance includes the following components: • A vSphere Replication server that provides the core of the vSpbere Replication infrastructure • An embedded database that stores replication configuration and management information • A vSphere Replication management server that perfonns the following functions: Configures the vSphere Replication server Enables, manages, and monitors replications Authenticates users and checks their pennissions to perform vSphere Replication operations • A plug-in to the vSphere Client that provides a user interface for vSphere Replication You can use vSphere Replication inunediately after you deploy the appliance. The vSphere Replication appliance provides the virtual appliance management interface (VAMI) that is used to 50 2 Module 7: Virtual Machine Management reconfigure the appliance after deployment. For example, you can use the VAMJ to change the appliance security seuings, change the network settings, or configure an external database. You can deploy additional vSphere Replication servers by using a separate OVF package. Module 7: Virtual Machine Management 503 7-104 Replication Functions With vSphere Repltcation, you can replicate a VM from a source site to a target site, monitor and manage the replication status, and recover the VM at the target sije. Sourc~ Sh~ Taf9et Site VM You can replicate a VNI between two sites. vSphcrc Replication is installed on both source and target sites. Only one vSphere Replication appliance is deployed on each vCenter Server. The vSpbere Replication (VR) appliance contains an embedded vSphere Replication server that manages the replication process. To meet the load-balancing needs of your environment, you might need to deploy additional vSphere Replication servers at each site. When you configure a VM for replication, the vSphere Replication agent sends changed blocks in the VM disks from the source site to the target site. The changed blocks are applied to the copy of the VM. This process occurs independently of the storage layer. vSphere Replication performs an initial full synchronization of the source VM and its replica copy. You can use replication seeds to reduce the network traffic that is generated by data transfer during the initial full synchronization. 504 Module 7: Virtual Machine Management 7-105 Deploying the vSphere Replication Appliance You use the vSphere Client to deploy the vSphere Replication appliance on an ESXi host: 1. Download the installation package to a local directory or obtain its URL. 2. Use the standard vSphere OVF deployment wizard to deploy the appliance. a. Select Menu > Hosts and Clusters. b. Right-click an ESXi host and select Deploy OVF template. ... ....-.. .. ___ _ ---______ ·---·-___ •-----·.._ ___ ........ -."--'-'='..:::,..-----..-----.. ·-... ·------ ·------- .- •• ... _.,._ ·- , - - - : c : : ' : : - : - ~ __ -------- " -~ .. ___ _ ____ -......__ ;•-w•-··--- ---- ·----.... .., , ·-- - ----- •.;t;.;·_-=., - ..... - You can deploy vSphcre Rcplic.ation with e ither an 1Pv4 or fPv6 address. l\1ixing IP addresses, for example having a sing)e appli<mce with an !Pv4 and an lPv6 address, is not supported. After you deploy the vSphcre Replication appliance, you use the V AMl to register the endpoint and the certi!icate of the vSphere Replication management server with the vCenter Lookup Service. You also use the VAMJ to register the vSphere Replication solution user with the vCenter Single S ign-On administration server. For more details on deploying the vSphere Replication appliance, see Vi\1ware 115phere Replication Doc11111en/atio11 at https:lldocs. vmware.comien/vSphere-Replicationlinde' .html. Module 7: Virtual Machine Management 505 7-106 Configuring vSphere Replication for a Single VM To configure vSphere Replication for a VM in the vSphere Client, right-click the VM in the inventory and select All vSphere Replication Actions > Configure. l'!::ill - -· ·. ·----·-- --···· ·~·· · I @ Ed11 Sentngs. .. Move To... Rename ... Edrt Notes... Tags & C\Jstom Attributes ' Add Permission... Alarms ' n ntD<y De " D All \/Center Orehe$tra!O< plugln Acl1ons All vsphere Replleabon AcOons '•fOJ Configure Repllcatlon... l l-.J-11> • M~---""r I vSphcrc Replication can protect individua l VMs and their vir1ual disks by replicating tbem to another location. 506 Module 7: Virtual Machine Management 7-107 Configuring Recovery Point Objective and Point in Time Instances During replication configuration, you can set an RPO and enable retention of instances from multiple points in time. .. •• ., l ~uton~ _, 2 U~I•*"' ., l lttf'IUdM · . , 4 b ....l IOOt~ llt-1)'tf. . . COll~\lll!f«;OWIJIJM"IJ' ---.tyhiiril ~ lot .... ~• 111acM1c1 !1'tl"Ct i.-RP01mes.i.a~&m- w..w-..-..i1n_,,,__ ~ hflilc#IOll l>fllOllll .; ., ) lht~tl....- il'Ol'll In """ Iris•-· •-Ad~ .,.lll'>Oll9 - -. .,...,_ Ill •""P'"'* 11"""9 ....,.,y lilcp.U..ollO!I f/lc;bllllf \N 1.....lllilil • • ...,~ ll-RPOpMtcll1I_.,.,._.""'" ,-ll'l'ljlll•M•4ll!;ft>l••IMAPOllll~•-.,._.. ..,....... ll)mt•.. "'1111!1\fte1' llf lllt..,_ 1W 'IOti - 1 IO loltesi The value that you set for the recovery point objective (RPO) affects replication scheduling. \Vhen you configure replication, you set an RPO to determine the time between replications. For example, an RPO of I hour aims to ensure that a VM loses no more than I hour of data during the recovery. For smaller RPOs, less data is lost in a recovery, but more network bandwidth is consumed to keep the replica up to date . For a discussion about how the RPO affects replication sche.duling, see vSphere Replication Administration at https: lldocs.vmware.com/enlvSphereReplicationi8.31com. vmware. vsphere.replication-ad min.doclGUID-35COAJ 55-CS 7D-4 30D-876E9D2 E6 DE4 DDOA .html. Module 7: Virtual Machine Management 507 7-108 Recovering Replicated VMs WilhvSphere Replication, you can recover VMs that were successruny replicated at the target site. You can recover one VM at a time on the Incoming Replications tab. ··- ·-·- - -·-·---· ··------ -. ·-• ___ __ ----.."·-··- ------·-·.. ___. ____. .-----_ s-----·-. .-..----·--__ __ ---·---·----· ,,, ,, ...... .... _...,_..,.. _,._...,_.,_ , -~~- ""' ........... To perform Lhe recovery, you use the Recover virtual machine wizard in the vSphcre Client at Lhc target site. You arc asked to select either to recover the VM with all the latest data or to recover the Vl'vl with the most recent data available on the target site: • If you select Recover with recent changes t·o avoid data loss, vSphcre Replication performs a full synchronization of the VM from the source s ite to the target site before recovering the VM. T his option 1·equires that the data of the source VM be accessible. You can select this option only if the VM is powered off. • Ir you select Recover with latest available data, vSpherc Replication recovers the VJ\1 by using the data from the most recent replication on the target site, without performing synchronization. Selecting this option results in the loss of any data that changed since the most recent replication. Select this option if the source Vivi is inaccessible or if its disks are corrupted. 508 Module 7: Virtual Machine Management vSphcrc Replication validatc.s the input 1ha1 you provide and recovers the. Vivi. ff successful, the VM status changes to Recovered. The Vwl appears in the inventory of the target site. Module 7: Virtual Machine Management 509 7-109 Backup and Restore Solution for VMs To protect your VM's data, you can use a backup solution based on vSphere Storage APis · Data Protection. With vSphere S torage AP ls - Data Protection, backup producls can perform centralized. efficient, off- host. LAN-free backups of vSphere VMs. Virtual AppUance ..- -----------------------·.• .. - ····-····'····-·--···········-... ...' . VMware vSphere o00 1 ' - =i _ ,,.,-.................... -= ---- 0 vSphcrc Storage APis - Data Protection is VMwarc 's data protection framework, which was introduc.e d in vSphere 4.0. A backup product that uses this AP! can back up VMs from a centrJI backup system (physical o r virtual system). The backup does not require backup agents or any backup processing to be done inside the guest operating system. Backup processing is offioaded from the ESXi host. In addition. vSpbere snapshot capabilities are used to support backups across the SAN without requiring downtime for VMs. As a result, backups can be performed nondisruptively at any time of the day without requiring extended back-up windows. For frequently asked questions about vSphere Storage APls - Data Protection, see V!vlware knowledge base article 102 1175 at https:/ikb. vmwarc.cornfs lan iclell 021 175 . 510 Module 7: Virtual Machine Management 7-110 vSphere Storage APls - Data Protection: Offloaded Backup Processing Configure the storage enV1ronment so that the backup server can access the s torage volumes that are managed by the ESXi hosts. Backup prcx:essing is offloaded lrom the ESXi host to the backup server, which prevents local ESXi resources lrom becoming overloaded. llM ~ llM ,,,.....l 1111 0 1111 Ill 0 Ill !11~111 ··~ ..., One of the. biggest bottlenecks that limits backup performance is the backup server that is handling all the backup coordination tasks. One of these backup tasks is copying data from point A to point B. Other backup tasks do much CPU processing. For example, tasks are performed to determine what data to back up and what not to back up. Other tasks are perfonned to deduplicate data and compress data that is written to the target. A server with insutlicient CPU resources can greatly reduce baclrnp performance. Provide enough resources for your backup server. A physical server or VM with an ample amount of memory and CPU capacity is necessary for the best backup performance possible. The motivation to use LAN-free backups is to reduce the stress on the physical resources of the ESXi host when VMs are backed up. LAN-free backups reduce the stress by offloading backup processing from the ESXi host to a backup proxy server. Module 7: Virtual Machine Management 511 You can conr.gurc your environment for LAN -free backups to the backup server. also called the backup proxy server. for LAN-free backups. the backup server must be able to access the storage managed by the ESXi hosts on which the VNls for backup are running. I f you use Nt\S or direct-attached storage, en.sure that the backup proxy server accesses the volumes with a net.work-based transport. If you run a direct SAN backup, zone the SAN and configure the disk subsystem host mappings. The host mappings must be configured so that all ESXi hosts and the backup proxy server access the same disk volumes. 512 Module 7: Virtual Machine Management 7-11 1 vSphere Storage APls - Data Protection: ChangedBlock Tracking With changed-block tracking, the backup solution copies only file blocks that changed since the last backup. 1 Changed-block tracking supports raster incremental backups. [~ I I .,,I(,\IM(tlc ~ I · (1tt,vmdk 8 8 ............ ............ • •• • • • • ••• Changed-block tracking (CBT) is a VNlkernel feature that t.rncks the storage blocks of VMs as they change over time. The VMkernel tracks block changes on VMs, enhancing the backup process for applications that are developed to exploit vSphere Storage AP ls - Dara Protection. By using CBT during restores, vSphere Data Protection offers fast and efficient recoveries of VMs to their original location. During a restore process, the backup solution uses CBT to determine which blocks changed since the last backup. The use of CBT reduces data transfer within the vSphere environmem during a recovery operation and, more imporiant, reduces the recovery rime. Module 7: Virtual Machine Management 513 7-112 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify the components in the vSphere Replication architecture Deploy and configure vSphere Replication Recover replicated virtual machines Explain the backup and restore solution for VMs Describe the benefits of vSphere Storage APls - Data Protection 514 Module 7: Virtual Machine Management 7-113 Activity: Virtual Beans VM Management ( 1) As a Virtual Beans administrator, you work with your team to consider whk:h vSphere features lo use for key VM management processes. Provide one or more suggestions for each process. Vlnual Beans Process vSphere Suggestions Pr<Ms1onlng and deploying VMs Maintaining VMs (patching and upgradu>g opeyabng systems and appllcauons) Back ng up VM• Disaster recovery and bus1nes$ cont1nu1ty Module 7: Virtual Machine Management 515 7-114 Activity: Virtual Beans VM Management (2) As a Virtual Beans administrator, you work with your team to consider whk:h vSphere features lo use for key VM management processes. Provide one or more suggestions for each process. Vlnual Beans Process Pr<Ms1onlng. and deploying VMs vSphere Suggestions Use VM templates Consider creating a. template and a c;us.tomlzation speoificahon for each guest operattng system type Manage all templatesv~ith the content hbrary H~ve the pnmary data center publish its library to the secondary data center, when tl comes onltne. ri..1ainlaintn.g VP.~s (plltchlng and upgrading operating systems and apphcalloos} Take a snapshot or the VM before applying any pate Iles or up~t01; Manage all le111plateswilh the content library Using the content lttxary. you can update templates while V~1s are deployed from the template 516 Module 7: Virtual Machine Management 7-115 Activity: Virtual Beans VM Management (3) As a Virtual Beans administrator, you work with your team to consider whk:h vSphere features lo use for key VM management processes. Provide one or more suggestions for each process. Vlnual Beans Process Backing up \11\.1$ vSphere Suggestions Use a vSptlere Storage APls • Oata Protection solution Check knowledge base artic.f.P.102ti75 for baokupsolut1on$ that a.re curzenlly available Dis.aster recoveey and business continuity Use vSphere Repfication. which p1otects vti.~s from partial or complete site rallure For planned downhme. use the various types or vSphere vMotion migrations to move VMs between hosts, bel\veen vCenler SeNef instances and even between data centers Module 7: Virtual Machine Management 517 7-116 Key Points vCenter Seiver provides features for provisioning virtual machines, such as templates, cloning, and content libraries. By deploying VMs from a template, you can create many VMs easily and quickly. You can dynamically manage a VM's configuration by adding hot·pluggable devices and increasing the size of a VM's virtual disk. Hot migrations use vSphere vMotion, vSphere Storage vMotion, or both. You can use VM snapshots to preseive the state of the VM so that you can return repeatedly to the same state. You can use vSphere Replication to protect VMs as part of a disaster recovery strategy. Backup products that use vSphere Storage APls . Data Protection can be used to back up VM data. Questions? 518 Module 7: Virtual Machine Management Module 8 Resource Management and Monitoring Module 8: Resource Management and Monitoring Module 8: Resource Management and Monitoring 519 8-2 Importance Although t.he VMkernel works proactively to avoid resource contention, maximizing performance requires both analysis and ongoing monitoring. Developing skills in resource management, you can dynamically reallocate resources so that you can use available capacity more efficiently. 520 Module 8: Resource Management and Monitoring 8-3 1. 2. 3. 4. s. Module Lessons Virtual CPU and Memory Concepts Resource Controls Resource Monitoring Tools Monitoring Resource Use Using Alarms Module 8: Resource Management and Monitoring 521 8-4 Virtual Beans: Resource Management and Monitoring Virtual Beans wants to proactively manage and monitor ~s vSphere environment. Virtual Beans administrators must be able to: Increase allocation or CPU and memory resources for business-critical wo11doads, pariicularly during peak months. Monitor VM performance to troubleshoot user problems. Monitor ESXi host pelformance to avoid potential problems in the infrastructure. Create monthly reports, for management, that contain graphs of VM resource usage. Set notifications for when ESX1 hosts experience high resource use. As a Virtual Beans administrator, you must use the available tools in vSphere for managing and mon~ori ng 522 the vSphere environment. Module 8: Resource Management and Monitoring 8-5 Lesson 1: Virtual CPU and Memory Concepts Lesson 1: Virtual CPU and Memory Concepts vmware· Module 8: Resource Management and Monitoring 523 8-6 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Desclibe CPU and memory concepts in relation to a virtualized environment Recognize techniques tor addressing memory resource overcommitment Identify additional technologies that improve memory usage Desclibe how VMware Virtual SMP works Explain how the VMkernel uses hyperthreading 524 Module 8: Resource Management and Monitoring 8-7 Memory Virtualization Basics vSphere has the following layers of memory: Guest OS virtual memory is presented to applications by the operating system. Guest OS physical memory is presented to the virtual machine by the VMkemel. Host machine memory that is managed by the VMkernel provides a contiguous, addressable memory space that is used by lheVM. Virtual Machine ~ --- --- ---- - ----- -- ---- --- -- - - Application 11v;,!~~:~!o•y I 1 ~-~~ 1 I I 1 Operating System Guestos Physical Memory • - ~ ------------ i ------------ .. -- ............ -- - .. ·t - - - - .... l . . -....... ,. .J.. .., ' ESX i Host I ESXI Ho.st - h;no Momo<y • I I: : ·-----------------------------! \Vhcn running a virtual machine, the Vl\1kerncl creates a contiguous addressable memory space for tl1e Vivi. This memory space has the same properties as the virtual memory address space presellled to applications by the guest operating system. This memory space allows the Vtvlkernel to nm multiple \/Ms simultaneously while protecting the memory of each Vivi from being accessed by others. From the perspective of an appl ication running in the VM, the VMkernel adds an extra level of address translation that maps the guest physical address to the host physical address. Module 8: Resource Management and Monitoring 525 8-8 VM Memory Overcommitment Memory ~ overcommitted when the combined configured memory footprtnt of all powered-on VMs exceeds that of the host memory s izes. When memory is overcommitted: VMs do not always use their full allocated . memory. • To improve memory usage, an ESXi host transfers memory from idle VMs to VMs that need more memory. OVercommitted memory is stored in the . file. . Memory overhead is stored in the vmx • V S'N p • . v swp file. Host machine memory = 32 GB To~I configured VM memory = 40 GB On On on 1099] ~ 190,q] ~ lqpql [~9ql 10G8 10 GB 10 GB 10GB • + f • • • • •. •• I • . ---- ·----· L: •• • c t: " "'" .vowp YiN • '.Y*-wf) •• • r, VM2 ,v•P v ma .•.....-....o Off B • • • • -• • •• • ~ VM3 .v owp vmo.•' .vw.p The total configured memory sizes of all VMs might exceed the amount of available physical memory on the host. However, this condition does not necessaii ly mean that memory is overconunitted. 1'1emory is overcommitted when the working memory size of all Vtvls exceeds that of the ESXi host's phys ical memory s ize. Because oft be memory management techniques used by the ESXi host. your VMs can use more virtual RAM than the available physical RANI on the host. For example, you can have a host with 32 GB of memory and run four VMs with I 0 GB of memory each. In that case, the memory is overcommitted. !fall four VNls are idle, the combined consumed memory is below 32 GB. However, if all VMs are actively consuming memory, then their memory foo tprint might exceed 32 GB and the ESXi host becomes overcommitccd. An ESXi host can run ouc of memory if \/Ms consume all rcscrvable memory in an ovcrcommiued-mcmory environment. Although chc powered-on VMs arc not a ffected, a new V M might faiI to power on because of lack of memory. Overconm1itment makes sense because, typically, some VMs are lightly loaded whereas others are n1ore hea\1 ily loaded, a11d re.lati\1e-activity levels vary 0\ 1er ti111e. 526 Module 8: Resource Management a nd Monitoring Extra memory from a VM is gathered into a swap ti le with the . vswp extension. The memory overcommitment process on the host uses the vmx - • . v s wp swap file to gather and track memory overhead. Memory from this file is swapped out to disk when host machine memory is 0\1ercom1nirtcd. Module 8: Resource Management and Monitoring 527 8-9 Memory Overcommit Techniques An ESX1host uses memory overcommit techniques to allow the overcommitment of memory whtle possibly avoiding the need to page memory out to disk. Methods Usod by Ula ESX1 Host Octatls Traospareni page shanng This method ecooomJZes the use or physical memory pages In this meiflod, pages with 1dent1¢al conteni5 tare stored only once This method uses the VMware Tools balloon drrver to deallocate memory from one VM to another. The bal1ooning mechanism becomes actrve when memory 1s scarce. forcing VMs to use their own paging areas Memory compress1on This method tries to reclaim some memOfY per1om\ance when meO"l<M)' contention is high Host-level SSC swapping Use or a sohd-state drive on the. ESX1 host for a host cache swap file mtght increase performance vri.• memory pag1nq to disk Ustng VMkerr.el swap space 1s the lasl teso« because ol poor ~rfdtmance The Vl\1kernel uses various techniques to dynamically reduce the amount of physical RAM that is required for each Vl\1. Each technique is described in the order that the VMkernel uses it: • f>age sharing: ESXi can use a proprietary technique to transparently share memory 1>ages between VMs, eliminating redundant copies of memory pages. Although pages arc shared by default within VM s, as of vSphcre 6.0, pages arc no longer shared by default among Vl\1s. • Ballooning: If the host memory begins to get low and the VM's memory use approaches its memory target, ESX i uses ballooning to reduce rhat VM's memory demands. Using the VMware-supplied vmmemc t l module installed in the guest operating system as part of VMware Tools, ESXi ca.n cause the guest operating system to relinquish the memory pages it considers least valuable. Ballooning provides performance closely matching that of a native system under simi lar memory constraints. To use ballooning, the guest operating system must be configured with sufficient swap space. 528 Module 8: Resource Management and Monitoring • lvlemory compression: If the Vivi's memory use approaches the level at which host-level swapping is required, ESXi uses memory compression to reduce the number of memory pages that it must swap out. Because the decompression latency is much smaller than the swap-in latency, compressing memory pages h<1s significantly less impact on perfonnance than swapping out those pages. • Swap to host cache: Host swap cache is an optional memory reclamation teclmique that uses local flash storage to cnche a virtual machine's memory pages. By using local flash storage, the virtual machine avoids U1e latency associated wiU1 a storage network that might be used if it swapped memory pages 10 the virtual swap (. vswp) file. • Regular host-level swapping: \Vhen memory pressure is severe and the hypervisor must swap memor)' pages to disk, the hypervi.sor swaps to a host swap cache rather than to a . vswp file. \Vhen a host runs out of space on the host cache, a virtual machine's cached memory is migrated to a virtual machine's regular . vswp file. Each host must have its own host swap cache configured. Module 8: Resource Management and Monitoring 529 8-10 Configuring Multicore VMs You can build VMs with multiple virtual CPUs (vCPUs). The number or vCPUs that you configure for a single VM depends on the physical architecture of the ESXi host. I Vlrlual T h •-=ae -- -- Pliysi<al .. Core • , :(Cll'U; . Socket Single·Core Oual·SOCket System .. . tau .-- . .-- . .-- . .-.. LCl'V .. OuaJ-Core slngle-Soc-ket System .. L.,._. .. 1.aU. U::.U ' .. Ouad-Core Sln9te-SOdce1 System You can configure a VM with up to 256 virtual CPUs (vCPUs). The VMkernel includes a CPU scheduler that dynamically schedules vCPUs on the physical CPUs of the host system. The VMkernel scheduler considers socket-core-thread topology when making scheduling decisions. Intel and AMD processors combine multiple processor cores into a single integrated circuit, called a socket in this discussion. A socket is a single package with one or more physical CPUs. Each core has one or more logical CPUs (LCPU in the diagram) or threads. \l/ith logical CPUs, the core can schedule one thread of execution. On the slide, the first system is a single-core, dual-socket system with two cores and, therefore, two logical CPUs. \I/hen a vCPU of a single-vCPU or multi-vCPU VM must be scheduled, the VMkernel maps the vCPU to an available logical processor. 530 Module 8: Resource Management and Monitoring In addition to the physical host conliguration, the number of vCPUs conligurc.d for a VM also depends on the guest operating system. the applications, and the specific use case for the Vivi itself. Module 8: Resource Management and Monitoring 531 8-11 About Hyperthreading With hyperthreading , a core can execute two threads or sets of instructions at the same time. Hyperthreading provides more scheduler throughput • Hyperthreading is enabled by default. To enable hyperthreading: Verify that the host system supports hyperthreading. Enable hyperthreading in the system BlOS. Ensure that hyperthreading for the ESX1host ts turned on. Dual-Core Single-Socket System w ith Hyperthreading lf hypcrihrcading is enabled, ESXi can schedule two threads at the same time on each processor core (physical CPU). Hypertbreading provides more scheduler throughput. That is, hyperthreading provides more logical CPUs on which vCPUs can be scheduled. The dmwback of hyperth.reading is that it does not double the power of a core. So, if both threads of execution need the same on-chip resources at the same time, one thread has to wait. Still, on systems that use hype1tlueading technology, pe1formance is improved. An ESXi host that is enabled for hyperthreading should behave ahnost exactly like a standard system. Logical processors on the same core have adjacent CPU numbers. Logica l processors 0 and I are on the first core, logical processors 2 and 3 are on the second core, and so on. Consult the host system hardware documentation to verify whether the BIOS includes support for hyperthreading. Then, enable hyperthreading in the system BIOS. Some manufacturers call this option Logical Processor and others call it Enable Hype1tlu·eading. Use the vSphere Client to ensure that hyperthreading for your host is turned on. To access the hyperthreading option, go to the host's Summary tab and select CPUs under Hardware . 532 Module 8: Resource Management and Monitoring 8-12 CPU Load Balancing The VMkernel balances processor Ume to guarantee that the load is spread smoothly across processor cores in the system. Hyperthreaded Dual-Core Dual-Socket System The CPU scheduler can use each logical processor independently to execute VMs, providing capabilities thnt are similar to trnditional symmetric multiprocessing (SMP) systems. The VMkemel intelligently manages proce-ssor time to i.•uarantee that the load is spread smoothly across processor cores in the system. Every 2 milliseconds to 40 milliseconds (depending on the socket-core-thread topology), the Vlvlkemel seeks to migrate vCPUs from one logical processor to another to keep the load balanced. The VMkernel does its best to schedule VMs with multiple vCPUs on two different cores rather than on two logical processors on the same core. But, if necessary, the \'Mkernel can map two vCPUs from the same VM to threads on rhe same core. If a logical processor has no work, it is put into a halted state. This action frees its execution resources, and the VM running on the other logical processor on the same core can use the full execution resources of the core. Because the Vlvfkernel scheduler accounts for this halt time, a VM running with the full resources o r a core is charged more than a \'M running on a half core. Th is approach to processor management ensures that the server does not violate the ESXi resource allocation rules. Module 8: Resource Management and Monitoring 533 8-13 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Desclibe CPU and memory concepts in relation to a virtualized environment Recognize techniques tor addressing memory resource overcommitment Identify additional technologies that improve memory usage Desclibe how VMware Virtual SMP works Explain how the VMkernel uses hyperthreading 534 Module 8: Resource Management and Monitoring 8-14 Lesson 2: Resource Controls Lesson 2: Resource Controls vmware· Module 8: Resource Management and Monitoring 535 8-15 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Assign share values for CPU and memory resources Desclibe how virtual machines compete tor resources Define CPU and memory reservations and limits 536 Module 8: Resource Management and Monitoring 8-16 Reservations, Limits, and Shares Beyond the CPU and memory configured for a VM, you can apply resource allocation settings to a VM to control the amount of resources granted: A reservation specifies the guaranteed AvalJabJe Capacity - ... - - StlantS • • UMd to . c0nt~e minimum allocation for a Vf\~. -- • A limit specifies an upper bound for CPU or . memory that can be allocated to a VM. A share is a value that specifies the relative priority or importance of a VM's access to a given resource. Umh 0 MHz/MB In this raf'\oQle Rc.sorvollon I Because VMs simultaneously use the resources of an ESXi hosL. resource contcnLion can occur. To manage resources cmciently, vSphere provides mechanisms to allow less, more, or an equal amount of access to a defined resource. vSpbere also prevents a VM !Tom consuming large amounts of a resource. vSpberc grants a guaraoLeed amount of a resource to a VM whose performance is not adequate or that requires a certain amount of a resource to run properly. \Vhen host memory or CPU is overcommitted, a Vl\1's allocation target is somewhere between its specified reservation and specified limit, depending on the VM's shares and the system load. vSphere uses a share-based allocation algorithm to achieve efficient resource use for all VMs and to guarantee a given resource to the VMs that need it most. Module 8: Resource Management and Monitoring 537 8-17 Resource Allocation Reservations: RAM RAM reservations: Memory reserved to a VM is guaranteed never to swap or balloon. If an ESXi host does not have enough unreserved RAM to support a VMwith a reservation, the VM does not power on. Reservations are measured in MB, GB, or TB. The default is OMB. Adding a vSphere DuectPath 1/0 device to a VM sets memory reservation to the memory size of the VM. ·-·" ...... ----.. _ ... -·-- . - -·-• -•no.-------·-·-r-- " --·- ·-·- ·-·-·..·--.. -............ .··---------.... . ---·---· ----·· ____= ,_ .... , ..?.ICS • •• • \Vhcn configuring a memory reservation for a Vl\1, you can specify the VM's configured amount of memory to reserve all of the Vtvl's memory. For example, if a VM is configured with 4 GB of memory, you can set a memory reservation of 4 GB for the Vtvl. You might configure such a memory reservation for a critical Vivi that must maintain a high level of performance. Alternatively, you can select the Resen ·e All Guest Memory (All locked) check box. Selecting this check box ensures that all of the VM's memory gets reserved even if you change the total amount of memory for the VM . The memory reservation is immediately readjusted when the VM's memory configurntion changes. 538 Module 8: Resource Management and Monitoring 8-18 Resource Allocation Reservations: CPU CPU reservations: CPU that is reserved for a VM is guaranteed to be immediately scheduled on physical cores. The VM is never placed in a CPU ready state. If an ESXi host does not have enough unreserved CPU to support a VM with a reservation, the VM does not power on. Reservations are measured in MHz or GHz. The default is 0 MHz. M odule 8 : Re source Managem ent and Mo nito ring 5 39 8-19 Resource Allocation Limits RAM limits: VMs never consume more physical RAM than is specified by the memory allocation limit. VMs might use the VM swap mechan1sm ( . vswp ) if the guest OS attempts to consume more RAM than is specified by the limtt. CPU limits: VMs never consume more physical CPU than is specified by the CPU allocal.ion limit. CPU threads are placed in a ready state if the guest OS attempts to schedule threads faster than the limit allows. Usually, specifying a limit is not necessary. • --- ... ,_. I - 1---- . • -_ - ,_ ~---' •I I • ~ I _ , .... -·-· --· ·--- ·- Specifying limits has the following benefits and drawbacks : • Benefits: Assigning a limit is useful if you start with a few VMs and want to manage user expectations. The performance deteriorates as you add more VMs. You can s imulate having fewer resources available by specifying a limit. • Drawbacks: You might waste idle resources if you specify a limit. The system does not allow VMs to use more resources than the limit, even when the system is underused and idle resources arc available. Specify the limit only if you have good reasons for doing so. 540 Module 8: Resource Management and Monitoring 8-20 Resource Allocation Shares Shares define the relative importance of a VM: If a VM has twice as many shares of a resource as another VM, the VM is entitled to consume twice as much of that resource when the-se tv10 VMs compete for resources. Share values apply only if an ESXi host ex_periences contention for a resource. You can set shares to high, normal, or low. You can also select the custom setting to assign a specific number of shares to each VM. Setting CPU Share Values '-•cmory Share Values High 2,000 shar&s per vCPU 20 sharas per MB of configu1ed V.,,~ rnetnory Noonal 1,000shores pervCPU 10 shares per MB of configured VM memory Low 500 shares per VCPU 5 share!. p&i MB ot configured VM memol)' High, normal, and low settings represent share values with a 4:2: I ratio, respe<:tively. A custom value of shares assigns a specific number of shares (which expresses a proportional weight) to each VM. Module 8: Resource Management and Monitoring 541 8-21 Resource Shares Example ( 1) VMs are resource consumers. The default resource settings that you assign during VM creation work well for most VMs. 1,000 Number of shares c • 1,000 1,000 Ill I I The proportional share mechanism applie.s to CPU, memory, storage 1/0, and network 110 allocation. The mechanism operates only when VMs contend for the same resource. 542 Module 8: Resource Management and Monitoring 8-22 Resource Shares Example (2) You can add shares to a virtual machine while it rs running. 1,000 Number of shares 1,000 Ill I I I I Ill I I c • 1, 000 Change Number of shares 1, 000 3,000 1,000 You can add shares to a VM while it is running, and the VM gets more access to that resource (assuming competition for the resource). \Vhen you add a Vr>.1, it gets shares too. T he VM's share amount factors into the total number of shares, but existing VMs are b'Uaranteed not to be starved for the resource. Module 8: Resource Management and Monitoring 543 8-23 Resource Shares Example (3) Shares guarantee that a VM is given a certain amount of a resource. 1,000 Number of shares Change Number of shares 1,000 1,000 Ill II II Ill II Ill II c • 1,000 3,000 1,000 1,000 3,000 1,000 Power on virtuai machine ~ 1,000 VMD Shares guarantee that a VM is given a certain amount of a resource (CPU, RAM, storage J/0, or network 110). For example, consider the third row of\11\1s on the slide: • YM Dis powered on with 1.000 shares. • Before Vl'vt D was powered on. a total of 5,000 shares were available, but Vl'vl D's addition increases the 1otal shares 10 6,000. • The result is that the other YMs' shares decline in value. Bui each VM 's share value sti ll represents a minimum guarJntee. VM A is still guamnteed one-sixth of the resource because it owns one-sixth of the shares. 544 Module 8: Resource Management and Monitoring 8-24 Resource Shares Example (4) When you delete or power off a VM. fewer total shares remain, so the surviving VMs get more access. Number of shares Change Number of shares Power on virtual machine 1, 000 3,000 1,000 3,000 1,000 • • • • • • II • 1,000 Power off virtual machine 1, 000 3, 000 1,000 VMD 1,000 VMD Module 8: Resource Management and Monitoring 545 8-25 Defining Resource Allocation Settings for a VM You can edit a VM's settings to configure CPU and memory resource allocations. --· --- x ' G ..... -. - - • ...,_ - ------ -- - ..I~ --·--· --• • • w • 546 Module 8: Resource Management and Monitoring 8-26 Viewing VM Resource Allocation Settings You can vie\v reservattons, limits, and shares settings for all VMs in a cluster. ...n .0 .,,.,...,., . Cl • t O Q a Q'f-<'(~~W/11 au.11. ." . 0V.OA• " .. • ... -··--·-. D S.A Cluster "- ,_ .w ,..,,_...., ~ CPu ResefVatlon OeUllls --- ·-.. ··-.. ·- -,._ -- --·- - - ..-- ···.. "-· -- -·- -- -- ... - - - ·- -- ,,,.,............. ~ u_.. ~·'-C-.0 ''"·"-'-~ ··· . .......... to... ,_ . """"'"~"'° _, " .. ..,._ _,, ...,.,. !!I= r;. ~~ • • a-- • ,._ .,._ •• ... >,,r,.,. !•t'•fJ<W ,_ ~ •• •• " •• ~ Module 8: Resource Management and Monitoring 547 8-27 Lab 22: Controlling VM Resources Control VM CPU fesources using shares: 1. Create CPU Contention 2. Verify CPU Share Functionalrty 548 Module 8: Resource Management and Monitoring 8-28 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Assign share values for CPU and memory resources Desclibe how virtual machines compete tor resources Define CPU and memory reservations and limits Module 8: Resource Management and Monitoring 549 8-29 Lesson 3: Resource Monitoring Tools Lesson 3: Resource Monitoring Tools vmware· 550 Module 8: Resource Management and Monitoring 8-30 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe the performance-tuning methodology Identify resource-monitoring tools Use vCenter Server performance charts to view performance Module 8: Resource Management and Monitoring 551 8-31 Performance-Tuning Methodology You can tune the pertormance of your vSphere environment. Assess pertormance: - Use appropriate monitoring tools. Do not make casual changes to production systems. - Record a numerical benchmark before changes. Identify the limiting resource. Make more resources available: - Allocate more resources. - Reduce competition. - log your changes. • Benchmark again. The best practice for performance tuning is to 1ake a logical step-by-step approach: • For a complete view of the performance situation of a VM. use monitoring tools in the guest operating system and in vCcntcr Server. • Identify the resource that t11e VM relies on the most. This resource is most likely to affect the VM's performance if the VM is constrained by it. • Give a Vivi more resources or decrease the resources of other Vlvls. • Aller making more of the li miting resource avai lable to the V/\-1, take another benchmark and record changes. Be cautious when making changes to production systems because a change might negatively affect the performance of the VMs. 552 Module 8: Resource Management and Monitoring 8-32 Resource-Monitoring Tools Many resource.monitoring and performance-monitoring tools are available for use wrth vSphere. Perfmon DLL Task Manager The top command (Linux) vCenter Server performance charts vRealize Operations vSphere/ESXi system logs resxtop and esxtop Tools in the guest operating system arc available from sources external to VMware and arc used in vatious VMware applications. Many tools used outside of the guest OS are made available by VMware for use with vSphere and other applications. A partial list of these resource-monitori ng tools is shown on !he slide. Module 8: Re source Management and Monitoring 553 8-33 Guest Operating System Monitoring Tools To monitor performance in the guest operabng system, use tools that you are familiar with, such as W indo'tvs Task Manager. W indows Task Manager ... _,,.. - ..._, ~ ~,. • ·- CPU o~:a""' L ILJ ~-- ,, __ •• •fl••• I • '""'' I t1~ 1-1 ......... ....... f ®'-.... O(i.,. ti! .... - -,..- -- --- - -. ""' .. ..._ 3.17 GH;i: 1997 5572-t •• ~- •' wa ~ 3:16:36-.27 ... ... \Vindows Task Manager helps you measure CPU and memory use in the guest operating system. The measurements that you take with tools in the guest operating system rclleet resource usage of the guest operating system, not necessarily o f the VM itself. 554 Module 8: Resource Management and Monitoring 8-34 Using Perfmon to Monitor VM Resources The Perfmon OLL in Vf\~ware Tools provides V M processor and memory objects for accessing host statistics in a VM. --..- -. _,. •• " ·-,,..,._, .·e-- --· ---·· --__ _ --.............. ........,- , . 0 x .I • h M U : 1:::--""' •• I • r--- ::J~ OD •• ---··---..-__ • '"°~' ___- _ ....~-- , ----- .•.. .::~ a J . "'- ... ..... --- ....... " --- !'lttll.~-~ ........... - _..... --· w-~ "; , , a •J 1~'"' __J :._J I L.;c!:j ,.. .... .... I ~ ~ u I I ~I • ·~ VMware Tools includes a library of functions called the Perfmon DLL. With Pcrfmon, you can access key host statistics in a guest VM. Using the Perfmon performance objects (Vl\1 Processor and VM Memory), you can view actua I CPU and memory usage and observed CPU and memory usage of the guest operating system. For example. )' OU can use the YM Processor object to view the% Proce.ssor Time counter, which monitors the YM's current virtual processor load. Likewise, you can use the Processor object and view the % Processor Time counter (not shown), which monitors the total use of the processor by all running processes. Module 8: Resource Management and Monitoring 555 8-35 Using esxtop to Monitor VM Resources The e.sx top utility is the primruy reaHime performance monitoring tool for vSphere: Can be run from the host's local vSphere ESXi Shell as esx top • Can be run remotely from vSphere CLI as resx top • Works like the <op performance utilrty in Linux operating systems In this example, you enter lowercase c and uppercase v to view CPU metrics for VMs. 2 : fS:S7J!ftl !..'F '1 d•V• tS =! 6 , ••,, vorld•, I ' PCr.J O:s!:D(• ): 1 .¢ l . ~ ~VU 1 2.1 tlT!f.(\l: ' · ' t . : AVC: t . :l: •nu. ls veFO•; C'Ptl l oaa •V4ra.c;-•: O.<l!I , O. OS, G. Ol ;e"' 52121 $2127 Vff.l ..); 1ll1• 1 3-)16 VKl-2 55009 SSOOf Vl0-1 £ c e. O. ts 0 . 14 G.00 0 . 11 0.10 0 . 01 0 . 11 o. to 0.01 9UO.OG eJJo.oo eoo.oo o . ;; 0.14 o.;s 0.0! o.o; o.t, 99. 67 99,f1 99. 6S O.«! o.e>o o.oo You can run the esxtop utility by using vSphere ESXi Shell to communicate with the management interface of the ESXi host. You must have root user privileges. 556 Module 8: Resource Management and Monitoring o . oo o.oo o.oo 8-36 Monitoring Inventory Objects with Performance Charts The vSphere statistics subsystem collects data on the resource usage of inventory objects, which include: Clusters Hosts Datastores C'PU.<MloitnO».-fM • 04il06fX»G, 10:0. - ..- a..~ O>J-•· - C! ... >M • " Networks Virtual machines ~ •• • • .. ....... ....-- ""'"'"" I~ - ~o • _ _ (Ill,, _ _ _ 0 -- -....... - - .,.- ,.-- ..... -.... - "' ·• • • ' ' ' " • tl".'lt ~· ~· • • u • >M ~n~ Data on a wide range of metrics is collected at frequent intervals, processed. and archived in the vCenter Server database. You can access statistica l information through command-line monitoiing utilities or by viewing performance charts in tJ1e vSphere Client. Module 8: Resource Management and Monitoring 557 8-37 Working with Overview Performance Charts The overview performance charts display the most common metrics for an object in the inventory. .... . -... -·--·-- - ... --- ._ ...... --·--· ·-· -·· --· --· --· . ...'"? .... j -- • • -- - - - --•• • ·I Ii' J... -- - .L • I J You can access overview and advanced performance charts in the vSpherc Client. Ove.rvicw performance char1s show the performance s1atis1ics that VMware considers mos1 useful for moni1oring performance and diagnosing problems. Depending on the object that you select in the inventory, 1he performance charts provide a quick v isual representation of how your hose or \ll\1 is performing. 558 Module 8: Resource Management and Monitoring 8-38 Working with Advanced Performance Charts Advanced charts support data counters that are not supported in other performance charts. Ol.Vt OM~ I',__ -·.,__. ---------- I ... ,_ , ·- --1 -- - ___;:,,.,_ ---·- - ------- --- - ---- --- -·-... ----··-· --.. - --· ·-.. EEJ - G::J • --~- -. • • ... • I " I - .I ·I I ' ... ,... .. ''' ...• •' • I • ln the vSphcrc Client, you can custom ize the appearance of advanced performance charis. Advanced charts have !he following feamres: • More information rhan overview charts: Poin! lo a dara point in a chart lo display derails abou1 that specific dara point • Customizable charrs: Change char! settings. Save custom seuings to create your own charrs. • Save data to an image file or a spreadsheet To customize advanced performance charts, select Advanced under Perfonnance. Click the Chart Options link in the Advanced Perfonnance pane. Module 8: Resource Management and Monitoring 559 Chart Options: Real-Time and Historical 8-39 vCenter Server stores statistics at different specificities. Tima Interval Data Frequency Number of Samples Re3l-tlme (P••t hour) 180 Past week 20 seconds 5 minutes 30 minutes Past month 2 hours 380 Past year t doy 365 Past day 288 336 Real-time information is information that is generated for the past hour ar 20-sccond intervals. Historical information is generated for the past day, week, month, or year, at varying specificities. By dcf:lull, vCentcr Server has fou r archiving intervals: day, week, month, and year. Each interval specifies a length of time that statistics are archived in the vCenter Server database. You can configure which intervals are used and for what period of time. You can also configure the number of data counters that arc used during a collection interval by setting the collect ion level. Together, the collection interval and the collection level determine how much statistic.11data is collected and stored in your vCenter Server database. For example, using the table, past-day statistics show one data point every 5 minutes, for a total of 288 samples. Past-year statistics show I data point per day, or 365 samples. Real-time statistics are not stored in the database. They are stored in a flat file on ESXi hosts and in memory on vCcnter Server instances. ESXi hosts collect re.al-time statistics only for the host or 560 Module 8: Resource Management and Monitoring 1he VMs 1ha1 arc available on lhc host. Real -lime s1a1is1 ics arc collected dircclly on an ESXi host every 20 seconds. If you query for real-lime sra1is1ics, vCenter Server queries each host directly for the daia. vCenter Server does not process the data at this point. vCenter Server only passes the data to the vSphere Client. On ESXi hosts, the statistics arc kepi for 30 minutes. after which 90 data points arc collected. The data points are aggregaied, processed, and returned to vCenler Server. vCenter Server !hen archives the dala in the database as a data poinl for the day collection inierva.I. To ensure tha1 perfom1ancc is no1 impaired when colleciing and wriling the da1a 10 the dalabase, cyclical queries are used to collect data counter statistics. The queries occur for a specified collection interval. At the end of each interval, the data calculation occurs. Module 8: Resource Management and Monitoring 561 8-40 Chart Types: Bar and Pie Depending on the melrlc type and object, performance mellics are displayed 1n di"erent types of charts, such as bar charts and pie charts. ·-= - ..- ....- 1-:.-·- .- _ -----·-- __,, ·.... , ... _ ·--· ~ __ ... _. ·-·.... ·----· ...-· Bar charts display storage metrics for datastorcs in a selected data center. Each datastorc is represented as a bar in the chart. Each bar displays metrics based on the file. type: virtual disks, other VM files, snapshots, swap files, and other files. Pie charts display storage metrics for a single object, based on the file types or V/Ills. For example, a pie chart for a datastore can display the amount of storage space occupied by the VMs that take up the largest spac.e. 562 Module 8: Resource Management and Monitoring 8-41 Chart Types: Line A line chart displays metrics for a single inventory object, for example, metncs for each CPU on an ESXi host ........ .. _-... - ... -- ·- ·-·· ............ --- ·- - ., . . _,,_ ·- · ·--~~.... -·-·'-•• •• •• • -- ---- -• ---- • --·--- --- • • • • • • - - - --- - -- -~ •• " •• ~ ~ •• I ••• •• ln a line chart, rhe data for each performance counrcr is pJoued on a scparare line in the chart. For example, a CPU chart for a host can contain a line for each of the host's CPUs. Each line plots the CPU's usage over time. Module 8: Resource Management and Monitoring 563 8-42 Chart Types: Stacked Stacked charts are useful for comparing resource allocation and usage across rnultipJe hosts or VMs . ----- _._- ___ .. ·-.. ---.........·-·......... . .... -... ·-·-... ·--··- - .... ... ;• ...... . .. ~ . - _ _ . -- ... ..... • •• •• •• • • • -·- -- -• ....-· - . -• ---- -- • .... -- ---•• - • • • •• ~ I ~ • • • •• Stacked charts display metrics for 1hc chi ld objects 1ha1 have the highest s1a1is1ical values. All olher objects are aggregated, and !he sum value is displayed wilh !he lenn Other. For example, a host's slacked CPU usage chai1 displays CPU usage metJics for the five VMs on the host that are consuming the most CPU resources. The Other amount contains the total CPU usage of the remaining VMs. The metrics for the host itse lf are displayed in separate line charts. By default, the I0 child objects with the highest data counter values appear. 564 Module 8: Resource Management a nd Monitoring 8-43 Chart Types: Stacked Per VM Per-VM s tacked graphs are available only for hosts. It. .....,,.. ... --- .. ..--~--·-·--- . -·--•• -- ----- -- -- . -•• -- -• . • ----- -- - .·-•• -.• - -·-- • - --· ~ • • • ·~ Stacked charts display metrics for 1hc child objects 1ha1 have the highest s1a1is1ical values. All olher objects are aggregated, and !he sum value is displayed with the term Otl1er. For example, a host's slacked CPU usage chai1 displays CPU usage mellics for the five VMs on the host that are consuming the most CPU resources. The Other amount contains the total CPU usage of the remaining VMs. The metrics for the host itself are displayed in separate line charts. By default, the I0 child objects with the highest data counter values appear. Module 8: Resource Management and Monitoring 565 8-44 Saving Charts You click the Save Chart icon above the graph to save performance cha.rt information. You can save information in PNG, JPEG, SVG, and C-S V formats. ·--·----.. ·--- -··------ --______ -- -· _-_. - --- .... .... ...... • .""- .... • • --• ··--- - ·-- ~- -. - . --• • •• . ·• -- ln the vSphcre Client, you can save data from the advanced performance charts to a file in various graphics fonmlts or in l\1icrosoft Excel format. \\'hen you save a chart, you select the fi le type and save the chm1 to the location of your choice. 566 Module 8: Resource Management and Monitoring 8-45 About Objects and Counters Performance charts graphically display CPU, memory, disk, network, and storage metrics for devices and entities managed by vcenter Server. Objects are instances or aggregations of devices: Examples: Counters identify which statistics to collect; Examples: - CPU: Used time, ready time. usage(%) - vCPUO - NIC: Network packets received - vCPU1 - Memory: Memory swapped - vmhba1:1 :2 - Aggregation ove< all NtCs ln vCcntcr Server, you can determine how much or how liu le information about a specific device type is d isplayed . You can control the amount of information a chart displ ays by selecting one or more objects and counters. An object refers to an i nstance for w h.ich a statistic is collected. For example, you mi ght collect statistics for an indi vidual CPU, all CPUs, a host. or a specific network device. A counter represents the actual stati stic that you arc collecti ng. A n examp le is the amount o r CPU used or the number of network packets per second for a given devi ce. Module 8: Re source Manageme nt and Mo nitoring 567 8-46 About Statistics Types The statistics type is the unit of measurement that is used during the statistics interval. Stat1SbC$ l)'pc Ocscript1on Exantplo Rate Value OYer tll-e currenc mterval CPU use (MHz) Delta Change from preVtous interval CPU ready time AbsoilJte Absolute value independent of interval Memory active The statistics type refers to the measurement that is used during the statistics interval and is related to the unit of measurement. The statistics type is one of the following: • Rate: Value over the current statistics interval • Delta: Change from the 1Jrevious statistics interv;tl • Absolute: Absolute v;1lue (independent of the statistics interval) For example, CPU usage is a rate, CPU ready time is a delta, and memory active is an absolme value. 568 Module 8: Resource Management and Monitoring 8-47 About Rollup Rollup is the conversion function between statistics inteJVals: 5 minutes or past-hour statistics are converted to one past-day value: - Fifteen 20-se<:ond statistics are rolled up into a single value. 30 minutes or past-day statistics are converted to 1 past-week value: - Six 5-minute statistics are rolled up into a single value. Rollup Type Conversion Function Sample Statistic Average Average of data point& CPU use {average) Summation Sum of dat3 pomts CPU ready time (m1lllseoo~$~ L.1.tes1 Last data point Upnme (days) "°'11n1mum Cu«eflt OI average minimum data point Maximum Cu1rent or average maximum data point Available in iill counters when vCenter Server stat1sticscollecilon Is set to level 4 Data is displayed at different specificities according to the historical interval. Past-hour statistics are sh0\\11 at a 20-second specificity, and past-day statistics are shown at a 5-minute specificity. The averaging that is done to convert rrom one time interval to another is called roll up. Different roll up types arc available. The roll up type determines the type of statistical values returned for the counter: • Average: The data collected during the interval is agi:,.,egat.ed and averaged. • Minimum: The minimum value is rolled up. • l'vlaximum: The maximu m value is rolled up. The minimum and maximum values are collected and displayed only in collection level 4. Nlinimum and maximum rollup types are used to capture peaks in data during rhe interval. For real-Lime dara, the value is the current minimum or current maximum. For historical data, the ''alue is the average n1ini 1nun1 or average max.in1t1m. Module 8: Resource Management and Monitoring 569 For example, the following information for the CPU usage chart shows that the average is collected at collection level I and that the minimum and maximum values are collected at collection level 4: • Counter: Usage • Unit: Percentage (%) • Rollup Type: Average (Minimum/Maximum) • Collection Level: I (4) Statistics levels include summation and latest: • Summation: The collected data is summed. The measurement displayed in che performance chart represents the sum of data collected during the interval. • Latest: The data that is collected during the interval is a set value. The value displayed in rhc perforrnance chart represents the current value. For example, if you look at the CPU Used counter in a CPU performance chart, the rollup type is stm1mation . So, for a given 5-minute interval, tl1e sum of all the 20-second samples in that interval is represented. 570 Module 8: Resource Management and Monitoring 8-48 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe the performance-tuning methodology Identify resource-monitoring tools Use vCenter Server performance charts to view performance Module 8: Resource Management and Monitoring 571 8-49 Lesson 4: Monitoring Resource Use Lesson 4: Monitoring Resource Use vmware· 572 Module 8: Resource Management and Monitoring 8-50 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Monitor the key factors that can affect a virtual machine's performance • Use performance charts to view and improve performance Module 8: Resource Management and Monitoring 573 8-51 Interpreting Data from Tools vCenter Server monitoring tools and guest OS monitoring tools provide different points of view. __ ----··.. ....., . _ CPU Usage Chart for H ost _,,_ - •• • ~1 ... -- ... ·-- _ ·_... - --·- -- --· -·• • . ••• ••• ....... ••• •-~ •• ••• ••• • • _, T-' ~- ...~-• • • -- • -- --•• • • T3$k Manager Jn Guost Opor8ting System --·---·-8":.,.... . CPU EJ~·~ •o.o•• !Ol .-.1., • I ·--- _..._,,,,.m_ '~ The key to interpreting perfom1ance data is to observe the range of data from the perspective of the guest operating system, the VM, and the host. The CPU usage statistics in Task Manager, for example, do not give you the complete picture. View CPU usage for the VM and the host on which the VM is located. Use the perfom1ance charts in the vSphere Client 10 view this data. 574 Module 8: Resource Management and Monitoring 8-52 CPU-Constrained VMs (1) If CPU use is continuously high, the VM is constrained by the CPU. However, the host m ight have enough CPU for other VMs to run. ··--- - _,_,...._,_ ......·_. ·-_, - -- --·__ .' . ----·--·- -·(-•• -- • •• •• • -- - - ---• ---·- • • -- - ·-- • • • • • "' •• •' "' • -. .. ... • • " ,_..• lf CPU use is high, check the VNf's CPU usage statistics. Use either the overview charts or the advanced charts to view CPU usage. The slide displays an advanced chart tracking a Vivi's CPU ttsage. Jfa VM's CPU use remains high over a period of time, the Vivi is constrained by CPU. Other Vl'vls on the host might have enough CPU resources to satisfy their needs. If more than one VM is constrained by CPU, the key indicator is CPU ready time. Ready time refers to the interval when a VNI is ready to execute instructions but cannot because it cannot get scheduled onto a CPU. Several factors affect the amount of ready time: • Overall CPU use: You arc more like ly 10 sec ready time when use is high because the CPU is more li kely to be busy when another Vivi becomes ready to run. • Number of resource consumers ( in this case, guest opernting sys tems): \Vhen a host is running a larger number of VMs, the scheduler is more like ly to queue a VM behind VMs that arc already running or queued. Module 8: Re source Management and Monitoring 575 A good ready time value varies from workl.oad to workload. To find a good ready time value ror your workload, collect ready time data over time for each VNL \Vhen you have this ready time data for each VM, estimate how much of the observed respo11se time is ready time. lftbe shortfalls in meeting response-time targets for the applications appear largely because of the ready time, take steps to address the excessive ready time. 576 Module 8: Resource Management and Monitoring 8-53 CPU-Constrained VMs (2) Multiple VMs are constrained by the CPU if the following conditions are present. High CPU usage in the guest operating system • Relatively high CPU readiness values for the VMs ---- ---·-·-----·-· -·-- -- ·-••• - -- ·--•• • - -• -- ~ ~ - To determine whether a VM is being constrained by CPU resources, view CPU usage in 1he guest operating system using, for example, Task Manager. I f more than one \ fM is constrained by CPU, the key indicator is CPU readiness. CPU readiness is the percent of time !hat the VM cannot run because it is contending for access to 1be physical CPUs. You arc more likely to sec readiness values when use is high because 1he CPU is more likely to be busy when another VJVI becomes ready to run. You are also more likely to see readiness values when a host is running many VMs. In this case, the scheduler is more likely to queue a VM behind VMs that are already running or queued. A good readiness value varies from workload to workload. Module 8: Resource Management and Monitoring 577 8-54 Memory-Constrained VMs ( 1) Compare a VM's memory consumed and granted values to determine whether the v ·M is memory- constrained. ·-· ·--- ··- ----•1$• - Ulla!-.•.1'1•- _a.., • w ---•• --· w • •• 578 -- ." . •fl•• --· -- -- - -- -- --- -- - - ·-- . . ·-. ··- ·• • •• •• • • • M w • ~ Module 8: Resource Management and Monitoring • • • • '* ·~~ 8-55 Memory-Constrained VMs (2) If a V M consumes its entire memory allocation, the VM might be memory-constrained, and you should consider increasing the VM's memory size. . ·- ·-·-.... ·---·- -··- "" ........... -...._ --..a. . . - .-• --· ,.._._,_.~ ' • 0 • - • • . ... ---•-- - -- - -. ..- . • -• -- - ,_ • • • •• -- - • • - • • , • ~ - -~ J. . - · Module 8: Resource Management and Monitoring 579 8-56 Memory-Constrained Hosts Any evidence of balloon1ng or swapping is a sign that your host might be memory-constrained. -----·-........ ·--_ ....................- -.. ... -·- ·---·--- •---- -c-. -•• ---· --..... ---- •• •• - ·•• •• - -- - .... ~- • -- ~- • -- • • • • • ." . - ...... -··---- .....-----· - ----· ---~ • • -~ -~ • • ' ~- A~G . ' •• ' You might see Vt.ls with high ballooning activity and VMs being swapped in and out by the VMkemeL T his serious situation indicates that the host memory is overcommitted and must be incre.ased. 580 Module 8: Resource Management and Monitoring 8-57 Disk-Constrained VMs Disk-intensive applications can saturate the storage or the path . If you suspect lhat a VM is constrained by disk access, take these actions: Measure the throughput and latency between the VM and storage. Use the advanced performance charts to monJtor t.hroughput and latency: - Read rate and write rate - Read latency and write latency Disk performance problems arc commonly caused by saturating tJ1e underlying physica l storage hardware. You Ciln tise the \1Ce11ter Server adva_ nced pe1fonnnnce cha11s to 111easure-storage perfonnance at different levels. These charts provide insight about a Vivi performance. You can monitor everything from the Vivi's datastore to a specific storage path. If you select a host object. you can view throughput and latency for a datastore, a storage adapter. or a stornge path. The storage adapter charts are ava ilable only for Fibre Channel storage. The storage path charts are available for Fibre Channel and iSCSI storage, not for NFS. If you select a VM object, you can view throughput and latency for the VM's datastore or specific virtual disk. To monitor throughput, view tbe Read rate and \Vrite rate counters. To monitor latency, view the Read latency and \I.' rite latency counters. Module 8: Resource Management and Monitoring 581 8-58 Monitoring Disk Latency To determine disk performance problems, monitor two disk latency data counters: Kernel command latency: - This counter is the average time that is spent in the VMkernel per SCSI command. - High numbers {greater than 2 milliseconds or 3 milliseconds) represent erther an overworked array or an overworked host. Physical device command latency: - This counter is the average time that the physical device takes to complete a SCSI command. - High numbers represent a slow or oveiworked array, for example: • For spinning disks (HDDs), greater than 15 milliseconds or 20 milliseconds • For SSDs. greater than 3 milliseconds or 4 milliseconds To determine whether your vSphere environment is experiencing di sk problems, monitor the disk latency data counters. Use the advanced performance charts to view these statistics. I n particular, monitor the followi ng counters: • Kernel command latency: This data counter measures the average amount of time, in milliseconds, that the Vlvlkemcl spends processing each SCSI command. For best performance. the value should be 0 through I millisecond. lf the value is greater than 4 milliseconds, the VMs on the ESXi host are trying to send more throughput to the storage system than the configuration supports. • Physical device command latency: Tb.is daL1 counter measures tbe average amount of time, in mi lliseconds, for the physical device to complete a SCS I command. 582 Module 8: Resource Management and Monitoring 8-59 Network-Constrained VMs Network-intensive applications often bottleneck on path segments outside the ESXi host: • Example: WAN links between server and client II you suspect that a VM is cons trained by the network, take these actions: Verily that VMware Tools 1s installed and that VMXNET3 is the virtual network adapter. Measure the effective bandwidth between the VM and Its peer system. Check for dropped receive packets and dropped lransmtt packets. Like disk performance problems, network perfonnance problems are commonly caused by saturating a network link between client and server. Use a tool such as lometer, or a large file transfer, to measure the effective bandwidth. Network perfonnance depends on application workload and network configuration. Dropped network packets indicate a bottleneck in the network. To determine whether packets are being dropped, use the advanced performance charts to examine the droppedTx and droppedRx network counter values of a \Irv!. In general, the larger the network packers, the faster the network speed. \I/hen the packet size is large, fewer packets are transferred, which reduces the amount of CPU that is required to process the darn. In some instances, large packets can result in high nerwork latency. When network packers arc small, more packets arc transferred, but the network speed is slower because more CPU is required to process the data. Module 8: Resource Management and Monitoring 583 8-60 Lab 23: Monitoring Virtual Machine Performance Use the system monitoring tools to review the CPU workload: 1. Create a CPU Workload 2. Use Performance Charts to Mon~or CPU Use 3. Remove CPU Affinity and Change CPU Shares to Normal 584 Module 8: Resource Management and Monitoring 8-61 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Monitor the key factors that can affect a virtual machine's performance • Use performance charts to view and improve performance Module 8: Resource Management and Monitoring 585 8-62 Lesson 5: Using Alarms Lesson 5: Using Alarms vmware· 586 Module 8: Resource Management and Monitoring 8-63 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Use predefined alarms in vCenter Server View and acknowledge alarms Create custom alarms Module 8: Resource Management and Monitoring 587 8-64 About Alarms An alarm is a notification that Is sent in response to an event or condition that occurs with an object in the inventory. Y'm ....pn.,.,.,1 ...~1 . () sa-vcso-Ot.vclassJocal o~.c--B!.C:....0 . - a ...._ o-.ai.-... ...... ---, _ _ l'W... ·-· ~- ... • . ' - oc"OOI" v rrlggered Alarms " -- . -· ' • -- ·-- . You can acknowledge an alarm 10 let other users know that you take ownership of the issue. For example, a VM has an alarm set to monitor CPU use. The alarm is configured to send an email to an administrator when the alarm is triggered. The VM CPU use spikes, triggering the alarm, wbicb sends an email to the administrator. The administrator acknowledges the n·iggered alarm to let other administrators know the problem is being addressed After you acknowledge an alann, the alam1 actions are discontinued, but the alarm does not get cleared or reset when acknowledged. You reset the alarm manually in the vSphere Client to return the alarm to a normal state. 588 Module 8: Resource Management and Monitoring 8-65 Predefined Alarms (1) You ean access many predefined alarms for various inventory objects, such as hosts. virtual machines. datastores, networks, and so on. G I ~vcso-Otvcloss.1oc41 --·· ·-""' -_,_._ -- ........... ... • • .., Alarrn oefn t.ons '--~-"' ---~ ..... ._.._......... ---- ~ ~ --., -.........- __ -·---!!-·--··--··____ --......__ ---__ -• --·--------~-"-_..,_._. • .... ,_ ..,.; ... -- --·· ---_, ...... .... ...- i.. _ _ _ _ • ....~--,_ -- ,.,.m_ • -· o-- • o-,,a-__ o-a-t!I '""'°""""' 0"""'tJ ,...._... 01...~ • Module 8: Resource Management and Monitoring •' 589 8-66 Predefined Alarms (2) - You ean edit predefined alarms, or you can make a copy of an existing alarm and modify the settings as needed. -·__ ....,_ oe---. -- __....-·___ -·- -· ...... o-o-·---......._, 10 -____ ·-·..-- _,..,._ ..,.. --·__....._.,_,_ a----·-·--- -,,o-__ --···'>-- ---------- -""" '""""'' ~_ , , ,.... ei.. .-...- .........., --~ A - • ' ........ , ....... • , To make a copy of an alarm, select the alarm and click 590 ......_....,.., , "'_....., y('l:'l-- Module 8: Resource Management and Monitoring °"_ ~- ~·· ... -~ -~-~-~- ·=== ••• - ADO. 0 ... Q:..0- 0' ' '""'°"""" Q l•Qolt-°' •' • .•" 8-67 Creating a Custom Alarm In addition to using predefined alarms, you can create custom alarms in the vSphere Client. o sa-vcsa-01.vclass.!ocal lo...·--a1-I O "'-•"""""'- - __,. ' .. ,....,. ID Q n Q .. .. ..... !J?c.,~ 1.:1"'~... 0 ...-.o•Ol...:i-~ ~ 1- 2l»O. ?": "'°' .... - . _ Altotm tcl'Je<IUOH °'"''"'"''" If the predefined alarms do not address the event, state, or condition that you want to monitor, define. custom alarm definitions instead of modifying predefined alarms. Module 8: Resource Management and Monitoring 591 8-68 Defining the Alarm Target Type On the N ame and Targets page, you name the alarm ~ give it a description, and select the type of inventory object that tllis alarm monitors. ' ,.,......_1.-girl• )( --· ,, ... ,,..,_;:,.o~,.,,,.,.,._,. You can create custom alarms for the following target types: • Virtual machines • Hosts, clusters, and data centers • Datastores and datastore clusters • Distributed switches and distributed po11 groups • vCenter Server 592 Module 8: Resource Management and Monitoring •1 8-69 Defining the Alarm Rule: Trigger (1) An alarm rule must contain at least one trigger. A trigger can monitor the current condition or state of an object, for example: A VM's current snapshot is more than 2 GB. A host is using 90 percent of its total memory. A datastore is disconnected from all hosts. A trigger can monitor events that occur in response to operations occurring on a managed object, for example: The health of a host's hardware changes. A license expires in the data center. A host leaves the distributed switch . You configure the alarm trigger to show as a warning or critical eveot when the specified criteria are met: • You c.a11 111011itor tJ1e curre11t conditio11 or state of virtlial macl1i11es> hosts, a11d datastores. Conditions or states ioclude power states, cormection states, and performance metrics such as CPU and disk use. • You can monitor events that occur in response to operations occurring with a managed object in the inventory or vCenter Server itself. For example. an event is recorded each time a VM (which is a managed object) is cloned, created, deleted, deployed, and migrnted. Module 8: Resource Management and Monitoring 593 8-70 Defining the Alarm Rule: Trigger (2) You select and configure the events, states, or conditions that trigger the alarm. x Afafm RUie 1 all(> a ~_.... •• ' ..., - · 'I ' " _ ....... You must create a separate alarm definition for each trigger. T he OR operator i s not supported i n the vSphere Client. However, you can combine more than one condition tr igger with the AND operator. 594 Module 8: Resource Management and Monitoring 8-71 Defining the Alarm Rule: Setting the Notification You configure the notification method to use when the alarm is triggered. The methods are sending an email, sending an SNMP trap, or running a script. New Alarm Oefin-t'On x Alarm Ru~e 1 I 1-~ ...., .... , ........ ......,,............ ·-~ . r•"" E a:ll Module 8: Resource Management and Monitoring 595 8-72 Defining the Alarm Reset Rules You can select and configure the events, states, or conditions to reset the alarm to normal. Sometimes, as in this example, you can access only one option to reset the alarm. .I . . . t\ew Alaim Dellnrtioo Reset Rule 1 ·~·•'' -~*"'-·• ) ~0.1-1 .... ~Cl't-lfllo !-~ o(IO"""""' ...-VSN"ll>lr- ::>. .......... 0 ........ <> <> ,... l:Alo !'.]; 596 Module 8: Resource Management and Monitoring l I I.Cl! J- 8-73 Enabling the Alarm On the Review page, the new alarm definition is enabled by default. New Alarm Oefininon J .............. . I ••! "'1Ht I '11-lEH f •9.... ......... ·. .......... c _., "'"'"'""'........ ~~ ,._..._...,. ......""'.,,_, 11oE11 ~.'O'J91' • _.....as e ...,J_ ~·~c 'i 'I'·' Module 8: Resource Management and Monitoring 597 8-74 Configuring vCenter Server Notifications If you use email or SNMP traps as the notification method, you must configure vCenter server to support these notification methods. - ti - v5ptiev-i! Chm! Q l'I "' iO ~t ll!Sfi~• ....... :2 O I • sa·vcsa-01.vclass.local S..11111'.... ) QI M-O<A~l.,-Qll . " ··---· .......... ...... tcrloiu·· • vc~1et I "'-' ' " ,. ' .. ". ... - ,... v ......... !llll«.-1 serve-r sen1ngs. .......11& °"'l.W• "" o.ua1c.n.. ....... " I £01· I Edit vCenter 9encr"I ~tt'19S ,..,_, OolAIHO f&.llt(l'• - N I ""'~'(It' I :.~- I ...• ·-' ··-- ~------ To configure email, specify the mail server FQDN or IP address and the email address of the sender account. You can configure up to four receivers of SN'M'P traps. They must be configured in numerical order. Each SNl\1P trap requires a corresponding host name, port, and community. 598 Module 8: Resource Management a nd Monitoring 8-75 Lab 24: Using Alarms Create alarms to monitor virtual machine events and conditions: 1. Create a Virtual Machine Alarm to Monitor a Condition 2. Trigger the Virtual Machine Alarm 3. Create a Virtual Machine Alarm to Monitor an Event 4. Trigger the Virtual Machine Alarm 5. Disable Virtual Machine Alarms Module 8: Resource Management and Monitoring 599 8-76 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Use predefined alarms in vCenter Server View and acknowledge alarms Create custom alarms 600 Module 8: Resource Management and Monitoring 8-77 Activity: Virtual Beans Resource Monitoring ( 1) Which tools can Virtual Beans use to meet its goals for managing and monitoling the vSphere environment? Match each Virtual Beans requirement with the appropriate vSphere feature. Virtual Beans Requirements vSphere Features ,, Increase compute resources for businesscritical workloads, particulany during peak months. o Provide proactive recommendations to help o Alarms avoid problems before they occur. o Shares 1 11mits, reservations o V~~\11a re Skyline o vCenter Server performance charts o Create monthly reports, for management. that contain graphs of VM resource usage. o Be notified when ESXi hosts experience high CPU and memory usage. Module 8: Resource Management and Monitoring 601 8-78 Activity: Virtual Beans Resource Management and Monitoring (2) Which tools can Virtual Beans use to meet its goals for managing and monitoring the vSphere environment? Match each Virtual Beans requirement with the appropliate vSphere feature. Virtual Beans Requirement vSphere Feature Increase compllte tesources for busi oess~criticalwori<loads, Shares. limfls. and 1eservalions parucularly dunng peak months Provide p<oacwe recommendations to help avoid probtams bofore VMware Skyline they occur. Ct&ate monlhlytepol'ts, for n'lan.aigement that contain graphs of vCenter SeM?r perfocmaneechans Vf\.4 tesource usage. Be no11r1ed when S.SXJ hosts expenence high CPU and memory usage 602 Module 8: Resource Management and Monitoring Alarms 8-79 Key Points An ESXi host uses memory overcommit techniques to allow the overcommitment of memory while possibly avoiding the need to page memory out to disk. The VMkemel balances processor time to guarantee that the load is spread smoothly across processor cores in the system. You can apply reservations, limits. and shares against a VM to control the amount of CPU and memory resources granted. The key to interpreting performance data is to observe the range of data from the perspective of the guest operating system, the virtual machine, and the host. You use alarms to monitor the vCenter Server inventory objects and send notifications when selected events or condrtions occur. Questions? Module 8: Resource Management and Monitoring 603 604 Module 8: Resource Management and Monitoring Module 9 vSphere Clusters Module 9: vSphere Clusters Module 9: vSphere Clusters605 9-2 Importance Most organizations rely on computer-based services like email, databases, and \Veb-based applications. The failure of any of these services can mean lost productivity and revenue. By understanding and using vSphere HA, you can configure highly available. computer-based services, which are important for an organization to remain competitive in contemporary business environments. And by developing skills in using vSphere DRS, you can improve service levels by guaranteeing appropriate resources to virtual machines. 606 Module 9: vSphere Clusters 9-3 Module Lessons 1. vSphere Clusters Overview 2. vSphere ORS 3. Introduction to vSphere HA 4. vSphere HAArchitecture s. Configuring vSphere HA 6. Introduction to vSphere Fault Tolerance Module 9: vSphere Cluste rs607 9-4 Virtual Beans: vSphere Clusters Virtual Beans has the following requirements for their data center: Infrastructure must be highly available: - Business-critical applications: 99.99 percent available (downtime per year of 52.56 minutes) - Nonbusiness-critical applications: 99 percent available (downtime per year of 3.65 days) Infrastructure must be scalable: - Virtual Beans ex.pects huge gro\vth over the next three years, so the virtual infrastructure must be easy to scale. Applications must perform well: - Applications must have enough resources to meet performance levels as defined in the servicelevel agreement. As a Virtual Beans administrator, you create a vSphere cluster architecture for the data center that is highly available, scalable, and high-performing. 608 Module 9: vSphere Clusters 9-5 Lesson 1: vSphere Clusters Overview Lesson 1: vSphere Clusters Overview vmware· Module 9: vSphere Clusters609 9-6 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe the benefits of vSphere clusters Create a vSphere cluster View information about a vSphere cluster 610 Module 9: vSphere Clusters 9-7 About vSphere Clusters A cluster is used in vSphere to share physical resources between a group of ESXi hosts. vCenter Seiver manages cluster resources as a single pool of resources. You can create one or more clusters based on the purpose each cluster must fulfill, for example: Management • Production • Compute A cluster can contain up to 64 ESXi hosts. vm vSphere Client MP-1111 v ..., G s.HK>a-Otvdtt>sJOCdl ..., OJ. SA·Do:acemer > n SA-Compule-01 > CJ SA<ompute-02 > {!I SA...,.,N9ement ..., 0 st>-vcsa-Olvcl<lss l<>Cai v 01 SB·Dat..c:enter fll SB·Developm<!nt >0 ss-~ient Module 9: vSphere Clusters611 9-8 Creating a vSphere Cluster and Enabling Cluster Features When you create a cluster, you can enable one )( or more cluster features: vSphere DRS • vSphere HA • vSAN ~·- © "" ... OllS You can also manage image setup and updates on all hosts collectively. ""_ ....... .......... , ~ You can enable the following services in a vSphere cluster: • vSphere HA, for high availability • vSphere DRS, for Vivi placement and load balancing • vSAN, fol' shared storage You can also manage host updates using images. \'lith vSphere Lifecycle 1v!anager, you can update all hosts in the cluster collectively, using a specified ESXi image. 612 Module 9: vSphere Clusters 9-9 Configuring the Cluster Using Quickstart After you create a cluster, you can use the Cluster Quickstart workfto\v to configure the cluster. With Cluster Quickstart, you follow a step-by-step configuration wizard that makes tt easy to expand the c,luster as needed. o--· • ·- ·-~·-· ,.,.., ·-· o ....~ . . .. - .. ----·. -··-- --- ---__ __ _ ·----------· --_, ··---..·-- ··--- . ._...... I ..... __.._____ -··--•74- ...- ---, ....w - ~-- --·........._ ·-~ - The Cluster Quickstart workfiow guides you through the deployment process for clusters. le covers every aspect oftl1e initial configuration, such as host, network, and vSphere settings. \Vitl1 Cluster Quickstat1, you can also add additional hosts to a cluster as part of the ongoing expansion of clusters. Cluster Quickstart reduces the time it takes to configure a cluster. The workflow incl udes the following tasks: • Setting up services such as vSphcre HA aod vSAN • Verifying hardware and software compatibility • Deploying Virtual Distributed Switches • Configuring network settings for vSphere vMotion and vSAN Module 9: vSphere Clusters613 • Creating a vSAN stretched cluster or vSAN fault domains • Ensuring consistent NTP configuration across the cluster The Cluster quickstart page provides workflow cards for configuring your new cluster: • Cluster basics: Lists the services that you have already enabled and prov ides an option for editing the cluster's name. • Add hosts : Adds ESX i hosts to the clus ter. These hosts must alre,idy be present in tbe inventory. After hosts are added, the workflow shows the total number of hosts that are present in the cluster and provides health check validation for those hosts. At the start, this workflow is empty. • Configure cluster: Informs you about what can be automatically configured, provides details on configuration mismatch, and reports cluster health results through the vSAN health service even after the cluster is configured. For more information about creating clusters, see vCenter Server and Host i\1a11ageme111 at httos://docs. \1 111\.1.,1are.co1111'e111V1'v1,varc-\.'S pherel7.O/ ro1l1. \1 111v~.rare. \.'spl1ere.\'Center11ost .doc/GU 1D3 B5 AF2 BI -C534-4426-B97A-0140 l <JA8010F hnnl. 614 Module 9: vSphere Clusters 9-10 Configuring the Cluster Manually Alternatively) you can use the Configure tab to manually configure a cluster's settings. . -- 0 ICM·Compote·01 ........., ..._ "'" ' v 1 ~1 - • ""'-- . Ooo!~>llOI • ~- ·-...-__ _,.._ .......,."'._'°... ...... ~-- ,., ~ vSphete ORS IS Tutned ON --- -·-"-·-· ~···-- - - --I··-.. -r~"· ---- - •Co:I , ., • •, I C(l<f J ~ ..... w•- ·--·~ • ·~ tfUJI &ol'O"I¥ Q ......°"_ - Module 9: vSphere Clusters615 9-11 Adding a Host to a Cluster To add a host to a cluster, drag the host onto the cluster object in the Inventory. vm -0 vSphere Client 1 v O sa-esxi-01.vclass.local sa·vcsa-Ol vcilass.local (]) tCM·O•t«en " sa-esxi.02 vclass.local ti ICM.ccmout..01 llJ SA-0.t.ttftlter 0 •.;. Sb-\'CW•OI VClass.JOC.al Summary - ""'""" H,,_."°' Module 9: vSphere Clusters VMwar~ VM ~art Model Processor Type Logieal Processors· 2 NICs. s vw1ua1 Machines: s State Upome G. 616 Pe Confiqur~ tntcl(R) ...,.. Coonec: 9-12 Viewing Cluster Summary Information For a quick viev1 of your cluster configuration, the Summary tab provides general information about a cluster's resources and its consumers. .. ----n... 0 ICM Compule--01 4 ,_.., -- ~ ,., •c·-,.. ,....,_ ..,.,._ • ... ~ ••• _ .. -· . . • ,_ _,, °"''"~ ~- • ··- A • o-1~ -··- ..... ~ " N-~ -· -. . --· -·---, • • v-wa•-- "-41\IPI •l'l< ~Sclwo• ~ OllS • • Module 9: vSphere Clusters617 9-13 Monitoring Cluster Resources You can vie\v a report of total cluster CPU, memory, memory overhead, storage capacity, the capacity reserved by VMs, and how much capacity remains available. _ ... - , _ _ c-_ .... " MemoryReservatoonOetaas ,_ '""'"c-... 1--.. ...._ . _ :Joi- •• ·---~, ~ ... --· • It-· -·a-• ·-- . ,,_ • ,._ • -· - --·--"'"·-WOP'lfoi:iQoo• ........,,..... ~ ---·~· ._,._"' ~ ' & ...... . • it-• f1: ··~- ---------- .....-- ..·-,. ·~ •• .... - .. ~ -- '-~ ~u ~ ..u vCcntcr Server uses vSphcrc HA admission control to ensure that sufficient resources arc available in a cluster to provide foilover protection and to ensure that VM resource reservations are respected. 618 Module 9: vSphere Clusters 9-14 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe the benefits of vSphere clusters Create a vSphere cluster View information about a vSphere cluster Module 9: vSphere Clusters619 9-15 Lesson 2: vSphere DRS Lesson 2: vSphere DRS vmware· 620 Module 9: vSphere Clusters 9-16 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe the functions of a vSphere DRS cluster Explain how vSphere DRS determines VM placement on hosts in the cluster Enable vSphere DRS in a cluster Monitor a vSphere DRS cluster Module 9: vSphere Clusters621 9-17 About vSphere DRS vSphere DRS is a cluster feature that helps improve resource allocation across all hosts in a cluster It aggregates computing capacity across a collection of servers into logical resource pools. vSphere DRS is used in the following situations: Initial placement of a VM when it is powered on Load balancing M igrating Vtvts when an ESX i host is placed in maintenance mode EJEJE B•'' ii.IN[ t EJ vw • . Im • . Im v.. • . l;!D ~~~ 1111 0 11111111 0 11111111 0 1111 \Vhcn you power on a VM in the cluster for the first time, vSpherc DRS either places the Vivi on a pa1t icltlar host or 1nakes a reco111n1ei1(lation. ORS attempts to improve resource use across the cluster by performing automatic migrat ions of Ylvls (vSpbere vMotion) or by providing a recommendation for VM migrations. Before an ESXi host enters maintenance mode, VMs running on the host must be migrated to another host (either manuall y or automaticall y by DRS) or shut down . 622 Module 9: vSphere Clusters 9-18 vSphere DRS: VM Focused VSphere DRS is VM focused: While the VM is powered on, vSphere DRS operates on an individual VM basis by ensuring that each VM's resource requirements are met. vSphere DRS calculates a score for each VM and gives recommendations (or migrates VMs) for meeting VM's resource requirements. The DRS algorithm recommends where individual VMs should be moved for maximum efficiency. If the cluster is in fully automated mode, DRS executes the recommendations and migrates VMs to their optimal host based on the underlying calculations pe1fonned every minute. Module 9: vSphere Clusters623 9-19 About the VM DRS Score The VM DRS score is a metric that tracks a VM's execution elficiency on a given host. Execution efficiency is the frequency that the VM is reported as having Its resources requirements met: • Values closer to 0% indicate severe resource contention. • Values closer to 100% indicate mild to no resource contention. Cllr..1cr OM Score <D ,.... ·-·"'" "" V IEW o•s &ET"f lN GS YfEW ALL v ..... A VM DRS score is computed from an individual VM's CPU. memory. and nc1work metric.s. DRS uses tl1ese metrics to gauge the goodness or wellness of the VM. In vSphere 7, the DRS algorithm runs every minute. The Cluster DRS Score is the last result of DRS running and is filed i.oto one of five bucketS. These buckets are simply 20 percent ranges: 020, 20-40. 40-60. 60-80 and 80- l 00 percent over the sample period. 624 Module 9: vSphere Clusters 9-20 VM DRS Score List The cluster's Monitor tab lists the V M D RS Score and more detailed metrics for all the VMs in the cluster. -- -- - -· .... -· -- D ICM-Comput<>-01 ........., .., , .' T--C,_ 3\-·~ • • .-4.. -·- ~.. CIC!f ~ ~ -·.................... ~~- --· ... ..... a. ~ r•-a .,._.. • ·~ I .... ......... 3\-~ .s -~ • I G"'"-o0 Ill'- I -·~ ·~ ·~ ,._ n ... ~ --~ '""''"'""" -~ ·~ ·~ ·- ·- ·~ ·~ ·~ u- ;1'aou ·~ u- ' .. ~·. .... ...... • --. . ,.,_ ,. . • a- ' The Vl\1 DRS Score page shows rhe following values for VMs thar are powered on: • DRS Score • • Active CPU • CPU Readiness • Granted Memory • • Swapped Memory Used CPU Ballooned lvlemory Module 9: vSphere Clusters625 9-21 Viewing VM DRS Scores Using Performance Charts (1) The advanced performance chart for a cluster object provides the DRS Score counter. , ----- ,r,_..,._ ·- -- - -__,.N_• ·I ·----- __ - -- -- -- --·--____ - ...... ... ·--~ ,........ -~ -~ ~---- ' ,,_ ~- "~- 626 Module 9: vSphere Clusters 9-22 Viewing VM DRS Scores Using Performance Charts (2) The DRS Score counter displays the DRS scores for VMs in the cluster over the selected time period. 0 ICM.Compute,.01 .._ _ AMnfll " --· ..,._ "- • n • • -- _, ..··- .... -- - ·1::- -- .- ..- • --"'"'" .............. '"• ·~· ,,... °""'- . . . . - . .........oio ~ • •• •• • • ~- }QIL •'llW ......... =-~·I • • 'OO• ,.. IAW ~ • • • ,.... tOOW ...... .... . - - · • • Jill n• Module 9: vSphere Clusters627 9-23 Viewing vSphere DRS Settings When you cli<:k VIEW DRS SETTINGS, the mainvSphere DRS parameters and their current values are shown. vSphere DRS settings include: --... --------- ·-·-·-·-·..,. ' 100% ~ Automation level • Migration threshold -To view the vSpherc DRS pane, go to the e.l ustcr's Summary tab. 628 Module 9: vSphere Clusters ...,,.... _ ~ fll*llY"1 ....... 2- - "*"" 1 iw-ur.- • 9-24 vSphere DRS Settings: Automation Level You can configure the automation level for the inltial placement of VMs and for dynamic balancing while VMs are running. Edit Cluster Settings 1CM~1«1• .,....• c.t. C) &.ii~ AOG~\Otlll OOIOll~ ~ """"'"'"""' .14i1¥'<4'0 ~- i'.'Cl'I.,..,...,.....,.,..,..___,._ ••• ....__,..._...... ... -.....-.tt•.UU.-~~.... •11·~-·~1.o• The automation level determines whether vSphcrc DRS makes migration recommendations or automatically places VMs on hosts. vSphere DRS makes placement decisions when a VM powers on and wben VMs must be rebalanced across hosts in the cluster. The following automation levels arc available: • Manual: \Vhen you power on a V~1, vSphere DRS displays a list of recommended hosts on which to place the VM. '-'' hen the cluster becomes imbalanced. vSphcrc DRS displays recommendations for VM migration. • Partially automated: \Vhen you power on a VM, vSpbere DRS places it on the best-suited host. \Vhen the cluster becomes imbalanced, vSpbere DRS displays recommendations for manual VM migration. • FuUy automated: \Vhen you power on a VM, vSphere DRS places it on the best-suited host. \Vhen the cluster becomes i.mba.lanced, vSpbere DRS migrates VMs from overused hosts to underused hosts to ensure balanced use of cluster resources. Module 9: vSphere Clusters629 9-25 vSphere DRS Settings: Migration Threshold The migration threshold determines how aggressively vSphere DRS selects to migrate VMs. ici«~e-01 Edit CJuster Settings .,,.,.••• c.& • uiornll&Oll x C) •4i::Ub'>l!OD'..ons Pu- Mllltt;MMe"W 60.IWXt<IOi:J',OflS. ..... l)ltS._........, .... ~nw.i~ON!O>- • - ..,.,,.. ._ ........ ............_(_1~''11""1-hi)ti IO - -~- °""""' "" ,._ ---........ , .,, ..... _ _ .....,,_ fl) t'lliaC1tcm.lt11 •---·u-.,t--,_.. , ......._ .. ,.,._ v ......._ · · - · llU•• .. ···1- '°"""""' ¥°f''" The following migration threshold settings are available: • Level 1 (Conservative): Applies only priority I recommendations. vCenter Server applies only recommendations that must be taken to satisfy cluster constraints, such as affinity rnles ai1d 11ost mainte11ance. • Level 2: Apply priority I and priority 2 recommendations. vCenter Server applies recommendations that promise a significant improvement to the cluster's load ba lance. • Level 3 (default): Apply priority I, priority 2, and priority 3 recommendations. vCenter Server applies recommendations that promise at least good improvement to the cluster's load bala11ce. 630 Module 9: vSphere Clusters • Level 4: Apply priority I, priority 2, priority 3, and priority 4 recommendations. vCenter Server applies recommendations that promise even '' modernte improvement to the c luster's load balance. • Level 5 (Aggressive): Apply all recommendations. vCenter Server applies recommendations that promise even a slight improvement to the cluster's load balance. Module 9: vSphere Clusters631 9-26 vSphere DRS Settings: Predictive DRS vSphere ORS and vRealize Operations Manager combine data to predict future demand and determine When and where high resource utilization occurs. To make predictive decisions, the vSphere ORS data collector retrieves the following data. Resource usage statistics from ESXi hosts • Predicted usage statistics from the vRealize Operations Manager server Predicted usage statistics al\vays take precedence over current usage statistics. 632 Module 9: vSphere Clusters - -----·-----..----------· _ .. --. . --(D -__ ______·-.,._ --· - CJ ... ~----;=-I" -::;I ·-·-··---- --- ..._ ,_.. _ 9-27 vSphere DRS Settings: VM Swap File Location By default, swap files for a VM are on a data store in the folder containing the other VM files. For all VMs in the cluster, you can place VM swap files on an alternative datastore. lf vSphere DRS is enabled, you should place the VM swap file in the VM's directory. ··= I " ICM COtnPll!t Ol -----. ---- - - ® ----..-. -• . C...11•tM ~llVl'C ~-- Edit Cluster Settings - '°"~-· 9 I I . . . _.,,,..... 1...._ . . .. ,... ... 1............- _ _ _ ,...,.,"'1'>, - . .,....,... ,_,,_..,...,.. .. .._...,c~--· •--'-•- - · - - - - ...... i .... _ _ ........... r- ..... ·--·~-•- ..... 11>-M"' .......- _ . . , _ , ,..._<I"~~ .... - - -............. (" •ll('l• - A VM's lilcs can be on a V1vfFS datastorc, an NFS datastorc, a vSAN datastorc, or a vSphcrc Virtual Volumes datastore. On a vSAN datastore or a vSphere Virtual Volumes datastore, the swap file is created as a separate vSAN or vSphere Virtual Volumes object. A swap file is created by the ESXi host when a VM is powered on. 1f this tile cannot be created, the VM cannot power on. Instead of accepting the default, you can also use the following options: • Use per-VM configuration options to change the datastore to another shared storage location. • Use host-local swap, which allows you to specify a datastore stored locally on the host. You can swap at a per-host level. However, it can lead to a slight degradation in petformaoce for vSphere vMotion because pages swapped to a local swap ti le on tbe source host must be transferred across tbe network to the destination host. Currently, vSAN and vSpbere Virtual Volumes datastorcs cannot be specified for host-local swap. Module 9: vSphere Clusters633 9-28 vSphere DRS Settings: VM Affinity vSphere ORS virtual machine affinity rules specify that selected VMs be placed either on the same host (affinrty) or on separate hosts (anti-affinity): Affinity rules: Use for multi-VM systems where VMs communicate heavily with one another. Anti-affinity rules: Use for m ulti ~VM Create VM/Host Rule 1o+<:- u t•·01 x t· I Dos.c:r,xioo: ~ ast~Q V.tl.H!ll Mkn"K must . .... systems where load balancing or high availability is desired. • I <•NCEl 1m After a vSphere DRS c luster is cre<1ted. you can edit its prope11ies to create rules that specify affinity. The following types of rules can be created: • Affinity rules: vSphere DRS keeps certain VMs together on the same host (for example, for perfo1111ance re<tsons). • Anti-affinity rules: vSphere DRS ensures that certain VMs are not together (for example, for avaiJability reasons). If two rules conflict, you are prevented from enabling both. \Vhen you add or edit a rule, and the cluster is immediately in violation of that rule, the cluster cominues to operate and n·ies to correct the violation. For vSphere DRS clusters that have a default automation level of manual or partially automated, migration recommendations are based 011 both rule folfi llment and load balancing. 634 Module 9: vSphere Clusters 9-29 vSphere DRS Settings: DRS Groups VM groups and host groups are used in defining VM-Host affinity rules. The VM-Host affinity rule specifies whether VMs can or cannot be run on a host. Types of groups: • VM group: One or more VMs • Host group: One or more ESXi hosts A VM can belong to multiple VM groups. A host can belong to multiple host groups. ICI tcM-Compute-Ol ----·"' .-c""""' .. VM/Host Groups + Ma x a... - • """"' U:e'l!lllll VW-.,('YC V)llAflal c;,.,._ v........... VN OWl"Gtl lfO l'\flto'• • - --· ... ·.......- -- Hcu.IOclwn• "Oil"'°'"' For case of administration, virtual machines can be placed in VM or host groups. You c.an ere.ate one or more VM groups in a vSphere DRS cluster, each consisting of one or more VMs. A host group consists of one or more ESXi hosts. The main use ofVM groups and host groups is to help in defining the VM -Host affinity rules. Module 9: vSphere Clusters635 9-30 vSphere DRS Settings: VM-Host Affinity Rules A VM-Host affinity rule: Defines an affinity (or anti-affinity) relationship between a VM group and a host group Is either a required rule or a preferential rute Rule options: Must run on hosts in group Should run on hosts in group Create VM/Host Rule teM~~' x .. , .. v.w..1~"*_.,..-,..;-o..Cltfv...u.ouoOill_M 'fioft- ..... ....., 00" IKKI "'°'"'~~I ~ Must not run on hosts in group Should not run on hosts in group IESX.Gloool A VM- Host affinity or anti-affini ty rule speci fies whether the members of a selected Viv! group can run on the members of a specific host group. Unlike an affinity rule for VMs, which specifies affi nity (or anti-affini ty) between individual Vl'vls, a VM -Host affinity rule speci fies an affinity relationship between a group of VMs and a group of hosts. Because VM-Host affinity rules arc cluster-based, the VMs and hosts that arc included in a rule must all reside in the same cluster. Lf a VM is removed from the cluster, the VM loses its membership from all VM groups, even if it is later returned to the cluster. 636 Module 9: vSphere Clusters 9-31 VM-Host Affinity Preferential Rules A preferential rule is softly enforced and can be violated if necessary. Example: Separate Vl\t1s on different blade systems for improved performance. vSphere ORS Cluster Grovp B Fl Ill Ill Ill VM Ill Ill 0 VM Ill Ill 0 Ill ~---~' ~'--~-~ Slade Chassis A 81.lde Chassis 8 Preferential rules can be violated 10 allow the proper functioning of vSphcre ORS, vSphcrc HA, and VMware vSphere DPwl. On the slide, Group A and Group B arc VM groups. Blade Chassis A and Blade Chassis B arc host groups. The goal is to force the vrvts in Group A to run on the hostS io Blade Chassis A aod to force the \/Ms in Group B to run on the hostS in Blade Chassis B. lftbe hosts foil, vSphere HA restarts the \/Ms on the other hosts in the cluster. If the hosts are put into maintenance mode or become overused, vSphere ORS moves the VMs to the other hosts in the cluster. Module 9: vSphere Clusters637 9-32 VM-Host Affinity Required Rules A required rule is strictly enforced and can never be violated. Example: Enforce host-based tSV licensing. vSphere ORS Cluster GrOVl) A VM VM VM ISV·Llieense<t A VM-Host affinity rule that is required, instead of preferential, can ()e used when the software running in your \/Ms has licensing restrictions. You can enforce this rule when the software running in your \/Ms has licensing restrictions. You can place such \/Ms in a VM group. Then you can create a rule that requires the \/Ms to nm on a host &>Toup, which contains hosts with the required licenses. When you create a VM-Host affinity rule that is based on the licensing or hardware requirements of the software running in your \/Ms, you are responsible for ensuring that the groups are properly set up. The rule does not monitor the software running in the VMs. Nor does it know which thirdparty licenses are in place on which ESXi hosts. On the slide, Group A is a VM group. You can force Group A to run on hosts in the IS\1-Licensed group to ensure that the VMs in Group A run on hosts that have the required licenses. But if the hosts in the ISV-Licensed group fail, vSphere HA ca1mot restart the VMs in Group A on hosts that arc nOt in the group. If the hosts in the ISV-Licenscd group arc put into maimcnancc mode or become overused, vSphere DR.S cannot move tile \/Ms in Group A to hosts that are oot in the group. 638 Module 9: vSphere Clusters 9-33 vSphere DRS Settings: VM-Level Automation You can customize the automation level for individual VMs in a cluster to override the automation level set on the entire cluster. -. D ICM Compute Ol • -·-_ ..-· ~ ·~ "-"" ""_ ....... •· ., ,._,_ .. ''"4·•• ---..... ---- ;l - •• ~~ _.....__ -·..... --..... _ • ~- ...... ····J. . By setting the automation level for individua l VMs, you can line-tune automation to suit your needs. For example, you might have a VM that is especially critical to your business. You want more control over its placement so you set its automation level to Manual. Jfa VM's automation level is set LO disabled, vCcnter Server does not migrate that Vlvl or provide migr<ttion reco11m1endatio11s for it. As a best practice, enable automation. Select the automation level based on your environment and level of comfort. For example, if you arc new to vSphcre DRS clusters, you might select Partially Automated because you want control over the movement of VMs. \\Then you are comfortable with what vSphere DRS does and how it works, you might set the automation level to Fully Automated. You can set the automation level to Nl auual on VMs over which you want more control, such as your bus iness-critical VMs. Module 9: vSphere Clusters639 9-34 vSphere DRS Cluster Requirements ESXi hosts that are added lo a vSphere DRS cluster must meet certain requirements to use cluster fea1ures successfully: To use vSphere DRS for load balancing, the hosts in your cluster must be part of a vSphere vMotion network: - If the hosts are not part of a vSphere vMolion network, vSphere DRS can still make inilial placement recommendations. - vSphere ORS works best if the vriv1s meet vSphere vMotion requirements. Configure all managed hosts to use shared storage. You can create vSphere DRS clusters, or you can enable vSphere DRS for existing vSphere HA or vSAN clusters. 640 Module 9: vSphere Clusters 9-35 Viewing vSphere DRS Cluster Resource Utilization From the cluster's Monitor tab, you can view CPU, memory, and network utilization per host. 0 ICM·compc.rte-0'1 v I ACTICll'it "' · sum of Virtual Machine CPU Utila.ation • J>e.f' Host .. ... .... r. .........c;I~ t·--------~---------- ' r. -.-<D·-0..-t. . . 1.,,.()!IU,Q•........-0y '>"M....- .. j)CAJ~ .....reu ...,._u. -,O'U"-.-""'·°' - ....,......,__..u.ct.\. --... v The CPU Utilization and Memory Utilization charts show all the hosts in the cluster and how their CPU and memory resources are allocated to each VM . • For CPU usage, the Vfvl information is represented by a colored box. If you point to the colored box, the VM's CPU usage information appears. If the VM is receiving the resources that it is entitled to, the box is green. Green means that 100 percent of the VM's entitled resources are delivered. If the box is not green (for example, entitled resources are 80 percent or les.s) for an extended time, you might want to investigate what is causing this shortfall (for example, unapplied recommendations). • For memory usage, tbe VM boxes are not color-coded because the relatioosh.ip between consumed memory and entitlement is often not easily categorized. ln the Network Utilization chart, the displayed network data reflects all traffic across physical network interfaces on the host. Module 9: vSphere Clusters641 9-36 Viewing vSphere DRS Recommendations The ORS Recommendations pane disptays information about the vSphere DRS recommendations made for the cluster. You can also view the faults that 0<:curred when the recommendations were applted and the history ofvSphere DRS actions. 10 ICMc:..::•01 •·-~ - -___ _w ....... --·..... ------c:.----. . -·----·-· ·~ -- . . --·- ()Rs. Re<:On'r!lef'IOd !lo"' 1-..·-I ,.. -·-·- ----· ----~- -·· the DRS Recommendations pane, you can see the current set of recommendations that are generated for optimizing resource use in the cluster through either migrations or power n1a11agen1e11t. 011ly 111anuaJ reco11m1e11dations awaiting user confirn1atio11 appe-ar in tl1e list. ln To refresh the recommendations, click R UN DRS NOW. To apply all recommendations, click APPLY RECOM1\1"ENDA TIONS. To apply a subset of the recommendations, select the Override DRS recommendations check box. Select che check box next to each desired recommendation and click APPLY RECOMl\ofENl>ATIONS. 642 Module 9: vSphere Clusters 9-37 Maintenance Mode and Standby Mode Maintenance mode: Removes a host's resources from a cluster, making those resources unavailable for use Is often used to service a host in a cluster To pJace a host in maintenance mode: tSI ...._.(It__ _ _ !Jl. IC.. 0-illf'll• c;i ........... All running VMs on the host must be migrated to another '-l~M-1:-~ host, shut down or suspended. When DRS is in fully automated mode. powered·on VMs are automatically migrated from a host that is placed in ~ A·~YrlauJoal'.MM'!l~Mol)O f! ••·~1<11$$.locll~~·~I maintenance mode. Standby mode: Is used by vSphere OPM to optimize power usage. When a host is placed in standby mode, tt is powered off. A host enters or leaves maintenance mode as the result of a user request. \Vhi le .i n maintenance mode, the host does not allow you to deploy or power on a VM . VMs that arc running on a host entering maintenance mode must be shut down or migrated to another host, either manually (by a user) or automatically (by vSpbere DRS). The host continues to run the Enter Maintenance tvlode rJsk until all VMs are powered down or moved away. \ Vh cn no more runni ng VMs arc on the host, the host 's icon indicates that it has entered maintenance mode. T he host's Summar y tab indicates the n ew state. Place a host i n maintenance mode before servicin g the host, for example, when installi ng more menlOf}' or reJ110,ring a host fron1 a cluster. You can place a host in standby mode manually. However, the next time that vSphere DRS runs, it m ight undo your change or recommend that you undo the changes. ff you want a host to remain powered off, place it in ma.i nteoan ce. mode and turn i t off Module 9: vSphere Clusters643 9-38 Removing a Host from the vSphere DRS Cluster To remove a host from a cluster: 1. Place the host in maintenance mode. 2. Drag the host to a different inventory location. for example, the data center or another cluster. The resources available for the cluster decrease. \Vhcn a host is put into maintenance mode, all its running VMs must be shut down, suspended, or migrated to other hosts by using vSphere vMotion. VMs with disks on local storage must l>e powered off, suspended, or nligrnted to another host and datastore. \Vhen you remove the host from the cluster, the Vl\1s that an~ currently associated with the host are also removed from the cluster. If the cluster still bas enough resources to satisfy the reservations of all VMs in the cluster, the c luster adjusts resource allocation to reflect the reduced amount of resources. 644 Module 9: vSphere Clusters 9-39 vSphere DRS and Dynamic DirectPath 1/0 Dynamic DirectPath 1/0 improves the vSphere DirectPath 1/0 functionality by adding a layer of abstraction between a VM and the physical PCI device: A pool of PCI devices that are available in the cluster can be assigned to the VM. vSphere DRS is aware of Dynamic DirectPath 1/0 devices: When the VM is powered on, vSphere DRS places the VM on any ESXi host that provides the assigned PCI device. vSphere DRS takes action only at VM power on and does not perform any load-balancing actions. vSphere DRS Cluster vm • ~~ I· 1111 1111 • ~ 1111 • ~ 1111 I. 1111 I I Dynamic OircctPath 1/0 is useful on hosts that have PCI passthrough devices and for virtualiicd devices that require a directly assigned hardware de,•ice to back it. Dynamic DirectPath 110 is also called assignable hardware. The following devices can use assignable hardware: • PCI passthrough devices • Shared PCI passthrough devices, for example, NVIDIA GR.JD vGPUs Full memory reservation is applied to the VMs with pass-through devices. Module 9: vSphere Clusters645 9-40 Adding a Dynamic DirectPath 1/0 Device to a VM You can add Dynamic DirectPath 110 devices to a VM by editing the VM's settings. __ ~~-c:n Eol SettillQS - -.. o .... -- x --· _ ...., , ,....., -- -~- . ........ .. • • ---· ............ ....... • _,....._ For New PCI device, click Dynamic DirectPath IO. Clicking SELECT HARD\VARE displays a list of devices that can be attached to the VM . You can select one or more devices from the list. ln the image, tJ1e Vtvl can use either an Intel NIC with the RED hardware label or vmxnet3 NIC with the RED hardware label. 646 Module 9: vSphere Clusters 9-41 Lab 25: Implementing vSphere DRS Clusters Implement a VSphere DRS cluster and verify proper functionality: 1. Create a Cluster That Is Enabled for vSphere DRS 2. Modify vSphere DRS Settings 3. Add ESXi Hosts to the Cluster 4. Verify VSphere vMotion Configuration on the ESXi Hosts 5. Create a Load Imbalance 6. Verify Proper vSphere DRS Cluster Functionality Module 9: vSphere Clusters64 7 9-42 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe the functions of a vSphere DRS cluster Explain how vSphere DRS determines VM placement on hosts in the cluster Enable vSphere DRS in a cluster Monitor a vSphere DRS cluster 648 Module 9: vSphere Clusters 9-43 Lesson 3: Introduction to vSphere HA Lesson 3: Introduction to vSphere HA vmware· Module 9: vSphere Clusters649 9-44 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify options for configuring a highly available vSphere emrironment • Desclibe how vSphere HA responds when an ESXi host, a virtual machine, or an application fails 650 Module 9: vSphere Clusters 9-45 Protection at Every Level With vSphere, you can reduce planned do\vntime, prevent unplanned downtime, and recover rapidly from outages. I I II II I tII I II I ........ II · ... ... 11 • "'"lj" II· •1•11• 11 · """'"II· ........ 11. ........ u. . ..... ) ........ , Sitt'R«~y "'~~9<H' .. ..... 1 '"""'11 11 • '""""I ....... II· ...... 11 • ,. ,.... I - \Vhethcr planned or unplanned, downtime brings with it considerable costs. However, solutions to ensure higher levels of availability are traditionally costly, hard to implement, and difficult to n1a11age. VM ware software makes ir simpler and less expensive to provide higher levels of availability for important applications. With vSphere, organizations can easily increase the baseline level of availability provided for all applications and provide higher levels of availability more easily and cost effectively. \Vith vSphere, you can: • Provide h.igber ava ilability independent of bardware, operating system, and applications. • Reduce planned downtime for commoo maintenance operations. • Provide automatic recove1y in cases of failure. vSphere MA provides a base level of protection for your VMs by restarting \/Ms if a host fails. vSphere Fault T olerance provides a higher level of availability, allowing users to protect any VM Module 9: vSphere Clusters651 from a host failure wi1b no loss of data, 1ransac1ions, or conncc1ions. vSphcrc Faull Tolerance provides conlinuous availabiti1y by ensuring that the states of the primary and secondary YMs are identical at any point in lbe instruction execution of the YM. vSphere v/vfotion and vSphere Storage vMotion keep Y/vls available during a planned outage, for example, when hosls or storage must be laken offline for mail1tenance. Syslem recovery from unexpecled storage failures is simple, quick, and reliable wi1h the encapsulation property ofYMs. You can use vSpbere Storage vMotion to suppo1t planned storage outages resulting from upgrades to storage arrays to newer finnware or technology and YMFS upgrades. \Vith vSphere Replication, a vSphere platform can prolect YMs natively by copying their disk files 10 another localion where they are ready to be recovered. YM encapsulation is used by lhird-party backup applicalions lhat support file and image-level backups using vSphere Storage APls - Dala Protection. Backup solutions play prominenl roles in recovering from dele1ed files or disks and corrupt or infected guest operating systems or file systems. Wilh Site Recovery Manager, you can quickly restore your organization's IT infraslructure, shortening 1he time that you experience a business outage. Site Recovery /vlanager automates semp, failover, and testing of disaster recovery plans. Site Recovery Manager requires that you install vCenter Server at the protected site and at the recovery site. Site Recovery Manager also requires either host-based replicai-ioa tbrough vSphere Replication or preconfigured array-based replic;1tion between lhe protected site and the recovery site. 652 Module 9: vSphere Clusters 9-46 About vSphere HA vSphere HA provides rapid recovery from outages and cost-elfective high availab1llty rar applications running in VMs. vSphere HA protects application availability in several ways. Protects Against How Docs vSphcre HA Provide Protaction? ESX1 host failure By restarting ihe Vlllfs on other hosts wtth1n the cluster vr-.1 railure By re$1art1ng the VM when e VMware Tools heartbeat 1s not received w1lh1n a set lune AppllooUon l>l•lure By restarting lhe VM when an application heartbeat 15 not received within a set lime Data.store accessibility failure Network isolation By restarting the affected VMs on other hosts that still can access the datastores. By restarting VMs if their host becomes s:olated on the management or VSAN net\vork_ This protection is pcovided even if the network becomes pamtioned. Uolikc other clustering solutions, vSphcre HA protectS all workloads by using the infrastructure itself. After you configure vSphere HA, no actions are required to protect new VMs. All workloads are automatically protected by vSphere HA. Module 9: vSphere C lusters653 9-47 vSphere HA Scenario: ESXi Host Failure When a host fails, vSphere HA restarts the impacted VMs on other hosts in the cluster. VM C ESX1 Host ESXI Host vCenter Set'YOI ESXI Host • • \+Sphere HA Ouste1 0 To play the animation, go to h11rs://,•mwarc.bravais.comls/!...vK761swrsbm.iq8kRuco . vSphcre HA can also determine whether a ESXi host is isolated or has fai led. ff an ESXi host fails, vSphcrc HA attempts to restart any VMs that were running on the failed host by us ing one of the remaining hosts in the c luster. In every cluster, the time to recover depends on how long it takes your guest operating systems and applications to re.s tart when the VM is failed over. 654 Module 9: vSphere Clusters 9-48 vSphere HA Scenario: Guest Operating System Failure When a VM stops sending heartbeats or the VM process (vmx) fails unexpectedly, vSphere HA resets the VM. ,_l VM A tyM .... VM 8 :vw..,,,.. 1~\. Host VM C VM E (VM,...• fllO.:] (VM...,,.. f Qalo) VM D VM F 1vw...,,,.1~ lV'°'"'"'" 1(;)1J) ESXI Host ESXi Host vCenter Server • • \ISphete HA O uster To play the animation, go to hltps://vmw:ire.brnvais.com/slikio41.tOkS6fl>ivlJpR6. If VM monitoring is enabled, the vSphere HA agent on each individual host mon.itors VMware Tools in each VM running on the host. ~'hen a VNI stops sending heartbeats, the guest operating system is reset. The VM stays on the same host. Module 9: vSphere C!usters655 9-49 vSphere HA Scenario: Application Failure When an application fails, vSphere HA restarts the Impacted VM on the same host. VM < ... ' ..-· ..._ ESXI Host ESXI Host vCenter Set'YOI ESXI Host • • \+Sphere HA Ouste1 0 To play the animation, go to httrs://,•mwarc.bravais.comlsfOgf,03mC2MiGVVPKCxdh . The agent on each host can optionally monitor heartbeats of applications running in each VlVI. \Vhcn an application fai ls, the VM on which the application was running is restarted on the same host. Application monitoring requires a third-party application monitoring agent designed to work with VM application monitoring. 656 Module 9: vSphere Clusters 9-50 vSphere HA Scenario: Datastore Accessibility Failures If VM Component Protection {VMCP) is enabled, vSphere HA can detect datastore accessibility failures and provide automated recovery for affected VMs. You can determine the response that vSphere HA makes to such a failure. ranging from the creation of event alarms to VM restarts on other hosts: All paths down (APO): - Recoverable. - Represents a transient or unknown accessibility loss. - Response can be either Issue events, Power off and restart VMs ·Conservative restart policy, or Power off and restart VMs -Aggressive restart policy. Permanent device loss (POL): - Unrecoverable loss of accessibmty. - Occurs When a storage device reports that the datastore Is no longer accessible by the host. - Response can be either Issue events or Power off and restart VMs. Power off and restart Vlvfs - Conservative restart policy: vSphcrc HA docs not aucmpt to restart the affected VMs unless vSphere HA determines that another host can restart the Vtv!s. The host experiencing the all paths down (APO) communicates with the vSphere HA master host to determine whether the cluster has sufficient capacity to power on the affected Vlvls. lfthe master host determines that sufficient capacity is available, the host experiencing the APO stops the VMs so that the VMs can be restarted on a healthy host. 1f the host experiencing the APO cannot communicate with the master host, no action is taken. Power off and restart VMs - Aggressive restart policy: vSphere HA stops the affected VMs even if it cannot determine that another host can restart the VMs. The host experiencing the APO attempts to communicate with the master host to determine whether the cluster has sufficient capacity to power on Lhe affected VMs. ff the master host is not reachable, sufficient capacity 10 restart the VMs is unknown. ln this scenario, the host takes the risk aod stops the VMs so they c.1n be restarted on the remaining healthy hosts. However, if sufficient capacity is not available, vSpbere HA might not be able to recover all the affected VMs. This result is common in a network Module 9: vSphere Clusters657 partition scenario where a host cannot communicate with the master host to get a definitive response 10 the likelihood of a successful recovery. 658 Module 9: vSphere Clusters 9-51 vSphere HA Scenario: Protecting VMs Against Network Isolation vSphere HA restarts VMs if their host becomes isolated on the management or vSAN network. Host network isolation occurs when a host is still running, but it can no longer obseNe traffic from vSphere HA agents on the management network: The host tries to ping the isolation addresses. An isolation address is an IP address or FQON that can be manually specified (the default is the host's default gateway). If pinging fails. the host declares that it is isolated from the network. - Prll'W)'14ffltb- ~~ - All•ma.. 11_,.,.,.I N•I_., This protection is provided even if the network becomes partitioned. lfyou ensure that the network infrastructure is sufficiently redundant and that at least one network path is always available, host network isolation is less likely to occur. Module 9: vSphere Clusters659 9-52 Importance of Redundant Heartbeat Networks Redundant heartbeat networks ensure reliable failure detection and minimize the chance of hostlsolalion scenarios. In a vSphere HA cluster, heartbeats have the following characteristics: They are sent bet\veen the master host and the subordinate hosts. They are used to determine whether a master host or a subordinate host has failed. They are senl over a heartbeat network. Redundant heartbeat networking is t]l(> best approach for your vSphcrc HA cluster. \Vhcn a master host's connection fails, a second connection is still available to send heartbeats to other hosts. If you do not provide redundancy, your failover setup has a single point of failure. 660 Module 9: vSphere Clusters 9-53 Redundancy Using NIC Teaming A heartbeat network is Implemented in the following ways: • By using a VMkemel port that is marked for management • By using a VMkemel port lhat is marked ror vSAN traffic when vSAN is in use You can use NIC teaming to create a redundant heartbeat netwot1< on ESXt hosts. - ··---·-- ~- ~ -- . ... Vlrtuel s.,..1lc:<1~ -__-· "".,...._ --.. ~-·-- ··--.. ·--·-· . ----........ -- - · .llO•ti . ·-· . - -·-. -· ... I ..,.,..__ --- ln this example, vmnicO and vmnic I fonn a NlC team in the M anagement network. The vmkO VMkemel po1t is mar ked for management. Module 9: vSphere Clusters661 9-54 Redundancy Using Additional Networks You can create redundancy by configuling more heartbeat networks. On each ESXi host, create a second VMkemel ... physical adapter. Redundant management networking supports the reliable detection of failures and prevents networks. ·-··--" port on a separate virtual switch \Vith its own isolation or partition conditions from occurring, because heartbeats can be sent over multiple ---.. ..........._ l·M··--' V•rw.il S..;1TQ'IK ... ~· --......... -- ~. -• _, ___ _,.._ - - .............,_...• .. ·-·- . ·-- v___.,,_,, • ....... Q ~""""""'' ...... # ---' ln most implcmcnlations, N lC 1c,1ming provides sufficient heartbeat redundancy, but as an alternative. you can create a seco11d 111anage1nent net\vork co1u1ection attached to a se1)arate virtt1al S\l\'itcl1. The original management network connection is used for network and management purposes. When the second management network cow1ection is created. the mast.e r host sends heartbeats over both management network connections. If one path fails, the master host still sends and receives heartbeats over the other path. 662 Module 9: vSphere Clusters 9-55 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify options for configuring a highly available vSphere emrironment • Desclibe how vSphere HA responds when an ESXi host, a virtual machine, or an application fails Module 9: vSphere Clusters663 9-56 Lesson 4: vSphere HA Architecture Lesson 4: vSphere HA Architecture vmware· 664 Module 9: vSphere Clusters 9-57 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify the heartbeat mechanisms used by vSphere HA Desclibe failure scenarios Re<:ognize vSphere HA design considerations Module 9: vSphere Clusters665 9-58 vSphere HA Architecture: Agent Communication When vSphere HA is enabled In a cluster, the Fault Domain Manager (FDM) service starts on the hosts in the cluster. e>atasto.-e oatastore Datastore E31. ~· ~ I - • Man~ement Network vCenter Ser.·et The vSphcrc HA cluster is managed by a master host All other hosts are called subordinate hosts. Fault Domain Manager (FDM) services on subordinate hosts all communicate with FDM on the master host. Hosts cannot participate in a vSphere HA cluster if they are in maintenance mode, in standby mode, or discoru1ected from vCenter Server. To detennine which host is the mast.er host. an election process takes place. The host that can access the greatest number of datastores is elected the master host. If more than one host sees the same number of datastores, the election process determines the master host by using the host lv!anaged Object ID (MOID) assigned by vCencer Server. 666 Module 9: vSphere Clusters The election process for a new master host completes in approximately 15 seconds and occurs under these circumstances: • vSphere HA is enabled. • The master host encounters a system foilure because of ooe of the following factors: The master host is placed in maintenance mode. The master host is placed in standby mode. vSphere HA is reconfigured. • The subordinate hosts cannot communicate with the master host because of a network problem. During the election process, the candidate vSphere HA agents communicate with each other over che managemenc network, or che vSAN network in a vSAN cluster. by using User Datagram Protocol (UDP). All necwork connections are point-to-point. After the master host is determined, the master host and subordinate hosts communicate using secure TCP. \Vhen vSphere HA is started. vCenter Server contacts the master host and sends a list of hosts with membership in the cluster wiU1 the cluster configuration. That infonnation is saved to local storage on the master host and then pushed out to the subordinate hosts in the cluster. If additional hosts are added to the cluster during normal operation, the master host sends an update to all hosts in che cluster. The master host provides an interface for vCenter Server co query the state of and report on the health of the fault domain and VM availability. vCenter Server tells the vSphere HA agent which VMs to protect with their VM-to-host compatibility list. The agent learns about state changes through hostd and vCenter Server learns through vpxa. The master host monitors the health of the subordinace hoses and take-5 responsibility for VMs that were running on a failed subordinate host. A subordinace host monitors the health ofVMs running loca lly and sends state changes to the master host A subordinate host also monitors the health of che master host. vSphere MA is configured, managed, and monitored through vCenter Server. The vpxd process, which runs on the vCencer Server system, maintains the cluster configuration data. The vpxd process reports cluster configuration changes to the master host. The master host advertises a new copy of the cluster configuration information and each subordinate host fetches an updated copy. Each subordinate host writes the updated configur~tion information to local storage. A list of protected VIV!s is stored on each datascore. The VM list is updated after each user-initiated poweron (protected) and power off (unprotected) operation. The VM list is updated after vCenter Server observes these operations. Module 9: vSphere Clusters667 A VM becomes protected when an operation results in a power on. Reverting a VM to a snapshot with memory state causes the VM to power on and become prOtected. Similarly, a user action that causes the VM to power off, for example, reverting to a snapshot without memory state or a standby operation performed in the guest, causes the VM to become unprotected. 668 Module 9: vSphere Clusters 9-59 vSphere HA Architecture: Network Heartbeats 8 heartbeats to the subordinate hosts. In this way, the subordinate hosts kno\v that the master host is alive and the master host knows that the subordinate hosts ••• VMF$ The master host sends periodic 8 V11t1H1I Mll(h!M C V<1lu11I Mad!!nt> a are alive. . ··r-········- ·····- ·····- ·"·. ····- ········--·····- 111 0 111 Heartbeats arc sent to each subordinate host from the master host over all configured management netv.rorks. However, subordi11ate J1osts use 0 11Jy one 1nanagerneot net\vork to c-0111111unicate \vitl1 the master host. If the management network used to communicate with the master bost fails, U1e subordinate host switches to another management interface to c.o mmunicate with the master host. If the subordinate host does not respond within the predefined timeout period, the master host declares the subordinate host as agent unreachable. When a subordinate host is not responding, the master host attempts to determine the cause of the subordinate host's inability to respond. The master host must determine whether the subordinate host crashed, is not responding because of a network failw·e, or the vSphere HA agent is in an unreachable state. Module 9: vSphere Clusters669 9-60 vSphere HA Architecture: Datastore Heartbeats When the master host cannot communicate with a subordinate host over the management network, the master host uses datastore heartbeating to determine the cause: Subordinate host failure VMFS VMFS ~ ~ ••• 8 \/ltlv31 M.'lthuw E Network partition Network isolation 111 0 Ill ,.,._ Ma~nt Network 2 Using dat1sLore hcartbcating, the master host detem1ines whether a host has failed or a network isolation bas occurred. I f datastore heartbeating from the host stops, the hosi is considered foiled. ln this case, the failed host's VMs are started on another host in the vSphere HA cluster. 670 Module 9: vSphere Clusters 9-61 vSphere HA Failure Scenarios VSphere HA can identify and respond to various types of failures: Subordinate host failure • Master host failure • Network failure (host isolation) VMCP enables vSphere HA to detect and respond to datastore access failures: APO • POL vSphcrc HA can also determine whether an ESXi host is isolated or has failed. Isolation refers to when an ESXi host cannot see traffic coming from the other hosts in the cluster and cannot ping its configured isolation address. If an ESXi bost fails, vSphere HA attempts to restart the VMs that were running on the failed host on one of the remaining hosts in the c luster. If the ESXi host is isolated because it cannot ping its configured isolation address and sees no management network traffic, the host executes the Host Isolation Response. Module 9: vSphere Clusters671 9-62 Failed Subordinate Hosts When a subordinate host does not respond to the net\vork heartbeat issued by the master host, the master host tries to VMFS g NAS,INFS (HNflbe.lt ~g1o~ ~ identify the cause. Ill 0 ~ Ill - Pl'IMll')' Ht¥1.,.il1 H•twC)(k . ...... Alt• fNI• HN •lbf.al Nf(WOfli. The master host must dctem1inc whether the subordinate host is isolated or has failed, for example, because of a misconfigured firewall rule or component failure. The type of failure dictates how vSphere HA responds. \ Vhen the master host cannot communicate with a subordinate host over the heartbeat network, the master host uses daiastore heartbeating to determine whether the subord inate host faile<t, is in a network partition, or is network-isolated. lfthe subordinate host stops datastore heartbeating, the subordinate host is cons idered to have fai led, and its vimtal machines are restarted elsewhere. For VlvlFS, a heartbeat region on the datastore is read to find out if the host is sti ll heartbeating to it. For NFS daiastores, vSphere HA reads the hos t --hb file, which is locked by the ESX i host accessing the datastore. T he file guarantees that the Vlvlkemel is heanbeating to the datastore and periodically updates the lock file. The lock file time stamp is used by the master host to determine whether the subordinate host is isolated or has failed. 672 Module 9: vSphere Clusters In both storage examples, che vCenter Server instance selects a small subset of datastorcs for hosts to heartbeat to. The datastores that are acc.essed by the !;,'featest oumber of hosts are selected as candidates. But two datastores are selected (by default) to keep the associated overhead and processi11g to a 111i11in1l1n1. Module 9: vSphere Clusters673 9-63 Failed Master Hosts When the master host is placed HAS/lil S In maintenance mode or fails, the subordinate hosts detect that the master host is no longer issuing heartbeats. o.f'ault GM..-•v ( ltlllatl(ln AOClfti$) Ill ---.-···-···-· Ill 0 ···-r·-·----Ill 0 Ill Primary H11Mt~.:at Hfltwort -·- ...-,........ 11ellrtbl!•t H«.work MOIO ... ,_nft)d Obj~ ID To determine which host is the master host, an e lection process takes place. The host that can access the greatest number of datastores is electe.d the master host. If more than one host sees the same number of datastores, the election process determines the master host by using the host tvlanaged Object ID (MOlO) assigned by vCenter Server. lfthe master host fails, is shut down, or is removed from the cluster a new election is held. 674 Module 9: vSphere Clusters 9-64 Isolated Hosts A host is declared isolated when the following conditions occur: The host is not receiving networlc heartbeats. The host cannot ping its isolation addresses. V 1rtu.i l M:ic-runo C Vlrtu"! M;Kh•M e 1 i'§'1ii1 ·- ····.,..······-·······- ······-······- ·······-······-··.. Ill 0 ' Ill Default Gateway (lwl•tion AddtCS$) ·-······-······-···· ~-····- -·······- - Primary Hcartbc!at Nctwotk ·····- Alternate H eartbeat Network The slide illustnncs one of several scenarios that might res ult in host isolation. Ifa host loses connectivity to both the piimary heartbeat network and the alternate heartbeat network, the host no longer receives network heartbeats from the other hosts in the vSphere HA cluster. Furthermore, the slide depicts that this same host can no longer ping its isolation address. !fa host becomes isolated, the master host m ust determine if that host is still alive, and mere ly isolated, by checking for datastore heartbeats. Datastore heartbeats are used by vSphere HA only when a host becomes isolated or partitioned. Module 9: vSphere Clusters675 9-65 VM Storage Failures Storage connectivity problems might arise because of: Networt< or switch failure • Array misconfiguration • Power outage Storage conne<:tivtty problems affe<:t VM availability: VMs on affected hosts are difficult to manage. • Applications with attached disks fail. 676 Module 9: vSphere Clusters ESX1 ESX1 ~ 1111 0 111 I 9-66 Protecting Against Storage Failures with VMCP VM Component Protection protects against storage failures on a VM. If VMCP 1s enabled, vSphere HA can detect datastore accessibility failures and p10V1de automated recovery for affected VMs. • VMCP is not supported with vSAN. DOOOO ::I:.l:: . . 1:.1 E.SXi VMC4' '"""Oil It clo11t•1 VMC:P ol'-*Wlll::•tlOll '"'"'e<l•lllllon. cllofrb'<!'d for v~pne<i~ MA . ,. . .~'ty ~ 1111 0 .,..d 1111 V"'1C9 cl~i:d~ and lO f~lh-~ ft'WO!•(!~ \Vhcn a datastorc accessibility failure occurs, the affected host can no longer access the storage path for a specific datastore. You can determine the response that vSphere HA gives to such a failure. ranging from the creation of event alarms to VM restarts on other hosts. Module 9: vSphere Clusters677 9-67 vSphere HA Design Considerations When designing your vSphere HA cluster, consider these guidelines: Implement redundant heartbeat networks and redundant isolation addresses: - Redundancy minimizes host isolation events. Physically separate VM networks from the heartbeat networks. Implement data stores so that they are separated from the management network by using one or both of the following approaches· - Use Fibre Channel over fiber optic for your datastores. - If you use IP storage, physically separate your IP storage network from the management network. If a datastore is based on Fibre Channel, a network failure doc-5 not disrupt da1as1orc access. \Vhcn using datastores based on lP storage (for example, NFS, iSCSI, or Fibre Channel over Ethernet), )'OU must physically separate the IP storage network and tl1e management network (the heattbeat network). If physica l separation is not possible, you can logically separate the networks. 678 Module 9: vSphere Clusters 9-68 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify the heartbeat mechanisms used by vSphere HA Desclibe failure scenarios Re<:ognize vSphere HA design considerations Module 9: vSphere Clusters679 9-69 Lesson 5: Configuring vSphere HA Lesson 5: Configuring vSphere HA vmware· 680 Module 9: vSphere Clusters 9-70 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Recognize the requirements for creating and using a VSphere HA cluster • Configure a vSphere HA cluster Module 9: vSphere Clusters681 9-71 vSphere HA Prerequisites To create a vSphere HA cluster, you must meet several requirements: All hosts must be configured with static IP addresses. If you are using DHCP, you must ensure that the address for each host persists across reboots. All hosts must have at least one management network in common. For VM monitoring to work, VMware Tools must be installed in every VM. Only vSphere HA clusters that contain ESXi hosts 6.x and later can be used to enable VMCP. You must not exceed the maximum number of hosts that are allowed In a cluster. See VMware Configuration Maximums at https·/Jconfigmax vmware.oom. To determine the maximum number of hosts per cluster, see Vl\1ware Configuration Max imums at https;//conti gmax. \.'Til\\.'are.co1n . 682 Module 9: vSphere Clusters 9-72 Configuring vSphere HA Settings -- When you create or configure a .. vSphere HA cluster. you must configure settings that determine ho\v the feature works. Pt' Cdl!. Cluste-< SMlt'IQS f ,,, <...c r c - "' -·-..-o.--- ---,__ ____ ___ ....._ .. ___ _ -.....- ______ -----...-..... ,_ _ ·---·- ----· ..,._,. .... _.. _ _ _ ,:.. C · --·-.--... --~ 1--··· ~ ""':" ra;;;,,. ... _ _ _ In the vSphere Client, you can configure the following vSphere HA settings: • Availability failure conditions and responses: Provide scni11gs for host failure responses, host isolat ion, VM monitoring, and vrvtCP. • Admission control: Enable or disable admission control for the vSphere HA cluster and select a policy for how it is enforced. • Heartbeat datastores: Specify preferences for the datastores that vSphere HA uses for datastore heart-eating. • Advanced options: Customize vSphere HA behavior by setting advanced options. Module 9: vSphere Clusters683 9-73 vSphere HA Settings: Failures and Responses You use the Failures and Edit Cluster Settings responses pane to configure a cluster's response if a failure ~ .... - ~ ~curs . .,_,.. _ _ .....,,. r• • ...,.,,._"'"'"'--' ••tn•••o.••.. ,,. ......_ _ _ _, _ l'O.._ _ _ , . ..... ~---··- ...•~llQ. .. .,.u'OI ----- \'..... ~~"' ,..M1_3 ,_"" _ _ ..... .:l --_- __ _ ~-·""·· ..--.~- ............ 9 ....... _.... ,..,..,.. . _ of!_,,_,._...,_ _ ""91'1' [ 0~" Im Using the Failures and Responses pane, you can configure how your cluster should function when problems are encountered . You can specity the vSphere HA cluster's response for host failures and isolation. You can also configure Vl\1CP actions when permanent device loss and all paths down situacions occur and enable VM monitoring. If a datastore encounters an All Paths Down (APO) condition, the device state is unknown and might only be temporarily available. You can select the following options for a response to a datastore APO: • Disabled: No action is taken for the affocted VNls. • Issue events: No action is taken against the affected VMs, however the administrator is notified when an APO event has occurred. • Power off and restart VMs - Consen·ative restart policy: vSphere HA does not attempt to restart the affected VMs unless vSphere HA determines that another host can restart the VMs. 684 Module 9: vSphere Clusters The host experiencing the APD communicates with the master host to determine whether su fficient capacity exists in the cluster to power on the affected VMs. If the master host determines sufficient capacity exists, the host experiencing the APD stops the VMs so that the VMs can be restarted on a healthy hose. If the host experiencing the APD cannot conununicate with the master host, no action is taken • Power off and restart VMs - Aggressive res tart policy: vSphere HA stops the affected VMs even if it cannot determine that another host can restart the VMs. The host experiencing the A.PD attempts to communicate with the master host to determine if sufficient capacity exists in the cluster to power on the a ffected VMs. If the master host is not reachable, sufficient capacity for restarting the VM s is unknown. In this scenario, the host takes the risk and stops the VMs so chat they can be restarted on the remaining healthy hosts. However, if suflicient capacity is not available, vSphere HA might not be able to recover all the affected V~1s. This result is common in a network partition scenario where a host cannot communicate wich the master host to get a definitive response to the likelihood of a successfol reco\rery. For more information about Vivi Component Protection, see https:/fhlo~s. \'mware.comlvsphere/. Module 9: vSphere Clusters685 9-74 vSphere HA Settings: VM Monitoring ...._. ---- ........·-·__- . .,_.,.,....."-°"'"___ . . • Ed1t Cluster Setti'lgs You use VM Monitoring sellings to control the monitoring of VMs. -~ «:> By default, VM Monttoring is set ,,_~ to Disabled ""~-· 4-u•~ ... '""'* _...,... ....._,..........,,...........-....- -~· __ ___ ,,.. ~~·,-- ~1'(.'1.-~~"'--·- t·--•"""'-1{1 C) _,_""'-"" -----"""' \IM_I_ I r.,;;;;;-- -:i 1- @ 1-..----a 1-..- ....- -..- -...... 3 ,?.! ' - I ~ "l'WW'O O"'I' ..... I· 1 .......... -~ - I (;.&'!ICU - The Vl\1 monitoring service detennines that the VM has failed if one of the following events occurs: • VMware Tools heartbeats arc not received. • The guest operating system has not issued an 1/0 for the last 2 minutes (by default}. If the VM has failed, the VJvl monitoring service resets the VJvl to restore services. You can configure the level of monitoting sensitivity. Highly sensitive monitoring results in a more rapid conclusion that a fail1u-e has occurred. Although unlikely, highly sensitive monitoring might lead to falsely identifying failures when the VM or application is still working but heartbeats have not been received because of factors like resource constraints. Low-sensitivity monitoring results in longer interruptions in service between actual failures and VMs being reset. Select an option that is an e ffective compromise for your needs . You can select VJvl and Application Monitoring to enable application monitoring. 686 Module 9: vS phere Clusters 9-75 vSphere HA Settings: Heartbeat Datastores A heartbeat file is created on the selected datastores and is used if the management network fails. ~ Edit CIOS-tllr Settings ..:<d-lif. x C> ._....,__ ,.._Cori•"' , ..___ _ - ..... ... ....... - ~-~-- ........ _.._,~ Ill_ 1.,.,. • .. -."-.lo ......... "' I___ Os-. "" .........._.t..u ____ ; .p. -~- ---...-.. u..o-·-·11. . -..-.. - -...-.. . . . . . ---·---- -- ·----· •. ,,..,......, -.,~- ~ a 11 a n ~ ~~- ·-· «»0 1 ' " ' ,. •• ,. ,. • ..o.o ' ' ' ' l <411Cll - Oatasiorc hcaribcating takes checking the health of a host 10 another level by checking more than the management network to determine a host's health. You can configure a list of datas tores to monitor for a particular host, or you can allow vSphere HA to decide. You can also combine both methods. Module 9: vSphere Clusters687 9-76 vSphere HA Settings: Admission Control vCenter Server uses admission Edit Cluster Set~.s. control to ensure both that - N CJ sufficient resources are available • Ktot.Clmp<llt oi -0lif.;I-.. . . . ,...,.,..., ..._ _ I ~c.rc.· 1 .... in a cluster to provide failover protection and that VM resource --··-,-•t. _ reservations are respected. .... i - . . . .- ... - - l<fllq....,.• ......, _ , , , , r--.----·.., -~ •!Alo>-- - ..,,........ - " " " ' ' · • - • • " - _ _ , _ , ._ _ _ •• - -·----..I - I°""'"' -·· - ...._ ::J ...... •' ----···-""' -·--1-.. .- . . . """ . . . . , , , -•.lo\... •••·~-.... - •• - ._,,,'" __ ... __ -- ···-·- ..,.....,.«l.~W.-.., ..... After you create a cluster. you can use admission control to specify whether VMs can be started if they violate availability constrnints. T he c luster reserves resource-s to allow foilover for all running VMs for a specified number of host failures. The admission control settings include: • Disabled: (Not reconun ended) This option disables admission control, allowing the VMs violating availability constraints to power on. • S lot Policy: A slot is a logical representation of memory and CPU resources. \Vith the s lot policy option, vSpbere HA calculates the slot s ize, determ.i nes bow many s lots each host in the cluster can hold, and therefore determines the current failover capacity of the cluster. 688 Module 9: vSphere Clusters • Cluster resource Percentage: (Default) T his value specifies a percentage of the cluster's CPU and Memory resources to be reserved as spare capacity to support foilovers. • Dcdjcated failover hosts: T his option selects hosts to use for failover actions. If a default failover host does not have enough resources, failovers can still occur to other hosts in the cluster. Module 9: vSphere Clusters689 9-77 Example: Admission Control Using Cluster Resources Percentage Example of calculating total faflover capacrty using cluster resource percentages: Total cluster capacity: DDDDD - CPU: 18GHz - Memory: 24 GB Total VM reservations: - CPU: 7 GHz - Memory: 6 GB Current failover CPU capacity is 61%: ((18 GHz - 7 GHz)/18 GHz) = 61% ___ .. , -'·1 Current ta1lover memory capacity is 75%: ((24 GB - 6 GB)/24 GB) = 75% .. --·-I Cluster resource percentage is the default admission control policy. Recalculations occw· automatically as the cluster's resources change, for example, when a host is added to or removed from the cluster. 690 Module 9: vSphere Clusters 9-78 Example: Admission Control Using Slots (1) A slot is calculated by combining the largest memory rese1Vation and the largest CPU reservation of any running VM in the cluster. vSphere HA performs admission control by calculaling the following values: Slot size: - In this example, the slot size is 2 GHz CPU and 2 GB memory. Number of slots each host in the cluster can hold: - Three - The cluster has a total of nine slots (3 + 3 + 3). DODOO 2GHz 1 GB :Z GHot 1GO I GHz 2GB 1GH:t I GB l GH~ 1GB Module 9: vSphere Clusters691 9-79 Example: Admission Control Using Slots (2) VSphere HA also calculates the current failover capacity. In this example, the failover capacity is one host If the first host fails. six slots remain in the cluster, which is sufficient for all five of the pov1ered-on VMs. If the first and second hosts fail, only three slots remain, which is insufficient for alt five of theVMs. If the current failover capacity is less than the configured failover capacity, vSphere HA does not allow any more VMs to power on. 692 Module 9: vSphere Clusters DODOO 2GH Z 1GO 2GH Z 1G9 1 GHZ 1GH2 1 GHZ 2GO 1GO 1GO 9-80 vSphere HA Settings: Performance Degradation VMs Tolerate The Performance degradation VMs tolerate threshold specifies lhe percentage of performance degradation that the VMs in the cluster are allowed to tolerate during a failure. Ed it Cluster settings v1 -·Oj· x ~• .01 C) "......... ...., '""'°"""" ~--IS &dl!Msllon C""1!'d MNrlbNI °"~"om Ao.w>e~~· •,....X-'tUMCI..,. vklllll'ft ..ato-e ~ ~t wot'WI• C'*'° ~1114'/'ll'!effdOO'l"'IW ...., ....,," ..'~lw-.....-,toftill'... ..a~•W'~ - 14'1 ,.,....., ~· , _• .,.. °'-"'>e ~ I~ tkJiKl!y Of - LiJ"'"' ~··-~• I• I~ ,,_« llt>w>1l9r 0~i·~~I• l'e<f~•"JC:t:lfg·»- W'lib bot"- < - - 11 ·~- iiilO - ' ,,.~ --- ~ 11f Pf"llln'l"•'ICI ~h vYs ot11-. DoAW" fff ~11!' 1•••,.,. ,,,........ ""'*""' °' --.......... ' l'W" . . .,..n.:;e,,. ,_ _ _,, U.;;1...¥11f'ol'll'O!wntWI... ..,-.;.e.,.Vht) ~Wt 100'\ W~<t•l.llhn Admission control can also be configured to offer warnings when the actual use exceeds the failover capacity percentage. The resource reduction calculation takes into account a Vivi's reserved memory and memory overhead. By setting the Perfor mance degradation V~h to.lerate threshold, you can specify when a configuration issue should generate a warning or notice. For example: • The default value is l 00 percent, which produces no wa111ings. • If you reduce the threshold to 0 percent, a warning is generated when cluster use exceeds the available capacity. • If you reduce the threshold to 20 percent, the perfonnance reduction that can be tolerated is calculated as performance reduction = current use x 20 percent. Module 9: vSphere C lusters693 When the current use minus the perfonnance reduction exceeds the available capacity, a configuration notice is issued. The Performance degradation VMs tolerate threshold is nor available unless vSphere DRS is enabled. 694 Module 9: vSphere Clusters 9-81 vSphere HA Setting: Default VM Restart Priority The VM restart priolity determines the order in which vSphere HA restarts VMs on a running host. VMs are put In the Medium 1estart plionty by default, unless the restart priority is explicitly set using VM overrides. Exceptions: A.gent VMs always start first, and the restart priority is nonconfigurable. vSphere Fault Tolerance se<:ondary VMs fail over before regular VMs. Primary VMs follow the normal restart priority. ·---- ---·- _ , C> "I .. - - ---_____ .... --__ __.. --...- .·----· -- -- --- . -,.,,._ ... ,I [~· · ... FflOfltlej: lO'"-n( (5) Med.- (dofloo.M) ""' 111~~(1) COnll!Uon.t - A1!$0oul'l:llS oloatte --~ w Gi.t:n l'ltal'd)lltu elf\~ ~fll)ellol ~l.leaied Optionally, you can configure a delay when a certain restart condition is met. Module 9: vSphere Clusters695 9-82 vSphere HA Settings: Advanced Options You can set advan ced vSphere HA options to customize VSphere HA behavior. Ocscr1phon Option Valu~ Force a cluster not to us.e 1he default isolation ilddress (default das usedefaultisolattonadores.s t a lse Force a clus1er to pfng artemate Isolation addresses das.lsolatonaddressX IP address or FOON Force a cluster to wait be>·ond the default 30-second 1solauon actJon tdm .1solauon polrcydetaysec >=30 seconds Force maximum bound on the momory stot size das stotmeminmb 100 Force maximum bound on Ille CPU slots1ze das.sk>lcpu1nmhz 32 9otewoy) wlndO\V You can set advanced optio ns that affect the behavior of your vSphcrc HA cluster. For more details, see vSpliere Availability at htl])s: lldocs.vmware.comlenlVMwarevSphere/7 .Olcom. \1Hware. vsphcre.avail.doclGUID -63 F 45987 -8884-48 I 8-8872C975 .lB2E02 I 5 .html. 696 Module 9: vSphere Clusters 9-83 vSphere HA Settings: VM-Level Settings You can customize the restart priority for individual VMs in a cluster to override the default level set tor the entire cluster. - .. -·--~ _,,. eo •=fl- --· ~ .... _..... """"- -- --·---. .-- '!·-- ~-- ...-- ---- . . . - =·----.._.._.. " - • - .,.._~·--1- :.. Module 9: vSphere Clusters697 9-84 About vSphere HA Orchestrated Restart Orchestrated restart in '/Sphere HA enables five tiers ror restarting VM and VM-VM dependencies. Choose rrom among the rouowlng conditions that must be met berore a VM is considered ready: VM has resources secured. VM is po!f\•ered on. VMware Tools heartbeat is detected. VMware Tools application heartbeat is detected. VMs can be grouped into tiers indicating their startup priority: All VMs in the priority 1 tier receive their resources first and are powered on. After all the VMs in tier 1 have met their defined restart condition, vSphere HA continues to the VMs in the priority 2 tier. and so on. After a hosi failure, VMs arc assigned to other hosts with unreserved capacity. with the highest priority Vtvls placed first. The process continues to those VMs with lower priority until all have been placed or no more cluster capacity is available to meet the reservations or memory overhead of the VMs. A host then restai1s the Vtv!s assigned to it in priority order. If insufficieni resources exist. vSphere HA waits for more unreserved capacity to become available, for example, because of a host coming back online, and then retries the placement of these VMs. To reduce the chance of this simation occurring, configure vSphere HA admission control to reserve more resources for failures. \Vith admission control, you can control ihe amount of cluster capacity that is reserved by VMs, which is unavailable to meei the reservations and memory overhead of other VMs if a fai lure occurs. 698 Module 9: vSphere Clusters 9-85 VM Dependencies in Orchestrated Restart (1) VMs can depend only on other VMs of the same or higher priority. Only direct dependencies are supported. VM-to-VM dependency is a hard rule. Creating cyclical dependencies causes VM restart to fail Cf] t Depends On Depends On Indirect Dependency m t Module 9: vSphere C lusters699 9-86 VM Dependencies in Orchestrated Restart (2) In vSphere 6.5 and later, vSphere HA restarts VMs only from a failed host. Configure affinity rules to keep VMs on the same host if necessary. VM 0 To play the animation, go to httrs://,•mwarc.bravais.com'siJDg7NJ3DjVli7r6Fi'ltl QO. 700 Module 9: vSphere Clusters 9-87 Network Configuration and Maintenance Disable host monitoring before modifying virtual networking components that invotve the VMkernel ports configured for management or vSAN traffic. This practice prevents unwanted attempts to fail over VMs. Ed~t Ouster Settings x IC~'°' _.. ...... C) .-. .,.-......_..,.._ .... --- -··..-- ,"""-~--~ .... -ti.-.-·-·- ...-->ll•l-•-Plll--loJll:.lJVlll-•"'••- ;..,_ ... _............,,..:":] 1-..·--~"" ~-----3 '°"- The following network maintenance suggestions can help you avoid the false decection of host failure and network isolacion because of dropped vSphere HA heartbeats: • Changing your network hardware or network ing settings can interrupt the heartbeats used by vSphere HA to detect host failures, and might result in unwanted attempts LO fail over VMs. \Vhen changing the management or vSAN networks of the hosts in the vSpherc HA-enabled cluster, s uspend host monitoring and place the host in maintenance mode. • Disabling host monitoring is required only when modifying virtual networking c-0mponenrs and properties that involve the \TM.kernel ports con figured for the Management or vSAN traffic, which are used by the vSphere HA networking heartbeat service. • After you change the networking configuration on ESXi hosts. for example, adding port groups, removing virtual switches, or suspending host monitoring, you must reconfigure vSphere HA on all hosts in the cluster. T his reconfiguration causes the network information lo be reinspected. Then, you must reenable host monitoring. Module 9: vSphere Clusters701 9-88 Monitoring vSphere HA Cluster Status You can monitor the status of a vSphere HA cluster on the Summary page of the Monitor tab. -··--__ O ICM-Compute·01 ' v ;;,,,,......,. ._ ·-·........_ -- ...·-·-.. -o..c..-............ ~-- ....................... ---- -- . --.............__ --- -- ·- ··--·..·"'-. ......or. - ..1o0 ~ ............. _..___ '0 --- a .,.,._ .......... ~- 0 ..,,.,.,_ , 0 . . . . . . ,14 ..,. • CIM-1•<1..__... ~.... - c............ - ~-.t.i'toll' v ......_........_ '0 0 II .. ~~~~ · ~~~~ ""' ...... ~ You cluster or its hosts can experience configuration issues and other enors that adversely affect proper vSphere HA operation. You can monitor these errors on the Configuration Issues page. 702 Module 9: vSphere Clusters 9-89 Using vSphere HA with vSphere DRS vSphere HA os closely Integrated with vSphere DRS. When a faitover occurs, vSphere HA checks whether resources are available on thal host for lhe failover. • If resources are not available, vSphere HA asks vSphere ORS lo accommodate for the VMs where possible. vSphere HA might not be able lo fail over VMs for the following reasons: vSphere HA admission control is disabled. and resources are insufficient in the remaining hosts lo power on all the failed VMs. Sul!icient aggregated resources exist, but they are fragmented across hosts. In such cases. vSphere HA uses vSphere DRS to try to adjust the cluster by migrating VMs to defragment the resources. \Vhcn vSphere HA performs failover and restarts VMs on different hosts, its first priority is the immediate availability of all VMs. After the \1~·1s are restarted, the hosts in wh ich they were powered on are usual ly heavily loaded, and other hosts are comparatively lightly loaded. vSphere DRS helps to balance the load across hosts in the cluster. Module 9: vSphere Clusters703 9-90 Lab 26: Using vSphere HA Use vSphere HA functionality: 1. Enable vSphere HA in a Cluster 2. View Information About the vSphere HA Cluster 3. Configure Network Management Redundancy 4. Test the vSphere HA Functionality 5. View the vSphere HA Cluster Resource Usage 6. Configure the Percentage of Re1;0urce Degradation to Tolerate 704 Module 9: vSphere Clusters 9-91 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Recognize the requirements for creating and using a VSphere HA cluster • Configure a vSphere HA cluster Module 9: vSphere Clusters705 9-92 Lesson 6: Introduction to vSphere Fault Tolerance Lesson 6: Introduction to vSphere Fault Tolerance vmware· 706 Module 9: vSphere Clusters 9-93 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe the features and benefits of using vSphere Faull Tolerance Desclibe how vSphere Fault Tolerance works Desclibe how vSphere Fault Tolerance works with vSphere HA and vSphere DRS Enable vSphere Fault Tolerance using the vSphere Client Module 9: vSphere Clusters707 9-94 About vSphere Fault Tolerance vSphere Faull Tolerance provides instantaneous fallover and continuous avallabllity: Zero downtime Zero data loss No loss or VM network connectivity lnst\lntO)nOQu$ I I B Failover B Primary Virtual Machine secondary Vlrtual Machine Cl~l{PrOd ESX1 HO~ls Im o ml 1111 0 111 I You can use vSphcre Fault Tolerance for most mission-critical Vlvfs. vSphcre Fault Tolerance is built on the ESXi host platfonn. The protected VM is c.alled the primary VM . The duplicate VM is called the secondary VM. The secondary V1v1 is created and ruos on a different host 10 the primary VM . The secondary VM 's execution is identical to that of the primary VM. The secondary Vivi can take over at any point without interruption and provide fault-tolerant protection. The ptimary VM and the secondaty VM continuously monitor the status of each other to ensure that fault tolerance is maintained. A transparent failover occurs if the host running the primary Vivi fails, in which case the secondary VM is immediately activated to replace the primary VM. A new secondary VM is created and started, and fault tolerance redundancy is reestablished automatically. If the host running the secondary VM fai ls, the secondary VM is also immediately replaced. In either case, users experience no interruption in service and no loss of data. 708 Module 9: vSphere Clusters 9-95 vSphere Fault Tolerance Features VSphere Fault Tolerance protects mission-critical, high-performance applications regardless of the operating system used. VSphere Fault Tolerance: Supports VMs configured with up to 8 vCPUs and 128 GB memory Supports up to four lault-tolerant VMs per host with no more than eight vCPUs between them Supports vSphere vMotion migration for primary and secondary VMs Creates a secondary copy or all VM files and d isks ProVJdes fast checkpoint copying to keep primary and secondary VMs synchronized Supports multiple VM disk formats; thin provision, thick provision lazy-zeroed, and thk;k provision eager-zeroed Can be used with vSphere DRS only when Enhanced vMotion Compatibillty is enabled Supports interoperability with vSAN You can use vSphcre Fault Tolerance with vSphere DRS only when the Eo.h anccd vMotion Compatibility feature is enabled. \Vhen you enable EVC mode on a cluster, vSpherc DRS m akes the i nitial placement recommendations for fault-to lerant Vl\ols, and you can assign a vSphcrc DRS automation level to primary VMs. The secondary Vl\ol always assumes the same setting as its associated primary VM. \Vhcn vSphcre Fault Tolerance is used for VMs in a cluster that has EVC mode disabled, the fault- tolernnt Vlvls are given the disabled vSphere DRS automation level. I n such a cluster, each primary VM is powered on only on its registered host, and its secondary VM is automatically placed. Module 9 : vSphere C lusters709 9-96 vSphere Fault Tolerance with vSphere HA and vSphere DRS vSphere HA and vSphere DRS are vSphere Fault Tolerance aware: vSphere HA: - Is required for vSphere Fault Tolerance - Restarts failed VMs vSphere DRS: - Selects which hosts run the primary and secondary VM, when a VM is powered on - Does not automatically migrate fautt-tolerant VMs Primary Machine secondary New Secondary Mac,hine Machine EJE1 ESXi I111 0 ESX1 111 I I111 0 A fault-tolerant VM and its secondary copy are not allowed to nm on the same host. This restriction ensures that a host failure cannot result in the loss of both VMs. 710 Module 9: vSphere Clusters 9-97 Redundant VMDK Files vSphere Faull Tolerance creates two complete VMs. Each Vl'v1 has its o\vn .vmx configuration file and . v:mdk files. Each VM can be on a different datastore. Seconda!)' .vmx file .vmdk file .vmdk file Datastore 1 .vmdk file .vmdk file .vmdk file .vmdk file Datastore 2 vSphcrc Fault Tolerance provide.s failovcr redundancy by creating two full \/Nl copic.s. The VM files can be placed on the same datastore. However, VMware place these fi les on separate datastores to provide recovery from datastore failures. Module 9: vSphere Clusters711 9-98 vSphere Fault Tolerance Checkpoint Changes o·n the pnmary VM are not processed on the secondary VM. The memory is updated on the secondary VM. ESXo .. Network F ESXi 0 To play the animation, go to httrs://,•mwarc.bravais.com'sla8GAXMVDFHx\'/LstdhM 1G. 712 Module 9: vSphere Clusters 9-99 vSphere Fault Tolerance: Precopy Using vSphere Fault Tolerance, a second VM is created on the secondary host. The memory of the source VM is then copied to the secondary host. Primary VM S&eondaiy VM Memory Bitmap vSphere Fault Tolerance Logging Network -+--...L..-t++ - - - - - - - - - ' -+ - VM Port GfO\JJ)-+- - - -"++-- - - - - - - - - . . . L . . - - VM End use( 0 To play the animation, go to httrs://,•mwarc.bravais.com'slXM l 111rNGU5vPd61 IV n3fv. Module 9: vSphere C lusters713 9-100 vSphere Fault Tolerance Fast Checkpointing The vSphere Fault Tolerance c.heckpoint interval is dynamic. It adapts to maximize the workload performance. vmxconfl9 D&viees Dl:Sks VM Memory checl(polnt VM VM • · - - ~Sph;.; F;utt T~r;n~; N.;t;~ - - - Primary H ost Secondary Host 0 To play the animation, go to httrs://,•mwarc.bravais.c11mis 1Kall<VB.1NsBp Y7hn5bmGs. vSphcre Fault Tolerance uses an algorithm that provides fast, continuous copying (checkpointing) of the primary host VM. The primary VM is copied (checkpointed) periodically, and the copies arc sent to a secondary host. lfthe primary host fails, the VM continues on the secondary host at the poim of its last network send. The goal is to take checkpoinis of VMs at least every I0 mill iseconds. The primary VM is continuously copied (checkpointed), and these copies (checkpoints) are sent to a secondary host. The initial complete copy (checkpoint) is created using a modified fom1 of vSphcre vMotion migration to the second:LTy host. The primary VM holds e~ch outgoing network packet until the foUowing copy (checkpoint) has been sent to the secondary host. In vSphcrc Fault Tolerance, checkpoint data makes up the last changed pages of memory. T he source VJ\1 is paused to access th.is memory. T his pause is typically under one second. 714 Module 9: vSphere Cluste rs 9-101 vSphere Fault Tolerance Shared Files VSphere Fault Tolerance has shared files. The sh ared . vmft file ensures that I.h e primary VM always retains the same UUID. The • ft-generation file is for the spilt-brain condition. I UUID·2 I VM Primary Host Secondary Host 0 To play the animation, go to httrs://,•mware.bravais.com's' 2c9Y6hQ4X4uF\V\V1.STcFk. The shared . vmft file, which is fo und on a shared datastore, is the vSphere Fault Tolerance metadata file. This file contains the primary and secondary instance UUIDs and the primary and secon(tary \ r111x paths. vSphere Fault Tolerance avoids split-brain situations, which can le'1d to two active copies of a virtual machine after recovery from a failure. T he . ftgeneration file ensures that only one VM instance is designated as the primary Viv!. Module 9: vSphere Clusters7 15 9-102 Enabling vSphere Fault Tolerance on a VM You ean tum on vSphere Faull vm vSoh.ere Chen! Tolerance for a VM using the vSphere Client. II) Cil 0 ..."'(U4)1Y(ltfflO(il IJs ICM.O<lUC«llflt Ci lob~, OICM~t..m W·~OlVO.W.Joc; a ll l-f~02¥Clim fj.llrlo~TI & .Pbotofl·t2 BJ Pl\ol~HW & W~10o02 Ci w ,").Of Ci Wnl().06 E'ilA'- -~ ..... • Guest OS • ........... • • , 1$ COftti;wrt' '# ~n ~~ COflSClllp ~ Ml(lf.m Gu.-.. ex • °""' f:"aul! Tolel.-.ce "" fl> ...... • Comoal1c.t.., ""'''<I Tum on F~11 i~• ,1! Tfll'\Cililltt Comootll..,y E.Q>ofl sv~em • l.O!Jt. 1 After you take all the required sieps for enabling vSpherc Fault Tolerance for your cluster, you can use the feature by turning it on for individual VMs. Before vSphere Fault Tolerance can be turned on, validation checks arc performed on a V'M. After these checks are passed, and you mrn on vSphere Fault Tolerance for a VM, new options are added to the Faull Tolerance section of the VM's context menu. These options include turning off or disabling vSphcre Faull Tolerance, migrating the secondary VM, testing failover, and 1cs1ing restart of the sec<mdary Vivi. \Vben vSpberc Faull Tolerance is turned on, vCenlCr Server resets the Vivi's memory limit 10 1he default (unlimited memory) and sets the memory reservation to tbe memory size of the VM. WbHe vSphere Fault Tolerance is turned on, you cannot change the memory reservation, size, lilnit. number of virtual CPUs, or shares. You also cannot add or remove disks for the VM . When vSphere Fault Tolerance is turned off, any parameters that were changed are not reverted to their original values. 716 Module 9: vSphere Clusters 9-103 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe the features and benefits of using vSphere Faull Tolerance Desclibe how vSphere Fault Tolerance works Desclibe how vSphere Fault Tolerance works with vSphere HA and vSphere DRS Enable vSphere Fault Tolerance using the vSphere Client Module 9: vSphere Clusters717 9-104 Activity: Virtual Beans Clusters (1 ) As a Virtual Beans administrator, you want to place ESXi hosts in a vSphere cluster for a scalable and highly available infrastructure. Match the goal to the feature that helps achieve the goal. Goal ,, Add ESXi hosts to the data center and let vSphere balance the load across the hosts. o Make business-critical applications 99.99 percent available (downtime per year of 52.56 minutes). o Identify VMs that are experiencing serious resource contention. o Improve the performance of certain VMs by ensuring that they always run together on the same host. 71 8 Module 9: vSphere Clusters vSphere Feature o vSphere HA o vri.~ scores o Cluster Quickstart o vSphere Fault Tolerance o VM-Host affinity 9-105 Activity: Virtual Beans Clusters (2) As a Virtual Beans administrator, you want lo place ESXI hosts In a vSphere cluster for a scalable and highly aval!able infrastructure. Match the goal to the feature that helps achieve the goal. Vlnual Beans Goals vSphere Feature Add ESXI hos ls to tile dato center aJ1d lel vSp~ere balan<:e lhe load across the hosts- vSphe<e DRS "'1ake business..crtticalappl i~tions 99.99 percent avatlable {downtime per year of52.56 minutes). \/Sphere HA or YSphere Fault Tolerance Identify VMs that are experiencing serious resoutce contention. VMscores. Improve the performance of certain VMs by en$unng t~t they always n;n together on the s"me host VM-Hosl offmrty Module 9: vSphere Clusters719 9-106 Key Points When you create a cluster, you can enable vSphere DRS, vSphere HA, vSAN, and the ability to manage image updates on all hosts collectively. vSphere ORS clusters provide automated resource management to ensure that a VM's resource requirements are satisfied. vSphere DRS works best when the VMs meet vSphere vMotion migration requirements. vSphere HA restarts VMs on the remaining hosts in the cluster. You implement redundant heartbeat networks either with NIC teaming or by creating additional heartbeat networks. vSphere Fault Tolerance provides zero downtime for applications that must always be available. Questions? 720 Module 9: vSphere Clusters Module 10 vSphere Lifecycle Management Module 10: vSphere Lifecycle Management Module 10: vSphere Lifecycle Management 721 10-2 Importance Managing the life cycle of vSphere involves keeping vCenter Server and ESXi hosts up to date and integrated with other VMware and third-party solutions. To achieve these goals, you must understand how to use the new features provided by vSphere Lifecycle Manager, namely, cluster.level management of ESXi hosts and the vCenter Seiver Update Planner. 722 Module 10: vSphere Lifecycle Management 10-3 Module Lessons 1. vcenter Server Update Planner 2. Overview of vSphere life<:ycle Manager 3. Working with Baselines 4. Working with Cluster Images s. Managing the Lne Cycle of VMware Tools and VM Hardware Module 10: vSphere Lifecycle Management 723 10-4 Virtual Beans: Lifecycle Management Virtual Beans is struggling with its current lifecycle management process. The process is mosUy manual and is error-prone and inefficient. The company wants lo use vSphere Ufe<:ycle Manager. It hopes that this feature can provide a centralized, automated patch and version management system for keeping vSphere components up 10 date: vCenter Seiver ESXi hosts Virtual machines: - VM hard\11are - VMware Tools As the vSphere administrator. you must implement vSphere Lifecycle Manager in the Virtual Beans data center. 724 Module 10: vSphere Lifecycle Management 10-5 Lesson 1: vCenter Server Update Planner Lesson 1: vCenter Server Update Planner vmware· Module 10: vSphere Lifecycle Management 725 10-6 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe features of the vCenter Se1Ver Update Planner Run .Center SeNer upgrade prechecks and interoperability reports Export prechecks and interoperability report results 726 Module 10: vSphere Lifecycle Management 10-7 Overview of vCenter Server Update Planner In vSphere 7, you can use the Update Planner feature for planning updates to VCenter Server and other VMware products that are registered with it. The Update Planner can perform the following tasks: Retrieve information about VMware products registered with vCenter Server. List available VCenter Server updates and upgrades, Create interoperability reports. Perform a precheck to verify that your system meets the minimum software and hard\vare requirements for a successful upgrade of vCenter Server. Module 10: vSphere Lifecycle Management 727 10-8 Update Planner Requirements The Update Planner feature is available for vCenter Server 7 .0 or later. You must join the VMware Customer Experience Improvement Program (CEIP) to generate an interoperability or precheck repcrt. -. (} $b·VCstl·02.VCl&SS.IOC41 . •< "'11• .. _ ...., . . . ... .. ......... ........,...,,. T_ _ ._ .,. -.c...,_"""""'0""1'!1 """'-T _..__.,,.. .. _ ......... _.•·,..... ,.._ ,............ ..e· .... -.i ...- . - "°" ...w.._,_.,.......,~r-•vom,,•• •-,.ivw-•~("• r-••• •=•~·"•,.. \- ...... ~- '... ... °"""' ... ~ ,, . ..... -.-........._ ·-·· ~ . . .""°"". , .....---~ ....,...(.011..1 ......... ~~...- ~-~~·Me w..- ,..cioer... .... l.ae!·-....... a:IP &iOttQt' .,,. c.n·--- ,)f., _ ~ ·- c \Vhcn generating reports, if the Customer Experience Improvement Program (CEIP) is not yet accepted, a prompt de.scribing CEIP appears. Reports are not generated if you do not join CEIP. 728 Module 10: vSphere Lifecycle Management 10-9 Update Planner View in the vSphere Client When a ne\V vCenter Server version is avail.able, the ne-.v version appears on the Updates tab of the vSphere Client. • • -""'--··--·- - ~- -- . - ·~ .- - - . -- ·- . ...-.c.. ..._ ...... ,_ ~ -· . -- ·-- \Vhen new vCentcr Server updates arc released, the vSphere Client shows a notification in the Summary tab. Clicking the notification directs you to the Updates tab. The Updates tab has an Update Planner page. This page shows a list of vCcnter Server versions that you can select. Detai ls include release date, version. build, and other informacion about each vCenter Server version available. The Type column tells you if the release item is an update. an upgrade, or a pacch. If multiple versions appear, the recommended version is preselected. After selecting a vCenter Server version from the list, you can generate product interoperability reports and preupdace reports. Module 10: vSphere Lifecycle Management 729 10-10 Interoperability View in vSphere Client The Interoperability page on the Moni tor lab sho\vs VM\Yare products that are currently registered with vCenter Server and their compatibility with the current version of vCenter Server. --.. __ . --- ----) --,.. ) ""''""- ... ""'"' -- _, ... ;~ --~ ~....--~- ..... , -.. p-IS _..._..1~ ... ..... ~--·.,._........, _ _ ,...,• .,""' te -- c - ln the vSphere Client, the Interoperability page appears on the ~<fonitor tab of vCenter Server. Tltis page displays VMware products currently registered with vCenter Server. Columns show the name, current version, compatible version, and release notes of each detected product. If you do not see your registered VMware products, you can manually modi fy the list and add the appropriate names and versions. 730 Module 10: vSphere Lifecycle Management 10-11 Exporting Report Results You can export report results 1n CSV formal and use the report as a guide to prepare for an update. Both product interoperability and precheck reports can be exported. ProelJct lnte1ope1abll1ty ~ I •oo "'o°""' I lll•M• I 0 0 ---· ---·"' ... " ·-... -· •••• '-"·- ~·~·!iOll ·~Of'(,~Of <!) l:.SlUUJ 0 0 c ESlll t.» N$Xlo<Y~f ca · -,,_l)Qoi. ~ sw~-..~~ --·-.........Oil. <...1t1on~ ~ " •• •• •• V • .... ... u• M:ll-<l'!Jltl•- 'l l Module 10: vSphere Lifecycle Management 731 10-12 Managing the vCenter Server Life Cycle To manage the life cycle of vCenter Server, use the vCenter Server Management Interface (VAMI) to update and patch, and use the vCenter Server installer to upgrade. -· __ ....... _._ -- ·- ---·---·-- -- .:: ,.... ~r.o~ -- -- 732 ?O».~>.. - ..::.:.!!:.] ·- -- -• Module 10: vSphere Lifecycle Management io 1' --- -·- w ..,,. ~··· 10-13 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe features of the vCenter Se1Ver Update Planner Run .Center SeNer upgrade prechecks and interoperability reports Export prechecks and interoperability report results Module 10: vSphere Lifecycle Management 733 10-14 Lesson 2: Overview of vSphere Lifecycle Manager Lesson 2: Overview of vSphere Lifecycle Manager vmware· 734 Module 10: vSphere Lifecycle Management 10-15 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Recognize features of vSphere lifecycle Manager Distinguish between managing hosts using baselines and managing hosts using images Change the patch download source Module 10: vSphere lifecycle Management 735 10-16 Introduction to vSphere Lifecycle Manager vSphere Lifecycle Manager centralizes automated patch and version management for clusters, ESXi, drivers and firm\vare, VM hardware, and VMware Tools. vSphere Lifecycle Manager features include: Upgrading and patching ESXi hosts Installing and updating third-pa11y software on ESXi hosts Standardizing Images across hosts In a cluster Installing and updating ESX1drivers and firmware Managing VMware Tools and VM hardware upgrades Q.__ • " '' $Nlr1a.A.\ 0 ""'"_...Cl.At.,.. ;.i ~.rd,...,_ • •J ..... Q SU.IOI! • I • •..rt c. a l>b-"'"'' '°" Woiioo.d ~ I!<'« • "' • l;ortf"'I !$') (iiOfMI ~IO'Y ...,, ,,,._ W,tir!O Ool.llJ Somltet ....._..,_ 0 Atll!lf'J~I •llOll c .... .,. ...... "'Tm&:c;ien1A1~::w.- Module 10: vSphere Lifecycte Management • 2:~ IA Pok-.. ..a P<u-.: 0 .Aulo Dtt*"t 736 ' • • • • Ml • ... • • 10-17 Baselines and Images vSphere Lifecycle Manager supports two methods for updating and upgrading ESXi hosts. Only one method 1s supported al a time. If you switch from managing using baselines to managing using images, you cannot switch back. IAan.agtng Using Baselines r.tanag1ng Using Images Compares esx; hosts ag9lnst an ESXi mator version, Compares ESXI hosts against a customized Image that group of patches. or set of extensions Includes a baise ESXi image, one or more itdd·oo componftnts, ooe or mme vendor add.on components, firmware and dnVets Supports all versions or ESXi from 6.5 and later. SUpports ESXi verslOn 7 .0 and later Basehnesattach to 1ndrt1doal ESXi !}()Sf.$ Hosls "'a cluster are managed coUecbvely, wdh one ESX1 ho~ Image pet clust~r ES.Xi upgrades through ISO lmage.s ESX1 upgrades through image depots {ZIP files) ESX1 updates or patches are bundled into baselines ESXJ updates or patches are bulldled and d1stnbuted as new ESXi version5 Module 10: vSphere Lifecycle Management 737 10-18 vSphere Lifecycle Manager Home View In the vSphere Life<:ycle Manager home view. you configure and administer the vSphere Lilecycle Manager instance that runs on your vCenter SeNer system. From the drop-down menu at the top of the Lifecycle Manager pane. you can select the vCenter Server system that you want to manage. To access the vSphere Lile<:ycle Manager home view in the vSphere. Client, select Menu > Lifecycle Manager. - ,._, •.. -· ... ·-·--. ........ - - _ ... ·-·-·-- ... _ - -· ·-,. ___ ·--- ·- l'-r, . .. . ..,'"lf"' - · - ........ ... ---- ·~ .·-- _.. ______ ---- ---- --· You do not require special privileges to access the vSphcrc Lifecyc lc 1vlanagcr home view. In the Lifecyclc Manager pane, you can access the following tabs: I mage De1101, Updates, Imported ISOs, Baseli nes, and Settings. 738 Module 10: vSphere Lifecycle Management • 10-19 Patch Settings By default, vSphere Lifecy<:te Manager is configured to download patch metadata automatically from the VMware repository. Select Settings > Patch Setup to change the patch download source or add a U RL to configure a custom download source. ........ ... ---- . ,.... - -- -_____ -- ·-·-· -- - -- ·-_ -... . -· .....,..._,..., ..., ____ - _ .. .,. ,,_ .. ·- ., - V-·--WV"-... tVI• ·--... Module 10: vSphere Lifecycle Management 739 10-20 vSphere Lifecycle Manager Integration with vSphere DRS When performing remediation operations on a cluster that is enabled with vSphere DRS, vSphere LJfe<:ycle Manager automatically integrates with vSphere DRS: WhenvSphere Lifecycle Manager places hosts into maintenance mode, vSphere ORS evacuates each host before the host is patched. When vSphere Life<:ycle Manager attempts to place a host into maintenance mode. certain pre<:hecks are performed to ensure that the ESXi host can enter maintenance mode. The vSphere Client reports any configuration issues that might prevent an ESXi host from entering maintenance mode. 740 Module 10: vSphere Lifecycle Management 10-21 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Recognize features of vSphere lifecycle Manager Distinguish between managing hosts using baselines and managing hosts using images Change the patch download source Module 10: vSphere lifecycle Management 741 10-22 Lesson 3: Working with Baselines Lesson 3: Working with Baselines vmware· 742 Module 10: vSphere Lifecycle Management 10-23 Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify types of baselines and baseline groups Recognize how to create baselines Describe how to update hosts using baselines Module 10: vSphere Lifecycle Management 743 10-24 Baselines and Baseline Groups A baseline Includes one or more patches, extensions, or upgrades. vSphere Lifecycle Manager includes the follo\ving dynamic baselines by default: Clitical Host Patches • Non-Critical Host Patches • Host Security Patches A baseline group includes multiple baselines. Baseline groups can 0-0ntain one upgrade baseline and one or more patch and extension baselines. 744 Ot1li0~ - - · • ·- • II•- > --- -· -·· -·- __ -- - -·--·--- - ._ __ ,, Module 10: vSphere Lifecycle Management -----· ----·-- - .. ... ...,,, 10-25 Creating and Editing Patch or Extension Baselines Using the New Baseline wizard, you can create baselines to meet the needs of your deployment Fixed patch baseline: Set of patches that do not change as patch availability changes. Dynamic patch baseline: Set of patches that meet certain critena Host extension baseline: Contains additional software for ESXi hosts. This addttional software might be VMware or third-party software. When you create a patch or extension baseline, you can filler the patches and extensions available in the vSphere Lifecycle Manager repository to find specific patches and extensions lo include in the baseline. Module 10: vSphere Lifecycle Management 745 10-26 Creating a Baseline To create a baseline, select Lifecycle Manager from the Menu drop-down menu. Click NEW > Baseline. o--~ ;21.....__,_, c.-- L lecycle M¥1a9er .__--~ Bc:or-•1.••- • JIC:W • ._,~.._ be'''~ ,,ca......--. ~~Orouo · ~ c:- - - -..... .-!lo-·-..._ I~... •P.OW'9to<J• (>1,,_.-10to~,..............I . ..a.e ..... ......"' '*"' ""- ' • - ~-;""'""''"""CJ''~ .-....cu.1. u.c.-........or - - ·-"~ .. ........ __. 746 Module 10: vSphere Lifecycle Management 1 1 . . -... • ,_ ,..... •>o too •<:o ,,(l..!)0 •'o.•i>o 'o· ·-,_._.,..,..,. ,_,_ 11 ......... _ • 10-27 Creating a Baseline: Name and Description Provide the name, a description, the content of the basehne, and the ESXi version that this baseline applies to. ---- -·------·-.~ -- - --- __ .... _.. .. .._ ·-·--;;. ................ ~-""' I,.,. ~ Module 10: vSphere Lifecycle Management 747 10-28 Creating a Baseline: Select Patches Automatically To create a dynamic baseline, set the cnteria for adding patches to the baseline and select the check box for automatic updating of the baseline. -·-- -. . ... --..-··--· ...(..,----_.,, ____ -_,,_. -----....... .. ,................ ,_ ........ , ,.._, -·-·-·-- -· __ __ ........ I - 11-.-,., . .•,__.,,_.- - · - - · , ,.. .... _,,,...... ....... ... I f • • • .. • T ~ •• • .. It • ·~ _ A dynamic baseline is a set of patches that meet certain criteria. The content of a dynamic baseline changes as the available patches change. You can manually exclude or add specific patches to the baseline. 748 Module 10: vSphere Lifecycle Management 10-29 Creating a Baseline: Select Patches Manually To create a fixed basel1ne, select the patches that you want to include in the baseline. You m ust also disable lhe automatic updates by deselecting lhe check box on the Selecl Patches Automatically page. __ ___ ... ..__ _. , 1---·--- - ---- -- -----· --·--· • --- ---- ---- -· -- -· A fixed baseline is a set of patches 1hat docs not change as patch availability c hanges. Module 10: vSpher e Lifecycle Manag ement 749 10-30 Updating Your Host or Cluster with Baselines Managing the life cycle of a standalone host or cluster of hosts is a rive-step process: 1. Select your host or cluster and select the Updates lab. ...... ,,.,... - --- ·--- -- The Baselines windov1 is the default vie\v. 2. Attach one or more baselines. 3. Check compliance of your host or cluster v1ith the attached baselines. 4. Perform a precheck before remediating. 5. Remediate the host or cluster. Optionally, stage your patches to copy them to hosts for remediation later. 750 Module 10: vSphere Lifecycle Management -·- • ·--• • . - 10-31 Remediation Precheck • The Remediation Pre-check In vSphere Lifecycle Manager helps to verify that your remediation is successful. .. vSphere Lifecycle Manager notifies you about any actions that it takes before the remediation and recommends actions for your attention. -- -· -- ·- ..·- - ·- )~"'i..1.., . - -.....(~lltrlMmd ...· - d l liiiifii I ifl~ . ---··-- --- --• • . .. ~ ·I m Module 10: vSphere Lifecycle Management 751 10-32 Remediating Hosts During the remediating process, the upgrades, updates, and patches from the compliance check are applied to your hosts: You can perform the remediation immediately or schedule It for a later date. Host remediation runs in different ways, depending on the types of baselines that you attach and whether the host is in a cluster. For ESXi hosts in a cluster, the pr0<:ess is sequential by default. The remediation of hosts m a cluster temporarily disables cluster features such as vSphere HA admission control, 752 Module 10: vSphere Lifecycle Management 10-33 Review of Learner Objectives After completing this lesson, you should be able to meet the following objectives: Identify types of baselines and baseline groups Recognize how to create baselines Describe how to update hosts using baselines Module 10: vSphere Lifecycle Management 753 10-34 Lesson 4: Working with Images Lesson 4: Working with Images vmware· 754 Module 10: vSphere Lifecycle Management 10-35 Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe ESXi images Import ESXi updates into the vSphere Client Enable vSphere Lifecycle Manager in a cluster Define a cluster image using vSphere L~ecycle Manager Validate ESXi host compliance against a cluster image Update ESXi hosts using vSphere Lifecycle Manager Apply a recommended image to the hosts in a cluster Module 10: vSphere Lifecycle Management 755 10-36 Elements of ESXi Images Managing clusters wilh images helps to standardize lhe software running on your ESXi hosts. An ESXi Image consists of several elements: ESXi base image: An update that provides software fixes and enhancements Components:A logical grouping of one or more VIBs (vSphere Installation Bundles) that encapsulates a functionality in ESXi Vendor add-ons: Sets of components that OEMs bundle together with an ESXi base image Firm\vare and Drivers Add ~On: Firmware and driver bundles Firmware and Drivers Add-On ComPQnents that you can define for your c·luster image To maintain consistency, you apply a single ESXi image to atl hosts in a cluster. Base Image (ESXI Version) ESXi Image The ESXi base image is a complete ESXi installation package and is enougb to start an ESXi host. Only VMware creates and releases ESXi base images. The ESXi base image is a grouping of components. You must select at least the base image or vSphere version when creating a cluster image. Starting with vSphere 7. the component is the smallest unit that is used by vSphere Lifecycle N!anager to install VNlware and third-party sotlware on ESXi hosts. Components are the basic packaging for VIBs and metadata. The metadata provides the name and version of the component. On installation, a component provides you with a visible feature. For example, vSphere HA is provided as a component. Components are optional elements to add to a cluster image. Vendor add-ons are custom OEM images. Eacb add-on is a collection of components customized for a family of servers. OEMs can add, update, or remove components from a base image to create an add-on. Selecting an add-on is optional. 756 Module 10: vSphere Lifecycle Management The firmware and drivers add-on is a vendor-provided add-on. ft contains the components that encapsulate fimnvare and driver update packages for a specific server type. To add a firmware and drivers add-on to your image, you must first instal l the Hardware Support /vlanager plug-in for tl1e respective family of servers. Module 10: vSphere Lifecycle Management 757 10-37 Image Depots The landing page ror the vSphere Lifecycle Manager home view is the Image Depot tab. In lhe Image Depot tab, you can view details about downloaded ESXi elements: • ESXi versions Vendor add-ons Components -- - ··- --0 "" -... ........ ~ ·----··- ,_ •o~ -- t "" wo-10..,._ .....___.~ --....-..-......___ """t-11 •""'°"'' _"'._..,,...,. ot a-11< · -. ., r..-~ ,..,.....,_ ---f'O;.--·-·---... ------~-- "' ---.-~ •.,, . _ , _ _ Q:4M~ .. - . _ _,.,._..,.,,,_ ·--••-o•.- _ _ _, _ . _ . , _ ... I'< P•m•- ~---o-.c-..,._ __ < ... - ......,_,_.,.._ ·----------·- ··- ····~- \Vhen you select a downloaded fi le, the details appear to the right: • \Vhen you select an ESX i version, the de~1ils include the version name, build number, category, and description, and the list of componcnis that make up the base image. • \Vhen you select a vendor add-on, the details include the add-on name, version, vendor name, release date, category, and the list of added or removed componenis. • \Vhen you select a com1xment, t.he details include the component name, version, publisher, release date, category, severity, and contents (V IBs). 758 Module 10: vSphere Lifecycle Management 10-38 Importing Updates To use ESXi updates from a configured online depot, select Sync Updates from the Actions drop-down menu in the Lifecycle Manager pane. You can also use ESXi updates from an omine bundle: • From the Actions drop-down menu, select Import Updates. Enter a URL or browse for a ZIP file lhat contains an ESXl image. -..- ·- ... -~ - - --- - _____ _ ___ _ ---·i.,..., ........ ,, ,, .. ..,_ - • .... -· · - ............._ .._ .••___,......._r.o..,. ~"=-=··'-'-=-------"'" l - ... I ........ - Module 10: vSphere Lifecycle Management 759 10-39 Using Images to Perform ESXi Host Life Cycle Operations After all ESXi hosts in a cluster are upgraded to vSphere 7, you can convert their lifecycle ---·----·-....--···---1 -__ --...-_. ·-··-·-·--- -. -·--··----.. -··--. - -- ·- management from baselines to Images. You set up a single image and apply it to all hosts in a cluster. This step ensures cluster- wide host image homogeneity. To set up a cluster image, the following requirements apply: All ESXi hosts must be version 7 or later. All ESXI hosts must be statefully installed. Ideally, all physical hosts should be from lhe same vendor. .. _ ·-··--·· - ____ ___ ....._. ·------·.._ ------· ____.....____ .. ..__ ___......... .. _,._,,_ -- ..... Manage \'11th a single image .. ., 760 Module 10: vSphere Lifecycle Management , 10-40 Creating an ESXi Image for a New Cluster When creating a cluster, you can create a corresponding cluster image: New Cluster ·-· 1. Create a cluster. 2. Select the Manage image setup and updates on all hosts collectively check box. 3. Define the ESXi version for your cluster image. .,._ icM~• Ill x --~·f9f' a> ~ere flllS ~ Ci) ~C'W,..., ~ ·~· ~ 4. (Optional) Select vendor add-0ns for the host. Only add-ons that are compatible with the selected vSphere version appear in the dropdown menu. - 7 0 G4 1S&Uk>7 After your cluster is created, add ESXi hosts to it. The Create New Cluster wizard introduces a switch for enabling vSphcrc Lifccyclc Manager and selecting clen1c11ts for tl1e desired cluster i1,-1age. You can fhrther customize the image in the cluster update settings. M odule 10: vSphere Lifecycle Management 761 10-41 Checking Image Compliance After you define a valid image, you can perform a compliance check to compare that image with the Image that runs on the ESXi hosts in your cluster. You can check the image compliance at the level of various vCenter Server objects: At the host level for a specific ESXi host At the cluster level for all ESXi hosts in the • ... •l-••w - - · · - - ..... .... ...... - ... "'" -_.. cluster ...... ""'d _ _ ,,........ - .....~ ... "" ......... ---..-..... · ·--- --· ~,. ,.... ·- ...... .,,_ -_,... ~""" --- At the data c-enter level for all clusters and . hosts in the data center At the \/Center Server level for all data centers, clusters, and ESXi hosts in the vCenter Server inventol)'. ·-· The status of a host can l>e unknown, compliant, out of compliance, or not compatible with the 11nage. • A host status is unknown before you check compliance. • A compliant host. is one that. has the same ESXi image defined for the cluster and with no standalone Vll3s or differing components. • If the host is out of compliance, a message about the impact of remediation appears. Ln the example, the host must be rebooted as part of the remediation. Another impact that 1night be reported is the requi.rcment that the host enters maintenance mode. • A host is not compatible if it. runs an image version that is later than the desired cluster image version, or if the host does not meet the installation requirements for the vSphere build. 762 Module 10: vSphere Lifecycle Management 10-42 Running a Remediation Precheck To ensure that the cluster's health is good and that no problems occur dunng the remediation process of your ESXi hosts, you can perform a remediation precheck. ... The procedure for a remediation precheck is as follows: In the vSphere Client, click Hosts and .._ ........... _. ___ '1':.1.0I-- --·-o-.r.-• Clusters and select a cluster that is managed by an image . In the Updates tab, click Image. In the Image Compliance pane, run a remediation precheck. Module 10: vSphere Lifecycle Management 763 10-43 Hardware Compatibility The hardware compatibility chec·k verifies the underlying hardware of the ESXi host in the cluster against the vSAN Hardware Compatibility List (HCL). --__ ....... V M. "' C."' ,_ ~ c.c.tc....... .. c>........ ,._,..,~ -~~ ~-··a..· ~&Otltllty ...........".., ....,..._.,. x cr«k ,et1.oltt ~ .. ~C.~~l'Nfll~C..- l 11::0..."•• - - 0 U I Hardware compatibility is checked only for vSAN storage controllers and not with the full VMware Compatibility Guide. 764 Module 10: vSphere Lifecycle Management 10-44 Standalone VIBs When you convert a cluster to use vSphere Ufecycle Manager, ESXi hosts are scanned. During this scan, any VIB that is not part of an identified component is identified as standalone, and a warning appears. Before updating ESXi hosts, you can Import or ignore standalone VIBs: Import a component that contains the VIB and add it to the cluster image. • Ignore the \Varning and let the update process remove the VIB from the host. Convert to an Image Hosu Bolottk»?. !m;,ge VMware I ools. VM "4roware & Iden! Jed st.lndalor.e-y1b vmwar~fdm 7.0 O-l!K)543J2 on the foOcw.mg host(sr sa~x1 03 VC16$> !e«I Review the compliance details ar-d en'SUfe r.o '"amng about if\ls Vlb ~prKent- If present, import tti~ <:Ompooe-nt ((lC'ltt1n1n(I x th& Ql'I$\ \•1b l)nd tdd •t to !ht lmfQe A warning abou1a standalone VTB docs not block the process of converting the cluster to use vSphere Lifecycle lvlanager. If you continue to update ESXi, the Vl.B is uninstalled from the host as part of the process. You cannot include standalone V!Bs in a cluster image. Module 10: vSphere Lifecycle Management 765 10-45 Remediating a Cluster Against an Image When you remediate a cluster that you manage with an image, vSphere Llfecycle Manager applies the following elements to the ESXi hosts: ESXi image version Optional: vendor addon Optional: firmware and driver addons Optional: user specified components Remediation makes the selected hosts compliant with the desired image. You can remediate a single ESXi host or an entire cluster. or simply pre-check hosls witllout updating them. J •1-•weo _ _ _ .._ x __ __ .. .. .. o--. ,,............... .:A ..,_ . _...._ ......_ __ __ ,._..., - --·-- -__ ----. ..,..,.. - ••Cot> _...,, ... The Review Remediation Impact dialog box shows the impact summary, applicable remediation settings, End User License Agreement, and impact on specific hosts. vSphere Lifecyclc Manager pcrfom1s a prccheck on every remediation call. \'/hen the prccheck is complete, vSphere Lifecycle Manager applies tbe h1test saved cluster image to the hosts. During each step of a remediation process, vSphere Lifecycle Manager determines the readiness of the host 10 enter or exit maintenance mode or be rebooted. You can also click RUN PRE-CHECK to precheck hosts without updating them. 766 Module 10: vSphere Lifecycle Management 10-46 Reviewing Remediation Impact The Review Remediation Impact dialog box Includes the following information: Impact summary --_..__ Applicable remediation settings When the precheck is complete, vSphere Lttecycle Manager applies the latest saved clus1er image to the hosts. ---------------_.....-··-·-... End User License Agreement Impact 10 specific hosts vSphere Lifecycle Manager performs a precheck before each remediation. __ _ - .. -·--·-·---·-------·-·--- ·-·-- Module 10: vSphere Lifecycle Management 767 10-47 Recommended Images Using vSphere Lifecycle Manager, you can check for recommended images for a cluster that you manage with an image. vSphere Lifecycle Manager checks for compatibility across the image components. This process ensures that the recommended image fulfills all software dependencies. To check for recommended images: 1. In the Updates tab, select Image in the navigation pane. 2. Click the ellipses menu next to EDIT and select Check for recommended images. • --· _ ·--............. ,................. """'................ ,,.~ ...... ···-··~ ,.111 ......... ·- ..... . . . . . . . . 0 ............. 1..- '" .,,,,. ? ~.,,,.r 0 .......... - -·· J • __, n...... ... - ....."". I .., .. ·- _ ... ...,.....,.,.,.."-~"·-"""''"''..-r..-,,,."""'"'"' You check for image recommendations on demand and per cluster. You can check for recommendations for different clusters at the same time. \I/hen rec.o mmendation checks run concurrently with other checks. with compatibility scans, and with remediation operations, the checks are queued to run one at a time. If you have never checked recommendations for the cluster. the View recommended images option is dimmed . After you select Check for recommended images, the results for that cluster are generated. The Checking for recommended images task is visible to all user sessions and cannot be canceled. \I/hen the check completes, you can select View recommended images. 768 Module 10: vSphere Lifecycle Management 10-48 Viewing Recommended Images To view recommended images for a cluster: 1. Click the Updates tab for the cluster. 2. Select Act.ions under Cluster Image. 3. Select View r&commended images. 4. Select an image and click CONTINUE. vSphere shows the recommended images for clusters in the following categories: Latest release within the current series • Latest major release - .... -· ~ --·-·______ .....___ - -·.-.------·-- ..._ ... -------·---_____ _ -· ...----·.... -- --· __ ----- -- .. -- - .... I ..... \Vhen you view recommended images, vSphere shows the following types of images: • CURR.ENT fMAGE: The image specification that is being used to manage the cluster. • LATEST IN CURRENT SERJES: If available, a later version within the same release series appears. For example. if the cluster is running vSphere 7.0 and vSphere 7. I is released, an image based on vSphcrc 7.1 appears. • LATEST AND GREATEST: If available, a later version in a later major release. For example, if the cluster is running vSphere 7.0 or 7.1 and vSphere 8.0 is released, an image based on vSpbere 8.0 appears. Module 10: vSphere Lifecycle Management 769 vSphere might show one or more recommendations: • If the latest release within the current series is the same as the latest major version released, only one recommendation appears. • If the two releases are different, two recom.meudations appear. • lf the Cltrrent in1age is the sa1ne as tl1e ll1test release, no rec-0n11nendations appenr. 770 Module 10: vSphere Lifecycle Management 10-49 Selecting a Recommended Image You can select a recommended image and then validate and save ~ as the desired cluster image. ..,, ....... .. n - !, QI ·••• fl II< . --_ ... _. ___ _ ---- = -.... -·-· --- ·-- -. -- -.. --· .. D N.... 0..U.- (~ .,.._ • rm.ge •• -- •• • • ~ -You can use a recommended image as a starting point to customize the cluster image. When you select a reconunended image, the Edit Image workflow appears. You can perfonn these act ions: • Add or remove image components. • Validate and save the image. • Scan the cluster for compatibility. • Remediate the cluster. Module 10: vSphere Lifecycle Management 771 10-50 Customizing Cluster Images ......... """ -..·---·· ------fl ....-. .--.. adding, or removing components, such as the ESXi image version, vendor add-ons, firmware and driver add-ons, and other components. Ensures completeness of the image Verifies that the image has no missing component dependencies • Confirms that components do not conflJct with one another ••W ·-- .., .... _ ... _, __ _ ,....,..._ ..______ - O ~r .. • _ _ ---·- <;.ott_ _ _ Module 10: vSphere Lifecycle Management ..... ...... ·--·-·-· - 772 , ____ --.,..__ Before saving the image specification, you can validate it: - --·-·, .. -__ .._______ .....r-... - ,,,_ After you start managing a cluster with an image, you can edit the image by changing, ·--·-· _ .... ...._._ ...----·-- ........ (!=.., - 10-51 Lab 27: Using vSphere Lifecycle Manager Update ESXi hosts using vSphere Lifecycle Manager: 1. Import Update Files to the Image Depot 2. Create a Cluster with vSphere Lifecycle Manager Enabled 3. Add ESXi Hosts to the Cluster 4. Update ESXi Hosts Using the Cluster Image Module 10: vSphere Lifecycle Management 773 10-52 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objectives: Desclibe ESXi images Import ESXi updates into the vSphere Client Enable vSphere Lifecycle Manager in a cluster Define a cluster image using vSphere L~ecycle Manager Validale ESXi host compliance against a cluster image Update ESXi hosts using vSphere Lifecycle Manager Apply a recommended image to the hosts in a cluster 774 Module 10: vSphere Lifecycle Management 10-53 Lesson 5: Managing the Life Cycle of VMware Tools and VM Hardware Lesson 5: Managing the Life Cycle of VMware Tools and VM Hardware vmware- Module 10: vSphere Lifecycle Management 775 10-54 Learner Objectives After compleUng this lesson, you should be able to meet the following objective: • Use vSphere Lifecycle Manager to upgrade VMware Tools and VM hardware 776 Module 10: vSphere Lifecycle Management 10-55 Keeping VMware Tools Up To Date With each release of ESXi, VMware provides a new release of VMware Tools. New releases include: Bug fixes Security patches New driver support for ESXi enhancements Performance enhancements for virtual devices Keeping VMware Tools up to date is an important part of ongoing data center maintenance. Module 10: vSphere Lifecycle Management 777 10-56 Upgrading VMware Tools ( 1) From a host or ctuste(s Updates tab, select VMware Tools to manage the hfe cycle of VMware Tools. Step 1: Check the status of VMware Tools running in your VMs. AVM has one of the following status values: -- Upgrade Available Guest Managed Not Installed ,.,» _ __,...,_ ...,...,.... --- .. ·-- -• . --· -• •... ........ --- --- ··-... ... -- -- ··-· --· - --• • • Unknown • •• Up to Date , • • A Vl\11 has one ofrhe following VMware Tools stams values: • Upgrade Available: You can upgrade VMware Tools to match the current version available for your ESXi hosts. • Guest Managed: Your VM is running the Linux OpenVMTools package. Use native Linux package management tools to upgrade VMware Tools. • Not Installed: Consider installing VMware Tools in this Vt.I. • Unknown: vSphere Lifecycle Manager has not yet checked the status of VMware Tools. Ensure that the VM is powered on before clicking U1e CHECK STATUS link. • Up to Date: The version of VMware Tools running in the VM matches the latest available version for the ESXi host. 778 Module 10: vSphere Lifecycle Management 10-57 Upgrading VMware Tools (2) Select the VMs that use VMware Tools whose version you want to upgrade to a nev1er version. Step 2 : Click UPGRADE TO MATCH HOST. 1. Select the VMs to upgrade. 2. Schedule the upgrade. Plan the upgrade during your maintenance window. 3. Select rollback options. ..• -- _ _____...._.. .--. ··- ----··-··-- -·--·-- ·--·--- -- ·--- -- ---· ---·-··-. ------- --.. r- 1m11111111 Module 10: vSphere Lifecycle Management 779 10-58 Keeping VM Hardware Up To Date With each subsequent release of ESXi, VMIVare provides a ne\V release of VM hardware. As ESXi improves its hardware support, VMware often carries that support into its VMs. New releases include: · Greater configuration maximums • New types of hardware (for example, vGPU. vNVMe, vSGX, vTPM, and so on) Consider upgrading VM hardware only when new features are required. 780 Module 10: vSphere Lifecycle Management 10-59 Upgrading VM Hardware ( 1) Select VM Hardware to upgrade your VMs' hardware. Step 1: Check the status of the VM hardware running in your VMs. A VM has one of the following status values: Upgrade Available: You can choose to upgrade VM hardware to match the current version available for your ESXi hosts. Up to Date: The version of VM hardware running in the VM matches the latest available version for the ESXi host. . ................. --- _ _.............._ --- - - Module 10: vSphere Lifecycle Management 781 10-60 Upgrading VM Hardware (2) Select the VMs whose hardware version you v1ant to upgrade to the latest version available on the ESXi host on which they run. Step 2: Click UPGRADE TO MATCH HOST. 1. Select the VMs to upgrade. 2. Schedule the upgrade. Plan the upgrade during your maintenance window. 3. Select rollback options. -- - _. --- __ ------ - . - ·- - .. .. .... ___ -' _-----__ ... -- - -..--. ~ .....-- _ ._ --··-·..... -- -·. -·-·.- -·- -- ·-···----~ 782 .... ··-·"' M odule 10: vSphere Lifecycle Management _., 10-61 Review of Learner Objectives After compleUng this lesson, you should be able to meet the following objective: • Use vSphere Lifecycle Manager to upgrade VMware Tools and VM hardware Module 10: vSphere Lifecycle Management 783 10-62 Virtual Beans: Conclusion By developing vSphere knowledge and skills and helping to create a modern data center at Virtual Beans, you help lhe company meet its expanding business demands. Your manager recognizes your competence and assigns you as lhe lead vSphere administrator. Thinking of the continuous company growth, your manager considers you for cross-training and additional responsibilities. You think to yourself. "Now I must get that VMware certification!" VMware Certified Professional - Data Center Virtuallzation: https.//Wl•JW.vmware.com/education-serviceslcertification/Vcp-dcv.htrnl 784 Module 10: vSphere Lifecycle Management 10-63 Key Points With the Update Planner feature, you can pertorm prechecks to verify that your vCenter Server system meets the minimum requirements for a successful upgrade. vSphere l ifecycle Manager centralizes automated patch and version management for clusters. ESXi, drivers and firmware. VM hardware. and VMware Tools. In vSphere Lilecycle Manager, you can manage ESXi hosts by using baselines, or you can manage a cluster ot ESXi hosts by using images. Keeping VMware Tools up to date is an Important part of ongoing data center maintenance. Consider upgrading VM hard\vare only w·hen ne\v feature.s are required. Questions? Module 10: vSphere Lifecycle Management 785

vmware-vsphere-install-configure-manage-v70

Related documents

Products

Support

vmware-vsphere-install-configure-manage-v70

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib