Mastering VMware vsphere 6

The Bottom Line Chapter 2: Planning and Installing VMware ESXi Planning a VMware vSphere Deployment Deploying VMware ESXi Performing Postinstallation Configuration The Bottom Line Chapte

Acquisitions Editor: Mariann Barsolo

Development Editor: Stephanie Barton

Technical Editor: Jason Boche

Production Editor: Dassi Zeidel

Copy Editor: Liz Welch

Editorial Manager: Mary Beth Wakefield

Production Manager: Kathleen Wisor

Associate Publisher: Jim Minatel

Book Designer: Maureen Forys, Happenstance Type-O-Rama; Judy Fung

Proofreader: Rebecca Rider

Indexer: Ted Laux

Project Coordinator, Cover: Brent Savage

Cover Designer: Wiley

Cover Image: © Getty Images, Inc / Color Blind Images

Copyright © 2015 by John Wiley & Sons, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-1-118-92515-7

ISBN: 978-1-118-92517-1 (ebk)

ISBN: 978-1-118-92516-4 (ebk)

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or

by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as

permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose No warranty may be created or extended by sales or promotional materials The advice and strategies

contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services If professional assistance is required, the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may

provide or recommendations it may make Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S at (877) 762-2974, outside the U.S at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand Some material included with standard print versions of this book may not be included in e-books or in print-on-demand.

If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com For more information about Wiley

products, visit www.wiley.com.

Library of Congress Control Number: 2015930535

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc and/or its affiliates, in the United States and other countries, and may not be used without written permission VMware vSphere is a registered trademark of VMware, Inc All other trademarks are the property of their respective owners John Wiley & Sons, Inc is not associated with any product or vendor mentioned in this book.

I dedicate this book to my wife Natalie You are the most precious and loving wife I could ever ask for This year has been made easier thanks to your kind and patient heart I also dedicate this book to my son Ethan, and my soon-to-arrive daughter Thank you for giving up some daddy time; now let's go and play.

—Nick Marshall

As I write this, I realize it has been over two years since I started writing inearnest for the 5.5 revision of the Mastering vSphere series In late 2012,

Scott Lowe graciously handed me the mantle of keeping this tome up to date

In some ways it feels like it was yesterday, but in others it feels like an

eternity I was a few months into my new role as a consultant at VMware inSydney, my son was only nine months old, and I had landed this huge writingopportunity Since that time, I’ve updated this book twice, VMware relocated

my family and me to Palo Alto, and I now have a lively three-year-old and ababy girl on the way!

Throughout all of this craziness, my wife has been my rock Always there

when I need assistance (and coffee) after a long night of writing, always

sympathetic when my lab or Word crashed for the umpteenth time and

always, always patient and understanding when I couldn’t spend time with

her due to juggling work and writing Nat, you’re an amazing woman withoutwhom I simply could not manage life You are my everything; this projectwould not have happened without you (again)

Thanks to my contributing authors and good friends, Grant Orchard and JoshAtwell Grant, thank you for taking on a large chunk of the work—there is noway I could have managed it all myself Josh, thank you for your support

again Both of you are experts in your fields and I thank you for sharing thatknowledge with the readers; they are better equipped because of your

generosity I would also like to thank Elizabeth Watson and Stephanie Atwell.I’m not sure if it’s a coincidence or not, but all three of our families were

pregnant, moved house, and changed jobs in the process of writing this book

On behalf of Grant and Josh, we thank you for all that you do in our lives andplan to spend some more quality time with you going forward!

While not contributing to this revision directly, Scott Lowe’s work is still verymuch evident in this series He gave me a very solid foundation from which tobuild Thank you again, Scott, for your previous work, your continued

support, and for writing the foreword I look forward to working together

more directly at some time in the future

I’d also like to thank my technical editor, Jason Boche Jason, your insight(and witty editing comments) never cease to amaze and bring a smile to myface I’m glad you were on board with me for this journey

Once again the team at Wiley/Sybex have been so supportive Mariann

Barsolo, thank you for your guidance and support; Stephanie Barton and

Dassi Zeidel and the rest of the editing team, thank you for all that you did toensure the quality of this work Your attention to detail is second to none.Internal to VMware, I was helped by so many people I’d like to thank ManishPatel for his internal review Thanks also to William Lam and Alan Renouf—your lunchtime banter always keeps me sane Cormac Hogan, Rawlinson

Rivera, Doug Baer, Ryan Johnson, and Tim Gleed, thanks for answering myspontaneous questions without context And to those I haven’t named, thehallway conversations, the quick emails to verify settings and the IMs late atnight Thank you to all, your assistance made a real difference

There is also a list of vExperts who reviewed some late drafts of this work that

I very much appreciated Although I couldn’t incorporate all of their feedback,

having a fresh set of eyes look over things certainly helped Thank you to thefollowing vExperts:

Derek Seaman—www.derekseaman.com

Ather Beg—atherbeg.com

Christopher Kusek—pkguild.com

Keiran Shelden—www.readysetvirtual.com

Kyle Ruddy—www.thatcouldbeaproblem.com

Steve Flanders—sflanders.net

Paul Braren—www.tinkertry.com

David Hanacek—transformation.emc2.at

Abdullah Abdullah—notes.doodzzz.net

Finally, I’d like to thank the VMware community as a whole To all the

bloggers, speakers, tweeters, and podcasters: without you all, I would neverhave started down this road

—Nick Marshall

About the Author

Nick Marshall is an integration architect with over 15 years’ IT experience.

He holds multiple advanced IT certifications, including VMware CertifiedAdvanced Professional 5—Datacenter Administrator (VCAP5-DCA) and

VMware Certified Advanced Professional 5—Datacenter Design

(VCAP5-DCD) He is currently working for VMware in the SDDC Design and Test

engineering group

Previously, Nick has worked in a number of roles, ranging from computerassembler, to infrastructure architect, to product manager Nick loves to solvebusiness problems with technical solutions

Outside of his day job, Nick continues to work on his passion for

virtualization by helping run the most popular virtualization podcast,

vBrownBag, writing on his personal blog, at www.nickmarshall.com.au, andwriting how-to articles on www.labguides.com You can also find him

speaking at industry conferences such as VMUG (VMware User Group) andPEX (Partner Exchange) To recognize his contributions to the VMware

community, Nick has been awarded the vExpert award for 2012, 2013, 2014,and 2015

Nick lives with his wife Natalie and son Ethan in Palo Alto, California

About the Contributors

The following individuals also contributed to this book

Grant Orchard (Chapters 5, 7, 8, 11, and 12) is a systems engineer for

VMware, focusing on their Cloud Automation portfolio He is an active

member of the Australian virtualization community and has been involved

with the local chapters of the VMUG and vBrownbag community podcasts.

Grants holds the VMware Certified Advanced Professional 5 Design and

Administration certifications for both Datacenter Virtualization (VCA-DCD,VCAP-DCA) and Cloud (VCAP-CIA, VCAP-CID)

He recently became a father for the second time and, despite the sleep

deprivation, loves to get quality time with his wife Liz and two children, all ofwhom have been incredibly patient with the time he has spent working onthis book When he’s not trying the latest fad diet, he blogs at

grantorchard.com and engages with the virtualization community on Twitter(@grantorchard)

Josh Atwell (Chapter 14) is a Cloud Architect at SolidFire, focused on

integration with automation platforms and management tools He has

worked hard for over a decade to allow little pieces of code to do his work forhim Now he focuses on building code and tools to help others Josh has beenhighly active in the virtualization and datacenter communities, where he can

be seen regularly on podcasts such as Engineers Unplugged and vBrownBag, and as a co-host of the VUPaaS podcast He also still works actively with

various technical user groups

Never known for lacking an opinion, he blogs at vtesseract.com and talksshop on Twitter as @Josh_Atwell When not working, he enjoys spendingtime with his three children and his supportive wife Stephanie

Foreword

Introduction

What Is Covered in This Book

The Mastering Series

The Hardware behind the Book

Who Should Buy This Book

How to Contact the Author

Chapter 1: Introducing VMware vSphere 6

Exploring VMware vSphere 6.0

Why Choose vSphere?

The Bottom Line

Chapter 2: Planning and Installing VMware ESXi

Planning a VMware vSphere Deployment

Deploying VMware ESXi

Performing Postinstallation Configuration

The Bottom Line

Chapter 3: Installing and Configuring vCenter ServerIntroducing vCenter Server

Choosing the Version of vCenter Server

Planning and Designing a vCenter Server DeploymentInstalling vCenter Server and Its Components

Installing vCenter Server in a Linked Mode GroupDeploying the vCenter Server Virtual Appliance

Exploring vCenter Server

Creating and Managing a vCenter Server InventoryExploring vCenter Server’s Management FeaturesManaging vCenter Server Settings

vSphere Web Client Administration

The Bottom Line

Chapter 4: vSphere Update Manager and the vCenter Support ToolsvSphere Update Manager

Installing vSphere Update Manager

Configuring vSphere Update Manager

Creating Baselines

Routine Updates

Upgrading Hosts with vSphere Update Manager

Performing an Orchestrated Upgrade

Investigating Alternative Update Options

vCenter Support Tools

The Bottom Line

Chapter 5: Creating and Configuring Virtual Networks

Putting Together a Virtual Network

Working with vSphere Standard Switches

Working with vSphere Distributed Switches

Examining Third-Party Distributed Virtual Switches

Configuring Virtual Switch Security

Looking Ahead

The Bottom Line

Chapter 6: Creating and Configuring Storage Devices

Reviewing the Importance of Storage Design

Examining Shared Storage Fundamentals

Implementing vSphere Storage Fundamentals

Leveraging SAN and NAS Best Practices

The Bottom Line

Chapter 7: Ensuring High Availability and Business ContinuityUnderstanding the Layers of High Availability

Clustering VMs

Implementing vSphere High Availability

Introducing vSphere SMP Fault Tolerance

Planning for Business Continuity

The Bottom Line

Chapter 8: Securing VMware vSphere

Overview of vSphere Security

Securing ESXi Hosts

Securing vCenter Server

Securing Virtual Machines

The Bottom Line

Chapter 9: Creating and Managing Virtual MachinesUnderstanding Virtual Machines

Creating a Virtual Machine

Installing a Guest Operating System

Installing VMware Tools

Managing Virtual Machines

Modifying Virtual Machines

The Bottom Line

Chapter 10: Using Templates and vApps

Cloning vMs

Creating Templates and Deploying Virtual MachinesUsing OVF Templates

Using Content Libraries

Working with vApps

Importing Machines from Other Environments

The Bottom Line

Chapter 11: Managing Resource Allocation

Reviewing Virtual Machine Resource AllocationWorking with Virtual Machine Memory

Managing Virtual Machine CPU Utilization

Using Resource Pools

Regulating Network I/O Utilization

Controlling Storage I/O Utilization

The Bottom Line

Chapter 12: Balancing Resource Utilization

Comparing Utilization with Allocation

Exploring vMotion

Ensuring vMotion Compatibility

Using Storage vMotion

Combining vMotion with Storage vMotion

Introducing Cross vCenter vMotion

Exploring vSphere Distributed Resource Scheduler

Working with Storage DRS

The Bottom Line

Chapter 13: Monitoring VMware vSphere Performance

Overview of Performance Monitoring

Using Alarms

Working with Performance Charts

Working with resxtop

Monitoring CPU Usage

Monitoring Memory Usage

Monitoring Network Usage

Monitoring Disk Usage

The Bottom Line

Chapter 14: Automating VMware vSphere

Why Use Automation?

vSphere Automation Options

Automating with PowerCLI

Using vCLI from vSphere Management Assistant

Using vSphere Management Assistant for Automation with vCenterESXCLI and PowerCLI

Leveraging the Perl Toolkit with vSphere Management AssistantAutomating with vRealize Orchestrator

The Bottom Line

Appendix: The Bottom Line

Chapter 1: Introducing VMware vSphere 6

Chapter 2: Planning and Installing VMware ESXi

Chapter 3: Installing and Configuring vCenter Server

Chapter 4: vSphere Update Manager and the vCenter Support ToolsChapter 5: Creating and Configuring Virtual Networks

Chapter 6: Creating and Configuring Storage Devices

Chapter 7: Ensuring High Availability and Business ContinuityChapter 8: Securing VMware vSphere

Chapter 9: Creating and Managing Virtual Machines

Chapter 10: Using Templates and vApps

Chapter 11: Managing Resource Allocation

Chapter 12: Balancing Resource Utilization

Chapter 13: Monitoring VMware vSphere Performance

Chapter 14: Automating VMware vSphere

EULA

List of Tables

Chapter 1

Table 1.1

Table 1.2Table 1.3Chapter 2

Table 2.1:Chapter 3

Table 3.1Chapter 4

Table 4.1:Chapter 5

Table 5.1Table 5.2Chapter 6

Table 6.1Table 6.2Table 6.3Table 6.4Chapter 7

Table 7.1Table 7.2Table 7.3Table 7.4Chapter 8

Table 8.1Chapter 9

Table 9.1Table 9.2Chapter 11Table 11.1Chapter 13Table 13.1Table 13.2Table 13.3Table 13.4Table 13.5Table 13.6Table 13.7Table 13.8

List of Illustrations

Chapter 1

Figure 1.1 The VMkernel is the foundation of the virtualization

functionality found in VMware ESXi

Figure 1.2 vSphere Virtual SMP allows VMs to be created with morethan one virtual CPU

Figure 1.3 The vSphere HA feature will restart any VMs that were

previously running on an ESXi host that experiences server or storagepath failure

Figure 1.4 vSphere FT provides protection against host failures with nodowntime experienced by the VMs

Figure 2.3 The installer offers options for both local and remote

devices; in this case, only a local device was detected

Figure 2.4 Although local SAS devices are supported, they are listed asremote devices

Figure 2.5 Checking to see if there are any VMFS datastores on a devicecan help you avoid accidentally overwriting data

Figure 2.6 You can upgrade or install ESXi as well as choose to

preserve or overwrite an existing VMFS datastore

Figure 2.7 Host information is echoed to the server console when itperforms a network boot

Figure 2.8 This screen provides information about the Auto Deployserver that is registered with vCenter Server

Figure 2.9 Note the differences in the ESXi boot process when usingAuto Deploy versus a traditional installation of ESXi

Figure 2.10 Editing the host profile to allow Stateless Caching on a

local disk

Figure 2.11 You can install the vSphere Client directly from the vCenterServer installation media

Figure 2.12 Network connectivity won’t be established if the ESXi

installer links the wrong NIC to the management network

Figure 2.13 The ESXi home screen provides options for customizingthe system and restarting or shutting down the server

Figure 2.14 In the event the incorrect NIC is assigned to ESXi’s

management network, you can select a different NIC

Figure 2.15 Specifying NTP servers allows ESXi to automatically keeptime synchronized

Figure 3.3 The Platform Services Controller can be installed as an

embedded or external component of vCenter, just like a database

Figure 3.4 Other applications can extend vCenter Server’s core services

to provide additional management functionality

Figure 3.5 vCenter Server acts as a proxy for managing ESXi hosts, butall of the data for vCenter Server is stored in a database

Figure 3.6 A good disaster- recovery plan for vCenter Server shouldinclude a quick means of regaining the user interface as well as

ensuring that the data is highly available and protected against

Figure 3.14 This dialog box provides information on the status of thevCenter Server virtual appliance deployment.

Figure 3.15 This management screen lets you configure network access

to the vCenter Server virtual appliance

Figure 3.16 The vSphere Web Client home screen shows the full

selection of features within not just vCenter Server but also both otherservices that hook into the vSphere Web Client

Figure 3.17 Users can create folders above the datacenter object to

grant permission at a level that can propagate to multiple datacenterobjects or to create folders beneath a datacenter to manage the objectswithin the datacenter object

Figure 3.18 A departmental vCenter Server inventory allows the ITadministrator to implement controls within each organizational

department

Figure 3.19 Create folders to organize objects and delegate permissionswithin the vCenter Web Client

Figure 3.20 Licenses can be assigned to an ESXi host as they are added

to vCenter Server or at a later time

Figure 3.21 The right-click menu in the vSphere Web Client is now verysimilar to the vSphere Desktop Client

Figure 3.22 When a host is selected in the inventory view, the tabs

across the top also provide host-management features

Figure 3.23 The Manage tab of an ESXi host offers a number of

commands to view or modify the host’s configuration

Figure 3.24 The Events Console lets you view event details, searchevents, and export events (highlighted)

Figure 3.25 Users have a number of options when exporting events out

of vCenter Server to a CSV file

Figure 3.26 Host profiles provide a mechanism for checking and

enforcing compliance with a specific configuration

Figure 3.27 To make changes to a number of ESXi hosts at the sametime, put the settings into a host profile, and attach the profile to thehosts

Figure 3.28 You are able to create both tags and tag categories in theNew Tag dialog box

Figure 3.29 You can add metadata to objects by creating and assigningtags

Figure 3.30 After you’ve defined a category and a tag, you can use it assearch criteria for quickly finding objects with similar tags

Figure 3.31 You can customize statistics collection intervals to supportbroad or detailed logging

Figure 3.32 Licensing vCenter Server is managed through the vCenterServer Settings dialog box

Figure 3.33 You can view logs from vCenter Server or ESXi hosts easilyfrom the Log Browser on the home screen

Figure 3.34 These logs are for vCenter Server, a single ESXi host, andthe computer running the vSphere Client

Chapter 4

Figure 4.1 Set the owner of the database correctly when you create thedatabase

Figure 4.2 Place the database and log files for VUM on different

physical drives than the operating system and patch repository

Figure 4.3 Supply the correct username and password for the VUMdatabase

Figure 4.4 The VUM installation provides the option to configure proxysettings If there is no proxy, leave the box deselected.

Figure 4.5 The default settings for VUM place the application files andthe patch repository on the system drive

Figure 4.6 You must configure the UMDS utility at the command

Figure 4.12 Events from VUM Manager are included in the

Management area of vCenter Server, where information can be

exported or filtered

Figure 4.13 The Patch Repository tab also offers more detailed

information about each of the items in the repository

Figure 4.14 Dynamic baselines contain a set of criteria that determinewhich patches are included in the baseline and which are not

Figure 4.15 Combining multiple dynamic baselines into a baseline

group provides greater flexibility in managing the deployment and

Figure 4.18 The Attach Baseline Or Group dialog box

Figure 4.19 Detaching baselines

Figure 4.20 When you’re detaching a baseline or baseline group, VUM

offers the option to detach it from other objects at the same time.

Figure 4.21 Different types of scans are initiated depending on the

check boxes selected at the start of the scan

Figure 4.22 When multiple baselines are attached to an object,

compliance is reflected on a per-baseline basis

Figure 4.23 VUM can show partial compliance when viewing objectsthat contain other objects

Figure 4.24 The vSphere Desktop Client reflects when the process ofstaging patches is complete

Figure 4.25 The Remediate dialog box allows you to select the

baselines or baseline groups against which you would like to remediate

Figure 4.28 Cluster options during host remediation

Figure 4.29 VUM supports different schedules for remediating

powered-on VMs, powered-off VMs, and suspended VMs

Figure 4.30 VUM integrates with vCenter Server’s snapshot

functionality to allow remediation operations to be rolled back in theevent of a problem

Figure 4.31 Select the ESXi image to use for the host upgrade

Figure 4.32 ESXi image import

Figure 4.33 All the packages contained in the imported ESXi image areshown

Figure 4.34 Select the correct upgrade baseline in the right pane if

multiple versions are listed

Figure 4.35 Upgrades can ignore third-party software on legacy hosts.Figure 4.36 VUM PowerCLI cmdlets available

Figure 4.37 Dump Collector services not running by default

Figure 4.38 ESXi Dump Collector Manage tab

Figure 4.39 Configuring a host to redirect dumps to a Dump CollectorFigure 4.40 Configuring a host to a Dump Collector via its host profileFigure 4.41 The Network Syslog Collector with hosts registered in

vCenter

Figure 4.42 Setting host syslog settings in the vSphere Web Client

Figure 4.43 Setting host syslog settings via the host’s command lineFigure 4.44 Opening up the firewall ports to communicate with theSyslog Collector

Chapter 5

Figure 5.1 Successful virtual networking is a blend of virtual and

physical network adapters and switches

Figure 5.2 Virtual switches alone can’t provide connectivity; they needports or port groups and uplinks to connect to provide connectivityexternal to the host

Figure 5.3 Virtual switches can contain two connection types:

VMkernel port and VM port group

Figure 5.4 You can create virtual switches with both connection types

on the same switch

Figure 5.5 VMs communicating through an internal-only vSwitch donot pass any traffic through a physical adapter

Figure 5.6 A vSwitch with a single network adapter allows VMs to

communicate with physical servers and other VMs on the network.Figure 5.7 A vSwitch using NIC teaming has multiple available

adapters for data transfer NIC teaming offers redundancy and loaddistribution

Figure 5.8 Virtual switches using NIC teaming are identified by themultiple physical network adapters assigned to the vSwitch

Figure 5.9 The vSphere Web Client offers a way to enable managementnetworking when configuring networking

Figure 5.10 To configure ESXi’s Management Network, use the

Configure Management Network option in the System Customizationmenu.

Figure 5.11 From the Configure Management Network menu, users canmodify assigned network adapters, change the VLAN ID, alter the IP,and modify DNS and DNS search configuration

Figure 5.12 The Restart Management Network option restarts ESXi’smanagement networking and applies any changes that were made.Figure 5.13 Use the Network Restore Options screen to manage

network connectivity to an ESXi host

Figure 5.14 A VMkernel port is associated with an interface and

assigned an IP address for accessing iSCSI or NFS storage devices orfor other management services

Figure 5.15 It is recommended to add only one type of managementtraffic to a VMkernel interface

Figure 5.16 A comparison of the supported VMkernel traffic types invSphere 5.5 (left) and vSphere 6.0 (right) With the release of vSphere6.0, VMkernel ports can now also carry Provisioning traffic, vSphereReplication traffic, and vSphere Replication NFC traffic

Figure 5.17 Using the CLI helps drive home the fact that the port groupand the VMkernel port are separate objects

Figure 5.18 The Analyze Impact section shows administrators

dependencies on VMkernel ports

Figure 5.19 TCP/IP stack settings are located with other host

networking configuration options

Figure 5.20 Each TCP/IP stack can have its own DNS configuration,routing information, and other advanced settings

Figure 5.21 VMkernel ports can be assigned to a TCP/IP stack only atthe time of creation

Figure 5.22 A vSwitch with a VM port group uses an associated

physical network adapter to establish a switch-to-switch connectionwith a physical switch

Figure 5.23 Virtual LANs provide secure traffic segmentation withoutthe cost of additional hardware

Figure 5.24 Supporting multiple networks without VLANs can increasethe number of vSwitches, uplinks, and cabling that is required.

Figure 5.25 VLANs can reduce the number of vSwitches, uplinks, andcabling required

Figure 5.26 The physical switch ports must be configured as trunk

ports in order to pass the VLAN information to the ESXi hosts for theport groups to use

Figure 5.27 You must specify the correct VLAN ID in order for a portgroup to receive traffic intended for a particular VLAN

Figure 5.28 Virtual switches with multiple uplinks offer redundancyand load balancing

Figure 5.29 The vSphere Web Client shows when multiple physicalnetwork adapters are associated with a vSwitch using NIC teaming.Figure 5.30 All the physical network adapters in a NIC team must

belong to the same Layer 2 broadcast domain

Figure 5.31 Create a NIC team by adding network adapters that belong

to the same layer 2 broadcast domain as the original adapter

Figure 5.32 The vSwitch port-based load-balancing policy assigns eachvirtual switch port to a specific uplink Failover to another uplink

occurs when one of the physical network adapters experiences failure.Figure 5.33 The source MAC-based load balancing policy, as the namesuggests, ties a virtual network adapter to a physical network adapterbased on the MAC address

Figure 5.34 The IP hash-based policy is a more scalable load-balancingpolicy that allows VMs to use more than one physical network adapterwhen communicating with multiple destination hosts

Figure 5.35 The physical switches must be configured to support the IPhash-based load-balancing policy

Figure 5.36 Select the load-balancing policy for a vSwitch in the

Teaming And Failover section

Figure 5.37 The beacon-probing failover-detection policy sends

beacons out across the physical network adapters of a NIC team toidentify upstream network failures or switch misconfigurations

Figure 5.38 The failover order helps determine how adapters in a NICteam are used when a failover occurs.

Figure 5.39 Standby adapters automatically activate when an activeadapter fails

Figure 5.40 Failover order for a NIC team is determined by the order ofnetwork adapters as listed in the Active Adapters, Standby Adapters,and Unused Adapters lists

Figure 5.41 Traffic shaping reduces the outbound (or egress)

bandwidth available to a port group

Figure 5.42 Without port groups, VLANs, or VGT, each IP subnet willrequire a separate vSwitch with the appropriate connection type

Figure 5.43 The use of the physically separate IP storage network

limits the reduction in the number of vSwitches and uplinks

Figure 5.44 With the use of port groups and VLANs in the vSwitches,even fewer vSwitches and uplinks are required

Figure 5.45 If you want to support all the features included in vSphere6.0, you must use a version 6.0.0 distributed switch

Figure 5.46 The number of uplinks controls how many physical

adapters from each host can serve as uplinks for the distributed switch.Figure 5.47 When you’re working with distributed switches, the

vSphere Web Client offers a single wizard to add hosts, remove hosts,

or manage host networking

Figure 5.48 All adapter-related changes to distributed switches are

consolidated into a single wizard

Figure 5.49 The esxcli command shows full details on the

configuration of a distributed switch

Figure 5.50 The vSphere Web Client won’t allow a host to be removedfrom a distributed switch if a VM is still attached

Figure 5.51 The vSphere Distributed Switch Health Check helps

identify potential problems in configuration

Figure 5.52 The New Distributed Port Group wizard gives you

extensive access to customize the new distributed port group’s settings

Figure 5.53 A distributed port group is selected as a network

connection for VMs, just like port groups on a vSphere Standard

vSwitch

Figure 5.54 The vSphere Web Client provides a summary of the

distributed port group’s configuration

Figure 5.55 The Topology view for a distributed switch provides easyaccess to view and edit distributed port groups

Figure 5.56 You can apply both ingress (inbound) and egress

(outbound) traffic-shaping policies to a distributed port group on adistributed switch

Figure 5.57 The Teaming And Failover item in the distributed portgroup Edit Settings dialog box provides options for modifying how adistributed port group uses uplinks

Figure 5.58 The Block policy is set to either Yes or No Setting the

Block policy to Yes disables all the ports in that distributed port group.Figure 5.59 The Manage Virtual Network Adapters screen of the wizardallows you to add new adapters as well as migrate existing adapters.Figure 5.60 Migrating a virtual adapter involves assigning it to an

existing distributed port group

Figure 5.61 To manage uplinks on a distributed switch, make sure onlythe Manage Physical Adapters option is selected

Figure 5.62 The Migrate Virtual Machine Networking wizard

automates the process of migrating VMs between a source and

destination network

Figure 5.63 You cannot migrate VMs matching your source networkselection if the destination network is listed as inaccessible

Figure 5.64 You’ll need the IP address and port number for the

NetFlow collector in order to send flow information from a distributedswitch

Figure 5.65 NetFlow is disabled by default You enable NetFlow on aper–distributed port group basis

Figure 5.66 LLDP support enables distributed switches to exchangediscovery information with other LLDP-enabled devices over the

Figure 5.67 The vSphere Distributed Switch supports both basic

multicast filtering and IGMP/MLD snooping

Figure 5.68 Private VLAN entries consist of a primary VLAN and one ormore secondary VLAN entries

Figure 5.69 When a distributed port group is created with PVLANs, thedistributed port group is associated with both the primary VLAN IDand a secondary VLAN ID

Figure 5.70 Basic LACP support in a version 5.1.0 vSphere DistributedSwitch is enabled in the uplink group but requires other settings aswell

Figure 5.71 vSphere 5.5 and vSphere 6.0’s enhanced LACP support

eliminates many of the limitations of the support found in vSphere 5.1.Figure 5.72 With a version 5.5.0 or 6.0.0 distributed switch, the LACPproperties are configured on a per-LAG basis instead of for the entiredistributed switch

Figure 5.73 Once a LAG has been created, physical adapters can be

added to it

Figure 5.74 LAGs appear as physical uplinks to the distributed portgroups

Figure 5.75 The default security profile for a vSwitch prevents

Promiscuous mode but allows MAC address changes and forged

transmits

Figure 5.76 The default security profile for a distributed port group on

a distributed switch also denies MAC address changes and forged

Figure 5.79 A VM’s source MAC address is the effective MAC address,which by default matches the initial MAC address configured in the

VMX file The guest OS, however, may change the effective MAC

Figure 6.3 This RAID 10 2+2 configuration provides good performanceand good availability, but at the cost of 50 percent of the usable

capacity

Figure 6.4 A RAID 5 4+1 configuration offers a balance between

performance and efficiency

Figure 6.5 A RAID 6 4+2 configuration offers protection against doubledrive failures

Figure 6.6 VSAN abstracts the ESXi host’s local disks and presents

them to the entire VSAN cluster to consume

Figure 6.7 Both Fibre Channel and iSCSI SANs present LUNs from atarget array (in this case, a Synology DS412+) to a series of initiators(in this case, the VMware iSCSI Software Adapter)

Figure 6.8 The most common Fibre Channel configuration: a switchedFibre Channel (FC-SW) SAN This enables the Fibre Channel LUN to

be easily presented to all the hosts while creating a redundant networkdesign

Figure 6.9 The Edit Multipathing Policies dialog box shows the storageruntime (shorthand) name

Figure 6.10 There are many ways to configure zoning From left to

right: multi-initiator/multi-target zoning, single-initiator/multi-targetzoning, and single-initiator/single-target zoning

Figure 6.11 FCoE encapsulates Fibre Channel frames into Ethernetframes for transmission over a lossless Ethernet transport

Figure 6.12 Using iSCSI, SCSI control and data are encapsulated inboth TCP/IP and Ethernet frames.

Figure 6.13 Notice how the topology of an iSCSI SAN is the same as aswitched Fibre Channel SAN

Figure 6.14 The iSCSI IETF standard has several different elements.Figure 6.15 Some parts of the stack are handled by the adapter cardversus the ESXi host CPU in various implementations

Figure 6.16 The topology of an NFS configuration is similar to iSCSIfrom a connectivity standpoint but very different from a configurationstandpoint

Figure 6.17 VMFS stores metadata in a hidden area of the first extent.Figure 6.18 vSphere’s Pluggable Storage Architecture is highly modularand extensible

Figure 6.19 Only the SATPs for the arrays to which an ESXi host isconnected are loaded

Figure 6.20 vSphere ships with three default PSPs

Figure 6.21 The SATP for this datastore is VMW_SATP_ALUA_CX, which isthe default SATP for EMC VNX arrays

Figure 6.22 It is possible to adjust the advanced properties for

advanced use cases, increasing the number of consecutive requestsallowed to match adjusted queues

Figure 6.23 If all hardware offload features are supported, the

Hardware Acceleration status is listed as Supported

Figure 6.24 The VAAI support detail is more granular when using

ESXCLI compared with the Web Client

Figure 6.25 VAAI works hand in hand with claim rules that are used bythe PSA for assigning an SATP and PSP for detected storage devices.Figure 6.26 The Storage Providers area is where you go to enable

communication between the VASA provider and vCenter Server

Figure 6.27 The New Tag dialog box can be expanded to also create atag category

Figure 6.28 The VM Storage Policies area in the vSphere Web Client is

one place to create user-defined storage capabilities You can also

create them from the Datastores And Datastore Clusters view

Figure 6.29 VM storage policies can match user-defined tags or specific capabilities

vendor-Figure 6.30 The layout of Virtual Volumes differs greatly from

traditional LUNs

Figure 6.31 For proper iSCSI multipathing and scalability, only oneuplink can be active for each iSCSI VMkernel adapter All others must

be set to unused

Figure 6.32 This storage adapter is where you will perform all the

configuration for the software iSCSI initiator

Figure 6.33 Only compliant port groups will be listed as available tobind with the VMkernel adapter

Figure 6.34 These settings allow for robust multipathing and greaterbandwidth for iSCSI storage configurations

Figure 6.35 You’ll choose from a list of available LUNs when creating anew VMFS datastore

Figure 6.36 The Partition Layout screen provides information on thepartitioning action that will be taken to create a VMFS datastore on theselected LUN

Figure 6.37 From the Datastores subsection of the Related Objects tab,you can increase the size of the datastore

Figure 6.38 If the Expandable column reports Yes, the VMFS volumecan be expanded into the available free space

Figure 6.39 This 20 GB datastore actually comprises two 10 GB

Figure 6.42 I recommend that you run the latest version of VMFS,

provided all your connected hosts can support it

Figure 6.43 In this dialog box, you can enable or disable storage

policies on a per-cluster level

Figure 6.44 You’ll use the Edit Multipathing button in the DatastoreManage Settings area to modify the multipathing policy

Figure 6.45 This datastore resides on an active-passive array;

specifically, a Synology NAS You can tell this by the currently assignedpath selection policy and the storage array type information

Figure 6.46 NFS uses the networking stack, not the storage stack, forhigh availability and load balancing

Figure 6.47 The choices to configure highly available NFS datastoresdepend on your network infrastructure and configuration

Figure 6.48 If you have a network switch that supports multi-switchlink aggregation, you can easily create a network team that spans

switches

Figure 6.49 If you have a basic network switch without multi-switchlink aggregation or don’t have the experience or control of your

network infrastructure, you can use VMkernel routing by placing

multiple VMkernel network interfaces on separate vSwitches and

is not configured with the recommended settings

Figure 6.52 Mounting an NFS datastore requires that you know the IPaddress and the export name from the NFS server

Figure 6.53 NFS datastores are listed among VMFS datastores, but theinformation provided for each is different

Figure 6.54 This VM has both a virtual disk on a VMFS datastore and

thickly provisioned (eager zeroed) virtual disk consumes 500 GB

immediately because it is pre-zeroed

Figure 6.56 VMFS datastores support all three virtual disk types

Figure 6.57 The Summary tab of a VM will report the total provisionedspace as well as the used space

Figure 6.58 The Edit Settings dialog box tells you what kind of disk isconfigured, but it doesn’t provide current space usage statistics

Figure 6.59 A VM can use various virtual SCSI adapters You can

configure up to four virtual SCSI adapters for each VM

Figure 6.60 This VM storage policy requires a specific user-definedstorage capability

Figure 6.61 The Enable VM Storage Policies dialog box shows the

current status of VM policies and licensing compliance for the feature.Figure 6.62 This VM does not have a VM storage policy assigned yet.Figure 6.63 Each virtual disk can have its own VM storage policy, soyou tailor VM storage capabilities on a per-virtual disk basis

Figure 6.64 The storage capabilities specified in this VM storage policydon’t match the capabilities of the VM’s current storage location

Figure 6.65 This VM’s current storage is compliant with its assigned

VM storage policy

Chapter 7

Figure 7.1 Each layer has its own forms of high availability

Figure 7.2 An NLB cluster can contain up to 32 active nodes (only 5 areshown here), and traffic is distributed equally across each availablenode The NLB software allows the nodes to share a common nameand IP address that is referenced by clients

Figure 7.3 Server clusters are best suited for applications and serviceslike SQL Server, DHCP, and so on, which use a common dataset

Figure 7.4 A cluster-in-a-box configuration does not provide protectionagainst a single point of failure Therefore, it is not a common or

suggested form of deploying Microsoft server clusters in VMs

Figure 7.5 A Microsoft cluster built on VMs residing on separate ESXi

hosts requires shared storage access from each VM using an RDM.Figure 7.6 A node in a Microsoft Windows Server cluster requires atleast two NICs One adapter must be able to communicate on the

production network, and the second adapter is configured for internalcluster heartbeat communication

Figure 7.7 Add a new device of type RDM Disk for the first node in acluster and Existing Hard Disk for additional nodes

Figure 7.8 The SCSI bus sharing for the new SCSI adapter must be set

to Physical to support running a Microsoft cluster across multiple ESXihosts

Figure 7.9 The RDM presented to the first cluster node is formattedand assigned a drive letter

Figure 7.10 Clustering physical machines with VM counterparts can be

a cost-effective way of providing high availability

Figure 7.11 Using a single powerful ESXi system to host multiple

failover clusters is one use case for physical-to-virtual clustering

Figure 7.12 vSphere HA provides an automatic restart of VMs that wererunning on an ESXi host when it failed

Figure 7.13 The status of an ESXi host as either master or slave is

provided on the host’s Summary tab Here you can see both a masterhost and a slave host

Figure 7.14 vSphere HA uses the host-X-poweron files for a slave host

to notify the master that it has become isolated from the network

Figure 7.15 VMCP allows you to determine what actions should be

taken against affected VMs during storage access failures

Figure 7.16 vSphere HA is enabled or disabled for an entire cluster.Figure 7.17 As you can see in the Tasks pane, vSphere HA elects a

master host when it is enabled on a cluster of ESXi hosts

Figure 7.18 Deselecting Enable Host Monitoring when performingnetwork maintenance will prevent vSphere HA from unnecessarilytriggering network isolation or network partition responses

Figure 7.19 The Admission Control Policy settings will determine how

a vSphere HA–enabled cluster determines availability constraints.Figure 7.20 You can define cluster default VM options to customize thebehavior of vSphere HA.

Figure 7.21 Use the VM Overrides setting to specify which VMs should

be restarted first or ignored entirely

Figure 7.22 High-priority VMs from a failed ESXi host might not bepowered on because of a lack of resources—resources consumed byVMs with a lower priority that are running on the other hosts in a

vSphere HA–enabled cluster

Figure 7.23 The option to leave VMs running when a host is isolatedshould be set only when the virtual and the physical networking

infrastructures support high availability

Figure 7.24 You can configure vSphere HA to monitor for guest OS andapplication heartbeats and restart a VM when a failure occurs

Figure 7.25 The Custom option provides specific control over how

vSphere HA monitors VMs for guest OS failure

Figure 7.26 Select the shared datastores that vSphere HA should usefor datastore heartbeating

Figure 7.27 This blended figure shows the difference between a VMcurrently listed as Unprotected by vSphere HA and one that is listed asProtected by vSphere HA; note the icon next to the Windows logo VMsmay be unprotected because the master has not yet been notified byvCenter Server that the VM has been powered on and needs to be

protected

Figure 7.28 The vSphere HA Summary tab holds a wealth of

information about vSphere HA and its operation The current vSphere

HA master, the number of protected and unprotected VMs, and thedatastores used for heartbeating are all found here

Figure 7.29 You can turn on vSphere FT from the context menu for aVM

Figure 7.30 You need to select a datastore for each virtual machineobject when you enable SMP-FT

Figure 7.31 vSphere SMP-FT uses xvMotion to create the virtual

machine runtime and files as it is powered on for the first time

Figure 7.32 The darker VM icon indicates that vSphere SMP-FT is

enabled for this VM

Figure 7.33 The vSphere Web Client shows vSphere SMP-FT statusinformation in the Fault Tolerance area on the Summary tab of a VM.Figure 7.34 Running backup agents inside the guest OS can provideapplication- and OS-level integration, but not without some drawbacks.Figure 7.35 vSphere Replication can work between datacenters, as long

as there is a network joining them

Figure 7.36 The network configuration for the vSphere Replicationappliance happens before it is deployed

Figure 7.37 New menus are often added in the vSphere Web Clientwhen virtual appliances that add functionality are deployed

Figure 7.38 Always configure the recovery settings within vSphere

Replication to match (or exceed) your application’s RPO requirements.Chapter 8

Figure 8.1 The vicfg-user command prompts for a password to

execute the command and then prompts for a password for the newuser you are creating

Figure 8.2 For a user, you can change the UID, username, or password,but you can’t change the Login field

Figure 8.3 The Security Profile area of the Configuration tab in thetraditional vSphere Client shows the current ESXi firewall

configuration

Figure 8.4 Traffic to the selected network traffic on this ESXi host will

be limited to addresses from the specified subnet

Figure 8.5 Adding the correct XML to the services.xml file allows you

to customize the ESXi host firewall ports

Figure 8.6 vCenter Server and ESXi share a common security model forassigning access control

Figure 8.7 Custom roles strengthen management capabilities and addflexibility to permission delegations

Figure 8.8 By default, assigning a permission to an object will

propagate that permission to all child objects

Figure 8.9 Folder objects cannot be added to an individual ESXi host,leaving resource pools as the only viable option to group VMs

Figure 8.10 As objects in the inventory, resource pools are potentiallevels of infrastructure management

Figure 8.11 The vSphere Client provides a breakdown of where rolesare currently in use

Figure 8.12 Certificate Manager provides a number of operations formanaging certificates in your vSphere 6 environment

Figure 8.13 The vCenter Server default roles offer much more

flexibility than an individual ESXi host offers

Figure 8.14 vCenter Server’s logs are visible from within the Log

Browser section of the vSphere Web Client

Figure 9.4 You can launch the New Virtual Machine Wizard from thecontext menu of a vCenter datacenter, virtual datacenter, an ESXicluster, or an individual ESXi host

Figure 9.5 Options for creating a new virtual machine when using thevSphere Web Client

Figure 9.6 The logical folder structure selected here does not

correspond to where the VM files (for example, VMX and VMDK) arelocated on the selected datastore

Figure 9.7 You can use storage service levels to help automate VMstorage placement decisions when you create a new VM

Figure 9.8 When using VM storage policies, select a compatible

datastore to ensure that the VM’s storage needs are properly satisfied.Figure 9.9 Based on guest OS selection, the vSphere Web Client

provides some basic guidelines on the amount of memory you shouldconfigure for the VM

Figure 9.10 You can configure a VM with up to 10 network adapters, ofthe same or different types, that reside on the same or different

networks as needed

Figure 9.11 A virtual disk is configured automatically when you create anew virtual machine You can also add additional virtual disks by usingthe New device option

Figure 9.12 vSphere 6 offers a number of different Disk Provisioningoptions when you’re creating new virtual disks

Figure 9.13 You can configure the virtual disk on a number of differentSCSI adapters and SCSI IDs, and you can configure it as an

independent disk

Figure 9.14 Reviewing the configuration of the New Virtual MachineWizard ensures the correct settings for the VM and prevents mistakesthat require deleting and re-creating the VM

Figure 9.15 The display name assigned to a VM is used in a variety ofplaces

Figure 9.16 vSphere automatically appends a number to the filenamefor additional virtual hard disks

Figure 9.17 VMs can access optical disks physically located on the

vSphere Web Client system, located on the ESXi host, or stored as anISO image

Figure 9.18 Use the Upload button to upload ISO images for use wheninstalling guest OSs

Figure 9.19 Changing the hardware acceleration feature of a Windowsguest OS is a common and helpful adjustment for improving mouseperformance

Figure 9.20 As of vSphere 5.1, you can no longer configure properties

in VMware Tools by interacting with the icon in the system tray

Figure 9.21 You can view details about VMware Tools, DNS name, IPaddress, and so forth from the Summary tab of a VM object.

Figure 9.22 You invoke the Register Virtual Machine Wizard by clicking the datastore and selecting Register VM

right-Figure 9.23 The Power submenu allows you to power on, power off,suspend, or reset a VM as well as interact with the guest OS if VMwareTools is installed

Figure 9.24 Users can add some types of hardware while the VM ispowered on If virtual hardware cannot be added while the VM is

powered on, the operation will fail

Figure 9.25 To add a new network adapter, you must select the adaptertype, the network, and whether it should be connected at power-on.Figure 9.26 The ability to add memory to a VM that is already powered

on is restricted to VMs with memory hot-add enabled

Figure 9.27 With CPU hot-plug enabled, more virtual CPU sockets can

be configured, but the number of cores per CPU cannot be altered

Figure 9.28 Providing names and descriptions for snapshots is an easyway to manage multiple historical snapshots

Figure 9.29 When a snapshot is taken, some additional files are created

on the VM’s datastore

Figure 9.30 The Snapshot Manager can revert to a previous snapshot,but all data written since that snapshot was taken and that hasn’t beenbacked up elsewhere will be lost

Figure 9.31 This VM running Windows Server 2012 has had some dataplaced into two temporary folders

Figure 9.32 The same VM, after reverting to a snapshot taken beforethe temporary folders were created, no longer has any record of thedata

Chapter 10

Figure 10.1 If the Sysprep files are not extracted and stored on the

vCenter Server system, you might not be able to customize the guest

OS when you clone a VM

Figure 10.2 The Customization Specification Manager is readily

accessible from the home page of the vSphere Web Client in the

feedback on the current status of the VM cloning operation

Figure 10.9 Users can either convert a VM to a template or clone the

Figure 10.13 Source networks defined in the OVF template are mapped

to port groups and dvPort groups in vCenter Server

Figure 10.14 vSphere administrators have different options for

controlling how new VMs are deployed from OVF templates and