VMware Notes
ESX/ESXi Log files – hostd.log and messages
Contain entries made during bootup and while the system is running
ESX also has vmkernel, vmksummary.txt and vmkwarning log files
Track service console availability, VMkernel alerts, warning, messages and ESX host
availability
Remote command prompt management
VMware vSphere Command Line Interface (vCLI) application
VMware vSphere Management Assistant (vMA) virtual appliance
o A platform for running a variety of toolkits such as vCLI, vSphere SDK for Perl and
vSphere API
VMware vSphere PowerCLI
o Automation tool for administering a vSphere environment
o Distributed as a snap in to Windows Power Shell
vCenter Server Maximums
1,000 hosts
10,000 powered on VMs
15,000 registered VMs
vCenter Services
Core Services – management of resources and VMs, task scheduling, statistics logging,
management of alarms and events, VM provisioning and host and VM configuration
Distributed Services – vMotion, DRS and HA
vCenter Hardware and Software Requirements
Two 64 bit CPUs or one 64 bit dual core processor (2.0 GHz or higher)
3GB RAM minimum
3GB disk storage minimum
Gigabit network recommended
64 bit OS – XP Pro 64 bit SP2, 2003 Enterprise SP2, 2008 R2 64 bit
vCenter Supported Databases
SQL 2005 and 2008
Oracle 10g and 11g
IBM DB2 9.5
SQL 2005 Express
vCenter Ports
443 - HTTPS
80 - HTTP
902 – UDP heartbeat
8080 - Web Services HTTP
8443 - Web Services HTTPS
60099 – Web services change service notification
389 – LDAP
636 – SSL
vCenter Java Virtual Machine (JVM) Memory – VMware VirtualCenter Management
Webservices
Requires 1-4GB of additional memory
1GB for less than 100 hosts
4GB for more than 400 hosts
vCenter Windows Services
VMware Mount Service for Virtual Center – Used during guest OS customization such
as cloning or deploying from a template.
VMware vCenter Orchestrator Configuration – Used for Orchestrator which is a
workflow engine that helps admins automate existing manual tasks.
VMware VirtualCenter Management Webservices – Allows configuration of vCenter
management services.
VMware VirtualCenter Server
VMwareVCMSDS – Provides vCenter Server LDAP directory services.
vCenter Plugins
vCenter Storage Monitoring – Allows vCenter Server to monitor and report on
storage and adds the Storage Views tab to the vSphere client
vCenter Service Status (health status) – adds the vCenter Service Status icon to the
Administration panel in the vSphere client
vCenter Hardware Status – Allows vCenter to display the hardware status of the hosts
and adds the Hardware Status tab to the vSphere client.
vCenter Server uses the root account to add hosts to the inventory and creates a special user
account named vpxuser for all future authentication
Lockdown Mode (ESXi only) – Disables remote access for the administrator account to ensure
the host is only managed by vCenter
You can add ESX 2.5.x and later as well as ESXi 3.5 and later hosts to the vCenter Inventory
VPXA Process – vCenter Server agent that provides access to ESX/ESXi hosts
Resides on ESX/ESXI host - Installed when the host is added to vCenter
Vpxa process communicates with the host agent known as the hostd process to relay
the tasks to perform on the host.
It’s not used if logged in directly to the host but instead communications use hostd
directly
vCenter can also manage licenses for legacy hosts such as ESX 3.x and ESXi 3.5 using a separate
license server.
You can’t have 2 Virtual switches (Layer 2 devices) mapped to the same physical NIC.
You can have 2 or more physical NICs mapped to the same virtual switch.
Standard virtual switch
Maximum of 4,088 virtual switch ports per switch
Maximum of 4,096 virtual switch ports per host
120 switch ports created by default
Virtual switch ports used for VM connections and for uplinks to physical NICs
Some ports used for internal purposes by the VMkernel
VLANs
Can be configured at the port group level
ESX/ESXi hosts provide VLAN support through virtual switch tagging (gives a port group
a VLAN ID)
o VMkernel then takes care of all the tagging
A switch port on the physical host must be defined as a static trunk port
No VLAN configuration is needed on the VM
Network Policies
Security, Traffic shaping and NIC teaming
Defined at the standard virtual switch level for the entire switch
Can also be defined for a VMkernel port, VM port group and ESX service console
Policies defined for an individual port or port group override the default policies defined
for the switch.
Network security policy exceptions
Promiscuous Mode – when set to reject, placing a guest adapter in promiscuous mode
has no effect on which frames are received by the adapter (default is Reject)
o Set Promiscuous mode to Accept if you want to use an application in a VM that
analyzes of sniffs packets.
MAC Address Change – When set to Reject, if the guest attempts to change the MAC
address assigned to the virtual NIC, it stops receiving the frames. (default is Accept)
Forged Transmits – When set to Reject, the virtual NIC drops any frames that the guest
sends, where the source address field contains a MAC address other than the assigned
virtual NIC MAC address (default is Accept)
Set MAC Address Changes and Forged Transmits to Reject to help protect against
certain attacks launched by a rouge guest operating system.
Leave MAC Address Changes and Forged Transmits at their default values of Accept if
you applications change the mapped MAC address.
Traffic shaping shapes outbound network traffic only when used on a standard virtual switch
Off by default
ESX/ESXi hosts shape outbound traffic only by establishing parameters for 3 traffic
characteristics: Average Bandwidth, Peak Bandwidth and Burst Size.
Establish the policy at the virtual switch level or the port group level
Settings at the port group level override the settings at the switch level
Average Bandwidth
Establishes the number of kilobits per second to allow across a port, averaged over
time.
The average bandwidth is the allowed average load.
Peak Bandwidth
The maximum number of kilobits per second to allow across a port when it is sending a
burst of traffic.
This tops the bandwidth used by a port whenever the ports is using it burst bonus.
Burst Size
The maximum number of kilobytes to allow in a burst.
If this parameter is set, a port might gain a burst bonus if it does not use all its allocated
bandwidth.
NIC Teaming
Policies include load balancing and failover settings
Default policies are set for the entire Standard Switch
Policies can be overridden at the port group level
Virtual Port ID load balancing – a VMs outbound traffic is mapped to a specific physical
NIC. This method is simple and fast and does not require the VMkernel to examine the
frame for necessary information.
MAC Hash load balancing – Each VMs outbound traffic is mapped to a specific physical
NIC’s MAC address. This method has low overhead and is compatible with all switches
but may not spread traffic evenly across physical NICs.
IP Hash load balancing – A NIC for each outbound packet is chosen based on its source
and destination IP address. This method has higher CPU overhead but a better
distribution of traffic across physical NICs. It also requires 802.3ad link aggregation
support or EtherChannel on the switch.
Network failure is detected by the VMkernel, which monitors:
Link state only – Detects cable pulls and physical switch failures. Doesn’t detect
configuration errors.
Link state plus beaconing – VMkernel sends out and listens for probe packets on all
NICs in the team
Switches can be notified whenever:
There is a failover event
A new virtual NIC is connected to the virtual switch
Failover implemented by the VMkernel based on configurable parameters:
Failback – Determines how a physical adapter is returned to active duty after recovering
from a failure. If set to Yes, the failed adapter is returned to active duty immediately
after recovery, displacing the standby adapter that took its place. If set to No, the failed
adapter is left inactive after recovery until needed.
Load balancing option: Use explicit failover order – Always use the highest order uplink
from the list of active adapters that pass failover detection criteria.
VMFS
A clustered file system that allows multiple physical servers to read and write to the
same storage simultaneously.
A VMFS datastore can be configured to use an 8MB block size to support virtual disk
files up to 2TB.
A VMFS datastore uses subblock addressing to make efficient use of storage for small
files.
NFS
File sharing protocol used to communicate with a NAS device
NFS datastores are treated like VMFS datastores – can hold VM files, ISOs, templates
and use vMotion etc.
ESX/ESXi supports NFS version 3 over TCP only
ESX/ESXi hosts do not use the standard Network Lock Manager (NLM) protocol
VMware uses its own locking protocol. NFS locks are implemented by creating lock files
on the NFS server. Lock files are named .lck-, where is the value of the
fileID field. The lock file generates small 84-byte WRITE requests to the NFS server.
RDM – Raw Device Mapping
Acts as a proxy for a raw physical device
Stores data directly on a raw LUN
Can be used for data, VM clustering and storage array snapshots
Allows you to use your existing SAN commands to manage storage for the disk
Used when clustering VMs using Microsoft Clustering Service (MSCS)
A VMFS datastore can be used to hold RDMs that point to raw iSCSI volumes.
Thin provisioning disks can reduce the cost of storage for virtual environments by up to 50%.
SCSI Storage Devices
Use a SCSI ID – The unique address of a SCSI device
Canonical name – The Network Address Authority ID. Globally unique identifiers that
are persistent across system reboots.
The T10 identifier is another unique identifier. It can appear on any SCSI device.
They always begin with the string t10
mpx is a VMware namespace that is used when no other valid namespaces can
be obtained from the LUN. It is not globally unique or persistent across reboots.
Runtime name is the name of the first path to the device. It is created by the host. It is
not reliable or persistent.
ESX/ESXi support 2 types of IP storage
iSCSI – Used to hold one or more VMFS datastores
NFS – Used to hold one or more NFS datastores
Both support vSphere features like vMotion, HA and DRS
ESX/ESXi supports:
Up to 64 NFS volumes
iSCSI or NFS over a 10GbE interface
iSCSI or NFS in an IPv6 environment (experimental only)
ESX/ESXi supports booting from an iSCSI SAN
ESX hosts: From independent hardware iSCSI
ESXi hosts: From software iSCSI and dependent hardware iSCSI – The network adapter
must support only the iSCSI Boot Firmware Table (iBFT) format.
The ESX/ESXi host is configured with a software or hardware iSCSI initiator
Hardware is an iSCSI HBA
Software is an iSCSI Initiator
Software initiator is VMware code built into the VMkernel.
Hardware initiator is a 3rd party adapter capable of accessing iSCSI storage over TCP/IP
The Dependent hardware initiator depends on VMware networking and on iSCSI
configuration and management interfaces provided by VMware. You need to bind the
adapter and an appropriate VMkernel iSCSI port.
An independent hardware adapter handles all the iSCSI and network processing and
management for the ESX/ESXi host.
LUN Masking is available for iSCSI and works the same as in Fibre Channel.
Ethernet switches don’t use Zones like FC but rather use VLANs instead.
iSCSI Names
iSCSI qualified name (IQN) or the Extended Unique Identifier (EUI)
IQN - iSCSI qualified name
Can be up to 255 characters long
Uses the prefix iqn
Has a date code specifying the year and month in which the organization registered the
domain or subdomain uses as the naming authority string
Has an organizational naming authority string which consists of a valid, reversed domain
or subdomain name
May have a colon (:) followed by a string of the assigning organization’s choosing
Example - iqn.2001-04.com.example or iqn.2001-04.com.example:storage.disk2.sys1.xyz
EUI - Extended Unique Identifier
Uses the prefix eui followed by a 16 character name. The name includes 24 bits for a
company name that is assigned by the IEEE and 40 bits for a unique ID, such as a serial
number
Example - eui.02004567A425678D
Configuring a iSCSI software initiator
Create a VMkernel port on a virtual switch
Enable the software iSCSI initiator
Configure one or more target discovery addresses so that the iSCSI initiator can
determine which storage resources on the network is available for access. You cannot
change the IP address, iSCSI name, or port number of an existing target. To make
changes, remove the target and make a new one
Configure Challenge Handshake Authentication Protocol (CHAP) if needed.
ESX/ESXi supports per-target CHAP where you use different credentials for each target
(Software iSCSI only)
ESX/ESXi supports two iSCSI target discovery methods
Static Discovery – The initiator does not need to perform discovery. It knows in advance
all the targets it will be contacting and uses their IP addresses and domain names to
communicate with them.
Dynamic Discovery (SendTargets discovery) – Each time the initiator contacts a
specified iSCSI server; it sends the SendTargets request to the server. The server
responds by supplying a list of available targets to the initiator. The names and IP
addresses of these targets appear as static in the vSphere client.
CHAP
Unidirectional (one way CHAP) – the target authenticates the initiator, but the initiator
does not authenticate the target. You specify the CHAP secret. (Hardware and software
iSCSI).
Bidirectional (mutual CHAP) – The initiator is able to authenticate the target as well
(Software iSCSI only).
Only Unidirectional CHAP is available for hardware initiators
Configuring the iSCSI initiator
Install the iSCSI hardware adapter
Modify the iSCSI name and configure the iSCSI alias
Configure iSCSI target addresses
Configure iSCSI security (CHAP)
NFS Privileges
NFS privileges are assigned to the root user
When root_squash is on, the NFS server treats access by the root user as access by any
unprivileged user and might refuse the ESX/ESXi host access to VM files stored on the
NFS volume.
You must use the no_root_squash option instead to export an NFS volume. It allows the
root user to be recognized as root.
The NFS administrator must allow read and write privileges to the NFS datastore with
no_root_squash if you are deploying VMs on the NFS datastore.
Configuring an NFS Datastore
Separate it from the iSCSI network for better security and performance
Provide the NFS server name or IP address
Provide the folder on the NFS server
Choose whether to mount the NFS file system read-only or not. Use read-only for ISO
libraries and read/write for VMs
Choose the NFS datastore name
To see NFS datastores go to the Storage Views tab and display the Show all NAS Mounts
To unmount an NFS datastore right click the datastore and select Unmount or select the
datastore and click the Delete link.
Fibre Channel
ESX/ESXi supports 8Gb Fibre Channel and Fibre Channel over Ethernet (FCoE)
You can boot ESX/ESXi from a Fibre Channel SAN LUN – The BIOS of the Fibre Channel
adapter must be configured with the World Wide Name (WWN) and LUN number of the
boot device.
A Fibre Channel SAN consists of:
Storage System – Physical hard disks (array) and one or more intelligent controllers. The
storage system supports the creation of LUNs (logical volumes)
LUN – The address of a logical unit (LU). An LU can be a JBOD (Just a Bunch Of Disks), a
RAID set or part of a storage container
Storage Processor – A storage processor can partition a JBOD or RAID set into one or
more LUNs. Each connection is referenced by the HBA’s WWN.
HBA – Connects the ESX/ESXi host to the Fibre Channel network. A minimum of 2 HBA
adapters are used for FT
Fibre Channel Switches – One or more Fibre Channel switches form the Fibre Channel
fabric. The Fibre Channel fabric interconnects multiple nodes.
Soft Zoning – Controls LUN visibility per WWN and is done at the Fibre Channel switch
Hard Zoning – The control of storage processor visibility per switch port
Fabric Zoning – Controls target presentation and tells an ESX/ESXi host whether a target exists
WWNs are assigned by the manufacturer of the SAN. HBAs and storage processors have WWNs.
They are used to identify equipment for zoning purposes.
LUN Masking – Controls LUN visibility per host. Can be done in the ESX/ESXi host or at the
storage processor level (more secure and better data integrity)
The VMkernel scans for LUNs 0-255 (256 total). You can’t have a LUN with an ID over 256.
The Storage Views tab allows you to review associations between all storage entities available
in vCenter and analyze storage usage. Reports are updated every 30 minutes.
VMFS
Use VMFS 3 datastores whenever possible
VMFS is optimized for storing and accessing large files
A VMFS can have a maximum volume size of 64 TB (32 x 2TB -512k extents)
Offers some functions that NFS doesn’t support
Use RDMs if your VM is performing SAN snapshotting, is clustered using MSCS or has
large amounts of data that you don’t want to convert into a virtual disk
You cannot store an RDM on an NFS datastore but you can store an RDM on a VMFS datastore
You cannot use MSCS to cluster a VM that resides on a NFS datastore
Overcommitted datastore - When there are many thin provisioned virtual disks that use close
to their allotted disk space.
Increasing the size of a VMFS datastore
Add an extent to the VMFS datastore. You can add any extent to any VMFS datastore up
to 32 extents
Expand the VMFS datastore. Increase the size of the VMFS datastore within its extent if
it has free space
To expand a RDM’s underlying raw LUN on the array, you have to remove the RDM and re-
create it
Deleting a VMFS datastore permanently deletes the pointers to the files on the datastore, so
the files cannot be retrieved
Multipathing allows continued access to SAN LUNs in the event of hardware failure and also
provides load balancing
Hardware iSCSI Multipathing
Use 2 or more hardware iSCSI adapters
Software or dependent hardware iSCSI Multipathing
Use multiple NICs
Connect each NIC to a separate VMkernel port
Associate VMkernel ports with an iSCSI initiator so that each VMkernel port connected
to a separate NIC becomes a different path
Multiple paths can exist to a datastore on an ESX/ESXi host
Click the host’s Configuration tab
Click the Storage link
Right click the datastore and select Properties
Click Manage Paths
Path selection policies
Fixed – The host always uses the preferred path to the disk when that path is available.
Fixed is the default policy for active-active storage devices.
Most Recently Used – The host uses the most recent path to the disk until this path
becomes unavailable. The host does not revert back to the preferred path. Most
Recently Used is the default and required type for active-passive storage devices.
Round Robin – The host uses a path-selection algorithm that rotates through all
available paths. RR supports load balancing across the paths.
Pluggable Storage Architecture (PSA)
A VMkernel layer responsible for managing multiple storage paths
A collection of VMkernel APIs that allow third party vendors to insert code directly into
the ESX/ESXi storage I/O path (multipathing plug-ins MPPs)
VMware provides a generic MPP by default called Native Multipathing Plug-in (NMP)
When naming VMs, its best practice to avoid using special characters including spaces in the
name since the VM name is used to name the files that make up the VM.
Files that make up a Virtual Machine
.vmx – Virtual machine configuration file
.vmdk – File describing virtual disk characteristics
.-flat.vmdk – Pre-allocated virtual disk file that contains the data
.nvram – Virtual machine BIOS
Vmware.log & vmware-#.log – Virtual machine log file and files containing old virtual
machine log entries
.vswp – Virtual machine swap file
.vmsd – File that describes the virtual machine’s snapshots
.vmtx – Virtual machine template configuration file
If a VM is converted to a template, a virtual machine template configuration file (.vmtx)
replaces the virtual machine configuration file (.vmx)
If a VM has more than one disk file, the file pair for the second disk file and later is
named _#.vmdk and _#.-flat.vmdk where # is the next
number in the sequence starting with 1.
6 of the archive log files are maintained at any one time. Name-1.log, name-2.log etc.
A virtual disk consists of 2 files
The .vmdk files which describes the virtual disk’s characteristics
A –flat.vmdk file which contains the virtual disk’s data
The datastore browser only shows the .vmdk file
You can add multiple USB devices to a VM that resides on an ESX/ESXi host to which the device
is physically attached. The device is only available to VMS that reside on that host. A USB device
is available to only one VM at a time.
VMware virtual SNP allows you to take advantage of configuring a virtual machine with up to 8
virtual CPUs, allowing larger CPU-intensive workloads to run on ESX/ESXi hosts.
Adding the first virtual disk to a VM implicitly adds a virtual SCSI adapter for it to be connected.
ESX/ESXi offers a choice of adapters:
BusLogic Parallel
LSI Logic Parallel
LSI Logic SAS
VMware Paravirtual
Independent disk mode
Persistent – Use if you want changes to be immediately and permanently written to disk
Nonpersistent – Use if you want to discard changes when the VM is powered off or
reverted to a snapshot
Virtual Machine Network Adapters
Flexible – Functions as a vlance adapter if VMware tools is not installed on the VM. It
functions as a vmxnet driver if VMware tools are installed on the VM.
vlance – An emulated version of the AMD 79C970 PCnet32 LANCE NIC. Drivers are
available in most 32 bit operating systems.
vmxnet – A virtual network adapter that has no physical counterpart or vendor drivers
and is optimized for performance in a VM. The VM needs to have VMware tools
installed.
e100 – An emulated version of the Intel 8254EM Gigabit Ethernet NIC with drivers
available in most newer operating systems. It’s the default adapter for 64 bit guest
operating systems.
vmxnet2 (Enhanced vmxnet) – Based on the vmxnet adapter but provides high
performance features commonly used on modern networks such as jumbo frames and
hardware off-loads.
vmxnet3 – The next generation of paravirtualized NIC designed for performance. It’s not
related to vmxnet or vmxnet2. It offers all the features of vmxnet2 plus multiqueue
support (Receive-Side Scaling in Windows), IPv6 off-loads, MSI/MSI-X interrupt delivery,
fault tolerance and record/replay. Only supported by a limited set of guest operating
systems and only available on VMs with hardware version 7
The virtual CD/DVD drive can point to:
The CD/DVD drive or floppy drive of the ESX/ESXi host
A CD/DVD ISO image or floppy (.flp) image
The CD/DVD or floppy on your local system
Features of VMware Tools
Device Drivers
o SVGA display
o Bus Logic SCSI driver
o vmxnet/vmxnet3
o Balloon driver for memory management
o Sync driver for quiescing I/O
o VMware mouse driver
Virtual Machine Heartbeat
Time Synchronization
Ability to shut down a virtual machine
VMware Tools control panel
Scripts to help automate guest operating system operations
VMware user process – lets you copy/paste
Virtual Appliances
Typically includes a preinstalled guest OS
VAs are deployed as an Open Virtual Machine (OVF) template.
To import VA go to File>Browse VA marketplace then complete the deploy OVF
template wizard to download it and add it to the vCenter Server inventory
vSphere client allows you to import and export any file in OVF format
Specify OVF filename or URL that points to the file
Exporting VMs allows you to create virtual appliances that can be imported by other
users
VMs can be changed into templates without the need to make a full copy of the virtual machine
files and the creation of a new object
You can create a template by:
Cloning a VM to a template
Converting a VM to a template
Cloning a template
When you clone a VM to a template, the original VM is maintained.
When you convert a VM to a template, the original VM is replaced by the template.
When you clone a template, you make a copy of a template.
Clone to Template offers you the choice of format in which to store the VMs virtual disks
Same format as source
Thin provisioned disk
Thick format
Convert to Template does not offer a choice and leaves the VMs disk file intact.
View templates from the VMs and Templates inventory view or from Hosts and Clusters view by
selecting a container and clicking its Virtual Machines tab.
To deploy a VM from a template, right click the template and choose Deploy Virtual Machine
from this Template.
To convert a template to a VM, go to the VMS and Templates inventory view. Right click the
template and select Convert to Virtual Machine. You can also use the vCenter Update
Manager.
You can’t clone a VM if connected directly to an ESX/ESXi host.
When you clone a VM that is powered on, services and applications are not automatically
quiesced when the VM is cloned.
When you clone a VM or deploy from template, you can customize its guest OS
beforehand.
Use the Guest Customization wizard during cloning or deployment.
Or create customization specifications and apply to the new VM
vCenter must be configured for customizations
For Windows 2000, XP and 2003 you must install the Sysprep tools on the vCenter
Server
Sysprep tools are built into Vista and 2008
You can provision VMs across datacenters in vCenter. You can also create a template in one
datacenter and then deploy a VM from that template into a different datacenter.
vCenter Converter tasks
Converts physical machines to VMSs
Convert and import VMs created by VMware Workstation or Microsoft Virtual Server
2005
Convert third party backup or disk images to vCenter VMs
Restore VMware Consolidated Backup images to vCenter VMs
Export vCenter VMs to other VMware VM formats
Reconfigure vCenter VMs so they are bootable
Customize vCenter VMS
vCenter Converter Components
vCenter Converter Server – Enables the import and export of VMs . Install it on a
vCenter Server or an independent server with access to vCenter Server
vCenter Converter agent – Prepares a powered on physical or virtual machine for
import
vCenter Converter client – Plugin which provides access to the vCenter Converter
Import, Export and Reconfigure wizards from the vSphere Client.
Converter and Converter Client only run on Windows
Converter supports Windows and Linux for importing and exporting
Installation file – 100MB
vCenter Converter client – 25MB
vCenter Converter server – 300MB
vCenter Converter agent – 100MB
When performing a hot clone\live clone, vCenter Converter requires 350MB on the
source machine
vCenter Converter supports only pure IPv4 or IPv6 environments and the source,
destination and vCenter Converter server and agent must run the same version of IP
vCenter Converter uses cloning and the destination virtual disk might not be an exact copy of
the source disk
4 stages of hot cloning performed by vCenter Converter
Preparing the source machine for conversion
o vCenter Converter installs the vCenter Converter agent on the source machine
o The agent then takes a snapshot of the source volume
o vCenter Converter creates the snapshot with Microsoft’s Volume Snapshot
Service (VSS)
Preparing the VM on the destination machine
o vCenter Converter creates a new VM on the destination ESX/ESXi host
Completing the conversion process
o vCenter Converter installs required drivers to allow the OS to boot in the virtual
machine
Cleaning Up
o The agent removes all traces from the source machine. The VSS snapshot
created in stage one is deleted and the vCenter Converter agent is uninstalled
from the source
The Import Machine wizard allows you to import from the following sources
Powered on machine (physical or virtual)
VMware infrastructure VM
VMware Workstation or other VMware VM
Backup image or third party VM supported by vCenter Converter
Hyper-V Server VM
Data is copied to the destination using volume-based or disk-based cloning during importing
Volume-based cloning
o Used for hot cloning and importing existing VMs
o All volumes in the destination VM are basic volumes regardless of the source
volume
o Volume based cloning at the file level is when you specify a size smaller than the
original volume
o Volume based cloning at the block level is performed when you specify the same
or a larger volume size
o Supports all types of source volumes that Windows recognizes
Disk-based cloning
o Transfers all sectors from all disks and preservers all volume metadata
o The destination VM receives the same partitions, of the same type, as the
partitions of the source VM
o All volumes on the source machine’s partitions are copied as they are
o Disk based cloning supports all types of basic and dynamic disks
VM importing supports basic and dynamic volumes except RAID, Windows NT 4 fault-tolerant
and GUID partition table volumes.
Importing services
You can select which services to stop before vCenter Converter synchronizes the data
between the source and destination machine.
You can transfer data for the second time by copying only the changes made during the first
transfer of data. This process is called synchronization. Only available for Windows XP or later
source operating systems.
Settings that remain identical include operating systems configuration, computer name, SID,
user accounts, profiles, preferences, applications and data files, and the volume serial number
for each disk partition.
Modifying VM Settings
CPU hot plug – add CPU and memory to a VM while its powered on (enabled by default)
You must install VMware Tools and the VM must use hardware version 7 or later
The guest OS in the VM must support CPU and memory hot plugging
The hot plug option must be enabled in the Options tab of the VM’s properties
You can increase the size of a virtual disk that belongs to a VM that is powered on if it is a flat
virtual disk in persistent mode and the VM does not have snapshots.
Raw Device Mapping (RDM)
When you create a raw device mapping, vCenter Server creates a file in the specified
VMFS volume that points to the raw LUN
Encapsulating disk information in the file (the RDM) allows the VMkernel to lock the
LUN so that only one virtual machine can write to it.
An RDM supports 2 compatibility modes:
o Physical Compatibility mode
Allows the guest OS to access the hardware directly. Useful if you are
using SAN-aware applications in the VM
Cannot be cloned, made into a template or migrated if the migrations
involves copying to the disk
o Virtual Compatibility mode
Allows the VM to use VMware snapshots and other advanced
functionality.
Allows the LUN to behave as if it were a virtual disk
Can be cloned or made into a template (content of LUN copied to a
virtual disk file - .vmdk)
Virtual Machine Snapshots
Organized in a linear process or as a process tree
Linear Process – Each snapshot has one parent and one child, except for the last
snapshot which has no children
Process Tree – Each snapshot has one parent, but one snapshot can have more than
one child
A snapshot captures the entire state of the VM at the time you take the snapshot including:
Memory State – The contents of the VMs memory (if powered on)
Settings State – The VMs settings
Disk State – The state of all the VMs disks
In the Snapshot Manager you can do 3 things:
Delete – Commits the snapshot data to the parent snapshot and then removes the
selected snapshot
Delete All – Commits all the intermediate snapshots before the current state icon (You
are here) to the base disk and removes all snapshots for that VM
Go to – Allows you to restore, or revert to, a particular snapshot. The snapshot you
restore to becomes the current snapshot
A virtual machine can have one or more snapshots. Each snapshot consists of:
Memory state file - -Snapshot#.vmsn where # is the next number the
sequence starting with 1
Snapshot description file - -00000.vmdk – This file is a small text file that
contains information about the snapshot
Snapshot delta file - -00000#-delta.vmdk – This file contains changes to
the virtual disk’s data at the same time the snapshot was taken
.vmsd is the snapshot list file, created at the time the VM is created. It contains
information about all the snapshots that belong to the VM. This information includes the name
of the snapshot .vmsn file and the name of the virtual disk file
To create a vApp, use the New vApp wizard and then modify its settings
Resource allocation – Determines how CPU and memory should be allocated for the
vApp
IP allocation policy – Determines how IP addresses are allocated for the vApp
o Fixed (static)
o DHCP
o Transient – IP addresses are automatically allocated using IP pools from a
specified range
The distribution format for a vApp is OVF
When you delete a VM from a datastore, it is removed from vCenter Server and all VM files are
deleted from the datastore
Concurrent VM migrations
A host can be involved in up to 2 migrations with vMotion or Storage vMotion at one
time
A maximum of 8 simultaneous vMotion, cloning, deployment, or Storage vMotion
access to a single VMFS-3 datastore is supported
o Maximum of 4 for a NFS or VMFS-2 datastore
Comparison of Migration Types
Storage Tiering – Migrating VMs from Fibre Channel to iSCSI or NAS or within or between
enclosures with Storage vMotion
Upgrading datastores without VM downtime with Storage vMotion
You can migrate running VMs from a vMFS-2 datastore to a VMFS-3 datastore and
upgrade the VMFS-2 datastore without affecting VMs
Storage vMotion limitations:
VMs with snapshots cannot be migrated with Storage vMotion
VM disk must be in persistent mode or be RDMs
You can’t do a vMotion and Storage vMotion at the same time with the VM powered on
Access Control – Defined with the following concepts
Privilege – The ability to perform a specific action or read a specific property
Role – A collection of privileges
Object – An entity upon which actions are performed
User or Group – A user or group who can perform the action
The combination of a role, a user or group and an object equals a permission
Users who are in the Active Directory group ESX Admins are automatically assigned the
Administrator role. On ESXi you can use the Direct Console User Interface (DCUI) and technical
support mode to log in with AD accounts.
vCenter Server and ESX/ESXi hosts manage their own set of roles. A role that is created on the
vCenter Server is not visible to an ESX/ESXi host if a user logs in directly to a host.
A role is assigned to a user or group
All roles are independent of one another
Objects are entities on which actions are performed
Objects include datacenters, folders, resource pools, clusters, hosts, datastores,
networks and virtual machines
All objects have a Permissions tab
This tab shows which user or group and role are associated with the selected object
To assign a permission:
Select a user
Select a role
Propagate the permission to child objects (Optional)
You can view all of the objects to which a role was assigned and all of the users or groups who
were granted the roles (Home>Administration>Roles)
You can override permissions set at a higher level by explicitly setting different permissions for
a lower level object
When a user is a member of multiple groups, and these groups have permissions on the same
object in the inventory, the user is assigned the union of privileges assigned to the groups for
that object.
Permissions defined explicitly for the user on an object take precedence over a user’s group
permissions on that same object.
Mechanisms for optimizing virtual machine resource use (3 groups)
Mechanisms that are managed by the VMkernel
Mechanisms that are used at the discretion of each virtual machine’s owner
Mechanisms that are used by the vSphere administrator to set policies for virtual
machines
Resource management is the allocation of resources from providers (hosts, clusters, and
resource pools) to consumers (virtual machines). Resources include CPU, memory, storage and
network
Resource allocation settings
CPU and memory is controlled by using shares, limits and reservations
Storage I/O is controlled by using shares and limits
A virtual machine has 3 user defined settings that affect its CPU resource allocation:
CPU limit defines the maximum amount of CPU, measured in megahertz, that this VM is
allowed
CPU reservation defines the amount of CPU, measured in megahertz, reserved for the
VM when CPU contention occurs
Shares specify the relative priority or importance of a VM. If a VM has twice the CPU
shares as another virtual machine, it is entitled to consume twice as much CPU when
these VMs are competing for resources
The Proportional Share mechanism applies to CPU, memory, and storage I/O allocation. It
operates only when VMs are contending for the same resource
Shares guarantee that a VM is given a certain amount of a resource
You can add shares to a VM while it is running, and it will get more access to that
resource (assuming competition for the resource)
A virtual machine has 4 user defined memory settings that affect its memory resource
allocation:
Available memory is the amount of memory of given to the VM at the time it was
created
Memory limit defines the maximum amount of virtual machine memory that can reside
in RAM, not to exceed available memory
Memory reservation is the amount of RAM reserved for that VM. Unused memory
reservations, like CPU reservations, are not wasted
Memory shares control how often it wins competition for RAM when RAM is scarce
Storage I/O Control provides quality of service capabilities for storage I/O in the form of I/O
shares and limits that are enforced across all virtual machines accessing a datastore, regardless
of which host they are running on
When you allocate storage I/O resources, you can limit the input/output operations per second
(IOPS) that are allowed for a virtual machine.
Configuring Storage I/O Control is a 2 step process:
Enable Storage I/O Control for each datastore that you want to control
Set the number of storage I/O shares and upper limit of IOPS for each VM
By default, all VM share are set to Normal (1000), with unlimited IOPS
A Resource Pool is a logical abstraction for hierarchically managing CPU and memory resources
It is used on standalone hosts or clusters enabled for VMware Distributed Resource
Scheduler (DRS)
The topmost resource pool is called the root resource pool. Each standalone host and each DRS
cluster has an (invisible) root resource pool that groups the resources of that host or cluster.
The root resource pool does not appear, because the resources of the host (or cluster)
and the root resource pool are always the same
A vApp is not only a container for VMs but also a resource pool for its virtual machines
Benefits of resource pools:
Flexible hierarchical organization
Isolation between pools and sharing within pools
Access control and delegation
Separation of resources from hardware
Management of sets of virtual machines running a multitier service
Resource pool attributes:
Shares – Low, normal, high and custom
Reservations, in MHz and MB
Limits in MHz and MB (unlimited by default)
Expandable reservation?
o Yes – VMs and subpools can draw from this pool’s parent
o No – VMs and subpools can draw only from this pool, even if its parent has free
resources
You can create a resource pool on an ESX/ESXi standalone host, DRS cluster, or in another
resource pool.
Except for the root resource pool, every resource pool has a parent resource pool. A resource
pool might contain child resource pools or only VMs that are powered on within it
A child resource pool is used to allocate resources from the parent resource pool for the child’s
consumers. Administrative control can also be delegated to individuals or organizations. A child
resource pool cannot exceed the capacity of the parent resource pool. Creating a child pool
reserves resources from the parent pool, whether or not any virtual machines in the child pool
are powered on.
Expandable reservation allows a resource pool that cannot satisfy a reservation to request
through its hierarchy to find unreserved capacity to satisfy the reservation request.
Admission Control is used to ensure that you cannot allocate resources that are not available.
Certain operations must satisfy admission control
Powering on a VM
Creating a resource pool with its own reservations
Increasing a resource pool’s reservation
The resource pool Summary tab displays information that applies to the host machine and its
resources:
The General pane displays basic information about VMs in the resource pool, as well as
child resource pools
The CPU pane displays host CPU usage
The Memory pane displays host memory usage
The Commands pane allows you to perform actions like creating a VM, creating a
resource pool, and editing a resource pool’s settings
The Resource Allocation tab allows you to display information about a resource pool’s
CPU, memory and storage resources
You can schedule a task to change the resource settings for a resource pool or virtual machine
You can configure a VM with up to 8 virtual CPUs. The VMkernel includes a CPU scheduler that
dynamically schedules vCPUs on the physical processor of the host system.
Hyperthreading provides more logical CPUs on which vCPUs can be scheduled. It does not
double the power or a core. Hyperthreading is enabled by default. You can enable
hypertheading in the system BIOS.
Logical processors on the same core have adjacent CPU numbers. Logical processors 0 and 1 are
on the first core together; logical processors 2 and 3 are on the same core, and so on.
Every 2-40 milliseconds (depending on the socket-core-thread topology), the VMkernel looks to
migrate vCPUs from one logical processor to another to keep the load balanced. The VMkernel
does its best to schedule virtual machines with multiple vCPUs on 2 different cores rather than
on 2 logical processors on the same core.
For ESX hosts only, the service console always runs on the first logical processor and is never
migrated to another one.
If a logical processor has no work, it is put into a halted state. This action frees its execution
resources.
The VMkernel manages a machine’s entire memory
Part of this memory is used by the VMkernel
Some of this memory is used by the service console (ESX only)
The rest is available for use by VMs (configured memory, plus overhead)
VMS can use more memory than the physical machine has available (Overcommitment)
Memory compression improves virtual machine performance when memory is overcommitted.
When memory becomes overcommitted, virtual pages are compressed and stored in
memory
Compressed memory is faster to access than memory swapped to disk
Enabled by default
When a host’s memory becomes overcommitted, ESX/ESXi compresses virtual pages
and stores them in memory
Accessing compressed memory is faster than accessing memory that has been swapped
to disk
The Service Console typically uses 300MB
The VMkernel dynamically scans memory to look for duplicate pages. The VMkernel detects
when different virtual machines have memory pages with identical content and arranges for
those pages to be shared. That is, a single physical page is mapped into each VM’s address
space. If a VM tries to modify a page that is shared, the VMkernel creates a new, private copy
for that VM and then maps that page into the address space of that VM only. The other VMs
continue to share the original copy.
The Balloon Driver refers to the vmmemctl device driver
Used to perform memory deallocation or reallocation
Installed on the guest OS when you install VMware Tools
It demands memory from the guest OS and later to relinquishes it under the control of
the VMkernel
When a system is not under memory pressure, no VM’s balloon is inflated. But when
memory becomes scarce, the VMkernel chooses a VM and inflates it balloon telling the
balloon driver in the VM to demand memory from the guest OS
VMkernel Swap File
Each VM has its own
Created when the VM is powered on and deleted when it’s powered off
Default location is the same VMware vStorage, VMFS volume as the VM’s boot disk.
Size is equal to the difference between the memory guaranteed to it, if any, and the
maximum it can use
Allows the VMkernel to swap out the VM’s machine entirely if memory is scarce
Used as last resort since performance is slow
If a VM can’t get enough memory through ballooning, the VMkernel forcibly reclaims memory
from other VMs. The VMkernel copies the contents of the pages of these VMs to their
corresponding swap files before giving the pages to the VM that needs memory.
By default, up to 65% of a VM’s memory can be taken away in the ballooning process, subject
to the memory reservation settings.
VMware Tools includes a library of functions called the Perfmon DLL.
Perfmon allows you to access key host statistics in a guest VM.
The Perfmon performance objects (VM Processor and VM Memory) allow you to view
actual CPU and memory use alongside observed CPU and memory use of the guest OS.
Click Overview to display charts for the most common data counter for CPU, disk,
memory, and network metrics.
Click Advanced to view data counters not supported in the overview performance
charts, to export chart data, and to print charts.
The key to interpreting performance data is to observe the range of data from the guest
operating system, the virtual machine, and the host’s perspective
Multiple Virtual Machines are constrained by CPU if:
There is high CPU use in the guest OS
There are relatively high CPU ready values for the VMs
Ready Time refers to the interval when a VM is ready to execute instructions but cannot,
because it cannot get scheduled onto a CPU
When a VM experiences ballooning activity, some of the guest operating system’s physical
memory is being reclaimed from the VM by the balloon driver. If a VM experiences high
ballooning values, this might not be a problem if the VM continues to have the memory that it
needs. But if a VM experiences high ballooning activity over time and its guest operating system
stars to page, the VM might be constrained for memory.
Monitoring for increases in active memory on the host
Host active memory refers to active physical memory used by virtual machines and the
VMkernel
If amount of physical memory is high, this could lead to VMs that are memory
constrained
Disk-intensive applications can saturate the storage or the path. If you suspect that a VM is
constrained by disk access:
Measure the throughput and latency between the virtual machine and storage
Use the advanced performance charts to monitor:
o Read rate and write rate
o Read latency and write latency
If you select a host object, you can view throughput and latency for a datastore, a storage
adapter, or a storage path. The storage adapter charts are only available for Fibre Channel
storage. The storage path charts are available for Fibre Channel and iSCSI storage, not NFS.
To monitor throughput, view the Read rate and Write rate counters. To monitor latency, view
the Read latency and Write latency counters
Find disk problems by monitoring disk latency and data counters
Kernel Command Latency
o Measures the average amount of time, in milliseconds, that the VMkernel
spends processing each SCSI command
o For best performance, the value should be 0-1 milliseconds
Physical Device Command Latency
o Measures the average amount of time, in milliseconds, for the physical device to
complete a SCSI command
o Depending on your hardware, a number greater than 15 milliseconds indicates
that the storage array might be slow or overworked
If you suspect a VM is constrained by the network:
Confirm that VMware Tools is installed and that the enhanced network drivers are
available
Measure the effective bandwidth between the VM and its peer system
Check for dropped receive packets and dropped transmit packets
To determine whether packets are being dropped, use the advanced performance
charges to examine the droppedTx and droppedRx network counter values of a VM
Alarms
The predefined alarms are configurable
To create an alarm, right click an object in the inventory and select Alarm>Add Alarm
The Alarm Settings dialog box has 4 tabs: General, Triggers, Reporting and Actions
In the General tab, you name the alarm, give it a description, enable or disable the
alarm, give it an alarm type and select what to monitor
o Monitor for specific conditions or state
o Create conditions based alarms for VMs, hosts and datastores
o Monitor for specific events occurring on this object
o Create event based alarms for VMs, hosts, clusters, datacenters, datastores,
networks, distributed virtual switches, and distributed virtual port groups
Triggers tab
Alarms have 2 types of Triggers: condition or state triggers and event triggers
Condition or State Triggers
o Monitor the current condition or state of virtual machines, hosts and
datastores
o Conditions or states include power states, connection states, and
performance metrics such as CPU and disk usage
Event Triggers
o Monitor events that occur in response to operations occurring with a
managed object in the inventory or the vCenter Server itself
If you add multiple triggers, you can choose to trigger the alarm if any one of the conditions is
satisfied or if all the conditions are satisfied
Reporting tab
Used to define a tolerance range and trigger frequency for condition or state triggers
(not available for event triggers)
Reporting further restricts when the condition or state trigger occurs. You can specify a
range or a frequency
o If using a range, the triggered alarm is repeated when the condition exceeds the
range
o If using a frequency, the triggered alarm is repeated every so often (in minutes)
Actions tab
Every alarm can send a notification email, send a notification trap, or run a command
You can set alarms to trigger when the state changes:
o From a green circle to a yellow triangle
o From a yellow triangle to a red diamond
o From a red diamond to a yellow triangle
o From a yellow triangle to a green circle
o For every action, you can specify an option for each color transition:
Empty indicates no interest in the transaction
Once tells vCenter to do the action only one time
Repeat tells vCenter to repeat the action until another color change
occurs. The default if 5 minutes and the maximum is 2 days
Virtual machine and host alarms have more actions such as:
o Power on a VM
o Power off a VM
o Suspend a VM
o Reboot host
o Shut down host
You can configure up to 4 receivers of SNMP traps.
o They must be configured in numerical order
o Each SNMP trap requires a corresponding host name, port and community
Data Protection
After you configure, change the configuration, or upgrade an ESXi host, backup your
configuration
The serial number is backed up and restored when you restore your configuration
The serial number is not preserved when you run the recovery CD (ESXi Embedded) or
perform the repair operation (ESXi Installable)
Use the vicfg-cfgbackup command to do the backup from the vCLI from Windows or
Linux
Use the recovery CD or the repair option if the host does not boot up because the file
partitions or MBR on the installation disk might be corrupted
Use the following methods when backing up the Service Console:
File backed backup
o Treat the service console as a physical machine with a deployed backup agent
Image based backup
o Use third party software to create a backup imaged that you can restore quickly
Virtual Machine Backups
VMware Consolidated Backup (VCB)
Used with supported third party software to do backups of virtual machine disks.
Centralizes backup on the VCB proxy server
VCB is the previous generation backup technology (vStorage APIs for Data Protection
and Data Recovery is most current)
vStorage APIs for Data Protection
Allows backup and recovery of entire VM images across SAN storage or LANs
Is an easy Smart Plug-in (SPI) that is directly integrated with backup tools from third
party vendors
Enables you to remove load from the host and consolidates backup load onto a central
backup server
Protects VMs that use any type of storage supported by ESX/ESXi (Fibre Channel, iSCSI,
NAS or local storage
Part of a larger set of APIs know as vStorage APIs and consists of the following sets:
o Site Recovery Manager
o Array Integration
o Multipathing
o Data Protection
VMware Data Recovery (VDR)
Agentless disk based backup and recovery appliance
Based on the vStorage APIs for Data Protection
VMware vCenter plugin
Supports up to 10 appliances per vCenter Server instance
Supports up to 100 VMs per appliance
Intended for small to mediums sized environments
Different backup appliances do not share information about backup jobs
All backed up VMs are stored in a deduplicated store. The deduplicated store can be
stored in a VMFS, RDM, NFS, or Common Internet File System (CIFS) shares
Requires an absolute minimum of 10GB of free space
Need Essentials Plus, Advanced, Enterprise or Enterprise Plus licensing
VDR components communicate with each other over TCP
o Connects to vCenter Server Web services on ports 80 and 443
o Client plugin and File Level Restore connect to the backup appliance over port
22024
o The backup appliance connects to an ESX/ESXi host over port 902
VDR Deduplication
RDMs are recommended for deduplication stores
To maximize deduplication rates, ensure that similar VMs are backed up to the same
destination
The deduplication store completes the following processes:
o Integrity check
Verifies and maintains data integrity
VDR completes an incremental integrity check every 24 hours
VDR performs an integrity check of all restore points once a week
o Recatalog
Ensures that the catalog of restore points is synchronized with the
contents of the deduplication store
o Reclaim
Reclaims space on the deduplication store
Runs daily or when a backup job requires more space than is available on
the deduplication store
Supports deduplication stores that are up to 1TB in size on VMDKs and RDMs and
500GB on CIFS shares
Each backup appliance is limited to using 2 deduplication stores
VDR installation
Install the client plugin
Install the backup appliance
Add a hard disk to the backup appliance
Configuration
Power on the appliance and change the root password
Configure network settings, and reboot if necessary
Connect the appliance to the vCenter Server
Configure the backup destination on the appliance
Default username is root and password is vmw@re
VDR backup jobs
A maximum of 8 jobs can run simultaneously
Backup jobs can backup 100 VMs total
By default, backup jobs run at night Monday through Friday and at any time Saturday
and Sunday
Rehearsal Restore
Used to test how a VM would be restored through restore operations
Does not replace the current VM
File Level Restore
Can be installed in Windows or Linux VMs
Requires administrator privileges
Not supported on physical machines
vCenter Linked Mode
Log in simultaneously to all vCenter Server systems
View and search the inventories of all vCenter Server systems
You cannot migrate hosts or VMs between vCenter Server systems in Linked Mode
Can have up to 10 linked vCenter Server systems
Can have up to 3,000 hosts across the linked vCenter Server systems
Supports 30,000 powered on VMs and 50,000 registered VMs across linked vCenter
Server systems
Uses Microsoft’s Active Directory Application Mode (ADAM) to store and synchronize
data across multiple vCenter Server instances
Using peer to peer networking, the vCenter Server instances in Linked Mode replicated
shared global data to the LDAP directory
The vSphere Client can connect to other vCenter Server instances by using the
connection information retrieved from ADAM.
The Apace Tomcat Web service running on vCenter Server enables the search capability
across multiple vCenter Server instances
For inventory searches, vCenter Linked Mode relies on a Java based Web application
called the query service, which runs in Tomcat Web services
The search service queries Active Directory for information about user permissions. So
you must be logged in to a domain account to search all vCenter Server systems in
vCenter Linked Mode
When adding a vCenter Server instance to a Linked Mode group, the user running the installer
must be a local administrator on the machine where vCenter Server is being installed and on
the target machine of the Linked Mode group. Generally, the installer must be run by a domain
user who is an administrator of both systems
The following requirements apply to each vCenter Server system that is a member of a Linked
Mode group:
DNS must be operational for Linked Mode replication to work
The vCenter Server instances in a Linked Mode group can be in different domains if the
domains have a 2 way trust relationship. Each domain must trust the other domains on
which vCenter Server instances are installed
All vCenter Server instances must have network time synchronization. The vCenter
Server installer validates that the machine clocks are no more than 5 minutes apart
Install the first vCenter Server instance as a standalone instance
The vCenter Server instances in a Linked Mode group do not need to have the same domain
user login
During vCenter Server installation, if you enter an IP address for the remote instance of vCenter
Server, the installer converts it into a fully qualified domain name
To join a vCenter Server system to a Linked Mode group click on
Start>Programs>VMware>vCenter Server Linked Mode Configuration
vCenter Server Status shows information such as:
A list of all vCenter Server systems and their services
A list of all vCenter Server plugins
The status of all listed items
The data and time of the last change in status
Messages associated with the change in status
Roles are replicated when a vCenter Server system is joined to a Linked Mode group
If role names differ on vCenter Server systems, they are combined into a single common
list and each server will have all the user roles
If role names are identical, they are combined into a single role if they have the same
privileges
If role names are identical, and the roles contain different privileges, these roles must be
reconciled
Use the vCenter Server Linked Mode Configuration wizard to isolate (remove) a vCenter Server
instance from a Linked Mode group
Start>Programs>VMware>vCenter Server Linked Mode Configuration
Click Modify linked mode configuration and click Next
Click Isolate this vCenter Server instance from linked mode group
Host Profiles
Basic workflow to implement host profiles:
o Setup and configure a host for a reference
o Use the Create Profile wizard to create a profile from the designated reference
host
o Attach the host or cluster to the profile
o Check the host’s compliance against a profile to ensure that the host continues
to be correctly configured
o Check new hosts for compliance against the host profile. You can easily apply the
host profile of the reference host to other hosts or clusters of hosts that are not
in compliance
You can also import and export a profile file to a host profile that is in the VMware profile
format (.vpf)
After the host profile is created and associated with a set of hosts or clusters, you can check the
compliance status from various places in the vSphere Client
Host Profiles main view – Displays compliance status of hosts and clusters, listed by
profile
Host Summary tab – Displays compliance status of the selected host
Cluster Profile Compliance tab – Displays compliance status of the selected cluster and
all the hosts within the selected cluster
Whenever a new host is added into a cluster, it is checked for compliance against the host
profile that has been applied
You can also schedule tasks in vSphere to help automate compliancy checking
To apply a host profile:
Go to Home>Management>Host Profiles
Select the host profile in the inventory and click the Hosts and Clusters tab
Right click the host and select Apply
vNetwork Distributed Switch
vCenter Server owns the configuration of the distributed virtual switch. The
configuration will be consistent across all the hosts that use it
A distributed virtual switch can support up to 350 hosts
A distributed virtual switch can benefit from the performance of 10GbE physical NICs
Provides support for private VLANs
Distributed ports migrate with their clients
Private VLANs allow you to use VLAN IDs within a private network without having to worry
about duplicating VLAN IDs across a wider network
Some configuration is specific to the host. A host’s uplink ports are allocated to the distributed
virtual switch and are managed in the host’s network configuration. Similarly, the VMkernel and
service console ports are managed in the host’s network configuration as well.
You connect a virtual machine to a distributed virtual switch by connecting the VMs NIC to a
port group on the distributed virtual switch
A distributed virtual switch is a managed entity configured in vCenter Server
Each distributed virtual switch includes distributed ports. A distributed port represents a port to
which you can connect any networking entity, such as a VM, a VMkernel interface, or a service
console interface (ESX only)
Ports can exist without port groups
An uplink is an abstraction to associate the vmnics from multiple hosts to a single distributed
virtual switch
VMs on different hosts can communicate with each other only if both VMs have uplinks on the
same broadcast domain
The distributed virtual switch architecture consists of 2 planes: the control plane and the I/O
plane
The control plane resides in vCenter Server and is responsible for configuring distributed
virtual switches, distributed port groups, distributed ports, uplinks, NIC teaming etc.
The I/O plane is implemented as a hidden virtual switch in the VMkernel of each
ESX/ESXi host. The I/O plane manages the I/O hardware on the host and is responsible
for forwarding packets
Editing general switch properties
The settings dialog box has 3 tabs: Properties, Network Adapters and Private VLAN
The Network Adapters tab is a read only form that allows you to verify which physical
adapters are connected to the distributed virtual switch
The Private VLAN tab allows you to setup private VLANs for the distributed virtual switch
The Network Adapters and Private VLAN tabs are only available for distributed virtual
switches, not for distributed ports or distributed port groups
Settings on the Properties tab are grouped into the categories General and Advanced.
General properties for the distributed virtual switch allow you to edit the information
specified when creating the distributed virtual switch
Advanced properties on the distributed virtual switch allow you to define the maximum
transmission unit (MTU), the Cisco Discovery Protocol (CDP) status, and the
administrator contact details
MTU (Maximum Transmission Unit) determines the maximum size of frames in this distributed
virtual switch. The distributed virtual switch drops frames bigger than the specified size. If your
environment supports jumbo frames, use this option to enable or disable jumbo frames on the
distributed virtual switch. To enable jumbo frames on the distributed virtual switch, set the
Maximum MTU to 9000. To use jumbo frames, the network must support it end to end.
ESX/ESXi supports jumbo frames in the gest OS and on VMkernel ports.
CDP has 3 operation modes:
Listen mode (default) – The ESX/ESXi host detects and displays information about the
associated Cisco switch port. But information about the virtual switch is not available to
the Cisco switch admin
Advertise mode - The ESX/ESXi host makes information about the virtual switch
available to the Cisco switch admin
Both mode – does both
Network resource pools determine the priority that different network traffic types are given on
a distributed virtual switch. By default, Network I/O Control is disabled. When Network I/O
Control is enabled, distributed virtual switch traffic is divided into the following network
resource pools:
FT traffic
iSCSI traffic
vMotion traffic
Management traffic
NFS traffic
VM traffic
Network shares and limits apply to a host’s outbound network I/O traffic only
To enable Network I/O Control
Go to Home>Inventory>Networking
Select the distributed virtual switch in the inventory and click the Resource Allocation
tab
Click the Properties link and select Enable network I/O control on this vDS
To modify the shares or limits of a particular network resource pool, right click the
resource pool and select Edit Settings
vMotion Migration
The state information includes the current memory content and all the information that defines
and identifies the virtual machine
vMotion Migration consists of the following steps:
1. The VMs memory state is copied over the vMotion network from the source host to the
target host
2. After most of the VMs memory is copied from the source host to the target host, the
VM is quiesced: no additional activity will occur on the VM
3. Immediately after the VM is quiesced on the source host, the VM is initialized and starts
running on the target host
4. Users access the VM on the target host instead of the source host
5. The VM is deleted from the source host
A Virtual Machine must meet the following requirements for vMotion:
A VM must not have a connection to an internal vSwitch (vSwitch with zero uplink
adapters)
A VM must not have a connection to a virtual device (Such as a CD-ROM or floppy) with
a local image mounted
A VM must not have CPU affinity configured
If the VM’s swap file is not accessible to the destination host, vMotion must be able to
create a swap file accessible to the destination host before migration can begin
If a VM uses an RDM, the RDM must be accessible by the destination host
Host requirements for vMotion Migration
Source and destination hosts must have:
Visibility to all storage (Fibre Channel, iSCSI, or NAS) used by the VM
o 128 concurrent vMotion migrations per vStorage VMFS datastore
At least a Gigabit Ethernet network
o 4 concurrent vMotion migrations on a 1Gbps network
o 8 concurrent vMotion migrations on a 10Gbps network
Access to the same physical networks
Compatible CPUs:
o CPU feature sets of both the source and destination host must be compatible
o Some features can be hidden by using Enhanced vMotion Compatibility (EV) or
compatibility masks
If you are using standard virtual switches for networking, ensure that the network labels used
for VM port groups are consistent across hosts
AMD No eXecute (NX) and Intel eXecute Disable (XD) technologies serve the same security
purpose: to mark memory pages as data-only to prevent malicious software exploits and buffer
overflow attacks
If NX/XD technology is exposed on the source host, then it must be exposed on the destination
host. NX/XD technology is exposed by default for all guest operating systems that can use it
(trading off compatibility for security by default)
Hiding the NX/XD flag will increase vMotion compatibility between hosts, at the cost of
disabling certain CPU security features for some guest operating systems and applications
To hide the NX/XD flag from the guest OS:
Right click the powered off VM and click Edit Settings
Click the Options tab
Select the CPUID Mask setting to hide or expose the flag
If the specifications of a server or its CPU features are unknown, you can use the VMware CPU
Identification Utility to boot a server and determine whether its CPUs contain features like
SSE3, SSSE3, and NX/XD
You can verify vMotion requirements by viewing the Maps tab of the VM being migrated
DRS Clusters
A cluster is a collection of ESX/ESXi hosts and associated VMs with shared resources and
a shared management interface
The following cluster-level resource management capabilities are available:
Initial placement – When you first power on a VM in the cluster, DRS either places the
VM on an appropriate host or makes a recommendation
Load balancing – DRS continuously monitors the distribution and usage of CPU and
memory resources for all hosts and VMs in the cluster
Power management – When VMware DPM is enabled, DRS compares cluster-level and
host-level capacity to the demands of the clusters VMs, including recent historical
demand. It places (or recommends placing) hosts in standby power mode if sufficient
excess capacity is found or powering on hosts if capacity is needed.
A system that is added to a DRS cluster must meet certain prerequisites to use cluster features:
DRS works best if the VMs meet vMotion requirements
To use DRS for load balancing, the hosts in your cluster must be part of a vMotion
network
Configure all managed hosts to use shared storage (VMFS or NFS datastores)
Place the disks of all VMs on shared storage that is accessible by source and destination
hosts
Ensure that the shared storage is sufficiently large to store all virtual disks for you VMs
DRS automation levels
Manual – When you power on a VM, DRS displays a list of recommended hosts on which to
place the VM. When the cluster becomes unbalanced, DRS displays recommendations for VM
migration
Partially automated – When you power on a VM, DRS places it on the best suited host. When
the cluster becomes unbalanced, DRS displays recommendations for VM migration
Fully automated – When you power on a VM, DRS places it on the best suited host. When the
cluster becomes unbalanced, DRS migrates VMs from overutilized hosts to underutilized hosts
to ensure a balanced use of cluster resources.
The migration threshold determines how quickly DRS migrates VMs:
Level 1 (Conservative) – Applies only priority 1 recommendations. vCenter Server will
apply only recommendations that must be taken to satisfy cluster constraints like
affinity rules and host maintenance
Level 2 – Apply priority 1 and priority 2 recommendations. vCenter Server will apply
recommendations that promise a significant improvement to the cluster’s load balance
Level 3 (default) - Apply priority 1 and priority 2 and priority 3 recommendations.
vCenter Server will apply recommendations that promise at least good improvement to
the cluster’s load balance
Level 4 - Apply priority 1 and priority 2, priority 3 and priority 4 recommendations.
vCenter Server will apply recommendations that promise even a moderate
improvement to the cluster’s load balance
Level 5 (Aggressive) – Apply all recommendations. vCenter Server will apply
recommendations that promise even a slight improvement to the cluster’s load balance
Enhanced vMotion Compatibility (EVC)
Use EVC to help ensure vMotion compatibility for the hosts in a cluster
EVC ensures that all hosts in a cluster present the same CPU feature set to VMs, even if
the actual CPUs on the hosts differ
Hosts that cannot be configured to use the CPU baseline for an EVC cluster are not
permitted to join the cluster
EVC requirements for all hosts on the cluster
Use CPUs from a single vendor (either Intel or AMD)
o Use Intel CPUs with Core 2 micro architecture or newer
o Use AMD first generation Opteron CPUs and newer
Run ESX 3.5 Update 2 or later
Be connected to vCenter Server
Be enabled for hardware virtualization (AMD-V or Intel VT)
Be enabled for execution-disable technology (AMD No eXecute (NX) or Intel eXecute
Disable (XD))
Be configured for vMotion migration
Applications in VMs must be well-behaved
VMware recommends creating an empty EVC cluster as the simplest way of creating an EVC
cluster with minimal disruption to your existing infrastructure
By default, swap files for VMs are on a VMFS datastore in the folder containing the other VM
files
If the swap file location specified on the destination host differs from the swap file location
specified on the source host, the swap file is copied to the new location. Copying the swap file
can result in slower migrations with vMotion
After a DRS cluster is created, you can edit its properties to create rules that specify affinity.
There are two types of rules:
Affinity rules – DRS should try to keep certain VMs together on the same host
Anti-affinity rules – DRS should try to make sure that certain VMs are not together
DRS Group
A group of VMs
A group of hosts
A VM can belong to multiple VM DRS groups
A host can belong to multiple DRS groups
A Virtual Machines to Host affinity rule specifies whether the members of a selected virtual
machine DRS group can run on the members of a specific host DRS group
A Virtual Machines to Host affinity rule includes 3 components
One virtual machine DRS group
One host DRS group
A designation of whether the rule is a requirement (“must”) or a preference (“should”)
and whether it is affinity (“run on”) or anti-affinity (“not run on”)
The VMs and hosts that are included in a rule must all reside in the same cluster
A preferential rule is one that is softly enforced. Preferential rules can be violated to allow the
proper functioning of DRS, VMware High Availability, and VMware DPM
A Virtual Machines to Hosts affinity rule that is required, instead of preferential, can be used
when the software that you are running in your VMs has licensing restrictions
The rule does not monitor the software running in the VMs nor does it know what non-
VMware licenses are in place on which ESX/ESXi hosts
You can customize the automation level for individual virtual machines in a DRS cluster to
override the automation level set on the entire cluster
As a best practice, enable automation
Partially Automated or Fully Automated
Use Manual on VMs where you want more control
When adding a host with resource pools to a DRS cluster, you must decide on resource pool
placement.
By default, the resource pool hierarchy is discarded and the host is added at the same
level as the VMs.
You can choose to graft the host’s resource pools onto the cluster’s resource pool
hierarchy
You can choose a name for the resource pool created to represent the host’s resources.
By default, the resource pool created to represent the host’s resources is named
Grafted from
The VMware DRS pane in the cluster’s Summary tab appears only when DRS is enabled. This
section provides DRS information like:
The automation levels selected
The number of DRS recommendations and faults
The migration threshold
It also provides 2 standard deviation values
o Target host load standard deviation – A value derived from the migration
threshold setting that indicated the value under which load imbalance is to be
kept
o Current host load standard deviation – A value indicating the current load
imbalance in the cluster. This value should be less than the target host load
standard deviation, unless unapplied DRS recommendations or constraints
preclude attaining that level
Click the View Resource Distribution Chart link to open the Resource Distribution chart. This
chart provides CPU and memory use information, displayed per VM
Green means that 100% of the VMs entitled resources has been delivered to it
There are 3 views from the DRS tab – Recommendations, Faults and History
Recommendations
o Allows you to view and edit cluster properties
o Only manual recommendations awaiting user confirmation appear on this list
o To refresh the recommendations, click Run DRS
o To apply all recommendations, click Apply Recommendations
o To apply a subset of the recommendations, select the Override DRS
recommendations check box
Monitoring cluster status
An icon on the cluster object shows whether a cluster is valid, overcommitted (yellow triangle),
or invalid (red diamond)
A cluster can become overcommitted if a host fails
A cluster can become invalid if you use the vSphere Client to directly access the ESX/ESXi
host to power on or make changes to the VM
A cluster can become invalid if the user reduces the reservation on a parent resource
pool while a VM is in the process of failing over
Maintenance Mode and Standby Mode
You put a host in maintenance mode when you need to service it
When a host is placed in standby mode, it is powered off
Normally, hosts are placed in standby mode by VMware DPM to optimize power usage
Removing a host from the DRS Cluster
To remove a host from a cluster, right click the host in the inventory and select Enter
Maintenance Mode. After the host is in maintenance mode, drag it to a different
inventory location
When you remove a host from a cluster, the host retains only the root resource pool
If you remove a host from a cluster, the resources available for the cluster decrease
VMware DPM
DPM continuously monitors resource requirements and power consumption across a
DRS cluster.
When the cluster needs fewer resources, it consolidates workloads and powers down
unused ESX/ESXi hosts to reduce power consumption
DPM uses one of three power management protocols to bring a host out of standby
mode:
o Intelligent Platform Management Interface (IPMI)
o Hewlett Packard Integrated Lights Out (iLO)
o Wake on LAN (WOL)
o If a host does not support any of these protocols, it cannot be put into standby
mode by VMware DPM
If a host supports multiple protocols, they are used in the following order:
o IPMI
o iLO
o WOL
Hosts powered off by DPM are marked by vCenter Server as being in standby mode
DPM operates by awakening ESX/ESXi hosts from a powered off state through WOL packets
These packets are sent over the vMotion networking interface by another host in the
cluster, so DPM keeps at least one host powered on at all times.
DPM powers off the host when the cluster load is low
DPM considers a 40 minute load history
All VMs on the selected host are migrated to other hosts
DPM powers on a host when the cluster load is high
It considers a 5 minute load history
The WOL packet is sent to the selected host, which boots up
DRS load balancing initiates, and some virtual machines are migrated to this host
When HA admission control is disabled, failover resource constraints are not passed on to DRS
and DPM
The constraints are not enforced
DRS does not evacuate VMs from hosts
It places the hosts in maintenance or standby mode, regardless of the effect that this
might have on failover requirements
DRS might undo (or recommend undoing) your change the next time that it runs
To force a host to remain off, place it in maintenance mode and power it off
DPM is a cluster power management feature. Enhanced Intel SpeedStep and AM PowerNow!
are CPU power management technologies
Enabling DPM
Configure the power management automation level, threshold, and host-level overrides
The power management automation levels are different from the DRS automation levels
o Off - Disables the feature
o Manual – Sets DPM to make recommendations for host power operation and
related VM migration, but recommendations are not automatically executed
o Automatic – Sets DPM to execute host power operations if related VM
migrations can all be executed automatically
A priority 1 recommendation is mandatory, while a priority 5 recommendation brings only
slight improvement
When you disable DPM, hosts are taken out of standby mode
You can verify that DPM is functioning properly by viewing each host’s information in the Last
Time Exited Standby column on the Host Options page on the Hosts tab for each cluster
High Availability and Fault Tolerance
HA refers to a system or component that is continuously operational for a desirably long
length of time
FT describes a computer system or component that is designed so that, if a component
fails, a backup component or procedure can immediately take its place with no loss of
service
HA and FT exist within a single physical datacenter
HA and FT use shared storage for holding the data of the machines
Storage path availability is accomplished by using the failover policies available with
multipathing
Network availability is accomplished by using the failover feature in NIC teaming
Site Recovery Manager (SRM) allows you to quickly restore your IT infrastructure
o SRM is disaster recovery workflow product that automates setup, failover, and
testing of disaster recovery plans
o SRM requires that vCenter Server be installed at the protected site and the
recovery site
o SRM requires preconfigured array based replication between the protected site
and the recovery site
Use HA to provide high availability to all the VMs in your cluster that require minimal downtime
Use FT or MSCS for applications that must be available at all times (zero downtime), especially
those that have long lasting client connections to maintain during hardware failure
vCenter Heartbeat provides deep and comprehensive levels of protection against unplanned
and, in some cases, planned vCenter Server downtime. HA is a good alternative for vCenter
Server running on a VM
VMware HA
Provides automatic restart of VMs in case of physical host failures
Is configured, managed, and monitored through vCenter Server
A cluster enabled for HA and DRS can have:
Up to 32 hosts per cluster
Up to 320 VMs per host (regardless of the number of hosts/clusters)
Up to 3,000 VMs per cluster
HA is integrated with DRS
FT checks that individual VMs are functioning and responds to failures without interruption in
service
FT creates a hidden duplicate copy of each running VM
Reasons why HA might not fail over VMs:
HA admission control is disabled and DPM is enabled
Required Virtual Machine to Hosts affinity rule prevents HA from failing over
Sufficient aggregated resources exist, but they are fragmented across hosts
Detecting a Host Failure
HA agent monitors the heartbeats between the primary and the secondary hosts to
detect host failure
A heartbeat is sent every second (by default) over the heartbeat network
o On ESXi hosts, the management network is used
o On ESX hosts, the service console network is used
If a 15 second period elapses without the receipt of heartbeats from a host and the host cannot
be pinged, it is declared as failed
In a host failure, HA does not fail over VMs to a host that is in maintenance mode
If a host in the cluster loses connection to the heartbeat network but the host continues to run,
the host is isolated from the cluster
HA waits 12 seconds before deciding that a host is isolated
When the isolated host’s network connection is not restored for 15 seconds or longer, the
other hosts in the cluster treat it as failed and try to fail over its VMs
When an isolated host retains access to the shared storage, it also retains the disk lock
on virtual machine files
vStorage VMFS disk locking prevents simultaneous write operations to the VM disk files
and tries to fail over the isolated host’s VMs
Architecture of a HA Cluster
Each host in the cluster must have access to the same storage resources
Distributed locking prevents simultaneous access to VMs, thus protecting data integrity
The first 5 hosts added to the cluster are designated as primary hosts. Subsequent hosts
are designated as secondary hosts
The primary hosts maintain and replicate all cluster state and are used to begin failover
actions
A host that joins the cluster must communicate with a primary host to complete its
configuration (Except for the first host)
At least one primary host must be functional for HA to operate correctly
If all primary hosts are unavailable (not responding), no hosts can be successfully
configured for HA
HA provides the option to disable Host Monitoring to avoid affecting maintenance activities
Host Monitoring is required for the best performance of FT
You can enable or disable Admission Control by selecting from the following options
Enable: Do not power on VMs that violate availability constraints
Disable: Power on VMs that violate availability constraints
Admission Control Policy Choices
Host failures cluster tolerates
o HA reserves a certain amount of resources across a set of hosts
Percentage of cluster resources reserved as failover spare capacity
o HA reserves a certain percentage of aggregate resources in the cluster to
accommodate failures
Specify a failover host
o HA reserves a specific host to accommodate failures
Configuring Virtual Machine HA Options
The virtual machine restart policy determines the relative order in which virtual machines are
restarted after a host failure – Disabled, Low, Medium, High or Use cluster
Disabled
o HA is disabled for VMs. VMs are not restarted on other ESX/ESXi hosts if a host
fails
o VM started on the same host
o Does not affect VM monitoring
The host isolation response settings are Leave powered on, Power off, Shut down, and
Use cluster setting
By default, VM monitoring is set to Disabled
o VM monitoring restarts individual VMs if their heartbeats are not received within
a set of time
HA Advanced Parameters
Set specific attributes that affect how HA behaves
das.vmMemoryMinMB defines the default memory resource value assigned to a VM if
its memory reservation is not specified or 0. If no value is specified, the default is 0MB
das.vmCpuMinHz defines the default CPU resource value assigned to a VM if its CPU
reservation is not specified or 0. If no value is specified, the default is 256MHz
das.slotMemInMB defines the maximum bound on the memory slot size
das.slotCPUInMHZ defines the maximum bound on the CPU slot size
On ESXi hosts in the cluster, HA communications by default travel over VMkernel networks,
except those marked for use with vMotion, if necessary
The VMkernel networks must be marked for management traffic
On ESX hosts in the cluster, HA communications travel over all networks that are designated as
service console traffic
All its service console networks are used as heartbeat networks
One way to implement redundant heartbeat networks is to use NIC teaming
To configure a NIC team, configure the virtual NICs in a virtual switch for active or
standby configuration and no failback
Another way to create redundancy for the heartbeat networks is to configure more
management ports on separate virtual switches
An isolation network is an IP address that is pinged to determine whether an ESX/ESXi host is
isolated from the network
Hosts in the HA cluster test themselves for isolation by pinging the isolation address
o By default, ESXi hosts ping the VMkernel gateway IP address
o By default, ESX hosts ping the service console default gateway IP address
Advanced attributes to configure isolation addresses
das.isolationaddressX, where X = 1 to 10
o The address to ping to determine whether a host is isolated from the network,
that is, when heartbeats are not received from any other host in the cluster
das.failuredetectionstime
o The default detection time for Host Monitoring
o The default is 15,000 milliseconds (15 seconds)
das.usedefaultisolationaddress (true or false)
o Specifies whether the default isolation address is used
Before changing the networking configuration on the ESX/ESXi hosts:
Deselect Enable Host Monitoring
Place the host in maintenance mode
These steps prevent unwanted attempts to fail over virtual machines
Fault Tolerance
You can use FT with DRS when Enhanced vMotion Compatibility (EVC) is enabled
When a cluster has EVC enabled, DRS:
o Makes the initial placement recommendations for fault tolerant VMs
o Moves them during cluster load rebalancing
o Allows you to assign a DRS automation level to the primary VM
FT can be enabled on a VM in a cluster enabled for HA
FT creates a duplicated, secondary copy of the VM on a different host
The VMware record/replay technology is used to record all executions on the primary
VM and replay them on the secondary instance
VMware vLockstep technology ensures that the 2 copies stay synchronized and allows the
workload to run on 2 different ESX/ESXi hosts simultaneously
The VMs have one IP address and one MAC address
If either the primary or secondary VMs fails, FT creates a new copy of the VM on
another host in the cluster
If the failed VM is the primary, the secondary takes over and a new secondary is
established
If the secondary fails, another secondary takes over and a new secondary is established
FT Requirements
Host certificate checking must be enabled for all hosts that will be used for FT. For
vSphere 4 ESX/ESXi installations, host certificate checking is enabled by default
VM files must be stored on shared storage. Acceptable shared storages solutions include
Fibre Channel, iSCSI (hardware and software) and NFS/NAS
VMs must be stored in virtual raw device mapping (RDM) or VMDK files that are thick
provisioned and enabled to support clustering features like FT
o If stored in a VMDK file that is thin provisioned you will get a message that it
must be converted
Multiple gigabit NICs are required. The minimum is at least 2 VMkernel gigabit NICs with
1 dedicated to FT logging and the other dedicated to vMotion
Uniprocessor VMs are supported on uniprocessor and symmetric multiprocessor
systems. SMP VMs are not supported
VMs must be running a supported guest OS
FT requires that Hardware Virtualization be turned on in the BIOS
How FT Works
The primary and secondary VMs access the same virtual disks on a shared SAN
The primary VM sends both reads and writes to the virtual disks
The secondary VM sends only reads to the disks
All writes by the secondary VM are marked as completed, but the writes are not issued
To detect VMkernel and host failures, FT uses network heartbeats over the IP addresses
used for logging
The primary and secondary VMs send ping packets to the logging IP address
If one side does not receive pings within about one second, then that side initiates a
failover
To detect VM failures, the VMkernel monitors the frequency of log updates from the
configuration file and virtual machine monitor
FT Guidelines
Ensure enough ESX/ESXi hosts for fault tolerant virtual machines
o No more than 4 fault tolerant VMs (primaries or secondaries) on any single host
Store ISOs on shared storage for continuous access
Disable BIOS based power management
o Prevents the secondary VM from having insufficient CPU resources
To enable FT
Create a network interface for FT logging
Enable FT on the virtual machine
o Right click VM and choose Fault Tolerance>Turn on Fault Tolerance
You can view information about the primary and secondary VMs in the Fault Tolerance pane in
the VMs Summary tab
Fault Tolerance Status
o Indicates whether FT is enabled or disabled on the VM
o Possible values are Protected and Not Protected (VM is not running)
Secondary Location
o Displays the host on which the secondary VM is hosted
Total Secondary CPU and Total Secondary Memory
o Indicate all secondary CPU and memory usage
Secondary VM Lag Time
o Indicates the latency between the primary and the secondary virtual machines
Log Bandwidth
o Indicates the amount of network being used for sending the FT log information
from the primary VMs host to the secondary VM’s host
Patch Management
Can patch ESX/ESXi hosts, VMs and virtual appliances
Automated patch downloading
Contacts the following sources
o For ESX/ESXi patches: https://hostupdate.vmware.com
o For Windows and Linux VM and applications: https://shavlik.com
Download information about a set of security patches and one or more of these patches
are aggregated to form a baseline
A collection of VMs, virtual appliances, and ESX/ESXi hosts can be scanned for
compliance with a baseline or a baseline group and remediated
o This process can be started manually or through scheduled tasks
Major components of Update Manager
Update Manager Server
o Can be installed directly on the vCenter Server or on a separate system
o Can be physical or virtual
Patch database
o You can use the same database server that vCenter uses
o It will require a unique database with a DSN system ODBC connection already
configured
o Can also use SQL Server 2005 Express
Update Manager plugin
o Runs on the same system on which the vSphere Client is installed
Guest agents
o Installed into VMs from the Update Manager server and are used in the scanning
and remediation operations
Optional Download server to download patches
Installing Update Manager
Runs on Windows XP SP2, Windows Server 2003 and Windows Server 2008
o Must be 64 bit
Must have 2 or more logical cores, each with a speed of 2GHz
If Update Manager and vCenter are on different machines, 2GB of RAM is required
If they are on the same machine, 4GB of RAM is required
Before installing Update Manger, you must create a database instance and configure it
to ensure that all Update Manger tables are placed in it
Supports the following databases
o SQL Server 2005
o SQL Server 2008
o Oracle 10g
o Oracle 11g
o SQL Server 2005 Express for small scale environments (up to 5 hosts and 50 VMs)
Required information
o vCenter IP address or host name
o Port numbers ( 80 and 443 are defaults)
o Administrative credentials
o The system DNS name, plus the user name and password for the database that
Update Manager will work with
Configuring Update Manager Settings (Configuration tab)
Network Connectivity
o Network settings such as IP address or host name for the patch store
Patch Download Settings
Patch Download Schedule
Notification Check Schedule
Virtual Machine Settings
o Whether to take a snapshot of the VMs before remediation to enable rollback
and how long to keep snapshots
ESX Host/Cluster Settings
o How Update Manager responds to a failure that might occur when placing an
ESX/ESXi host in maintenance mode
vApp Settings
o Enable or disable smart reboot of virtual appliances after remediation
Baseline and Baseline Groups
Baselines contain a collection of one or more patches, extensions, service packs, bug
fixes, or upgrades
Baselines can be classified as an upgrade, extension, or patch baselines
o An extension refers to additional software for ESX/ESXi hosts
Baseline types
o Host patch – A set of patches to apply to a host or set of hosts, based on
applicability
o Host extension – A fixed set of extensions for your ESX/ESXi host
o Host upgrade – An upgrade release that allows you to upgrade host to a
particular release version
o Virtual machine patch – A set of patches that apply to one or more VMs, based
on applicability
o Virtual appliance upgrade – A set of patches to the operating system or
application in the virtual appliance
Baseline groups are assembled from existing baselines
Creating a Baseline
Click Create
Specify name and description
Choose a baseline type
For a patch baseline, select a patch option: Fixed or Dynamic
Select patches to add to the baseline
A Fixed baseline remains the same even if new patches are added to the repository.
With a fixed patch baseline, the user manually specifies all updates included in the
baseline from all patches available in Update Manager
A Dynamic baseline is updated when new patches meeting the specified criteria are
added to the repository
To view compliance information and remediate objects in the inventory against specific
baselines and baseline groups, attach existing baselines and baseline groups to these objects
Although you can attach baselines and baseline groups to individual objects, attaching them to
container objects, such as folders, hosts, clusters and datacenters is more efficient.
To attach baselines to virtual machines, templates and virtual appliances, go to the VMs and
Templates inventory view
Scanning for Updates
Scanning is the process in which attributes of a set of hosts, virtual machines, virtual
appliances, are evaluated against patches, extensions, and upgrades in the attached
baselines and baseline groups
If the object that you select is a container object, all child objects are also scanned
To schedule the scan go to Home>Management>Scheduled Tasks
Viewing Compliancy
To view compliancy, select the object in the appropriate inventory view and click the
Update Manger tab
o To view VM compliancy, you must use the VMs and Templates inventory view
Staging allows you to download the patches and extensions from the Update Manger
server to the ESX/ESXi hosts, without applying the patches and extensions immediately.
o Staging patches and extensions speeds up the remediation process because the
patches and extensions are already available locally on the hosts.
Remediating Objects
You can remediate VMs, virtual appliances, and hosts by user initiated remediation for
regularly scheduled remediation
o Right click the object and select Remediate
For ESX/ESXi hosts in a cluster, the remediation process is sequential
When you remediate a cluster of hosts and one of the hosts fails to enter maintenance
mode, Update Manager reports an error and the process fails
For multiple clusters under a datacenter, the remediation processes run in parallel
If the remediation process fails for one of the clusters within a datacenter, the
remaining clusters are still remediated
To remediate virtual machines and virtual appliances together, they must be in one
container, such as a folder, a vApp, or a datacenter
Templates are a type of VM so they can be remediated – take snapshots first, especially
if sealed
o A template that is sealed is stopped before the OS installation is completed
VMs are rebooted at the end of the patch remediation process
VMs must be powered on to be remediated
For Linux and Windows operating systems, the guest agent is automatically installed the
first time a patch remediation is scheduled or when a patch scan is started on a
powered on machine
Remediation of hosts in a cluster requires that you temporarily disable cluster features
like DPM and HA admission control
You should also turn off FT if its enabled on any of the VMs on a host
Disconnect the removable devices connected to the VM
Before you start the remediation process, you can generate a report that shows which
cluster, host or VM is with enabled cluster features
Patch Recall Notification
When patches with problems or potential problems are released, these patches are
recalled in the metadata, and Update Manager marks them as recalled
Update Manager also detects all the recalled patches from the Update manager patch
repository
vCenter can migrate the VMs if the cluster is configured for vMotion and if DRS and EVC are
enabled
Installing ESX
Hardware requirements:
o 64 bit processor (AMD Opteron, Intel Xeon, or Intel Nehalem)
o Minimum of 3GB RAM
o One or more Ethernet controllers
o A SCSI adapter, a Fibre Channel adapter, or an internal RAID controller
ESX can be installed by either:
o The graphical user interface (default)
o Text mode (keyboard only)
o An installation script
During ESX installation, the following physical partitions are created:
/boot
o Contains the ESX software and its support files
o The disk that you install /boot onto must be the disk the BIOS chooses to boot
from
vmkcore
o Required to store core dumps for troubleshooting
o VMware does not support ESX host configurations without a vmkcore partition
No scratch disks are created in ESX
You cannot use the graphical or text-based installation to define the size of the /boot,
vmkcore, and /vmfs/volumes partitions. But you can define their size by a scripted
installation
The /vmfs/volumes partition also holds the ESX service console, located in a virtual disk
named esxconsole.vmdk. esxconsole.vmdk contains the Linux based service console
operating system. The files that make up the service console are found in a file system
called root (/)
The service console has its own swap partition. Configure the swap partition size to be
at least twice the size of the service console’s RAM allocation
Installing ESXi
Hardware requirements
o 64 bit processor (AMD Opteron, Intel Xeon, or Intel Nehalem)
o Up to 128 logical CPUs (cores or hyperthreads)
o Can support up to 512 virtual CPUs per host
o Minimum of 2GB of RAM with a maximum of 1TB
The ESXi host must have
o One or more Ethernet controllers
o A basic SCSI controller
o An internal RAID controller
o A SCSI disk or a local RAID LUN
ESXi Installable supports installing and booting from SATA, SCSI or SAS disk drives
ESXi Partitions
The disk formatting software retains existing diagnostic partitions that are created by
the hardware vendor. In the remaining space, the software creates:
One 4GB VFAT scratch partition for system swap
o Not required but used to store vm-support output which you need when you
create a support bundle
One 110MB diagnostic partition for core dumps
One vStorage VMFS data store on the remaining free space
On other disks, the software creates one VMFS datastore per blank disk, using the whole
disk.
The software formats blank disks only
You can take 2 approaches with ESXi scripted installation:
Create multiple scripts, each containing unique network identification information
Create one script (or use the default script) that uses DHCP to setup multiple ESXi hosts
To perform a scripted installation
Create an installation script
o Custom script using script commands
o Default script: ks.cfg (kickstart)
o Make the installation media accessible to the host:
CD/DVD
o USB flash drive
o Media depot, accessible by HTTP/HTTPS, FTP, NFS
Start the installer
o Boot from local CD/DVD ROM drive or PXE boot server
Enter boot command to run the installations script
o Example: ks=cdrom: /ks.cfg
The default root password is mypassword
ks=cdrom: /ks.cfg – Calls the installation script located on the DVD-ROM drive attached to the
machine
ks=ftp: ///path/ks.cfg – Calls the installation script located at the given URL
Default installation script commands: ks.cfg
vmaccepteula
o Accept the ESXi license agreement
rootpw mypassword
o Set the root password to mypassword
autopart –firstdisk –overwirtevmfs
o Choose the first discovered disk to install on to
Install cdrom
o The installation media is the CD-ROM drive
Network –bootproto=dhcp –device=vmnic0
o Set the network to DHCP on the first network adapter
If you are using a media depot, use install nfs or install url to point to the media depot
vSphere 4.1 Maximums
Virtual Machine Maximums
CPU
Virtual CPUs per virtual machine (Virtual SMP) – 8
Memory
RAM per virtual machine – 255GB
Virtual machine swap file size – 255GB
Storage Virtual Adapters and Devices
Virtual SCSI adapters per virtual machine - 4
Virtual SCSI targets per virtual SCSI adapter - 15
Virtual SCSI targets per virtual machine - 60
Disk size 2TB minus - 512 bytes
IDE controllers per virtual machine - 1
IDE devices per virtual machine - 4
Floppy controllers per virtual machine - 1
Floppy devices per virtual machine – 2
Networking Virtual Devices
Virtual NICs per virtual machine – 10
Virtual Peripheral Ports
USB controllers per virtual machine – 1
USB devices connected to a virtual machine 20
Parallel ports per virtual machine - 3
Serial ports per virtual machine - 4
Miscellaneous
Concurrent remote console connections to a virtual machine – 40
ESX Host Maximums
Compute Maximums
Host CPU maximums
Logical CPUs per host up to - 160
vSphere 4.1 supports up to 128, and vSphere 4.1 Update 1 supports up to 160
Virtual machine maximums
Virtual machines per host - 320
Virtual CPUs per host - 512
Virtual CPUs per core - 252
Fault Tolerance maximums
Virtual disks - 16
Virtual CPUs per virtual machine - 1
RAM per FT VM (GB) - 64
Virtual machines per host - 4
Memory Maximums
RAM per host - 1TB
Maximum RAM allocated to service console - 800MB
Minimum RAM allocated to service console - 272MB
Number of swap files - 1 per virtual machine
Swap file size - Same as maximum virtual machine RAM
Storage Maximums
iSCSI Physical
LUNs per server - 256
Qlogic 1Gb iSCSI HBA initiator ports per server - 4
Broadcom 1Gb iSCSI HBA initiator ports per server - 4
Broadcom 10Gb iSCSI HBA initiator ports per server - 4
NICs that can be associated or port bound with the software iSCSI stack per server- 8
Number of total paths on a server - 1024
Number of paths to a LUN (software iSCSI and hardware iSCSI) - 8
Qlogic iSCSI: dynamic targets per adapter port - 64
Qlogic iSCSI: static targets per adapter port - 62
Broadcom 1Gb iSCSI HBA targets - 64
Broadcom 10Gb iSCSI HBA targets - 64
Software iSCSI targets - 2561
NAS
NFS mounts per host - 64
Fibre Channel
LUNs per host - 256
LUN size - 2TB minus 512 bytes
LUN ID - 255
LUNs concurrently opened by all virtual machines - 256
Number of paths to a LUN - 32
Number of total paths on a server - 1024
Number of HBAs of any type - 8
HBA ports - 16
Targets per HBA – 256
VMFS
Raw device mapping (RDM) size - 2TB minus 512 bytes
Volume size - 64TB
Volumes per host - 256
Hosts per volume - 64
VMFS-3
Block size - 8MB
File size (1MB block size) - 256GB
File size (2MB block size) - 512GB
File size (4MB block size) - 1TB
File size (8MB block size) - 2TB minus 512 bytes
Files per volume - Approximately 30,720
Networking Maximums
Physical NICs
e1000 1GB Ethernet ports (Intel PCI‐x) - 32
e1000e 1GB Ethernet ports (Intel PCI‐e) - 24
igb 1GB Ethernet ports (Intel) - 16
tg3 1GB Ethernet ports (Broadcom) - 32
bnx2 1GB Ethernet ports (Broadcom) - 16
forcedeth 1GB Ethernet ports (NVIDIA) - 2
s2io 10GB Ethernet ports (Neterion) - 4
nx_nic 10GB Ethernet ports (NetXen) - 4
ixgbe Oplin 10GB Ethernet ports (Intel) - 4
bnx2x 10GB Ethernet ports (Broadcom) - 4
Infiniband ports (refer to VMware Community Support) - N/A
VMDirectPath limits
VMDirectPath PCI/PCIe devices per host - 8
VMDirectPath PCI/PCIe devices per virtual machine – 4
vNetwork Standard and Distributed Switch
Total virtual network switch ports per host (vDS and vSS ports) - 4096
Maximum ACTIVE ports per host (vDS and VSS) - 1016
Virtual network switch creation ports per standard switch - 4088
Port groups per standard switch - 512
Static or Dynamic Port groups per distributed switch - 5000
Ephemeral Port groups per distributed switch - 1016
Ports per distributed switch – 20,000
Distributed virtual network switch ports per vCenter – 20,000
Static or Dynamic Port groups per vCenter - 5,000
Ephemeral Port groups per vCenter - 1,016
Distributed switches per vCenter - 32
Distributed switches per Host - 16
Hosts per distributed switch – 350
ESX Resource Pool and Cluster Maximums
Cluster (all clusters including HA and DRS)
Hosts per cluster - 32
Virtual machines per cluster - 3,000
Virtual machines per host - 320
Maximum concurrent host HA failover - 4
Failover as percentage of cluster - 50%
Resource pools per cluster - 512
Resource Pool
Resource pool tree depth - 8
Resource pools per host - 4,096
Children per resource pool – 1,024
vCenter Server Maximums
vCenter Server Scalability
Hosts per vCenter Server - 1,000
Powered on virtual machines per vCenter Server - 10,000
Registered virtual machines per vCenter Server - 15,000
Linked vCenter Servers - 10
Hosts in linked vCenter Servers - 3,000
Powered on virtual machine in linked vCenter Servers - 30,000
Registered virtual machine in linked vCenter Servers - 50,000
Concurrent vSphere Clients - 100
Number of host per datacenter - 400
Concurrent Operations
Concurrent provisioning operations per host - 4
Concurrent provisioning operations per datastore - 4
Concurrent vMotion operations per host (1Gb/s network) - 4
Concurrent vMotion operations per host (10Gb/s network) - 8
Concurrent vMotion operations per VMFS3 datastore - 128
Concurrent Storage vMotion operations per host - 2
Concurrent Storage vMotion operations per datastore – 8
VMware vCenter Update Manager
vCenter Update Manager Scalability
Host scans in a single vCenter Server - 1,000
Virtual machine scans in a single vCenter Server - 10,000
Cisco VDS update and deployment - 70
Concurrent Operations
Virtual machine remediation per ESX host - 5
Powered‐on Windows virtual machine scans per ESX host - 5
Powered‐off Windows virtual machine scans per ESX host - 5
Powered‐on Linux virtual machine scans per ESX host - 2
VMware Tools scan per ESX host - 24
VMware Tools upgrade per ESX host - 24
Virtual machine hardware scan per host - 24
Virtual machine hardware upgrade per host - 24
Virtual machine remediation per VUM server - 48
Powered‐on Windows virtual machine scan per VUM server - 17
Powered‐off Windows virtual machine scan per VUM server - 10
Powered‐on Linux virtual machine scan VUM server - 8
VMware Tools scan per VUM server - 75
VMware Tools upgrade per VUM server - 75
Virtual machine hardware scan per VUM server - 75
Virtual machine hardware upgrade per VUM server - 75
ESX host scan per VUM server - 70
ESX host remediation per VUM server - 8
ESX host upgrade per VUM server - 44
ESX host upgrade per cluster – 1
VMware vCenter Orchestrator
Connected vCenter Server systems - 10
Connected ESX/ESXi instances - 100
Connected virtual machines - 15,000
Concurrent running workflows – 150
VMware vCenter Converter
Concurrent virtual machine to virtual machine import or export tasks 8
Concurrent physical machine to virtual machine import or export tasks 20
vSphere Storage Management Initiative - Specification (SMI-S)
Number of vCenter Server systems connected - 1
Number of ESX/ESXi hosts connected - 1,000
Number of ESX/ESXi hosts managed by vCenter Server - 320
Number of virtual machines registered in vCenter Server - 15,000