images

Appendix

The Bottom Line

Each of The Bottom Line sections in the chapters suggest exercises to deepen skills and understanding. Sometimes there is only one possible solution, but often you are encouraged to use your skills and creativity to create something that builds on what you know and lets you explore one of many possible solutions.

Chapter 1: Introducing VMware vSphere 5.5

Identify the role of each product in the vSphere product suite. The VMware vSphere product suite contains VMware ESXi and vCenter Server. ESXi provides the base virtualization functionality and enables features like Virtual SMP. vCenter Server provides management for ESXi and enables functionality like vMotion, Storage vMotion, vSphere Distributed Resource Scheduler (DRS), vSphere High Availability (HA), and vSphere Fault Tolerance (FT). Storage I/O Control (SIOC) and Network I/O Control (NIOC) provide granular resource controls for VMs. The vStorage APIs for Data Protection (VADP) provide a backup framework that allows for the integration of third-party backup solutions into a vSphere implementation.

Master It Which products are licensed features within the VMware vSphere suite?

Solution Licensed features in the VMware vSphere suite are Virtual SMP, vMotion, Storage vMotion, vSphere DRS, vSphere HA, and vSphere FT.

Master It Which two features of VMware ESXi and VMware vCenter Server together aim to reduce or eliminate downtime due to unplanned hardware failures?

Solution vSphere HA and vSphere FT are designed to reduce (vSphere HA) and eliminate (vSphere FT) the downtime resulting from unplanned hardware failures.

Master It Name two storage-related features that are new to vSphere 5.5.

Solution vSAN and vFlash are both storage-related features that are new to vSphere 5.5 and were not present in earlier releases.

Recognize the interaction and dependencies between the products in the vSphere suite. VMware ESXi forms the foundation of the vSphere product suite, but some features require the presence of vCenter Server. Features like vMotion, Storage vMotion, vSphere DRS, vSphere HA, vSphere FT, SIOC, and NIOC require ESXi as well as vCenter Server.

Master It Name three features that are supported only when using vCenter Server along with ESXi.

Solution All of the following features are available only with vCenter Server: vSphere vMotion, Storage vMotion, vSphere DRS, Storage DRS, vSphere HA, vSphere FT, SIOC, and NIOC.

Master It Name two features that are supported without vCenter Server but with a li-censed installation of ESXi.

Solution Features that are supported by VMware ESXi without vCenter Server include core virtualization features like virtualized networking, virtualized storage, vSphere vSMP, and resource allocation controls.

Understand how vSphere differs from other virtualization products. VMware vSphere's hypervisor, ESXi, uses a Type 1 bare-metal hypervisor that handles I/O directly within the hypervisor. This means that a host operating system, like Windows or Linux, is not required in order for ESXi to function. Although other virtualization solutions are listed as “Type 1 bare-metal hypervisors,” most other Type 1 hypervisors on the market today require the presence of a “parent partition” or “dom0” through which all VM I/O must travel.

Master It One of the administrators on your team asked whether he should install Windows Server on the new servers you purchased for ESXi. What should you tell him, and why?

Solution VMware ESXi is a bare-metal hypervisor that does not require the installation of a general-purpose host operating system. Therefore, it's unnecessary to install Windows Server on the equipment that was purchased for ESXi.

Chapter 2: Planning and Installing VMware ESXi

Understand ESXi compatibility requirements. Unlike traditional operating systems like Windows or Linux, ESXi has much stricter hardware compatibility requirements. This helps ensure a stable, well-tested product line that is able to support even the most mission-critical applications.

Master It You have some older servers onto which you'd like to deploy ESXi. They aren't on the Hardware Compatibility Guide. Will they work with ESXi?

Solution They might, but they won't be supported by VMware. In all likelihood, the CPUs in these older servers don't support some of the hardware virtualization extensions or don't support 64-bit operation, both of which would directly impact the ability of ESXi to run on that hardware. You should choose only hardware that is on the Hardware Compatibility Guide.

Plan an ESXi deployment. Deploying ESXi will affect many different areas of your organization—not only the server team but also the networking team, the storage team, and the security team. There are many issues to consider, including server hardware, storage hardware, storage protocols or connection types, network topology, and network connections. Failing to plan properly could result in an unstable and unsupported implementation.

Master It Name three areas of networking that must be considered in a vSphere design.

Solution Among other things, networking areas that must be considered include VLAN support, link aggregation, network speed (1 Gbps or 10 Gbps), load-balancing algorithms, and the number of NICs and network ports required.

Master It What are some of the different types of storage that ESXi can be installed on?

Solution By far the most common way to boot ESXi is the Local/Direct attached disks, but also supported are USB storage, an isolated SAN boot LUN, and utilizing iSCSI.

Deploy ESXi. ESXi can be installed onto any supported and compatible hardware platform. You have three different ways to deploy ESXi: You can install it interactively, you can perform an unattended installation, or you can use vSphere Auto Deploy to provision ESXi as it boots up.

Master It Your manager asks you to provide him with a copy of the unattended installation script that you will be using when you roll out ESXi using vSphere Auto Deploy. Is this something you can give him?

Solution No. When using vSphere Auto Deploy, there is no installation script. The vSphere Auto Deploy server streams an ESXi image to the physical host as it boots up. Redeployment of an ESXi host with vSphere Auto Deploy can be as simple as a reboot.

Master It Name two advantages and two disadvantages of using vSphere Auto Deploy to provision ESXi hosts.

Solution Some advantages include fast provisioning, fast reprovisioning, and the ability to quickly incorporate new ESXi images or updates into the provisioning process. Some disadvantages include additional complexity and dependency on additional infrastructure.

Perform post-installation configuration of ESXi. Following the installation of ESXi, some additional configuration steps may be required. For example, if the wrong NIC is assigned to the management network, then the server won't be accessible across the network. You'll also need to configure time synchronization.

Master It You've installed ESXi on your server, but the welcome web page is inaccessible, and the server doesn't respond to a ping. What could be the problem?

Solution More than likely, the wrong NIC was selected for use with the management network or the incorrect VLAN was selected. You'll need to use the Direct Console User Interface (DCUI) directly at the physical console of the ESXi host in order to reconfigure the management network and restore network connectivity.

Install the vSphere C# Client. ESXi is managed using the vSphere C# Client, a Windows-only application that provides the functionality to manage the virtualization platform. There are a couple different ways to obtain the vSphere Client installer, including running it directly from the VMware vCenter Installer or by downloading it using a web browser connected to the IP address of a vCenter Server instance.

Master It List two ways by which you can install the vSphere Client.

Solution You can download it from the Welcome To vSphere web page on a vCenter Server instance or you can install it from the vCenter Server installation media. You can also download the vSphere Client from VMware's website.

Chapter 3: Installing and Configuring vCenter Server

Understand the components and role of vCenter Server. vCenter Server plays a central role in the management of ESXi hosts and VMs. Key features such as vMotion, Storage vMotion, vSphere DRS, vSphere HA, and vSphere FT are all enabled and made possible by vCenter Server. vCenter Server provides scalable authentication and role-based administration based on integration with Active Directory.

Master It Specifically with regard to authentication, what are three key advantages of using vCenter Server?

Solution First, vCenter Server centralizes the authentication so that user accounts don't have to be managed on a per-host basis. Second, vCenter Server eliminates the need to share the root password for hosts or to use complex configurations to allow administrators to perform tasks on the hosts. Third, vCenter Server brings role-based administration for the granular management of hosts and VMs.

Plan a vCenter Server deployment. Planning a vCenter Server deployment includes selecting a backend database engine, choosing an authentication method, sizing the hardware appropriately, and providing a sufficient level of high availability and business continuity. You must also decide whether you will run vCenter Server as a VM or on a physical system. Finally, you must decide whether you will use the Windows Server–based version of vCenter Server or deploy the vCenter Server virtual appliance.

Master It What are some of the advantages and disadvantages of running vCenter Server as a VM?

Solution Some of the advantages include the ability to easily clone the VM for backup or disaster-recovery purposes, the ability to take snapshots to protect against data loss or data corruption, and the ability to leverage features such as vMotion or Storage vMotion. Some of the disadvantages include the inability to cold clone the vCenter Server VM, cold migrate the vCenter Server VM, or edit the virtual hardware of the vCenter Server VM. It could also add additional recovery complexity if there was an outage on the infrastructure running the vCenter Server VM.

Master It What are some of the advantages and disadvantages of using the vCenter Server virtual appliance?

Solution Some of the advantages include a potentially much easier deployment (just use the Deploy OVF Template option and perform post-deployment configuration instead of installing Windows Server, installing prerequisites, and finally, installing vCenter Server), more services available with a single deployment, and no Windows Server licensing requirements. Disadvantages include a lack of support for linked mode groups and no support for external SQL Server databases.

Install and configure a vCenter Server database. vCenter Server supports several enterprise-grade database engines, including Oracle and Microsoft SQL Server. Depending on the database in use, there are specific configuration steps and specific permissions that must be applied in order for vCenter Server to work properly.

Master It Why is it important to protect the database engine used to support vCenter Server?

Solution Although vCenter Server uses Microsoft Active Directory for authentication, the majority of the information managed by vCenter Server is stored in the backend database. The loss of the backend database would mean the loss of significant amounts of data that are crucial to the operation of vCenter Server. Organizations should take adequate steps to protect the backend database accordingly.

Install and configure the Single Sign On service. SSO is a major change for the security model of vCenter Server. It allows the vSphere Web Client to present multiple solutions interfaces within a single console provided the authenticated user has access.

Master It After installing vCenter 5.5 and all the appropriate components, an administrator cannot log into the vCenter Server Web Client with his local credentials and gain access to vCenter. What could be missing from the configuration of SSO?

Solution SSO does not support local computer user accounts in any form. When configuring SSO, you have the ability to link it to an external directory service such as Active Directory or OpenLDAP. The other option is to manually configure local accounts within SSO itself. These are local to SSO, not local to the server that SSO is installed on.

Install and configure the Inventory Service. The vCenter Inventory Service is a caching service that sits between the vCenter database and the vSphere Web Client used to reduce the load on the database and the vCenter Server itself.

Master It A corrupt Inventory database has been discovered in your vCenter server infrastructure and needs to be restored from backup. What data will be lost between when the backup was taken and when the corruption occurred?

Solution Luckily, the Inventory Service doesn't hold mission-critical data, and the data it does hold does not frequently change. Any custom tags that have been created since the last backup will be the only visible data loss to administrators. All the other data will automatically be flushed and recached from vCenter Server.

Install and configure vCenter Server. vCenter Server is installed using the VMware vCenter Installer. You can install vCenter Server as a stand-alone instance or join a linked mode group for greater scalability. vCenter Server will use a predefined ODBC DSN to communicate with the separate database server.

Master It When preparing to install vCenter Server, are there any concerns about which Windows account should be used during the installation?

Solution From vCenter Server 5.0, no. The account just needs administrative permissions on the computer where vCenter Server is being installed. In previous versions, if you were using Microsoft SQL Server with Windows authentication, you had to log on to the computer that was going to run vCenter Server by using the account previously configured with the appropriate permissions on the SQL Server and SQL database. This is because the earlier versions of the vCenter Server Installer did not provide the ability to choose which account to use; it used the currently logged-on account. This is no longer the case for vCenter Server 5.0 and above.

Install and configure the Web Client Server. The vSphere Web Client is the next generation of the vSphere client from VMware. Instead of installing a client on every machine used to administer vCenter, simply point a web browser to the Web Server Client Server from any machine.

Master It You have multiple vCenter Server instances within your environment that you wish to manage with the vCenter Web Client. Do you need to install a separate Web Client service for each vCenter server?

Solution No. Each vCenter Server instance can be registered to a single Web Client. When a user logs into the Web Client, only the vCenter objects they have rights to will be visible.

Use vCenter Server's management features. vCenter Server provides a wide range of management features for ESXi hosts and VMs. These features include scheduled tasks, host profiles for consistent configurations, tags for metadata, and event logging.

Master It Your manager has asked you to show him all of the VMs and hosts that belong to the accounts department but is not interested in seeing the test servers. What tools in vCenter Server will help you in this task?

Solution Provided you have vCenter Server configured with the appropriate tags and categories, a simple search on his requirements should provide enough information for your manager.

Chapter 4: vSphere Update Manager and the vCenter Support Tools

Install VUM and integrate it with the vSphere Client. vSphere Update Manager (VUM) is installed from the VMware vCenter installation media and requires that vCenter Server has already been installed. Like vCenter Server, VUM requires the use of a backend database server. Finally, you must install a plug-in into the vSphere Client in order to access, manage, and configure VUM.

Master It You have VUM installed, and you've configured it from the vSphere Client on your laptop. One of the other administrators on your team is saying that she can't access or configure VUM and that there must be something wrong with the installation. What is the most likely cause of the problem?

Solution The most likely cause is that the VUM plug-in hasn't been installed in the other administrator's vSphere Client. The plug-in must be installed on each instance of the vSphere Client in order to be able to manage VUM from that instance.

Determine which ESX/ESXi hosts or VMs need to be patched or upgraded. Baselines are the “measuring sticks” whereby VUM knows whether an ESX/ESXi host or VM instance is up-to-date. VUM compares the ESX/ESXi hosts or VMs to the baselines to determine whether they need to be patched and, if so, what patches need to be applied. VUM also uses baselines to determine which ESX/ESXi hosts need to be upgraded to the latest version or which VMs need to have their VM hardware upgraded. VUM comes with some predefined baselines and allows administrators to create additional baselines specific to their environments. Baselines can be fixed—the contents remain constant—or they can be dynamic, where the contents of the baseline change over time. Baseline groups allow administrators to combine baselines and apply them together.

Master It In addition to ensuring that all your ESX/ESXi hosts have the latest critical and security patches installed, you need to ensure that all your ESX/ESXi hosts have another specific patch installed. This additional patch is noncritical and therefore doesn't get included in the critical patch dynamic baseline. How do you work around this problem?

Solution Create a baseline group that combines the critical patch dynamic baseline with a fixed baseline that contains the additional patch you want installed on all ESX/ESXi hosts. Attach the baseline group to all your ESX/ESXi hosts. When you perform remediation, VUM will ensure that all the critical patches in the dynamic baseline plus the additional patch in the fixed baseline are applied to the hosts.

Use VUM to upgrade VM hardware or VMware Tools. VUM can detect VMs with outdated VM hardware versions and guest OSes that have outdated versions of VMware Tools installed. VUM comes with predefined baselines that enable this functionality. In addition, VUM has the ability to upgrade VM hardware versions and upgrade VMware Tools inside guest OSes to ensure that everything is kept up-to-date. This functionality is especially helpful after upgrading your ESX/ESXi hosts to version 5.5 from a previous version.

Master It You've just finished upgrading your virtual infrastructure to VMware vSphere. What two additional tasks should you complete?

Solution Upgrade VMware Tools in the guest OSes and then the virtual machine hardware to version 10.

Apply patches to ESX/ESXi hosts. Like other complex software products, VMware ESX and VMware ESXi need software patches applied from time to time. These patches might be bug fixes or security fixes. To keep your ESX/ESXi hosts up-to-date with the latest patches, VUM can apply patches to your hosts on a schedule of your choosing. In addition, to reduce downtime during the patching process or perhaps to simplify the deployment of patches to remote offices, VUM can stage patches to ESX/ESXi hosts before the patches are applied.

Master It How can you avoid VM downtime when applying patches (for example, re-mediating) to your ESX/ESXi hosts?

Solution VUM automatically leverages advanced VMware vSphere features like Distributed Resource Scheduler (DRS). If you make sure that your ESX/ESXi hosts are in a fully automated DRS cluster, then VUM will leverage vMotion and DRS to move VMs to other ESX/ESXi hosts, avoiding downtime to patch the hosts.

Upgrade hosts and coordinate large-scale datacenter upgrades. Upgrading hosts manually, each with dozens of VMs on them, is burdensome and doesn't scale well once you have more than a handful to deal with. Short outage windows, host reboots, and VM downtime mean that coordinating upgrades can involve complex planning and careful execution.

Master It Which VUM functionality can simplify the process of upgrading vSphere across a large number of hosts and their VMs?

Solution VUM can take care of these interactions in an automated fashion with what is known as an orchestrated upgrade. An orchestrated upgrade combines several baseline groups that include updates for the hosts, then subsequent updates for the VMs' hardware and VMware Tools. Virtual appliance upgrade baselines can also be included. When combined with fully automated DRS clusters and sufficient redundant capacity, potentially an entire vCenter's host inventory can be upgraded in one orchestrated task.

Utilize alternative approaches to VUM updates when required. VUM presents the simplest and most efficient method to upgrade your vSphere hosts. However, sometimes VUM may not be available. For example, VUM is reliant on vCenter, so if the host isn't connected to a licensed vCenter, then an alternate method to upgrade the host must be used.

Master It Without using VUM, how else can you upgrade an existing host?

Solution You can grab the CD install media and run an interactive upgrade on the host. Or you can use the inherent command-line tool on the hosts' themselves: esxcli software vib update (see VMware Knowledge Base article 2008939 for full details) or esxcli software vib install to patch them with individual VIBs.

Install logging collectors. vSphere includes two different logging tools for the ESXi hosts. The ESXi Dump Collector takes kernel dumps from the hosts, and the Syslog Collector can centrally store the host's log files.

Master It You have just started a new job as the vSphere administrator at a company. The company hasn't previously centralized the hosts' logs and you decide you want to collect them, and so you want to install the vSphere Syslog Collector tool and the ESXi Dump Collector tool as well. How do you install them on the company's vCSA instance?

Solution The Syslog Collector and ESXi Dump Collector are already included in vCSA and enabled by default. You should log into the vCSA console and check that the services are running and adjust the core dump's repository so it's large enough for their environment.

Configure hosts for centralized logging. To make use of the ESXi Dump Collector or the Syslog Collector tools, you must configure each host to point to the centralized loggers.

Master It List the ways you can configure your hosts for centralized logging.

Solution You can send core dumps to the ESXi Dump Collector by using esxcli system coredump at each host's command line.

Use the Host Profiles feature in vCenter to propagate the same setting across multiple hosts, or continue to use the CLI on each host.

Use the Web Client to configure each host via its advanced settings under syslog.global.

Set each host via the CLI with esxcli system syslog.

Use the Host Profiles feature in vCenter to propagate the same setting across multiple hosts, or continue to use one of the previous two methods on each host.

Chapter 5: Creating and Configuring Virtual Networks

Identify the components of virtual networking. Virtual networking is a blend of virtual switches, physical switches, VLANs, physical network adapters, virtual adapters, uplinks, NIC teaming, VMs, and port groups.

  • Master It What factors contribute to the design of a virtual network and the components involved?
  • Solution Many factors contribute to a virtual network design. The number of physical network adapters in each ESXi host, using vSphere Standard Switches versus vSphere Distributed Switches, the presence or use of VLANs in the environment, the existing network topology, requirements for the support of LACP or port mirroring, and the connectivity needs of the VMs in the environment are all factors that will play a role in the final network design. These are some common questions to ask while designing the network:
    • Do you have or need a dedicated network for management traffic, such as for the management of physical switches?
    • Do you have or need a dedicated network for vMotion traffic?
    • Are you using 1 Gb Ethernet or 10 Gb Ethernet?
    • Do you have an IP storage network? Is this IP storage network a dedicated network? Are you running iSCSI or NAS/NFS?
    • Do you need extremely high levels of fault tolerance for VMs?
    • Is the existing physical network composed of VLANs?
    • Do you want to extend the use of VLANs into the virtual switches?

Create virtual switches and distributed virtual switches. vSphere supports both vSphere Standard Switches and vSphere Distributed Switches. vSphere Distributed Switches bring new functionality to the vSphere networking environment, including private VLANs and a centralized point of management for ESXi clusters.

Master It You've asked a fellow vSphere administrator to create a vSphere Distributed Switch for you, but the administrator is having problems completing the task because he can't find out how to do this with an ESXi host selected in the vSphere Web Client. What should you tell this administrator?

Solution vSphere Distributed Switches aren't created on a per-ESXi-host basis but instead span multiple ESXi hosts at the same time. This is what enables the centralized configuration and management of distributed port groups. Tell the fellow vSphere administrator to navigate to the Distributed Switches area of the vSphere Web Client in order to create a new vSphere Distributed Switch.

Master It As a joint project between the networking and server teams, you are going to implement LACP in your VMware vSphere 5.5 environment. What are some limitations you need to know about?

Solution While vSphere 5.5 boasts enhanced LACP support over previous versions of vSphere, there are still limitations. You can't have multiple active link aggregation groups (LAGs) for a particular distributed port group. You also can't have both LAGs and standalone uplinks active for a given distributed port group. However, different distributed port groups could potentially use different LAGs, if so desired. The enhanced LACP support also requires the use of a version 5.5.0 vSphere Distributed Switch.

Create and manage NIC teaming, VLANs, and private VLANs. NIC teaming allows virtual switches to have redundant network connections to the rest of the network. Virtual switches also provide support for VLANs, which provide logical segmentation of the network, and private VLANs, which provide added security to existing VLANs while allowing systems to share the same IP subnet.

Master It You'd like to use NIC teaming to bond multiple physical uplinks together for greater redundancy and improved throughput. When selecting the NIC teaming policy, you select Route Based On IP Hash, but then the vSwitch seems to lose connectivity. What could be wrong?

Solution The Route Based On IP Hash load-balancing policy requires that the physical switch be also configured to support this arrangement. This is accomplished through link aggregation, referred to as EtherChannel in the Cisco environment. Without an appropriate link aggregation configuration on the physical switch, using the IP hash load-balancing policy will result in a loss of connectivity. One of the other load-balancing policies, such as the default policy titled Route Based On Originating Virtual Port ID, may be more appropriate if the configuration of the physical switch cannot be modified.

Master It How do you configure both a vSphere Standard Switch and a vSphere Distributed Switch to pass VLAN tags all the way up to a guest OS?

Solution On a vSphere Standard Switch, you configure Virtual Guest Tagging (VGT, the name of this particular configuration) by setting the VLAN ID for the VM's port group to 4095.

On a vSphere Distributed Switch, you enable VGT by setting the VLAN configuration for a distributed port group to VLAN Trunking and then specifying which specific VLAN IDs should be passed up to the guest OS.

Examine the options for third-party virtual switches in your environment. In addition to the vSphere Standard Switch and the vSphere Distributed Switch, vSphere also supports a number of third-party virtual switches. These third-party virtual switches support a range of features.

Master It What three third-party virtual switches are, at the time of this book's writing, available for vSphere environments?

Solution At the time this book was written, the three third-party virtual switches available for use with vSphere were the Cisco Nexus 1000V, the IBM Distributed Virtual Switch 5000V, and the HP FlexFabric 5900v.

Configure virtual switch security policies. Virtual switches support security policies for allowing or rejecting Promiscuous mode, allowing or rejecting MAC address changes, and allowing or rejecting forged transmits. All of the security options can help increase layer 2 security.

Master It You have a networking application that needs to see traffic on the virtual network that is intended for other production systems on the same VLAN. The networking application accomplishes this by using Promiscuous mode. How can you accommodate the needs of this networking application without sacrificing the security of the entire virtual switch?

Solution Because port groups (or distributed port groups) can override the security policy settings for a virtual switch, and because there can be multiple port groups/distributed port groups that correspond to a VLAN, the best solution involves creating another port group that has all the same settings as the other production port group, including the same VLAN ID. This new port group should allow Promiscuous mode. Assign the VM with the networking application to this new port group, but leave the remainder of the VMs on a port group that rejects Promiscuous mode. This allows the networking application to see the traffic it needs to see without overly compromising the security of the entire virtual switch.

Master It Another vSphere administrator on your team is trying to configure the security policies on a distributed switch but is having some difficulty. What could be the problem?

Solution On a vSphere Distributed Switch, all security policies are set at the distributed port group level, not at the distributed switch level. Tell your fellow vSphere administrator to modify the properties of the distributed port group(s), not the distributed switch itself. He or she can also use the Manage Distributed Port Groups command on the Actions menu in the vSphere Web Client to perform the same task on multiple distributed port groups at the same time.

Chapter 6: Creating and Configuring Storage Devices

Differentiate and understand the fundamentals of shared storage, including SANs and NAS. vSphere depends on shared storage for advanced functions, cluster-wide availability, and the aggregate performance of all the VMs in a cluster. Designing a high-performance and highly available shared storage infrastructure is possible on Fibre Channel, FCoE, and iSCSI SANs and is possible using NAS; in addition, it's available for midrange to enterprise storage architectures. Always design the storage architecture to meet the performance requirements first, and then ensure that capacity requirements are met as a corollary.

Master It Identify examples where each of the protocol choices would be ideal for different vSphere deployments.

Solution iSCSI would be a good choice for a customer with no existing Fibre Channel SAN and getting started with vSphere. Fibre Channel would be a good choice for a customer with an existing Fibre Channel infrastructure or for those that have VMs with high-bandwidth (200 MBps+) requirements (not in aggregate but individually). NFS would be a good choice where there are many VMs with a low-bandwidth requirement individually (and in aggregate) that is less than a single link's worth of bandwidth.

Master It Identify the three storage performance parameters and the primary determinant of storage performance and how to quickly estimate it for a given storage configuration.

Solution The three factors to consider are bandwidth (MBps), throughput (IOPS), and latency (ms). The maximum bandwidth for a single datastore (or RDM) for Fibre Channel is the HBA speed times the number of HBAs in the system (check the fan-in ratio and number of Fibre Channel ports on the array). The maximum bandwidth for a single datastore (or RDM) for iSCSI is the NIC speed times the number of NICs in the system, up to about 9 Gbps (check the fan-in ratio and number of Ethernet ports on the array). The maximum bandwidth for a single NFS datastore for NFS is the NIC link speed (across multiple datastores, the bandwidth can be balanced across multiple NICs). In all cases, the throughput (IOPS) is primarily a function of the number of spindles (assuming no cache benefit and no RAID loss). A quick rule of thumb is that the total number of IOPS = IOPS × the number of that type of spindle. Latency is in milliseconds, though it can get to tens of milliseconds in cases where the storage array is overtaxed.

Understand vSphere storage options. vSphere has three fundamental storage presentation models: VMFS on block, RDM, and NFS. The most flexible configurations use all three, predominantly via a shared-container model and selective use of RDMs.

Master It Characterize use cases for VMFS datastores, NFS datastores, and RDMs.

Solution VMFS datastores and NFS datastores are shared-container models; they store virtual disks together. VMFS is governed by the block storage stack, and NFS is governed by the network stack. NFS is generally (without use of 10 GbE LANs) best suited to large numbers of low bandwidth (any throughput) VMs. VMFS is suited for a wide range of workloads. RDMs should be used sparingly for cases where the guest must have direct access to a single LUN.

Master It If you're using VMFS and there's one performance metric to track, what would it be? Configure a monitor for that metric.

Solution The metric to measure is queue depth. Use resxtop to monitor. The datastore-availability or used-capacity managed datastore alerts are good nonperformance metrics to use.

Configure storage at the vSphere layer. After a shared storage platform is selected, vSphere needs a storage network configured. The network (whether Fibre Channel or Ethernet based) must be designed to meet availability and throughput requirements, which are influenced by protocol choice and vSphere fundamental storage stack (and in the case of NFS, the network stack) architecture. Proper network design involves physical redundancy and physical or logical isolation mechanisms (SAN zoning and network VLANs). With connectivity in place, configure LUNs and VMFS datastores and/or NFS exports/NFS datastores using the predictive or adaptive model (or a hybrid model). Use Storage vMotion to resolve hot spots and other non-optimal VM placement.

  • Master It What would best identify an oversubscribed VMFS datastore from a performance standpoint? How would you identify the issue? What is it most likely to be? What would be two possible corrective actions you could take?
  • Solution An oversubscribed VMFS datastore is best identified by evaluating the queue depth and would manifest as slow VMs. The best way to track this is with resxtop, using the QUED (the Queue Depth column). If the queue is full, take any or all of these courses of action: Make the queue deeper and increase the Disk.SchedNumReqOutstanding advanced parameter to match; vacate VMs (using Storage vMotion); and add more spindles to the LUN so that it can fulfill the requests more rapidly or move to a faster spindle type.
  • Master It A VMFS volume is filling up. What are three possible nondisruptive corrective actions you could take?
  • Solution The actions you could take are as follows:
    • Use Storage vMotion to migrate some VMs to another datastore.
    • Grow the backing LUN, and grow the VMFS volume.
    • Add another backing LUN, and add another VMFS extent.
  • Master It What would best identify an oversubscribed NFS volume from a performance standpoint? How would you identify the issue? What is it most likely to be? What are two possible corrective actions you could take?
  • Solution The workload in the datastore is reaching the maximum bandwidth of a single link. The easiest way to identify the issue would be using the vCenter performance charts and examining the VMkernel NIC's utilization. If it is at 100 percent, the only options are to upgrade to 10 GbE or to add another NFS datastore, add another VMkernel NIC, follow the load-balancing and high-availability decision tree to determine whether NIC teaming or IP routing would work best, and finally, use Storage vMotion to migrate some VMs to another datastore (remember that the NIC teaming/IP routing works for multiple data stores, not for a single datastore). Remember that using Storage vMotion adds additional work to an already busy datastore, so consider scheduling it during a low I/O period, even though it can be done live.

Configure storage at the VM layer. With datastores in place, create VMs. During the creation of the VMs, place VMs in the appropriate datastores, and employ selective use of RDMs but only where required. Leverage in-guest iSCSI where it makes sense, but understand the impact to your vSphere environment.

Master It Without turning the machine off, convert the virtual disks on a VMFS volume from thin to thick (eagerzeroedthick) and back to thin.

Solution Use Storage vMotion and select the target disk format during the Storage vMotion process.

Master It Identify where you would use a physical compatibility mode RDM, and configure that use case.

Solution One use case would be a Microsoft cluster (either W2K3 with MSCS or W2K8 with WFC). You should download the VMware Microsoft clustering guide and follow that use case. Other valid answers are a case where virtual-to-physical mobility of the LUNs is required or one where a Solutions Enabler VM is needed.

Leverage best practices for SAN and NAS storage with vSphere. Read, follow, and leverage key VMware and storage vendors' best practices/solutions guide documentation. Don't oversize up front, but instead learn to leverage VMware and storage array features to monitor performance, queues, and backend load—and then nondisruptively adapt. Plan for performance first and capacity second. (Usually capacity is a given for performance requirements to be met.) Spend design time on availability design and on the large, heavy I/O VMs, and use flexible pool design for the general-purpose VMFS and NFS datastores.

Master It Quickly estimate the minimum usable capacity needed for 200 VMs with an average VM size of 40 GB. Make some assumptions about vSphere snapshots. What would be the raw capacity needed in the array if you used RAID 10? RAID 5 (4+1)? RAID 6 (10+2)? What would you do to nondisruptively cope if you ran out of capacity?

Solution Using rule-of-thumb math, 200 × 40 GB = 8 TB × 25 percent extra space (snapshots, other VMware files) = 10 TB. Using RAID 10, you would need at least 20 TB raw. Using RAID 5 (4+1), you would need 12.5 TB. Using RAID 6 (10+2), you would need 12 TB. If you ran out of capacity, you could add capacity to your array and then add datastores and use Storage vMotion. If your array supports dynamic growth of LUNs, you could grow the VMFS or NFS datastores, and if it doesn't, you could add more VMFS extents.

Master It Using the configurations in the previous question, what would the minimum amount of raw capacity need to be if the VMs are actually only 20 GB of data in each VM, even though they are provisioning 40 GB and you used thick on an array that didn't support thin provisioning? What if the array did support thin provisioning? What if you used Storage vMotion to convert from thick to thin (both in the case where the array supports thin provisioning and in the case where it doesn't)?

Solution If you use thick virtual disks on an array that doesn't support thin provisioning, the answers are the same as for the previous question. If you use an array that does support thin provisioning, the answers are cut down by 50 percent: 20 TB for RAID 10, 6.25 TB for RAID 5 (4+1), and 6 TB for RAID 6 (10+2). If you use Storage vMotion to convert to thin on the array that doesn't support thin provisioning, the result is the same, just as it is if you do thin on thin.

Master It Estimate the number of spindles needed for 100 VMs that drive 200 IOPS each and are 40 GB in size. Assume no RAID loss or cache gain. How many if you use 500 GB SATA 7200 RPM? 300 GB 10K Fibre Channel/SAS? 300 GB 15K Fibre Channel/SAS? 160 GB consumer-grade SSD? 200 GB Enterprise Flash?

Solution This exercise highlights the foolishness of looking just at capacity in the server use case. 100 × 40 GB = 4 TB usable × 200 IOPS = 20,000 IOPS. With 500 GB 7200 RPM, that's 250 drives, which have 125 TB raw (ergo non-optimal). With 300 GB 10K RPM, that's 167 drives, which have 50 TB raw (ergo non-optimal). With 15K RPM, that's 111 drives with 16 TB raw (getting closer). With consumer-grade SSD, that's 20 spindles and 3.2 TB raw (too little). With EFD, that's 4 spindles and 800 GB raw (too little). The moral of the story is that the 15K RPM 146 GB drive is the sweet spot for this workload. Note that the extra space can't be used unless you can find a workload that doesn't need any performance at all; the spindles are working as hard as they can. Also note that the 4 TB requirement was usable, and we were calculating the raw storage capacity. Therefore, in this case, RAID 5, RAID 6, and RAID 10 would all have extra usable capacity in the end. It's unusual to have all VMs with a common workload, and 200 IOPS (as an average) is relatively high. This exercise also shows why it's efficient to have several tiers and several datastores for different classes of VMs (put some on SATA, some on Fibre Channel, some on EFD or SSD)—because you can be more efficient.

Chapter 7: Ensuring High Availability and Business Continuity

Understand Windows clustering and the different types of clusters. Windows clustering plays a central role in the design of any high-availability solution for both virtual and physical servers. Microsoft Windows clustering gives us the ability to have application failover to the secondary server when the primary server fails.

Master It Specifically with regard to Windows clustering in a virtual environment, what are three different types of cluster configurations that you can have?

Solution The first is a cluster in a box, which is mainly used for testing or in a development environment where both nodes of a Windows cluster run on the same ESXi host. The second is the cluster across boxes, which is the most common form of clustering in a virtual environment. In this configuration, you can use Windows clustering on VMs that are running on different physical hosts. The third is the physical-to-virtual configuration, where you have the best of both the physical and virtual worlds by having a Windows clustering node on both a physical server and a virtual server.

Master It What is the key difference between NLB clusters and Windows failover clusters?

Solution Network Load Balancing (NLB) clusters are used primarily for scaling performance. Windows failover clusters are primarily used for high availability and redundancy.

Use vSphere's built-in high-availability functionality. VMware Virtual Infrastructure has high-availability options built in and available to you out of the box: vSphere High Availability (HA) and vSphere Fault Tolerance (FT). These options help you provide better uptime for your critical applications.

Master It What are the two types of high-availability options that VMware provides in vSphere, and how are they different?

Solution VMware provides two forms of high availability in vSphere. vSphere HA provides a form of high availability by giving you the ability to restart any VMs that were running on a host that crashes. vSphere Fault Tolerance (FT) uses vLockstep technology to record and replay a running VM on another host in the cluster. Failover from the primary VM to the secondary VM is without any downtime. vSphere HA restarts the VM in the event of failure; vSphere FT does not need to restart the VM because the secondary VM is kept in lockstep with the primary and can take over immediately in the event of a failure.

Recognize differences between different high-availability solutions. A high-availability solution that operates at the application layer, like Oracle Real Application Cluster (RAC), is different in architecture and operation from an OS-level clustering solution like Windows failover clustering. Similarly, OS-level clustering solutions are very different from hypervisor-based solutions such as vSphere HA or vSphere FT. Each approach has advantages and disadvantages, and today's administrators will likely need to use multiple approaches in their datacenter.

Master It Name one advantage of a hypervisor-based high-availability solution over an OS-level solution.

Solution Because a hypervisor-based solution would operate beneath the guest OS level, it would operate independently of the guest OS and could therefore potentially support any number of different guest OSes. Depending on the implementation, hypervisor-based solutions might be simpler than OS-level solutions. For example, vSphere HA is generally less complex and easier to set up or configure than Windows failover clustering.

Understand additional components of business continuity. There are other components of ensuring business continuity for your organization. Data protection (backups) and replication of your data to a secondary location are two areas that can help ensure that business continuity needs are satisfied, even in the event of a disaster.

Master It What are three methods to replicate your data to a secondary location and what is the golden rule for any continuity plan?

Solution First, you have the backup and restore method from tape. It is a best practice to keep backup tapes off site and, when they are needed after a disaster, have them shipped to the secondary site. Second, you can replicate your data by using replication at the SAN level. This gives you the ability to replicate data over both short and long distances. Third, you can use a disk-to-disk backup appliance, such as vSphere Replication, that also offers off-site replication to another location. This method offers shorter backup windows as well as the benefits of off-site backups. Finally, the golden rule for any successful continuity design is to test, test, and test again.

Chapter 8: Securing VMware vSphere

Configure and control authentication to vSphere. Both ESXi and vCenter Server have authentication mechanisms, and both products can utilize local users and groups or users and groups defined in external directories. Authentication is a basic tenet of security; it's important to verify that users are who they claim to be. You can manage local users and groups on your ESXi hosts using either the traditional vSphere Client or the command-line interface (such as the vSphere Management Assistant). Both the Windows-based and the Linux-based virtual appliance versions of vCenter Server can leverage Active Directory, OpenLDAP, or local SSO accounts for authentication as well.

Master It You've asked an administrator on your team to create some accounts on an ESXi host. The administrator is uncomfortable with the command line and is having a problem figuring out how to create the users. Is there another way for this administrator to perform this task?

Solution Yes, the administrator can use the traditional vSphere Client and connect directly to the ESXi hosts on which the accounts need to be created.

Manage roles and access controls. Both ESXi and vCenter Server possess a role-based access control system that combines users, groups, privileges, roles, and permissions. vSphere administrators can use this role-based access control system to define very granular permissions that define what users are allowed to do with the vSphere Client against an ESXi host or the vSphere Web Client against a vCenter Server instance. For example, vSphere administrators can limit users to specific actions on specific types of objects within the vSphere Client. vCenter Server ships with some sample roles that help provide an example of how you can use the role-based access control system.

Master It Describe the differences between a role, a privilege, and a permission in the ESXi/vCenter Server security model.

Solution A role is a combination of privileges; a role is assigned to a user or group. Privileges are specific actions (like power on a VM, power off a VM, configure a VM's CD/DVD drive, and take a snapshot) that a role is allowed to perform. You combine privileges into a role. Permissions are created when you assign a role (with its associated privileges) to an inventory object within ESXi or vCenter Server.

Control network access to services on ESXi hosts. ESXi provides a network firewall that you can use to control network access to services on your ESXi hosts. This firewall can control both inbound and outbound traffic, and you have the ability to further limit traffic to specific source IP addresses or subnets.

Master It Describe how you can use the ESXi firewall to limit traffic to a specific source IP address.

Solution Within the Firewall Properties dialog box, the Firewall button allows you to specify a specific source IP address or source IP subnet.

Integrate with Active Directory. All the major components of vSphere—the ESXi hosts and vCenter Server (both the Windows Server-based version and the Linux-based virtual appliance) as well as the vSphere Management Assistant—support integration into Microsoft Active Directory. This gives vSphere administrators the option of using Active Directory as their centralized directory service for all major components of vSphere 5.5.

Master It You've just installed a new ESXi host into your vSphere environment and you are trying to configure the host to enable integration with your Active Directory environment. For some reason, though, it doesn't seem to work. What could be the problem?

Solution There could be a couple different issues at work here. First, the ESXi host needs to be able to resolve the domain name of the Active Directory domain via DNS. The ESXi host also needs to be able to locate the Active Directory domain controllers via DNS. This usually involves configuring the ESXi host to use the same DNS servers as the domain controllers. Second, there could be network connectivity issues; verify that the ESXi host has connectivity to the Active Directory domain controllers. If there are any firewalls between the ESXi host and the domain controllers, verify that the correct ports are open between the ESXi host and the domain controllers.

Chapter 9: Creating and Managing Virtual Machines

Create a virtual machine. A VM is a collection of virtual hardware pieces, like a physical system—one or more virtual CPUs, RAM, video card, SCSI devices, IDE devices, floppy drives, parallel and serial ports, and network adapters. This virtual hardware is virtualized and abstracted from the underlying physical hardware, providing portability to the VM.

Master It Create two VMs, one intended to run Windows Server 2012 and a second intended to run SLES 11 (64-bit). Make a list of the differences in the configuration that are suggested by the Create New Virtual Machine Wizard.

Solution vCenter Server suggests 1 GB of RAM, an LSI Logic parallel SCSI controller, and a 16 GB virtual disk for 64-bit SLES 11; for Windows Server 2012, the recommendations are 4 GB of RAM, an LSI Logic SAS controller, and a 40 GB virtual disk.

Install a guest operating system. Just as a physical machine needs an operating system, a VM also needs an operating system. vSphere supports a broad range of 32-bit and 64-bit operating systems, including all major versions of Windows Server, Windows 7, Windows XP, and Windows 2000 as well as various flavors of Linux, FreeBSD, Novell NetWare, and Solaris.

  • Master It What are the three ways in which a guest OS can access data on a CD/DVD, and what are the advantages of each approach?
  • Solution The three ways to access a CD/DVD are as follows:
    • Client device: This has the advantage of being very easy to use; VMware administrators can put a CD/DVD into their local workstation and map it into the VM.
    • Host device: The CD/DVD is physically placed into the optical drive of the ESXi host. This keeps the CD/DVD traffic off the network, which may be advantageous in some situations.
    • An ISO image on a shared datastore: This is the fastest method and has the advantage of being able to have multiple VMs access the same ISO image at the same time. A bit more work may be required up front to create the ISO image.

Install VMware Tools. For maximum performance of the guest OS, it needs to have virtualization-optimized drivers that are specially written for and designed to work with the ESXi hypervisor. VMware Tools provides these optimized drivers as well as other utilities focused on better operation in virtual environments.

Master It A fellow administrator contacts you and is having a problem installing VMware Tools. This administrator has selected the Install/Upgrade VMware Tools command, but nothing seems to be happening inside the VM. What could be the cause of the problem?

Solution There could be any number of potential issues. First, a guest OS must be installed before VMware Tools can be installed. Second, if the VM is running Windows, AutoPlay may have been disabled. Finally, it's possible—although unlikely—that the source ISO images for VMware Tools installation have been damaged or deleted and need to be replaced on the host.

Manage virtual machines. Once a VM has been created, the vSphere Web Client makes it easy to manage. Virtual floppy images and CD/DVD drives can be mounted or unmounted as necessary. vSphere provides support for initiating an orderly shutdown of the guest OS in a VM, although this requires that VMware Tools be installed. VM snapshots allow you to take a point-in-time “picture” of a VM so that administrators can roll back changes if needed.

Master It What are the three different ways an administrator can bring the contents of a CD/DVD into a VM?

Solution The administrator can insert the CD/DVD into the system running the vSphere Web Client and use the Client Device option in the Virtual Machine Properties dialog box to mount that CD/DVD into the VM. The administrator can also attach the physical CD/DVD drive in the host to the VM and mount the drive, or the administrator can convert the CD/DVD into an ISO image. Once converted, the ISO image can be uploaded into a datastore and mounted into a VM.

Master It What is the difference between the Shut Down Guest command and the Power Off command?

Solution The Shut Down Guest command uses VMware Tools to initiate an orderly shutdown of the guest OS. This ensures that the guest OS file system is consistent and that applications running in the guest OS are properly terminated. The Power Off command simply “yanks” the power from the VM, much like pulling the power cord out of the back of a physical system.

Modify virtual machines. vSphere offers a number of features to make it easy to modify VMs after they have been created. Administrators can hot-add certain types of hardware, like virtual hard disks and network adapters, and some guest OSes also support hot-adding virtual CPUs or memory, although this feature must be enabled first.

Master It Which method is preferred for modifying the configuration of a VM: editing the VMX file or using the vSphere Web Client?

Solution Although it is possible to edit the VMX file to make changes, that method is error prone and is not recommended. Using the vSphere Web Client is the recommended method.

Master It Name the types of hardware that cannot be added while a VM is running.

Solution The following types of virtual hardware cannot be added while a VM is running: serial port, parallel port, floppy drive, CD/DVD drive, and PCI device.

Chapter 10: Using Templates and vApps

Clone a VM. The ability to clone a VM is a powerful feature that dramatically reduces the amount of time to get a fully functional VM with a guest OS installed and running. vCenter Server provides the ability to clone VMs and to customize VMs, ensuring that each VM is unique. You can save the information to customize a VM as a customization specification and then reuse that information over and over again. vCenter Server can even clone running VMs.

Master It Where and when can customization specifications be created in the vSphere Web Client?

Solution Administrators can create customization specifications using the Customization Specification Manager, available from the vSphere Web Client home screen. Administrators can also create customization specifications while cloning VMs or deploying from templates by supplying answers to the Guest Customization Wizard and saving those answers as a customization specification.

Master It A fellow administrator comes to you and wants you to help streamline the process of deploying Solaris x86 VMs in your VMware vSphere environment. What do you tell him?

Solution You can use cloning inside vCenter Server to help clone VMs that are running Solaris x86, and that will help speed up the process of deploying new VMs. However, the Solaris administrator(s) will be responsible for customizing the configuration of the cloned VMs because vCenter Server is unable to customize a Solaris guest OS installation as part of the cloning process.

Create a VM template. vCenter Server's templates feature is an excellent complement to the cloning functionality. With options to clone or convert an existing VM to a template, vCenter Server makes it easy to create templates. By creating templates, you ensure that your VM master image doesn't get accidentally changed or modified. Then, once a template has been created, vCenter Server can clone VMs from that template, customizing them in the process to ensure that each one is unique.

  • Master It Of the following tasks, which are appropriate to be performed on a VM running Windows Server 2008 that will eventually be turned into a template?
    1. Align the guest OS's file system to a 64 KB boundary.
    2. Join the VM to Active Directory.
    3. Perform some application-specific configurations and tweaks.
    4. Install all patches from the operating system vendor.
  • Solution The answers are as follows:
    1. Yes. This is an appropriate task but unnecessary because Windows Server 2008 installs already aligned to a 64 KB boundary. Ensuring alignment ensures that all VMs then cloned from this template will also have their filesystems properly aligned.
    2. No. This should be done by the vSphere Web Client Guest Customization Wizard or a customization specification.
    3. No. Templates shouldn't have any application-specific files, tweaks, or configurations unless you are planning on creating multiple application-specific templates.
    4. Yes. This helps reduce the amount of patching and updating required on any VMs cloned from this template.

Deploy new VMs from a template. By combining templates and cloning, VMware vSphere administrators have a powerful way to standardize the configuration of VMs being deployed, protect the master images from accidental change, and reduce the amount of time it takes to provision new guest OS instances.

Master It Another VMware vSphere administrator in your environment starts the wizard for deploying a new VM from a template. He has a customization specification he'd like to use, but there is one setting in the specification he wants to change. Does he have to create an all-new customization specification?

Solution No. He can select the customization specification he wants to use and then select Use The Customization Wizard To Customize This Specification to supply the alternate values he wants to use for this particular VM deployment. He also has the option of cloning the existing customization specification and then changing the one setting within this new clone.

Deploy a VM from an OVF template. Open Virtualization Format (OVF, formerly Open Virtual Machine Format) templates provide a mechanism for moving templates or VMs between different instances of vCenter Server or even entirely different and separate installations of VMware vSphere. OVF templates combine the structural definition of a VM along with the data in the VM's virtual hard disk and can exist either as a folder of files or as a single file. Because OVF templates include the VM's virtual hard disk, OVF templates can contain an installation of a guest OS and are often used by software developers as a way of delivering their software preinstalled into a guest OS inside a VM.

Master It A vendor has given you a Zip file that contains a VM they are calling a virtual appliance. Upon looking inside the Zip file, you see several VMDK files and a VMX file. Will you be able to use vCenter Server's Deploy OVF Template functionality to import this VM? If not, how can you get this VM into your infrastructure?

Solution You will not be able to use vCenter Server's Deploy OVF Template feature; this requires that the virtual appliance be provided with an OVF file that supplies the information that vCenter Server is expecting to find. However, you can use vCenter Converter to perform a V2V conversion to bring this VM into the VMware vSphere environment, assuming it is coming from a compatible source environment.

Export a VM as an OVF template. To assist in the transport of VMs between VMware vSphere installations, you can use vCenter Server to export a VM as an OVF template. The OVF template will include the configuration of the VM as well as the data found in the VM.

Master It You are preparing to export a VM to an OVF template. You want to ensure that the OVF template is easy and simple to transport via a USB key or portable hard drive. Which format is most appropriate, OVF or OVA? Why?

Solution The OVA format is probably a better option here. OVA distributes the entire OVF template as a single file, making it easy to copy to a USB key or portable hard drive for transport. Using OVF would mean keeping several files together instead of working with only a single file.

Work with vApps. vSphere vApps leverage OVF as a way to combine multiple VMs into a single administrative unit. When the vApp is powered on, all VMs in it are powered on, in a sequence specified by the administrator. The same goes for shutting down a vApp. vApps also act a bit like resource pools for the VMs contained within them.

Master It Name two ways to add VMs to a vApp.

Solution There are four ways to add VMs to a vApp: Create a new VM in the vApp, clone an existing VM into a new VM in the vApp, deploy a VM into the vApp from a template, and drag and drop an existing VM into the vApp.

Chapter 11: Managing Resource Allocation

Manage virtual machine memory allocation. In almost every virtualized datacenter, memory is the resource that typically comes under contention first. Most organizations run out of memory on their VMware ESXi hosts before other resources become constrained. Fortunately, VMware vSphere offers advanced memory-management technologies as well as extensive controls for managing the allocation of memory and utilization of memory by VMs.

Master It To guarantee certain levels of performance, your IT director believes that all VMs must be configured with at least 8 GB of RAM. However, you know that many of your applications rarely use this much memory. What might be an acceptable compromise to help ensure performance?

Solution One way would be to configure the VMs with 8 GB of RAM and specify a reservation of only 2 GB. VMware ESXi will guarantee that every VM will get 2 GB of RAM, including preventing additional VMs from being powered on if there isn't enough RAM to guarantee 2 GB of RAM to that new VM. However, the RAM greater than 2 GB is not guaranteed and, if it is not being used, will be reclaimed by the host for use elsewhere. If plenty of memory is available to the host, the ESXi host will grant what is requested; otherwise, it will arbitrate the allocation of that memory according to the share values of the VMs.

Master It You are configuring a brand-new large-scale VDI environment but you're worried that the cluster hosts won't have enough RAM to handle the expected load. Which advanced memory management technique will ensure that your virtual desktops have enough RAM without having to use the swapfile?

Solution Transparent page sharing. TPS ensures that if you have multiple VMs with the same blocks of memory, you allocate it only once. This can almost be thought of as “de-duplication for RAM.” Within virtual desktop environments, many VMs are run as “clones” with their operating system and applications all identical—a perfect case for TPS to take advantage of.

Manage CPU utilization. In a VMware vSphere environment, the ESXi hosts control VM access to physical CPUs. To effectively manage and scale VMware vSphere, administrators must understand how to allocate CPU resources to VMs, including how to use reservations, limits, and shares. Reservations provide guarantees to resources, limits provide a cap on resource usage, and shares help adjust the allocation of resources in a constrained environment.

Master It A fellow VMware administrator is a bit concerned about the use of CPU reservations. She is worried that using CPU reservations will “strand” CPU resources, preventing those reserved but unused resources from being used by other VMs. Are this administrator's concerns well founded?

Solution For CPU reservations, no. While it is true that VMware must have enough unreserved CPU capacity to satisfy a CPU reservation when a VM is powered on, reserved CPU capacity is not “locked” to a VM. If a VM has reserved but unused capacity, that capacity can and will be used by other VMs on the same host. The other administrator's concerns could be valid, however, for memory reservations.

Create and manage resource pools. Managing resource allocation and usage for large numbers of VMs creates too much administrative overhead. Resource pools provide a mechanism for administrators to apply resource allocation policies to groups of VMs all at the same time. Resource pools use reservations, limits, and shares to control and modify resource allocation behavior, but only for memory and CPU.

Master It Your company runs both test/development workloads and production workloads on the same hardware. How can you help ensure that test/development workloads do not consume too many resources and impact the performance of production workloads?

Solution Create a resource pool and place all the test/development VMs in that resource pool. Configure the resource pool to have a CPU limit and a lower CPU shares value. This ensures that the test/development will never consume more CPU time than specified in the limit and that, in times of CPU contention, the test/development environment will have a lower priority on the CPU than production workloads.

Control network and storage I/O utilization. Memory, CPU, network I/O, and storage I/O make up the four major resource types that VMware vSphere administrators must effectively manage in order to have an efficient virtualized datacenter. By applying controls to network I/O and storage I/O, administrators can help ensure consistent performance, meet service-level objectives, and prevent one workload from unnecessarily consuming resources at the expense of other workloads.

Master It Name two limitations of Network I/O Control.

Solution Network I/O Control works only with vSphere Distributed Switches and it requires vCenter Server in order to operate. Another limitation is that system network resource pools cannot be assigned to user-created port groups.

Master It What are the requirements for using Storage I/O Control?

Solution All datastores and ESXi hosts that will participate in Storage I/O Control must be managed by the same vCenter Server instance. In addition, raw device mappings (RDMs) are not supported. Datastores must have only a single extent; datastores with multiple extents are not supported.

Utilize Flash Storage Flash storage is more popular than ever, and vSphere 5.5 has introduced the new vFlash Cache feature to sit alongside the Swap to Host Cache feature. This new resource type benefits environments that need maximum performance.

Master It You have a VM that has a large I/O requirement. Which flash feature should you configure and why?

Solution vFlash Cache should be used. This feature acts like a buffer to help accelerate IO for configured disks within individual VMs. The other feature, Swap to Host Cache, is for environments that are memory overcommitted.

Chapter 12: Balancing Resource Utilization

Configure and execute vMotion. vMotion is a feature that allows running VMs to be migrated from one physical ESXi host to another physical ESXi host with no downtime to end users. To execute vMotion, you must make sure both the ESXi hosts and the VMs meet specific configuration requirements. In addition, vCenter Server performs validation checks to ensure that vMotion compatibility rules are observed.

Master It A certain vendor has just released a series of patches for some of the guest OSes in your virtualized infrastructure. You request an outage window from your supervisor, but your supervisor says to just use vMotion to prevent downtime. Is your supervisor correct? Why or why not?

Solution Your supervisor is incorrect. vMotion can be used to move running VMs from one physical host to another, but it does not address outages within a guest OS because of reboots or other malfunctions. If you had been requesting an outage window to apply updates to the host, the supervisor would have been correct—you could use vMotion to move all the VMs to other hosts within the environment and then patch the first host. There would be no end-user downtime in that situation.

Master It Is vMotion a solution to prevent unplanned downtime?

Solution No. vMotion is a solution to address planned downtime of the ESXi hosts on which VMs are running, as well as to manually load balance CPU and memory utilization across multiple ESXi hosts. Both the source and destination ESXi hosts must be up and running and accessible across the network in order for vMotion to succeed.

Ensure vMotion compatibility across processor families. vMotion requires compatible CPU families on the source and destination ESXi hosts in order to be successful. To help alleviate any potential problems resulting from changes in processor families over time, vSphere offers Enhanced vMotion Compatibility (EVC), which can mask differences between CPU families to maintain vMotion compatibility.

Master It Can you change the EVC level for a cluster while there are VMs running on hosts in the cluster?

Solution No, you cannot. Changing the EVC level means that you must calculate and apply new CPU masks. CPU masks can be applied only when VMs are powered off, so you can't change the EVC level on a cluster when there are powered-on VMs in that cluster.

Use Storage vMotion. Just as vMotion is used to migrate running VMs from one ESXi host to another, Storage vMotion is used to migrate the virtual disks of a running VM from one datastore to another. You can also use Storage vMotion to convert between thick and thin virtual disk types.

Master It Name two features of Storage vMotion that would help administrators cope with storage-related changes in their vSphere environment.

Solution You can use Storage vMotion to facilitate no-downtime storage migrations from one storage array to a new storage array, greatly simplifying the migration process. Storage vMotion can also migrate between different types of storage (FC to NFS, iSCSI to FC or FCoE), which helps vSphere administrators cope with changes in how the ESXi hosts access the storage. Finally, Storage vMotion allows administrators to convert VMDKs between thick and thin, to give them the flexibility to use whichever VMDK format is most effective for them.

Perform combined vMotion and Storage vMotion. Using vMotion and Storage at the same time gives you greater flexibility when migrating VMs between hosts. Utilizing this feature can also save time when you must evacuate a host for maintenance.

Master It A fellow administrator is trying to migrate a VM to a different datastore and a different host while it is running and wishes to complete the task as quickly and as simply as possible. Which migration option should she choose?

Solution Storage vMotion, like vMotion, can operate while a VM is running. However, choosing to perform both migration together will not only allow the VM to stay powered on, it turns what is regularly a two-step process into a single step.

Configure and manage vSphere Distributed Resource Scheduler. vSphere Distributed Resource Scheduler enables vCenter Server to automate the process of conducting vMotion migrations to help balance the load across ESXi hosts within a cluster. You can automate DRS as you wish, and vCenter Server has flexible controls for affecting the behavior of DRS and specific VMs within a DRS-enabled cluster.

Master It You want to take advantage of vSphere DRS to provide some load balancing of virtual workloads within your environment. However, because of business constraints, you have a few workloads that should not be automatically moved to other hosts using vMotion. Can you use DRS? If so, how can you prevent these specific workloads from being affected by DRS?

Solution Yes, you can use DRS. Enable DRS on the cluster, and set the DRS automation level appropriately. For those VMs that should not be automatically migrated by DRS, configure a VM Override set to Manual. This will allow DRS to make recommendations on migrations for these workloads but it will not actually perform the migrations.

Configure and manage Storage DRS. Building on Storage vMotion just as vSphere DRS builds on vMotion, Storage DRS automates the process of balancing storage capacity and I/O utilization. Storage DRS uses datastore clusters and can operate in Manual or Fully Automated mode. Numerous customizations exist—such as custom schedules, VM and VMDK anti-affinity rules, and threshold settings—to allow administrators to fine-tune the behavior of Storage DRS for their specific environments.

Master It Name the two ways in which an administrator is notified that a Storage DRS recommendation has been generated.

Solution On the Storage DRS tab of a datastore cluster, the recommendation(s) will be listed with an option to apply the recommendations. In addition, on the Alarms tab of the datastore cluster, an alarm will be triggered to indicate that a Storage DRS recommendation exists.

Master It What is a potential disadvantage of using drag-and-drop to add a datastore to a datastore cluster?

Solution When you use drag-and-drop to add a datastore to a datastore cluster, the user is not notified if the datastore isn't accessible to all the hosts that are currently connected to the datastore cluster. This introduces the possibility that one or more ESXi hosts could be “stranded” from a VM's virtual disks if Storage DRS migrates them onto a datastore that is not accessible from that host.

Chapter 13: Monitoring VMware vSphere Performance

Use alarms for proactive monitoring. vCenter Server offers extensive alarms for alerting vSphere administrators to excessive resource consumption or potentially negative events. You can create alarms on virtually any type of object found within vCenter Server, including datacenters, clusters, ESXi hosts, and VMs. Alarms can monitor for resource consumption or for the occurrence of specific events. Alarms can also trigger actions, such as running a script, migrating a VM, or sending a notification email.

  • Master It What are the questions a vSphere administrator should ask before creating a custom alarm?
  • Solution You should ask yourself several questions before you create a custom alarm:
    • Does an existing alarm meet my needs?
    • Will vC Ops alert me without needing a custom alarm?
    • What is the proper scope for this alarm? Do I need to create it at the datacenter level so that it affects all objects of a particular type within the datacenter or at some lower point?
    • What are the values this alarm needs to use?
    • What actions, if any, should this alarm take when it is triggered? Does it need to send an email or trigger an SNMP trap?

Work with performance charts. vCenter Server's detailed performance charts are the key to unlocking the information necessary to determine why an ESXi host or VM is performing poorly. The performance charts expose a large number of performance counters across a variety of resource types, and vCenter Server offers functionality to save customized chart settings, export performance graphs as graphic figures or Excel workbooks, and view performance charts in a separate window.

Master It You find yourself using the Chart Options link in the Advanced layout of the Performance tab to set up the same chart over and over again. Is there a way to save yourself some time and effort so that you don't have to keep re-creating the custom chart?

Solution Yes. After using the Chart Options dialog box to configure the performance chart to show the desired counters, use the Save Chart Settings button to save these settings for future use. The next time you need to access these same settings, they will be available from the Switch To drop-down list on the Advanced view of the Performance tab.

Understanding vCenter Operations Manager. vCenter Operations Manager adds to the functionality of vSphere by assisting in both performance monitoring and troubleshooting. The vC Ops analytics VM collates metrics from hosts and vCenter to calculate badges. The Web UI VM provides a standalone web interface and also integrates with the vSphere Web Client.

Master It All standard vCenter server licenses come with vCenter Operations Manager Foundation. This version is limited to four main features. What are they?

Solution The four main features within the Foundation version of vC Ops are Proactive Smart Alerts, Intelligent Operations Groups, vSphere Health Monitoring, and Self-Learning Performance Analytics.

Gather performance information using command-line tools. VMware supplies a few command-line tools that are useful in gathering performance information. For VMware ESXi hosts, resxtop provides real-time information about CPU, memory, network, or disk utilization. You should run resxtop from the VMware vMA. Finally, the vm-support tool can gather performance information that can be played back later using resxtop.

Master It Know how to run resxtop from the VMware vMA command line.

Solution Enter the command vm-support -p -i 10 -d 180. This creates a resxtop snapshot, capturing data every 10 seconds, for the duration of 180 seconds.

Monitor CPU, memory, network, and disk usage by ESXi hosts and VMs. Monitoring usage of the four key resources—CPU, memory, network, and disk—can be difficult at times. Fortunately, the various tools supplied by VMware within vCenter Server can lead the vSphere administrator to the right solution. In particular, using customized performance charts can expose the right information that will help a vSphere administrator uncover the source of performance problems.

Master It A junior vSphere administrator is trying to resolve a performance problem with a VM. You've asked this administrator to see if it is a CPU problem, and the junior administrator keeps telling you that the VM needs more CPU capacity because the CPU utilization is high within the VM. Is the junior administrator correct, based on the information available to you?

Solution Based on the available information, not necessarily. A VM may be using all of the cycles being given to it, but because the overall ESXi host is CPU constrained, the VM isn't getting enough cycles to perform acceptably. In this case, adding CPU capacity to the VM wouldn't necessarily fix the problem. If the host is indeed constrained, then migrating VMs to other hosts or changing the shares or the CPU limits for the VMs on this host may help alleviate the problem.

Chapter 14: Automating VMware vSphere

Identify tools available for automating vSphere. VMware offers a number of different solutions for automating your vSphere environment, including vCenter Orchestrator, PowerCLI, an SDK for Perl, an SDK for web service developers, and shell scripts in VMware ESXi. Each of these tools has its own advantages and disadvantages.

Master It VMware offers a number of different automation tools. What are some guide-lines for choosing which automation tool to use?

Solution Two primary factors should dictate which tool you choose: your prior experience and the task you wish to complete. If you have experience with creating scripts using Perl, then you will likely be most effective in using the vSphere SDK for Perl to create automation tools. Similarly, having prior experience or knowledge of PowerShell will mean you will likely be most effective using PowerCLI. Recall that the most common tool used is PowerCLI because it is easy to adopt by administrators from the widest range of backgrounds. If you're looking for end-to-end process automation, then vCenter Orchestrator is your tool.

Create a PowerCLI script for automation. VMware vSphere PowerCLI builds on the object-oriented PowerShell scripting language to provide administrators with a simple yet powerful way to automate tasks within the vSphere environment.

Master It If you are familiar with other scripting languages, what would be the biggest hurdle in learning to use PowerShell and PowerCLI, other than syntax?

Solution Everything in PowerShell and PowerCLI is object based. Thus, when a command outputs results, those results are objects. This means you have to be careful to properly match object types between the output of one command and the input of the next command.

Use vCLI to manage ESXi hosts from the command line. VMware's command-line interface, or vCLI, is the new way of managing an ESXi host using the familiar esxcfg-* command set. By combining the features of fastpass with vCLI, you can seamlessly manage multiple hosts using the same command set from a single login.

Master It Have you migrated management and configuration operations for which you currently use the ESXi command-line interface to vMA?

Solution Migrating to vMA and the vCLI is extremely simple and can be done quickly using vMA's fastpass technology. Once a host has been configured for fastpass, you can execute the same scripts that were previously used by setting the fastpass target to transparently pass the commands to the host.

Use vCenter in combination with vMA to manage all your hosts. The new version of vMA can use vCenter as a target. This means that you can manage all of your hosts using vCLI without having to manually add each host to the fastpass target list.

Master It Use a combination of shell scripting with vCLI commands to execute commands against a number of hosts.

Solution Bash, the default shell for the vi-admin user, has a full-featured scripting environment capable of using functions, arrays, loops, and other control logic structures. Using these capabilities, in combination with the vCLI command set and fastpass, hosts in clusters can be efficiently configured to match.

Employ the Perl toolkit and VMware SDK for virtual server operations from the command line. The vCLI is designed for host management and consequently lacks tools for manipulating virtual servers. With the Perl toolkit, leveraged against the VMware SDK, any task that can be accomplished in the Virtual Infrastructure client can be done from the command line.

Master It Browse the sample scripts and SDK documentation to discover the world of possibilities that are unlocked by using Perl, or any of the other supported languages, to accomplish management tasks.

Solution Sample scripts are provided with the Perl toolkit on vMA at /usr/share/doc/vmware-viperl/samples. Additional utility scripts for assisting development of Perl applications can be found at /usr/lib/vmware-viperl/apps in the vMA's file structure. Refer to the documentation for their location when you install the Perl toolkit on a Windows server or desktop. SDK documentation can be found at www.vmware.com/sdk.

Configure vCenter Orchestrator vCenter Orchestrator is designed to allow vSphere administrators to run workflows against the vSphere environment and much more. To orchestrate against things like Active Directory and UCS or to run PowerShell scripts, you need the appropriate plug-ins installed and configured.

Master It How can you tell which plug-ins are installed and available for your use?

Solution The Plug-Ins tab of the vCenter Orchestrator Configuration page will list all of the plug-ins installed for vCenter Server. This requires the vCenter Orchestrator Configuration Service to be running and accessing it through your web browser at https://<computer IP address> or the DNS name 8283.

Use a vCenter Orchestrator workflow After vCenter Orchestrator is configured and running, you can use the vCenter Orchestrator client to run a vCenter Orchestrator workflow. vCenter Orchestrator comes with a number of preinstalled workflows to help automate tasks.

Master It An administrator in your environment configured vCenter Orchestrator and has now asked you to run a couple of workflows. However, when you log into the vCenter Server instance where vCenter Orchestrator is also installed, you don't see the icons for vCenter Orchestrator. Why?

Solution The vCenter Server installer creates the vCenter Orchestrator Start menu icons in the user-specific side of the Start menu, so they are visible only to the user who was logged on when vCenter Server was installed. Other users will not see the icons on the Start menu unless they are moved to the All Users portion of the Start menu.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.224.59.145