Chapter 7

Manage and Administer Virtual Machines and vApps

VCP5 Exam Objectives Covered in This Chapter:

• Manage Virtual Machine Clones and Templates
  • Identify Cloning and Template options
  • Clone an existing virtual machine
  • Create a template from an existing virtual machine
  • Deploy a virtual machine from a template
  • Update existing virtual machine templates
  • Deploy virtual appliances and/or vApps from an OVF template
  • Import and/or Export an OVF template
  • Determine the appropriate deployment methodology for a given virtual machine application
  • Identify the vCenter Server managed ESXi hosts and Virtual Machine maximums
• Administer Virtual Machines and vApps
  • Identify files used by virtual machines
  • Identify locations for virtual machine configuration files and virtual disks
  • Configure virtual machine options
  • Configure virtual machine power settings
  • Configure virtual machine boot options
  • Configure virtual machine troubleshooting options
  • Identify common practices for securing virtual machines
  • Determine when an advanced virtual machine parameter is required
  • Hot Extend a virtual disk
  • Adjust virtual machine resources (shares, limits and reservations) based on virtual machine workloads
  • Assign a Storage Policy to a virtual machine
  • Verify Storage Policy compliance for virtual machines

This chapter will cover the objectives of sections 4.3 and 4.4 of the VCP5 exam blueprint. This chapter will focus on managing and administering virtual machines and vApps.

This chapter will first cover identifying the cloning and template options, and you will learn how to clone an existing virtual machine. The chapter will also cover how to create a template from an existing VM and how to deploy a VM from a template. Updating existing templates will also be covered. The chapter will cover how to deploy virtual appliances and vApps from an OVF template. How to import an OVF template will also be covered. Determining the appropriate deployment methodology for a given virtual machine application will be covered. The first section of this chapter will end with covering the configuration maximums for ESXi hosts and virtual machines.

In the final section of this chapter, I will identify the files used by virtual machines and the locations for VM configuration files and virtual disks. I will cover configuring virtual machine options, power settings, boot options, and troubleshooting options. I will identify common practices for securing VMs and cover how to determine when an advanced VM parameter is required. The steps to hot extend a virtual disk will be explained. How to adjust a virtual machine's resources based on workload will also be covered. The chapter will end with assigning a storage policy to a virtual machine and verifying VM storage policy compliance.

Managing Virtual Machine Clones and Templates

Virtual infrastructure administrators can use clones and templates to both save time and ensure consistency of deployed virtual machines. Knowing how to manage virtual machine clones and templates is an essential task for any virtual infrastructure administrator. The first topic I will cover in this chapter is identifying cloning and template options.

Identifying Cloning and Template Options

Cloning in vCenter Server is the process of creating an exact copy of a virtual machine, including the virtual hardware and the guest OS. A clone can be taken of a powered-on or powered-off virtual machine. Clones are often useful for testing purposes. For example, a production server could be cloned while online, and then the clone could be used in a test environment. The cloned virtual machine is its own virtual machine and in no way depends on the original.

A virtual machine can also be converted to a template in vCenter Server, and once converted, the templates cannot be powered on or have their configurations changed. Templates can be used in vCenter Server to provide simplified provisioning of virtual machines. A typical use for templates is to set up a master image of a frequently deployed server operating system, for example Windows Server 2008 R2. This virtual machine can be modified to form a standard build for your environment, and then all future Windows Server 2008 R2 servers can be deployed from this virtual machine template. An additional feature of deployment from a template is the ability to customize the guest operating system. Using templates both simplifies builds and nearly eliminates mistakes in the process.

Many different options can be specified during either a clone operation or when deploying from a template:

• You can select a datacenter.
• You can select a cluster or an ESXi host.
• You can select a resource pool.
• You can select a virtual disk format.
• You can select a datastore.
• You can select a storage profile.
• You can select whether to disable Storage DRS.
• You can select whether to customize the guest OS.
• You can select whether to power on the VM after creation.

Now that I have identified cloning and template options, I will cover each in more detail. First I will cover cloning an existing virtual machine.

Cloning an Existing Virtual Machine

In Exercise 7.1, you will use the vSphere Client to clone an existing Windows Server 2008 R2 virtual machine. For the purpose of the exercise, I will assume that this Windows Server 2008 R2 virtual machine is your master image that is used for deploying new virtual machines.

---

Exercise 7.1: Cloning an Existing Virtual Machine

1. Connect to a vCenter Server with the vSphere Client.

2. Locate the virtual machine and right-click it. Select the Clone option from the context menu that appears. The Clone Virtual Machine Wizard will launch.

3. Provide the new virtual machine with a unique name and choose an inventory location. Click Next.

4. Choose the host or cluster that will be used to run the virtual machine. Review any issues reported in the Compatibility window before proceeding. Click Next.

5. If your environment has resource pools, pick a resource pool. Click Next.

6. Using the drop-down menu, select a virtual disk format for the cloned virtual machine. By default, the selection is Same Format As Source. Choose a datastore to store the virtual machine on. Click Next.

7. On the Guest Customization screen, leave the Power On This Virtual Machine After Creation option unchecked. This will give you the chance to review and modify the virtual hardware settings after the clone completes.

8. Select the Customize Using The Customization Wizard option and click Next.

Choosing the Do Not Customize option would clone the virtual machine, creating an exact replica of it. The Customize Using An Existing Customization Specification option could be used, if there were an existing customization specification available. The option chosen in step 8, Customize Using The Customization Wizard, will allow you to both customize the virtual machine and create a customization specification. You will use the customization specification you create in this exercise later in this chapter.

The vSphere Client Windows Guest Customization window will appear.

9. Fill in the Name and Organization fields and click Next.

10. Provide a NetBIOS computer name for the guest OS to use. You can also utilize the Use The Virtual Machine Name option here, if you want the computer name and the virtual machine names to match. Click Next to continue.

11. Enter the Windows Product Key and choose the appropriate options for the Server License Mode. Click Next to continue.

12. Provide the password for the local Windows Administrator account and confirm it. Click Next to continue.

13. Select the time zone and click Next.

14. Click Next on the Run Once screen.

15. Choose the Typical Settings option for networking and click Next to continue.

16. Fill in the Windows Server Domain or Workgroup fields appropriate for your environment. If you choose to add the guest OS on this virtual machine to the domain, you will need to provide a username and password of a user with authority to join machines to the domain. Click Next.

17. Unless you have a very specific reason not to, leave the Generate New Security ID (SID) option checked and click Next to continue.

18. Ensure that the Save This Customization Specification For Later Use box is selected. Give the customization specification a unique name and a description. The final configuration should look like this.

19. Click Next and review the information presented on the Ready To Complete Screen.

20. Click Finish to save the customization specification information.

21. On the Clone Virtual Machine screen, review the information presented on the Ready To Complete screen.

Note the Edit Virtual Hardware (Experimental) option on the Ready To Complete screen. Experimental options are those that may find their way into future versions of the product, but there is no guaranteed support from VMware for them. It is not recommended that you use experimental features on production systems.

22. Click Finish to begin the clone process.

23. A Clone Virtual Machine task will begin. When this task completes, locate the new virtual machine in the inventory. Right-click it and choose the Edit Settings option from the context menu. Verify the settings and power it on, if you want.

24. On the vSphere navigation bar at the top of the screen, click the Home icon. Under the Management section, click the Customization Specifications Manager icon.

25. The customization specification you saved in step 20 is listed here and should look like this.

26. Right-click the customization specification and choose the Edit option from the context menu that appears, if you ever need to make changes to it.

---

I just covered cloning a virtual machine and how to use the customization specifications included in vCenter Server. In the following section, I will cover creating a template from an existing virtual machine.

Creating a Template from an Existing Virtual Machine

In the previous exercise, you cloned a master virtual machine in order to deploy a new virtual machine from it. This process works and is acceptable, but what if another administrator were to power on the master image and make changes to it? One solution to the problem of keeping master images from being modified is to convert these virtual machines to templates.

Once a virtual machine is converted to a template, it cannot be powered on in vCenter Server. When a virtual machine is converted to a template, the .vmx file extension changes to .vmtx. The .vmtx file extension designates a template VM. This is shown in Figure 7.1.

Figure 7.1 Template VM in Datastore Browser

Templates are also not visible in the Hosts and Clusters view in the vSphere Client. Converting virtual machines to templates is a simple process in vCenter Server. In Exercise 7.2, you will create a template from an existing virtual machine. For the purpose of the exercise, I will assume that the same Windows Server 2008 R2 virtual machine from Exercise 7.1 will be used as your master image.

---

Exercise 7.2: Creating a Template from an Existing VM

1. Connect to a vCenter Server with the vSphere Client.

2. Select Hosts And Clusters.

3. Locate the powered-off virtual machine in the left pane. Take note of which ESXi host it is located on. Right-click the virtual machine and select Template ⇒ Convert To Template.

4. A Mark Virtual Machine As Template task will begin. When this task completes, the virtual machine will disappear from the Hosts and Clusters view.

5. Select the ESXi host that the virtual machine was located on. Click the Virtual Machines tab. Locate the template in the list. It will now have a template icon, which should make it easier to identify.

6. In the navigation bar at the top of the screen, click the Home icon and then click the VMs And Templates icon located in the Inventory list.

7. Locate the template.

---

The template is now ready to use. In the next section, you will learn how to deploy a virtual machine from the template you just created.

Deploying a Virtual Machine from a Template

The process of deploying a virtual machine from a template is very similar to the process of cloning a virtual machine. In Exercise 7.3, you will deploy a virtual machine from the template created in Exercise 7.2.

---

Exercise 7.3: Deploying a VM from a Template

1. Connect to a vCenter Server with the vSphere Client.

2. Locate the template created in Exercise 7.2, using the Virtual Machines tab for a selected ESXi host or the VMs And Templates option from the inventory.

3. Right-click the template and review the options that appear in the context menu.

Note that the available operations for templates include cloning, adding permissions, renaming, removing from the inventory, and deleting.

4. Choose the Deploy Virtual Machine From This Template option. The Deploy Template Wizard will launch.

5. Provide the new virtual machine with a unique name and choose an inventory location. Click Next to continue.

6. Choose the host or cluster that will be used to host the virtual machine. Review any issues reported in the Compatibility window before proceeding. Click Next to continue.

7. If your environment has resource pools, pick a resource pool. Click Next to continue.

8. Using the drop-down menu, select a virtual disk format for the virtual machine. By default, the selection is Same Format As Source. Choose a datastore to store the virtual machine on. Click Next.

9. On the Guest Customization screen, leave the Power On This Virtual Machine After Creation option unchecked. This will give you the chance to review and modify the virtual hardware settings after the virtual machine is deployed.

10. Select the Customize Using An Existing Customization Specification option. A Customization Specification Manager window will appear on the bottom of the screen.

11. Select the customization specification created in Exercise 7.1 by clicking it. Note there is also an option presented to allow the customization specification to be adjusted, but leave this option unchecked for now.

12. Click Next and then review the information presented on the Ready To Complete screen.

13. Click Finish to begin deploying the new virtual machine from a template.

14. A Clone Virtual Machine task will begin. When it completes, locate the new virtual machine in the inventory.

---

I just covered deploying a virtual machine from a template. In the next section, I will cover how to update templates.

Updating Existing Virtual Machine Templates

After a virtual machine is converted to a template, it is not able to be powered on. Although this provides a degree of protection for the master virtual machine image, over time this template will certainly become stale. Build guides may change, vendor-supplied updates will likely need to be applied, and any number of changes will need to happen to get the master virtual machine image compliant with the current standards.

To address these issues, a template can simply be converted back to a virtual machine. Once the template is converted to a virtual machine, it is able to be powered on and updated as necessary. Exercise 7.4 will cover the steps required to convert a template to a virtual machine so that it can be updated.

At this point, the template is no more. Browsing the datastore would reveal that the .vmtx file has been replaced with a .vmx file. The virtual machine is now visible again in the Hosts and Clusters view. Because you are now working with a virtual machine, its configuration can be edited. The virtual machine can also be powered on, and updates can be applied to the guest OS. When all of these changes have been made, the virtual machine can be powered off and again converted to a template.

You have now learned how to update templates. In the next section, I will discuss how to deploy virtual appliances and vApps from an OVF template.

Deploying Virtual Appliances and vApps from an OVF Template

Virtual appliances are preconfigured and ready-to-use virtual machines that include an operating system and/or applications. VMware provides a virtual appliance marketplace at www.vmware.com/appliances where virtual appliances can be downloaded. Virtual appliances offer convenience and portability and are often optimized for virtual infrastructures.

Virtual appliances may sound similar to an exported vApp, which was covered in Exercise 6.20, and that is because they are. vApps are built on an industry-standard format, the Open Virtualization Format (OVF). This is the same format used for the vast majority of the virtual appliances in the VMware virtual appliance marketplace.

Deploying a virtual appliance is a simple task. If you think back to the very first exercise in this book, then you may recall that you have already deployed a virtual appliance. In Exercise 2.1, you deployed the vCenter Server Appliance. The vCenter Server Appliance was packaged in the “folder of files” format, where the OVF template consisted of a set of files.

If you don't recall Exercise 2.1, don't go back there just yet. In the next section, I will cover importing OVF templates, and the procedure is exactly the same as deploying virtual appliances.

Importing and Exporting an OVF Template

In Exercise 6.20 from Chapter 6, you exported an OVF template for a vApp. There is no import function in the vSphere Client, and an exported OVF template is simply imported using the Deploy OVF Template function in the vSphere Client.

In Exercise 7.5, you will import the OVF template you created in Exercise 6.20.

I have now covered using the Deploy OVF Template Wizard to import a vApp. I will next discuss how to determine the appropriate deployment methodology for a given VM application.

Determining the Appropriate Deployment Methodology for a Given Virtual Machine Application

Determining the appropriate deployment methodology for the virtual machines in your environment will be determined by a variety of factors. Another phrase that can be used to describe the deployment methodology is virtual machine provisioning. Table 7.1 covers the provisioning methods and use cases.

Table 7.1 Deployment methodology for VMs

Now that I have covered determining the appropriate deployment methodology for a given virtual machine application, I will move on to identifying the vCenter Server–managed ESXi and virtual machine configuration maximums.

Identifying the vCenter Server–Managed ESXi Hosts and Virtual Machine Maximums

Knowing the configuration maximums is an important part of working in a vSphere environment. The configuration maximums are used to determine the maximum supported values for a variety of different components in the ESXi hosts and the virtual machines. Table 7.2 lists some of the ESXi and virtual machine configuration maximums.

Table 7.2 ESXi host configuration maximums

This list is just a small sampling of the information contained in the vSphere 5 “Configuration Maximums” document. This document is an essential reference for the VCP 5 exam, and you can download it here:

www.vmware.com/pdf/vsphere5/r50/vsphere-50-configuration-maximums.pdf

The “Configuration Maximums” document is the definitive source for finding the supported maximums of a configuration for either an ESXi host or a virtual machine running on the ESXi host. The document also includes maximums for vCenter Server, VMware FT, vCenter Update Manager, and more.

Now that I have covered identifying the configuration maximums for ESXi hosts and the virtual machines running on them, you can move to the next section of this chapter. In this section, I will cover administering virtual machines and vApps.

Administering Virtual Machines and vApps

Once virtual machines are deployed, they will need to be administered. Administering virtual machines and administering vApps are among the more common tasks that most virtual infrastructure administrators perform on the job. Knowing how to administer virtual machines and vApps is an important set of skills to have for any virtual infrastructure administrator and is equally important for the VCP5 exam. In the following section, I will discuss administering virtual machines and vApps.

Identifying Files Used by Virtual Machines

Virtual machines consist of a set of files stored on a storage device. The minimum files required for a virtual machine are a configuration file (VMX), a virtual disk file (VMDK), and an NVRAM file (BIOS or EFI). While these three files alone can constitute a virtual machine, there are many more file types that may be visible in a virtual machine's directory on a datastore. Some of these additional files are described in Table 7.3.

Table 7.3 Virtual machine files

It is also important to note that when viewing file types in the Datastore Browser, the virtual disk file information is abstracted. Figure 7.2 shows a listing of the files for VM1, as viewed in the Datastore Browser.

Figure 7.2 Virtual disks viewed in Datastore Browser

Notice that there is a single VMDK file listed that represents both the .vmdk and -flat.vmdk files. To view both of these actual files and their attributes, you can use the ESXi Shell. Figure 7.3 shows the listing of .vmdk files for the virtual machine VM1.

Figure 7.3 Virtual disks viewed in ESXi Shell

Note that in this listing the .vmdk and -flat.vmdk files are both visible. Always be aware of the level of abstraction present in the Datastore Browser when working with virtual disks.

Now that I have identified the various files used by virtual machines, I will cover identifying locations for virtual machine configuration files and virtual disks.

Identifying Locations for Virtual Machine Configuration Files and Virtual Disks

When a virtual machine is created, using any of the available methods, one of the options is to select destination storage for the virtual machine files. This location will be a VMFS or NFS datastore in your vSphere environment. The files used by the virtual machine will be stored on this datastore in a directory specified during the creation and will typically have the same name as the virtual machine. However, it is possible to store the virtual machine swap file and virtual disks in different directories.

The virtual machine swap (.vswp) file is created when a virtual machine is powered on. This file is used only if the ESXi host runs out of physical memory and is used to allow overcommitment of virtual memory for virtual machines running on the ESXi host. Initially, the .vswp file will be equal to the amount of virtual machine–assigned memory minus the memory reservation set for the VM. These files can be large, and in some cases, like when troubleshooting or using replication, it is better to have them on their own storage locations and not in the same working location as the virtual machine. (The working location is the directory where the virtual machine's configuration files are stored.) Figure 7.4 shows the virtual machine working location field.

Figure 7.4 Virtual machine working location

Virtual machine swap files can be placed in the following locations:

In addition to the virtual machine swap file, the virtual disks for a virtual machine can be stored in different datastores. When a new virtual disk is added to a virtual machine, the virtual disk location can be specified as part of the process. It is also possible to add virtual disks to a virtual machine from an existing directory, which would allow virtual disks to be in different datastores. Cold migrating or using Storage vMotion are two supported ways that a virtual disk could be moved to different datastores.

Now that the locations for virtual machine configuration files and virtual disks have been identified, I will cover configuring virtual machine options.

Configuring Virtual Machine Options

Virtual machine options are used to configure a variety of additional virtual machine properties. These options are accessed using the Options tab of the Virtual Machine Properties editor. You might recall that the Options tab was shown in Figure 7.4, where the virtual machine working location was identified. The properties that can be configured on the Options tab include the following:

• Virtual machine name
• Guest operating system
• VMware Tools
• Power management
• Logging, debugging, and statistics
• Configuration parameters
• CPUID mask
• Memory hot add and CPU hot plug
• BIOS and/or EFI
• NPIV
• Virtual machine monitor execution modes
• Swap file location

In Exercise 7.6, you will modify a virtual machine's configuration file (.vmx) by using the Configuration Parameters functionality in the Options tab. In this exercise, you will add two configuration parameters intended to limit the number and size of the virtual machine log files.

---

Exercise 7.6: Configuring Virtual Machine Options

1. Connect to a vCenter Server with the vSphere Client.

2. Select a powered-off virtual machine from the inventory and right-click it. Choose the Edit Settings option from the context menu that appears.

3. The Virtual Machine Properties window will appear. Click the Options tab.

4. Under the Advanced section in the left pane, select the General option by clicking it. Note in the Settings area at the top of the screen that the Enable Logging option is enabled by default. This option will enable logging to a single virtual machine log file in the working location of the VM.

5. In the lower-right pane, click the Configuration Parameters button. The Configuration Parameters window will appear, as shown here.

6. Click the Add Row button at the bottom of the window. A new row will be created in the list of configuration parameters. In the Name column, enter the following value: log.rotateSize.

7. Press the Tab key and enter the following value in the Value column in the same row: 1000.

This configuration parameter ensures that a new log file will be created when the current log file reaches the size of 1000 bytes. This size is purposefully small for this exercise and would normally be much larger. In the next steps, you will configure log rotation settings.

8. Click the Add Row button again. Another new row will be created in the list of configuration parameters. In the Name column, enter the following value: log.keepOld.

9. Press the Tab key on the keyboard and enter the following value in the Value column in the same row: 10.

This configuration parameter ensures that no more than 10 log files will be maintained. Older log files will be deleted as necessary.

10. The configuration parameters just entered should look like this.

11. Click OK in the Configuration Parameters window and then click OK in the Virtual Machine Properties window to save these changes.

12. A Reconfigure Virtual Machine task will start. When this task completes, browse to the working location of this virtual machine using the Datastore Browser.

13. Expand the directory for the virtual machine and locate the virtual machine's configuration file. This is the file that ends with the .vmx extension.

14. Right-click the .vmx file and choose the Download option from the context menu that appears. Save the file to a convenient location.

15. Open the file with WordPad or your favorite text editor. (Do not use Notepad, because it will not format the file properly.)

16. Locate the following lines in the .vmx file:

log.keepOld = “10”
log.rotateSize = “1000”

These two lines are the formatted result of the two rows you added in steps 6 to 10.

17. Leave the Datastore Browser open and power on this virtual machine.

18. Return to the Datastore Browser and refresh the contents of the working location of this VM by clicking the green Refresh button in the toolbar.

19. Note that the directory contents now include 10 log files. Note the names of the log files. Shut down the virtual machine and refresh the datastore contents again. Take note of the names of the log files now, because they should have been rotated and include new names.

---

Now that I have covered configuring advanced options by using the configuration parameters function, I will cover configuring additional options for the virtual machine. I will start with the power settings.

Configuring Virtual Machine Power Settings

A virtual machine has power options that are used to determine whether the virtual machine is suspended or left powered on when the guest OS is placed in standby mode. It is important to note that these options are not applicable to all guest operating systems and that Wake on LAN is supported only for Windows guest operating systems. Figure 7.5 shows the guest power management settings for a virtual machine running a 64-bit CentOS 5 guest operating system.

Figure 7.5 Wake on LAN Absent for CentOS VM

In addition to only supporting Windows guests, Wake on LAN also has the following NIC requirements:

• Flexible (VMware Tools required)
• vmxnet
• Enhanced vmxnet
• vmxnet 3

In Exercise 7.7, you will configure the power settings for a powered-off virtual machine. Powering the VM off is a prerequisite to changing the power settings.

---

Exercise 7.7: Configuring Virtual Machine Power Management Settings

1. Connect to a vCenter Server with the vSphere Client.

2. Select a powered-off virtual machine from the inventory and right-click it. Choose the Edit Settings option from the context menu that appears.

3. The Virtual Machine Properties window will appear. Click the Options tab.

4. In the left pane, click the Power Management option.

5. Choose the Put The Guest OS Into Standby Mode option and select the appropriate network adapter. The final configuration should look like this.

6. Click OK to save these changes.

7. A Reconfigure Virtual Machine task will begin. When this task completes, the power settings have been modified successfully.

---

Now that I have covered configuring the power settings for a virtual machine, I will cover configuring the virtual machine boot options.

Configuring Virtual Machine Boot Options

You can use the virtual machine boot options to control how a virtual machine starts. These options can be useful for obtaining access to a virtual machine's BIOS or EFI settings or for providing additional time to press the Esc key in order to obtain a boot menu. The virtual machine boot options can be configured using either the vSphere Client or the vSphere Web Client. In Exercise 7.8, you will configure the boot options for a powered-off virtual machine using the vSphere Web Client.

---

Exercise 7.8: Configuring Virtual Machine Boot Options Using the vSphere Web Client

1. Open a web browser and connect to the FQDN of the vCenter Server that will be used for this exercise.

2. Click the blue Log In To vSphere Web Client link.

3. Log in to the vSphere Web Client.

4. Select the powered-off virtual machine in the inventory in the left pane.

5. Click the blue icon with the yellow pencil on it located at the top right of the toolbar to edit the virtual machine settings.

6. An Edit VM window will appear. The default view is the Virtual Hardware tab. Click the VM Options tab at the top of the window.

7. In the VM Options view, expand the boot options by clicking Boot Options.

8. The boot options will now be displayed. Take a moment to review the options available here.

9. Select the Force BIOS Setup check box.

10. Click OK to save this change.

11. A Reconfigure Virtual Machine notification will appear. When the task completes, click the green Play icon on the top toolbar to power on the virtual machine.

12. Click the Launch Console link in the Guest OS Details pane and verify that the virtual machine successfully entered the BIOS setup.

---

Now that I have covered how to configure a virtual machine's boot options, I will cover how to configure troubleshooting options for virtual machines.

Configuring Virtual Machine Troubleshooting Options

As reliable as virtual machines are, occasionally it is necessary to troubleshoot them. Fortunately, several options are available for configuring virtual machine troubleshooting. One of these options was covered in Exercise 7.6, where you ensured that virtual machine logging was enabled. Just as the virtual machine logging options were configured in the virtual machine properties' Options tab, the other available troubleshooting options are also located here. These options, as shown in the vSphere Client, are shown in Figure 7.6.

Figure 7.6 Virtual machine troubleshooting options

In addition to logging, the other item in the Settings field is the Disable Acceleration option. You can use this option to slow down a virtual machine if there is a problem running or installing software in the virtual machine. If the problem with the software is then resolved, you can turn off the Disable Acceleration option.

In the Debugging And Statistics section, you can configure virtual machines to obtain additional debugging or statistical information. These options are typically used when working with VMware support.

I have now covered configuring troubleshooting options for virtual machines and will next cover identifying common practices for securing virtual machines.

Identifying Common Practices for Securing Virtual Machines

Because the virtual infrastructure can encompass so much of the physical infrastructure, securing virtual machines can seem like a daunting task. Consider that securing a virtual machine can involve all of the following items:

• Guest operating systems
• Virtual machine
• ESXi hosts
• Storage units connected to ESXi hosts
• Networks connected to the ESXi hosts
• vCenter Server or other management applications
• Backup servers or applications

Securing virtual machines is in many ways no different from securing physical machines. Operations such as hardening the guest operating systems, installing periodic guest operating system updates, and updating antivirus and other applications are all good examples of this. Beyond the practices used to protect the guest OS, there are some specific protections that must be provided to the virtual machines themselves.

Virtual machines can be hardened in many additional ways. Earlier in this chapter, in Exercise 7.6, you added log rotation to a virtual machine. This is an example of one of the many hardening practices that can be applied to virtual machines. These options can be found in the most current version of the vSphere Security Hardening Guide. The following are some of the virtual machine–specific hardening options that can be added to the virtual machine configuration file:

• Preventing virtual disk shrinking
• Preventing other users from spying on administrator remote consoles
• Ensuring that unauthorized devices are not connected (unless needed/required)
• Preventing unauthorized removal, connection, and modification of devices
• Disabling VM-to-VM communication through VMCI
• Limiting VM log file size and number
• Limiting informational messages from the VM to the VMX file
• Disabling certain unexposed features
• Disabling remote operations within the guest
• Not sending host performance information to guests
• Controlling access to VMs through VMsafe

The ESXi hosts also need to be protected in order to protect the virtual machines. ESXi hosts should be patched and hardened using the information contained in the vSphere Security Hardening Guide. ESXi hosts also include a firewall, which should be configured properly. ESXi hosts should use a syslog server and persistent logging and should also be configured for NTP to ensure accurate time. Management consoles should be on isolated networks dedicated to server management. The security of the virtual machines on the ESXi host is only as good as the security on the ESXi hosts used to run them. Much like with physical servers, if local access is obtained to the ESXi host, then the security battle is already lost.

In addition to the ESXi hosts, the storage and networks attached to them need to be secured to protect virtual machines. vMotion traffic is sent over the network in clear text, so to protect virtual machines, this traffic should be isolated. Hosts may have access to multiple networks, and understanding these networks is important in ensuring that virtual machines are not misconfigured. Virtual switch security should also be configured appropriately to minimize risks. Ethernet-based storage networks should use authentication mechanisms and be isolated. Fibre Channel SAN environments should make use of zoning and LUN masking practices to ensure that only authorized hosts have access to the storage devices.

Management applications, like vCenter Server, will also need to be secured to protect the virtual machines. By default vCenter Server installed on a Windows server puts the local Administrators group in the Administrator role for vCenter Server. If a standard default password is used for the local Administrator account in Windows, then more people may have potential access to your VMs than you think. VM sprawl can be another problem for virtual machine security. As virtual machines are deployed and then not tracked or not placed in life-cycle management systems, there could be VMs that are forgotten. Giving virtual infrastructure operations personnel the least amount of privileges can also be helpful in securing virtual machines. This can prevent operators from performing actions such as connecting VMs to the wrong networks, attaching disks, or worse.

One final consideration for securing virtual machines is to look at the backup applications or scripts that are used to back up complete virtual machine images. A backup of a complete system is a truly portable copy of a complete working system. Encryption or other methods of protecting the backups can be useful in protecting systems with sensitive data. For systems that utilize a Windows proxy server, it is also critical that the proper precautions are taken to ensure that Windows does not write signatures to your VMFS volumes. In addition, backup operators and other administrators who use this machine need to understand these implications.

Now that I have covered securing virtual machines, I will cover determining when an advanced virtual machine parameter is required.

Determining When an Advanced Virtual Machine Parameter Is Required

In the previous section, I covered the virtual machine configuration file security hardening options. If any of the virtual machine hardening best practices listed in the vSphere Security Hardening Guide were to be applied to a virtual machine, then it could be accomplished by adding advanced configuration parameters to the virtual machine. In Exercise 7.6, you added two of these advanced configuration parameters to a virtual machine. Figure 7.7 shows the two advanced configuration parameters that were added in Exercise 7.6.

Figure 7.7 Advanced configuration parameters

Another time when advanced configuration parameters might be added to a virtual machine is when working with VMware support. Advanced parameters can also be used to gain access to experimentally supported features and to create unsupported configurations. Those that have built a vSphere environment in a VMware Workstation lab have likely used some of these unsupported options to be able to test advanced features of vSphere.

Now that I have covered determining when advanced virtual machine configuration parameters are required, I will move on to hot extending a virtual disk.

Hot Extending a Virtual Disk

Hot extending a disk means increasing its capacity while the guest OS is running. Hot extending a virtual disk is a task that every virtual infrastructure administrator has probably already performed. This process is simple, and end users appreciate this capability as much as the virtual infrastructure administrator does. In Exercise 7.9, the steps to hot extend a virtual disk using the vSphere Web Client will be covered. This exercise will use a Windows Server 2008 R2 virtual machine.

---

Exercise 7.9: Hot Extending a Virtual Disk Using the vSphere Web Client

1. Open a web browser and connect to the FQDN of the vCenter Server that will be used for this exercise.

2. Click the blue Log In To vSphere Web Client link.

3. Log in to the vSphere Web Client.

4. Locate the VM in the inventory in the left pane and select it.

5. Click the blue icon with the yellow pencil on it located at the top right of the toolbar to edit the virtual machine settings.

6. An Edit VM window will appear. The default view is the Virtual Hardware tab. Locate the hard disk that will be extended.

7. Note the currently listed size shown to the right of the selected hard disk. Enter the new larger value for the hard disk and then click the OK button.

8. A Reconfigure Virtual Machine notification will appear. When the task completes, the disk has been extended.

At this point, the virtual disk has technically been hot extended. Until the guest OS has been reconfigured to utilize this new space, there is no real benefit to simply hot extending the disk. The remainder of this exercise will show how to extend the disk in Windows Server 2008 R2.

9. Click the Launch Console link in the Guest OS Details pane and log in to the Windows Server 2008 R2 VM.

10. Typically when logging in to Windows Server 2008 R2, Server Manager will start automatically. If Server Manager does not automatically start, locate it in the Start menu under Administrative Tools.

11. Expand the Storage item in the left pane. Select the Disk Manager.

12. In the right pane, review the information for the extended disk. The space that was added to the virtual disk should be visible and reported as Unallocated to the right of the current volume.

If the extended space is not visible, right-click the Disk Management icon in the left pane and choose the Rescan Disks option from the context menu that appears.

13. Right-click the volume to be extended and choose the Extend Volume option from the context menu that appears.

14. The Extend Volume Wizard will launch. Click Next to begin.

15. Review the information on the Select Disks screen and click Next to continue. By default, the extend operation will use all of the available space.

16. Click Finish to extend the volume in Windows.

17. On the Disk Management screen, verify that the volume was extended and is reporting the new size.

---

It is also important to remember that virtual disks may not be hot extended if the virtual machine has an active snapshot, and the disk options will even be grayed out in the Virtual Machine Properties editor. Now that I have covered hot extending a disk, I will show how to adjust virtual machine resources based on virtual machine workloads.

Adjusting Virtual Machine Resources (Shares, Limits, and Reservations) Based on Virtual Machine Workloads

Sometimes a virtual machine needs additional resources; for example, at month end, the finance application may require significantly more CPU and memory resources. Fortunately, there are ways to adjust the virtual machine resources for these types of situations.

You might recall the section on configuring disk shares in Chapter 6. Shares are used to specify the relative importance of a virtual machine as it pertains to a specific resource. In addition to the disk, the other two resources that may be configured for the virtual machine are CPU and memory. Just like disk shares, both CPU and memory resources can be adjusted on the Resources tab of the Virtual Machine Properties editor. This tab is shown in Figure 7.8. I will briefly define each of these resource types, and I will cover this subject in great detail in Chapter 8.

Figure 7.8 Resources tab for virtual machine

As discussed in the previous chapter, shares are used to specify relative importance of specific resources. Shares can have the values of Low, Normal, High, and Custom. Each of these values will be compared to the sum of all shares for all VMs on the host. Virtual machines with the highest share values will be able to consume more resources in periods of resource contention on the ESXi host.

In addition to shares, reservations can be used to guarantee a minimum allocation of CPU and memory for a virtual machine. This setting is used to claim a specific amount of the resource for the virtual machine so that these resources will always be available. Memory reservations can also be used to avoid overcommitment of physical memory resources. Memory reservations are required for virtual machines running in a vSphere Storage Appliance cluster, for example.

Limits are used to set an upper bound for resources. This prevents a virtual machine from using more resources than specified. This setting is by default set to Unlimited for both CPU and memory. Using this setting will ensure that the virtual machine uses close to the vCPU and memory allocations it has been granted.

Exercise 7.10 will cover the steps required to adjust virtual machine resources using the vSphere Client. For the purpose of this exercise, assume that the workload requires memory reservations to be set.

---

Exercise 7.10: Adjusting Virtual Machine Resources

1. Connect to a vCenter Server with the vSphere Client.

2. Locate a powered-off virtual machine in the inventory and select it. Right-click the virtual machine and choose the Edit Settings option from the context menu that appears.

3. A Virtual Machine Properties window will appear. Click the Resources tab.

4. Select Memory in the left pane, and note that values can be specified for Shares, Reservation, and Limit. Select the Reserve All Guest Memory (All Locked) box. The available options will all be grayed out after making this selection.

5. Click OK to save these changes. A Reconfigure Virtual Machine task will begin. When this task completes, power on the virtual machine, and it will have a memory reservation.

---

Now that I have covered adjusting virtual machine resources, I will next cover assigning a storage policy to a virtual machine.

Assigning a Storage Policy to a Virtual Machine

Profile-driven storage is used to provide guaranteed service levels to virtual machines. This works by using storage capabilities and VM storage profiles. Storage capabilities are divided into two types:

Where the storage capabilities define the capabilities of the storage, VM storage profiles are used to define different levels of storage requirements for virtual machines.

Exercise 7.11 will cover the steps required to prepare the virtual infrastructure to use storage profiles.

---

Exercise 7.11: Implementing Storage Profiles

1. Connect to a vCenter Server with the vSphere Client.

2. Select VM Storage Profiles from the Management options.

3. Click the Manage Storage Capabilities button located under the navigation bar. The Manage Storage Capabilities window will appear.

You have now verified whether system-defined storage capabilities are listed in the Manage Storage Capabilities window. Next you will add a user-defined storage capability and associate it with a datastore.

4. Click the Close button in the Manage Storage Capabilities window. Click the Home icon in the navigation bar and then select Datastores And Datastore Clusters from the Inventory options.

5. Right-click a datastore and choose the Assign User-Defined Storage Capability option from the context menu that appears.

6. An Assign User-Defined Storage Capability window will appear, as shown here.

7. Click the New button. An Add Storage Capability window will appear. Enter Gold for the Name field and provide a description if desired. Click OK.

8. Ensure that Gold is selected in the drop-down menu in the Assign User-Defined Storage Capability window and click OK to continue.

9. Click the Summary tab for this datastore, and verify that User-Defined Storage Capability reports Gold. Click the blue information icon located to the right of Gold to view the storage capability details, as shown here.

At this point, a user-defined capability has been created and associated with a datastore. Before storage profiles can be used, you must enable them.

10. Click the Home icon in the navigation bar and then select VM Storage Profiles from the Management options.

11. Click the Enable VM Storage Profiles button located under the navigation bar. The Enable VM Storage Profiles window will appear.

12. Select a cluster or host with a VM Storage Profile Status of Unknown.

13. Click the blue Enable link located at the top right of this window. A Reconfigure Cluster or Reconfigure Host task will begin. When this task completes, the VM Storage Profile Status column should now report a status of Enabled.

14. Click the Close button in the Enable VM Storage Profiles window.

At this point, storage profiles are created and enabled. The next step is to create a VM storage profile that will be later used to define the storage requirements for a virtual machine and its virtual disks.

15. Right-click the VM Storage Profiles item in the left pane and choose the Create VM Storage Profile option from the context menu that appears. The Create New VM Storage Profile Wizard will appear.

16. Enter Gold-Storage-Profile for the Name filed and provide a description if desired. Click Next to continue.

17. Select the Gold user-defined storage capability box, as shown here.

18. Click Next to continue.

19. Review the information presented in the Ready To Complete screen and click Finish.

20. Verify that Gold-Storage-Profile is listed in the left pane. You can also click the VM Storage Profiles tab and verify that the profile is listed. Note that VM storage profiles can also be edited and deleted here.

Next you will apply this VM storage profile to a virtual machine and its virtual disks.

21. Pick a virtual machine from the inventory and right-click it. Choose Edit Settings from the context menu that appears.

22. The Virtual Machine Properties window will appear. Click the Profiles tab.

23. Change the Home VM Storage Profile option to Gold-Storage-Profile using the drop-down menu. Note in the field below that the virtual hard disk has no VM storage profile associated with it.

24. Click the Propagate To Disks button and note how the VM storage profile is applied to the virtual hard disks for the virtual machine.

25. Click OK to save these changes. A Reconfigure Virtual Machine task will begin. When this task completes, locate the VM Storage Profiles panel on the Summary tab for the VM.

26. Ensure that the profile and its compliance are listed. You may need to click the blue Refresh button to refresh the panel, if there is no information displayed.

27. Click the Home icon in the navigation bar and then select VM Storage Profiles from the Management options.

28. Select VM Storage Profiles in the left pane and then select the VM Storage Profiles tab. Click the blue Refresh link located at the top of the tab. Verify that the Associated VMs and Associated Virtual Disks columns report the correct values.

---

I have now covered assigning a storage policy to a virtual machine. In the next section, I will cover the steps to verify storage policy compliance for a virtual machine.

Verifying Storage Policy Compliance for Virtual Machines

After establishing VM storage policies, it is often necessary to check virtual machines for compliance to the policy. In step 26 of the previous exercise, I covered how to check an individual virtual machine for VM storage profile compliance. In Exercise 7.12, I will cover the steps to determine whether all virtual machines and their virtual disks are using datastores that are compliant with their associated VM storage profile.

---

Exercise 7.12: Verifying VM Storage Policy Compliance

1. Connect to a vCenter Server with the vSphere Client.

2. Select VM Storage Profiles from the Management options on the Home screen.

3. Select the Gold-Storage-Profile item that you created in the previous exercise in the left pane. Click the Virtual Machines tab.

4. Review the list of virtual machines and virtual disks. Ensure that the Compliance Status column reports a value of Compliant and shows a green circular icon with a check mark, as shown here.

5. If the date shown in the Last Checked column is old, you can click the blue Check Compliance Now link at the top of the Virtual Machines tab to force a compliance check.

---

If any virtual machines or virtual disks report a status of Non-Compliant, the corrective action would be to use cold migration or Storage vMotion to move these items to compliant datastores.

I have now covered how to check virtual machine compliance for VM storage profiles, and with that, this chapter is complete.

Summary

This chapter covered managing and administering virtual machines. Knowing how to manage and administer virtual machines is essential knowledge for any virtual infrastructure administrator. Also in this chapter, I identified the different cloning and template options. You cloned an existing virtual machine and created a template from a virtual machine. Deploying virtual machines from templates was covered, in addition to updating existing virtual machine templates. I covered deploying virtual appliances and vApps from an OVF template. Importing and exporting OVF templates were each covered. I discussed how to determine the appropriate deployment methodology for a given virtual machine application. Identifying the vCenter Server–managed ESXi hosts and virtual machine maximums wrapped up the first section of this chapter.

The second part of this chapter focused on administering virtual machines and vApps. The files that make up virtual machines were identified, along with the locations where these files can be stored. I covered configuring different virtual machine options, including power settings, boot options, and troubleshooting options. Common practices for securing virtual machines were discussed. Determining when advanced configuration parameters are required was also covered. Hot extending a virtual disk was covered. Adjusting virtual machine resources was discussed. This chapter concluded with assigning a storage policy to a virtual machine and verifying the compliance of the storage policy.

Exam Essentials

Review Questions