VMware Hands-on Labs - HOL-SDC-1410


Lab Overview - HOL-SDC-1410 - What's New with vSphere 6?

Lab Guidance


This introductory lab demonstrates the core features and functions of vSphere with Operations Management and vCenter 6.0. This is an excellent place to begin your Virtualization 101 experience.

This lab will walk you through the core features of vSphere, vSphere with Operations Management and vCenter, including storage and networking. The lab is broken into 7 Modules and the Modules can be taken in any order.

NOTE:  If you are using a device with non-US keyboard layout, you might find it difficult to enter CLI commands, user names and passwords throughout the modules in this lab.  Refer to the file README.txt on the desktop for additional information on resolving the keyboard issue.

Each Module will take approximately 60-90 minutes to complete, but based on your experience this could take more or less time.  

We have included videos throughout the modules.  To get the most out of these videos, it is recommenced that you have headphones to hear the audio. The timing of each video is noted next to the title.  In some cases, videos are included for tasks we are unable to show in a lab environment, while others are there to provide additional information. Some of these videos may contain an earlier edition of vSphere, however, the steps and concepts are primarily the same.

Lab Captains: Doug Baer, Bill Call,Adam Eckerle, Cleavon Roberts, Dave Rollins and Paul Schlosser.

A copy of this manual can be downloaded in PDF format:

http://docs.hol.vmware.com/HOL-2014/hol-sdc-1410-upd_pdf_en.pdf

or viewed in HTML:

http://docs.hol.vmware.com/HOL-2014/hol-sdc-1410-upd_html_en/

This lab may be localized.  To see if this lab has been localized in your language and how to change your preferences to see it, you may review this PDF:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf


What is Virtualization?


If you are not familiar with Virtualization, this lesson will give you an introduction to it.


 

Virtualization:

 

Today's x86 computer hardware was designed to run a single operating system and a single application, leaving most machines vastly underutilized. Virtualization lets you run multiple virtual machines on a single physical machine, with each virtual machine sharing the resources of that one physical computer across multiple environments. Different virtual machines can run different operating systems and multiple applications on the same physical computer.

 

 

Virtualization Defined

 

Virtualization is placing an additional layer of software called a hypervisor on top of your physical server. The hypervisor enables you to install multiple operating systems and applications on a single server.

 

 

Separation

 

By isolating the operating system from the hardware, you can create a virtualization-based x86 platform. VMware's hypervisor based virtualizaton products and solutions provide you the fundamental technology for x86 virtualization.

 

 

Partitioning

 

In this screen, you can see how partitioning helps improve utilization.

 

 

Isolation

 

You can isolate a VM to find and fix bugs and faults without affecting other VMs and operating systems. Once fixed, an entire VM Restore can be perfomed in minutes.

 

 

Encapsulation

 

Encapsulation simplifies management by helping you copy, move and restore VMs by treating entire VMs as files.

 

 

Hardware Independence

 

VMs are not dependent on any physical hardware or vendor, making your IT more flexible and scalable.

 

 

Benefits

 

Virtualization enables you to consolidate servers and contain applications, resulting in high availability and scalability of critical applications.

 

 

Simplify Recovery

 

Virtualization eliminates the need for any hardware configuration, OS reinstallation and configuration, or backup agents. A simple restore can recover an entire VM.

 

 

Reduce Storage Costs

 

A technology called thin-provisioning helps you optimize space utilization and reduce storage costs. It provides storage to VMs when it's needed, and shares space with other VMs.

 

 

 

Cost Avoidance

 

 

Module 1 - What's New in vSphere 6 (90 Minutes)

What's New in vSphere 6.0?


On the next page, we've listed the new features in vSphere and vCenter 6.0. They have been broken up into three sections, vSphere/vCenter, Networking, and Storage. Also, where applicable, we have noted any labs that highlight new features, with the 'M' indicating the Module number of the lab. For example, next to vSphere Replication Enhancements, you will see a reference to HOL-SDC-1405/M2. This would mean you would find the vSphere Replication Module in HOL-SDC-1405, Module 2. If you do need assistance, just ask a Proctor for help!

That being said, if you do have time left over after completing your selected Module, feel free to explore some of these new features!


 

What's New in vSphere & vCenter 6.0

 

At a high level, these are the new features of vSphere and vCenter v6.0.

You will find more details on some of the features below.

 

 

Scalability - Configuration Maximums

 

The Configuration Maximums have increased across the board for vSphere Hosts in 6.0.  Each vSphere Host can now support:

Scalability - Virtual Hardware v11

This release of vSphere gives us Virtual Hardware v11.  Some of the highlights include:

 

 

Local ESXi Account and Password Management Enhancements

 

In the latest release of vSphere 6.0, we expand support for account management on ESXi Hosts.

New ESXCLI Commands:

Password Complexity:

Account Lockout:

 

 

vCenter Server 6.0 – Platform Services Controller

 

The Platform Services Controller (PSC) includes common services that are used across the suite.

The PSC and vCenter servers can be mixed and matched, meaning you can deploy Appliance PSC’s along with Windows PSC’s with Windows and Appliance based vCenter Servers. Any combination uses the PSC’s built in replication.

 

 

What's New in vSphere 6.0 - Networking and Security

Networking in vSphere 6.0 has received some significant improvements which has led to the following new vMotion capabilities:

More detail on each of these follows as well as details on the improved Network I/O Control (NIOC) version 3.

 

 

Cross vSwitch vMotion

 

Cross vSwitch vMotion allows you to seamlessly migrate a VM across different virtual switches while performing a vMotion.

The following Cross vSwitch vMotion migrations are possible:

Another added feature is that vDS to vDS migration transfers the vDS metadata to the destination vDS (network statistics).

 

 

Cross vCenter vMotion

 

Expanding on the Cross vSwitch vMotion enhancement, we are also excited to announce support for Cross vCenter vMotion.

vMotion can now perform the following changes simultaneously.

and finally…

All of these types of vMotion are seamless to the guest OS.  Like with vSwitch vMotion, Cross vCenter vMotion requires L2 network connectiviy since the IP of the VM will not be changed.  This functionality builds upon Enhanced vMotion and shared storage is not required.  Target support for local (single site), metro (multiple well-connected sites), and cross-continental sites.

 

 

Long Distance vMotion

 

Long Distance vMotion is an extension of Cross vCenter vMotion however targeted for environments where vCenter servers are spread across large geographic distances and where the latency across sites is 100ms or less.  Although spread across a long distance, all the standard vMotion guarantees are honored.

This does not require VVOLs to work.  A VMFS/NFS system will work also.

Use Cases:

Requirements:

 

 

Network I/O Control v3

 

Network I/O Control Version 3 allows administrators or service providers to reserve or guarantee bandwidth to a vNIC in a virtual machine or at a higher level the Distributed Port Group.

This ensures that other virtual machines or tenants in a multi-tenancy environment don’t impact the SLA of other virtual machines or tenants sharing the same upstream links.

Use Cases:

 

 

What's New in vSphere 6.0 Storage & Availability

 

At a high level, these are the new Storage & Availability features of vSphere 6.0.

You will find more details on some of the features below.

 

 

VMware Virtual Volumes

 

VVOLS changes the way storage is architected and consumed.  Using external arrays without VVOLS, typically the LUN is the unit of both capacity and policy.  In other words, you create LUNs with fixed capacity and fixed data services.  Then, VMs are assigned to LUNs based on their data service needs.  This can result in problems when a LUN with a certain data service runs out of capacity, while other LUNs still have plenty of room to spare.  The effect of this is that typically admins overprovision their storage arrays, just to be on the safe side.

With VVOLS, it is totally different.  Each VM is assigned its own storage policy, and all VMs use storage from the same common pool.  Storage architects need only provision for the total capacity of all VMs, without worrying about different buckets with different policies.  Moreover, the policy of a VM can be changed, and this doesn’t require that it be moved to a different LUN.

 

 

VVOLS - VASA Provider

 

The VASA Provider is the component that exposes the storage services which a VVOLS array can provide.  It also understands VASA APIs for operations such as the creation of virtual volume files.  It can be thought of as the “control plane” element of VVOLS.  A VASA provider can be implemented in the firmware of an array, or it can be in a separate VM that runs on the cluster which is accessing the VVOLS storage (e.g., as a part of the array’s management server virtual appliance)

 

 

VVOLS - Storage Container (SC)

 

A storage container is a logical construct for grouping Virtual Volumes.  It is set up by the storage admin, and the capacity of the container can be defined. As mentioned before, VVOLS allows you to separate capacity management from policy management.  Containers provide the ability to isolate or partition storage according to whatever need or requirement you may have.  If you don’t want to have any partitioning, you could simply have one storage container for the entire array.  The maximum number of containers depends upon the particular array model.

 

 

VVOLS - Storage Policy-Based Management

 

Instead of being based on static, per-LUN assignment, storage policies with VVOLS are managed through the Storage Policy-Based Management framework of vSphere.  This framework uses the VASA APIs to query the storage array about what data services it offers, and then exposes them to vSphere as capabilities.  These capabilities can then be grouped together into rules and rulesets, which are then assigned to VMs when they get deployed.  When configuring the array, the storage admin can choose which capabilities to expose or not expose to vSphere.

To get more detailed information on VVOLS consider taking HOL-SDC-1429 - Virtual Volumes (VVOLS) Setup and Enablement.

 

 

vSphere 6.0 Fault Tolerance

 

The benefits of Fault Tolerance are:

The new version of Fault Tolerance greatly expands the use cases for FT to approximately 90% of workloads with these new features:

The new technology used by FT is called Fast Checkpointing and is basically a heavily modified version of an xvMotion (cross-vCenter vMotion) that never ends and executes many more checkpoints (multiple/sec).

FT logging (traffic between hosts where primary and secondary are running) is very bandwidth intensive and will use a dedicated 10G nic on each host. This isn’t required, but highly recommended as at a minimum an FT protected VM will use more . If FT doesn’t get the bandwidth it needs the impact is that the protected VM will run slower.

 

 

vSphere FT 6.0 New Capabilities

 

DRS is supported for initial placement of VMs only.

 

 

Backing Up FT VMs

 

FT VMs can now be backed up using standard backup software, the same as all other VMs (FT VMs could always be backed up using agents). They are backed up using snapshots through VADP.

Snapshots are not user-configurable – users can’t take snapshots. It is only supported as part of VADP.

 

 

Availability - vSphere Replication

 

The features on this slide are new in vSphere Replication (VR) 6.0

Best results when using vSphere 6.0 at source and target along with vSphere Replication (VR) 6.0 appliance(s). Other configurations supported - example: Source is vSphere 6.0, target is vSphere 5.5. vSphere Replication Server (VRS) must decompress packets internally (costing VR appliance CPU cycles) before writing to storage.

VMware Tools in vSphere 2015 includes a “freeze/thaw” mechanism for quiescing certain Linux distributions at the file system level for improved recovery reliability. See vSphere documentation for specifics on supported Linux distributions.

Consider taking HOL-SDC-1405 Module 2 to explore VR 6.0 in more detail.

 

 

VMware vSphere 6 (4:22)

This video highlights some of the new features in vSphere 6.

 

Content Library


A new feature introduced in vSphere 2015 is the Content Library.  The Content Library are container objects for VM templates, vApp templates, ISO images and other files across your vCloud Suite environment.  CvSphere administrators can use the templates in the library to deploy virtual machines and vApps in the vSphere inventory. Sharing templates and files across multiple vCenter Server instances in same or different locations brings out consistency, compliance, efficiency, and automation in deploying workloads at scale.

 

In this lesson, we will walk through the process of creating a Content Library and synchronizing it to a second vCenter Server.


 

Open the vSphere Web Client

 

If you are not already in the vSphere Web Client, launch the Google Chrome browser from the Desktop.

The vSphere Web Client login page should appear and tick the 'Use Windows session authentication' box and click 'Login'.

 

 

vCenter Inventory Lists

 

Once logged into the vSphere Web Client, click on 'vCenter Inventory Lists'.

 

 

Content Libraries

 

Now click on the 'Content Libraries' tab.

 

 

Objects

 

Finally, click on the 'Objects' tab.

To create a new Content Library, click on the 'Create a New Library' button.

 

 

New Library - Name

 

When the New Library wizard appears, start by naming your Content Library 'StandardVMTemplates' and leave the vCenter Server as vcsa-01a.corp.local.

Click 'Next' to continue.

 

 

New Library - Configure library

 

There are two options available when creating a Content Library, a Local content library and a Subscribed content library.

When you choose a Local content library, it will only be accessible in the vCenter Server where it is created.  By default, it is only available to the account that created it.  If you select the option 'Publish content library externally', the Content Library can be shared with other users on the same or other vCenter Server instances.  You also have the option to password protect the Content Library by selecting the 'Enable authentication option.

The Subscribed content library is used to subscribe to a published Content Library.  We will be using this option later to synchronize the Content Library to the second vCenter Server.

For now, we will create a Local content library.

  1. Tick the boxes for both 'Publish content library externally' and 'Enable authentication'.
  2. In the Password field, use the password VMware1!

When you have finished, click 'Next'.

 

 

New Library - Add Storage

 

Now we need to decide where to place the new Content Library and we have a few options available to use.

Choose the second option, 'Select a Datastore' and select the 'ds-site-a-nfs01' datastore.  Click 'Next'.

 

 

New Library - Ready to complete

 

Verify your settings and click the 'Finish' button to create the new Content Library.

 

 

New Content Library

 

You should now see the newly create Content Library appear.

 

 

Adding a VM Template to the Content Library

 

Now that we have created the Content Library, let's add something to it!

Click on the Home icon and select 'VMs and Templates'.

 

 

Clone Template to Library

 

Right-click on the linux-micro-02a template and select the 'Clone to Library' option.

 

 

Adding Template to Library

 

Under the Filter tab, select the Standard VM Templates content library and click OK.

 

 

Open the Tasks Console

 

Let's monitor the progress by opening the Tasks Console.

Click on the Home icon and select Tasks.

 

 

Progress...

 

You can follow the progress of the task in the Tasks Console.  You can see the Template was cloned to an OVF package, Exported as an OVF template, then transfer to the Content Library.

 

 

Verify the template was added

 

Now we'll verify the VM Template was added to the library.

Select the 'vCenter Inventory Lists' tab.

 

 

Content Libraries

 

Next select the 'Content Libraries' tab.

 

 

Open the Content Library

 

Finally, click on the 'Standard VM Templates' content library.

 

 

Template Added

 

Here we can see the template that we just cloned to the content library.

 

 

Synchronizing Content to another vCenter Server

 

Now that we have content to share, let's synchronize it with the second vCenter Server.

Click the Content Libraries back button.

 

 

Edit Settings...

 

Right click on the 'StandardVMTemplates' content library and select 'Edit Settings...'

 

 

Copy URL

 

In the Edit Library window, click the 'Copy Link' button next to the subscription URL and click OK.  We will need this when we setup the synchronization to the other vCenter Server.

 

 

Home

 

Click on the Home icon and select Hosts and Clusters.

 

 

Select vcsa-01b.corp.local

 

Select the second vCenter Server, 'vcsa-01b.corp.local' and click the Content Libraries tab.  you may have to scroll a bit to the right to see it.

 

 

Create New Library

 

To add the new content library, click the 'Create New Library' button.

 

 

New Library - Name

 

Name your new library 'vcsa-01a-Templates'.

In the vCenter Server drop down box, select 'vcsa-01b-corp,local' and click 'Next'.

 

 

New Library - Configure Library

 

This time we will select the 'Subscribed content library' button.

Click the mouse in the Subscribed content library field and press Ctrl+V on the keyboard to paste the URL.

We also set a password on the Content Library, so you will need to tick the 'Enable authentication' box and enter VMware1! as the password.

Now we have a choice to make as to how much on the content we download.

Let's synchronize all the library content immediately by selecting the 'Download all library content immediately' radio button (if not already selected).

Click 'Next'.

 

 

New Library - Add storage

 

We have the same options here as we did when we created the first content library.  Let's stick with the datastore option.

Choose the 'Select a datastore' radio button and then select the 'ds-site-b-nfs01' datastore.

 

 

New Library - Ready to complete

 

Verify things look good and click 'Finish' to synchronize the content library to vcsa-01b.corp.local.

 

 

Newly created Content Library

 

In a few seconds, you will see your new Content Library appear!

 

 

Monitor the task

 

Open the Tasks console by selecting the Home icon and then choose Tasks.

 

 

Tasks Console

 

You can see in the Tasks Console the Content Library being created and then synchronized.

You may need to click the refresh button to see an update.

 

 

Deploy a VM from the Sync'd Library

 

Now that we have the Content Library sync'd to the the second vCenter Server, let's deploy a VM from it.

Start by clicking the Home icon and select Hosts and Clusters.

 

 

Open the Content Library on vcsa-01b.corp.local

 

Click on vcsa-01b.corp.local and make sure you are on the Related Objects tab.  Again, you may have to scroll over the right to see the Content Library tab, but click on it, then click on vcsa-01a-Templates.

 

 

Click on Templates

 

Click on the Templates tab to view the available Templates.

 

 

Right-click on linux-micro-02a

 

Right-click on linux-micro-02a and select New VM from This Template.

 

 

Select a Name and Location

 

Name your new VM 'linux-micro-03a' and select Datacenter Site B.

Click Next.

 

 

Select a Resource

 

Click on Cluster Site B, then click Next.

 

 

Review Details

 

Click Next on the Review Details Page.

 

 

Select Storage

 

In the Select virtual disk format, select 'Thin provision' from the drop-down menu.  Also, make sure you ds-site-b-nfs01 is selected as the datastore.

Depending on what modules in this lab you have completed previously, you may see additional datastores.

Click Next.

 

 

Select Networks

 

Leave the default VM network selected and click Next.

 

 

Ready to Complete

 

Review your settings and click Finish to deploy the new VM!

 

 

Monitor the task

 

Open the Tasks console by selecting the Home icon and then choose Tasks.

 

 

Monitor Progress

 

You can monitor the progress of the new virtual machine being created.

When all tasks have been completed successfully, you may proceed to the next step.

 

 

VMs and Templates

 

Click on the Home icon and select VMs and Templates.

 

 

New VM Created

 

Expand vcsa-01b.corp.local and Datacenter Site B and you see your newly created VM!

 

 

Are you up for a challenge?

 

If you are up for a challenge, why not see if you can add the TinyLinux-1 VM to the StandardVMTemplates Content Library by taking a clone of it.  You can then synchronize it to the vcsa-01a-Templates Content Library.  The only trick here is that you will need to manually synchronize the library.  The Content Libraries do synchronize, but on regular intervals of 4 hours.  The screen shot above shows the Synchronize Library button that will need to be clicked after the clone is added to the StandardVMTemplates Content Library in order to manually synchronize it to the vcsa-01a-Templates Content Library.

 

 

Conclusion

This concludes this lesson.

 

Migrating a Virtual Machine between Two vCenters


vMotion has been a standard feature of VMware virtual infrastructure since early 2004.  Migrating a powered-on VM between different vCenters while preserving network connectivity was introduced in 2015 with vSphere 6.


 

Let's take a look around.

 

1. Select "Use Windows session authentication".

2. Click the "Login" button.

This will pass through your current credentials (CORP\Administrator) to the Platform Services Controller for confirmation that you are allowed to access the system and your assigned roles.  Notice that the login proceeds immediately with vSphere 6.

 

 

 

A Familiar View

 

Feel free to click the push pins for the "Alarms", "Work In Progress" and "Recent Tasks" panes.  This will give you a little more room to work.  You open the pane by clicking on the closed pane and then re-close it by clicking on the closed pane button again.

Click on "Hosts and Clusters".

 

 

Focus on linux-micro-01a

 

Expand both vCenter inventories.  The linux-micro-01a virtual machine should be powered on.  If not, please power it on.

 

 

Review the virtual network adapter connection

 

Expand the "VM Hardware" pane.  Notice that a single virtual network adapter is connected to the "VM Network" portgroup which is on virtual Standard Switch.  Click on the "VM Network" link.

 

 

Review the networks in the data centers

 

Expand the network inventories in both vCenters.  There is a virtual Distributed Switch in both data centers as well as the standard switch.  We will migrate the linux-micro-01a VM from the Standard Switch on esx-01a Site A to the Distributed Switch in Site B.

 

 

Click the "Recent Objects" control to return to the linux-micro-01a VM

 

Simply highlight "linux-micro-01a" and click to return to this recently viewed object. This is a new time-saver in the vSphere 6 Web Client.

 

 

Prepare to test networking during the migration

 

1. Open the Windows Start menu.

2. Click the "ping-linux-micro-01a" short cut.

 

 

Verify the continuous ping to linux-micro-01a

 

After the ping has started, minimize the Windows command window. The continuous ping will verify network connectivity during the cross-vCenter vMotion.

 

 

Prepare to test networking even further

 

Open PuTTy from the Windows start bar along the bottom.  

1. Select "linux-micro-01a.corp.local"

2. Press the "Load" button

3. Press the "Open" button

 

 

Login proceeds

 

Public key SSH authentication is set up so no password is required.

 

 

Test networking from the VM

 

Let's start a continuous ping to Control Center from the VM we will be migrating.

Enter 'ping 192.168.110.10'.

Now you are ready to migrate.

 

 

Migrate the VM

 

Minimize the current PuTTy session (don't close it!) and go back to the vSphere Web Client.

Right click on the 'linix-micro-01a' VM and select 'Migrate'.

 

 

Select the migration type

 

When the Migrate Wizard appears, select "Change both compute resource and storage'.  Leave the default option of 'Select compute resource first' selected.

Click 'Next'.

 

 

Select compute resource

 

Expand vcsa-01b.corp.local and select 'Cluster Site B' and click 'Next'.

 

 

Select storage

 

On the next screen, you can leave the defaults selected.  Just click 'Next' to continue.

 

 

Select folder

 

Place the VM in Datacenter Site B by selecting it and click 'Next' to continue.

 

 

Select network

 

You may click 'Next' to continue. Remember that the target "VM Network" at Site B is a distributed port group on the Distributed Virtual Switch and the VM is currently connected to a Virtual Standard Switch on esx-01a in Site A.

 

 

Select vMotion priority

 

You can leave the default setting and click 'Next'.

 

 

Ready to complete

 

Verify your settings and click 'Finish' to migrate the VM.

 

 

Monitor Ping

 

Switch back to the PuTTy session and Command prompt and watch the pings.  You may see a packet drop or a slightly longer delay during the vMotion cut over. Notice that Layer 2 networking for the VM Network is stretched between the two sites and that the VM retains its IP address when it migrates between sites.

 

 

Back in the vSphere Web Client

 

Go back to the vSphere Web Client and you should now see the 'linux-micro-01a' VM running in Cluster Site B.

 

 

Monitor linux-micro-01a

 

Click on 'linux-micro-01a' and select the Monitor tab, then Events.

You will notice that all the events for the VM were carried over as it moved to the new vCenter Server.  This is also true for any of the performance data.

 

 

Check the VM network configuration

 

Click on the "VM Network" link as before.

 

 

Network migration complete

 

Click on "Related Objects".  Notice that "linux-micro-01a" is now connected to the "VM Network" port group on the "vds-site-b" Virtual Distributed Switch.  It was migrated from a Virtual Standard Switch on Site A.

 

 

Review vmkernel networking

 

1. Click on the "Hosts and Clusters" icon.

2. Select "esx-01b.corp.local"

3. Open the "Manage" tab

4. Select "Networking"

5. Click on "TCP/IP configuration"

Notice that new with vSphere 6, multiple TCP/IP stacks are provided for vmkernel ports.  The "vMotion" TCP/IP stack is using a different default gateway address than the default TCP/IP stack which is used for the management network.

Feel free to check a vSphere 6 host on Site A and compare vmkernel TCP/IP configurations.

In order to accomplish vMotion from the Site A vCenter to the Site B vCenter, vMotion traffic was routed between the sites. We simulated two sites in this vMotion exercise to show the flexibility of this new capability. In real life, the VM's layer 2 network must be stretched and 150ms RTT or less must be maintained on the vMotion network.

 

 

Lesson Cleanup - PuTTy

 

Go back to the PuTTy session and press Ctrl+C to end the ping.  Next type in 'exit' to terminate the PuTTy session.

 

 

Lesson Cleanup - Command Prompt

 

Now go back to the Command Prompt and press Ctrl+C to end the ping.  Type 'exit' to close the Command Prompt if the window does not close automatically.

 

 

Conclusion

Cross vCenter vMotion is a powerful new capability with a number of use cases.  It could be used to migrate between legacy Windows vCenter and a new vCenter appliance or anytime if makes sense to migrate VMs to a completely new set of virtual infrastructure.  And of course it can be used to migrate VMs between data centers for planned maintenance or other business purposes.

 

vSphere Web Client Enhancements


vSphere Web Client includes significant performance and usability improvements.

The performance improvements include login times that are up to 13 times faster, right-click menus that are visible and usable four times faster, and other actions that are now at least 50 percent faster. This puts vSphere Web Client on a par with the standalone VMware vSphere Client.

Let's take a look at some of the new usability improvements made to the vSphere Web Client.


 

Home Drop-down Menu

 

The first usability update we'll look at is the new Home drop-down menu.  Near the top of the browser, click the Home icon.

With this new drop-down menu, you can easily access any area of the vSphere Web Client from any screen.

Click on 'Hosts and Clusters'.

 

 

Expand vcsa-01a.corp.local

 

Use the twist arrow to expand vcsa-01a.corp.local until you can see the two hosts and virtual machines.

 

 

Right-click on esx-01a.corp

 

Another usability enhancement is the right-click actions.

Try this by right-clicking on 'esx-01a.corp.local'.  The first thing you should notice is that the menu itself appears much faster.

The second thing to notice is the menu items are no more than one layer deep.  This helps to avoid searching through multiple layers of menus to find the task you need.

 

 

Recent Tasks Pane

 

At the bottom of the Navigator, you will now see a link for Recent Tasks.  Click on it to open up the Recent Tasks pane.

 

 

Recent Tasks

 

In the Recent Tasks pane, you will find the most recent tasks, updated in real time making it easier to view.  In the Recent Tasks pane, you have the ability to:

  1. Pin the Recent Tasks pane to another part of the vSphere Web Client (more in this later!).
  2. View additional tasks.
  3. Hide the Recent Tasks pane.

 

 

Docking the Recent Tasks Pane

 

If you click on the Thumbnail in the Recent Tasks pane, it will dock it to the bottom of the vSphere Web Client.

Click on the Thumbnail to give it a try.

 

 

Customizing the UI

 

You can also move the Recent Tasks pane (or any other pane) by clicking and dragging the pane on the title bar.

Left-click and drag anywhere on the Recent Tasks title bar.  You'll notice four areas indicating where you can dock the Recent Tasks pane.  Let's move it over the right side by dragging it in the direction of the right arrow.  Move your mouse to the two blue arrows to the right until that side of the screen turns blue, then click your mouse to move the pane there.

 

 

Resizing the Pane

 

You do have the ability to re-size the pane by clicking in the empty space between panes and dragging it in the desired direction.

 

 

Move it Back!

 

In its current position, most of the useful information the Recent Tasks pane provides is cut off.

Let's move it back to its original location on the bottom of the screen by clicking the Recent Tasks title bar and dragging it to the bottom.

 

 

That's Better!

 

This layout seems to work better for me, but it is subject to personal preference which is one of the best parts of the vSphere Web Client, being able to customize it to how it works best for you.

 

 

Lesson Clean Up

 

To prepare for the next lesson, click on the thumbnail to hide the Recent Tasks pane back to the bottom of the vSphere Web Client.  This will give us more real estate for the lessons that follow.  If the Recent Tasks pane is needed, the lesson will guide you to it.

 

ESXi Security Enhancements


New security features have been implemented in vSphere 2015 and this lesson will focus specifically on updates to ESXi.

Some of the new updates worth mentioning are:

Account Management

ESXi 6.0 enables management of local accounts on the ESXi server, using new ESXCLI commands. The ability to add, list, remove, and modify accounts across all hosts in a cluster can be centrally managed using a vCenter Server system. Previously, the account and permission management functionality for ESXi hosts was available only with direct host connections. Setting, removing, and listing local permissions on ESXi servers can also be centrally managed.

Account Lockout

There are two new settings available in ESXi Host Advanced System Settings for the management of local account failed login attempts and account lockout duration. These parameters affect SSH and vSphere Web Services connections but not DCUI and console shell access.

These Advanced Settings can be found at the ESXi host level and are:

Password Complexity Rules

In previous versions of ESXi, password complexity changes had to be made by hand-editing the/etc/pam.d/passwd file on each ESXi host. In vSphere 6.0, this has been moved to an entry in Host Advanced System Settings, enabling centrally managed setting changes for all hosts in a cluster.  Use caution when editing this setting, the settings here are used for PAM's configuration file.

The Advanced Setting can be found at the ESXi host level and is:

Flexible Lockdown Modes

Prior to vSphere 6.0, there was one lockdown mode. Feedback from customers indicated that this lockdown mode was inflexible in some use cases. With vSphere 6.0, the introduction of two lockdown modes aims to improve that.

The first mode is “normal lockdown mode.” The DCUI access is not stopped, and users on the “DCUI.Access” list can access DCUI.  The second mode is “strict lockdown mode.” In this mode, DCUI is stopped.

There is also a new functionality called “Exception Users.” These are local accounts or Microsoft Active Directory accounts with permissions defined locally on the host where these users have host access. These Exception Users are not recommended for general user accounts but are recommended for use by third-party applications—“Service Accounts,” for example—that need host access when either normal or strict lockdown mode is enabled. Permissions on these accounts should be set to the bare minimum required for the application to do its task and with an account that needs only read-only permissions to the ESXi host

Smart Card Authentication to DCUI

This functionality is for U.S. federal customers only. It enables DCUI login access using a Common Access Card (CAC) and Personal Identity Verification (PIV). An ESXi host must be part of an Active Directory domain.

In this lesson, we will take a close look at the improved auditing feature in ESXi.


 

Improved Auditing in ESXi

In prior versions of vSphere, it was difficult to track accountability for actions vCenter Server performed on an ESXi host.  Any action vCenter performed against an ESXi host would be captured in log files, however it would only list the account vCenter used to communicate with the ESXi host, vpxuser.  One of the new enhancements to vSphere 2015 is the ability to log the user that performed the action in vCenter against an ESXi host.

In this lesson we will enable a service on an ESXi host and review the log files to see this information being captured.

 

 

Launch the Vsphere Web Client

 

If you are not already in the vSphere Web Client, launch the Google Chrome Browser from the Desktop.  You should automatically be redirected to the vSphere Web Client login page.

Tick the 'Use Windows session authentication' box and click the 'Login' button.

 

 

Hosts and Clusters

 

At the Home page, click the Hosts and Clusters icon.

 

 

Select esx-01a.corp.local

 

In the Navigator, select 'esx-01a.corp.local'.

Next, click on the Manage tab and then make sure you are in the Settings tab and click Security Profile.

 

 

Scroll down to Services

 

You will need to scroll down in the center pane until you see the Services section and click the Edit button.

 

 

CIM Server

 

Scroll down until you see the CIM Server service and click on it.

Click the Start button.

 

 

Wait for the CIM Server to start...

 

Once you see the CIM Server service update to Running, click OK.

 

 

Open a PuTTy Session

 

From the Taskbar, click on the PuTTy icon.

 

 

Open esx-01a.corp.local

 

Click on esx-01a.corp.local and click the Open button.

 

 

cd /var/log

 

You should be automatically logged into the ESXi host.

At the command prompt, enter:

cd /var/log

And press the Enter key.

 

 

Maximize the Window

 

To better view the log file, maximize the PuTTy window.

 

 

Search the vpxd.log file

 

We will use the grep command to search for the string 'ServiceSystem.start".  This string appears in the hostd.log file anytime a Service is started on an ESXi host.

Type the following command and press the Enter:

grep "ServiceSystem.start" hostd.log

 

 

Search Results

 

In the search results we can see that a service was started and it was initiated by vpxuser on behalf of CORP\Administrator.

 

 

End the PuTTy Session

 

Type 'exit' to terminate the PuTTy session.

 

 

vSphere Web Client

 

Back in the vSphere Web Client, click on the Edit button in the Services section.

 

 

Stop the CIM Server service

 

You will need to scroll down in order to see the CIM Server.  Once you find it, click on CIM Server.

You may have to click the triangle next to Service Details, then click the Stop button.

Click Yes to confirm you want the to stop the service.

 

 

Exit the Security Profile window

 

Once the service has stopped, click OK to close the Security Profile window.

 

 

Conclusion

This concludes the lesson on ESXi Security Enhancements.

 

vSphere SSL Certificates


Secure communication between components of a distributed system is critical to preserving integrity of the system as a whole. vSphere components use Secure Sockets Layer (SSL) to communicate securely with one other and with ESXi hosts. SSL is a standard for creating an encrypted link between two devices. Communications secured in this manner ensure both data confidentiality and integrity; data is protected, and cannot be modified in transit without detection.

vCenter Server services like the Web Client use their certificates for the initial authentication to vCenter Single Sign-On (SSO). SSO then assigns each component a SAML token that the component uses for ongoing authentication.


 

Security Warning!

 

Just about every vSphere administrator is familiar with the Security Warning dialog that shows up when the vCenter C# client is loaded. Initially, most vSphere components use what is known as a self-signed certificate. This provides an encrypted connection but does not guarantee that the host receiving the data is the one you think it is.

 

 

Privacy Error!

 

Web browsers are becoming increasingly paranoid about the certificates that are trusted by default. These messages can be scary, but the hoops you need to jump through to accept the potentially unsafe communication can be really annoying. The bottom line is that you don't know, so you have to assume the worst. Nobody wants to be the target of a lawsuit.

 

 

The Certificate Authority

 

Some people have resigned themselves to clicking the Ignore button every time they need to login to vCenter. Others have worked around the system by explicitly trusting the presented certificates for each device on every machine they use. That is operationally intensive and frequently infeasible, depending on the number of devices and certificates in play.

This is where the Certificate Authority (CA) can be very helpful. With one of these in place, every certificate issued by the trusted authority is automatically trusted via the chain of trust built during its integration: you trust the CA-issued certificates because the trusted CA tells you that they are good. Secure communication with no more warnings!

There are many public CAs out there that will sell certificates to you, but purchasing a certificate for each component/service is costly and unnecessary. Creating and managing your own Enterprise Certificate Authority is not a trivial undertaking, but setting one up just to secure communication between vSphere components might be overkill.

Even with a basic CA in place, the complexity involved with replacing all of the vSphere 5.x service certificates is about as pleasant as getting a root canal or sitting through a certification exam! Thankfully, this process has been greatly improved in vSphere 6.

 

 

Introducing the VMware Certificate Authority

In vSphere 6.0 and later, the VMware Certificate Authority (VMCA) issues certificates for VMware solution users, machine certificates for machines on which services are running, and ESXi host certificates.

There are three different modes of operation for the VMCA, each with specific use cases, described below. Note that VMCA is not a general purpose CA and its supported use is limited to VMware components.

Default VMCA: VMCA uses a self-signed root certificate. It issues certificates to vCenter, ESXi, service users, etc. and manages these certificates. These certificates have a chain of trust that stops at the VMCA root certificate.

Enterprise VMCA: VMCA is configured as a subordinate CA and is issued subordinate CA signing certificate by an Enterprise Root CA. In this configuration, issued certificates have a chain of trust that terminates on the Enterprise CA’s root certificate. Certificates issued using the default VMCA configuration, prior to replacing the VMCA’s self-signed root certificate with a CA signing cert will be regenerated and pushed out to the components.

Custom: This configuration completely bypasses the VMCA and is only intended for those customers that want to completely manage their own certificates. A certificate will need to be generated and installed manually (or via some external automated process) for each component, similar to the process used for managing CA-issued certificates in vSphere 5.x.

Note that in Default and Enterprise modes VMCA certificates can be easily regenerated on demand. In the Custom mode, you must ensure that the certificates are generated through some other process.

 

 

What does this look like?

 

In the lab, we are using the default VMCA configuration and have added the root VMCA certificate to the local machine's Trusted Root Certification Authorities store in Windows. This is used by Internet Explorer, Chrome, and the VMware C# Client.

Open the Trusted Root Certificates link (1) from the Desktop and locate the certificate (2) that was Issued to CA and by CA. This is the VMCA's root certificate. You may also notice that there is a CONTROLCENTER-CA certificate in this list. This is the CA that runs on the ControlCenter machine in the labs and can be used to issue certificates to machines and services that are not yet integrated with the VMCA.

You may see two entries for each of these CAs. There is no harm in this and is the result of a Group Policy that is in effect to automatically add these two certificates to the Trusted Root Certification Authorities store for any Windows machine that joins our CORP domain.

 

 

Certificate Management for ESXi Hosts

 

In vSphere 6, certificate management for ESXi hosts is performed from the vSphere Web Client.

Launch Firefox using the icon on the desktop or task bar. The Site A Web Client should load automatically when Firefox opens

  1. Click the Use Windows session authentication checkbox
  2. Click Login

 

 

 

Go to Hosts and Clusters View

 

In the Navigator pane on the left, click on the Hosts and Clusters link (1) to open that view of the inventory.

 

 

Checking ESXi host's Certificate

 

  1. Select the esx-01a.corp.local host in the inventory list
  2. Click on the Manage tab
  3. Click on the Certificate section

Notice that the host's SSL certificate details are displayed, including the status, issuer, and expiration date.

 

 

Reissuing an ESXi host's SSL Certificate

 

  1. Renewing the certificate for the esx-01a.corp.local host from this screen is as simple as clicking the Renew button and answering Yes to the confirmation prompt.
  2. From a screen where the host object is visible, it is also possible to right-click on the host object and navigate to Certificates> Renew Certificate to achieve the same result. This option is especially useful for renewing certificates for many hosts at once because it supports multiple selection.

Choose one of these methods and renew the certificate for the esx-01a.corp.local host.

Notice that the Valid from and Valid to dates update to reflect today and 5 years from today, respectively. This is the default lifetime for VMCA certificates.

 

 

vCenter Certificate Management Settings

 

Out of the box, the certificates issued to hosts use certificates that are valid for 5 years. We would like certificates that are valid for 10 years -- I don't like to keep checking. The parameters for host certificates are stored inthe vCenter Advanced Settings.

  1. Select the vCenter Server vcsa-01a.corp.local
  2. Click on the Manage tab
  3. Click Settings
  4. Click Advanced Settings
  5. Enter "certs" into the Search box

The parameter to edit is vpxd.certmgmt.certs.daysValid. This parameter has a valid range of 1 to 5,475 (~15 years).

Click the Edit button to bring up the Advanced Settings Editor.

 

 

Change validity period of host certificates

 

This window can be used to edit all of the Advanced Settings.

  1. Enter "daysValid" into the Filter box to filter the list.
  2. Highlight 1825 and replace it with 3650 to change from 5 to 10 years.
  3. Click the OK button to save the change

 

 

 

Enact the change on the esx-01a.corp.local host

 

Making the change to 10-year certificates does not cause them to automatically regenerate.

  1. Click on the esx-01a.corp.local host in the inventory list and navigate to the Manage> Settings> Certificate area, as before.
  2. Note the current "Valid to" date, which should be roughly 5 years away.
  3. Click the Renew button (1) and wait for the screen to refresh-- it should happen automatically
  4. Notice that the "Valid to" date (2) is now ~10 years away from today.

If required, this procedure can be used to change the default Organization (VMware), Organizational Unit (VMware Engineering), State (California), Locality (Palo Alto), Country (US), and Administrator Email address fields that are part of these host certificates.

Note that this is much simpler than the previous method of using WinSCP to copy rui.key and rui.crt files to and from ESXi hosts after generating certificate requests by hand and fulfilling them from an external CA. In addition, the VMCA keeps track of the expiration dates for these certificates and will apply the Yellow and Red badges to the host objects to indicate that they are nearing the end of their validity period.

 

 

Viewing vCenter Certificates with the Web Client

 

It is possible to view all certificates issued by the VMCA by logging in with the Web Client as a user with privileges for VMware Certificate Authority. This is a user that is a member of the CAAdmins vCenter Single Sign-On group. By default, the SSO administrator has this access.

  1. If you are currently logged in as another user in the Web Client, click on your user name and select Logout
  2. At the login screen, enter the User name administrator@vsphere.local and password VMware1!
  3. Click the Login button

 

 

Navigate to Administration

 

In the Navigator, click on Administration

 

 

Locate System Configuration

 

Near the bottom of the Administration list in the Navigator, find System Configuration under Deployment. In the screen shot, the other sections have been collapsed to save space.

 

 

Open the Certificate Authority

 

  1. Click on the Nodes item under System Configuration
  2. Select the psc-01a.corp.local node. In the lab, we have two vCenter Server appliances and an external Platform Services Controller (PSC). The VMCA is a component of the PSC.
  3. Click the Manage tab
  4. Select Certificate Authority

As an added measure of security, it is required to enter the current user's password once again to browse the CA.

Click on the Verify Password link in the middle of the Certificate Authority panel and enter the password VMware1! when prompted.

 

 

Browse Active Certificates

 

  1. Click on Active Certificates to get a list of all currently active certificates. You can also list Revoked and Expired certificates here, but there are none in this lab.
  2. Scroll to the bottom of the list and click on the last certificate
  3. If you have completed previous exercises in this section, notice that the "Valid To" date of the latest certificate is ~10 years from today.
  4. Due to the small size of the console screens in the lab environment, it may be difficult to see details of the certificates in this table view. Click on the Certificate icon (4) to open a more detailed view of the selected certificate.

Note that the green check marks next to the "Valid To" dates mean that the certificates are within their validity period and have not expired.

 

 

Show Certificate Details

 

This screen shows more detailed information about the 10-year certificate that was issued in an earlier exercise -- or whichever certificate was selected in the main table view. Note that this information is read-only and intended for reference purposes only.

On smaller screens, the OK button may be drawn off the bottom of the screen. Double-click on the title bar of this dialog (1) to resize it and display the buttons. Click OK or Cancel depending on your preference; they serve the same purpose here.

 

 

Log out

 

This concludes the module.

  1. Click on the name of the logged-in user, Administrator@VSPHERE.LOCAL
  2. Click Logout

 

 

Conclusion

Secure Sockets Layer (SSL) allows secure communication, but management of the required enterprise trust infrastructure, commonly known as a Public Key Infrastructure (PKI), requires more than a passing understanding of the complexities involved.

vSphere 6 includes a more limited and focused PKI that has been configured for use specifically by vSphere components. This infrastructure has been made simpler to manage than a general purpose PKI due to its more targeted use case: communication between various and well-defined components of the distributed vSphere environment.

For those who are experienced with PKI concepts and already have an Enterprise deployment, VMware has provided the capability to integrate the new vSphere-specific CA with an existing PKI for simpler management.  If corporate policy requires, it is also possible for the existing enterprise PKI to manage all certificates required by the vSphere components.

 

Network I/O Control Enhancements (NIOC)


vSphere Network I/O Control version 3 introduces a mechanism to reserve bandwidth for system traffic based on the capacity of the physical adapters on a host. It enables fine-grained resource control at the VM network adapter level similar to the model that you use for allocating CPU and memory resources.

Models for Bandwidth Resource Reservation

Network I/O Control version 3 supports separate models for resource management of system traffic related to infrastructure services, such as vSphere Fault Tolerance, and of virtual machines.

The two traffic categories have different natures. System traffic is strictly associated with an ESXi host. The network traffic routes change when you migrate a virtual machine across the environment. To provide network resources to a virtual machine regardless of its host, in Network I/O Control you can configure resource allocation for virtual machines that is valid in the scope of the entire distributed switch.

Bandwidth Guarantee to Virtual Machines

Network I/O Control version 3 provisions bandwidth to the network adapters of virtual machines by using constructs of shares, reservation and limit. Based on these constructs, to receive sufficient bandwidth, virtualized workloads can rely on admission control in the vSphere Distributed Switch, vSphere DRS and vSphere HA.

Network I/O Control Version 2 and Version 3 in vSphere 6.0

In vSphere 6.0, version 2 and version 3 of the Network I/O Control capability can coexist. The two versions implement different models for allocating bandwidth to virtual machines and system traffic. In Network I/O Control version 2, you configure bandwidth allocation for virtual machines at the physical adapter level. In contrast, version 3 lets you set up bandwidth allocation for virtual machines at the level of the entire distributed switch.

When you upgrade a distributed switch, the Network I/O Control is also upgraded to version 3 unless you are using features that are not available in Network I/O Control version 3, such as CoS tagging and user-defined network resource pools. In this case, the difference in the resource allocation models of version 2 and version 3 does not allow for non-disruptive upgrade. You can continue using version 2 to preserve your bandwidth allocation settings for virtual machines, or you can switch to version 3 and tailor a bandwidth policy across the hosts connected to the switch.

In this lesson, we will walk through the steps needed to configure Network I/O Control at the vNIC level.


 

Open the Google Chrome Browser

 

If you do not already have the vSphere Web Client running, open the Google Chrome browser from the desktop.

Login to the vSphere Web Client by ticking the box for 'Use Windows session authentication' and click the Login button.

 

 

Select Networking

 

First, let's verify we are the vDS we want to use is running NIOC version 3 and is enabled.

Start by clicking the Networking icon.

 

 

Expand vcsa-01a.corp.local

 

Expand vcsa-01a.corp.local until you can see the distributed switch vds-site-a.

 

 

Edit Settings

 

Click on vds-site-a, then click on the Settings tab.  Finally make sure you are on the Properties tab.

We can see that Network I/O Control is enabled on the distributed switch.

Note: If it were not enabled, you would just need to click the Edit button, select Enable in the Network I/O Control drop-down box and click OK.

 

 

Verify the Network I/O Control Version

 

Now let's see what version of Network I/O Control we are running.

Click on the Resource Allocation tab.  You may have to unpin the Navigation pane to see this.

Here you can see that we are running version 3, which is the required version for NIOC at the vNIC level.

Note: If the distributed switch was running an earlier version of NIOC, you just need to right-click on the distributed switch in the Navigation pane and select 'Upgrade--> Upgrade Network I/O Control...'.

 

 

Configure Bandwidth Allocation

 

Much like virtual machine CPU and Memory reservations and limits, we will need to create them for networking.  In our case, since we want to reserve bandwidth for virtual machines, we'll modify the reservations for virtual machine traffic.

Start by clicking on 'Virtual Machine Traffic' in the traffic types list and clicking the Edit button.

 

 

Reservation

 

In the Reservation box, type '2000' to reserve 2,000Mbs bandwidth for Virtual Machine traffic.  Leave all other settings to their defaults.

Click OK to continue.

 

 

Reservation Set

 

Once you click OK, you will notice even though we have set a reservation of 2,000Mbs for virtual machine traffic, it is not showing up under the Reservation Column.  This is because we have just set the Reservation and not actually reserved it for a virtual machine.

 

 

Show the Navigation Bar (if you unpinned it).

 

Click on the Navigation link on the left hand side, if you unpinned it earlier.

 

 

Pin the Navigation Bar

 

Now click the thumbnail so it points down.  This will pin the navigation bar back in place.

 

 

Select Hosts and Clusters

 

From the Home menu, select Hosts and Clusters.

 

 

Clone TinyLinux-01

 

So we don't interfere with other lessons you may want to take, let's clone TinyLinux-01.

Right-click on 'TinyLinux-01' and select Clone --> Clone to Virtual Machine...

 

 

Name your VM

 

Name your VM linux-nioc-01a and accept the default location of Datacenter Site A for the location.

Click Next to continue.

 

 

Select Cluster Site A

 

Place the VM on Cluster Site A by clicking on it.

 

 

Accept Default Storage

 

Just click Next for the storage selection.

 

 

Un-check All Boxes

 

Make sure to un-check all the boxes before clicking Next.

 

 

Ready to Complete

 

Verify the settings look correct and click Finish to clone the VM.

It should only take a minute to perform the clone operation.  You can track the progress by clicking on the Recent Tasks link in the bottom left corner of the vSphere Web Client.

 

 

Edit the VM Settings

 

Right-click on the newly cloned VM, linux-nioc-01a and select Edit Settings...

 

 

Expand Network Adapter 1

 

Expand out Network adapter 1 and you will notice some new options.  Now we can set how much bandwidth to reserve for this specific vNIC on the virtual machine.

Let's give it all 1,000Mbs of the 2,000Mbs reservation we set.

Type 2000 in the Reservation box.  Click OK.

Note: If you don't see this box, make sure you connected Network adapter 1 to VM Network (vds-site-a).

 

 

Viewing Reservation

 

You can now see the reservation is set so that this virtual machine's network adapter will have a reserved 2,000Mbs of bandwidth.

 

 

Lesson Clean Up

 

Feel free to explore other options with NIOC.  When you are finished with this lesson, please delete the linux-nioc-01a virtual machine to avoid confusion in other lessons.

Just go back to the Hosts and Clusters view and right-click on the virtual machine linux-nioc-01a and select Delete from Disk.

 

 

Conclusion

This concludes Module 1 - What's New with vSphere 6.  We hope you have enjoyed taking this lab and don't forget to take the survey at the end.

If you have time remaining, here are the other Modules that are part of this lab, along with an estimated time to complete each one.  Click on the 'Table of Contents' button to quickly jump to that Module in the Manual.

 

Module 2 - Introduction to Management with vCenter Server (60 Min)

What is vSphere?


VMware vSphere is the world's leading virtualization platform. As virtualization & the vSphere platform have continued to grow, organizations have faced new challenges. With vSphere, IT can rapidly provision Virtual Machines (VMs) but have found that management, capacity planning, and lifecycle management of these VMs has becoming increasingly difficult.  VMware vSphere with Operations Management (vSOM) is a new solution that enables users to gain operational insight into a vSphere infrastructure while also optimizing capacity. As vSphere environments continue to grow it is essential that users have proactive management that can deliver monitoring, performance, and capacity information at a glance. This detailed analysis enables users to get the most out of the virtualization platform by reclaiming unused capacity, rightsizing virtual machines, improving utilization, and also helping to increase consolidation ratios. This new VMware solution combines vSphere with vRealize Operations Standard.


 

Video: Introduction to VMware vSphere with Operations Management (5:48)

This video will show you how vSphere with Operations Management can help you manage a more efficient and available environment.

 

ESXi Install and Configure


Due to the environment the Hands on Labs are running in and the high I/O it would cause, we are not able to install software.  Please use the following videos to walk through the process.


 

Video: Installing and Configuring vSphere (4:36)

The following video will walk through the process of installing and configuring vSphere.

 

 

Video: Overview of the DCUI (4:58)

This video will walk you through the Direct Console User Interface (DCUI).

 

vCenter 6.0 Overview


vCenter Server unifies resources from individual hosts so that those resources can be shared among virtual machines in the entire datacenter. It accomplishes this by managing the assignment of virtual machines to the hosts and the assignment of resources to the virtual machines within a given host based on the policies that the system administrator sets.


 

vSphere v6.0 Components

 

The above diagram shows how vCenter fits in the vSphere stack.  With vCenter installed, you have a central point of management.  vCenter Server allows the use of advanced vSphere features such as vSphere Distributed Resource Scheduler (DRS), vSphere High Availability (HA), vSphere vMotion, and vSphere Storage vMotion.

The other component is the vSphere Web Client.  The vSphere Web Client is the interface to vCenter Server and multi-host environments. It also provides console access to virtual machines. The vSphere Web Client lets you perform all administrative tasks by using an in-browser interface.

 

 

vCenter 6.0 Components

 

Starting with vSphere 5.1 there are two methods to deploy vCenter.  The first method is a Windows installation.  With the Windows method, you can install vCenter Single Sign On, Inventory Service, and vCenter Server on the same host machine (as with vCenter Simple Install) or on different virtual machines.

The other method is a virtual appliance.  The vCenter Server Appliance (vCSA) is a single preconfigured Linux-based virtual machine optimized for running vCenter Server and associated services.

 

 

Platform Services Controller (PSC)

 

The Platform Services Controller (PSC) includes common services that are used across the suite. These include Single Sign-On (SSO), Licensing, and the VMware Certificate Authority (VMCA). You will learn more about SSO and the VMCA in the following pages.

The PSC is the first piece that is either installed or upgraded. When upgrading a SSO instance becomes a PSC.  There are two models of deployment, embedded and centralized.

The PSC and vCenter servers can be mixed and matched, meaning you can deploy Appliance PSC’s along with Windows PSC’s with Windows and appliance-based vCenter Servers. Any combination uses the PSC’s built in replication.

Use Case:

 

 

vCenter Single Sign On

vSphere 5.1 introduced vCenter Single Sign On (SSO) as part of the vCenter Server management infrastructure. This change affects the vCenter Server installation, upgrading, and operation. Authentication by vCenter Single Sign On makes the VMware cloud infrastructure platform more secure by allowing the vSphere software components to communicate with each other through a secure token exchange mechanism, instead of requiring each component to authenticate a user separately with a directory service like Active Directory.

 

 

vCenter Single Sign On - Typical Deployment

 

Starting with version 5.1, vSphere includes a vCenter Single Sign-On service as part of the vCenter Server management infrastructure.

Authentication with vCenter Single Sign-On makes vSphere more secure because the vSphere software components communicate with each other by using a secure token exchange mechanism, and all other users also authenticate with vCenter Single Sign-On.

Starting with vSphere 6.0, vCenter Single Sign-On is either included in an embedded deployment, or part of the Platform Services Controller. The Platform Services Controller contains all of the services that are necessary for the communication between vSphere components including vCenter Single Sign-On, VMware Certificate Authority, VMware Lookup Service, and the licensing service. For example, in the image above, SSO resides within the Platform Services Controller as part of this multi-vCenter topology. Both Windows and the vCSA can participate in this topology.

 

 

vCenter Single Sign On - Single vCenter

 

In a single vCenter topology, the PSC (along with all of its associated services) can run on a single machine, also called the embedded deployment. This single machine could be a physical Windows server, a Windows VM, or the vCSA.

While vCenter Server requires a database as shown above, SSO itself does not have such a requirement. 

 

 

More Information on Single Sign On

The second Module in this lab, Introduction to vSphere Networking and Security covers SSO in more detail.

However, you can also refer to the vCenter 6.0 Deployment Guide for more in-depth requirements and considerations for SSO architecture in vCenter 6.0:

http://www.vmware.com/files/pdf/techpaper/vmware-vcenter-server6-deployment-guide.pdf

 

Using the vSphere 6.0 Web Client


This lab will introduce the new vSphere 6.0 Web Client and its functionality.  

The vSphere Web Client is the primary method for system administrators and end users to interact with the virtual data center environment created by VMware vSphere®. vSphere manages a collection of objects that make up the virtual data center, including hosts, clusters, virtual machines, data storage, and networking resources.

The vSphere Web Client is a Web browser-based application that you can use to manage, monitor, and administer the objects that make up your virtualized data center. You can use the vSphere Web Client to observe and modify the vSphere environment in the following ways.

■ Viewing health, status, and performance information on vSphere objects

■ Issuing management and administration commands to vSphere objects

■ Creating, configuring, provisioning, or deleting vSphere objects

You can extend vSphere in different ways to create a solution for your unique IT infrastructure. You can extend the vSphere Web Client with additional GUI features to support these new capabilities, with which you can manage and monitor your unique vSphere environment.


 

Main Areas of the Web Client

 

The vSphere Web Client is broken into 6 main areas also referred to as panes.

  1. The navigation tree or Navigator
  2. The main content area
  3. The Search bar
  4. The Work in Progress list
  5. The Alarms list
  6. And the Recent Tasks list

The layout of these panes can be customized. Click the push pin icon in the Navigator, Recent Tasks, Work in Progress, or Alarms panes to minimize them. This can create more room for the main area if you are working on a small monitor or one with low resolution.  You can also change where each of those panes are shown by dragging the title bar of the pane to one of the edges of the screen.

Please Note: In this lab, since we're limited to a small screen resolution, we've set all the panes to be minimized by default to give you the most screen real estate possible.  You can open any or all panes at your convenience and click on the push pin in any pane to allow it to stay on the screen.

 

 

Review main areas of web interface

 

Start the Firefox web browser which will open to the "Site A Web Client".

  1. Click the "Use Windows session authentication" check box
  2. Click "Login"

 

 

vCenter 6.0 Inventory

 

  1. Click "vCenter Inventory Lists" in either the left-hand tree or the right-hand pane.  Clicking vCenter Inventory Lists will take you to the inventory page where you find all the objects associated with vCenter Server systems such as datacenters, hosts, clusters, networking, storage, and virtual machines.

 

 

Child objects, Data Centers, and Hosts

 

  1. Click the "Virtual Machines" inventory item.  By selecting this inventory item, you are presented with a list of the VMs which are located in this environment.

 

 

Virtual Machine Summary

 

  1. Click the "w12-core" virtual machine.
  2. Click the "Summary Tab" for that virtual machine.  On this page you are able to see all the details regarding the virtual machine.  There is a "Edit Settings" link as well to modify the settings of the virtual machine.

 

 

Edit the settings of a virtual machine.

 

  1. Click the arrow next to "VM Hardware" to expand this pane and expose the VM's hardware settings.
  2. Click "Edit Settings" so a second network adapter can be added to the virtual machine.

 

 

Add a second network adapter

 

  1. Now we need to add an additional network card to the VM.  
  2. Click the drop down list for "New Device" and highlight the "Network" device.  We need to add a second network to the virtual machine.
  3. Click the Add button to add the new Network Card.

 

 

Configure the Second Network Card.

 

  1. Click the arrow next to the New Network card to expand and view its settings. Notice that the MAC address is blank at this point. A new MAC address will be generated once this NIC is added or we are able to specify (with some rules) our own MAC address.
  2. Click "OK" to add the device to the VM.  When you select "OK" a new task is created.

 

 

Recent Tasks List

 

After adding the second NIC to the VM you'll see a task show up in the Recent Tasks list.  

  1. If the Recent Tasks pane is still minimized, click on the Recent Tasks button.
  2. Optionally, you can choose to click on the push pin on the right side of the Recent Tasks pane to make the Recent Tasks pane stay as part of the interface.

 

 

Recent Tasks List

 

Review the "Recent Tasks" list.   Once the task is complete, a second Network Adapter should be shown in the "VM Hardware" section.  Note the networks are in a disconnected state because the VM is powered off.

Again, you may choose to dismiss the Recent Tasks pane by clicking the Recent Tasks button again or click the push-pin to make it persistent.

 

 

Show the Work In Progress Pane

 

For several of the next exercises it might be useful to have the Work In Progress pane in view.

  1. Click the Work In Progress button
  2. Click the pin to keep the pane in view

 

 

Recent Items List

 

One of the new features of the vSphere Web Client is the ability to view the most recently used object in inventory.  As an example, let's say we wanted to go back to Datacenter Site A.  In the lab environment we are currently using, this is a relatively easy task, but in a larger environment, this may prove to be a more difficult task.

  1. Start by clicking the recently viewed items icon.

 

 

Select vcsa-01a.corp.local

 

  1. Next, select vcsa-01a.corp.local from the Drop-Down Menu.  Note that there may be different items on the list from what you see based on what lessons you have completed in the lab so far.

 

 

Create a Virtual Machine

 

There are several areas on the interface to create a new VM.  We will be using the top of the hierarchy which is the vCenter Server.

  1. Move your mouse cursor over the Home menu (note that you do not need to click on the button)
  2. Select VMs and Templates

 

 

Create a Virtual Machine

 

  1. Expand the vcsa-01a.corp.local tree to expose the "DataCenter Site A" object
  2. Click on "DataCenter Site A"

 

 

Start the New Virtual Machine Wizard

 

  1. If you are not already there, click the "Getting Started" tab to view a list of the Basic Tasks which can be started.
  2. Click "Create a new virtual machine" to start the new virtual machine wizard.  This wizard is used to create a new Virtual Machine and place it in the vSphere inventory.

 

 

Virtual Machine wizard

 

  1. Click "Next" since the "Create a New Virtual Machine" wizard is highlighted.

 

 

Name the Virtual Machine

 

  1. Enter "web-serv01" for the name of the new virtual machine.
  2. Click "Next"

 

 

Virtual Machine Placement

 

Expand "Datacenter Site A" to see "Cluster Site A".

Because Distributed Resource Scheduler (DRS) is enabled, you just have to select a cluster and DRS will determine which host to use for the VM.
  1. Click "Cluster Site A"
  2. Click "Next"

 

 

Pause the wizard

 

Have you ever been in the middle of an operation only to be interrupted by another request? In the vSphere Web Client, we have you covered!  You can simply "pause" the wizard, perform your other task, and come right back to where you left off. For example, a user calls you and requests that their VM be powered on immediately! So lets pause our wizard in order to power on their VM.

  1. Save the wizard progress by clicking the  >> in the upper right hand corner of the web client.  This will save the state of the wizard to the "work in progress" pane and close the wizard allowing you to perform this urgent task of powering on the user's VM.

 

 

Work In Progress Pane

View the Work In Progress pane to validate that your work has been saved.

Once you've verified that your work is saved then click the push pin of the Work in Progress pane to minimize it and free up your screen space.

 

 

Power on w12-core

 

  1. Click "Hosts and Clusters".
  2. Expand vcsa-01a.corp.local, Datacenter Site A, and Cluster Site A to expose the w12-core VM.
  3. Right click on w12-core, which will bring up the Actions sub-menu.
  4. Expand the menu by hovering over Power.
  5. Click the Power On menu item.

 

 

Continue the New VM Wizard

 

  1. Click the Work In Progress button to view the Work in Progress pane

 

 

Continue the New VM Wizard

 

  1. Click on "New Virtual Machine" to bring up the wizard right where you left off

 

 

Select Datastore

 

  1. Ensure the "ds-site-a-nfs01" datastore is selected
  2. Click "Next"

 

 

Compatibility

 

  1. Click "Next" to accept the default "ESXi 6.0 and later"

 

 

Guest OS

 

  1. Click "Next" to accept the default.

 

 

Change Virtual Disk Size.

 

  1. Change the memory setting from the 4096 to "1024".  This VM is a test VM so it only needs 1 GB of memory and 40 MB of disk.  
  2. Change the disk size from GB to "MB".
  3. Change the disk size of 40,960 to "40" 40 MB size.
  4. Change the network to "VM Network (vds-site-a)".
  5. Select "Next"
  6. Select "Finish"

 

 

Power on New Virtual Machine.

 

  1. Right Click "web-serv01"
  2. Hover over the "Power" menu item
  3. Click "Power On"
In addition to the right click menu there is an "Actions" menu at the top of the Web Client where you can accomplish the same commands.

 

Using Tagging and Search to Find Objects Quickly


The vSphere 6.0 Web Client now provides some powerful search options.  This lesson will guide you through the different search options to find the inventory of interest quickly.   Also, a new feature of vCenter Inventory Service enables users to create custom defined tags that can be categorized and added to any inventory objects in the environment. These tags are searchable metadata and reduce the time to find inventory object information.   This lab will cover how to create tags and use the tags for a search.


 

Logging In

 

Click the "Mozilla Firefox" icon from the Control Center desktop or the bottom taskbar.

  1. Click the "Use Windows session authentication" check box
  2. Click "Login"

 

 

Search Options

 

We have different search options, "New Search", "Saved Searches" and "Quick Search".  Let's first take a look at "New Search"

  1. From anywhere in the web client, click the "Home" icon to show the Home Menu.
  2. Click "New Search"

 

 

Search for Virtual Machines

 

  1. Let's do a simple search by entering "vm" in the search box.
  2. Click "Search"
  3. In the inventory pane search results are returned that have been grouped by object type.
  4. The search has also created tabs that group by object type. You should be on the Virtual Machines tab. If not click on the Virtual Machines tab.

 

 

Virtual Machines that exist in the environment

 

  1. When the "Virtual Machines" tab is selected, a list of VM's that exist in the environment is returned.
  2. Now let's search for a specific tag.  Click the "Advanced Search" link.

 

 

Advanced Search

 

Using advanced search allows you to search for managed objects that meet multiple criteria.

For example, you can search for virtual machines matching a search string. The virtual machines reside on hosts whose names match a second search string.  Let's do a search for virtual machines to check VMware Tools status.

  1. Change the field shown to "Virtual Machine".
  2. For the property Field click "VMware Tools Version Status"
  3. Click the drop down menu to select the "Not installed" criteria.
  4. Click the "Search" button.
  5. The results are displayed in the results screen.  
  6. This search can be used in the future so let's save the search.  Click "Save..."

 

 

Name the Search

 

  1. Enter "VMware Tools Not Installed" for the name of the search.
  2. Click "OK"

 

 

View Saved Searches

 

  1. Click the Home Menu icon at the top
  2. Click on Saved Searches

 

 

Save Search Results

 

  1. Click the saved search "VMware Tools Not Installed"
  2. A list of the VM's which do not have tools installed is returned in the results window.

 

 

Quick Search

 

  1. In the upper right hand corner, enter "vm" in the quick search field.  A pop-up window is displayed that shows filtered items which match.
  2. Click the second "VM Network" next to the "Distributed Port Group" heading. (This network exists on Site B as well.)

 

 

List of Virtual Machines

 

  1. Select "Virtual Machines" on the left side of the screen.  
  2. Select "Related Objects" on the right.  An expanded list of virtual machines is shown.

 

 

Tags, User Defined Labels

 

You use tags to add metadata to inventory objects. You can record information about your inventory objects in tags and use the tags in searches.

  1. Click the Home Menu
  2. Select "Tags" to create tag categories and tags.

 

 

Creating Tag Categories

 

You use categories to group tags together and define how tags can be applied to objects.

Every tag must belong to one and only one category. You must create at least one category before creating any tags.

  1. Click "New Category"

 

 

New Category

 

Associable Object Types:  We will use the default which states that the new tag in this category can be assigned to all objects.  The other option is you can specify a specific object, such as virtual machines or datastores.

  1. Enter "web tier" for the Category Name.
  2. Keep the default "One tag per object"
  3. Click "OK"

 

 

Create a New Tag

 

Click 'New Tag' to create a new one.

 

 

Tag Creation and assign to a Category

 

  1. To create a new tag enter "Web Server version 2"
  2. Click the tag category "web tier" in the drop down box.
  3. Select "OK"

To review the category and tags you created, select the "Items" tab.  In this screen, you can review and edit the categories and tags.  New categories and tags also can be created in this screen.

 

 

List Created Tags

 

  1. When the "Items" tab is selected, a list of the created tags is returned.  Notice there is also a Categories tab, which would list the categories which have been created.

 

 

Assigning tags to a Virtual Machine

 

  1. Click the Home Menu
  2. Click "VMs and Templates"

 

 

Select a Virtual Machine

 

  1. Right-click the virtual machine "web-serv01". You may need to expand the navigation tree on the left side to expose the VMs.
  2. Find "Tags & Custom Attributes"
  3. Click "Assign Tag"

 

 

Assign Tag

 

  1. Click the "Web Server Version 2" tag
  2. Click "Assign".  A task is created and the tag is assigned.

 

 

Search Using Tags

 

  1. In the Quick Search field enter "we".  
  2. Select the Tag "Web Server Version 2"

 

 

Search Results

 

  1. Click on the "Related Objects" tab to find the list of objects which have been assigned the "Web Server Version 2" tag.

 

 

Using Filters

 

Another way to find objects quickly is to use the new Filter feature in the vSphere Web Client.

  1. Start by clicking the Home Menu
  2. Click Hosts and Clusters

 

 

Select Cluster Site A

 

  1. From the left navigation pane, select "Cluster Site A".
  2. Next, click the "Related Objects" Tab.
  3. And finally the "Hosts" Tab.

 

 

Filter Options

 

  1. Click on the 'Quick Filter' button, right next to the 'Filter box'

 

 

Host Filter Options

 

You'll now be presented with a list of Filter options specific to vSphere Hosts.

  1. Click on the "In Maintenance Mode" box under Maintenance Mode.

 

 

Hosts in Maintenance Mode

 

You are presented with a list of all the hosts in Maintenance Mode, which in our case is none.

To remove a single filter, just uncheck the box next it.  To clear all the Filters and start over, click the filter icon with the Red 'X'.

  1. Click the Filter Icon with the Red 'X'.

 

 

Other Filters Available

 

You can click through the other tabs (Virtual Machines, vApps, Datastores, etc.) and view the other filters that are available for each object type.  Again, each filter is specific to the class of object it represents.

Notice if a tag has been created for that object, you can use that to filter with as well.

 

Understanding High Availability (HA) and Distributed Resource Scheduler (DRS)


This lab shows how to use the VMware vSphere web client to enable and configure High Availability (HA) and Dynamic Resource Scheduling (DRS). HA protects from down time by automating recovery in the event of a host failure. DRS ensures performance by balancing virtual machine workloads across hosts a cluster.


 

What is vSphere High Availability?

vSphere HA provides high availability for virtual machines by pooling the virtual machines and the hosts they reside on into a cluster. Hosts in the cluster are monitored and in the event of a failure, the virtual machines on a failed host are restarted on alternate hosts.

When you create a vSphere HA cluster, a single host is automatically elected as the master host. The master host communicates with vCenter Server and monitors the state of all protected virtual machines and of the slave hosts. Different types of host failures are possible, and the master host must detect and appropriately deal with the failure. The master host must distinguish between a failed host and one that is in a network partition or that has become network isolated. The master host uses network and datastore heartbeating to determine the type of failure. Also note that vSphere HA is a host function which means there is not a dependency on vCenter in order to effectively fail over VMs to other hosts in the cluster.

 

 

HA Primary Components

 

 

 

The Master Role

 

 

 

The Slave Role

 

 

 

The Master Election Process

 

 

 

Enable and Configure vSphere High Availability

 

  1. First, go to the "Home" button
  2. Select "Hosts and Clusters"

 

 

Settings for High Availability

 

  1. Click "Cluster Site A"
  2. Click "Actions" to bring up the drop down menu.
  3. Click "Settings"

 

 

Cluster Settings

 

  1. Click "vSphere HA" under "Services" to bring up the settings for high availability. Note that you may need to scroll to the top of the list.
  2. Click "Edit"

 

 

Enable High Availability

 

  1. Check the box "Turn ON vSphere HA"
  2. Change the "VM Monitoring" section to "VM and Application Monitoring".
  3. Expand the "Admission Control" section by selecting the ">"

 

 

Admission Control Settings

 

  1. Scroll down and check the radio button "Define failover capacity by reserving a percentage of the cluster resources and accept the default settings of 25%.

 

 

VM Monitoring and Datastore Heartbeating

 

  1. Expand the Datastore Heartbeating section.
  2. Select the radio button for "Automatically select datastores accessible from the host".  
  3. Click "OK"

 

 

Use the Summary Tab to Verify that HA Is Enabled

 

  1. Click the Summary tab
  2. Locate and expand the vSphere HA panel in the data area: click on the ">" to the left of the panel's name to expand it.

Notice the bars that display resource usage in blue, protected capacity in light gray, and reserve capacity using stripes.

 

 

Enable Distributed Resource Scheduler (DRS)

 

If necessary, return to the Manage> Settings page on the Cluster Site A cluster

  1. Click vSphere DRS
  2. Click "Edit"
  3. Check "Turn ON vSphere DRS" -- note that this is already enabled in the lab
  4. Click the drop down box and select "Fully Automated"
  5. Click "OK"

 

 

Automation Levels

 

The chart shown above is showing how DRS affects placement and migration according to the setting Manual, Partially Automated or Fully Automated.

 

 

Use the Cluster's Summary Tab to Check  Cluster Balance

 

  1. Click the "Summary Tab" to display the current status of the cluster.  
  2. The Summary tab of the Cluster Site A shows the current balance of the cluster.  Also shown in the DRS section is how many recommendations or faults that have occurred with the cluster. (You may have to scroll down to see the vSphere DRS widget).

That concludes this lesson.

 

vSphere 6.0 Fault Tolerance Provides Continuous Availability


vSphere 6.0 HA provides a base level of protection for your virtual machines by restarting virtual machines in the event of a host failure. vSphere 6.0 Fault Tolerance provides a higher level of availability, allowing users to protect any virtual machine from a host failure with no loss of data, transactions, or connections.

Fault Tolerance provides continuous availability by ensuring that the states of the Primary and Secondary VMs are identical at any point in the instruction execution of the virtual machine. This is done using the VMware vLockstep technology on the ESXi host platform. vLockstep accomplishes this by having the Primary and Secondary VMs execute identical sequences of x86 instructions. The Primary VM captures all inputs and events (from the processor to virtual I/O devices) and replays them on the Secondary VM. The Secondary VM executes the same series of instructions as the Primary VM, while only a single virtual machine image (the Primary VM) executes the workload.

If the host running the Primary VM fails, an immediate and transparent failover occurs. The functioning ESXi host seamlessly becomes the Primary VM host without losing network connections or in-progress transactions. With transparent failover, there is no data loss and network connections are maintained. After a transparent failover occurs, a new Secondary VM is respawned and redundancy is re-established. The entire process is transparent and fully automated and occurs even if vCenter Server is unavailable.


 

VMware vSphere Fault Tolerance

 

The benefits of Fault Tolerance are:

Use cases

Any workload that has up to 4 vCPUs and 64GB Memory that is not latency sensitive (eg. VOIP & High-Frequency trading are not good candidates for FT). Note that vSphere 6.0 introduces the capability to use FT to protect VMs with more than 1 vCPU. In vSphere 5.5 and prior versions, only VMs with 1 vCPU could be protected by FT.

There is VM/Application overhead to using FT and that will depend on a number of factors like the application, number of vCPUs, number of FT protected VMs on a host, Host processor type, etc. We will release a performance paper around launch that will get into more specifics, for now the recommendation to customers is to test out using FT and see if it works for their workloads/use cases.

The new version of Fault Tolerance greatly expands the use cases for FT to approximately 90% of workloads.

The new technology used by FT is called Fast Checkpointing and is basically a heavily modified version of an xvMotion that never ends and executes many more checkpoints (multiple/sec). Also note that in versions prior to 6.0, FT required shared storage where both the Primary and Secondary copies of the FT-protected VM would share the same VMDK files. However, in vSphere 6.0 in order to add additional protection to the FT-protected VM, the Primary & Secondary VM use unique VMDK's.  

FT logging (traffic between hosts where primary and secondary are running) is very bandwidth intensive and will use a dedicated 10G nic on each host. This isn’t required, but highly recommended as at a minimum an FT protected VM will use more . If FT doesn’t get the bandwidth it needs the impact is that the protected VM will run slower.

 

 

Video: Protecting Virtual Machines with FT (2:51)

This video shows how to protect virtual machines with VMware Fault Tolerance (FT). Due to resource constraints in the Hands On Labs environment we're unable to demonstrate this live for you.

 

Monitoring Events and Creating Alarms


vSphere includes a user-configurable events and alarms subsystem. This subsystem tracks events happening throughout vSphere and stores the data in log files and the vCenter Server database. This subsystem also enables you to specify the conditions under which alarms are triggered. Alarms can change state from mild warnings to more serious alerts as system conditions change, and can trigger automated alarm actions. This functionality is useful when you want to be informed, or take immediate action, when certain events or conditions occur for a specific inventory object, or group of objects.

Events are records of user actions or system actions that occur on objects in vCenter Server or on a host. Actions that might be reordered as events include, but are not limited to, the following examples:

■ A license key expires

■ A virtual machine is powered on

■ A user logs in to a virtual machine

■ A host connection is lost

Event data includes details about the event such as who generated it, when it occurred, and what type of event.

Alarms are notifications that are activated in response to an event, a set of conditions, or the state of an inventory object. An alarm definition consists of the following elements:

■ Name and description - Provides an identifying label and description.

■ Alarm type - Defines the type of object that will be monitored.

■ Triggers - Defines the event, condition, or state that will trigger the alarm and defines the notification severity.

■ Tolerance thresholds (Reporting) - Provides additional restrictions on condition and state triggers thresholds that must be exceeded before the alarm is triggered.

■ Actions - Defines operations that occur in response to triggered alarms. VMware provides sets of predefined actions that are specific to inventory object types.

Alarms have the following severity levels:

■ Normal – green

■ Warning – yellow

■ Alert – red

Alarm definitions are associated with the object selected in the inventory. An alarm monitors the type of inventory objects specified in its definition.

For example, you might want to monitor the CPU usage of all virtual machines in a specific host cluster. You can select the cluster in the inventory, and add a virtual machine alarm to it. When enabled, that alarm will monitor all virtual machines running in the cluster and will trigger when any one of them meets the criteria defined in the alarm. If you want to monitor a specific virtual machine in the cluster, but not others, you would select that virtual machine in the inventory and add an alarm to it. One easy way to apply the same alarms to a group of objects is to place those objects in a folder and define the alarm on the folder.

In this lab, you will learn how to create an alarm and review the events that have occurred.


 

Video: Configure Alarms and Notification for VMware vSphere (5:20)

This video shows how to use the VMware vSphere web client to configure vCenter Server alarms and alerts and how to enable email notification.

 

 

Review default alerts

 

  1. Click the "Home" icon
  2. Click the "Events" menu item

 

 

Event Console

 

  1. Select the "Type" column to sort by level of severity.
  2. Select an event to review the details of the event.  

 

 

Setup notifications

 

  1. Click the "Home" menu
  2. Click the "Hosts and Clusters" menu item

 

 

Setup Notifications

 

  1. Select the vCenter "vcsa-01a.corp.local"
  2. Click the "Manage" tab
  3. Click the "Alarm Definitions" tab.  The default alarm definitions are shown.
  4. Click an alarm.  Alarms can be defined at different levels.  In the case of the highlighted alarm, you can see it is defined at the top level.  Alarms that are defined at the top level are then inherited by the objects below.

 

 

Defining an Alarm

 

  1. Use the filter to find the "Host CPU usage" alarm definition by typing "cpu" in the search field
  2. Select the "Host CPU usage" alarm
  3. Click the "Edit" button

 

 

Host CPU usage - Edit

 

  1. Click on the "Triggers" portion of the alarm.
  2. Click "80%" usage for 5 minutes to trigger the alarm.
  3. Click "Next"

 

 

Define Actions

 

  1. Click the "+" to add a new action.
  2. Scroll on the list and click "Maintenance mode"
  3. Set the "Alert State Change" to "Once"
  4. Set the "Alert State Change" to "Once"
  5. Click "Finish"

 

 

New Alarm Definition

 

We will be creating an alarm that will reset a VM if CPU Ready exceeds an average of 8000ms over the course of 5 minutes.

  1. Click the "+" to start the New Alarm Definition wizard.
  2. Enter "Virtual Machine CPU Ready"
  3. Click "Next" to move to the Triggers section.

 

 

Define CPU Ready Time

 

  1. Click the "+" to add a new trigger action.
  2. Scroll down the list and select the "VM CPU Ready Time" and keep the default conditions.
  3. Click "Next"

 

 

Define the Action to Take

 

  1. Click the "+" to add a new action
  2. Click the "Reset VM" action
  3. Click "Finish"

That concludes this lesson.

 

Configure Shares and Resources


Shares specify the relative importance of a virtual machine (or resource pool). If a virtual machine has twice as many shares of a resource as another virtual machine, it is entitled to consume twice as much of that resource when these two virtual machines are competing for resources.  This lab starts with a video walking you through the process of working with shares and resources.  The remainder of this module walks you through making the changes to a VM's resources.

Shares are typically specified as High, Normal, or Low


 

Video: Configuring Shares and Reservations (4:00)

This video shows how to use the VMware vSphere web client to configure shares, reservations, and limits in order to effectively distribute compute and memory resources among virtual machines.

 

 

Shares, Limits and Reservations

 

 

 

Review CPU settings

 

  1. Click the "w12-core" virtual machine.
  2. Click the "Manage" tab
  3. Click the "Settings tab"
  4. Click the "VM Hardware" setting
  5. Expand the CPU section.  You can see the current settings for Shares, Reservation and Limit.
  6. Expand the Memory section.  This section contains the Shares, Reservations and Limit for the memory section.
  7. Click "Edit" to modify the shares of the VM

 

 

Understanding Shares

 

The above example shows 2 VM's, one a development VM and the other a Production VM.  On the left hand side of the diagram, you can see the CPU shares are equal.   We want to make sure the Production VM gets the majority of the CPU resources when there is contention for those resources in the environment.  Changing the shares for the production VM from 1000 shares to 2000 shares accomplishes this goal.  The new settings are shown on the right side of the diagram.

 

 

Changing Resource Allocation of CPU shares.

 

  1. Expand the CPU section of the settings.
  2. From the Shares drop down box, Click "High" to change the setting of the CPU shares.
  3. Click "OK"

 

 

 

Review Settings

 

The new Shares settings are shown in the Settings tab.

 

 

Settings for Limits and Reservations.

 

Limits and Reservations are set with the same procedure.  When you click on the "edit" settings for a VM, you will find the ability to set the Limit and Reservations.  Limit restricts a VM from using more than the limit setting.  Reservations guarantee a minimum amount of a resource be available for the virtual machine.  Try out some settings for Limits and Reservations.  One note is that if you try to reserve more of a resource such as memory or CPU than is available, the VM may not power on.

 

 

Conclusion

This concludes Module 2 - Introduction to Management with vCenter Server.  We hope you have enjoyed taking this lab.  Please remember to take the survey at the end.

If you have time remaining, here are the other Modules that are part of this lab, along with an estimated time to complete each one.  Click on the 'Table of Contents' button to quickly jump to that Module in the Manual.

 

 

Module 3 - Introduction to vSphere Networking And Security (60 Min)

vSphere Networking Enhancements


Since vSphere 5.5, some key networking enhancements and capabilities to further simplify operations, improve performance and provide security in virtual networks. VMware vSphere Distributed Switch™ is a centrally managed, datacenter-wide switch that provides advanced networking features on the vSphere platform. Having one virtual switch across the entire vSphere environment greatly simplifies management. The following are some of the key benefits of the features in this release:


 

Link Aggregation Control Protocol (LACP) Enhancements

In vSphere 5.1, LACP is supported. LACP is a standards-based method to control the bundling of several physical network links together to form a logical channel for increased bandwidth and redundancy purposes. It dynamically negotiates link aggregation parameters such as hashing algorithms, number of uplinks, and so on, across vSphere Distributed Switch and physical access layer switches. In case of any link failures or cabling mistakes, LACP automatically renegotiates parameters across the two switches. This reduces the manual intervention required to debug cabling issues.

The following key enhancements are available on vSphere Distributed Switch with vSphere 5.5 and later:

 

 

LACP Example

 

 

 

Traffic Filtering

Traffic filtering is the ability to filter packets based on the various parameters of the packet header. This capability is also referred to as access control lists (ACLs), and it is used to provide port-level security.

The VDS supports packet classification, based on the following three different types of qualifiers:

After the qualifier has been selected and packets have been classified, users have the option to either filter or tag those packets.

When the classified packets have been selected for filtering, users have the option to filter ingress, egress, or traffic in both directions.

 

 

Traffic-filtering configuration is at the port group level

 

 

 

Quality of Service Tagging

Two types of Quality of Service (QoS) marking/tagging common in networking are 802.1p Class of Service (CoS), applied on Ethernet/layer 2 packets, and Differentiated Service Code Point (DSCP), applied on IP packets. The physical network devices use these tags to identify important traffic types and provide QoS based on the value of the tag. Because business-critical and latency-sensitive applications are virtualized and are run in parallel with other applications on an ESXi host, it is important to enable the traffic management and tagging features on VDS.

The traffic management feature on VDS helps reserve bandwidth for important traffic types, and the tagging feature enables the external physical network to detect the level of importance of each traffic type. It is a best practice to tag the traffic near the source and help achieve end-to-end QoS. During network congestion scenarios, the highly tagged traffic doesn’t get dropped, providing the traffic type with higher QoS.

VMware has supported 802.1p tagging on VDS since vSphere 5.1. The 802.1p tag is inserted in the Ethernet header before the packet is sent out on the physical network. In vSphere 5.5 and later, the DSCP marking support enables users to insert tags in the IP header. IP header–level tagging helps in layer 3 environments, where physical routers function better with an IP header tag than with an Ethernet header tag.

After the packets are classified based on the qualifiers described in the “Traffic Filtering” section, users can choose to perform Ethernet (layer 2) or IP (layer 3) header–level marking. The markings can be configured at the port group level.

 

 

SR-IOV Enhancements

Single-root I/O virtualization (SR-IOV) is a standard that enables one PCI Express (PCIe) adapter to be presented as multiple, separate logical devices to virtual machines. In this release, the workflow of configuring the SR-IOV–enabled physical NICs is simplified. Also, a new capability is introduced that enables users to communicate the port group properties defined on the vSphere standard switch (VSS) or VDS to the virtual functions.

The new control path through VSS and VDS communicates the port group–specific properties to the virtual functions. For example, if promiscuous mode is enabled in a port group, that configuration is then passed to virtual functions, and the virtual machines connected to the port group will receive traffic from other virtual machines.

 

 

Enhanced Host-Level Packet Capture

Troubleshooting any network issue requires various sets of tools. In the vSphere environment, the VDS provides standard monitoring and troubleshooting tools, including NetFlow, Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN) and Encapsulated Remote Switched Port Analyzer (ERSPAN). In this release, an enhanced host-level packet capture tool is introduced. The packet capture tool is equivalent to the command-line tcpdump tool available on the Linux platform.

The following are some of the key capabilities of the packet capture tool:

  1. Uplink
  2. Virtual switch port
  3. vNIC

 

 

40GB NIC Support

Support for 40GB NICs on the vSphere platform enables users to take advantage of higher bandwidth pipes to the servers. In this release, the functionality is delivered via Mellanox ConnextX-3 VPI adapters configured in Ethernet mode.

 

Configuring vSphere Standard Switch


The following lesson will walk you through the process of creating and configuring the vSphere Standard Switch.


 

Adding a Virtual Machine Port Group with the vSphere Web Client

 

If you are not already logged in, launch the Firefox browser from the desktop and login to the vSphere Web Client.

  1. Click the "Use Windows session authentication" check box
  2. Click "Login"

 

 

Select Hosts and Clusters

 

In the left-hand pane, click the "Hosts and Clusters" object.

 

 

Add Networking

 

Under vcsa-01a.corp.local, expand Datacenter Site A and then Cluster Site A.

Next, right-click on esx-02a.corp.local in the Navigator and select 'Add Networking'.

 

 

Connection Type

 

When asked to select connection type, choose Virtual Machine Port Group for a Standard Switch and click Next

 

 

Target Device

 

When asked to select a target device, choose New Standard Switch and click Next.

 

 

Create a Standard Switch

 

At the Create a Standard Switch step of the wizard, select 'Unused Adapters' and click the Green '+' button.

 

 

Add Physical Adapter

 

Select vmnic3 under Network Adapters and click 'OK'

 

 

Add Physical Adapter

 

Click 'Next to continue.

 

 

Connection Settings

 

At the Connection settings step of the wizard, for Network label, leave the default name of VM Network.

Do not change change the VLAN ID; leave this set to None (0).

 

 

Complete the Wizard

 

Review the port group settings in Ready to complete and click Finish.

 

 

(Optional) Video: How to Configure a vSphere Standard Switch (VSS) (4:22)

This video shows how to use the VMware vSphere web client to configure basic networking for your vSphere hosts using the vSphere Standard Switch (VSS).

 

 

Editing a Standard Switch in the vSphere Web Client

In this lesson, we'll modify the Standard switch we created in the previous steps.

vSphere standard switch settings control switch-wide defaults and switch properties such as the uplink configuration.

 

 

Select esxi-02a.corp.local

 

Browse to esxi-02a.corp.local in the vSphere Web Client object Navigator

 

 

List Virtual Switches

 

Click the Manage tab, select Networking and select Virtual switches.

 

 

Select vSwitch0

 

Select vSwitch0 switch from the list

 

 

Edit vSwitch0

 

Under Virtual switches, select vSwitch0 and click the pencil icon to edit the virtual switch.

 

 

Change the MTU Setting for a vSphere Standard Switch (Enabling Jumbo Frames)

 

If you are using jumbo frames in your environment and want to leverage this on a vSphere Standard Switch, you can change the MTU setting here.

You can change the size of the maximum transmission unit (MTU) on a vSphere Standard Switch to increase the amount of payload data transmitted with a single packet, that is, enabling jumbo frames.  Be sure to check with your Networking team prior to making any modifications here. To realize the benefit of this setting and prevent performance issues, compatible MTU settings are required across all virtual and physical switches and end devices such as hosts and storage arrays.

You will also notice the Security, Traffic shaping, and Team and Failover options. This is where the default settings for the virtual switch would be set. As you will see later, these defaults may be overridden at the port group level as required.

Click Cancel to continue.

 

 

Change the Speed of an Uplink Adapter in the vSphere Web Client

An uplink adapter can become a bottleneck for network traffic if the speed of the uplink adapter is not compatible with the network traffic speed. You can change the connection speed and duplex setting of an uplink adapter to match the speed configured on the attached physical switch port.

 

 

Select Physical Adapters

 

Click on Physical adapters

 

 

Edit vmnic3

 

To change the configured speed and duplex value of a physical network adapter, select vmnic3 from the list and click Edit (the pencil icon).  

 

 

Configured Speed and Duplex

 

Here we could change the configured speed and/or duplex to the appropriate settings.

Click Cancel to continue.

 

 

Add Uplink Adapters in the vSphere Web Client

You can associate multiple adapters to a single vSphere standard switch to increase throughput and provide redundancy should a link fail. This is known as "NIC Teaming."

 

 

Select Virtual switches

 

Select Virtual switches.

Click on vSwitch0 and then the Manage physical adapters icon.

 

 

Add Adapter

 

Add an Adapter by clicking the Green '+' icon.

 

 

Select Adapter

 

Select a vmnic2 from the list and select 'Active Adapters' from the Failover order group drop-down menu.  Click OK.

 

 

View Adapters

 

The selected adapter appears as an Active Adapter under the Assigned Adapters list.  Click 'OK' to save the change.

 

 

Editing a Standard Switch Port Group

Once the vSwitch has been configured and its defaults have been set, the port group can be configured. The port group is the construct that is connected to virtual machine NICs and usually represents a VLAN or physical network partition such as Production, Development, Desktop or DMZ.

 

 

Edit Port Group

 

With vSwitch0 selected, select the VM Network port group and click Edit (the pencil icon)

 

 

Port Group Properties

 

The Properties setting section is where the name or VLAN ID of the port group can be modified.

There is no need to modify these settings for this part of the lab. 

 

 

Port Group Security

 

Click Security in the left pane.  By ticking the Override box, you can override the default setting of the virtual switch for just this port group.

In this section, you can configure the following:

Promiscuous Mode

MAC Address Changes

Forged Transmits

No changes are needed here and you may proceed to the next step.

 

 

Traffic Shaping

 

Click Traffic shaping in the left pane. then select the check box next to Override.  Just like in the Security settings, you can override the default policy set at the switch level to apply to just this port group.

A traffic shaping policy is defined by average bandwidth, peak bandwidth, and burst size. You can establish a traffic shaping policy for each port group.

ESXi shapes outbound network traffic on standard switches. Traffic shaping restricts the network bandwidth available on a port, but can also be configured to allow bursts of traffic to flow through at higher speeds.

Average Bandwidth

Peak Bandwidth

Burst Size

No changes are needed here and you may proceed to the next step.

 

 

Teaming and Failover

 

Click Teaming and failover in the left pane.  Again we have the option to override the default virtual switch settings.

Load Balancing Policy - The Load Balancing policy determines how network traffic is distributed between the network adapters in a NIC team. vSphere virtual switches load balance only the outgoing traffic. Incoming traffic is controlled by the load balancing policy on the physical switch.

Network Failure Detection - The method the virtual switch will use for failover detection.

Notify Switches - specifies whether the virtual switch notifies the physical switch in case of a failover.

Failover - specifies whether a physical adapter is returned to active status after recovering from a failure.

You can also override the default virtual switch setting for the Failover order of the physical adapters.

No changes are needed here and you may proceed to the next step.

 

 

Cancel the Changes

 

Since we don't want to make any changes to the port group, click the Cancel button.

 

 

Conclusion

The vSphere Standard Switch is a simple virtual switch configured and managed at the host level. This switch provides access, traffic aggregation and fault tolerance by allowing multiple physical adapters to be bound to each virtual switch.

The VMware vSphere Distributed Switch builds on the capabilities of the vSS and simplifies management in large deployments by appearing as a single switch spanning multiple associated hosts. This allows changes to be made once and propagated to every host that is a member of the switch.

 

Adding and Configuring a vSphere Distributed Switch


This lesson will walk you through adding and configuring a Distributed Switch.

If you're interested in some of the new or advanced features of the vSphere Distributed Switch, please consider taking HOL-SDC-1402 - vSphere Distributed Switch from A to Z.  


 

Add a vSphere Distributed Switch using the vSphere Web Client

Create a vSphere Distributed Switch on a vSphere datacenter to handle networking traffic for all associated hosts in the datacenter. If your system has many hosts and complex port group requirements, creating distributed port groups rather than a standard port groups can go a long way towards easing the administrative burden.

 

 

Datacenter Site A

 

In the Navigator, right-click on Datacenter Site A and select Distributed Switch --> New Distributed Switch...

 

 

Name and Location

 

Keep the default name for the new distributed switch then click Next.

 

 

Select version

 

Make sure Distributed Switch: 6.0.0 is selected and click Next.

Note that the version of the Distributed Switch determines which ESXi host versions are able to join the switch. Once all hosts that are a member of a Distributed Switch have been upgraded, the switch may be upgraded to the matching version. In the lab, all ESXi hosts are version 6.0.

 

 

Edit Settings

 

Keep the defaults and click Next.

 

 

Ready to complete

 

Review the settings you selected and click Finish.

 

 

(Optional) Video: VMware vSphere: Networking - vSphere Distributed Switch (vDS) (15:15)

This video demonstrates how to configure the vSphere Distributed Switch. vSphere Distributed Switches do everything that vSphere Standard Switches do and a whole lot more.

 

 

Add Hosts to a vSphere Distributed Switch in the vSphere Web Client

Now that we have created a vSphere distributed switch, let's add hosts and physical adapters to create a virtual network.

 

 

Select the Networking Tab

 

 

 

Add Hosts

 

Expand Datacenter Site A until you see the Distributed Switch we just created, DSwitch.

Right-click on DSwitch and select Add and Manage Hosts.

 

 

Select task

 

Select Add hosts and click Next.

 

 

Select hosts

 

To add hosts to the Distributed Switch, click the green '+'.

 

 

Select your Hosts

 

Select all ESXi hosts shown (esx-01a.corp.local and esx-02a.corp.local) and click OK.

 

 

Select hosts (cont.)

 

You should now see the hosts that will be added to the switch.  Click Next.

 

 

Select network adapter tasks

 

Leave the defaults and click Next to continue.

 

 

Manage physical network adapters

 

Part of the "Add Host" process involves assigning one or more network adapters from each host to the Distributed Switch. The assigned adapters may not be shared with any other switch in the host.

Select vmnic3 under esx-01a.corp.local and click Assign uplink

 

 

Select an Uplink for vmnic3

 

Select Uplink 1 and click OK

 

 

Confirm Addition

 

(Optionally) You can add vmnic3 from host esx-02a.corp.local by following the above steps or just click Next to continue.

 

 

Warning message

 

If you did not add a vmnic from each ESXi host, you will receive this warning.

In the lab, you can just click OK to continue.

 

 

Manage virtual network adapters

 

In your environment, you may choose to migrate virtual network adapters from a vSphere Standard or Distributed switch to this new one.  In this lab example, we won't move anything, so just click Next to continue.

 

 

Analyze Impact

 

A check will be made to verify nothing you've done will impact other network dependent services, like iSCSI. Click Next to continue.

 

 

Ready to complete

 

You are now asked to verify the changes you are about to make.  Click Finish to commit the changes.

 

 

Manage Hosts on a vSphere Distributed Switch in the vSphere Web Client

You can change the configuration for hosts and physical adapters on a vSphere Distributed Switch after they are added to the distributed switch.

 

 

Manage Host Networking

 

Right-click DSwitch in the navigator and select Add and Manage Hosts.

 

 

Select Task

 

On the 'Select tasks' page, select Manage host networking and click Next.

 

 

Select hosts

 

Click the green'+' to select the hosts to work with.

 

 

Select member hosts

 

On the "Select member hosts" page, select esx-01a.corp.local for the task then click OK.

 

 

Select hosts (cont.)

 

You should now see esx-01a.corp.local added.  Click Next.

 

 

Select network adapter tasks

 

Leave the default selected and click Next to continue.

 

 

Manage physical network adapters

 

We don't need to modify anything here, just click Next to continue.

 

 

Manage virtual network adapters

 

Let's add a vmkernel adapter to the new switch.  Click on "On this switch" and then "New adapter".

 

 

Select target device

 

Click the Browse button to select the distributed port group and switch.

 

 

Select Network

 

Click on DPortGroup and click OK.

 

 

Select target device (cont.)

 

We can see that DPortGroup has been added.  Click Next.

 

 

Port Properties

 

Keep the default values and click Next.

 

 

IPv4 settings

 

Click next to continue.

 

 

Ready to complete

 

Verify the settings and click Finish.

 

 

New vmkernel port added

 

View the new virtual network adapter we just created.  Click Next to continue.

 

 

Analyze impact

 

The wizard will again check and see if the changes being made will impact other dependent network services.  Click Next to continue.

 

 

Ready to complete

 

Click Finish

 

 

Edit General and Advanced vSphere Distributed Switch Settings in the vSphere Web Client

General settings for a vSphere Distributed Switch include the distributed switch name and the number of uplink ports on the distributed switch. Advanced settings for a vSphere Distributed Switch include the Discovery Protocol configuration and the maximum MTU for the switch. Both general and advanced settings can be configured using the vSphere Web Client.

 

 

Manage DSwitch Properties

 

  1. Make sure the DSwitch is selected under the Navigator pane.
  2. Click the Manage tab
  3. Click the Settings tab
  4. Click Properties

 

 

Edit the switch properties

 

Click Edit

 

 

General Settings

 

Click General to view the vSphere distributed switch settings. Here you can modify the following:

Name: You can modify the name of your distributed switch.

Number of Uplinks: Increase or decrease the number uplink ports attached to the distributed switch.  Note that you can also click the Edit uplink names button to give the uplinks meaningful names.

Number of Ports: This setting cannot be modified.  The port count will dynamically be scaled up or down by default.

Network I/O Control: You can use the drop-down menu to enable or disable Network I/O Control on the switch.

Description: You can use this field to give a meaningful description of the switch.

 

 

Advanced Settings

 

Click Advanced to view the vSphere distributed switch settings.  Here you will find the following advanced settings for the switch:

MTU (Bytes): Maximum MTU size for the vSphere Distributed Switch. To enable jumbo frames, set a value greater than 1500 bytes.  Make sure you check with your Networking team prior to modifying this setting in your environment.

Multicast filtering mode

Discovery Protocol

Administrator Contact: Type the name and other details of the administrator for the distributed switch.

We don't want to make any changes here, just click Cancel.

 

 

Enable or Disable vSphere Distributed Switch Health Check in the vSphere Web Client

The Distributed Switch Health Check monitors for changes in vSphere Distributed Switch configurations. You must enable vSphere Distributed Switch Health Check to perform checks on Distributed Switch configurations.

Health Check is available on ESXi 5.1 Distributed Switches and higher. Also, you can only view Health Check information through the vSphere Web Client 5.1 or later.

 

 

Health check

 

  1. Click on the Health check tab for DSwitch.  We can see that Health check is disabled for VLAN and MTU as well as Teaming and failover.
  2. Click the Edit button.

 

 

Edit Health Check Settings

 

Select Enabled for both and click OK.

 

 

Distributed Port Groups

A distributed port group specifies port configuration options for each member port on a vSphere distributed switch.  Distributed port groups define how a connection is made to a network.

 

 

New Distributed Port Group

 

Right-click the DSwitch in the navigator and select Distributed Port Group --> New Distributed Port Group.

 

 

Select name and location section

 

Name the new port group 'WebVMTrafic and click Next.

 

 

Configure settings

 

When creating a Distributed Port Group, you have the following options available:

Port binding - Choose when ports are assigned to virtual machines connected to this distributed port group.

Port allocation

Number of ports: Enter the number of ports on the distributed port group.

Network resource pool: If you have created network pool to help control network traffic, you can select it here.

VLAN: Use the Type drop-down menu to select VLAN options:

Advanced: Select this check box to customize the policy configurations for the new distributed port group.

Just accept the defaults and click Next to continue.

 

 

Ready to complete

 

Review your settings and click Finish to create the Distributed Port Group.

 

 

View the new Distributed Port Group

 

In the Navigator, expand out DSwitch and you will see the newly created WebVMTraffic Distributed Port Group.

 

Using Host Lockdown Mode


To increase the security of your ESXi hosts, you can put them in lockdown mode.

When you enable lockdown mode, no users other than vpxuser have authentication permissions, nor can they perform operations against the host directly.  Lockdown mode forces all operations to be performed through vCenter Server.

When a host is in lockdown mode, you cannot run vSphere CLI commands from an administration server, from a script or from vMA against the host.  External software or management tools might not be able to retrieve or modify information from the ESXi host.

Lockdown mode is only available on ESXi hosts that have been added to vCenter Server. You can enable lockdown mode using the Add Host wizard to add a host to vCenter Server, using the vSphere Web Client to manage a host or using the Direct Console User Interface (DCUI).

NOTES:

Users with the DCUI Access privilege are authorized to log in to the Direct Console User Interface (DCUI) when lockdown mode is enabled. When you disable lockdown mode using the DCUI, all users with the DCUI Access privilege are granted the Administrator role on the host. The DCUI Access privilege is granted in Advanced Settings on the host.

If you enable or disable lockdown mode using the Direct Console User Interface (DCUI), permissions assigned to users and groups on the host are discarded. To preserve these permissions you must enable and disable lockdown mode using the vSphere Client connected to vCenter Server.

Enabling or disabling lockdown mode affects which types of users are authorized to access host services, but it does not affect the availability of those services. In other words, if the ESXi Shell, SSH, or Direct Console User Interface (DCUI) services are enabled they will continue to run whether or not the host is in lockdown mode.


 

Select Hosts and Clusters

 

From the Navigator, select the Hosts and Clusters tab.

Next, select esx-01a.corp.local.

 

 

Security Profile

 

Before we configure Host Lockdown Mode, let's verify the SSH service is running on esx-01a.corp.local.

Start by clicking Manage and Settings for esx-01a.  Then click Security Profileunder System.

 

 

Verify SSH is Enabled

 

You will need to scroll down a bit until you see the Servicessection.

We can see that the SSH service is enabled and running on esx-01a.corp.local.

 

 

Open an SSH session to esx-01a

 

Let's verify we can login to esx-01a using an SSH connection.

From the Windows Taskbar, click on the PuTTY icon.

 

 

Connect to esx-01a

 

Under Saved Sessions, click on esx-01a.corp.local and click the Open button.

 

 

Logged into esx-01a

 

You will be automatically logged in to esx-01a.corp.local because we have configured public-key authentication from the ControlCenter machine to the ESXi host.

 

 

Close the PuTTY Session

 

Close the PuTTY session by typing 'exit' and hitting Enter.  Once you hit Enter, the PuTTY window will disappear.

 

 

Enabling Lockdown Mode

 

Back in the vSphere Web Client, you will need to scroll down a bit until you see the Lockdown Mode section.

Click on the Edit button.

 

 

Lockdown Mode

 

Click the Normal radio button and click Next.

Note: You do have the option of designating Exception Users.

 

 

Lockdown Mode Enabled

 

Wait for the vSphere Web Client to refresh to see that Lockdown Mode has been enabled.

 

 

PuTTY Session to esx-01a

 

Using the same steps we used above, open the PuTTY application from the Windows Taskbar.

Click on esx-01a.corp.local under Saved Sessions and click Open.

 

 

Denied!

 

You should receive an error when trying to connect to esx-01a.corp.local.  The host has been configured with Host Lockdown Mode and will refuse any remote connections, unless those users were added to the Exception User list.

Click OK and close PuTTY by clicking the 'X' in the top right-hand corner of the window.

 

 

Disable Lockdown Mode

 

Back in the vSphere Web Client, click on the Edit button again under Lockdown Mode.

 

 

Check the 'Disabled' check box.  Click 'OK'.

 

Check the Disabled radio button and OK to continue.

 

 

Host Lockdown Mode Disabled

 

Lockdown Mode for the host should now be disabled.

Host Lockdown Mode provides an excellent way to further secure your vSphere hosts.  For more details, you can view the following video.

This concludes this lesson on Host Lockdown Mode.  

 

 

Video: Enable vSphere Host Lockdown Mode for VMware vSphere (4:48)

This video shows how to secure VMware vSphere hosts with Lockdown Mode in order to limit direct access to the host console and require administrators manage hosts through vCenter Server.

 

Configuring the Host Services and Firewall


This lesson includes a short video on how to use the VMware ESXi firewall.


 

Video:  Configure vSphere Host Firewall for VMware vSphere (4:34)

This video shows how to use the VMware ESXi Firewall on the vSphere host to block incoming and outgoing communication and to manage the services running on the host.

 

User Access and Authentication Roles


VMware recommends that you create roles to suit the access control needs of your environment.  If you create or edit a role on a vCenter Server system that is part of a connected group in Linked Mode, the changes that you make are propagated to all other vCenter Server systems in the group.


 

Create a Role in the vSphere Web Client

In the following steps, we will create a Role in the vSphere Client that we can assign rights to.

 

 

Administration

 

In the vSphere Web Client, click the Home icon and select Administration.

 

 

Roles

 

Verify the Roles tab is selected.

 

 

Create a Role

 

Click the green '+' to create a role.

 

 

Role name

 

  1. Name the role 'HOL Role'
  2. Tick the All Privileges box
  3. Click the OK button to create the new role

 

 

Edit a Role in the vSphere Web Client

When you edit a role, you can change the privileges selected for that role.  When completed, these privileges are applied to any user or group that is assigned the edited role. In Linked Mode, the changes you make are propagated to all other vCenter Server systems in the group. However, assignments of roles to specific users and objects are not shared across linked vCenter Server systems.

 

 

Edit HOL Role

 

  1. Click on the role "HOL Role" to select it
  2. Click the Edit button

 

 

Remove Permissions

 

Let's say that your company has separate teams to manage networking and storage, so the HOL Role does not need access to either of them.  

Uncheck the boxes for Networking and Storage views and click OK.

 

 

Clone a Role in the vSphere Web Client

You can make a copy of an existing role, rename it, and edit it. When you make a copy, the new role is not applied to any users, groups or objects -- it does not inherit anything from the parent except the settings. In Linked Mode, the changes are propagated to all other vCenter Server systems in the group, but assignments of roles to specific users and objects are not shared across linked vCenter Server systems.

 

 

Clone a Role

 

  1. Click on the role "HOL Role" to select it
  2. Click the Clone button

 

 

Role name and privileges

 

  1. Name the cloned role 'HOL Dev Role' Since we cloned the role, it is missing the Network and Storage views privileges that the HOL Dev users require.
  2. Tick the All Privileges box to restore full Administrative privileges to this role.
  3. Click OK to complete the clone

 

 

New Role Cloned

 

 

 

Rename a Role in the vSphere Web Client

You might rename a role when you change the role's purpose. When you rename a role, no changes occur to that role’s assignments. In Linked Mode, the changes you make to the roles are propagated to other vCenter Server systems in the group, however roles assignments are not shared across linked vCenter Server systems.

 

 

Edit Role Name

 

Click on the role "HOL Role" to select it and then click the Edit button.

 

 

New Name

 

  1. Rename the role to 'HOL Admin Role'
  2. Click OK

 

 

Remove a Role in the vSphere Web Client

When you remove a role that is not assigned to any users or groups, the definition of the role is removed from the list of roles. When you remove a role that is assigned to a user or group, you can remove assignments or replace them with an assignment to another role.

NOTE:

Before removing a role from a vCenter Server system that is part of a connected group in Linked Mode, check the use of that role on the other vCenter Server systems in the group. Removing a role from one vCenter Server system also removes that role from all other vCenter Server systems in the group, even if you reassign permissions to another role on the current vCenter Server system.

 

 

Delete Role

 

  1. Click on the role "HOL Admin Role" to select it
  2. Click the Delete button.

 

 

Confirm Deletion

 

Click Yes to confirm you want to delete this role.

 

 

Role Deleted

 

We can see that the role named "HOL Admin Role" has been deleted.

Creating unique and granular roles for users in your organization enables better security for your vSphere infrastructure.

This concludes this lesson on User Access and Authentication Roles.

 

Understanding Single Sign On


You use vCenter Single Sign-On to authenticate and manage vCenter Server users.

The Single Sign-On administrative interface is part of the vSphere Web Client. To configure Single Sign-On and manage Single Sign-On users and groups, you log in to the vSphere Web Client as a user with Single Sign-On administrator privileges. This might not be the same user as the vCenter Server administrator. Enter the credentials on the vSphere Web Client login page and upon authentication, you can access the Single Sign-On administration tool to create users and assign administrative permissions to other users.

In vSphere versions prior to 5.1, users were authenticated when vCenter Server validated their credentials against an Active Directory domain or the list of local operating system users. As of vSphere 5.1, users authenticate through vCenter Single Sign On. The default Single Sign-On administrator for vSphere 5.1 is admin@System-Domain and administrator@vsphere.local for vSphere 5.5 and higher. The password for this account is the one you specified at installation. These credentials are used to log in to the vSphere Web Client to access the Single Sign-On administration tool. You can then assign Single Sign-On administrator privileges to specific users who are allowed to manage the Single Sign-On server. These users might be different from the users that administer vCenter Server.

NOTE: Logging in to the vSphere Web Client with Windows session credentials is supported only for Active Directory users of the domain to which the Single Sign On system belongs.


 

Single Sign-On Identity Sources

In most cases, vSphere SSO will be deployed to use an external Identity Source for primary authentication. In this lab environment, SSO has been integrated with Microsoft Active Directory so that users from the corp.local domain can log in to vSphere using their AD credentials.

In this section, we will look at the configured Identity Sources within Single Sign-on.

 

 

Log into vSphere Web Client as SSO Admin

 

Login to the vSphere Web Client with an account which has the SSO Admin privilege:

  1. Click the "Mozilla Firefox" icon from the Control Center desktop
  2. Username - administrator@vsphere.local
  3. Password - VMware1!
  4. Click "Login"

 

 

Navigate to Administration

 

  1. Click on the Home icon
  2. Select Administration

 

 

vSphere Single Sign-on Identity Sources

 

When the machine with the Platform Services Controller (PSC), which runs the Single Sign-On component, is added to an Active Directory domain, the Identity Source for that domain is automatically added to SSO.

Click on Configuration in the Single Sign-On section of the Navigator

  1. Click on the Identity Sources tab
  2. Notice that the corp.local domain is listed as an Active Directory identity source
  3. Notice that the vsphere.local domain is listed with an unspecified type. This is the internal SSO domain.

Users in the domains listed here can be granted permissions within vSphere.

 

 

Add a vCenter Single Sign On User with the vSphere Web Client

In the vSphere Web Client, users listed on the Users tab are internal to vCenter Single Sign On. These users are not the same as local operating system users, which are local to the operating system of the machine where Single Sign On is installed (for example, Windows). When you add a Single Sign On user with the Single Sign On administration tool, that user is stored in the Single Sign On database, which runs on the system where Single Sign On is installed. These users are part of the SSO domain, by default, "vsphere.local" -- or "System-Domain" for vSphere 5.1. Exactly one system identity source is associated with an installation of Single Sign On.

 

 

List Current Users and Add New User

 

Login to the vSphere Web Client as the administrator@vsphere.local user with password VMware1! and navigate to the Administration section, as indicated in the previous exercise.

  1. Click on Users and Groups under Single Sign-On
  2. On the Users tab, click the New User icon.

 

 

Enter Properties for New User

 

Type a user name and password for the new user. Note that the password must meet the password policy requirements for the system. The policy can be displayed by hovering your mouse cursor over the "i" icon to the right of the password field.

Enter First name and Last Name, then enter an email address.

Click OK to create the user.

NOTE: You cannot change the user's name after you create the user. First and Last name are optional parameters.

 

 

Edit a vCenter Single Sign On User with the vSphere Web Client

 

 

List Current Users

 

Login to the vSphere Web Client as the administrator@vsphere.local user with password VMware1! and navigate to the Administration section, as indicated in the previous exercise.

  1. Click on Users and Groups under Single Sign-On
  2. On the Users tab, click the New User icon.

 

 

Edit the User

 

Right-click on the holadmin user and select Edit User.

 

 

Edit User Properties

 

Make changes to the user. The password must meet the password policy requirements for the system.  

Click 'OK' to save any changes.

 

 

Add a vCenter Single Sign On Group with the vSphere Web Client

In the vSphere Web Client, groups listed on the Groups tab are internal to vCenter Single Sign On. A group lets you create a container for a collection of group members called principals.  When you add a Single Sign On group with the Single Sign On administration tool, the group is stored in the Single Sign On database. The database runs on the system where Single Sign On is installed. These groups are part of the identity source domain vsphere.local (the dafault for vSphere 5.5 and higher), or System-Domain for vSphere 5.1.

Group members can be users or other groups, and a group can contain members from across multiple identity sources. After you create a group and add principals, you apply permissions to the group. Members of the group inherit the group permissions.

 

 

List Current Users

 

Login to the vSphere Web Client as the administrator@vsphere.local user with password VMware1! and navigate to the Administration section, as indicated in the previous exercise.

  1. Click on Users and Groups under Single Sign-On
  2. On the Users tab, click the New User icon.

 

 

List the Groups

 

  1. Select the Groups tab
  2. Click the Add Group icon (the green "+")

 

 

Create the new group

 

Enter a name and description for the group. You cannot change the group name after you create the group.

Click OK to create the group

 

 

Add Members to a vCenter Single Sign On Group in the vSphere Web Client

Members of a vCenter Single Sign On group can be users or other groups from one or more identity sources.  Members of a group are called principals.  Groups listed on the Groups tab in the vSphere Web Client are internal to Single Sign On and are part of the identity source System-Domain. You can add group members from other domains to a local group. You can also nest groups.

 

 

List Current Users and Groups

 

Login to the vSphere Web Client as the administrator@vsphere.local user with password VMware1! and navigate to the Administration section, as indicated in the previous exercise.

  1. Click on Users and Groups under Single Sign-On
  2. On the Users tab, click the New User icon.

 

 

List Current Groups

 

  1. Click the Groups tab
  2. Enter HOL into the search box and press Enter to filter the list
  3. Click the HOL Group group
  4. In the Group Members section, click the Add member icon

 

 

Add the holadmin User to the HOL Group

 

  1. Verify that the vsphere.local domain is selected
  2. Enter HOL into the search box and press Enter
  3. Select the holadmin user from the list
  4. Click the Add button
  5. Click OK to complete adding the user to the group.

 

 

Assign Global Permissions

Once identity sources, users and groups have been configured, they must be assigned permissions in order to be useful in vSphere.

 

 

List Global Permissions

 

Login to the vSphere Web Client as the administrator@vsphere.local user with password VMware1! and navigate to the Administration section, as indicated in the previous exercise.

  1. Click on the Global Permissions item under Access Control
  2. Click the Manage tab

SSO provides the ability to grant Global Permissions to an account by specifying the required access here. In the lab, this list represents the default permissions granted, with the exception of the CORP.LOCAL\Administrator user that we have added with Administrator permissions to the entire vSphere infrastructure.

 

 

Add New Global Permission

 

The members of the HOL Group will need to manage all virtual machines in the environment, so we will configure permissions here.

  1. Click the green (+) to open the Add New Permission window
  2. Click the Add... button

 

 

Locate the HOL Group

 

  1. Ensure that the vsphere.local domain is selected
  2. Enter hol in the search box and press Enter to filter the list
  3. Select the HOL Group group
  4. Click the Add button
  5. Click the OK button

 

 

Configure the Permissions

 

Permissions are granted to a user for an object by associating a Role with the user. This was covered in the previous section, User Access and Authentication Roles.

  1. Select the Virtual machine power user (sample) role from the Assigned Role list
  2. Ensure the Propagate to children box is checked
  3. Click OK

 

 

 

Verify the change

 

Note that the HOL Group has been granted Virtual machine power user access to all child objects in the infrastructure.

If you would like to test this further, logout of the Web Client and log back in as the holadmin@vsphere.local user with the password you used when creating the account. Notice that access to the infrastructure is restricted to basic management of virtual machines.

 

 

REFERENCE - Unlock vCenter Single Sign On Users in the vSphere Web Client

A vCenter Single Sign On user account might be locked when a user exceeds the allowed number of failed login attempts. After a user account is locked, the user cannot log in to the Single Sign On system until the account is unlocked, either manually or after a certain amount of time has elapsed.  

You specify the conditions under which a user account is locked in the Single Sign On Lockout Policy. Locked user accounts appear on the Users and Groups administration page. Users with appropriate privileges can manually unlock Single Sign On user accounts before the specified amount of time has elapsed. You must be a member of the Single Sign On Administrators group to unlock a Single Sign On user.

 

 

Locked Out User

 

By default, after three failed login attempts, the Users' account is locked.

In the lab, this policy has been disabled in order to prevent login issues that frequently occur with non-US keyboards.

This section has been included for reference purposes only.

 

 

Unlocking a User

 

Login to the vSphere Web Client as a user with SSO Admin privileges and navigate to the Users list.

  1. Locate the locked user account -- it will show as "Yes" in the "Locked" column.
  2. Right-click on the locked user and select 'Unlock'

Log out of the Web Client.

 

 

Change Your Password in the vSphere Web Client

Depending on your vCenter Single Sign On privileges, you might not be able to view or edit your Single Sign On user profile. However, all users can change their Single Sign On passwords in the vSphere Web Client.  The password policy defined in the vCenter Single Sign-On configuration tool determines when your password expires. By default, Single Sign-On passwords expire after 90 days in vSphere 6, but your system administrator might change this depending on the policy of your organization. If you choose to keep the defaults, remember to change the password for the administrator@vsphere.local account password every 90 days or it will lock out on day 91.

 

 

Change Password

 

In the upper navigation pane, click your user name to pull down the menu.

 

 

Change Password Dialog

 

Select Change Password and type your current password.

Enter a new password.

Type a new password and confirm it.

Click the OK button to make the change.

 

 

Conclusion

Typically, user accounts will not be managed natively within the SSO domain, but will be handled by an external directory source like Microsoft Active Directory or OpenLDAP. Understanding how SSO handles accounts and where to look for account-to-permission binding is useful for managing a vSphere implementation.

 

Adding an ESXi Host to Active Directory


In this lesson, we will walk through the process of adding an ESXi host to Active Directory.


 

Configure a Host to Use Active Directory in the vSphere Web Client

In this lesson, we walk through the process of adding an vSphere Host to authenticate again Active Directory.

 

 

Hosts and Clusters

 

Click on the Home icon and select Hosts and Clusters.

 

 

esx-01a.corp.local

 

Click on esx-01a.corp.local.

 

 

TCP/IP Configuration

 

Click on the Manage tab, then the Networking tab and finally the TCP/IP configuration tab.

 

 

Edit Default System Stack

 

Click on Default under System stacks and click the edit button.

 

 

DNS configuration

 

Click on the DNS configuration tab.

We will need to verify that the host name and DNS server information for the host are correct.  Click 'OK'.

 

 

Add a Host to a Directory Service Domain in the vSphere Web Client

Now that we have verified the network settings are correct, let's add the host to Active Directory.

 

 

Settings

 

Click on the Settings tab and then Authentication Services.

 

 

Join Domain

 

Click the Join Domain button.

 

 

Join Domain Settings

 

Enter corp.local for the Domain.

In the Using Credentials section enter:

Username: administrator
Password: VMware1!

Click OK.

 

 

Added to Active Directory

 

After a few moments, you should see the screen refresh and The Authentication Services section update to show the host s now connected to the Active Directory domain.

 

 

(Optional) Video: Add VMware vSphere Hosts to Active Directory (3:40)

This video shows how to join a VMware vSphere host to a Microsoft Active Directory (AD) domain in order to allow admins to use their active directory credentials to access and manage hosts.

 

 

Conclusion

This concludes Module 3 - An Introduction to vSphere Networking and Security .  We hope you have enjoyed taking this lab.  Please remember to take the survey at the end.

If you have time remaining, here are the other Modules that are part of this lab, along with an estimated time to complete each one.  Click on the 'Table of Contents' button to quickly jump to that Module in the Manual.

 

Module 4 - Introduction to vSphere Storage (60 Min)

vSphere Storage Overview


The following lesson provides an overview of the different types of storage available in vSphere.

The vSphere Hypervisor, ESXi, provides host-level storage virtualization, which logically abstracts the physical storage layer from virtual machines.

A vSphere virtual machine uses a virtual disk to store its operating system, program files, and other data associated with its activities. A virtual disk is a large physical file, or a set of files, that can be copied, moved, archived, and backed up as easily as any other file. You can configure virtual machines with multiple virtual disks.

To access virtual disks, a virtual machine uses virtual SCSI controllers. These virtual controllers include BusLogic Parallel, LSI Logic Parallel, LSI Logic SAS, and VMware Paravirtual. These controllers are the only types of SCSI controllers that a virtual machine can see and access.

Each virtual disk resides on a vSphere Virtual Machine File System (VMFS) datastore or an NFS-based datastore that are deployed on physical storage. From the standpoint of the virtual machine, each virtual disk appears as if it were a SCSI drive connected to a SCSI controller. Whether the actual physical storage device is being accessed through parallel SCSI, iSCSI, network, Fibre Channel, or FCoE adapters on the host is transparent to the guest operating system and to applications running on the virtual machine.

The vSphere storage management process starts with storage space that your storage administrator allocates on different storage systems prior to vSphere ESXi assignment. vSphere supports two types of storage - Local and Networked. Each type is detailed in the following lesson steps.


 

Local Storage

 

The illustration above depicts virtual machines using Local VMFS storage directly attached to a single ESXi host.

Local storage can be internal hard disks located inside your ESXi host, or it can be external storage systems located outside and connected to the host directly through protocols such as SAS or SATA.

 

 

Networked Storage

 

The illustration above depicts virtual machines using networked VMFS storage presented to multiple ESXi hosts.

Networked storage consists of external storage systems that your ESXi host uses to store virtual machine files remotely. Typically, the host accesses these systems over a high-speed storage network. Networked storage devices are typically shared. Datastores on networked storage devices can be accessed by multiple hosts concurrently, and as a result, enable additional vSphere technologies such as High Availability host clustering, Distributed Resource Scheduling, vMotion and Virtual Machines configured with Fault Tolerance. ESXi supports several networked storage technologies - Fiber Channel, iSCSI, NFS, and Shared SAS.

 

 

Virtual Machine Disks

 

The illustration above depicts virtual machines using different types of virtual disk formats against a shared VMFS Datastore.

When you perform certain virtual machine management operations, such as creating a virtual disk, cloning a virtual machine to a template, or migrating a virtual machine, you can specify a provisioning policy for the virtual disk file format. There are three types of virtual disk formats:

Thin Provision

Use this format to save storage space. For the thin disk, you provision as much datastore space as the disk would require based on the value that you enter for the disk size. However, the thin disk starts small and at first, uses only as much datastore space as the disk needs for its initial operations.

Thick Provision Lazy Zeroed

Creates a virtual disk in a default thick format. Space required for the virtual disk is allocated when the virtual disk is created. Data remaining on the physical device is not erased during creation, but is zeroed out on demand at a later time on first write from the virtual machine.

Using the thick-provision, lazy-zeroed format does not zero out or eliminate the possibility of recovering deleted files or restoring old data that might be present on this allocated space. You cannot convert a thick-provisioned, lazy-zeroed disk to a thin disk.

Thick Provision Eager Zeroed

A type of thick virtual disk that supports clustering features such as Fault Tolerance. Space required for the virtual disk is allocated at creation time. In contrast to the thick-provision, lazy-zeroed format, the data remaining on the physical device is zeroed out when the virtual disk is created. In general, it takes much longer to create disks in this format than to create other types of disks.

 

 

Additional vSphere Storage Labs

This module includes several lessons directed at configuring and using vSphere storage elements. Please continue to any of the following labs for additional information and hands-on access:

 

Creating and Configuring vSphere Datastores


This lab will walk you through creating and configuring a NFS, and an iSCSI vSphere Datastore. Also adding and configuring an iSCSI software adapter.

NOTE:  If you are using a device with non-US keyboard layout, you might find it difficult to enter CLI commands, user names and passwords throughout the modules in this lab.  Refer to the file README.txt on the desktop for additional information on resolving the keyboard issue. You may also use the "Send Text to Console" feature in the VMware Hands-on Lab portal.  Simply copy the text from the lab manual and paste into the "Send Text to Console" control.  When you press the "Send" button, the text will be sent to the in-focus window inside your lab VM.

 


 

Login to the vSphere Web Client

This step will walk you through logging into the vSphere Web Client.

 

 

Launch Mozilla Firefox web browser

 

1. Select "Mozilla Firefox" from the Control Center desktop

 

 

Enter credentials and login

 

Note: Selecting "Use Windows session authentication" will pass the same credentials as entering them as username "CORP\Administrator" and  password "VMware1!"

1. Select "Use Windows session authentication"

2. Select "Login"

 

 

 

Navigate to the Storage management pane

This step will take you to the Storage management pane.

 

 

From the Home screen

 

1. Select "Storage" from the inventories pane

 

 

Drill down to Storage

 

There are 2 storage datastores configured currently, an ISCSI datastore and a NFS datatstore.

1. Select the "ds-iscsi01" datastore

2. Click on Summary for summary details of the datastore.

Repeat the steps for the "ds-site-a-nfs01" datastore.

 

 

Create a vSphere NFS Datastore

In this step, you will create a new vSphere NFS Datastore using a pre-provisioned NFS mount.

 

 

Launch the New Datastore wizard

 

1. Select "Datacenter Site A"

2. Select "Actions"

3. Select "Storage"

4. Select "New Datastore"

 

 

 

New Datastore - Type

 

Click the "Next" button to advance the wizard to the "Type" step.

5. Verify type - NFS - is selected, and click "Next"

 

 

New Datastore - NFS Version

 

6. Verify NFS Version - NFS 3 - is selected, and click "Next"

 

 

New Datastore - Name and configuration

 

7. Give the new Datastore a name, "ds-site-a-nfs02"

8. Enter the Folder "/mnt/NFSA2" in the NFS Share Details area.

9. Enter the Server "10.10.20.60" in the NFS Share Details area and click "Next"

 

 

New Datastore - Host accessibility

 

10. Select the "check box" to include all hosts and select "Next".

 

 

New Datastore - Ready to complete

 

12. Review New Datastore configuration and click "Finish"

 

 

Monitor task progress

 

13. You can follow the progress in the Recent Tasks pane

14. Press the "Refresh" icon to update the display.

When complete, you should see the new ds-site-a-nfs02 Datastore available for use

 

 

Review new Datastore Settings

 

  1. Select the datastore ds-site-a-nfs02 from the inventory list
  2. Select "Summary" to review capacity and configuration details

 

 

 

Create a vSphere iSCSI Datastore

In this step, you will create a new vSphere iSCSI Datastore with a pre-provisioned iSCSI LUN.

 

 

Launch the New Datastore wizard

 

1. Select "Datacenter Site A"

2. Select "Actions"

3. Select "Storage"

4. Select "New Datastore"

 

 

 

New Datastore - Type

 

Select "Next" to advance to the "Type" page of the wizard.

5. Verify type - VMFS - is selected, and click "Next"

 

 

New Datastore - Name and configuration

 

6. Give the new Datastore a name, "ds-iscsi02"

7. Select a Host to view the accessible disks/LUNs and select esx-01a.corp.local in the drop-down box.

 

 

New Datastore - Name and device configuration

 

From this view, we can see that there are existing datastores that can be  presented to our vSphere environment.

8. Select the device with LUN ID 2. In this case, it should be the only device visible with a "FreeBSD" prefix.

Click "Next"

 

 

 

New Datastore - Partition Configuration

 

We can use all available capacity for this datastore or change the size if needed. The defaults are fine for this step.

Select Next

 

 

New Datastore - Ready to complete

 

12. Review New Datastore configuration and click "Finish

 

 

New Datastore - Monitor task progress

 

13. Note the progress in the Recent Tasks pane

14. When complete, you should see the "ds-iscsi02" Datastore available for use

 

 

New Datastore - Review Settings

 

  1. Select the datastore ds-iscsi02 from the inventory list
  2. Select "Summary" to review capacity and configuration details

Note that host esx-02a.corp.local may display a warning about a deprecated VMFS volume found on the host. This is a cosmetic issue only.

 

 

 

Add a new ESXi host

In this section, we will add a new ESXi host, esx-03a.corp.local, to the environment in Site A and ensure that it has the appropriate storage configured so that it can become a productive member of the cluster.

 

 

Hosts and Clusters View

 

  1. Click on the Hosts and Clusters icon to return to that Inventory view
  2. Select Cluster Site A
  3. Click on Summary to view the cluster's current configuration

Note that there are two hosts in the cluster and DRS is enabled in Partially Automated mode

 

 

Begin the Add Host workflow

 

  1. In the Inventory, click on Cluster Site A to select it
  2. Go to the Actions menu
  3. Select Add Host...

 

 

Enter the hostname

 

  1. Enter the name of the host to add, esx-03a.corp.local
  2. Click Next

 

 

Enter credentials

 

  1. Enter the username root
  2. Enter the pasword VMware1!
  3. Click Next

 

 

Accept the host's certificate

 

  1. Click Yes to accept the host's certificate

 

 

Host summary

 

This is a new host, so the inventory is empty.

  1. Click Next

 

 

Assign the HOL license to the host

 

  1. Click the radio button next to the VMware vSphere with Operations Management 6 Enterprise Plus for vSphere (CPUs) license
  2. Ensure the license validates
  3. Click Next

 

 

Configure Lockdown Mode

 

  1. Leave the default Lockdown Mode setting of Disabled and click Next

 

 

Resource Pool grafting

 

  1. Again, this is a new host with an empty inventory, so leave the default and click Next

 

 

Finish the Add Host Workflow

 

  1. Click Finish to import the host into vCenter

 

 

Monitor Progress

 

The Add Host task can be monitored using Recent Tasks.

Once complete, the esx-03a.corp.local host will show in the inventory in Maintenance Mode. This has been done intentionally because the host has no storage presented to it and cannot host virtual machines until storage is presented.

 

 

Mount NFS Datastores to New Host

 

The new host, esx-03a.corp.local has been imported but does not currently have any storage configured. Clicking on the hostname in the Inventory will show the Warning indicated.

In this section, the new host will have NFS storage added to it.

 

 

Mount NFS Datastore to New Host Wizard

 

In this case, there are two NFS datastores used by the Cluster Site A cluster. Adding an existing NFS datastore to a new host is a simple process.

  1. Click on the datastore icon to switch to the Datastores view
  2. Select the ds-site-a-nfs01 datastore in the Inventory
  3. Click on the Actions menu
  4. Select Mount Datastore to Additional Hosts...

 

 

Mount NFS Datastore - Select Host

 

  1. Click the checkbox to select al of the hosts in the list
  2. Click OK

 

 

Mount NFS Datastore - Monitor Task

 

The mount task can be monitored using Recent Tasks

Once the mount completes, it can be verified by clicking on the Related Objects (7) and then Hosts (8)

This will show all hosts in the inventory that have mounted this datastore.

For addtional practice, perform the same steps to mount the other NFS datastore, ds-site-a-nfs02, to the esx-03a.corp.local host.

 

 

Add a Software iSCSI Adapter

In addition to the NFS datastores used by the Cluster Site A cluster, we have iSCSI datastores.

In this section we will add an iSCSI Software Adapter to esx-03a.corp.local and ensure that it may access the iSCSI datastores.

 

 

Add Software iSCSI adapter

 

  1. Select the Hosts and Clusters view icon in the Inventory list to switch the Inventory view
  2. Select host esx-03a.corp.local from the Inventory
  3. Select "Manage"
  4. Select "Storage"
  5. Select "Storage Adapters"
  6. Select the green "+"  under the Storage Adapters panel to add a storage adapter.
  7. Select "Software iSCSI Adapter".

 

 

Confirm Add iSCSI Adapter

 

  1. Select OK to continue

 

 

Completed iSCSI Adapter configuration

 

The new adapter will be added to the host. The process can be monitored using Recent Tasks as the wizard opens firewall ports and creates the adapter.

  1. Once the tasks complete, it may be necessary to refresh the Web Client's view of the world.

Depending on the size of your screen, it may be necessary to scroll the Adapter list to see the new vmhba33 that was added.

 

 

Add iSCSI Target to an ESXi host

iSCSI devices are presented via an iSCSI Target. Think of this as the host for the iSCSI devices. The ESXi host needs to know where to look for the devices, so this section will go through the process of pointing the ESXi host at the iSCSI target and discovering which LUNs are available.

 

 

Perform Dynamic Discovery

 

  1. Select "Storage Adapters"
  2. Select the "vmhba33" adapter in the iSCSI Software Adapters section (you may need to scroll the list down)
  3. Click on "Targets"
  4. Click on "Dynamic Discovery" - notice that the list of iSCSI Servers is currently empty
  5. Click "Add"

 

 

Add Send Target Server

 

  1. Enter the iSCSI Server Address: "10.10.20.60" and select "OK"

 

 

(Re)Scan the iSCSI storage adapter

 

Once the new Target has been added, a message will appear in yellow to remind you of the need to tell the adapter to reach out and query the iSCSI Target.

  1. Click on the vmhba33 iSCSI adapter to select it
  2. Click the "Rescan this adapter" icon to rescan

 

 

 

Verify iSCSI Devices are Visible

 

  1. Once the rescan completes, click on Devices to show the LUNs detected on the iSCSI Target

Note that there should be two 5.5 GB iSCSI LUNs available from the FreeNAS, corresponding to our two iSCSI datastores, ds-iscsi01 and ds-iscsi02.

  1. These devices will also show up in the Strorage Devices area

 

 

Verify iSCSI Datastore Availability

 

  1. Click on "Related Objects"
  2. Click on "Datastores"

Notice that the two iSCSI datastores are now visible to the esx-03a.corp.local host

 

 

(optional) Scan for New Datastores

The ESXi host will periodically refresh its view of the storage and will mount VMFS datastores it finds If you are in a hurry and don't want to wait for a refresh cycle, you can trigger a rescan of the environment manually and have it pick up new devices and VMFS datastores.

 

 

Scan for new Datastores

 

1, Select "Storage Devices"

2. Select the rescan button.

 

 

Confirm Rescan Options

 

Review the "Rescan Storage" options and click "OK"

 

 

Completed Scan

 

The rescan tasks can be monitored using Recent Tasks. Following the rescan, all available devices and VMFS datastores should be mounted. These can be verified by visiting the appropriate locations: the Storage Devices pane for unformatted devices and the Related Objects > Datastores area for VMFS datastores.

 

 

Enable the New Host

Up to this point, the esx-03a.corp.local host has been in Maintenance Mode as its datastores have been assigned. Now that all of Cluster Site A cluster's datastores have been presented to this host, it is time to enable the host.

 

 

Exit Maintenance Mode

 

There are several ways to take a host out of Maintenance Mode. This process is good ot know because it can be used to take multiple hosts out of Maintenance Mode (or put them into Maintenance Mode) simultaneously.

  1. Select the cluster Cluster Site A
  2. Click Related Objects
  3. Click Hosts
  4. Select the host esx-03a.corp.local from the Hosts list
  5. Click the "Exit Maintenance Mode" icon

 

 

Ready to Go

 

After a few seconds, the host will exit Maintenance Mode. If you enabled vSphere HA on the cluster, the HA agent will be configured and started before the host shows a Status of Normal. The process occurs fairly quickly, so a refresh of the Web Client may be required to show the current state.

Note that basic networking for virtual machines, vMotion, and IP Storage have been preconfigured on this host for the purpose of this lab exercise. Adding the new host to the vds-site-a distributed switch would typically be done prior to taking the host out of Maintenance Mode, but is not required for this exercise. Feel free to migrate this switch to the VDS if you would like the practice.

This host is now able to handle workloads for the cluster.

 

Storage vMotion


Planned downtime typically accounts for over 80% of datacenter downtime. Hardware maintenance, server migration, and firmware updates all require downtime for physical servers. To minimize the impact of this downtime, organizations are forced to delay maintenance until inconvenient and difficult-to-schedule downtime windows.

The vMotion® and Storage vMotion functionality in vSphere makes it possible for organizations to reduce planned downtime because workloads in a VMware environment can be dynamically moved to different physical servers or to different underlying storage without service interruption. Administrators can perform faster and completely transparent maintenance operations, without being forced to schedule inconvenient maintenance windows. With vSphere vMotion and Storage vMotion, organizations can:

■ Eliminate downtime for common maintenance operations.

■ Eliminate planned maintenance windows.

■ Perform maintenance at any time without disrupting users and services.

In this lab, you will learn how to work with vMotion and move virtual machines to different hosts within the cluster.


 

Storage View

 

If you are not already logged into the vSphere Web Client:

Click the "Mozilla Firefox" icon from the Control Center desktop

Click the "Use Windows session authentication" check box

Click "Login"

  1. Go the home screen of the vSphere Web Client by clicking the "Home" icon.
  2. Click the "Storage" icon.

 

 

List Virtual Machines on a Specified Datastore

 

  1. Navigate to and click on the ds-site-a-nfs01 datastore object in the Datacenter Site A datacenter managed by the vcsa-01a.corp.local vCenter.
  2. Click "Related Objects"
  3. Click the "Virtual Machines" tab. You should now have a list of all virtual machines on the selected datastore.

Note: depending on which lessons you have completed, the available datastores and virtual machines may be different than the images.

 

 

Drag and Drop Storage vMotion

 

The VM TinyLinux-01 is initially on ds-site-a-nfs01 and needs to be moved to ds-iscsi01.

  1. Click the TinyLinux-01 VM and continue to hold the left mouse button while dragging the VM to the ds-iscsi01 datastore object.  A green + will appear near the mouse cursor (see picture) when it is pointing at objects which are suitable targets for the object being moved. Let go of the mouse button to drop the TinyLinux-01 VM onto the ds-iscsi01 object.  The Migrate wizard will launch to complete the process.

 

 

Migrate Datastore

 

  1. Select the radio button to "Change storage only". Note that in vSphere 6.0 we do have the ability to change compute, network, and storage in the same vMotion operation.
  2. Click "Next"

 

 

Storage Policy

 

  1. Note that the ds-iscsi01 datastore is already selected because that's where we dropped the VM prior to starting the wizard.
  2. Click "Next" to accept the settings for the storage move.
  3. Click "Finish" on the next screen to start the move.

This operation will take a few minutes. Feel free to monitor the operation within the Recent Tasks pane or move on to the next step.

 

 

Confirm Storage vMotion

 

The Storage vMotion progress can be monitored in the Recent Tasks panel

  1. Once complete, click on the ds-iscsi01 datastore and notice that the TinyLinux-01 virtual machine is listed under its Related Objects.

The virtual machine's storage has been migrated from NFS to iSCSI storage without the need to take the virtual machine offline.

 

Managing Virtual Machine Disks


When working with Virtual Machines, you can create a virtual disk, use an existing virtual disk, or create Raw Device Mappings (RDMs), which give your virtual machine direct access to SAN. A virtual disk comprises one or more files on the file system that appear as a single hard disk to the guest operating system. These disks are portable among hosts.

You use the "Create Virtual Machine" wizard to add virtual disks during virtual machine creation. However, in this lab you will work with an existing Virtual Machine in the inventory.

This lab will walk you through the process of adding a new virtual disk to an existing Virtual Machine.  Additionally, you will extend the Virtual Machine's original disk to a larger capacity.


 

Login to the vSphere Web Client

This step will walk you through logging into the vSphere Web Client if you are not already logged in.

 

 

Launch Mozilla Firefox web browser

 

1. Select "Mozilla Firefox" from the Control Center desktop

 

 

Enter credentials and login

 

Note: Selecting "Use Windows session authentication" will pass the same credentials as entering them as username "CORP\Administrator" and  password "VMware1!"

1. Select "Use Windows session authentication"

2. Select "Login"

 

 

 

Navigate to the VMs and Templates management pane

This step will take you to the VMs and Templates management pane.

 

 

From the Home screen

 

There are several ways to navigate the NGC Web Client to perform management tasks.

1. Select the "Home Icon"  from the title bar pane.

2. Select "VMs and Templates"

From this view, we can see that there are several existing Virtual Machines in our vSphere environment. In the next step, we will add a new virtual disk to the "w12-core" Virtual Machine.

 

 

Create a new Virtual Disk

In this step, you will go through the process of creating a new Virtual Disk resource for an existing Virtual Machine.

 

 

Launch the Edit Settings wizard

 

4. Select Virtual Machine "w12-core"

In the action pane, note the original disk configuration - single hard disk with a capacity of 5.00 GB

5. Click "Edit Settings"in the VM Hardware panel

 

 

Select New Hard Disk to add

 

6. Select the "New Device" pop up menu

7. Click "New Hard Disk"

Click "Add" to complete the operation.

 

 

Configure Size and Provisioning settings

 

8. Decrease the size to "5" GB

9. Click "OK" to create the new virtual disk

 

 

Monitor task progress

 

Note the progress in the Recent Tasks pane

10. When complete, you should see "Hard disk 2" with a capacity of 5.00 GB available to w12-core VM.

 

 

Extend an existing Virtual Disk

In this step, you will extend an existing Virtual Disk for a Virtual Machine.

 

 

Launch the Edit Settings wizard

 

1. Select Virtual Machine "w12-core"

2. In the action pane, click "Edit Settings"

 

 

Hard disk 1 settings

 

3. In the Edit Settings wizard, note the capacity for Hard disk 1 is 20 GB.

 

 

Extend Hard disk 1

 

4. Click the "up arrow" to increase Hard disk 1 capacity to 22 GB

5. Click "OK"

 

 

Monitor task progress

 

4. Note the progress in the Recent Tasks pane

5. When complete, you should see "Hard disk 1" with a new capacity of 22.00 GB available to the w12-core virtual machine

 

 

Review the Virtual Disk Configuration

 

  1. Select "w12-core" from the inventory pane
  2. Note each of the configured virtual disks and associated capacity
  3. Note that due to Thin Provisioning, the total consumed storage for the virtual disks is only 5.76 GB!

 

Working with Virtual Machine Snapshots


Snapshots preserve the state and data of a virtual machine at the time you take the snapshot. Snapshots are useful when you must revert repeatedly to the same virtual machine state, but you do not want to create multiple virtual machines. You can also take multiple snapshots of a virtual machine to create restoration positions in a linear process. With multiple snapshots, you can save many positions to accommodate many kinds of work processes. The Snapshot Manager in the vSphere Web Client provides several operations for creating and managing virtual machine snapshots and snapshot trees. These operations let you create snapshots, restore any snapshot in the snapshot hierarchy, delete snapshots, and more.

A Virtual Machine snapshot preserves the following information:

In this lesson, you will create a Virtual Machine snapshot, make changes to the Virtual Machine's hardware and configuration state, and then revert back to the original state of the Virtual Machine by leveraging the vSphere Web Client Snapshot Manager.


 

Navigate to the VMs and Templates management pane

This step will take you to the VMs and Templates management pane.

 

 

From the Home screen

 

1. Select "VMs and Templates" from the inventory pane.

 

 

Open up the Inventory tree

 

2. Expand the inventory tree

From this view, we can see that there are several existing Virtual Machines in our vSphere environment. In the next step, we will take a Snapshot of the w12-core Virtual Machine.

 

 

Take a Virtual Machine Snapshot

In this step, you'll take a Snapshot of a Virtual Machine.

 

 

Launch the Take VM Snapshot wizard

 

1. Select Virtual Machine "w12-core"

2. Select the "Actions" drop down menu and expand "Snapshots"

3. Click "Take Snapshot"

 

 

Enter a Name and Description for the VM Snapshot

 

4. In the Take VM Snapshot wizard, provide a name for the Snapshot point - "Snapshot#1"

5. Provide a description for the Snapshot point - "Snapshot taken prior to VM settings change."

6. Click "OK"

 

 

Launch the Manage VM Snapshots wizard

 

Note the progress in the Recent Tasks pane

7. Once complete, select the "Actions" drop down menu and expand "Snapshots"

8. Click "Manage Snapshots..."

 

 

View VM Snapshot details

 

9. Note the operational state of the VM relative to the Snapshot time line

10. Click "Close"

 

 

Change the Virtual Machine Settings

In this step, you will change the Memory configuration for the Virtual Machine.

 

 

Launch the Edit Settings wizard

 

1. Select Virtual Machine "w12-core"

2. Click the "Actions" drop down menu and select "Edit Settings..."

 

 

Change the Virtual Machine's settings

 

3. Select the drop down menu for the "Memory" settings

4. Select "4 GB"

 

 

Review the Virtual Machine's new settings

 

5. Note the new Memory configuration

Not shown: Click "OK" to commit the memory configuration change.

 

 

Revert Virtual Machine settings using the Snapshot Manager

In this step, you revert the Virtual Machine's configuration back to the original state using the Snapshot Manager.

 

 

Launch the Manage VM Snapshots wizard

 

1. Select Virtual Machine "w12-core"

2. Click the "Actions" drop down menu and select "Snapshots"

3. Click "Manage Snapshots..."

 

 

Select the VM Snapshot to Revert to

 

4. In the Manage VM Snapshots wizard, select "Snapshot#1" from the Snapshot tree

5. Click "Revert to"

 

 

Confirm Revert to Snapshot

 

6. Click "Yes" to confirm action

 

 

Close the Manage VM Snapshots wizard

 

7. Click "Close"

 

 

Monitor task progress

 

8. Note the progress in the Recent Tasks pane.

9. Note the Memory configuration has reverted back to 1024 MB

 

 

Delete Snapshot

 

From the "Actions" menu select "Snapshots" and "Manage Snapshots..."

 

 

Delete Snapshot#1

 

  1. Select the top-level w12-core state.
  2. Click the "Delete All" button
  3. Select "Yes" to confirm the deletion at the pop-up message prompt
  4. Click the "Close" button.

It is a best practice to delete virtual machine snapshots when they are no longer needed.  Over time the snapshot delta can grow to be quite large which could result in issues consolidating the virtual machine files.

 

 

Video: More on Virtual Machine Snapshots (2:33)

For more information on vSphere Virtual Machine Snapshots, be sure to check out the following video:

 

Cloning Virtual Machines and Using Templates


VMware provides several ways to provision vSphere virtual machines.

One method is to create a single virtual machine and install an operating system on it, and then use that virtual machine as a base image from which to clone other virtual machines. Cloning a virtual machine can save time if you are deploying many similar virtual machines. You can create, configure, and install software on a single virtual machine. You can clone it multiple times, rather than creating and configuring each virtual machine individually.

Another provisioning method is to clone a virtual machine to a template. A template is a master copy of a virtual machine that you can use to create and provision virtual machines. Creating a template can be useful when you need to deploy multiple virtual machines from a single baseline, but want to customize each system independently of the next. A common value point for using templates is to save time. If you have a virtual machine that you will clone frequently, make that virtual machine a template and deploy your virtual machines from that template.

In this lesson, you will clone an existing Virtual Machine to a Template, and deploy a new Virtual Machine from that Template.


 

Navigate to the VMs and Templates management pane

This step will take you to the VMs and Templates management pane.

 

 

From the Home screen

 

1. Select "VMs and Templates" from the inventories pane

 

 

Open up the Inventory tree

 

2. Click the drop down arrows to expand the inventory tree

From this view, we can see that there are several existing Virtual Machines in our vSphere environment. In the next step, we will clone the TinyLinux-01 Virtual Machine to a Template.

 

 

Clone a Virtual Machine to a Template

In this step, you will clone an existing Virtual Machine to a Template.

 

 

Launch the Clone Virtual Machine to Template wizard

 

1. Select Virtual Machine "TinyLinux-01"

2. Click on the "Actions" menu

3. Select "Clone"

4. Select  "Clone to Template"

 

 

 

Select a name and folder

 

4. In the Clone Virtual Machine to Template wizard, provide a name for the Template - "TinyLinux Template"

Please leave the location as "Datacenter Site A" for this lab.

5. Click "Next"

 

 

Select Compute Resource

 

To avoid warnings about the Virtual Distributed Switch

  1. Expand "Cluster Site A"
  2. Choose "esx-02a.corp.local"
  3. Click "Next"

 

 

Select Storage

 

The datastore with the most free space is automatically chosen.  Please keep the default "ds-site-a-nfs01".  Press the "Next" button.

 

 

Review the VM Template Settings

 

Review the VM Template settings and press the "Finish" button.

 

 

Monitor task progress

 

13. Note the progress in the Recent Tasks pane( This task may take a few minutes to complete)

14. Note the new "TinyLinux Template" object in the inventory pane

 

 

Deploy a Virtual Machine from a Template

This step will take you through the deployment of a new Virtual Machine from a Template.

 

 

Launch the Deploy From Template wizard

 

1. Select the Template, "TinyLinux Template"

2. Select the "Getting Started" tab

3. Under Basic Tasks in the action pane, click "Deploy to a new virtual machine"

 

 

Select a name and folder

 

1. Enter "TinyLinux-02" for the name of the new virtual machine

2. Leave the default location of "Datacenter Site A"

3. Click the "Next" button

 

 

Select compute resource

 

4. Expand "Cluster Site A"

5. Select "esx-02a.corp.local" to avoid the virtual distributed switch

6. Click "Next"

 

 

Select storage

 

7. Leave the default datastore which has the most free space

8. Click "Next"

 

 

Select clone options

 

Leave the clone options unchecked.  In order to manage the time to complete this module, the "TinyLinux-01 Template" has no OS installed and so it will not be possible to customize the guest.

As a challenge, you may create a template of the "w12-core" VM and then explore the options for guest customization.  The "w12-core" VM will take 20 minutes or so to clone so converting the VM to a template then cloning a new VM from that template with guest customization will save some time.

9. Click "Next"

 

 

Ready to complete

 

Review the deployment options and then click "Finish".

 

 

Monitor task progress

 

10. Note the progress in the Recent Tasks pane, this task will complete very quickly since there is no OS installed this VM

11. Note the new "TinyLinux-02" Virtual Machine in the inventory pane

 

 

Video: More on Virtual Machine Clones and Templates (4:04)

Take a look at the following video for more information about vSphere Virtual Machine Clones and Templates:

 

vSphere Datastore Cluster


A vSphere Datastore Cluster balances I/O and storage capacity across a group of vSphere datastores.  Depending on the level of automation desired, Storage Dynamic Resource Scheduler will place and migrate virtual machines in order to balance out datastore utilization across the Datastore Cluster.

In this lesson, you will create a vSphere Datastore Cluster using two iSCSI datastores.


 

Navigate to Storage

 

1. Select the "Home" icon

2. Select "Storage"

 

 

New Datastore Cluster

 

3. Right Click on "Datacenter Site A"

4. Select "Storage"

5. Select "New Datastore Cluster"

 

 

New Datastore Cluster- Name and Location

 

Enter "DatastoreCluster-01" for the name and select "Next".

 

 

New Datastore Cluster- Storage DRS Automation

 

Due to the I/O characteristic of the VMware Hands-on Labs environment, please leave the defaults and select "Next".

Feel free to explore the various settings for Storage DRS automation.

 

 

New Datastore Cluster- Storage DRS Runtime Settings

 

Storage DRS provides multiple options for tuning the sensitivity of storage cluster balancing.  Please leave the defaults for now and select "Next".

 

 

New Datastore Cluster- Select Clusters and Hosts

 

Because there are no standalone hosts, please select "Cluster Site A" and then click the "Next" button.

 

 

New Datastore Cluster- Select Datastores

 

Select the "ds-iscsi02" and "ds-iscsi01" datastores for the new Datastore Cluster.

 

 

New Datastore Cluster- Ready to Complete

 

Review the Storage DRS settings and click the "Finish" button.

 

 

New Datastore Cluster- Summary

 

View the "Recent Tasks" to check the progress of the operation.

 

 

Conclusion

Leveraging vSphere Datastore Clusters in your vSphere environment can help to ensure datastores are filled evenly and I/O is spread out across the group of datastores in the cluster.  Storage DRS can automate the initial placement of new virtual machines and adjust virtual machine placement to maintain an even distribution of I/O across the datastore cluster.

 

vSphere Data Protection


VMware vSphere Data Protection is a backup and recovery solution for VMware virtual machines. It is fully integrated with vCenter Server and the vSphere Web Client, providing easy, disk-based backup and recovery for VMware virtualized environments. All functionality previously available with VMware vSphere Data Protection Advanced has been consolidated into vSphere Data Protection 6.0.  vSphere Data Protection features industry-leading EMC® Avamar® variable-length segment deduplication to minimize backup data storage consumption. vSphere Data Protection virtual appliances can be deployed with up to 8TB of deduplicated backup data capacity. Changed block tracking (CBT) is utilized for backup and restore to reduce time and network bandwidth requirements.

vSphere Data Protection now includes agents that enable application-consistent backup and reliable recovery of Microsoft SQL Server, Microsoft Exchange Server, and Microsoft SharePoint Server, including SQL Server clusters and Exchange Server database availability groups. Individual databases can be selected for backup and restore, and it is possible to restore individual Exchange Server mailboxes.

Secure, efficient replication of backup data between vSphere Data Protection virtual appliances provides an easy, reliable method to move backup data offsite for disaster recovery. Replicated backup data can be restored at the target location or replicated back to the source location for restore. This functionality provides several retention and recovery options to satisfy a wide variety of business requirements.

The best way to ensure backup data integrity is to perform regular “practice” restores. This important activity is seldom performed in many organizations. vSphere Data Protection now includes automated backup verification—scheduled jobs that routinely restore virtual machines, boot the guest OSs, check for VMware Tools™ heartbeats to verify that the virtual machines have been recovered successfully, and then delete the restored virtual machines.

vSphere Data Protection features support for storing backup data on EMC Data Domain, providing increased reliability and backup data capacity. EMC DD Boost is utilized to minimize network bandwidth impact and improve performance.

External proxies are now available with vSphere Data Protection. They can be deployed to remote locations such as other vSphere clusters within the same site or across sites to help minimize network bandwidth requirements. External proxies also enable support for as many as 24 concurrent backup streams and for Red Hat Enterprise Linux Logical Volume Manager (LVM) and the Ext4 file system.

vSphere Data Protection 6.0 is included with vSphere Essentials Plus Kit 6.0 and higher editions of vSphere, all VMware vSphere with Operations Management™ 6.0 editions, and all vCloud Suite 6.0 editions.

For more information, consider taking the Hands-on Lab, HOL-SDC-1405 - Business Continuity and Resilient Infrastructure.


vSphere Replication Overview


VMware vSphere Replication, the VMware proprietary replication engine, provides data protection and disaster recovery for the vSphere platform by replicating virtual machines within the same site and across sites. It is tightly integrated with vSphere and is managed using vSphere Web Client. It is included with vSphere Essentials Plus Kit and higher editions of vSphere.  Multiple points in time recovery can be enabled to provide as many as 24 recovery points for a replicated virtual machine. vSphere Replication is used as a standalone solution and as a replication engine for VMware vCenter Site Recovery Manager and VMware vCloud Air Disaster Recovery.

The recovery point objective (RPO) can be set on a per–virtual machine basis and can range from 15 minutes to24 hours. After initial synchronization between the source and the target locations, only changes to the virtual machines are replicated, enabling vSphere Replication to minimize network bandwidth consumption. New to vSphere Replication in vSphere 6.0 to further improve efficiency is the option to compress replicated data as it is sent across the network.  It is now possible to easily isolate network traffic associated with vSphere Replication. This enables vSphere administrators to control bandwidth by configuring more than one network interface card in a vSphere Replication virtual appliance and by using vSphere Network I/O Control to separate network traffic. The result is improved performance and security.

Enhancements have been made to the way vSphere Replication performs a full synchronization. Previous versions of vSphere Replication requested and compared remote checksums with local checksums to determine the regions of a virtual disk that had to be replicated. With some storage platforms and vSphere 6.0, vSphere Replication can query vSphere for storage allocation information, to reduce the amount of time and network bandwidth required to perform a full synchronization.

vSphere Replication is fully compatible with VMware vSphere Storage vMotion® at both the source and target locations. Prior to vSphere 6.0, moving a replica at the target location required vSphere Replication to perform a full synchronization. With vSphere 6.0, migrating a replica with vSphere Storage vMotion no longer requires this. That makes it much easier to balance storage utilization with vSphere Storage vMotion and VMware vSphere Storage DRS™ while avoiding RPO violations.

Improvements have also been made to VMware Tools for Linux virtual machines. With some Linux OSs, VMware Tools features the ability to quiesce the guest OS during replication and backup operations.  vSphere Replication can utilize this new functionality to enable file system–consistent recovery of Linux virtual machines.

To gain hands-on experience with vSphere Replication, consider taking HOL-SDC-1405 - High Availability and Resilient Infrastructure.


Virtual Volumes


Virtual Volumes is a new feature released with vSphere 2015.  Virtual Volumes is a new virtual machine disk management and integration framework that enables array-based operations at the virtual disk level. It transforms the data plane of SAN and NAS storage systems by aligning storage consumption and operations with virtual machines. In other words, Virtual Volumes makes SAN and NAS storage systems capable of being managed at a virtual machine level and enables the leveraging of array-based data services and storage array capabilities with a virtual machine–centric approach at the granularity of a single virtual disk.

Virtual Volumes implements a significantly different and improved storage architecture, enabling operations to be conducted at the virtual machine level using native array capabilities. With Virtual Volumes, most data operations are offloaded to the storage arrays.  Virtual Volumes eliminates the need to provision and manage large numbers of LUNs or volumes per host. This reduces operational overhead while enabling scalable data services on a per–virtual machine level.  

Storage Policy–Based Management (SPBM) is a key technology that works in conjunction with Virtual Volumes.  This framework delivers an orchestration and automation engine that translates the storage requirements expressed in a virtual machine storage policy into virtual machine granular provisioning capabilities with dynamic resource allocation and management of storage-related services.

Through the integration of VMware vSphere API for Storage Awareness, storage array capabilities are pushed through the vSphere stack and are surfaced in the vCenter Server management interface. Using virtual machine storage policies, vSphere administrators can specify a set of storage requirements and capabilities for any particular virtual machine to match service levels required by hosted applications. SPBM leverages Virtual Volumes to recommend compliant datastores for virtual machine placement and to transparently turn on the necessary data services based on native array capabilities. Through SPBM, virtual machine tailored data services are executed by the array. Coupled with Virtual Volumes, SPBM ensures policy compliance throughout the virtual machine life cycle.

To get hands-on experience with Virtual Volumes, consider taking the Hands-on Lab, HOL-SDC-1429 - Virtual Volumes.  You may also want to review HOL-SDC-1427 - VMware Software Defined Storage for the Enterprise where you can gain a better understanding of Storage Policy Based Management.


 

Conclusion

This concludes Module 4 - An Introduction to vSphere Storage.  We hope you have enjoyed taking this lab and don't forget to take the survey at the end.

If you have time remaining, here are the other Modules that are part of this lab, along with an estimated time to complete each one.  Click on the 'Table of Contents' button to quickly jump to that Module in the Manual.

 

Module 5 - Introduction and Overview of the new vRealize Operations UI

Introduction to the new vRealize Operations Manager 6.0 User Interface


In this module we will explore the challenges of the vCenter Operations Manager 5.x interface and how they have been dramatically improved in vRealize Operations Manager 6.0.


 

Introduction

VMware® vRealize™ Operations Manager™ has a fantastic new User Interface which is designed to make it easy to quickly and accurately understand and remediate environmental problems.

This module is designed to demonstrate the major differences in the User Interface in vRealize Operations Manager 6.0, compared to the previous versions.

 

 

vRealize Operations Manager 5 - User Interface Challenges

In the previous versions of vCenter Operations Manager, we had two separate User Interfaces:

vSphere User Interface

Custom User Interface

Due to the fact that these two interfaces had different features and focus, Objects in vCenter Operations Manager had different levels of "importance". This often posed challenges for administrators who were trying to define Alerts and Dashboards.

 

 

vRealize Operations Manager 6.0 - User Interface Changes

 

With the release of VMware® vRealize™ Operations Manager™ 6.0, the User Interfaces of previous versions have been unified into a new single interface.

This new Merged User Interface provides a single customizable series of panels which can be used to access all object types, across the entire environment. This includes both vSphere and non-vSphere oriented objects.

The new User Interface is also highly customizable, with consolidated alerting and consistent views and features. Finally, all objects can now be treated equally!

 

User Interface Overview


In this lesson, we will quickly review the vRealize Operations Manager UI.


 

User Interface Overview

One of the major advantages to the new User Interface in VMware® vRealize™ Operations Manager™ is that the content panels are extremely consistent while also being contextually relevant. In this section we will highlight a few of the major interface components, so that you can easily understand how to navigate to the objects of interest.

 

 

Navigation Panel

 

On the left of the screen we can always see the Navigation Panel. This panel can be used to quickly navigate whatever information is currently on screen and will allow you to focus down to different levels very quickly.

 

 

Content Panel

 

On the right hand side of the screen, we can see the Content Panel, which will show whatever contextual information is currently selected in the Navigation Panel. This panel will automatically change to show you the most up to date and relevant information.

 

 

Quick Links

 

By default the Navigation Panel will show us key links to access the various content pages, which can also be found in a handy Quick Link format at the top. These five links take us to the various control panels in vRealize™ Operations Manager™ 6.0.

Also of note here is the powerful Back Button which will return you to previous working pages, in an intelligent way. This can be very time saving when you are zipping around trying to troubleshoot a performance problem in your environment!

 

Interface Pages


In this lesson, we will review the Interface pages in vRealize Operations Manager.


 

Home Page

 

The Home Page is the landing page for vRealize™ Operations Manager™ 6.0. This is the primary view where an administrator can browse and view the available Dashboards.

Any 3rd party or add-on Solution which creates a Dashboard will make it visible here, so this screen is a great way to get quick overviews of your environment. This page is made even more powerful if we customize and create our own Dashboards.

Dashboards can be quickly accessed using the appropriate tab, if visible, or selected directly using the handy Dashboard List drop-down selector.

 

 

Alert Page

 

The Alerts Page shows a chronologically sorted list of recent Alerts in the environment.

You can quickly filter Alerts by Badge type by selecting the appropriate Badge Category from the Navigation Pane.

 

 

Environment Page

 

The Environment Page helps us view our environment through a series of metrics and object relationships by using Inventory Trees.

There are different types of Inventory Trees, which can be added by Adapters. Inventory Trees can have different types (ie. Storage, Hosts & Clusters, Networking, etc), and also Instances (ie. Each vCenter would create an instance of Hosts & Clusters).

Each Inventory Tree shows us a series of Objects and Relationships between those Objects. Individual Objects can be part of many different Inventory Trees.

Inventory Trees may sound like a complicated concept, but once you start exploring vRealize™ Operations Manager™ you will quickly understand how they can help navigate our environment and visualize relationships between parent and child objectss.

The Environment Page is divided up into a series of sub tabs:

Each sub-tab can be used to quickly access the information you are interested in to help troubleshoot the issue at hand faster and more accurately.

 

 

Content Page

 

This page is an extremely powerful tool which advanced administrators can leverage to build content for vRealize™ Operations Manager™ 6.0, including Dashboards and Alerts.

We will cover the creation of these tools in detail in upcoming modules.

 

 

Administration Page

 

The Administration Page contains all administration options including Solutions (Adapters), User Management and Support tools.

 

Wrap Up


We hope you have enjoyed taking this module and can see the value in the newly re-designed vRealize Operations Management User Interface.  Be sure to take the survey at the end.

For more information on vRealize Operations Management, be sure to check out these resources:

If you have time remaining, here is a list of all the Modules that are part of this lab, along with an estimated time to complete each one.  Click on the 'Table of Contents' button to quickly jump to that Module in the manual.

The complete listing of all seven modules are:

An average time to complete each module is listed. Depending on your experience with the products and your skill level, more or less time may be needed.


Module 6 - Virtual Infrastructure Performance Monitoring and Guided Remediation

Introduction and Environment Overview


In this Lab Module we will review some of the features around managing vSphere environments, looking at new Symptom definition and Alerting capabilities combined with the ability to take remediative actions from the vRealize Operations Manager UI.

In this module we will be focused on a 2 node cluster we have running in our data center (Cluster_2), this 2 node cluster is running a test version of a Web application, we are going to be monitoring this 2 node environment to see if all is well.

We will see if we have any alerts created by the Web application and see if it has been setup appropriately for our vSphere environment and explore how vRealize Operations Manager can help us better manage and develop our Cloud environments.

Our Web Application Virtual Machines are prefixed with PVM* and only these Virtual Machines should be running on our 2 node Cluster.

Lets gets started!

 


 

Keyboard Shortcuts

 

To aid in typing some of the entries in the lab, we have added a txt file on the ControlCenter desktop to help account for the variations in keyboard layouts.

 

 

Launching the vCenter Operations Manager vSphere UI

 

On the ControlCenter Desktop, launch Firefox.

 

 

Launch vRealize Operations Web site using the bookmark

 

 

 

Login as Admin

 

Use the following credentials to login to vCenter Operations Manager vSphere UI:

User name: admin
Password: VMware1!

Click Login.

 

 

vCenter Operations Manager vSphere UI

 

You are now logged in to the vCenter Operations Manager vSphere UI.

 

 

Screen navigation

 

If you have trouble navigating through any of the wizards we will use in this module, use Firefox zoom to adjust the UI screen

1) Click to open Firefox Menu

2) Use the '+' and '-' to zoom in or out as appropriate to fit screen

 

Monitor Web App on Cluster_2


As our Web App is running on a 2 node vSphere cluster named Cluster_2, lets navigate to that object in vRealize Operations Manager


 

Navigate to Cluster_2 resource in vRealize Operations Manager

 

1) Type 'Cluster' into the search bar at the top right of the vRealize Operations manager UI

2) Select Cluster_2

 

 

Check Alerts for Cluster_2

 

1) You are brought to the Cluster_2 object and the Summary page is displayed, scroll down the page using the bar on the right, you can see there already some alerts for this cluster resource object.

2) Under Health, use the the bar to scroll down and review the alerts, you can see there are alerts for various problems, we'd better check some out!

NOTE - As we are in a Lab environment, the Alerts you will see are configured to never expire, this is why the Alerts are present prior to the Virtual Machines being started.

 

 

Check CPU Alert

 

Let's Start by checking the high CPU Workload Alert

Click on the alert 'Virtual Machine has Unexpected high CPU workload'

 

 

Select CPU Alert for Web App

 

Here we can see there are many Virtual Machines that have triggered this Alert, we know our Web App Virtual Machine names are prefixed with PVM* so lets check that one.

Click on 'View Details' for PVMAPP_0

 

 

Review CPU Alert

 

Once we have selected the Alert we can see various pieces of information

1) We can see the details for the triggered Alert, such as the resource that triggered the Alert, what Alert type it is and what impact is has

2) Here we can see the metrics that would have triggered the alert, this can help us see the possible causes

3) Here, direct from the Alert, we can see Recommendations that can help us resolve the problem with the Virtual Machine, here we are advised to check weather the high CPU load is normal behaviour

4) Click on 'Other Recommendations', here we can see another recommendation advising to Add more CPU capacity to the Virtual Machine and a button to allow us to take this action right from the alert!

 

 

Add more CPU to Virtual Machine

 

Since the App owners aren't around at the moment, lets just try an keep this Virtual Machine happy by adding more CPU capacity, However lets check on the Virtual Machine in question first, click on 'PVMAP_0' on the left hand side of the UI

 

 

Check CPU Load (Analysis tab)

 

Lets Check the CPU metrics, Click on the 'Analysis' tab

 

 

Check CPU Load (Cont)

 

Here we can see the Virtual Machine is Configured to 6 GHz of capacity and its maxed out!

 

 

Set CPU Count for Virtual Machine

 

Let Increase the CPU for this Virtual Machine

1) Click on 'Actions' from the toolbar at the top

2) Select 'Set CPU Count for VM'

 

 

Set CPU Count for Virtual Machine (PVMAPP_0)

 

The 'Set CPU Count for VM' wizard opens

1) Here we can see the Virtual Machine currently has 2 CPU's, lets add more, Set 'New CPU' to '3' (although vRealize Operations is recommending more we just want to add 1 additional vCPU)

2) Set 'Power Off Allowed' to true by ticking the box

3) Click OK

 

 

Review the task

 

Once we have set the action, we get page confirming the task has been created, Click on 'Recent Tasks' to review the action

 

 

Review Recent Tasks

 

Here we can see the details of the action taken (NOTE - it will take up to 2 min to complete)

1) Click on the task at the top of the list

2) Here we can see the task to add more CPU to the Virtual Machine has completed! lets go and see how the virtual machine is doing

 

 

Check CPU load on PVMAPP_0

 

Click on the back button (Virtual machine) to go back to 'PVMAPP_0'

 

 

Check CPU load on PVMAPP_0 (Cont)

 

1) Click on the Impacted Object link (PVMAPP_0)

2) Click on the 'Analysis' tab

3) Here we can now see the Virtual Machine now has 9 GHz capacity and the workload has stabilized

NOTE - it will take up to 5 mins for the new metrics to be polled and refreshed

 

 

Go back to our Cluster_2 resource

 

1) Type 'Cluster' in the search bar at the top right of the UI

2) Select Cluster_2 from the found objects, and make sure you are back at the 'Summary' tab

 

 

Check Memory Alert

 

Lets check one of the other Alerts.  Again please make sure you are on the object 'Cluster_2', and on the 'Summary' tab

Click on 'Virtual Machine has unexpected high Memory workload'

 

 

Review Memory Alerts

 

As you can see there are a number of Virtual Machines on our Cluster_2 resource that have triggered this alert, our Web app Virtual Machines we know have the prefix PVM* so lets take a look at one of them.

Click on 'View Details' for PVMWEB_1

 

 

Review Alert for PVMWEB_1

 

Here we can see the details for the Alert on PVMWEB_1,

1) Here we can see details on the triggered Alert, what object it was triggered from and what the impact is

2) Here we can see metrics that have resulted in triggering the Alert

3) We can also see some Recommendations, these recommendations give us the ability to quickly analyze and even resolve the problem direct from the UI, the first advises us to Add more memory to the Virtual Machine, if you click on 'Other Recommendations' you can see other options to resolve the problem

 

 

Investigate further...

 

Let's take a closer look at this Virtual Machine, Click on PVMWEB_1 on the left side of the UI

 

 

PVMWEB_1 Analysis

 

1) Click on 'Analysis' tab

Here we can see that the Memory Workload shows 4GB of demand but we can also see that memory capacity for the Virtual Machine is also 4GB

 

 

PVMWEB_1 Troubleshooting

 

1) Click on 'Troubleshooting' tab

Here we can see the various Symptoms that have been tracked on this Virtual Machine, this can be handy to see the issues that have been building up on the Virtual Machine

 

 

PVMWEB_1 Environment

 

1) Click on the 'Environment' tab

2) Use the scroll bar on right to view objects in the environment - here we can see the virtual machine highlighted, we can also see its parent and child resources highlighted, this can be handy to quickly see if the host that the Virtual Machine is running on is OK, in this case the host seems Workload is showing RED.

 

 

PVMWEB_1 Alert

 

Now we have had a look around some of the details around the Virtual Machine, lets go back to the Alert and see if we can fix the problem

Click on the Alert details on the left side of the UI

 

 

Use Recommendation action to fix the issue

 

In this case, although according to the other recommendation, its probably still a good idea to check with the application owner if this is normal behaviour, lets keep things running good for now, Click on 'Set Memory button'.

 

 

Set Memory for VM

 

We saw on the Analysis tab that this Virtual Machine was demand 4GB of memory, we can see here that we currently has 4GB of memory configured, lets add 2GB extra to this VM

1) Set 'New (MB)' to 6144

2) Select 'Power Off Allowed' check box

3) Click OK

 

 

Review Recent tasks for action

 

Once selected the 'Set Memory for VM' task window opens

1) Click on 'Recent Tasks'

 

 

Check Action complete

 

Check that the Set Memory tasks completes, it may take up to 1 minute to complete.

1) Once complete go back to the Virtual Machine, Click on the VM object

 

 

Check Status of Virtual Machine

 

We are taken back to the Virtual Machine 'PVMWEB_1 summary

1) Click on the 'Analysis' tab

2) Check the Workload for memory - note that now the capacity has increased to 6GB and the Virtual machine demand is not overworking the Virtual Machine, fixed! It may take a few minutes for the change to be reflected in vRealize Operations Manager UI, refresh the screen to update the changes.

Now we have seen how vRealize Operations can help fix problems for our Virtual Machines, let's check that the hosts they are running on are happy

 

 

Check for Alerts on our Hosts

 

Lets go and check if there Alerts for our hosts, our hosts are running under 'Cluster_2'

1) Type 'Cluster' into the search bar in the top right of the UI

2) Select Cluster_2

 

 

Check for Alerts on our Hosts Cont...

 

1) Make sure 'Summary' tab is selected

2) Use the Scroll bar of the right to move down the page

3) Under Heath section use the scroll bar to move down the list of Top Alerts

4) Here we can see that we have an Alert that has been triggered on our Hosts - Click on 'Host has Memory contention due to overpopulation of virtual machines' and go to the details of the alert for host 'vesxi-1.corp.local'

 

 

Review Alert for Host

 

Here we can see that the host has Critical levels of Memory being demanded, let's see what's being affected,

1) Click on the 'Relationships' tab

 

 

Review Relationships on Hosts

 

1) Here we can see (Illustrated with Green squares) our the Host affected,

2) We can also see some Virtual Machines, we know our web app Virtual Machines should have a name prefix of PVM*, we can see 3 Virtual Machines named like this (Also Illustrated with Green squares)

3-4) However we can see 2 Virtual Machines that don't have that naming prefix (illustrated with Red squares) they are showing red too! They aren't supposed to be there!  Lets investigate a little further!

 

 

Investigate Host

 

1) Click on the Impacted host using the shortcut on the left hand side of the UI.  Make sure you go to the 'Analysis' tab, and then the 'workload' sub-tab

2) If we check the Memory Demand section we can see that the Virtual Machines are demanding too much and its causing memory contention

3) If we hover the mouse over the two largest red orange boxes that represent virtual machines (the size of the boxes represent the amount they are demanding) we can see the Virtual Machines are named 'HVY_0' and 'HVY_1', that doesn't match the naming prefix of Virtual Machines that should be running on this host, we better power one off to ease the host contention.

4) Go back to the Alert, Click on the shortcut in the top left of the UI

 

 

 

Power Off Virtual Machine

 

Once back to the Alert page, we can see a Recommendation to Power Off VM

1) Click 'Power Off VM'

 

 

Power Off VM Action

 

The 'Power Off VM' action window opens, we know the Virtual Machines named HVY_0 and HVY_1 are not supposed to be running on our Cluster, for this lab we will power just one of them off

1) Select 'HVY_0'

2) Click OK (Task window will open following, Click OK on this window)

 

 

Check for other issues on host

 

Lets go back to the Host and see if there are any other types of problems

1) Click on the host shortcut on the left side of the UI

2) Use the scroll bar on the right to make sure you can see the Top alerts under Health

3) Scroll through the Top Alerts

4) Note we have a different Alert, 'Virtual Machine is Demanding more CPU than the configured limit' Click on this Alert

 

 

Check Alert for virtual Machine

 

1) Here we can see the affected Virtual Machine is 'PVMDB_2', looks like one of our Web App VMs so we'll need to fix it!

2) Lets take a look at the Virtual Machine, Click on Metric Charts

 

 

Analyze Virtual Machine status

 

Lets take a look at the CPU workload of the Virtual Machine and compare it to its configured CP limit,

1) Click to expand the CPU Metric

2) Double Click (or Click and Drag to the Right hand pane) the metric to display metric on the Right hand pane

3) If required scroll down to see 'Effective limit (MHz)

4) Double Click (Or Click and Drag to Right hand pane) to display on the Right hand pane

5) Here we can see that the Virtual machine is demanding nearly 5 GHz of of CPU but the limit is running at 300 Mhz! Well that doesn't look right!

6) Click on the 'Summary' tab

 

 

Change configure CPU limit for Virtual Machine

 

Click on 'Set CPU Resources'

 

 

Set CPU limit

 

The 'Set CPU Resources for VM' action opens

1) Set New Reservation of 1000 (MHz)

2) Set a New Limit of 6000 (MHz)

3) Click OK

That will reset the CPU shares so the Virtual Machine can access 6 GHz of CPU with 1 GHz reserved, Fixed!

NOTE - Click OK again on task screen

 

 

Go Back to Cluster_2 Summary

 

Now that vRealize Operations Manager has helped us to fix a few problems with our Web App Virtual Machines and vSphere Hosts, lets see how we can keep a closer eye on things, lets go back to our Cluster View.

1) in the search box in the top right of the UI, type 'Cluster'

2) Then select 'Cluster_2'

 

Create Custom Alert


Now that vRealize Operations Manager has helped us to resolve some of the problems with our Web App, lets create an alert to help us keep an eye on things.

Now that we have spoken to the Application owner and they have advised that none of the Virtual Machines used for the Application should exceed 6GHz of CPU and 4GB of memory, lets use vRealize Operations manager to keep an eye out for any Virtual Machines that exceed that limit.

Lets start by creating an Alert that will trigger when any Virtual Machines on our Cluster (Cluster_2) start to use more than 6GHz of CPU and 4GB of memory.

To create Alerts we first need to define some Symptoms that we are looking for, we do this by creating some 'Symptom Definitions'. Once we have created our Symptom definitions, we next need to create an Alert definition that will specify the impact.

Lets start by creating a 'Symptom Definition' configured to look for Virtual Machines that demand more than 6GHz of CPU and 4GB of memory


 

Create Symptom Definition (Go to 'Content')

 

A Symptom definition is classified under 'Content' in the UI

1) Click the 'Content' icon

 

 

(Go to 'Symptom Definition')

 

Under 'Content' we can configure both out of the box and custom Dashboards,Views,Reports and Recommendations. We can also configure Notifications and other items.

Click on 'Symptom Definitions'

 

 

Symptom Definitions

 

From here we can see all of the Out Of The Box Symptom Definitions:

1) We can search through the pre configured ones using the search filter in the top right of the UI

2) However this time we need to create our own one, Click on the '+' sign to add a new Symptom Defintion

 

 

Add Symptom Definition (Base Object)

 

Here we can create some Symptoms that we want to watch for, in our case we want to watch for Virtual Machines that demand more than 6GHz CPU and 4GB memory.

First lets create a Symptom to spot the excessive CPU.

1) First we need to enter a Base Object, in our case 'Virtual Machine' The search bar can help us navigate to an object, type 'virt' into the search bar

2) By searching the vCenter Adapter inventory it has found the object we are after, Click on 'Virtual Machine'

 

 

Add Symptom Definition (Metrics - CPU)

 

1) Click to expand 'CPU' in the Metric Explorer

2) Double Click or drag 'Demand (MHz)' over to the right hand pane to select and configure it.

 

 

Add Symptom Definition (Configure CPU Metric)

 

Lets Configure this Symptom Metric (NOTE - you may want to expand the window to view all the details

1) Enter a name (use the example above if you wish)

2) Specify an Impact level, for us it important to keep our Web App running, use the drop down to select 'Critical'

3) Set 'when metric' to 'is greater than'

4) Enter '6000'

 

 

Add Symptom Definition (Configure Memory Metric)

 

Now that search has thinned down the metrics,

1) Expand 'Memory'.  You can also use the 'Filter' field to filter based on metric name.  You can here type 'Usage' and it will limit down the list of metric categories

2) Double click or drag to the right 'Guest Usage (KB)' to select and configure it

3) Name the metric

4) Set impact to 'Critical'

5) Set 'when metric' to 'is greater than'

6) Enter '4000000'   (4 Million KBs)

7) We could also set our wait and cancel cycle here but well leave as is for now, our 'Symptom Definition' is ready so Click save

 

 

Add Symptom Definition (Review)

 

Once we have saved our new Symptom Definition, we can search for it in the list

1) Type 'exceeded' into the search bar and hit enter

2) We can see our two newly created Symptom Definitions

3) Now we have created the Symptom Definition, lets create a 'Recommendation' that would help us resolve the problem if the Symptom is triggered. Click 'Content' to go back

 

 

Recommendations

 

We are taken back to the Content screen,

1) Click 'Recommendations'

2) From here we can see all of the Out Of The Box content in vRealize Operations Manager, and we can search and edit them using the search bar

3) We can also see that all Recommendations have a description but some also have actions!

4) Click on the '+' icon to create a new Recommendation

 

 

Add Recommendation

 

The Add Recommendation Wizard opens

1) Type a description that will help resolve the symptom (feel free to use the example above)

2) Next we can select an Action to help resolve the problem, Click on the drop down arrow for 'Actions'

3) Select 'Power Off VM' as these Virtual Machine need to be switched off!

4) Click Save

 

 

Add Alert Definition (Create)

 

Once we are back to the content screen

1) Click on 'Alert Definitions' - Once again we can see all the Out Of The Box Content for Alert Definitions and Search, Edit and Create new ones

2) Click on the '+' icon to Add a new Alert Definition

 

 

Add Alert Definition (Name)

 

When the Add Alert Definition Wizard opens,

1) Enter a Name and Description for the Alert (feel free to use the Example Above)

2) Click on 'Base Object Type'

 

 

Add Alert Definition (Base Object Type)

 

Our Web App runs across a Cluster so lets configure this alert to trigger when any Virtual Machines running on a host in that cluster will trigger the alert,

1) Type 'cluster' into the search bar

2) We are returned all the possible options for base objects that contain the name Cluster, select 'Cluster Compute Resource'

3) Click 'Alert Impact'

 

 

Add Alert Definition (Alert Impact)

 

For Alert Impact,

1) Set the Badge the Alert will impact to 'Risk'

2) For 'Criticality' we could set it here, but lets leave it set to 'Symptom based' (we set the Symptom Definition to Critical earlier)

3) Set 'Alert Type and Subtype to 'Application - Performance' (this alert will then roll up under those Sub Badges) - we will leave the Wait and Cancel cycles as they are

3) Click on 'Add Symptom Definitions' to add the one we created earlier

 

 

Add Alert Definition (Add Symptom Definition)

 

Although we have set our Cluster as the base object for this Alert, we are actually interested in the Virtual Machines running in the cluster, also our Symptom Definition is based on a Virtual Machine base object.

1) Set 'Defined On' to 'Descendant' using the drop down

2) Use the search bar to help find the Virtual Machine Object by typing 'virt'

3) Select the 'Virtual Machine' Object

 

 

Add Alert Definition (Add Symptom, Cont)

 

Once we have selected 'Virtual Machine' the metrics are filtered to those related to the 'Virtual Machine' Object

1) Type 'exceed' into the search bar so we can find the 'Symptom Definition' we created earlier and hit enter - we can then see the 2 Symptom Definitions we created

2) Drag 'CPU Exceeded 6GHz on VM to the right hand side under symptoms

3) Set all the arguments to 'Any'

4) Drag 'Mem Use Exceeded by 4GB on VM' to the right hand pane

5) Set all argument to 'Any'

6) Now we have added our 'Symptom Definitions' lets add the Recommendation we created earlier, Click 'Add Recommendation'

 

 

Add Alert Definition (Recommendation)

 

1) Use the Search bar to help find our 'Recommendation' - type 'exceed' into the search bar and hit enter

2) We can see the description we entered earlier, drag the 'Recommendation' to the right hand pane

 

 

Add Alert Definition (Review and Save)

 

1) Now we can See our custom 'Symptom Definition' and 'Recommendation' have been added to our Alert

2) Click 'Save' in the bottom right corner of window

We've now created an Alert that should keep an eye out for any Virtual Machines running on our Cluster that exceed the expected Values. We'll check back later to see if this alert gets triggered.

 

Create 'Notifications' for Alerts


We can also setup notification rules to send Alert information to third party Systems via Email or via Rest API, this can extend vRealize Operations Managers Alerting capabilities to both email and third party integrated Cloud systems.


 

Create 'Notification Rule'

 

1) Click on the 'Content' icon

2) Click on 'Notifications'

3) Click on the '+' icon to create a new 'Notification Rule'

 

 

Add Notification Rule (Name and Method)

 

The 'Add Rule' Wizard opens,

1) Enter and Name for the rule

2) Click on the drop down arrow for method, we can see that we can choose either 'Rest Notification Plugin' or 'Standard Email Plugin'

3) Select 'Standard Email Plugin'

 

 

Add Notification Rule (Configure Email Plugin)

 

Next we can either select or add an Instance,

Click the '+' to review adding an instance

 

 

Add Notification Rule (Configure Email Plugin - Add Instance)

 

Here we can configure our Outbound Alert Instance, we can enter the name and configuration details for our email system.

As we do not have email configured in this lab we won't save this configuration, Click Cancel

 

 

Add Notification Rule (Configure Email Plugin - Filtering Options)

 

1) Next we would enter the details for 'Recipient(s)' and various notification settings (as we have no email configured for this lab we will not enter anything here.

2) Next we need to set our 'Filtering Criteria', Click on the drop down arrow for 'Scope'

3) Select 'Object'

 

 

Add Notification Rule (Configure Email Plugin - Object)

 

Next, Click on 'Click to select Object'

 

 

Add Notification Rule (Configure Email Plugin - Object) - Continued 1

 

The Object selector opens,

1) Use the search bar to help find the Cluster our Web App is running on, type 'cluster' into the search bar

2) Select 'Cluster_2'

 

 

Add Notification Rule (Configure Email Plugin - Object) - Continued 2

 

1) Click tick box to check 'Include Children'

2) From the 'Children' drop down, select 'Virtual Machine'

3) Click Select

 

 

Add Notification Rule (Configure Email Plugin - Notification Trigger)

 

1) Next select the 'Notification Trigger', click on the drop down arrow

2) Select 'Impact' from the drop down list

 

 

Add Notification Rule (Configure Email Plugin - Criticality)

 

Next set the 'Criticality'

1) Click on the drop down arrow for 'Criticality'

2) Select 'Critical' from the list

 

 

 

Add Notification Rule (Configure Email Plugin - Summary)

 

Now we can forward Alerts and Notifications from vRealize Operations Manager!

As we do not have email configured in this lab we won't save this configuration, Click Cancel

 

Customize policy for Web App Cluster_2


Now vRealize Operations Manager has helped us get control of and understand our Web App, we can also use vRealize Operations Managers Groups and Policies to include the Symptoms and Alerts we created earlier.

This way we can use 'Policies' to define how vRealize Operations Manager Alerts against specified inventory objects, for example we could customize the policies so vRealize Operations Manager will trigger Alerts based on Custom Groups of workloads we have configured, such as Test and Dev environments.

Lets customize the policy for our Cluster_2 resource, first we need to create a 'Group' so that we can adjust the policy to.


 

Navigation

 

If you have trouble navigating around the screen when using the Wizards, use Firefox zoom out to fit the UI

1) Click Open Menu

2) Use the '+' and '-' to zoom in or out as appropriate

 

 

Create Custom Group

 

1) Click on the 'Environment' icon

2) Click on the '+' icon to create a Custom Group

 

 

Edit Group (Name and Policy)

 

1) Enter a name for the Group "PRODUCTION WEB SERVERS"

2) From 'Group Type' Select 'Environment' from the Drop down list

2) Select 'VMware Production Policy (Demand) from the Policy drop down list

 

 

 

Edit Group (Select Resource kind)

 

1) Type 'clus' into search bar

2) Select 'Cluster Compute Resource'

 

 

Add a Resource

 

Next we need to add a Resource, from the Drop down list Select 'Object name'

 

 

Edit Group (Resource name)

 

Next we will select the Resource name,

1) Select 'is'

2) Type 'Cluster'

3) Select 'Cluster_2'

4) Include all the Web Application VM's by adding another criteria set.

5) Select 'Preview' to validate that the right VM's and the cluster object are part of the newly create 'Custom Group'.

Lastly select "Objects to always include"

 

 

 

Edit Group (Objects to exclude / include)

 

1) Below we can either choose to include or not objects from this group, Make sure you have selected 'All Objects' at the flitered objects section

2) Expand 'vSphere World'  and Select the Checkbox for 'vSphere World' to include objects from the vCenter Adapter (you may need to expand 'vCenter Adapter' first)

3) Click Add

3) Click OK

 

 

Customize Policy

 

1) Next lets Customize the Policy, Click on the Administration icon

2) Select 'Policies'

3) Click the 'Policy Library Tab'

(NOTE - if you do not see the screen as above, click on the small down arrow above 'Select policy to see data')

4) Click the '+' icon to create and new Policy

 

 

Add Monitoring Policy (Name and Base Policy)

 

1) Enter a name "Production Web App Servers"

2) Click Select the 'vSphere Solutions Default Policy.......' in the Start with: field.

3) Here we will select our base policy to work from, in the drop down "Select 'Base Policies'

 

 

Add Monitoring Policy (Show Changes for)

 

1) For changes, click the arrow on the drop down box

2) Select ' vCenter Adapter - Cluster Compute Resource'

3) We could add more and also customize the Analysis settings and Attributes, but for this example we will move on, Click 'Override Alert / Symptoms Definitions'

 

 

Add Monitoring Policy (Customize Alerts / Symptom Definitions - Alerts)

 

Here we can specify the 'Alert' and 'Symptom' definitions we created earlier

1) In the Object Type search bar under 'Alert Definitions' start typing the word 'cluster'

2) Select 'Cluster Compute Resource'

 

 

Add Monitoring Policy (Customize Alerts / Symptom Definitions - Alerts2)

 

1) In the filter box, type 'exceed'

2) Select the Alert we configured earlier

3) Set to 'Inherited'

 

 

Add Monitoring Policy (Customize Alerts / Symptom Definitions - Symptoms)

 

Next we will select our 'Symptom Definition'

1) It was created on a Virtual Machine Object.  In the Object Type search bar under start typing the word 'virtual'

2) Select 'Virtual Machine' from the results

 

 

Add Monitoring Policy (Customize Alerts / Symptom Definitions - Symptoms 2)

 

1) Type exceed into the search box and hit Enter

2) Click to select both the Symptoms we created earlier (hold Ctrl to select both)

3) Here we can choose wether to Inherit the state from the Metric or override, weather we will use the conditions and thus set the Thresholds of this metric, we will leave it to our previous settings from the Symptom Definition, also we will inherit these settings from the Alert we selected above.

4) Click on 'Apply policy to Groups'

 

 

Add Monitoring Policy (Apply to Groups)

 

1) Now we can take advantage of the Custom Group we created earlier, select the Custom Group "Production Web Servers"

2) Select 'Save'

 

 

Add Monitoring Policy (Summary)

 

We can now see our "Production Web App Servers" Custom Policy.

This has been a simple example of how vRealize Operations Manager can be customized to your Data Centers Environments, Standards and Policies, the flexibility of the Grouping and Policy engines, allows for both creativity and fine tuning for Monitoring your IT Infrastructure.

 

Wrap Up


We hope you have enjoyed taking this module and can see the value in the newly re-designed vRealize Operations Management User Interface.  Be sure to take the survey at the end.

For more information on vRealize Operations Management, be sure to check out these resources:

If you have time remaining, here is a list of all the Modules that are part of this lab, along with an estimated time to complete each one.  Click on the 'Table of Contents' button to quickly jump to that Module in the manual.

The complete listing of all seven modules are:

An average time to complete each module is listed. Depending on your experience with the products and your skill level, more or less time may be needed.


Module 7 - Capacity Optimization and Scenario Modeling for the Virtual Infrastructure

Logging in and Getting Started


The UI provides access to all vRealize Operations Manager features.

vRealize Operations Manager supports the following:

Browser Support

vRealize Operations Manager supports the following:

Note: There might be issues with slower performance if Internet Explorer 10 or 11 is used.

The minimum supported resolution is 1024 x 768.


 

Keyboard Shortcuts

 

To aid in typing some of the entries in the lab, we have added a txt file on the ControlCenter desktop to help account for the variations in keyboard layouts.

 

 

Launching the vRealize Operations Manager UI

 

On the ControlCenter Desktop, launch Firefox.

 

 

vCenter Operations Tab

 

Make sure you select the vRealize Operations "vR Ops" bookmark to start the session.

 

 

Login as Admin

 

Use the following credentials to login to vRealize Operations Manager:

User name: admin
Password: VMware1!

Click Login.

 

OOTB - Risks and Efficiency Alerts


For this section, we are going to look at risk and efficiency alerts.  We are using live data and the screenshots in this manual may have different values than you see presented in the actual interface.  We will do our best to guide you through the process but be aware that changing policies may affect how the data is processed as well as the alerts that are present.


 

Dashboard Navigation

 

Ensure we are starting at the correct dashboard for Recommendations.  Navigate to the Home button and select Recommendations from the Dashboard List menu options.

 

 

Health - Risk - Efficiency

 

For vRealize Operations Manager, we display the Health, Risk and Efficiency badges without scores.  We are only showing color.  The color thresholds can be modified in the policy.  Beneath each badge, we give relevant information for each category.

 

 

Selecting a Risk

 

Additional information as we scroll down through the dashboard.  As you can see in the screen shots, we are showing the alerts for each category.  Every alert is a link that will take us to more details for that issue.  In this lesson, we are going to select the risk where the Virtual machine has chronic high CPU workload leading to CPU stress.  Note that the risk in this screen shot indicates the number of objects that are impacted with this risk and that one recommendation is being made for those affected resources (Add more CPU Capacity...).  Click on the Risk Alert as shown in the image.

 

 

Viewing the Risk

 

We now have a new pop-up window that shows the objects with the risk identified.  Click on "View Details" next to PVMAPP_0 to see the alert details any recommendations.

 

 

Viewing Details

 

In the details view for the selected object we can see the section for "What is causing the issue?".  We also have the ability to fix the issue for the selected resource in "Set CPU Count for VM".  Click on "Set CPU Count for VM".

 

 

Fixing the issue

 

We have the ability to set the CPU count, power off the VM and take a snapshot.  We can adjust the CPU count by simply changing the number.  If we need to power cycle the VM to make these changes, we can select the Power Off option.  To take a snapshot before making any changes, select the option for Snapshot.  For this exercise, we are going to cancel this option at this time.  We need the issue to still be there later.

 

 

Back to Home

 

Navigate back to the Recommendations dashboard.  We should be able to click on the home icon to get us there quickly.

 

 

Looking at Health alerts

 

We've looked at a Risk alert, now let's view a Health alert.  Click on the first alert listed.

 

 

Viewing the alert

 

You'll notice that the health alert shows the number of objects impacted and 2 recommendations.  The screen shot below is similar to the risk alert in that we see the object, recommendations and the ability to view the details where we receive recommendations to fix the health issue.

Click 'View Details' for PVMAPP_0

 

 

View Details

 

In the details for the health alert, while you can follow the recommendation, you also have the ability to cancel the alert by clicking the red square with the 'X' in the upper left corner.  After viewing the information, click on the home icon to go back to the recommendations dashboard.

 

OOTB - Capacity Dashboards


In this section, we are going to go through some capacity views and diagnosis scenarios.


 

Cluster capacity and policies

 

Navigate to the environment panel

 

 

Select vSphere Hosts and Clusters

 

Navigate to the vSphere Hosts and Clusters section

 

 

Select Cluster

 

Expand the navigational tree to browse to the cluster object.  Select 'Cluster_2' with a single click

 

 

Cluster capacity

 

With the cluster selected, select 'Analysis' and 'Capacity Remaining' to view the data related to the cluster's capacity.  You may have to scroll down to view additional capacity information once the screen updates.

 

 

What Will Fit

 

Scrolling down, you can see additional information on the selected cluster.  You can quickly see that based on the current policy configuration, we do not believe there is enough room for more virtual machines.  In vRealize Operations, we show Virtual machine capacity based on average, medium, large and small Virtual Machine profile .  We'll spend more time looking at policy configurations later in this module.

In the screen, the right most column shows remaining resources.  In the screen capture, you can see that we have run out of available Memory.

 

 

Capacity in Related Objects

 

Scrolling to the bottom, we can also get a high level view of related object's capacity.  This allows you to browse to other resources where capacity may be at risk.

Here I can see that my peer Cluster object 'Cluster Site A' is green meaning it has capacity remaining

Below are children objects (children of Cluster_2) object, and these direct children are the 2 ESXi hosts.  As we can see they are both red which means they currently have some capacity issues.  Lack of capacity remaining.

 

 

Navigate to a VM

 

We want to look a the data for the VM named PVMDB_2.  Start typing the name in the upper-right search area and click on the VM when it appears.

 

 

Collapse the navigation area

 

We see that the correct VM is listed.  We can get some additional viewing area by collapsing the navigational view on the left.  It's already collapsed in this image.  Click on the small arrow that is hi-lited with the red rectangle in the screen shot to expand the left navigation pane once you have looked at this data.

At the top we can clearly see that we have a low 'Capacity Remaining' Score.  It also clearly indicates that this Virtual Machine is most constrained by CPU and Memory.

 

 

Viewing a VM's capacity info

 

After the screen refreshes, you can now see the capacity information for the selected VM.  For the selected VM in the screenshot, you can see the constraints immediately.  At the top, we are told 'Capacity is most constrained by Memory, CPU'.  Looking at the detail below, we can also see the Remaining capacity.  In the case of the manual's screenshot, this VM does not have any remaining capacity based on the demands.  Expand the CPU and Memory categories by clicking the small triangles to the left of CPU and Memory (high-lighted with red square on the screen shot). This will provide some more detailed information, with some more history.

 

 

Remediation - Fixing the problem

 

With vRealize Operations Manager v6, we now have the ability to take actions.  With the VM still selected, click on Actions.  This will give you the option to address the resources needs.  We just want to show this capability at this time.  We will NOT commit the changes for now.

 

 

Set CPU Count and Memory

 

With the selection to set CPU and Memory, you will see the pop-up dialog seen here in the screen shot.  The VM can have its CPU and Memory values specified.  Some Operating Systems are required to be powered down before the resources can be adjusted.  Select the option to 'Power Off Allowed' to have vRealize Operation Manager power off the VM, and adjust the resources and power the VM back on.  You can also take a snapshot of the VM before the resource changes are made to the selected VM.  For this exercise, select 'Cancel'.

 

 

Reporting

 

Navigate to and select a cluster object on the left and go to the 'Reports' section on the right.  In the image below we have selected cluster 'Cluster Site A'.  Here we can view reports assigned to the cluster object type.  One of these reports is the 'Oversized VMs Report'.  Once in reports we scrolled down to the Oversized VMs Report.  The arrow is pointing to the 'Run Report' icon.  Click the button to run the report.  Once clicked, a running message will appear next to the report template name.

 

 

Viewing the PDF

 

Once a report has run, you can view reports in the 'Generated Reports' section or click on the link for 'Generated reports' just below the report name.  While the Oversized VMs Report indicates a report for Oversized machines, the report will also show VMs that are undersized.  The screen capture is taken from the generated report.  As you can see here, some of the VM's are oversized for Memory.

 

Projects (formerly What-If Scenarios)


Projects are all about capacity visibility and capacity modeling / forecasting.  Projects allow you to create capacity scenarios to better manage capacity before any changes are made.  In vRealize Operations Manager, projects can be committed or planned, and they can be assigned an affective date of when the changes will take place.  Up to 5 scenarios can be simultaneously configured as part of a project. Projects can also be saved and reused as needed. 


 

Navigate to the Cluster_2 object

 

Navigate to the Cluster_2 object for this module.  You can get there by clicking on the globe icon and expanding the vSphere Hosts and Clusters and subsequent items to get to Cluster_2.

 

 

Projects - Getting Started

 

NOTE: Please remember to leverage the browser's zoom in/out function for best viewing experience.

1.  With the cluster selected, click on the menu item for 'Projects'

2.  The default Capacity Container (drop down) is 'Most Constrained' but please fell free to take a moment and look at capacity from different perspectives.  In this case 'Cluster_2' is most constrained for 'Memory Demand'.

3.  Observe that we have projected 'Memory Demand' shortfall.  That is the RED area

On the screen shot below, we can see that this cluster is constrained for Memory Demand, and we will continue to experience Memory Demand for the foreseeable future.  We can that the Memory Demand shortfall levels have approached and exceeded 250%.

 

 

Project Menu Items

 

The screen shot is the menu selector for projects.  From left to right, we can do the following:

Hover over each icon to see the pop-up help for each item.

 

 

Creating a project

 

In the bottom-half of the screen, click on the green plus sign (+) to create a new project.

 

 

Add Project for Cluster_2

 

Enter a Name and description for the project.  Then click on the Scenario panel on the bottom left.  After editing the name and description, you have the option to change the status of the project.  By default, the status is planned.  

In the Advanced and higher versions of vRealize Operations, you can change the status to committed.  When committed, the projects will have an ongoing affect on capacity planning.  This is important as you manage capacity in your environment.

Click on "2. Scenarios" to add the project scenario(s).

 

 

Enter Scenario parameters

 

  1. Ensure the Object is set to 'Cluster_2'.
  2. Double-click on 'add Virtual Machine', OR drag it to the 'scenarios' frame to the right
  3. Set the date and time to the future.  Put it 3 weeks out
  4. Enter 20 for the number of VMs to add
  5. Click 'Populate metrics' (A pop-up window will be displayed)

 

 

Populate Metrics

 

For the profile, click the drop-down menu and select 'AVERAGE'.  This will enter the metric data based on the average powered on VM Size in the cluster

Click 'OK'

 

 

Add another scenario to this project

 

Do NOT click Save yet.  We are going to add another scenario to this project.

  1. Ensure the Object is still set to Cluster_2
  2. Double-click the 'selected object' scenario in the 'Remove Capacity' section, OR drag it to the 'scenarios' frame to the right
  3. Set the date and time to the future (Ensure to use a future date from today).  Set this to be only 1 week out, which is the default value
  4. Select the drop-down and select the object that you want to simulate it's deletion.  Select the ESXi host 'vesxi-2.corp.local'
  5. You have created a Project with TWO scenarios.  Click 'Save'

 

 

Viewing the project

 

After saving the Project it will be listed in the bottom portion of the screen.

1. Select the project you just created and Double-Click it to bring it up, OR simply Click on the green + at the far right in the project row.  This will cause the visual to update and reflect the capacity modeling scenarios in this project.

2. Looking at 1a which is the scenario of adding Virtual Machines, you can see that on the affective date of that scenario it is Increasing the Memory Demand Shortfall even higher!

3. Looking at 1b which is the scenario of deleting an ESXi host, you can see that on the affective date of that scenario is is also increasing the Memory Demand, and it is increasing it sooner because of the earlier affective date of the scenario.

In this project, for the selected cluster, we planned to add some virtual machines and remove a host.  This may be a typical capacity modelling scenario knowing that virtual machines will be added and we may take a host offline for maintenance, or simply decomission an aging host.  In this particular cluster, you can see that the Project and it's scenarios are increasing the CPU Demand shortfall.  

You are welcome to stay in this module and simulate other projects.

 

Policies


In this section we will go through the impact of policies and their impact on capacity planning.  

Please be aware.  We are using a live system in this lab.  When the steps and screenshots were documented, the data was from that time.  The data will be different and you will see values that may not match the following screenshots.


 

Getting to the numbers

 

Before we change a policy, we are going to view some of the data.  We need to navigate to the environment then browse to 'Cluster Site A' on the left navigational pane.  Once 'Cluster Site A' is selected, go to the Analysis tab followed by the Capacity Remaining sub tab.  In this view, we get a quick view of the number of virtual machines we can add to this cluster.  We break down the virtual machines based on a large, medium, small and average virtual machine profile size.

In the upper-right corner of this window, we see the policy that is currently associated to this object, "vSphere Solution's Default Policy (4/23/15 10:28 am)".  This text is also a hyperlink that can take us directoy to the policy for viewing and modification.  

Note the numbers in the "What Will Fit" section.

Click on the Policy hyperlink to get to the next step (5)

 

 

View the policy

 

Because we selected the policy from the resource view, we are taken to the administration view with the policy already selected.  We can quickly see that there are many object types with locally defined settings.  With policies, they are built in a tiered fashion, inheriting settings from the parent policy.  All policies lead back to the "Base Settings" policy.  We see in this policy that it is a direct descendant from the 'Base settings'.

We are going to make changes to this policy.  We need to click on the 'Policy Library' tab at the top.

 

 

Modifying the policy

 

At this point, we can see the hierarchy for the policies.  You may need to drag the separator down to see the policies.

Expand 'Base Settings'

Highlight the policy "vSphere Solution's Default Policy (4/23/15 10:28 am)" and click on the 'pencil' icon in the toolbar.

You may need to click on item 2 to gain more screen area.  It is not necessary, but is an option for this screen.

 

 

Retrieve locally changed settings

 

In the previous step you clicked on the 'pencil' icon to edit the policy.

This will automatically take you to step 3 in the policy editing wizard.

Click on "All object types with overrides".  When clicking on the "All object types with overrides", the items will populate in the right panel if they are not there already.

 

 

 

Modify the Policy settings for the Cluster Compute Resource object type

 

Now that we have our needed resource type, you need to click on the downward pointing chevron on the right-most side.  When you click on the chevron, you will see all the possible setting areas for the Cluster Compute Resource object type.

 

 

Capacity: Time Remaining

 

With the cluster compute resource now expanded, we can see that some items are greyed out and minimized.  Those setting are being inherited from the parent policies.  The section for Capacity: Time Remaining is expanded and set within this policy.  The screen shot cuts off the right most images but there are enable/disable buttons on the right.  If you wish to enable a section, click the button to do so.  For this process, we are going to modify the "Capacity: Time Remaining" values.

 

 

Memory based on demand

 

Expand the Capacity section by clicking on the triangle to the left of the text.  You will see in the Resource Container that Memory is being calculated for both Demand and Allocation capacity models.  Un-Check Allocation leaving only Demand selected.

 

 

CPU based on demand

 

Just as we did with for Memory, expand the CPU section and Un-Check Allocation leaving only Demand selected.

 

 

Save the settings

 

On the bottom right corner, click on the save button to commit the changes to the policy.

 

 

Return to the Cluster Site A object

 

After clicking save in the previous step, you will be back at the policy summary screen.  Click on the 'Cluster Site A' link in the top-left corner of the window.

 

 

Compare the capacity values

 

You may need to wait a couple of minutes before the changes are reflected / updated in the 'Capacity Remaining' badge visualizations for the 'Cluster Site A' object.

Click the refresh icon at the top of the window to update the view (highlighted with the red box in the screen shot.  

Eventually, you will see the numbers update for the "What Will Fit" section.  Compare these numbers to the screenshot at the beginning of this section.  Before we were looking at capacity based on allocation and demand capacity models and taking both into consideration when determining the number of additional virtual machines that will fit in this cluster. 

Now we are only looking at capacity based on demand.  In this case, based on demand only, we have capacity to add more workloads in the selected cluster, and hence the higher numbers!

Please remember that the data in the screenshot is older than the data you are using today.  Your capacity numbers may vary.

 

Wrap Up


We hope you have enjoyed taking this module and can see the value in the newly re-designed vRealize Operations Management User Interface.  Be sure to take the survey at the end.

For more information on vRealize Operations Management, be sure to check out these resources:

If you have time remaining, here is a list of all the Modules that are part of this lab, along with an estimated time to complete each one.  Click on the 'Table of Contents' button to quickly jump to that Module in the manual.

The complete listing of all seven modules are:

An average time to complete each module is listed. Depending on your experience with the products and your skill level, more or less time may be needed.


Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-SDC-1410

Version: 20150603-093314