VMware Hands-on Labs - HOL-1911-01-SDC


What's New in vSphere 6.7 - HOL-1911-SDC

Lab Guidance


Note: It may take more than 90 minutes to complete this lab.  You don't need to complete every module during this time; the modules are independent of each other.  You can use the Table of Contents to access any module of your choosing.

The Table of Contents can be accessed in the upper right-hand corner of the Lab Manual.

This lab will detail the new features of vSphere 6.7.  You will be able to determine if your business would benefit from any of the vSphere 6.7 enhancements after taking this lab.  Some of the features will be delivered via videos due to the nature of the features. There is also some hands on work.  There are other labs that will give you a more in depth, hands on experience for each of the four pillars discussed in this lab.

Feel free to explore and look around!  This lab contains two vCenter servers which allows you to experience Enhanced Linked Mode.  

Lab Module List:

Lab Captains: 

Content Leads:


This lab manual can be downloaded from the Hands-on Labs Document site found here:

PDF - http://docs.hol.vmware.com/HOL-2019/hol-1911-01-sdc_pdf_en.pdf

HTML - http://docs.hol.vmware.com/HOL-2019/hol-1911-01-sdc_html_en/

This lab may be available in other languages.  To set your language preference and have a localized manual deployed with your lab, you may utilize this document to help guide you through the process:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf


 

Location of the Main Console

 

  1. The area in the RED box contains the Main Console.  The Lab Manual is on the tab to the Right of the Main Console.
  2. A particular lab may have additional consoles found on separate tabs in the upper left. You will be directed to open another specific console if needed.
  3. Your lab starts with 90 minutes on the timer.  The lab can not be saved.  All your work must be done during the lab session.  But you can click the EXTEND to increase your time.  If you are at a VMware event, you can extend your lab time twice, for up to 30 minutes.  Each click gives you an additional 15 minutes.  Outside of VMware events, you can extend your lab time up to 9 hours and 30 minutes. Each click gives you an additional hour.

 

 

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing it in, there are two very helpful methods of entering data which make it easier to enter complex data.

 

 

Click and Drag Lab Manual Content Into Console Active Window

You can also click and drag text and Command Line Interface (CLI) commands directly from the Lab Manual into the active window in the Main Console.  

 

 

Accessing the Online International Keyboard

 

You can also use the Online International Keyboard found in the Main Console.

  1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

 

 

Click once in active console window

 

In this example, you will use the Online Keyboard to enter the "@" sign used in email addresses. The "@" sign is Shift-2 on US keyboard layouts.

  1. Click once in the active console window.
  2. Click on the Shift key.

 

 

Click on the @ key

 

  1. Click on the "@ key".

Notice the @ sign entered in the active console window.

 

 

Activation Prompt or Watermark

 

When you first start your lab, you may notice a watermark on the desktop indicating that Windows is not activated.  

One of the major benefits of virtualization is that virtual machines can be moved and run on any platform.  The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple datacenters.  However, these datacenters may not have identical processors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements.  The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to verify the activation.  Without full access to the Internet, this automated process fails and you see this watermark.

This cosmetic issue has no effect on your lab.  

 

 

Look at the lower right portion of the screen

 

Please check to see that your lab is finished all the startup routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes.  If after 5 minutes your lab has not changed to "Ready", please ask for assistance.

 

Module 1 - vSphere 6.7 Overview (15 minutes)

Introduction


vSphere 6.7 delivers key capabilities to enable IT organizations to address the following notable trends that are putting new demands on their IT infrastructure:

This module will provide an overview of What's New in vSphere 6.7.  In later modules and other labs you can dive futher into the technology.  This introductory module provides the foundation.  We will start using the lab in later modules.

 


 

Key Features

Simple and Efficient Management at Scale

Comprehensive Built-in Security

 Universal App Platform

 Seamless Hybrid Cloud Experience

 

 

Simple and Efficient Management at Scale


vSphere 6.7 builds on the technological innovation delivered by vSphere 6.5, and elevates the customer experience to an entirely new level. It provides exceptional management, simplicity, operational efficiency, and faster time to market, all at scale.


 

vCenter Server Appliance

vSphere 6.7 delivers an exceptional experience for the user with an enhanced vCenter Server Appliance (vCSA). It introduces several new APIs that improve the efficiency and experience to deploy vCenter, to deploy multiple vCenters based on a template, to make management of vCenter Server Appliance significantly easier, as well as for backup and restore. It also significantly simplifies the vCenter Server topology through vCenter with an embedded platform services controller in enhanced linked mode, enabling customers to link multiple vCenters and have seamless visibility across the environment without the need for an external platform services controller or load balancers.

vSphere 6.7 vCSA delivers phenomenal performance improvements (all metrics compared at cluster scale limits, versus vSphere 6.5):

These performance improvements ensure a blazing fast experience for vSphere users, and deliver significant value, as well as time and cost savings in a variety of use cases, such as VDI, Scale-out apps, Big Data, HPC, DevOps, distributed cloud native apps, etc.

 

 

 

vSphere - Quick Boot

vSphere 6.7 improves efficiency at scale when updating ESXi hosts, significantly reducing maintenance time by eliminating one of two reboots normally required for major version upgrades (Single Reboot). In addition to that, vSphere Quick Boot is a new innovation that restarts the ESXi hypervisor without rebooting the physical host, skipping time-consuming hardware initialization.  This allows for faster upgrades and patching.

 

 

 

HTML 5 vSphere Client

Another key component that allows vSphere 6.7 to deliver a simplified and efficient experience is the graphical user interface itself. The HTML5-based vSphere Client provides a modern user interface experience that is both responsive and easy to use. With vSphere 6.7, it includes added functionality to support not only the typical workflows customers need but also other key functionality like managing NSX, vSAN, VUM as well as third-party components.

 

 

Support for 4k Native Storage

Storage Vendors are moving towards cost-efficient 4K Native (4Kn) drives. The migration to 4K-sized sectors will provide a shorter path to higher densities and hard drive capacities as well as more robust error correction. The HDD vendors have been manufacturing 4K sectored drives by using emulation (a.k.a 512e) in the firmware to reduce the impact of the format change to the host clients. 512e drives were introduced to enable the transition to 4Kn drives. Vendors expect mass adoption of 4Kn within the next few years. Subsequently, VMware has been working to enable 4Kn drives in vSphere to ensure utilization of the latest technology.

4Kn drives have various benefits over 512 sector size drives. Higher capacity and improved performance from the more optimized placement of data on the drive. Efficient space utilization with optimized meta-data giving up to 10% more available data. Improved drive reliability and error correction with larger meta-data by increasing the ECC block from 50 to 100 bytes. This provides a much-needed improvement in error correction efficiency.

The release of vSphere 6.7 4Kn direct attached drives are now supported natively via 4Kn Software Emulation (SWE). The software emulation layer allows the use of 4Kn drives while still allowing legacy OS, applications, and existing VMs to run on newer 4Kn drives.

There are some limitations for 4Kn drives; only local SAS, SATA HDDs are supported, they must use VMFS6, and booting from 4Kn drives requires UEFI. Also, 4Kn SSD, NVMe, and Raw Device Mapping (RDM) disks for Guest Operating System (GOS) are not supported. vSAN and VVOL may declare themselves as 512e if they can handle both 512 byte and 4K I/Os without any atomicity issues. Third party multi-pathing plugins are not supported.

 

Comprehensive Built-in Security


vSphere 6.7 builds on the security capabilities in vSphere 6.5 and leverages its unique position as the hypervisor to offer comprehensive security that starts at the core, via an operationally simple policy-driven model.


 

Integration with Trusted Platform Modules

A Trusted Platform Module (TPM) is a computer chip/microcontroller that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include measurements, passwords, certificates, or encryption keys. A TPM can also be used to digitally sign content and store platform measurements that help ensure that the platform remains trustworthy. The Trusted Computing Group has a detailed overview of what a TPM is and does.

Since ESXi 5.x, ESXi has had support for TPM 1.2. Prior to 6.7 the APIs and functionality of TPM 1.2 was limited to 3rd party applications created by VMware partners.

In 6.7 we have introduced support for TPM 2.0. TPM 2.0 and TPM 1.2 are two entirely different implementations and there is no backwards compatibility. For all intents and purposes, they are considered two different devices to ESXi.

If you are running 6.5 on a server with TPM 2.0 you will not see the TPM 2.0 device because there is no support in 6.5 for TPM 2.0. New features in 6.7 do not use the TPM 1.2 device.

At a high level, TPM 2.0 is used to store measurements of a known good boot of ESXi. This measurement is then compared by vCenter with what ESXi reports.

In other words, the TPM provides a mechanism that provides assurance that ESXi has booted with Secure Boot enabled. By confirming that Secure Boot is enabled we can then ensure that ESXi has booted using only digitally signed code.

This is an excellent example of the iterative approach to security we are delivering on. In 6.5 we delivered Secure Boot support. In 6.7 we built upon that by delivering TPM 2.0 to provide assurance that Secure Boot is turned on.

 

 

Virtualization Based Security

vSphere 6.7 introduces support for the entire range of Microsoft's Virtualization Based Security technologies. This is a result of close collaboration between VMware and Microsoft to ensure Windows VMs on vSphere support in-guest security features while continuing to run performant and secure on the vSphere platform.

vSphere 6.7 delivers comprehensive built-in security and is the heart of a secure SDDC. It has deep integration and works seamlessly with other VMware products such as vSAN, NSX and vRealize Suite to provide a complete security model for the data center.

 

 

Data Encryption

Data encryption was introduced with vSphere 6.5 and very well received. With vSphere 6.7, VM Encryption is further enhanced and more operationally simple to manage. vSphere 6.7 simplifies workflows for VM Encryption, designed to protect data at rest and in motion, making it as easy as a right-click while also increasing the security posture of encrypting the VM and giving the user a greater degree of control to protect against unauthorized data access.  vSphere 6.7 also enhances protection for data in motion by enabling encrypted vMotion across different vCenter instances as well as versions, making it easy to securely conduct data center migrations, move data across a hybrid cloud environment (between on-premises and public cloud), or across geographically distributed data centers.

 

Universal Application Platform


vSphere 6.7 is a universal application platform that supports new workloads (including 3D Graphics, Big Data, HPC, Machine Learning, In-Memory, and Cloud-Native) as well as existing mission critical applications. It also supports and leverages some of the latest hardware innovations in the industry, delivering exceptional performance for a variety of workloads.


 

Enhancements to Nvidia GRID™ vGPU

vSphere 6.7 further enhances the support and capabilities introduced for GPUs through VMware's collaboration with Nvidia, by virtualizing Nvidia GPUs even for non-VDI and non-general-purpose-computing use cases such as artificial intelligence, machine learning, big data and more. With enhancements to Nvidia GRID vGPU technology in vSphere 6.7, instead of powering off workloads running on GPUs, customers can simply suspend and resume those VMs, allowing for better lifecycle management of the underlying host and significantly reducing disruption for end-users. VMware continues to invest in this area, with the goal of bringing the full vSphere experience to GPUs in future.

 

 

vSphere Persistent Memory (PMEM)

vSphere 6.7 continues to showcase VMware's technological leadership and fruitful collaboration with our key partners by adding support for a key industry innovation poised to have a dramatic impact on the landscape, which is persistent memory. With vSphere Persistent Memory, customers using supported hardware modules, such as those available from Dell-EMC and HPE, can leverage them as super-fast storage with high IOPS, or expose them to the guest operating system as non-volatile memory. This will significantly enhance performance of the OS as well as applications across a variety of use cases, making existing applications faster and more performant and enabling customers to create new high-performance applications that can leverage vSphere Persistent Memory.

 

 

 

Instant Clone

You can use the Instant Clone technology to create powered on virtual machines from the running state of another powered on virtual machine. The result of an Instant Clone operation is a new virtual machine that is identical to the source virtual machine. With Instant Clone you can create new virtual machines from a controlled point in time. Instant cloning is very convenient for large scale application deployments because it ensures memory efficiency and allows for creating numerous virtual machines on a single host.


 

Seamless Hybrid Cloud


With the fast adoption of vSphere-based public clouds through VMware Cloud Provider Program partners, VMware Cloud on AWS, as well as other public cloud providers, VMware is committed to delivering a seamless hybrid cloud experience for customers.


 

vCenter Server Hybrid Linked Mode

vSphere 6.7 introduces vCenter Server Hybrid Linked Mode, which makes it easy for customers to have unified visibility and manageability across an on-premises vSphere environment running a different version of vSphere than a vSphere-based public cloud environment, such as VMware Cloud on AWS. This ensures that the fast pace of innovation and introduction of new capabilities in vSphere-based public clouds does not force the customer to constantly update and upgrade their on-premises vSphere environment.

 

 

 

Cross-Cloud Cold and Hot Migration

vSphere 6.7 also introduces Cross-Cloud Cold and Hot Migration, further enhancing the ease of management across and enabling a seamless and non-disruptive hybrid cloud experience for customers.

As virtual machines migrate between different data centers or from an on-premises data center to the cloud and back, they likely move across different CPU types. vSphere 6.7 delivers a new capability that is key for the hybrid cloud, called Per-VM EVC. Per-VM EVC enables the EVC (Enhanced vMotion Compatibility) mode to become an attribute of the VM rather than the specific processor generation it happens to be booted on in the cluster. This allows for seamless migration across different CPUs by persisting the EVC mode per-VM during migrations across clusters and during power cycles.

Previously, vSphere 6.0 introduced provisioning between vCenter instances. This is often called cross-vCenter provisioning. The use of two vCenter instances introduces the possibility that the instances are on different release versions. vSphere 6.7 enables customers to use different vCenter versions while allowing cross-vCenter, mixed-version provisioning operations (vMotion, Full Clone and cold migrate) to continue seamlessly. This is especially useful for customers leveraging VMware Cloud on AWS as part of their hybrid cloud.

 

Conclusion


VMware vSphere 6.7 is the efficient and secure platform for the hybrid cloud. It provides a powerful, flexible, and secure foundation for business agility that accelerates the digital transformation to the hybrid cloud as well as success in the digital economy. vSphere 6.7 supports both existing and next-generation workloads through its 1) simple and efficient management at scale, to elevate the customer experience to an entirely new level; 2) comprehensive built-in security that starts at the core, via an operationally simple, policy-driven model; 3) universal application platform that supports new workloads and leverages hardware innovations for enhanced performance; and 4) seamless hybrid cloud experience with easy visibility, migration, and management of workloads between on-premises data centers and the public cloud. With vSphere 6.7, you can now run, manage, connect, and secure applications in a common operating environment, across their hybrid cloud.


 

You have finished Module 1!

 

Congratulations on completing Module 1!

To review more info on the new features please use the links below:

Proceed to any module below which interests you most.

 

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 2 -Simple & Efficient Management at Scale (60 minutes)

Introduction


vSphere 6.7 builds on the technological innovation delivered by vSphere 6.5, and elevates the customer experience to an entirely new level. It provides exceptional management simplicity, operational efficiency, and faster time to market, all at scale.  This Module contains the following lessons:


Enhanced vCenter Server Appliance


In vSphere 6.7 all of the new features and enhancement were developed around the vCenter Server Appliance.  This is the last release of VMware vCenter that will offer a Windows install of vCenter.  The new appliance has a new, cleaner user interface, enhanced monitoring of services, file-based backup and is simpler to display.


 

Install

One significant change for the vCenter Server Appliance is around simplifying the architecture. Going back to running all vCenter Server services on a single instance with all the benefits. We can now do exactly that with the vCenter Server Appliance 6.7. Introducing vCenter Server with Embedded PSC with Enhanced Linked Mode. Let's take a look at the benefits this deployment model brings:

 

 

Migrate

vSphere 6.7 is also the last release to include vCenter Server for Windows. Customers can migrate to the vCenter Server Appliance with the built-in Migration Tool. In vSphere 6.7 we can now select how to import the historical and performance data during a migration:

Customers will also get an estimated time of how long each option will take when migrating. Estimated time will vary based on historical and performance data size in your environment. While importing data in the background customers have the option to pause and resume. This new ability is available in the vSphere Appliance Management Interface. Another improvement to the migration process is support of custom ports. Customers who changed the default Windows vCenter Server ports are no longer blocked.  

 

 

Monitoring & Management

A lot of investment went into improving monitoring for the vCenter Server Appliance. We saw these improvements starting in vSphere 6.5, and vSphere 6.7 is adding several new enhancements. Lets first log in to the vSphere Appliance Management Interface (VAMI) on port 5480. The first thing we notice is the VAMI has received an update to the Clarity UI. We also notice there are several new tabs on the left-hand side compared to vSphere 6.5. There is now a tab dedicated to monitoring. Here we can see CPU, memory, network, and database utilization. A new section of the monitoring tab called disks is now available. Customers can now see each of the disk partitions for the vCenter Server Appliance, space available, and utilization.

 

A new section of the monitoring tab called disks is now available. Customers can now see each of the disk partitions for the vCenter Server Appliance, space available, and utilization.

 

 

 

Embedded Linked Mode (ELM)

vCenter Embedded Linked Mode is enhanced linked mode support for vCenter Server Appliance with an embedded Platform Services Controller.  This lab is configured using vSphere 6.7 Embedded Linked Mode.  With vCenter Embedded Linked Mode, you can connect a vCenter Server Appliance with an embedded Platform Services Controller together to form a domain. vCenter Embedded Linked Mode is not supported for Windows vCenter Server installations. vCenter Embedded Linked Mode is supported starting with vSphere 6.5 Update 2 and suitable for most deployments. Other features of vCenter Embedded Linked Mode include: No external Platform Services Controller, providing a more simplified domain architecture than enhanced linked mode.  A simplified backup and restore process.  A simplified HA process, removing the need for load balancers.  Up to 15 vCenter Server Appliances can be linked together using vCenter Embedded Linked Mode and displayed in a single inventory view.  For a vCenter High Availability (vCenter HA) cluster, three nodes are considered one logical vCenter Server node. This represents ten times the vCenter HA clusters in a vCenter Embedded Linked Mode for a total of 30 VMs.

 

 

File-Based Backups

File-Based Backup was first introduced in vSphere 6.5 under the summary tab and now it has its own backup tab. The first available option front and center when going to the backup tab is a scheduler. Now customers can schedule the backups of their vCenter Server Appliances and select how many backups to retain. Another new section for File-Based backup is Activities. Once the backup job is complete it will be logged in the activity section with detailed information. We can't talk backup without mentioning restore. The Restore workflow now includes a backup archive browser. The browser displays all your backups without having to know the entire backup path.

 

Click on the video to watch a video on scheduling a backup.

 

 

Services

Another new tab called Services is also within the VAMI. Once located within the vSphere Web Client and now in VAMI for out of band troubleshooting. All the services that make up the vCenter Server Appliance, their startup type, health, and state are visible here. We are also given the option to start, stop, and restart services if needed.

While the Syslog and Update tabs are not new to the VAMI, there are improvements in these areas as well. Syslog now supports up to three syslog forwarding targets. Prior, vSphere 6.5 only supported forwarding to one. There is now more flexibility in patching and updating. From the Update tab, we will now have the option to select which patch or update to apply. Customers will also have more information including type, severity, and if a reboot is necessary. Expanding a patch or update in the view will display more information about what is included. Finally, we can now stage and install a patch or update from the VAMI. This capability was previously only available from the CLI.

 

 

 

vSphere Client (HTML5)

Another area where there has been significant investment in the vSphere Client. With vSphere 6.5 VMware introduced a supported version of the vSphere Client (HTML5). Included in the vCenter Server Appliance it only had partial functionality. The vSphere team has been working hard on getting the vSphere Client to feature parity. Based on customer feedback, the team has been optimizing and improving workflows. The release of vSphere 6.7 also marks the final release of the vSphere Web Client (Flash). Some of the newer workflows in the updated vSphere Client release include:

 

Some of the workflows mentioned above are not all feature complete. VMware will continue updating the vSphere Client in future vSphere maintenance(patch/update) releases. We are almost there!

There is also one less client, The Platform Services Controller (PSC) UI (/psc) functionality is now part of the vSphere Client. Now located under the Administration menu, the PSC options are divided between two tabs. Certificate management has its own tab and all other management is under the configuration tab.

 

 

CLI Tools

The vCenter Server Appliance 6.7 CLI also has some new enhancements. The first is the repointing enhancements using cmsso-util. While not a new feature, it was not available in vSphere 6.5 and makes a return in vSphere 6.7. We are talking about repointing an external vCenter Server Appliance across SSO Sites within a vSphere SSO domain. That's not all you can do with repointing.

Customers can now repoint their vCenter Server Appliance across vSphere SSO domains. Can you say consolidation? The domain repoint feature only supports external deployments running vSphere 6.7. Built-in the domain repoint feature has a pre-check option, which I cannot stress enough to use. The pre-check compares the two vSphere SSO domains and lists any discrepancies in a conflict JSON file. This is your opportunity resolve any of the discrepancies before running the domain repoint tool. The repoint tool can migrate licenses, tags, categories, and permissions from one vSphere SSO Domain to another.

 

 

 

CLI Tools (Cont)

Another CLI enhancement is around using the cli installer to manage the vCenter Server Appliance lifecycle. The vCenter Server Appliance ISO comes with JSON template examples. These JSON templates are a way to ensure consistency across installs, upgrades, and migrations. Usually, we would have to run one JSON template from the cli installer at a time in the correct order. This manual per-node deployment is now a thing of the past with batch operations. With batch operations, several JSON templates can be run in sequence from a single directory without intervention. Before running use pre-checks option on the directory to verify the templates including sequence.

 

 

Lifecycle Management Operations


VMware vSphere 6.7 includes several improvements that accelerate the host lifecycle management experience to save administrators valuable time.


 

New vSphere Update Manager Interface

 

1.  Launch the Google Chrome Browser

 

1.  Select Use Windows session authentication

2. Click on Login

 

On the home page for vCenter Server:

1. Click on Menu

2. Click on Update Manger

 

1. Click on Updates

2. Filter on the ID

3. Enter 2018

The results will be filtered for any patches released in 2018.  You can also filter by the version, under releases, category, type etc...

 

 

Update Manager with Embedded Linked Mode

With the introduction of embedded linked mode in vSphere 6.7, you can now manage Update Manager instances through the same interface.

 

 

 

 

Upgrades from 6.5 to 6.7

Hosts that are currently on ESXi 6.5 will be upgraded to 6.7 significantly faster than ever before. This is because several optimizations have been made for that upgrade path, including eliminating one of two reboots traditionally required for a host upgrade. In the past, hosts that were upgraded with Update Manager were rebooted a first time in order to initiate the upgrade process, and then rebooted once again after the upgrade was complete. Modern server hardware, equipped with hundreds of gigabytes of RAM, typically take several minutes to initialize and perform self-tests. Doing this hardware initialization twice during an upgrade really adds up, so this new optimization will significantly shorten the maintenance windows required to upgrade clusters of vSphere infrastructure.

These new improvements reduce the overall time required to upgrade clusters, shortening maintenance windows so that valuable efforts can be focused elsewhere.

Recall that, because of DRS and vMotion, applications are never subject to downtime during hypervisor upgrades  VMs are moved seamlessly from host to host, as needed.

 

 

vSphere Quick Boot

What is the Quick Boot functionality? Quick Boot functionality allows restarting only the hypervisor instead of going through a full reboot of the host hardware including POSTing, etc. This functionality is utilized with vSphere Update Manager so that patching and upgrades are completed much more quickly. A note here before getting excited about potential backwards compatibility, this functionality is only available for hosts that are running ESXi 6.7. Even if your hardware is compatible with the new Quick Boot, if you are running a legacy version of ESXi, this won't be available.

Host reboots occur infrequently but are typically necessary after activities such as applying a patch to the hypervisor or installing a third-party component or driver. Modern server hardware that is equipped with large amounts of RAM may take many minutes to perform device initialization and self-tests.

Quick Boot eliminates the time-consuming hardware initialization phase by shutting down ESXi in an orderly manner and then immediately re-starting it. If it takes several minutes, or more, for the physical hardware to initialize devices and perform necessary self-tests, then that is the approximate time savings to expect when using Quick Boot! In large clusters, that are typically remediated one host at a time, it's easy to see how this new technology can substantially shorten time requirements for data center maintenance windows.

Due to the nature of our lab, we can't demonstrate Quick Boot because ESXi running on ESXi!  Click on this video to watch Quick Boot in action!

 

Getting Started with Update Manager


VMware vSphere Update Manager is a tool that simplifies and centralizes automated patch and version management for VMware vSphere and offers support for VMware ESX hosts, virtual machines, and virtual appliances.  

With Update Manager, you can perform the following tasks:

  1. Upgrade and Patch ESXi hosts.
  2. Upgrade virtual machine hardware, VMware Tools, and Virtual Appliances.

vSphere Update Manager is installed and running by default in the vCenter Server Appliance. Each vCenter Appliance will have a single vSphere Update Manager paired with it.


 

Log into the vSphere Web Client

 

Using the Chrome web browser, navigate to the URL for the Web client.  For this lab, you can use the shortcut in the address bar.

  1. Click the RegionA bookmark folder
  2. Click on bookmark for RegionA vSphere Client (HTML)
  3. Check the Use Windows session authentication box
  4. Click Login

Alternatively, you could use these credentials

  1. User name: corp\Administrator
  2. Password: VMware1!

Please Note: All of the user credentials used in this lab are listed in the README.TXT file on the desktop.

 

 

Gain screen space in Chrome by zooming out

 

The lab desktop is limited to 1280x800 screen resolution. It might be helpful to zoom out the browser for better readability.

  1. Select the Options menu in Chrome.
  2. Click the '-' button to zoom out to 90%

This will provide more viewing space while still allowing you to read the text.

 

 

Navigate to Update Manager

 

Navigate to the Update Manager interface

  1. Click the Menu icon
  2. Click Update Manager

 

 

Select vcsa-01b.corp.local

 

We are going to create a baseline on the vcsa-01b vCenter Server.

  1. Ensure vcsa-01b.corp.local is selected in the host drop down menu.

 

 

Baselines and Baseline Groups

 

Baselines can be upgrade, extension, or patch baselines.  Baselines contain a collection of one or more patches, extensions, or upgrades.  

Baseline groups are assembled from existing baselines, and might contain one upgrade baseline per type of upgrade baseline, and one or more patch and extension baselines.  When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines and baseline groups to determine their level of compliance.

By default, Update Manager contains two predefined dynamic patch baselines.

We are going to create a new baseline, which we will then use to scan a vSphere host so that we can make sure that it has the latest patches.

  1. Select the Baselines tab.
  2. Click the New icon
  3. Click New Baseline

 

 

New Baseline

 

  1. Type the name HOL Host Baseline and a description of the baseline.
  2. Under description type Host Baseline
  3. Use the scrollbar to the right to access the rest of this screen

 

 

Baseline Definition (con't)

 

  1. Select the Patch radio button
  2. Click Next to continue.

 

 

Select Patches Automatically

 

This screen gives the baseline the ability to continually update itself based on the criteria you select.  You can use these options to narrow the scope of the patches added to this baseline (selecting embeddedExi 6.5.0 would limit this baseline to only those patches relevant to ESXi 6.5).

Some areas you can refine the baseline patches to are:

  1. For our example, we will leave the default setting to automatically update the baseline as new patches become available. We will also leave the default Criteria settings of Any for all options.
  2. Click Next

 

 

Select Patches Manually

 

From this screen you have the ability to manually select patches for the baseline to include.  Since we have selected the option to have this baseline automatically updated, this screen will appear without patches to select.  If you disable the automatic option in the previous screen, you would now be presented with a listing of all patches available which you could manually select to include in this baseline.

  1. Click Next

 

 

Ready to complete

 

Review the settings of the patch baseline you created before finishing the wizard

  1. Click Finish to complete the Patch Baseline

 

 

Return to Clusters and Hosts

 

Next, we are going to attach the baseline we just created to a host. This makes sure that scanning and remediation happens for the host.

  1. Click on the Menu Icon
  2. Select Hosts and Clusters

 

 

Attach Patch Baseline to Host

 

 

  1. Expand vcsa-01b.corp.local vCenter Server --> RegionB01 Datacenter --> RegionB01-COMP01 Cluster
  2. Click on the esx-01b.corp.local Host
  3. Select the Updates tab.
  4. Click on Attach

 

 

Select the Baseline

 

In the new window that opens,

  1. Click on HOL Host Baseline - this is the new Baseline that we just created
  2. Click on OK to continue

 

 

Verify the Baseline is Attached

 

Before we scan the host for compliance with our new baseline, let's verify the new baseline is attached and see what the current status of its compliance is.

  1. Verify HOL Host Baseline is listed in the Attached Baselines
  2. Notice that the current status indicates Unknown, this is a normal status when you attach a new baseline. Update Manager has not yet scanned this host and compared its current state to the baseline state.

In the next step, we will scan the host and see if it is in compliance with the attached baseline.

 

 

Scan the Host

 

We will now scan this host to see if it is compliant with the baseline.

  1. Click the CHECK COMPLIANCE button
  2. You may receive a message in a blue bar at the top of your screen indicating a refresh is needed, click the Refresh link to update the screen. After you click Refresh, you can safely close the message window with the "X"
  3. Notice the new status of this host.  It is now Compliant. This indicates that the host meets the patch criteria selected in this baseline. 

Had this host been missing any patches identified in the baseline criteria, the status would have indicated Not Compliant indicating the host is missing a patch identified in the baseline, you could then remediate this host using the Remediate option on this screen.

Note:  pre-check is now a separate operation, allowing administrators to verify that a cluster is ready for an upgrade before initiating the workflow.

 

 

Video: Upgrading vSphere Hosts Using Update Manager

vSphere Update Manager can also be used to update the VMware tools on a virtual machine.  The following video outlines the process.

 

Embedded Linked Mode


vCenter Embedded Linked Mode is enhanced linked mode support for vCenter Server Appliance with an embedded Platform Services Controller.  This lab is configured using vSphere 6.7 Embedded Linked Mode.

With vCenter Embedded Linked Mode, you can connect multiple vCenter Server Appliances with embedded Platform Services Controllers together to form a domain. vCenter Embedded Linked Mode is not supported for Windows vCenter Server installations. vCenter Embedded Linked Mode is supported starting with vSphere 6.5 Update 2 and suitable for most deployments.

Other features of vCenter Embedded Linked Mode include:


 

Embedded Linked Mode (Demo)

 

Conclusion


vSphere 6.7 builds on the technological innovation delivered by vSphere 6.5, and elevates the customer experience to an entirely new level. It provides exceptional management simplicity, operational efficiency, and faster time to market, all at scale.

 6.7 delivers an exceptional experience for the user with an enhanced vCenter Server Appliance (vCSA). It introduces several new APIs that improve the efficiency and experience to deploy vCenter, to deploy multiple vCenters based on a template, to make management of vCenter Server Appliance significantly easier, as well as for backup and restore. It also significantly simplifies the vCenter Server topology through vCenter with embedded platform services controller in enhanced linked mode, enabling customers to link multiple vCenters and have seamless visibility across the environment without the need for an external platform services controller or load balancers.

Moreover, with vSphere 6.7 vCSA delivers phenomenal performance improvements:

These performance improvements ensure a blazing fast experience for vSphere users, and deliver significant value, as well as time and cost savings in a variety of use cases, such as VDI, Scale-out apps, Big Data, HPC, DevOps, distributed cloud native apps, etc.

vSphere 6.7 improves efficiency at scale when updating ESXi hosts, significantly reducing maintenance time by eliminating one of two reboots normally required for major version upgrades (Single Reboot). In addition to that, vSphere Quick Boot is a new innovation that restarts the ESXi hypervisor without rebooting the physical host, skipping time-consuming hardware initialization.

Another key component that allows vSphere 6.7 to deliver a simplified and efficient experience is the graphical user interface itself. The HTML5-based vSphere Client provides a modern user interface experience that is both responsive and easy to use. With vSphere 6.7, it includes added functionality to support not only the typical workflows customers need but also other key functionality like managing NSX, vSAN, VUM as well as third-party components.


 

You've finished Module 2!

 

Congratulations on completing Module 2!

To review more info on the new management features please use the links below:

Proceed to any module below which interests you most.

 

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 3 - Comprehensive Built-in Security (60 minutes)

Introduction


vSphere 6.7 builds on the security capabilities in vSphere 6.5 and leverages its unique position as the hypervisor to offer comprehensive security that starts at the core, via an operationally simple policy-driven model.

This module will highlight:

 


Support for New Security Technologies


The goals of security in 6.7 are twofold. Introduce more easy to use security features and meet requirements set by customers IT and Security teams. With vSphere 6.7 we have achieved both goals. Let's dive into some of the new features and changes.  vSphere 6.7 includes support for the latest security features on the market.


 

TPM 2.0 Support for ESXi

TPM (Trusted Platform Module) is a device on your laptop, desktop or server system. It is used to store encrypted data (keys, credentials, hash values). TPM 1.2 support has been around for many years on ESXi but was primarily used by partners. TPM 2.0 is not backwards compatible with 1.2 and required all new device drivers and API development. The Trusted Computing Group has a great overview on what a TPM is and does.

ESXi's use of TPM 2.0 builds upon our work in 6.5 with Secure Boot. We validate that the system has booted with Secure Boot enabled and we take measurements and store them in the TPM. vCenter reads those measurements and compares them with values reported by ESXi itself. If the values match, then the host has booted with Secure Boot enabled and all the good stuff such as only running signed code and the inability to install unsigned code is assured. vCenter will provide an attestation report in the vCenter web client showing you the status of each host.

 

 

Virtual TPM 2.0 for VMs

In order to support TPMs for virtual machines our engineers created a virtualized TPM 2.0 device. It shows up in Windows as a normal TPM 2.0 device. Like a physical TPM, it can do crypto operations and store credentials. But how do we secure data stored IN the virtual TPM? We write that data to the VMs nvram file and secure that file with VM Encryption. This keeps the data in the vTPM secured and it travels with the VM. If I copy that VM to another datacenter and that datacenter is not configured to talk to my KMS then the data in that vTPM is secured. All the same VM Encryption rules apply.

Note: only VM home files are encrypted, not VMDKs unless you choose to encrypt them.

Why didn't we use the hardware TPM?

A hardware TPM has many limitations. It is a serial device so it's slow. It has a secured nvram storage size measured in bytes. It's not designed for accommodating 100+ VMs on a host. It won't be able to store all their TPM data on the physical TPM. It would need a scheduler for the crypto operations it does. Imagine 100 VMs trying to encrypt something and depending on a serial device that can only do one at a time?

Even if I could physically store the data, consider a vMotion. I would have to securely remove the data from one physical TPM and copy it to another. And re-sign data with the new TPMs keys. All of these actions are very slow in practice and fraught with additional security issues and requirements.

Note: In order to run virtual TPMs, you will need VM Encryption. That means you will need a 3rd party key management infrastructure in place. 

 

 

Support for Microsoft Virtualization Based Security

Back in 2015, Microsoft introduced Virtualization Based Security. We have worked very closely with Microsoft to provide support for these features in vSphere 6.7. Let's do a quick overview of what is going on under the covers to make this happen.

When you enable VBS on your laptop running Windows 10 the system will reboot and instead of booting Windows 10 directly the system will boot Microsoft's hypervisor. For vSphere, this means the virtual machine that was running Windows 10 directly is now running Microsoft's hypervisor which is now running Windows 10. This is called nested virtualization and it is something that VMware has a HUGE amount of experience with. We have been using nested virtualization in our Hands-On Labs for years.

When you enable VBS at the vSphere level that one checkbox is turning on a number of features.

What this will NOT do is enable VBS within the VMs Guest OS. For that, you would follow Microsoft guidance. This can be done with PowerShell scripts, Group Policies, etc.

The point being is that vSphere's role is to provide the virtual hardware to support enablement of VBS. Combined with a virtual TPM you can now enable VBS and turn on features such as Credential Guard.

 

VM Encryption


VMware vSphere® virtual machine encryption (VM encryption) is a feature introduced in vSphere 6.5 to enable the encryption of virtual machines. VM encryption provides security to VMDK data by encrypting I/Os from a virtual machine (which has the VM encryption feature enabled) before it gets stored in the VMDK.


 

How to Enable VM Encryption for vSphere 6.7

Creating an encrypted virtual machine is faster and uses fewer storage resources than encrypting an existing virtual machine. Encrypt the virtual machine as part of the creation process if possible.  (Please see HOL-1911-04-SDC - vSphere 6.7 Security Getting Started, Module 3 for additional hands-on training.)

Prerequisites

Procedure

  1. Connect to vCenter Server by using the vSphere HTML 5 Client.
  2. Select an object in the inventory that is a valid parent object of a virtual machine, for example, an ESXi host or a cluster.
  3. Right-click the object, select New Virtual Machine > New Virtual Machine, and follow the prompts to create an encrypted virtual machine.

 

 

 

Enabling VM Encryption

Check out this video to see how you enable VM encryption on a VM in vSphere 6.7

 

Configure Hytrust KMS Server in vCenter Server


In this lesson, we will add (2) HyTrust KMS servers which allows us to encrypt virtual machines as well as use encrypted vMotion. Without a trust established between the vCenter server and a KMS server, we would not be able to take advantage of the new vSphere 6.7 encryption capabilities.


 

Launch Google Chrome

 

If Google Chrome is not already open, perform the following step, otherwise skip this step:

  1. Click the Google Chrome icon on the Quick Launch bar.

 

 

RegionA

 

Do the below step If you are opening a new Google Chrome browser window, otherwise, you can skip this step:

  1. Click on the RegionA folder in the Bookmark Toolbar.
  2. Then click on RegionA vSphere Client (HTML).

 

 

Log into RegionA vCenter Server

 

If already logged into the RegionA vCenter server, you can skip the below steps. If you aren't, complete the following steps:

  1. Type administrator@corp.local in the the User name: text field.
  2. Type VMware1! into the Password: text field.
  3. Click on the Login button.

 

 

Menu Drop-down

 

  1. Click on the Menu drop-down icon at the top of the screen.
  2. Then select Global Inventory Lists from the Menu drop-down menu.

 

 

Select vCenter Server

 

  1. Click on vCenter Servers from the Global Inventory List.

 

 

vcsa-01a.corp.local

 

  1. Click on the vcsa-01a.corp.local vCenter Server.

 

 

Add HyTrust Key Manager (KMS) Server

 

In order to use any type of encryption in vSphere, we must first have a Key Management Server (KMS) server up and running. Then we have to add at least (1) KMS server to vCenter server and configure the trust relationship between the KMS and vCenter servers. So the first thing we need to do is add a KMS server to vCenter, perform the following tasks to accomplish this:

  1. Click on the Configure tab in the content pane.
  2. Click on Key Management Servers under the More category.
  3. Click ADD in the content pane to add a KMS server.

 

 

vcsa-01a.corp.local - Add KMS

 

  1. Type HOL-KMS-01a in the New cluster name text field.
  2. Type kms-01a in the Server name text field.
  3. Type kms-01a.corp.local in the Server address text field.
  4. then type 5696 in the Server port text field.
  5. Now click the ADD button.

 

 

kms-01a.corp.local - Trust

 

  1. Click on the TRUST button in the Make vCenter Trust KMS pop-up window.

 

 

Make KMS Trust vCenter

 

We see that the HyTrust KMS server is showing its Connection State with nothing in it, so at this point we need to finish setting up the trust between the vCenter server and the HyTrust KMS server.

To create the trust relationship between the HyTrust KMS Server and the vCenter server:

  1. Select the radius button next to the kms-01a KMS server name.
  2. Click on the MAKE KMS TRUST VCENTER link.

 

 

KMS Certificate and Private Key

 

  1. Select the radius button next to KMS certificate and private key.  
  2. Click on the NEXT button.

 

 

Import KMS Certificate and Private Key

 

  1. Click on the Upload file button at the top half of the pop-up window.

 

 

Select Certificate

 

We have already downloaded this certificate PEM file from the HyTrust KMS server web interface.

  1. Browse to the following path "C:\LabFiles\HOL-1911\KMIPvcsa01a\"
  2. Select the KMIPvcsa01a.pem file.
  3. Click on the Open button.

NOTE:  Be sure that you selected the KMIPvcsa01a.pem file from the KMIPvcsa01a folder and not from the KMIPvcsa01b folder!

 

 

Upload Certificate

 

  1. Click on the Upload file button.

 

 

Select Certificate

 

We have already downloaded this certificate PEM file from the HyTrust KMS server web interface.

  1. Browse to the following path "C:\LabFiles\HOL-1911\KMIPvcsa01a\"
  2. Select the KMIPvcsa01a.pem file.
  3. Click on the Open button.

NOTE:  Be sure that you selected the KMIPvcsa01a.pem file from the KMIPvcsa01a folder and not from the KMIPvcsa01b folder!

 

 

Establish Trust

 

  1. Click on the ESTABLISH TRUST button.

 

 

Confirm Trust and Connection Status

 

To validate a trust relationship has been established between the HyTrust KMS Server and the vCenter server:

  1. Verify that it shows the HyTrust KMS server with a status of Connected under Connection State column and it says Valid under vCenter Certificate Status column.

 

 

Select vcsa-01b.corp.local

 

Now we will add the kms-01b.corp.local HyTrust KMS server to the vcsa-01b.corp.local vCenter server.

  1. In the left Navigation pane, click on the vcsa-01b.corp.local vCenter server.

 

 

Add HyTrust Key Manager (KMS) Server

 

We will not repeat the same process to add this second HyTrust KMS server as we just did earlier in this lesson.

  1. Click on the Configure tab in the content pane.
  2. Click on Key Management Servers under the More category.
  3. Click ADD in the content pane to add a KMS server.

 

 

vcsa-01b.corp.local - Add KMS

 

  1. Type HOL-KMS-01b in the New cluster name text field.
  2. Type kms-01b in the Server name text field.
  3. Type kms-01b.corp.local in the Server address text field.
  4. then type 5696 in the Server port text field.
  5. Now click the ADD button.

 

 

kms-01b.corp.local - Trust

 

  1. Click on the TRUST button in the Make vCenter Trust KMS pop-up window.

 

 

Make KMS Trust vCenter

 

We see that the HyTrust KMS server is showing its Connection State with nothing in it, so at this point we need to finish setting up the trust between the vCenter server and the HyTrust KMS server.

To create the trust relationship between the HyTrust KMS Server and the vCenter server:

  1. Select the radius button next to the kms-01b KMS server name.
  2. Click on the MAKE KMS TRUST VCENTER link.

 

 

KMS Certificate and Private Key

 

  1. Select the radius button next to KMS certificate and private key.  
  2. Click on the NEXT button.

 

 

Import KMS Certificate and Private Key

 

  1. Click on the Upload file button at the top half of the pop-up window.

 

 

Select Certificate

 

We have already downloaded this certificate PEM file from the HyTrust KMS server web interface.

  1. Browse to the following path "C:\LabFiles\HOL-1911\KMIPvcsa01b\"
  2. Select the KMIPvcsa01b.pem file.
  3. Click on the Open button.

NOTE:  Be sure that you selected the KMIPvcsa01b.pem file from the KMIPvcsa01b folder and not from the KMIPvcsa01a folder!

 

 

Upload Certificate

 

  1. Click on the Upload file button.

 

 

Select Certificate

 

We have already downloaded this certificate PEM file from the HyTrust KMS server web interface.

  1. Browse to the following path "C:\LabFiles\HOL-1911\KMIPvcsa01b\"
  2. Select the KMIPvcsa01b.pem file.
  3. Click on the Open button.

NOTE:  Be sure that you selected the KMIPvcsa01b.pem file from the KMIPvcsa01b folder and not from the KMIPvcsa01a folder!

 

 

Establish Trust

 

  1. Click on the ESTABLISH TRUST button.

 

 

Confirm Trust and Connection Status

 

To validate a trust relationship has been established between the HyTrust KMS Server and the vCenter server:

  1. Verify that it shows the HyTrust KMS server with a status of Connected under Connection State column and it says Valid under vCenter Certificate Status column.

 

 

Configure HyTrust KMS Server in vCenter Server - Complete

You have completed the first lesson "Configure HyTrust KMS Server in vCenter Server" in this module!

We have completed this lesson of adding (2) HyTrust KMS servers and creating and the associated trusts between it and the vCenter server. We also see that the first HyTrust KMS server that is added is always automatically selected as the Default KMS server for the cluster.

 

Encrypt VMs Using HyTrust KMS Server


In this lesson, we will encrypt a virtual machine using a HyTrust KMS server that is already installed. We will use the vSphere Web Client (HTML5) to do the encrypting and decrypting of the virtual machine.


 

Menu Drop-down

 

Lets first look at the Policies and Profiles section of vCenter to look at the default VM Encryption Policies:

  1. Click on the Menu icon at the top of the page.
  2. Select Policies and Profiles from the Menu drop-down.

 

 

Default VM Encryption Policies

 

  1. Click on VM Storage Policies from the Navigation pane.
  2. We see that there are already (2) VM Encryption Policies, where there is one on each of the vCenter servers by default.  

NOTE: Although VMware creates the default VM Encryption Policies for us, you can also create your own policies if you wish.

 

 

Default Encryption Properties

 

  1. Click on the Storage Policy Components in the Navigation pane.
  2. We see both Default encryption properties components listed, one for each vCenter server.
  3. We also see a description in the bottom of the Content pane.

 

 

Menu Drop-down

 

At this point, lets return to the Hosts and Clusters view so we can start the process of encrypting the core-01a virtual machine:

  1. Click on the Menu icon at the top of the page.
  2. Select Hosts and Clusters from the Menu drop-down.

 

 

Select core-01a

 

We are now going to encrypt the core-01a virtual machine, to do this, perform the following steps:

  1. Right-click on the core-01a virtual machine in the left Navigation Pane.
  2. Click on VM Policies from the drop-down menu.
  3. Then click on Edit VM Storage Policies from the VM Policies drop-down menu.

 

 

core-01a - Edit VM Storage Policies

 

Here we see there are a few default policies that VMware has created already, but we will be selecting the VM Encryption Policy specifically by doing the following:

  1. Click on the arrow in the VM storage policy drop-down menu and select VM Encryption Policy.
  2. Then click on the Configure per disk slider to enable it.

NOTE: In this lab exercise, we are encrypting all the components of the virtual machine. But as we can see, we have the option to select to encrypt just the VM Home folder or the Hard disk 1. In order to encrypt just one item, you must click on the slider in the upper right-hand corner of the window to allow you to select an individual item.

 

 

core-01a - Configure Per Disk

 

We see that once we enabled the Configure per disk option, the VM Home folder and Hard disk 1 are no longer grayed out and we can manage policies individually.

  1. Temporarily click on the drop-down for Hard disk 1 and select VM Encryption Policy. We now see how to individual assign policies for both components of the virtual machine. After reviewing the options, return it to the Datastore Default option.

NOTE: In this lab exercise, we are encrypting all the components of the virtual machine. But as we can see, we have the option to select to encrypt just the VM Home folder or the Hard disk 1.

 

 

core-01a - Edit VM Storage Policies

 

  1. Click on the slider to turn off Configure per disk
  2. Click on the arrow in the VM storage policy drop-down menu and select VM Encryption Policy if it isn't already selected.
  3. Then click on the OK button.

 

 

core-01a - Verify VM Storage Policy Compliance

 

While still having core-01a selected in the Navigation pane, perform the following steps:

  1. In the content pane for core-01a, use the scroll bar to get to the bottom of the page until you see the VM Storage Policies widget.
  2. If need be, click on the arrow in the upper right-hand corner of the VM Storage Policies widget to open it up.
  3. We should now see that the VM Encryption Policy has been assigned to the virtual machine and is also compliant which is represented by a green check mark.

 

 

core-01a - Not Compliant (if needed)

 

If for any reason the VM Storage Policy widget has no information in it after a minute or two or says that it is not compliant, perform the following step:

  1. Click on the Check Compliance link to update the compliance information.

NOTE: Now after clicking on the Check Compliance link, it should update the information in less than a minute and show complaint. If the status doesn't change, try refreshing the web browser window. After that, if it still hasn't updated to reflect correctly, raise your hand for assistance either in the Hands On Lab interface or physically raise your hand to get a proctors attention.

 

 

Select core-01a

 

We are now going to dycrypt the core-01a virtual machine, to do this, perform the following steps:

  1. Right-click on the core-01a virtual machine in the left Navigation Pane.
  2. Click on VM Policies
  3. Select Edit VM Storage Policies

 

 

core-01a - Edit VM Storage Policies

 

  1. Click on the arrow in the VM storage policy drop-down menu and select Datastore Default.
  2. Then click on the OK button.

 

 

core-01a - Verify VM has been Decrypted

 

  1. Click on the Check Compliance link to update the compliance information.
  2. We should now see that the VM Encryption Policy is no longer listed.

NOTE: Now after clicking on the Check Compliance link, it should update the information in less than a few minutes and show  the VM Storage Policy widget empty now. If the status doesn't change, REFRESH the web browser window and recheck the VM Storage Policies widget. If still showing an encryption policy, raise your hand for assistance either in the Hands On Lab interface or physically raise your hand to get a proctors attention.

 

 

Encrypt VM Using HyTrust KMS Server - Complete

In this lesson, we applied the VM Encryption Policy to the core-01a virtual machine using the vSphere Web Client. After we applied the policy, it showed that the virtual machine was compliant with the VM Encryption Policy. Then we went through the same steps to remove the encryption policy from the core-01a virtual machine. Once we completed that task, we could see the VM Storage Policy widget went back to a blank widget. This was an expected behavior and means we successfully removed the encryption on the virtual machines files.

Using the vSphere Web Client is not the only method to encrypting or decrypting a virtual machine. We can also use PowerCLI commands to do the same actions to a single or numerous virtual machines at once and in a more efficient manner. If changing the encryption status of a large amount at virtual machines at once, the best practice would to be use the PowerCLI commands to do so.

In an upcoming lesson, we will discuss the use of PowerCLI for the various encryption related tasks in more detail. Also, later in this module, we will actually encrypt and decrypt virtual machines using the PowerCLI commands.

 

Set VM to Encrypted vMotion Mode


In this lesson, we will walk through the steps to setup a virtual machine to use Encrypted vMotion Mode. We will show the process of configuring it from within the vSphere Web Client. However, we will NOT be actually performing a vMotion action in the lab environment due to resource limitations. Not to mention, we can't actually "see" that the virtual machine does a vMotion action and is encrypted.


 

core-01a - Edit Settings

 

  1. Right-click on the virtual machine named core-01a.
  2. Select Edit Settings from the drop-down menu.

NOTE: The list of virtual machines may be slightly different in the lab environment from what is in the screen capture.

 

 

core-01a - VM Options

 

In the following lab steps, we will go through the steps of setting up Encrypted vMotion, but we won't actually go through with completing the steps since we can't actually see that a vMotion action is encrypted. Not to mention, this helps reduce the amount of required resources in the labs.

  1. Click on the VM Options tab in the pop-up window.
  2. Click on the arrow next to Encryption to expand it and show the Encrypt VM and Encrypted vMotion settings.
  3. We see that either select None or VM Encryption Policy from here which shows us another way to set the encryption on a virtual machine other than in the Policies and Profiles section.  

 

 

core-01a - Encrypted vMotion

 

As a side note, if the virtual machine settings are already set to encrypted, then it will automatically use encrypted vMotion. But we see that we have (3) options for Encrypted vMotion.

  1. Since the VM was previously encrypted, the Encrypted vMotion setting is already set to Required but can be changed.
  2. Click on the CANCEL button since we don't need to actually make the changes since we won't be doing an actual vMotion action.  

 

 

core-01a - Migrate

 

In the next few steps, we won't actually complete the vMotion action since we can't actually see that a vMotion action is encrypted. Not to mention, this helps reduce the amount of required resources in the lab environment.

  1. Right-click on the virtual machine named core-01a.
  2. Select Migrate from the drop-down menu.

 

 

core-01a - Select a Migration Type

 

  1. Keep the default setting Change compute resource only radius button, then click on the NEXT button.

 

 

core-01a - Select a compute resource

 

Currently, the core-01a virtual machine should be on esx-02a.corp.local, so we would migrate it to esx-01a.corp.local.

  1. Select the esx-01a.corp.local host to migrate to.
  2. Verify it says Compatibility checks succeeded under Compatibility.
  3. Then click on the Next button.

 

 

core-01a - Select Networks

 

  1. Verify it says Compatibility checks succeeded under Compatibility.
  2. Keep the default network selected and click on the Next button.

 

 

core-01a - Ready to Complete

 

NOTE:  We are not actually performing the vMotion action for following reasons:

To finish the last step:

  1. We would then review the information to ensure all of the selections we selected are correct.
  2. Normally we would select the Finish button, but since this is a lab environment, we will select the Cancel button so we don't initiate the vMotion task.

 

 

Set VM to Encrypted vMotion Mode - Complete

That completes this lesson on setting virtual machines to enable encrypted vMotion. We learned that no matter if a virtual machine is already encrypted or not, the virtual machine can be encrypted on the source host and then decrypted on the destination host. We also learned that Encrypted vMotion requires no additional settings when the virtual machine is already encrypted. However, when the virtual machine is not encrypted already, we can manually select to encrypt it just to perform a vMotion from one host to another if we wish.

 

Configure Windows 10 for VBS


In this lesson, we will show how to enable Virtualized-Based Security (VBS) on a Windows 10 virtual machine.


 

Launch Google Chrome

 

If Google Chrome is not already open, perform the following step, otherwise you can skip this step if already open:

  1. Or click the Google Chrome icon on the Quick Launch bar.

 

 

RegionA

 

Do the below step If you are opening a new Google Chrome browser window, otherwise, you can skip this step:

  1. Click on the RegionA folder in the Bookmark Toolbar.
  2. Then click on RegionA vSphere Client (HTML).

 

 

Log into RegionA vCenter Server

 

If already logged into the RegionA vCenter server, you can skip the below steps. If you aren't, complete the below steps:

  1. Type administrator@corp.local in the the User name: text field.
  2. Type VMware1! into the Password: text field.
  3. Click on the Login button.

 

 

Hosts and Clusters

 

  1. Click on the Hosts and Clusters icon in the Navigation pane.
  2. If need be, click on the arrow next to vcsa-01a.corp.local vCenter server and expand everything until you see the list of virtual machines.  

 

 

win10 - Edit Settings

 

  1. Right-click on the win10 virtual machine in the Navigation pane.
  2. The click on Edit Settings.

 

 

win10 - Verify Secure Boot

 

We are now going to verify that Secure Boot is enabled for the win10 virtual machine. If it isn't, make sure you select the check box to enable Secure Boot.

  1. Click on VM Options in the Edit Settings pop-up window.
  2. Verify that the check box is checked meaning Secure Boot is enabled, if it isn't, read the note below.
  3. Then click on the OK button.

NOTE: If for any reason Secure Boot WAS NOT already enabled, we will have to power down the win10 virtual machine and then go into the options to enable it. The setting won't hold unless the virtual machine is powered off at the time it is either enabled or disabled.

 

 

win10 - VMs

 

  1. Click on the VMs and Templates icon in the Navigation pane.
  2. Click on the vcsa-01b.corp.local vCenter server in the Navigation pane.
  3. Then click on the VMs tab in the Content pane.

 

 

win10 - Show/Hide Columns

 

  1. Click on the down-arrow in the column heading.
  2. Click on the vShow/Hide Columns.
  3. Then scroll all the way to the bottom of the list using the scroll bar.
  4. Check the box to enable the TPM and VBS columns.
  5. Click anywhere in the blank area to get rid of the drop-down menu so you can see the TPM column now.

 

 

win10 - VBS Column

 

  1. We now see that in the VBS column the win10 virtual machine reflects it is Not Present.

 

 

win10 - Launch Web Console

 

  1. Click on the Hosts and Clusters icon in the Navigation pane.
  2. Click on the win10 virtual machine in the Navigation pane.
  3. Then click on the Launch Web Console link to open a console window for the virtual machine.

 

 

win10 - Desktop

 

  1. Click anywhere on the desktop to bring up the Login screen.

 

 

win10 - Login

 

  1. Type in VMware1! for the Password text field.
  2. Then click on the arrow icon to log into the virtual machine.

 

 

win10 - Launch PowerShell (Admin)

 

  1. Click on the Windows icon in the lower left-hand corner of the desktop.
  2. Then click on Windows PowerShell (Admin) in the menu.

 

 

PowerShell - Set-ExecutionPolicy

 

We need to first set the execution policy to allow us to run the DG_Readiness_Tool_v3.5.ps1 script.

  1. Type the following command in the PowerShell to change directory location.
Set-ExecutionPolicy Unrestricted
  1. Type the following command in the PowerShell to run the DG Readiness Tool script.
A

 

 

PowerShell - Change Directory & Run Script

 

  1. Type the following command in the PowerShell to change directory location.
cd C:\DG_Readiness_Tool_v3.5\
  1. Type the following command in the PowerShell to run the DG Readiness Tool script.
./DG_Readiness_Tool_v3.5.ps1 -Capable -DG -CG -HVCI

 

 

PowerShell - Script Output

 

  1. We see from the output of running the DG Readiness Tool script that Secure Boot for the win10 virtual machine is not enabled for it. This is a requirement to enable VBS.

 

 

vCenter Server Tab

 

  1. Click on the vSphere web client Google Chrome tab.

 

 

win10 - Shut Down Guest OS

 

  1. Right-click on the win10 virtual machine in the Navigation pane.
  2. Click on Power in the drop-down menu.
  3. Then click on the Shut Down Guest OS in the Power drop-down menu.

NOTE: Wait until the win10 virtual machine is completely shut down before moving to the next step.

 

 

win10 - Edit Settings

 

  1. Right-click on the win10 virtual machine in the Navigation pane.
  2. The click on Edit Settings.

 

 

win10 - VM Options

 

  1. Click on the VM Options tab in the pop-up window.
  2. Click on the Enabled check box next to Secure Boot to enable it.
  3. Then click on the OK button.

 

 

win10 - Power On

 

  1. Right-click on the win10 virtual machine in the Navigation pane.
  2. Click on Power from the drop-down menu.
  3. Then click on Power On from the Power drop-down menu.

 

 

win10 Virtual Machine Tab

 

  1. Click on the win10 Google Chrome tab.

NOTE: We may have to refresh the win10 browser tab in case it has timed out. Then we will also have to log back into the user account using the "VMware1!" password again.

 

 

win10 - Launch PowerShell (Admin)

 

  1. Click on the Windows icon in the lower left-hand corner of the desktop.
  2. Then click on Windows PowerShell (Admin) in the menu.

 

 

PowerShell - Change Directory & Run Script

 

  1. Type the following command in the PowerShell to change directory location.
cd C:\DG_Readiness_Tool_v3.5\
  1. Type the following command in the PowerShell to run the DG Readiness Tool script.
./DG_Readiness_Tool_v3.5.ps1 -Capable -DG -CG -HVCI
  1. We see that now everything shows green as good and it now says "Machine is Device Guard / Credential Guard Ready" to be enabled which we will do in the next lesson.

 

 

Configure Windows 10 for VBS - Complete

In this lesson, we verified the win10 virtual machine's settings that EFI Firmware, Secure Boot, and the Virtual Based Security (VBS) was enabled.

 

FIPS 140-2 Validated Cryptographic Modules by Default


Within vSphere (vCenter Server and ESXi) systems, two modules are used for cryptographic operations. The VMware Kernel Cryptographic Module is used by the VM Encryption and Encrypted vSAN features; the OpenSSL module is used for functions such as certificate generation and TLS connections. These two modules have passed FIPS 140-2 validation. Customers have asked whether vSphere is FIPS Certified. FIPS Certified applies to a full solution of hardware and software that is tested and configured together. VMware has made it much easier for our partners to certify vSphere systems for FIPS operations. Cryptographic operations in vSphere systems are performed using the highest standards because all FIPS 140-2 cryptographic operations are enabled by default.


Conclusion


vSphere 6.7 enables organizations to implement new security features and makes it easier to comply with regulatory requirements and secure your environment from threats.  Please check out the lab HOL-1911-04-SDC - vSphere 6.7 Security - Getting Started for a deeper dive into all the new features.


 

You've finished Module 3!

 

Congratulations on completing Module 3!

To review more info on the security features please use the links below:

Proceed to any module below which interests you most.

 

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 4 - Universal Application Platform (15 minutes)

Introduction


vSphere 6.7 can run any type of enterprise workload, anywhere.  Not every company can make the transition from legacy to modern as quickly as they would like.  VMware can support modern applications such as machine learning, artificial intelligence, big data, cloud-native, in memory, and 3-D graphics on the same platform as traditional business critical applications.


NVIDIA Grid: Optimize GPU Usage For VM on vSphere 6.7 Servers


Learn how to optimize GPU usage for virtual machines on vSphere Servers. When you enable 3D graphics, you can select a hardware or software graphics renderer and optimize the graphics memory allocated to the virtual machine. You can increase the number of displays in multi-monitor configurations and change the video card settings to meet your graphics requirements.


Persistent Memory


With vSphere Persistent Memory, customers using supported hardware servers, can get the benefits of ultra-high-speed storage at a price point closer to DRAM-like speeds at flash-like prices. The following diagram shows the convergence of memory and storage.

 

Technology at the top of the pyramid (comprised of DRAM and the CPU cache and registers) have the shortest latency (best performance) but this comes at a higher cost relative to the items at the bottom of the pyramid. All of these components are accessed directly by the application  also known as load/storage access.

Technology at the bottom of the pyramid  represented by Magnetic media (HDDs and tape) and NAND flash (represented by SSDs and PCIe Workload Accelerators) have longer latency and lower costs relative to the technology at the top of the pyramid. These technology components have block access meaning data is typically communicated in blocks of data and the applications are not accessed directly.

PMEM is a new layer called Non-Volatile Memory (NVM) and sits between NAND flash and DRAM, providing faster performance relative to NAND flash but also providing the non-volatility not typically found in traditional memory offerings. This technology layer provides the performance of memory with the persistence of traditional storage.

Enterprise applications can be deployed in virtual machines which are exposed to PMEM datastores. PMEM datastores are created from NVM storage attached locally to each server. Performance benefits can then be attained as follows:

Applications deployed on PMEM backed datastores can benefit from live migration (VMware vMotion) and VMware DRS  this is not possible with PMEM in physical deployments.


 

Remote Directory Memory Access

vSphere 6.7 introduces new protocol support for Remote Direct memory Access (RDMA) over Converged Ethernet, or RoCE (pronounced rocky) v2, a new software Fiber Channel over Ethernet (FCoE) adapter, and iSCSI Extension for RDMA (iSER). These features enable customers to integrate with even more high-performance storage systems providing more flexibility to use the hardware that best compliments their workloads.

RDMA support is enhanced with vSphere 6.7 to bring even more performance to enterprise workloads by leveraging kernel and OS bypass reducing latency and dependencies. This is illustrated in the diagram below.

 

When virtual machines are configured with RDMA in a pass thru mode, the workload is basically tied to a physical host with no DRS capability i.e. no ability to vMotion. However customers who want to harness the power vMotion and DRS and still experience the benefits of RDMA , albeit at a very small performance penalty can do so  with para virtualized RDMA software (PVRDMA). With PVRDMA, applications can run even in the absence of an Host Channel Adapter (HCA) card. RDMA-based applications can be run in ESXi guests while ensuring virtual machines can be live migrated.

Use cases for this technology include distributed databases, financial applications, and Big Data.

 

 

Summary

vSphere 6.7 continues to showcase VMwares technological leadership and fruitful collaboration with our partners by adding support for a key industry innovation to significantly enhance performance for existing and new apps.

 

Cloning a Virtual Machine with Instant Clone


You can use the Instant Clone technology to create powered on virtual machines from the running state of another powered on virtual machine. The result of an Instant Clone operation is a new virtual machine that is identical to the source virtual machine. With Instant Clone you can create new virtual machines from a controlled point in time. Instant cloning is very convenient for large scale application deployments because it ensures memory efficiency and allows for creating numerous virtual machines on a single host.

The result of an Instant Clone operation is a virtual machine that is called a destination virtual machine. The processor state, virtual device state, memory state, and disk state of the destination virtual machine are identical to those of the source virtual machine. To avoid network conflicts, you can customize the virtual hardware of the destination virtual machine during an Instant Clone operation. For example, you can customize the MAC addresses of the virtual NICs or the serial and parallel port configurations of the destination virtual machine. vSphere 6.7 does not support customization of the guest OS of the destination virtual machine. For information about manual guest OS customization, see the vSphere Web Services SDK Programming Guide.

During an Instant Clone operation, the source virtual machine is stunned for a short period of time, less than 1 second. While the source virtual machine is stunned, a new writable delta disk is generated for each virtual disk and a checkpoint is taken and transferred to the destination virtual machine. The destination virtual machine then powers on by using the source's checkpoint. After the destination virtual machine is fully powered on, the source virtual machine also resumes running.

Instant Cloned virtual machines are fully independent vCenter Server inventory objects. You can manage Instant Cloned virtual machines like regular virtual machines without any restrictions.


Conclusion


vSphere 6.7 further improves the support and capabilities introduced for graphics processing units (GPUs) through the VMware collaboration with NVIDIA. Persistent Memory and Instant Clone technology allow for a universal application platform that supports new workloads and leverages hardware innovations for enhanced performance.


 

You've finished Module 4!

 

Congratulations on completing Module 4!

To review more info on the features covered in this module, please use the links below.

Proceed to any module below which interests you most.

 

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 5 - Seamless Hybrid Cloud Experience (15 minutes)

Introduction


VMware vSphere 6.7 is the efficient and secure platform for hybrid clouds, fueling digital transformation by delivering simple and efficient management at scale, comprehensive built-in security, a universal application platform, and seamless hybrid cloud experience.


Migrating Virtual Machines from vCenter to vCenter


Cross vCenter vMotion

The use of Cross vCenter vMotion (x-vC-vMotion) allows for migration of VM's between vCenters that are in the same or different datacenters. This feature allows administrators to easily move VM's between vCenters without downtime. The vCenters can be in the same data center or another data center with no more than 150 milliseconds of latency between the datacenters.

Requirements for Migration Between vCenter Server Instances


 

Open Chrome Browser from Windows Quick Launch Task Bar

 

  1. Click on the Chrome Icon on the Windows Quick Launch Task Bar.

 

 

Login to vCenter Server

 

Log into RegionA vCenter

  1. Click on the RegionA folder in the Bookmark toolbar.
  2. Click on RegionA vSphere Client (HTML) link in the bookmark toolbar.
  3. Check the Use Windows session authentication checkbox.
  4. Click the Login button.

 

 

Start the Migration Wizard

 

  1. Right click core-01a.
  2. Select Migrate... from the context menu that appears.

This will start the migration wizard where we can select where we want to place our VM. Also note that the list of VMs you see may vary based on which other labs you have done. Also, note that this is the same option you would use if you were performing a vMotion with a vCenter or cluster. You use the same regardless of what your vMotion destination is.

 

 

Select a migration type

 

  1. Select Change both compute resource and storage option.
  2. Click Next

 

 

Select a compute resource

 

  1. Expand the tree under vcsa-01b.corp.local, RegionB01, and RegionB01-COMP01
  2. Select host esx-01b.corp.local
  3. NOTE: The wizard will check the compatibility of the host to verify that it meets a set of requirements to migrate. Additional information on what is being checked can be found in the VMware vSphere 6.7 Documentation Center.
  4. Click Next

 

 

Select storage

 

  1. Select the storage RegionB01-iSCSI01-COMP01
  2. Click Next

The vMotion will migrate the VM to a new datastore that is available on the new host. This allows VM's to be moved between clusters, vCenters, or datacenters that do not have shared storage.

 

 

Select folder

 

  1. Select RegionB01
  2. Click Next

 

 

Select networks

 

  1. Select the VM-RegionB01-vDS-COMP network.
  2. Click Next

This will change the port group the VM is associated with. There are no changes within the VM to the IP or network configuration. Your network must be setup in a way that allows the VM to move to this new port group without these changes. Network Virtualization is a way to extend the layer 2 network across Layer 3 boundaries. Please see the NSX Labs “HOL-1903-01-NET Getting Started with VMware NSX” and “HOL-1925-02-NET VMware NSX Multi-Site and SRM in an Active-Standby Setup” for more information.

Note that depending on which other modules you may have done, you may see an additional screen in the wizard asking you to set a vMotion Priority. If you see this screen, leave the default settings and click Next.

 

 

Ready to complete

 

  1. Review the settings that vCenter will use to perform the vMotions, and click Finish

 

 

Watch Progress in Recent Tasks

 

We can view the progress of the operation in the Recent Tasks pane at the bottom of the screen.

Note that if you do not see the Recent Tasks pane, you may need to expand it by clicking on Recent Tasks on the right side of the screen.

 

 

 

Migration Complete

 

That's all there is to it. In the left navigation pane you can now see the core-01a VM has been moved to the RegionB01-COMP01 Cluster, which is in the vcsa-01b.corp.local vCenter. As with any other vMotion, this is done with no downtime. The ability to vMotion VMs between hosts, clusters, vCenters, and virtual switches give you even greater flexibility than you had before when managing your workloads.

Note: If you plan on continuing and taking other modules in this lab, please use the same process to vMotion the VM back to the RegionA vCenter. Use the following information to assist with this:

 

 

Conclusion

Migrating VM's between vCenters is a very simple process. Cross vCenter vMotion allows an Administrator to easily move workloads between vCenters that are in the same data center or different data centers without down time. This reduces the amount of time spent during migrations and consolidations. Storage is also migrated allowing for migrations between different types of storage and removing the need for storage replication and downtime. The network must be available on both ends of the migration to prevent the VM from losing its network connection. This can be done through Layer 2 stretching or Network Virtualization.

 

Enhanced vMotion Capability


Let's say your manager tells you that the company has purchased a competitor and they would like to migrate all the VMs from the acquisition's data center to your company's data center over the next few months.  What do you need to know to plan this migration?  With vSphere 6.7 you can do this using Per VM-EVC to migrate machines from one hardware platform to another.


 

Per VM-EVC

Cluster-level EVC ensures CPU compatibility between hosts in a cluster, so that you can seamlessly migrate virtual machines within the EVC cluster. In vSphere 6.7, you can also enable, disable, or change the EVC mode at the virtual machine level. The per-VM EVC feature facilitates the migration of the virtual machine beyond the cluster and across vCenter Server systems and datacenters that have different processors.

The EVC mode of a virtual machine is independent from the EVC mode defined at the cluster level. The cluster-based EVC mode limits the CPU features a host exposes to virtual machines. The per-VM EVC mode determines the set of host CPU features that a virtual machine requires in order to power on and migrate.

By default, when you power on a newly created virtual machine, it inherits the feature set of its parent EVC cluster or host. However, you can change the EVC mode for each virtual machine separately. You can raise or lower the EVC mode of a virtual machine. Lowering the EVC mode increases the CPU compatibility of the virtual machine. You can also use the API calls to customize the EVC mode further.

 

 

Cluster-based EVC and Per-VM EVC

There are several differences between the way the EVC feature works at the host cluster level and at the virtual machine level.

 

VMware Cloud (VMC) on AWS


VMware Cloud on AWS is an integrated cloud offering jointly developed by AWS and VMware delivering a highly scalable, secure and innovative service that allows organizations to seamlessly migrate and extend their on-premises VMware vSphere-based environments to the AWS Cloud running on next-generation Amazon Elastic Compute Cloud (Amazon EC2) bare metal infrastructure. VMware Cloud on AWS is ideal for enterprise IT infrastructure and operations organizations looking to migrate their on-premises vSphere-based workloads to the public cloud, consolidate and extend their data center capacities, and optimize, simplify and modernize their disaster recovery solutions. VMware Cloud on AWS is delivered, sold, and supported globally by VMware and its partners with availability in the following AWS Regions: US West (Oregon), US East (N. Virginia), Europe (London), and Europe (Frankfurt).

 

VMware Cloud on AWS brings the broad, diverse and rich innovations of AWS services natively to the enterprise applications running on VMware's compute, storage and network virtualization platforms. This allows organizations to easily and rapidly add new innovations to their enterprise applications by natively integrating AWS infrastructure and platform capabilities such as AWS Lambda, Amazon Simple Queue Service (SQS), Amazon S3, Elastic Load Balancing, Amazon RDS, Amazon DynamoDB, Amazon Kinesis and Amazon Redshift, among many others.

With VMware Cloud on AWS, organizations can simplify their Hybrid IT operations by using the same VMware Cloud Foundation technologies including vSphere, vSAN, NSX, and vCenter Server across their on-premises data centers and on the AWS Cloud without having to purchase any new or custom hardware, rewrite applications, or modify their operating models. The service automatically provisions infrastructure and provides full VM compatibility and workload portability between your on-premises environments and the AWS Cloud. With VMware Cloud on AWS, you can leverage AWS's breadth of services, including compute, databases, analytics, Internet of Things (IoT), security, mobile, deployment, application services, and more.


 

Onboarding VMware Cloud on AWS

Joining the VMware Cloud on AWS (VMC) service is not like deploying vCenter or other VMware products. Because VMC is a managed service operated by VMware, you need on onboard to the service and create what we call an Organization which is the key tenant construct within VMC.

In the video below, we show this process from beginning to end.

 

 

Migration from On-prem to VMC on AWS - NSX Hybrid Connect

 

Conclusion


The primary benefit of the hybrid cloud model is flexibility and freedom, but it also creates a seamless experience such that end users are completely indifferent as to whether an application is running in a public or private cloud. IT has the ability to deploy and run applications anywhere without the risk of getting locked in to the APIs of a specific cloud provider and can access infrastructure on demand using a consistent set of tools and skillsets. Cross vCenter vMotion, Enhance vMotion Capability with Per-VM EVC, and VMware Cloud on AWS all help deliver the Seamless Hybrid Cloud Experience.

 


 

You've finished Module 5!

 

Congratulations on completing Module 5!

To review more info on the features covered in this module, please use the links below: 

Proceed to any module below which interests you most.

 

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-1911-01-SDC

Version: 20181211-122511