VMware Hands-on Labs - HOL-2011-91-SDC


HOL-2011-91-SDC-vSphere 6.7 Lightning Lab: Simple & Efficient Management at Scale

Overview - vSphere 6.7 Lightning Lab: Simple & Efficient Management at Scale


Welcome to vSphere 6.7 Lightning Lab: Simple & Efficient Management at Scale

We have developed Lightning Labs to help you learn about VMware products in small segments of time.

In this lab, you will explore vSphere 6.7 Update 2 improvements and new features in ESXi and vCenter Server management and lifecycle:

Lab Captain:

Interested in learning what else you can do with vSphere 6.7 Update 2? Explore the full lab: vSphere  - Getting Started

Lab SKU: HOL-2011-01-SDC

Below are the lab modules included in the complete vSphere - Getting Started  lab:

If you have never taken a lab, view the to see best practices and tips on how to use the lab environment console.



Lifecycle Management Operations


VMware vSphere 6.7 Update 2 includes several improvements that accelerate the host lifecycle management experience to save administrators valuable time.

Before starting the lab, we recommend taking a moment to review vSphere 6.7 new features and enhancements developed around vCenter Server Appliance.


 

Open Chrome Browser from Windows Quick Launch Task Bar

 

  1. Click on the Chrome Icon on the Windows Quick Launch Task Bar.

 

 

Log into the vSphere Web Client

 

Using the Chrome web browser, navigate to the URL for the Web client.  For this lab, you can use the shortcut in the address bar.

  1. Click the RegionA bookmark folder
  2. Click on bookmark for RegionA vSphere Client (HTML)
  3. Check the Use Windows session authentication box
  4. Click Login

Alternatively, you could use these credentials

  1. User name: corp\Administrator
  2. Password: VMware1!

Please Note: All of the user credentials used in this lab are listed in the README.TXT file on the desktop.

 

 

Gain screen space in Chrome by zooming out

 

The lab desktop is limited to 1280x800 screen resolution. It might be helpful to zoom out the browser for better readability.

  1. Select the Options menu in Chrome.
  2. Click the '-' button to zoom out to 90%

This will provide more viewing space while still allowing you to read the text.

 

 

Navigate to Update Manager

 

Navigate to the Update Manager interface

  1. Click the Menu icon
  2. Click Update Manager

 

  1. Click on Updates
  2. Filter on the ID
  3. Enter 2018

The results will be filtered for any patches released in 2018.  You can also filter by the version, under releases, category and type.

 

 

Update Manager with Embedded Linked Mode

With the introduction of embedded linked mode in vSphere 6.7, you can now manage Update Manager instances through the same interface.

 

 

  1. Select the drop down arrow
  2. Select vcsa-01b.corp.local

Browse the settings in the other vCenter.

 

 

Upgrades from 6.5 to 6.7

Hosts that are currently on ESXi 6.5 will be upgraded to 6.7 significantly faster than ever before. This is because several optimizations have been made for that upgrade path, including eliminating one of two reboots traditionally required for a host upgrade. In the past, hosts that were upgraded with Update Manager were rebooted a first time in order to initiate the upgrade process, and then rebooted once again after the upgrade was complete. Modern server hardware, equipped with hundreds of gigabytes of RAM, typically take several minutes to initialize and perform self-tests. Doing this hardware initialization twice during an upgrade really adds up, so this new optimization will significantly shorten the maintenance windows required to upgrade clusters of vSphere infrastructure.

These new improvements reduce the overall time required to upgrade clusters, shortening maintenance windows so that valuable efforts can be focused elsewhere.

Recall that, because of DRS and vMotion, applications are never subject to downtime during hypervisor upgrades  VMs are moved seamlessly from host to host, as needed.

 

 

vSphere Quick Boot

What is the Quick Boot functionality? Quick Boot functionality allows restarting only the hypervisor instead of going through a full reboot of the host hardware including POSTing, etc. This functionality is utilized with vSphere Update Manager so that patching and upgrades are completed much more quickly. A note here before getting excited about potential backwards compatibility, this functionality is only available for hosts that are running ESXi 6.7. Even if your hardware is compatible with the new Quick Boot, if you are running a legacy version of ESXi, this won't be available.

Host reboots occur infrequently but are typically necessary after activities such as applying a patch to the hypervisor or installing a third-party component or driver. Modern server hardware that is equipped with large amounts of RAM may take many minutes to perform device initialization and self-tests.

Quick Boot eliminates the time-consuming hardware initialization phase by shutting down ESXi in an orderly manner and then immediately re-starting it. If it takes several minutes, or more, for the physical hardware to initialize devices and perform necessary self-tests, then that is the approximate time savings to expect when using Quick Boot! In large clusters, that are typically remediated one host at a time, it's easy to see how this new technology can substantially shorten time requirements for data center maintenance windows.

Due to the nature of our lab, we can't demonstrate Quick Boot because ESXi running on ESXi!  Click on this video to watch Quick Boot in action!

 

 

Video - vSphere Quick Boot (1:53)

While we can't watch the reboot go any faster in this lab, let's go check where we enable this setting.  

 

  1. From Update Manager, click the Settings tab
  2. Under Remediation Settings click on Hosts
  3. Click on Edit

 

  1. Notice the Enable Quick Boot is checked by default
  2. Review the available host settings
  3. Click on Cancel to exit

 

Getting Started with Update Manager


VMware vSphere Update Manager is a tool that simplifies and centralizes automated patch and version management for VMware vSphere and offers support for VMware ESX hosts, virtual machines, and virtual appliances.  

With Update Manager, you can perform the following tasks:

  1. Upgrade and Patch ESXi hosts.
  2. Upgrade virtual machine hardware, VMware Tools, and Virtual Appliances.

vSphere Update Manager is installed and running by default in the vCenter Server Appliance. Each vCenter Appliance will have a single vSphere Update Manager paired with it.


 

Open Chrome Browser from Windows Quick Launch Task Bar

 

  1. Click on the Chrome Icon on the Windows Quick Launch Task Bar.

 

 

Log into the vSphere Web Client

 

Using the Chrome web browser, navigate to the URL for the Web client.  For this lab, you can use the shortcut in the address bar.

  1. Click the RegionA bookmark folder
  2. Click on bookmark for RegionA vSphere Client (HTML)
  3. Check the Use Windows session authentication box
  4. Click Login

Alternatively, you could use these credentials

  1. User name: corp\Administrator
  2. Password: VMware1!

Please Note: All of the user credentials used in this lab are listed in the README.TXT file on the desktop.

 

 

Gain screen space in Chrome by zooming out

 

The lab desktop is limited to 1280x800 screen resolution. It might be helpful to zoom out the browser for better readability.

  1. Select the Options menu in Chrome.
  2. Click the '-' button to zoom out to 90%

This will provide more viewing space while still allowing you to read the text.

 

 

Navigate to Update Manager

 

Navigate to the Update Manager interface

  1. Click the Menu icon
  2. Click Update Manager

 

 

Select vcsa-01b.corp.local

 

We are going to create a baseline on the vcsa-01b vCenter Server.

  1. Ensure vcsa-01b.corp.local is selected in the host drop down menu.

 

 

Baselines and Baseline Groups

 

Baselines can be upgrade, extension, or patch baselines.  Baselines contain a collection of one or more patches, extensions, or upgrades.  

Baseline groups are assembled from existing baselines, and might contain one upgrade baseline per type of upgrade baseline, and one or more patch and extension baselines.  When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines and baseline groups to determine their level of compliance.

By default, Update Manager contains two predefined dynamic patch baselines.

We are going to create a new baseline, which we will then use to scan a vSphere host so that we can make sure that it has the latest patches.

  1. Select the Baselines tab
  2. Click New
  3. Click Baseline

 

 

Create Baseline

 

 

  1. Enter HOL Host Baseline for the name
  2. Enter Host Baseline for the description
  3. Select the Patch radio button
  4. Click Next to continue.

 

 

Select Patches Automatically

 

This screen gives the baseline the ability to continually update itself based on the criteria you select.  You can use these options to narrow the scope of the patches added to this baseline (selecting embeddedEsx 6.5.0 would limit this baseline to only those patches relevant to ESXi 6.5).

Some areas you can refine the baseline patches to are:

  1. For our example, we will leave the default setting to automatically update the baseline as new patches become available. We will also leave the default Criteria settings of Any for all options.
  2. Click Next

 

 

Select Patches Manually

 

From this screen you have the ability to manually select patches for the baseline to include.  Since we have selected the option to have this baseline automatically updated, this screen will appear without patches to select.  If you disable the automatic option in the previous screen, you would now be presented with a listing of all patches available which you could manually select to include in this baseline.

  1. Click Next

 

 

Summary

 

Review the settings of the patch baseline you created before finishing the wizard

  1. Click Finish to complete the Patch Baseline

 

 

Return to Hosts and Clusters View

 

Next, we are going to attach the baseline we just created to a host. This makes sure that scanning and remediation happens for the host.

  1. Click on the Menu Icon
  2. Select Hosts and Clusters

 

 

Attach the Patch Baseline to a Host

 

 

  1. Expand vcsa-01b.corp.local vCenter Server --> RegionB01 Datacenter --> RegionB01-COMP01 Cluster
  2. Click on the host esx-02b.corp.local
  3. Select the Updates tab.
  4. Click on Attach (Note: You may need to scroll down to see this)
  5. Click Attach Baseline or Baseline Group

 

 

Select the Baseline

 

In the new window that opens,

  1. Select HOL Host Baseline - this is the new Baseline that we just created
  2. Click Attach

 

 

Verify the Baseline is Attached

 

Before we scan the host for compliance against our new baseline, let's verify the new baseline is attached and see what the current status of its compliance is.

  1. Verify HOL Host Baseline is listed in the Attached Baselines
  2. Notice that the current status indicates Unknown, this is a normal status when you attach a new baseline. Update Manager has not yet scanned this host and compared its current state to the baseline state.

In the next step, we will scan the host and see if it is in compliance with the attached baseline.

 

 

Scan the Host

 

We will now scan this host to see if it is compliant with the baseline.

  1. Click the CHECK COMPLIANCE button
  2. You may receive a message in a blue bar at the top of your screen indicating a refresh is needed, click the Refresh link to update the screen. After you click Refresh, you can safely close the message window with the "X"
  3. Notice the new status of this host.  It is now "Compliant". This indicates that the host meets the patch criteria selected in this baseline. 

Had this host been missing any patches identified in the baseline criteria, the status would have shown "Not Compliant" indicating the host is missing a patch identified in the baseline, you could then remediate this host using the Remediate option on this screen.

 

 

Video: Upgrading VMware Tools Using vSphere Update Manager (5:14)

vSphere Update Manager can also be used to update the VMware tools on a virtual machine.  The following video outlines the process.

 

Embedded Linked Mode


vCenter Embedded Linked Mode is enhanced linked mode support for vCenter Server Appliance with an embedded Platform Services Controller.  This lab is configured using vSphere 6.7 Embedded Linked Mode.

With vCenter Embedded Linked Mode, you can connect multiple vCenter Server Appliances with embedded Platform Services Controllers together to form a domain. vCenter Embedded Linked Mode is not supported for Windows vCenter Server installations. vCenter Embedded Linked Mode is supported starting with vSphere 6.5 Update 2 and suitable for most deployments.

Other features of vCenter Embedded Linked Mode include:


 

Video - Embedded Linked Mode (4:03)

 

Lightning Lab Conclusion



 

You have taken the Lightning Lab!

Thank you for taking the vSphere 6.7 Lightning Lab: Simple & Efficient Management at Scale

Interested in learning what else you can do with vSphere 6.7? Explore the full lab: vSphere - Getting Started

Lab SKU: HOL-2011-01-SDC

Below are the lab modules included in the complete vSphere - Getting Started lab:


 

 

How to End Lab

 

To end your lab, click on the END button.  


 

Appendix - Lab Guidance



 

Location of the Main Console

 

  1. The area in the RED box contains the Main Console. The Lab Manual is on the tab to the Right of the Main Console.
  2. A particular lab may have additional consoles found on separate tabs in the upper left. You will be directed to open another specific console if needed.
  3. Your lab starts with 90 minutes on the timer. The lab cannot be saved. All your work must be done during the lab session.  But you can click the EXTEND to increase your time. If you are at a VMware event, you can extend your lab time twice, for up to 30 minutes. Each click gives you an additional 15 minutes. Outside of VMware events, you can extend your lab time up to 9 hours and 30 minutes. Each click gives you an additional hour.

 

 

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing it in, there are two very helpful methods of entering data which make it easier to enter complex data.

 

 

Click and Drag Lab Manual Content Into Console Active Window

You can also click and drag text and Command Line Interface (CLI) commands directly from the Lab Manual into the active window in the Main Console.  

 

 

Accessing the Online International Keyboard

 

You can also use the Online International Keyboard found in the Main Console.

  1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

 

 

Click once in active console window

 

In this example, you will use the Online Keyboard to enter the "@" sign used in email addresses. The "@" sign is Shift-2 on US keyboard layouts.

  1. Click once in the active console window.
  2. Click on the Shift key.

 

 

Click on the @ key

 

  1. Click on the "@ key".

Notice the @ sign entered in the active console window.

 

 

Look at the lower right portion of the screen

 

Please check to see that your lab is finished all the startup routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes.  If after 5 minutes your lab has not changed to "Ready", please ask for assistance.

 

Appendix - Enhanced vCenter Server Appliance


In vSphere 6.7 Update 2, many of the new features and enhancements were developed around the vCenter Server Appliance.  This is the last release that will offer a Windows installation of vCenter.  The appliance has a new, simplified user interface, enhanced monitoring of services, file-based backup and other great features.


 

Installation

One significant change for the vCenter Server Appliance is around simplifying the architecture. vSphere 6.7 Update 2 allows you to deploy the vCenter Server Appliance with Embedded PSC with Enhanced Link Mode.  Now all vCenter Server services are running on a single instance.  Let's take a look at the benefits this deployment model brings:

 

 

Migration Tool

vSphere 6.7 is the last release to include vCenter Server for Windows. Customers can migrate to the vCenter Server Appliance with the built-in Migration Tool. In vSphere 6.7 Update 2, we can select how to import the historical and performance data during a migration:

Customers will also get an estimated time of how long each option will take when migrating. Estimated time will vary based on historical and performance data size in your environment. While importing data in the background, customers have the option to pause and resume. This new ability is available in the vSphere Appliance Management Interface (VAMI). Another improvement to the migration process is support of custom ports. Customers who changed the default Windows vCenter Server ports are no longer blocked.  

 

 

Video - vCenter Server Appliance Migration (5:10)

We will now log into the vCSA and take a look at some of the enhancements

 

 

 

Open Chrome Browser from Windows Quick Launch Task Bar

 

  1. Click on the Chrome Icon on the Windows Quick Launch Task Bar.

 

 

Gain screen space in Chrome by zooming out

 

  1. Select the Options menu in Chrome.
  2. Click the '-' button to zoom out to 90%

This will provide more viewing space while still allowing you to read the text.

 

 

Log in to Appliance Management UI

For this lab, we will log in with the root account.

However, vSphere 6.7 Update 2 now allows local vSphere SSO users to log into the VAMI.  The local vSphere SSO users must be a member of the SystemConfiguration.Administrators group.  In addition, members of the SystemConfiguration.BashShellAdministrators group can use their local vSphere SSO account to log into the VCSA bash shell.  From a security perspective, using a local SSO user account to manage the VAMI makes it easier to audit the user who logged in and track actions performed by that user.

 

 

  1. Click the HOL Admin bookmark
  2. Click the vcsa-01a Mgmt shortcut in the drop-down
  3. Type root for the username
  4. Type VMware1! for the password
  5. Click Login

A lot of investment went into improving monitoring for the vCenter Server Appliance. We saw these improvements starting in vSphere 6.5, and vSphere 6.7 Update 2 has added several new enhancements. When accessing the vSphere Appliance Management Interface (VAMI) on port 5480, the first thing we notice is the VAMI has been updated to the Clarity UI. We also notice there are several new tabs on the left-hand side compared to vSphere 6.5.

 

 

Monitoring and Management

There is now a tab dedicated to monitoring where we can see CPU, memory, disk, network, and database utilization.

 

  1. From the menu on the left, click Monitor
  2. The default view should be the CPU & Memory tab.  If not, click this tab.  Explore the graphs shown for these components.

 

A new section of the monitoring tab called Disks is now available. Customers can now see each of the disk partitions for the vCenter Server appliance along with the remaining space available and utilization.

  1. Click the Disks tab.  Review the partitions and utilization of the disks for the vCenter Server appliance
  2. Click the Network tab to see transfer rates for network packets
  3. Click the Database tab to see space utilization

 

 

Firewall

In vSphere 6.7 Update 2, firewall rules can be managed for the vCenter Server Appliance directly from the VAMI.  In the past, this functionality was only available using the VAMI APIs.

 

We will create a new firewall rule for the vCenter Server appliance.

  1. From the menu on the left, click Firewall
  2. Click Add

 

 

Create New Firewall Rule

 

  1. Enter 10.10.10.10 in the IP Address field
  2. Enter 24 in the Subnet Prefix Length field
  3. Select Accept from the Action drop-down menu
  4. Click Save

The firewall rule is now displayed.  We will now delete this rule.

 

 

Delete Firewall Rule

 

 

  1. In the Firewall section, click the radio button next to the firewall rule that will be deleted
  2. Click Delete

 

 

  1. Click Delete to confirm that you want to remove the firewall rule

 

 

Services

The Services tab is now located in the VAMI and provides out-of-band troubleshooting. All of the services that make up the vCenter Server Appliance, their startup type, health, and state are visible here. We are also given the option to start, stop, and restart services if needed.

While the Syslog and Update tabs are not new to the VAMI, there are improvements in these areas. Syslog now supports up to three syslog forwarding targets. There is now more flexibility in patching and updating. From the Update tab, we will now have the option to select which patch or update to apply. Customers will also have more information including type, severity, and if a reboot is necessary. Expanding a patch or update in the view will display more information about what is included. Finally, we can now stage and install a patch or update from the VAMI. This capability was previously only available from the CLI.

 

 

 

File-Based Backup and Restore

In vSphere 6.7 Update 2, the vCenter Server Appliance (vCSA) has an out-of-the-box file-based backup and restore solution. You can back up  all of vCenter Server’s core configuration, inventory, and historical data to a single folder. The newest supported protocols for built-in file-based Backup and Restore include Network File System (NFS)Samba (SMB). The addition of NFS and SMB now brings the protocol choices up to 7 total (HTTP, HTTPS, FTP, FTPS, SCP, NFS, and SMB) when configuring a vCenter Server for file-based Backup or Restore. Currently supported versions of these new protocols are NFSv3 and SMB2.  When it is time to restore to a previous backup, you can deploy a new appliance, point to the folder location of the vCenter Server backup files, and restore all of the vCenter server's configuration and inventory data (with optional historical data) from the backup.  Improvements to the Backup functionality in vCenter 6.7 Update 2 include a scheduling option!

 

 

Create Backup

 

 

  1. From the menu on the left, select Backup
  2. Click Backup Now.

 

 

Backup Wizard

 

 

  1. For Backup location, enter ftp://192.168.110.60
  2. Enter root in the User name field
  3. Enter VMware1! in the Password field
  4. Ensure Stats, Events and Tasks is selected
  5. Enter HOL Test Backup in the Description field
  6. Click Start

 

 

Backup Status

 

This step provides a backup status summary which gives you a confirmation of your backup protocol, location, credentials, encryption, and optional data.  

NOTE: Due to the lack of storage in the lab, the transfer will error out.

 

 

Configuring a Schedule in the Backup Wizard

 

New to vCenter 6.7 is the ability to create a recurring backup schedule.  We will walk through setting up a schedule to finish off this part of the lab.

  1. Click Configure in the Backup Schedule section.

 

 

  1. For Backup location, enter ftp://192.168.110.60
  2. Enter root in the User name field
  3. Enter VMware1! in the Password field
  4. In the Schedule field, leave the default value
  5. In the Number of backups to retain field, leave the default value that is selected
  6. Ensure Stats, Events and Tasks is selected
  7. Click Create

 

 

Confirm the Schedule Creation

 

  1. Click on the small chevron beside the Status to expand the Schedule selection.  
  2. Confirm that the schedule has been created.  You can use the Edit, Disable, or Delete buttons to manage the scheduled backup job.

Click on the video to watch a video on scheduling a backup.

 

 

Video - File-Based Backup and Restore (4:29)

 

 

Cross-SSO Domain Repoint

The vCenter Server Appliance 6.7 Update 2 CLI also has some new enhancements.  Here we will discuss the repointing enhancements using cmsso-util. While not a new feature, it was not available in vSphere 6.5 and makes a return in vSphere 6.7.

Customers can now repoint their vCenter Server Appliance across vSphere SSO domains. Can you say consolidation? The domain repoint feature supports both embedded and external deployments running vSphere 6.7 Update 2. The domain repoint feature has a pre-check option and it is highly recommended to use this. The pre-check compares the two vSphere SSO domains and lists any discrepancies in a JSON file. This provides the opportunity to resolve any discrepancies before running the domain repoint tool. The repoint tool can migrate licenses, tags, categories, and permissions from one vSphere SSO Domain to another.

 

 

 

vCSA/PSC Batch Deployment

Another CLI enhancement includes using the CLI installer to manage the vCenter Server Appliance lifecycle. The vCenter Server Appliance ISO file comes with JSON template examples. These JSON templates are a way to ensure consistency across installs, upgrades, and migrations. Usually, we would have to run the JSON template from the CLI installer one at a time in the correct order. This manual per-node deployment is now a thing of the past with batch operations. With batch operations, several JSON templates can be run in sequence from a single directory without intervention. Before running, use the pre-checks option on the directory to verify the templates including sequence.

 

 

Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-2011-91-SDC

Version: 20200624-163227