VMware Certified Professional on vSphere 4 BlueprintLast Updated: 02/06/10 > jbe.vcp@gmail.com

ContentsSection 1 Plan, Install and Upgrade VMware ESX/ESXi ........................................................................................................ 3 Objective 1.1 -- Install VMware ESX/ESXi on local storage ................................................................................................. 3 Objective 1.2 Upgrade VMware ESX/ESXi ........................................................................................................................ 6 Objective 1.3 Secure VMware ESX/ESXi ........................................................................................................................... 8 Objective 1.4 Install VMware ESX/ESXi on SAN Storage ................................................................................................ 10 Objective 1.5 Identify vSphere Architecture and Solutions ........................................................................................... 13 Section 2 Configure ESX/ESXi Networking ......................................................................................................................... 15 Objective 2.1 Configure Virtual Switches ....................................................................................................................... 15 Objective 2.2 Configure vNetwork Distributed Switches ............................................................................................... 18 Objective 2.3 Configure VMware ESX/ESXi Management Network .............................................................................. 19 Section 3 Configure ESX/ESXi Storage ................................................................................................................................ 20 Objective 3.1 Configure FC SAN Storage ........................................................................................................................ 20 Objective 3.2 Configure iSCSI SAN Storage .................................................................................................................... 22 Objective 3.3 Configure NFS Datastores ........................................................................................................................ 25 Objective 3.4 Configure and Manage VMFS Datastores ................................................................................................ 26 Objective 3.BONUS Understanding Storage Device Naming ......................................................................................... 27 Section 4 Install and Configure vCenter Server ................................................................................................................. 28 Objective 4.1 Install vCenter Server ............................................................................................................................... 28 Objective 4.2 Manage vSphere Client plug-ins .............................................................................................................. 31 Objective 4.3 Configure vCenter Server ......................................................................................................................... 32 Objective 4.4 Configure Access Control ......................................................................................................................... 34 Section 5 Deploy and Manage Virtual Machines and vApps ............................................................................................. 36 Objective 5.1 Create and Deploy Virtual Machines ....................................................................................................... 36 Objective 5.2 Manage Virtual Machines ........................................................................................................................ 40 Objective 5.3 Deploy vApps ........................................................................................................................................... 42 Section 6 Manage Compliance ........................................................................................................................................... 44 Objective 6.1 Install, Configure and Manage VMware vCenter Update Manager ........................................................ 44 Objective 6.2 Establish and Apply ESX Host Profiles ...................................................................................................... 47 Section 7 Establish Service Levels ...................................................................................................................................... 49 Page 1 of 85

Objective 7.1 Create and Configure VMware Clusters .................................................................................................. 49 Objective 7.2 Enable a Fault Tolerant Virtual Machine ................................................................................................. 54 Objective 7.3 Create and Configure Resource Pools ..................................................................................................... 57 Objective 7.4 Migrate Virtual Machines ........................................................................................................................ 60 Objective 7.5 Backup and Restore Virtual Machines ..................................................................................................... 63 Section 8 Perform Basic Troubleshooting and Alarm Management.................................................................................. 65 Objective 8.1 Perform Basic Troubleshooting for ESX/ESXi Hosts ................................................................................. 65 Objective 8.2 Perform Basic Troubleshooting for VMware FT and Third-Party Clusters............................................... 67 Objective 8.3 Perform Basic Troubleshooting for Networking ...................................................................................... 69 Objective 8.4 Perform Basic Troubleshooting for Storage ............................................................................................ 70 Objective 8.5 Perform Basic Troubleshooting for HA/DRS and VMotion ...................................................................... 71 Objective 8.6 Create and Respond to vCenter Connectivity Alarms ............................................................................. 74 Objective 8.7 Create and Respond to vCenter Utilization Alarms ................................................................................. 76 Objective 8.8 Monitor vSphere ESX/ESXi and Virtual Machine Performance ............................................................... 78 Appendix A Configuration Maximums ............................................................................................................................... 82 Appendix B CLI.................................................................................................................................................................... 84 Appendix C Sources ............................................................................................................................................................ 85

Page 2 of 85

Section 1 Plan, Install and Upgrade VMware ESX/ESXiObjective 1.1 -- Install VMware ESX/ESXi on local storageIdentify minimum hardware requirements o 64-Bit Server (AMD Opteron, Intel Xeon, or Intel Nehalem) o o o o Up to 64 logical CPUs (cores or hyperthreads)

2GB RAM; 1TB Max

1+ Network Controller (Broadcom NetXtreme 570x & Intel Pro 1000); 10Gb supported 1+ SCSI adapter , Fibre Channel adapter, iSCSI adapter, or Internal RAID controller 1+ SCSI disk, Fibre Channel LUN, iSCSI disk, or RAID LUN with unpartitioned space ATA & IDE (ESX only; cannot store VMs), SAS, SATA, SCSI, SANs ESXi: 5GB disk

Download, prepare and validate installation media 1. Log on using your VMware store account 2. Download the ISO image for ESX from the VMware download page at: http://www.vmware.com/download 3. Burn the ISO image onto DVD media Determine appropriate ESX/ESXi configuration in a given situation o Obtain required information for environment System compatibility I/O compatibility (Network and HBA cards) Storage compatibility Backup software compatibility Verify hardware against the VMware Hardware Compatibility Guide Web site: http://www.vmware.com/resources/compatibility/search.php PDF: http://www.vmware.com/resources/compatibility/pdf/vi_systems_guide.pdf

o

Page 3 of 85

Perform a custom installation o Customize storage layout for given situations http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_vc_installation_guide.pdf#pag e=61 Choose Advanced Setup /boot / (none) /var/log (none) Ext3 Ext3 Swap Ext3 Vmkcore 1250MB (1.25GB) 5000MB (5GB) 600MB 2000MB (2GB) 100MB [Boot Partition] [Root Partition] [Swap Partition for Service Console] [Log File Partition] [Vmkcore Partition for dump files]

/boot and vmkcore are physical partitions. /, swap, /var/log, and all the optional partitions are stored on a virtual disk called esxconsole-/esxconsole.vmdk. The virtual disk is stored in a VMFS volume. Note: The service console must be installed on a VMFS datastore that is resident on a host's local disk or on a SAN disk that is masked and zoned to that particular host only. The name of the service console file: esxconsole.vmdk Size: 1200MB

Configure ESXi from the direct console o Boot from DVD or Log into the console and Press F2

Configure ESX/ESXi NTP o Enter the IP address or host name of an NTP server; Open NTP on the firewall (esxcfg-firewall -e ntpClient); Enable/Restart the NTP Service

1. Select ESX Host Configuration tab Time Configuration Properties 2. Check NTP Client Enabled 3. Click Options NTP Settings 4. Add NTP Server 5. Check Restart NTP service to apply changes 6. Click OK

Page 4 of 85

Manage ESX/ESXi licensing o Compare/Contrast VMware vSphere editions ESXi: No Service Console (only vCLI access) Capable of being USB Flash embedded (32MB footprint) Jumbo Frames is only supported within the guest OS (no iSCSI Jumbo Frames) No vSphere Web Access o Manage license keys http://www.vmware.com/files/pdf/licensing_howto_guide.pdf License reporting and management are centralized. If you upgrade all your hosts, you no longer need a license server or host-based license files. All product licenses are encapsulated in 25character license keys that you can manage and monitor from vCenter Server. Each host requires a license, and each vCenter Server instance requires a license. You cannot assign multiple license keys to a host or to a vCenter Server system. You can license multiple hosts with one license key if the key has enough capacity for more than one host. Likewise, you can license multiple vCenter Server instances with one license key if the key has a capacity greater than one.

Page 5 of 85

Objective 1.2 Upgrade VMware ESX/ESXiPlan a VMware vSphere upgrade o Backup/Restore ESX/ESXi host configuration vCenters Host Profiles ESX: File-based & Image-based Service Console backup/restore methods ESXi: vicfg-cfgbackup --server --portnumber --protocol --username < username> --password -s Recovery CD / Repair option on the CD Note: Before you upgrade an ESX host, back up: /etc/passwd, /etc/groups, /etc/shadow, and /etc/gshadow directories custom scripts, .vmx files, and local images such as templates, exported virtual machines, and .iso files o Understand Virtual Machine backup options Consolidated Backup Supports File-level and Image-level Full & Incremental supported Data Recovery (Linux virtual appliance w/ vSphere Client plug-in) Supports up to 100 virtual machines and 100 backup jobs Each selected VM is backed up once every 24-hours First backup is Full & subsequent backups are Incremental Each job can have a maximum of 2 destinations Maximum simultaneous backup and restores tasks: 8 o Use back-up agents in your Virtual Machines

Determine if existing hardware meets upgrade requirements http://www.vmware.com/files/pdf/vsphere-migration-prerequisites-checklist.pdf Verify hardware against the VMware Hardware Compatibility List (HCL)

Page 6 of 85

Understand VMware ESX/ESXi upgrade scenarios o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_upgrade_guide.pdf Host Update Utility o Graphical utility for standalone hosts. This utility is intended for small deployments with fewer than 10 ESX/ESXi hosts and without vCenter Server or vCenter Update Manager. Note: Can only be used to upgrade ESX and perform automated host compatibility checks.

Update Manager Robust software for upgrading, updating, and patching clustered hosts, virtual machines, and guest operating systems.

Perform upgrade to ESX 4.0 o Upgrade VMware ESX/ESXi o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_upgrade_guide.pdf esxupdate: http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esxupdate.pdf

Upgrade virtual machine hardware & VMware Tools http://download3.vmware.com/vsphere/vsphere-migration-part3.html Upgrade VMware Tools BEFORE upgrading virtual machine hardware; (if not, the VM might lose its network settings) You can use the Update Manager (Upgrade Baseline) or a Manual Upgrade process by rightclicking the VM from with the vSphere client

o

Verify success of upgrade Summary tab of the VM; Test the system to ensure that the update was completed successfully

o

Understand upgrade roll back options http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_upgrade_guide.pdf#page=85 ESX: 1. Run the rollback-to-esx3 command in the ESX 4.0 service console 2. Reboot the server 3. Delete the ESX 4.0 service console VMDK folder from the VMFS datastore. The service console VMDK folder name has the following format: esxconsole-. ESXi: 1. Reboot the host 2. When the page that displays the current boot build appears, press Shift+r to select the standby build 3. Press Shift+y to confirm the selection and press Enter. The previous update rolls back. The standby build becomes the boot build.

Page 7 of 85

Objective 1.3 Secure VMware ESX/ESXiIdentify default security principles o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=163 ESX uses the Pluggable Authentication Modules (PAM) structure for authentication when users access the ESX host using the vSphere Client. The default installation of ESX uses /etc/passwd authentication as Linux does, but you can configure ESX to use another distributed authentication mechanism. By default, passwords are set to never expire. The default minimum number of days between password changes is 0. The default number of days in advance of password expiration that a reminder is sent is 7. The minimum password length is set to nine. This means that the user must enter at least eight characters if they use only one character class (lowercase, uppercase, digit, or other). The password length algorithm allows shorter passwords if the user enters a mix of character classes.

Understand Service Console firewall operation o By default, all incoming connections to the service console port of an ESX server are blocked. A firewall on the ESX Server checks all incoming traffic and allows only traffic explicitly allowed in the firewall configuration. The firewall can be configured in two ways, from the command line and from the vCenter GUI. http://www.vmadmin.co.uk/index.php/resources/35-esxserver/51-esxfirewallcmd Service Console Security Level o High (default): Incoming ports blocked by default; Outgoing ports blocked by default Medium: Incoming ports blocked by default; Outgoing ports not blocked by default Low: Incoming ports not blocked by default; Outgoing ports not blocked by default

o o

Opening/Closing ports in the firewall using the vSphere Client Select ESX Host Configuration tab Security Profile Properties ESX Console (not in Blueprint guide): Service Enable | Disable: esxcfg-firewall -e | esxcfg-firewall -d Port Open | Close: esxcfg-firewall -o ,, | esxcfgfirewall -c , ,

Set up user/group accounts o o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=168 vSphere Client: Connect to the Host Select the Host Users & Groups tab vCenter: Connect to the vCenter Home Administration Roles

Page 8 of 85

Determine applications needed for accessing the service console in a given scenario o To access the service console there are roughly two options: (1) From the local terminal (monitor, keyboard); (2) Remote using a SSH (Secure Shell) Client. Linux and Mac have a SSH client by default. For Windows, Putty is a favored client for accessing SSH Servers. Before you can access a VMware ESX server with a remote client you need to explicitly allow access. Also, an account needs to be created. Remote root access is disabled by default, but can be enabled. This however is not a best practice!!! The most secure way is to log in as a regular user and use sudo to execute privileged commands.

Page 9 of 85

Objective 1.4 Install VMware ESX/ESXi on SAN StorageConfigure LUN Masking o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_san_cfg.pdf#page=83 o LUN Masking is used to hide certain LUNs for the ESX hypervisor. All LUNs presented to the OS are under normal circumstances visible (assuming the LUNs are presented on the storage array). When installing ESX on a LUN you want to be sure you only see the partition you want to install ESX on, otherwise you risk overwriting valuable VMFS partition with VMs. Hiding LUNs during installation is typically done on your storage array. esxcli corestorage claimrule add -r -t -P

o

Prepare SANo o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_san_cfg.pdf#page=33 Fibre Channel SAN: 1. Connect the FC and Ethernet cables, referring to any cabling guide that applies to your setup. 2. Configure the storage array: a) From the SAN storage array, make the ESX host visible to the SAN. o If you are using VMotion, DRS, or HA, make sure that both source and target hosts for virtual machines can see the same LUNs with identical LUN IDs.

b) From the SAN storage array, set up the ESX host to have the WWPNs of the hosts FC adapters as port names or node names. c) Create LUNs. d) Assign LUNs. e) Record the IP addresses of the FC switches and storage arrays. f) Record the WWPN for each SP and host adapter involved. 3. Configure the HBA BIOS for boot from SAN. 4. Boot your ESX system from the ESX installation CD. CAUTION! If you use scripted installation to install ESX in boot from SAN mode, you need to take special steps to avoid unintended data loss. o iSCSI SAN: 1. Connect network cables, referring to any cabling guide that applies to your setup. 2. Configure the storage system so that the ESX system has access to the assigned LUN. This could involve updating ACLs with the IP addresses, iSCSI names, and the CHAP authentication parameter you use on the ESX system. On some storage systems, in addition to providing access information for the ESX host, you must also explicitly associate the assigned LUN with the host. 3. Ensure that the LUN is presented to the ESX system as LUN 0. The host can also boot from LUN 255. On storage systems that present volumes as multiple targets rather than multiple LUNs, the volumes are always presented as LUN 0. 4. Ensure that no other system has access to the configured LUN. 5. Record the iSCSI name and IP addresses of the targets assigned to the ESX host. Page 10 of 85

6. You must have this information to configure your iSCSI HBA. Configure FC or iSCSI HBA BIOS o iSCSI HBA Bios 1. During server POST, press Crtl+Q to enter the QLogic iSCSI HBA configuration menu. 2. Select the I/O port to configure. 3. Configure the HBA: a) From the Fast!UTIL Options menu, select Configuration Settings Host Adapter Settings. b) Configure the following settings for your host adapter: initiator IP address, subnet mask, gateway, initiator iSCSI name, and CHAP (if required). 4. Configure iSCSI Boot Settings: a) From the Fast!UTIL Options menu, select Configuration Settings iSCSI Boot Settings. b) Before you can set SendTargets, set Adapter Boot mode to Manual. c) Select Primary Boot Device Settings. o o Enter the discovery Target IP and Target Port. You can leave the Boot LUN and iSCSI Name fields blank if only one iSCSI target and one LUN are at the specified address to boot from. Otherwise, you must specify these fields to ensure that you do not boot from a volume for some other system. After the target storage system is reached, these fields will be populated after a rescan. Save changes

o

d) From the iSCSI Boot Settings menu, select the primary boot device. An auto rescan of the HBA is made to find new target LUNS. e) Select the iSCSI target. o f) NOTE: If more than one LUN exists within the target, you can choose a specific LUN ID by pressing Enter after you locate the iSCSI device.

Return to the Primary Boot Device Setting menu. After the rescan, the Boot LUN and iSCSI Name fields are populated, change the value of Boot LUN to the desired LUN ID.

5. Save your changes and restart the system.

Page 11 of 85

o

Enable BIOS 1. Enter the BIOS Fast!UTIL configuration utility: a) Boot the server b) While booting the server, press Ctrl+Q 2. Perform the appropriate action depending on the number of HBAs. 3. In the Fast!UTIL Options page, select Configuration Settings and press Enter. 4. In the Configuration Settings page, select Host Adapter Settings and press Enter. 5. Set the BIOS to search for SCSI devices: a) Set the BIOS to search for SCSI devices. b) Press Enter to toggle the value to Enabled. c) Press Esc to exit.

o

Select the Boot LUN 1. Use the cursor keys to select the first entry in the list of storage processors. 2. Press Enter to open the Select Fibre Channel Device page. 3. Use the cursor keys to select the chosen SP and press Enter. a) If the SP has only one LUN attached, it is selected as the boot LUN, and you can skip to Step 4. b) If the SP has more than one LUN attached, the Select LUN page opens. Use the arrow keys to position to the selected LUN and press Enter. 4. Press Esc twice to exit. 5. Press Enter to save the setting.

Install VMware ESX/ESXi o http://www.howcast.com/videos/187864-VMware-VSphere-ESXi-40-Install-and-Configure-Video

Determine boot LUN size in a given situation o VMware recommends a partition of minimal 8GB in size for the optional partitions. Best practice is to set the /var/log to a separate partition.

Page 12 of 85

Objective 1.5 Identify vSphere Architecture and SolutionsDifferentiate VMware platform products and editions o Datacenter Products VMware vSphere 4 VMware ESXi VMware Server Management Products VMware vCenter Server VMware vCenter Server Heartbeat VMware vCenter Orchestrator VMware vCenter Site Recovery Manager VMware vCenter Lab Manager VMware vCenter Lifecycle Manager VMware vCenter Converter VMware vCenter Chargeback VMware vCenter ConfigControl VMware CapacityIQ VMware vCenter AppSpeed Desktop products VMware View 4 VMware ThinApp VMware ACE VMware Workstation VMware Fusion (Mac) VMware Player

o

o

Understand the various datacenter solutions (View, SRM, Lab Manager, etc.) o Site Recovery Manager VMware Site Recovery Manager is a pioneering disaster recovery management and automation solution for VMware vSphere 4. Site Recovery Manager accelerates recovery by automating the recovery process and simplifies management of disaster recovery plans by making disaster recovery an integrated element of managing your VMware virtual infrastructure. Site Recovery Manager also ensures reliable recovery by eliminating complex manual recovery steps and enabling non-disruptive testing of recovery plans. VMware Server Heartbeat VMware vCenter Server Heartbeat delivers high availability and disaster recovery for VMware vCenter Server and all of its components including the database and licensing serverwith failover across the LAN or WAN. The software supports physical-to-virtual (P2V), physical-to-physical (P2P) and virtual-tovirtual (V2V) failover, ensuring consistent operation of VMware vSphere when VMware vCenter Server is threatened by unplanned or planned downtime.

o

Page 13 of 85

o

VMware Lab Manager vCenter Lab Manager allows IT to provide non-IT users with on-demand access to shared virtual resources. Application owners, development and testing teams, support and training organizations can create, deploy and reconfigure multi-tier system configurations in seconds. Self-service management with policy-based access control reduces administrative burden and infrastructure management costs, and empowers businesses to deliver new or updated applications rapidly and with greater agility. VMware vCenter Lab Manager streamlines application development and testing by giving every engineer the equivalent of his or her own personal datacenter. Life Cycle Manager VMware vCenter Lifecycle Manager provides a service catalog of virtual machine configurations to automate provisioning tasks and standardize the way virtual machines are requested, deployed and decommissioned. Lifecycle Manager helps IT administrators deploy virtual infrastructure more broadly, gain more control and visibility, and optimize resource utilization for greater ROI. VMware Converter VMware Converter reduces the amount of time spent on migrating to a virtual infrastructure by enabling fast, reliable and non-disruptive conversions from physical to virtual machines, and from older virtual machines to newer formats. VMware View VMware allows you to use your virtual infrastructure to host desktops. Users can access their virtual desktops from a wide variety of devices thick, thin or mobilewithout any performance degradation.

o

o

o

Explain ESX/ESXi architecture o o http://download3.vmware.com/demos/esxi/VMware_ESXi.html VMware ESX(i) is based upon the virtualization concept of separating the operating system (OS) and the underlying hardware by placing a hypervisor (bare-metal) in between. This hypervisor allows the installation of multiple OSs on the same hardware platform. Resources are managed by the hypervisor and divided over the guest operating systems.

Compare and contrast Bare Metal vs. Hosted architecture o o Host based virtualization installs and runs the virtualization layer as an application on top of an operating system and supports the broadest range of hardware configurations. Bare-Metal (hypervisor) architecture installs the virtualization layer directly on a clean x86 based system. Because it has direct access to the hardware resources, rather than going through an operating system, a hypervisor is more efficient and delivers greater scalability, robustness, and performance.

Page 14 of 85

Section 2 Configure ESX/ESXi NetworkingObjective 2.1 Configure Virtual SwitchesUnderstand Virtual Switch and ESX/ESXi NIC and port maximums o A Virtual Switch (vSwitch) is a switch that lives on a single ESX host. This Virtual switch is connected to the physical network as well as to other Virtual Switches via physical Ethernet connections. A vSwitch allows for many servers (via port groups) and uplinks to be connected. Port groups are the virtual extension of VLANs. Within a vSwitch you can create a port group with a VLAN ID allowing only the traffic between that port group and the physical VLAN. Note: vSwitches can only perform traffic shaping on outbound traffic. Maximums http://www.vmware.com/pdf/vsphere4/r40/vsp_40_config_max.pdf#page=6 Virtual network switch ports per host (vDS and vSS ports): 4096 Port groups per standard switch: 512 Virtual network switch ports per standard switch: 4088 Standard switches per host: 248

o

Determine the vSwitch NIC teaming policy in a given situation o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=40 Load Balancing: In a load balanced configuration, multiple NICs are used to handle the traffic from a vSwitch. Based upon a distribution logic (like port based, MAC based or IP based (the last one requires a port channel on a physical switch, the others do not require switch configuration)) all traffic is distributed across the uploads resulting in more usable bandwidth. When a NIC or uplink fails in a load balanced setup, the remaining NIC handles all the traffic (after some detection and MAC address learning downtime). Failover: Used with multiple NICs where only one NIC is active at a given time. When a network error occurs on the active NIC the secondary NIC can take over. This is used when there is no need for large bandwidth or the underlying network is not redundant or capable to support redundant uplinks.

o

Determine the appropriate vSwitch security policies in a given situation o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=47 The virtual switch has the ability to enforce security policies to prevent virtual machines from impersonating other nodes on the network. There are three components to this feature: Promiscuous mode: If set to Accept, the guest adapters will detect all frames passed on the vSwitch that are allowed under the VLAN policy for the port group that the adapters are connected to (network sniffing). Default Value: Reject MAC address Changes: If set to Reject and the guest OS changes the MAC address of the adapter to anything other than what is in the .vmx configuration file, all inbound frames are dropped. Default Value: Accept Forged transmit blocking: If set to Reject, any outbound frame with a source MAC address that is different from the one set on the adapter are dropped. Default Value: Accept Page 15 of 85

Create/Delete Virtual Switches o 1. 2. 3. 4. 5. 6. http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=18 Select ESX host Select the Configuration tab Click Networking Add Networking Select Virtual Machine Select the appropriate NICs Enter a Name and optional VLAN ID

Create Ports/Port Groups 1. 2. 3. 4. 5. 6. 7. Select ESX host Select the Configuration tab Click Networking Click Properties next to an existing vSwitch Click Add Select Virtual Machine Enter a Name and optional VLAN ID

Assign Physical Adapters 1. 2. 3. 4. 5. 6. Select ESX host Select the Configuration tab Click Networking Click Properties next to an existing vSwitch Select the Network Adapters tab Click Add Follow the wizard to add an available NIC (one that is not in use by another vSwitch)

Modify vSwitch NIC Teaming and failover policies 1. 2. 3. 4. 5. 6. 7. Select ESX host Select the Configuration tab Click Networking Click Properties next to an existing vSwitch Select the vSwitch Click Edit Select the NIC Teaming tab Adjust the load balancing and / or failover settings

Page 16 of 85

Modify vSwitch security policy and VLAN settings 1. 2. 3. 4. 5. 6. Select the Configuration tab Click Networking Click Properties next to an existing vSwitch Select the vSwitch Click Edit Select the Security tab Adjust the security settings

Configure VMotion o To configure VMotion, you need to add a VMkernel Port to one of your vSwitches. To add a VMkernel Port, you can use the Create Port Groups section described earlier. Once the port group is added, you enable VMotion: Select ESX host Select the Configuration tab Click Networking Click Properties next to an existing vSwitch Select the VMotion port group click Edit Make sure the VMotion checkbox is checked

1. 2. 3. 4. 5. 6.

Page 17 of 85

Objective 2.2 Configure vNetwork Distributed SwitchesUnderstand ESX Host and port maximums for dvSwitches (Enterprise Plus license only) o A vNetwork Distributed Switch (dvSwitch) is a virtual switch that spans multiple ESX hosts. Unlike the previously covered vSwitch (ESX local host switch), a dvSwitch has one configuration for all ESX hosts and allows for new features like network statistics that VMotion along with the host. dvSwitches are created and managed by the vCenter server. Maximums http://www.vmware.com/pdf/vsphere4/r40/vsp_40_config_max.pdf#page=6 Virtual network switch ports per host (vDS and vSS ports): 4096 Distributed port groups per vCenter: 512 Distributed virtual network switch ports per vCenter: 6000 Distributed switches per vCenter: 16 Hosts per distributed switch: 64 Create/Modify a vNetwork Distributed Switch o 1. 2. 3. 4. 5. http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=28 Home Inventory Networking Right click the Datacenter and choose New vNetwork Distributed Switch Enter a Name and select the number of dvUplink ports per host Add Hosts and associate the appropriate network adapters Add port group

Create/Modify Uplink Group settings o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=33

Create/Modify dvPort Group settings o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=30

Add an ESX/ESXi Host to a vNetwork Distributed Switch o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=28

Add/Delete a VMkernel dvPort o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=34

Migrate Virtual Machines to a vNetwork Distributed Switch o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=38 From the Inventory menu, select Distributed Virtual Switch Migrate Virtual Machine Networking

Page 18 of 85

Objective 2.3 Configure VMware ESX/ESXi Management NetworkModify Service Console IP Settings o esxcfg-vswif vswif0 -i -n

Configure Service Console availability o o You can assign multiple NICs to the vSwitch where the Service Console is running on. When wired adequately to different switches, a higher level of availability is achieved for your Service Console. The second option is to create a second Service Console, preferable on different virtual and physical network segments. This option is a little more involved, as the second Service Console gateway needs to be configured via the advanced network settings.

Configure DNS and Routing settings for an ESX Host o 1. 2. 3. 4. 5. http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=53 Select ESX host Select the Configuration tab Click DNS and Routing Properties Click Properties Make changes under the appropriate tabs and reboot the host

Page 19 of 85

Section 3 Configure ESX/ESXi StorageObjective 3.1 Configure FC SAN StorageIdentify FC SAN hardware components o o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_san_cfg.pdf#page=15 Storage Processor (SP): This is the controller that manages the disks, LUNs, and presents LUNs to your ESX hosts. The controller is managed from a web based console or by using a software suite. Fibre Channel (FC) Switches: The Storage Processors and the ESX hosts are connected by means of FC switches. Usually zoning is in place on a SAN switches. Zoning is similar to LUN masking, which is commonly used for permission management. LUN masking is a process that makes a LUN available to some hosts and unavailable to other hosts. Usually, LUN masking is performed at the SP or server level. Host Bus Adaptor (HBA): Within the ESX host, a HBA is used to connect to the SAN switch. The HBA needs to be supported by VMware and listed on the HCL. Configuration of SAN LUNs is done from the Virtual Center or from the command line of the ESX host.

o

Identify how ESX Server connections are made to FC SAN storage o When you have a SAN connection over two fabrics, and your SAN has two storage processors, you have 4 paths to your storage. When transferring data between the host server and storage, the SAN uses a multipathing technique. Multipathing allows you to have more than one physical path from the ESX/ESXi host to a LUN on a storage system. If a path or any component along the path, HBA or NIC, cable, switch or switch port, or storage processor, fails, the server selects another of the available paths. The process of detecting a failed path and switching to another is called path failover.

Describe ESX Server FC SAN storage addressing o o http://searchstoragechannel.techtarget.com/generic/0,295582,sid98_gci1339563,00.html Storage processors aggregate physical hard disks into logical volumes, otherwise called LUNs, each with its own LUN number identifier. World Wide Names (WWNs) are attached by the manufacturer to the host bus adapters (HBA). As unique identifiers, Fibre Channel HBAs use WWNs.

Describe the concepts of zoning and LUN masking o Zoning is the partitioning of a Fibre Channel fabric into smaller subsets to restrict interference, add security, and to simplify management. While a SAN makes available several LUNs, each system connected to the SAN should only be allowed to a controlled subset of the LUNs. Zoning is sometimes confused with LUN masking, because it serves the same goals. LUN masking, however, works on Fibre Channel level 4 (i.e. on SCSI level), while zoning works on level 2. This allows zoning to be implemented on switches, whereas LUN masking is performed on endpoint devices - host adapters or disk array controllers. LUN Masking is an authorization process that makes a Logical Unit Number available to some hosts and unavailable to other hosts. Usually, LUN masking is performed at the SP or server level.

o

Configure LUN masking o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_san_cfg.pdf#page=83 esxcli corestorage claimrule add -r -t -P

Page 20 of 85

Scan for new LUNs o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_san_cfg.pdf#page=55

1. Select ESX host 2. Select the Configuration tab 3. Click Storage Adapters Rescan Determine and configure the appropriate multi-pathing policy o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=109 The VMkernel multipathing plugin that ESX provides by default is the VMware Native Multipathing Plugin (NMP). The NMP is an extensible module that manages subplugins. There are two types of NMP subplugins, Storage Array Type Plugins (SATPs), and Path Selection Plugins (PSPs). Path Selection Plugins (PSPs) run in conjunction with the VMware NMP and are responsible for choosing a physical path for I/O requests. Most Recently Used (MRU): Selects the path the ESX host used most recently to access the given device. If this path becomes unavailable, the host switches to an alternative path and continues to use the new path while it is available. Fixed: Uses the designated preferred path, if it has been configured. Otherwise, it uses the first working path discovered at system boot time. If the host cannot use the preferred path, it selects a random alternative available path. The host automatically reverts back to the preferred path as soon as that path becomes available. Round Robin (RR): Uses a path selection algorithm that rotates through all available paths enabling load balancing across the paths. Differentiate between NMP and third-party MPP o The VMkernel multipathing plugin that ESX provides by default is the VMware Native Multipathing Plugin (NMP). The NMP is an extensible module that manages subplugins. There are two types of NMP subplugins: Storage Array Type Plugins (SATPs) and Path Selection Plugins (PSPs). Storage Array Type Plugins (SATPs) run in conjunction with the VMware NMP and are responsible for array specific operations. ESX offers an SATP for every type of array that VMware supports. These SATPs include an active/active SATP and active/passive SATP for nonspecified storage arrays, and the local SATP for direct-attached storage. Path Selection Plugins (PSPs) run in conjunction with the VMware NMP and are responsible for choosing a physical path for I/O requests. The VMware NMP assigns a default PSP for every logical device based on the SATP associated with the physical paths for that device. You can override the default PSP.

Page 21 of 85

Objective 3.2 Configure iSCSI SAN StorageIdentify iSCSI SAN hardware components o o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_iscsi_san_cfg.pdf#page=9 iSCSI Target: This is the controller of the disk and the device that converts the underlying disk technology (for example SCSI) to iSCSI traffic on a network. Switch: The iSCSI target is connected to the network. The iSCSI initiators talk to the iSCSI target over this network layer. A regular Ethernet switch can be used, but a dedicated VLAN, or even better, a dedicated switch with jumbo frame support is recommended. Minimum speed must be gigabit. iSCSI initiator: The iSCSI initiator is the ESX host. On a host, a hardware (HBA) or software iSCSI initiator can be installed.

o

Determine use cases for hardware vs. software iSCSI initiators o Software iSCSI initiator: The software iSCSI initiator uses code from the VMkernel and requires only regular NICs in your ESX host. Its highly recommended that dedicated NICs be used, but using shared NICs across multiple VLANs is possible. The main benefit of an iSCSI software initiator is its already integrated into vSphere and provides the majority of the functionality needed for most environments. Hardware iSCSI initiator: The hardware initiator allows for some extra functionality and less of a performance penalty on the system processor than the software initiator because the handling of IP packets is not done on the host processor, but rather on the iSCSI hardware initiator. Also hardware initiators allow a boot from iSCSI SAN setup. Generally only the most demanding setups require a hardware initiator. But in those environments, a fibre channel SAN may be a better solution.

o

Configure the iSCSI Software Initiator o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_iscsi_san_cfg.pdf#page=30 With the software-based iSCSI implementation, you can use standard network adapters to connect your ESX/ESXi host to a remote iSCSI target on the IP network. The software iSCSI initiator that is built into ESX/ESXi facilitates this connection by communicating with the network adapter through the network stack. Create a VMkernel port for physical network: 1. 2. 3. 4. 5. 6. 7. 8. o Select a ESX host Select the Configuration tab Click Networking Add Networking Select VMkernel Select Create virtual switch Select the NICs Go to Port Group Properties and enter a friendly name under Network label Enter the IP settings

o

Enable the software iSCSI initiator: 1. 2. 3. 4. 5. Select a ESX host Select the Configuration tab Select Storage Adaptors Select the iSCSI Initiator Properties Click Enabled Page 22 of 85

o

If needed, enable Jumbo Frames. Jumbo Frames must be enabled for each vSwitch through the vSphere CLI. Also, if you use an ESX host, you must create a VMkernel network interface enabled with Jumbo Frames. (http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_iscsi_san_cfg.pdf#page=35)

Configure Dynamic/Static Discovery o 1. 2. 3. 4. 5. http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_iscsi_san_cfg.pdf#page=35 Select a ESX host Select the Configuration tab Select Storage Adaptors Select the iSCSI Initiator Properties Click the Dynamic Discovery or Static Discovery tab and add a server or target

Configure CHAP Authentication o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_iscsi_san_cfg.pdf#page=37 ESX supports the following CHAP authentication methods: o One-way CHAP: In one-way, or unidirectional, CHAP authentication, the target authenticates the initiator, but the initiator does not authenticate the target. Mutual CHAP (software iSCSI only): In mutual, or bidirectional, CHAP authentication, an additional level of security enables the initiator to authenticate the target.

CHAP Security Levels: Do not use CHAP Do not use CHAP unless required by target (software iSCSI only) Use CHAP unless prohibited by target Use CHAP (software iSCSI only) (required for Mutual CHAP) Select a ESX host Select the Configuration tab Select Storage Adaptors Select the iSCSI Initiator Properties Click CHAP

1. 2. 3. 4. 5.

Configure VMkernel port binding for iSCSI Software multi-pathing o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_iscsi_san_cfg.pdf#page=32

Discover LUNs o 1. 2. 3. 4. http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_iscsi_san_cfg.pdf#page=60 Select a ESX host Select the Configuration tab Select Storage Adaptors Click Rescan

Page 23 of 85

Identify iSCSI addressing in the context of the host o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_iscsi_san_cfg.pdf#page=10 iSCSI Name: Identifies a particular iSCSI element, regardless of its physical location. The iSCSI name can use IQN or EUI format. o IQN (iSCSI qualified name). Can be up to 255 characters long and has the following format: iqn.yyyy-mm.naming-authority:unique name (e.g. iqn.1998-01.com.vmware:server015) yyyy-mm is the year and month when the naming authority was established. naming-authority is usually reverse syntax of the Internet domain name of the naming authority. unique name is any name you want to use, for example, the name of your host. The naming authority must make sure that any names assigned, following the colon, are unique. o EUI (extended unique identifier). Includes the eui. prefix, followed by the 16-character name. The name includes 24 bits for the company name assigned by the IEEE and 40 bits for a unique ID, such as a serial number. o o eui.0123456789ABCDEF

iSCSI Alias: A more manageable, easy-to-remember name to use instead of the iSCSI name. iSCSI aliases are not unique, and are intended to be just a friendly name to associate with the node. IP Address: An address associated with each iSCSI element so that routing and switching equipment on the network can establish the connection between different elements, such as the host and storage. This is just like the IP address you assign to a computer to get access to your company's network or the Internet.

Page 24 of 85

Objective 3.3 Configure NFS DatastoresIdentify the NFS hardware components o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=96 NFS Share / Server, Switch, and VMkernel interface for NFS support

Explain ESX exclusivity for NFS mounts o When your host accesses a virtual machine disk file on an NFS-based datastore, a .lck-XXX lock file is generated in the same directory where the disk file resides to prevent other hosts from accessing this virtual disk file. Do not remove the .lck-XXX lock file, because without it, the running virtual machine cannot access its virtual disk file. Note: Only NFS version 3 over TCP/IP is supported.

o

Configure ESX/ESXi network connectivity to the NAS device o 1. 2. 3. 4. 5. 6. 7. 8. For the connectivity to a NFS device you need the same network configuration as you would for iSCSI, a VMkernel interface. To do so: Select a ESX host Select the Configuration tab Select Networking Add Networking Select VMkernel Select Create virtual switch Select the NICs Go to Port Group Properties and enter a friendly name under Network label Enter the IP settings

Create an NFS Datastore o 1. 2. 3. 4. 5. http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=98 Select a ESX host Select the Configuration tab Select Storage Add Storage Select Network File System Fill in Server Name/IP, Folder/Path, Datastore Name

NFS Capabilities (not in Blueprint guide) o ESX can access a designated NFS volume located on a NAS server, mount the volume, and use it for its storage needs. You can use NFS volumes to store and boot virtual machines in the same way that you use VMFS datastores. ESX supports the following shared storage capabilities on NFS volumes: VMotion VMware DRS and VMware HA ISO images, which are presented as CD-ROMs to virtual machines Virtual machine snapshots

Page 25 of 85

Objective 3.4 Configure and Manage VMFS DatastoresIdentify VMFS file system attributes o http://www.vmware.com/products/vmfs/features.html

Determine the appropriate Datastore location/configuration for given virtual machines o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=69

Determine use cases for multiple VMFS Datastores o http://www.yellow-bricks.com/2009/06/23/vmfslun-size/

Create/Configure VMFS Datastores o 1. 2. 3. 4. 5. 6. 7. http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=95 Select a ESX host Select the Configuration tab Select Storage Add Storage Select Disk/LUN Select a device to use for your datastore Enter a datastore name If needed, adjust the file system and capacity values

Attach existing Datastore to new ESX host 1. 2. 3. 4. Select a ESX host Select the Configuration tab Select Storage Refresh After the refresh, the disk should appear

Manage VMFS Datastores (Group/Unmount/Delete Datastores) o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=101 Note: You can unmount only the following types of datastores: NFS & VMFS datastore copies mounted without resignaturing.

Grow VMFS volumes o 1. 2. 3. 4. 5. o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=104 Select a ESX host Select the Configuration tab Select Storage Right click the Datastore that you need to increase, and click Properties Click the Increase button and follow the wizard Only extents with free space immediately after them are expandable. As a result, rather than adding the new extent, you can grow the existing extent so that it fills the available adjacent capacity. An extent can be grown any number of times, up to 2TB minus 512B. You can add a new extent to any existing VMFS datastore. A datastore can have up to 32 extents. A VMFS can have a maximum volume size of 64TB minus 16K . Page 26 of 85

o o

Objective 3.BONUS Understanding Storage Device NamingIn the vSphere Client, each storage device, or LUN, is identified by several names, including a friendly name, a UUID, and a runtime name. o Name: A friendly name that the ESX host assigns to a device based on the storage type and manufacturer. You can modify the name using the vSphere Client. When you modify the name of the device on one host, the change takes affect across all hosts that have access to this device. Identifier: A universally unique identifier assigned to a device. Depending on the type of storage, different algorithms are used to create the identifier. The identifier is persistent across reboots and is the same for all hosts sharing the device. o Example: naa.6090a02830bb6189f8ab9429000010e8

o

Runtime Name: The name of the first path to the device. The runtime name is created by the host, is not a reliable identifier for the device, and is not persistent. Example: vmhba33:C0:T5:L0

The runtime name has the following format: vmhba#:C#:T#:L#, where vmhba# is the name of the storage adapter. The name refers to the physical adapter on the host, not to the SCSI controller used by the virtual machines. C# is the storage channel number. Software iSCSI initiators use the channel number to show multiple paths to the same target. T# is the target number. Target numbering is decided by the host and might change if there is a change in the mappings of targets visible to the host. Targets that are shared by different ESX hosts might not have the same target number. L# is the LUN number that shows the position of the LUN within the target. The LUN number is provided by the storage system. If a target has only one LUN, the LUN number is always zero (0).

Page 27 of 85

Section 4 Install and Configure vCenter ServerObjective 4.1 Install vCenter ServerIdentify hardware requirements o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_vc_installation_guide.pdf#page=14 vCenter Server: Minimum: 2 CPUs, 2GHz Processor, 3GB RAM, 2GB Disk Space When you have up to 200 hosts, you can use a 32-bit Windows operating system, but a 64-bit Windows operating system is preferred. When you have 200-300 hosts, a 64-bit Windows operating system is required. Up to 50 hosts and 250 Powered-On VMs: o 2 CPUs 4 GB RAM 3GB Disk Space Up to 200 hosts and 2000 Powered-On VMs: o 4 CPUs 4 GB RAM 3GB Disk Space Up to 300 hosts and 3000 Powered-On VMs: o 4 CPUs 8 GB RAM 3GB Disk Space o 64-bit OS

TCP Ports: 80 (http), 443 (https), 389 (LDAP for DS), 636 (SSL for DS) UDP Ports: 902 (ESX heartbeat) Note: Server name should not exceed 15 characters

vSphere Client: Minimum: 1 CPU, 266MHz Processor, 200MB RAM, 1GB Disk Space Connects to vCenter Server via port 443; Connects to VM consoles via 902 & 903

Understand configuration maximums o http://www.vmware.com/pdf/vsphere4/r40/vsp_40_config_max.pdf#page=7 Hosts (32bit OS server): 200 Poweredon virtual machines (32bit OS server): 2000 Registered virtual machines (32bit OS server): 3000 Concurrent vSphere client connections (32bit OS server): 15 Hosts (64bit OS server): 300 Poweredon virtual machines (64bit OS server): 3000 Registered virtual machines (64bit OS server): 4500 Concurrent vSphere client connections (64bit OS server): 30 Hosts per datacenter: 100 Linked vCenter Server systems: 10 Concurrent Storage VMotion operations per host: 2 Concurrent Storage VMotion operations per datastore: 4 Concurrent provisioning operations per host & per datastore: 8 Concurrent operations per vCenter Server: 96

Determine availability requirements for a vCenter server in a given situation o o Linked vCenter Server systems Running vCenter, or a copy thereof, on a Virtual Machine within the HA Cluster Page 28 of 85

Determine appropriate vCenter Server edition o o http://www.vmware.com/files/pdf/vsphere_pricing.pdf#page=8 VMware vCenter Server Standard provides large scale management of vSphere deployments for rapid provisioning, monitoring, orchestration and control of virtual machines. Includes VMware vCenter Orchestrator & VMware vCenter Server Linked Mode VMware vCenter Server Foundation provides powerful management tools for smaller environments (up to three vSphere hosts) looking to rapidly provision, monitor and control virtual machines. VMware vCenter Server for Essentials integrated into the vSphere Essentials and Essentials Plus editions for small office deployments.

o o

Determine database size requirements 1. Go to Administration vCenter Server Settings 2. Click Statistics 3. Choose a Interval Duration and click Edit a. When you click Edit, you can change the interval, sample duration, and level. There are four levels. Level 1 is the lowest and 4 is the highest. Level 4 logs nearly everything on the host. The higher the level, the larger the database will be. Prepare/Configure vCenter Server database o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_vc_installation_guide.pdf#page=71 Databases Supported: Microsoft SQL Server (2005, 2008), Oracle (10g, 11g), DB2 (9, C) [in vSphere U1] o http://www.vmware.com/pdf/vsphere4/r40/vsp_compatibility_matrix.pdf#page=11

Each vCenter Server instance must have its own database. vCenter Server instances cannot share the same database schema. Multiple vCenter Server databases can reside on the same database server, or they can be separated across multiple database servers. For Oracle, which has the concept of schema objects, you can run multiple vCenter Server instances in a single database server if you have a different schema owner for each vCenter Server instance, or use a dedicated Oracle database server for each vCenter Server instance. Even though vCenter Server is supported on 64-bit operating systems, the vCenter Server system must have a 32-bit DSN. This requirement applies to all supported databases. By default, any DSN created on a 64-bit system is 64 bit. For Microsoft SQL Server database servers, install the 64-bit database ODBC drivers on your Microsoft Windows system. When you install the 64-bit drivers, the 32-bit drivers are installed automatically.

o

o

o

Install vCenter Server using downloaded installer o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_vc_installation_guide.pdf#page=99 VMware allows you to download the vCenter installation media as an EXE file or an ISO file. The ISO file can be mounted or burned to DVD. The EXE file can run directly on an OS but has to be copied there.

Page 29 of 85

Install additional modules o vCenter Guided Consolidation: http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_vc_installation_guide.pdf#page=115 vCenter Guided Consolidation enables you to migrate from physical servers to virtual infrastructure using a wizard that identifies physical servers for consolidation, converts them to virtual machines, and places them onto ESX/ESXi hosts. o vCenter Update Manager: http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_vc_installation_guide.pdf#page=116 Using vCenter Update Manager, you can orchestrate steps of an upgrade process sequentially, based on compliance baselines at the host, virtual machine, and datastore level. ESX host upgrade per cluster: 1 ESX host remediation per VUM server: 8 Virtual machine remediation per ESX host: 5 o vCenter Converter: http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_vc_installation_guide.pdf#page=117 Using vCenter Update Manager, you can orchestrate steps of an upgrade process sequentially, based on compliance baselines at the host, virtual machine, and datastore level. Concurrent import/export tasks (assumes no load on vCenter Server system): 16 Determine use case for vCenter Linked Mode Groups o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_vc_installation_guide.pdf#page=107 Availability o When you link vCenter servers, each server can manage the entire infrastructure.

Configuration Maximums The number of ESX hosts, VMs, and users per vCenter server is limited. When running into those limits, you can add additional vCenter servers in Linked Mode. You can link a maximum of 10 vCenter servers.

o

Note: The vCenter Server instances in a Linked Mode group can be in different domains if the domains have a two-way trust relationship. Each domain must trust the other domains on which vCenter Server instances are installed. Join/Remove Option: Join this vCenter Server instance to an existing linked mode group or another instance Isolate this vCenter Server instance from linked mode group

o

Page 30 of 85

Objective 4.2 Manage vSphere Client plug-insIdentify available plug-ins o o o o o o vCenter Guided Consolidation vCenter Update Manager vCenter Converter vCenter Storage Monitor (default) vCenter Hardware status (default) vCenter Service Status (default)

Determine required plug-ins for a given application o -

Ensure permissions to install plug-ins o Admin rights to the server and vCenter

Enable plug-ins after installation o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=43 1. Go to Plug-ins Manage Plug-ins 2. Right click the plug-in under Available Plug-ins and choose Enable

Page 31 of 85

Objective 4.3 Configure vCenter ServerIdentify the vCenter Server managed ESX Hosts and Virtual Machine maximums o ESX: http://www.vmware.com/pdf/vsphere4/r40/vsp_40_config_max.pdf#page=3 o ESX hosts on 32-bit vSphere: 200 VMs on 32-bit vSphere (powered on / registered): 2000 / 3000 ESX hosts on 64-bit vSphere: 300 VMs on 64-bit vSphere (powered on / registered): 3000 / 4500 Linked vCenter Servers: 10 Concurrent vSphere Clients (32 / 64 bit): 15 / 30 ESX hosts per datacenter: 100 Concurrent Storage VMotions (Host / Datastore): 2 / 4 Concurrent operations per vCenter: 96

VM: http://www.vmware.com/pdf/vsphere4/r40/vsp_40_config_max.pdf CPUs (Virtual SMP): 8 RAM: 255GB Swap file size: 255GB SCSI adapters: 4 SCSI targets per SCSI adapter: 15 SCSI targets: 60 Disk size: 2TB minus 512B NICs: 10 Concurrent remote console connections to a virtual machine: 40

Join ESX/ESXi Hosts to vCenter Server o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=76

1. Right click the Cluster or Datacenter and select Add Host 2. Enter the managed host connection settings 3. (Optional ESXi Only) Select Enable Lockdown Mode to disable remote access for the administrator account after vCenter Server takes control of this host. 4. Confirm the Host Summary information 5. Select whether to assign a new or existing license key to the host 6. Specify what should happen to the resource pools on the host Configure Guest OS Customization o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=175 Home Management Customization Specification Manager

Page 32 of 85

Use Datacenters and Folders to organize the environment o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=72 Datacenters can represent physical or logical datacenters in your IT environment. Please note that you cannot use VMotion to live migrate VMs from one Datacenter to another. For both folders and datacenters, it is possible to set user rights to allow or disallow certain user actions.

Configure/Use Scheduled Tasks o o o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=283 Home Management Scheduled Tasks Note: The vSphere Client must be connected to a vCenter Server system to schedule tasks. Note: After a scheduled task is created, it will be performed even if the user no longer has permission to perform the task.

Configure/Use Resource Maps o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=231

Use Storage Reports/Storage Maps o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=227 Reports and Maps are updated every 30 minutes

View/Manage Events o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=289 Home Management Events

Configure vCenter Server settings o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=46 Administration vCenter Server Settings

Configure vSphere Client settings o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=38 Edit Client Settings

Page 33 of 85

Objective 4.4 Configure Access ControlCreate/Modify user permissions in vCenter o o o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=211 Roles: Home Administration Roles User Permissions: Permissions tab The vpxuser user is a vCenter Server entity with root rights on the ESX/ESXi host, allowing it to manage activities for that host. The vpxuser is created at the time that an ESX/ESXi host is attached to vCenter Server. It is not present on the ESX host unless the host is being managed through vCenter Server.

Create/Modify user permissions in ESX Server o The privileges and roles assigned on an ESX/ESXi host are separate from the privileges and roles assigned on a vCenter Server system. When you manage a host using vCenter Server, only the privileges and roles assigned through the vCenter Server system are available. If you connect directly to the host using the vSphere Client, only the privileges and roles assigned directly on the host are available. To edit local users and groups on an ESX host, connect directly to the ESX host instead of connecting to the vCenter server.

o

Restrict access to vCenter inventory objects o 1. 2. 3. 4. 5. 6. o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=222 Select an Object (e.g. VM, Datacenter, Host, Folder) Select the Permissions tab Right click and select Add Select the role you would like to assign in the right pane Select the local or AD user / user group you would like to assign (Optionally) Deselect the Propagate to Child Objects check box if you need user rights only on the object and not on child objects VMware recommends several best practices for creating users and groups in your vSphere environment: Use vCenter Server to centralize access control, rather than defining users and groups on individual hosts. Choose a local Windows user or group to have the Administrator role in vCenter Server. Create new groups for vCenter Server users. Avoid using Windows built-in groups or other existing groups.

Define vCenter predefined roles and their privileges o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=214 No Access, Read Only, Administrator, Virtual Machine Administrator, Virtual Machine Power User, Virtual Machine User, Resource Pool Administrator, VMware Consolidated Backup User, Datastore Consumer, Network Consumer, Datacenter Administrator

Create/Clone Edit roles o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=215 Roles: Home Administration Roles Page 34 of 85

Assign roles to users and groups 1. 2. 3. 4. 5. Select an Object (e.g. VM, Datacenter, Host, Folder) Select the Permissions tab Right click and select Add Select the role you would like to assign in the right pane Select the local or AD user / user group you would like to assign

Describe how privileges propagate o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=218 When you assign a permission to an object, you can choose whether the permission propagates down the object hierarchy. Propagation is set per permission, not universally applied. Permissions defined for a child object always override those propagated from parent objects. To disable propagation, uncheck the checkbox Propagate to Child Objects when assigning permissions.

Understand permissions as applied to user and group combinations o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=220 Permissions assigned directly to an individual user override permissions assigned to a group that the user is a member of.

Page 35 of 85

Section 5 Deploy and Manage Virtual Machines and vAppsObjective 5.1 Create and Deploy Virtual MachinesUnderstand virtual machine hardware maximums o http://www.vmware.com/pdf/vsphere4/r40/vsp_40_config_max.pdf CPU: 8 RAM: 255GB SCSI Adapters: 4 SCSI Targets per Adapter: 15 SCSI Targets per VM: 60 Disk size: 2TB minus 512B IDE Controllers: 1 IDE Devices: 4 Virtual NICs: 10 Parallel Ports: 3 Serial Ports: 4 VMDirectPath PCI / PCIe Devices: 2 VMDirectPath SCSI Targets: 60

Create a virtual machine o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=114 Determine appropriate SCSI adapter BusLogic Parallel is for older guest operating systems. LSI Logic Parallel is the default adaptor when a VM is created (for most OSs) LSI Logic SAS is available only for virtual machines with hardware version 7. Disks with snapshots might not experience performance gains when used on LSI Logic SAS and LSI Logic Parallel adapters. VMware Paravirtual (Paravirtual SCSI (PVSCSI)) adapters are high-performance storage adapters that can result in greater throughput and lower CPU utilization. Paravirtual SCSI adapters are best suited for high performance storage environments. Paravirtual SCSI adapters are not suited for Direct-attached storage (DAS) environments. VMware recommends that you create a primary adapter (LSI Logic by default) for use with a disk that will host the system software (boot disk) and a separate PVSCSI adapter for the disk that will store user data, such as a database. PVSCSI does not support FT, Record/Replay, and MSCS Clustering. Boot disks are supported in vSphere U1

Page 36 of 85

o

Determine Virtual Disk type VMDK (New or Existing) (Thin Provisioned Format or Thick Format) Raw Device Mapping (Virtual or Physical Mode) Virtual: Allows the RDM to behave as if it were a virtual disk, so you can use such features as snapshotting, cloning, and so on. Physical: Allows the guest operating system to access the hardware directly. Physical compatibility is useful if you are using SAN-aware applications on the virtual machine. However, a virtual machine with a physical compatibility RDM cannot be cloned, made into a template, or migrated if the migration involves copying the disk.

o

Install/Upgrade/Configure VMware Tools http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=122

1. Right click a VM in the vCenter client 2. Select Guest Install/Upgrade VMware Tools 3. Select either Interactive Tools Installation or Automatic Tools Upgrade Create/Convert templates o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=167 Right click the VM and choose Template Clone to Template (can be done when VM is powered on) or Convert to Template (only available when VM is off, VM will be converted to template.).

Customize Windows/Linux virtual machines o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=176

Manage Customization Specifications o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=181

1. View Management Customization Specifications Manager 2. In the Customization Specification Manager, right-click a specification and select Edit. 3. Proceed through the Guest Customization wizard to change specification setting. o vCenter Server saves the customized configuration parameters in the vCenter Server database. If the customization settings are saved, the administrator, and domain administrator passwords are stored in encrypted format in the database. Because the certificate used to encrypt the passwords is unique to each vCenter Server system, reinstalling vCenter Server, or attaching a new instance of the server the database, invalidates the encrypted passwords. The passwords must be re-entered before they can be used. You can export customization specifications and save them as .xml files. To apply an exported specification to a virtual machine, import the .xml file using the Customization Specification Manager.

o

Deploy a virtual machine from a template o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=170

Page 37 of 85

Deploy a virtual machine using VMware vCenter Converter Enterprise o o o o Perform Hot Clone: http://www.vmware.com/pdf/vsp_vcc_41_admin_guide.pdf#page=11 Perform Cold Clone: http://www.vmware.com/pdf/vsp_vcc_41_admin_guide.pdf#page=13 Perform System Reconfiguration: http://www.vmware.com/pdf/vsp_vcc_41_admin_guide.pdf#page=18 During the conversion process, physical disks are typically resized to conserve space on the datastore while providing room for growth on the resultant virtual disk. The following formula is used to resize converted disks: amount of space used on physical disk * 1.25 = resultant virtual disk size. Virtual disks are set to a size of 4GB or larger. Cloning Modes: Disk-Based Cloning: vCenter Converter supports disk-based cloning for cold cloning and for importing existing virtual machines. Disk-based cloning transfers all sectors from all disks, and preserves all volume metadata. The destination virtual machine receives the same volumes of the same type as the volumes of the source virtual machine. Disk-based cloning supports all basic and dynamic disks. Volume-Based Cloning: vCenter Converter supports volume-based cloning for hot and cold cloning and for importing existing virtual machines. In volume-based cloning, all volumes in the destination virtual machine are basic volumes, regardless of the type in the corresponding source volume. Volume-based cloning is performed at the file level or block level, depending on your size selections. (If size is smaller than original volume, File Level is used. If size is the same or larger, Block Level is used.)

o

Deploy a virtual machine using Guided Consolidation o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=87 Process: Find: You search for and select the physical systems in your datacenter that you want analyzed. Analyze: Selected physical systems are analyzed and performance data on each selected system is collected. Generally, the longer the duration of the analysis phase, the higher the confidence in the vCenter Servers recommendations. To ensure a high level of confidence in a recommendation, allow the duration of the analysis phase to encompass an amount of time that includes representative peaks and troughs in the systems workload. Up to 100 systems can be simultaneously analyzed. Analysis can run up to 1 month. Consolidate: Performance data is compared to the resources available on the virtual machine host systems. The selected physical systems are converted to virtual machines and imported into vCenter Server on the recommended hosts where they are managed along with other components of your virtual environment.

Page 38 of 85

o

One important metric displayed in the Analysis tab is the Confidence metric. During the analysis phase, performance data about each selected system is collected. This data is used to find a host with resources that match the collected data to determine a recommendation for each candidate. The recommendation indicates how well suited, based on the collected data, a candidate is to a particular virtual machine host system. Confidence refers to the reliability of the recommendation and it is a function of the duration of the analysis. Recommendations based on longer periods of analysis and therefore more performance data receive a higher level of confidence.

Clone a virtual machine o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=172

Import a virtual machine from a file/folder o 1. 2. 3. 4. 5. http://www.vmware.com/pdf/vsp_vcc_41_admin_guide.pdf#page=40 Select ESX Host Set the Configuration tab Select Storage Right click a Datastore and select Browse Datastore Right click the VMX file and select Add to Inventory

Page 39 of 85

Objective 5.2 Manage Virtual MachinesConfigure/Modify virtual machines o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=142 You can configure virtual machines using two tools in the vSphere Client: the Virtual Machine Properties editor and the Add Hardware wizard. These dialog boxes also allow you to control advanced virtual machine configuration options. You can also upgrade the virtual hardware of a virtual machine or convert virtual disks from thin to thick using these dialog boxes. Add/Hot Add virtual machine hardware http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=157 1. Right click a VM and select Edit Settings 2. Click the Add button to add additional hardware It is possible to add / modify certain aspects / remove some types of hardware while the VM is running. This is called Hot Add. The limitations depend of the type of guest OS you are using. You can Hot Add the following types of hardware: USB Controller Ethernet Adaptor Hard Disk SCSI Device o Grow virtual machine disks o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=145

o

Determine appropriate disk format http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=118 Thin Provisioned: Use the thin format to save storage space. The thin virtual disk starts small and at first, uses just as much storage space as it needs for its initial operations. When the virtual disk requires more space, it can grow to its maximum capacity and occupy the entire datastore space originally provisioned to it. Thick: Allocate a fixed amount of storage space to the virtual disk. The virtual disk in the thick format does not change its size and from the very beginning occupies the entire datastore space provisioned to it. You can convert a thin provisioned disk to thick. After having been converted, the virtual disk grows to its full capacity and occupies the entire datastore space provisioned to it during the disks creation.

Connect virtual machines to devices o o http://www.vmware.com/pdf/vsp_4_vmdirectpath_host.pdf vSphere allows you to connect a physical device directly to a VM via VMDirectPath. This allows a VM to directly access this device for optimal performance and compatibility. The PCI Device has to be on the HCL. You can assign a PCI Device to either the VMkernel or as a pass through device, but not both. Page 40 of 85

Configure virtual machine options (Options tab) o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=149 General Options: Change the virtual machine name and guest operating system settings in the General Options in the Virtual Machine Properties dialog box. Advanced Options: The virtual machine options define a range of virtual machine properties such as name, vApp functionality, its behavior with the guest operating system and VMware Tools, and other Advanced options. Power Management Options: Power Management allows you to determine how the virtual machine responds when the guest operating system is placed on standby. VMware Tools Options: You can change the power controls, the time VMware Tools scripts run, the upgrade check option, and the time synchronization option with the VMware Tools settings for a virtual machine.

Configure appropriate virtual machine resource settings (Resources tab) o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=154 In the Virtual Machine Properties dialog box, you can adjust the host resource allocation for the selected virtual machine. You can change CPU, memory, disk, and advanced CPU resources.

Page 41 of 85

Objective 5.3 Deploy vAppsDetermine whether a vApp is appropriate for a given situation o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=103 A vApp is a container, like a resource pool, and can contain one or more virtual machines. In addition, a vApp also shares some functionality with virtual machines. A vApp can power on and power off, and can also be cloned. vApps can be created on folders, hosts, resource pools, DRS-enabled clusters, and within other vApps. The vApp metadata resides in the vCenter Server's database, so a vApp can be distributed across multiple ESX/ESXi hosts. This information can be lost if the vCenter Server database is cleared or if a standalone ESX/ESXi host that contains a vApp is removed from vCenter Server. You should back up vApps to an OVF package in order to avoid losing any metadata.

o

Define Open Virtual Machine Format (OVF) o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=99 OVF is a file format that allows for exchange of virtual appliances across products and platforms. OVF files are compressed, allowing for faster downloads. The vSphere Client validates an OVF file before importing it, and ensures that it is compatible with the intended destination server. If the appliance is incompatible with the selected host, it cannot be imported and an error message appears. You can deploy an OVF template from a local file system accessible to the vSphere Client machine, or from a web URL.

Import/Export a Virtual Appliance o o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=99 Import: File Deploy OVF Template Export: File Export Export OVF Template

Build a vApp o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=104 Right click on a Cluster and select New vApp -or- File New vApp

Create/Add virtual machines to a vApp o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=105 You can create new, or drag and drop an existing VM

Edit vApp Properties o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=106 Right click a vApp and select Edit Settings

Export vApps o File Export Export OVF Template Page 42 of 85

Clone a vApp o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf#page=111 Right click a vApp and select Clone (the vApp has to be shut down for this option to be selectable) -or- Inventory vApp Clone

Page 43 of 85

Section 6 Manage ComplianceObjective 6.1 Install, Configure and Manage VMware vCenter Update ManagerDetermine installation requirements and database sizing o o http://www.vmware.com/pdf/vsp_vum_40_admin_guide.pdf#page=21 http://www.vmware.com/support/vsphere4/doc/vsp_vum_40_sizing_estimator.xls o o Windows XP SP2, Sever 2003 or Server 2008 MS SQL or Oracle (dedicated DB recommended) Two or more logical cores, each with a speed of 2GHz 2GB RAM. When VUM is installer on the same server as vCenter Server a minimum of 4GB of RAM is needed. Preferably a Gigabit connection, but 10/100Mb will suffice

TCP Ports: 8084 (SOAP), 9084 (patch store), 9087 If your deployment system is relatively small one containing up to 5 hosts and 50 virtual machines, you can use a SQL Server 2005 Express database, which you can install during the Update Manager installation.

Install Update Manager Server and Client components o o http://www.vmware.com/pdf/vsp_vum_40_admin_guide.pdf#page=27 You can install the Update Manager server component on the same computer as vCenter Server or on a different computer. After you install the Update Manager server component, to use Update Manager, you must install the Update Manager Client plug-in and enable it on the vSphere Client.

Configure update manager settings o o http://www.vmware.com/pdf/vsp_vum_40_admin_guide.pdf#page=41 Home Solutions and Applications Update Manager Configuration tab

Configure patch download options o

Create baselines o o o http://www.vmware.com/pdf/vsp_vum_40_admin_guide.pdf#page=51 Home Solutions and Applications Update Manager Baselines and Groups tab Baselines contain a collection of one or more patches, service packs and bug fixes, or upgrades. Baseline groups are assembled from existing baselines and might contain one upgrade baseline per type and one or more patch baselines or a combination of multiple patch baselines. When you scan hosts, virtual machines, and virtual appliances, you evaluate them against baselines and baseline groups to determine their level of compliance.

Page 44 of 85

Attach baselines to vCenter inventory objects o o o http://www.vmware.com/pdf/vsp_vum_40_admin_guide.pdf#page=61 Select Object Update Manager tab Click Attach Although you can attach baselines and baseline groups to individual objects, it is more efficient to attach them to container objects, such as folders, hosts, clusters, and datacenters. Attaching a baseline to a container object transitively attaches the baseline to all objects in the container.

Scan ESX hosts and virtual machines o o o o http://www.vmware.com/pdf/vsp_vum_40_admin_guide.pdf#page=67 ESX: Home Inventory Hosts and Clusters Right click a Host or Datacenter Scan for Updates Select the types of updates to scan for Scan VM: Home Inventory VMs and Templates Right click a VM, Appliance, Datacenter, or Folder Scan for Updates Select the types of updates to scan for Scan You can configure Update Manager to scan virtual machines, virtual appliances, and ESX/ESXi hosts by manually initiating or scheduling scans to generate compliance information.

Remediate ESX hosts and virtual machines o o o o o http://www.vmware.com/pdf/vsp_vum_40_admin_guide.pdf#page=73 ESX: Home Inventory Hosts and Clusters Right click an Object Remediate Select the Baselines and Baseline Group to apply Select the Hosts Finish VM: Home Inventory VMs and Templates Right click an Object Remediate Select the Baselines and Baseline Group to apply Select the VMs Finish You can remediate virtual machines, virtual appliances, and hosts using either user-initiated remediation or regularly scheduled remediation. You can remediate virtual machines and appliances together. For ESX/ESXi hosts in a cluster, the remediation process is sequential. When you remediate a cluster of hosts and one of the hosts fails to enter maintenance mode, Update Manager reports an error and the process stops and fails. The hosts in the cluster that are remediated stay at the updated level. The ones that were to be remediated after the failed host are not updated. For multiple clusters under a datacenter, the remediation processes run in parallel. If the remediation process fails for one of the clusters within a datacenter, the remaining clusters are still remediated.

o

Stage ESX/ESXi Host updates o o o http://www.vmware.com/pdf/vsp_vum_40_admin_guide.pdf#page=76 Home Inventory Hosts and Clusters Right click a Host, Datacenter, or Cluster Stage Patches Select the path Baseline to stage Select the Hosts Finish Staging patches for ESX/ESXi hosts allows you to download the patches from the Update Manager server to the ESX/ESXi hosts, without applying the patches immediately. Staging patches speeds up the remediation process because the patches are already available locally on the hosts. All staged patches, whether installed or not during a remediation, are deleted from the host after remediation completes. Page 45 of 85

Analyze compliance information from a scan o o http://www.vmware.com/pdf/vsp_vum_40_admin_guide.pdf#page=69 Update Manager scans objects to determine how they comply with baselines and baseline groups you attach. You can review compliance by examining results for a single virtual machine, virtual appliance, template, or ESX/ESXi host or for a group of virtual machines or hosts.

Page 46 of 85

Objective 6.2 Establish and Apply ESX Host ProfilesCreate/Delete Host Profiles (Enterprise Plus license only) o o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=207 Home Management Host Profiles Click Create Profile Host profiles eliminates per-host, manual, or UI-based host configuration and maintain configuration consistency and correctness across the datacenter by using host profile policies. These policies capture the blueprint of a known, validated reference host configuration and use this to configure networking, storage, security, and other settings on multiple hosts or clusters. You can then check a host or cluster against a profiles configuration for any deviations.

Import/Export Host Profiles o o o You can import/export a profile from/to a file that is in the VMware profile format (.vpf). Import: Click the Create Profile Select the option to Import a profile Export: Select the Profile from the profile list Right-click the profile and select Export Profile

Edit Host Profile Policies o o o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=210 Select the Profile from the profile list Click Edit Host Profile Select the Profile from the profile list Click Profile Editor A policy describes how a specific configuration setting should be applied. The Profile Editor allows you to edit policies belonging to a specific host profile. You can view and edit host profile policies, select a policy to be checked for compliance, and change the policy name or description.

Associate an ESX host with a host profile o o Host Profiles main view, select the Profile Click Attach Host/Cluster Profiles can also be attached to a cluster. In order to be compliant, all hosts within an attached cluster must be configured according to the profile.

Check for Compliance o o o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=214 Home Inventory Hosts and Clusters Right-click the Host and select Host Profile Check Compliance -or- From the Host Profiles list, select the Profile Hosts and Clusters tab Select the Host or Cluster Click Check Compliance Now After a host or cluster is configured with the reference host profile, a manual change, for example, can occur, making the configuration incorrect. Checking compliance on a regular basis ensures that the host or cluster continues to be correctly configured.

Page 47 of 85

Apply Host Profiles o o o o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=212 Note: The host must be in maintenance mode before a profile is applied to it. Home Inventory Hosts and Clusters Right-click the Host and select Host Profile Apply Profile -or- From the Host Profiles list, select the Profile Hosts and Clusters tab Click Apply Profile

Analyze configuration compliance information from a scan o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_esx_server_config.pdf#page=214

Page 48 of 85

Section 7 Establish Service LevelsObjective 7.1 Create and Configure VMware ClustersCreate new cluster o http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_availability.pdf#page=19

1. Home Inventory Hosts and Clusters 2. Right-click a Datacenter and select New Cluster 3. Complete the New Cluster wizard o All virtual machines and their configuration files must reside on shared storage. So that you can po