vi3!35!25 3 server config

7/29/2019 Vi3!35!25 3 Server Config

1/312

ESX Server 3 Configuration GuideESX Server 3.5 and VirtualCenter 2.5

This document supports the version of each product listed and

supports all subsequent versions until the document is replacedby a new edition. To check for more recent editions of thisdocument, see http://www.vmware.com/support/pubs.

VI-ENG-Q407-437
http://www.vmware.com/support/pubshttp://www.vmware.com/support/pubs


2/312

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

2 VMware, Inc.

ESX Server 3 Configuration Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

[email protected]

Copyright 20062010 VMware, Inc. All rights reserved. This product is protected by U.S. and

international copyright and intellectual property laws. VMware products are covered by one or morepatents listed at http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or otherjurisdictions. All other marks and names mentioned herein may be trademarks of their respectivecompanies.
http://www.vmware.com/supportmailto:[email protected]://www.vmware.com/go/patentshttp://www.vmware.com/go/patentsmailto:[email protected]://www.vmware.com/supporthttp://www.vmware.com/support/


3/312

VMware, Inc. 3

Contents

AboutThisBook 9

1 Introduction 13Networking 14

Storage 14

Security 15

Appendixes 15

Networking

2 Networking 19NetworkingConceptsOverview 20

VirtualSwitches 21

PortGroups 24

EnablingNetworkServices 24

ViewingNetworking

Information

in

the

VI Client 25

VirtualNetworkConfigurationforVirtualMachines 27

VMkernelNetworkingConfiguration 30

TCP/IPStackattheVMkernelLevel 30

ImplicationsandGuidelinesforConfiguration 31

ServiceConsoleConfiguration 34

BasicServiceConsoleConfigurationTasks 34

Using

DHCP

for

the

Service

Console 38

3 AdvancedNetworking 41VirtualSwitchPropertiesandPolicies 42

VirtualSwitchProperties 42

VirtualSwitchPolicies 50

PortGroupConfiguration 57

DNSand

Routing 59


4/312


4 VMware, Inc.

TCPSegmentationOffloadandJumboFrames 61

EnablingTSO 61

EnablingJumboFrames 63

NetQueueandNetworkingPerformance 64

SettingUpMACAddresses 65

MACAddressesGeneration 65

SettingMACAddresses 66

UsingMACAddresses 67

NetworkingBestPracticesandTips 67

NetworkingBestPractices 68

NetworkingTips 68

4 NetworkingScenariosandTroubleshooting 71NetworkingConfigurationforSoftwareiSCSIStorage 72

ConfiguringNetworkingonBladeServers 77

Troubleshooting 80

TroubleshootingServiceConsoleNetworking 80

TroubleshootingNetworkAdapterConfiguration 81

TroubleshootingPhysicalSwitchConfiguration 81

TroubleshootingPortGroupConfiguration 82

Storage

5 IntroductiontoStorage 85StorageOverview 86

TypesofPhysicalStorage 86

LocalStorage 87

NetworkedStorage 88

SupportedStorageAdapters 89

Datastores 89

VMFSDatastores 90

NFSDatastore 93

HowVirtualMachinesAccessStorage 93

ComparingTypesofStorage 95

ViewingStorageInformationintheVMwareInfrastructureClient 95

DisplayingDatastores 96

ViewingStorageAdapters 97

UnderstandingStorageDeviceNamingintheDisplay 98ConfiguringandManagingStorage 99


5/312

VMware, Inc. 5

Contents

6 ConfiguringStorage 101LocalStorage 102

AddingLocal

Storage 102

FibreChannelStorage 105

AddingFibreChannelStorage 106

iSCSIStorage 108

iSCSIInitiators 108

NamingRequirements 109

DiscoveryMethods 110

iSCSISecurity 110

ConfiguringHardwareiSCSIInitiatorsandStorage 111

ConfiguringSoftwareiSCSIInitiatorsandStorage 118

PerformingaRescan 124

NetworkAttachedStorage 125

HowVirtualMachinesUseNFS 125

NFSVolumesandVirtualMachineDelegateUsers 127

ConfiguringESXServer3toAccessNFSVolumes 127

CreatinganNFSBasedDatastore 127

CreatingaDiagnosticPartition 128

7 ManagingStorage 131ManagingDatastores 132

EditingVMFSDatastores 133

UpgradingDatastores 133

ChangingtheNamesofDatastores 134

AddingExtentstoDatastores 134

ManagingMultiplePaths 135

MultipathingwithLocalStorageandFibreChannelSANs 136

MultipathingwithiSCSISAN 137

ViewingtheCurrentMultipathingStatus 138

SettingMultipathingPoliciesforLUNs 140

DisablingPaths 142ThevmkfstoolsCommands 142

8 RawDeviceMapping 143AboutRawDeviceMapping 144

BenefitsofRawDeviceMapping 145

LimitationsofRawDeviceMapping 148

RawDeviceMappingCharacteristics 148

VirtualCompatibilityModeComparedtoPhysicalCompatibilityMode 149


6/312


6 VMware, Inc.

DynamicNameResolution 150

RawDeviceMappingwithVirtualMachineClusters 151

ComparingRawDeviceMappingtoOtherMeansofSCSIDeviceAccess 152

ManagingMappedLUNs 153

VMwareInfrastructureClient 153

ThevmkfstoolsUtility 156

FileSystemOperations 157

Security

9 SecurityforESXServer3Systems 161ESXServer3ArchitectureandSecurityFeatures 161

SecurityandtheVirtualizationLayer 162

SecurityandVirtualMachines 162

SecurityandtheServiceConsole 165

SecurityandtheVirtualNetworkingLayer 166

SecurityResourcesandInformation 172

10 SecuringanESXServer3Configuration 173SecuringtheNetworkwithFirewalls 173

FirewallsforConfigurationswithaVirtualCenterServer 175

FirewallsforConfigurationsWithoutaVirtualCenterServer 177

TCPandUDPPortsforManagementAccess 179

ConnectingtoVirtualCenterServerThroughaFirewall 181ConnectingtotheVirtualMachineConsoleThroughaFirewall 182

ConnectingESXServer3HostsThroughFirewalls 183

OpeningFirewallPortsforSupportedServicesandManagementAgents 184

SecuringVirtualMachineswithVLANs 189

SecurityConsiderationsforvSwitchesandVLANs 192

VirtualSwitchProtectionandVLANs 194

SecuringVirtualSwitchPorts 195SecuringiSCSIStorage 198

SecuringiSCSIDevicesThroughAuthentication 198

ProtectinganiSCSISAN 202

11 AuthenticationandUserManagement 205SecuringESXServer3ThroughAuthenticationandPermissions 205

AboutUsers,Groups,Permissions,andRoles 206WorkingwithUsersandGroupsonESXServer3Hosts 212


7/312

VMware, Inc. 7

Contents

EncryptionandSecurityCertificatesforESXServer3 218

AddingCertificatesandModifyingESXServer3WebProxySettings 219

RegeneratingCertificates 223

VirtualMachineDelegatesforNFSStorage 224

12 ServiceConsoleSecurity 227GeneralSecurityRecommendations 228

LoggingOntotheServiceConsole 229

ServiceConsoleFirewallConfiguration 229

Changing

the

Service

Console

Security

Level 230OpeningandClosingPortsintheServiceConsoleFirewall 232

PasswordRestrictions 233

PasswordAging 234

PasswordComplexity 236

ChangingthePasswordPlugIn 240

CipherStrength 241

setuidandsetgidApplications 242

DefaultsetuidApplications 242

DefaultsetgidApplications 244

SSHSecurity 245

SecurityPatchesandSecurityVulnerabilityScanningSoftware 246

13 SecurityDeploymentsandRecommendations 249

Security

Approaches

for

Common

ESX

Server

3

Deployments 249SingleCustomerDeployment 249

MultipleCustomerRestrictedDeployment 251

MultipleCustomerOpenDeployment 253

VirtualMachineRecommendations 255

InstallingAntivirusSoftware 255

DisablingCopyandPasteOperationsBetweentheGuestOperatingSystemandRemoteConsole 255

RemovingUnnecessaryHardwareDevices 257LimitingGuestOperatingSystemWritestoHostMemory 259

ConfiguringLoggingLevelsfortheGuestOperatingSystem 262


8/312


8 VMware, Inc.

Appendixes

A ESXServer3TechnicalSupportCommands 269OtherCommands 274

B Usingvmkfstools 275vmkfstoolsCommandSyntax 276

vmkfstoolsOptions 277

vSuboption 277

FileSystemOptions 277ManagingSCSIReservationsofLUNs 286

Index 289


9/312

VMware, Inc. 9

Thismanual,theESXServer3ConfigurationGuide,providesinformationonhowto

configurenetworkingforESXServer3,includinghowtocreatevirtualswitchesand

portsandhowtosetupnetworkingforvirtualmachines,VMotion,IPstorage,andthe

serviceconsole.ItalsodiscussesconfiguringfilesystemandvarioustypesofstoragesuchasiSCSI,FibreChannel,andsoforth.TohelpyouprotectyourESXServer3

installation,theguideprovidesadiscussionofsecurityfeaturesbuiltintoESXServer3

andthemeasuresyoucantaketosafeguarditfromattack.Inaddition,itincludesalist

ofESXServer3technicalsupportcommandsalongwiththeirVIClientequivalentsand

adescriptionofthevmkfstoolsutility.

TheESXServer3ConfigurationGuidecoversESXServer3.5.ToreadaboutESX Server 3i

version3.5,seehttp://www.vmware.com/support/pubs/vi_pubs.html.

Foreaseofdiscussion,thisbookusesthefollowingproductnamingconventions:

FortopicsspecifictoESXServer3.5,thisbookusesthetermESXServer3.

FortopicsspecifictoESXServer3iversion3.5,thisbookusestheterm

ESX Server 3i.

Fortopics

common

to

both

products,

this

book

uses

the

term

ESX

Server.

Whentheidentificationofaspecificreleaseisimportanttoadiscussion,thisbook

referstotheproductbyitsfull,versionedname.

WhenadiscussionappliestoallversionsofESXServerforVMware

Infrastructure 3,thisbookusesthetermESXServer3.x.

About This Book
http://www.vmware.com/support/pubs/vi_pubs.htmlhttp://www.vmware.com/support/pubs/vi_pubs.html


10/312


10 VMware, Inc.

Intended Audience

Thismanualisintendedforanyonewhoneedstoinstall,upgrade,oruseESXServer3.

Theinformation

in

this

manual

is

written

for

experienced

Windows

or

Linux

system

administratorswhoarefamiliarwithvirtualmachinetechnologyanddatacenter

operations.

Document Feedback

VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhave

comments,sendyourfeedbackto:

[email protected]

VMware Infrastructure Documentation

TheVMwareInfrastructuredocumentationconsistsofthecombinedVMware

VirtualCenterandESXServerdocumentationset.

Abbreviations Used in Figures

ThegraphicsinthismanualusetheabbreviationslistedinTable 1.

Table 1. Abbreviations

Abbreviation Description

VC VirtualCenter

VM Virtualmachine

VIClient VMwareInfrastructureClient

server VirtualCenterServer

database VirtualCenterdatabase

hostn VirtualCentermanagedhosts

VM#

Virtualmachines

on

amanaged

host

user# Userwithaccesspermissions

dsk# Storagediskforthemanagedhost

datastore Storageforthemanagedhost

SAN Storageareanetworktypedatastoresharedbetweenmanagedhosts

tmplt Template
mailto:[email protected]:[email protected]


11/312

VMware, Inc. 11

About This Book

Technical Support and Education Resources

Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.You

canaccessthemostcurrentversionsofthismanualandotherbooksbygoingto:

http://www.vmware.com/support/pubs

Online and Telephone Support

Useonlinesupporttosubmittechnicalsupportrequests,viewyourproductand

contractinformation,andregisteryourproducts.Goto

http://www.vmware.com/support.

Customerswithappropriatesupportcontractsshouldusetelephonesupportforthe

fastestresponseonpriority1issues.Goto

http://www.vmware.com/support/phone_support.html.

Support Offerings

FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Gotohttp://www.vmware.com/support/services.

VMware Education Services

VMwarecoursesofferextensivehandsonlabs,casestudyexamples,andcourse

materialsdesignedtobeusedasonthejobreferencetools.Formoreinformationabout

VMwareEducationServices,gotohttp://mylearn1.vmware.com/mgrreg/index.cfm.
http://www.vmware.com/support/pubshttp://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://mylearn1.vmware.com/mgrreg/index.cfmhttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/supporthttp://www.vmware.com/support/pubs


12/312


12 VMware, Inc.


13/312

VMware, Inc. 13

1

TheESXServer3ConfigurationGuidedescribesthetasksyouneedtocompleteto

configureESXServer3hostnetworking,storage,andsecurity.Inaddition,itprovides

overviews,recommendations,andconceptualdiscussionstohelpyouunderstand

thesetasksandhowtodeployanESXServer3hosttomeetyourneeds.BeforeyouusetheinformationintheESXServer3ConfigurationGuide,readtheIntroductiontoVirtual

Infrastructureforanoverviewofsystemarchitectureandthephysicalandvirtual

devicesthatmakeupaVMwareInfrastructuresystem.

Thisintroductionsummarizesthecontentsofthisguidesothatyoucanfindthe

informationyouneed.Thisguidediscussesthesesubjects:

ESXServer

3network

configurations

ESXServer3storageconfigurations

ESXServer3securityfeatures

ESXServer3commandreference

Thevmkfstoolscommand

Introduction

1


14/312


14 VMware, Inc.

Networking

TheESXServer3networkingchaptersprovideyouwithaconceptualunderstanding

ofphysicalandvirtualnetworkconcepts,adescriptionofthebasictasksyouneedtocompletetoconfigureyourESXServer3hostsnetworkconnections,andadiscussion

ofadvancednetworkingtopicsandtasks.Thenetworkingsectioncontainsthe

followingchapters:

NetworkingIntroducesyoutonetworkconceptsandguidesyouthroughthe

mostcommontasksyouneedtocompletewhensettingupthenetworkfortheESX

Server3host.

AdvancedNetworkingDiscussesadvancednetworkingtaskssuchassettingup

MACaddresses,editingvirtualswitchesandports,andDNSrouting.Inaddition,

itprovidestipsonmakingyournetworkconfigurationmoreefficient.

NetworkingScenariosandTroubleshootingDescribescommonnetworking

configurationandtroubleshootingscenarios.

StorageTheESXServer3storagechaptersprovideyouwithabasicunderstandingofstorage,

adescriptionofthebasictasksyouperformtoconfigureandmanageyourESXServer

3hostsstorage,andadiscussionofhowtosetuprawdevicemapping(RDM).The

storagesectioncontainsthefollowingchapters:

IntroductiontoStorageIntroducesyoutothetypesofstorageyoucanconfigure

forthe

ESX

Server

3host.

ConfiguringStorageExplainshowtoconfigurelocalSCSIstorage,FibreChannel

storage,andiSCSIstorage.Italsoaddressesvirtualmachinefilesystem(VMFS)

storageandnetworkattachedstorage.

ManagingStorageExplainshowtomanageexistingdatastoresandthefile

systemsthatcomprisedatastores.

RawDeviceMappingDiscussesrawdevicemapping,howtoconfigurethistypeofstorage,andhowtomanagerawdevicemappingsbysettingupmultipathing,

failover,andsoforth.


15/312

VMware, Inc. 15

Chapter 1 Introduction

Security

TheESXServer3securitychaptersdiscusssafeguardsthatVMwarehasbuiltintoESX

Server3andmeasuresyoucantaketoprotectyourESXServer3hostfromsecuritythreats.Thesemeasuresincludeusingfirewalls,takingadvantageofthesecurity

featuresofvirtualswitches,andsettingupuserauthentication andpermissions.The

securitysectioncontainsthefollowingchapters:

SecurityforESXServer3SystemsIntroducesyoutotheESXServer3featuresthat

helpyouensureasecureenvironmentforyourdataandgivesyouanoverviewof

systemdesignasitrelatestosecurity.

SecuringanESXServer3ConfigurationExplainshowtoconfigurefirewallports

forESXServer3hostsandVMwareVirtualCenter,howtousevirtualswitchesand

VLANstoensurenetworkisolationforvirtualmachines,andhowtosecureiSCSI

storage.

AuthenticationandUserManagementDiscusseshowtosetupusers,groups,

permissions,androlestocontrolaccesstoESXServer3hostsandVirtualCenter.It

alsodiscusses

encryption

and

delegate

users.

ServiceConsoleSecurityDiscussesthesecurityfeaturesbuiltintotheservice

consoleandshowsyouhowtoconfigurethesefeatures.

SecurityDeploymentsandRecommendationsProvidessomesample

deploymentstogiveyouanideaoftheissuesyouneedtoconsiderwhenyouset

upyourownESXServer3deployment.Thischapteralsotellsyouaboutactions

youcantaketofurthersecurevirtualmachines.

Appendixes

TheESXServer3ConfigurationGuideincludesappendixesthatprovidespecialized

informationyoumightfindusefulwhenconfiguringanESXServer3host.

ESXServer3TechnicalSupportCommandsDiscussestheESXServer3

configurationcommandsthatyoucanissuethroughacommandlineshellsuchas

secureshell(SSH).Althoughthesecommandsareavailableforyouruse,donot

considerthemtobeanAPIthatyoucanbuildscriptson.Thesecommandsare

subjecttochangeandVMwaredoesnotsupportapplicationsandscriptsthatrely

onESXServer3configurationcommands.Thisappendixprovidesyouwith

VMwareInfrastructureClientequivalentsforthesecommands.

UsingvmkfstoolsDiscussesthevmkfstoolsutility,whichyoucanuseto

perform

management

and

migration

tasks

for

iSCSI

disks.


16/312


16 VMware, Inc.


17/312

VMware, Inc. 17

Networking


18/312


18 VMware, Inc.


19/312

VMware, Inc. 19

2

ThischapterguidesyouthroughthebasicconceptsofnetworkingintheESX Server 3

environmentandhowtosetupandconfigureanetworkinavirtualinfrastructure

environment.

UsetheVMwareInfrastructure(VI)Clienttoaddnetworkingbasedonthreecategories

thatreflectthethreetypesofnetworkservices:

Virtualmachines

VMkernel

Serviceconsole

Thischapterdiscussesthefollowingtopics:

NetworkingConceptsOverviewonpage 20

EnablingNetworkServicesonpage 24

ViewingNetworkingInformationintheVI Clientonpage 25

VirtualNetworkConfigurationforVirtualMachinesonpage 27

VMkernelNetworkingConfigurationonpage 30

ServiceConsoleConfigurationonpage 34

Networking

2

ESX S 3 C fi ti G id


20/312


20 VMware, Inc.

Networking Concepts Overview

Afewconceptsareessentialtoathoroughunderstandingofvirtualnetworking.Ifyou

arenew

to

ESX

Server

3,

VMware

recommends

that

you

read

this

section.

Aphysicalnetworkisanetworkofphysicalmachinesthatareconnectedsothattheycan

senddatatoandreceivedatafromeachother.VMwareESX Server 3runsonaphysical

machine.

Avirtualnetworkisanetworkofvirtualmachinesrunningonasinglephysicalmachine

thatareconnectedlogicallytoeachothersothattheycansenddatatoandreceivedata

fromeachother.Virtualmachinescanbeconnectedtothevirtualnetworksthatyou

createintheproceduretoaddanetwork.Eachvirtualnetworkisservicedbyasingle

virtualswitch.Avirtualnetworkcanbeconnectedtoaphysicalnetworkbyassociating

oneormorephysicalEthernetadapters,alsoreferredtoasuplinkadapters,withthe

virtualnetworksvirtualswitch.Ifnouplinkadaptersareassociatedwiththevirtual

switch,alltrafficonthevirtualnetworkisconfinedwithinthephysicalhostmachine.

Ifoneormoreuplinkadaptersareassociatedwiththevirtualswitch,virtualmachines

connectedtothatvirtualnetworkcanalsoaccessthephysicalnetworksconnectedto

theuplinkadapters.

AphysicalEthernetswitchmanagesnetworktrafficbetweenmachinesonthephysical

network.Aswitchhasmultipleports,eachofwhichcanbeconnectedtoasingleother

machineoranotherswitchonthenetwork.Eachportcanbeconfiguredtobehavein

certainwaysdependingontheneedsofthemachineconnectedtoit.Theswitchlearns

whichhostsareconnectedtowhichofitsportsandusesthatinformationtoforward

traffictothecorrectphysicalmachines.Switchesarethecoreofaphysicalnetwork.

Multipleswitchescanbeconnectedtogethertoformlargernetworks.

Avirtualswitch,vSwitch,worksmuchlikeaphysicalEthernetswitch.Itdetectswhich

virtualmachinesarelogicallyconnectedtoeachofitsvirtualportsandusesthat

informationtoforwardtraffictothecorrectvirtualmachines.AvSwitchcanbe

connectedtophysicalswitchesbyusingphysicalEthernetadapters,alsoreferredtoas

uplinkadapters,tojoinvirtualnetworkswithphysicalnetworks.Thistypeof

connectionissimilartoconnectingphysicalswitchestogethertocreatealarger

network.EventhoughavSwitchworksmuchlikeaphysicalswitch,itdoesnothave

someoftheadvancedfunctionalityofaphysicalswitch.SeeVirtualSwitcheson

page 21.

Aportgroupspecifiesportconfigurationoptionssuchasbandwidthlimitationsand

VLANtaggingpoliciesforeachmemberport.NetworkservicesconnecttovSwitches

throughportgroups.PortgroupsdefinehowaconnectionismadethroughthevSwitch

tothenetwork.Intypicaluse,oneormoreportgroupsisassociatedwithasingle

vSwitch.SeePortGroupsonpage 24.

Chapter 2 Networking


21/312

VMware, Inc. 21


NICteamingoccurswhenmultipleuplinkadaptersareassociatedwithasinglevSwitch

toformateam.Ateamcaneithersharetheloadoftrafficbetweenphysicalandvirtual

networksamongsomeorallofitsmembers,orprovidepassivefailoverintheeventof

ahardwarefailureoranetworkoutage.

VLANsenableasinglephysicalLANsegmenttobefurthersegmentedsothatgroups

ofportsareisolatedfromoneanotherasiftheywereonphysicallydifferentsegments.

Thestandardis802.1Q.

TheVMkernelTCP/IPnetworkingstacksupportsiSCSI,NFS,andVMotion.Virtual

machinesruntheirownsystemsTCP/IPstacks,andconnecttotheVMkernelatthe

Ethernetlevel

through

virtual

switches.

Two

new

features

in

ESX

Server

3,

iSCSI

and

NFS,arereferredtoasIPstorageinthischapter.IPstoragereferstoanyformofstorage

thatusesTCP/IPnetworkcommunicationasitsfoundation.iSCSIcanbeusedasa

virtualmachinedatastore,andNFScanbeusedasavirtualmachinedatastoreandfor

directmountingof.ISOfiles,whicharepresentedasCDROMstovirtualmachines.

TCPSegmentationOffload,TSO,allowsaTCP/IPstacktoemitverylargeframes(up

to64KB)eventhoughthemaximumtransmissionunit(MTU)oftheinterfaceissmaller.

ThenetworkadapterthenseparatesthelargeframeintoMTUsizedframesand

prependsanadjustedcopyoftheinitialTCP/IPheaders.SeeTCPSegmentation

OffloadandJumboFramesonpage 61.

MigrationwithVMotionenablesavirtualmachinethatispoweredontobetransferred

fromoneESX Server 3hosttoanotherwithoutshuttingdownthevirtualmachine.TheoptionalVMotionfeaturerequiresitsownlicensekey.

Virtual Switches

VMwareInfrastructureletsyouusetheVirtualInfrastructure(VI)ClientordirectSDK

APIstocreateabstractednetworkdevicescalledvirtualswitches(vSwitches).A

vSwitchcan

route

traffic

internally

between

virtual

machines

and

link

to

external

networks.

Usevirtualswitchestocombinethebandwidthofmultiplenetworkadaptersand

balancecommunicationstrafficamongthem.Theycanalsobeconfiguredtohandle

physicalNICfailover.

NOTE ThenetworkingchaptersdiscusshowtosetupnetworkingforiSCSIandNFS.

ToconfigurethestorageportionofiSCSIandNFS,seethestoragechapters.

NOTE Youcancreateamaximumof127vSwitchesonasinglehost.



22/312


22 VMware, Inc.

AvSwitchmodelsaphysicalEthernetswitch.Thedefaultnumberoflogicalportsfora

vSwitchis56.However,avSwitchcanbecreatedwithupto1016portsinESXServer

3.Youcanconnectonenetworkadapterofavirtualmachinetoeachport.Eachuplink

adapterassociatedwithavSwitchusesoneport.EachlogicalportonthevSwitchisamemberofasingleportgroup.EachvSwitchcanalsohaveoneormoreportgroups

assignedtoit.SeePortGroupsonpage 24.

Beforeyoucanconfigurevirtualmachinestoaccessanetwork,youmustperformthe

followingtasks:

1 CreateavSwitch,andconfigureittoconnecttothephysicaladaptersonthehost

forthe

required

physical

network.

2 CreateavirtualmachineportgroupconnectedtothatvSwitch,andgiveitaname

thatwillbereferencedbythevirtualmachineconfiguration.

WhentwoormorevirtualmachinesareconnectedtothesamevSwitch,networktraffic

betweenthemisroutedlocally.IfanuplinkadapterisattachedtothevSwitch,each

virtualmachinecanaccesstheexternalnetworkthattheadapterisconnectedto,as

showninFigure 21.

Figure 2-1. Virtual Switch Connections

IntheVI Client,thedetailsfortheselectedvSwitcharepresentedasaninteractive

diagramasshowninFigure 22.ThemostimportantinformationforeachvSwitchis

alwaysvisible.



23/312

VMware, Inc. 23

p g

Figure 2-2. Virtual Switch Interactive Diagram

Clicktheinfoicontoselectivelyrevealsecondaryandtertiaryinformation.

Apopupwindowdisplaysdetailedproperties,asshowninFigure 23.

info icon



24/312

24 VMware, Inc.

Figure 2-3. Virtual Switch Detailed Properties

Port GroupsPortgroupsaggregatemultipleportsunderacommonconfigurationandprovidea

stableanchorpointforvirtualmachinesconnectingtolabelednetworks.Eachport

groupisidentifiedbyanetworklabel,whichisuniquetothecurrenthost.

AVLAN

ID,

which

restricts

port

group

traffic

to

alogical

Ethernet

segment

within

the

physicalnetwork,isoptional.

Enabling Network Services

YouneedtoenabletwotypesofnetworkservicesinESXServer3:

Connectingvirtualmachinestothephysicalnetwork

ConnectingVMkernelservices(suchasNFS,iSCSI,orVMotion)tothephysical

network

NOTE Youcancreateamaximumof512portgroupsonasinglehost.

NOTE ForaportgrouptoreachportgroupslocatedonotherVLANs,settheVLAN

IDto4095.



25/312

VMware, Inc. 25

Networkingfortheserviceconsole,whichrunsmanagementservicesforESXServer3,

issetupbydefaultduringinstallation.AserviceconsoleportisrequiredforESXServer

3toconnecttoanynetworkorremoteservices,includingtheVI Client.Additional

serviceconsoleportsmightbenecessaryforcertainservices,suchasiSCSIstorage.Forinformationonconfiguringserviceconsoleports,seeServiceConsoleConfiguration

onpage 34.

Viewing Networking Information in the VI Client

TheVIClientdisplaysgeneralnetworkinginformationandinformationspecificto

network

adapters.

To view general networking information in the VI Client

1 LogintotheVI Clientandselecttheserverfromtheinventorypanel.

Thehardwareconfigurationpageforthisserverappears.

2 ClicktheConfigurationtabandclickNetworking.

Thenetworkingpaneldisplaysthefollowinginformation,asshowninFigure 24:

Virtualswitches

Adapterinformationforeachadapter

Linkstatus

Apparentspeedandduplex

ServiceconsoleandVMkernelTCP/IPservices

IPaddress

Serviceconsole

Virtualdevicename

Virtualmachines

Powerstatus

Connectionstatus

Portgroup

Networklabelcommontoallthreeportconfigurationtypes

Numberofconfiguredvirtualmachines

VLANID,ifanycommontoallthreeportconfigurationtypes


26/312



27/312

VMware, Inc. 27

Virtual Network Configuration for Virtual Machines

TheVI ClientAddNetworkwizardguidesyouthroughthetaskstocreateavirtual

networkto

which

virtual

machines

can

connect.

These

tasks

include:

Settingtheconnectiontypeforavirtualmachine

AddingthevirtualnetworktoaneworanexistingvSwitch

ConfiguringtheconnectionsettingsforthenetworklabelandtheVLANID

Forinformationonconfiguringnetworkconnectionsforanindividualvirtualmachine,

seetheBasicSystemAdministrationGuide.

Whenyousetupvirtualmachinenetworks,considerwhetheryouwanttomigratethe

virtualmachinesinthenetworkbetweenESXServer3hosts.Ifso,besurethatboth

hostsareinthesamebroadcastdomainthatis,thesameLayer2subnet.

ESXServer3doesntsupportvirtualmachinemigrationbetweenhostsindifferent

broadcastdomainsbecausethemigratedvirtualmachinemightrequiresystemsand

resourcesthatitwouldnolongerhaveaccesstobyvirtueofbeingmovedtoaseparate

network.Evenifyournetworkconfigurationissetupasahighavailabilityenvironment,orincludesintelligentswitchesthatcanresolvethevirtualmachines

needsacrossdifferentnetworks,youmightexperiencelagtimesastheAddress

ResolutionProtocol(ARP)tableupdatesandresumesnetworktrafficforthevirtual

machines.

Virtualmachinesreachphysicalnetworksthroughuplinkadapters.AvSwitchcan

transferdatatoexternalnetworksonlywhenoneormorenetworkadaptersare

attachedtoit.WhentwoormoreadaptersareattachedtoasinglevSwitch,theyaretransparentlyteamed.

To create or add a virtual network for a virtual machine





28/312

28 VMware, Inc.


Virtualswitchesappearinanoverviewthatincludesadetailslayout.

3 Ontherightsideofthepage,clickAddNetworking.

4 Acceptthedefaultconnectiontype,VirtualMachines.

VirtualMachinesletsyouaddalabelednetworktohandlevirtualmachine

network

traffic.5 ClickNext.

6 SelectCreateavirtualswitch.

YoucancreateanewvSwitchwithorwithoutEthernetadapters.

IfyoucreateavSwitchwithoutphysicalnetworkadapters,alltrafficonthat

vSwitchisconfinedtothatvSwitch.Nootherhostsonthephysicalnetworkor

virtualmachinesonothervSwitchescansendorreceivetrafficoverthisvSwitch.YoumightcreateavSwitchwithoutphysicalnetworkadaptersifyouwantagroup

ofvirtualmachinestobeabletocommunicatewitheachother,butnotwithother

hostsorwithvirtualmachinesoutsidethegroup.

ChangesappearinthePreviewpane.

7 ClickNext.

NOTE YouusetheAddNetworkwizardistoaddnewportsandportgroups.



29/312

VMware, Inc. 29

8 InthePortGroupPropertiesgroup,enteranetworklabelthatidentifiestheport

groupthatyouarecreating.

Usenetworklabelstoidentifymigrationcompatibleconnectionscommontotwoormorehosts.

9 IfyouareusingaVLAN,intheVLANIDfield,enteranumberbetween1and

4094.

Ifyouareunsurewhattoenter,leavethisfieldblankoraskyournetwork

administrator.

Ifyouenter0orleavethefieldblank,theportgroupcanseeonlyuntagged(nonVLAN)traffic.Ifyouenter4095,theportgroupcanseetrafficonanyVLAN

whileleavingtheVLANtagsintact.

10 ClickNext.

11 AfteryoudeterminethatthevSwitchisconfiguredcorrectly,clickFinish.

NOTE

Toenable

failover

(NIC

teaming),

bind

two

or

more

adapters

to

the

same

switch.Ifoneuplinkadapterisnotoperational,networktrafficisroutedtoanother

adapterattachedtotheswitch.NICteamingrequiresbothEthernetdevicestobe

onthesameEthernetbroadcastdomain.



30/312

30 VMware, Inc.

VMkernel Networking Configuration

Movingavirtualmachinefromonehosttoanotheriscalledmigration.Migratinga

virtualmachine

that

is

powered

on

is

called

VMotion.

Migration

with

VMotion,

designedtobeusedbetweenhighlycompatiblesystems,letsyoumigratevirtual

machineswithnodowntime.YourVMkernelnetworkingstackmustbesetupproperly

toaccommodateVMotion.

IPStoragereferstoanyformofstoragethatusesTCP/IPnetworkcommunicationasits

foundation,whichincludesiSCSIandNFSforESXServer3.Becausebothofthese

storagetypesarenetworkbased,bothtypescanusethesameVMkernelinterfaceand

portgroup.

ThenetworkservicesthattheVMkernel(iSCSI,NFS,andVMotion)providesusea

TCP/IPstackintheVMkernel.ThisTCP/IPstackiscompletelyseparatefromthe

TCP/IPstackusedintheserviceconsole.EachoftheseTCP/IPstacksaccessesvarious

networksbyattachingtooneormoreportgroupsononeormorevSwitches.

TCP/IP Stack at the VMkernel Level

TheVMwareVMkernelTCP/IPnetworkingstackhasbeenextendedtohandleiSCSI,

NFS,andVMotioninthefollowingways:

iSCSIasavirtualmachinedatastore

iSCSIforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto

virtualmachines

NFSas

avirtual

machine

datastore

NFSforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto

virtualmachines

MigrationwithVMotion

NOTE ESXServer3supportsonlyNFSversion3overTCP/IP.



31/312

VMware, Inc. 31

Implications and Guidelines for Configuration

RefertothefollowingguidelineswhenyouconfigureVMkernelnetworking:

TheIPaddressthatyouassigntotheserviceconsoleduringinstallationmustbedifferentfromtheIPaddressthatyouassigntotheVMkernelsTCP/IPstackfrom

theConfiguration>NetworkingtaboftheVMwareInfrastructureClient.

UnlikeotherVMkernelservices,iSCSIhasaserviceconsolecomponent,so

networksthatareusedtoreachiSCSItargetsmustbeaccessibletobothservice

consoleandVMkernelTCP/IPstacks.

Beforeyou

configure

asoftware

iSCSI

for

the

ESX

Server

3host,

open

afirewall

portbyenablingtheiSCSIsoftwareclientservice.SeeOpeningFirewallPortsfor

SupportedServicesandManagementAgentsonpage 184.

To set up the VMkernel

1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.



3 ClickAddNetworking.

4 SelectVMkernelandclickNext.

SelectingVMotionandIPStorageletsyouconnecttheVMkernel,whichruns

servicesforVMotionandIPstorage(NFSoriSCSI),tothephysicalnetwork.

TheNetworkAccesspageappears.

5 SelectthevSwitchtouse,orselectCreateavirtualswitchtocreateanewvSwitch.



32/312

32 VMware, Inc.

6 SelectthecheckboxesforthenetworkadaptersyourvSwitchwilluse.

YourchoicesappearinthePreviewpane.

SelectadaptersforeachvSwitchsothatvirtualmachinesorotherservicesthat

connectthroughtheadaptercanreachthecorrectEthernetsegment.IfnoadaptersappearunderCreateanewvirtualswitch,allthenetworkadaptersinthesystem

arebeingusedbyexistingvSwitches.YoucaneithercreateanewvSwitchwithout

anetworkadapter,orselectanetworkadapterthatanexistingvSwitchuses.

ForinformationonmovingnetworkadaptersbetweenvSwitches,seeToadd

uplinkadaptersonpage 45.

7 ClickNext.

8 InthePortGroupPropertiesarea,selectorenteranetworklabelandaVLANID.

NetworkLabelAnamethatidentifiestheportgroupthatyouarecreating.

Thisisthelabelthatyouspecifywhenconfiguringavirtualadaptertobe

attachedtothisportgroup,whenconfiguringVMkernelservices,suchas

VMotionandIPstorage.

VLANID

IdentifiestheVLANthattheportgroupsnetworktrafficwill

use.



33/312

VMware, Inc. 33

9 SelectUsethisportgroupforVMotiontoenablethisportgrouptoadvertiseitself

toanotherESX ServerasthenetworkconnectionwhereVMotiontrafficshouldbe

sent.

YoucanenablethispropertyforonlyoneVMotionandIPstorageportgroupfor

eachESXServer3host.Ifthispropertyisnotenabledforanyportgroup,migration

withVMotiontothishostisnotpossible.

10 IntheIPSettingsgroup,clickEdittosettheVMkernel

Default

Gatewayfor

VMkernelservices,suchasVMotion,NAS,andiSCSI.

Onthe

DNS

Configurationtab,

the

name

of

the

host

is

entered

into

the

name

field

bydefault.TheDNSserveraddressesthatwerespecifiedduringinstallationare

alsopreselected,asisthedomain.

OntheRoutingtab,theserviceconsoleandtheVMkerneleachneedtheirown

gatewayinformation.Agatewayisforneededifconnectivitytomachinesnoton

thesameIPsubnetastheserviceconsoleorVMkernel.

StaticIPsettingsisthedefault.

11 ClickOK,thenclickNext.

NOTE Setadefaultgatewayfortheportthatyoucreated.VirtualCenter2behaves

differentlyfromVirtualCenter1.x.YoumustuseavalidIPaddresstoconfigurethe

VMkernelIPstack,notadummyaddress.



34/312

34 VMware, Inc.

12 UsetheBackbuttontomakeanychanges.

13 ReviewyourchangesontheReadytoCompletepageandclickFinish.

Service Console Configuration

TheserviceconsoleandtheVMkernelusevirtualEthernetadapterstoconnecttoa

vSwitchandtoreachnetworksthatthevSwitchservices.

Basic Service Console Configuration Tasks

Twocommon

service

console

configuration

changes

are:

changing

NICs

and

changing

thesettingsforanexistingNICthatisinuse.

Whenonlyoneserviceconsoleconnectionispresent,changingtheserviceconsole

configurationisnotallowed.Foranewconnection,changethenetworksettingstouse

anadditionalNIC.Afteryouverifythatthenewconnectionisfunctioningproperly,

removetheoldconnection.YouareswitchingovertothenewNIC.

To configure service console networking



2 ClicktheConfigurationtab,andclickNetworking.

3 ClickAddNetworking.

NOTE

Youcan

create

amaximum

of

16

service

console

ports

in

ESX

Server

3.



35/312

VMware, Inc. 35

4 SelectServiceConsoleontheConnectionTypespage,andclickNext.

5 SelectthevSwitchtousefornetworkaccess,orselectCreateanewvSwitchand

clickNext.

IfnoadaptersappearintheCreateanewvirtualswitchgroup,allthenetwork

adaptersinthesystemarebeingusedbyexistingvSwitches.Forinformationon

movingnetworkadaptersbetweenvSwitches,seeToadduplinkadapterson

page 45.



36/312

36 VMware, Inc.

6 InthePortGroupPropertiesgroup,selectorentertheNetworkLabelandVLAN

ID.

NewerportsandportgroupsappearatthetopofthevSwitchdiagram.

7 EntertheIPAddressandSubnetMask,orselectObtainIPsettingautomatically

fortheIPaddressandsubnetmask.

8 ClickEdittosettheServiceConsoleDefaultGateway.

SeeTosetthedefaultgatewayonpage 37.

9 ClickNext.

10 ChecktheinformationandclickFinish.

To configure service console ports




3 Ontherightsideofthepage,findthevSwitchtoeditandclickPropertiesforthat

vSwitch.


4 I h S it h P ti di l b li k h P t b


37/312

VMware, Inc. 37

4 InthevSwitchPropertiesdialogbox,clickthePortstab.

5 SelectServiceConsole,andclickEdit.

Awarning

dialog

box

appears

to

explain

that

modifying

your

service

console

connectionmightdisconnectallmanagementagents.

6 Tocontinuewiththeserviceconsoleconfiguration,clickContinuemodifyingthis

connection.

7 Editportproperties,IPsettings,andeffectivepoliciesasnecessary.

8 ClickOK.

OnlyonedefaultgatewaycanbeconfiguredperTCP/IPstack.

To set the default gateway

1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.


2 ClicktheConfigurationtab,andclickDNSandRouting.

TheDNSandRoutingpanelappears.

3 ClickProperties.

OntheDNSConfigurationtab,thenameofthehostisenteredintothenamefield

bydefault.TheDNSserveraddressesandthedomainpreviouslyselectedduring

installationarealsopreselected.

Onthe

Routing

tab,

the

service

console

and

the

VMkernel

are

often

not

connected

tothesamenetwork,andeachneedsitsowngatewayinformation.Agatewayis

neededforconnectivitytomachinesnotonthesameIPsubnetastheservice

consoleorVMkernelinterfaces.

Fortheserviceconsole,thegatewaydeviceisneededonlywhentwoormore

networkadaptersareusingthesamesubnet.Thegatewaydevicedetermines

whichnetworkadapterwillbeusedforthedefaultroute.

4 ClicktheRoutingtab.

NOTE AllNASandiSCSIserversneedtobeeitherreachablebythedefault

gateway,oronthesamebroadcastdomainastheassociatedvSwitches.


5 Set the VMke el default gate ay


38/312

38 VMware, Inc.

5 SettheVMkerneldefaultgateway.

6 ClickOK.

To display service console information

1 Click

the

info

icon

to

display

service

console

information.

2 ClicktheXtoclosetheinformationpopupwindow.

Using DHCP for the Service Console

Inmostcases,usestaticIPaddressesfortheserviceconsole.Youcanalsosetupthe

serviceconsoletousedynamicaddressing,DHCP,ifyourDNSservercanmapthe

serviceconsoleshostnametothedynamicallygeneratedIPaddress.

IfyourDNSservercannotmapthehostsnametoitsDHCPgeneratedIPaddress,

determinetheserviceconsolesnumericIPaddressandusethatnumericaddresswhen

accessingthehost.

CAUTION Thereisariskofmisconfiguration,whichcancausetheUItolose

connectivityto

the

host,

in

which

case

the

host

will

have

to

be

reconfigured

from

commandlineattheserviceconsole.Besurethatyournetworksettingsarecorrect

beforesavingyourchanges.

info icon


The numeric IP address might change as DHCP leases expire or when the system is


39/312

VMware, Inc. 39

ThenumericIPaddressmightchangeasDHCPleasesexpireorwhenthesystemis

rebooted.Forthisreason,VMwaredoesnotrecommendusingDHCPfortheservice

consoleunlessyourDNSservercanhandlethehostnametranslation.



40/312

40 VMware, Inc.


41/312


Virtual Switch Properties and Policies


42/312

42 VMware, Inc.

Virtual Switch Properties and Policies

Thissectionguidesyouthroughconfiguringvirtualswitchpropertiesandnetworking

policiessetatthevirtualswitchlevel.

Virtual Switch Properties

VirtualswitchsettingscontrolvSwitchwidedefaultsforports,whichcanbe

overriddenbyportgroupsettingsforeachvSwitch.

Editing Virtual Switch Properties

EditingvSwitchpropertiesconsistsof:

Configuringports

Configuringtheuplinknetworkadapters

To edit the number of ports for a vSwitch

1 LogintotheVI Client,andselecttheserverfromtheinventorypanel.


Chapter 3 Advanced Networking



43/312

VMware, Inc. 43

3 Ontherightsideofthepage,findthevSwitchtoedit.

4 Click

Properties

for

that

vSwitch.

5 ClickthePortstab.

6 SelectthevSwitchitemintheConfigurationlist,andclickEdit.

7 ClicktheGeneraltabtosetthenumberofports.

8 Choosethenumberofportsyouwanttousefromthedropdownmenu.

9 ClickOK.

To configure the uplink network adapter by changing its speed





3 SelectavSwitchandclickProperties.


44/312

44 VMware, Inc.

4 ClicktheNetworkAdapterstab.

5 Tochangetheconfiguredspeedandduplexvalueofanetworkadapter,selectthe

networkadapterandclickEdit.

TheStatusdialogboxappears.ThedefaultisAutonegotiate,whichisusuallythe

correctchoice.

6 Toselecttheconnectionspeedmanually,selectthespeed/duplexfromthe

dropdownmenu.

ChoosetheconnectionspeedmanuallyiftheNICandaphysicalswitchmightfail

tonegotiate

the

proper

connection

speed.

Symptoms

of

mismatched

speed

and

duplexincludelowbandwidthornolinkconnectivityatall.


Theadapterandthephysicalswitchportitisconnectedtomustbesettothesame

l th t i t d t ND d ND h ND i d d d l


45/312

VMware, Inc. 45

value,thatis,autoandautoorNDandNDwhereNDissomespeedandduplex,

butnotautoandND.

7 ClickOK.

To add uplink adapters




3 SelectavSwitchandclickProperties.

4 InthePropertiesdialogbox,clicktheNetworkAdapterstab.

5 ClickAddtolaunchtheAddAdapterwizard.

YoucanassociatemultipleadapterstoasinglevSwitchtoprovideNICteaming.

Suchateamcansharetrafficandprovidefailover.

CAUTION MisconfigurationcanresultinthelossoftheVIClientabilitytoconnect

tothehost.



46/312

46 VMware, Inc.

6 SelectoneormoreadaptersfromthelistandclickNext.


7 ToordertheNICs,selectaNICandclickMoveUpandMoveDowntomoveitup

or down into the appropriate category (Active or Standby)


47/312

VMware, Inc. 47

ordownintotheappropriatecategory(ActiveorStandby).

ActiveAdaptersAdaptersthatthevSwitchuses.

StandbyAdaptersAdaptersthatbecomeactiveifoneormoreoftheactive

adaptersfails.

8 ClickNext.

9 ReviewtheinformationontheAdapterSummarypage,clickBacktochangeany

entries,andclickFinish.

Thelist

of

network

adapters

reappears,

showing

the

adapters

that

the

vSwitch

now

claims.

10 ClickClosetoexitthevSwitchPropertiesdialogbox.

TheNetworkingsectionintheConfigurationtabshowsthenetworkadaptersin

theirdesignatedorderandcategories.


Cisco Discovery Protocol


48/312

48 VMware, Inc.

CiscoDiscoveryProtocol(CDP)allowsESXServer3administratorstodeterminewhich

CiscoswitchportisconnectedtoagivenvSwitch.WhenCDPisenabledforaparticular

vSwitch,youcanviewpropertiesoftheCiscoswitch(suchasdeviceID,softwareversion,andtimeout)fromtheVIClient.

YoucanusetheserviceconsolecommandlineinterfacetoenableCDP.

To enable CDP

1 LogindirectlytoyourESXServer3hostsconsole.

2 Usethe

esxcfg-vswitch -b

command

to

view

the

current

CDP

modeforthevSwitch.

IfCDPisdisabled,themodewillbeshownasdown.

3 Usetheesxcfg-vswitch -B commandtochangetheCDP

mode.

TheavailableCDPmodesare:

downCDPisdisabled.

listenESXServer3detectsanddisplaysinformationabouttheassociated

Ciscoswitchport,butinformationaboutthevSwitchisnotavailabletothe

Ciscoswitchadministrator.

advertiseESXServer3makesinformationaboutthevSwitchavailabletothe

Ciscoswitchadministrator,butdoesnotdetectanddisplayinformationabout

theCiscoswitch

bothESXServer3detectsanddisplaysinformationabouttheassociated

CiscoswitchandmakesinformationaboutthevSwitchavailabletotheCisco

switchadministrator.

To view Cisco switch information from the VI Client

1 SettheCDPmodeforthevSwitchtoeitherbothorlisten.






49/312

VMware, Inc. 49


4 ClicktheinfoicontotherightofthevSwitch.


50/312

50 VMware, Inc.

Virtual Switch Policies

YoucanapplyasetofvSwitchwidepoliciesbyselectingthevSwitchatthetopofthe

PortstabandclickingEdit.

Tooverrideanyofthesesettingsforaportgroup,selectthatportgroupandclickEdit.

AnychangestothevSwitchwideconfigurationareappliedtoanyoftheportgroups

onthatvSwitch,exceptfortheconfigurationoptionsthatareoverriddenbytheport

group.

NOTE BecausetheCDPadvertisementsofCiscoequipmenttypicallyoccuroncea

minute,anoticeabledelaymightoccurbetweenenablingCDPonESXServer3andthe

availabilityofCDPdatafromtheVIclient.


51/312


ThepolicyhereappliestoallvirtualadaptersonthevSwitchexceptwheretheport

groupforthevirtualadapterspecifiesapolicyexception.


52/312

52 VMware, Inc.

7 InthePolicyExceptionspane,selectwhethertorejectoraccepttheLayer2Security

policyexceptions:

PromiscuousMode

RejectPlacingaguestadapterinpromiscuousmodehasnoeffecton

whichframesarereceivedbytheadapter.

AcceptPlacingaguestadapterinpromiscuousmodecausesitto

detectallframespassedonthevSwitchthatareallowedundertheVLAN

policyfortheportgroupthattheadapterisconnectedto.

MACAddressChanges

RejectIfyousettheMACAddressChangestoRejectandtheguest

operatingsystemchangestheMACaddressoftheadaptertoanything

otherthanwhatisinthe.vmxconfigurationfile,allinboundframesare

dropped.

IftheGuestOSchangestheMACaddressbacktomatchtheMACaddressinthe.vmxconfigurationfile,inboundframesarepassedagain.

AcceptChangingtheMACaddressfromtheGuestOShasthe

intendedeffect:framestothenewMACaddressarereceived.

ForgedTransmits

RejectAnyoutboundframewithasourceMACaddressthatis

differentfromtheonecurrentlysetontheadapteraredropped.

AcceptNofilteringisperformedandalloutboundframesarepassed.

8 ClickOK.

Traffic Shaping Policy

ESXServer3shapestrafficbyestablishingparametersforthreeoutboundtraffic

characteristics:averagebandwidth,burstsize,andpeakbandwidth.Youcansetvalues

forthesecharacteristicsthroughtheVI Client,establishingatrafficshapingpolicyfor

eachportgroup.

AverageBandwidthestablishesthenumberofbitspersecondtoallowacrossthe

vSwitchaveragedovertimetheallowedaverageload.

BurstSizeestablishesthemaximumnumberofbytestoallowinaburst.Ifaburst

exceedstheburstsizeparameter,excesspacketsarequeuedforlatertransmission.


53/312


StatusIfyouenablethepolicyexceptionintheStatusfield,youaresetting

limitsontheamountofnetworkingbandwidthallocationforeachvirtualadapter

associated with this particular port group If you disable the policy services have


54/312

54 VMware, Inc.

associatedwiththisparticularportgroup.Ifyoudisablethepolicy,serviceshave

afree,clearconnectiontothephysicalnetworkbydefault.

Theremainingfieldsdefinenetworktrafficparameters:

AverageBandwidthisavaluemeasuredoveraparticularperiodoftime.

PeakBandwidthisavaluethatisthemaximumbandwidthallowedandthat

canneverbesmallerthanaveragebandwidth.Thisparameterlimitsthe

maximumbandwidthduringaburst.

BurstSizeisavaluethatspecifieshowlargeaburstcanbeinkilobytes(KB).

Thisparametercontrolstheamountofdatathatcanbesentinoneburst.

Load Balancing and Failover Policy

LoadBalancingandFailoverpoliciesallowyoutodeterminehownetworktrafficis

distributedbetweenadaptersandhowtoreroutetrafficintheeventofanadapter

failurebyconfiguringthefollowingparameters:

LoadBalancingpolicydetermineshowoutgoingtrafficisdistributedamongthe

networkadaptersassignedtoavSwitch.

FailoverDetection:LinkStatusandBeaconProbing

NetworkAdapterOrder(ActiveorStandby)

To edit the failover and load balancing policy




3 SelectavSwitchandclickEdit.

4 InthevSwitchPropertiesdialogbox,clickthePortstab.

5 ToedittheFailoverandLoadBalancingvaluesforthevSwitch,selectthevSwitch

itemandclickProperties.

NOTE IncomingtrafficiscontrolledbytheLoadBalancingpolicyonthephysical

switch.


55/312


RoutebasedonsourceMAChashChooseanuplinkbasedonahash

ofthesourceEthernet.

U li i f il d Al h h h d l k f


56/312

56 VMware, Inc.

UseexplicitfailoverorderAlwaysusethehighestorderuplinkfrom

thelist

of

Active

adapters

which

passes

failover

detection

criteria.

NetworkFailoverDetectionSpecifythemethodtouseforfailover

detection.

LinkStatus

only

Relies

solely

on

the

link

status

that

the

network

adapterprovides.Thisoptiondetectsfailures,suchascablepullsand

physicalswitchpowerfailures,butnotconfigurationerrors,suchasa

physicalswitchportbeingblockedbyspanningtreeorthatis

misconfiguredtothewrongVLANorcablepullsontheothersideofa

physicalswitch.

BeaconProbingSendsoutandlistensforbeaconprobesonallNICsin

theteamandusesthisinformation,inadditiontolinkstatus,todeterminelinkfailure.Thisdetectsmanyofthefailurespreviously

mentionedthatarenotdetectedbylinkstatusalone.

NotifySwitchesSelectYesorNotonotifyswitchesinthecaseoffailover.

IfyouselectYes,wheneveravirtualNICisconnectedtothevSwitchor

wheneverthatvirtualNICstrafficwouldberoutedoveradifferentphysical

NIC

in

the

team

because

of

a

failover

event,

a

notification

is

sent

out

over

the

networktoupdatethelookuptablesonphysicalswitches.Inalmostallcases,

thisprocessisdesirableforthelowestlatencyoffailoveroccurrencesand

migrationswithVMotion.

FailbackSelectYesorNotodisableorenablefailback.(SEE UPDATE)

Thisoptiondetermineshowaphysicaladapterisreturnedtoactivedutyafter

recoveringfromafailure.IffailbackissettoNo,theadapterisreturnedto

activedutyimmediatelyuponrecovery,displacingthestandbyadapterthat

tookoveritsslot,ifany.IffailbackissettoYes(default),afailedadapterisleft

inactiveevenafterrecoveryuntilanothercurrentlyactiveadapterfails,

requiringitsreplacement.

NOTE IPbasedteamingrequiresthatthephysicalswitchbeconfiguredwith

etherchannel.Forallotheroptions,etherchannelshouldbedisabled.

NOTE Donotusethisoptionwhenthevirtualmachinesusingtheportgroup

areusingMicrosoftNetworkLoadBalancinginunicastmode.Nosuchissue

existswithNLBrunninginmulticastmode.


FailoverOrderSpecifyhowtodistributetheworkloadforadapters.Ifyou

wanttousesomeadaptersbutreserveothersforemergenciesincasethe

adaptersinusefail,setthisconditionbyusingthedropdownmenutoplace


57/312

VMware, Inc. 57

p , y g p p

themintothetwogroups:

ActiveAdaptersContinuetousetheadapterwhenthenetwork

adapterconnectivityisupandactive.

StandbyAdaptersUsethisadapterifoneoftheactiveadapters

connectivityisdown.

UnusedAdaptersNottobeused.

Port Group Configuration

Youcanchangethefollowingportgroupconfigurations:

Portgroupproperties

Labellednetworkpolicies

To edit port group properties

1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.



3 Ontherightsideofthewindow,clickPropertiesforanetwork.

4 ClickthePortstab.

5 SelecttheportgroupandclickEdit.

6 InthePropertiesdialogboxfortheportgroup,clicktheGeneraltabtochange:

NetworkLabelIdentifiestheportgroupthatyouarecreating.Specifythis

labelwhenyouconfigureavirtualadaptertobeattachedtothisportgroup,

eitherwhenyouconfigurevirtualmachinesorwhenyouconfigureVMkernel

services,suchasVMotionandIPstorage.

VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill

use.

7 ClickOK.


58/312


6 Selecttheassociatedcheckboxtooverridetheloadbalancingorfailoverorder

policies.

For information on these settings see Load Balancing and Failover Policy on


59/312

VMware, Inc. 59

Forinformationonthesesettings,see LoadBalancingandFailoverPolicy on

page 54.

7 ClickOK.

DNS and RoutingConfigureDNSandroutingthroughtheVI Client.

To change the DNS and routing configuration




60/312


7 OntheRoutingtab,changedefaultgatewayinformationasneeded.

Selectagatewaydeviceonlyifyouhaveconfiguredtheserviceconsoletoconnect

tomorethanonesubnet.


61/312

VMware, Inc. 61

8 ClickOK.

TCP Segmentation Offload and Jumbo FramesTCPSegmentationOffload(TSO)andJumboFramesupportareaddedtotheTCP/IP

stackinESXServer3version3.5.JumboFramesmustbeenabledattheserverlevel

usingthecommandlineinterfacetoconfiguretheMTUsizeforeachvSwitch.TSOis

enabledontheVMkernelinterfacebydefault,butmustbeenabledatthevirtual

machinelevel.

Enabling TSO

TSOsupportthroughtheEnhancedvmxnetnetworkadapterisavailableforvirtual

machinesrunningthefollowingguestoperatingsystems:

MicrosoftWindows2003EnterpriseEditionwithServicePack2(32bitand64bit)

RedHatEnterpriseLinux4(64bit)


62/312


63/312


64/312


65/312


66/312


67/312


Networking Best Practices

Considerthesebestpracticesforconfiguringyournetwork:

Separatenetworkservicesfromoneanothertoachievegreatersecurityorbetter


68/312

68 VMware, Inc.

performance.

Tohaveaparticularsetofvirtualmachinesfunctionatthehighestperformance

levels,putthemonaseparatephysicalNIC.Thisseparationallowsforaportionof

thetotalnetworkingworkloadtobemoreevenlysharedacrossmultipleCPUs.

TheisolatedvirtualmachinescanthenbetterservetrafficfromaWebclient,for

instance.

Youcansatisfythefollowingrecommendations eitherbyusingVLANstosegmentasinglephysicalnetwork,orbyusingseparatephysicalnetworks(thelatteris

preferable).

Keepingtheserviceconsoleonitsownnetworkisanimportantpartof

securingtheESXServer3system.Considertheserviceconsolenetwork

connectivityinthesamelightasanyremoteaccessdeviceinaserver,because

compromiseoftheserviceconsolegivesanattackerfullcontrolofallvirtual

machinesrunningonthesystem.

KeepingtheVMotionconnectiononaseparatenetworkdevotedtoVMotion

isimportantbecausewhenmigrationwithVMotionoccurs,thecontentsofthe

guestoperatingsystemsmemoryaretransmittedoverthenetwork.

Mounting NFS Volumes

InESX

Server

3,

the

model

of

how

ESX

Server

3accesses

NFS

storage

of

ISO

images

that

areusedasvirtualCDROMsforvirtualmachinesisdifferentfromthemodelusedin

ESX Server2.x.

ESXServer3hassupportforVMkernelbasedNFSmounts.Thenewmodelistomount

yourNFSvolumewiththeISOimagesthroughtheVMkernelNFSfunctionality.All

NFSvolumesmountedinthiswayappearasdatastoresintheVI Client.Thevirtual

machineconfigurationeditorallowsyoutobrowsetheserviceconsolefilesystemfor

ISOimages

to

be

used

as

virtual

CD

ROM

devices.

Networking Tips

Considerthefollowingnetworkingtips:

TophysicallyseparatenetworkservicesandtodedicateaparticularsetofNICsto

aspecificnetworkservice,createavSwitchforeachservice.Ifthisisnotpossible,

separatethem

from

each

other

on

asingle

vSwitch

by

attaching

them

to

port


69/312


70/312


71/312


72/312


73/312


74/312


75/312


76/312


77/312


78/312


79/312


80/312

Chapter 4 Networking Scenarios and Troubleshooting

esxcfg-vswitch -U

Removestheuplinkfortheserviceconsole

esxcfg-vswitch -L

Changestheuplinkfortheserviceconsole.


81/312

VMware, Inc. 81

Ifyouencounterlongwaitswhenusingesxcfg-*commands,theDNSmightbe

misconfigured.Theesxcfg-*commandsrequirethatDNSbeconfiguredsothat

localhostnameresolutionworksproperly.Thisrequiresthatthe/etc/hostsfile

containanentryfortheconfiguredIPaddressandthe127.0.0.1localhostaddress.

Troubleshooting Network Adapter ConfigurationAddinganewnetworkadapter,incertaincases,cancauselossofserviceconsole

connectivityandmanageabilitybyusingtheVI Clientbecauseofnetworkadapters

gettingrenamed.

Ifthishappens,youmustusetheserviceconsoletorenametheaffectednetwork

adapters.

To rename network adapters by using the service console

1 LogindirectlytoyourESXServer3hostsconsole.

2 Usetheesxcfg-nics -lcommandtoseewhichnameswereassignedtoyour

networkadapters.

3 Usetheesxcfg-vswitch -lcommandtoseewhichvSwitches,ifany,arenow

associatedwithdevicenamesnolongershownbyesxcfgnics.

4 Usetheesxcfg-vswitch -U commandto

removeanynetworkadaptersthatwererenamed.

5 Usetheesxcfg-vswitch -L commandtoreadd

thenetworkadapters,givingthemthecorrectnames.

Troubleshooting Physical Switch Configuration

Insomecases,youmightlosevSwitchconnectivitywhenafailoverorfailbackevent

occurs.ThiscausestheMACaddressesthatvirtualmachinesassociatedwiththat

vSwitchusetoappearonadifferentswitchportthantheypreviouslydid.

Toavoidthisproblem,putyourphysicalswitchinportfastorportfasttrunkmode.


82/312


83/312


84/312


85/312


86/312


87/312


Networked Storage

Networkedstoragedevicesareexternalstoragedevices,orarrays,thatyourESXServer

3hostusestostorevirtualmachinefilesremotely.TheESXServer3hostaccessesthese

devicesoverahighspeedstoragenetwork.

ESXServer3supportsthefollowingnetworkedstoragetechnologies:


88/312

88 VMware, Inc.

FibreChannel(FC)StoresvirtualmachinefilesremotelyonanFCstoragearea

network(SAN).FCSANisaspecializedhighspeednetworkthatconnectsyour

ESXServer3hoststohighperformancestoragedevices.ThenetworkusesFibre

ChannelprotocoltotransportSCSItrafficfromvirtualmachinestotheFCSAN

devices.

ToconnecttotheFCSAN,yourESXServer3hostshouldbeequippedwithFibre

Channelhostbusadapters(HBAs)and,unlessyouuseFibreChanneldirect

connectstorage,withFibreChannelswitchesthathelproutestoragetraffic.

InternetSCSI(iSCSI)StoresvirtualmachinefilesonremoteiSCSIstorage

devices.iSCSIpackagesSCSIstoragetrafficintotheTCP/IPprotocolsothatitcan

travelthroughstandardTCP/IPnetworksinsteadofthespecializedFCnetwork.

WithiSCSI

connection,

your

ESX

Server

3host

serves

as

the

initiator

that

communicateswithatarget,locatedinremoteiSCSIstoragesystems.

ESXServer3offersthefollowingtypesofiSCSIconnection:

HardwareInitiatediSCSIYourESXServer3hostconnectstostorage

throughathirdpartyiSCSIHBA.

SoftwareInitiatediSCSIYourESXServer3usesasoftwarebasediSCSI

initiatorin

the

VMkernel

to

connect

to

storage.

With

this

type

of

iSCSI

connection,yourhostneedsonlyastandardnetworkadapterfornetwork

connectivity.

NetworkAttachedStorage(NAS)Storesvirtualmachinefilesonremotefile

serversaccessedoverstandardTCP/IPnetwork.TheNFSclientbuiltintoESX

Server3usestheNetworkFileSystem(NFS)protocolversion3tocommunicate

withtheNAS/NFSservers.Fornetworkconnectivity,theESXServer3host

requiresastandardnetworkadapter.

SeetheStorage/SANCompatibilityGuideatwww.vmware.com/pdf/vi3_san_guide.pdf.
http://www.vmware.com/pdf/vi3_san_guide.pdfhttp://www.vmware.com/pdf/vi3_san_guide.pdf


89/312


VMFS Datastores

WhenyourESXServer3hostaccessesSCSIbasedstoragedevicessuchasSCSI,iSCSI,

orFCSAN,thestoragespaceispresentedtoyourESXServer3asaLUN.ALUNisa

logicalvolumethatrepresentsstoragespaceonasinglephysicaldiskoronanumber

ofdisksaggregatedinadiskarray.AsingleLUNcanbecreatedfromtheentirespace

onthestoragediskorarray,orfromapartofthespace,calledapartition.TheLUNthat

uses disk space on more than one physical disk or partition still presents itself as a


90/312

90 VMware, Inc.

usesdiskspaceonmorethanonephysicaldiskorpartitionstillpresentsitselfasa

singlelogicalvolumetoyourESXServer3.

ESXServer3canformatLUNsasVMFSdatastores.VMFSdatastoresprimarilyserve

asrepositoriesforvirtualmachines.Youcanstoremultiplevirtualmachinesonthe

sameVMFSvolume.Eachvirtualmachine,encapsulatedinasetoffiles,occupiesa

separatesingledirectory.Fortheoperatingsysteminsidethevirtualmachine,VMFS

preservestheinternalfilesystemsemantics,whichensurescorrectapplicationbehavior

anddataintegrityforapplicationsrunninginvirtualmachines.

Inaddition,youcanusetheVMFSdatastorestostoreotherfiles,suchasvirtual

machinetemplatesandISOimages.

VMFSsupportsthefollowingfileandblocksizesenablingyourvirtualmachinestorun

eventhemostdataintensiveapplications,includingdatabases,ERP,andCRMinvirtualmachines:

Maximumvirtualdisksize:2TBwith8MBblocksize

Maximumfilesize:2TBwith8MBblocksize

Blocksize:1MB(default),2MB,4MB,and8MB

Creating and Increasing VMFS Datastores

YouusetheVIClienttosetupaVMFSdatastoreinadvanceonanySCSIbasedstorage

devicethatyourESXServer3discovers.ESXServer3letsyouhaveupto256VMFS

datastorespersystemwiththeminimumvolumesize1.2GB.

ForinformationoncreatingVMFSdatastoresontheSCSIbasedstoragedevices,seethefollowingsections:

AddingLocalStorageonpage 102

AddingFibreChannelStorageonpage 106

AddingiSCSIStorageAccessibleThroughHardwareInitiatorsonpage 117

AddingiSCSI

Storage

Accessible

Through

Hardware

Initiators

on

page 117

NOTE AlwayshaveonlyoneVMFSdatastoreforeachLUN.


91/312


92/312

Chapter 5 Introduction to Storage

YoucanuseVMotiontoperformlivemigrationofrunningvirtualmachinesfrom

onephysicalservertoanother.

FormoreinformationonVMotion,seeBasicSystemAdministrationat

www.vmware.com/support/pubs/.

YoucanuseVMwareConsolidatedBackup,whichletsaproxyserver,calledVCB

proxy,backupasnapshotofavirtualmachinewhilethevirtualmachineis

powered on and is reading and writing to its storage
http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/


93/312

VMware, Inc. 93

poweredonandisreadingandwritingtoitsstorage.

FormoreinformationonConsolidatedBackup,seetheVirtualMachineBackup

Guideatwww.vmware.com/support/pubs/.

NFS DatastoreESXServer3canaccessadesignatedNFSvolumelocatedonaNASserver,mountthis

volume,anduseitforitsstorageneeds.YoucanuseNFSvolumestostoreandboot

virtualmachinesinthesamewayyouuseVMFSdatastores.

ESXServer3supportsthefollowingsharedstoragecapabilitiesonNFSvolumes:

UseVMotion.

UseVMwareDRSandVMwareHA.

MountISOimages,whicharepresentedasCDROMstovirtualmachines.

Createvirtualmachinesnapshots.SeeBasicSystemAdministrationat

www.vmware.com/support/pubs/.

How Virtual Machines Access StorageWhenavirtualmachinecommunicateswithitsvirtualdiskstoredonadatastore,it

issuesSCSIcommands.Becausedatastorescanexistonvarioustypesofphysical

storage,thesecommandsareencapsulatedintootherforms,dependingontheprotocol

thattheESXServer3systemusestoconnecttoastoragedevice.ESXServer3supports

FibreChannel(FC),InternetSCSI(iSCSI),andNFSprotocols.Regardlessofthetypeof

storagedeviceyourESXServer3uses,thevirtualdiskalwaysappearstothevirtual

machineas

amounted

SCSI

device.

The

virtual

disk

hides

aphysical

storage

layer

from

thevirtualmachinesoperatingsystem.Thisallowsyoutorunevenoperatingsystems

thatarenotcertifiedforspecificstorageequipment,suchasSAN,insidethevirtual

machine.
http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/


94/312


Comparing Types of Storage

Table 51comparesnetworkedstoragetechnologiesESXServer3supports.

Table 5-1. Networked Storage that ESX Server 3 Supports

Technology Protocols Transfers Interface

FibreChannel FC/SCSI Blockaccessofdata/LUN

FCHBA


95/312

VMware, Inc. 95

Table 52comparestheESXServer3featuresthatdifferenttypesofstoragesupport.

Viewing Storage Information in the VMware InfrastructureClient

TheVIClientdisplaysdetailedinformationonavailabledatastores,storagedevices

thatthedatastoresuse,andconfiguredadapters.Formoreinformation,seethese

sections:

DisplayingDatastores

on

page 96

ViewingStorageAdaptersonpage 97

UnderstandingStorageDeviceNamingintheDisplayonpage 98

data/LUN

iSCSI IP/SCSI Blockaccessofdata/LUN

iSCSIHBA(hardwareinitiatediSCSI)

NIC(softwareinitiatediSCSI)

NAS IP/NFS File(no

direct

LUN

access)NIC

Table 5-2. ESX Server 3 Features Supported by Storage

Storage Type Boot VM VMotion Datastore RDM

VM

Cluster

VMware

HA and

DRS VCB

SCSI Yes No VMFS No No No Yes

FibreChannel Yes Yes VMFS Yes Yes Yes Yes

iSCSI Yes Yes VMFS Yes No Yes Yes

NASoverNFS Yes Yes NFS No No Yes Yes


Displaying Datastores

DatastoresareaddedtotheVIClientinthefollowingways:

Discoveredwhenahostisaddedtotheinventory.Whenyouaddahosttothe

inventory,the

VI

Client

displays

any

datastores

available

to

the

host.

Createdonanavailablestoragedevice.YoucanusetheAddStorageoptionto

createandconfigureanewdatastore.SeeConfiguringStorageonpage 101.


96/312

96 VMware, Inc.

Youcanviewalistofavailabledatastoresandanalyzetheirproperties.

Todisplaydatastores,onthehostConfigurationtab,clickStorage.

Foreachdatastore,theStoragesectionshowssummaryinformation,including:

Targetstoragedevicewherethedatastoreislocated.SeeUnderstandingStorage

DeviceNamingintheDisplayonpage 98.

Typeoffilesystemthedatastoreuses.SeeDatastoresonpage 89.

Totalcapacity,includingtheusedandavailablespace.

Toviewadditionaldetailsaboutthespecificdatastore,selectthedatastorefromthelist.

TheDetailspaneshowsthefollowinginformation:

Locationofthedatastore.

Individualextentsthatthedatastorespansandtheircapacity(VMFSdatastores).

Pathsusedtoaccessthestoragedevice(VMFSdatastores).


InFigure 53,thesymm07datastoreisselectedfromthelistofavailabledatastores.The

Detailspaneprovidesinformationabouttheselecteddatastore.

Figure 5-3. Datastore information

configured datastores datastore details


97/312

VMware, Inc. 97

Youcanrefreshandremoveanyoftheexistingdatastores,andchangetheproperties

ofaVMFSdatastore.WhenyoueditorreconfigureaVMFSdatastore,youcanchange

itslabel,addextents,upgradeit,ormodifypathsforstoragedevices.SeeManaging

Storageonpage 131.

Viewing Storage Adapters

TheVIClientdisplaysanystorageadaptersavailabletoyoursystem.

Todisplaystorageadapters,onthehostConfigurationtab,clickStorageAdapters.

Youcanviewthefollowinginformationaboutthestorageadapters:

Existingstorageadapters.

Typeofstorageadapter,suchasFibreChannelSCSIoriSCSI.

Detailsforeachadapter,suchasthestoragedeviceitconnectstoandtargetID.

Toviewconfigurationpropertiesforaspecificadapter,selecttheadapterfromthe

StorageAdapterslist.


98/312


Althoughthethirdandthefourthnumbersneverchange,thefirsttwonumberscan

change.Forexample,afterrebootingtheESXServer3system,vmhba1:1:3:1can

changetovmhba3:2:3:1,however,thenamestillreferstothesamephysicaldevice.

Thefirstandthesecondnumberscanchangeforthefollowingreasons:

Thefirstnumber,theHBA,changeswhenanoutageontheFibreChanneloriSCSInetworkoccurs.Inthiscase,theESXServer3systemmustuseadifferentHBAto

accessthestoragedevice.

Th d b h SCSI h if difi i i h


99/312

VMware, Inc. 99

Thesecondnumber,theSCSItarget,changesifanymodificationsoccurinthe

mappingsoftheFibreChanneloriSCSItargetsvisibletotheESXServer3host.

Configuring and Managing StorageTheConfiguringStorageandManagingStoragechaptersofthisguidediscussmostof

theconceptsandoutlinetasksyouneedtoperformwhenworkingwithstorage.

FordetailedinformationonconfiguringSANs,seetheFibreChannelSANConfiguration

GuideoriSCSISANConfigurationGuide.

Formoreinformationaboutspecificstorageconfigurationtasks,seethefollowing:

Localstorageconfiguration:

TocreateadatastoreonalocalSCSIdiskonpage 103

FibreChannelSANstorageconfiguration:

TocreateadatastoreonaFibreChanneldeviceonpage 106

HardwareinitiatediSCSIstorageconfiguration:

ToviewthehardwareiSCSIinitiatorpropertiesonpage 111

TosetuptheiSCSIname,alias,andIPaddressforthehardwareinitiatoron

page 113

Tosetuptargetdiscoveryaddressesusingdynamicdiscoveryonpage 114

TosetupCHAPparametersforthehardwareinitiatoronpage 116

TocreateadatastoreonahardwareiSCSIdeviceonpage 117

SoftwareinitiatediSCSIstorageconfiguration:

ToviewthesoftwareiSCSIinitiatorpropertiesonpage 119

ToenablethesoftwareiSCSIinitiatoronpage 121

Tosetuptargetdiscoveryaddressesforthesoftwareinitiatoronpage 122


100/312

6

6


101/312

VMware, Inc. 101

ThischaptercontainsinformationaboutconfiguringlocalSCSIstoragedevices,Fibre

ChannelSANstorage,iSCSIstorage,andNASstorage.

Thischapterdiscussesthefollowingtopics:

LocalStorageonpage 102

FibreChannelStorageonpage 105

iSCSIStorageonpage 108

PerformingaRescan

on

page 124

NetworkAttachedStorageonpage 125

CreatingaDiagnosticPartitiononpage 128

Configuring Storage 6

NOTE ForadditionalinformationaboutconfiguringSANs,seetheFibreChannelSAN

ConfigurationGuideandiSCSISANConfigurationGuide.


Local Storage

LocalstorageusesaSCSIbaseddevicesuchasyourESXServer3hostsharddiskor

anyexternaldedicatedstoragesystemconnecteddirectlytoyourESXServer3host.

Figure 61depictsavirtualmachineusinglocalSCSIstorage.

Figure 6-1. Local Storage

ESX Server


102/312

102 VMware, Inc.

Inthisexampleoflocalstoragetopology,theESXServer3hostusesasingleconnection

toplugintoadisk.Onthatdisk,youcancreateaVMFSdatastore,whichyouuseto

storevirtualmachinediskfiles.

Althoughthisstorageconfigurationispossible,itisnotarecommendedtopology.

UsingsingleconnectionsbetweenstoragearraysandESXServer3hostscreatessingle

pointsof

failure(SPOF)thatcancauseinterruptionswhenaconnectionbecomes

unreliableorfails.Toensurefaulttolerance,someDASsystemssupportredundant

connectionpaths.SeeManagingMultiplePathsonpage 135.

Adding Local Storage

Assoonasyouloadstorageadapterdrivers,ESXServer3detectsavailableSCSIstorage

devices.Before

you

create

anew

datastore

on

aSCSI

device,

you

might

need

to

perform

arescan.SeePerformingaRescanonpage 124.

WhenyoucreateadatastoreonaSCSIstoragedevice,theAddStoragewizardguides

youthroughtheconfigurationsteps.

VMFS

localethernet

SCSI

virtualmachine


103/312


104/312


105/312


AboutsupportedSANstoragedevicesforESXServer3,seetheStorage/SAN

CompatibilityGuide.

AboutmultipathingforFibreChannelHBAsandhowtomanagepaths,see

ManagingMultiplePathsonpage 135.

Adding Fibre Channel Storage

BeforeyoucreateanewdatastoreonaFibreChanneldevice,rescanaFibreChannel

adaptertodiscoveranynewlyaddedLUNs.SeePerformingaRescanonpage 124.


106/312

106 VMware, Inc.

p y y g p g

WhenyoucreateadatastoreonaFibreChannelstoragedevice,theAddStoragewizard

guidesyouthroughtheconfiguration.

To create a datastore on a Fibre Channel device

1 LogintotheVIClient,andselectaserverfromtheinventorypanel.

2 ClicktheConfigurationtabandclickStorageintheHardwarepanel.

3 ClickAddStorage.

4 SelecttheDisk/LUNstoragetypeandclickNext.

5 SelecttheFibreChanneldevicetouseforyourdatastore,andclickNext.

TheCurrentDiskLayoutpageopens.Ifthediskyouareformattingisblank,the

CurrentDiskLayoutpageautomaticallypresentstheentirediskspacetoyoufor

storageconfiguration.

6 Ifthediskisnotblank,reviewthecurrentdisklayoutinthetoppanelofthe

CurrentDiskLayoutpageandselectaconfigurationoptionfromthebottompanel:

UsetheentiredeviceSelectthisoptiontodedicatetheentirediskorLUN

toasingleVMFSdatastore.VMwarerecommendsthatyouselectthisoption.

WARNING Ifyouselectthisoption,anyfilesystemsordatapreviouslystoredonthis

devicewillbedestroyed.

Chapter 6 Configuring Storage

UsefreespaceSelectthisoptiontodeployaVMFSdatastoreinthe

remainingfreespaceofthedisk.


107/312

VMware, Inc. 107

7 ClickNext.

8 IntheDisk/LUNPropertiespage,enteradatastorenameandclickNext.

TheDisk/LUNFormattingpageappears.

9 Ifneeded,adjustthefilesystemvaluesandcapacityyouuseforthedatastore.

Bydefault,theentirefreespaceavailableonthestoragedeviceisofferedtoyou.

10 ClickNext.

11 IntheReadytoCompletepage,reviewthedatastoreconfigurationinformation

andclickFinish.

ThisprocesscreatesthedatastoreonaFibreChanneldiskfortheESXServer3host.

12 ClickRefresh.

Foradvancedconfiguration,suchasusingmultipathing,masking,andzoning,seethe

FibreChannelSANConfigurationGuide.


108/312

Chapter 6 Configuring Storage

Figure 63depictstwovirtualmachinesthatusedifferenttypesofiSCSIinitiators.

Figure 6-3. iSCSI Storage

virtualmachine

virtualmachine

iSCSIsoftware initiator

ESX Server


109/312

VMware, Inc. 109

InthefirstexampleofiSCSIstorageconfiguration,theESXServer3systemusesthe

hardwareiSCSIadapter.ThisspecializediSCSIadaptersendsiSCSIpacketstoadisk

overaLAN.

Inthesecondexample,theESXServer3systemisconfiguredwiththesoftwareiSCSI

initiator.Usingthesoftwareinitiator,theESXServer3systemconnectstoaLAN

throughan

existing

NIC

card.

Naming Requirements

BecauseSANscanbecomelargeandcomplex,alliSCSIinitiatorsandtargetsthatuse

thenetworkhaveuniqueandpermanentiSCSInamesandareassignedaddressesfor

access.TheiSCSInameprovidesacorrectidentificationofaparticulariSCSIdevice,an

initiatororatarget,regardlessofitsphysicallocation.

WhenyouconfigureyouriSCSIinitiators,makesuretheyhaveproperlyformatted

names.Theinitiatorscanuseoneofthefollowingformats:

iSCSI array

VMFS

LAN LAN

hardware

initiator

ethernet

NIC


IQN(iSCSIqualifiedname)Canbeupto255characterslongandhasthe

followingformat:

iqn..:

whererepresentstheyearandmonthyourdomainnamewas

registered,istheofficialdomainname,reversed,andisanynameyouwanttouse,forexample,thenameofyour

server.

Anexamplemightbeiqn.1998-01.com.mycompany:myserver.


110/312

110 VMware, Inc.

EUI(extendeduniqueidentifier)Representstheeui.prefixfollowedbythe

16charactername.Thenameincludes24bitsforcompanynameassignedbythe

IEEEand

40

bits

for

aunique

ID

such

as

aserial

number.

Forexample,eui.0123456789ABCDEF.

Discovery Methods

Todeterminewhichstorageresourceonthenetworkisavailableforaccess,theESX

Server3systemusesthesediscoverymethods:

DynamicdiscoveryAlsoknownasSendTargetsdiscovery.Eachtimethe

initiatorcontactsaspecifiediSCSIserver,itsendstheSendTargetsrequesttothe

server.Theserverrespondsbyprovidingalistofavailabletargetstotheinitiator.

StaticDiscoveryTheinitiatordoesnotneedtoperformanydiscovery.The

initiatorinadvanceknowsalltargetsitwillbecontactingandusestheirIP

addressesanddomainnamestocommunicatewiththem.

Thestatic

discovery

method

is

available

only

when

the

iSCSI

storage

is

accessed

throughhardwareinitiators.

iSCSI Security

BecauseiSCSItechnologyusestheIPnetworkstoconnecttoremotetargets,itis

necessarytoensuresecurityoftheconnection.TheIPprotocolitselfdoesntprotectthe

dataittransports,anditdoesnthavethecapabilitytoverifythelegitimacyofinitiators

thataccesstargetsonthenetwork.Youneedtotakespecificmeasurestoguarantee

securityacrossIPnetworks.

ESXServer3supportstheChallengeHandshakeAuthenticationProtocol(CHAP)that

youriSCSIinitiatorscanuseforauthentication purposes.Afteryourinitiator

establishestheinitialconnectionwiththetarget,CHAPverifiestheidentityofthe

initiatorandchecksaCHAPsecretthatyourinitiatorandthetargetshare.Thiscanbe

repeatedperiodicallyduringtheiSCSIsession.


111/312


4 ClickProperties.

TheiSCSIInitiatorPropertiesdialogboxopens.TheGeneraltabdis

vi3!35!25 3 server config

Documents