VMware vSphere 6.7 Foundations Exam 2019

Section 1 - install and Configure vCenter Server 6.x and ESXi 6.x Hosts

Objective 1.1 - Identify vSphere Architecture and Solutions for a Given Use Case

LicensingStandard Enterprise Plus Enterprise Plus w/ Ops Manager

Storage vmotion Reliable Memory Consistent MgmtHA Big Data Extensions Intelligent Ops

Data Protection Virtual Serial Port Concentrator Operations AutomationFault Tolerance DRS and DPM Workload BalancingvShield Endpoint Storage DRS Fault Tolerance (4x CPU)

vSphere Replication Storage I/O Virtual Vols Network I/O

Hot Add Single Root I/O Virtualisation Storage Policy-Based-mgmt Flash Read Cache (vFlash)

Content library NVIDIA GRID Storage Apis Distributed Switches

Host Profiles Auto Deploy App HA

Additional SDDC Solutions that interact with vSphere- NSX- vCloud suite: Cloud management suite for managing cloud resources- vRealize Operations Insight: Performance, capacity optimization and real time log analytics

as an add-on to vSphere with Ops Manager.- vSphere Data Protection Advanced: Customizable backup solution for VM’s, but doesn’t

need agents or additional backup software.- vSphere ROBO: Remote Office Branch Office –For organizations with multiple sites – rapidly

provision servers, minimize configuration drift and assist in compliance..

Installing vSphere

vSphere 6.7 has 3 core components ESXi, and PSC and vCenter Serveris installed EMBEDDED (PSC+VCS is installed on same box) or EXTERNAL (split them out on

separate VM’s).

Pre-Reqs: PSC must be installed before vCenter server can be installed. PSC does not require a db

Platform Services Controller PSC Contents: SSO License Services Lookup Service VMWare Directory Service VMware CA.

vCenter Services Server Contents: vCenter Server vCenter Web Client VCenter Inventory Service vSphere Auto Depoy vSphere ESXi Dump Collector vSphere Syslog Collector.

An Embedded installation is ‘all in one’ – PSC+vCenter Services on one box. A linked installation (external) de-couples the PSC from vCenter Services Enhanced Link Mode (PANE OF GLASS for VCENTER Server) – lets you manage multiple

vCenter Server installs from one ‘pane of glass’ PSC install – i.e 1 PSC linked to 2 vCenter Services installations.

Use a load balancer if an external install is in play – i.e. 2x PSC’s (load balanced) and 2x vCenter servers.

BAD ARCHITECTURE: o Linking embedded to a linked (i.e external) install,o embedded to a single vCenter Services installation (similar to above)o embedded to embedded (via their PSC’s).

GOOD ARCHITECTURE: A load balancer between multiple (i.e. 2) linked PSC nodes, and multiple vCenter Services installs. This is enhanced linked mode

o Also using enhanced linked mod is good arch (appliance package only) with an external vCenter server install?

Options when Installing the PSC

Create an SSO domain Join existing SSO domain

Objective 1.2 - Install and Configure vCenter Server 6.x

2 types of vCenter Server installation:

vCenter Server Appliance (VAMI – vCenter appliance mgmt interface) – Features:

Backup/Restore – configure regular backups to an FTP location, on a schedule. Vimtop tool can be used to monitor VCSA install

vCenter Server for Windows installation

Hardware Selection – Storage:Consider the following when selecting storage:

Can the solution provide the performance needed for the environment? - Does the storage offer advanced integration with vSphere Will DR work with this type of storage

Network (NICS): ESXi management network needs 1 NIC (2 for redundancy) vMotion needs a NIC (2 for redundancy) vSphere FT needs a nic (…) ISCSI, NFS or VSAN dpeloyments need a NIC( 2..) At least 2 NIC for traffic originating frm the VM's themselves.

vCenter Server Requirements:4gb RAM, 2 CPU @ 2.0ghz or higher, 4 gb HD, 64bit OS (aka 2@2 and 4,4,64).

The single prerequisite for vCenter server is the Platform Services Controller (PSC) – think of this as a support database for vCenter. It can be embedded (included in the vCenter server) or external. Any env. With more than a few hundred VM’s should keep it eternal.

Types of installation: vCenter Appliance (i.e. all in one) or Windows based standalone. Both support:1000 hosts/vCenter10,000 VM’s64 Hosts/Clustered8000 clustered VM’s

Database embedded vs external

Appliance can use embedded vPostgres (supports 1000 hosts 10,000vms) or external Oracle Windows must use an external SQL or Oracle db to 1000 hosts and 10k VM’s, or has an

embedded vPostgres for 20 hosts, 200 vms. vCenter Server’s (i.e. not appliance) has an embedded vPostgres but only supports 20 hosts, 200 vms

Hardware selection – Server:Use the VMWare compatibility matrix to find suitable server hardware.

Remember to consider diminishing returns - there comes a point where adding more CPU or RAM to a server isn't offset by the number of VM's it can host, once you pass that point it becomes more expensive to buy servers

Consider picking the right server that provides compatibility, scalability, availability and affordability) – servers with more RAM slots = higher quantity of lower-capacity/cost RAM (a cheaper way to get large RAM allocation) – same applies for storage – the number of local drive bays for a VSAN can allow you to use cheaper disks to get same high capacity setup.

AutoDeploy (like a network-deployment) for ESXi-You have to first setup an ESXi server to run Auto-deploy and create 'image profile' to manage which servers receive which Exi image – you also need to setup:- A TFTP server, DHCP service and a deployment rule to assign the image profiles to a particular subset of hosts.

1. Stateless – Deploy using AutoDeploy (like Templates) into server memory, no need for SAN boot LUN BUT if the network breaks, the AutoDeploy service can't complete the install.

2. Stateless caching – caches the image in the servers local memory, provides redundancy if the network is lost

3. Stateful – like Stateless, but the boot order goes to local disk first then network for AutoDeploy service.

Post Install tasks: Ensure Time Sync is configured to sync with a reliable internal source (DC) – and the

subsequent DC is linked to an external source (atomic clock) DNS / name resolution

SSO

4 Identity sources are available for authenticating users via SSO: Active Directory (Integrated Windows Authentication) Active Directory as an LDAP server Open LDAP Local OS

Default Identity SourcesThe following 2 are default identity sources if no other source is used:

vShere.local localOS

SSO for Multiple sites After you install Single Sign-On, no connectivity between the Single Sign-On servers is

necessary, because there is no automatic replication of data between Single Sign-On instances.

Use Multi-site SSO for Linked Mode vCenter deployments – it does not provide failover, but does provide fast access to local auth-related services. Each site is represented by a single instance of SSO.

Multi-site only requires visibility of the ‘SSO site entry point’ which in a clustered environment is the load balancer, or it can be a machine that is visible from the other sites (non clustered environment).

Troubleshooting SSO installation issues Install log file locations for SSO: SSO_SERVER\utils\logs\imsTrace.log, install.log, and %TEMP

%\vminstall.log

Default User Permissions when adding ESXi to AD ESX Admins user group is created when a host is added to AD – members of this group have

administrator rights.

Objective 1.3 - Install and Configure ESXi 6.x Hosts

ESXi Requirements: 2 core CPU 4gb RAM 1 or more gigabit Ethernet controller Hardware virtualization Intel VT-x or AMD RVI for 64bit VM’s SCSI disk or local, non network RAID disk – with unpartitioned space Hardware virtualization to support 64bit v

ESXi disk groups and maximum memoryEach host must contain a minimum of 32 GB of memory to accommodate the maximum number of disk groups (5) and maximum number of capacity devices per disk group

Before you install: Disconnect network storage Verify keyboard and monitor are attached on the machine you’re installing Set clock to UTC

During installation if an asterix * appears next to a destination storage LUN – you cannot install to it (it’s a VFMS

Interactive Installation Options It’s a TEXT based installer, not GUI Install with ISO

o Disconnect any shared storage, check UTC is set in hardware BIOS of server, keyboard+mouse should be attached

o Run software….Press f11! Let the VM reboot

Install from CD/DVD, PXE (Default for a new VM) ,USB

Steps involved with initial install: Set keyboard language Set host password

Configure DNS/Routing

Home > hosts and clusters > manage (which is actually CONFIGURE) > settings > TCP/IP Configuration> edit the default stack

ESXi Host Time Synchronization

VMs can sync with the ESXi host for time (or use an NTP server/alternatives) If time is not synchronized across your vSphere and physical machines, authentication issues

can occur (SSL certs and time-sensitive SAML tokens might not be recognised). The vCenter Server appliance vmware-vpxd service might not start if clocks are not syncd.

Options for configuring NTP: Use command: esxcli system time set -d 31 -M 1 -y

2012 -H 18 -m 0 -s 0 Web client > Go to Hosts and Clusters, >click ESXi host > click the Manage tab > click

the Settings button > System> Time Configuration Use vSphere Host client

Licensing ESXi Hosts Decode option does not exist 60 day trial license before features must be licensed.

options to license ESXi hosts:1. Assign a license key via vSphere Web Client2. UsePowerCLI with LicenseDataManager feature to deploy

3 . Once the keys in 2. Are deployed, any hosts added to the environment will be li-censed from the pool of license keys that are available.

Methods to License an ESXi host- Via ESXi Host client > Configuration > Licensed Features > Edit > Assign a

new license- Via vSphere Web Client > Administration > Licensing > Licenses > add

keys- Bulk licensing using PowerCLI

Install Methods:-Interactive-Unattended (scripted)-Automated provisioning

Enter Root credentials (set during installation)

Hosts have a rollback feature to prevent disconnections if the management network or a subnet change is made on the VMKernel port

Configuration Maximum for ESXi : Virtual CPU’s per core = 32Virtual CPU’s per host: 4096 RAM per host = 16TBVM’s per host = 1024

ESXi Lockdown Mode2 modes: Normal Lockdown :

DCUI is not stopped Only Users in the Exception Users list can login to the DCUI Access via Web Client, vSphere Client and vCenter Server is still available If enabled with an SSH session open – the user can remain logged in and run commands,

but can’t unlock the lockdown mode.Strict Lockdown Mode: DCUI is stopped. If web client and SSH is not available, host must be reinstalled. If SSH is available,

Exception Users can connect.

DCUI Menu View the RSA, SSH Thumbprint via ESXi DCUI interface > View Support Information

ESXi Default Password Policy By default, you have to include a mix of characters from four character classes:

lowercase letters, uppercase letters, numbers, and special characters such as underscore or dash when you create a password.

By default, password length is more than 7 and less than 40. Passwords cannot contain a dictionary word or part of a dictionary word.

Change ESXi HostnameRemove the host from a cluster (if clustered) and make DNS entry changes first, then:

Via Web Client > Configure > Networking >TCP/IP configuration > set the DNS name/hostname here

Via DCUI > login as root> use a text editor to edit thes 2 files: /etc/hosts /etc/sysconfig/network

Then run: esxcfg-advcfg -s hostname /Misc/hostname

Section 2 - Configure and Manage vSphere 6.x Networking

Virtual switches cannot: Run STP on them – vswitches can’t loop They don’t manage ARP or need to perform discovery of the devices connected to them -

they already know the MAC details of the VM’s they host Have auto-negotiation for protocols like LACP or etherhchannel

NIC types:vNic = Virtual network adapter for VM to VM traffic. VM port groups are assigned VLANs and security policies to vnics.vmnic = UPLINK to physical network aka an adapter – these are Physical adapters, they can only be assigned to 1 virtual switch (blue below) – these are like default gateways.Port groups = define VLANs, security policy for the VM’s

VMNic is the physical adapter of the host itself (aka uplink!). Traffic for the internet goes via the VMnic/uplink!

vmKernel Ports are for special Mgmt traffic (vMotion, storage etc) – NOT intra-vm traffic. By default they route from originating port ID unless another method (IP hash, mac address)

is specified.

6 Traffic Types for VMkernel Ports IP Storage vMotion Management Fault-tolerant logging VSAN vSphere Replication

vMotion, Management and Provisioning all get their own default gateway, if these traffic types are selected for a vmkernel port.

vMotion traffic gets its own IP stack.

Objective 2.1 - Configure vSphere Standard Switches (vSS)

3 Port binding types:Ephemeral – port is created at power on, deleted at power off for a vmStatic - permanent binding ,regardless of power state, vm always has a port.Dynamic - vm is assigned a port at power on from a pool e.g. if you had 90 ports and 300 VM’s , you would use dynamic port bindings.

3 virtual standard switch VSS Policies: Security Traffic Shaping Teaming and Failover

Vmnics can use beacon probes between each other to determine their uplink status and ensure they're all connected and can inter-communicate with each other – exactly like a keepalive packet sent between vmnics.

NIC Teaming, Load balancing and Failover options for VSS

NIC Teaming by port ID: allows you to say VM1 traffic goes to VMNic 1. Vm2 goes to VM2 etc – tethering a vm to a specific vmnic. The same thing can be done by Source MAC Hash.

Required the physical switch at the other end to not use Etherchannel or any teaming protocols – just port to port connections.

NIC teaming by IP Hash- you can instruct specific vmnic physical adapters to send traffic to specific IP ranges. This method required Etherchannel on the physical switch.

Traffic shaping: you can configure Peak Bandwidth and Average Bandwidth thresholds for a specific port group i.e. Portgroup A gets a peak b.w of 100mbps , Average B/w of 50mbps – so if they sent a big file they can use 100mbps for short periods, but should average out at 50mbps over time. The 'peak' period is called Burst Size – which is the limit it can transfer at – so a vm can use 100mbps until it's sent 100mb. The burst size needs to be 'saved up' by the vm again for it to transmit at high bandwidth again.

Security Settings:Port groups: always WIN. They over ride switch settings.

Multiple TCP/IP stacks:Allow you to do things like create a custom TCP/IP stack which would allow you to route traffic for things like cloning, vmotion, snapshot taking via a different default gateway

Jumbo Frames VSS Enable on the physical switch Enable on the VSS vmkernel interface Enable on the VM’s

Promiscuous Mode

■ Reject (DEFAULT)— Placing a guest adapter in promiscuous mode has no effect on which frames are received by the adapter.

■ Accept — Placing a guest adapter in promiscuous mode causes it to detect all frames passed on the vSphere standard switch that are allowed under the VLAN policy for the port group that the adapter is connected to.

MAC Ad-dress Changes

■ Reject — If you set the MAC Address Changes to Reject and the guest operating system changes the MAC ad-dress of the adapter to anything other than what is in the .vmx configuration file, all inbound frames are dropped.

If the Guest OS changes the MAC address back to match the MAC address in the .vmx configuration file, in-bound frames are passed again.

■ Accept (DEFAULT) — Changing the MAC address from the Guest OS has the intended effect: frames to the new MAC address are received.

Forged Transmits

■ Reject — Any outbound frame with a source MAC address that is different from the one currently set on the adapter are dropped.

Objective 2.2 - Configure vSphere Distributed Switches (vDS)

Distributed switches use a cloning method where a ‘central copy’ of the switch sits in vCenter and is copied to other ESXi hosts. The ‘hidden’ switches inside each ESXi hosts can be managed by the central distributed switch in vCenter to push port groups, sec policies etc to it.

Requirements for vDS:

Enterprise Plus license (though a free trial of 60 days allows access to it) An ESXi host in vCenter

vDS Features: Inbound traffic shaping, VM network port block, Private VLAN’s, Network vMotion, Per-port policy settings (usually policy sits on the switch or the port group itself) NetFlow Port mirroring (for IDS/IPS systems), LAC/Etherchanne/LAG is only available on vDS and can be configured to load balance traffic

based on a number of criteria (source IP, dest IP , port etc).. LLDP

Configuration Limits vDS and vSS Allows 64 etherchannels/LAG groups per host Uplink ports per LAG (TEAM) 32 – minimum of 2ports per LAG Max vDS per host = 16

Other features of a virtual switch CDP – cisco discovery protocol LLDP (vDS only) Network Health Check – will compare the configurations of your vDS against your physical

switches to see if there’s any misconfiguration. NetFlow monitor traffic – can flow between your environments Port mirroring – send a copy of all traffic from one port to another.

Upgrading vDS version

Deleting a VDS/ Removing an ESXi Host from a vDS

Must remove the hosts and port groups from the VDS before it can be deleted:Removing an ESXi Host:

Verify that physical NICs on the target hosts are migrated to a different switch.

Verify that VMkernel adapters on the hosts are migrated to a different switch.

Verify that virtual machine network adapters are migrated to a different switch.

Removing/Migrate a single VM from a vSS to vDS Right click the VM you want to move > Edit settings > select the network adapter to want to

move it to > check the ‘Connected’ is checked – if the port group is on a diff subnet, you might have to ipconfig /release /renew

Migrate Multiple VMs to a vDSNetworking > Migrate VMs to another network > select either No Network or specify the source, then destination network.

OR- set the new network in the vnic and ipconfig /release /renew

Removing a vmKernel adapter (VMkernel port..) Analyze impact tool to see what affect it will have on

LACP on vDS , LAGsLimitations:

The LACP support is not compatible with software iSCSI multipathing. The LACP support settings are not available in host profiles. The LACP support is not possible between nested ESXi hosts. The LACP support does not work with the ESXi dump collector. The LACP control packets (LACPDU) do not get mirrored when port mirroring is enabled. The teaming and failover health check does not work for LAG ports. LACP checks the

connectivity of the LAG ports. The enhanced LACP support works correctly when only one LAG handles the traffic per

distributed port or port group. The LACP 5.1 support only works with IP Hash load balancing and Link Status Network

failover detection. The LACP 5.1 support only provides one LAG per distributed switch and per host.

Objective 2.3 - Configure vSS and vDS Features Based on Given Requirements

vDS and vSS Policies Policies can be set at the switch or port group level (vSS) vDS uses a limited amount of switch-level policies because vDS’s span multiple hosts (it

would be risky) – instead these can be configured/overridden at port group and individual port level = more flexible

You have to enable the ‘Override port policies’ settings (and choose from the below policy

options) at the port group level in order for the individual port to be able to set its own policy -

vDS Port Group and Port Level Policies: Security Traffic Shaping VLAN Teaming and Failover Resource Allocation Monitoring Miscellaneous (port blocking) (e.g. if you want to block a load of VM’s whilst you upgrade

some software) Advanced (override settings)

5 Load Balancing (Teaming) options for vds:How is traffic dispersed across multiple physical NICs:

Route based on the original virtual port ID (DEFAULT) (binds to 1 specific uplink) ID of virtual port to which VM is connected.

o Lowest overhead and is default for VSS and port groups on VSS.o No physical switch changes needed

Route based on source MAC hash (binds to 1 specific uplink) the VMs vnic MAC address is used to map the outbound traffic. Is compatible with all switches, even those that don’t support 802.3ad

o No physical switch changes needed

Route based on IP hash (uses multiple uplinks) : outbound NIC is selected based on a hash of src/dest IP addr. Requires more CPU

but can provide better distribution across physical NICs. Requires 802.3ad etherchannel to be configured on physical switch

Route based on physical NIC load: Only available on vDS (uses multiple uplinks) –checks the load on the uplinks, and distributes accordingly.

No physical switch configuration needed

Use explicit failover order (binds to 1 specific uplink): This setting does not perform load balancing Switch will always choose from its list of active adapters, the highest order uplink

that is not currently in use.

Teaming and Failover PolicyNetwork Failover Detection:

2 ways of detecting:Link Status Only (DEFAULT): Beacon Probing: sends beacon packets from each physical NIC, can detect physical errors as well as STP or VLAN misconfigurations.

You should not use beacon probing with IP-hash load balancing- can cause network flapping.

Notify Switches:Yes or No – switch can be notified when a VM’s traffic will be routed over a different physical NIC due to a failover event.

Only use NO is NLB in Unicast mode is being used. Lowest latency during failover operations using this method

FailbackYes or No. When a failure of an Active adapter happens, selecting Yes will mean the Standby adapter will be used until the previously failed adapter recovers.Selecting No means the Standby adapter will continue to be used,

Configuring VLANs on vDS: Three options on vDS – VLAN, VLAN Trunking and Private VLAN

o VLAN = 1-4094o VLAN trunking = can prune the range of vlans so the trunk only carries the VLAN’s in

use

Private VLAN: allows you to create a private VLAN exclusively for your vSphere environment. There are 3 types of private VLAN:

Promiscuous VLAN- this is the primary VLAN from your physical network (i.e the extension from physical to virtual, VM’s on this VLAN can be reached from any other VM in same primary VLAN.

Isolated: This is private VLAN used to create a separate network for highly sensitive VM’s – cannot communicate with other VM’s in other isolated VLANs, can only communicate with promiscuous VLANs

Community VLANs a private VLAN used to create a separate network for multiple VM’s – doesn’t exist in your physical network. VM’s on community VLANs can onlytalk to otherVM’s on same community VLAN, or promiscuous VLAN.

VSS Outbound-only Traffic Shaping 3 options: Uses port groups and port-level configuration:

o Average Bandwidth (kbit/s) – establishes the number of kilobits to allow across a port, averaged over time.

o Peak Bandwidth (kbit/s) - max aggregate traffic allowed for a port group or switch.o Burst size (KB) – Max number of bytes allowed in a burst

vDS Traffic Shaping Policies: Can be configured at port group OR port level, inbound or outbound.

Enable jumbo frames (set MTU size from 1500 to 9000) - should be configured on the physical switch, vSS or vDS and the VM’s – they must use vmxnet2 or e10000 vnic, cannot use vmxnet3 adapter.

Enable TSO (tcp segment offload support) – tells the NIC to add larger data chunks to TCP packets (reduces load on CPU to process TCP packets) – enabled by default on vmkernel interfaces on 5.5 + later.

o Disable TSO in the guest OS

Requirements for TSO (p149):o Requires enhanced vmxnet adapter – configured within the guest OS of the VMo Only supported on Windows Server 03 Enterprise SP2, or later (32 or 64)o Linux4 (64bit)o SUSE Linux Enterprise Server 10 or later

Types of VLAN Tagging:

External Switch Tagging (EST) – all tagging is performed on the physical switch Virtual Switch Tagging (VST) – all tagging performed by vitual switch before leaving the ESXi host Virtual Guest Tagging (VGT) – all tagging performed by the virtual machine

Section 3 - Configure and Manage vSphere 6.x Storage

Shared storage benefits: Central repository accessible from multiple hosts Scalable, recoverable implementations Clustering of VM’s across hosts Data replication HA, DRS, DPM, vMotion

Each vm is backed by a VMDK (its virtual disk). The hypervisor takes commands send from the OS to via the vSCSI adapter and sends it to the storage adapter, which writes to the VMDK.

Thick provisioned vs Thin Provisioned (thin is efficient, not zeroed, and space saver)….!

Eager-zeroed = the blocks of storage use for a thick provisioned disk all need zero’s written to the data blocks to they can then accept new data (in 1s or 0s). So a thick provisioned eager-zeroed disk is recommended for VM’s that use a high IO workload (like SQL ) = better performance.

ISCSI Controller Types and Use CasesStorage controllers appear to a VM as different types of ISCI controllers, the flavours are below, and which one to use is determined by the OS that’s installed on the VM

BusLogic Parallel LSI Logic Parallel LSI Logic SAS

VMware Paravirtual SCSI - used for I/O intensive apps (databases, SQL) and provide performance with low CPU overhead

AHCI, SATA, and NVMe controllers are also available.

LSI Logic SAS and VMware Paravirtual SCSI are available for virtual machines with ESXi 4.x and later compatibility.

AHCI SATA is available only for virtual machines with ESXi 5.5 and later compatibility. NVMe is available only for virtual machines with ESXi 6.5 and later compatibility. BusLogic Parallel controllers do not support virtual machines with disks larger than 2TB. Disks on VMware Paravirtual SCSI controllers might not experience optimal performance

gains if they have snapshots or if the host's memory is overcommitted.

Naming conventions for Local and SAN storage:

vmhhaN:C:T:L = vmhbaHostBusAdapterLocation(or number):Channel:Target(storage processor):LUNNUmber

ISCSI Initiators: Two processes have to be accommodated for if using ISCSI

o Discovery : the process of the host finding the iSCSI storage and identifying a LUN: Two discovery methods exist:

Static= manually enter the details for the initiator Dynamic = initiator sends a SendTargets packet is sent to the iscsi

server to retrieve a list of available targets.

o TCP offload: the process of deferring some of the mgmt aspects of the TCP Connection from the hosts CPU – this is done by a TOE engine (tcp offload engine)

How much work should a VMKernel port + a TOE engine perform? You can offset the work to Hardware/Dependent Hardware/Software ISCSI initiators:

Hardware initiator: expensive adapter provides the TOE function. VMKernel ports are not required. Can result in good performance, takes load off the

Kernel processors.

Dependent hardware iSCSI initiator: Card provides TOE, but VMKernel provides Discovery. VMKernel ports are required.

Software iSCSI: VMkernel ports only. High load on VMKernels, but can provide CHAP (up to 4 access sessions)

NFS

Network file system – is essentially a shared folder on a NAS drive. The NFS system has it's own OS and doesn't need any formatting. We can't boot from NFS

Zoning Definition: segmentation that defines which WWNs are visible to which WWNs through the

switch fabric

Masking Definition: Controlling what the storage processors tell the host with regard to the LUNs

they can provide

VFMSRemember 'raw, unformatted LUNS' – we can boot a VM from VMFS file system.

The datastores that you deploy on block storage devices use the native vSphere Virtual Machine File System (VMFS) format. See Types of Datastores

It is a special high-performance file system format that is optimized for storing virtual machines.

Disk groups must contain 8 disks total: 1 SSD and up to 7 other disks (Magnetic orSSD)

VSAN Requirements:Hardware

Minimum of 3 clustered hosts but max of 64 hosts 1 SSD or PCie flash disk (cache) and at least 1 magnetic disk or SSD for VM data storage A storage controller 32gb is required for each host to maximise the VSAN storage capacity

Network: 1gbps for hybrid, or 10gbps for all-flash configuration Each host must be part of the VSAN cluster in order to use it Same Layer2 network for all hosts MultiCast must be enabled IPv4 only, IPv6 is not supported

VSAN

Requirements for enabling vSAN

Minimum of three ESXi hosts for standard datacenter deployments. Minimum of two ESXi hosts and a witness host for the smallest deployment, for example, remote office/branch office.

Minimum of 6 GB memory per host to install ESXi. VMware vCenter Server. At least one device for the capacity tier. One hard disk for hosts contributing storage to vSAN data-

store in a hybrid configuration; one flash device for hosts contributing storage to vSAN datastore in an all-flash configuration.

At least one flash device for the cache tier for hosts contributing storage to vSAN datastore, whether hybrid or all-flash.

One boot device to install ESXi.

Network: At least one disk controller. Pass-through/JBOD mode capable disk controller preferred. Dedicated network port for vSAN–VMkernel interface.

o Dedicated 1 GbE supported for hybrid configurationso Dedicated 10 GbE for all flash configurations,. With 10 GbE, the adapter does not

need to be dedicated to vSAN traffic, but can be shared with other traffic types, such as management traffic, vMotion traffic, etc.

o Each host in a vSan cluster must have a vmkernel port dedicated to vSAN traffico All hosts must be connected to L2 or L3 multicast vSAN network.

Licensing: A vSAN license covers the total number of CPU’s in a cluster, and depends on the size

of deployment

Removing a host from VSAN cluster

Ensure there is sufficient capacity in the vSAN disk groups to decommission a node. Put the host into maintenance mode with full data migration selected. This will evacuate all disk

groups. Wait for resync traffic to complete and the host to enter maintenance mode. Delete the disk group(s) that reside on the host you want to decommission. Move the ESXi host out of the cluster to disassociate it from vSAN

Note: You may also run esxcli vsan cluster leave command from the command line to leave the cluster.

Objective 3.1 - Connect Shared Storage Devices to ESXi Hosts

-CIFS is not suppored in ESXi.

NFS v3: Storage traffic is unencrypted, so it can only be used on networks that we 100% trust. Another limitation is it can only use 1 IP address (a single TCP connection) for I/O to the

storage device. The ESXi Host must also have root access to the NFS server to operate.

NFS 4.1 BENEFITS Kerberos supported. Server side error checking Allows multipathing and load balancing Built in file locking Removes the need for root access. Uses AD/DC and a KDC. VAAI is the vSphere API for array integration – helps you perform vSphere functions on NFS.

NFS and Thick Provisioning, Thin Provisioning Virtual disks created on NFS datastores are thin-provisioned by default. To be able to create

thick-provisioned virtual disks, you must use hardware acceleration that supports the Reserve Space operation.

Storage I/O Control – what it does: You allocate shares and upper limits of IOPS for each VM – when the I/O is congested, the

IO workloads are adjusted in proportion to the VM’s shares.

Storage I/O Control Requirements Does not support datastores with multiple extents Is supported on Fibre channel, iscsi and NFS connected storage. RDM is not supported Must be managed by single vCenter server

Cannot mount NFS shareCan be caused by the following:#

Port misconfiguration – try using a different vmnic (or move NICs to Standby/Un-used)

Check DNS entries are correct Run the esxcfg-firewall –q command to check the ESXi firewall ports Open the NFS client firewall ports 111 and 2049 UDP and TCP by running esxcfg-fire-

wall –enableService nfsclient Restore the mount by running esxcfg-nas –r , check it with esxcfg-nas –l Ping and vmkping the NFS serveraddress Check access on the NFS server is set to Anonymous user, root user (no root squash) Check vobd.log

Objective 3.2 - Configure and Manage Software Defined Storage

Virtual Volumes VVOLs PE – protocol endpoint – used to link a logical adapter to the physical storage Allows use of native snapshot

5 types of VVOL object: Config – VM Home, Configuration files, logs Data – Equivalent to a .VMDK Memory – Snapshots SWAP – Virtual machine memory swap .vswp Other – vSphere solution specific object

Requirements for VVOL Step 1 . Register storage providers for virtual volumes Step 2. Create a virtual datastore Step 3. Review and manage protocol endpoints Step 4. Modify multipathing policies (optional)

Limitations of VVOls Does not support RDMs Cannot be used with standalone ESXi

Objective 3.3 - Create and Configure VMFS and NFS Datastores

Extent = adding a LUN to an existing LUN – effectively allowing 2 luns to span a volume, but you only see 1 datastore/volume .How to do extent:

1. Datastores > Increase Datastore Capacity > Select LUN > Use all available partitions

Expanding = expanding the datastore into the existing LUN (the LUN is expanded to accommodate this)How to expand:

1. Datastores > Increase Datastore Capacity > select the LUN and click next

You can expand, and extend a datastore without taking it offline

MultiPathing and Path Selection for storage devices:

Multipathing – what is it, what is configured when SAN is Active/active

Hosts will generally make the best choice so you don’t need to change defaults - 3 options exist for managing multipathing

Fixed (default for Active/Active SAN setup)- a preferred path is used and incase of failover, will failback afterwards.

Round Robin - uses multiple paths Last Used Path (default for Active/Passive SAN) -

VFMSVFMS-5 Benefits:

2tb+ for each extent is supported. Up to 64tb Standard 1mb file block sizes with support of 62tb virtual disks Support for 2tb+ disk size for RDM’s. Up to 64tbs Online-in place upgrade capability. You can only upgrade VFMS3 datastores to VFMS 5,

you can’t create VMFS-3

Deleting a VFMS Datastore/delete VFMS: No VM’s can reside on the store Datastore cannot be part of a datastore cluster Cannot be managed by Storage DRS Storage I/O control must be disabled Datastore cannot be used for HA Heartbeat

Requirements to create an NFS Server: Hostname or IP of target share. Shared folder or hierarchy of folders (this is CASE sensitive) RW Permissions for the share Synchronous (instead of Async) for communication – system should report when each task

is complete, not ‘when it has begun’ No root_Squash (default settings) – root squash is when an attack presenting itself as root is

given privileges –but this might prevent you from accessing the VM files.

Remember, once storage is configured, you use a iSCSI initiator (dependent, or software) to connect to it.

Section 4 - Deploy and Administer Virtual Machines and vApp

Objective 4.1 - Create and Deploy Virtual Machines

VM Configuration Maximums Sphere 6.7 256 vCPU (in vSphere 6.5 = 128) 6128gb RAM (or 6tb persistent memory) 4 virtual storage adapters 62tb virtual disk size

Virtual Machine Hardware versions, VM hardware, virtual hardwareHardware Version 13 is required for ESXi 6.5+, this enabled the following Virtual Machine hardware configurations:6tb of RAM (version 11 only supports up to 4tb)128 CPU processors10 NICsVirtual NVMe now supported

VM Hardware Compatability / VM Hardware Compatability with ESXiLowest version of VM Hardware that is compatible with an ESXi 6.5 host is Version 4, but realistically version 7 (See above).

VM Guest Customization:Requirements

Install Sysprep tools on the vCenter server- they will use this for customization during cloning operations.

Ensure VMware Tools is installed on the template or VM Guest OS must be installed to a disk on SCSI node 0:0 on the VM configuration

VMWare Tools Benefits/Contents: SVGA display (res up to 800x600) Balloon driver (for memory management) aka vmmemctl Sync driver for quiesing I/O VM heartbeat – detects the OS failing and can restart or correct the fault Tim sync with host Gracefully shut down a VM

VMWare Tools Options (under Edit Settings) are: Power Operations Run VmWare tools scripts Time Tools upgrades

VM Memory/ Virtual Machine Memory over commitment see ‘Memory Reclamation’

-VM’s use Shares, Reservations and Limits to manage memory.- ESXi implements various mechanisms such as TPS, ballooning, memory sharing, memory compression and swapping to provide reasonable performance even if the host is not heavily memory overcommitted – in other words, to be able to overcommit memory to a VM, we have to be able to reclaim unused memory efficiently -

Memory Sharing Using TPS ‘transparent page sharing’ to reduce redundant pages of memory being

duplicated – if VM’s run similar apps/workload – they group together their data to better utilize the memory

Ballooning Guest OS’s are not aware of host memory shortages, the VM guest OS only uses the

memory they are told/presented with. Balooning bridges this gap between VM and Host and their respective memory availability.

How it works: A balloon driver (pseudo device driver) runs in the guest OS, when the hypervisor is

overloaded/overcommitted and needs more memory it will tell the balloon driver its target size e.g. below = 2 memory pages.

If a guest OS can accommodate, the balloon driver inflates to ‘reserve’ the pages, and pin them so the hypervisor can use the memory pages.

If the guest OS commits memory to the balloon, and is already over-commited, it will use paging (i.e. swap file) to fulfil its needs.

If the host utilization returns to normal levels, the balloon deflates and memory is reallocated to the VM.

Swapping Is used as a last resort method after TPS and Ballooning

When does the Hypervisor use memory reclamation? (see ‘when to reclaim host memory’)

4 thresholds states exist in esxtop – ‘High, Soft, Hard, Low’ In ‘High’ state the hypervisor does not reclaim memory via ballooning or swapping,

regardless of whether it’s over committed. If host drops towards ‘Soft’ – it starts to use ballooning If the state drops towards ‘Hard’ – swapping is then used

VM Options Menu

Virtual Machine Options (menu) General VMWare Remote Console – set VM to lock guest OS when last user disconnects VMWare Tools – Power Operations, Run Vmware Tools Scripts, Tools Upgrades, Time Power Management – standby response 2 options: Suspend the VM, or Put guest OS in

standby but leave VM powered on) Boot options Advanced – swap file location(Moving a swap file to SSD storage will improve the VM

performance) debugging settings (3 options:debug, statistics or ‘run normally’) Fibre channel NPIV Swap File Location – swap file location can be set at the cluster level, host or VM level via

Manage > General (cluster) Manager > Settings (host), Edit Settings > Advanced (VM)DEFAULT setting is: Use settings of cluster or host

Console access to VM: Console to VM from the summary tab or right click > Open Console. Use VMRC

Hot Add CPU or Memory via the Settings page. VM must be powered off and check the ‘CPU hot Add’ box, then

power it on, before you can hot-add more CPU. Memory Hot Plug > same as above but for memory, VM must be powered off.

Remember: memory is what the OS is told it has in memory – you could provide memory from disk using a swap file and trick the VM into believing it has more RAM.

Changing the name of a VM: Under VM Options this only changes the display name – the underlying VM files will still use

the old name. The files on the datastore will use the ‘old’ name.

CPU Hot Add VM must be powered off Enable with check box

Orphaned VM – how does this happen Removing a port group whilst the VM is still assigned to it The ESXi host is not responding or disconnected The VM configuration file is locked The VM configuration file is missing The VM configuration file contains invalid options or text errors During VMware Tools Installation or Update

DirectPath I/O Passthrough Benfits: Allow a VM to monopolize a specific physical card.

Requirements for DirectPath I/O:-VM hardware version 7 or higher-The host of the VM must have IOMMU enabled- Host if the VM that will enable it must be configured for DirectPath - VM can’t be directly connected to more than eight devices at a time

Costs/What you lose with DirectPath IO devices HA, DRS, snapshots, FT and hot-add of devices is lost. It’s a bespoke, one-off thing to

configure

Objective 4.2 - Create and Deploy vApps

vApps are a bit like a resource pool – imagine a web server that needed a SQL backend, front end and you want to manage all 3 objects as 1 resource. vApps do this.

vApps allow management of CPU and Memory

vApp Requirements: Standalone host running ESXi 4.0 or higher A host cluster that is enabled for DRS Default IP method is static assignment

How to create a vApp:Web client> select Cluster, or a Host > New vApp

Cloning vApps2 methods:OVF – ‘Folder of files’ – best for content librariesOVA – Single file – useful for USB or removable storage

IP Pools and IP allocation for vApps:Available options:

IP Poolso Used by vApps to give network identityo Used when the vApp is in Transient mode IP allocation.

DHCP Static

How to configure Hosts and clusters > Manage > Network Protocol Profiles

Add an object to a vApp or here

Exporting vAppRequirements to export vApp

vApp must be powered off Right click vApp > OVF Template > Export OVF template

vAppliance, can be exported as an OVF = contains 3 files, OVF,VMDK and MF. These can be used separately, use case suited to

publishing the files on a web server.

3 OVF Files created at export:Manifest file = .mf – contains a SHA-1 digest of the other two files for integrity verification.Descriptor file = .ovf file (it’s an .xml but ends with .ovf) contain OVF details, preferences, description of contents etc.Virtual disk file = .vmdk

OVA = 1 file, good for USB transporting

Editing vApp settings set IP (DHCP, Static), Properties, Product, Start order etc.

Start Order: great for setting wait times, and scheduling certain resources powering up and waiting e.g. a DC needs booting before a web server.

AuthoringEditing their settings – Authoring settings let you change things like Start order, product name, version, URL, vendor, vendor URL, application URL Also contains the below sections:

IP Allocation:Default – Static (manual IPv4) IP Pools is also an option

Objective 4.3 - Manage Virtual Machine Clones and Templates

Cloning a VM: You can customise a VM during cloning Without customizing, you get an exact copy VMs can be cloned when powered on or off

Cloning encrypted VM It keeps the same encryption keys, so the VM will need to be recrypted via the API plugin

Restore/Delete /Remove VM from inventory:Deleting from disk can only be restored from a backup

Creating a Template You can clone a template from a running VM (but you get a template+ the original VM) Templates can’t be powered on

Content libraries

Can be accessed by administrators from different vCenters but the same SSO domain2 types:Local or Subscribed

Subscribed: Options to Download all content or only meta data Supports OVF – store OVF of VM’s and templates Click: Home> Content Library > Subscribed Content Library

Local: Only the administratorcan change content or delete the library

Optimized: Allows streaming over HTTP

Objective 4.4 -Administer Virtual Machines and vApps

VM File types

0000x.vmdk –SNAPSHOT changes/disk file – records changes in the VM in order for revert-to-snap to work..vmtx – VM Template file – descriptor file for a vm that’s been converted or clones to a template.-rdm.vmdk – pointer file for vm to see the raw LUN

VM Swap Files Swap file is created at power on and = swap file = configured memory- memory reservation

Snapshot Requirements

Calculating the overhead required by snapshot files

The failure depends on the size of the virtual disk. All virtual machines that have disks and virtual-mode RDMs greater than the maximum supported size by VMFS may experience this error. Overhead for the snapshot is approximately 2GB for a disk size of 256GB. If snapshots are to be used, consider the overhead while deciding the size of the disks

Remember the overheard applies per disk attached to a VM so 2x 20gb disks would need 2x2gb=4gb Maximum VMDK size Maximum Overhead Maximum size less overhead

256GB - 512B ~ 2GB 254GB

512GB - 512B ~ 4GB 508GB

1TB - 512B ~ 8GB 1016GB

2TB - 512B ~ 16GB 2032GB

Securing VM’s-vShield endpoint – can be a separate security server to offload the AV scanning from the vms to improve performance.-Remove unnecessary hardware devices – i.e. cdrom drive, or ISO connected at startup - don’t leave stuff attached!-Limit guest OS writes to host memory:-Configure logging levels for Guest OS – VM’s write log files on datastore, vmware recommends setting this to 10 log files, each one limited to 100kb.

VM Storage PoliciesCompliant/Non Compliant/Out of Date/Not Applicable

Encrypt Virtual Machines Encrypt VM Requires a KMS server All machine files are encrypted Available for vSphere 6.5 and above

Section 5 - Establish and Maintain Availability and Resource Management Features

Objective 5.1 - Create and Configure VMware Clusters

Clusters are created to utilise DRS or HA.

Creating ESXi cluster VSAN, HA and EVC (enhanved vmotion) can be enabled during cluster creation

Removing host from cluster: Remember VM’s must be migrated off the host if you’re removing a host from a cluster – use Maintenance Mode to allow DRS to migrate the VM’s to an alternative host.

o Adding hosts to a cluster when they have pre-existing Resource Pool hierarchy –select ‘graft’ the resource pool into the cluster, otherwise it will be deleted

View the VM’s on a cluster via Related Objects tab

DRS Cluster Requirements All DRS cluster hosts must use shared storage If using VFMS, follow these requirements CPU must be same vendor across hosts – use EVC or CPU Compatability Masks to hide or

align the configurations so vMotion completes successfully DRS migration recommendations feature requires all hosts be connected to a vMotion

network

Disabling DRS, Turn DRS off When DRS is disabled, the cluster’s resource pool hierarchy and affinity rules are not re-

established when DRS is turned back on If you disable DRS, the resource pools are removed from the cluster

Predictive DRS Uses vSphere Operations Manager data and DRS to make predictive vmotions of resources

depending on peaks/troughs in utilization

Maintenance Mode: Placing a host in maint mode migrates all VM’s that can vMotion to another host.

Datastore Cluster Requirements Can’t mix VFMS and NFS storage Datastores across multiple data centres cannot be added to a cluster

All hosts must be running ESXI 5.0 and above Best practice tip: disable hardware acceleration (or ensure all hosts are homogenous if they

have it running)

vSphere HA Explained HA is a pre-req for FT, it will restart VM’s on other hosts if it’s FDM Agent (installed on hosts)

detects a failure on the host When enabled, an election process takes place to nominate a Master host, and remaining

hosts in a cluster become slaves.

Master will monitor VM’s and their Guest OS by polling vCenter server. When a HA failure occurs: Network traffic and then data store heartbeats to determine if a

failure has occurred.

vSphere High Availability HA Requirements HA uses management network and storage networks to monitor the master/slave nodes

and VM’s Hosts have must shared storage access Shared networking amongst hosts (they all should have access to the same switches)

Network used by HA:If VSAN Enabled = usesVSAN storage networkIf not VSAN enabled = Management network

VM Monitoring / HAWith vSphere HA enabled, it will monitor VM’s and reset them if:

No heartbeats are received within a configured period of time (caused by Guest OS crash)

No disk I/O occurs for 120s (default value)

ProActive HA-Requires DRS to be enabled before it can be utilized.- Providers (vCenter plugins) need to be installed and vary for each vendor – it allows the plug-in to be registered in vCenter and monitor hardware faults (power supply, memory, network cards, SSDs etc)

Offers 3 remediation modes: Quarantine mode for all failures Quarantine mode for moderate and maintenance mode for severe failures (mixed) Maintenance mode for all failures

VM Component Protection VMCP;When a VM loses connectivity to storage it was provided, Component Protection offers 2 solutions to event types:

Can be configured as part of HA configuration / HA should be enabled for this to work!

Data store connectivity will be checked by the host that is receiving the inventory of a failed host

PDL – permanent device loss – when a storage array issues an iSCSI sense code stating the device is unavailable. E.g. LUN failure

Responses: Disabled (no action), Issue events: notify admins that a PDL has occurred, but take no actions, Power off and Restart VM’s: restart VM’s on a diff host.

All Paths Down APD – host cannot reach the storage, but it doesn’t know why (no sense code generated). The host has a ping/timeout of default 140s to try and re-establish connection. After that is

o Same responses as above with additions: Power Off and Restart VM’s (aggressive) – force terminates connection to

existing host, and tries to move to another – regardless of availability of suitable backup host

Delay of VM failover for APD: Adds 3 minutes to the default timer – totally5 minutes 20 seconds – which is called VMCP Timeout

Response for APD recovery after APD timeout: 2 more options: Disabled or Restart VMs

DRS Migration Thresholds: settings: Default is setting 3 on slide (good improvement to load balance) Settings 4: applies recommendations that promise a moderate improvement on clusters load

balance Settings 5: will migrate vm’s for even a slight improvement to load balance

Automation Levels for DRS: Initial placement = which host should the VM’s be powered on in the first place. Options: Manual: vCenter makes initial placement recommendation Partially automated: vCenter auto chooses the right host for initial placement but no further

recommendations.. Fully automated: vCenter makes all decisions including load balancing

Admission Control Policy:

Tells a host to reserve some of its resource by not allowing anymore VM’s to start on it – when HA is in use, hosts have to reserve resources in the event of a failover, so using the Admission control policies you set the conditions for how this is managed:

Override admission control policy by using ‘Do not reserve failover capacity’ this will let you start/move a VM if the policy wasn’t previously allowing.

3 Admission Control Policies Define failover capacity by static number of hosts: (DEFAULT) generally this is set to 1 which = 1 host can fail and all the VM’s on the failed host can be

restarted on another host.

Uses slot size (i.e. the largest VM’s on your cluster CPU/Mem/Disk and considers all VM’s to be this size ) to determine how many ‘slots’ each host that is reserved can support in a failover event.

Define failover capacity by reserving a percentage of the cluster resources: HA continually compares the total resource requirements for all VMs with the total capacity

that it has derived from your settings.

Use dedicated failover hosts: Basically chooses a host(s) to be dedicated standby hosts (not quite HA…) it’s offered as an

option but not recommended, wasteful use of resources.

VM Overrides:To override the cluster settings for DRS, you can use VM overrides:

2 options:VM Restart Priority: DEFAULT is MEDIUM

The cluster is usually set to Medium, so you can then set an individual VM to have high/lower priority of restart.

Host Isolation Response: DEFAULT is ‘Leave Powered On’ Determines what the host does with VM’s when the host is not receiving heartbeats

on its mgmt network or disconnected from management network.

Reasons to leave @ default – if you had an app server, you don’t want it powering off OR your networks are on separate physical NICs

Storage DRS:When you enable Storage DRS, you enable the following functions.

Space load balancing among datastores within a datastore cluster. I/O load balancing among datastores within a datastore cluster. Initial placement for virtual disks based on space and I/O workload.

Affinity Rules Used with DRS environments Each rule is configured with a should rule or must rule e.g. Hosts in VM group: Prod

DB must run on hosts in group ‘Host group A’ – basically mandatory or preferential

VM-VM affinity rule = DRS tries to keep individual VM’s on specified hosts - e.g. if you had a load-balanced, tiered application server, you don’t want both app servers on the same host.

VM-Host affinity rule = DRS tries to keep a group of VM’s on group of hosts

Conflicts? DRS will choose the oldest rule first, and then give precedence to anti-affinity rules.

Storage DRS / SDRS Affinity Rules Used with Storage / SDRS

VMDK Affinity Rules aka Intra-VM VMDK Affinity Rules = Used to keep the a VMDK for a VM on the same datastore in the same datastore cluster

VMDK Anti-affinity rule keeps certain hard disks on different datastores within a cluster

Watchdog Protection Is a process that monitors and protects vCenter Server services. It is available on both the

vCenter Server Appliance and the Microsoft Windows–based vCenter Server versions and is enabled by default.

If any services fail, Watchdog attempts to restart them. If it cannot restart the service be-cause of a host failure, vSphere HA restarts the VM, running the service on a new host. Watchdog can provide better availability by using vCenter Server processes (PID Watchdog) or the vCenter Server API (API Watchdog). Each vCenter Server process has a separate Watchdog process associated with it

Objective 5.2 - Plan and Implement VMware Fault Tolerance

Benefits of FT FT is like a failover – keeps a identical copy of a running VM for failover purposes.

Limitations of FT:- vCenter server system is limited to 4vCPU- Only protects against hardware failures, no application, or outages caused by patching.- With FT turned on, the VM memory reservation, size and limit and number of vCPU’s cannot

be changed. Disks cannot be added or removed either.- FT is not supported with VM’s with 2tb+ disks

Explanation Primary VM copies itself to Secondary using vMotion, Secondary is connected to Primary,

but not on the main network, Secondary copies itself to a new ‘Third’ VM if a failover from primary to secondary occurs (hardware failure).

Sends changes to machine memory dynamically, depending on workload of the VM – the busier vm’s memory the harder it works, the ms response time slows when the VM is not being used

Why use it? For highly available hardware (or to ensure uptime of an app) during a project When clustering isn’t available for an app, critical VM Can be enabled on a powered on Home > VM’s and Templates > right click a VM > Fault Tolerance> Turn on Fault Tolerance

Host Requirements for FT fault tolerance: minimum of 3 hosts in a cluster.Hosts must have certificate checking enabled, be of the

same ESXi build, Standard License supports 2x vCPU’s / Up to 4 vCPU’s supported with Enterprise Plus –

processors should be FT compatabile (Intel Sandy Bridge or AMD Bulldozer) Access to shared storage (zero thick, thick or thin) . Host processors must be compatible

with one another. Use a 10-Gbit logging network for FT and verify that the network is low latency. A dedicated

FT network is highly recommended. Hosts must have hardware virtualization enabled.

What it uses: Fast check-pointing technology to replicate to the failover host

FT is a hot-failover solution – where there is zero downtime for a high priority VM.

How to configure: Distribute each vmnic team over 2 physical switches Use deterministic teaming policy (i.e. originating portID) – this ensure the traffic types stay

on their own specific vmnics Configure all active adapters for specific traffic type (FT logging, vmotion).

The option to enable FT is disabled or greyed out- Insufficient license OR, VM lives on a host in maint or standby mode, OR, VM is orphaned or

disconnected, OR, user doesn’t have permission to enable it.- FT is not supported with VM’s with 2tb+ disks

Virtual Machine Application/OS Clustering/Availabillity OptionsWindows Server Failover Clustering (WSFC) is one method of guest OS clustering that can be used with the Windows version of vCenter Server 6.0

Objective 5.3 - Create and Administer Resource Pools

What are they? Resource pools let you manage the aggregate total resources allowed to VM’s within the

pool. Set CPU and memory resources are:

Shares: Establish relative priority between resource pools. (low, normal, high, custom) Reservation: Guarantee’s a certain amount of resource for a resource pool.Limit: Cap on resources that can be consumed by the VMs in the pool.

Must be configured with VM’s powered off Limits cant be raised on running VM’s

Expandable Reservation: defines whether the resource pool can borrow more resources from its parent

Requirements: Resource pool hierarchy must be created on a DRS cluster or standalone host. Resource pool must be added to the hierarchy

Benefits: Sharing of resources within pools and allocation of resources between pools Access control and delegation

Resource Pools and DRS clusters:

Each standalone host and each DRS cluster has an (invisible) root resource pool that groups the resources of that host or cluster. The root resource pool does not appear because the re-sources of the host (or cluster) and the root resource pool are always the same.

Users can create child resource pools of the root resource pool or of any user-created child resource pool. Each child resource pool owns some of the parent’s resources and can, in turn, have a hierarchy of child resource pools to represent successively smaller units of com-putational capability

Deleting a Resource Pool:

Remove any VM’s or nested resource pools from the one you are deleting, before deleting it.

Adding Virtual Machines VM to Resource Pools – Consequences for Share Values

Share values can be: Low , Normal, High, CustomWhen you move a VM to a new resource pool:

The virtual machine’s reservation and limit do not change. If the virtual machine’s shares are high, medium, or low, %Shares adjusts to reflect

the total number of shares in use in the new resource pool. If the virtual machine has custom shares assigned, the share value is maintained.

vFlash Requirements : Create a resource container backed by SSD, a flash cache local to a host Cannot be created on a VMFS volume Cannot be used with VSAN Does not support RDM’s in Physical mode DRS and HA is supported (DRS can manage the cache objects during vMotion, HA will

restarta VM on a host, but only if it has enough vFlash cache available to do so)

Configuring vFlash for VMSelect VM > Edit Settings > Virtual Hardware > Hard Disk > enter value in ‘Virtual Flash Read Cache’ text box > optionally, select block size and cache size reservation

Benefits: Add Capacity (menu option) Storage is local to the host (benefit) – no traversing network

Migrating vMotion a VM with vFlash Configured vSphere DRS does not automatically migrate virtual machines with vSphere Flash Read

Cache as part of its load balancing operations

Objective 5.4 - Migrate Virtual Machines

ESXi Requirements for vMotion: Access to shared storage used by the VM on fibre, iscsi or NAS. 1gbps Ethernet link CPU’s must be same vendor and family on both hosts Cross switch vmotion – moving from a vDS to another Hosts must be on same VLAN,

The VM’s requirements: No internal connections to internal switches (no uplink adapters) No .ISO external devices No CPU affinity configured Swap file should be accessible. If an RDM is in place, the RDM must be accessible by the destination host as well Remote backing error can occur if a CD-ROM is attached to the VM You can vMotion and Storage vMotion a VM with snapshots

RDM, Migrating VMs with RDMRDM’s can be either

Physical – does not allow the VM to be cloned, converted to template, or migrated (if you’re moving disk files with it)

Virtual – allows snapshot, cloning and migration (the contents of the RDM are copied to a .vmdk file)

Max capacity for a virtual hard disk is 62tb – but anything over 2tb requires hard-ware pre-reqs:o FT isn’t supported at greater than 2tbo Must be VFMS-5 volume or NAS NFS shareo Snapshot can be v.slow, performance degrades

Migration Flavours for vMotion

Cold migration = vm powered off OR suspendedvMotion = powered on, Hot migration, required CPU instruction set. Also a suspended vm needs a CPU instruction set.Storage vMotion = move the underlying VM files to a different datastore (aka ‘Storage only’ in the migration wizard)

Shared-nothing vSphere vMotion: Migrate a powered-on virtual machine from current host and datastore to a new host and a new datastore as we are not using shared datastore here instead local datastores. Physical RDM’s cant be migrated.

Cold Migrations / Cold Migration Cold migration is termed for powered off or suspended VM’s. If migrating from 64bit host to 32bit host, a warning will appear during a powered off cold

migration. CPU checks do not take place for powered off cold migration . CPU checks DO take place for

a suspended cold migration.

Cold migration process: If moving files to a diff datastore, the NVram, log and suspend files are migrated The VM is registered with the new host After migration is complete, the old version of the vm is deleted from source host and

datastore (if a storage vmotion was ticked) vMotion sends the machines memory state from one ESXi host to another

Networks used during vMotion The Provisioning network is used (if configured), otherwise it falls back to Management

network. The vMotion network is not used for cold migrations! Cold data (snapshots, vmdk’s etc)

doesn’t use vMotion network.

Hot migrations Uses the vMotion network for hot data. CPU checks and compatability checks will take place

vMotion requirements: VM must be powered on ESXi hosts must be time synchronized ESXi hosts must have visibility of shared storage (but non shared storage is possible) ESXi hosts must be v6.0 or greater

vMotion without shared storageRequirements:

ESXi 5.1+ or greatr RDM’s must be accessible at destination Destination host must have access to destination storage

Encrypted vMotion Enabled by default for VM’s that are encrypted, to force it on unencrypted VMs:

Select VM > Edit Settings > VM Options > Encryption > Required, Opportunistic (use encryption if source and destination support it), Disabled

Storage vmotion: Moves files a vm is actively using (VM can be powered on)

Enhanced vMotion and EVC (Cross Host vMotion) –

Migrate to a new host whilst files migrate to another datastore. A CPU Feature set is inspected to check the versions match on source and destination host including:

- CPU vendor, model-BIOS settings -ESX/ESXi version -VM virtual hardware version

Enable EVC mode on the cluster to tell the hosts to present a certain ‘feature set’ to the VM’s – so they all pass compatibility checks

EVC Enhanced vMotion Compatibility (p409)What is is:

Ensures hosts present the same feature sets to VM’s in order to allow vMotion to work. VM’s perform a compatibility check before vMotion takes place, this allows you to have

CPU’s that aren’t all identical to be used in EVC mode.

Requirements of EVC: All VM’s should be in parity with EVC mode All Hosts must have same CPU vendor ESXi 3.5 or higher Hardware virtualisation enabled on CPU features

Long Distance vMotion Requirements: Enterprise Plus License Latency no higher than 150ms Shared L2 network (VXLAN) You must place the traffic related to virtual machine files transfer to the destination host on

the provisioning TCP/IP stack (i.e. not the default IP stack)

vMotion Tricks-Use it to change the underlying storage type thin/thick/zero the provisioned at the destination that you move it o -Use it to change the display name of a VM within vSphere. Unfortunately it won’t change OS hostname. - Move swap file location to SSD storage on the host – this will improve vMotion times.

Rename VM, Change VM hostname, VM Machine name During a storage vMotion you can rename a VM’s files

Objective 5.5 - Backup and Restore Virtual Machines

VDP – VMWare Data Protection A replication service for replicating individual VM’s Requirements:

vCenter 5.1 or higher, ESXi 4.0 or higher Included in Essentials Plus license and above Can replicate up to 8 VM’s simultaneously, no downtime required

VDP Sizing Requirements / Considerations Number of protected virtual machines Amount of data contained in each protected virtual machine Types of data being backed up (OS files, documents, and databases, for example) Backup data retention period (daily, weekly, monthly, or yearly Data change rates

Use case and Benefits of using VDP Only good for small organizations with 100 or less VMs Reduces disk space consumed by backup data by using patented variable-length

deduplication across the backups

VDP Requirements:

Small (.5TB): 4x2ghz, 4gb, 873 GBMedium (1TB): 4x2ghz, 4gb, 1600gbLarge (2TB): 4x2ghz, 4gb, 3100 gb

Size can’t be changed after deployment

vSphere ReplicationWhat it does:

- Replicates a running virtual machine to off-site – useful for creating a warm DR site- Install once instance in primary DC, and one at secondary - Uses a VAMI interface to make changes onceinstalled- OVA package to deploy it

Benefits: VDP can be used whilst a VM is running

Limitations : - Does not support VM’s with snapshots - Creates multiple PIT (Point In Time) snapshots of a machine (so it could replicate a infected

machine…) – set in the retention policy – hence why it can’t support snapshots…presumably.Configuring (p444)

Configuration: LookupService address box – enter FQDN of where lookup service runs

Replicating a VM and enabling multiple Point in time PIT instances

vSphere Replication retains a number of snapshot instances of the virtual machine on the target site based on the retention policy that you specify.

vSphere Replication supports a maximum of 24 snapshot instances. After you recover a virtual machine, you can revert it to a specific snapshot.

Recovering a VM using vSphere Replication:

RPO can be set to 5 minutes if the the target and source sites use VSAN

Unregister the primary VM from the Data centre Configure replication to occur in the reverse direction

Objective 5.6 - Update ESXi and Virtual Machines

Upgrade options for ESXi in 6.7 Interactively : via CD, DVD, USB (disconnect any shared storage to improve install time) Scripted upgrade (commands) using the install comand Using Auto Deploy to reprovision hosts with a new image Using esxicli to deploy a VIB, image profile or .zip file example fetching a VIB from a URL:

esxcli --server=server_name software vib update --depot=http://web_server/depot_name

Upgrading to ESXi 6.7 from earlier versions Upload the ESXi image to VUM Create an upgrade baseline and attach it to the legacy hosts, cluster OR data centre level Scan for compliance, remediate!

vCenter Update Manager (VUM) Requirements (p475): Is included in vSphere installation Manager and can be downloaded Must be installed on Windows server and connected to SQL or Oracle DB .NET 3.5 SP1 pre-req vSphere client Plug-in required to use it

Types of VUM baseline:2 types of baselineFixed = remains constant, e.g. a specific patch you want to ensure is deployed to your hostsDynamic = changes over time e.g. All security patches from X date..

Host (ESXi) Patch – vmware patches for hosts Host Extension – i.e. plug-in or third party software that extend the capabilities of a host Host Upgrade – specifically for upgrading ESXi hosts VA Upgrade – virtual appliance upgrades (provided by vendors of VA’s) VM Upgrade – vmware tools and virtual hardware upgrades

Update Manager > Create baselines for patch or updates Patch Descriptions are actually downloaded when update manager does it’s automatic

update You install a service, then need to install a plug-in to configure Update Manger.

Restart VUM service Web Client > Administration > System Configuration > Services > Restart service

Host Profiles .vpf file extension for host profiles (exported), but customizations to a host profile are

exported as .csv file. Manage via the hosts and clusters view only All passwords are wiped when you export a host profile Schedule a compliance check, but cannot schedule a remediation …

Section 6 - Perform Basic Troubleshooting of a vSphere 6.x Implementation

Can’t login to vCenter via web client Verify time is synchronized between VCSA (using PSC) vCenter server, and DNS

vSphere HA virtual machine failed to failover-Caused by a host losing network connectivity, but still running VM’s (therefore locking their machine files) – the VM’s can’t be migrated off the host because of this, so the above error occurs.

Objective 6.1 - Perform Basic Troubleshooting of ESXi and vCenter Installation Issues

ESXi Host ‘Troubleshooting Mode’ options

Accessing TSM Tech Support Mode Enable Tech support mode (TSM) DCUI (direct connect user interface) > Troubleshooting option > Enable ESXi Shell – then log into it remotely using SSH.

Or Log into it via DCUI

License Assignment Issue: You have to have a license that covers all enabled features on a host To Fix:

o Obtain and assign appropriate key with larger capacity (to accommodate features or more hardware)

o Upgrade the license edition to cover the features in use on the hosto Disable the features that are not covered by the key you are attempting to assign

Reverting ESXi to a previous version Press shift+r during boot to reach Recovery Mode This can only be performed is ESXi was upgraded using VUM, a VIB package, an ISO ora

profile installation/removal.

Monitor host health > Monitor > Hardware Status Uses SMASH to gather and collect data in host monitoring view

Objective 6.2 - Perform Basic Troubleshooting of ESXi and vCenter Operational Issues

DCUI Available Log Files:

Syslog: logs messages from the VMKernel and other system components to local file or a remote host

VMKernel: Show uptime and availability statistics Config: info on host hangs, crash or auth issues Management Agent aka hostd: logs specific to the host services that connect to your esxi

host VirtualCenter Agent aka vpxa: Additional logs that appear when your ESXi host is connected

to and managed by a vCenter. Vmware ESXi Observation log vobd: Logs changes to the configuration of your host and

their result

Retrieving Log FilesESXi Host logs Exist in 2 places:

DCUI > View System LogsvSphere Web Client: Select Host > Monitor > Log Browser > Retrieve Now

vCenter Installation issues: If installation fails, a Setup Interruption page appears and log files are .zip’d to desktop.

Retrieve vCenter Log Files (if installation error) c:\programdata\vmware\vcenter-server\logs Also maybe: %localappdata%\Temp

Collect deployment log files (vCenter Appliance): %appdatalocal%\Vmware\CIP\vcsaInstaller (folder) .tgz file is created if you need a support bundle – to create this use URL to browse to vCenter

server

Exporting Diagnostic LogsLog Bundle:Web client > Click on the item you want to create logs for > Monitor > System Logs > Export System Logs

ESXi Connectivity Issues / Host lost connection to network Ensure portfast is enabled on the physical switches Check the NIC teaming and load balancing policy on the vSwitch Check the VLAN, IP details Check speed/duplex of ports Check Port Security isn’t enabled on physical switch Check hardware and network adapter are supported Check link is up!

Objective 6.3 - Perform Basic Troubleshooting of Virtual Machine Operational Issues

Performance issues for VMs: Excessive reservations cause slow host performance – reservations are generated by

vMotion, powering on VM’s, taking snapshots etc.o Reducing snapshots helps thiso Creating smaller LUNs helps thiso Check configuration maximums for number of VM’s per LUN to optimize

Path thrashing causes slow performance on active/passive arrays. o Caused by 2 hosts attempting to access same LUN through different storage

processors.o Using Path Selection Policy ‘Most Recently Used’ will reduce this.o Configuring active/active array does not cause path thrashing

Verify vmware tools is installed Verify speed and duplex settings on physical NICS You can use advanced performance charts to view droppedTX and droppedRx packets.

These numbers should be zero (or close to)

VMware Tools Installation Issues: Easiest way to ensure it installs correctly: do an interactive installation. VM>Guest>Install

VMware Tools Check AV is not blocking the install Check VM’s selected OS at creation is correct

VMWare Tools shows ‘Unmanaged’ or ‘Guest Managed’ as status This means it’s using an OSP (operating system specific package) to manage vmware tools –

and the ESXi host is not managing it.

VM Lost connectivity to host Re-register a VM that is not recognised by the host – this can happen after a HA failover. To

do this, right click > remove from inventory then browse the datastore to the .vmx file and re-register the file with the host.

Can’t boot a VM on a DRS enabled clusterCheck the admissions control policy – if it’s too conservative, might not be able to boot VM/

Machine Boot issues: Check machine boot order in BIOS of a newly built VM – the machine might be booting to

the wrong disk if multiple exist VM Options > Boot Options > The next time the virtual machine boots, force entry into the

BIOS setup screen

UEFI Secure BootOnly allows signed drivers to load on a VM

Virtual Machine Cannot Power On Check VM files in the datastore (.vmdk, .nxram, .vmx) Check vm vmware.log file and host logging Recreate the descriptor files for either vmdk or the base disk

VM Log Files:vmware.log file contains the VM specific logging

Can’t extend or expand a VM’s VMDK Guest OS must be compatible (e.g. Windows uses ‘Disk Manager’ to refresh/extend

the partition once the VMDK is expanded) The VM must not have snapshots (this locks the VMDK)

Objective 6.4 - Identify and Troubleshoot Basic Misconfigurations

Storage: it helps to print out storage maps so you can compare these in case storage breaks and you can no longer see the maps in the GUI

Network Connectivity: Use VMKPing

Tips for the web client: Hide the getting started pages ! Gives you more screen real estate. Hide the right pane – unpin Use browser tabs

Acknowledge Alarm (stops snmp/emailalerts)/Reset to Green (ignores the issue)

Section 7 - Perform Basic Monitoring of vSphere Implementation

Objective 7.1 - Monitor ESXi, vCenter Server, and Virtual Machines

Monitoring vCenter Server Appliance (VAMI) and ESXi Use VIMTOP tool to monitor the VCSA appliance Use ESXTOP to monitor ESXi hosts (for local monitoring via SSH shell)

ESXTOP output explained Use RESXTOP to monitor ESXi (for remote monitoring)

.

Events and Logs

Viewing event in vCenter: vSphere web client > select Cluster (or whichever object you want to view)> Monitor >

Events

vCenter logging levels:

6 choices: None (disable logging), Error, Warning (errors + warnings), Info (DEFAULT logging), Verbose, Trivia (includes all log levels)

Alarm types of trigger: Event aka an occurrence of something happening in vCEnter Condition

Performance MetricsMEMORY:

Watch for ballooning of memory Vmmemctl is used to manage the ballooning mechanism – driver can be uninstalled from

hosts/VM’s

Remember: VM’s ‘believe’ what the OS is telling them with regards to available memory, but the underlying memory could be served from pagefile, or connected disks (thus hindering the performance of the VM).

Memory Compression Compresses pages to 4kb in size and then compresses them to 2kb (doubling the effective

available space). Although there is performance hit, it’s not comparable to the performance hit felt when using swap file or disk-based memory. Set the size of the cache for this in Advanced System Settings (Mem.MemZipMaxPct) – as a percentage of total memory.

Swap File: when a VM powered on it creates a swap file – this always happens. If the VM runs out of memory (without a swap file) it would freeze up.

CPU: CPU-ready values can indicate if a VM is starved of CPU resource –

CPU Ready values: Anything higher than 1 is bad. This means a vCPU is ready to compute (and the guest OS has issued it instructions to compute) but the vCPU has waited more than 1 second for the ‘logical CPU’ i.e. the physical core on a CPU to perform the operation. It would indicate a FAULT.

5% is considered acceptable! Other Causes: CPU Oversubscription and CPU limits being enabled

STORAGE: Employ multi-pathing (round robin) to your LUNS Also enhance availability by using multipathing (Most recently Used MRU) Try to ensure the average time for physical devicetakes to complete a SCSI command is

below 15-20ms. Check the average time a spent in the VMkernel per SCSI command is higher than 2ms to

3ms.

NETWORK: Ways to improve/optimise network performance:

Place VM’s that communicate frequently with each other on the same host, same subnet, same switch.

Configure traffic shaping and load balancing Upgrade NICs on the hosts Install vmware tools and use proper NIC drivers. Ideally vmxnet3 vNIC drivers. Examine packet drops with Esxtop resxtop or advanced performance charts to

examine droppedTX and droppedRx counters.

Scheduled Tasks – you can schedule tasks to do a whole range of actions – Add a host to a cluster Change resource pool memory or CPU only Power off a cluster or host Clone, create, deploy, Import/Export, power on/off, Migrate a VM Snapshot a machine Scan for updates, Remediate patches, check compliance of host profile

How to add Scheduled Task:Monitor> Task and Events > Scheduled Tasks

Creating an Advanced Chart –CPU Ready real-time performance:

1. Chart options > Real Time > Ready with CPU selected

Create advanced chart:2. Monitor>Performance> Chart Options

SMTP for vCenterManage > Settings > General > Edit > Mail

Resource MapsOnly via vSphere desktop client (non-web)- select object > Maps

Restarting vCenter Server service: If you can’t login to vCenter, restart the VMware VirtualCenter Server service.

Restart host agents on your ESXi hosts – these are the services that talk to vCenter and allow hosts to be managed from the vCenter console:

Log onto the DCUI (direct console user interface) of your ESXi Host > troubleshooting > restart management agents

vCenter Server Timeout Setting

Defaults @ 30s Manage > Settings

Virtual Machine Monitoring Perfmon DLL is a Vmware tools component that gives insight into host statistics of a VM’s

guest OS

ESXi Monitoring

Configuring syslog for ESXi 2 ways to do this: Use the esxcli system syslog vcli command via Web Client > select Host > Settings > Advanced System Settings > filter for syslog

SNMP for ESXi Hosts: SNMP agent is embedded into the hostd (esxi host?) ESXi hosts can send traps and get receive GET requests Enable it: use vSphere CLI: vicfg-snmp

Objective 7.2 - Create and Administer vCenter Server Alarms

Manage (or Configure)> Alarm Definitions

Default Utilization Alarms:Alarm Default Host CPU Usage 75% 5min = Warning / 90% =criticalHost Memory Us-age 90% for 5 mins = warning, 95% = criticalVM CPU Usage 75% for 5 min = Warning, 90% =criticalVM Memory Usage 85% for 10 min=warning, 95% = criticalDatastore Usage 75% - warning, 85% critical

Default Connectivity Alarms:

Alarm Default Cannot connect to storage Monitors host connectivity to storageHost connection failure Monitors connections to networks to which hosts are configured

Network connectivity lostMonitors network connectivity of a virtual switch (vSS or VDS) to the hosts which it is configured

Network uplink redundancy lost monitors redundancy configured on a virtual switch

Configuring conditions helps reduce false positives

Default Alarm Actions :

Send a notification emailMigrate VMRun a command

Host: notification email, notification trap, run a cmd | Advanced options: reboot, maint mode, shut down, standby

VM: notification email, notification trap, run a cmd | Advanced options: reboot, maint mode, shut down, standby

Default alarms are bundled with vSphere – for this section, page 318 > create a custom CPU ready utilization alarm.

You can also assign default alarms to specific VM’s, hosts or resources, for example an individual VM can alarm for ‘Vm disconnect’

Objective 7.3 - Install and Configure vRealize Log Insight

Installation Requirements Provided as OVA package Minimum Requirements forvRealize:

o 8gb, 4CPU, 530gb Storage Uses an ILB (Integrated load balancer)

Requirements to use ILB The vRealize Virtual Appliance must be synchronized with an NTP

server The log insight Master and Worker nodes must have the same SSL

certificates (they connect to each other over SSL to upload logs). Must all be on the same network/subnet.

Recommends a cluster deployment (3 node minimum) – with support for up to 12 nodes

vRealize Minimum Requirements

Configure: Once deployed, the appliance should be accessible via https://IP and not http://IP – if the

displayed URL is http the appliance needs its IPv4 settings change to static IP to be provided (and DHCP to be disabled)

Network requirements 514 TCP/UDP (for syslog) 1514 (TCP) and 6514 TCP (for syslog tls)

Query options- Save a query- Rename a query- Load a query- Delete a query- Share the current query- Export the query- Take a snapshot of query

vRealize Windows Agent Functions Monitors selected windows file directories and adding flat log files for collection Collects/forwards events from the windows event log

vSphere Operations Manager: Available for all editions of vSphere (foundations to enterprise +) Deployed as an appliance Managed via Administration Portal (web console) Single vROPS can connect to multiple vCenter instances SSL encrypted

vRops needs a master node online first, then the replica node can be powered on afterwardsDeployment sizes:Extra Small (single node non-HA or two node HA setup) – 2vcpu, 8gb

Small (>3500 VMs) = 4vcpu, 16gbMedium (3500-11000 VMs) = 8vCPU, 32gb RAMLarge: (<11000 VMs) = 16vCPU, 48gbExtra Large (20k-45k VM’s)-24 vCPU , 128gb RAM

DNS, Default Gateway, IPv4 and IPv6 can be configured during installation

User Interface: https://FQDN/UIAdmin interface: https://FQDN/admin

vROPs and Badges Foundation license will only display Health badge only Major Badges are associated with 3 minor badges, and give indication of overall health.

e.g. Major Badge = HEALTH BADGE: Available in evaluation/trial license

Minor badge (mb) =Workload – resource contention for object, based on demand for resource divided by capacity of the object(mb) Anomalies (mb) Faults – e.g. memory checksum errors ,loss of redundancy, HA failover event.

RISK BADGE:-Time Remaining – amount of time remaining before a resource reaches its capacity. Default buffer is 30 days (i.e. every resource should be able to last a minimum of 30 days on its current amount and rate of growth).Capacity remaining – the number of VMs that an ESXi Host, vApp or resource pool can handle before reaching capacity. It’s based on an average VM profile in that object for the last n of weeks.Stress- measures the workloads over longer periods of time than workload – stress helps identify hosts or objects that do not have enough resources allocated or hosts running too many VM’s.

EFFICIENCY BADGE-Reclaimable waste – assesses the excessive provisioning for an object (CPU, memory or disk).-Density – measure of how much you are taking advantageof what vmware has to offer – it aims to optimise your environment and measures your consolidation ratios against the ideal consolidation ratios in an environment similar to you

Upgrading vROPs

Snapshot the appliance Download the OS and vROPS PAK file of the upgrade