Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
VMware Infrastructure 3:
Install and Configure
Instructor Manual
VMware, Inc.
education@vmware.com
ESX Server 3.5 and VirtualCenter 2.5
Part Number EDU-VI3IC-3525-IG-A
Instructor Manual
All rights reserved. This work and the computer programs to which it relates are the
property of, and embody trade secrets and confidential information proprietary to, VMware,
Inc., and may not be reproduced, copied, disclosed, transferred, adapted or modified
without the express written approval of VMware, Inc.
Copyright/Trademark
This manual and its accompanying materials copyright © 2008 VMware, Inc. All rights
reserved. Printed in U.S.A. This document may not, in whole or in part, be copied,
photocopied, reproduced, translated, transmitted, or reduced to any electronic medium or
machine-readable form without prior consent, in writing, from VMware, Inc.
Copyright © 2008 VMware, Inc. All rights reserved. VMware and the VMware boxes logo
are registered trademarks of VMware, Inc. MultipleWorlds, GSX Server, and ESX Server
are trademarks of VMware, Inc. Microsoft, Windows and Windows NT are registered
trademarks of Microsoft Corporation. Linux is a registered trademark of Linus Torvalds. All
other marks and names mentioned herein may be trademarks of their respective owners.
education@vmware.com
CONTENTS
MODULE 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
What is Virtual Infrastructure? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
VMware Infrastructure 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Goals of This Course . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
VCP on VI3 Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Objectives for the Learner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Course Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Course Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Questions? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
MODULE 4 Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Lesson 1: Create Virtual Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
A Networking Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Virtual Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Contents iii
Addressing SAN LUNs in the VMkernel . . . . . . . . . . . . . . . . . . . . . . . . 125
Making SAN Storage Available to ESX Server . . . . . . . . . . . . . . . . . . . 127
Where to Find Information on SAN Troubleshooting . . . . . . . . . . . . . . . 128
Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Lesson 2: iSCSI SAN Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
What is iSCSI? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
How is iSCSI Used with ESX Server? . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Components of an iSCSI SAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Addressing in an iSCSI SAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
How iSCSI Targets are Discovered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
How iSCSI Storage Authenticates the ESX Server . . . . . . . . . . . . . . . . . 138
iSCSI Software and Hardware Initiators . . . . . . . . . . . . . . . . . . . . . . . . . 139
iSCSI Software Initiator Network Configuration . . . . . . . . . . . . . . . . . . 140
Enable iSCSI Traffic Through the Service Console Firewall . . . . . . . . . 141
Configure the iSCSI Software Initiator . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Configure Software Initiator: General Properties (1 of 2) . . . . . . . . . . . . 143
Configure Software Initiator: General Properties (2 of 2) . . . . . . . . . . . . 144
Configure Software Initiator: Dynamic Discovery . . . . . . . . . . . . . . . . . 145
Configure Software Initiator: CHAP Authentication . . . . . . . . . . . . . . . 146
Discover iSCSI LUNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Problem: Cannot Access iSCSI Storage . . . . . . . . . . . . . . . . . . . . . . . . . 148
Lab for Lesson 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Lesson 3: VMFS Datastores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
What is a VMFS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Creating a VMFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
VMFS Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Extend a VMFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Add Extent Candidate to VMFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
VMFS Extent List Updated. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Multipathing with Fibre Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Multipathing with iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Manage Multiple Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Labs for Lesson 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Contents v
Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211
Lesson 2: VirtualCenter Inventory Hierarchy . . . . . . . . . . . . . . . . . . . . . 212
VirtualCenter Inventory: Multiple Datacenters . . . . . . . . . . . . . . . . . . . . 213
VirtualCenter Inventory: Folders and Subfolders . . . . . . . . . . . . . . . . . . 215
Organizing Objects in the Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
VirtualCenter Inventory: Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
View VirtualCenter Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Problem: Cannot Add Host to Inventory (1 of 2) . . . . . . . . . . . . . . . . . . 219
Problem: Cannot Add Host to Inventory (2 of 2) . . . . . . . . . . . . . . . . . . 220
Problem: ESX Server Not Responding . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Lab for Lesson 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Lesson 3: Using VirtualCenter to Manage Hosts and VMs . . . . . . . . . . . 224
Lockdown Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Scheduled Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Plugins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Client Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Module Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Questions? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Contents vii
Example 1: Add Raw LUN Access to VM . . . . . . . . . . . . . . . . . . . . . . . 295
Example 2: Add a Virtual NIC to VM . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Example 3: Resize the Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Virtual Machine Properties Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Options - General Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Options - VMware Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Options - Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Options - Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Advanced - Boot Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Swapfile Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Labs for Lesson 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Lesson 5: Guided Consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Guided Consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Guided Consolidation Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311
Physical System Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Add to Analysis (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Add to Analysis (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Set Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Analyze . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Plan Consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Module Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Questions? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Contents ix
Lesson 2: Migrate VMs with VMotion . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Move VM Between ESX Servers: VMotion Migration . . . . . . . . . . . . . 373
How VMotion Works (1 of 6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
How VMotion Works (2 of 6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
How VMotion Works (3 of 6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
How VMotion Works (4 of 6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
How VMotion Works (5 of 6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
How VMotion Works (6 of 6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Virtual Machine Requirements for VMotion. . . . . . . . . . . . . . . . . . . . . . 380
Host Requirements for VMotion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
CPU Constraints on VMotion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Enable or Disable Nx/xD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Identifying CPU Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Verify VMotion Layout: Use Maps Panel (1 of 2) . . . . . . . . . . . . . . . . . 385
Verify VMotion Layout: Use Maps Panel (2 of 2) . . . . . . . . . . . . . . . . . 386
Verify VMotion Layout: Use Maps Tab . . . . . . . . . . . . . . . . . . . . . . . . . 387
Checking VMotion Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Problem: VMotion Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Lab for Lesson 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Lesson 3: VMware DRS (Distributed Resource Scheduler) . . . . . . . . . . 392
What is a DRS Cluster? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Create a DRS Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
DRS Cluster Settings - Automation Level . . . . . . . . . . . . . . . . . . . . . . . 395
DRS Cluster Settings - Migration Threshold . . . . . . . . . . . . . . . . . . . . . 397
DRS Cluster Settings - Placement Constraints . . . . . . . . . . . . . . . . . . . . 398
DRS Cluster Settings - Automation Level per VM . . . . . . . . . . . . . . . . . 400
DRS Cluster Settings - VM Swapfile Location . . . . . . . . . . . . . . . . . . . . 401
Add Hosts to Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Best Practices for DRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Lab for Lesson 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Lesson 4: Resource Pools in a VMware DRS Cluster . . . . . . . . . . . . . . . 406
Resource Pools in a DRS Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Delegated Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Monitor Cluster Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Adding Host to DRS Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .411
Planned Downtime: Maintenance Mode . . . . . . . . . . . . . . . . . . . . . . . . . 412
Contents xi
Lab for Lesson 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Lesson Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
Module Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Questions? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
Contents xiii
xiv VMware Infrastructure 3: Install and Configure
MODULE 1
Introduction 1
1
Introduction
Virtual Infrastructure 3:
Install and Configure
v3.5
Importance
• This module is intended to set course expectations as well as provide a
general overview for this course.
DAY ONE:
BREAK: 15 minutes
LUNCH: 60 minutes
Module 4, Networking
• Lesson 1 - Create Virtual Switches: 30 minutes
• Lab for Lesson 1 - Create Virtual Switches and Connections: 15 minutes
• BREAK: 15 minutes
• Lesson 2 - Modify Virtual Switch Configuration: 60 minutes
• Lab for Lesson 2 - Networking Scenario: 30 minutes
Introduction
Review of Module 4, Lab for Lesson 2 (Networking Scenario): 20 minutes
Module 5, Storage
• Lesson 1 - Fibre Channel SAN Storage: 25 minutes
• Lesson 2 - iSCSI SAN Storage: 30 minutes
• Lab for Lesson 2 - iSCSI SAN Storage: 30 minute
• BREAK: 15 minutes
• Lesson 3 - VMFS Datastore: 25 minutes
• Labs for Lesson 3 - Create VMFS Datastore: 20 minutes
• Lesson 4 - NAS Storage and NFS Datastores: 30 minutes
• Lab for Lesson 4 - Create NFS Datastore: 20 minutes
LUNCH: 60 minutes
DAY THREE:
Module 1 Introduction 3
• Lesson 2 - Accessing VMs using Web Access: 15 minutes
• Activity for Lesson 2 - Log into Web Access and Perform VM Tasks 10 minutes
DAY FOUR:
1
Introduction
Virtual Infrastructure allows dynamic mapping of compute, storage,
and network resources to business applications
In traditional datacenters, there is a tight relationship among particular
computers, particular disk drives, particular network ports, and the
applications they support. VMware's Virtual Infrastructure allows us to
break those bonds. Virtual Infrastructure allows the dynamic mapping of
compute, storage and network resources to business applications.
A famous aspect of VMware's Virtual Infrastructure is the VMotion feature,
which allows a running virtual machine to be moved from one server to
another with minimal interruption. This is possible because VMware
detaches the operating system and its applications from the hardware they
run on. But Virtual Infrastructure enables many other flexible management
techniques, which we will learn in this course.
Module 1 Introduction 5
VMware Infrastructure 3
NOTE
1
Introduction
• To prepare you to manage your virtual
infrastructure environment, with emphasis on
ESX Server and VirtualCenter
• To prepare you to achieve the status of
VMware Certified Professional (VCP on VI3)
We plan to teach you how to administer ESX Server and virtual machines
using it. We also plan to teach you how to administer VirtualCenter and
take advantage of its capabilities to manage ESX Servers and their virtual
machines.
This course is also required to achieve the status of VMware Certified
Professional on VI3.
Module 1 Introduction 7
VCP on VI3 Certification
NOTE
This course will give you most of the information you need for the exam,
but not everything. Use the VI3 exam blueprint as a reference tool when
1
passing the exam.
Introduction
Module 1 Introduction 9
Objectives for the Learner
1
Introduction
1. Introduction
2. Virtual Infrastructure Overview
3. ESX Server Installation
4. Networking
5. Storage
6. VirtualCenter Installation
7. VM Creation and Management
8. Virtual Infrastructure Access Control
9. Resource Management
10.Resource Monitoring
11.Data and Availability Protection
12.Planning Virtual Infrastructure Deployment
These are the modules presented in the course and are usually presented in
sequence. The daily schedule of topics will be covered by your instructor.
For course timing, see the Guidance for Instructor note on slide 1.
Module 1 Introduction 11
Course Map
1
Introduction
Questions?
Module 1 Introduction 13
14 VMware Infrastructure 3: Install and Configure
MODULE 2
Virtual Infrastructure
Overview 2
2
Virtual Infrastructure Overview
Importance
• Virtualization is a technology that is revolutionizing the computer
industry. It is the foundational technology for VMware Infrastructure.
This module introduces the topic to students who are new to
virtualization.
Instructor, to prepare As desktop and server processing capacity has consistently increased year
yourself to discuss
virtualization, it is
after year, virtualization has proved to be a powerful technology to simplify
recommended to read the software development and testing, to enable server consolidation, and to
white paper, enhance datacenter agility and business continuity. As it turns out, fully
Understanding Full
Virtualization, abstracting the operating system and applications from the hardware and
Paravirtualization, and encapsulating them into portable virtual machines has enabled virtual
Hardware Assist, available infrastructure features simply not possible with hardware alone. For
on the VMware Web site at
http://www.vmware.com/ example, servers can now run in extremely fault tolerant configurations on
files/pdf/ virtual infrastructure 24x7x365 with no downtime needed for backups or
VMware_paravirtualization
hardware maintenance.
.pdf, which provides a very
good discussion on x86
virtualization.
Virtualization is an architecture that allows you to run multiple operating
systems simultaneously on a single computer. Each copy of an operating
system is installed into its own virtual machine.
Virtualization is often confused with simulation and emulation. It is neither
of these things.
Simulation is something that looks like something else. A Flight Simulator
is a well known example in common usage. This is a machine (or a
computer program) that can make it look like you are flying a plane.
Virtualization is not simulation. The actual operating system is installed on
the virtualized hardware.
Emulations requires software to translate commands for the emulated
hardware into commands the real hardware can understand. This translation
process is slow, and usually causes software packages running inside an
emulator to run slowly. Also emulation packages can sometimes fail to
2
corporation developed a special standardized operating system called IOS to run its network
routers, switches, and firewalls. Some software-based training tools for Cisco come with an
Cover this slide briefly. Do A virtual machine is a software platform that, like a physical computer, runs
not get into a discussion of
virtual machine’s files at
an operating system and applications. An operating system that has been
this time. Defer to module virtualized is called a “guest” operating system. One supported guest
6. operating system runs in each virtual machine that is created. Each virtual
machine is completely independent and can have its own applications and
its own security.
From the perspective of the ESX Server, a virtual machine is a discrete set
of files, including a configuration file, virtual disk files, a file for NVRAM
settings, and a log file. Virtual machines are portable. They can be easily
backed up and easily cloned. They are just an encapsulated set of files.
NOTE
2
• Difficult to move or copy • Easy to move and copy
• Bound to a specific set of • Encapsulated into files
• Allows multiple
operating system
instances to run
concurrently within
virtual machines on
a single computer
• A virtualization layer
is installed, which
uses either a hosted
or hypervisor
architecture
2
Virtual Infrastructure Overview
A host-based virtualization system requires
an operating system (such as Windows or
Linux) to be installed on the computer
A hosted architecture, or host operating-system (host-based) virtualization,
installs and runs the virtualization layer as an application on top of an
operating system and supports the broadest range of hardware
configurations.
For example, VMware Server is a free application that can be installed on a
supported Windows or Linux system and provides host-based virtualization.
Once VMware Server is installed, virtual machines can be created and
employed.
Other VMware applications that employ a hosted architecture are VMware
Player, ACE, and Workstation.
NOTE
2
• VMware ESX Server or ESX Server 3i
• VMware Virtual SMP
VMware Infrastructure 3 is VMware’s product family designed for building The VMware Web site lists
the VMware Infrastructure
and managing virtual infrastructures. It is a suite of software that provides 3 products in this way.
virtualization, management, resource optimization, application availability Even though VirtualCenter
and operational capabilities. is not part of the VMware
Infrastructure 3 software
VMware Infrastructure 3 consists of the following products: suite, it is a key
component of the Virtual
Infrastructure.
• VMware ESX Server 3 and ESX Server 3i: Bare metal hypervisors that
partition physical servers in multiple virtual machines. They form the Also note what is NOT
foundation of the VMware Infrastructure 3 suite covered in the course. See
the Note below.
• VMware Virtual SMP: Multi-processor support (up to 4) for virtual
machines
• VMware High Availability (HA): VirtualCenter's high availability feature
for virtual machines
• VMware Distributed Resource Scheduler (DRS): VirtualCenter's feature
for dynamic balancing and allocation of resources for virtual machines
• VMware VMotion: Migration of virtual machines while they are
powered on
• VMware VMFS: Technology unique to VMware, it is the default storage
system for virtual machine files on physical SCSI disks and partitions
• VMware Consolidated Backup (VCB): Centralized backup software for
virtual machines
• VMware Update Manager: Manage tracking and patching of ESX
ServerESX Servers, as well as select Windows and Linux virtual
machines.
NOTE
2
Virtual Infrastructure Overview
VMkernel
x86
Architecture
Under ESX Server, applications running within virtual machines access Additional Information ==>
Does the service console
CPU, memory, disk, and network interfaces without direct access to the still manage cdrom and
underlying hardware. The ESX Server's hypervisor (virtualization layer) is floppy for the VM?
nown as the VMkernel. The VMkernel intercepts these requests and Management of the cdrom
and floppy is done by the
presents them to the physical hardware. VM's user world. In ESX
Server 3, the concept of a
The service console supports administrative functions for the ESX Server. world is broadened. Now
The service console is based on a modified version of Red Hat Enterprise VMware engineers can
create general-purpose
Linux 3 (Update 6). Users of ESX Server who use the command line find
binaries (that aren't
that Red Hat Linux experience, or experience with other versions of Unix- monitors) to run under the
family operating systems, can be very helpful to them. VMkernel. This is how
mouse, keyboard, CD-
The VMkernel always assumes that it is running on top of valid, properly ROM, and floppy are
implemented for ESX
functioning x86 hardware. Hardware failures, such as the failure of any Server 3. It's a win
physical CPU, can cause ESX Server to fail. If you are concerned about the because there's no longer
reliability of your server hardware, the best approach is to cluster either a bottleneck in the service
console.
virtual machines or ESX Servers. High availability strategies are discussed
later on in the course.
ESX 3 is supported on Intel processors, Xeon and above, or AMD Opteron
(32-bit mode) processors. ESX 3 offers support for a number of 64-bit
guest operating systems.
For the complete list of supported systems for ESX Server, consult the ESX
Server 3.x Systems Compatibility Guide, available on the VMware Web site
at http://www.vmware.com/support/pubs/vi_pubs.html.
Again, if a student asks, ESX Server 3i is the next generation, thin hypervisor integrated in server
this course focuses on
installing and configuring
hardware:
ESX Server, not ESX
Server 3i. • Hypervisor: on its own, ESX Server 3i offers basic partitioning of server
resources. Howerver, it also acts as the foundation for virtual
infrastructure software, enabling VMotion, DRS, etc, the keys to the
dynamic, automated datacenter
• Thin architecture: Small footprint (32 mb) for security, reliability and
simplified management
• Server integration: Default feature makes deployment easy and fast
Additional functionality on top of the hypervisor just requires the right
licenses, not any changes to the code itself. No reinstalls and no VMFS
changes to go from running a standalone instance of the hypervisor to a full
VI3 Enterprise deployment.
Management is simplified because no Linux command line skills are
required, no user accounts or passwords need to be created and maintained,
and no OS security hardening, antivirus, or backup effort is required.
Security and reliability is increased because fewer interfaces minimize the
attack profile, a locked-down, BIOS-like interface prevents users from
2
than getting it only through the hardware they buy. This standalone version may have a
smaller compatibility list as compared to ESX Server 3. ESX Server 3i is an easy way to get
started with virtualization for new customers.
This graphic shows the To run your VMware Infrastructure environment, you need at least the
VMware Infrastructure
components without
following items:
VirtualCenter. The next
graphic includes • ESX Server: A virtualization platform used to create the virtual
VirtualCenter. machines as a set of configuration and disk files that together perform
all the functions of a physical machine. The server provides
bootstrapping, management, and other services that manage your virtual
machines.
• VI Client: A graphical user interface used to access either an ESX
Server or VirtualCenter Server.
• Datastore: The storage locations for the virtual machine files specified
when creating virtual machines. Datastores hide the idiosyncrasies of
various storage options (such as VMFS volumes on local SCSI disks of
the server, the Fibre Channel SAN disk arrays, the iSCSI SAN disk
arrays, or Network Attached Storage (NAS arrays) and provide a
uniform model for various storage products required by virtual
machines.
• Host Agent: On each managed host, software that collects,
communicates, and executes the actions received through the VI Client.
It is installed as part of the ESX Server installation.
2
Virtual Infrastructure Overview
In many environments, an additional component, VirtualCenter, is added to The purpose of this and
the previous graphic is to
manage the infrastructure: set the stage of topics to
come. This graphic shows
• VirtualCenter Management Server (VirtualCenter Server): The working the main components,
core of VirtualCenter. VirtualCenter Server is a single Windows Service which we discuss in the
and is installed to run automatically. As a Windows Service, the course.
2
• Create a
VMware Infrastructure is most commonly used in the datacenter. datacenter Now that the students
know what the VMware
administrators use VMware Infrastructure for: Infrastructure is, let’s give
them three examples of
• Solving the problems of server proliferation (lack of space, power and how it is used. The first
cooling in server rooms) by replacing single application servers with and foremost example is
virtual machines consolidated onto a much smaller number of physical using VMware
Infrastructure to virtualize
hosts, a datacenter. The VMware
Infrastructure software
• Making better use of server hardware by deploying new servers in
components are
virtual machines to avoid adding more underutilized servers to the highlighted with an orange
datacenter box.
The second example is to VMware Infrastructure is the foundation for the VMware Virtual Desktop
use VMware Infrastructure
to host individual desktops
infrastructure (VDI).
using VDI.
With VDI, companies can host individual desktops inside virtual machines
that are running in their datacenter. Users access these desktops remotely
from a PC or a thin client using a remote display protocol. Since
applications are managed centrally at the corporate datacenter, organizations
gain better control over their desktops. Installations, upgrades, patches and
backups can be done with more confidence without user intervention.
2
Virtual Infrastructure Overview
VMware Infrastructure can be used with VMware Lab Manager to support The third example is to use
VMware Infrastructure to
the software lifecycle process. support the software
lifecycle process using
VMware Lab Manager provides the ability to: VMware Lab Manager.
Making full use of VMware technical support resources will save you time
and money. The first place to come is VMware's extensive web-based
resources. The web site contains troubleshooting tips that are not in the
printed manuals; it also contains a constantly updated Knowledge Base.
The VMware Technology Network (VMTN) provides tools and knowledge
to help VMware users maximize their investment in VMware products and
to help them understand what is happening in virtual infrastructure. VMTN
provides information about virtualization technology through technical
papers, documentation, a knowledge base, discussion forums, user groups
and technical newsletters. It also provides virtual appliances, a collection of
free, pre-built, pre-configured and ready-to-run software applications, all
packaged within virtual machines and available for download to any user.
2
that allows you to transform hardware into software
Questions?
3
ESX Server Installation
Importance
• ESX Server is the platform on which virtual machines run. It provides
the virtual machine with all its CPU, memory, disk and network
resources..
Module Lessons
• ESX Server Installation
• ESX Server Troubleshooting Guidelines
Lesson Topics
• ESX Server disk partitions
• ESX Server install procedure
• VMware Infrastructure (VI) Client
• Single host licensing
3
ESX Server Installation
There are some key things to consider when planning an ESX Server
installation:
• Physical connectivity from the ESX Server to the virtual machine
network
• Physical connectivity from the ESX Server to the management network
• Installing the software components on either local disk or storage
network-based disk (such as Fibre Channel or iSCSI)
Boot from storage network-based disks are supported. This method can
provide a solution in cases where it would provide an easy means of
replication for the boot disk using storage network-based utilities and if
there is no local disk, such as in a blade server environment. Supported
hardware technologies for boot disks include local SCSI, IDE/ATA drive or
storage networks.
3
ESX Server Installation
• Wrong • Right
x86-based disks can have a maximum of four primary partitions. x86-based With Red Hat Linux, IDE
disks can have up to 63
operating systems use this partitioning scheme. In order to break the four- partitions and SCSI disks
partition limitation, an extended partition can be created. Within the can have up to 15.
extended partition, logical partitions further subdivide the space. It is
recommended that you create an extended partition. Creating the extended
partition is done for you by the ESX installer.
What if I deliberately make a disk with four partitions that exhaust all the
space on the disk surface - is that a wrong thing to do? No, but usually we
want the flexibility to make any number of partitions, not just four. Making
the fourth partition an extended partition gives us that flexibility with no
cost in performance.
Unlike the Windows operating system, which uses drive letters to define
top-level "root" partitions (such as C:\, D:\ and E:\, all peers of each other),
every Linux file system is mounted on a separate directory under root (/).
This directory is called a "mount point". Linux file systems are mounted
during the boot process to create a single file system hierarchy.
3
• UNIX and Linux do not have drive letters. So, how do you know what disk you are on?
UNIX/Linux uses the concept of mount points. These mount points are used to assemble
Approximate
Mount point Which disk? Type Use
size
/boot Main boot 100 MB ext3 boot
/ Main boot 5 GB ext3 Service root
(none) Main boot 544 MB swap console swap
/var/log Main boot 2 GB ext3 Log files
(available under Any local or VM’s Files,
Varies VMFS-3
/vmfs/volumes) remote ISO images
VMkernel
Any local or
(none) 100 MB vmkcore core dump
remote
Note that VMFS and The following partitions are required for the installation of an ESX Server:
vmkcore partitions can
/boot, swap, /, VMFS-3 and vmkcore. The partition, /var/log, is
only live on SCSI disks,
not IDE/ATA disks, which optional. VMware recommends a separate partition for log files to prevent
service console partitions filling up the root (/) file system with large log files. The minimum size is
can reside.
500 MB, but VMware recommends 2000 MB for the log partition.
None of these file systems will be filled completely during installation. We
want to each to have free space so that the service console functions
properly over its lifespan.
The VMFS-3 partition holds a VMware File System (VMFS). A VMFS is a
file system that is optimized for storing virtual machines. The VMkernel
core dump partition is only used in the event of a serious error inside ESX
Server. If ESX Server crashes, it records a post-mortem in this partition so
that VMware Support can diagnose the problem.
ISO images provide software to virtual machines once they are mapped to
the virtual machine’s virtual CD drive. There are three locations for storing
ISO Images: VMFS datastore, NFS datastore and the /vmimages directory
on the service console. Storing ISO images on a VMFS or NFS datastore
allows you to share the ISO images across multiple ESX Servers, as long as
the datastore is visible to the ESX Server. Storing ISO images in the service
console's /vmimages directory makes images available to that ESX Server
only. Furthermore, by default, the /vmimages directory is part of the service
console's root file system. If you make /vmimages its own partition, then
that is a better alternative. In general, we recommend using a VMFS or NFS
datastore to store your ISO images.
3
ESX Server Installation
The ESX installer runs in one of two modes, graphical or text. If no key is
pressed within 1 minute, the installation will proceed in graphical mode.
Graphical mode is the typical mode to choose, however, installing in text
mode can be useful if you are accessing the ESX Server console using a
remote management network adapter and the network between the remote
console and the ESX Server is slow.
• CD media test
• Choose Install,
not Upgrade
• Use mouse or
3
TAB to move
past welcome
The installer will examine all LUNs it can see, not only on the local
controller, but out on the storage network as well. If a LUN is not
partitioned, a pop-up box for each LUN will prompt you to initialize this
LUN (because its partition table was unreadable.)
If the warning message appears during the installation, select Yes only to
those disks that you wish to reinstall with new file systems and new
software.
Choose
3
volume
The Partition Disks screen allows you to partition your disk. The slide
represents the partition scheme used when choosing the Recommended
option. In this example, the partitions will be created on the local hard drive
because that is what was chosen in the Partitioning Options screen. Remote
disk drives are also shown in the list of hard drives, for example, /dev/sda
refers to a storage network-based LUN
3
ESX Server Installation
If you must edit
the default
bootloader
configuration, a
warning message
appears
The Advanced Options screen presents choices for specifying the ESX In version 3.0.2, the
LBA32 option has been
Server bootloader options. Ideally, the bootloader should be placed where removed from this screen.
the service console partitions reside. It is imperative that this drive match
the first boot device as defined in the host machine's BIOS, otherwise the
ESX Server will not boot. Additionally, for legacy systems that store the
BIOS in the MBR, use the "From a partition" selection.
• Set local
time zone
3
ESX Server Installation
• Set the root
password
ESX Server provides three ways to input time zone information based on
the selected tab:
• Map - Shows a graphical representation of the world in which one can
select the most appropriate location for the desired time zone
• Location - Displays a text listing of various time zones located
throughout the world
• UTC Offset - Time values based on the offset hour from Greenwich
Mean Time (GMT).
There is also the option to automatically compensate for daylight saving
time, if appropriate.
ESX Server requires a minimum of six characters for the root password. As
always, this password should follow your corporate standards' password
conventions. It is considered best practice to implemment a password
strategy that introduces complexity which might include, mixed case, non-
standard characters, and numeric values.
Emphasize that it is a good Before the installer begins the software installation, the installer displays a
idea to make sure that the
volume where the Master
screen which summarizes all the selections. If changes need to be made, you
Boot Record is located can always go back. It is always a good idea to scroll through the
matches the volume where summarized information and confirm the values before installing.
the partitions will be
created.
3
Open web
After the installation is complete, reboot the system by clicking Finish. This
screen also states how to connect to the ESX Server once it is installed
using any valid browser. You connect to the ESX Server using a URL
constructed with either its IP address or host name.
After rebooting, the status screen appears on the console. To log in, press
Alt-F1. To return to the status screen, press Alt-F11.
Point to ESX
Server to get
3
to this screen
Once connected to the ESX Server, this screen provides the ability to
download the VMware Infrastructure Client, or the VI Client for short. The
VI Client is the primary interface for managing all aspects of the Virtual
Infrastructure environment. For example, it allows configuration of the
ESX Servers and management of its virtual machines. Also from this
screen, it is possible to start Web Access, which can be used to manage the
virtual machines created after the ESX Server environment has been
established.
The VI Client provides direct access to an ESX Server for configuration and
virtual machine management.access.
The VI Client is also used to access VirtualCenter to provide management,
configuration, and monitoring of all ESX Servers and their virtual machines
within the Virtual Infrastructure environment. However, when using the VI
Client to connect directly to the ESX Server, no management of
VirtualCenter features is possible. For example, you cannot configure and
administer VMware DRS or VMware HA.
3
ESX Server Installation
The VI Client allows you to configure the ESX Server, such as its hardware
and software. In the example above, the VI Client is used to log directly
into the ESX Server. The ESX Server is highlighted and its Configuration
tab has been selected.
• License
sources:
• Evaluation
Mode
• Serial
Number
• Centralized
License
Server
• Single host
license file
3
ESX Server Installation
In general, licensing the ESX Server is required because it enables the
ability for virtual machines to be powered on.
With single host licensing, a host license file (.lic), a license file must be Single host licenses are
installed locally into a file
installed on the ESX Server. This is done from the ESX Server's named /etc/vmware/
Configuration tab in the VI Client. vmware.lic.
• Synchronize
ESX Server
time
• For accurate
performance
graphs
• For accurate
timestamps
in log
messages
• So VMs
have a
source to
synchronize
with
The Network Time Protocol (NTP) is an Internet-standard protocol used to
synchronize computer clock times in a network. It is important that the ESX
Server run with the correct time so that performance data can be displayed
and interpreted properly, so that accurate timestamps appear on log
messages, and so that virtual machines may synchronize their time with the
ESX Server.
The ESX Server can be set up as an NTP client, which synchronizes its time
with specific NTP servers.
Select your ESX Server, click its Configuration tab, then select Time
Configuration in the Software section. From this screen, you can enable
the NTP client software and specify NTP servers to synchronize with. The
NTP protocol port is also opened in the service console firewall. You can
also specify one or more NTP servers that the ESX Server (in other words,
the NTP Client) can synchronize time with.
For more information on configuring NTP, refer to the following links:
• http://www.ntp.org
• http://www.eecis.udel.edu/~mills/ntp/html/accopt.html.
• Create an ESX
Server user login
• For remotely
3
accessing the
command line using
Under certain circumstances, it might be necessary to log directly into the Accessing the ESX Server
from the command line is
ESX Server in order to get to the command line, for example: covered in more detail in
the VI3: Deploy, Secure
• To view system information that cannot be viewed by the VI Client and Analyze course
• To troubleshoot a problem which cannot be resolved using information
in the VI Client
One way to log into the ESX Server (service console) is to use the physical
machine console. Alternatively, you could log into the ESX Server using a
secure shell client, such as PuTTY or SecureCRT. By default, the service
console does not allow the root user account to log in using an SSH client.
However, it does permit normal user account login access using secure
shell. If secure shell is the preferred way of connecting, it is recommended
to create a normal user account on the ESX Server to open a secure shell
and log in.
Therefore, if you need to log into the service console to troubleshoot as user
root, you need to:
• Log in as a normal user
• Use the Linux su - command (switch user command) to change to user
root.
Physical NIC
selected during
installation is
identified as
vmnic0 after
installation
3
ESX Server Installation
Unless you are installing the ESX Server to boot from a Fibre Channel
storage network, a best practice is to unplug all Fibre Channel-attached
SAN storage from the server. The installer lets you erase any accessible
disks, including Fibre Channel SAN LUNs in use by other servers.
Be careful not to intialize any LUN that might contain production data. If Can we always say that
any drive named “sd#”
the ESX Server is connected to the Fibre Channel SAN, make sure that the (e.g. sda, sdb, sdc, etc...)
Fibre Channel SAN is properly zoned and masked. The warning dialog box is always SAN-based? No.
allows you to make sure that you are initializing the correct drives. If a normal, local SCSI disk
(not a RAID controller)
were used in the chassis it
would also show up as
sd#. This is a case where
one would simply have to
be familiar with their
hardware, just like he/she
would have to be when
selecting a NIC for the
service console.
If you are using a VDC Kit, when the students open an iLO session to their ESX Server, it is
highly probable that their system will be booted from the ESX 3 install CD and the first
screen they will see is the CD Media Test screen. Explain to students that when you boot
from the ESX 3 install CD and no key is pressed within one minute at the initial ESX install
screen, the ESX installer will automatically enter graphical mode and will end up at the CD
Media Test, waiting for you to press a key to continue.
During the class preparation of the ESX3 upgrade / ESX3 install, the instructor should warn
the students about this issue and stress that each student should review the Installation
Configuration Summary page* before proceeding to run the installation.
Encourage the students to reset the server using iLO power control features. This way, they
can actually pay attention to the RAM/CPU configuration. In addition, the instructor should
guide the students to entering the BIOS (even demonstrate on the extra server or a student
server) and walking through how to verify/modify the hardware clock is set to UTC for our
labs. This will save everyone a LOT of headache in the performance lab.
3
• The VI Client is the graphical user interface used to
Lesson Topics
• ESX Server troubleshooting philosophy
• What to do if ESX Server crashes
3
• Inadequate planning
• Aggressively validate hardware
When you collect The information in the PSOD is displayed on the video monitor connected
diagnostics data using the
VI Client or the vm-support
to the ESX Server. This information is also written to the VMkernel core
program, the VMkernel dump partition in binary (non-human-readable) format. When the ESX
core dump is collected as Server is rebooted, the core dump is written to a core file, which can then be
well.
sent to VMware support for further troubleshooting.
The most common cause of a VMkernel panic is a hardware problem,
whether general or specific. Using unsupported hardware can also cause the
VMkernel to panic. The information in the PSOD can help VMware
Support pinpoint the cause of the panic.
NOTE
NMI stands for Non-Maskable Interrupt and ECC stands for Error
Correcting Code.
3
temperature
• Check for detached external devices
• VMware technical
support might
request several
files to help
resolve your
product issues
• Use the VI Client
to collect
diagnostics data
The VI Client has an option for exporting all or part of your log file data.
To export diagnostic data from the VI Client, select File -> Export ->
Export Diagnostic Data. Browse to a folder in which to save the file
containing the diagnostic data.
The diagnostic data is stored into a folder named VMware-VirtualCenter-
support-date@time. The contents of the folder contain:
• A folder named viclient-support, which holds all the VI Client’s log files
• A file named esx-support-date@time.tgz, which is a compressed,
archive file contain ESX Server diagnostics information.
3
for further diagnosis
3
Questions?
Networking 4
4
Networking
Importance
• The networking features of ESX Server allow virtual machines to
communicate with other virtual machines within the same box and with
the outside world, allow the service console to communicate, and allow
the VMkernel to take advantage of IP-based storage and VMotion.
Module Lessons
• Create Virtual Switches
• Modify Virtual Switch Configurations
Lesson Topics
• Structure of ESX Server networking
• Virtual switches
• Virtual switch connection types
• Physical connections
4
Networking
This is a depiction of part of the networking of an ESX Server system,
showing virtual machines and their virtual NICs, the physical NICs of the
ESX Server machine, and the external physical network switches and
LANs. It is the job of the ESX Server administrator to connect these
components together. To do that, we will use a special software construct
called virtual switches.
4
Networking
In this module, even The number of ports associated with any virtual switch is configurable by
though we have really
good slides, it helps to
the administrator. The default number of ports associated with the virtual
draw, draw, draw! And switch created during the ESX installation is 24. The default number of
encourage your students ports associated with new virtual switches is 56. There is a maximum of
to do the same. Reinforce
the fact that virtual 1016 ports per virtual switch.
networks are just like
physical networks in The MAC address of a physical NIC is not used at all. Instead, each VM's
topology. So the drawing is virtual NIC has its own MAC address.
the same as for physical
networks. On the Why wouldn't you configure your virtual switches to have the maximum number of ports?
whiteboard build a network • Overhead - the more ports you have, the more memory is used.
for them both inside and
outside of the ESX Server. • Application tidiness - this is what we think is good performance for VMs per switch
4
only switch
Networking
Here we use a virtual machine with multiple network adapters as a firewall.
The protected virtual machine is inaccessible except through the virtual
machine firewall.
In addition to creating your own firewall, note that there are existing
firewall and security VM appliances that are downloadable from VMTN at
http://www.vmware.com/vmtn/appliances.
•Automatic,
configurable network
load distribution
•Redundant network
connectivity with
automatic failover
•Configurable
active/standby NICs
and failover policies
This configuration will only A high performance application can benefit from NIC teaming, which
give more bandwidth if the
out-ip load balancing
provides more bandwidth, automatic network load balancing and network
policy is chosen. failover.
In the default configuration, this virtual machine will have its outbound
traffic mapped to only one of the NICs in the team, based on its virtual
switch port ID. You can change the configuration so that traffic is spread
across all the NICs in the team based on each IP datagram's source and
destination IP address. However, your physical switch must be prepared to
see traffic from the same MAC address on different physical ports.
4
Networking
Before using a virtual switch, one or more connections must be defined. The Some students might
interpret the slide to mean
graphic above shows a single virtual switch with all three connection types that you should create just
defined. When designing your networking environment, you might choose one virtual switch and
this arrangement, or opt for multiple virtual switches with different place the service console,
VMkernel ports, and VM
combinations of connection type. The choice will depend partially on the port groups on to it. This is
layout of your physical networks. A key point to remember is that physical entirely valid because you
NICs are assigned at the virtual switch level, so all ports and port groups can separate the traffic by
creating at least 3
defined for a particular switch will share the same hardware (although separate VLANs, one for
which NICs are active can be configured differently for each port group). the service console, one or
more for the VMkernel
ports, and one or more for
the VM port groups.
However, if you want
potentially better
performance and better
security, place the ports/
port groups onto different
virtual switches. This could
be useful in certain cases,
for example, isolating
iSCSI traffic to its own
physical network.
4
Networking
A VMkernel port allows the use of iSCSI and NAS-based storage by the Regarding the network
labeled "Storage/VMotion
VMkernel, and is required for VMotion. When creating a VMkernel port, LAN": It is technically
you will define possible to have both
network-based storage
• A network label traffic and VMotion traffic
on the same LAN.
• An optional VLAN ID However, the best practice
is separate the network-
• Whether or not to enable the port for VMotion
based storage traffic from
• IP settings the VMotion traffic for both
security and performance
Multiple VMkernel connections can be configured only if they are reasons.
configured on different networks. In addition, only a single VMkernel
gateway IP address can be defined.
Again, note that separate IP stacks are configured for the service console
and the VMkernel. Each needs to be configured with an IP address, netmask
and gateway.
4
Networking
To create a network connection, use the VI Client. Select your ESX Server If you have time,
demonstrate how to get to
in the inventory, then click its Configuration tab. Select the Networking the Add Network wizard
link, then click the Add Networking... link. This displays the Add screen.
Networking Wizard, which steps you through adding a network connection.
4
Use the esxcfg-nics command from the service console command line
Networking
The ESX Server administrator should be familiar with what networks the
ESX Server’s physical NICs are connected to, as well as be able to identify
them using the correct vmnic#. Associating the correct vmnic with the
correct virtual switch will ensure proper network connectivity.
One way to display the mapping between a physical NIC and a vmnic# is to
use the VI Client. Select your ESX Server, then click its Configuration tab.
Click the Networking link in the Hardware section. Next to a virtual
switch, click the Properties link. In the Properties dialog box, click the
Network Adapters tab. In this display, you will see the vmnic#’s associated
with this virtual switch as well as the physical PCI address associated with
it.
If you have a physical NIC that is not yet assigned to a virtual switch, the
VI Client cannot be used to show you the mapping between physical PCI
address and vmnic#. To view this information, you must go to service
console command line and run the command esxcfg-nics -l. This
command provides information about physical NICs recognized by the
VMkernel. It lists information such as the vmnic# and its associated PCI
address.
4
• Virtual machine port group
Networking
• Multiple connections can be defined on a single
virtual switch
Lesson Topics
• Virtual switch properties
• Number of ports
• Network adapters including speed and duplex
• Security, Traffic Shaping and NIC Teaming Policies
• Connection policies
• Label and VLAN ID
• Security, Traffic Shaping and NIC Teaming Policies
• Number of
Ports
4
Networking
The virtual switch Properties’ General tab allows you to change the number
of ports for the entire virtual switch
By default, the number of ports for a new virtual switch is 56. There is an
exception - the default number of ports for the virtual switch created during
the ESX installation process is 24. The maximum number of ports is 1016.
The number of ports is configurable. Virtual switch ports are used for
virtual machine connections as well as uplinks (physical NICs). Some ports
are also used for internal purposes by the VMkernel.
To get to this display, use the VI Client. Select your ESX Server in the
inventory, then click its Configuration tab. Click the Networking link,
then click the Properties... link next to the virtual switch.
• For each
physical
adapter, speed
and duplex can
be changed
(default is
autonegotiate)
• Might need to
set with certain
NIC/switch
combinations
To change the speed and duplex of a network adapter in any of your virtual
switches, use the VI Client. Select your ESX Server from the inventory,
then click its Configuration tab. Then, click the Networking link. Click
on the Properties... link of the virtual switch that you would like to modify.
Select the Network Adapters tab in the Properties window. Click the Edit
button to change the speed and duplex.
If you are using Gigabit Ethernet adapter, leave it at autonegotiate because it
is part of the gigabit standard. If you are using a 10/100 adapter, you might
need to manually set speed and duplex settings. These days, Gigabit
Ethernet adapters are common, therefore, it is less frequent that we have to
modify this setting.
Additional Information ==>
When we attach a NIC to a virtual switch in the VI Client, the virtual switch properties
displays a range of IP addresses. Where does the ESX sever get these from?
• The VMkernel learns the IP addresses by snooping the traffic on the network. As various
computers send broadcast packets with their own IP address as the sender, the
VMkernel remembers them and presents them in this user interface. This is not a
security issue. The VMkernel does not need to snoop on all packets, and of course it's
connected externally to a physical switch--probably not a hub! So the only packets that
come in from the outside world are broadcast packets plus unicast packets that are
addressed to some particular VM. The purpose of this behavior is to help administrators
get things connected to the right networks. Just as with physical LANs, you have to plug
the Ethernet cables in correctly! Sure, the cables are virtual in this case, but it's still
important.
4
• At the port or port group level
•Effective policies: Policies defined at this level override
Networking
the default policies set at the virtual switch level
There are three network policies: Security, traffic shaping and NIC teaming. More than one policy can
be assigned to a port
These policies are defined for the entire virtual switch and they can also be group. Examples of this
defined for the service console port, the VMkernel port or a VM port group. are provided in the VI3:
When a policy is defined for an individual port or port group, the policy at Deploy, Secure and
Analyze course.
this level overrides the default policies defined for the virtual switch.
• Virtual switch
tagging
• Packets from a VM
are tagged as they
exit the virtual
switch
• Packets are cleared
(untagged) as they
4
return to the VM
• Little impact on
Networking
performance
ESX Server provides VLAN support through virtual switch tagging, which
is provided by giving a port group a VLAN ID (by default, a VLAN ID is
optional.) The VMkernel then takes care of all tagging and untagging as the
packets pass through the virtual switch.
To define a VLAN ID for a port group, use the VI Client. Select your ESX
Server from the inventory, then click its Configuration tab. Click the
Networking link, then click the Properties... link next to the virtual switch.
Select the port group listed in the Ports tab, then click the Edit button.
Enter a VLAN ID in the field provided.
A switch port on the physical ESX Server must be defined as a static trunk
port. A trunk port is a port on a physical Ethernet switch configured to send
and receive packets tagged with a VLAN ID. No VLAN configuration is
required in the virtual machine. In fact, the virtual machine does not know it
is connected to a VLAN.
For more information on how ESX Server has implemented VLANs,
consult the white paper, VMware ESX Server 3 802.1Q VLAN Solutions,
available on the VMware Web site at http://www.vmware.com/pdf/
esx3_vlan_wp.pdf.
These options are Network policies are defined at either the virtual switch level or at the port
discussed in detail in the
VI3: Deploy, Secure and
group level. In the example above, the network security policy is being
Analyze course, so do not defined for the port group named Production.
spend too much time on
this slide. The network security policy contains the following exceptions:
• Promiscuous Mode: When set to "Reject", placing a guest adapter in
promiscuous mode has no effect on which frames are received by the
adapter (default is "Reject")
• MAC Address Changes: When set to "Reject", if the guest attempts to
change the MAC address assigned to the virtual NIC, it stops receiving
frames (default is "Accept")
• Forged Transmits: When set to "Reject", drop any frames which the
guest sends where the source address field contains a MAC address
other than the assigned virtual NIC MAC address (default is "Accept")
To accept or reject the security policy exceptions, use the VI Client. Select
your ESX Server from the inventory, then click its Configuration tab.
Click the Networking link, then click the Properties... link next to the
virtual switch. Select the port group listed in the Ports tab, then click the
Edit button. Click the Security tab and make the desired changes.
In general, these policies give you the option of disallowing certain
behavior that could compromise security. For example, A hacker might use
a promiscuous mode device to capture network traffic for unscrupulous
activities. Or someone could impersonate a node and gain unauthorized
access by spoofing its MAC address.
4
ESX 2.x. The ESX 3
A potential scenario for wanting to set these policies would be for a host security options here are
which has "public exposure", such as a web server. One might be our response to that audit.
Networking
concerned with the potential of its being compromised and subsequently
used as a "launching point" for attacks either on other hosts owned/operated
by the owner or possibly against other hosts owned by others. By changing
the originator information they could either intend to spoof another system
into allowing unauthorized access and/or they might wish to not easily bring
attention to their intrusion.
In general, most people will not change these security options, and leave them at their
defaults. The important thing to note about these options, though, is that these options do
not exist in the physical world. You cannot control these behaviors on physical machines on
the network. For example, if someone has root access to your physical machine, like
everyone usually does to their desktop, you cannot stop someone from doing any of these
things. And, none of the physical NICs used today allow you to disable these behaviors.
But with virtual switches, you can stop the person with administrative control to the machine
from performing these types of insecure behavior.The security policy gives administrators a
level of control beyond what is usually possible in most physical environments.
• Disabled by
default
• Shaping
parameters apply
to each virtual
NIC in the virtual
switch
4
Networking
ESX Server shapes traffic by establishing parameters for three outbound These options are
discussed in detail in the
traffic characteristics: average bandwidth, burst size, and peak bandwidth. VI3: Deploy, Secure and
You can set values for these characteristics through the VI Client, Analyze course, so do not
establishing a traffic shaping policy for each uplink adapter. spend too much time on
this slide
• Average Bandwidth establishes the number of bits per second to allow
Although traffic shaping is
across the vSwitch averaged over time--the allowed average load. no longer DEFINED per-
VM, emphasize to the
• Peak Bandwidth is the maximum bandwidth the vSwitch can absorb
student that traffic shaping
without dropping packets. If traffic exceeds the peak bandwidth you is still APPLIED on a per-
establish, excess packets are queued for later transmission after traffic VM basis. For example, if I
set the average bandwidth
on the connection has returned to the average and there are enough spare at 32000 Kbps, then any
cycles to handle the queued packets. If the queue is full, the packets are VM connected to the port
dropped. Even if you have spare bandwidth because the connection has group can use an average
bandwidth of 32000 Kbps.
been idle, the peak bandwidth parameter limits transmission to no more
than peak until traffic returns to the allowed average load.
• Burst Size establishes the maximum number of bytes to allow in a burst.
If a burst exceeds the burst size parameter, excess packets are queued
for later transmission. If the queue is full, the packets are dropped.
When you specify values for these two characteristics, you indicate
what you expect the vSwitch to handle during normal operation.
Average bandwidth and peak bandwidth are specified in Kbps (kilobits per
second), and the burst size is specified in KB (kilobytes).
Network traffic shaping is off by default.
4
• Failover Order
Networking
NIC teaming policies, which include load balancing and failover settings,
allow you to determine how network traffic is distributed between adapters
and how to re-route traffic in the event of an adapter failure. Default NIC
teaming policies are set for the entire virtual switch. These default settings
can be overidden at the port group level.
To modify NIC teaming policies of a port group, click your ESX Server's
Configuration tab, then click the Networking link. Click the Properties...
link next to the virtual switch on which the port group is located. Select the
port group in the list of ports, then click the Edit... In the port group
properties window, click the NIC Teaming tab.
In the example above, the network NIC teaming policy is not defined at the
virtual switch. Rather, it is being defined for the port group named
Production.
4
• Press Enter
• Purple line represents traffic from VM2, using the first NIC
Networking
• Press Enter
• Black line represents traffic from VM3, using the second NIC
How does the VMkernel balance the load? I.e. how does it determine what NIC to use to
route the VM's packets?
• Depending on the policy you choose, a "load balancing value" (for lack of a better term) is
calculated. The load balancing value differs based on algorithm. For example, with the
Source MAC based algorithm, the load balancing value is the least significant bit (LSB) of
the source MAC address in the frame. With the vswitch port-based algorithm, the load
balancing value is the source of the port ID.
• The VMkernel performs the calculation, which is "load balancing value" MOD "number of
NICs that are up" = The NIC to use
• For example, let's say you have 4 active NICs (NIC 0, NIC 1, NIC 2 and NIC 3). And let's
say that you are using the vswitch port-based algorithm (or any policy for that matter).
The VMkernel runs through the calculation to determine what NIC to use. So if the load
balancing value is 1, then 1 MOD 4 (number of NICs UP) = 1, which means NIC 1 is
used. 2 MOD 4 = 2, so NIC 2 is used. 3 MOD 4 = 3, so NIC 3 is used, and so on.
The example above shows routing based on source MAC hash. In this load
balancing method, each virtual machine's outbound traffic is mapped to a
specific physical NIC based on the virtual NIC's MAC address. This
method has low overhead, is compatible with all switches, but might not
spread traffic out evenly across the physical NICs.
When the load is distributed in the NIC team using the MAC-based method,
no single-NIC VM will ever get more bandwidth than can be provided by a
single physical adapter.
This slide builds:
• 1st screen: This slide illustrates how the VMkernel uses the source MAC-based method
to balance network traffic across NICs.
• Press Enter
• Blue line drawn to first NIC
• Press Enter
• Purple line drawn to first NIC. Collisions occur.
• Press Enter
• Green line drawn to second NIC
• Press Enter
• Red line drawn to second NIC. The third NIC never gets used.
4
Networking
The example above shows routing based on IP hash. In this load balancing
method, a NIC for each outbound packet is chosen based on its source and
destination IP address. This method has higher CPU overhead, is not
compatible with all switches (requires 802.3ad link aggregation support,
also known as EtherChannel), but has a better distribution of traffic across
physical NICs.
When the load is distributed in the NIC team using the IP-based method, a
single-NIC VM might use the bandwidth of multiple physical adapters.
What if the packet is not an IP packet, but, for example, a Novell packet
instead? The VMkernel looks in the place in the packet where the IP
address would be if it were an IP packet and uses those bits.
When one VM communicates to different clients, it chooses different NICs.
On the return traffic, it can come in on multiple paths since more than two
NICs might be teamed. That is why link aggregation must be supported on
4
• Load Balancing option: Use explicit failover order
• Always use the highest order uplink from the list of Active adapters which
Networking
passes failover detection criteria
• Rolling Failover
• Determines how a physical adapter is returned to active duty after
recovering from a failure
The VMkernel can use link status and/or beaconing to detect a network Cable pulls or the loss of
link status on the other
failure. Monitoring the link status provided by the network adapter will side of the switch might be
detect failures such as cable pulls and physical switch power failures, but forwarded to the ESX
not configuration errors such as a physical switch port being blocked by Server if the physical
switch supports port
spanning tree or misconfigured to the wrong VLAN. It will also not detect groups. This is covered in
cable pulls or any type of link failure on the other side of the physical the DSA course.
switch.
When beaconing is activated, the VMkernel sends out and listens for probe Beaconing introduces a
load of a 62-byte packet
packets on all NICs in the team. This technique can detect failures that every ~10 seconds per
link-status monitoring alone cannot. physical NIC.
• Design networking
• In this lab, you will perform the following task:
•Based on a given scenario, design the network
configuration for an ESX Server system, specifying virtual
switches, ports and port groups, port group policies, and
physical connections
4
Networking
4
Networking
Questions?
Storage 5
5
Storage
Importance
• Storage options give you the flexibility to set up your storage based on
your cost, performance, and manageability requirements
• Shared storage is useful for disaster recovery, high availability and
moving VMs between ESX Servers
Module Lessons
• Fibre Channel San Storage
• iSCSI SAN Storage
• VMFS Datastores
• NAS Storage and NFS Datastores
Lesson Topics
• Fibre Channel SAN components and addressing
• Configuring Fibre Channel SAN storage
Block storage
Fibre
Channel
5
Storage
Fibre Channel is a high-speed transport protocol used for Storage Area
Networks (SANs). Fibre Channel encapsulates SCSI commands, which are
transmitted between Fibre Channel nodes. In general, a Fibre Channel node
is a server, storage system or a tape drive. A Fibre Channel switch
interconnects multiple nodes, forming the "fabric" in a Fibre Channel
network. Transmission speeds in a Fibre Channel SAN can reach up to 4
Gbps..
Fibre Channel is a standard that was first ratified by the American National
Standards Institute (ANSI) in 1988. This standard was adopted by storage
vendors due to high transfer rates, as well as low latency and overhead.
Not covered in this course is N-Port ID Virtualization (NPIV): ESX Server 3.5 introduces
support for NPIV for Fibre Channel SANs. Each virtual machine can now have its own World
Wide Port Name (WWPN). This is covered in the VI3: Deploy, Secure and Analyze course.
All of these points will be Installing and booting the ESX Server on Fibre Channel SAN storage is
covered later on in the
course, so please refrain
supported. To boot from SAN, the BIOS of the Fibre Channel adapter must
from discussing them in be configured with the WWN and LUN number of the boot device and the
detail at this time. system BIOS must designate the Fibre Channel adapter as a boot controller.
VMs’ files are the virtual It is common to use Fibre Channel SAN storage for VMFS datastores.
disks, VM's swap file,
nvram, snapshot files,
VMFS datastores are used to hold virtual machines’ files, ISO images, and
configuration file and log templates.
files.
It is also possible to assign a raw Fibre Channel SAN LUN to a virtual
machine, for example, to hold an application’s data.
VMotion is supported with virtual machines on Fibre Channel SAN storage.
NOTE
5
Storage
ESX Server requires the use of a Fibre Channel switch for connection to
storage; the use of more than one allows for redundancy.
A Fibre Channel SAN consists of the following:
• Storage System: This is the hardware that consists of a set of physical
hard disks, or disk array, and one or more intelligent controllers. The
storage system supports the creation of LUNs. Disk arrays' storage
processors aggregate physical disks into logical volumes, or LUNs, each
with a LUN number identifier.
• LUN: Logical Unit Number, it is the address of a Logical Unit (LU). An
LU is a unit of storage access. An LU can be a JBOD (just a bunch of
disks) or a part of a JBOD, a RAID set, also referred to as a "storage
container", or a part of a storage container. Both a JBOD and a storage
container can be partitioned into multiple LUNs. An LU can also be a
control function like an array gatekeeper LUN or tape controller.
• SP: Storage Processor, it can partition a JBOD or RAID set into one or
more than one Logical Units (LUNs). It can restrict access of a
particular LUN to one or more server connections. Each connection is
referenced by the server HBA's WWN (World-Wide Name), and might
also require defining the operating system in the connection tables to
adjust how the storage array controller presents Fibre Channel and SCSI
commands to a particular server.
Additional Information:
Theoretically, you can have up to 239 switches in the fabric, but vendor certified solutions
are considerably less (typically 5-30)! Different vendors' switches will provide basic
interoperability although vendor specific enhancements often cannot be shared.
Why only 239 switches?
• Internally generated N-Port ID addresses are used to route packets within the FC
network. The 24 bit N-Port ID address is broken into three 8-bit parts known as the
Domain, Area, and Port. The Domain field is the address of the switch. The Area field is
the port number on the switch. The Port field contains the Fibre Channel Arbitrated Loop
(FCAL) address of any loop devices attached to the fabric. Since we do not support
FCAL, the address in the Port field will be 00. Vendors limit the number of switches to
less than 239 due to switch Inter-Switch Links (ISL) traversals (AKA "Hops"),
convergence traffic, latencies introduced, etc.
A "node" (mentioned in the descriptions above) generally is a server, storage or a tape drive.
A switch COULD be a node, but only from a fabric management perspective, as that is
about all their WWN can be used for. Most storage folks do not consider them to be nodes.
The 24 bit N-Port ID address is broken into 3 8-bit parts known as Domain, Area, and Port.
The Domain field is the address of the switch. The Area field is the port number on the
switch. The Port field contains the Fibre Channel Arbitrated Loop (FCAL) address of any
loop devices attached to the fabric. Since we do not support FCAL, the address in the Port
field will be 00.
5
Storage
There are several mechanisms for controlling hosts' access to LUNs. Soft
zoning, which is done on a Fibre Channel switch, controls LUN visibility on
a per-WWN basis. The Fibre Channel switch might also implement hard
zoning, which is the control of storage-processor visibility on a per-switch-
port basis. Fabric zoning controls target presentation, and tells an ESX
Server that a target exists or not. If the host can't get to the target, it can't
see the LUNs
World Wide Names (WWNs) are assigned by the manufacturer of the SAN
equipment. HBAs and SPs have WWNs. WWNs are used by SAN
administrators to identify your equipment for zoning purposes.
In many well-managed SAN environments, both soft and hard zoning are in
use. The purpose of using both is to make accidental access to volumes by
servers very unlikely.
Zoning is especially important in environments where physical Windows
servers are accessing the SAN, because Windows operating systems
typically write a disk signature on any storage volumes they see. These
volumes might in fact be in use by non-Windows systems.
The storage processor or the hosts themselves might also implement LUN
masking, which controls LUN visibility on a per-host basis. ESX Server
offers a mechanism for LUN masking. Although LUN masking can be done
within the ESX Server, LUN masking is normally performed at the storage
processor (SP) level, and, with newer switches, can also be done at a switch/
It's important to stress that WWNs are both WWNNs (world-wide node names) and WWPNs
(world-wide port names). The VI class (and this) don't make the distinction.
t is good to reinforce to students that the storage processor "presents" LUNS to the servers
on the SAN according to the configuration made by the SAN administrator. The SAN
administrator gets the WWN of a particular HBA on the SAN and then uses a configuration
utility to present a particular LUN# to this HBA. The net result is that the server that contains
the HBA is the server that the storage is being presented to. Once the LUN has been
presented to the server by the SAN administrator, it is now up to the server to scan for
storage on the SAN so that it will see only those LUNS that have been presented to it. This
scanning for storage will be seen later in the module.
Additional Information:
How to mask LUNs on an ESX Server:
• In the VI Client, in the Configuration tab of the ESX Server, select Advanced Settings,
then select Disk. Disk.MaskLUNs is the fourth parameter in the list. To set the value, you
may list one or more ranges of LUNs for the VMkernel to ignore on boot. Use the
following syntax: adapter:target:comma_separated_LUN_range_list, for example,
vmhba0:0:0-6;
• If you wish to mask several ranges, separate them with semicolons, for example,
vmhba0:0:0-6;vmhba1:0:0-4,7;
• And, always place a semicolon at the end of the line.
Soft zoning requires cooperation by hosts; a few HBAs are "bad citizens" and do not respect
it. On the other hand, hard zoning is enforced by the Fibre Channel switch.
The debate of hard vs soft zoning is a big deal. Soft zoning is more convenient, in that if
you move to a different port on the fabric, it preserves the zoning info, as it is based on the
FC-HBA WWN. However, if you change FC-HBA's the zoning info is lost, due to the WWN
changing. The biggest danger of soft zoning is that it DOES NOT prevent communications
with known targets, that the host already knows about or can otherwise discovers. Hard
zoning prevents, through hardware enforcement, ports on different zones from
communicating. The example I use for soft zoning is like having an unlisted phone number.
It doesn't stop calls IF somebody already has your number or can find it out by other means.
The S_ID is assigned to HBAs and SPs and is done at the Fibre Channel switch level. It's
mostly important to SAN administrators. The S_ID is the Source ID field in the Fibre
Channel packet. What it contains is the 24-bit N-Port ID that is the Domain/Area/Port
address.
More information on Zoning:
• Zoning can be used to segment the fabric by OS, function, responsible group, etc. It is
similar in concept to VLANs.
• Zoning is used to create barriers between different operating environments.
• It is used to deploy logical Fabric subsets by creating defined user groups
• It is used to create test and/or maintenance areas that are separate within the Fabric
• It allows finer segmentation of Storage Area Networks by creating Logical Subsets of
devices within a Server-Storage Area Network
5
vmhba0:0:11 vmhba0:0:11:3
vmhba1:1:12 vmhba1:1:12:1
Storage
The VMkernel disk partition addressing scheme is as follows: It is a good idea to help
students remember this
• vmhba: Standard label that identifies a physical host bus adapter physical scsi addressing
scheme with the
• Adapter: Adapter ID, assigned to each HBA expression "c-t-l-p" as in,
"The vmkernel addresses
• Target: Represents the SCSI target that the Storage Processor presents the physical storage it
sees as 'Control-Target-
• LUN: Logical Unit Number
Lun-Partition'" Furthermore
• Partition: Partition on the LUN, identified by a number it is good to reinforce that
just because the vmkernel
If you have multiple disk arrays in your SAN fabric, each must be can see a LUN does not
configured with a different target ID, and each will appear to ESX Server as mean there is a VMFS on
it. One must format the
a different target number. If one of your disk arrays has multiple storage LUN with a VMFS if there
processors, each will also have a different target ID. is none. This will be seen
later in the module.
For any given “disk” the same LUN number must be presented to all ESX
Servers accessing it.
5
Storage
All supported PCI devices (SCSI, FC, Ethernet, iSCSI, etc.) are assigned to The VMkernel parameter,
Disk.MaxLUN, is now 255
the VMkernel, and are recognized by the VMkernel when the ESX Server by default.
boots. ESX 3 supports 256 LUNs found in the range of 0-255. However, Disk.SupportSparseLUNs
during installation, the ESX installer can only see the first 128 LUNs. still sets noncontiguous
order by default.
This is a display from the VI Client interface. To get to this display, select
the ESX Server, click its Configuration tab, then select the Storage
Adapters link.
5
Storage
Lesson Topics
• iSCSI components and addressing
• iSCSI hardware and software initiators
• Configuring the iSCSI software initiator
• Configure access to iSCSI storage
Block storage
IP
5
Storage
iSCSI (Small Computer System Interface over IP) provides alternatives to
Fibre Channel SANs:
• Cost: iSCSI is less expensive than Fibre Channel and you can use the
NICs that already exist in your system. And, Ethernet switches cost less
than Fibre Channel switches.
• Infrastructure: Use your existing infrastructure and existing network
knowledge as well; network administrators know about iSCSI routing
and switching since it uses the same methods as regular office Ethernet
traffic.
• Routing: IP routing is mature and well understood.
• Internet: iSCSI is Internet ready. Since iSCSI is based on IP, transfers of
information can more easily take place over WAN architectures in
addition to LAN environments.
Installing and booting the ESX Server from iSCSI storage is supported. To
boot from SAN, the BIOS of the iSCSI adapter must be configured with the
WWN and LUN number of the boot device and the system BIOS must
designate the iSCSI adapter as a boot controller.
VMs’ files are the virtual Use iSCSI storage for VMFS datastores. VMFS datastores are used to hold
disks, VM's swap file,
nvram, snapshot files,
virtual machines’ files, ISO images, and templates.
configuration file and log
files. It is also possible to assign an iSCSI LUN to a virtual machine, for example,
to hold an application’s data.
VMotion is supported with virtual machines on iSCSI storage.
NOTE
Targets
IP Network
Initiators
5
* Software initiator
Storage
An initiator transmits SCSI commands over the IP network. A target
receives SCSI commands from the IP network. You can have multiple
initiators and targets in your iSCSI network. iSCSI is SAN-oriented in that
the initiator finds one or more targets, a target presents LUNs to the
initiator, and the initiator sends it SCSI commands. An initiator resides in
the ESX Server while targets reside in the storage arrays supported by the
ESX Server.
LUN masking is also available in iSCSI and works like it does in Fibre
Channel. Ethernet switches do not implement zoning like Fibre Channel
switches. Instead, you can create zones using VLANs.
iSCSI alias
stor1
IP address
192.168.36.101
iSCSI alias
train1
IP address
192.168.36.88
* Software initiator
The main addressable, discoverable entity in iSCSI is an iSCSI Node. An
iSCSI node can be either an initiator, a target, or both. Both targets and
initiators require names for the purpose of identification, so that iSCSI
storage resources can be managed regardless of location (address). The
rules for constructing an iSCSI name are specified in RFC 3720 (see http://
www.faqs.org/rfcs/rfc3720.html).
The IQN (iSCSI Qualified Name) naming convention is as follows:
• The string "iqn."
• A date code specifying the year and month in which the organization
registered the domain or sub-domain name used as the naming authority
string
• The organizational naming authority string, which consists of a valid,
reversed domain or subdomain name
• Optionally, a ':', followed by a string of the assigning organization's
choosing, which must make each assigned iSCSI name unique
5
are associated with iSCSI nodes instead of with network adapter cards to ensure the free
movement of network HBAs between hosts without loss of SCSI state information
(reservations, mode page settings etc) and authorization configuration.
Storage
The following is an example of an iSCSI qualified name from an equipment vendor:
iqn.2001-04.com.example:diskarrays-sn-a8675309
The following is an example of an iSCSI name string from a storage service provider:
iqn.1995-11.com.example.ssp:customers.4567.disks.107
Note that when reversing these domain names, the first component (after the "iqn.") will
always be a top-level domain name, which includes "com", "edu", "gov", "org", "net", "mil", or
one of the two-letter country codes. The use of anything else as the first component of these
names is not allowed.
What if you do not know the year and month in which the organization registered the
domain?
• Then, make one up. The reason why the year and month is part of the IQN is for
uniqueness. Of course, it is always preferable that you try to use the correct year and
month when possible.
Another iSCSI naming convention is the EUI. format:
• The iSCSI EUI. naming format allows a naming authority to use IEEE EUI-64 identifiers in
constructing iSCSI names. The details of constructing EUI-64 identifiers are specified by
the IEEE Registration Authority (see [EUI64]).
• Example iSCSI name: eui.02004567A425678D
The EUI naming convention should not be used because it is not supported in the current
iSCSI implementation.
This slide (iSCSI Name/Alias) and the next two slides (Discovery Methods and CHAP
Authentication) should be used to explain iSCSI concepts to the student. After the concepts
are explained, then the next sequence of slides describes how to configure the iSCSI
software initiator. Present this sequence of slides with this thought in mind: Concepts first,
then "How To" next.
• Two discovery
methods are
supported:
• Static
Configuration
• SendTargets
192.168.36.101:3260
• SendTargets
response returns IP Network
IQN and all
available IP SendTargets
request
SendTargets
response
addresses
iSCSI target
192.168.36.101:3260
5
Storage
5
Storage
The software initiator is a port of the Cisco iSCSI Initiator Command
Reference implementation. VMware has modified it to work with ESX 3
and the VMkernel networking stack. The software initiator works with the
vmkiscsid daemon that runs in the service console. Therefore, the service
console and VMkernel NICs both need access to the iSCSI storage since the
iSCSI daemon initiates the session and handles login and authentication.
The actual I/O goes through the VMkernel.
The hardware initiator provides access to storage like other types of SCSI
adapters. SCSI LUNs are made available to the ESX Server from the iSCSI
adapter. The hardware initiator offloads the iSCSI network traffic load from
the VMkernel’s networking stack.
For both initiators, hardware and software, the guest OS never specifically
sees iSCSI network traffic. Since the guest OS is not aware of the
underlying storage, the guest OS sees only virtual disk SCSI I/O traffic.
ESX Server does not support both hardware and software initiators running
simultaneously.
For a list of iSCSI storage arrays supported for iSCSI software and/or
hardware initiators, consult the Storage/SAN Compatibility Guide, available
on the VMware Web site.
The software initiator works with a daemon called vmkiscsid that runs in
the service console. Therefore, the service console and VMkernel NICs both
need access to the iSCSI storage since the iSCSI daemon initiates the
session and handles login and authentication. The actual I/O goes through
the VMkernel.
To get to the virtual switch display (shown above), in the VI Client
inventory list, select your ESX Server, click its Configuration tab, then
click the Networking link.
5
Storage
In order for the iSCSI software initiator to communicate with its target
iSCSI storage, outgoing port 3260 needs to be opened in the service console
firewall.
Use the VI Client to open the port. Select your ESX Server in the
inventory, then click its Configuration tab. Click the Security Profile link,
then click the Properties link to display the Firewall Properties window.
Locate the Software iSCSI Client service. Select the check box next to this
service to open this firewall port in the service console.
To configure the iSCSI software initiator, use the VI Client. Select your
ESX Server, click the Configuration tab, select the Storage Adapters link.
A list of available storage adapters is displayed. Select iSCSI Software
Adapter, then click the Properties... link.
• Enable the
iSCSI initiator
5
Storage
The iSCSI Initiator Properties window displays. Click the Configure
button in the General tab. The General Properties window displays. Select
the check box, Enabled, then click OK.
By enabling the software initiator, a default iSCSI name and alias is chosen
for you. The iSCSI name follows the IQN naming convention and the
iSCSI alias is the fully-qualified domain name of your ESX Server. You
can change these defaults if you wish, however, it is recommended to
always use the IQN naming convention when defining the iSCSI name. This
is because most iSCSI storage arrays know how to recognize that name. If
an IQN is not used, it is possible that an iSCSI array might not recognize it.
• In the Dynamic
Discovery tab,
enter the IP
address of each
target server for
initiator to
establish a
discovery session
5
Storage
The iSCSI Initiator Properties window has two tabs, Dynamic Discovery
and Static Discovery. To use the SendTargets method of discovery, enter
the address of the target device (referred to as the Send Targets server) in
the Dynamic Discovery tab. The initiator will establish a discovery session
with this target. The target device responds by forwarding a complete list of
additional targets that the initiator is allowed to access. The target device
responds with a list of available targets, which is displayed in the Dynamic
Discovery tab. The Static Discovery tab allows you to manually add IP
addresses of any targets you identify as accessible to your ESX Server.
However, adding static target IP addresses is only available with the
hardware initiator, not the software initiator.
To define the Send Targets server, click the Dynamic Discovery tab in the
iSCSI Initiator Properties window and create an entry for each target server
to discover.
• By default, CHAP
is disabled
• Enable CHAP
and enter CHAP
name and secret
To set a CHAP login name and password, click the CHAP Authentication
tab, then click the Configure... button. Type in a CHAP name and a CHAP
secret. You can choose to use the name of the initiator as the CHAP login
name. The CHAP secret must match the CHAP secret set at the target you
wish to establish communication with.
CHAP secrets (or shared secrets) are pre-shared keys (PSKs) that have been
allocated to the communicating parties prior to the communication process
starting. A shared secret is a string of text that a VPN service expects to get
before it receives any other credentials (such as a username and password).
Windows XP calls this string the "pre-shared key for authentication", but in
most operating systems it is known as a "shared secret". The VPN server
will not allow the authentication process to continue until the correct string
of text is given. Unless the VPN server receives the shared secret, a
username and password cannot be sent, and the connection will be refused.
In a sense, a shared secret is sort of a password, albeit a weak one known by
a large number of people.
5
Storage
After configuring the properties of the iSCSI software adapter, you are
ready to scan for iSCSI target LUNs. Click the Rescan link to start the
rescan.
The iSCSI software adapter is identified as vmhba32. An iSCSI hardware
adapter is identified using an available vmhba. For example, if an iSCSI
hardware adapter were added to the system above, the VMkernel would
name that adapter vmhba2.
If you are having problems accessing your iSCSI storage, check your
network configuration and iSCSI configuration.
Is the VMKernel port configured and on the same LAN as the storage
array?
• Examine the network configuration of your ESX Server.
• Make sure that you have a VMKernel port on a switch that is connected
to the same LAN as the iSCSI or NAS storage array.
• Make sure the IP address and subnet mask of the VMKernel port is
correct for the storage LAN.
• You should be able to ping the VMKernel address from the network
storage device.
Is a second service console port required?
• Examine the network configuration of your ESX Server.
• Is it possible for some other service console port on this ESX Server to
connect to the storage array (possibly via a router)? You should be able
to connect to your service console via SSH and ping the address of the
network storage device. If you cannot reach it with the ping command,
then you will need a second service console port.
• Make sure your storage device will respond to ping requests
• Make sure that no firewalls between the ESX Server service console
NIC and the storage array are blocking the ping requests.
5
that subnet, you must already have a defined VMKernel and/or service
console port on the subnet on which the gateway is defined. For
Storage
example, if your new VMKernel port is on subnet 10.1.161.x and your
gateway address for VMKernel traffic is 192.168.161.1, you must
already have a VMKernel port defined somewhere on 192.168.161.x.
• You must also make sure that the designated VMKernel and service
console routers are online and functioning properly.
Is Send Targets correctly configured for the Software Initiator?
• Your iSCSI storage device configuration requires that you enter either
an IP address or an FQDN for the storage array. If you are using a
hardware adapter, consult your vendor documentation on the correct
procedure to configure the iSCSI storage adapter. If you are using the
ESX Server's software initiator, you must correctly configure Send
Targets.
Is CHAP authentication required?
• Some iSCSI storage devices are configured to require Challenge
Handshake Authentication Protocol (CHAP) authentication. If you are
using a hardware iSCSI adapter, consult your vendor documentation to
determine how to configure CHAP authentication.
If CHAP is required, has the Software iSCSI Client firewall port been
opened on the service console?
• An open service console firewall port is required when you are using the
ESX Server's built-in iSCSI software initiator and CHAP authentication
is required by the storage array
• An open service console firewall port is NOT required when you are
using a hardware iSCSI initiator card, or you are using the ESX Server's
5
Storage
VMFS Datastores :
5
Storage
Lesson Topics
• Creating a VMFS datastore
• Extending a VMFS datastore
• Multipathing
The VMware File System (VMFS) is a file systemfile system optimized for
storing ESX Server virtual machines. VMFS can be deployed on a variety
of SCSI-based storage devices, including Fibre Channel and iSCSI SAN
equipment. A virtual disk stored on a VMFS always appears to the virtual
machine as a mounted SCSI device. The virtual disk hides a physical
storage layer from the virtual machine's operating system. This allows you
to run even operating systems not certified for SAN inside the virtual
machine.
Specific features of VMFS-3:
• Distributed journaling
• Faster file system recovery, independent of volume size or number of
hosts connected
• Scalable distributed locking-survives short and long SAN interruptions
much better
• Support for small files-small files allocated from sub-block resource
pool
VMFS volumes are accessible in the service console underneath the /vmfs/
volumes directory. This directory contains a subdirectory for each VMFS.
The serial number of the disk on which the VMFS resides is used as the
name of the subdirectory.
The maximum number of hosts allowed to access a single VMFS at the
same time is 32. This is a soft limit and a general recommendation.
Additional Information:
Locking Contention in VMFS-3: For those of you familiar with the locking contention issues
experienced in ESX 2/VMFS-2, here is the scoop on locking in VMFS-3: Locking contention
has in fact increased with VMFS-3 because VMFS-3 stores many more virtual machine files
than VMFS-2, such as log files, swap file, config file, snapshot file(s), etc. However, VMFS-
3 locking is scalable for a large number of files, so the behavior has improved because
locking overhead has decreased. VMware cannot disclose exactly how scalability has been
achieved in VMFS-3. Does locking contention still exist when snapshot files of multiple VMs
exist in the same VMFS? Yes, that is still true, but since locking is better now, we can
possibly host a bunch of snapshots on the same LUN. How many? We don't know yet. We
have yet to conduct the requisite experiments to figure out a number.
The command vmkfstools -R can be used to release SCSI locks.
5
Storage
When you create a VMFS, you can edit its properties. To create a VMFS
datastore, go to the ESX Server's Configuration tab, then select the Storage
link under the Hardware section. The screenshots in the slide are screens
from the Add Storage wizard, which is launched when you click the Add
Storage... link to create a VMFS.
VMware only supports a single VMFS on a single partition on a LUN.
A single-LUN VMFS must be at least 1.2 GB in size, but due to a limitation
of the SCSI-2 protocol, a VMFS cannot exceed 2 TBs in size.
5
Storage
The Storage display lists all datastores currently configured for the ESX In terms of the file system
block size, the VMFS-3 file
Server. Selecting a datastore from the list allows you to view its Details. system does automatic
To get to this display, go to ESX Server's Configuration tab, then click the sub-block to file block
Storage link. conversion. Small files
start by using sub-blocks,
and as they grow larger,
VMFS changes them to
use file blocks. However,
the file block size doesn't
change.
By the way, the answer is obvious if the software iSCSI initiator is being used because the
vmhba will always be vmhba32. The answer is not so obvious if the hardware iSCSI initiator
is used because you cannot readily tell if the vmhba is referring to a Fibre Channel adapter
or an iSCSI adapter. Since the screenshot shows that vmhba32 is not being used, then the
answer to this question is "It depends what vmhba0 and vmhba1 refer to."
5
vmhba0:0:3:1 vmhba0:0:6:1 vmhba0:0:3:1 vmhba0:0:6:1
Extent
Storage
In the ESX Server context, an extent is a hard disk partition on a physical
storage device that can be added to an existing VMFS-based datastore
dynamically, while the VMFS is in use. The datastore can stretch over
multiple extents, yet appear as a single volume (analogous to a spanned
volume.)
One reason for extending a VMFS is to give it more space. It is also used to
create a VMFS greater than 2TB in size. An extent must be added because
the maximum size of a VMFS extent, including the original LUN, is 2TB.
For example, to create a VMFS that is 6TB in size, create a VMFS 2TB in
size, then add 2 extents (each extent is 2TB) to make a 6TB VMFS.
A physical extent can be a maximum of 2 TB. A VMFS can have up to 32
physical extents for a maximum VMFS size of approximately 64 TB.
See the ESX Server Requirements section, "Maximum Configuration for
ESX Server" in the VMware Virtual Infrastructure Installation and Upgrade
Guide for more information on the maximum configuration.
Another reason for using extents is to improve performance. In some cases,
by having multiple VMkernel queues (one per LUN) and setting manual
load distribution to divide the traffic between multiple paths going to
multiple LUNs, overall I/O performance could improve for large VMFS
volumes with a single Virtual Disk file.
Be aware that when using extents with multiple LUNs, the master extent
member, which is the first LUN in the set, contains the metadata for the
5
Storage
To add an extent to a VMFS, go to the ESX Server's Configuration tab, then
select the Storage link. Select the VMFS to extend from the displayed list,
then click on the Properties... link. In the VMFS's Properties window,
click the Add Extent... button to launch the Add Extent wizard.
The only way to increase the size of an existing VMFS volume is to span it
to another LUN. If you enlarge the disk partition that contains the VMFS
volume, you will not be able to grow the volume to use the new space in the
partition.
“Test_Dev_22”
has two extents
• Multipathing allows
continued access to
SAN LUNs in the
event of hardware
failure
• Exactly one path is
active (in use) to
any LUN at any time
• Two multipathing
policies exist:
• MRU (Most
Recently Used)
5
• Fixed (Preferred
path)
Storage
The following multipathing policies are currently supported: The links between the
HBAs and the SPs are
• Fixed: The ESX Server always uses the preferred path to the disk when intended to show the
physical paths that ESX
that path is available. If it cannot access the disk through the preferred Server has a choice
path, then it tries the alternate paths. Fixed is the default policy for among. Make clear to the
active/active storage devices. students that ESX Server
uses exactly one path at a
• MRU (Most Recently Used): The ESX Server uses the most recent path time to any given LUN.
to the disk until this path becomes unavailable. That is, the ESX Server
ESX Server 3.5 enhances
does not automatically revert back to the original path. MRU is the native load balancing by
default policy for active/passive storage devices and is required for providing experimental
support for round-robin
those devices. load balancing of HBAs.
Manually changing Most Recently Used to Fixed is not recommended. The MRU is needed to prevent
ping-pong’ing LUN
VMkernel sets this policy for those arrays that require it. ownership in the Storage
Array when a given host
The ESX Server automatically sets the multipathing policy according to the experiences path failure.
make and model of the array it detects. If the detected array is not
supported, it is treated as active/active. For a list of supported arrays, see the
SAN Compatibility Guide.
ESX Server supports failover with any supported Fibre Channel adapter.
The BIOS of the Fibre Channel adapter allows you to configure the failover
delay. ESX Server multipathing is only supported for failover, not automatic
load balancing. However, manual load balancing can also be achieved.
• SendTargets advertises
multiple routes
• It reports different IP
addresses
to allow different paths to
the iSCSI LUNs
• Routing done via IP
network
IP Network
• For the software initiator
• Counts as one network
interface
• NIC teaming and multiple
SPs allow for multiple paths
IP networking already has multipath support built in (e.g. IP networking
does routing, if you're using dynamic routing protocols). Therefore, it
provides a simpler multipath structure than Fibre Channel networks. iSCSI
initiators recognize multiple paths from a SendTargets discovery. Like our
support with SANs, ESX uses multipathing for failover purposes only. The
failover polices of fixed and MRU (most recently used) are the same
policies used with SAN multipathing.
ESX Server supports supports an active/passive configuration only. It also
supports only one type of multipathing at a time, either software initiator
multipathing or hardware initiator multipathing, but not both at the same
time.
Since the software initiator counts as only one "HBA", it relies on the
underlying network to provide it with multiple paths to the iSCSI LUNs.
This is accomplished by placing the VMkernel port used for iSCSI storage
access on a virtual switch that has NIC teaming in place.
There is no heterogeneous multipathing. In other words, you cannot use a
NIC and an iSCSI adapter to access the same iSCSI storage. The software
initiator only supports a single storage interface, in other words, the
software initiator looks like a single iSCSI HBA. However, keep in mind
that the software initiator sits on top of multiple NICs and therefore,
multipathing can be performed through the networking layer in the
VMkernel via NIC teaming.
5
Storage
Pathing information can be managed, for example, you can set a preferred
path to be used for a particular LUN. You can also enable or disable a path
to a particular LUN. To manage paths, use the VI Client. Select your ESX
Server in the inventory, then click its Configuration tab. Select the
Storage link, select the desired storage from the Storage list, then click its
Properties... link. In the Storage Properties window, click the Manage
Paths button to change your path configuration.
If a LUN is not formatted, you can set the preferred path; however, the
active path will not be switched to the preferred path until the LUN is
formatted. Preferred paths can only be used with a Fixed policy.
5
Storage
5
Datastores :
Storage
Lesson Topics
• NAS storage
• NFS components and addressing
• Configuring an NFS datastore
5
Storage
ESX Server supports the following shared storage capabilities on NFS
volumes:
• Use VMotion
• Create virtual machines
• Boot virtual machines
• Mount ISO files, which are presented as CD-ROMs to virtual machines
The NFS client built into ESX Server lets you access the NFS server and
use NFS volumes to store virtual machine disks.
5
Storage
/etc/exports defines the systems allowed to access the shared directory.
The options used in this file are:
• Name of directory to be shared
• Subnet(s) allowed to access the share
• rw: Allows both read and write requests on this NFS volume.
• no_root_squash: By default, the root user (whose UID is 0) is given
the least amount of access to an NFS volume. This option turns off this
behavior because the VMkernel needs to access the NFS volume using
UID 0.
• sync: All file writes must be committed to the disk before the write
request by the client is actually completed.
For the ESX Server to access the NFS datastore over the network, a
VMkernel port must be configured manually. The name of this port can be
anything you want. In the example above, it is named "NFS Access." The
VMkernel port can be created as either another connection on an existing
virtual switch or as a new connection on a new virtual switch.
5
Storage
To configure an NFS datastore, select your ESX Server in the inventory,
then click its Configuration tab. Select the Storage link. Click the Add
Storage... link, then select Network File System as the storage type. Enter
the properties of your NFS datastore, as shown above.
There are various reasons for mounting an NFS as a read-only file system:
• You want the NFS to be a library of files, such as ISO images
• You do not want this file system to be space for users to place their
personal files
• You have a limited amount of space in the NFS and you do not want
users accidentally filling up the NFS file system
After creation, the NFS datastore shows up in the Storage display of the
server's Configuration tab. From this screen, you can also display the
contents of the datastore: right-click the datastore, then select Browse
Datastore... from the menu.
5
Storage
If you are having problems accessing your NFS datastore, check your
network configuration and NFS configuration.
Is the VMKernel port configured and on the same LAN as the storage
array?
• Examine the network configuration of your ESX Server.
• Make sure that you have a VMKernel port on a switch that is connected
to the same LAN as the NAS storage array.
• Make sure the IP address and subnet mask of the VMKernel port is
correct for the storage LAN.
• You should be able to ping the VMKernel address from the network
storage device.
Is there an error in the network configuration (storage array IP address,
routing, etc.)?
• Your network storage device configuration under ESX Server requires
that you enter either an IP address or an FQDN for the storage array.
Make sure this address and/or FQDN is correct.
• If you connect to your storage via a routed network (not recommended),
is your default router set for that network? Each ESX Server has a
default router gateway set for all VMKernel and service console traffic.
The gateway set for VMKernel does not have to be the same as the one
for the service console, but there can only be one for each. All
VMKernel ports use the same router and all service console ports use
the same router. If you are adding a new VMKernel or service console
5
Storage
After students create their NFS datastore, encourage them to view the contents of the NFS
datastore. To do this, right-click the NFS datastore, then select Browse Datastore.
5
Storage
Questions?
6
Virtual Center Installation
Importance
• VirtualCenter Server allows you to centrally manage multiple ESX
Servers and VMs. VirtualCenter Server also gives large-scale
environments added functionality in the areas of resource balancing and
high availability.
Module Lessons
• VirtualCenter Software Installation
• VirtualCenter Inventory Hierarchy
• Using VirtualCenter to Manage Hosts and VMs
VirtualCenter Software
Installation :
Lesson Topics
• VirtualCenter Components
• VirtualCenter Architecture
• VirtualCenter Database
• VMware License Server
• VirtualCenter Server
• VMware Infrastructure (VI) Client
6
Servers and virtual machines. It is a software product consisting of
numerous services and modules that is installed on a Windows server. The
VirtualCenter Server also has some optional features. These are packaged
6
and installed with the base product, but require a separate license. Optional
features include:
Additional
Services
User VMware
Core Third-party
Access Web Applications
Services Control SDK
Modules
Third-party
Applications
Database
Interface
Third-party
Applications
ESX Server Management
VirtualCenter
Database
ESX Hosts
6
functionality to VirtualCenter. The VirtualCenter modules are:
• VMware Update Manager – Enables security administrators to enforce
This is the recommended There is an order you must follow during the VirtualCenter Server
order of installation. If you
are using either SQL
installation:
Server or Oracle, the
database instance must be 1 Begin by sure your hardware and software meet the required
created for VirtualCenter prerequisites.
before performing the
installation. The 2 Create a database on either a supported Microsoft SQL or Oracle
VirtualCenter installer Database server.
populates the database
with VirtualCenter tables 3 Create a database connection to your database, either SQL Server or
and views. The License Oracle.
Server can be installed
before or during the 4 Install the VMware License Server.
VirtualCenter Server
installation (the 5 Install the VirtualCenter Server.
VirtualCenter Server 6 Install the VMware Infrastructure Client.
installer wizard prompts for
and will install a license
server if one is not already
installed.) The Virtual
Infrastructure Client can be
installed at any time.
• Hardware Requirements
• Processor – 2.0GHz or higher Intel or AMD x86 processor
• Memory – 2GB RAM minimum
• Disk storage – 560MB minimum, 2GB recommended
• Networking – 10/100 Ethernet adapter minimum (Gigabit
recommended)
• May be run in a Virtual Machine
• Software Requirements
• 32-bit version operating system only:
• Windows 2000 Server SP4 with Update Rollup 1
• Windows XP Pro SP2
• Windows 2003 Server SP1
• Windows 2003 Server R2
VirtualCenter Server hardware must meet the following requirements:
6
• Processor – 2.0GHz or higher Intel or AMD x86 processor. Processor
requirements can be larger if your database is run on the same hardware.
•VirtualCenter has a
built-in database
calculator
•Administration ->
VirtualCenter
Management Server
Configuration
•Select Statistics
•Noactual database
changes are made
•This is a “what-if”
calculator
The size of the database varies with the number of hosts and virtual
6
machines you manage. To ensure your database can handle the statistics
collection you configure, the VI Client provides you with a database
If you are using Microsoft SQL Server the database user must be assigned
either a sysadmin server role or the db_owner fixed database role. For
Microsoft SQL Server, you will need to create an ODBC connection. This
needs to be done prior to starting the VirtualCenter installation process. The
ODBC connection should be created as a System DSN connection.
If you are using Microsoft SQL Server, always use SQL Server
Authentication unless the SQL Server is running on the same system as the
VirtualCenter Server. If both your Microsoft SQL database server and your
VirtualCenter server are running on the same computer, you may use
Windows Authentication. Installing the database on the same system as the
VirtualCenter Server is not recommended unless the hardware (either virtual
or physical) is sized with enough capacity to handle both applications.
For details on setting up an Oracle database for VirtualCenter, consult the
ESX Server 3 Installation Guide, available on the VMware Web site.
License Server
ESX Servers
VirtualCenter
Server
6
The VMware License Server can be installed at the same time the The VMware License
Server is a distributed
VirtualCenter Server is installed. VMware strongly recommends that you license system, based on
There is a 14-day grace period during which hosts continue operation, The VMware License
Server is a distributed
6
relying on a cached version of the license state, even across reboots. After license system, based on
the grace period expires, certain ESX Server operations, such as powering technology licensed from
industry-standard FlexNet.
Once you have your database setup and your license server configured you
may install VirtualCenter Server. Once VirtualCenter Server is installed, a
number of new services will appear in the Windows system:
• VMware Capacity Planner Service
• VMware Converter Enterprise Service
• VMware Infrastructure Web Access: Allows users to manage VMs
using a web browser
• VMware License Server
• VMware Mount Service for VirtualCenter: Service used during guest
OS customization (during cloning a VM or deploying a VM from a
template)
• VMware Update Manager Service
• VMware VirtualCenter Server: The heart of VirtualCenter, it centrally
manages all tasks performed on the ESX Server and virtual machines
If the Windows OS that VirtualCenter Server is running on top of is a
member of a Windows Domain (either NT4 or Active Directory), it will
automatically access all Windows user and group accounts in that (and any
trusted) Windows Domains.
6
Virtual Center Installation
6
The VI Client and the Web Client are the user interfaces used to access
either the VirtualCenter Server or the ESX Server directly. The Web Client
NOTE
A single VirtualCenter Server can manage ESX Servers that are located in
6
different geographical locations but connected by a WAN link or VPN link.
The bandwidth required for communications between the VirtualCenter
The standby server must If the VirtualCenter Server fails, it will not affect the runtime behavior of
be an exact copy of the
primary server. Host name,
the virtual machines and the ESX Servers. The ESX Servers and virtual
IP address, and SSL machines continue to run normally. When the VirtualCenter Server comes
identity must be the same. back up, it can reconnect to running hosts and re-synchronize the state of
This is becaue the
VirtualCenter configuration the hosts and their virtual machines.
file, /etc/vmware/vpxa.cfg
contains a hard reference One possible strategy for VirtualCenter Server high availability is to create
to the IP address of the a standby VirtualCenter Server, either on a physical machine or in a virtual
VirtualCenter Server.
machine. The standby VirtualCenter Server is an exact copy of the primary
VirtualCenter Server. Leave it powered off, until it needs to take the place of
the primary VirtualCenter Server. Multiple VirtualCenter Servers are not
allowed to manage the same inventory at the same time.
You can also use clustering software so the VirtualCenter server process is
automatically restarted on a standby server if the primary server fails. For
more information, consult the technical paper, Using MSCS to Cluster
VirtualCenter, available on the VMware website at
http://www.vmware.com/pdf/VC_MSCS.pdf.
Another strategy is to use the clustering capabilities of the database itself,
which both SQL Server and Oracle provide.
• One reason:
VMware
VirtualCenter
Server service is
not running
6
If you try to login to your VirtualCenter Server using the VI Client and are
unable to, there are several possible reasons:
6
when the VirtualCenter Server boots up. However, if the VirtualCenter
Server service fails to start, this problem must be resolved. Without this
If the license server does not start, the most likely cause is an incorrect or The link to any KB article
is http://kb.vmware.com/
6
corrupt license file. Knowledge Base article 1013698 provides the syntax kb/#######, where
description for your license files, both host- and server-based. The link to ####### is the KB article
ID.
• Install VirtualCenter
• In this lab, you will perform the following tasks:
•Open a Remote Desktop Connection (RDC) to your
VirtualCenter Server
•Create an ODBC connection to the SQL Server
VirtualCenter database
•Install the VMware License Server
•Install the VirtualCenter Server
•Install the VMware Infrastructure Client (Optional)
6
Virtual Center Installation
VirtualCenter Inventory
Hierarchy :
Lesson Topics
• VirtualCenter inventory hierarchy
• Adding ESX Server to inventory
Where networks
and datastores
are configured
6
either containers of other objects, such as folders, or objects that you
manage, such as hosts and virtual machines. The inventory hierarchy is
6
Items within the inventory may be placed into folders. Folders and sub-
folders may be created to better organize systems.
run
nin Cluster for VMware HA
g on
on
g
nin Cluster for VMware DRS
n
ru
An ESX Server serves as the platform on which virtual machines run. Hosts
6
that are not grouped together are known as standalone hosts. Hosts that are
grouped together are referred to as a cluster.
This graphic shows the two most common views used in the VirtualCenter
Inventory: the Hosts & Clusters view and the Virtual Machines &
Templates view. The other two views are the Networks view and the
Datastores view.
To display a view in the VI Client, select the desired view in the Inventory
panel’s drop-down menu.
Note that you cannot see templates in the Hosts & Clusters view. It is
possible to see templates in this view by selecting the Hosts & Clusters
folder and selecting the Virtual Machines tab.
Also note that you cannot see hosts or clusters in Virtual Machines &
Templates view. It is possible to see hosts in this view by selecting the
Virtual Machines & Templates folder and clicking on the Hosts tab.
6
If you cannot add an ESX Server to the VirtualCenter inventory, here are
some possible reasons:
• If you are in the VI Client and you get the error message:
6
“not responding”, here are possible reasons:
• The VirtualCenter Server lost network connection to the ESX Server. If
6
Virtual Center Installation
Lesson Topics
• Lockdown Mode
• Scheduled Tasks
• Administration
• Events
• System Logs
• Maps
• Consolidation
• Plugins
• Client Settings
Use the VI Client to directly manage ESX Servers that are under
6
VirtualCenter administration only in case of unusual circumstances, for
example, for command-line troubleshooting. Making changes on an
Module 6 Virtual Center Installation: Using VirtualCenter to Manage Hosts and VMs 225
Scheduled Tasks
• Scheduled Tasks
can schedule many
key operations on
virtual machines and
hosts
Click on the Scheduled Tasks panel to see the scheduled tasks. If you right-
click anywhere in the Scheduled Tasks window, you may add a new task.
Tasks include operations like powering down a virtual machine at a specific
time. You can also schedule resource-intensive operations such as the
deployment of new virtual machines from templates at off-hours.
6
convenient way to see who is logged into this VirtualCenter Server. It is also
possible to send real-time message broadcasts to all VI Clients that are
Module 6 Virtual Center Installation: Using VirtualCenter to Manage Hosts and VMs 227
Events
Event Search
vpxd-index identifies
the current log file
Log Search
The System Logs tab is another important tab on the Administration button. If the VI Client were
connected directly to the
6
Logs can be searched in the same manner as events. Like events, the system ESX Server, then local
logs can be useful when troubleshooting problems. ESX Server logs will be
available instead.
Module 6 Virtual Center Installation: Using VirtualCenter to Manage Hosts and VMs 229
Maps
The Consolidation panel will launch the Guided Consolidation feature. This
6
feature enables you to consolidate physical systems in your datacenter by
converting them to virtual machines and importing them into VirtualCenter.
Module 6 Virtual Center Installation: Using VirtualCenter to Manage Hosts and VMs 231
Plugins
• Client Settings
You may adjust the VI Client settings by clicking Edit in the menu bar, then
6
selecting Client Settings... from the drop-down menu. This is important for
things like adjusting the timeout values for slow WAN connections. Other
Module 6 Virtual Center Installation: Using VirtualCenter to Manage Hosts and VMs 233
Lesson Summary
6
Virtual Center Installation
Module 6 Virtual Center Installation: Using VirtualCenter to Manage Hosts and VMs 235
Questions?
Questions?
7
Importance
Module Lessons
• Create a VM
Create a VM :
Lesson Topics
• VM virtual hardware
7
• Create a VM
• Installing a guest OS into a VM
The table above lists the files that make up a virtual machine. Except for
the log files, the name of each file starts with the virtual machine's name
(VM_name). A virtual machine consists of the following files:
• A configuration file (.vmx)
7
• One or more virtual disk files (first virtual disk has files VM_name.vmdk
and VM_name-flat.vmdk; subsequent virtual disks are named
• Right-click Datastore to
browse its files
7
virtual machine in the inventory and view its Summary tab. The list of
datastores used by the virtual machine is shown in the Resources section.
Up to 4
CD-ROMs 1-2 drives
Up to
64GB
RAM
1-4 adapters
VM Chipset
1 CPU (2 or 4 CPUs
with VMware SMP) 1-4 adapters;
1-15 devices each
Make sure it is clear to the Each guest OS sees ordinary hardware devices; it does not know that these
student that this is "virtual"
hardware. The
devices are actually virtual. Furthermore, all virtual machines have uniform
administrator of the ESX hardware (except for a small number of variations the system administrator
Server gets to manage the can apply). This makes virtual machines uniform and portable across
mapping between virtual
and physical hardware. platforms.
ESX Server VMs lack USB and lack sound adapters.
Each virtual machine has a total of 6 virtual PCI slots; one is used for the
virtual video adapter. Therefore the total number of virtual adapters, SCSI
plus Ethernet, cannot be greater than 5. The virtual chipset is an Intel
440BX-based motherboard with an NS338 SIO chip. This chipset ensures
compatibility for a wide range of supported guest operating systems
(including legacy OSs such as Windows NT). A virtual machine can have
up to 2 IDE controllers, which means up to 4 CD-ROM drives are supported
per virtual machine.
• 1, 2 or 4 virtual CPUs
(VCPUs)
• Virtual SMP license required
for 2- and 4-VCPU VMs
• Specify maximum memory
size (up to 64GB)
• Amount the guest OS will be
told it has
Virtual Machine
Although the VI Client interface may provide a default memory size for
your VM at the time of creation, understand the memory needs of your
application and guest OS and size accordingly. The maximum memory size
allowed for any VM is 64 GB. Memory size is the maximum amount of
physical memory that the virtual machine can use.
7
If you have purchased the Virtual SMP product, you may take advantage of
that purchase by selecting one-, two- or four- processors. Many guest OS/
Datastore
Virtual Machine
• Network adapter
• Connect to virtual switch
• CD-ROM drive
• Connect to CD-ROM or
ISO image
• Floppy drive
• Connect to floppy or
floppy image
• Generic SCSI devices Virtual Machine
(such as tape libraries)
• May be connected to
additional SCSI adapters
Virtual CPU, virtual memory and virtual disk are your required virtual
hardware. Additional virtual hardware that you can add to your virtual
machine are virtual NIC(s), a virtual CD-ROM drive, a virtual floppy drive
and generic virtual SCSI devices. The virtual CD-ROM drive or floppy
drive can point to either the CD-ROM drive or floppy drive located on the
7
ESX Server, a CD ISO image (.iso) or floppy (.flp) images, or even the CD-
ROM or floppy drive on your local system.
The popular Windows freeware utility rawread.exe will also serve this
purpose.
• Send power
changes to VM VM Console
icon
• Access VM’s
guest OS
• Send Ctrl+Alt+Del
to guest OS
• Press
Ctrl+Alt+Ins in
VM console
• Press Ctrl+Alt to
release cursor
from VM console
VM Console
Local
7
share the ISO images across multiple ESX Servers, as long as the datastore
is visible to the ESX Server.
7
Virtual Machine Creation and Management
Options Scripts
Right-click to open
Devices
The most visible benefit of VMware Tools are that you get better video
performance and that you can move your mouse pointer freely into and out
of the VM console window. On VMware's server platforms, VMware Tools
also installs other important system services such as virtual machine
heartbeat monitoring and time synchronization.
If you right-click (or double-click) the VMware icon (located in the lower-
right hand corner of the screen on Windows guests) you may open the
VMware Tools Properties window. This allows you to control Options,
Scripts, and Devices:
• Options: There are three options:
• Enable time synchronization between the virtual machine and the
ESX Server. Enabling this is best-practice, but will require you to
disable any internal time-synchronization within the guest operating
system.
• Show VMware Tools in the toolbar. Without this, the VMware Tools
icon is not shown.
• Notify if a VMware Tools upgrade is available.
• Scripts: Scripts allow you to specify scripts that may be run during
power-state changes for the virtual machine. You may use either a
default script (included with VMware Tools) or specify a custom script.
• Devices: Devices may be connected and disconnected while the VM is
powered on. These include CD-ROM and floppy media, and network
connections.
NFS, the Unix/Linux equivalent of Windows shares, requires that server and client keep their
clocks in synchronization. Even if you are using Windows shares, there are many
applications that suffer if systems' clocks are not synchronized. For example, in a software
development environment, we rely on files' timestamps to determine whether they are out of
date; if files are stored on a server with a clock set in the future, files will appear current
when they are not.
For more information on time synchronization, there is a white paper on this subject named
"Timekeeping in VMware Virtual Machines", located at http://www.vmware.com/pdf/
vmware_timekeeping.pdf.
7
Virtual Machine Creation and Management
7
Virtual Machine Creation and Management
Lesson Topics
• Templates
• Creating and deploying VMs from a template
• Cloning a VM
• Customizing a guest OS
• Deploying across datacenters
• Importing and exporting Virtual Appliances
• A VirtualCenter
feature used to
create commonly-
deployed VMs
• A VM marked as
never to be
powered on
• Disk files stored in
either normal or
compact disk
format
• All files can be
stored in a VMFS
or NFS datastore
7
the virtual machine's disk files remain untouched. Use this option if you
want to convert the template back into a running machine. With compact
Module 7 Virtual Machine Creation and Management: Create Multiple VMs 257
Create a Template
• Two methods:
• Clone to Template
• Convert to Template
• Choose Clone to
Template if the
original VM is still
needed
There are two ways to create a template: Clone to Template and Convert to
Template. When you clone a VM to template, the original VM is retained.
When you convert a VM to template, the original VM goes away.
7
VM back to a template.
To convert a template back to a virtual machine, in the VI Client, display
Module 7 Virtual Machine Creation and Management: Create Multiple VMs 259
View Templates
To view all templates, use the VI Client. Go to the Virtual Machines &
Templates view by clicking the Inventory panel’s drop-down list and
selecting Virtual Machines and Templates. You can also view templates
from the Inventory panel’s Hosts & Clusters view: select the Hosts &
Clusters folder and click its Virtual Machines tab.
Templates are distinguished from virtual machines by their icon.
7
the guest OS for you.
Module 7 Virtual Machine Creation and Management: Create Multiple VMs 261
Clone a VM
• An alternate method
of deploying a VM
• Exact copy of VM
• Customization of a
clone’s guest OS is
recommended to
prevent software and
network conflicts
• It is also possible to
Clone a Template
7
• Retrieve the installer for Microsoft Windows 2003 sysprep from the
Microsoft web site.
Module 7 Virtual Machine Creation and Management: Create Multiple VMs 263
Deploying Across Datacenters (1 of 3)
• VM deployment is
allowed across
datacenters
• Clone a VM from
one datacenter to
another
• Deploy from a
template located in
one datacenter to a
VM in a different
datacenter
• For example
• Clone Prod01 from Datacenter A to Datacenter B
• Example
(continued)
• Right-click
Prod01
• Select Clone
from the drop-
down menu
• Work through
the Clone
Virtual Machine
Wizard
The Clone Virtual Machine Wizard is used to clone any virtual machine,
whether within the same datacenter or across datacenters. The Inventory
Location area in the wizard shows the datacenters available. Choose the
appropriate datacenter.
7
Virtual Machine Creation and Management
Module 7 Virtual Machine Creation and Management: Create Multiple VMs 265
Deploying Across Datacenters (3 of 3)
Since the operation you are performing is being done across datacenters,
you may receive a warning message. In the example above, the warning
message is about the network named “Production”, which is being used by
the source VM. This network may not actually be the same network on the
source and destination. This is because network names are only unique
within a datacenter.
• Pre-configured
virtual machines
http://www.vmware.com/appliances/
• Usually designed
for a single
purpose
• Examples:
•Safe-browser
•Firewalls
• Import from web-
sites such as the
Virtual Appliance
Marketplace
• Export your own
VMs as Virtual
Appliances
Appliances in your home include devices such as a washing machines,
refrigerators, table lamps, and televisions. These are all devices that have
basically one function and are designed to be used by almost anyone with
little or no training. The same things are true about virtual appliances.
Virtual Appliances should be simple to use and designed primarily for a
7
single purpose.
Virtual Appliances are pre-configured virtual machines that typically
Module 7 Virtual Machine Creation and Management: Create Multiple VMs 267
local file systems can include local disks (such as C:), removable media
(such as CDs or USB keychain drives), and shared network drives.
Exporting virtual machines allows you to create virtual appliances that can
be imported by other users. You can use the export function to distribute
pre-installed software as a virtual appliance, or as a means of distributing
template virtual machines to users, including users who cannot directly
access and use the templates in your VirtualCenter inventory.
• Select VM
• Use File menu
• Export Storage
on VI Client
host folders
OVF (Open Virtual machine Format) is a file format that allows for the
exchange of virtual appliances across products and platforms. The OVF
format offers the following advantages:
• OVF files are compressed, allowing for faster downloads.
7
• The VI Client validates a OVF file before importing it, and ensures that
it is compatible with the intended destination server. If the appliance is
Module 7 Virtual Machine Creation and Management: Create Multiple VMs 269
Import Virtual Appliance
• Template Provisioning
• In this lab, you will perform the following tasks:
•Configure guest OS customization on the VirtualCenter
Server
•Convert a virtual machine to a template
•Convert a template back to a virtual machine
•Clone a virtual machine to a template
•Deploy a virtual machine from a template
7
Virtual Machine Creation and Management
Module 7 Virtual Machine Creation and Management: Create Multiple VMs 271
Lesson Summary
Lesson Topics
• VMware Converter Enterprise:
7
• Capabilities
• Components
Module 7 Virtual Machine Creation and Management: VMware Converter Enterprise 273
VMware Converter Enterprise Capabilities
VI-Clients with
Converter Enterprise
Client Plug-in
7
Server and submits Converter tasks
• Agent: Prepares a physical machine for import
Module 7 Virtual Machine Creation and Management: VMware Converter Enterprise 275
Installing VMware Converter Enterprise
The Vista and Longhorn The Converter Server is a Windows-based application capable of running
support only applies if
installing Converter on a
on Windows 2000, XP/2003 (32-bit and 64-bit), Vista (32-bit and 64-bit),
standalone server. Windows Longhorn (32-bit and 64-bit). Its install options include:
• Installing locally on the VirtualCenter Server
• Installing on a standalone physical server
• Installing in a VM
VMware will have the With the last two option, Converter Server requires a connection to a
ability to release Converter
asynchronously from
VirtualCenter Server running VirtualCenter Server 2.5 or later.
VCESX releases.
The VI Client plug-in is The Converter Client is a VI Client plug-in which adds new menu items to
based on the standalone
Converter’s wizard Some
the interface, both in the VI Client’s menu bar and right-click objects. Install
fields, such as the Converter Client from the VMware Infrastructure Client Plugins menu.
VirtualCenter credentials,
will not be required. Other Install the Converter Enterprise CLI on the same machine as Converter
fields will be pre-populated Enterprise Server, or on a different machine with access to a Converter
based on how it is
launched Enterprise Server.
Converter Enterprise Agent prepares a physical machine for import from a
remote machine running Converter Enterprise Server. Converter Enterprise
Server installs Converter Enterprise Agent on physical machines as needed,
in order to import them as virtual machines. Users have the option to
automatically remove Converter Enterprise Agent from the source physical
machine after the import is complete.
7
copying the data on the source machine’s hard disk and transferring that
data to a target virtual disk (the new cloned disk).
Module 7 Virtual Machine Creation and Management: VMware Converter Enterprise 277
For remote cloning, the source machine can be accessed via an agent
without having to physically touch it, as long as it is running and network-
accessible. Remote cloning installs, uses, then deinstalls an agent.
With local cloning, the migration is performed using standalone VMware
Converter Enterprise running on the source machine.
Running
physical machine
ESX Server
Source
volumes
source
destination
Here are the general steps that occur during a remote hot cloning operation. Volumes can be resized
during hot cloning.
All steps are automated, in other words, they are performed by Converter
Enterprise without user involvement after the user has created and initiated
the task.
Stage 1: Preparing source machine for conversion
7
• Converter Enterprise Server installs Enterprise Agent on source machine
Module 7 Virtual Machine Creation and Management: VMware Converter Enterprise 279
Cold Cloning - Four Stages
VMware Converter
Enterprise Boot CD
Source
destination
volumes
source
Standalone VMware Here are the general steps that occur during a cold cloning operation. After
Converter Enterprise
application is located on
the user boots from the Converter Enterprise Boot CD and uses the wizard
the Converter Enterprise to set up and run the task, standalone Converter Enterprise performs the
Boot CD, which a user remaining steps without user involvement.
reboots the source
machine from in order to Stage 1: Preparing the source machine image
perform cold cloning.
• User boots the source machine from the Converter Enterprise Boot CD
Volumes can be resized
during cold cloning. and uses Standalone VMware Converter Enterprise to define and start
the migration.
• Standalone Converter Enterprise copies the source volumes into a RAM
disk.
Stage 2: Preparing the virtual machine on the destination machine
• Standalone Converter Enterprise creates a new virtual machine on the
destination machine.
• Standalone Converter Enterprise copies volumes from the source
machine to the destination machine.
7
Virtual Machine Creation and Management
Module 7 Virtual Machine Creation and Management: VMware Converter Enterprise 281
Importing a Server
7
With volume-based cloning, all volumes in the destination virtual machine
are basic volumes (primary partitions or logical drives that can be accessed
Module 7 Virtual Machine Creation and Management: VMware Converter Enterprise 283
Changes to Virtual Hardware
7
•
• Verify that your user account has administrative privileges in order
Module 7 Virtual Machine Creation and Management: VMware Converter Enterprise 285
• Verify that the physical network switches on the source machine’s
network are configured properly, for example, the speed and duplex
settings are set correctly.
• Converter Enterprise Agent cannot detect the OS on the remote system:
• VMware Converter Enterprise can import any physical machine
running one of the following operating systems: Windows NT 4
Workstation/Server SP4+, Windows 2000 Professional/Server/
Advanced, Windows XP Home (cold cloning only), Windows XP
Professional (32-bit and 64-bit), Windows 2003 Standard/Web/
Enterprise (32-bit and 64-bit) and Windows Vista (32-bit and 64-
bit).
• If you attempt to hot-clone a Windows physical machine, and this
machine uses Windows software mirroring, the import fails with the
error message, “Unable to determine guest operating system”. If this
is the case, break the software mirror before attempting the hot-
clone.
• From practical experience, it has been found that sometimes
changing the boot.ini file’s permissions from read-only to read/
write fixed conversion problems.
For more details on the VMware Converter Enterprise product, consult the
VMware Converter Enterprise Administration Guide, available on the
VMware Web site.
7
Virtual Machine Creation and Management
Module 7 Virtual Machine Creation and Management: VMware Converter Enterprise 287
Lesson Summary
Manage VMs :
Lesson Topics
• Move VM to a different ESX Server
7
• Snapshot a VM
• Modify a VM’s configuration
A cold migration is used to move a virtual machine from one ESX Server to
another while the VM is powered off. With a cold migration, all the VM's
files may or may not move. Keep in mind that the VM's files are located in
a subdirectory on either a VMFS datastore or an NFS datastore. When the
destination ESX Server is not able to see the VM's files (because, for
example, the VM's files are located in a local datastore on the source ESX
Server), then the files must be moved to a datastore visible to the destination
ESX Server in order for the VM to be migrated. The migration wizard
offers the choice to move the VM from one host to another, or move just the
VM files from one datastore to another, or both.
You can also use cold migration to move a VM's files from its current
datastore to a different datastore, without moving it to a different ESX
Server.
• Snapshots
• Useful when you need to revert
repeatedly to the same state,
without creating new VMs
• Useful in test/dev, training
scenarios
• Snapshot manager manages
your snapshots
•Right-click virtual machine in
inventory
•Select Snapshot -> Snapshot
Manager from menu
Snapshot Manager
Snapshots let you preserve the state of a virtual machine so you can return
to the same state repeatedly. A snapshot captures the entire state of a virtual
machine at the time you take the snapshot. This includes the settings state,
the disk state and the memory state. The settings state contains the virtual
machine settings. The disk state contains the state of all the virtual
7
machine's virtual disks. The memory state represents the contents of the
virtual machine's memory. Memory state is captured only if you are
7
Use the following procedure to launch the Virtual Machine Properties
window:
7
(RDM) is a special file that lives in a datastore (VMFS and NFS) and points
to the actual SAN LUN. The VM is able to access its SCSI LUN through
• Why add an
additional NIC?
• To allow a VM to
access multiple
networks
• To create a firewall
environment
• Must be added while
VM is powered off
Increased
from 7 GB
to 9 GB
It is possible to expand the size a virtual disk. This task can only be
performed while the VM is powered off.
To resize a VM’s disk, right-click your VM in the inventory, then select
Edit Settings from the drop-down menu. Select the desired hard disk and
7
enter a new size. The virtual hard disk will expand to the new size.
This is similar to increasing the size of a LUN. If the VM were a physical
• General
• VMware Tools
• Power Management
• Advanced
The Options tab in the Virtual Machine Properties window allows you to
change a VM’s options. It has several powerful features that are broken
down into four categories:
• General
• VMware Tools
• Power Management
• Advanced
The next several pages will cover some of the important things you can do
to modify a VM from the Options tab.
VM display name
VM directory
Guest operating
system type
The General Options can be used to modify things like the display name
used for the VM and the type of guest operating system installed. The
location and name of the configuration file (.vmx file) is displayed and the
location of the virtual machine’s directory is also shown. You can select the
text for the configuration file and working location if you need to cut and
7
paste them into a document. But only the display name and the guest
operating system type may be modified.
If you change the display name, that is not going to change the names of all
of the VM files or the directory the VM is stored in. When a VM is first
created, the file names and the directory name associated with the VM are
based on its display name. But changing the display name later does not
modify these file and directory names.
Customize power
button actions
When to run
VMware Tools
scripts
Update checks
and time synch
The VMware Tools options window controls how the VMware Tools inside
the virtual machine respond to certain external events. You can use these to
customize the power buttons on the VM. For example, the red square
power-off button for a VM can be set to always perform a guest shutdown.
This is far safer for the VM. It is like the difference between using the Start
/ Shutdown command within Windows as opposed to just unplugging the
PC.
The VMware Tools program can be set to run certain scripts when specific
events (like a power-off) occur. That has to be set from within the guest OS
though by opening the VMware Tools window. Once those scripts are
selected and enabled this screen controls when the VM checks to see if
scripts should actually be run. This gives you the advantage of enabling or
disabling script operations from outside the VM while it is powered-off.
The Advanced box has two important functions. One is to check possibly
update VMware Tools automatically if a newer version becomes available.
The other is to enable time synchronization with the host. As a best practice
time synchronization with the host should always be enabled. However, if
the VM is forcing its clock to synch to the ESX Server you must ensure two
other things have been configured:
The ESX Server should have its time synch’ed to some external source,
preferably via NTP.
The Guest OS should NOT be trying to synchronize time on its own. Most
Windows systems automatically synchronize to a Windows Active
Directory Domain Controller. Many UNIX and Linux systems are
7
Virtual Machine Creation and Management
Suspend or
standby the
guest OS
gracefully.
Wake on LAN
The Power Management options allow you to choose how the virtual
machine should respond when it is placed in the Standby power state. The
VM can either be suspended or the guest OS can be placed into standby
mode, leaving the virtual machine powered on.
If you opt for placing the guest OS into Standby mode you can enable Wake
on LAN. This is not available on all guest operating systems.
Advanced
options
usually do
not need
to be set
The group of options known as “Advanced” cover things that usually do not
need to be set for a virtual machine. Some of these can improve
performance, allow VMotion between CPUs with minor differences, and
adjust logging and debugging settings. We will specifically cover two of
these advanced options here – boot options and swapfile location.
7
Virtual Machine Creation and Management
Delay power-on
The Advanced Boot options allow you to do two things. One is to delay a
power-on. This may be useful to help stagger VM startup when several
VMs are being powered on. It is also possible to actually specify a power-
on order within the VI Client by selecting an ESX Server and then going to
the Configuration tab and selecting Virtual Machine Startup/Shutdown.
The “Boot into BIOS” option is extremely useful for making changes to the
BIOS settings such as forcing a VM to boot off of a CD-ROM. The next
time the VM powers-on, it goes straight into BIOS. This is much easier than
powering the VM on, opening a console, and quickly trying to hit the F2
key to go into BIOS.
Each host
or cluster
can have a
custom
“swapfile
datastore”
location
defined
Each virtual machine has its own swapfile. These are normally stored in the
same location that the other virtual machine files are located in. However, if
the VM’s files are stored on a network storage location that has poor
performance (such as a slow NFS server) you may see a performance boost
by storing the VM’s swap file on faster storage. To facilitate this “swapfile
7
datastores” can be defined for each ESX Server and/or cluster.
7
Virtual Machine Creation and Management
Guided Consolidation :
Lesson Topics
• Guided Consolidation
• Capabilities
• Architecture
• Discovery
• Analysis
• Consolidation
• Automatically discovers
physical servers
Discover
• Analyzes utilization and
usage patterns
• Converts physical servers
to VMs placed intelligently
based on user response Analyze
• Lowers training
requirements for new
virtualization user
• Steers users through the Convert
entire consolidation
process
For first time virtualization users, a new feature in VirtualCenter 2.5 guides
users through the process of server consolidation. Recommended for
smaller, simpler environments, this feature steers users through discovering
physical servers, collecting performance data from these servers and
converting these servers to virtual machines placed intelligently on the most
7
appropriate hosts. Guided Consolidation allows new users to quickly realize
the benefits from server consolidation and reduces the training requirements
VMware Data
vpxd
Converter Collector
VMware Converter
Service Data Collector
(can run on VC Service
VirtualCenter Server Database (CapacityPlanner is
or on separate automatically installed
machine) on VirtualCenter
VirtualCenter Server Server)
7
Planner Service”. It is responsible for discovering existing systems in the Planner product. It is not
environment, getting their hardware information and probing them exactly the same, so if you
periodically to collect their performance information. It uses a “hidden” are familiar with Capacity
The Add to Analysis dialog box enables you to discover systems on your
network and select the ones you want to analyze. This dialog box lists the
systems found on the network for the domain selected in the Show domain
drop-down menu. The first time this dialog box is launched, the domain
where the VirtualCenter server is located is selected by default. After that,
7
the menu defaults to the previously selected domain. The first time a
domain is selected, it might take some time for VirtualCenter to discover
From Add to Analysis dialog box, you can select hosts from a particular
domain or workgroup to analyze. System discovery is repeated periodically,
just in case new systems come on-line. Every half hour, new systems will be
discovered in each domain, and every day, there will be a check for new
domains.
7
To set credentials per system, in the Add to Analysis dialog box, select the
systems you want to analyze. Click the Add to Analysis button. The Set
Authentication dialog box is displayed, shown above. Enter authentication
The selected systems are analyzed and results are displayed in the Analysis
tab. In the example above, MKTG1 and MKTG2 were selected for analysis
from the previous step. You can right-click a host to set per-host credentials
if necessary.
The Data Collector starts collecting data once per hour on each host. 10-12
metrics are collected on CPU, memory, disk and network usage, and the
columns in the display are populated, such as CPU Usage and Memory
Usage, as information is obtained. All data is stored into tables in the
VirtualCenter database.
The Data Collector is agentless and does not install any software on target
machines. Information is collected using remote data retrieval methods,
such as WMI and Remote Registry. This is why the service must run with
administrator privileges.
If target systems are protected by a firewall, then ports need to be opened to
allow incoming WMI, Perfmon and Remote Registry requests to pass
through (ports 135, 137, 138, 139 and 445).
The Confidence Level indicates the degree to which VirtualCenter is able to
gather performance data about the system and how good a candidate the
system is for consolidation based on the available data. The confidence
level is based on the number of performance samples that VirtualCenter has
collected. The more performance samples that VirtualCenter collects, the
higher its confidence level.
NOTE
7
Virtual Machine Creation and Management
After the Analysis phase, you are ready to plan consolidation. In the
Analysis tab select the systems you want to consolidate, then click the Plan
Consolidation button (not shown above). A list of analyzed systems is
presented. For each system, a drop-down menu exists identifying the
candidate destination ESX Servers. A destination rating (or star rating) is
also displayed.
The star rating is used to determine suitability of the destination server for
consolidation. Each candidate destination host gets a separate star rating and
is based on the destination server’s compatibility with the ESX Server.
Compatibility is considered for things such as sufficient number of CPUs
and the ability to run the guest OS. The rating is based on the average CPU
usage, memory usage and disk space usage of the destination host. The
networking check only verifies the number of NICs, not network usage.
The lower the resource usage, the higher the star rating. The higher the star
rating, the better suited that destination host is for consolidation.
When ready, select the systems to import. For each one, select the
destination ESX Server. Click the Consolidate button when ready. The
import process is performed by the VMware Converter Enterprise Service.
7
Virtual Machine Creation and Management
Questions?
7
Virtual Machine Creation and Management
Virtual Infrastructure
Access Control 8
Importance
• When there are multiple users accessing the virtual infrastructure, it is a
8
good idea to give each user only the necessary permissions, nothing
more. VirtualCenter access controls allow flexible assignment of
Module Lessons
• VMware Infrastructure User Access
• Accessing VMs Using Web Access
Lesson Topics
• Security model
• VirtualCenter permissions
• ESX Server permissions
Inventory
Permission Objects
The main components of the Virtual Infrastructure security model are the
following:
• User/Group - User/group account with access to the Virtual
Infrastructure
• Role - A set of one or more privileges
• Privilege - Specifies a task that a user/group is authorized to perform
• Permission - The pairing of a user/group and role (which consists of a
8
set of privileges)
Users or groups are granted permission to the inventory based on the roles
Module 8 Virtual Infrastructure Access Control: VMware Infrastructure User Access 325
Defining Users and Groups
Using the VI Client, you have access to either the VirtualCenter server or
the ESX Server using the same user interface. The same security model
applies to both VirtualCenter users and ESX users, however, the
permissions are different and there is no synchronization of permissions
between VirtualCenter and ESX Server.
8
example, the Hosts & Clusters folder. Right-click the object, then select
Add Permission... from the menu. In the Assigned Role section, select
Module 8 Virtual Infrastructure Access Control: VMware Infrastructure User Access 327
Roles
The VI Client
displays
users/groups
associated
with a given role
Roles
Default No Access
ESX Server user Read-Only
and group roles Administrator
Default
Virtual Machine Administrator VirtualCenter user
Datacenter Administrator and group roles
Virtual Machine Power User
Virtual Machine User
Resource Pool Administrator
VMware Consolidated Backup User
Create your own
roles for either Night-shift Operator
ESX Server or Backup Administrator
VirtualCenter
users and groups
8
Web site at http://
it is recommended to create a custom role instead. www.vmware.com/pdf/
vi3_vc_roles.pdf
NOTE
Module 8 Virtual Infrastructure Access Control: VMware Infrastructure User Access 329
Permissions
Greg– No Access
What happens if a user is The permissions that a user is given is a combination of the user (or group)
granted different roles in
different areas of the
account, the role assigned to the user (or group) and the position in the
inventory tree? For inventory to which the user/role combination applies. Roles can also be
example, does a propagated downwards through the inventory, if you choose. Permissions
permission for Carla set at
"Hosts & Clusters" can be overridden at a lower level by adding a new permission to the same
override a permission for user.
Carla set at "Carla04VM",
or vice versa? In most cases, propagation should be enabled when building a role. When it
--> Permissions can be
comes to assigning the permission, propagation helps insure consistency if
overridden at a lower level
by adding a new and when new objects are inserted as child objects in the inventory. For
permission to the same example, if permissions are assigned on a folder which contains VMs, you
user. Also, roles will only
flow down if propagation is
typically want the same permissions on all VMs that are contained in that
turned on. folder.
If propagation is not desired, consider limiting the extent of propagation
with the No Access (built-in) role directly on the object that should be left
out of the propagation. In the example above, Greg has been assigned the
Datacenter Administrator role at the Training datacenter level and all the
objects below it, assuming the role has been propagated to the child objects.
However, Greg is not assigned the Datacenter Administrator role on the Test
and Dev resource pool and all the objects under it. For these objects, he has
no access.
Group1 – VM Administrator
Group2 – Read-Only
8
member of both Group1 and Group2. If this is the case, then Greg gets
Virtual Machine Administrator privileges on the entire Training Datacenter,
Module 8 Virtual Infrastructure Access Control: VMware Infrastructure User Access 331
How Permissions Are Applied: Scenario 2
Permissions defined explicitly for the user on an object take precedence This example falls under
the category of “the
over a user’s group permissions on that same object. particular taking
precedence over the
In the example above, three permissions are assigned to the Training general”.
datacenter: Group1 is assigned the VM_Power_On role, Group2 is assigned
the Take_Snapshots role, and user Greg is assigned the Read-Only role.
Let's say Greg is a member of both Group1 and Group2. Let’s also assume
that propagation to child objects is enabled on all roles. In this case, even
though Greg is a member of both Group1 and Group2, Greg gets Read-Only
8
privilege to the Training datacenter and all objects under it. This is because
explicit user permissions on an object take precedence over all group
Module 8 Virtual Infrastructure Access Control: VMware Infrastructure User Access 333
How Permissions Are Applied: Scenario 4
Greg – VM User
Greg – Administrator
This is another example Permissions applied directly to an object in the inventory take precedence
that falls under the
category of “the particular
over permissions inherited from roles that are propagated down to child
taking precedence over objects.
the general”.
In the example above, user Greg is given the VM User role at the Training
datacenter. This role is propagated to all child objects except one, Prod03-
1. For the virtual machine object, Prod03-1, Greg has Administrator
privileges instead.
Active Directory or
Local Windows VirtualCenter
User/Group
8
Virtual Infrastructure Access Control
Module 8 Virtual Infrastructure Access Control: VMware Infrastructure User Access 335
Default Permissions for VirtualCenter
In the ESX Server security model, the ESX user is a service console (Linux)
user account. The ESX user is assigned either a default role or a custom,
ESX Server role. The user/role combination is applied to a level in the ESX
inventory (host, VM or resource pool level.)
User accounts, roles and permissions can be configured using the VI Client
connected directly to the ESX Server.
8
Virtual Infrastructure Access Control
Module 8 Virtual Infrastructure Access Control: VMware Infrastructure User Access 337
Default Permissions for ESX Server
By default, the service console users, vpxuser and root, are assigned the
Administrator role at the ESX Server level in the inventory. root is the
administrator account on any Linux/UNIX system.
vpxuser is created when an ESX Server is added to the VirtualCenter
inventory. vpxuser is the user account used by the VirtualCenter Server to
authenticate itself when sending pre-approved task requests to the ESX
Server. Only pre-approved task requests are sent to the ESX Server. Tasks
are pre-approved by VirtualCenter based on user and group permissions.
vmware-hostd, running as root, performs the tasks requested by
VirtualCenter
CAUTION
Do not change vpxuser and do not change its permissions. If you do so,
you might experience problems working with the ESX Server through
VirtualCenter.
8
unavailable (e.g. the
Server using the VI Client, a normal, non-administrator ESX Server account service stopped) and
will still be able to log in. User root will still have the ability to log into the
Module 8 Virtual Infrastructure Access Control: VMware Infrastructure User Access 339
Labs for Lesson 1
8
Virtual Infrastructure Access Control
Module 8 Virtual Infrastructure Access Control: VMware Infrastructure User Access 341
Lesson 2
Lesson Topics
• Logging into Web Access
• Web Access functionality
Web Access
Web (Apache Tomcat
Access Service) installed here
VMware Virtual Infrastructure Web Access (Web Access for short) is a way
to allow end users to access VMs without needing to install the VI Client
onto their desktop. Web Access is a Web application running under the
Apache Tomcat Web server, which is started on either the VirtualCenter
Server or the ESX Server.
8
Virtual Infrastructure Access Control
Module 8 Virtual Infrastructure Access Control: Accessing VMs Using Web Access 343
Log into Web Access (1 of 2)
Users access Web Access via a web browser. Use a URL based on either
the VirtualCenter’s or ESX Server’s host name or IP address.
In VirtualCenter environments, one should normally login and use Web
Access through the VirtualCenter Server and not the ESX Server. The
reason is that in VirtualCenter environments, VMs might move from ESX
Server to ESX Server due to VMotion and VMware DRS cluster software.
To VI Web Access client is designed for these browsers:
• Windows:
• Internet Explorer 6.0 or higher
• Netscape Navigator 7.0
• Mozilla 1.x
• Firefox 1.0.7and higher
• Linux:
• Netscape Navigator 7.0 or later
• Mozilla 1.x
• Firefox 1.0.7 and higher
Before using Web Access, users must use either a valid user name and
password to access the VirtualCenter Server or a valid user name and
password to access the ESX Server. This user name and password
information will be used to log into Web Access.
When a user logs into Web Access on the ESX Server, the user will be able
to manage only the virtual machines found on that ESX Server, as long as
the user has the appropriate permissions. When a user logs into Web
Access on the VirtualCenter Server, the user will be able to manage virtual
8
machines found on all ESX Servers in the VirtualCenter inventory, provided
that user has the appropriate permissions.
Module 8 Virtual Infrastructure Access Control: Accessing VMs Using Web Access 345
Web Access Tasks
View VMs
and their
details
Perform select
VM tasks
Whereas the VI Client can be used to manage ESX Servers and VMs, Web
Access is used to manage VMs only. From Web Access, you can display a
list of VMs, view a VM's console, view a VM's status, perform power
operations and edit a VM's configuration. The list of VMs displayed
depends on what you are logging into. If you log into Web Access on an
ESX Server, you will see a list of all VMs located on this server. If you log
into Web Access on the VirtualCenter Server, you will see a list of all VMs
located on all ESX Servers managed by VirtualCenter.
You cannot create new VMs using Web Access. Creating new VMs must
be done using the VI Client instead.
In order to access a virtual machine's console from the Web Access
interface, the VMware Virtual Infrastructure Plug-In needs to be added to
your browser. See the Virtual Infrastructure Web Access Administrator's
Guide for details on installing the plug-in.
• Way to provide
access to a VM
through a URL
• Useful for including in
an e-mail message
Using Web Access, you can create a remote console URL of a virtual Since the generated URL
is quite long, it might be
machine using ordinary Web browser URLs. When creating a remote useful to mention using
console URL, you can customize the Web Access user interface controls, or http://www.tinyurl.com to
use the remote console URL for personal use. If desired, you can disable shorten the URL and avoid
wrap issues when inserting
nonessential controls permanently. This allows a remote console URL user the URL into e-mails.
to concentrate on using the guest operating system.
Using remote console URLs, you can:
• Add the remote console URL to a list of favorite Web pages
8
• Share the remote console URL with one or more users in an e-mail
Module 8 Virtual Infrastructure Access Control: Accessing VMs Using Web Access 347
Activity
This is an informal lab activity that allows you to login and explore Web
Access. Web Access is installed on both the VirtualCenter Server and the
ESX Server. Use a web browser to access each one.
If you are unable to access Web Access on your VirtualCenter Server, verify
that the VMware Virtual Infrastructure Web Access is started: on your
VirtualCenter Server, select Start -> Administrative Tools -> Services.
If students are unable to access Web Access on VirtualCenter, have them enter the
following URL as a workaround: https://IP_Address_of_VC_Server/ui/
8
Virtual Infrastructure Access Control
Module 8 Virtual Infrastructure Access Control: Accessing VMs Using Web Access 349
Questions?
Questions?
Resource Management 9
Importance
• Resource pools allow CPU and memory resources to be hierarchically
assigned. VMotion is a valuable tool for availability and resource
management. VMware DRS-enabled clusters provide automated
resource management for multiple ESX Servers
9
• To use resource pools for single-host resource policy control
• To migrate virtual machines with VMotion
Resource Management
• To create and configure a DRS cluster
• To create resource pools in a DRS cluster for multi-host resource policy
control
Module Lessons
• Using Resource Pools
• Migrate VMs with VMotion
• VMware DRS (Distributed Resource Scheduler)
• Resource Pools in a VMware DRS Cluster
Lesson Topics
• How are VMs’ CPU and memory resources managed?
• What is a resource pool?
• Managing a pool’s resources
• A resource pool example
• An expandable reservations example
• Admission control
• Limit
• A cap on the consumption of CPU time by this
VM, measured in MHz
• Reservation
• A certain number of CPU cycles reserved for
this VM, measured in MHz
• The VMkernel chooses which CPU(s), and
may migrate
• Shares
• More shares means that this VM will win
competitions for CPU time more often
• All the VCPUs in a VM must be
simultaneously scheduled
• Therefore, a reservation of 1000 MHz might
be generous for a 1-VCPU VM, but not for a
4-VCPU VM
A virtual machine has three user-defined settings that affect its CPU
resource allocation: CPU limit, CPU reservation and CPU shares. CPU
limit defines the maximum amount of CPU, measured in MHz, that this
virtual machine is allowed. CPU reservation defines the amount of CPU,
measured in MHz, reserved for this virtual machine when CPU contention
occurs. If the virtual machine does not use the total amount of its CPU
reservation, then the unused portion is available for use by other virtual
machines, until the virtual machine needs it. Each virtual machine is
granted a number of CPU shares. The more shares a VM has, the more
often it gets a timeslice of a CPU when there is no CPU idle time.
All the virtual CPUs (VCPUs) in a virtual machine must be scheduled at the
same time. Therefore, a CPU reservation of 1000 MHz might be generous
9
for a 1-VCPU virtual machine, but not for a 4-VCPU virtual machine (250
MHz per VCPU.)
Resource Management
• Available Memory
• Memory size defined when the VM was
created
• Limit
• A cap on the consumption of physical memory
by this VM, measured in MB
• Reservation
• A certain amount of physical memory
reserved for this VM, measured in MB
• Shares
• More shares means that this VM will win
competitions for physical memory more often
• VMkernel allocates a per-VM swap file to
cover each VM’s range between available
memory and reservation
A virtual machine has four user-defined memory settings that affect its
memory resource allocation: available memory, memory limit, memory
reservation and memory shares.
Available memory is the amount of memory given to the virtual machine at
the time it was created. It is the maximum amount of memory the virtual
machine supplies to the guest OS. The VM cannot address a larger memory
area than this size of available memory, unless it is powered down and more
memory is configured for the VM.
Memory limit defines the maximum amount of virtual machine memory
that can reside in RAM, not to exceed available memory. By default,
available memory and memory limit are initially the same value. Memory
reservation is the amount of RAM reserved for that virtual machine
memory.
Unused memory reservations, like CPU reservations, are not wasted. If a
VM does not consume all of the RAM that is reserved for it, other VMs can
use that RAM. But once the VM uses that RAM, no portion of the VM’s
reservation will ever be ballooned or swapped, even if that RAM is
completely idle. Transparent page sharing, however, is not prevented from
reclaiming reserved memory.
Memory shares are separate from CPU shares but are applied in the same
way. A virtual machine's memory shares controls how often it wins
competition for RAM when RAM is scarce. Virtual machines that lose must
wait until RAM becomes available.
If necessary, here is information to explore the ramifications of setting reservation and limit
for memory. Students tend to get confused with cases 3 and 4. You might write this on the
board and make it clear that they are valid (but rare) settings:
Case1: Memory is not overcommitted (less common)
• VM built with: X amount of memory
• Reservation: X amount of memory
• Limit: X amount of memory
• Size of VMkernel swap file: 0
Case 2: Memory is overcommitted (most common case)
• VM built with: X amount of memory
• Reservation: less than (<) X amount of memory
• Limit: X amount of memory
• Size of VMkernel swap file: (X - < X)
Case 3: Memory limit is set by Administrator planning for possible future growth of VM
memory (rarely used)
• VM built with: X amount of memory
• Reservation: X amount of memory or < X amount of memory
• Limit: Greater than (>) X amount of memory
Case 4: Memory limit is set by Administrator to sacrifice performance in a VM temporarily
(rarely used)
• VM built with: X amount of memory
• Reservation: < X amount of memory
• Limit: < X amount of memory
9
Resource Management
• Change number of
shares
• Power on VM
• Power off VM
The proportional share mechanism applies to CPU and RAM allocation, and
only operates when virtual machines are contending for the same resource.
Shares guarantee that a virtual machine be given a certain amount of a
resource (CPU or RAM.) For example, consider the third line of the
example on the slide, where VM D has just been powered on with 1000
shares. Beforehand, there were 5000 total shares, but D's addition increases
the total shares to 6000. This means that all other virtual machines' shares
decline in value. However, each virtual machine's share value still
represents a minimum guarantee. VM A is still guaranteed one-sixth of the
resource, because it owns one-sixth of the shares.
We can add shares to a VM while it is running, and it will get more access
to that resource (assuming there was competition). When we add a new
VM, it gets shares too. Its share amount factors into the total number of
shares; but the existing VMs are guaranteed not to be starved for the
resource. When we delete or power off a VM, there are fewer total shares,
so the surviving VMs get more access.
When configuring shares for a VM, you specify High, Normal, Low or
Custom.
For CPU shares:
• High: # shares = 2000 * (# of vCPUs)
• Normal: # shares = 1000 * (# of vCPUs)
• Low: # shares = 500 * (# of vCPUs)
• Custom: # shares = user-specified value
9
Resource Management
• A logical abstraction
for hierarchically
managing CPU and
memory resources
• Used on a stand-
alone hosts or
VMware DRS-
enabled clusters
Root
• Provides resources Resource
Pool
for VMs and child Resource
Pools
pools
Defer the discussion of A resource pool allows you as the administrator to divide and allocate
DRS clusters to Lesson 3.
resources to VMs and other resource pools. A resource pool allows you to
control the aggregate CPU and memory resources of the compute resource,
which is either a standalone host or a VMware DRS cluster. Resource pools
are also used to delegate privileges to other users and groups.
The topmost resource pool is known as the root resource pool. The root
resource pool consists of the CPU and memory resources of a particular
ESX Server or VMware DRS cluster.
Each resource pool has reservation (minimum), limit (maximum) and share
values for both CPU and memory resources.
A resource pool has the following attributes:
• Shares: Shares guarantee that the resource pool be given a certain
amount of CPU and memory resources.
• Reservation: This is the minimum amount of resources required by the
resource pool. For example, you can set a CPU reservation, which is the
minimum amount of CPU that this pool must have.
• Limit: This is the maximum amount of resources given to this resource
pool. By default, the resource pool is given "unlimited" access to the
maximum amount of resource (specified by the limit.) The Limit is
9
adjustable. You can limit a resource pool to a specific amount of
resource, which is less than the absolute maximum.
Resource Management
• Expandable Reservation: This allows a resource pool that cannot satisfy
a reservation request to search through its hierarchy to find unreserved
capacity to satisfy the reservation request.
Shares, reservations and limits can also be applied at the virtual machine
level, and are constrained by the resources of the resource pool to which the
virtual machine belongs. Virtual machines do not have expandable
reservation. Expandable reservations can only be set at the resource pool
level. Expandable reservations will be covered in more detail later on in the
module.
Get information about your resource pool by viewing the Summary tab.
This tab displays the current values for Shares, Reservation, Expanded
Reservation and Limit.
Get further information about your resource pool by viewing the Resource
Allocation tab. This tab displays information about how the CPU and
memory resources are being used by the virtual machines and child pools in
the resource pool.
9
Resource Management
To explain how resource pools work, let's take an example. Company X's
IT department has two internal customers, finance and engineering. Both
departments have production virtual machines as well as virtual machines
for testing and application development. The finance department provides
the majority of IT's budget and therefore gets the majority of resources
provided by IT. Resource pools can be used to control resource
consumption between the two departments and ensure that the finance
department gets the resources that it is entitled to.
9
are powered on within it.
Resource Management
A child resource pool is used to allocate resources from the parent resource
pool for the child’s consumers. Administrative control can also be delegated
to various individuals or organizations. A child resource pool cannot exceed
the capacity of the parent resource pool. Creating a child pool actively
reserves resources from the parent pool, whether or not any VMs in the
child pool are powered on.
CPU Shares: 1000 CPU Shares: 2000 CPU Shares: 1000 CPU Shares: 2000
Svr001
All VMs below are running on
same physical CPU (PCPU)
Engineering Finance
CPU Shares: 1000 CPU Shares: 2000
~33% of PCPU ~67% of PCPU
22%
45%
22%
9
based on its individual share allocation.
Note that the example above uses general approximations to explain how
Resource Management
the number of shares affects the amount of CPU allocated to a virtual
machine.
For this slide, just define Expandable reservation allows a resource pool that cannot satisfy a
expandable reservation.
There is a complete
reservation request to search through its hierarchy to find unreserved
example on the next two capacity to satisfy the reservation request.
slides.
In this example, the child resource pool, “eCommerce Apps” has
expandable reservation set. The reservation of a child resource pool may not
exceed that of its parent. The search for unused resources goes through the
ancestry of the root resource pool or to the first resource pool that does not
have expandable reservation set.
Use expandable reservation carefully. A single child resource pool may use
ALL of its parent’s available resources, leaving nothing directly available
for other child resource pools.
One reason to disable Expandable Reservation is when you are giving a
fixed amount of resources to a group. For example, you are an IT
administrator and your customers are different organizations in your
company who have paid for a fixed amount of CPU and memory resources.
9
on the eCommerce Web resource pool, or increase the reservation of the
eCommerce Web pool.
Resource Management
No
No
Fail
Expandable
reservation?
Any action that changes a VM's or resource pool's reservation must satisfy
admission control. If the object (VM or pool) resides in a pool with an
expandable reservation, the current pool's parent will be consulted if need
be to satisfy the reservation.
9
Resource Management
In the lab for this lesson, we use CPU affinity in the VMs' properties to restrict available
resources to a single PCPU. This is something we do not recommend customers do in a
production environment, but it's OK to do here in our training environment.
9
Resource Management
Lesson Topics
• VMotion migration
• VMotion compatibility requirements
• Topology maps
9
for the Ethernet cards, and so forth.
Resource Management
VMotion
Network
Production
Network
Initiate the VMotion migration using the VI Client. In the example above,
the source host is esx01 and the target host is esx02. Both source and target
host have access to the shared datastore holding the VM's files. The
VMotion network is the network labeled "Red".
Memory
Bitmap
VMotion Memory
Network
Production
Network
The virtual machine's memory state is copied over the VMotion network
(i.e. the "Red" network) from the source to the target host. While the virtual
machine's memory is being copied, users continue to access the virtual
machine and potentially update pages in memory. A list of modified pages
in memory is kept in a memory bitmap on the source host.
9
Resource Management
After most of the VM's memory is copied from the source to the target host,
the VM is quiesced, meaning the VM is taken to a state where no additional
activity will occur on the VM. The quiesce time is the only time in the
VMotion procedure in which the VM is unavailable to users and is a very
minimal amount of time. During this quiesce period, VMotion starts to
transfer the VM to the target host. Only the VM device state and the
memory bitmap containing the list of pages that have changed are
transferred over during this time.
Note that if a failure occurs during the VMotion migration, the VM being
migrated is failed back to the source host. For that reason, the source VM is
kept around until the VM on the target host starts running.
Memory
Bitmap
The remaining memory (as identified in the memory bitmap) is copied from
the source to the target host.
Note that a virtual machine's entire network identity, including MAC and IP
address, is preserved across a VMotion. Remember that you labelled your
NICs on your ESX Servers. Different NICs on different ESX Servers can be
associated with the same network label. For example, vmnic0 on esx01 can
be associated with the "Red" network while vmnic1 on esx02 can be
associated with the "Red" network as well. When performing a VMotion on
a virtual machine that uses the Red network from esx01 to esx02, the
VMkernel will intelligently remap the virtual machine to use vmnic1 on the
target host.
9
Resource Management
• Start VM A on esx02
VMotion
Network
Production
Network
VMotion
Network
Production
Network
Users are now accessing the VM on the target host instead of the source
host.
The VM is finally deleted from the source host.
9
Resource Management
9
Resource Management
Additional Information:
For a description of migration options, consult the VI3 online library: http://
pubs.vmware.com/vi3/bsa/wwhelp/wwhimpl/common/html/
wwhelp.htm?context=bsa&file=BSA_Migration.17.3.html
At present, we are not using AMD Pacifica (aka AMD-V). We are using Intel VT in order to
run 64-bit guests on Intel hardware. Generally speaking, we do not use these HW assist
technologies because the performance using our binary translation and direct execution is
generally superior to this first generation of hardware assist. For more details on why that
is, please see http://www.vmware.com/pdf/asplos235_adams.pdf.
Choose between
Nx/xD security
features or broadest
VMotion compatibility
9
guarantee the stability of virtual machines after a VMotion migration.
Changes to these default masks are made very conservatively by VMware,
Resource Management
and only when new CPU features are introduced and versions of ESX
Server are updated to expose or hide them from virtual machines. In some
cases, where a choice between CPU compatibility or guest operating system
features (such as NX/XD) exists, the VI Client provides check-box options
to configure individual virtual machines.
Other ways to determine VMware provides you with a CPU Compatibility tool that allows you to
CPU compatibility are the
following: A freeware tool
check CPU compatibility of hosts participating in a VMotion migration (as
named cpu-z, available at well as 64-bit support.) If CPU features cannot be determined directly from
www.cpuid.com, the the server/CPU specifications, a bootable CD can be created using the CPU
VMotion compatibility tool,
available at www.run- Compatibility tool to help you identify the characteristics of CPUs installed
virtual.com, or using the in a host. It can also verify whether your hardware supports 64-bit guests in
service console command ESX 3, and whether ESX Servers upgraded to ESX 3 will remain
line, cat /proc/
cpuinfo. compatible for VMotion.
Download this tool from the VMware Web site:http://www.vmware.com/
download/vi/drivers_tools.html.
To verify that the source and target ESX Servers satisfy the VMotion
requirements that pertain to shared datastores and networks, display a map
that shows the relationships between the hosts, datastores and networks.
In the example above, we are verifying that the ESX Servers participating in
the VMotion migration are attached to the same shared storage.
9
Resource Management
You can also use maps to display the relationship between the virtual
machine being migrated and the ESX Servers.
In the example above, we are verifying that the virtual machine to be
migrated is using a datastore that is visible to both the source and target host
participating in the VMotion migration.
Every virtual machine has a VMotion Resource Map that you can use to
check if a virtual machine can be VMotion'ed between ESX Servers. From
this map, you can determine the relationships between the virtual machine's
networks, datastores and ESX Servers.
To view the VMotion Resource Map, select the virtual machine in the
inventory, then select the Maps tab
In the example above, the virtual machine named Prod06-1 is located on
sc-gallium03. Both sc-gallium03 and sc-gallium06 have access to the
Production network as well as the datastore named Shared, where the files
of Prod06-1 reside. Notice that sc-gallium06 has a red X. This means that a
VMotion requirement has not been met. View the Events section of the
9
Tasks & Events tab for sc-gallium06 to find out more information. If the
Events screen does not help, then the validation performed with the
Resource Management
Migration wizard probably will.
If you are having problems with the VMotion migration failing, make sure
that all host requirements and virtual machine requirements are met.
Is a problem with a virtual machine's configuration preventing VMware
VMotion from working?
• VMware VMotion is designed to migrate RUNNING virtual machines.
It involves moving a copy of the RAM image from one ESX Server to
another. This means that you might have a virtual machine that you can
"power-on" in the VI Client but, if the virtual machine is constantly
crashing and rebooting, the RAM image is never stable enough for
VMware VMotion to work.
• An example of this would be a virtual machine that you installed as
9
default with a guest OS of Windows 2003. By default, this virtual
machine will get an LSI adapter. If you were to change this to a
Resource Management
BusLogic adapter manually, the virtual machine would not be able to
boot. It would power on, but it would continuously blue screen and
reboot.
• How can you tell if a virtual machine configuration problem is
preventing VMware VMotion from working? Use the Remote Console
to make sure that the virtual machine is actually powering-on and that
you are able to login to it.
Is there a VMKernel port on both ESX Servers and is it enabled for
VMware VMotion?
9
Resource Management
Lesson Topics
• What is a VMware DRS cluster?
• Creating a VMware DRS cluster
• VMware DRS cluster settings
• Automation level
• Migration threshold
• Placement constraints
• VM swapfile location
• VMware DRS best practices
• Cluster
• A collection of ESX Server
hosts and associated VMs
• DRS-enabled cluster
• Managed by VirtualCenter
• Balances virtual machine
load across hosts in the
cluster
• Enforces resource policies
accurately (reservations,
limits, shares)
Cluster
• Respects placement
constraints
• Affinity and anti-affinity rules
• VMotion compatibility
9
Resource Management
What is not covered in this course: VMware Distributed Power Management. VMware DPM
reduces power consumption by intelligently balancing a datacenter's workload. VMware
DPM, which is part of VMware DRS, automatically powers off servers whose resources are
not immediately required and returns power to these servers when the demand for compute
resources increases again. There is only experimental support for VMware DPM.
After creating the VMware DRS cluster, define the automation level. The
automation level determines how much of the decision-making process you
would like to grant VMware DRS when it needs to initially place virtual
machines that are powered on and when it needs to dynamically balance the
load of virtual machines across hosts in the cluster.
Choose from the following levels of automation:
• Manual: When you power on a virtual machine, VMware DRS displays
a list of recommended hosts. When the cluster becomes unbalanced,
DRS displays recommendations for virtual machine migration
• Partially automated: When you power on a virtual machine, VMware
DRS places it on the best-suited host. When the cluster becomes
9
unbalanced, VMware DRS displays recommendations for virtual
machine migration
Resource Management
• Fully automated: When you power on a virtual machine, VMware DRS
places it on the best-suited host. When the cluster becomes unbalanced,
VMware DRS migrates virtual machines from overutilized hosts to
underutilized hosts to ensure a balanced use of cluster resources.
9
more stars. This level includes Level 1-3 plus recommendations that
promise a moderate improvement in the cluster's load balance.
Resource Management
• Level 5, aggressive: Applies all recommendations. This level includes
Level 1-4 plus recommendations that promise a slight improvement in
the cluster's load balance.
A strong 5-star recommendation should always be applied but a list of
several 1-star recommendations could also collectively affect the cluster
negatively if not applied.
• Affinity rules
• Run virtual machines
on same host
• Use for multi-VM
systems where
performance benefits
• Anti-affinity rules
• Run virtual machines
on different hosts
• Use for multi-VM
systems that load
balance or require high
availability
After you have created a DRS cluster, you can edit its properties to create
rules that specify affinity. You can use these rules to determine that:
• DRS should try to keep certain virtual machines together on the same
host (for example, for performance reasons)
• DRS should try to make sure that certain virtual machines are not
together (for example, you might want to guarantee certain virtual
machines are always on different physical hosts, so if there is a problem
with one host, you do not want to lose both virtual machines)
The example above shows an anti-affinity rule that requires two database
servers to be placed on different hosts, most likely for availability and
perhaps performance reasons.
Conversely, there are affinity rules, where you might want to keep certain
virtual machines on the same host because of increased locality or
performance benefits, for example, VM-to-VM networking that uses
internal-only (instead of physical) networking.
9
Resource Management
You can customize the automation level for individual virtual machines in a
DRS cluster to override the automation level set on the entire cluster. This
allows you to fine tune automation to suit your needs. For example, there
may be a virtual machine that is especially critical to your business and you
would like more control over its placement, therefore set its automation
level to Manual. If a virtual machine is set to Disabled, VirtualCenter does
not migrate that virtual machine or provide migration recommendations for
it.
9
Resource Management
• Drag-and-drop ESX
Server onto cluster
Drag-and-drop
9
your critical VMs. For your non-critical VMs, such as test/development
VMs, specify automatic movement by DRS.
Resource Management
Cluster Team
9
Resource Management
Lesson Topics
• The role of resource pools in DRS clusters
• Using pools for delegated administration
• Monitoring the state of resource use in a pool
• Adding hosts with resource pools to a cluster
VM VM
VM VM VM
CPU Shares: 4000 CPU Shares: 1000
Reservation: 0 Reservation: 0 GHz
Limit: 4 GHz Limit: 2 GHz
Resource pools can be used to divide the CPU and memory resources of a
standalone host. Resource pools can also be used with a VMware DRS
cluster, which allows you to manage the resources of all hosts in the cluster
as a single pool of resources. With resource pools, you can hierarchically
organize virtual machines and isolate resource pools so that you can control
the amount of resources for a whole collection of virtual machines.
Resource pools can be created only on ESX standalone hosts or VMware
DRS-enabled clusters. Clusters that have only VMware HA-enabled (and
not VMware DRS) cannot use resource pools.
9
Resource Management
A pool can reflect any organizational structure that makes sense to you,
such as a pool for each department, or a project or a client, etc. You can
associate access control and permissions to different levels in the resource
pool hierarchy.
For example, you can have a cluster-wide administrator defined at the
cluster level (which is the root resource pool.) The cluster administrator can
then carve up the aggregate resources of the entire cluster into pools and
provide bulk allocations to sub-administrators or administrators for
individual resource pools. A cluster administrator is given at least the
Datacenter Administrator role. Each pool administrator can take the
resources that he or she has been allocated and carve them up into smaller
resource pools for end users. A pool administrator is given the role of
Resource Pool Administrator. Finally, each end user can allocate resources
from his or her pool to the virtual machines that they care about. An end
user is given at least the Virtual Machine Power User role.
The key to understanding and using delegation is to understand roles and
their privileges. It will be very beneficial to use the VI Client to explore and
gain familiarity with the privileges assigned to each role.
9
• Invalid (Red): A cluster enabled for DRS becomes red when the tree is
no longer internally consistent and does not have enough resources
Resource Management
available. The total resources in the cluster have nothing to do with
whether the cluster is yellow or red. It is possible for the cluster to be
DRS red even if there are enough resources at the root level, if there is
an inconsistency at a child level. For example, a DRS cluster turns red if
the virtual machines in a fixed resource pool use more resources than
the Reservation of that resource pool allows.
For more information on cluster states, see the VI3 Resource Management
Guide (http://www.vmware.com/pdf/vi3_301_201_resource_mgmt.pdf).
When adding
the host,
choose to
create a new
resource pool
for this host’s
virtual
machines and
resource
pools.
When you add a host with resource pools to a DRS cluster, you must decide
on resource pool placement. By default, the resource pool hierarchy is
discarded and the host is added at the same level as the virtual machines.
You can choose to graft the host's resource pools onto the cluster's resource
pool hierarchy and choose a name for the resource pool created to represent
the host’s resources. By default, the resource pool created to represent the
host’s resources is named “Grafted from host_name", but you can choose a
different name. The term grafted was chosen because the branches of the
host's tree are added to the branches of the cluster's tree, just as fruit tree
branches are grafted onto rootstock.
9
Resource Management
The example above shows the virtual machine named Prod03 is failing to
power on.
If a user tries to power on a virtual machine, but the task fails with the error,
"Insufficient memory resources”, the virtual machine is failing because
there is not enough memory to power it on. What memory is the error
referring to? The physical memory of the ESX Server? The maximum
memory size of the virtual machine? The memory reservation of the virtual
machine? The memory reservation or limits of the resource pool in which
the virtual machine is located? Once you determine this, you can then
decide how to resolve the problem.
Here are ways to check various memory values:
9
• To view physical memory size and memory usage of an ESX Server:
select the Memory link in its Configuration tab
Resource Management
• To view memory size and memory overhead of a virtual machine: view
the virtual machine's Summary tab
• To view memory reservation and limit of a virtual machine, view the
virtual machine's memory resources in its Properties settings
• To view memory reservation and limit of a resource pool: view its
Summary tab and Resource Allocation tab
• To view memory reservation and limits of all virtual machines in a
resource pool, view the resource pool's Resource Allocation tab
• To view memory total, reservation and limit of a cluster: view its
Summary tab and Resource Allocation tab
Cluster Team
9
Resource Management
9
Resource Management
Questions?
Resource Monitoring 10
Importance
• Although the VMkernel works proactively to avoid resource contention,
maximizing performance requires both analysis and ongoing monitoring
Module Lessons
• Tools for Resource Optimization 10
Resource Monitoring
• Monitor VM Performance
• Monitoring Using Performance-based Alarms
Lesson Topics
• Virtual CPU concepts
• Virtual memory concepts
• Transparent page sharing
• Balloon-driver mechanism
• VMkernel swap file
These are the different parameters and features that we can use to control a The term "VMkernel swap"
refers to the VMkernel
virtual machine's access to CPU, memory, disk bandwidth and network swap file that the VMkernel
bandwidth. We will discuss allocating each of these resources in this creates for each VM that is
module. powered on. Try to avoid
referring to this file as the
The mechanisms in the left column are those automatically managed by the "virtual machine swap file"
because students might
VMkernel. Those in the middle column are used at the discretion of each get that confused with the
virtual machine's owner. Those in the right column are those used by the swap file used by the
guest OS (e.g.
administrator to set virtual machine-wide policies.
pagefile.sys) within the VM
itself. These swap files
are entirely different from
each other.
10
Resource Monitoring
10
Resource Monitoring
Single-Core, Dual-Core,
Dual-Socket Single-Socket
System System
Hyper-Threading is a technology developed by Intel that enables a core to
execute two threads, or sets or instructions, at the same time. The benefit of
Hyper-Threading is more scheduler throughput, i.e. Hyper-Threading
provides more hardware execution contexts on which VCPUs can be
scheduled. The downside of Hyper-Threading is that it does not double the
power of a core. Therefore, if both threads of execution need the same on-
chip resources (for example, the floating-point unit) at the same time, one
thread will have to wait.
For best performance, run 2-VCPU VMs only on physical machines with
more than 2 H.E.C.'s, and run 4-VCPU VMs only on physical machines
with more than 4 H.E.C.'s. If these virtual machines are CPU-intensive,
ignore the fact that hyper-threading is enabled, if it is. For example, let's
say that you have a dual-core, single-socket system with Hyper-Threading
enabled. This system provides 4 H.E.C.'s. If a virtual machine is CPU
intensive, the VMkernel will dynamically try to refrain from using the other
thread in the core. Therefore, a 2-VCPU VM that is CPU-intensive will
fare better on this system than a 4-VCPU, CPU-intensive VM.
Hyper-Threading must be enabled in your server's BIOS. On some server
models, the option is named "Enable Logical Processors."
There is a Hyper-Threading whitepaper, available at
http://www.vmware.com/support/resources/esx_resources.html
In this example, a page of The VMkernel detects when different VMs have memory pages with
physical memory is in
common, but marked read-
identical content, and arranges for those pages to be shared. That is, a
only at the hardware level, single physical page is mapped into each VM's address space. If any VM
across all VMs shown in tries to modify a page that is (unbeknownst to it) shared, the VMkernel will
the slide. If any individual
VM tries to write to the create a new, private copy for that VM, and then map that page into the
page, the VMkernel address space of that VM only. The other VMs continue to share the
detects that as a fault, it original copy.
takes a private copy of the
page and breaks the share
Transparent page sharing is enabled by default. The system dynamically
(pointer). For example,
let's say the VM in the scans memory looking for duplicate pages. This mechanism is a way in
middle tried to write to this which ESX Server tries proactively to conserve physical memory, so that it
page; the arrow would go
away, the VMkernel
will not have to resort to any of the other techniques.
allocates another page
created in real physical When a virtual machine has been suspended and gets resumed, it does not
memory, copies the participate right away in the memory-sharing system. Its pages become
content, swings the pointer shared over time. So if you plan to suspend and resume large batches of
over, then continues
computing. VMs, don't scrimp on memory.
When a VM needs to yield memory, it's in everyone's best interest to let the
guest OS in that VM pick which pages of memory to give up. It knows
which pages have been least recently used and which pages can easily be
refreshed from some backing store on disk. This is what vmmemctl
achieves; a balloon driver is installed in the guest OS when you install
VMware Tools.
The balloon driver installs as a device driver, but its only function is to
demand memory from the guest OS and later to relinquish it, under the
control of the VMkernel.
VMs are ignorant of this entire mechanism. This mechanism is out of their
view.
When a system is not under memory pressure, no VM's balloon is inflated.
But when memory becomes scarce, the VMkernel chooses a VM and
inflates its balloon: that is, it tells the balloon driver in that VM to demand
10
memory from the guest OS. The guest OS complies by yielding memory,
according to its own algorithms; the relinquished pages can be assigned by Resource Monitoring
the VMkernel to other VMs.
Whether a VM loses memory because of the balloon driver is determined by
its relative share allocation.
The term "balloon" driver is an informal term often used to refer to the
vmmemctl device driver, which is used to perform memory deallocation/
reallocation.
When a virtual machine is powered on for the first time, the system
allocates a VMkernel swap file for it. This file will serve as backing store
for the virtual machine's RAM contents. In the event that the VMkernel
needs to reclaim some or all of this virtual machine's memory, and if the
balloon driver cannot free enough memory, the VMkernel will copy pages'
contents to the VMkernel swap file before giving them to other virtual
machines.
The size of the VMkernel swap file is determined by the difference between
how much memory the virtual machine can use (its limit, if no limit is
defined, or the amount configured into the virtual hardware) and how much
RAM is reserved for it (its reservation).
Whenever VMkernel swap is being actively used, performance is not
optimal. Configure your server systems so that all virtual machines' normal
running memory needs (as determined by monitoring under load) can be
accommodated using physical memory.
When you power off the VM, the VMkernel swap file of the VM is deleted.
When the VM is powered back on, the VMkernel swap file for the VM is
recreated.
Limit MB 100%
Reservation MB 30%
0 MB 0%
10
low as that might force VMkernel swapping during periods of contention.
Resource Monitoring
Monitor VM Performance :
Lesson Topics
• Virtual machine performance graphs
• Monitoring a VM’s
• CPU
• Memory
• Disk
• Network
10
Resource Monitoring
Assess performance
• Record a numerical benchmark before changes
Identify the limiting resource
Make more resource available
• Allocate more
• Reduce competition
• Log your changes! Don’t make casual
Benchmark again changes to production
systems!
The target
(host or VM) Export to
Excel
Tear off
this chart
Units
Modify what
is graphed
Items being
graphed
Statistics for
displayed
range
For each host and virtual machine, the Virtual Infrastructure client offers a
Performance tab. This tab offers both a real-time view and a historical
view of many performance counters.
For more formatting and analysis options, you may export the data being
graphed to Microsoft Excel.
For side-by-side comparisons of several virtual machines or hosts, tear off
each's performance graph. It will be dynamically refreshed.
10
Resource Monitoring
Modify VM’s
CPU and memory
Fine
limits and
reservations
You may control a virtual machine's access to CPU and memory at three
levels. You may define limits, reservations, and shares on individual virtual
machines; however, you are likely to find this difficult to manage as you
have more and more virtual machines. A more scalable approach is to
organize your virtual machines into resource pools, placing virtual machines
with similar needs and levels of criticality into the same resource pool. You
may then define limits, reservations, and shares on the resource pool itself.
If you have an active VMware DRS cluster in fully automated mode, you
have one still-higher point of control. You can add ESX Server instances to
your cluster; the system will automatically VMotion virtual machines so as
to reduce contention. The more CPU and memory resources in your cluster,
the higher CPU and memory reservations you can define, and the more your
virtual machines are insulated from competition.
• If VM is constrained by CPU
• Add shares or increase CPU reservation
• VMotion this virtual machine
• Shut down, VMotion, or remove shares from other VMs
The key indicator of a virtual machine losing competition for CPU time is
"CPU ready" time in its CPU resource graph. Ready time refers to the
interval when a virtual machine is ready to execute instructions, but cannot
because it cannot get scheduled onto a CPU. Note that CPU Ready values
only show up in the "Real Time" graph and not in any of the historical
graphs (in other words, the day, week, month, or year graphs.)
Several factors affect the amount of ready time seen:
• Overall CPU utilization: You're more likely to see ready time when
utilization is high, because the CPU is more likely to be busy when
another VM becomes ready to run.
• Number of resource consumers (in this case, guest OSes): When a host
is running a larger number of VMs, the scheduler is more likely to need
to queue a VM behind one or more that are already running or queued.
• Load correlation: If loads are correlated, for example, if one load wakes
10
another one when the first load has completed its task, ready times are
unlikely. If a single event wakes multiple loads, high ready times are Resource Monitoring
likely.
• Number of virtual CPUs in a virtual machine: When co-scheduling for
n-way Virtual SMP is required, the virtual CPUs can be scheduled only
when n physical CPUs are available to be preempted.
A good ready time value varies from workload to workload. To find a good
ready time value for your workload, collect ready time data over time for
each virtual machine. Once you have this ready time data for each virtual
machine, estimate how much of the observed response time is ready time.
10
Resource Monitoring
• Network-intensive applications
will often bottleneck on path
segments outside ESX Server
• Example: WAN links between
server and client
• If you suspect that a VM is
constrained by the network
• Confirm VMware Tools is installed
• Measure the effective bandwidth
between VM and its peer system
• Examine performance graphs
• To improve network
performance
• Move VMs to another physical NIC
• Traffic-shape other VMs
• Reduce overall CPU utilization
10
Resource Monitoring
10
Resource Monitoring
Lesson Topics
• VM-based alarms
• Host-based alarms
10
Resource Monitoring
Click any
Name and field
describe to modify
the new
alarm Percentages
Powered on,
powered off,
suspended
When you right-click on a virtual machine and choose Add Alarm..., the
resulting window has four panels. Visit the General panel to name this
alarm. Visit the Triggers panel to control which load factors are monitored,
and what the threshold for the yellow and red states are. We will discuss the
Reporting and Actions panels in upcoming slides.
Name and
describe Click any
the new field
alarm to modify
Percentages
Connected,
disconnected,
not responding
The dialogue box displayed when you right-click on a host and choose Add
Alarm... is very similar to that for a virtual machine. The key difference is
the list of available triggers.
10
Resource Monitoring
Avoid
small
fluctuations
Avoid
repeats
Only
available for
VM-based
alarms
You may specify one or more actions to occur when an alarm is triggered
(other than simply displaying it in the VI Client).
10
Resource Monitoring
The highest point in the VirtualCenter inventory, Hosts and Clusters, is the
location of the default alarms. You may modify these alarms in place. You
may also define finer-grained alarms. For example, you might organize
several hosts or clusters into a folder and apply an alarm to that folder.
• Click SNMP to
specify trap
destinations
If you wish to transmit SNMP or email alarms, you must supply the IP
address of the destination server.
If your SNMP community string is not public, specify it here.
Specify the email address to be used for the From: address of email alerts.
10
Resource Monitoring
10
Resource Monitoring
Questions?
10
Resource Monitoring
11
Protection 11
Module Lessons
• Backup Strategies
• Virtual Machine High Availability
Backup Strategies :
Lesson Topics
• Backup strategies for virtual machines
• Backup strategies for the ESX Server service console
11
Data and Availability Protection
• Within the ESX Server environment:
• Virtual machine contents
• Service console
Within the ESX Server environment, you need to back up the following
major items:
• Virtual machine contents: The virtual machine data you back up can
include virtual disks or Raw Device Mappings (RDMs), configuration
files, and so on.
As with physical machines, virtual machine data needs to be backed up
periodically to prevent its corruption and loss due to human or technical
errors.
Generally, use the following backup schedule for your virtual machines:
• At the image level, perform backups periodically for Windows and
Linux. For example, back up a boot disk image of a Windows
virtual machine once a week.
• At the file level, perform backups once a day. For example, back up
files on drives D, E, and so on every night.
• Service Console: The service console, a customized version of Linux, is ESX Server 3i does not
have a service console.
the ESX Server 3 command-line management interface. It provides
tools and a command prompt for more direct management of ESX
Server 3. With the VI Client being the main interface to the ESX Server
3 host, you should use the service console to perform only advanced
administration operations
During its lifetime, the service console doesn't experience any major
changes other than periodic upgrades. In case of a failure, you can
easily recover the state of your service console by reinstalling ESX
Server 3. Therefore, although you might consider backing up the
11
Data and Availability Protection
• Store application data in
separate virtual disks
from system images
• Use backup agents
inside guest OSes for
application data
• If Windows, perform VCB
file-level backups
• Use full virtual machine
backups for system
images
• Or plan to redeploy from
template
Storing data in separate physical disks not only makes backups more
flexible, but it also allows for more flexible deployment from templates.
You can configure the applications in your templates to keep their data on
separate disk drives, and then provide a new blank disk for data whenever
the VM is deployed.
Backups from within the virtual machine, using a backup agent, are best for
application data because no system shutdown is required. In contrast,
virtual disk backups are best for system images, because they always result
in a bootable virtual disk, suitable for rapid redeployment.
Note that in addition to the 3rd party backup agents that VMware supports
with ESX Server, there could be other 3rd party backup agents out there that
are supported directly by the vendor.
There are several backup strategies for backing up virtual machines. These
strategies use traditional backup methods or VMware Consolidated Backup
(VCB):
• VM file-level backup using backup client: Because a virtual machine is
just like a physical machine, you can back it up in the same manner as a
physical machine, using backup software running inside a virtual
machine. There are two methods to do this:
• Method 1: Deploy your backup client in one virtual machine while
the backup server is in another virtual machine. VMware
recommends that you run both virtual machines on the same ESX
Server system. In this case, data between the two virtual machines
moves through the virtual Ethernet that connects these virtual
machines, but does not have to be transferred over a physical
Ethernet connection.
• Method 2: Deploy the backup client in a virtual machine while the
backup server runs on a physical machine.
NOTE
11
following to perform a backup of your virtual machines:
• Power off your virtual machines.
Because the ESX Server 3 service console doesn't experience any major
changes during its lifetime and its state is easily recoverable in case of a
failure, you might decide against backing it up. If you choose to back up
the service console, you don't need to do it frequently.
Use the following methods when backing up the service console:
• File-Based: Treat the service console as a physical machine with a
deployed backup agent. To restore the service console, reinstall it,
reinstall the agent, and then restore the files that you backed up. This
approach makes sense if management agents that are hard to set up have
been deployed in the service console. Otherwise, this approach provides
no advantage over not backing up the service console.
• Image-Based: Use third-party software to create a backup image that
you can restore quickly. Use your boot CD or whatever the backup
software created to restore the service console.
For a complete list of backup clients supported in the service console,
consult the ESX Server 3.x Backup Software Compatibility Guide,
available on the VMware web site.
11
Data and Availability Protection
• Performing backups using VCB takes the burden off
the ESX Server and places it onto the backup proxy
server
• Service console backups do not need to be taken as
frequently as virtual machine backups
• VMware supports a number of different backup
agents for the virtual machine and the service
console
Lesson Topics
• Strategies for clustering VMs using third-party software products
• Clustering VMs using VMware HA (High Availability)
11
• Cluster-in-a-box
Module 11 Data and Availability Protection: Virtual Machine High Availability 465
What is VMware HA?
11
Virtual Machine Failure Monitoring checks for a heartbeat every 20
seconds. If heartbeats have not been received within a specified (user-
Module 11 Data and Availability Protection: Virtual Machine High Availability 467
VMware HA in Action
11
Data and Availability Protection
• You should be able to power-on a VM from all hosts
within the cluster
• Access to common resources (shared storage, VM
network)
• Host should be configured for DNS
• DNS resolution of all hosts within cluster is needed for
initial configuration
In order for the HA cluster to work properly, there are two prerequisites: Proper DNS & Network
settings are needed for
Each host in the cluster should have access to the virtual machines' files and initial configuration. After
should be able to power on the VM with no problem. For that matter, all configuration, DNS
the VMotion requirements should be met in the cluster as well. Also, an resolutions are cached to /
etc/FT_HOSTS
important requirement is to make sure that each ESX Server in the cluster is (minimizing the
configured to use DNS and DNS resolution of the host's fully qualifed dependency on DNS
domain name is successful because VMware HA relies on that name. server availability during
an actual failover). DNS on
each host is preferred
(manual editing of /etc/
hosts is error prone).
Module 11 Data and Availability Protection: Virtual Machine High Availability 469
VMware HA Host Network Configuration
NOTE
11
Configure cluster for VMware HA and/or DRS
Module 11 Data and Availability Protection: Virtual Machine High Availability 471
Configure Cluster
Cluster-wide
settings
11
Data and Availability Protection
Failover capacity: 1 host failure Failover capacity: 2 host failure
In the first example, the VMware HA cluster has been set up to allow 1 host
to fail. Therefore, if any single ESX Server fails in the cluster, the
remaining ESX Servers should have enough capacity to run the virtual
machines that are on the failed server. This example assumes that all virtual
machines require an equal amount of resources.
In the second example, the VMware HA cluster has been set up to allow up
to 2 hosts to fail. Therefore if two ESX Servers fail, the remaining ESX
Server in the cluster should have enough capacity to run all virtual
machines. Again, this example assumes that all virtual machines require the
same amount of resources.
Module 11 Data and Availability Protection: Virtual Machine High Availability 473
Add Host to Cluster
To add a host to the cluster, there are two ways: First, you could right-click
over the HA cluster and select Add Host from the menu. Or, you can drag
and drop an existing standalone host into the HA cluster.
11
Data and Availability Protection
If there is insufficient spare capacity
during failover, VMs with higher
priority get failed over first
Module 11 Data and Availability Protection: Virtual Machine High Availability 475
Architecture of a VMware HA Cluster
VC Server
In general, cluster software A key component to the VMware HA architecture is the cluster of hosts. In
is composed of layers of
code, “agents” that can
this example, the cluster consists of three hosts. When each host was added
start, stop and/or monitor to the cluster, the VMware HA agent was uploaded to the host. The VMs'
cluster components. A files are located on shared storage and therefore, each host in the cluster
host agent monitors hosts
within the cluster, if a host needs access to the same resources. You must be able to power on the VM
fails the host agent can on every host in the cluster. Distributed locking prevents simultaneous
restart services (or in our access to VMs, thus protecting data integrity. HA agents maintain a
case, VMs) on surviving
nodes in the cluster. heartbeat network and therefore, their ability to perform failovers is
independent from VirtualCenter availability.
11
algorithms balance workloads after HA has recovered virtual machines.
DRS uses VMotion to automatically rebalance the overall cluster load.
Additional Information:
VMware HA is based on EMC Autostart Manager (formerly known as Legato's AAM,
Automated Availability Management) product for high availability. EMC Autostart Manager
has the concept of primary and secondary nodes. All hosts in an EMC Autostart Manager
cluster are either primary or secondary, and their roles are assigned dynamically. A primary
node acts as a rule interpreter and maintains a distributed database. There are usually 2-5
primary nodes per cluster. Adding a new node requires that at least one primary node be
up. A secondary node is a somewhat lighter-weight (less overhead) version of the primary
node.
Configuring the "Number of host failures allowed" in essence defines the number of primary
nodes in the cluster. There is no parameter other than this one that allows you to configure
the number of primary nodes in the cluster.
More on primary nodes:
Number of primary nodes = number of host failures to tolerate + 1.
In a cluster, if a primary fails, another (secondary) node would be promoted to primary, to
maintain the number of primaries in the system. In the worst case, if all the primaries were to
fail, then you don't have enough information to recover from that situation. We have up to 5
primaries in our clusters. Having more than 5 would increase network traffic, and EMC
Autostart Manager thinks that 3-5 is the sweet spot. So we allow up to 4 host failures - you
can specify the number of host failures to tolerate between 1 and 4. If you want to have
more host failures to tolerate, then you need to maintain more spare capacity across your
cluster. It would be better at that point to just split the cluster up into smaller clusters.
Module 11 Data and Availability Protection: Virtual Machine High Availability 477
What if a Host is Running but Isolated?
• A network failure
might cause a “split-
brain” condition
• VMware HA waits
15 seconds before
deciding that a host is
isolated
Network failures can cause "split-brain" conditions. In such cases, hosts are
unable to determine if the rest of the cluster has failed or has become
unreachable.
A different isolation Isolation response is used to prevent split-brain conditions and is started
address can be specified
using the the advanced HA
when:
option
das.isolationaddre • A host has stopped receiving heartbeats from other cluster nodes AND
ss. A different isolation the isolation address cannot be pinged
response time can also be
specificed using the • The default isolation address is the service console gateway, and the
advanced HA option default isolation response time is 15 seconds.
das.failuredetecti
ontime. These are Powering virtual machines off releases VMFS locks and enables other hosts
cluster-wide settings, to recover. When the "Leave power on" option is set, virtual machines may
which can be set in the
Advanced Options menu
require manual power-off / migration in case of an actual network isolation.
of the VMware HA
properties.
More information on split-brain taken from the Internet:
A split-brain condition occurs when a single cluster has a failure that results in
reconfiguration of the cluster into multiple partitions; each partition forms its own sub-cluster
without knowledge of the existence of the other. This leads to data collision and the
corruption of shared data, because each sub-cluster assumes ownership of shared data.
As an example, when two systems have access to the shared storage, the integrity of the
data depends on the communication of heartbeats through the private interconnects. When
the private links fail, or if one of the systems is hung or too busy to transmit heartbeats, each
system thinks the other system has exited the cluster. Each system then tries to become
master (or form a sub-cluster), and claim exclusive access to the shared storage. This
condition leads to split-brain.
11
Data and Availability Protection
Power VM off to release
lock on its disks
Allow VM to continue to
run while host isolated
The user can also determine whether to power down the VMs or not, on
node isolation. This is set using the Isolation Response. The isolation
response of "Power off" does just that; VMware HA does not do a clean
shutdown of the VM.
Isolation Response is initiated when a host experiences network isolation
from the rest of the cluster. “Power off” is the default response. “Leave
power on” is intended for cases where:
• Lack of redundancy and environmental factors make outages likely
• VM networks are separate from service console (and more reliable)
Isolation events can be prevented if proper network redundancy is employed
from the start.
Module 11 Data and Availability Protection: Virtual Machine High Availability 479
Troubleshooting VMware HA
If students are interested: In general, for any type of cluster (DRS, VMware HA, or combination of
Consider extending
timeout values & adding
both), it is possible to damage the cluster by managing the ESX Server
multiple isolation directly (bypassing VirtualCenter) and tweaking resource reservations.
addresses. Timeouts of DRS and VMware HA are both VirtualCenter-level concepts, and they both
30-60 seconds will slightly
extend recovery times, but believe that all changes to resource reservations are done at the
will also allow for VirtualCenter level. Changing resource reservations at the host level will
intermittent network cause the cluster to go into a red state and cease to do its job until any
outages. Modifying these
options will be covered in resource problems associated with that cluster have been fixed.
the VI3: Deploy, Secure
and Analyze course. For more information on VMware HA Best Practices, refer to the
Knowledge Base article 1002080, Setting Failure and Isolation Detection
Timeout and Multiple Isolation Response Addresses. (http://
kb.vmware.com/kb/1002080).
11
Data and Availability Protection
• Using VMware HA Two ESX Server
• In this lab, you will teams belong to one
perform the following Cluster team
tasks:
•Add VMware HA VirtualCenter VirtualCenter
Server Server
functionality to an existing #3 #4
cluster
•Cause VMware HA to
restart virtual machines ESX Server ESX Server
following the “crash” of a #3 #4
physical server
Student 03a Student 03b Student 04a Student 04b
Module 11 Data and Availability Protection: Virtual Machine High Availability 481
Module Summary
11
Data and Availability Protection
Questions?
Module 11 Data and Availability Protection: Virtual Machine High Availability 483
484 VMware Infrastructure 3: Install and Configure
MODULE 12
Planning VI Deployment 12
12
Planning VI Deployment
Importance
• Planning your VMware Infrastructure deployments properly from the
very start can prevent problems that could occur when your VMware
Infrastructure is put into production
Module Lessons
• Plan VMware Infrastructure Deployment
• Storage Considerations
Lesson Topics
• Using qualified hardware
• Sizing VMkernel and service console resources
• Booting ESX Server from a SAN
• VirtualCenter resource sizing
• VirtualCenter inventory guidelines
12
deploying hardware!
Planning VI Deployment
• ESX Server 3.x Systems Compatibility Guide
• ESX Server 3.x I/O Compatibility Guide
• ESX Server 3.x Storage/SAN Compatibility Guide
http://www.vmware.com/support/pubs/vi_pubs.html
RAM Disk
CPU Network
12
Planning VI Deployment
For example say that the mail servers that are monitored run about 7%
Processor Utilization represented by the blue line above. These are average
numbers across all the mail servers monitored. However, in the morning,
they typically run 3 to 4 times higher than the average. The same is true
after lunch and at closing time. If we were to reduce the capacity allocated
to Exchange to be able to meet the needs of the average utilization, we
would have a lot of very unhappy users in the morning, at lunch and at
closing time.
If peak load is not considered, we might have thought that combining the
load of 5 of these mail servers into one ESX Server was reasonable. If Peak
load is considered, we would never attempt that type of consolidation.
When planning for ESX Server resources, calculate the resources that each
virtual machine will need in order to run.
Each powered-on virtual machine has some memory overhead. The VI
Client reports this overhead in the Summary tab of a virtual machine (the
Resource Management Guide provides a table of memory overhead values
based on the number of CPUs and memory size of the VM). There is also
memory allocated to the VMkernel. It is at least 50MB, plus additional
memory for device drivers. To determine how much memory the VMkernel
is using on a running ESX Server, use the VI Client, select your ESX
Server, click its Configuration tab, and click the Memory link. The System
value represents how much memory the VMkernel uses.
For disk space, figure out how much disk space is needed if this system
were a physical machine. This value sizes the virtual disk. In addition,
there are other files that make up a virtual machine. Most of these files are
relatively small, such as the virtual machine's configuration files. However,
you must also account for the size of the VMkernel swap file allocated to
each virtual machine when it is powered on. The size of the VMkernel swap
file is determined by the difference between the VM’s available memory
and its memory reservation. If you take snapshots of your VMs, then
account for the disk space used to hold the snapshot files. Snapshots are
used for testing software, such as patches, for developing software, and for
VM backups, if you are using VCB. A snapshot consists of a delta disk file
which contains the changes made to the VM. This file could potentially
grow to the size of the VM’s virtual disk. A snapshot also consists of a
12
Likewise for CPU, find out the average amount of CPU cycles needed for
each VM and sum the totals. Also note that the service console, VMkernel
Planning VI Deployment
and Gigabit Ethernet adapters require some amount of CPU cycles, so
conservatively speaking, add an extra CPU for system overhead and also
future growth.
Here are a few other sizing considerations:
• If a VM's application is extremely sensitive to a resource, dedicate a
resource to that VM:
• Consider dedicating a disk LUN to a database application
• Consider dedicating a CPU and a NIC to applications with low-latency
requirements
The service console requires some amount of resources too. It needs 272
MB of memory, which is the default and also the recommended size. It
needs disk space for its partitions, which we covered earlier. One NIC is
sufficient for the service console, which connects it to the management
network. Finally, the service console is a single-CPU operating system and
always runs on the first hardware execution context.
12
Planning VI Deployment
SAN
ESX Server supports booting from a Fibre Channel SAN LUN or an iSCSI
SAN LUN (using a hardware initiator only). Before you consider how to set
up your system for boot from SAN, decide whether it makes sense for your
environment.
Use boot from SAN:
• If you do not want to handle maintenance of local storage.
• If you need easy cloning of service consoles (ESX Server 3 only).
• In diskless hardware configurations, such as on some blade systems.
Do not use boot from SAN if I/O contention might occur between the
service console and VMkernel (ESX Server 3 only). For example, there
could be I/O contention between the service console and virtual machines if
they are all using the same disk array.
If the decision to boot from SAN has been determined, there are a few extra
necessary steps.
After shutting down the ESX Server and before it completely boots up, the
configuration on the HBA's BIOS must be enabled to boot and the ESX
Server's BIOS must be configured to identify the Fibre Channel card as the
first boot device.
For details on configuring the ESX Server to boot from an iSCSI SAN
LUN, consult the iSCSI SAN Configuration Guide, available on the
VMware Web site.
12
• Configure BIOS so that Fibre Channel adapter is the
boot device, and desired LUN is the boot volume
Planning VI Deployment
• Disable built-in
IDE controller
if present
The example above shows a sample BIOS configuration and Fibre Channel
configuration typical for supporting boot from SAN. The BIOS
configuration is from an HP Proliant server. Notice that the server's BIOS
first boot device is the Fibre Channel controller. In the second screen, the
QLogic adapter's BIOS is enabled and the first LUN is targeted as the boot
LUN. This configuration identifies the boot LUN by the worldwide number
(WWN) and the LUN number in hexadecimal format.
The ESX Server can boot from SAN using any LUN that the server can
access. For example, if the ESX Server were assigned LUNs 7, 8 and 9, the
ESX Server could boot from LUN 7, 8 or 9.
In some cases, the IDE controller on the ESX Server must be disabled. For
example, if you are running an IBM eServer BladeCenter and use boot from
SAN, you must disable IDE drives on the blades.
Managed Hosts
VMware
Infrastructure
Clients
As of this writing, for A single VirtualCenter Server with minimum hardware requirements is
VirtualCenter 2.5, there
are no new numbers for
recommended for supporting up to 20 concurrent client connections, 50
the recommended number managed hosts and 1000 virtual machines. VirtualCenter Server can support
of CPUs and amount of a maximum of 200 managed hosts and 2000 virtual machines.
RAM. With VirtualCenter
2.0.x, increasing the VMware recommends against using SQL Server 2005 Express as the
hardware requirement to
dual CPUs and 3 GB RAM VirtualCenter database except for demos and proof-of-concepts. VMware
can scale the VirtualCenter recommends either a SQL Server or an Oracle database for your production
Server to support up to 50
environments.
concurrent client
connections, 100 managed
hosts and 1500 virtual
In planning for the VirtualCenter database size consider the number of ESX
machines. Servers and virtual machines the ESX Server will manage. Also consider
the statistics collection level setting in VirtualCenter. The higher the
Please monitor the VMTN
forums for new information setting the more data that will need to be stored in the database. For
on this topic. example a VirtualCenter installation managing 100 hosts and 1500 virtual
machines could range between 5 gigabytes for Statistics Collection Level 1
to 162 gigabytes of disk space needed for Statistics Collection Level 4.
Consider using VirtualCenter’s built-in database sizing calculator for
planning the database size needed for VirtualCenter.
12
Planning VI Deployment
The datacenter is your primary organizational structure. Managed objects
such as hosts, virtual machines, networks and datastores, belong to a single
datacenter. Tasks such as cloning virtual machines, deploying virtual
machines from templates or migrating virtual machines can only be
performed with objects in the same datacenter.
Use the following guidelines for planning your VirtualCenter inventory
hierarchies:
• Group hosts in a datacenter that are under a single administrative control
• Group hosts in a datacenter that meet VMotion requirements
• Group hosts in a cluster to form a single pool of resources
• Group VMs into folders, e.g. by business unit or function
Storage Considerations :
Lesson Topics
• Storage comparisons
• Storage considerations
The table above compares the features of the storage technologies available
to the ESX Server.
12
Boot VMware
Boot VM
Planning VI Deployment
Type ESX VMotion VMFS RDM HA/ VCB
VM Cluster
Server DRS
Fibre
Yes Yes Yes Yes Yes Yes Yes Yes
Channel
Local
Yes Yes No Yes Yes No No No
Storage
The table above compares the ESX Server features supported by the
different storage types.
Component Considerations
One VMFS volume per LUN;
VMFS Use more than one VMFS to maintain separate test and
production environments
Use RDMs with VMs for 1) physical-to-virtual clusters or
RDM cluster-across-boxes and 2) use of hardware
snapshotting functions of the disk array
Each boot LUN should be seen only by the ESX Server
Boot-from-SAN
booting from that LUN
12
Component Considerations
Planning VI Deployment
iSCSI
separate and isolated IP network
If accessing both iSCSI and NAS storage from an ESX Server, put each
storage device type on a separate, isolated network for best performance and
security.
NFS considerations:
• Use no_root_squash: By default, the root user (whose UID is 0) is
given the least amount of access to an NFS volume. This option turns
off this behavior because the VMkernel needs to access the NFS volume
using UID 0.
• 8 NFS mounts per ESX Server allowed, by default. This number can be
increased to 32. To increase this number, select host from inventory,
click its Configuration tab, then select the Advanced Settings link.
Click NFS in the left pane, then adjust "NFS.MaxVolumes" to the
appropriate value. A reboot of the ESX Server is required in order for
this change to take effect.
• Avoid VM swapping to NFS volumes: This is for performance reasons.
Therefore, have the VM swap to a VMFS volume instead. To do this,
edit the VM's configuration file and add the following line:
sched.swap.dir = "/vmfs/volumes/volume_name/
directory_name"
12
Planning VI Deployment
One approach to storage management involves building LUNs with a
variety of storage characteristics and then placing VMFS volumes in each,
labeled to reflect those characteristics: "RAID5", "RAID0", etc. Now place
virtual disks for each application into VMFS volumes appropriate for that
application.
If keeping the number of LUNs low (and thus easy to manage) is more
important than optimizing each VM's I/O performance, simply create large
LUNs and use them broadly; but carefully watch for virtual machines
whose performance is unacceptable.
Don't forget that system images (C: drives, for example) often have
different I/O characteristics from application data. This is another reason
why it is wise to build separate virtual disks for system and data.
12
resources that each virtual machine will need in order
to run
Planning VI Deployment
• In planning for the Virtual Center database size
consider the number of ESX hosts and virtual machines
the ESX host will manage
• ESX Server supports Fibre Channel, iSCSI, NAS and
local storage
Questions?