Hol SDC 1410 Upd PDF en

HOL-SDC-1410-UPD
Table of Contents
Lab Overview - HOL-SDC-1410 - What's New with vSphere 6? ...................................................... 3
Lab Guidance........................................................................................................................ 4
What is Virtualization?........................................................................................................... 5
Module 1 - What's New in vSphere 6 (90 Minutes) ........................................................................ 16
What's New in vSphere 6.0? ............................................................................................... 17
Content Library.................................................................................................................... 33
Migrating a Virtual Machine between Two vCenters ........................................................... 61
vSphere Web Client Enhancements ................................................................................... 78
ESXi Security Enhancements ............................................................................................. 87
vSphere SSL Certificates .................................................................................................... 99
Network I/O Control Enhancements (NIOC) ...................................................................... 113
Module 2 - Introduction to Management with vCenter Server (60 Min) ........................................ 128
What is vSphere? .............................................................................................................. 129
ESXi Install and Configure ................................................................................................ 130
vCenter 6.0 Overview........................................................................................................ 131
Using the vSphere 6.0 Web Client .................................................................................... 136
Using Tagging and Search to Find Objects Quickly .......................................................... 162
Understanding High Availability (HA) and Distributed Resource Scheduler (DRS) .......... 181
vSphere 6.0 Fault Tolerance Provides Continuous Availability ......................................... 192
Monitoring Events and Creating Alarms............................................................................ 194
Configure Shares and Resources ..................................................................................... 205
Module 3 - Introduction to vSphere Networking And Security (60 Min)........................................ 212
vSphere Networking Enhancements ................................................................................. 213
Configuring vSphere Standard Switch .............................................................................. 217
Adding and Configuring a vSphere Distributed Switch ..................................................... 238
Using Host Lockdown Mode ............................................................................................. 268
Configuring the Host Services and Firewall ...................................................................... 281
User Access and Authentication Roles ............................................................................. 282
Understanding Single Sign On .......................................................................................... 294
Adding an ESXi Host to Active Directory .......................................................................... 313
Module 4 - Introduction to vSphere Storage (60 Min) .................................................................. 320
vSphere Storage Overview ............................................................................................... 321
Creating and Configuring vSphere Datastores ................................................................. 325
Storage vMotion ................................................................................................................ 363
Managing Virtual Machine Disks ....................................................................................... 369
Working with Virtual Machine Snapshots .......................................................................... 381
Cloning Virtual Machines and Using Templates ................................................................ 397
vSphere Datastore Cluster ................................................................................................ 413
vSphere Data Protection ................................................................................................... 422
vSphere Replication Overview .......................................................................................... 423
Virtual Volumes ................................................................................................................. 424
HOL-SDC-1410-UPD
Page 2
Lab Overview - HOL-SDC-1410 - What's New

with vSphere 6?
HOL-SDC-1410-UPD
Page 3
Lab Guidance
This introductory lab demonstrates the core features and functions of vSphere and vCenter 6.0.
This is an excellent place to begin your Virtualization 101 experience.
This lab will walk you through the core features of vSphere and vCenter, including storage and
networking. The lab is broken into three Modules and the Modules can be taken in any order.
Module 1 - What's New with vSphere 6 (90 Minutes)

Module 2 - An Introduction to Management with vCenter Server (60 Minutes)
Module 3 - An Introduction to vSphere Networking and Security (60 Minutes)
Module 4 - An Introduction to vSphere Storage (60 Minutes)
NOTE: If you are using a device with non-US keyboard layout, you might find it difficult to enter CLI
commands, user names and passwords throughout the modules in this lab. Refer to the file README.txt on
the desktop for additional information on resolving the keyboard issue.
Each Module will take approximately 60-90 minutes to complete, but based on your experience
this could take more or less time.
We have included videos throughout the modules. To get the most out of these videos, it is
recommenced that you have headphones to hear the audio. The timing of each video is noted next
to the title. In some cases, videos are included for tasks we are unable to show in a lab
environment, while others are there to provide additional information. Some of these videos may
contain an earlier edition of vSphere, however, the steps and concepts are primarily the same.
Lab Captains: Doug Baer, Bill Call, Adam Eckerle, Cleavon Roberts, Dave Rollins and Paul
Schlosser.
HOL-SDC-1410-UPD
Page 4
What is Virtualization?
If you are not familiar with Virtualization, this lesson will give you an introduction to it.
Virtualization:
(noun)
Today's x86 computer hardware was designed to run a single operating system and a single
application, leaving most machines vastly underutilized. Virtualization lets you run multiple virtual
machines on a single physical machine, with each virtual machine sharing the resources of that
one physical computer across multiple environments. Different virtual machines can run different
operating systems and multiple applications on the same physical computer.
HOL-SDC-1410-UPD
Page 5
Virtualization Defined
Virtualization is placing an additional layer of software called a hypervisor on top of your physical
server. The hypervisor enables you to install multiple operating systems and applications on a
single server.
HOL-SDC-1410-UPD
Page 6
Separation
By isolating the operating system from the hardware, you can create a virtualization-based x86
platform. VMware's hypervisor based virtualizaton products and solutions provide you the
fundamental technology for x86 virtualization.
HOL-SDC-1410-UPD
Page 7
Partitioning
In this screen, you can see how partitioning helps improve utilization.
HOL-SDC-1410-UPD
Page 8
Isolation
You can isolate a VM to find and fix bugs and faults without affecting other VMs and operating
systems. Once fixed, an entire VM Restore can be perfomed in minutes.
HOL-SDC-1410-UPD
Page 9
Encapsulation
Encapsulation simplifies management by helping you copy, move and restore VMs by treating
entire VMs as files.
HOL-SDC-1410-UPD
Page 10
Hardware Independence
VMs are not dependent on any physical hardware or vendor, making your IT more flexible and
scalable.
HOL-SDC-1410-UPD
Page 11
Benefits
Virtualization enables you to consolidate servers and contain applications, resulting in high
availability and scalability of critical applications.
HOL-SDC-1410-UPD
Page 12
Simplify Recovery
Virtualization eliminates the need for any hardware configuration, OS reinstallation and
configuration, or backup agents. A simple restore can recover an entire VM.
HOL-SDC-1410-UPD
Page 13
Reduce Storage Costs
A technology called thin-provisioning helps you optimize space utilization and reduce storage
costs. It provides storage to VMs when it's needed, and shares space with other VMs.
HOL-SDC-1410-UPD
Page 14
Cost Avoidance
HOL-SDC-1410-UPD
Page 15
Module 1 - What's New in vSphere 6 (90

Minutes)
HOL-SDC-1410-UPD
Page 16
What's New in vSphere 6.0?

On the next page, we've listed the new features in vSphere and vCenter 6.0. They have been
broken up into three sections, vSphere/vCenter, Networking, and Storage. Also, where applicable,
we have noted any labs that highlight new features, with the 'M' indicating the Module number of
the lab. For example, next to vSphere Replication Enhancements, you will see a reference to
HOL-SDC-1405/M2. This would mean you would find the vSphere Replication Module in HOLSDC-1405, Module 2. If you do need assistance, just ask a Proctor for help!
That being said, if you do have time left over after completing your selected Module, feel free to
explore some of these new features!
HOL-SDC-1410-UPD
Page 17
What's New in vSphere & vCenter 6.0
At a high level, these are the new features of vSphere and vCenter v6.0.
You will find more details on some of the features below.
HOL-SDC-1410-UPD
Page 18
Scalability - Configuration Maximums
The Configuration Maximums have increased across the board for vSphere Hosts in 6.0. Each
vSphere Host can now support:
480 Physical CPUs per Host

Up to 12TB of Physical Memory
1000 VMs per Host
64 Hosts per Cluster
Scalability - Virtual Hardware v11

This release of vSphere gives us Virtual Hardware v11. Some of the highlights include:
128 vCPUs
4 TB RAM
Hot-add RAM now vNUMA aware
WDDM 1.1 GDI acceleration features
xHCI 1.0 controller compatible with OS X 10.8+ xHCI driver
A virtual machine can now have a maximum of 32 serial ports
Serial and parallel ports can now be removed
HOL-SDC-1410-UPD
Page 19
Local ESXi Account and Password Management Enhancements
In the latest release of vSphere 6.0, we expand support for account management on ESXi Hosts.
New ESXCLI Commands:
CLI interface for managing ESXi local user accounts and permissions
Coarse grained permission management
ESXCLI can be invoked against vCenter instead of directly accessing the ESXi host.
Previously, the account and permission management functionality for ESXi hosts was
available only with direct host connections.
Password Complexity:
Previously customers had to manually edit by hand the file /etc/pam.d/passwd, now they
can do it from VIM API OptionManager.updateValues().
Advanced options can also be accessed through vCenter, so there is not need to make a
direct host connection.
PowerCLI cmdlet allows setting host advanced configuration options
Account Lockout:
Security.AccountLockFailures - "Maximum allowed failed login attempts before locking out
a user's account. Zero disables account locking.
Default: 10 tries
Security.AccountUnlockTime - "Duration in seconds to lock out a user's account after
exceeding the maximum allowed failed login attempts.
Default: 2 minutes
HOL-SDC-1410-UPD
Page 20
vCenter Server 6.0 Platform Services Controller
The Platform Services Controller (PSC) includes common services that are used across the suite.
These include SSO, Licensing and the VMware Certificate Authority (VMCA)
The PSC is the first piece that is either installed or upgraded. When upgrading a SSO
instance becomes a PSC.
There are two models of deployment, embedded and centralized.
Embedded means the PSC and vCenter Server are installed on a single virtual
machine. Embedded is recommended for sites with a single SSO solution such
as a single vCenter.
Centralized means the PSC and vCenter Server are installed on different virtual
machines. Centralized is recommended for sites with two or more SSO solutions
such as multiple vCenter Servers, vRealize Automation, etc. When deploying in
the centralized model it is recommended to make the PSC highly available as to
not have a single point of failure, in addition to utilizing vSphere HA a load balancer
can be placed in front of two or more PSCs to create a highly available PSC
architecture.
The PSC and vCenter servers can be mixed and matched, meaning you can deploy Appliance
PSCs along with Windows PSCs with Windows and Appliance based vCenter Servers. Any
combination uses the PSCs built in replication.
What's New in vSphere 6.0 - Networking and Security

Networking in vSphere 6.0 has received some significant improvements which has led to the
following new vMotion capabilities:
Cross vSwitch vMotion

Cross vCenter vMotion
Long Distance vMotion
vMotion across Layer 3 boundaries
HOL-SDC-1410-UPD
Page 21
More detail on each of these follows as well as details on the improved Network I/O Control
(NIOC) version 3.
Cross vSwitch vMotion
Cross vSwitch vMotion allows you to seamlessly migrate a VM across different virtual switches
while performing a vMotion.
No longer restricted by the network you created on the vSwitches in order to vMotion a
virtual machine.
Requires the source and destination portgroups to share the same L2. The IP address
within the VM will not change.
vMotion will work across a mix of switches (standard and distributed). Previously, you
could only vMotion from vSS to vSS or within a single vDS. This limitation has been
removed.
The following Cross vSwitch vMotion migrations are possible:
vSS to vSS
vSS to vDS
vDS to vDS
vDS to VSS is not allowed
Another added feature is that vDS to vDS migration transfers the vDS metadata to the destination
vDS (network statistics).
HOL-SDC-1410-UPD
Page 22
Cross vCenter vMotion
Expanding on the Cross vSwitch vMotion enhancement, we are also excited to announce support
for Cross vCenter vMotion.
vMotion can now perform the following changes simultaneously.
Change compute (vMotion) - Performs the migration of virtual machines across compute
hosts
Change storage (Storage vMotion) - Performs the migration of the virtual machine disks
across datastores
Change network (Cross vSwitch vMotion) - Performs the migration of a VM across different
virtual switches
and finally
Change vCenter (Cross vCenter vMotion) - Performs the migration of the vCenter which
manages the VM.
All of these types of vMotion are seamless to the guest OS. Like with vSwitch vMotion, Cross
vCenter vMotion requires L2 network connectiviy since the IP of the VM will not be changed. This
functionality builds upon Enhanced vMotion and shared storage is not required. Target support for
local (single site), metro (multiple well-connected sites), and cross-continental sites.
HOL-SDC-1410-UPD
Page 23
Long Distance vMotion
Long Distance vMotion is an extension of Cross vCenter vMotion however targeted for
environments where vCenter servers are spread across large geographic distances and where the
latency across sites is 100ms or less. Although spread across a long distance, all the standard
vMotion guarantees are honored.
This does not require VVOLs to work. A VMFS/NFS system will work also.
Use Cases:
Migrate VMs across physical servers that spread across a large geographic distance
without interruption to applications
Perform a permanent migration for VMs in another datacenter.
Migrate VMs to another site to avoid imminent disaster.
Distribute VMs across sites to balance system load.
Follow the sun support.
Requirements:
The requirements for Long Distance vMotion are the same as Cross vCenter vMotion,
except with the addition of the maximum latency between the source and destination sites
must be 100 ms or less, and there is 250 Mbps of available bandwidth.
To stress the point: The VM network will need to be a stretched L2 because the IP of the
guest OS will not change. If the destination portgroup is not in the same L2 domain as the
source, you will lose network connectivity to the guest OS. This means in some topologies,
such as metro or cross-continental, you will need a stretched L2 technology in place. The
stretched L2 technologies are not specified. Any technology that can present the L2
network to the vSphere hosts will work, because its unknown to ESX how the physical
network is configured. Some examples of technologies that would work are VXLAN, NSX
L2 Gateway Services, or GIF/GRE tunnels.
There is no defined maximum distance that will be supported as long as the network meets
these requirements. Your mileage may vary, but are eventually constrained by the laws of
physics.
HOL-SDC-1410-UPD
Page 24
The vMotion network can now be configured to operate over an L3 connection. More
details on this are in the next slide.
Network I/O Control v3
Network I/O Control Version 3 allows administrators or service providers to reserve or guarantee
bandwidth to a vNIC in a virtual machine or at a higher level the Distributed Port Group.
This ensures that other virtual machines or tenants in a multi-tenancy environment dont impact
the SLA of other virtual machines or tenants sharing the same upstream links.
Use Cases:
Allows private or public cloud administrators to guarantee bandwidth to business units or
tenants. --> This is done at the VDS port group level.
Allows vSphere administrators to guarantee bandwidth to mission critical virtual machines.
--> This is done at the VMNIC level.
HOL-SDC-1410-UPD
Page 25
What's New in vSphere 6.0 Storage & Availability
At a high level, these are the new Storage & Availability features of vSphere 6.0.
You will find more details on some of the features below.
VMware Virtual Volumes
VVOLS changes the way storage is architected and consumed. Using external arrays without
VVOLS, typically the LUN is the unit of both capacity and policy. In other words, you create LUNs
HOL-SDC-1410-UPD
Page 26
with fixed capacity and fixed data services. Then, VMs are assigned to LUNs based on their data
service needs. This can result in problems when a LUN with a certain data service runs out of
capacity, while other LUNs still have plenty of room to spare. The effect of this is that typically
admins overprovision their storage arrays, just to be on the safe side.
With VVOLS, it is totally different. Each VM is assigned its own storage policy, and all VMs use
storage from the same common pool. Storage architects need only provision for the total capacity
of all VMs, without worrying about different buckets with different policies. Moreover, the policy of
a VM can be changed, and this doesnt require that it be moved to a different LUN.
VVOLS - VASA Provider
The VASA Provider is the component that exposes the storage services which a VVOLS array can
provide. It also understands VASA APIs for operations such as the creation of virtual volume
files. It can be thought of as the control plane element of VVOLS. A VASA provider can be
implemented in the firmware of an array, or it can be in a separate VM that runs on the cluster
which is accessing the VVOLS storage (e.g., as a part of the arrays management server virtual
appliance)
HOL-SDC-1410-UPD
Page 27
VVOLS - Storage Container (SC)
A storage container is a logical construct for grouping Virtual Volumes. It is set up by the storage
admin, and the capacity of the container can be defined. As mentioned before, VVOLS allows you
to separate capacity management from policy management. Containers provide the ability to
isolate or partition storage according to whatever need or requirement you may have. If you dont
want to have any partitioning, you could simply have one storage container for the entire array.
The maximum number of containers depends upon the particular array model.
VVOLS - Storage Policy-Based Management
Instead of being based on static, per-LUN assignment, storage policies with VVOLS are managed
through the Storage Policy-Based Management framework of vSphere. This framework uses the
HOL-SDC-1410-UPD
Page 28
VASA APIs to query the storage array about what data services it offers, and then exposes them
to vSphere as capabilities. These capabilities can then be grouped together into rules and
rulesets, which are then assigned to VMs when they get deployed. When configuring the array,
the storage admin can choose which capabilities to expose or not expose to vSphere.
To get more detailed information on VVOLS consider taking HOL-SDC-1429 - Virtual Volumes
(VVOLS) Setup and Enablement.
vSphere 6.0 Fault Tolerance
The benefits of Fault Tolerance are:

Protect mission critical, high performance applications regardless of OS
Continuous availability - Zero downtime, zero data loss for infrastructure failures
Fully automated response
The new version of Fault Tolerance greatly expands the use cases for FT to approximately 90% of
workloads with these new features:
Enhanced virtual disk support - Now supports any disk format (thin, thick or EZT)
Now supports hot configure of FT - No longer required to turn off VM to enable FT
Greatly increased FT host compatibility - If you can vMotion a VM between hosts you can
use FT
The new technology used by FT is called Fast Checkpointing and is basically a heavily modified
version of an xvMotion (cross-vCenter vMotion) that never ends and executes many more
checkpoints (multiple/sec).
FT logging (traffic between hosts where primary and secondary are running) is very bandwidth
intensive and will use a dedicated 10G nic on each host. This isnt required, but highly
recommended as at a minimum an FT protected VM will use more . If FT doesnt get the
bandwidth it needs the impact is that the protected VM will run slower.
HOL-SDC-1410-UPD
Page 29
vSphere FT 6.0 New Capabilities
DRS is supported for initial placement of VMs only.
Backing Up FT VMs
FT VMs can now be backed up using standard backup software, the same as all other VMs (FT
VMs could always be backed up using agents). They are backed up using snapshots through
VADP.
Snapshots are not user-configurable users cant take snapshots. It is only supported as part of
VADP.
HOL-SDC-1410-UPD
Page 30
Availability - vSphere Replication
The features on this slide are new in vSphere Replication (VR) 6.0
Compression can be enabled when configuring replication for a VM. It is disabled by
default.
Updates are compressed at source (vSphere host) and stay compressed until written to
storage. This does cost some CPU cycles on source host (compress) and target storage
host (decompress).
Uses FastLZ compression libraries. Fast LZ provides a nice balance between
performance, compression, and limited overhead (CPU).
Typical compression ratio is 1.7 to 1
Best results when using vSphere 6.0 at source and target along with vSphere Replication (VR) 6.0
appliance(s). Other configurations supported - example: Source is vSphere 6.0, target is vSphere
5.5. vSphere Replication Server (VRS) must decompress packets internally (costing VR appliance
CPU cycles) before writing to storage.
With VR 6.0, VR traffic can be isolated from other vSphere host traffic.
At source, a NIC can be specified for VR traffic. NIOC can be used to control replication
bandwidth utilization.
At target, VR appliances can have multiple vmnics with separate IP addresses to separate
incoming replication traffic, management traffic, and NFC traffic to target host(s).
At target, NIC can be specified for incoming NFC traffic that will be written to storage.
The user must, of course, set up the appropriate network configuration (vSwitches, VLANs,
etc.) to separate traffic into isolated, controllable flows.
VMware Tools in vSphere 2015 includes a freeze/thaw mechanism for quiescing certain Linux
distributions at the file system level for improved recovery reliability. See vSphere documentation
for specifics on supported Linux distributions.
Consider taking HOL-SDC-1405 Module 2 to explore VR 6.0 in more detail.
HOL-SDC-1410-UPD
Page 31
VMware vSphere 6 (4:22)

This video highlights some of the new features in vSphere 6.
HOL-SDC-1410-UPD
Page 32
Content Library
A new feature introduced in vSphere 2015 is the Content Library. The Content Library are
container objects for VM templates, vApp templates, ISO images and other files across your
vCloud Suite environment. CvSphere administrators can use the templates in the library to deploy
virtual machines and vApps in the vSphere inventory. Sharing templates and files across multiple
vCenter Server instances in same or different locations brings out consistency, compliance,
efficiency, and automation in deploying workloads at scale.
In this lesson, we will walk through the process of creating a Content Library and synchronizing it
to a second vCenter Server.
Open the vSphere Web Client
If you are not already in the vSphere Web Client, launch the Google Chrome browser from the
Desktop.
The vSphere Web Client login page should appear and tick the 'Use Windows session
authentication' box and click 'Login'.
HOL-SDC-1410-UPD
Page 33
vCenter Inventory Lists
Once logged into the vSphere Web Client, click on 'vCenter Inventory Lists'.
Content Libraries
Now click on the 'Content Libraries' tab.
HOL-SDC-1410-UPD
Page 34
Objects
Finally, click on the 'Objects' tab.

To create a new Content Library, click on the 'Create a New Library' button.
New Library - Name
When the New Library wizard appears, start by naming your Content Library
'StandardVMTemplates' and leave the vCenter Server as vcsa-01a.corp.local.
Click 'Next' to continue.
HOL-SDC-1410-UPD
Page 35
New Library - Configure library
There are two options available when creating a Content Library, a Local content library and a
Subscribed content library.
When you choose a Local content library, it will only be accessible in the vCenter Server where it
is created. By default, it is only available to the account that created it. If you select the option
'Publish content library externally', the Content Library can be shared with other users on the same
or other vCenter Server instances. You also have the option to password protect the Content
Library by selecting the 'Enable authentication option.
The Subscribed content library is used to subscribe to a published Content Library. We will be
using this option later to synchronize the Content Library to the second vCenter Server.
For now, we will create a Local content library.
1. Tick the boxes for both 'Publish content library externally' and 'Enable authentication'.
2. In the Password field, use the password VMware1!
When you have finished, click 'Next'.
HOL-SDC-1410-UPD
Page 36
New Library - Add Storage
Now we need to decide where to place the new Content Library and we have a few options
available to use.
Enter a local file system path or an NFS URL - With this option, we can use the local
storage of the vCenter Server, running either the appliance version or on Windows. If you
are running the appliance version , this can be an NFS mount. If you are running vCenter
Server on Windows, this can be either a path local to the vCenter Server (ie d:\content
library) or a CIFS share (ie \\vc-w12-01a\content library).
Select a Datastore - with this option, we can use a datastore from our vCenter Server
inventory.
Choose the second option, 'Select a Datastore' and select the 'ds-site-a-nfs01' datastore. Click
'Next'.
HOL-SDC-1410-UPD
Page 37
New Library - Ready to complete
Verify your settings and click the 'Finish' button to create the new Content Library.
New Content Library
You should now see the newly create Content Library appear.
HOL-SDC-1410-UPD
Page 38
Adding a VM Template to the Content Library
Now that we have created the Content Library, let's add something to it!
Click on the Home icon and select 'VMs and Templates'.
HOL-SDC-1410-UPD
Page 39
Clone Template to Library
Right-click on the linux-micro-02a template and select the 'Clone to Library' option.
HOL-SDC-1410-UPD
Page 40
Adding Template to Library
Under the Filter tab, select the Standard VM Templates content library and click OK.
HOL-SDC-1410-UPD
Page 41
Open the Tasks Console
Let's monitor the progress by opening the Tasks Console.

Click on the Home icon and select Tasks.
Progress...
You can follow the progress of the task in the Tasks Console. You can see the Template was
cloned to an OVF package, Exported as an OVF template, then transfer to the Content Library.
HOL-SDC-1410-UPD
Page 42
Verify the template was added
Now we'll verify the VM Template was added to the library.

Select the 'vCenter Inventory Lists' tab.
Content Libraries
Next select the 'Content Libraries' tab.
HOL-SDC-1410-UPD
Page 43
Open the Content Library
Finally, click on the 'Standard VM Templates' content library.
Template Added
Here we can see the template that we just cloned to the content library.
HOL-SDC-1410-UPD
Page 44
Synchronizing Content to another vCenter Server
Now that we have content to share, let's synchronize it with the second vCenter Server.
Click the Content Libraries back button.
Edit Settings...
Right click on the 'StandardVMTemplates' content library and select 'Edit Settings...'
HOL-SDC-1410-UPD
Page 45
Copy URL
In the Edit Library window, click the 'Copy Link' button next to the subscription URL and click OK.
We will need this when we setup the synchronization to the other vCenter Server.
Home
Click on the Home icon and select Hosts and Clusters.
HOL-SDC-1410-UPD
Page 46
Select vcsa-01b.corp.local
Select the second vCenter Server, 'vcsa-01b.corp.local' and click the Content Libraries tab. you
may have to scroll a bit to the right to see it.
Create New Library
To add the new content library, click the 'Create New Library' button.
HOL-SDC-1410-UPD
Page 47
New Library - Name
Name your new library 'vcsa-01a-Templates'.

In the vCenter Server drop down box, select 'vcsa-01b-corp,local' and click 'Next'.
New Library - Configure Library
This time we will select the 'Subscribed content library' button.

Click the mouse in the Subscribed content library field and press Ctrl+V on the keyboard to paste
the URL.
We also set a password on the Content Library, so you will need to tick the 'Enable authentication'
box and enter VMware1! as the password.
HOL-SDC-1410-UPD
Page 48
Now we have a choice to make as to how much on the content we download.

Download all library content immediately - with this option, all the content from the
library will be download to the new content library. All items will be available immediately.
Download library content as needed - this option is useful if some of the items in the
catalog may not be needed or you need to save space. When you need an item from the
content library, you will need to synchronize it manually. You can choose to synchronize
an individual item or the entire catalog.
Let's synchronize all the library content immediately by selecting the 'Download all library content
immediately' radio button (if not already selected).
Click 'Next'.
New Library - Add storage
We have the same options here as we did when we created the first content library. Let's stick
with the datastore option.
Choose the 'Select a datastore' radio button and then select the 'ds-site-b-nfs01' datastore.
HOL-SDC-1410-UPD
Page 49
New Library - Ready to complete
Verify things look good and click 'Finish' to synchronize the content library to vcsa-01b.corp.local.
Newly created Content Library
In a few seconds, you will see your new Content Library appear!
HOL-SDC-1410-UPD
Page 50
Monitor the task
Open the Tasks console by selecting the Home icon and then choose Tasks.
Tasks Console
You can see in the Tasks Console the Content Library being created and then synchronized.
You may need to click the refresh button to see an update.
HOL-SDC-1410-UPD
Page 51
Deploy a VM from the Sync'd Library
Now that we have the Content Library sync'd to the the second vCenter Server, let's deploy a VM
from it.
Start by clicking the Home icon and select Hosts and Clusters.
Open the Content Library on vcsa-01b.corp.local
Click on vcsa-01b.corp.local and make sure you are on the Related Objects tab. Again, you may
have to scroll over the right to see the Content Library tab, but click on it, then click on vcsa-01aTemplates.
HOL-SDC-1410-UPD
Page 52
Click on Templates
Click on the Templates tab to view the available Templates.
Right-click on linux-micro-02a
Right-click on linux-micro-02a and select New VM from This Template.
HOL-SDC-1410-UPD
Page 53
Select a Name and Location
Name your new VM 'linux-micro-03a' and select Datacenter Site B.

Click Next.
Select a Resource
Click on Cluster Site B, then click Next.
HOL-SDC-1410-UPD
Page 54
Review Details
Click Next on the Review Details Page.
Select Storage
In the Select virtual disk format, select 'Thin provision' from the drop-down menu. Also, make sure
you ds-site-b-nfs01 is selected as the datastore.
Depending on what modules in this lab you have completed previously, you may see additional
datastores.
Click Next.
HOL-SDC-1410-UPD
Page 55
Select Networks
Leave the default VM network selected and click Next.
Ready to Complete
Review your settings and click Finish to deploy the new VM!
HOL-SDC-1410-UPD
Page 56
Monitor the task
Open the Tasks console by selecting the Home icon and then choose Tasks.
Monitor Progress
You can monitor the progress of the new virtual machine being created.
When all tasks have been completed successfully, you may proceed to the next step.
HOL-SDC-1410-UPD
Page 57
VMs and Templates
Click on the Home icon and select VMs and Templates.
HOL-SDC-1410-UPD
Page 58
New VM Created
Expand vcsa-01b.corp.local and Datacenter Site B and you see your newly created VM!
Are you up for a challenge?
If you are up for a challenge, why not see if you can add the TinyLinux-1 VM to the
StandardVMTemplates Content Library by taking a clone of it. You can then synchronize it the
vcsa-01a-Templates Content Library. The only trick here is that you will need to manually
synchronize the library. The Content Libraries do synchronize, but on regular intervals of 6 hours.
The screen shot above shows the Synchronize Library button that will need to be clicked after the
clone is added to the StandardVMTemplates Content Library in order to manually synchronize it to
the vcsa-01a-Templates Content Library.
HOL-SDC-1410-UPD
Page 59
Conclusion
This concludes this lesson.
HOL-SDC-1410-UPD
Page 60
Migrating a Virtual Machine between Two vCenters

vMotion has been a standard feature of VMware virtual infrastructure since early 2004. Migrating
a powered-on VM between different vCenters while preserving network connectivity was
introduced in 2015 with vSphere 6.
Let's take a look around.

1. Select "Use Windows session authentication".
2. Click the "Login" button.
This will pass through your current credentials (CORP\Administrator) to the Platform Services
Controller for confirmation that you are allowed to access the system and your assigned roles.
Notice that the login proceeds immediately with vSphere 6.
HOL-SDC-1410-UPD
Page 61
A Familiar View
Feel free to click the push pins for the "Alarms", "Work In Progress" and "Recent Tasks" panes.
This will give you a little more room to work. You open the pane by clicking on the closed pane
and then re-close it by clicking on the closed pane button again.
Click on "Hosts and Clusters".
Focus on linux-micro-01a
Expand both vCenter inventories. The linux-micro-01a virtual machine should be powered on. If
not, please power it on.
HOL-SDC-1410-UPD
Page 62
Review the virtual network adapter connection
Expand the "VM Hardware" pane. Notice that a single virtual network adapter is connected to the
"VM Network" portgroup which is on virtual Standard Switch. Click on the "VM Network" link.
Review the networks in the data centers
Expand the network inventories in both vCenters. There is a virtual Distributed Switch in both data
centers as well as the standard switch. We will migrate the linux-micro-01a VM from the Standard
Switch on esx-01a Site A to the Distributed Switch in Site B.
HOL-SDC-1410-UPD
Page 63
Click the "Recent Objects" control to return to the linux-micro-01a

VM
Simply highlight "linux-micro-01a" and click to return to this recently viewed object. This is a new
time-saver in the vSphere 6 Web Client.
HOL-SDC-1410-UPD
Page 64
Prepare to test networking during the migration
1. Open the Windows Start menu.

2. Click the "ping-linux-micro-01a" short cut.
HOL-SDC-1410-UPD
Page 65
Verify the continuous ping to linux-micro-01a
After the ping has started, minimize the Windows command window. The continuous ping will
verify network connectivity during the cross-vCenter vMotion.
HOL-SDC-1410-UPD
Page 66
Prepare to test networking even further
Open PuTTy from the Windows start bar along the bottom.
1. Select "linux-micro-01a.corp.local"
2. Press the "Load" button
3. Press the "Open" button
Login proceeds
Public key SSH authentication is set up so no password is required.
HOL-SDC-1410-UPD
Page 67
Test networking from the VM
Let's start a continuous ping to Control Center from the VM we will be migrating.
Enter 'ping 192.168.110.10'.
Now you are ready to migrate.
Migrate the VM
Minimize the current PuTTy session (don't close it!) and go back to the vSphere Web Client.
Right click on the 'linix-micro-01a' VM and select 'Migrate'.
HOL-SDC-1410-UPD
Page 68
Select the migration type
When the Migrate Wizard appears, select "Change both compute resource and storage'. Leave
the default option of 'Select compute resource first' selected.
Click 'Next'.
Select compute resource
Expand vcsa-01b.corp.local and select 'Cluster Site B' and click 'Next'.
HOL-SDC-1410-UPD
Page 69
Select storage
On the next screen, you can leave the defaults selected. Just click 'Next' to continue.
Select folder
Place the VM in Datacenter Site B by selecting it and click 'Next' to continue.
HOL-SDC-1410-UPD
Page 70
Select network
You may click 'Next' to continue. Remember that the target "VM Network" at Site B is a distributed
port group and the Distributed Virtual Switch and the VM is currently connected to a Virtual
Standard Switch on esx-01a in Site A.
Select vMotion priority
You can leave the default setting and click 'Next'.
HOL-SDC-1410-UPD
Page 71
Ready to complete
Verify your settings and click 'Finish' to migrate the VM.
HOL-SDC-1410-UPD
Page 72
Monitor Ping
Switch back to the PuTTy session and Command prompt and watch the pings. You may see a
packet drop or a slightly longer delay during the vMotion cut over. Notice that Layer 2 networking
for the VM Network is stretched between the two sites and that the VM retains its IP address when
it migrates between sites.
HOL-SDC-1410-UPD
Page 73
Back in the vSphere Web Client
Go back to the vSphere Web Client and you should now see the 'linux-micro-01a' VM running in
Cluster Site B.
Monitor linux-micro-01a
Click on 'linux-micro-01a' and select the Monitor tab, then Events.

You will notice that all the events for the VM were carried over as it moved to the new vCenter
Server. This is also true for any of the performance data.
HOL-SDC-1410-UPD
Page 74
Check the VM network configuration
Click on the "VM Network" link as before.
Network migration complete
Click on "Related Objects". Notice that "linux-micro-01a" is now connected to the "VM Network"
port group on the "vds-site-b" Virtual Distributed Switch. It was migrated from a Virtual Standard
Switch on Site A.
HOL-SDC-1410-UPD
Page 75
Review vmkernel networking
1. Click on the "Hosts and Clusters" icon.

2. Select "esx-01b.corp.local"
3. Open the "Manage" tab
4. Select "Networking"
5. Click on "TCP/IP configuration"
Notice that new with vSphere 6, multiple TCP/IP stacks are provided for vmkernel ports. The
"vMotion" TCP/IP stack is using a different default gateway address than the default TCP/IP stack
which is used for the management network.
Feel free to check a vSphere 6 host on Site A and compare vmkernel TCP/IP configurations.
In order to accomplish vMotion from the Site A vCenter to the Site B vCenter, vMotion traffic was
routed between the sites. We simulated two sites in this vMotion exercise to show the flexibility of
this new capability. In real life, the VM's layer 2 network must be stretched and 100ms RTT or less
must be maintained on the vMotion network.
HOL-SDC-1410-UPD
Page 76
Lesson Cleanup - PuTTy
Go back to the PuTTy session and press Ctrl+C to end the ping. Next type in 'exit' to terminate the
PuTTy session.
Lesson Cleanup - Command Prompt
Now go back to the Command Prompt and press Ctrl+C to end the ping. Type 'exit' to close the
Command Prompt.
Conclusion
Cross vCenter vMotion is a powerful new capability with a number of use cases. It could be used
to migrate between legacy Windows vCenter and a new vCenter appliance or anytime if makes
sense to migrate VMs to a completely new set of virtual infrastructure. And of course it can be
used to migrate VMs between data centers for planned maintenance or other business purposes.
HOL-SDC-1410-UPD
Page 77
vSphere Web Client Enhancements

vSphere Web Client includes significant performance and usability improvements.
The performance improvements include login times that are up to 13 times faster, right-click
menus that are visible and usable four times faster, and other actions that are now at least 50
percent faster. This puts vSphere Web Client on a par with the standalone VMware vSphere
Client.
Let's take a look at some of the new usability improvements made to the vSphere Web Client.
Launch Google Chrome
From the desktop, launch the Google Chrome browser.
HOL-SDC-1410-UPD
Page 78
Login to the vSphere Web Client
Login to the vSphere Web Client by ticking the 'Use Windows session authentication' and click the
Login button.
You may notice how quickly the login process is compared to earlier versions of the vSphere Web
Client.
Home Drop-down Menu
The first usability update we'll look at is the new Home drop-down menu. Near the top of the
browser, click the Home icon.
HOL-SDC-1410-UPD
Page 79
With this new drop-down menu, you can easily access any area of the vSphere Web Client from
any screen.
Click on 'Hosts and Clusters'.
Expand vcsa-01a.corp.local
Use the twist arrow to expand vcsa-01a.corp.local until you can see the two hosts and virtual
machines.
HOL-SDC-1410-UPD
Page 80
Right-click on esx-01a.corp
Another usability enhancement is the right-click actions.

Try this by right-clicking on 'esx-01a.corp.local'. The first thing you should notice is that the menu
itself appears much faster.
The second thing to notice is the menu items are no more than one layer deep. This helps to
avoid searching through multiple layers of menus to find the task you need.
Recent Tasks Pane
At the bottom of the Navigator, you will now see a link for Recent Tasks. Click on it to open up the
Recent Tasks pane.
HOL-SDC-1410-UPD
Page 81
Recent Tasks
In the Recent Tasks pane, you will find the most recent tasks, updated in real time making it easier
to view. In the Recent Tasks pane, you have the ability to:
1. Pin the Recent Tasks pane to another part of the vSphere Web Client (more in this later!).
2. View additional tasks.
3. Hide the Recent Tasks pane.
Docking the Recent Tasks Pane
If you click on the Thumbnail in the Recent Tasks pane, it will dock it to the bottom of the vSphere
Web Client.
Click on the Thumbnail to give it a try.
HOL-SDC-1410-UPD
Page 82
Customizing the UI
You can also move the Recent Tasks pane (or any other pane) by clicking and dragging the pane
on the title bar.
Left-click and drag anywhere on the Recent Tasks title bar. You'll notice four areas indicating
where you can dock the Recent Tasks pane. Let's move it over the right side by dragging it in the
direction of the right arrow. Move your mouse to the two blue arrows to the right until that side of
the screen turns blue, then click your mouse to move the pane there.
HOL-SDC-1410-UPD
Page 83
Resizing the Pane
You do have the ability to re-size the pane by clicking in the empty space between panes and
dragging it in the desired direction.
HOL-SDC-1410-UPD
Page 84
Move it Back!
In its current position, most of the useful information the Recent Tasks pane provides is cut off.
Let's move it back to its original location on the bottom of the screen by clicking the Recent Tasks
title bar and dragging it to the bottom.
HOL-SDC-1410-UPD
Page 85
That's Better!
This layout seems to work better for me, but it is subject to personal preference which is one of the
best parts of the vSphere Web Client, being able to customize it to how it works best for you.
Lesson Clean Up
To prepare for the next lesson, click on the thumbnail to hide the Recent Tasks pane back to the
bottom of the vSphere Web Client. This will give us more real estate for the lessons that follow. If
the Recent Tasks pane is needed, the lesson will guide you to it.
HOL-SDC-1410-UPD
Page 86
ESXi Security Enhancements

New security features have been implemented in vSphere 2015 and this lesson will focus
specifically on updates to ESXi.
Some of the new updates worth mentioning are:
Account Management
ESXi 6.0 enables management of local accounts on the ESXi server, using new ESXCLI
commands. The ability to add, list, remove, and modify accounts across all hosts in a cluster can
be centrally managed using a vCenter Server system. Previously, the account and permission
management functionality for ESXi hosts was available only with direct host connections. Setting,
removing, and listing local permissions on ESXi servers can also be centrally managed.
Account Lockout
There are two new settings available in ESXi Host Advanced System Settings for the management
of local account failed login attempts and account lockout duration. These parameters affect SSH
and vSphere Web Services connections but not DCUI and console shell access.
These Advanced Settings can be found at the ESXi host level and are:
Security.AccountLockFailures - Maximum number of failed login attempts before the user's
account is locked. By default, this setting is 10.
Security.AcountUnlockTime - Number of seconds that user is locked out. By default, this
setting is 120 seconds (2 minutes).
Password Complexity Rules
In previous versions of ESXi, password complexity changes had to be made by hand-editing the/
etc/pam.d/passwd file on each ESXi host. In vSphere 6.0, this has been moved to an entry in Host
Advanced System Settings, enabling centrally managed setting changes for all hosts in a cluster.
Use caution when editing this setting, the settings here are used for PAM's configuration file.
The Advanced Setting can be found at the ESXi host level and is:
Security.PasswordQualityControl
Flexible Lockdown Modes
Prior to vSphere 6.0, there was one lockdown mode. Feedback from customers indicated that this
lockdown mode was inflexible in some use cases. With vSphere 6.0, the introduction of two
lockdown modes aims to improve that.
The first mode is normal lockdown mode. The DCUI access is not stopped, and users on the
DCUI.Access list can access DCUI. The second mode is strict lockdown mode. In this mode,
DCUI is stopped.
There is also a new functionality called Exception Users. These are local accounts or Microsoft
Active Directory accounts with permissions defined locally on the host where these users have
HOL-SDC-1410-UPD
Page 87
host access. These Exception Users are not recommended for general user accounts but are
recommended for use by third-party applicationsService Accounts, for examplethat need
host access when either normal or strict lockdown mode is enabled. Permissions on these
accounts should be set to the bare minimum required for the application to do its task and with an
account that needs only read-only permissions to the ESXi host
Smart Card Authentication to DCUI
This functionality is for U.S. federal customers only. It enables DCUI login access using a
Common Access Card (CAC) and Personal Identity Verification (PIV). An ESXi host must be part
of an Active Directory domain.
In this lesson, we will take a close look at the improved auditing feature in ESXi.
Improved Auditing in ESXi

In prior versions of vSphere, it was difficult to track accountability for actions vCenter Server
performed on an ESXi host. Any action vCenter performed against an ESXi host would be
captured in log files, however it would only list the account vCenter used to communicate with the
ESXi host, vpxuser. One of the new enhancements to vSphere 2015 is the ability to log the user
that performed the action in vCenter against an ESXi host.
In this lesson we will enable a service on an ESXi host and review the log files to see this
information being captured.
Launch the Vsphere Web Client
If you are not already in the vSphere Web Client, launch the Google Chrome Browser from the
Desktop. You should automatically be redirected to the vSphere Web Client login page.
HOL-SDC-1410-UPD
Page 88
Tick the 'Use Windows session authentication' box and click the 'Login' button.
Hosts and Clusters
At the Home page, click the Hosts and Clusters icon.
HOL-SDC-1410-UPD
Page 89
Select esx-01a.corp.local
In the Navigator, select 'esx-01a.corp.local'.

Next, click on the Manage tab and then make sure you are in the Settings tab and click Security
Profile.
HOL-SDC-1410-UPD
Page 90
Scroll down to Services
You will need to scroll down in the center pane until you see the Services section and click the Edit
button.
HOL-SDC-1410-UPD
Page 91
CIM Server
Scroll down until you see the CIM Server service and click on it.
Click the Start button.
HOL-SDC-1410-UPD
Page 92
Wait for the CIM Server to start...
Once you see the CIM Server service update to Running, click OK.
Open a PuTTy Session
From the Taskbar, click on the PuTTy icon.
HOL-SDC-1410-UPD
Page 93
Open esx-01a.corp.local
Click on esx-01a.corp.local and click the Open button.
cd /var/log
You should be automatically logged into the ESXi host.

At the command prompt, enter:
cd /var/log
And press the Enter key.
HOL-SDC-1410-UPD
Page 94
Maximize the Window
To better view the log file, maximize the PuTTy window.
Search the vpxd.log file
We will use the grep command to search for the string 'ServiceSystem.start". This string appears
in the hostd.log file anytime a Service is started on an ESXi host.
Type the following command and press the Enter:
grep "ServiceSystem.start" hostd.log
Search Results
In the search results we can see that a service was started and it was initiated by vpxuser on
behalf of CORP\Administrator.
HOL-SDC-1410-UPD
Page 95
End the PuTTy Session
Type 'exit' to terminate the PuTTy session.
vSphere Web Client
Back in the vSphere Web Client, click on the Edit button in the Services section.
HOL-SDC-1410-UPD
Page 96
Stop the CIM Server service
You will need to scroll down in order to see the CIM Server. Once you find it, click on CIM Server.
You may have to click the triangle next to Service Details, then click the Stop button.
Click Yes to confirm you want the to stop the service.
HOL-SDC-1410-UPD
Page 97
Exit the Security Profile window
Once the service has stopped, click OK to close the Security Profile window.
Conclusion
This concludes the lesson on ESXi Security Enhancements.
HOL-SDC-1410-UPD
Page 98
vSphere SSL Certificates

Secure communication between components of a distributed system is critical to preserving
integrity of the system as a whole. vSphere components use Secure Sockets Layer (SSL) to
communicate securely with one other and with ESXi hosts. SSL is a standard for creating an
encrypted link between two devices. Communications secured in this manner ensure both data
confidentiality and integrity; data is protected, and cannot be modified in transit without detection.
vCenter Server services like the Web Client use their certificates for the initial authentication to
vCenter Single Sign-On (SSO). SSO then assigns each component a SAML token that the
component uses for ongoing authentication.
Security Warning!
Just about every vSphere administrator is familiar with the Security Warning dialog that shows up
when the vCenter C# client is loaded. Initially, most vSphere components use what is known as a
self-signed certificate. This provides an encrypted connection but does not guarantee that the host
receiving the data is the one you think it is.
HOL-SDC-1410-UPD
Page 99
Privacy Error!
Web browsers are becoming increasingly paranoid about the certificates that are trusted by
default. These messages can be scary, but the hoops you need to jump through to accept the
potentially unsafe communication can be really annoying. The bottom line is that you don't know,
so you have to assume the worst. Nobody wants to be the target of a lawsuit.
The Certificate Authority
Some people have resigned themselves to clicking the Ignore button every time they need to login
to vCenter. Others have worked around the system by explicitly trusting the presented certificates
HOL-SDC-1410-UPD
Page 100
for each device on every machine they use. That is operationally intensive and frequently
infeasible, depending on the number of devices and certificates in play.
This is where the Certificate Authority (CA) can be very helpful. With one of these in place, every
certificate issued by the trusted authority is automatically trusted via the chain of trust built during
its integration: you trust the CA-issued certificates because the trusted CA tells you that they are
good. Secure communication with no more warnings!
There are many public CAs out there that will sell certificates to you, but purchasing a certificate
for each component/service is costly and unnecessary. Creating and managing your own
Enterprise Certificate Authority is not a trivial undertaking, but setting one up just to secure
communication between vSphere components might be overkill.
Even with a basic CA in place, the complexity involved with replacing all of the vSphere 5.x service
certificates is about as pleasant as getting a root canal or sitting through a certification exam!
Thankfully, this process has been greatly improved in vSphere 6.
Introducing the VMware Certificate Authority

In vSphere 6.0 and later, the VMware Certificate Authority (VMCA) issues certificates for VMware
solution users, machine certificates for machines on which services are running, and ESXi host
certificates.
There are three different modes of operation for the VMCA, each with specific use cases,
described below. Note that VMCA is not a general purpose CA and its supported use is limited to
VMware components.
Default VMCA: VMCA uses a self-signed root certificate. It issues certificates to vCenter, ESXi,
service users, etc. and manages these certificates. These certificates have a chain of trust that
stops at the VMCA root certificate.
Enterprise VMCA: VMCA is configured as a subordinate CA and is issued subordinate CA
signing certificate by an Enterprise Root CA. In this configuration, issued certificates have a chain
of trust that terminates on the Enterprise CAs root certificate. Certificates issued using the default
VMCA configuration, prior to replacing the VMCAs self-signed root certificate with a CA signing
cert will be regenerated and pushed out to the components.
Custom: This configuration completely bypasses the VMCA and is only intended for those
customers that want to completely manage their own certificates. A certificate will need to be
generated and installed manually (or via some external automated process) for each component,
similar to the process used for managing CA-issued certificates in vSphere 5.x.
Note that in Default and Enterprise modes VMCA certificates can be easily regenerated on
demand. In the Custom mode, you must ensure that the certificates are generated through some
other process.
HOL-SDC-1410-UPD
Page 101
What does this look like?
In the lab, we are using the default VMCA configuration and have added the root VMCA certificate
to the local machine's Trusted Root Certification Authorities store in Windows. This is used by
Internet Explorer, Chrome, and the VMware C# Client.
Open the Trusted Root Certificates link (1) from the Desktop and locate the certificate (2) that was
Issued to CA and by CA. This is the VMCA's root certificate. You may also notice that there is a
CONTROLCENTER-CA certificate in this list. This is the CA that runs on the ControlCenter
machine in the labs and can be used to issue certificates to machines and services that are not yet
integrated with the VMCA.
You may see two entries for each of these CAs. There is no harm in this and is the result of a
Group Policy that is in effect to automatically add these two certificates to the Trusted Root
Certification Authorities store for any Windows machine that joins our CORP domain.
Certificate Management for ESXi Hosts
In vSphere 6, certificate management for ESXi hosts is performed from the vSphere Web Client.
Launch Firefox using the icon on the desktop or task bar. The Site A Web Client should load
automatically when Firefox opens
HOL-SDC-1410-UPD
Page 102
1. Click the Use Windows session authentication checkbox

2. Click Login
Go to Hosts and Clusters View
In the Navigator pane on the left, click on the Hosts and Clusters link (1) to open that view of the
inventory.
Checking ESXi host's Certificate
1. Select the esx-01a.corp.local host in the inventory list

2. Click on the Manage tab
3. Click on the Certificate section
HOL-SDC-1410-UPD
Page 103
Notice that the host's SSL certificate details are displayed, including the status, issuer, and
expiration date.
Reissuing an ESXi host's SSL Certificate
1. Renewing the certificate for the esx-01a.corp.local host from this screen is as simple as
clicking the Renew button and answering Yes to the confirmation prompt.
2. From a screen where the host object is visible, it is also possible to right-click on the host
object and navigate to Certificates > Renew Certificate to achieve the same result. This
option is especially useful for renewing certificates for many hosts at once because it
supports multiple selection.
Choose one of these methods and renew the certificate for the esx-01a.corp.local host.
Notice that the Valid from and Valid to dates update to reflect today and 5 years from today,
respectively. This is the default lifetime for VMCA certificates.
HOL-SDC-1410-UPD
Page 104
vCenter Certificate Management Settings
Out of the box, the certificates issued to hosts use certificates that are valid for 5 years. We would
like certificates that are valid for 10 years -- I don't like to keep checking. The parameters for host
certificates are stored inthe vCenter Advanced Settings.
1.
2.
3.
4.
5.
Select the vCenter Server vcsa-01a.corp.local

Click on the Manage tab
Click Settings
Click Advanced Settings
Enter "certs" into the Search box
The parameter to edit is vpxd.certmgmt.certs.daysValid. This parameter has a valid range of 1

to 5,475 (~15 years).
Click the Edit button to bring up the Advanced Settings Editor.
HOL-SDC-1410-UPD
Page 105
Change validity period of host certificates
This window can be used to edit all of the Advanced Settings.

1. Enter "daysValid" into the Filter box to filter the list.
2. Highlight 1825 and replace it with 3650 to change from 5 to 10 years.
3. Click the OK button to save the change
HOL-SDC-1410-UPD
Page 106
Enact the change on the esx-01a.corp.local host
Making the change to 10-year certificates does not cause them to automatically regenerate.
1. Click on the esx-01a.corp.local host in the inventory list and navigate to the Manage >
Settings > Certificate area, as before.
2. Note the current "Valid to" date, which should be roughly 5 years away.
3. Click the Renew button (1) and wait for the screen to refresh-- it should happen
automatically
4. Notice that the "Valid to" date (2) is now ~10 years away from today.
If required, this procedure can be used to change the default Organization (VMware),
Organizational Unit (VMware Engineering), State (California), Locality (Palo Alto), Country (US),
and Administrator Email address fields that are part of these host certificates.
Note that this is much simpler than the previous method of using WinSCP to copy rui.key and
rui.crt files to and from ESXi hosts after generating certificate requests by hand and fulfilling them
from an external CA. In addition, the VMCA keeps track of the expiration dates for these
certificates and will apply the Yellow and Red badges to the host objects to indicate that they are
nearing the end of their validity period.
HOL-SDC-1410-UPD
Page 107
Viewing vCenter Certificates with the Web Client
It is possible to view all certificates issued by the VMCA by logging in with the Web Client as a
user with privileges for VMware Certificate Authority. This is a user that is a member of the
CAAdmins vCenter Single Sign-On group. By default, the SSO administrator has this access.
1. If you are currently logged in as another user in the Web Client, click on your user name
and select Logout
2. At the login screen, enter the User name administrator@vsphere.local and password
VMware1!
3. Click the Login button
Navigate to Administration
In the Navigator, click on Administration
HOL-SDC-1410-UPD
Page 108
Locate System Configuration
Near the bottom of the Administration list in the Navigator, find System Configuration under
Deployment. In the screen shot, the other sections have been collapsed to save space.
Open the Certificate Authority
1. Click on the Nodes item under System Configuration

2. Select the psc-01a.corp.local node. In the lab, we have two vCenter Server appliances
and an external Platform Services Controller (PSC). The VMCA is a component of the
PSC.
3. Click the Manage tab
4. Select Certificate Authority
As an added measure of security, it is required to enter the current user's password once again to
browse the CA.
Click on the Verify Password link in the middle of the Certificate Authority panel and enter the
password VMware1! when prompted.
HOL-SDC-1410-UPD
Page 109
Browse Active Certificates
1. Click on Active Certificates to get a list of all currently active certificates. You can also list
Revoked and Expired certificates here, but there are none in this lab.
2. Scroll to the bottom of the list and click on the last certificate
3. If you have completed previous exercises in this section, notice that the "Valid To" date of
the latest certificate is ~10 years from today.
4. Due to the small size of the console screens in the lab environment, it may be difficult to
see details of the certificates in this table view. Click on the Certificate icon (4) to open a
more detailed view of the selected certificate.
Note that the green check marks next to the "Valid To" dates mean that the certificates are within
their validity period and have not expired.
HOL-SDC-1410-UPD
Page 110
Show Certificate Details
This screen shows more detailed information about the 10-year certificate that was issued in an
earlier exercise -- or whichever certificate was selected in the main table view. Note that this
information is read-only and intended for reference purposes only.
On smaller screens, the OK button may be drawn off the bottom of the screen. Double-click on the
title bar of this dialog (1) to resize it and display the buttons. Click OK or Cancel depending on
your preference; they serve the same purpose here.
Log out
This concludes the module.

1. Click on the name of the logged-in user, Administrator@VSPHERE.LOCAL
2. Click Logout
HOL-SDC-1410-UPD
Page 111
Conclusion
Secure Sockets Layer (SSL) allows secure communication, but management of the required
enterprise trust infrastructure, commonly known as a Public Key Infrastructure (PKI), requires
more than a passing understanding of the complexities involved.
vSphere 6 includes a more limited and focused PKI that has been configured for use specifically
by vSphere components. This infrastructure has been made simpler to manage than a general
purpose PKI due to its more targeted use case: communication between various and well-defined
components of the distributed vSphere environment.
For those who are experienced with PKI concepts and already have an Enterprise deployment,
VMware has provided the capability to integrate the new vSphere-specific CA with an existing PKI
for simpler management. If corporate policy requires, it is also possible for the existing enterprise
PKI to manage all certificates required by the vSphere components.
HOL-SDC-1410-UPD
Page 112
Network I/O Control Enhancements (NIOC)

vSphere Network I/O Control version 3 introduces a mechanism to reserve bandwidth for system
traffic based on the capacity of the physical adapters on a host. It enables fine-grained resource
control at the VM network adapter level similar to the model that you use for allocating CPU and
memory resources.
Models for Bandwidth Resource Reservation
Network I/O Control version 3 supports separate models for resource management of system
traffic related to infrastructure services, such as vSphere Fault Tolerance, and of virtual machines.
The two traffic categories have different natures. System traffic is strictly associated with an ESXi
host. The network traffic routes change when you migrate a virtual machine across the
environment. To provide network resources to a virtual machine regardless of its host, in Network
I/O Control you can configure resource allocation for virtual machines that is valid in the scope of
the entire distributed switch.
Bandwidth Guarantee to Virtual Machines
Network I/O Control version 3 provisions bandwidth to the network adapters of virtual machines by
using constructs of shares, reservation and limit. Based on these constructs, to receive sufficient
bandwidth, virtualized workloads can rely on admission control in the vSphere Distributed Switch,
vSphere DRS and vSphere HA.
Network I/O Control Version 2 and Version 3 in vSphere 6.0
In vSphere 6.0, version 2 and version 3 of the Network I/O Control capability can coexist. The two
versions implement different models for allocating bandwidth to virtual machines and system
traffic. In Network I/O Control version 2, you configure bandwidth allocation for virtual machines at
the physical adapter level. In contrast, version 3 lets you set up bandwidth allocation for virtual
machines at the level of the entire distributed switch.
When you upgrade a distributed switch, the Network I/O Control is also upgraded to version 3
unless you are using features that are not available in Network I/O Control version 3, such as CoS
tagging and user-defined network resource pools. In this case, the difference in the resource
allocation models of version 2 and version 3 does not allow for non-disruptive upgrade. You can
continue using version 2 to preserve your bandwidth allocation settings for virtual machines, or
you can switch to version 3 and tailor a bandwidth policy across the hosts connected to the switch.
In this lesson, we will walk through the steps needed to configure Network I/O Control at the vNIC
level.
HOL-SDC-1410-UPD
Page 113
Open the Google Chrome Browser
If you do not already have the vSphere Web Client running, open the Google Chrome browser
from the desktop.
Login to the vSphere Web Client by ticking the box for 'Use Windows session authentication' and
click the Login button.
Select Networking
First, let's verify we are the vDS we want to use is running NIOC version 3 and is enabled.
Start by clicking the Networking icon.
HOL-SDC-1410-UPD
Page 114
Expand vcsa-01a.corp.local
Expand vcsa-01a.corp.local until you can see the distributed switch vds-site-a.
Edit Settings
Click on vds-site-a, then click on the Settings tab. Finally make sure you are on the Properties
tab.
We can see that Network I/O Control is enabled on the distributed switch.
Note: If it were not enabled, you would just need to click the Edit button, select Enable in the
Network I/O Control drop-down box and click OK.
HOL-SDC-1410-UPD
Page 115
Verify the Network I/O Control Version
Now let's see what version of Network I/O Control we are running.
Click on the Resource Allocation tab. You may have to unpin the Navigation pane to see this.
Here you can see that we are running version 3, which is the required version for NIOC at the
vNIC level.
Note: If the distributed switch was running an earlier version of NIOC, you just need to right-click
on the distributed switch in the Navigation pane and select 'Upgrade--> Upgrade Network I/O
Control...'.
Configure Bandwidth Allocation
Much like virtual machine CPU and Memory reservations and limits, we will need to create them
for networking. In our case, since we want to reserve bandwidth for virtual machines, we'll modify
the reservations for virtual machine traffic.
HOL-SDC-1410-UPD
Page 116
Start by clicking on 'Virtual Machine Traffic' in the traffic types list and clicking the Edit button.
Reservation
In the Reservation box, type '2000' to reserve 2,000Mbs bandwidth for Virtual Machine traffic.
Leave all other settings to their defaults.
Click OK to continue.
Reservation Set
Once you click OK, you will notice even though we have set a reservation of 2,000Mbs for virtual
machine traffic, it is not showing up under the Reservation Column. This is because we have just
set the Reservation and not actually reserved it for a virtual machine.
HOL-SDC-1410-UPD
Page 117
Show the Navigation Bar (if you unpinned it).
Click on the Navigation link on the left hand side, if you unpinned it earlier.
Pin the Navigation Bar
Now click the thumbnail so it points down. This will pin the navigation bar back in place.
HOL-SDC-1410-UPD
Page 118
Select Hosts and Clusters
From the Home menu, select Hosts and Clusters.
Clone TinyLinux-01
So we don't interfere with other lessons you may want to take, let's clone linux-micro-01a.
Right-click on 'TinyLinux-01' and select Clone --> Clone to Virtual Machine...
HOL-SDC-1410-UPD
Page 119
Name your VM
Name your VM linux-nioc-01a and accept the default location of Datacenter Site A for the location.
Click Next to continue.
HOL-SDC-1410-UPD
Page 120
Select Cluster Site A
Place the VM on Cluster Site A by clicking on it.
HOL-SDC-1410-UPD
Page 121
Accept Default Storage
Just click Next for the storage selection.
Un-check All Boxes
Make sure to un-check all the boxes before clicking Next.
HOL-SDC-1410-UPD
Page 122
Ready to Complete
Verify the settings look correct and click Finish to clone the VM.
It should only take a minute to perform the clone operation. You can track the progress by clicking
on the Recent Tasks link in the bottom left corner of the vSphere Web Client.
HOL-SDC-1410-UPD
Page 123
Edit the VM Settings
Right-click on the newly cloned VM, linux-nioc-01a and select Edit Settings...
Expand Network Adapter 1
Expand out Network adapter 1 and you will notice some new options. Now we can set how much
bandwidth to reserve for this specific vNIC on the virtual machine.
Let's give it all 1,000Mbs of the 2,000Mbs reservation we set.
Type 2000 in the Reservation box. Click OK.
Note: If you don't see this box, make sure you connected Network adapter 1 to VM Network (vdssite-a).
HOL-SDC-1410-UPD
Page 124
Viewing Reservation
You can now see the reservation is set so that this virtual machine's network adapter will have a
reserved 2,000Mbs of bandwidth.
HOL-SDC-1410-UPD
Page 125
Lesson Clean Up
Feel free to explore other options with NIOC. When you are finished with this lesson, please
delete the linux-nioc-01a virtual machine to avoid confusion in other lessons.
Just go back to the Hosts and Clusters view and right-click on the virtual machine linux-nioc-01a
and select Delete from Disk.
Conclusion
This concludes Module 1 - What's New with vSphere 6. We hope you have enjoyed taking this lab
and don't forget to take the survey at the end.
If you have time remaining, here are the other Modules that are part of this lab, along with an
estimated time to complete each one. Click on the 'Table of Contents' button to quickly jump to
that Module in the Manual.
HOL-SDC-1410-UPD
Page 126

HOL-SDC-1410-UPD
Page 127
Module 2 - Introduction to Management with

vCenter Server (60 Min)
HOL-SDC-1410-UPD
Page 128
What is vSphere?
VMware vSphere is the world's leading virtualization platform. As virtualization & the vSphere
platform have continued to grow, organizations have faced new challenges. With vSphere, IT can
rapidly provision Virtual Machines (VMs) but have found that management, capacity planning, and
lifecycle management of these VMs has becoming increasingly difficult. VMware vSphere with
Operations Management (vSOM) is a new solution that enables users to gain operational insight
into a vSphere infrastructure while also optimizing capacity. As vSphere environments continue to
grow it is essential that users have proactive management that can deliver monitoring,
performance, and capacity information at a glance. This detailed analysis enables users to get the
most out of the virtualization platform by reclaiming unused capacity, rightsizing virtual machines,
improving utilization, and also helping to increase consolidation ratios. This new VMware solution
combines vSphere with vRealize Operations Standard.
Video: Introduction to VMware vSphere with Operations

Management (5:48)
This video will show you how vSphere with Operations Management can help you manage a more
efficient and available environment.
HOL-SDC-1410-UPD
Page 129
ESXi Install and Configure

Due to the environment the Hands on Labs are running in and the high I/O it would cause, we are
not able to install software. Please use the following videos to walk through the process.
Video: Installing and Configuring vSphere (4:36)

The following video will walk through the process of installing and configuring vSphere.
Video: Overview of the DCUI (4:58)

This video will walk you through the Direct Console User Interface (DCUI).
HOL-SDC-1410-UPD
Page 130
vCenter 6.0 Overview

vCenter Server unifies resources from individual hosts so that those resources can be shared
among virtual machines in the entire datacenter. It accomplishes this by managing the assignment
of virtual machines to the hosts and the assignment of resources to the virtual machines within a
given host based on the policies that the system administrator sets.
vSphere v6.0 Components
The above diagram shows how vCenter fits in the vSphere stack. With vCenter installed, you
have a central point of management. vCenter Server allows the use of advanced vSphere
features such as vSphere Distributed Resource Scheduler (DRS), vSphere High Availability (HA),
vSphere vMotion, and vSphere Storage vMotion.
The other component is the vSphere Web Client. The vSphere Web Client is the interface to
vCenter Server and multi-host environments. It also provides console access to virtual machines.
The vSphere Web Client lets you perform all administrative tasks by using an in-browser interface.
HOL-SDC-1410-UPD
Page 131
vCenter 6.0 Components
Starting with vSphere 5.1 there are two methods to deploy vCenter. The first method is a
Windows installation. With the Windows method, you can install vCenter Single Sign On,
Inventory Service, and vCenter Server on the same host machine (as with vCenter Simple Install)
or on different virtual machines.
The other method is a virtual appliance. The vCenter Server Appliance (vCSA) is a single
preconfigured Linux-based virtual machine optimized for running vCenter Server and associated
services.
Platform Services Controller (PSC)
The Platform Services Controller (PSC) includes common services that are used across the suite.
These include Single Sign-On (SSO), Licensing, and the VMware Certificate Authority (VMCA).
You will learn more about SSO and the VMCA in the following pages.
HOL-SDC-1410-UPD
Page 132
The PSC is the first piece that is either installed or upgraded. When upgrading a SSO instance
becomes a PSC. There are two models of deployment, embedded and centralized.
Embedded means the PSC and vCenter Server are installed on a single virtual machine.
Embedded is recommended for sites with a single SSO solution such as a single vCenter.
Centralized means the PSC and vCenter Server are installed on different virtual machines.
Centralized is recommended for sites with two or more SSO solutions such as multiple
vCenter Servers, vRealize Automation, etc. When deploying in the centralized model it is
recommended to make the PSC highly available as to not have a single point of failure, in
addition to utilizing vSphere HA a load balancer can be placed in front of two or more
PSCs to create a highly available PSC architecture.
The PSC and vCenter servers can be mixed and matched, meaning you can deploy Appliance
PSCs along with Windows PSCs with Windows and appliance-based vCenter Servers. Any
combination uses the PSCs built in replication.
Use Case:
The PSC removes services from vCenter and makes them centralized across the vCloud
Suite.
This gives customers a single point to manage all their vSphere roles and permissions
along with licensing.
Reducing vCenter Server installation complexity allows customers to install or upgrade to
vSphere 6 faster.
There are only two installs options:
Embedded PSC which installs all components on a single virtual machine
Centralized, the customer must install the PSC and vCenter Server separately
In either installation model all vCenter Server services are installed on the vCenter Server
reducing the complexity of planning and installing vCenter Server.
vCenter Single Sign On

vSphere 5.1 introduced vCenter Single Sign On (SSO) as part of the vCenter Server management
infrastructure. This change affects the vCenter Server installation, upgrading, and operation.
Authentication by vCenter Single Sign On makes the VMware cloud infrastructure platform more
secure by allowing the vSphere software components to communicate with each other through a
secure token exchange mechanism, instead of requiring each component to authenticate a user
separately with a directory service like Active Directory.
HOL-SDC-1410-UPD
Page 133
vCenter Single Sign On - Typical Deployment
Starting with version 5.1, vSphere includes a vCenter Single Sign-On service as part of the
vCenter Server management infrastructure.
Authentication with vCenter Single Sign-On makes vSphere more secure because the vSphere
software components communicate with each other by using a secure token exchange
mechanism, and all other users also authenticate with vCenter Single Sign-On.
Starting with vSphere 6.0, vCenter Single Sign-On is either included in an embedded deployment,
or part of the Platform Services Controller. The Platform Services Controller contains all of the
services that are necessary for the communication between vSphere components including
vCenter Single Sign-On, VMware Certificate Authority, VMware Lookup Service, and the licensing
service. For example, in the image above, SSO resides within the Platform Services Controller as
part of this multi-vCenter topology. Both Windows and the vCSA can participate in this topology.
HOL-SDC-1410-UPD
Page 134
vCenter Single Sign On - Single vCenter
In a single vCenter topology, the PSC (along with all of its associated services) can run on a single
machine, also called the embedded deployment. This single machine could be a physical
Windows server, a Windows VM, or the vCSA.
While vCenter Server requires a database as shown above, SSO itself does not have such a
requirement.
More Information on Single Sign On

The second Module in this lab, Introduction to vSphere Networking and Security covers SSO in
more detail.
However, you can also refer to the vCenter 6.0 Deployment Guide for more in-depth requirements
and considerations for SSO architecture in vCenter 6.0:
http://www.vmware.com/files/pdf/techpaper/vmware-vcenter-server6-deployment-guide.pdf
HOL-SDC-1410-UPD
Page 135
Using the vSphere 6.0 Web Client

This lab will introduce the new vSphere 6.0 Web Client and its functionality.
The vSphere Web Client is the primary method for system administrators and end users to interact
with the virtual data center environment created by VMware vSphere. vSphere manages a
collection of objects that make up the virtual data center, including hosts, clusters, virtual
machines, data storage, and networking resources.
The vSphere Web Client is a Web browser-based application that you can use to manage,
monitor, and administer the objects that make up your virtualized data center. You can use the
vSphere Web Client to observe and modify the vSphere environment in the following ways.
Viewing health, status, and performance information on vSphere objects
Issuing management and administration commands to vSphere objects
Creating, configuring, provisioning, or deleting vSphere objects
You can extend vSphere in different ways to create a solution for your unique IT infrastructure. You
can extend the vSphere Web Client with additional GUI features to support these new capabilities,
with which you can manage and monitor your unique vSphere environment.
HOL-SDC-1410-UPD
Page 136
Main Areas of the Web Client
The vSphere Web Client is broken into 6 main areas also referred to as panes.
1.
2.
3.
4.
5.
6.
The navigation tree or Navigator

The main content area
The Search bar
The Work in Progress list
The Alarms list
And the Recent Tasks list
The layout of these panes can be customized. Click the push pin icon in the Navigator, Recent
Tasks, Work in Progress, or Alarms panes to minimize them. This can create more room for the
main area if you are working on a small monitor or one with low resolution. You can also change
where each of those panes are shown by dragging the title bar of the pane to one of the edges of
the screen.
Please Note: In this lab, since we're limited to a small screen resolution, we've set all the
panes to be minimized by default to give you the most screen real estate possible. You can
open any or all panes at your convenience and click on the push pin in any pane to allow it
to stay on the screen.
HOL-SDC-1410-UPD
Page 137
Review main areas of web interface
Start the Firefox web browser which will open to the "Site A Web Client".
1. Click the "Use Windows session authentication" check box
2. Click "Login"
HOL-SDC-1410-UPD
Page 138
vCenter 6.0 Inventory
1. Click "vCenter Inventory Lists" in either the left-hand tree or the right-hand pane. Clicking
vCenter Inventory Lists will take you to the inventory page where you find all the objects
associated with vCenter Server systems such as datacenters, hosts, clusters, networking,
storage, and virtual machines.
Child objects, Data Centers, and Hosts
1. Click the "Virtual Machines" inventory item. By selecting this inventory item, you are
presented with a list of the VMs which are located in this environment.
HOL-SDC-1410-UPD
Page 139
Virtual Machine Summary
1. Click the "w12-core" virtual machine.

2. Click the "Summary Tab" for that virtual machine. On this page you are able to see all the
details regarding the virtual machine. There is a "Edit Settings" link as well to modify the
settings of the virtual machine.
HOL-SDC-1410-UPD
Page 140
Edit the settings of a virtual machine.
1. Click the arrow next to "VM Hardware" to expand this pane and expose the VM's hardware
settings.
2. Click "Edit Settings" so a second network adapter can be added to the virtual machine.
HOL-SDC-1410-UPD
Page 141
Add a second network adapter
1. Now we need to add an additional network card to the VM.

2. Click the drop down list for "New Device" and highlight the "Network" device. We need to
add a second network to the virtual machine.
3. Click the Add button to add the new Network Card.
HOL-SDC-1410-UPD
Page 142
Configure the Second Network Card.
1. Click the arrow next to the New Network card to expand and view its settings. Notice that
the MAC address is blank at this point. A new MAC address will be generated once this
NIC is added or we are able to specify (with some rules) our own MAC address.
2. Click "OK" to add the device to the VM. When you select "OK" a new task is created.
HOL-SDC-1410-UPD
Page 143
Recent Tasks List
After adding the second NIC to the VM you'll see a task show up in the Recent Tasks list.
1. If the Recent Tasks pane is still minimized, click on the Recent Tasks button.
2. Optionally, you can choose to click on the push pin on the right side of the Recent Tasks
pane to make the Recent Tasks pane stay as part of the interface.
HOL-SDC-1410-UPD
Page 144
Recent Tasks List
Review the "Recent Tasks" list. Once the task is complete, a second Network Adapter should be
shown in the "VM Hardware" section. Note the networks are in a disconnected state because the
VM is powered off.
Again, you may choose to dismiss the Recent Tasks pane by clicking the Recent Tasks button
again or click the push-pin to make it persistent.
HOL-SDC-1410-UPD
Page 145
Show the Work In Progress Pane
For several of the next exercises it might be useful to have the Work In Progress pane in view.
1. Click the Work In Progress button
2. Click the pin to keep the pane in view
HOL-SDC-1410-UPD
Page 146
Recent Items List
One of the new features of the vSphere Web Client is the ability to view the most recently used
object in inventory. As an example, let's say we wanted to go back to Datacenter Site A. In the
lab environment we are currently using, this is a relatively easy task, but in a larger environment,
this may prove to be a more difficult task.
1. Start by clicking the recently viewed items icon.
HOL-SDC-1410-UPD
Page 147
Select vcsa-01a.corp.local
1. Next, select vcsa-01a.corp.local from the Drop-Down Menu. Note that there may be
different items on the list from what you see based on what lessons you have completed in
the lab so far.
Create a Virtual Machine
There are several areas on the interface to create a new VM. We will be using the top of the
hierarchy which is the vCenter Server.
HOL-SDC-1410-UPD
Page 148
1. Move your mouse cursor over the Home menu (note that you do not need to click on the
button)
2. Select VMs and Templates
Create a Virtual Machine
1. Expand the vcsa-01a.corp.local tree to expose the "DataCenter Site A" object
2. Click on "DataCenter Site A"
HOL-SDC-1410-UPD
Page 149
Start the New Virtual Machine Wizard
1. If you are not already there, click the "Getting Started" tab to view a list of the Basic Tasks
which can be started.
2. Click "Create a new virtual machine" to start the new virtual machine wizard. This wizard
is used to create a new Virtual Machine and place it in the vSphere inventory.
HOL-SDC-1410-UPD
Page 150
Virtual Machine wizard
1. Click "Next" since the "Create a New Virtual Machine" wizard is highlighted.
HOL-SDC-1410-UPD
Page 151
Name the Virtual Machine
1. Enter "web-serv01" for the name of the new virtual machine.

2. Click "Next"
HOL-SDC-1410-UPD
Page 152
Virtual Machine Placement
Expand "Datacenter Site A" to see "Cluster Site A".

Because Distributed Resource Scheduler (DRS) is enabled, you just have to select a cluster
and DRS will determine which host to use for the VM.
1. Click "Cluster Site A"

2. Click "Next"
HOL-SDC-1410-UPD
Page 153
Pause the wizard
Have you ever been in the middle of an operation only to be interrupted by another request? In the
vSphere Web Client, we have you covered! You can simply "pause" the wizard, perform your
other task, and come right back to where you left off. For example, a user calls you and requests
that their VM be powered on immediately! So lets pause our wizard in order to power on their VM.
1. Save the wizard progress by clicking the >> in the upper right hand corner of the web
client. This will save the state of the wizard to the "work in progress" pane and close the
wizard allowing you to perform this urgent task of powering on the user's VM.
Work In Progress Pane

View the Work In Progress pane to validate that your work has been saved.
Once you've verified that your work is saved then click the push pin of the Work in Progress pane
to minimize it and free up your screen space.
HOL-SDC-1410-UPD
Page 154
Power on w12-core
1. Click "Hosts and Clusters".

2. Expand vcsa-01a.corp.local, Datacenter Site A, and Cluster Site A to expose the w12-core
VM.
3. Right click on w12-core, which will bring up the Actions sub-menu.
4. Expand the menu by hovering over Power.
5. Click the Power On menu item.
HOL-SDC-1410-UPD
Page 155
Continue the New VM Wizard
1. Click the Work In Progress button to view the Work in Progress pane
HOL-SDC-1410-UPD
Page 156
Continue the New VM Wizard
1. Click on "New Virtual Machine" to bring up the wizard right where you left off
HOL-SDC-1410-UPD
Page 157
Select Datastore
1. Ensure the "ds-site-a-nfs01" datastore is selected

2. Click "Next"
HOL-SDC-1410-UPD
Page 158
Compatibility
1. Click "Next" to accept the default "ESXi 6.0 and later"
Guest OS
1. Click "Next" to accept the default.
HOL-SDC-1410-UPD
Page 159
Change Virtual Disk Size.
1. Change the memory setting from the 4096 to "1024". This VM is a test VM so it only
needs 1 GB of memory and 40 MB of disk.
2. Change the disk size from GB to "MB".
3. Change the disk size of 40,960 to "40" 40 MB size.
4. Change the network to "VM Network (vds-site-a)".
5. Select "Next"
6. Select "Finish"
HOL-SDC-1410-UPD
Page 160
Power on New Virtual Machine.
1. Right Click "web-serv01"

2. Hover over the "Power" menu item
3. Click "Power On"
In addition to the right click menu there is an "Actions" menu at the top of the Web Client
where you can accomplish the same commands.
HOL-SDC-1410-UPD
Page 161
Using Tagging and Search to Find Objects Quickly

The vSphere 6.0 Web Client now provides some powerful search options. This lesson will guide
you through the different search options to find the inventory of interest quickly. Also, a new
feature of vCenter Inventory Service enables users to create custom defined tags that can be
categorized and added to any inventory objects in the environment. These tags are searchable
metadata and reduce the time to find inventory object information. This lab will cover how to
create tags and use the tags for a search.
Logging In
Click the "Mozilla Firefox" icon from the Control Center desktop or the bottom taskbar.
2. Click "Login"
HOL-SDC-1410-UPD
Page 162
Search Options
We have different search options, "New Search", "Saved Searches" and "Quick Search". Let's
first take a look at "New Search"
1. From anywhere in the web client, click the "Home" icon to show the Home Menu.
2. Click "New Search"
HOL-SDC-1410-UPD
Page 163
Search for Virtual Machines
1.
2.
3.
4.
Let's do a simple search by entering "vm" in the search box.

Click "Search"
In the inventory pane search results are returned that have been grouped by object type.
The search has also created tabs that group by object type. You should be on the Virtual
Machines tab. If not click on the Virtual Machines tab.
Virtual Machines that exist in the environment
1. When the "Virtual Machines" tab is selected, a list of VM's that exist in the environment is
returned.
2. Now let's search for a specific tag. Click the "Advanced Search" link.
HOL-SDC-1410-UPD
Page 164
Advanced Search
Using advanced search allows you to search for managed objects that meet multiple criteria.
For example, you can search for virtual machines matching a search string. The virtual machines
reside on hosts whose names match a second search string. Let's do a search for virtual
machines to check VMware Tools status.
1.
2.
3.
4.
5.
6.
Change the field shown to "Virtual Machine".

For the property Field click "VMware Tools Version Status"
Click the drop down menu to select the "Not installed" criteria.
Click the "Search" button.
The results are displayed in the results screen.
This search can be used in the future so let's save the search. Click "Save..."
Name the Search
1. Enter "VMware Tools Not Installed" for the name of the search.
2. Click "OK"
HOL-SDC-1410-UPD
Page 165
View Saved Searches
1. Click the Home Menu icon at the top

2. Click on Saved Searches
Save Search Results
1. Click the saved search "VMware Tools Not Installed"

2. A list of the VM's which do not have tools installed is returned in the results window.
HOL-SDC-1410-UPD
Page 166
Quick Search
1. In the upper right hand corner, enter "vm" in the quick search field. A pop-up window is
displayed that shows filtered items which match.
2. Click the second "VM Network" next to the "Distributed Port Group" heading. (This network
exists on Site B as well.)
List of Virtual Machines
1. Select "Virtual Machines" on the left side of the screen.
HOL-SDC-1410-UPD
Page 167
2. Select "Related Objects" on the right. An expanded list of virtual machines is shown.
Tags, User Defined Labels
You use tags to add metadata to inventory objects. You can record information about your
inventory objects in tags and use the tags in searches.
1. Click the Home Menu
2. Select "Tags" to create tag categories and tags.
HOL-SDC-1410-UPD
Page 168
Creating Tag Categories
You use categories to group tags together and define how tags can be applied to objects.
Every tag must belong to one and only one category. You must create at least one category before
creating any tags.
1. Click "New Category"
HOL-SDC-1410-UPD
Page 169
New Category
Associable Object Types: We will use the default which states that the new tag in this category
can be assigned to all objects. The other option is you can specify a specific object, such as
virtual machines or datastores.
1. Enter "web tier" for the Category Name.
2. Keep the default "One tag per object"
3. Click "OK"
HOL-SDC-1410-UPD
Page 170
Create a New Tag
Click 'New Tag' to create a new one.
Tag Creation and assign to a Category
1. To create a new tag enter "Web Server version 2"

2. Click the tag category "web tier" in the drop down box.
3. Select "OK"
HOL-SDC-1410-UPD
Page 171
To review the category and tags you created, select the "Items" tab. In this screen, you can review
and edit the categories and tags. New categories and tags also can be created in this screen.
List Created Tags
1. When the "Items" tab is selected, a list of the created tags is returned. Notice there is also
a Categories tab, which would list the categories which have been created.
HOL-SDC-1410-UPD
Page 172
Assigning tags to a Virtual Machine
1. Click the Home Menu

2. Click "VMs and Templates"
HOL-SDC-1410-UPD
Page 173
Select a Virtual Machine
1. Right-click the virtual machine "web-serv01". You may need to expand the navigation tree
on the left side to expose the VMs.
2. Find "Tags & Custom Attributes"
3. Click "Assign Tag"
HOL-SDC-1410-UPD
Page 174
Assign Tag
1. Click the "Web Server Version 2" tag

2. Click "Assign". A task is created and the tag is assigned.
HOL-SDC-1410-UPD
Page 175
Search Using Tags
1. In the Quick Search field enter "we".

2. Select the Tag "Web Server Version 2"
Search Results
1. Click on the "Related Objects" tab to find the list of objects which have been assigned the
"Web Server Version 2" tag.
HOL-SDC-1410-UPD
Page 176
Using Filters
Another way to find objects quickly is to use the new Filter feature in the vSphere Web Client.
1. Start by clicking the Home Menu
2. Click Hosts and Clusters
HOL-SDC-1410-UPD
Page 177
Select Cluster Site A
1. From the left navigation pane, select "Cluster Site A".

2. Next, click the "Related Objects" Tab.
3. And finally the "Hosts" Tab.
Filter Options
1. Click on the 'Quick Filter' button, right next to the 'Filter box'
HOL-SDC-1410-UPD
Page 178
Host Filter Options
You'll now be presented with a list of Filter options specific to vSphere Hosts.
1. Click on the "In Maintenance Mode" box under Maintenance Mode.
Hosts in Maintenance Mode
You are presented with a list of all the hosts in Maintenance Mode, which in our case is none.
To remove a single filter, just uncheck the box next it. To clear all the Filters and start over, click
the filter icon with the Red 'X'.
1. Click the Filter Icon with the Red 'X'.
HOL-SDC-1410-UPD
Page 179
Other Filters Available
You can click through the other tabs (Virtual Machines, vApps, Datastores, etc.) and view the other
filters that are available for each object type. Again, each filter is specific to the class of object it
represents.
Notice if a tag has been created for that object, you can use that to filter with as well.
HOL-SDC-1410-UPD
Page 180
Understanding High Availability (HA) and Distributed

Resource Scheduler (DRS)
This lab shows how to use the VMware vSphere web client to enable and configure High
Availability (HA) and Dynamic Resource Scheduling (DRS). HA protects from down time by
automating recovery in the event of a host failure. DRS ensures performance by balancing virtual
machine workloads across hosts a cluster.
What is vSphere High Availability?

vSphere HA provides high availability for virtual machines by pooling the virtual machines and the
hosts they reside on into a cluster. Hosts in the cluster are monitored and in the event of a failure,
the virtual machines on a failed host are restarted on alternate hosts.
When you create a vSphere HA cluster, a single host is automatically elected as the master host.
The master host communicates with vCenter Server and monitors the state of all protected virtual
machines and of the slave hosts. Different types of host failures are possible, and the master host
must detect and appropriately deal with the failure. The master host must distinguish between a
failed host and one that is in a network partition or that has become network isolated. The master
host uses network and datastore heartbeating to determine the type of failure. Also note that
vSphere HA is a host function which means there is not a dependency on vCenter in order to
effectively fail over VMs to other hosts in the cluster.
HA Primary Components
HOL-SDC-1410-UPD
Page 181
The Master Role
The Slave Role
HOL-SDC-1410-UPD
Page 182
The Master Election Process
Enable and Configure vSphere High Availability
1. First, go to the "Home" button

2. Select "Hosts and Clusters"
HOL-SDC-1410-UPD
Page 183
Settings for High Availability
1. Click "Cluster Site A"

2. Click "Actions" to bring up the drop down menu.
3. Click "Settings"
HOL-SDC-1410-UPD
Page 184
Cluster Settings
1. Click "vSphere HA" under "Services" to bring up the settings for high availability. Note that
you may need to scroll to the top of the list.
2. Click "Edit"
HOL-SDC-1410-UPD
Page 185
Enable High Availability
1. Check the box "Turn ON vSphere HA"

2. Change the "VM Monitoring" section to "VM and Application Monitoring".
3. Expand the "Admission Control" section by selecting the ">"
HOL-SDC-1410-UPD
Page 186
Admission Control Settings
1. Scroll down and check the radio button "Define failover capacity by reserving a percentage
of the cluster resources and accept the default settings of 25%.
HOL-SDC-1410-UPD
Page 187
VM Monitoring and Datastore Heartbeating
1. Expand the Datastore Heartbeating section.

2. Select the radio button for "Automatically select datastores accessible from the host".
3. Click "OK"
HOL-SDC-1410-UPD
Page 188
Use the Summary Tab to Verify that HA Is Enabled
1. Click the Summary tab

2. Locate and expand the vSphere HA panel in the data area: click on the ">" to the left of
the panel's name to expand it.
Notice the bars that display resource usage in blue, protected capacity in light gray, and reserve
capacity using stripes.
HOL-SDC-1410-UPD
Page 189
Enable Distributed Resource Scheduler (DRS)
If necessary, return to the Manage > Settings page on the Cluster Site A cluster
1.
2.
3.
4.
5.
Click vSphere DRS

Click "Edit"
Check "Turn ON vSphere DRS" -- note that this is already enabled in the lab
Click the drop down box and select "Fully Automated"
Click "OK"
Automation Levels
The chart shown above is showing how DRS affects placement and migration according to the
setting Manual, Partially Automated or Fully Automated.
HOL-SDC-1410-UPD
Page 190
Use the Cluster's Summary Tab to Check Cluster Balance
1. Click the "Summary Tab" to display the current status of the cluster.
2. The Summary tab of the Cluster Site A shows the current balance of the cluster. Also
shown in the DRS section is how many recommendations or faults that have occurred with
the cluster. (You may have to scroll down to see the vSphere DRS widget).
That concludes this lesson.
HOL-SDC-1410-UPD
Page 191
vSphere 6.0 Fault Tolerance Provides Continuous Availability

vSphere 6.0 HA provides a base level of protection for your virtual machines by restarting virtual
machines in the event of a host failure. vSphere 6.0 Fault Tolerance provides a higher level of
availability, allowing users to protect any virtual machine from a host failure with no loss of data,
transactions, or connections.
Fault Tolerance provides continuous availability by ensuring that the states of the Primary and
Secondary VMs are identical at any point in the instruction execution of the virtual machine. This is
done using the VMware vLockstep technology on the ESXi host platform. vLockstep accomplishes
this by having the Primary and Secondary VMs execute identical sequences of x86 instructions.
The Primary VM captures all inputs and events (from the processor to virtual I/O devices) and
replays them on the Secondary VM. The Secondary VM executes the same series of instructions
as the Primary VM, while only a single virtual machine image (the Primary VM) executes the
workload.
If the host running the Primary VM fails, an immediate and transparent failover occurs. The
functioning ESXi host seamlessly becomes the Primary VM host without losing network
connections or in-progress transactions. With transparent failover, there is no data loss and
network connections are maintained. After a transparent failover occurs, a new Secondary VM is
respawned and redundancy is re-established. The entire process is transparent and fully
automated and occurs even if vCenter Server is unavailable.
VMware vSphere Fault Tolerance
The benefits of Fault Tolerance are:

Protect mission critical, high performance applications regardless of OS
HOL-SDC-1410-UPD
Page 192
Continuous availability - Zero downtime, zero data loss for infrastructure failures
Fully automated response
Use cases
Any workload that has up to 4 vCPUs and 64GB Memory that is not latency sensitive (eg. VOIP &
High-Frequency trading are not good candidates for FT). Note that vSphere 6.0 introduces the
capability to use FT to protect VMs with more than 1 vCPU. In vSphere 5.5 and prior versions,
only VMs with 1 vCPU could be protected by FT.
There is VM/Application overhead to using FT and that will depend on a number of factors like the
application, number of vCPUs, number of FT protected VMs on a host, Host processor type, etc.
We will release a performance paper around launch that will get into more specifics, for now the
recommendation to customers is to test out using FT and see if it works for their workloads/use
cases.
The new version of Fault Tolerance greatly expands the use cases for FT to approximately 90% of
workloads.
The new technology used by FT is called Fast Checkpointing and is basically a heavily modified
version of an xvMotion that never ends and executes many more checkpoints (multiple/sec). Also
note that in versions prior to 6.0, FT required shared storage where both the Primary and
Secondary copies of the FT-protected VM would share the same VMDK files. However, in vSphere
6.0 in order to add additional protection to the FT-protected VM, the Primary & Secondary VM use
unique VMDK's.
FT logging (traffic between hosts where primary and secondary are running) is very bandwidth
intensive and will use a dedicated 10G nic on each host. This isnt required, but highly
recommended as at a minimum an FT protected VM will use more . If FT doesnt get the
bandwidth it needs the impact is that the protected VM will run slower.
Video: Protecting Virtual Machines with FT (2:51)

This video shows how to protect virtual machines with VMware Fault Tolerance (FT). Due to
resource constraints in the Hands On Labs environment we're unable to demonstrate this live for
you.
HOL-SDC-1410-UPD
Page 193
Monitoring Events and Creating Alarms

vSphere includes a user-configurable events and alarms subsystem. This subsystem tracks
events happening throughout vSphere and stores the data in log files and the vCenter Server
database. This subsystem also enables you to specify the conditions under which alarms are
triggered. Alarms can change state from mild warnings to more serious alerts as system
conditions change, and can trigger automated alarm actions. This functionality is useful when you
want to be informed, or take immediate action, when certain events or conditions occur for a
specific inventory object, or group of objects.
Events are records of user actions or system actions that occur on objects in vCenter Server or on
a host. Actions that might be reordered as events include, but are not limited to, the following
examples:
A license key expires
A virtual machine is powered on
A user logs in to a virtual machine
A host connection is lost
Event data includes details about the event such as who generated it, when it occurred, and what
type of event.
Alarms are notifications that are activated in response to an event, a set of conditions, or the state
of an inventory object. An alarm definition consists of the following elements:
Name and description - Provides an identifying label and description.
Alarm type - Defines the type of object that will be monitored.
Triggers - Defines the event, condition, or state that will trigger the alarm and defines the
notification severity.
Tolerance thresholds (Reporting) - Provides additional restrictions on condition and state triggers
thresholds that must be exceeded before the alarm is triggered.
Actions - Defines operations that occur in response to triggered alarms. VMware provides sets
of predefined actions that are specific to inventory object types.
Alarms have the following severity levels:
Normal green
Warning yellow
Alert red
Alarm definitions are associated with the object selected in the inventory. An alarm monitors the
type of inventory objects specified in its definition.
HOL-SDC-1410-UPD
Page 194
For example, you might want to monitor the CPU usage of all virtual machines in a specific host
cluster. You can select the cluster in the inventory, and add a virtual machine alarm to it. When
enabled, that alarm will monitor all virtual machines running in the cluster and will trigger when any
one of them meets the criteria defined in the alarm. If you want to monitor a specific virtual
machine in the cluster, but not others, you would select that virtual machine in the inventory and
add an alarm to it. One easy way to apply the same alarms to a group of objects is to place those
objects in a folder and define the alarm on the folder.
In this lab, you will learn how to create an alarm and review the events that have occurred.
Video: Configure Alarms and Notification for VMware vSphere (5:20)

This video shows how to use the VMware vSphere web client to configure vCenter Server alarms
and alerts and how to enable email notification.
Review default alerts
1. Click the "Home" icon

2. Click the "Events" menu item
HOL-SDC-1410-UPD
Page 195
Event Console
1. Select the "Type" column to sort by level of severity.

2. Select an event to review the details of the event.
HOL-SDC-1410-UPD
Page 196
Setup notifications
1. Click the "Home" menu

2. Click the "Hosts and Clusters" menu item
HOL-SDC-1410-UPD
Page 197
Setup Notifications
1.
2.
3.
4.
Select the vCenter "vcsa-01a.corp.local"

Click the "Manage" tab
Click the "Alarm Definitions" tab. The default alarm definitions are shown.
Click an alarm. Alarms can be defined at different levels. In the case of the highlighted
alarm, you can see it is defined at the top level. Alarms that are defined at the top level are
then inherited by the objects below.
HOL-SDC-1410-UPD
Page 198
Defining an Alarm
1. Use the filter to find the "Host CPU usage" alarm definition by typing "cpu" in the search
field
2. Select the "Host CPU usage" alarm
3. Click the "Edit" button
HOL-SDC-1410-UPD
Page 199
Host CPU usage - Edit
1. Click on the "Triggers" portion of the alarm.

2. Click "80%" usage for 5 minutes to trigger the alarm.
3. Click "Next"
HOL-SDC-1410-UPD
Page 200
Define Actions
1.
2.
3.
4.
5.
Click the "+" to add a new action.

Scroll on the list and click "Maintenance mode"
Set the "Alert State Change" to "Once"
Set the "Alert State Change" to "Once"
Click "Finish"
HOL-SDC-1410-UPD
Page 201
New Alarm Definition
We will be creating an alarm that will reset a VM if CPU Ready exceeds an average of 8000ms
over the course of 5 minutes.
1. Click the "+" to start the New Alarm Definition wizard.
2. Enter "Virtual Machine CPU Ready"
3. Click "Next" to move to the Triggers section.
HOL-SDC-1410-UPD
Page 202
Define CPU Ready Time
1. Click the "+" to add a new trigger action.

2. Scroll down the list and select the "VM CPU Ready Time" and keep the default conditions.
3. Click "Next"
HOL-SDC-1410-UPD
Page 203
Define the Action to Take
1. Click the "+" to add a new action

2. Click the "Reset VM" action
3. Click "Finish"
That concludes this lesson.
HOL-SDC-1410-UPD
Page 204
Configure Shares and Resources

Shares specify the relative importance of a virtual machine (or resource pool). If a virtual machine
has twice as many shares of a resource as another virtual machine, it is entitled to consume twice
as much of that resource when these two virtual machines are competing for resources. This lab
starts with a video walking you through the process of working with shares and resources. The
remainder of this module walks you through making the changes to a VM's resources.
Shares are typically specified as High, Normal, or Low
Video: Configuring Shares and Reservations (4:00)

This video shows how to use the VMware vSphere web client to configure shares, reservations,
and limits in order to effectively distribute compute and memory resources among virtual
machines.
Shares, Limits and Reservations
HOL-SDC-1410-UPD
Page 205
Review CPU settings
1.
2.
3.
4.
5.
Click the "w12-core" virtual machine.

Click the "Manage" tab
Click the "Settings tab"
Click the "VM Hardware" setting
Expand the CPU section. You can see the current settings for Shares, Reservation and
Limit.
6. Expand the Memory section. This section contains the Shares, Reservations and Limit for
the memory section.
7. Click "Edit" to modify the shares of the VM
HOL-SDC-1410-UPD
Page 206
Understanding Shares
The above example shows 2 VM's, one a development VM and the other a Production VM. On
the left hand side of the diagram, you can see the CPU shares are equal. We want to make sure
the Production VM gets the majority of the CPU resources when there is contention for those
resources in the environment. Changing the shares for the production VM from 1000 shares to
2000 shares accomplishes this goal. The new settings are shown on the right side of the diagram.
HOL-SDC-1410-UPD
Page 207
Changing Resource Allocation of CPU shares.
1. Expand the CPU section of the settings.

2. From the Shares drop down box, Click "High" to change the setting of the CPU shares.
3. Click "OK"
HOL-SDC-1410-UPD
Page 208
Review Settings
The new Shares settings are shown in the Settings tab.
HOL-SDC-1410-UPD
Page 209
Settings for Limits and Reservations.
Limits and Reservations are set with the same procedure. When you click on the "edit" settings
for a VM, you will find the ability to set the Limit and Reservations. Limit restricts a VM from using
more than the limit setting. Reservations guarantee a minimum amount of a resource be available
for the virtual machine. Try out some settings for Limits and Reservations. One note is that if you
try to reserve more of a resource such as memory or CPU than is available, the VM may not
power on.
Conclusion
This concludes Module 2 - Introduction to Management with vCenter Server. We hope you have
enjoyed taking this lab. Please remember to take the survey at the end.
HOL-SDC-1410-UPD
Page 210
Module 1 - What' New with vSphere 6 (90 Minutes)

HOL-SDC-1410-UPD
Page 211
Module 3 - Introduction to vSphere

Networking And Security (60 Min)
HOL-SDC-1410-UPD
Page 212
vSphere Networking Enhancements

Since vSphere 5.5, some key networking enhancements and capabilities to further simplify
operations, improve performance and provide security in virtual networks. VMware vSphere
Distributed Switch is a centrally managed, datacenter-wide switch that provides advanced
networking features on the vSphere platform. Having one virtual switch across the entire vSphere
environment greatly simplifies management. The following are some of the key benefits of the
features in this release:
The enhanced link aggregation feature provides choice in hashing algorithms and also
increases the limit on number of link aggregation groups.
Additional port security is enabled through traffic filtering support.
Prioritizing traffic at layer 3 increases quality of service support.
A packet-capture tool provides monitoring at the various layers of the virtual switching
stack.
Other enhancements include improved single-root I/O virtualization (SR-IOV) support and
40GB NIC support.
Link Aggregation Control Protocol (LACP) Enhancements

In vSphere 5.1, LACP is supported. LACP is a standards-based method to control the bundling of
several physical network links together to form a logical channel for increased bandwidth and
redundancy purposes. It dynamically negotiates link aggregation parameters such as hashing
algorithms, number of uplinks, and so on, across vSphere Distributed Switch and physical access
layer switches. In case of any link failures or cabling mistakes, LACP automatically renegotiates
parameters across the two switches. This reduces the manual intervention required to debug
cabling issues.
The following key enhancements are available on vSphere Distributed Switch with vSphere 5.5
and later:
Comprehensive load-balancing algorithm support 22 new hashing algorithm options are
available. For example, source and destination IP address and VLAN field can be used as
the input for the hashing algorithm.
Support for multiple link aggregation groups (LAGs) 64 LAGs per host and 64 LAGs per
VMware vSphere VDS.
Because LACP configuration is applied per host, this can be very time consuming for large
deployments. In this release, new workflows to configure LACP across a large number of
hosts are made available through templates.
HOL-SDC-1410-UPD
Page 213
LACP Example
Traffic Filtering
Traffic filtering is the ability to filter packets based on the various parameters of the packet header.
This capability is also referred to as access control lists (ACLs), and it is used to provide port-level
security.
The VDS supports packet classification, based on the following three different types of qualifiers:
MAC SA and DA qualifiers
System traffic qualifiers vSphere vMotion, vSphere management, vSphere FT, and so on
IP qualifiers Protocol type, IP SA, IP DA, and port number
After the qualifier has been selected and packets have been classified, users have the option to
either filter or tag those packets.
When the classified packets have been selected for filtering, users have the option to filter ingress,
egress, or traffic in both directions.
Traffic-filtering configuration is at the port group level
HOL-SDC-1410-UPD
Page 214
Quality of Service Tagging

Two types of Quality of Service (QoS) marking/tagging common in networking are 802.1p Class of
Service (CoS), applied on Ethernet/layer 2 packets, and Differentiated Service Code Point
(DSCP), applied on IP packets. The physical network devices use these tags to identify important
traffic types and provide QoS based on the value of the tag. Because business-critical and
latency-sensitive applications are virtualized and are run in parallel with other applications on an
ESXi host, it is important to enable the traffic management and tagging features on VDS.
The traffic management feature on VDS helps reserve bandwidth for important traffic types, and
the tagging feature enables the external physical network to detect the level of importance of each
traffic type. It is a best practice to tag the traffic near the source and help achieve end-to-end QoS.
During network congestion scenarios, the highly tagged traffic doesnt get dropped, providing the
traffic type with higher QoS.
VMware has supported 802.1p tagging on VDS since vSphere 5.1. The 802.1p tag is inserted in
the Ethernet header before the packet is sent out on the physical network. In vSphere 5.5 and
later, the DSCP marking support enables users to insert tags in the IP header. IP headerlevel
tagging helps in layer 3 environments, where physical routers function better with an IP header tag
than with an Ethernet header tag.
After the packets are classified based on the qualifiers described in the Traffic Filtering section,
users can choose to perform Ethernet (layer 2) or IP (layer 3) headerlevel marking. The markings
can be configured at the port group level.
SR-IOV Enhancements
Single-root I/O virtualization (SR-IOV) is a standard that enables one PCI Express (PCIe) adapter
to be presented as multiple, separate logical devices to virtual machines. In this release, the
workflow of configuring the SR-IOVenabled physical NICs is simplified. Also, a new capability is
introduced that enables users to communicate the port group properties defined on the vSphere
standard switch (VSS) or VDS to the virtual functions.
The new control path through VSS and VDS communicates the port groupspecific properties to
the virtual functions. For example, if promiscuous mode is enabled in a port group, that
configuration is then passed to virtual functions, and the virtual machines connected to the port
group will receive traffic from other virtual machines.
Enhanced Host-Level Packet Capture

Troubleshooting any network issue requires various sets of tools. In the vSphere environment, the
VDS provides standard monitoring and troubleshooting tools, including NetFlow, Switched Port
Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN) and Encapsulated Remote Switched
Port Analyzer (ERSPAN). In this release, an enhanced host-level packet capture tool is
introduced. The packet capture tool is equivalent to the command-line tcpdump tool available on
the Linux platform.
The following are some of the key capabilities of the packet capture tool:
HOL-SDC-1410-UPD
Page 215
Available as part of the vSphere platform and can be accessed through the vSphere host
command prompt
Can capture traffic on VSS and VDS
Captures packets at the following levels:
1. Uplink
2. Virtual switch port
3. vNIC
Can capture dropped packets
Can trace the path of a packet with time stamp details.
40GB NIC Support

Support for 40GB NICs on the vSphere platform enables users to take advantage of higher
bandwidth pipes to the servers. In this release, the functionality is delivered via Mellanox
ConnextX-3 VPI adapters configured in Ethernet mode.
HOL-SDC-1410-UPD
Page 216
Configuring vSphere Standard Switch

The following lesson will walk you through the process of creating and configuring the vSphere
Standard Switch.
Adding a Virtual Machine Port Group with the vSphere Web Client
If you are not already logged in, launch the Firefox browser from the desktop and login to the
vSphere Web Client.
2. Click "Login"
HOL-SDC-1410-UPD
Page 217
In the left-hand pane, click the "Hosts and Clusters" object.
Add Networking
Under vcsa-01a.corp.local, expand Datacenter Site A and then Cluster Site A.

Next, right-click on esx-02a.corp.local in the Navigator and select 'Add Networking'.
HOL-SDC-1410-UPD
Page 218
Connection Type
When asked to select connection type, choose Virtual Machine Port Group for a Standard Switch
and click Next
HOL-SDC-1410-UPD
Page 219
Target Device
When asked to select a target device, choose New Standard Switch and click Next.
HOL-SDC-1410-UPD
Page 220
Create a Standard Switch
At the Create a Standard Switch step of the wizard, select 'Unused Adapters' and click the Green
'+' button.
HOL-SDC-1410-UPD
Page 221
Add Physical Adapter
Select vmnic3 under Network Adapters and click 'OK'
HOL-SDC-1410-UPD
Page 222
Add Physical Adapter
Click 'Next to continue.
Connection Settings
At the Connection settings step of the wizard, for Network label, leave the default name of VM
Network.
Do not change change the VLAN ID; leave this set to None (0).
HOL-SDC-1410-UPD
Page 223
Complete the Wizard
Review the port group settings in Ready to complete and click Finish.
(Optional) Video: How to Configure a vSphere Standard Switch (VSS) (4:22)

This video shows how to use the VMware vSphere web client to configure basic networking for
your vSphere hosts using the vSphere Standard Switch (VSS).
Editing a Standard Switch in the vSphere Web Client

In this lesson, we'll modify the Standard switch we created in the previous steps.
vSphere standard switch settings control switch-wide defaults and switch properties such as the
uplink configuration.
HOL-SDC-1410-UPD
Page 224
Select esxi-02a.corp.local
Browse to esxi-02a.corp.local in the vSphere Web Client object Navigator
List Virtual Switches
Click the Manage tab, select Networking and select Virtual switches.
HOL-SDC-1410-UPD
Page 225
Select vSwitch0
Select vSwitch0 switch from the list
Edit vSwitch0
Under Virtual switches, select vSwitch0 and click the pencil icon to edit the virtual switch.
HOL-SDC-1410-UPD
Page 226
Change the MTU Setting for a vSphere Standard Switch (Enabling Jumbo
Frames)
If you are using jumbo frames in your environment and want to leverage this on a vSphere
Standard Switch, you can change the MTU setting here.
You can change the size of the maximum transmission unit (MTU) on a vSphere Standard Switch
to increase the amount of payload data transmitted with a single packet, that is, enabling jumbo
frames. Be sure to check with your Networking team prior to making any modifications
here. To realize the benefit of this setting and prevent performance issues, compatible MTU
settings are required across all virtual and physical switches and end devices such as hosts and
storage arrays.
You will also notice the Security, Traffic shaping, and Team and Failover options. This is where the
default settings for the virtual switch would be set. As you will see later, these defaults may be
overridden at the port group level as required.
Click Cancel to continue.
Change the Speed of an Uplink Adapter in the vSphere Web Client

An uplink adapter can become a bottleneck for network traffic if the speed of the uplink adapter is
not compatible with the network traffic speed. You can change the connection speed and duplex
setting of an uplink adapter to match the speed configured on the attached physical switch port.
HOL-SDC-1410-UPD
Page 227
Select Physical Adapters
Click on Physical adapters
Edit vmnic3
To change the configured speed and duplex value of a physical network adapter, select vmnic3
from the list and click Edit (the pencil icon).
HOL-SDC-1410-UPD
Page 228
Configured Speed and Duplex
Here we could change the configured speed and/or duplex to the appropriate settings.
Click Cancel to continue.
Add Uplink Adapters in the vSphere Web Client

You can associate multiple adapters to a single vSphere standard switch to increase throughput
and provide redundancy should a link fail. This is known as "NIC Teaming."
Select Virtual switches
Select Virtual switches.

Click on vSwitch0 and then the Manage physical adapters icon.
HOL-SDC-1410-UPD
Page 229
Add Adapter
Add an Adapter by clicking the Green '+' icon.
Select Adapter
Select a vmnic2 from the list and select 'Active Adapters' from the Failover order group drop-down
menu. Click OK.
HOL-SDC-1410-UPD
Page 230
View Adapters
The selected adapter appears as an Active Adapter under the Assigned Adapters list. Click 'OK'
to save the change.
Editing a Standard Switch Port Group

Once the vSwitch has been configured and its defaults have been set, the port group can be
configured. The port group is the construct that is connected to virtual machine NICs and usually
represents a VLAN or physical network partition such as Production, Development, Desktop or
DMZ.
HOL-SDC-1410-UPD
Page 231
Edit Port Group
With vSwitch0 selected, select the VM Network port group and click Edit (the pencil icon)
Port Group Properties
The Properties setting section is where the name or VLAN ID of the port group can be modified.
There is no need to modify these settings for this part of the lab.
HOL-SDC-1410-UPD
Page 232
Port Group Security
Click Security in the left pane. By ticking the Override box, you can override the default setting of
the virtual switch for just this port group.
In this section, you can configure the following:
Promiscuous Mode
Reject Placing a guest adapter in promiscuous mode has no effect on which frames are
received by the adapter.
Accept Placing a guest adapter in promiscuous mode causes it to detect all frames
passed on the vSphere standard switch that are allowed under the VLAN policy for the port
group that the adapter is connected to.
MAC Address Changes
Reject If you set the MAC Address Changes to Reject and the guest operating system
changes the MAC address of the adapter to anything other than what is in the .vmx
configuration file, all inbound frames are dropped. If the Guest OS changes the MAC
address back to match the MAC address in the .vmx configuration file, inbound frames are
passed again.
Accept Changing the MAC address from the Guest OS has the intended effect: frames
sent to the altered MAC address are received by the virtual machine.
Forged Transmits
Reject Any outbound frame with a source MAC address that is different from the one
currently set on the adapter are dropped.
Accept No filtering is performed and all outbound frames are passed.
No changes are needed here and you may proceed to the next step.
HOL-SDC-1410-UPD
Page 233
Traffic Shaping
Click Traffic shaping in the left pane. then select the check box next to Override. Just like in the
Security settings, you can override the default policy set at the switch level to apply to just this port
group.
A traffic shaping policy is defined by average bandwidth, peak bandwidth, and burst size. You can
establish a traffic shaping policy for each port group.
ESXi shapes outbound network traffic on standard switches. Traffic shaping restricts the network
bandwidth available on a port, but can also be configured to allow bursts of traffic to flow through
at higher speeds.
Average Bandwidth
Establishes the number of bits per second to allow across a port, averaged over time. This
number is the allowed average load.
Peak Bandwidth
Maximum number of bits per second to allow across a port when it is sending or receiving
a burst of traffic. This number limits the bandwidth that a port uses when it is using its burst
bonus.
Burst Size
Maximum number of bytes to allow in a burst. If this parameter is set, a port might gain a
burst bonus if it does not use all its allocated bandwidth. When the port needs more
bandwidth than specified by the average bandwidth, it might be allowed to temporarily
transmit data at a higher speed if a burst bonus is available. This parameter limits the
number of bytes that have accumulated in the burst bonus and transfers traffic at a higher
speed.
HOL-SDC-1410-UPD
Page 234
Teaming and Failover
Click Teaming and failover in the left pane. Again we have the option to override the default virtual
switch settings.
Load Balancing Policy - The Load Balancing policy determines how network traffic is distributed
between the network adapters in a NIC team. vSphere virtual switches load balance only the
outgoing traffic. Incoming traffic is controlled by the load balancing policy on the physical switch.
Route based on the originating virtual port - Select an uplink based on the virtual port IDs
on the switch. After the virtual switch selects an uplink for a virtual machine or a VMkernel
adapter, it always forwards traffic through the same uplink for this virtual machine or
VMkernel adapter.
Route based on IP hash - Select an uplink based on a hash of the source and destination
IP addresses of each packet. For non-IP packets, the switch uses the data at those fields
to compute the hash. IP-based teaming requires that the physical switch is configured with
EtherChannel.
Route based on source MAC hash - Select an uplink based on a hash of the source
Ethernet.
Route based on physical NIC load - Available for distributed port groups or distributed
ports. Select an uplink based on the current load of the physical network adapters
connected to the port group or port. If an uplink remains busy at 75 percent or higher for 30
seconds, the host proxy switch moves a part of the virtual machine traffic to a physical
adapter that has free capacity.
Use explicit failover order - From the list of active adapters, always use the highest order
uplink that passes failover detection criteria. No actual load balancing is performed with
this option.
Network Failure Detection - The method the virtual switch will use for failover detection.
HOL-SDC-1410-UPD
Page 235
Link Status only - Relies only on the link status that the network adapter provides. This
option detects failures such as removed cables and physical switch power failures.
Beacon Probing - Sends out and listens for beacon probes on all NICs in the team, and
uses this information, in addition to link status, to determine link failure.ESXi sends beacon
packets every second. The NICs must be in an active/active or active/standby
configuration because the NICs in an unused state do not participate in beacon probing.
Notify Switches - specifies whether the virtual switch notifies the physical switch in case of a
failover.
Failover - specifies whether a physical adapter is returned to active status after recovering from a
failure.
If failback is set to Yes, the default selection, the adapter is returned to active duty
immediately upon recovery, displacing the standby adapter that took over its slot, if any.
If failback is set to No for a standard port, a failed adapter is left inactive after recovery until
another currently active adapter fails and must be replaced.
You can also override the default virtual switch setting for the Failover order of the physical
adapters.
Cancel the Changes
Since we don't want to make any changes to the port group, click the Cancel button.
HOL-SDC-1410-UPD
Page 236
Conclusion
The vSphere Standard Switch is a simple virtual switch configured and managed at the host level.
This switch provides access, traffic aggregation and fault tolerance by allowing multiple physical
adapters to be bound to each virtual switch.
The VMware vSphere Distributed Switch builds on the capabilities of the vSS and simplifies
management in large deployments by appearing as a single switch spanning multiple associated
hosts. This allows changes to be made once and propagated to every host that is a member of the
switch.
HOL-SDC-1410-UPD
Page 237
Adding and Configuring a vSphere Distributed Switch

This lesson will walk you through adding and configuring a Distributed Switch.
If you're interested in some of the new or advanced features of the vSphere Distributed Switch,
please consider taking HOL-SDC-1402 - vSphere Distributed Switch from A to Z.
Add a vSphere Distributed Switch using the vSphere Web Client

Create a vSphere Distributed Switch on a vCenter Server datacenter to handle networking traffic
for all associated hosts on the datacenter. If your system has complex port group requirements,
create a distributed port group rather than a default port group.
If you watched the video in the last step, you saw how to create a vSphere Distributed Switch
using the vSphere Client. Let's look at how to create on using the vSphere Web Client.
Datacenter Site A
In the Navigator, right-click on Datacenter Site A and select Distributed Switch --> New Distributed
Switch...
HOL-SDC-1410-UPD
Page 238
Name and Location
Keep the default name for the new distributed switch then click Next.
Select version
Make sure Distributed Switch: 6.0.0 is selected and click Next.
HOL-SDC-1410-UPD
Page 239
Edit Settings
Keep the defaults and click Next.
Ready to complete
Review the settings you selected and click Finish.
(Optional) Video: VMware vSphere: Networking - vSphere Distributed Switch

(vDS) (15:15)
In this video, we'll be discussing how to configure the vSphere Distributed Switch. vSphere
Distributed Switches do everything that vSphere Standard Switches do and a whole lot more.
HOL-SDC-1410-UPD
Page 240
Add Hosts to a vSphere Distributed Switch in the vSphere Web

Client
Now htat we have created a vSphere distributed switch, let's add hosts and physical adapters to
create a virtual network.
Select the Networking Tab
Add Hosts
Expand Datacenter Site A until you see the Distributed Switch we just created, DSwitch.
Right-click on DSwitch and select Add and Manage Hosts.
HOL-SDC-1410-UPD
Page 241
Select task
Select Add hosts and click Next.
Select hosts
To add hosts to the Distributed Switch, click the green '+'.
HOL-SDC-1410-UPD
Page 242
Select your Hosts
Select ALL ESXi hosts shown (esx-01a.corp.local and esx-02a.corp.local) and click OK.
Select hosts (cont.)
You should now see the hosts added. Click Next.
HOL-SDC-1410-UPD
Page 243
Select network adapter tasks
Leave the defaults and click Next to continue.
HOL-SDC-1410-UPD
Page 244
Manage physical network adapters
Select vmnic3 under esx-01a.corp.local and click Assign uplink
HOL-SDC-1410-UPD
Page 245
Select an Uplink for vmnic3
Select Uplink 1 and click OK
Confirm Addition
(Optionally) You can add vmnic from an ESXi host (ex. esx-02a.corp.local) that is is NOT "In Use
by Switch" by following the above steps or just click Next to continue.
HOL-SDC-1410-UPD
Page 246
Warning message
If you did not add vmnic from an ESXi host, you will receive this warning. Just click OK to
continue.
Manage virtual network adapters
In your environment, you may choose to migrate virtual network adapters from a vSphere
Standard or Distributed switch to this new one. We won't move anything, just click Next to
continue.
HOL-SDC-1410-UPD
Page 247
Analyze Impact
A check will be made to verify nothing you've done will impact other network dependent services,
like iSCSI. Click Next to continue.
HOL-SDC-1410-UPD
Page 248
Ready to complete
You are now asked to verify the changes you are about to make. Click Finish to commit the
changes.
Manage Hosts on a vSphere Distributed Switch in the vSphere Web

Client
You can change the configuration for hosts and physical adapters on a vSphere distributed switch
after they are added to the distributed switch.
HOL-SDC-1410-UPD
Page 249
Manage Host Networking
Right-click DSwitch in the navigator and select Add and Manage Hosts.
Select Task
On the 'Select tasks' page, select Manage host networking and click Next.
HOL-SDC-1410-UPD
Page 250
Select hosts
Click the green'+' to select the hosts to work with.
Select member hosts
On the 'Select member hosts' page, select esx-01a.corp.local for the task then click OK.
HOL-SDC-1410-UPD
Page 251
Select hosts (cont.)
You should now see esx-01a.corp.local added. Click Next.
Select network adapter tasks
Leave the default selected and click Next to continue.
HOL-SDC-1410-UPD
Page 252
Manage physical network adapters.
We don't need to modify anything here, just click Next to continue.
Manage virtual network adapters
Let's add a VM network on the new switch. Click on "On this switch" and then "New adapter".
HOL-SDC-1410-UPD
Page 253
Select target device
Click the Browse button to select the distributed port group and switch.
Select Network
Click on DPortGroup and click OK.
HOL-SDC-1410-UPD
Page 254
Select target device (cont.)
We can see that DPortGroup has been added. Click Next.
Port Properties
Keep the default values and click Next.
HOL-SDC-1410-UPD
Page 255
IPv4 settings
Click next to continue.
HOL-SDC-1410-UPD
Page 256
Ready to complete
Verify the settings and click Finish.
New vmk added
View the new virtual network adapter we just created. Click Next to continue.
HOL-SDC-1410-UPD
Page 257
Analyze impact
The wizard will again check and see if the changes being made will impact other dependent
network services. Click Next to continue.
HOL-SDC-1410-UPD
Page 258
Ready to complete
Click Finish
Edit General and Advanced vSphere Distributed Switch Settings in

the vSphere Web Client
General settings for a vSphere Distributed Switch include the distributed switch name and the
number of uplink ports on the distributed switch. Advanced settings for a vSphere Distributed
Switch include the Discovery Protocol configuration and the maximum MTU for the switch. Both
general and advanced settings can be configured from the vSphere Web Client.
HOL-SDC-1410-UPD
Page 259
Manage DSwitch Properties
Make sure the DSwitch is selected under the Navigator pane.

Click the Manage tab, then the Settings tab and finally, click Properties
Click Edit.
HOL-SDC-1410-UPD
Page 260
Click General to view the vSphere distributed switch settings.
Here you can modify the following:

Name: You can modify the name of your distributed switch.
Number of Uplinks: Increase or decrease the number uplink ports attached to the distributed
switch. Note that you can also click the Edit uplink names button to give the uplinks meaningful
names.
Number of Ports: This setting cannot be modified. The port count will dynamically be scaled up
or down by default.
Network I/O Control: You can use the drop-down menu to enable or disable Network I/O Control
on the switch.
Description: You can use this field to give a meaningful description of the switch.
HOL-SDC-1410-UPD
Page 261
Click Advanced to view the vSphere distributed switch settings. Click 'OK'.
Click Advanced. Here you will find the following advanced settings for the switch:
MTU (Bytes): Maximum MTU size for the vSphere Distributed Switch. To enable jumbo frames,
set a value greater than 1500 bytes. Make sure you check with your Networking team prior to
modifying this setting in your environment.
Multicast filtering mode
Basic - The distributed switch forwards traffic that is related to a multicast group based on
a MAC address generated from the last 23 bits of the IPv4 address of the group.
IGMP/MLD snooping - The distributed switch forwards multicast traffic to virtual machines
according to the IPv4 and IPv6 addresses of subscribed multicast groups by using
membership messages defined by the Internet Group Management Protocol (IGMP ) and
Multicast Listener Discovery protocol.
Discovery Protocol
Type - Cisco Discovery Protocol, Link Layer Discovery Protocol, or disabled..
Operation - to Listen, Advertise, or Both.
Administrator Contact: Type the name and other details of the administrator for the distributed
switch.
We don't want to make any changes here, just click Cancel.
HOL-SDC-1410-UPD
Page 262
Enable or Disable vSphere Distributed Switch Health Check in the

vSphere Web Client
Health check monitors for changes in vSphere Distributed Switch configurations. You must enable
vSphere Distributed Switch Health Check to perform checks on Distributed Switch configurations.
Health Check is available on ESXi 5.1 Distributed Switches and higher. Also, you can only view
Health Check information through the vSphere Web Client 5.1 or later.
Health check
Click on the Health check tab for DSwitch. We can see that Health check is disabled for VLAN
and MTU as well as Teaming and failover.
Click the Edit button.
Edit Health Check Settings
Select Enabled for both and click OK.
HOL-SDC-1410-UPD
Page 263
Distributed Port Groups

A distributed port group specifies port configuration options for each member port on a vSphere
distributed switch. Distributed port groups define how a connection is made to a network.
New Distributed Port Group
Right-click the DSwitch in the navigator and select Distributed Port Group --> New Distributed Port
Group.
Select name and location section
Name the new port group 'WebVMTrafic and click Next.
HOL-SDC-1410-UPD
Page 264
Configure settings
When creating a Distributed Port Group, you have the following options available:
Port binding - Choose when ports are assigned to virtual machines connected to this distributed
port group.
Static binding - Assign a port to a virtual machine when the virtual machine connects to the
distributed port group.
Dynamic binding - Assign a port to a virtual machine the first time the virtual machine
powers on after it is connected to the distributed port group. Dynamic binding has been
deprecated since ESXi 5.0.
Ephemeral - No port binding. You can assign a virtual machine to a distributed port group
with ephemeral port binding also when connected to the host.
Port allocation
Elastic - The default number of ports is eight. When all ports are assigned, a new set of
eight ports is created. This is the default.
Fixed - The default number of ports is set to eight. No additional ports are created when all
ports are assigned.
Number of ports: Enter the number of ports on the distributed port group.
Network resource pool: If you have created network pool to help control network traffic, you can
select it here.
VLAN: Use the Type drop-down menu to select VLAN options:
None - Do not use VLAN.
VLAN - In the VLAN ID field, enter a number between 1 and 4094.
HOL-SDC-1410-UPD
Page 265
VLAN Trunking - Enter a VLAN trunk range.

Private VLAN - Select a private VLAN entry. If you did not create any private VLANs, this
menu is empty.
Advanced: Select this check box to customize the policy configurations for the new distributed
port group.
Just accept the defaults and click Next to continue.
Ready to complete
Review your settings and click Finish to create the Distributed Port Group.
HOL-SDC-1410-UPD
Page 266
View the new Distributed Port Group
In the Navigator, expand out DSwitch and you will see the newly created WebVMTraffic Distributed
Port Group.
HOL-SDC-1410-UPD
Page 267
Using Host Lockdown Mode

To increase the security of your ESXi hosts, you can put them in lockdown mode.
When you enable lockdown mode, no users other than vpxuser have authentication permissions,
nor can they perform operations against the host directly. Lockdown mode forces all operations to
be performed through vCenter Server.
When a host is in lockdown mode, you cannot run vSphere CLI commands from an administration
server, from a script or from vMA against the host. External software or management tools might
not be able to retrieve or modify information from the ESXi host.
Lockdown mode is only available on ESXi hosts that have been added to vCenter Server. You can
enable lockdown mode using the Add Host wizard to add a host to vCenter Server, using the
vSphere Web Client to manage a host or using the Direct Console User Interface (DCUI).
NOTES:
Users with the DCUI Access privilege are authorized to log in to the Direct Console User Interface
(DCUI) when lockdown mode is enabled. When you disable lockdown mode using the DCUI, all
users with the DCUI Access privilege are granted the Administrator role on the host. The DCUI
Access privilege is granted in Advanced Settings on the host.
If you enable or disable lockdown mode using the Direct Console User Interface (DCUI),
permissions assigned to users and groups on the host are discarded. To preserve these
permissions you must enable and disable lockdown mode using the vSphere Client connected to
vCenter Server.
Enabling or disabling lockdown mode affects which types of users are authorized to access host
services, but it does not affect the availability of those services. In other words, if the ESXi Shell,
SSH, or Direct Console User Interface (DCUI) services are enabled they will continue to run
whether or not the host is in lockdown mode.
HOL-SDC-1410-UPD
Page 268
From the Navigator, select the Hosts and Clusters tab.

Next, select esx-01a.corp.local.
HOL-SDC-1410-UPD
Page 269
Security Profile
Before we configure Host Lockdown Mode, let's verify the SSH service is running on
esx-01a.corp.local.
Start by clicking Manage and Settings for esx-01a. Then click Security Profile under System.
HOL-SDC-1410-UPD
Page 270
Verify SSH is Enabled
You will need to scroll down a bit until you see the Services section.
We can see that the SSH service is enabled and running on esx-01a.corp.local.
Open an SSH session to esx-01a
Let's verify we can login to esx-01a using an SSH connection.

From the Windows Taskbar, click on the PuTTY icon.
HOL-SDC-1410-UPD
Page 271
Connect to esx-01a
Under Saved Sessions, click on esx-01a.corp.local and click the Open button.
HOL-SDC-1410-UPD
Page 272
Logged into esx-01a
You will be automatically logged in to esx-01a.corp.local because we have configured public-key

authentication from the ControlCenter machine to the ESXi host.
HOL-SDC-1410-UPD
Page 273
Close the PuTTY Session
Close the PuTTY session by typing 'exit' and hitting Enter. Once you hit Enter, the PuTTY window
will disappear.
HOL-SDC-1410-UPD
Page 274
Enabling Lockdown Mode
Back in the vSphere Web Client, you will need to scroll down a bit until you see the Lockdown
Mode section.
Click on the Edit button.
HOL-SDC-1410-UPD
Page 275
Lockdown Mode
Click the Normal radio button and click Next.

Note: You do have the option of designating Exception Users.
Lockdown Mode Enabled
Wait for the vSphere Web Client to refresh to see that Lockdown Mode has been enabled.
HOL-SDC-1410-UPD
Page 276
PuTTY Session to esx-01a
Using the same steps we used above, open the PuTTY application from the Windows Taskbar.
Click on esx-01a.corp.local under Saved Sessions and click Open.
HOL-SDC-1410-UPD
Page 277
Denied!
You should receive an error when trying to connect to esx-01a.corp.local. The host has been
configured with Host Lockdown Mode and will refuse any remote connections, unless those users
were added to the Exception User list.
Click OK and close PuTTY by clicking the 'X' in the top right-hand corner of the window.
HOL-SDC-1410-UPD
Page 278
Disable Lockdown Mode
Back in the vSphere Web Client, click on the Edit button again under Lockdown Mode.
Check the 'Disabled' check box. Click 'OK'.
Check the Disabled radio button and OK to continue.
HOL-SDC-1410-UPD
Page 279
Host Lockdown Mode Disabled
Lockdown Mode for the host should now be disabled.

Host Lockdown Mode provides an excellent way to further secure your vSphere hosts. For more
details, you can view the following video.
This concludes this lesson on Host Lockdown Mode.
Video: Enable vSphere Host Lockdown Mode for VMware vSphere

(4:48)
This video shows how to secure VMware vSphere hosts with Lockdown Mode in order to limit
direct access to the host console and require administrators manage hosts through vCenter
Server.
HOL-SDC-1410-UPD
Page 280
Configuring the Host Services and Firewall

This lesson includes a short video on how to use the VMware ESXi firewall.
Video: Configure vSphere Host Firewall for VMware vSphere (4:34)

This video shows how to use the VMware ESXi Firewall on the vSphere host to block incoming
and outgoing communication and to manage the services running on the host.
HOL-SDC-1410-UPD
Page 281
User Access and Authentication Roles

VMware recommends that you create roles to suit the access control needs of your environment.
If you create or edit a role on a vCenter Server system that is part of a connected group in Linked
Mode, the changes that you make are propagated to all other vCenter Server systems in the
group.
Create a Role in the vSphere Web Client

In the following steps, we will create a Role in the vSphere Client that we can assign rights to.
Administration
In the vSphere Web Client, click the Home icon and select Administration.
HOL-SDC-1410-UPD
Page 282
Roles
Verify the Roles tab is selected.
Create a Role
Click the green '+' to create a role.
HOL-SDC-1410-UPD
Page 283
Role name
1. Name the role 'HOL Role'

2. Tick the All Privileges box
3. Click the OK button to create the new role
Edit a Role in the vSphere Web Client

When you edit a role, you can change the privileges selected for that role. When completed,
these privileges are applied to any user or group that is assigned the edited role. In Linked Mode,
the changes you make are propagated to all other vCenter Server systems in the group. However,
assignments of roles to specific users and objects are not shared across linked vCenter Server
systems.
HOL-SDC-1410-UPD
Page 284
Edit HOL Role
1. Click on the role "HOL Role" to select it

2. Click the Edit button
HOL-SDC-1410-UPD
Page 285
Remove Permissions
Let's say that your company has separate teams to manage networking and storage, so the HOL
Role does not need access to either of them.
Uncheck the boxes for Networking and Storage views and click OK.
Clone a Role in the vSphere Web Client

You can make a copy of an existing role, rename it, and edit it. When you make a copy, the new
role is not applied to any users, groups or objects -- it does not inherit anything from the parent
except the settings. In Linked Mode, the changes are propagated to all other vCenter Server
systems in the group, but assignments of roles to specific users and objects are not shared across
linked vCenter Server systems.
HOL-SDC-1410-UPD
Page 286
Clone a Role
1. Click on the role "HOL Role" to select it

2. Click the Clone button
HOL-SDC-1410-UPD
Page 287
Role name and privileges
1. Name the cloned role 'HOL Dev Role' Since we cloned the role, it is missing the Network
and Storage views privileges that the HOL Dev users require.
2. Tick the All Privileges box to restore full Administrative privileges to this role.
3. Click OK to complete the clone
HOL-SDC-1410-UPD
Page 288
New Role Cloned
Rename a Role in the vSphere Web Client

You might rename a role when you change the role's purpose. When you rename a role, no
changes occur to that roles assignments. In Linked Mode, the changes you make to the roles are
propagated to other vCenter Server systems in the group, however roles assignments are not
shared across linked vCenter Server systems.
HOL-SDC-1410-UPD
Page 289
Edit Role Name
Click on the role "HOL Role" to select it and then click the Edit button.
HOL-SDC-1410-UPD
Page 290
New Name
1. Rename the role to 'HOL Admin Role'

2. Click OK
Remove a Role in the vSphere Web Client

When you remove a role that is not assigned to any users or groups, the definition of the role is
removed from the list of roles. When you remove a role that is assigned to a user or group, you
can remove assignments or replace them with an assignment to another role.
NOTE:
Before removing a role from a vCenter Server system that is part of a connected group in Linked
Mode, check the use of that role on the other vCenter Server systems in the group. Removing a
role from one vCenter Server system also removes that role from all other vCenter Server systems
in the group, even if you reassign permissions to another role on the current vCenter Server
system.
HOL-SDC-1410-UPD
Page 291
Delete Role
1. Click on the role "HOL Admin Role" to select it

2. Click the Delete button.
Confirm Deletion
Click Yes to confirm you want to delete this role.
HOL-SDC-1410-UPD
Page 292
Role Deleted
We can see that the role named "HOL Admin Role" has been deleted.
Creating unique and granular roles for users in your organization enables better security for your
vSphere infrastructure.
This concludes this lesson on User Access and Authentication Roles.
HOL-SDC-1410-UPD
Page 293
Understanding Single Sign On

You use vCenter Single Sign-On to authenticate and manage vCenter Server users.
The Single Sign-On administrative interface is part of the vSphere Web Client. To configure Single
Sign-On and manage Single Sign-On users and groups, you log in to the vSphere Web Client as a
user with Single Sign-On administrator privileges. This might not be the same user as the vCenter
Server administrator. Enter the credentials on the vSphere Web Client login page and upon
authentication, you can access the Single Sign-On administration tool to create users and assign
administrative permissions to other users.
In vSphere versions prior to 5.1, users were authenticated when vCenter Server validated their
credentials against an Active Directory domain or the list of local operating system users. As of
vSphere 5.1, users authenticate through vCenter Single Sign On. The default Single Sign-On
administrator for vSphere 5.1 is admin@System-Domain and administrator@vsphere.local for
vSphere 5.5 and higher. The password for this account is the one you specified at installation.
These credentials are used to log in to the vSphere Web Client to access the Single Sign-On
administration tool. You can then assign Single Sign-On administrator privileges to specific users
who are allowed to manage the Single Sign-On server. These users might be different from the
users that administer vCenter Server.
NOTE: Logging in to the vSphere Web Client with Windows session credentials is supported only
for Active Directory users of the domain to which the Single Sign On system belongs.
Single Sign-On Identity Sources

In most cases, vSphere SSO will be deployed to use an external Identity Source for primary
authentication. In this lab environment, SSO has been integrated with Microsoft Active Directory
so that users from the corp.local domain can log in to vSphere using their AD credentials.
In this section, we will look at the configured Identity Sources within Single Sign-on.
HOL-SDC-1410-UPD
Page 294
Log into vSphere Web Client as SSO Admin
Login to the vSphere Web Client with an account which has the SSO Admin privilege:
1.
2.
3.
4.
Click the "Mozilla Firefox" icon from the Control Center desktop
Username - administrator@vsphere.local
Password - VMware1!
Click "Login"
Navigate to Administration
1. Click on the Home icon

2. Select Administration
HOL-SDC-1410-UPD
Page 295
vSphere Single Sign-on Identity Sources
When the machine with the Platform Services Controller (PSC), which runs the Single Sign-On
component, is added to an Active Directory domain, the Identity Source for that domain is
automatically added to SSO.
Click on Configuration in the Single Sign-On section of the Navigator
1. Click on the Identity Sources tab
2. Notice that the corp.local domain is listed as an Active Directory identity source
3. Notice that the vsphere.local domain is listed with an unspecified type. This is the internal
SSO domain.
Users in the domains listed here can be granted permissions within vSphere.
Add a vCenter Single Sign On User with the vSphere Web Client
In the vSphere Web Client, users listed on the Users tab are internal to vCenter Single Sign On.
These users are not the same as local operating system users, which are local to the operating
system of the machine where Single Sign On is installed (for example, Windows). When you add a
Single Sign On user with the Single Sign On administration tool, that user is stored in the Single
Sign On database, which runs on the system where Single Sign On is installed. These users are
part of the SSO domain, by default, "vsphere.local" -- or "System-Domain" for vSphere 5.1. Exactly
one system identity source is associated with an installation of Single Sign On.
HOL-SDC-1410-UPD
Page 296
List Current Users and Add New User
Login to the vSphere Web Client as the administrator@vsphere.local user with password
VMware1! and navigate to the Administration section, as indicated in the previous exercise.
1. Click on Users and Groups under Single Sign-On
2. On the Users tab, click the New User icon.
HOL-SDC-1410-UPD
Page 297
Enter Properties for New User
Type a user name and password for the new user. Note that the password must meet the
password policy requirements for the system. The policy can be displayed by hovering your
mouse cursor over the "i" icon to the right of the password field.
Enter First name and Last Name, then enter an email address.
Click OK to create the user.
NOTE: You cannot change the user's name after you create the user. First and Last name are
optional parameters.
Edit a vCenter Single Sign On User with the vSphere Web Client
HOL-SDC-1410-UPD
Page 298
List Current Users
Edit the User
Right-click on the holadmin user and select Edit User.
HOL-SDC-1410-UPD
Page 299
Edit User Properties
Make changes to the user. The password must meet the password policy requirements for the
system.
Click 'OK' to save any changes.
Add a vCenter Single Sign On Group with the vSphere Web Client
In the vSphere Web Client, groups listed on the Groups tab are internal to vCenter Single Sign On.
A group lets you create a container for a collection of group members called principals. When you
add a Single Sign On group with the Single Sign On administration tool, the group is stored in the
Single Sign On database. The database runs on the system where Single Sign On is installed.
These groups are part of the identity source domain vsphere.local (the dafault for vSphere 5.5 and
higher), or System-Domain for vSphere 5.1.
Group members can be users or other groups, and a group can contain members from across
multiple identity sources. After you create a group and add principals, you apply permissions to the
group. Members of the group inherit the group permissions.
HOL-SDC-1410-UPD
Page 300
List Current Users
List the Groups
1. Select the Groups tab

2. Click the Add Group icon (the green "+")
HOL-SDC-1410-UPD
Page 301
Create the new group
Enter a name and description for the group. You cannot change the group name after you create
the group.
Click OK to create the group
Add Members to a vCenter Single Sign On Group in the vSphere

Web Client
Members of a vCenter Single Sign On group can be users or other groups from one or more
identity sources. Members of a group are called principals. Groups listed on the Groups tab in the
vSphere Web Client are internal to Single Sign On and are part of the identity source SystemDomain. You can add group members from other domains to a local group. You can also nest
groups.
HOL-SDC-1410-UPD
Page 302
List Current Users and Groups
HOL-SDC-1410-UPD
Page 303
List Current Groups
1.
2.
3.
4.
Click the Groups tab

Enter HOL into the search box and press Enter to filter the list
Click the HOL Group group
In the Group Members section, click the Add member icon
HOL-SDC-1410-UPD
Page 304
Add the holadmin User to the HOL Group
1.
2.
3.
4.
5.
Verify that the vsphere.local domain is selected

Enter HOL into the search box and press Enter
Select the holadmin user from the list
Click the Add button
Click OK to complete adding the user to the group.
Assign Global Permissions

Once identity sources, users and groups have been configured, they must be assigned
permissions in order to be useful in vSphere.
HOL-SDC-1410-UPD
Page 305
List Global Permissions
1. Click on the Global Permissions item under Access Control
2. Click the Manage tab
SSO provides the ability to grant Global Permissions to an account by specifying the required
access here. In the lab, this list represents the default permissions granted, with the exception of
the CORP.LOCAL\Administrator user that we have added with Administrator permissions to the
entire vSphere infrastructure.
HOL-SDC-1410-UPD
Page 306
Add New Global Permission
The members of the HOL Group will need to manage all virtual machines in the environment, so
we will configure permissions here.
1. Click the green (+) to open the Add New Permission window
2. Click the Add... button
HOL-SDC-1410-UPD
Page 307
Locate the HOL Group
1.
2.
3.
4.
5.
Ensure that the vsphere.local domain is selected

Enter hol in the search box and press Enter to filter the list
Select the HOL Group group
Click the Add button
Click the OK button
HOL-SDC-1410-UPD
Page 308
Configure the Permissions
Permissions are granted to a user for an object by associating a Role with the user. This was
covered in the previous section, User Access and Authentication Roles.
1. Select the Virtual machine power user (sample) role from the Assigned Role list
2. Ensure the Propagate to children box is checked
3. Click OK
HOL-SDC-1410-UPD
Page 309
Verify the change
Note that the HOL Group has been granted Virtual machine power user access to all child objects
in the infrastructure.
If you would like to test this further, logout of the Web Client and log back in as the
holadmin@vsphere.local user with the password you used when creating the account. Notice
that access to the infrastructure is restricted to basic management of virtual machines.
REFERENCE - Unlock vCenter Single Sign On Users in the vSphere

Web Client
A vCenter Single Sign On user account might be locked when a user exceeds the allowed number
of failed login attempts. After a user account is locked, the user cannot log in to the Single Sign On
system until the account is unlocked, either manually or after a certain amount of time has
elapsed.
You specify the conditions under which a user account is locked in the Single Sign On Lockout
Policy. Locked user accounts appear on the Users and Groups administration page. Users with
appropriate privileges can manually unlock Single Sign On user accounts before the specified
amount of time has elapsed. You must be a member of the Single Sign On Administrators group to
unlock a Single Sign On user.
HOL-SDC-1410-UPD
Page 310
Locked Out User
By default, after three failed login attempts, the Users' account is locked.
In the lab, this policy has been disabled in order to prevent login issues that frequently occur with
non-US keyboards.
This section has been included for reference purposes only.
Unlocking a User
Login to the vSphere Web Client as a user with SSO Admin privileges and navigate to the Users
list.
1. Locate the locked user account -- it will show as "Yes" in the "Locked" column.
2. Right-click on the locked user and select 'Unlock'
Log out of the Web Client.
Change Your Password in the vSphere Web Client

Depending on your vCenter Single Sign On privileges, you might not be able to view or edit your
Single Sign On user profile. However, all users can change their Single Sign On passwords in the
vSphere Web Client. The password policy defined in the vCenter Single Sign-On configuration
tool determines when your password expires. By default, Single Sign-On passwords expire
HOL-SDC-1410-UPD
Page 311
after 90 days in vSphere 6, but your system administrator might change this depending on the
policy of your organization. If you choose to keep the defaults, remember to change the password
for the administrator@vsphere.local account password every 90 days or it will lock out on day 91.
Change Password
In the upper navigation pane, click your user name to pull down the menu.
Change Password Dialog
Select Change Password and type your current password.

Enter a new password.
Type a new password and confirm it.
Click the OK button to make the change.
Conclusion
Typically, user accounts will not be managed natively within the SSO domain, but will be handled
by an external directory source like Microsoft Active Directory or OpenLDAP. Understanding how
SSO handles accounts and where to look for account-to-permission binding is useful for managing
a vSphere implementation.
HOL-SDC-1410-UPD
Page 312
Adding an ESXi Host to Active Directory

In this lesson, we will walk through the process of adding an ESXi host to Active Directory.
Configure a Host to Use Active Directory in the vSphere Web Client

In this lesson, we walk through the process of adding an vSphere Host to authenticate again
Active Directory.
Hosts and Clusters
Click on the Home icon and select Hosts and Clusters.
HOL-SDC-1410-UPD
Page 313
esx-01a.corp.local
Click on esx-01a.corp.local.
TCP/IP Configuration
Click on the Manage tab, then the Networking tab and finally the TCP/IP configuration tab.
HOL-SDC-1410-UPD
Page 314
Edit Default System Stack
Click on Default under System stacks and click the edit button.
DNS configuration
Click on the DNS configuration tab.

We will need to verify that the host name and DNS server information for the host are correct.
Click 'OK'.
Add a Host to a Directory Service Domain in the vSphere Web Client

Now that we have verified the network settings are correct, let's add the host to Active Directory.
HOL-SDC-1410-UPD
Page 315
Settings
Click on the Settings tab and then Authentication Services.
HOL-SDC-1410-UPD
Page 316
Join Domain
Click the Join Domain button.
Join Domain Settings
Enter corp.local for the Domain.
HOL-SDC-1410-UPD
Page 317
In the Using Credentials section enter:

Username: administrator
Password: VMware1!
Click OK.
Added to Active Directory
After a few moments, you should see the screen refresh and The Authentication Services section
update to show the host s now connected to the Active Directory domain.
(Optional) Video: Add VMware vSphere Hosts to Active Directory

(3:40)
This video shows how to join a VMware vSphere host to a Microsoft Active Directory (AD) domain
in order to allow admins to use their active directory credentials to access and manage hosts.
Conclusion
This concludes Module 3 - An Introduction to vSphere Networking and Security . We hope you
have enjoyed taking this lab. Please remember to take the survey at the end.
HOL-SDC-1410-UPD
Page 318

HOL-SDC-1410-UPD
Page 319
Module 4 - Introduction to vSphere Storage

(60 Min)
HOL-SDC-1410-UPD
Page 320
vSphere Storage Overview

The following lesson provides an overview of the different types of storage available in vSphere.
The vSphere Hypervisor, ESXi, provides host-level storage virtualization, which logically abstracts
the physical storage layer from virtual machines.
A vSphere virtual machine uses a virtual disk to store its operating system, program files, and
other data associated with its activities. A virtual disk is a large physical file, or a set of files, that
can be copied, moved, archived, and backed up as easily as any other file. You can configure
virtual machines with multiple virtual disks.
To access virtual disks, a virtual machine uses virtual SCSI controllers. These virtual controllers
include BusLogic Parallel, LSI Logic Parallel, LSI Logic SAS, and VMware Paravirtual. These
controllers are the only types of SCSI controllers that a virtual machine can see and access.
Each virtual disk resides on a vSphere Virtual Machine File System (VMFS) datastore or an NFSbased datastore that are deployed on physical storage. From the standpoint of the virtual machine,
each virtual disk appears as if it were a SCSI drive connected to a SCSI controller. Whether the
actual physical storage device is being accessed through parallel SCSI, iSCSI, network, Fibre
Channel, or FCoE adapters on the host is transparent to the guest operating system and to
applications running on the virtual machine.
The vSphere storage management process starts with storage space that your storage
administrator allocates on different storage systems prior to vSphere ESXi assignment. vSphere
supports two types of storage - Local and Networked. Each type is detailed in the following lesson
steps.
Local Storage
The illustration above depicts virtual machines using Local VMFS storage directly attached to a
single ESXi host.
HOL-SDC-1410-UPD
Page 321
Local storage can be internal hard disks located inside your ESXi host, or it can be external
storage systems located outside and connected to the host directly through protocols such as SAS
or SATA.
Networked Storage
The illustration above depicts virtual machines using networked VMFS storage presented to
multiple ESXi hosts.
Networked storage consists of external storage systems that your ESXi host uses to store virtual
machine files remotely. Typically, the host accesses these systems over a high-speed storage
network. Networked storage devices are typically shared. Datastores on networked storage
devices can be accessed by multiple hosts concurrently, and as a result, enable additional
vSphere technologies such as High Availability host clustering, Distributed Resource Scheduling,
vMotion and Virtual Machines configured with Fault Tolerance. ESXi supports several networked
storage technologies - Fiber Channel, iSCSI, NFS, and Shared SAS.
HOL-SDC-1410-UPD
Page 322
Virtual Machine Disks
The illustration above depicts virtual machines using different types of virtual disk formats against
a shared VMFS Datastore.
When you perform certain virtual machine management operations, such as creating a virtual disk,
cloning a virtual machine to a template, or migrating a virtual machine, you can specify a
provisioning policy for the virtual disk file format. There are three types of virtual disk formats:
Thin Provision
Use this format to save storage space. For the thin disk, you provision as much datastore space
as the disk would require based on the value that you enter for the disk size. However, the thin
disk starts small and at first, uses only as much datastore space as the disk needs for its initial
operations.
Thick Provision Lazy Zeroed
Creates a virtual disk in a default thick format. Space required for the virtual disk is allocated when
the virtual disk is created. Data remaining on the physical device is not erased during creation, but
is zeroed out on demand at a later time on first write from the virtual machine.
Using the thick-provision, lazy-zeroed format does not zero out or eliminate the possibility of
recovering deleted files or restoring old data that might be present on this allocated space. You
cannot convert a thick-provisioned, lazy-zeroed disk to a thin disk.
HOL-SDC-1410-UPD
Page 323
Thick Provision Eager Zeroed

A type of thick virtual disk that supports clustering features such as Fault Tolerance. Space
required for the virtual disk is allocated at creation time. In contrast to the thick-provision, lazyzeroed format, the data remaining on the physical device is zeroed out when the virtual disk is
created. In general, it takes much longer to create disks in this format than to create other types of
disks.
Additional vSphere Storage Labs

This module includes several lessons directed at configuring and using vSphere storage elements.
Please continue to any of the following labs for additional information and hands-on access:
Creating and Configuring vSphere Datastores

Managing Virtual Machine Disks
Working with Virtual Machine Snapshots
Cloning Virtual Machines and Using Templates
vSphere Replication Overview
HOL-SDC-1410-UPD
Page 324
Creating and Configuring vSphere Datastores

This lab will walk you through creating and configuring a NFS, and an iSCSI vSphere Datastore.
Also adding and configuring an iSCSI software adapter.
NOTE: If you are using a device with non-US keyboard layout, you might find it difficult to enter CLI
commands, user names and passwords throughout the modules in this lab. Refer to the file README.txt on
the desktop for additional information on resolving the keyboard issue. You may also use the "Send Text to
Console" feature in the VMware Hands-on Lab portal. Simply copy the text from the lab manual and paste into
the "Send Text to Console" control. When you press the "Send" button, the text will be sent to the in-focus
window inside your lab VM.

This step will walk you through logging into the vSphere Web Client.
Launch Mozilla Firefox web browser

1. Select "Mozilla Firefox" from the Control Center desktop
HOL-SDC-1410-UPD
Page 325
Enter credentials and login

Note: Selecting "Use Windows session authentication" will pass the same credentials as entering
them as username "CORP\Administrator" and password "VMware1!"
1. Select "Use Windows session authentication"
2. Select "Login"
Navigate to the Storage management pane

This step will take you to the Storage management pane.
From the Home screen

1. Select "Storage" from the inventories pane
HOL-SDC-1410-UPD
Page 326
Drill down to Storage

There are 2 storage datastores configured currently, an ISCSI datastore and a NFS datatstore.
1. Select the "ds-iscsi01" datastore
2. Click on Summary for summary details of the datastore.
Repeat the steps for the "ds-site-a-nfs01" datastore.
Create a vSphere NFS Datastore

In this step, you will create a new vSphere NFS Datastore using a pre-provisioned NFS mount.
HOL-SDC-1410-UPD
Page 327
Launch the New Datastore wizard

1. Select "Datacenter Site A"
2. Select "Actions"
3. Select "Storage"
4. Select "New Datastore"
HOL-SDC-1410-UPD
Page 328
New Datastore - Type

Click the "Next" button to advance the wizard to the "Type" step.
5. Verify type - NFS - is selected, and click "Next"
HOL-SDC-1410-UPD
Page 329
New Datastore - NFS Version

6. Verify NFS Version - NFS 3 - is selected, and click "Next"
HOL-SDC-1410-UPD
Page 330
New Datastore - Name and configuration

7. Give the new Datastore a name, "ds-site-a-nfs02"
8. Enter the Folder "/mnt/NFSA2" in the NFS Share Details area.
9. Enter the Server "10.10.20.60" in the NFS Share Details area and click "Next"
New Datastore - Host accessibility

10. Select the "check box" to include all hosts and select "Next".
HOL-SDC-1410-UPD
Page 331
New Datastore - Ready to complete

12. Review New Datastore configuration and click "Finish"
Monitor task progress

13. You can follow the progress in the Recent Tasks pane
14. Press the "Refresh" icon to update the display.
When complete, you should see the new ds-site-a-nfs02 Datastore available for use
HOL-SDC-1410-UPD
Page 332
Review new Datastore Settings

1. Select the datastore ds-site-a-nfs02 from the inventory list
2. Select "Summary" to review capacity and configuration details
Create a vSphere iSCSI Datastore

In this step, you will create a new vSphere iSCSI Datastore with a pre-provisioned iSCSI LUN.
HOL-SDC-1410-UPD
Page 333
Launch the New Datastore wizard

1. Select "Datacenter Site A"
2. Select "Actions"
3. Select "Storage"
4. Select "New Datastore"
HOL-SDC-1410-UPD
Page 334
New Datastore - Type

Select "Next" to advance to the "Type" page of the wizard.
5. Verify type - VMFS - is selected, and click "Next"
HOL-SDC-1410-UPD
Page 335
New Datastore - Name and configuration

6. Give the new Datastore a name, "ds-iscsi02"
7. Select a Host to view the accessible disks/LUNs and select esx-01a.corp.local in the drop-down
box.
HOL-SDC-1410-UPD
Page 336
New Datastore - Name and device configuration

From this view, we can see that there are existing datastores that can be presented to our
vSphere environment.
8. Select the device with LUN ID 2. In this case, it should be the only device visible with a
"FreeBSD" prefix.
Click "Next"
HOL-SDC-1410-UPD
Page 337
New Datastore - Partition Configuration

We can use all available capacity for this datastore or change the size if needed. The defaults are
fine for this step.
Select Next
HOL-SDC-1410-UPD
Page 338
New Datastore - Ready to complete

12. Review New Datastore configuration and click "Finish
New Datastore - Monitor task progress

13. Note the progress in the Recent Tasks pane
14. When complete, you should see the "ds-iscsi02" Datastore available for use
HOL-SDC-1410-UPD
Page 339
New Datastore - Review Settings

1. Select the datastore ds-iscsi02 from the inventory list
2. Select "Summary" to review capacity and configuration details
Note that host esx-02a.corp.local may display a warning about a deprecated VMFS volume found
on the host. This is a cosmetic issue only.
Add a new ESXi host

In this section, we will add a new ESXi host, esx-03a.corp.local, to the environment in Site A and
ensure that it has the appropriate storage configured so that it can become a productive member
of the cluster.
HOL-SDC-1410-UPD
Page 340
Hosts and Clusters View
1. Click on the Hosts and Clusters icon to return to that Inventory view
2. Select Cluster Site A
3. Click on Summary to view the cluster's current configuration
Note that there are two hosts in the cluster and DRS is enabled in Partially Automated mode
Begin the Add Host workflow
1. In the Inventory, click on Cluster Site A to select it
HOL-SDC-1410-UPD
Page 341
2. Go to the Actions menu

3. Select Add Host...
Enter the hostname
4. Enter the name of the host to add, esx-03a.corp.local

5. Click Next
HOL-SDC-1410-UPD
Page 342
Enter credentials
6. Enter the username root

7. Enter the pasword VMware1!
8. Click Next
Accept the host's certificate
9. Click Yes to accept the host's certificate
HOL-SDC-1410-UPD
Page 343
Host summary
This is a new host, so the inventory is empty.

10. Click Next
HOL-SDC-1410-UPD
Page 344
Assign the HOL license to the host
11. Click the radio button next to the VMware vSphere with Operations Management 6
Enterprise Plus for vSphere (CPUs) license
12. Ensure the license validates
13. Click Next
HOL-SDC-1410-UPD
Page 345
Configure Lockdown Mode
14. Leave the default Lockdown Mode setting of Disabled and click Next
HOL-SDC-1410-UPD
Page 346
Resource Pool grafting
15. Again, this is a new host with an empty inventory, so leave the default and click Next
HOL-SDC-1410-UPD
Page 347
Finish the Add Host Workflow
16. Click Finish to import the host into vCenter
HOL-SDC-1410-UPD
Page 348
Monitor Progress
The Add Host task can be monitored using Recent Tasks.

Once complete, the esx-03a.corp.local host will show in the inventory in Maintenance Mode. This
has been done intentionally because the host has no storage presented to it and cannot host
virtual machines until storage is presented.
HOL-SDC-1410-UPD
Page 349
Mount NFS Datastores to New Host
The new host, esx-03a.corp.local has been imported but does not currently have any storage
configured. Clicking on the hostname in the Inventory will show the Warning indicated.
In this section, the new host will have NFS storage added to it.
HOL-SDC-1410-UPD
Page 350
Mount NFS Datastore to New Host Wizard
In this case, there are two NFS datastores used by the Cluster Site A cluster. Adding an existing
NFS datastore to a new host is a simple process.
1.
2.
3.
4.
Click on the datastore icon to switch to the Datastores view

Select the ds-site-a-nfs01 datastore in the Inventory
Click on the Actions menu
Select Mount Datastore to Additional Hosts...
HOL-SDC-1410-UPD
Page 351
Mount NFS Datastore - Select Host
5. Click the checkbox to select al of the hosts in the list

6. Click OK
HOL-SDC-1410-UPD
Page 352
Mount NFS Datastore - Monitor Task
The mount task can be monitored using Recent Tasks

Once the mount completes, it can be verified by clicking on the Related Objects (7) and then
Hosts (8)
This will show all hosts in the inventory that have mounted this datastore.
For addtional practice, perform the same steps to mount the other NFS datastore, ds-site-anfs02, to the esx-03a.corp.local host.
Add a Software iSCSI Adapter

In addition to the NFS datastores used by the Cluster Site A cluster, we have iSCSI datastores.
In this section we will add an iSCSI Software Adapter to esx-03a.corp.local and ensure that it
may access the iSCSI datastores.
Add Software iSCSI adapter
1. Select the Hosts and Clusters view icon in the Inventory list to switch the Inventory view
HOL-SDC-1410-UPD
Page 353
2.
3.
4.
5.
6.
7.
Select host esx-03a.corp.local from the Inventory

Select "Manage"
Select "Storage"
Select "Storage Adapters"
Select the green "+" under the Storage Adapters panel to add a storage adapter.
Select "Software iSCSI Adapter".
Confirm Add iSCSI Adapter
8. Select OK to continue
Completed iSCSI Adapter configuration
The new adapter will be added to the host. The process can be monitored using Recent Tasks as
the wizard opens firewall ports and creates the adapter.
9. Once the tasks complete, it may be necessary to refresh the Web Client's view of the
world.
HOL-SDC-1410-UPD
Page 354
Depending on the size of your screen, it may be necessary to scroll the Adapter list to see the new
vmhba33 that was added.
Add iSCSI Target to an ESXi host

iSCSI devices are presented via an iSCSI Target. Think of this as the host for the iSCSI devices.
The ESXi host needs to know where to look for the devices, so this section will go through the
process of pointing the ESXi host at the iSCSI target and discovering which LUNs are available.
Perform Dynamic Discovery

1. Select "Storage Adapters"
2. Select the "vmhba33" adapter in the iSCSI Software Adapters section (you may need to
scroll the list down)
3. Click on "Targets"
4. Click on "Dynamic Discovery" - notice that the list of iSCSI Servers is currently empty
5. Click "Add"
HOL-SDC-1410-UPD
Page 355
Add Send Target Server

6. Enter the iSCSI Server Address: "10.10.20.60" and select "OK"
HOL-SDC-1410-UPD
Page 356
(Re)Scan the iSCSI storage adapter
Once the new Target has been added, a message will appear in yellow to remind you of the need
to tell the adapter to reach out and query the iSCSI Target.
7. Click on the vmhba33 iSCSI adapter to select it
8. Click the "Rescan this adapter" icon to rescan
HOL-SDC-1410-UPD
Page 357
Verify iSCSI Devices are Visible
9. Once the rescan completes, click on Devices to show the LUNs detected on the iSCSI
Target
Note that there should be two 5.5 GB iSCSI LUNs available from the FreeNAS, corresponding to
our two iSCSI datastores, ds-iscsi01 and ds-iscsi02.
10. These devices will also show up in the Strorage Devices area
HOL-SDC-1410-UPD
Page 358
Verify iSCSI Datastore Availability
11. Click on "Related Objects"

12. Click on "Datastores"
Notice that the two iSCSI datastores are now visible to the esx-03a.corp.local host
(optional) Scan for New Datastores

The ESXi host will periodically refresh its view of the storage and will mount VMFS datastores it
finds If you are in a hurry and don't want to wait for a refresh cycle, you can trigger a rescan of the
environment manually and have it pick up new devices and VMFS datastores.
Scan for new Datastores

1, Select "Storage Devices"
2. Select the rescan button.
HOL-SDC-1410-UPD
Page 359
Confirm Rescan Options

Review the "Rescan Storage" options and click "OK"
Completed Scan
The rescan tasks can be monitored using Recent Tasks. Following the rescan, all available
devices and VMFS datastores should be mounted. These can be verified by visiting the
appropriate locations: the Storage Devices pane for unformatted devices and the Related Objects
> Datastores area for VMFS datastores.
Enable the New Host

Up to this point, the esx-03a.corp.local host has been in Maintenance Mode as its datastores
have been assigned. Now that all of Cluster Site A cluster's datastores have been presented to
this host, it is time to enable the host.
HOL-SDC-1410-UPD
Page 360
Exit Maintenance Mode
There are several ways to take a host out of Maintenance Mode. This process is good ot know
because it can be used to take multiple hosts out of Maintenance Mode (or put them into
Maintenance Mode) simultaneously.
1.
2.
3.
4.
5.
Select the cluster Cluster Site A

Click Related Objects
Click Hosts
Select the host esx-03a.corp.local from the Hosts list
Click the "Exit Maintenance Mode" icon
Ready to Go
After a few seconds, the host will exit Maintenance Mode. If you enabled vSphere HA on the
cluster, the HA agent will be configured and started before the host shows a Status of Normal. The
process occurs fairly quickly, so a refresh of the Web Client may be required to show the current
state.
Note that basic networking for virtual machines, vMotion, and IP Storage have been preconfigured
on this host for the purpose of this lab exercise. Adding the new host to the vds-site-a distributed
HOL-SDC-1410-UPD
Page 361
switch would typically be done prior to taking the host out of Maintenance Mode, but is not
required for this exercise. Feel free to migrate this switch to the VDS if you would like the practice.
This host is now able to handle workloads for the cluster.
HOL-SDC-1410-UPD
Page 362
Storage vMotion
Planned downtime typically accounts for over 80% of datacenter downtime. Hardware
maintenance, server migration, and firmware updates all require downtime for physical servers. To
minimize the impact of this downtime, organizations are forced to delay maintenance until
inconvenient and difficult-to-schedule downtime windows.
The vMotion and Storage vMotion functionality in vSphere makes it possible for organizations to
reduce planned downtime because workloads in a VMware environment can be dynamically
moved to different physical servers or to different underlying storage without service interruption.
Administrators can perform faster and completely transparent maintenance operations, without
being forced to schedule inconvenient maintenance windows. With vSphere vMotion and Storage
vMotion, organizations can:
Eliminate downtime for common maintenance operations.
Eliminate planned maintenance windows.
Perform maintenance at any time without disrupting users and services.
In this lab, you will learn how to work with vMotion and move virtual machines to different hosts
within the cluster.
Storage View
If you are not already logged into the vSphere Web Client:
Click the "Mozilla Firefox" icon from the Control Center desktop
Click the "Use Windows session authentication" check box
Click "Login"
HOL-SDC-1410-UPD
Page 363
1. Go the home screen of the vSphere Web Client by clicking the "Home" icon.
2. Click the "Storage" icon.
List Virtual Machines on a Specified Datastore
1. Navigate to and click on the ds-site-a-nfs01 datastore object in the Datacenter Site A
datacenter managed by the vcsa-01a.corp.local vCenter.
2. Click "Related Objects"
3. Click the "Virtual Machines" tab. You should now have a list of all virtual machines on the
selected datastore.
Note: depending on which lessons you have completed, the available datastores and
virtual machines may be different than the images.
HOL-SDC-1410-UPD
Page 364
Drag and Drop Storage vMotion
The VM TinyLinux-01 is initially on ds-site-a-nfs01 and needs to be moved to ds-iscsi01.

1. Click the TinyLinux-01 VM and continue to hold the left mouse button while dragging the
VM to the ds-iscsi01 datastore object. A green + will appear near the mouse cursor (see
picture) when it is pointing at objects which are suitable targets for the object being moved.
Let go of the mouse button to drop the TinyLinux-01 VM onto the ds-iscsi01 object. The
Migrate wizard will launch to complete the process.
HOL-SDC-1410-UPD
Page 365
Migrate Datastore
1. Select the radio button to "Change storage only". Note that in vSphere 6.0 we do have the
ability to change compute, network, and storage in the same vMotion operation.
2. Click "Next"
HOL-SDC-1410-UPD
Page 366
Storage Policy
1. Note that the ds-iscsi01 datastore is already selected because that's where we dropped
the VM prior to starting the wizard.
2. Click "Next" to accept the settings for the storage move.
3. Click "Finish" on the next screen to start the move.
This operation will take a few minutes. Feel free to monitor the operation within the Recent Tasks
pane or move on to the next step.
HOL-SDC-1410-UPD
Page 367
Confirm Storage vMotion
The Storage vMotion progress can be monitored in the Recent Tasks panel
1. Once complete, click on the ds-iscsi01 datastore and notice that the TinyLinux-01 virtual
machine is listed under its Related Objects.
The virtual machine's storage has been migrated from NFS to iSCSI storage without the need to
take the virtual machine offline.
HOL-SDC-1410-UPD
Page 368
Managing Virtual Machine Disks

When working with Virtual Machines, you can create a virtual disk, use an existing virtual disk, or
create Raw Device Mappings (RDMs), which give your virtual machine direct access to SAN. A
virtual disk comprises one or more files on the file system that appear as a single hard disk to the
guest operating system. These disks are portable among hosts.
You use the "Create Virtual Machine" wizard to add virtual disks during virtual machine creation.
However, in this lab you will work with an existing Virtual Machine in the inventory.
This lab will walk you through the process of adding a new virtual disk to an existing Virtual
Machine. Additionally, you will extend the Virtual Machine's original disk to a larger capacity.

This step will walk you through logging into the vSphere Web Client if you are not already logged
in.
Launch Mozilla Firefox web browser

1. Select "Mozilla Firefox" from the Control Center desktop
HOL-SDC-1410-UPD
Page 369
Enter credentials and login

Note: Selecting "Use Windows session authentication" will pass the same credentials as entering
them as username "CORP\Administrator" and password "VMware1!"
1. Select "Use Windows session authentication"
2. Select "Login"
Navigate to the VMs and Templates management pane

This step will take you to the VMs and Templates management pane.
HOL-SDC-1410-UPD
Page 370

There are several ways to navigate the NGC Web Client to perform management tasks.
1. Select the "Home Icon" from the title bar pane.
2. Select "VMs and Templates"
From this view, we can see that there are several existing Virtual Machines in our vSphere
environment. In the next step, we will add a new virtual disk to the "w12-core" Virtual Machine.
Create a new Virtual Disk

In this step, you will go through the process of creating a new Virtual Disk resource for an existing
Virtual Machine.
HOL-SDC-1410-UPD
Page 371
Launch the Edit Settings wizard

4. Select Virtual Machine "w12-core"
In the action pane, note the original disk configuration - single hard disk with a capacity of 5.00 GB
5. Click "Edit Settings"in the VM Hardware panel
HOL-SDC-1410-UPD
Page 372
Select New Hard Disk to add

6. Select the "New Device" pop up menu
7. Click "New Hard Disk"
Click "Add" to complete the operation.
HOL-SDC-1410-UPD
Page 373
Configure Size and Provisioning settings

8. Decrease the size to "5" GB
9. Click "OK" to create the new virtual disk
HOL-SDC-1410-UPD
Page 374

Note the progress in the Recent Tasks pane
10. When complete, you should see "Hard disk 2" with a capacity of 5.00 GB available to w12-core
VM.
Extend an existing Virtual Disk

In this step, you will extend an existing Virtual Disk for a Virtual Machine.
HOL-SDC-1410-UPD
Page 375

2. In the action pane, click "Edit Settings"
HOL-SDC-1410-UPD
Page 376
Hard disk 1 settings

3. In the Edit Settings wizard, note the capacity for Hard disk 1 is 20 GB.
HOL-SDC-1410-UPD
Page 377
Extend Hard disk 1

4. Click the "up arrow" to increase Hard disk 1 capacity to 22 GB
5. Click "OK"
HOL-SDC-1410-UPD
Page 378

4. Note the progress in the Recent Tasks pane
5. When complete, you should see "Hard disk 1" with a new capacity of 22.00 GB available to the
w12-core virtual machine
HOL-SDC-1410-UPD
Page 379
Review the Virtual Disk Configuration

1. Select "w12-core" from the inventory pane
2. Note each of the configured virtual disks and associated capacity
3. Note that due to Thin Provisioning, the total consumed storage for the virtual disks is only
5.76 GB!
HOL-SDC-1410-UPD
Page 380
Working with Virtual Machine Snapshots

Snapshots preserve the state and data of a virtual machine at the time you take the snapshot.
Snapshots are useful when you must revert repeatedly to the same virtual machine state, but you
do not want to create multiple virtual machines. You can also take multiple snapshots of a virtual
machine to create restoration positions in a linear process. With multiple snapshots, you can save
many positions to accommodate many kinds of work processes. The Snapshot Manager in the
vSphere Web Client provides several operations for creating and managing virtual machine
snapshots and snapshot trees. These operations let you create snapshots, restore any snapshot
in the snapshot hierarchy, delete snapshots, and more.
A Virtual Machine snapshot preserves the following information:
Virtual machine settings - The virtual machine directory, which includes disks that were
added or changed after you took the snapshot.
Power state - The virtual machine can be powered on, powered off, or suspended.
Disk state - State of all the virtual machine's virtual disks.
Memory state (optional) - The contents of the virtual machine's memory.
In this lesson, you will create a Virtual Machine snapshot, make changes to the Virtual Machine's
hardware and configuration state, and then revert back to the original state of the Virtual Machine
by leveraging the vSphere Web Client Snapshot Manager.

HOL-SDC-1410-UPD
Page 381

1. Select "VMs and Templates" from the inventory pane.
HOL-SDC-1410-UPD
Page 382
Open up the Inventory tree

2. Expand the inventory tree
environment. In the next step, we will take a Snapshot of the w12-core Virtual Machine.
Take a Virtual Machine Snapshot

In this step, you'll take a Snapshot of a Virtual Machine.
HOL-SDC-1410-UPD
Page 383
Launch the Take VM Snapshot wizard

2. Select the "Actions" drop down menu and expand "Snapshots"
3. Click "Take Snapshot"
HOL-SDC-1410-UPD
Page 384
Enter a Name and Description for the VM Snapshot

4. In the Take VM Snapshot wizard, provide a name for the Snapshot point - "Snapshot#1"
5. Provide a description for the Snapshot point - "Snapshot taken prior to VM settings change."
6. Click "OK"
HOL-SDC-1410-UPD
Page 385
Launch the Manage VM Snapshots wizard

Note the progress in the Recent Tasks pane
7. Once complete, select the "Actions" drop down menu and expand "Snapshots"
8. Click "Manage Snapshots..."
HOL-SDC-1410-UPD
Page 386
View VM Snapshot details

9. Note the operational state of the VM relative to the Snapshot time line
10. Click "Close"
Change the Virtual Machine Settings

In this step, you will change the Memory configuration for the Virtual Machine.
HOL-SDC-1410-UPD
Page 387

2. Click the "Actions" drop down menu and select "Edit Settings..."
HOL-SDC-1410-UPD
Page 388
Change the Virtual Machine's settings

3. Select the drop down menu for the "Memory" settings
4. Select "4 GB"
HOL-SDC-1410-UPD
Page 389
Review the Virtual Machine's new settings

5. Note the new Memory configuration
Not shown: Click "OK" to commit the memory configuration change.
Revert Virtual Machine settings using the Snapshot Manager

In this step, you revert the Virtual Machine's configuration back to the original state using the
Snapshot Manager.
HOL-SDC-1410-UPD
Page 390
Launch the Manage VM Snapshots wizard

2. Click the "Actions" drop down menu and select "Snapshots"
3. Click "Manage Snapshots..."
HOL-SDC-1410-UPD
Page 391
Select the VM Snapshot to Revert to

4. In the Manage VM Snapshots wizard, select "Snapshot#1" from the Snapshot tree
5. Click "Revert to"
HOL-SDC-1410-UPD
Page 392
Confirm Revert to Snapshot

6. Click "Yes" to confirm action
HOL-SDC-1410-UPD
Page 393
Close the Manage VM Snapshots wizard

7. Click "Close"
HOL-SDC-1410-UPD
Page 394

8. Note the progress in the Recent Tasks pane.
9. Note the Memory configuration has reverted back to 1024 MB
Delete Snapshot
From the "Actions" menu select "Snapshots" and "Manage Snapshots..."
HOL-SDC-1410-UPD
Page 395
Delete Snapshot#1
1.
2.
3.
4.
Select the top-level w12-core state.

Click the "Delete All" button
Select "Yes" to confirm the deletion at the pop-up message prompt
Click the "Close" button.
It is a best practice to delete virtual machine snapshots when they are no longer needed. Over
time the snapshot delta can grow to be quite large which could result in issues consolidating the
virtual machine files.
Video: More on Virtual Machine Snapshots (2:33)

For more information on vSphere Virtual Machine Snapshots, be sure to check out the following
video:
HOL-SDC-1410-UPD
Page 396
Cloning Virtual Machines and Using Templates

VMware provides several ways to provision vSphere virtual machines.
One method is to create a single virtual machine and install an operating system on it, and then
use that virtual machine as a base image from which to clone other virtual machines. Cloning a
virtual machine can save time if you are deploying many similar virtual machines. You can create,
configure, and install software on a single virtual machine. You can clone it multiple times, rather
than creating and configuring each virtual machine individually.
Another provisioning method is to clone a virtual machine to a template. A template is a master
copy of a virtual machine that you can use to create and provision virtual machines. Creating a
template can be useful when you need to deploy multiple virtual machines from a single baseline,
but want to customize each system independently of the next. A common value point for using
templates is to save time. If you have a virtual machine that you will clone frequently, make that
virtual machine a template and deploy your virtual machines from that template.
In this lesson, you will clone an existing Virtual Machine to a Template, and deploy a new Virtual
Machine from that Template.

HOL-SDC-1410-UPD
Page 397

1. Select "VMs and Templates" from the inventories pane
HOL-SDC-1410-UPD
Page 398
Open up the Inventory tree

2. Click the drop down arrows to expand the inventory tree
environment. In the next step, we will clone the TinyLinux-01 Virtual Machine to a Template.
Clone a Virtual Machine to a Template

In this step, you will clone an existing Virtual Machine to a Template.
HOL-SDC-1410-UPD
Page 399
Launch the Clone Virtual Machine to Template wizard

1. Select Virtual Machine "TinyLinux-01"
2. Click on the "Actions" menu
3. Select "Clone"
4. Select "Clone to Template"
HOL-SDC-1410-UPD
Page 400
Select a name and folder

4. In the Clone Virtual Machine to Template wizard, provide a name for the Template - "TinyLinux
Template"
Please leave the location as "Datacenter Site A" for this lab.
5. Click "Next"
HOL-SDC-1410-UPD
Page 401
Select Compute Resource
To avoid warnings about the Virtual Distributed Switch

1. Expand "Cluster Site A"
2. Choose "esx-02a.corp.local"
3. Click "Next"
HOL-SDC-1410-UPD
Page 402
Select Storage
The datastore with the most free space is automatically chosen. Please keep the default "ds-sitea-nfs01". Press the "Next" button.
HOL-SDC-1410-UPD
Page 403
Review the VM Template Settings
Review the VM Template settings and press the "Finish" button.
HOL-SDC-1410-UPD
Page 404

13. Note the progress in the Recent Tasks pane( This task may take a few minutes to complete)
14. Note the new "TinyLinux Template" object in the inventory pane
Deploy a Virtual Machine from a Template

This step will take you through the deployment of a new Virtual Machine from a Template.
HOL-SDC-1410-UPD
Page 405
Launch the Deploy From Template wizard

1. Select the Template, "TinyLinux Template"
2. Select the "Getting Started" tab
3. Under Basic Tasks in the action pane, click "Deploy to a new virtual machine"
HOL-SDC-1410-UPD
Page 406
Select a name and folder

1. Enter "TinyLinux-02" for the name of the new virtual machine
2. Leave the default location of "Datacenter Site A"
3. Click the "Next" button
HOL-SDC-1410-UPD
Page 407
Select compute resource

4. Expand "Cluster Site A"
5. Select "esx-02a.corp.local" to avoid the virtual distributed switch
6. Click "Next"
HOL-SDC-1410-UPD
Page 408
Select storage
7. Leave the default datastore which has the most free space
8. Click "Next"
HOL-SDC-1410-UPD
Page 409
Select clone options

Leave the clone options unchecked. In order to manage the time to complete this module, the
"TinyLinux-01 Template" has no OS installed and so it will not be possible to customize the guest.
As a challenge, you may create a template of the "w12-core" VM and then explore the options for
guest customization. The "w12-core" VM will take 20 minutes or so to clone so converting the VM
to a template then cloning a new VM from that template with guest customization will save some
time.
9. Click "Next"
HOL-SDC-1410-UPD
Page 410
Ready to complete
Review the deployment options and then click "Finish".
HOL-SDC-1410-UPD
Page 411

10. Note the progress in the Recent Tasks pane, this task will complete very quickly since there is
no OS installed this VM
11. Note the new "TinyLinux-02" Virtual Machine in the inventory pane
Video: More on Virtual Machine Clones and Templates (4:04)

Take a look at the following video for more information about vSphere Virtual Machine Clones and
Templates:
HOL-SDC-1410-UPD
Page 412
vSphere Datastore Cluster

A vSphere Datastore Cluster balances I/O and storage capacity across a group of vSphere
datastores. Depending on the level of automation desired, Storage Dynamic Resource Scheduler
will place and migrate virtual machines in order to balance out datastore utilization across the
Datastore Cluster.
In this lesson, you will create a vSphere Datastore Cluster using two iSCSI datastores.
Navigate to Storage
1. Select the "Home" icon

2. Select "Storage"
HOL-SDC-1410-UPD
Page 413
New Datastore Cluster
3. Right Click on "Datacenter Site A"

4. Select "Storage"
5. Select "New Datastore Cluster"
HOL-SDC-1410-UPD
Page 414
New Datastore Cluster- Name and Location
Enter "DatastoreCluster-01" for the name and select "Next".
HOL-SDC-1410-UPD
Page 415
New Datastore Cluster- Storage DRS Automation
Due to the I/O characteristic of the VMware Hands-on Labs environment, please leave the defaults
and select "Next".
Feel free to explore the various settings for Storage DRS automation.
HOL-SDC-1410-UPD
Page 416
New Datastore Cluster- Storage DRS Runtime Settings
Storage DRS provides multiple options for tuning the sensitivity of storage cluster balancing.
Please leave the defaults for now and select "Next".
HOL-SDC-1410-UPD
Page 417
New Datastore Cluster- Select Clusters and Hosts
Because there are no standalone hosts, please select "Cluster Site A" and then click the "Next"
button.
HOL-SDC-1410-UPD
Page 418
New Datastore Cluster- Select Datastores
Select the "ds-iscsi02" and "ds-iscsi01" datastores for the new Datastore Cluster.
HOL-SDC-1410-UPD
Page 419
New Datastore Cluster- Ready to Complete
Review the Storage DRS settings and click the "Finish" button.
New Datastore Cluster- Summary
View the "Recent Tasks" to check the progress of the operation.
HOL-SDC-1410-UPD
Page 420
Conclusion
Leveraging vSphere Datastore Clusters in your vSphere environment can help to ensure
datastores are filled evenly and I/O is spread out across the group of datastores in the cluster.
Storage DRS can automate the initial placement of new virtual machines and adjust virtual
machine placement to maintain an even distribution of I/O across the datastore cluster.
HOL-SDC-1410-UPD
Page 421
vSphere Data Protection

VMware vSphere Data Protection is a backup and recovery solution for VMware virtual machines.
It is fully integrated with vCenter Server and the vSphere Web Client, providing easy, disk-based
backup and recovery for VMware virtualized environments. All functionality previously available
with VMware vSphere Data Protection Advanced has been consolidated into vSphere Data
Protection 6.0. vSphere Data Protection features industry-leading EMC Avamar variablelength segment deduplication to minimize backup data storage consumption. vSphere Data
Protection virtual appliances can be deployed with up to 8TB of deduplicated backup data
capacity. Changed block tracking (CBT) is utilized for backup and restore to reduce time and
network bandwidth requirements.
vSphere Data Protection now includes agents that enable application-consistent backup and
reliable recovery of Microsoft SQL Server, Microsoft Exchange Server, and Microsoft SharePoint
Server, including SQL Server clusters and Exchange Server database availability groups.
Individual databases can be selected for backup and restore, and it is possible to restore individual
Exchange Server mailboxes.
Secure, efficient replication of backup data between vSphere Data Protection virtual appliances
provides an easy, reliable method to move backup data offsite for disaster recovery. Replicated
backup data can be restored at the target location or replicated back to the source location for
restore. This functionality provides several retention and recovery options to satisfy a wide variety
of business requirements.
The best way to ensure backup data integrity is to perform regular practice restores. This
important activity is seldom performed in many organizations. vSphere Data Protection now
includes automated backup verificationscheduled jobs that routinely restore virtual machines,
boot the guest OSs, check for VMware Tools heartbeats to verify that the virtual machines have
been recovered successfully, and then delete the restored virtual machines.
vSphere Data Protection features support for storing backup data on EMC Data Domain, providing
increased reliability and backup data capacity. EMC DD Boost is utilized to minimize network
bandwidth impact and improve performance.
External proxies are now available with vSphere Data Protection. They can be deployed to remote
locations such as other vSphere clusters within the same site or across sites to help minimize
network bandwidth requirements. External proxies also enable support for as many as 24
concurrent backup streams and for Red Hat Enterprise Linux Logical Volume Manager (LVM) and
the Ext4 file system.
vSphere Data Protection 6.0 is included with vSphere Essentials Plus Kit 6.0 and higher editions
of vSphere, all VMware vSphere with Operations Management 6.0 editions, and all vCloud Suite
6.0 editions.
For more information, consider taking the Hands-on Lab, HOL-SDC-1405 - Business Continuity
and Resilient Infrastructure.
HOL-SDC-1410-UPD
Page 422
vSphere Replication Overview

VMware vSphere Replication, the VMware proprietary replication engine, provides data protection
and disaster recovery for the vSphere platform by replicating virtual machines within the same site
and across sites. It is tightly integrated with vSphere and is managed using vSphere Web Client. It
is included with vSphere Essentials Plus Kit and higher editions of vSphere. Multiple points in time
recovery can be enabled to provide as many as 24 recovery points for a replicated virtual
machine. vSphere Replication is used as a standalone solution and as a replication engine for
VMware vCenter Site Recovery Manager and VMware vCloud Air Disaster Recovery.
The recovery point objective (RPO) can be set on a pervirtual machine basis and can range from
15 minutes to24 hours. After initial synchronization between the source and the target locations,
only changes to the virtual machines are replicated, enabling vSphere Replication to minimize
network bandwidth consumption. New to vSphere Replication in vSphere 6.0 to further improve
efficiency is the option to compress replicated data as it is sent across the network. It is now
possible to easily isolate network traffic associated with vSphere Replication. This enables
vSphere administrators to control bandwidth by configuring more than one network interface card
in a vSphere Replication virtual appliance and by using vSphere Network I/O Control to separate
network traffic. The result is improved performance and security.
Enhancements have been made to the way vSphere Replication performs a full synchronization.
Previous versions of vSphere Replication requested and compared remote checksums with local
checksums to determine the regions of a virtual disk that had to be replicated. With some storage
platforms and vSphere 6.0, vSphere Replication can query vSphere for storage allocation
information, to reduce the amount of time and network bandwidth required to perform a full
synchronization.
vSphere Replication is fully compatible with VMware vSphere Storage vMotion at both the
source and target locations. Prior to vSphere 6.0, moving a replica at the target location required
vSphere Replication to perform a full synchronization. With vSphere 6.0, migrating a replica with
vSphere Storage vMotion no longer requires this. That makes it much easier to balance storage
utilization with vSphere Storage vMotion and VMware vSphere Storage DRS while avoiding
RPO violations.
Improvements have also been made to VMware Tools for Linux virtual machines. With some Linux
OSs, VMware Tools features the ability to quiesce the guest OS during replication and backup
operations. vSphere Replication can utilize this new functionality to enable file systemconsistent
recovery of Linux virtual machines.
To gain hands-on experience with vSphere Replication, consider taking HOL-SDC-1405 - High
Availability and Resilient Infrastructure.
HOL-SDC-1410-UPD
Page 423
Virtual Volumes
Virtual Volumes is a new feature released with vSphere 2015. Virtual Volumes is a new virtual
machine disk management and integration framework that enables array-based operations at the
virtual disk level. It transforms the data plane of SAN and NAS storage systems by aligning
storage consumption and operations with virtual machines. In other words, Virtual Volumes makes
SAN and NAS storage systems capable of being managed at a virtual machine level and enables
the leveraging of array-based data services and storage array capabilities with a virtual
machinecentric approach at the granularity of a single virtual disk.
Virtual Volumes implements a significantly different and improved storage architecture, enabling
operations to be conducted at the virtual machine level using native array capabilities. With Virtual
Volumes, most data operations are offloaded to the storage arrays. Virtual Volumes eliminates the
need to provision and manage large numbers of LUNs or volumes per host. This reduces
operational overhead while enabling scalable data services on a pervirtual machine level.
Storage PolicyBased Management (SPBM) is a key technology that works in conjunction with
Virtual Volumes. This framework delivers an orchestration and automation engine that translates
the storage requirements expressed in a virtual machine storage policy into virtual machine
granular provisioning capabilities with dynamic resource allocation and management of storagerelated services.
Through the integration of VMware vSphere API for Storage Awareness, storage array capabilities
are pushed through the vSphere stack and are surfaced in the vCenter Server management
interface. Using virtual machine storage policies, vSphere administrators can specify a set of
storage requirements and capabilities for any particular virtual machine to match service levels
required by hosted applications. SPBM leverages Virtual Volumes to recommend compliant
datastores for virtual machine placement and to transparently turn on the necessary data services
based on native array capabilities. Through SPBM, virtual machine tailored data services are
executed by the array. Coupled with Virtual Volumes, SPBM ensures policy compliance throughout
the virtual machine life cycle.
To get hands-on experience with Virtual Volumes, consider taking the Hands-on Lab, HOLSDC-1429 - Virtual Volumes. You may also want to review HOL-SDC-1427 - VMware Software
Defined Storage for the Enterprise where you can gain a better understanding of Storage Policy
Based Management.
Conclusion
This concludes Module 4 - An Introduction to vSphere Storage. We hope you have enjoyed taking
this lab and don't forget to take the survey at the end.
HOL-SDC-1410-UPD
Page 424

Hol SDC 1410 Upd PDF en

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Hol SDC 1410 Upd PDF en

Hochgeladen von

Copyright:

Verfügbare Formate

HOL-SDC-1410-UPD

Lab Overview - HOL-SDC-1410 - What's New

Module 1 - What's New with vSphere 6 (90 Minutes)

Reduce Storage Costs

Module 1 - What's New in vSphere 6 (90

What's New in vSphere 6.0?

What's New in vSphere & vCenter 6.0

Scalability - Configuration Maximums

480 Physical CPUs per Host

Scalability - Virtual Hardware v11

Local ESXi Account and Password Management Enhancements

vCenter Server 6.0 Platform Services Controller

What's New in vSphere 6.0 - Networking and Security

Cross vSwitch vMotion

Cross vSwitch vMotion

Cross vCenter vMotion

Long Distance vMotion

Network I/O Control v3

What's New in vSphere 6.0 Storage & Availability

VMware Virtual Volumes

VVOLS - VASA Provider

VVOLS - Storage Container (SC)

VVOLS - Storage Policy-Based Management

vSphere 6.0 Fault Tolerance

The benefits of Fault Tolerance are:

vSphere FT 6.0 New Capabilities

DRS is supported for initial placement of VMs only.

Availability - vSphere Replication

VMware vSphere 6 (4:22)

Open the vSphere Web Client

vCenter Inventory Lists

Now click on the 'Content Libraries' tab.

Finally, click on the 'Objects' tab.

New Library - Name

New Library - Configure library

New Library - Add Storage

New Library - Ready to complete

New Content Library

Adding a VM Template to the Content Library

Clone Template to Library

Adding Template to Library

Open the Tasks Console

Let's monitor the progress by opening the Tasks Console.

Verify the template was added

Now we'll verify the VM Template was added to the library.

Next select the 'Content Libraries' tab.

Open the Content Library

Finally, click on the 'Standard VM Templates' content library.

Synchronizing Content to another vCenter Server

Click on the Home icon and select Hosts and Clusters.

Create New Library

New Library - Name

Name your new library 'vcsa-01a-Templates'.

New Library - Configure Library

This time we will select the 'Subscribed content library' button.

Now we have a choice to make as to how much on the content we download.

New Library - Add storage

New Library - Ready to complete

Newly created Content Library

Monitor the task

Deploy a VM from the Sync'd Library

Open the Content Library on vcsa-01b.corp.local

Click on the Templates tab to view the available Templates.