Beruflich Dokumente
Kultur Dokumente
Table of Contents
Lab Overview - HOL-SDC-1410 - What's New with vSphere 6? ...................................................... 3
Lab Guidance........................................................................................................................ 4
What is Virtualization?........................................................................................................... 5
Module 1 - What's New in vSphere 6 (90 Minutes) ........................................................................ 16
What's New in vSphere 6.0? ............................................................................................... 17
Content Library.................................................................................................................... 33
Migrating a Virtual Machine between Two vCenters ........................................................... 61
vSphere Web Client Enhancements ................................................................................... 78
ESXi Security Enhancements ............................................................................................. 87
vSphere SSL Certificates .................................................................................................... 99
Network I/O Control Enhancements (NIOC) ...................................................................... 113
Module 2 - Introduction to Management with vCenter Server (60 Min) ........................................ 128
What is vSphere? .............................................................................................................. 129
ESXi Install and Configure ................................................................................................ 130
vCenter 6.0 Overview........................................................................................................ 131
Using the vSphere 6.0 Web Client .................................................................................... 136
Using Tagging and Search to Find Objects Quickly .......................................................... 162
Understanding High Availability (HA) and Distributed Resource Scheduler (DRS) .......... 181
vSphere 6.0 Fault Tolerance Provides Continuous Availability ......................................... 192
Monitoring Events and Creating Alarms............................................................................ 194
Configure Shares and Resources ..................................................................................... 205
Module 3 - Introduction to vSphere Networking And Security (60 Min)........................................ 212
vSphere Networking Enhancements ................................................................................. 213
Configuring vSphere Standard Switch .............................................................................. 217
Adding and Configuring a vSphere Distributed Switch ..................................................... 238
Using Host Lockdown Mode ............................................................................................. 268
Configuring the Host Services and Firewall ...................................................................... 281
User Access and Authentication Roles ............................................................................. 282
Understanding Single Sign On .......................................................................................... 294
Adding an ESXi Host to Active Directory .......................................................................... 313
Module 4 - Introduction to vSphere Storage (60 Min) .................................................................. 320
vSphere Storage Overview ............................................................................................... 321
Creating and Configuring vSphere Datastores ................................................................. 325
Storage vMotion ................................................................................................................ 363
Managing Virtual Machine Disks ....................................................................................... 369
Working with Virtual Machine Snapshots .......................................................................... 381
Cloning Virtual Machines and Using Templates ................................................................ 397
vSphere Datastore Cluster ................................................................................................ 413
vSphere Data Protection ................................................................................................... 422
vSphere Replication Overview .......................................................................................... 423
Virtual Volumes ................................................................................................................. 424
HOL-SDC-1410-UPD
Page 2
HOL-SDC-1410-UPD
Page 3
Lab Guidance
This introductory lab demonstrates the core features and functions of vSphere and vCenter 6.0.
This is an excellent place to begin your Virtualization 101 experience.
This lab will walk you through the core features of vSphere and vCenter, including storage and
networking. The lab is broken into three Modules and the Modules can be taken in any order.
NOTE: If you are using a device with non-US keyboard layout, you might find it difficult to enter CLI
commands, user names and passwords throughout the modules in this lab. Refer to the file README.txt on
the desktop for additional information on resolving the keyboard issue.
Each Module will take approximately 60-90 minutes to complete, but based on your experience
this could take more or less time.
We have included videos throughout the modules. To get the most out of these videos, it is
recommenced that you have headphones to hear the audio. The timing of each video is noted next
to the title. In some cases, videos are included for tasks we are unable to show in a lab
environment, while others are there to provide additional information. Some of these videos may
contain an earlier edition of vSphere, however, the steps and concepts are primarily the same.
Lab Captains: Doug Baer, Bill Call, Adam Eckerle, Cleavon Roberts, Dave Rollins and Paul
Schlosser.
HOL-SDC-1410-UPD
Page 4
What is Virtualization?
If you are not familiar with Virtualization, this lesson will give you an introduction to it.
Virtualization:
(noun)
Today's x86 computer hardware was designed to run a single operating system and a single
application, leaving most machines vastly underutilized. Virtualization lets you run multiple virtual
machines on a single physical machine, with each virtual machine sharing the resources of that
one physical computer across multiple environments. Different virtual machines can run different
operating systems and multiple applications on the same physical computer.
HOL-SDC-1410-UPD
Page 5
Virtualization Defined
Virtualization is placing an additional layer of software called a hypervisor on top of your physical
server. The hypervisor enables you to install multiple operating systems and applications on a
single server.
HOL-SDC-1410-UPD
Page 6
Separation
By isolating the operating system from the hardware, you can create a virtualization-based x86
platform. VMware's hypervisor based virtualizaton products and solutions provide you the
fundamental technology for x86 virtualization.
HOL-SDC-1410-UPD
Page 7
Partitioning
In this screen, you can see how partitioning helps improve utilization.
HOL-SDC-1410-UPD
Page 8
Isolation
You can isolate a VM to find and fix bugs and faults without affecting other VMs and operating
systems. Once fixed, an entire VM Restore can be perfomed in minutes.
HOL-SDC-1410-UPD
Page 9
Encapsulation
Encapsulation simplifies management by helping you copy, move and restore VMs by treating
entire VMs as files.
HOL-SDC-1410-UPD
Page 10
Hardware Independence
VMs are not dependent on any physical hardware or vendor, making your IT more flexible and
scalable.
HOL-SDC-1410-UPD
Page 11
Benefits
Virtualization enables you to consolidate servers and contain applications, resulting in high
availability and scalability of critical applications.
HOL-SDC-1410-UPD
Page 12
Simplify Recovery
Virtualization eliminates the need for any hardware configuration, OS reinstallation and
configuration, or backup agents. A simple restore can recover an entire VM.
HOL-SDC-1410-UPD
Page 13
A technology called thin-provisioning helps you optimize space utilization and reduce storage
costs. It provides storage to VMs when it's needed, and shares space with other VMs.
HOL-SDC-1410-UPD
Page 14
Cost Avoidance
HOL-SDC-1410-UPD
Page 15
HOL-SDC-1410-UPD
Page 16
HOL-SDC-1410-UPD
Page 17
At a high level, these are the new features of vSphere and vCenter v6.0.
You will find more details on some of the features below.
HOL-SDC-1410-UPD
Page 18
The Configuration Maximums have increased across the board for vSphere Hosts in 6.0. Each
vSphere Host can now support:
128 vCPUs
4 TB RAM
Hot-add RAM now vNUMA aware
WDDM 1.1 GDI acceleration features
xHCI 1.0 controller compatible with OS X 10.8+ xHCI driver
A virtual machine can now have a maximum of 32 serial ports
Serial and parallel ports can now be removed
HOL-SDC-1410-UPD
Page 19
In the latest release of vSphere 6.0, we expand support for account management on ESXi Hosts.
New ESXCLI Commands:
CLI interface for managing ESXi local user accounts and permissions
Coarse grained permission management
ESXCLI can be invoked against vCenter instead of directly accessing the ESXi host.
Previously, the account and permission management functionality for ESXi hosts was
available only with direct host connections.
Password Complexity:
Previously customers had to manually edit by hand the file /etc/pam.d/passwd, now they
can do it from VIM API OptionManager.updateValues().
Advanced options can also be accessed through vCenter, so there is not need to make a
direct host connection.
PowerCLI cmdlet allows setting host advanced configuration options
Account Lockout:
Security.AccountLockFailures - "Maximum allowed failed login attempts before locking out
a user's account. Zero disables account locking.
Default: 10 tries
Security.AccountUnlockTime - "Duration in seconds to lock out a user's account after
exceeding the maximum allowed failed login attempts.
Default: 2 minutes
HOL-SDC-1410-UPD
Page 20
The Platform Services Controller (PSC) includes common services that are used across the suite.
These include SSO, Licensing and the VMware Certificate Authority (VMCA)
The PSC is the first piece that is either installed or upgraded. When upgrading a SSO
instance becomes a PSC.
There are two models of deployment, embedded and centralized.
Embedded means the PSC and vCenter Server are installed on a single virtual
machine. Embedded is recommended for sites with a single SSO solution such
as a single vCenter.
Centralized means the PSC and vCenter Server are installed on different virtual
machines. Centralized is recommended for sites with two or more SSO solutions
such as multiple vCenter Servers, vRealize Automation, etc. When deploying in
the centralized model it is recommended to make the PSC highly available as to
not have a single point of failure, in addition to utilizing vSphere HA a load balancer
can be placed in front of two or more PSCs to create a highly available PSC
architecture.
The PSC and vCenter servers can be mixed and matched, meaning you can deploy Appliance
PSCs along with Windows PSCs with Windows and Appliance based vCenter Servers. Any
combination uses the PSCs built in replication.
HOL-SDC-1410-UPD
Page 21
More detail on each of these follows as well as details on the improved Network I/O Control
(NIOC) version 3.
Cross vSwitch vMotion allows you to seamlessly migrate a VM across different virtual switches
while performing a vMotion.
No longer restricted by the network you created on the vSwitches in order to vMotion a
virtual machine.
Requires the source and destination portgroups to share the same L2. The IP address
within the VM will not change.
vMotion will work across a mix of switches (standard and distributed). Previously, you
could only vMotion from vSS to vSS or within a single vDS. This limitation has been
removed.
The following Cross vSwitch vMotion migrations are possible:
vSS to vSS
vSS to vDS
vDS to vDS
vDS to VSS is not allowed
Another added feature is that vDS to vDS migration transfers the vDS metadata to the destination
vDS (network statistics).
HOL-SDC-1410-UPD
Page 22
Expanding on the Cross vSwitch vMotion enhancement, we are also excited to announce support
for Cross vCenter vMotion.
vMotion can now perform the following changes simultaneously.
Change compute (vMotion) - Performs the migration of virtual machines across compute
hosts
Change storage (Storage vMotion) - Performs the migration of the virtual machine disks
across datastores
Change network (Cross vSwitch vMotion) - Performs the migration of a VM across different
virtual switches
and finally
Change vCenter (Cross vCenter vMotion) - Performs the migration of the vCenter which
manages the VM.
All of these types of vMotion are seamless to the guest OS. Like with vSwitch vMotion, Cross
vCenter vMotion requires L2 network connectiviy since the IP of the VM will not be changed. This
functionality builds upon Enhanced vMotion and shared storage is not required. Target support for
local (single site), metro (multiple well-connected sites), and cross-continental sites.
HOL-SDC-1410-UPD
Page 23
Long Distance vMotion is an extension of Cross vCenter vMotion however targeted for
environments where vCenter servers are spread across large geographic distances and where the
latency across sites is 100ms or less. Although spread across a long distance, all the standard
vMotion guarantees are honored.
This does not require VVOLs to work. A VMFS/NFS system will work also.
Use Cases:
Migrate VMs across physical servers that spread across a large geographic distance
without interruption to applications
Perform a permanent migration for VMs in another datacenter.
Migrate VMs to another site to avoid imminent disaster.
Distribute VMs across sites to balance system load.
Follow the sun support.
Requirements:
The requirements for Long Distance vMotion are the same as Cross vCenter vMotion,
except with the addition of the maximum latency between the source and destination sites
must be 100 ms or less, and there is 250 Mbps of available bandwidth.
To stress the point: The VM network will need to be a stretched L2 because the IP of the
guest OS will not change. If the destination portgroup is not in the same L2 domain as the
source, you will lose network connectivity to the guest OS. This means in some topologies,
such as metro or cross-continental, you will need a stretched L2 technology in place. The
stretched L2 technologies are not specified. Any technology that can present the L2
network to the vSphere hosts will work, because its unknown to ESX how the physical
network is configured. Some examples of technologies that would work are VXLAN, NSX
L2 Gateway Services, or GIF/GRE tunnels.
There is no defined maximum distance that will be supported as long as the network meets
these requirements. Your mileage may vary, but are eventually constrained by the laws of
physics.
HOL-SDC-1410-UPD
Page 24
The vMotion network can now be configured to operate over an L3 connection. More
details on this are in the next slide.
Network I/O Control Version 3 allows administrators or service providers to reserve or guarantee
bandwidth to a vNIC in a virtual machine or at a higher level the Distributed Port Group.
This ensures that other virtual machines or tenants in a multi-tenancy environment dont impact
the SLA of other virtual machines or tenants sharing the same upstream links.
Use Cases:
Allows private or public cloud administrators to guarantee bandwidth to business units or
tenants. --> This is done at the VDS port group level.
Allows vSphere administrators to guarantee bandwidth to mission critical virtual machines.
--> This is done at the VMNIC level.
HOL-SDC-1410-UPD
Page 25
At a high level, these are the new Storage & Availability features of vSphere 6.0.
You will find more details on some of the features below.
VVOLS changes the way storage is architected and consumed. Using external arrays without
VVOLS, typically the LUN is the unit of both capacity and policy. In other words, you create LUNs
HOL-SDC-1410-UPD
Page 26
with fixed capacity and fixed data services. Then, VMs are assigned to LUNs based on their data
service needs. This can result in problems when a LUN with a certain data service runs out of
capacity, while other LUNs still have plenty of room to spare. The effect of this is that typically
admins overprovision their storage arrays, just to be on the safe side.
With VVOLS, it is totally different. Each VM is assigned its own storage policy, and all VMs use
storage from the same common pool. Storage architects need only provision for the total capacity
of all VMs, without worrying about different buckets with different policies. Moreover, the policy of
a VM can be changed, and this doesnt require that it be moved to a different LUN.
The VASA Provider is the component that exposes the storage services which a VVOLS array can
provide. It also understands VASA APIs for operations such as the creation of virtual volume
files. It can be thought of as the control plane element of VVOLS. A VASA provider can be
implemented in the firmware of an array, or it can be in a separate VM that runs on the cluster
which is accessing the VVOLS storage (e.g., as a part of the arrays management server virtual
appliance)
HOL-SDC-1410-UPD
Page 27
A storage container is a logical construct for grouping Virtual Volumes. It is set up by the storage
admin, and the capacity of the container can be defined. As mentioned before, VVOLS allows you
to separate capacity management from policy management. Containers provide the ability to
isolate or partition storage according to whatever need or requirement you may have. If you dont
want to have any partitioning, you could simply have one storage container for the entire array.
The maximum number of containers depends upon the particular array model.
Instead of being based on static, per-LUN assignment, storage policies with VVOLS are managed
through the Storage Policy-Based Management framework of vSphere. This framework uses the
HOL-SDC-1410-UPD
Page 28
VASA APIs to query the storage array about what data services it offers, and then exposes them
to vSphere as capabilities. These capabilities can then be grouped together into rules and
rulesets, which are then assigned to VMs when they get deployed. When configuring the array,
the storage admin can choose which capabilities to expose or not expose to vSphere.
To get more detailed information on VVOLS consider taking HOL-SDC-1429 - Virtual Volumes
(VVOLS) Setup and Enablement.
HOL-SDC-1410-UPD
Page 29
Backing Up FT VMs
FT VMs can now be backed up using standard backup software, the same as all other VMs (FT
VMs could always be backed up using agents). They are backed up using snapshots through
VADP.
Snapshots are not user-configurable users cant take snapshots. It is only supported as part of
VADP.
HOL-SDC-1410-UPD
Page 30
The features on this slide are new in vSphere Replication (VR) 6.0
Compression can be enabled when configuring replication for a VM. It is disabled by
default.
Updates are compressed at source (vSphere host) and stay compressed until written to
storage. This does cost some CPU cycles on source host (compress) and target storage
host (decompress).
Uses FastLZ compression libraries. Fast LZ provides a nice balance between
performance, compression, and limited overhead (CPU).
Typical compression ratio is 1.7 to 1
Best results when using vSphere 6.0 at source and target along with vSphere Replication (VR) 6.0
appliance(s). Other configurations supported - example: Source is vSphere 6.0, target is vSphere
5.5. vSphere Replication Server (VRS) must decompress packets internally (costing VR appliance
CPU cycles) before writing to storage.
With VR 6.0, VR traffic can be isolated from other vSphere host traffic.
At source, a NIC can be specified for VR traffic. NIOC can be used to control replication
bandwidth utilization.
At target, VR appliances can have multiple vmnics with separate IP addresses to separate
incoming replication traffic, management traffic, and NFC traffic to target host(s).
At target, NIC can be specified for incoming NFC traffic that will be written to storage.
The user must, of course, set up the appropriate network configuration (vSwitches, VLANs,
etc.) to separate traffic into isolated, controllable flows.
VMware Tools in vSphere 2015 includes a freeze/thaw mechanism for quiescing certain Linux
distributions at the file system level for improved recovery reliability. See vSphere documentation
for specifics on supported Linux distributions.
Consider taking HOL-SDC-1405 Module 2 to explore VR 6.0 in more detail.
HOL-SDC-1410-UPD
Page 31
HOL-SDC-1410-UPD
Page 32
Content Library
A new feature introduced in vSphere 2015 is the Content Library. The Content Library are
container objects for VM templates, vApp templates, ISO images and other files across your
vCloud Suite environment. CvSphere administrators can use the templates in the library to deploy
virtual machines and vApps in the vSphere inventory. Sharing templates and files across multiple
vCenter Server instances in same or different locations brings out consistency, compliance,
efficiency, and automation in deploying workloads at scale.
In this lesson, we will walk through the process of creating a Content Library and synchronizing it
to a second vCenter Server.
If you are not already in the vSphere Web Client, launch the Google Chrome browser from the
Desktop.
The vSphere Web Client login page should appear and tick the 'Use Windows session
authentication' box and click 'Login'.
HOL-SDC-1410-UPD
Page 33
Once logged into the vSphere Web Client, click on 'vCenter Inventory Lists'.
Content Libraries
HOL-SDC-1410-UPD
Page 34
Objects
When the New Library wizard appears, start by naming your Content Library
'StandardVMTemplates' and leave the vCenter Server as vcsa-01a.corp.local.
Click 'Next' to continue.
HOL-SDC-1410-UPD
Page 35
There are two options available when creating a Content Library, a Local content library and a
Subscribed content library.
When you choose a Local content library, it will only be accessible in the vCenter Server where it
is created. By default, it is only available to the account that created it. If you select the option
'Publish content library externally', the Content Library can be shared with other users on the same
or other vCenter Server instances. You also have the option to password protect the Content
Library by selecting the 'Enable authentication option.
The Subscribed content library is used to subscribe to a published Content Library. We will be
using this option later to synchronize the Content Library to the second vCenter Server.
For now, we will create a Local content library.
1. Tick the boxes for both 'Publish content library externally' and 'Enable authentication'.
2. In the Password field, use the password VMware1!
When you have finished, click 'Next'.
HOL-SDC-1410-UPD
Page 36
Now we need to decide where to place the new Content Library and we have a few options
available to use.
Enter a local file system path or an NFS URL - With this option, we can use the local
storage of the vCenter Server, running either the appliance version or on Windows. If you
are running the appliance version , this can be an NFS mount. If you are running vCenter
Server on Windows, this can be either a path local to the vCenter Server (ie d:\content
library) or a CIFS share (ie \\vc-w12-01a\content library).
Select a Datastore - with this option, we can use a datastore from our vCenter Server
inventory.
Choose the second option, 'Select a Datastore' and select the 'ds-site-a-nfs01' datastore. Click
'Next'.
HOL-SDC-1410-UPD
Page 37
Verify your settings and click the 'Finish' button to create the new Content Library.
You should now see the newly create Content Library appear.
HOL-SDC-1410-UPD
Page 38
Now that we have created the Content Library, let's add something to it!
Click on the Home icon and select 'VMs and Templates'.
HOL-SDC-1410-UPD
Page 39
Right-click on the linux-micro-02a template and select the 'Clone to Library' option.
HOL-SDC-1410-UPD
Page 40
Under the Filter tab, select the Standard VM Templates content library and click OK.
HOL-SDC-1410-UPD
Page 41
Progress...
You can follow the progress of the task in the Tasks Console. You can see the Template was
cloned to an OVF package, Exported as an OVF template, then transfer to the Content Library.
HOL-SDC-1410-UPD
Page 42
Content Libraries
HOL-SDC-1410-UPD
Page 43
Template Added
Here we can see the template that we just cloned to the content library.
HOL-SDC-1410-UPD
Page 44
Now that we have content to share, let's synchronize it with the second vCenter Server.
Click the Content Libraries back button.
Edit Settings...
Right click on the 'StandardVMTemplates' content library and select 'Edit Settings...'
HOL-SDC-1410-UPD
Page 45
Copy URL
In the Edit Library window, click the 'Copy Link' button next to the subscription URL and click OK.
We will need this when we setup the synchronization to the other vCenter Server.
Home
HOL-SDC-1410-UPD
Page 46
Select vcsa-01b.corp.local
Select the second vCenter Server, 'vcsa-01b.corp.local' and click the Content Libraries tab. you
may have to scroll a bit to the right to see it.
To add the new content library, click the 'Create New Library' button.
HOL-SDC-1410-UPD
Page 47
HOL-SDC-1410-UPD
Page 48
We have the same options here as we did when we created the first content library. Let's stick
with the datastore option.
Choose the 'Select a datastore' radio button and then select the 'ds-site-b-nfs01' datastore.
HOL-SDC-1410-UPD
Page 49
Verify things look good and click 'Finish' to synchronize the content library to vcsa-01b.corp.local.
In a few seconds, you will see your new Content Library appear!
HOL-SDC-1410-UPD
Page 50
Open the Tasks console by selecting the Home icon and then choose Tasks.
Tasks Console
You can see in the Tasks Console the Content Library being created and then synchronized.
You may need to click the refresh button to see an update.
HOL-SDC-1410-UPD
Page 51
Now that we have the Content Library sync'd to the the second vCenter Server, let's deploy a VM
from it.
Start by clicking the Home icon and select Hosts and Clusters.
Click on vcsa-01b.corp.local and make sure you are on the Related Objects tab. Again, you may
have to scroll over the right to see the Content Library tab, but click on it, then click on vcsa-01aTemplates.
HOL-SDC-1410-UPD
Page 52
Click on Templates
Right-click on linux-micro-02a
HOL-SDC-1410-UPD
Page 53
Select a Resource
HOL-SDC-1410-UPD
Page 54
Review Details
Select Storage
In the Select virtual disk format, select 'Thin provision' from the drop-down menu. Also, make sure
you ds-site-b-nfs01 is selected as the datastore.
Depending on what modules in this lab you have completed previously, you may see additional
datastores.
Click Next.
HOL-SDC-1410-UPD
Page 55
Select Networks
Ready to Complete
Review your settings and click Finish to deploy the new VM!
HOL-SDC-1410-UPD
Page 56
Open the Tasks console by selecting the Home icon and then choose Tasks.
Monitor Progress
You can monitor the progress of the new virtual machine being created.
When all tasks have been completed successfully, you may proceed to the next step.
HOL-SDC-1410-UPD
Page 57
HOL-SDC-1410-UPD
Page 58
New VM Created
Expand vcsa-01b.corp.local and Datacenter Site B and you see your newly created VM!
If you are up for a challenge, why not see if you can add the TinyLinux-1 VM to the
StandardVMTemplates Content Library by taking a clone of it. You can then synchronize it the
vcsa-01a-Templates Content Library. The only trick here is that you will need to manually
synchronize the library. The Content Libraries do synchronize, but on regular intervals of 6 hours.
The screen shot above shows the Synchronize Library button that will need to be clicked after the
clone is added to the StandardVMTemplates Content Library in order to manually synchronize it to
the vcsa-01a-Templates Content Library.
HOL-SDC-1410-UPD
Page 59
Conclusion
This concludes this lesson.
HOL-SDC-1410-UPD
Page 60
HOL-SDC-1410-UPD
Page 61
A Familiar View
Feel free to click the push pins for the "Alarms", "Work In Progress" and "Recent Tasks" panes.
This will give you a little more room to work. You open the pane by clicking on the closed pane
and then re-close it by clicking on the closed pane button again.
Click on "Hosts and Clusters".
Focus on linux-micro-01a
Expand both vCenter inventories. The linux-micro-01a virtual machine should be powered on. If
not, please power it on.
HOL-SDC-1410-UPD
Page 62
Expand the "VM Hardware" pane. Notice that a single virtual network adapter is connected to the
"VM Network" portgroup which is on virtual Standard Switch. Click on the "VM Network" link.
Expand the network inventories in both vCenters. There is a virtual Distributed Switch in both data
centers as well as the standard switch. We will migrate the linux-micro-01a VM from the Standard
Switch on esx-01a Site A to the Distributed Switch in Site B.
HOL-SDC-1410-UPD
Page 63
Simply highlight "linux-micro-01a" and click to return to this recently viewed object. This is a new
time-saver in the vSphere 6 Web Client.
HOL-SDC-1410-UPD
Page 64
HOL-SDC-1410-UPD
Page 65
After the ping has started, minimize the Windows command window. The continuous ping will
verify network connectivity during the cross-vCenter vMotion.
HOL-SDC-1410-UPD
Page 66
Open PuTTy from the Windows start bar along the bottom.
1. Select "linux-micro-01a.corp.local"
2. Press the "Load" button
3. Press the "Open" button
Login proceeds
HOL-SDC-1410-UPD
Page 67
Let's start a continuous ping to Control Center from the VM we will be migrating.
Enter 'ping 192.168.110.10'.
Now you are ready to migrate.
Migrate the VM
Minimize the current PuTTy session (don't close it!) and go back to the vSphere Web Client.
Right click on the 'linix-micro-01a' VM and select 'Migrate'.
HOL-SDC-1410-UPD
Page 68
When the Migrate Wizard appears, select "Change both compute resource and storage'. Leave
the default option of 'Select compute resource first' selected.
Click 'Next'.
Expand vcsa-01b.corp.local and select 'Cluster Site B' and click 'Next'.
HOL-SDC-1410-UPD
Page 69
Select storage
On the next screen, you can leave the defaults selected. Just click 'Next' to continue.
Select folder
HOL-SDC-1410-UPD
Page 70
Select network
You may click 'Next' to continue. Remember that the target "VM Network" at Site B is a distributed
port group and the Distributed Virtual Switch and the VM is currently connected to a Virtual
Standard Switch on esx-01a in Site A.
HOL-SDC-1410-UPD
Page 71
Ready to complete
HOL-SDC-1410-UPD
Page 72
Monitor Ping
Switch back to the PuTTy session and Command prompt and watch the pings. You may see a
packet drop or a slightly longer delay during the vMotion cut over. Notice that Layer 2 networking
for the VM Network is stretched between the two sites and that the VM retains its IP address when
it migrates between sites.
HOL-SDC-1410-UPD
Page 73
Go back to the vSphere Web Client and you should now see the 'linux-micro-01a' VM running in
Cluster Site B.
Monitor linux-micro-01a
HOL-SDC-1410-UPD
Page 74
Click on "Related Objects". Notice that "linux-micro-01a" is now connected to the "VM Network"
port group on the "vds-site-b" Virtual Distributed Switch. It was migrated from a Virtual Standard
Switch on Site A.
HOL-SDC-1410-UPD
Page 75
HOL-SDC-1410-UPD
Page 76
Go back to the PuTTy session and press Ctrl+C to end the ping. Next type in 'exit' to terminate the
PuTTy session.
Now go back to the Command Prompt and press Ctrl+C to end the ping. Type 'exit' to close the
Command Prompt.
Conclusion
Cross vCenter vMotion is a powerful new capability with a number of use cases. It could be used
to migrate between legacy Windows vCenter and a new vCenter appliance or anytime if makes
sense to migrate VMs to a completely new set of virtual infrastructure. And of course it can be
used to migrate VMs between data centers for planned maintenance or other business purposes.
HOL-SDC-1410-UPD
Page 77
HOL-SDC-1410-UPD
Page 78
Login to the vSphere Web Client by ticking the 'Use Windows session authentication' and click the
Login button.
You may notice how quickly the login process is compared to earlier versions of the vSphere Web
Client.
The first usability update we'll look at is the new Home drop-down menu. Near the top of the
browser, click the Home icon.
HOL-SDC-1410-UPD
Page 79
With this new drop-down menu, you can easily access any area of the vSphere Web Client from
any screen.
Click on 'Hosts and Clusters'.
Expand vcsa-01a.corp.local
Use the twist arrow to expand vcsa-01a.corp.local until you can see the two hosts and virtual
machines.
HOL-SDC-1410-UPD
Page 80
Right-click on esx-01a.corp
At the bottom of the Navigator, you will now see a link for Recent Tasks. Click on it to open up the
Recent Tasks pane.
HOL-SDC-1410-UPD
Page 81
Recent Tasks
In the Recent Tasks pane, you will find the most recent tasks, updated in real time making it easier
to view. In the Recent Tasks pane, you have the ability to:
1. Pin the Recent Tasks pane to another part of the vSphere Web Client (more in this later!).
2. View additional tasks.
3. Hide the Recent Tasks pane.
If you click on the Thumbnail in the Recent Tasks pane, it will dock it to the bottom of the vSphere
Web Client.
Click on the Thumbnail to give it a try.
HOL-SDC-1410-UPD
Page 82
Customizing the UI
You can also move the Recent Tasks pane (or any other pane) by clicking and dragging the pane
on the title bar.
Left-click and drag anywhere on the Recent Tasks title bar. You'll notice four areas indicating
where you can dock the Recent Tasks pane. Let's move it over the right side by dragging it in the
direction of the right arrow. Move your mouse to the two blue arrows to the right until that side of
the screen turns blue, then click your mouse to move the pane there.
HOL-SDC-1410-UPD
Page 83
You do have the ability to re-size the pane by clicking in the empty space between panes and
dragging it in the desired direction.
HOL-SDC-1410-UPD
Page 84
Move it Back!
In its current position, most of the useful information the Recent Tasks pane provides is cut off.
Let's move it back to its original location on the bottom of the screen by clicking the Recent Tasks
title bar and dragging it to the bottom.
HOL-SDC-1410-UPD
Page 85
That's Better!
This layout seems to work better for me, but it is subject to personal preference which is one of the
best parts of the vSphere Web Client, being able to customize it to how it works best for you.
Lesson Clean Up
To prepare for the next lesson, click on the thumbnail to hide the Recent Tasks pane back to the
bottom of the vSphere Web Client. This will give us more real estate for the lessons that follow. If
the Recent Tasks pane is needed, the lesson will guide you to it.
HOL-SDC-1410-UPD
Page 86
HOL-SDC-1410-UPD
Page 87
host access. These Exception Users are not recommended for general user accounts but are
recommended for use by third-party applicationsService Accounts, for examplethat need
host access when either normal or strict lockdown mode is enabled. Permissions on these
accounts should be set to the bare minimum required for the application to do its task and with an
account that needs only read-only permissions to the ESXi host
Smart Card Authentication to DCUI
This functionality is for U.S. federal customers only. It enables DCUI login access using a
Common Access Card (CAC) and Personal Identity Verification (PIV). An ESXi host must be part
of an Active Directory domain.
In this lesson, we will take a close look at the improved auditing feature in ESXi.
If you are not already in the vSphere Web Client, launch the Google Chrome Browser from the
Desktop. You should automatically be redirected to the vSphere Web Client login page.
HOL-SDC-1410-UPD
Page 88
Tick the 'Use Windows session authentication' box and click the 'Login' button.
HOL-SDC-1410-UPD
Page 89
Select esx-01a.corp.local
HOL-SDC-1410-UPD
Page 90
You will need to scroll down in the center pane until you see the Services section and click the Edit
button.
HOL-SDC-1410-UPD
Page 91
CIM Server
Scroll down until you see the CIM Server service and click on it.
Click the Start button.
HOL-SDC-1410-UPD
Page 92
Once you see the CIM Server service update to Running, click OK.
HOL-SDC-1410-UPD
Page 93
Open esx-01a.corp.local
cd /var/log
HOL-SDC-1410-UPD
Page 94
We will use the grep command to search for the string 'ServiceSystem.start". This string appears
in the hostd.log file anytime a Service is started on an ESXi host.
Type the following command and press the Enter:
grep "ServiceSystem.start" hostd.log
Search Results
In the search results we can see that a service was started and it was initiated by vpxuser on
behalf of CORP\Administrator.
HOL-SDC-1410-UPD
Page 95
Back in the vSphere Web Client, click on the Edit button in the Services section.
HOL-SDC-1410-UPD
Page 96
You will need to scroll down in order to see the CIM Server. Once you find it, click on CIM Server.
You may have to click the triangle next to Service Details, then click the Stop button.
Click Yes to confirm you want the to stop the service.
HOL-SDC-1410-UPD
Page 97
Once the service has stopped, click OK to close the Security Profile window.
Conclusion
This concludes the lesson on ESXi Security Enhancements.
HOL-SDC-1410-UPD
Page 98
Security Warning!
Just about every vSphere administrator is familiar with the Security Warning dialog that shows up
when the vCenter C# client is loaded. Initially, most vSphere components use what is known as a
self-signed certificate. This provides an encrypted connection but does not guarantee that the host
receiving the data is the one you think it is.
HOL-SDC-1410-UPD
Page 99
Privacy Error!
Web browsers are becoming increasingly paranoid about the certificates that are trusted by
default. These messages can be scary, but the hoops you need to jump through to accept the
potentially unsafe communication can be really annoying. The bottom line is that you don't know,
so you have to assume the worst. Nobody wants to be the target of a lawsuit.
Some people have resigned themselves to clicking the Ignore button every time they need to login
to vCenter. Others have worked around the system by explicitly trusting the presented certificates
HOL-SDC-1410-UPD
Page 100
for each device on every machine they use. That is operationally intensive and frequently
infeasible, depending on the number of devices and certificates in play.
This is where the Certificate Authority (CA) can be very helpful. With one of these in place, every
certificate issued by the trusted authority is automatically trusted via the chain of trust built during
its integration: you trust the CA-issued certificates because the trusted CA tells you that they are
good. Secure communication with no more warnings!
There are many public CAs out there that will sell certificates to you, but purchasing a certificate
for each component/service is costly and unnecessary. Creating and managing your own
Enterprise Certificate Authority is not a trivial undertaking, but setting one up just to secure
communication between vSphere components might be overkill.
Even with a basic CA in place, the complexity involved with replacing all of the vSphere 5.x service
certificates is about as pleasant as getting a root canal or sitting through a certification exam!
Thankfully, this process has been greatly improved in vSphere 6.
HOL-SDC-1410-UPD
Page 101
In the lab, we are using the default VMCA configuration and have added the root VMCA certificate
to the local machine's Trusted Root Certification Authorities store in Windows. This is used by
Internet Explorer, Chrome, and the VMware C# Client.
Open the Trusted Root Certificates link (1) from the Desktop and locate the certificate (2) that was
Issued to CA and by CA. This is the VMCA's root certificate. You may also notice that there is a
CONTROLCENTER-CA certificate in this list. This is the CA that runs on the ControlCenter
machine in the labs and can be used to issue certificates to machines and services that are not yet
integrated with the VMCA.
You may see two entries for each of these CAs. There is no harm in this and is the result of a
Group Policy that is in effect to automatically add these two certificates to the Trusted Root
Certification Authorities store for any Windows machine that joins our CORP domain.
In vSphere 6, certificate management for ESXi hosts is performed from the vSphere Web Client.
Launch Firefox using the icon on the desktop or task bar. The Site A Web Client should load
automatically when Firefox opens
HOL-SDC-1410-UPD
Page 102
In the Navigator pane on the left, click on the Hosts and Clusters link (1) to open that view of the
inventory.
HOL-SDC-1410-UPD
Page 103
Notice that the host's SSL certificate details are displayed, including the status, issuer, and
expiration date.
1. Renewing the certificate for the esx-01a.corp.local host from this screen is as simple as
clicking the Renew button and answering Yes to the confirmation prompt.
2. From a screen where the host object is visible, it is also possible to right-click on the host
object and navigate to Certificates > Renew Certificate to achieve the same result. This
option is especially useful for renewing certificates for many hosts at once because it
supports multiple selection.
Choose one of these methods and renew the certificate for the esx-01a.corp.local host.
Notice that the Valid from and Valid to dates update to reflect today and 5 years from today,
respectively. This is the default lifetime for VMCA certificates.
HOL-SDC-1410-UPD
Page 104
Out of the box, the certificates issued to hosts use certificates that are valid for 5 years. We would
like certificates that are valid for 10 years -- I don't like to keep checking. The parameters for host
certificates are stored inthe vCenter Advanced Settings.
1.
2.
3.
4.
5.
HOL-SDC-1410-UPD
Page 105
HOL-SDC-1410-UPD
Page 106
Making the change to 10-year certificates does not cause them to automatically regenerate.
1. Click on the esx-01a.corp.local host in the inventory list and navigate to the Manage >
Settings > Certificate area, as before.
2. Note the current "Valid to" date, which should be roughly 5 years away.
3. Click the Renew button (1) and wait for the screen to refresh-- it should happen
automatically
4. Notice that the "Valid to" date (2) is now ~10 years away from today.
If required, this procedure can be used to change the default Organization (VMware),
Organizational Unit (VMware Engineering), State (California), Locality (Palo Alto), Country (US),
and Administrator Email address fields that are part of these host certificates.
Note that this is much simpler than the previous method of using WinSCP to copy rui.key and
rui.crt files to and from ESXi hosts after generating certificate requests by hand and fulfilling them
from an external CA. In addition, the VMCA keeps track of the expiration dates for these
certificates and will apply the Yellow and Red badges to the host objects to indicate that they are
nearing the end of their validity period.
HOL-SDC-1410-UPD
Page 107
It is possible to view all certificates issued by the VMCA by logging in with the Web Client as a
user with privileges for VMware Certificate Authority. This is a user that is a member of the
CAAdmins vCenter Single Sign-On group. By default, the SSO administrator has this access.
1. If you are currently logged in as another user in the Web Client, click on your user name
and select Logout
2. At the login screen, enter the User name administrator@vsphere.local and password
VMware1!
3. Click the Login button
Navigate to Administration
HOL-SDC-1410-UPD
Page 108
Near the bottom of the Administration list in the Navigator, find System Configuration under
Deployment. In the screen shot, the other sections have been collapsed to save space.
HOL-SDC-1410-UPD
Page 109
1. Click on Active Certificates to get a list of all currently active certificates. You can also list
Revoked and Expired certificates here, but there are none in this lab.
2. Scroll to the bottom of the list and click on the last certificate
3. If you have completed previous exercises in this section, notice that the "Valid To" date of
the latest certificate is ~10 years from today.
4. Due to the small size of the console screens in the lab environment, it may be difficult to
see details of the certificates in this table view. Click on the Certificate icon (4) to open a
more detailed view of the selected certificate.
Note that the green check marks next to the "Valid To" dates mean that the certificates are within
their validity period and have not expired.
HOL-SDC-1410-UPD
Page 110
This screen shows more detailed information about the 10-year certificate that was issued in an
earlier exercise -- or whichever certificate was selected in the main table view. Note that this
information is read-only and intended for reference purposes only.
On smaller screens, the OK button may be drawn off the bottom of the screen. Double-click on the
title bar of this dialog (1) to resize it and display the buttons. Click OK or Cancel depending on
your preference; they serve the same purpose here.
Log out
HOL-SDC-1410-UPD
Page 111
Conclusion
Secure Sockets Layer (SSL) allows secure communication, but management of the required
enterprise trust infrastructure, commonly known as a Public Key Infrastructure (PKI), requires
more than a passing understanding of the complexities involved.
vSphere 6 includes a more limited and focused PKI that has been configured for use specifically
by vSphere components. This infrastructure has been made simpler to manage than a general
purpose PKI due to its more targeted use case: communication between various and well-defined
components of the distributed vSphere environment.
For those who are experienced with PKI concepts and already have an Enterprise deployment,
VMware has provided the capability to integrate the new vSphere-specific CA with an existing PKI
for simpler management. If corporate policy requires, it is also possible for the existing enterprise
PKI to manage all certificates required by the vSphere components.
HOL-SDC-1410-UPD
Page 112
HOL-SDC-1410-UPD
Page 113
If you do not already have the vSphere Web Client running, open the Google Chrome browser
from the desktop.
Login to the vSphere Web Client by ticking the box for 'Use Windows session authentication' and
click the Login button.
Select Networking
First, let's verify we are the vDS we want to use is running NIOC version 3 and is enabled.
Start by clicking the Networking icon.
HOL-SDC-1410-UPD
Page 114
Expand vcsa-01a.corp.local
Expand vcsa-01a.corp.local until you can see the distributed switch vds-site-a.
Edit Settings
Click on vds-site-a, then click on the Settings tab. Finally make sure you are on the Properties
tab.
We can see that Network I/O Control is enabled on the distributed switch.
Note: If it were not enabled, you would just need to click the Edit button, select Enable in the
Network I/O Control drop-down box and click OK.
HOL-SDC-1410-UPD
Page 115
Now let's see what version of Network I/O Control we are running.
Click on the Resource Allocation tab. You may have to unpin the Navigation pane to see this.
Here you can see that we are running version 3, which is the required version for NIOC at the
vNIC level.
Note: If the distributed switch was running an earlier version of NIOC, you just need to right-click
on the distributed switch in the Navigation pane and select 'Upgrade--> Upgrade Network I/O
Control...'.
Much like virtual machine CPU and Memory reservations and limits, we will need to create them
for networking. In our case, since we want to reserve bandwidth for virtual machines, we'll modify
the reservations for virtual machine traffic.
HOL-SDC-1410-UPD
Page 116
Start by clicking on 'Virtual Machine Traffic' in the traffic types list and clicking the Edit button.
Reservation
In the Reservation box, type '2000' to reserve 2,000Mbs bandwidth for Virtual Machine traffic.
Leave all other settings to their defaults.
Click OK to continue.
Reservation Set
Once you click OK, you will notice even though we have set a reservation of 2,000Mbs for virtual
machine traffic, it is not showing up under the Reservation Column. This is because we have just
set the Reservation and not actually reserved it for a virtual machine.
HOL-SDC-1410-UPD
Page 117
Click on the Navigation link on the left hand side, if you unpinned it earlier.
Now click the thumbnail so it points down. This will pin the navigation bar back in place.
HOL-SDC-1410-UPD
Page 118
Clone TinyLinux-01
So we don't interfere with other lessons you may want to take, let's clone linux-micro-01a.
Right-click on 'TinyLinux-01' and select Clone --> Clone to Virtual Machine...
HOL-SDC-1410-UPD
Page 119
Name your VM
Name your VM linux-nioc-01a and accept the default location of Datacenter Site A for the location.
Click Next to continue.
HOL-SDC-1410-UPD
Page 120
HOL-SDC-1410-UPD
Page 121
HOL-SDC-1410-UPD
Page 122
Ready to Complete
Verify the settings look correct and click Finish to clone the VM.
It should only take a minute to perform the clone operation. You can track the progress by clicking
on the Recent Tasks link in the bottom left corner of the vSphere Web Client.
HOL-SDC-1410-UPD
Page 123
Right-click on the newly cloned VM, linux-nioc-01a and select Edit Settings...
Expand out Network adapter 1 and you will notice some new options. Now we can set how much
bandwidth to reserve for this specific vNIC on the virtual machine.
Let's give it all 1,000Mbs of the 2,000Mbs reservation we set.
Type 2000 in the Reservation box. Click OK.
Note: If you don't see this box, make sure you connected Network adapter 1 to VM Network (vdssite-a).
HOL-SDC-1410-UPD
Page 124
Viewing Reservation
You can now see the reservation is set so that this virtual machine's network adapter will have a
reserved 2,000Mbs of bandwidth.
HOL-SDC-1410-UPD
Page 125
Lesson Clean Up
Feel free to explore other options with NIOC. When you are finished with this lesson, please
delete the linux-nioc-01a virtual machine to avoid confusion in other lessons.
Just go back to the Hosts and Clusters view and right-click on the virtual machine linux-nioc-01a
and select Delete from Disk.
Conclusion
This concludes Module 1 - What's New with vSphere 6. We hope you have enjoyed taking this lab
and don't forget to take the survey at the end.
If you have time remaining, here are the other Modules that are part of this lab, along with an
estimated time to complete each one. Click on the 'Table of Contents' button to quickly jump to
that Module in the Manual.
HOL-SDC-1410-UPD
Page 126
HOL-SDC-1410-UPD
Page 127
HOL-SDC-1410-UPD
Page 128
What is vSphere?
VMware vSphere is the world's leading virtualization platform. As virtualization & the vSphere
platform have continued to grow, organizations have faced new challenges. With vSphere, IT can
rapidly provision Virtual Machines (VMs) but have found that management, capacity planning, and
lifecycle management of these VMs has becoming increasingly difficult. VMware vSphere with
Operations Management (vSOM) is a new solution that enables users to gain operational insight
into a vSphere infrastructure while also optimizing capacity. As vSphere environments continue to
grow it is essential that users have proactive management that can deliver monitoring,
performance, and capacity information at a glance. This detailed analysis enables users to get the
most out of the virtualization platform by reclaiming unused capacity, rightsizing virtual machines,
improving utilization, and also helping to increase consolidation ratios. This new VMware solution
combines vSphere with vRealize Operations Standard.
HOL-SDC-1410-UPD
Page 129
HOL-SDC-1410-UPD
Page 130
The above diagram shows how vCenter fits in the vSphere stack. With vCenter installed, you
have a central point of management. vCenter Server allows the use of advanced vSphere
features such as vSphere Distributed Resource Scheduler (DRS), vSphere High Availability (HA),
vSphere vMotion, and vSphere Storage vMotion.
The other component is the vSphere Web Client. The vSphere Web Client is the interface to
vCenter Server and multi-host environments. It also provides console access to virtual machines.
The vSphere Web Client lets you perform all administrative tasks by using an in-browser interface.
HOL-SDC-1410-UPD
Page 131
Starting with vSphere 5.1 there are two methods to deploy vCenter. The first method is a
Windows installation. With the Windows method, you can install vCenter Single Sign On,
Inventory Service, and vCenter Server on the same host machine (as with vCenter Simple Install)
or on different virtual machines.
The other method is a virtual appliance. The vCenter Server Appliance (vCSA) is a single
preconfigured Linux-based virtual machine optimized for running vCenter Server and associated
services.
The Platform Services Controller (PSC) includes common services that are used across the suite.
These include Single Sign-On (SSO), Licensing, and the VMware Certificate Authority (VMCA).
You will learn more about SSO and the VMCA in the following pages.
HOL-SDC-1410-UPD
Page 132
The PSC is the first piece that is either installed or upgraded. When upgrading a SSO instance
becomes a PSC. There are two models of deployment, embedded and centralized.
Embedded means the PSC and vCenter Server are installed on a single virtual machine.
Embedded is recommended for sites with a single SSO solution such as a single vCenter.
Centralized means the PSC and vCenter Server are installed on different virtual machines.
Centralized is recommended for sites with two or more SSO solutions such as multiple
vCenter Servers, vRealize Automation, etc. When deploying in the centralized model it is
recommended to make the PSC highly available as to not have a single point of failure, in
addition to utilizing vSphere HA a load balancer can be placed in front of two or more
PSCs to create a highly available PSC architecture.
The PSC and vCenter servers can be mixed and matched, meaning you can deploy Appliance
PSCs along with Windows PSCs with Windows and appliance-based vCenter Servers. Any
combination uses the PSCs built in replication.
Use Case:
The PSC removes services from vCenter and makes them centralized across the vCloud
Suite.
This gives customers a single point to manage all their vSphere roles and permissions
along with licensing.
Reducing vCenter Server installation complexity allows customers to install or upgrade to
vSphere 6 faster.
There are only two installs options:
Embedded PSC which installs all components on a single virtual machine
Centralized, the customer must install the PSC and vCenter Server separately
In either installation model all vCenter Server services are installed on the vCenter Server
reducing the complexity of planning and installing vCenter Server.
HOL-SDC-1410-UPD
Page 133
Starting with version 5.1, vSphere includes a vCenter Single Sign-On service as part of the
vCenter Server management infrastructure.
Authentication with vCenter Single Sign-On makes vSphere more secure because the vSphere
software components communicate with each other by using a secure token exchange
mechanism, and all other users also authenticate with vCenter Single Sign-On.
Starting with vSphere 6.0, vCenter Single Sign-On is either included in an embedded deployment,
or part of the Platform Services Controller. The Platform Services Controller contains all of the
services that are necessary for the communication between vSphere components including
vCenter Single Sign-On, VMware Certificate Authority, VMware Lookup Service, and the licensing
service. For example, in the image above, SSO resides within the Platform Services Controller as
part of this multi-vCenter topology. Both Windows and the vCSA can participate in this topology.
HOL-SDC-1410-UPD
Page 134
In a single vCenter topology, the PSC (along with all of its associated services) can run on a single
machine, also called the embedded deployment. This single machine could be a physical
Windows server, a Windows VM, or the vCSA.
While vCenter Server requires a database as shown above, SSO itself does not have such a
requirement.
HOL-SDC-1410-UPD
Page 135
HOL-SDC-1410-UPD
Page 136
The vSphere Web Client is broken into 6 main areas also referred to as panes.
1.
2.
3.
4.
5.
6.
The layout of these panes can be customized. Click the push pin icon in the Navigator, Recent
Tasks, Work in Progress, or Alarms panes to minimize them. This can create more room for the
main area if you are working on a small monitor or one with low resolution. You can also change
where each of those panes are shown by dragging the title bar of the pane to one of the edges of
the screen.
Please Note: In this lab, since we're limited to a small screen resolution, we've set all the
panes to be minimized by default to give you the most screen real estate possible. You can
open any or all panes at your convenience and click on the push pin in any pane to allow it
to stay on the screen.
HOL-SDC-1410-UPD
Page 137
Start the Firefox web browser which will open to the "Site A Web Client".
1. Click the "Use Windows session authentication" check box
2. Click "Login"
HOL-SDC-1410-UPD
Page 138
1. Click "vCenter Inventory Lists" in either the left-hand tree or the right-hand pane. Clicking
vCenter Inventory Lists will take you to the inventory page where you find all the objects
associated with vCenter Server systems such as datacenters, hosts, clusters, networking,
storage, and virtual machines.
1. Click the "Virtual Machines" inventory item. By selecting this inventory item, you are
presented with a list of the VMs which are located in this environment.
HOL-SDC-1410-UPD
Page 139
HOL-SDC-1410-UPD
Page 140
1. Click the arrow next to "VM Hardware" to expand this pane and expose the VM's hardware
settings.
2. Click "Edit Settings" so a second network adapter can be added to the virtual machine.
HOL-SDC-1410-UPD
Page 141
HOL-SDC-1410-UPD
Page 142
1. Click the arrow next to the New Network card to expand and view its settings. Notice that
the MAC address is blank at this point. A new MAC address will be generated once this
NIC is added or we are able to specify (with some rules) our own MAC address.
2. Click "OK" to add the device to the VM. When you select "OK" a new task is created.
HOL-SDC-1410-UPD
Page 143
After adding the second NIC to the VM you'll see a task show up in the Recent Tasks list.
1. If the Recent Tasks pane is still minimized, click on the Recent Tasks button.
2. Optionally, you can choose to click on the push pin on the right side of the Recent Tasks
pane to make the Recent Tasks pane stay as part of the interface.
HOL-SDC-1410-UPD
Page 144
Review the "Recent Tasks" list. Once the task is complete, a second Network Adapter should be
shown in the "VM Hardware" section. Note the networks are in a disconnected state because the
VM is powered off.
Again, you may choose to dismiss the Recent Tasks pane by clicking the Recent Tasks button
again or click the push-pin to make it persistent.
HOL-SDC-1410-UPD
Page 145
For several of the next exercises it might be useful to have the Work In Progress pane in view.
1. Click the Work In Progress button
2. Click the pin to keep the pane in view
HOL-SDC-1410-UPD
Page 146
One of the new features of the vSphere Web Client is the ability to view the most recently used
object in inventory. As an example, let's say we wanted to go back to Datacenter Site A. In the
lab environment we are currently using, this is a relatively easy task, but in a larger environment,
this may prove to be a more difficult task.
1. Start by clicking the recently viewed items icon.
HOL-SDC-1410-UPD
Page 147
Select vcsa-01a.corp.local
1. Next, select vcsa-01a.corp.local from the Drop-Down Menu. Note that there may be
different items on the list from what you see based on what lessons you have completed in
the lab so far.
There are several areas on the interface to create a new VM. We will be using the top of the
hierarchy which is the vCenter Server.
HOL-SDC-1410-UPD
Page 148
1. Move your mouse cursor over the Home menu (note that you do not need to click on the
button)
2. Select VMs and Templates
1. Expand the vcsa-01a.corp.local tree to expose the "DataCenter Site A" object
2. Click on "DataCenter Site A"
HOL-SDC-1410-UPD
Page 149
1. If you are not already there, click the "Getting Started" tab to view a list of the Basic Tasks
which can be started.
2. Click "Create a new virtual machine" to start the new virtual machine wizard. This wizard
is used to create a new Virtual Machine and place it in the vSphere inventory.
HOL-SDC-1410-UPD
Page 150
1. Click "Next" since the "Create a New Virtual Machine" wizard is highlighted.
HOL-SDC-1410-UPD
Page 151
HOL-SDC-1410-UPD
Page 152
HOL-SDC-1410-UPD
Page 153
Have you ever been in the middle of an operation only to be interrupted by another request? In the
vSphere Web Client, we have you covered! You can simply "pause" the wizard, perform your
other task, and come right back to where you left off. For example, a user calls you and requests
that their VM be powered on immediately! So lets pause our wizard in order to power on their VM.
1. Save the wizard progress by clicking the >> in the upper right hand corner of the web
client. This will save the state of the wizard to the "work in progress" pane and close the
wizard allowing you to perform this urgent task of powering on the user's VM.
HOL-SDC-1410-UPD
Page 154
Power on w12-core
HOL-SDC-1410-UPD
Page 155
1. Click the Work In Progress button to view the Work in Progress pane
HOL-SDC-1410-UPD
Page 156
1. Click on "New Virtual Machine" to bring up the wizard right where you left off
HOL-SDC-1410-UPD
Page 157
Select Datastore
HOL-SDC-1410-UPD
Page 158
Compatibility
Guest OS
HOL-SDC-1410-UPD
Page 159
1. Change the memory setting from the 4096 to "1024". This VM is a test VM so it only
needs 1 GB of memory and 40 MB of disk.
2. Change the disk size from GB to "MB".
3. Change the disk size of 40,960 to "40" 40 MB size.
4. Change the network to "VM Network (vds-site-a)".
5. Select "Next"
6. Select "Finish"
HOL-SDC-1410-UPD
Page 160
HOL-SDC-1410-UPD
Page 161
Logging In
Click the "Mozilla Firefox" icon from the Control Center desktop or the bottom taskbar.
1. Click the "Use Windows session authentication" check box
2. Click "Login"
HOL-SDC-1410-UPD
Page 162
Search Options
We have different search options, "New Search", "Saved Searches" and "Quick Search". Let's
first take a look at "New Search"
1. From anywhere in the web client, click the "Home" icon to show the Home Menu.
2. Click "New Search"
HOL-SDC-1410-UPD
Page 163
1.
2.
3.
4.
1. When the "Virtual Machines" tab is selected, a list of VM's that exist in the environment is
returned.
2. Now let's search for a specific tag. Click the "Advanced Search" link.
HOL-SDC-1410-UPD
Page 164
Advanced Search
Using advanced search allows you to search for managed objects that meet multiple criteria.
For example, you can search for virtual machines matching a search string. The virtual machines
reside on hosts whose names match a second search string. Let's do a search for virtual
machines to check VMware Tools status.
1.
2.
3.
4.
5.
6.
1. Enter "VMware Tools Not Installed" for the name of the search.
2. Click "OK"
HOL-SDC-1410-UPD
Page 165
HOL-SDC-1410-UPD
Page 166
Quick Search
1. In the upper right hand corner, enter "vm" in the quick search field. A pop-up window is
displayed that shows filtered items which match.
2. Click the second "VM Network" next to the "Distributed Port Group" heading. (This network
exists on Site B as well.)
HOL-SDC-1410-UPD
Page 167
2. Select "Related Objects" on the right. An expanded list of virtual machines is shown.
You use tags to add metadata to inventory objects. You can record information about your
inventory objects in tags and use the tags in searches.
1. Click the Home Menu
2. Select "Tags" to create tag categories and tags.
HOL-SDC-1410-UPD
Page 168
You use categories to group tags together and define how tags can be applied to objects.
Every tag must belong to one and only one category. You must create at least one category before
creating any tags.
1. Click "New Category"
HOL-SDC-1410-UPD
Page 169
New Category
Associable Object Types: We will use the default which states that the new tag in this category
can be assigned to all objects. The other option is you can specify a specific object, such as
virtual machines or datastores.
1. Enter "web tier" for the Category Name.
2. Keep the default "One tag per object"
3. Click "OK"
HOL-SDC-1410-UPD
Page 170
HOL-SDC-1410-UPD
Page 171
To review the category and tags you created, select the "Items" tab. In this screen, you can review
and edit the categories and tags. New categories and tags also can be created in this screen.
1. When the "Items" tab is selected, a list of the created tags is returned. Notice there is also
a Categories tab, which would list the categories which have been created.
HOL-SDC-1410-UPD
Page 172
HOL-SDC-1410-UPD
Page 173
1. Right-click the virtual machine "web-serv01". You may need to expand the navigation tree
on the left side to expose the VMs.
2. Find "Tags & Custom Attributes"
3. Click "Assign Tag"
HOL-SDC-1410-UPD
Page 174
Assign Tag
HOL-SDC-1410-UPD
Page 175
Search Results
1. Click on the "Related Objects" tab to find the list of objects which have been assigned the
"Web Server Version 2" tag.
HOL-SDC-1410-UPD
Page 176
Using Filters
Another way to find objects quickly is to use the new Filter feature in the vSphere Web Client.
1. Start by clicking the Home Menu
2. Click Hosts and Clusters
HOL-SDC-1410-UPD
Page 177
Filter Options
1. Click on the 'Quick Filter' button, right next to the 'Filter box'
HOL-SDC-1410-UPD
Page 178
You'll now be presented with a list of Filter options specific to vSphere Hosts.
1. Click on the "In Maintenance Mode" box under Maintenance Mode.
You are presented with a list of all the hosts in Maintenance Mode, which in our case is none.
To remove a single filter, just uncheck the box next it. To clear all the Filters and start over, click
the filter icon with the Red 'X'.
1. Click the Filter Icon with the Red 'X'.
HOL-SDC-1410-UPD
Page 179
You can click through the other tabs (Virtual Machines, vApps, Datastores, etc.) and view the other
filters that are available for each object type. Again, each filter is specific to the class of object it
represents.
Notice if a tag has been created for that object, you can use that to filter with as well.
HOL-SDC-1410-UPD
Page 180
HA Primary Components
HOL-SDC-1410-UPD
Page 181
HOL-SDC-1410-UPD
Page 182
HOL-SDC-1410-UPD
Page 183
HOL-SDC-1410-UPD
Page 184
Cluster Settings
1. Click "vSphere HA" under "Services" to bring up the settings for high availability. Note that
you may need to scroll to the top of the list.
2. Click "Edit"
HOL-SDC-1410-UPD
Page 185
HOL-SDC-1410-UPD
Page 186
1. Scroll down and check the radio button "Define failover capacity by reserving a percentage
of the cluster resources and accept the default settings of 25%.
HOL-SDC-1410-UPD
Page 187
HOL-SDC-1410-UPD
Page 188
HOL-SDC-1410-UPD
Page 189
If necessary, return to the Manage > Settings page on the Cluster Site A cluster
1.
2.
3.
4.
5.
Automation Levels
The chart shown above is showing how DRS affects placement and migration according to the
setting Manual, Partially Automated or Fully Automated.
HOL-SDC-1410-UPD
Page 190
1. Click the "Summary Tab" to display the current status of the cluster.
2. The Summary tab of the Cluster Site A shows the current balance of the cluster. Also
shown in the DRS section is how many recommendations or faults that have occurred with
the cluster. (You may have to scroll down to see the vSphere DRS widget).
That concludes this lesson.
HOL-SDC-1410-UPD
Page 191
HOL-SDC-1410-UPD
Page 192
Continuous availability - Zero downtime, zero data loss for infrastructure failures
Fully automated response
Use cases
Any workload that has up to 4 vCPUs and 64GB Memory that is not latency sensitive (eg. VOIP &
High-Frequency trading are not good candidates for FT). Note that vSphere 6.0 introduces the
capability to use FT to protect VMs with more than 1 vCPU. In vSphere 5.5 and prior versions,
only VMs with 1 vCPU could be protected by FT.
There is VM/Application overhead to using FT and that will depend on a number of factors like the
application, number of vCPUs, number of FT protected VMs on a host, Host processor type, etc.
We will release a performance paper around launch that will get into more specifics, for now the
recommendation to customers is to test out using FT and see if it works for their workloads/use
cases.
The new version of Fault Tolerance greatly expands the use cases for FT to approximately 90% of
workloads.
The new technology used by FT is called Fast Checkpointing and is basically a heavily modified
version of an xvMotion that never ends and executes many more checkpoints (multiple/sec). Also
note that in versions prior to 6.0, FT required shared storage where both the Primary and
Secondary copies of the FT-protected VM would share the same VMDK files. However, in vSphere
6.0 in order to add additional protection to the FT-protected VM, the Primary & Secondary VM use
unique VMDK's.
FT logging (traffic between hosts where primary and secondary are running) is very bandwidth
intensive and will use a dedicated 10G nic on each host. This isnt required, but highly
recommended as at a minimum an FT protected VM will use more . If FT doesnt get the
bandwidth it needs the impact is that the protected VM will run slower.
HOL-SDC-1410-UPD
Page 193
HOL-SDC-1410-UPD
Page 194
For example, you might want to monitor the CPU usage of all virtual machines in a specific host
cluster. You can select the cluster in the inventory, and add a virtual machine alarm to it. When
enabled, that alarm will monitor all virtual machines running in the cluster and will trigger when any
one of them meets the criteria defined in the alarm. If you want to monitor a specific virtual
machine in the cluster, but not others, you would select that virtual machine in the inventory and
add an alarm to it. One easy way to apply the same alarms to a group of objects is to place those
objects in a folder and define the alarm on the folder.
In this lab, you will learn how to create an alarm and review the events that have occurred.
HOL-SDC-1410-UPD
Page 195
Event Console
HOL-SDC-1410-UPD
Page 196
Setup notifications
HOL-SDC-1410-UPD
Page 197
Setup Notifications
1.
2.
3.
4.
HOL-SDC-1410-UPD
Page 198
Defining an Alarm
1. Use the filter to find the "Host CPU usage" alarm definition by typing "cpu" in the search
field
2. Select the "Host CPU usage" alarm
3. Click the "Edit" button
HOL-SDC-1410-UPD
Page 199
HOL-SDC-1410-UPD
Page 200
Define Actions
1.
2.
3.
4.
5.
HOL-SDC-1410-UPD
Page 201
We will be creating an alarm that will reset a VM if CPU Ready exceeds an average of 8000ms
over the course of 5 minutes.
1. Click the "+" to start the New Alarm Definition wizard.
2. Enter "Virtual Machine CPU Ready"
3. Click "Next" to move to the Triggers section.
HOL-SDC-1410-UPD
Page 202
HOL-SDC-1410-UPD
Page 203
HOL-SDC-1410-UPD
Page 204
HOL-SDC-1410-UPD
Page 205
1.
2.
3.
4.
5.
HOL-SDC-1410-UPD
Page 206
Understanding Shares
The above example shows 2 VM's, one a development VM and the other a Production VM. On
the left hand side of the diagram, you can see the CPU shares are equal. We want to make sure
the Production VM gets the majority of the CPU resources when there is contention for those
resources in the environment. Changing the shares for the production VM from 1000 shares to
2000 shares accomplishes this goal. The new settings are shown on the right side of the diagram.
HOL-SDC-1410-UPD
Page 207
HOL-SDC-1410-UPD
Page 208
Review Settings
HOL-SDC-1410-UPD
Page 209
Limits and Reservations are set with the same procedure. When you click on the "edit" settings
for a VM, you will find the ability to set the Limit and Reservations. Limit restricts a VM from using
more than the limit setting. Reservations guarantee a minimum amount of a resource be available
for the virtual machine. Try out some settings for Limits and Reservations. One note is that if you
try to reserve more of a resource such as memory or CPU than is available, the VM may not
power on.
Conclusion
This concludes Module 2 - Introduction to Management with vCenter Server. We hope you have
enjoyed taking this lab. Please remember to take the survey at the end.
If you have time remaining, here are the other Modules that are part of this lab, along with an
estimated time to complete each one. Click on the 'Table of Contents' button to quickly jump to
that Module in the Manual.
HOL-SDC-1410-UPD
Page 210
HOL-SDC-1410-UPD
Page 211
HOL-SDC-1410-UPD
Page 212
HOL-SDC-1410-UPD
Page 213
LACP Example
Traffic Filtering
Traffic filtering is the ability to filter packets based on the various parameters of the packet header.
This capability is also referred to as access control lists (ACLs), and it is used to provide port-level
security.
The VDS supports packet classification, based on the following three different types of qualifiers:
MAC SA and DA qualifiers
System traffic qualifiers vSphere vMotion, vSphere management, vSphere FT, and so on
IP qualifiers Protocol type, IP SA, IP DA, and port number
After the qualifier has been selected and packets have been classified, users have the option to
either filter or tag those packets.
When the classified packets have been selected for filtering, users have the option to filter ingress,
egress, or traffic in both directions.
HOL-SDC-1410-UPD
Page 214
SR-IOV Enhancements
Single-root I/O virtualization (SR-IOV) is a standard that enables one PCI Express (PCIe) adapter
to be presented as multiple, separate logical devices to virtual machines. In this release, the
workflow of configuring the SR-IOVenabled physical NICs is simplified. Also, a new capability is
introduced that enables users to communicate the port group properties defined on the vSphere
standard switch (VSS) or VDS to the virtual functions.
The new control path through VSS and VDS communicates the port groupspecific properties to
the virtual functions. For example, if promiscuous mode is enabled in a port group, that
configuration is then passed to virtual functions, and the virtual machines connected to the port
group will receive traffic from other virtual machines.
HOL-SDC-1410-UPD
Page 215
Available as part of the vSphere platform and can be accessed through the vSphere host
command prompt
Can capture traffic on VSS and VDS
Captures packets at the following levels:
1. Uplink
2. Virtual switch port
3. vNIC
Can capture dropped packets
Can trace the path of a packet with time stamp details.
HOL-SDC-1410-UPD
Page 216
Adding a Virtual Machine Port Group with the vSphere Web Client
If you are not already logged in, launch the Firefox browser from the desktop and login to the
vSphere Web Client.
1. Click the "Use Windows session authentication" check box
2. Click "Login"
HOL-SDC-1410-UPD
Page 217
Add Networking
HOL-SDC-1410-UPD
Page 218
Connection Type
When asked to select connection type, choose Virtual Machine Port Group for a Standard Switch
and click Next
HOL-SDC-1410-UPD
Page 219
Target Device
When asked to select a target device, choose New Standard Switch and click Next.
HOL-SDC-1410-UPD
Page 220
At the Create a Standard Switch step of the wizard, select 'Unused Adapters' and click the Green
'+' button.
HOL-SDC-1410-UPD
Page 221
HOL-SDC-1410-UPD
Page 222
Connection Settings
At the Connection settings step of the wizard, for Network label, leave the default name of VM
Network.
Do not change change the VLAN ID; leave this set to None (0).
HOL-SDC-1410-UPD
Page 223
Review the port group settings in Ready to complete and click Finish.
HOL-SDC-1410-UPD
Page 224
Select esxi-02a.corp.local
Click the Manage tab, select Networking and select Virtual switches.
HOL-SDC-1410-UPD
Page 225
Select vSwitch0
Edit vSwitch0
Under Virtual switches, select vSwitch0 and click the pencil icon to edit the virtual switch.
HOL-SDC-1410-UPD
Page 226
Change the MTU Setting for a vSphere Standard Switch (Enabling Jumbo
Frames)
If you are using jumbo frames in your environment and want to leverage this on a vSphere
Standard Switch, you can change the MTU setting here.
You can change the size of the maximum transmission unit (MTU) on a vSphere Standard Switch
to increase the amount of payload data transmitted with a single packet, that is, enabling jumbo
frames. Be sure to check with your Networking team prior to making any modifications
here. To realize the benefit of this setting and prevent performance issues, compatible MTU
settings are required across all virtual and physical switches and end devices such as hosts and
storage arrays.
You will also notice the Security, Traffic shaping, and Team and Failover options. This is where the
default settings for the virtual switch would be set. As you will see later, these defaults may be
overridden at the port group level as required.
Click Cancel to continue.
HOL-SDC-1410-UPD
Page 227
Edit vmnic3
To change the configured speed and duplex value of a physical network adapter, select vmnic3
from the list and click Edit (the pencil icon).
HOL-SDC-1410-UPD
Page 228
Here we could change the configured speed and/or duplex to the appropriate settings.
Click Cancel to continue.
HOL-SDC-1410-UPD
Page 229
Add Adapter
Select Adapter
Select a vmnic2 from the list and select 'Active Adapters' from the Failover order group drop-down
menu. Click OK.
HOL-SDC-1410-UPD
Page 230
View Adapters
The selected adapter appears as an Active Adapter under the Assigned Adapters list. Click 'OK'
to save the change.
HOL-SDC-1410-UPD
Page 231
With vSwitch0 selected, select the VM Network port group and click Edit (the pencil icon)
The Properties setting section is where the name or VLAN ID of the port group can be modified.
There is no need to modify these settings for this part of the lab.
HOL-SDC-1410-UPD
Page 232
Click Security in the left pane. By ticking the Override box, you can override the default setting of
the virtual switch for just this port group.
In this section, you can configure the following:
Promiscuous Mode
Reject Placing a guest adapter in promiscuous mode has no effect on which frames are
received by the adapter.
Accept Placing a guest adapter in promiscuous mode causes it to detect all frames
passed on the vSphere standard switch that are allowed under the VLAN policy for the port
group that the adapter is connected to.
MAC Address Changes
Reject If you set the MAC Address Changes to Reject and the guest operating system
changes the MAC address of the adapter to anything other than what is in the .vmx
configuration file, all inbound frames are dropped. If the Guest OS changes the MAC
address back to match the MAC address in the .vmx configuration file, inbound frames are
passed again.
Accept Changing the MAC address from the Guest OS has the intended effect: frames
sent to the altered MAC address are received by the virtual machine.
Forged Transmits
Reject Any outbound frame with a source MAC address that is different from the one
currently set on the adapter are dropped.
Accept No filtering is performed and all outbound frames are passed.
No changes are needed here and you may proceed to the next step.
HOL-SDC-1410-UPD
Page 233
Traffic Shaping
Click Traffic shaping in the left pane. then select the check box next to Override. Just like in the
Security settings, you can override the default policy set at the switch level to apply to just this port
group.
A traffic shaping policy is defined by average bandwidth, peak bandwidth, and burst size. You can
establish a traffic shaping policy for each port group.
ESXi shapes outbound network traffic on standard switches. Traffic shaping restricts the network
bandwidth available on a port, but can also be configured to allow bursts of traffic to flow through
at higher speeds.
Average Bandwidth
Establishes the number of bits per second to allow across a port, averaged over time. This
number is the allowed average load.
Peak Bandwidth
Maximum number of bits per second to allow across a port when it is sending or receiving
a burst of traffic. This number limits the bandwidth that a port uses when it is using its burst
bonus.
Burst Size
Maximum number of bytes to allow in a burst. If this parameter is set, a port might gain a
burst bonus if it does not use all its allocated bandwidth. When the port needs more
bandwidth than specified by the average bandwidth, it might be allowed to temporarily
transmit data at a higher speed if a burst bonus is available. This parameter limits the
number of bytes that have accumulated in the burst bonus and transfers traffic at a higher
speed.
No changes are needed here and you may proceed to the next step.
HOL-SDC-1410-UPD
Page 234
Click Teaming and failover in the left pane. Again we have the option to override the default virtual
switch settings.
Load Balancing Policy - The Load Balancing policy determines how network traffic is distributed
between the network adapters in a NIC team. vSphere virtual switches load balance only the
outgoing traffic. Incoming traffic is controlled by the load balancing policy on the physical switch.
Route based on the originating virtual port - Select an uplink based on the virtual port IDs
on the switch. After the virtual switch selects an uplink for a virtual machine or a VMkernel
adapter, it always forwards traffic through the same uplink for this virtual machine or
VMkernel adapter.
Route based on IP hash - Select an uplink based on a hash of the source and destination
IP addresses of each packet. For non-IP packets, the switch uses the data at those fields
to compute the hash. IP-based teaming requires that the physical switch is configured with
EtherChannel.
Route based on source MAC hash - Select an uplink based on a hash of the source
Ethernet.
Route based on physical NIC load - Available for distributed port groups or distributed
ports. Select an uplink based on the current load of the physical network adapters
connected to the port group or port. If an uplink remains busy at 75 percent or higher for 30
seconds, the host proxy switch moves a part of the virtual machine traffic to a physical
adapter that has free capacity.
Use explicit failover order - From the list of active adapters, always use the highest order
uplink that passes failover detection criteria. No actual load balancing is performed with
this option.
Network Failure Detection - The method the virtual switch will use for failover detection.
HOL-SDC-1410-UPD
Page 235
Link Status only - Relies only on the link status that the network adapter provides. This
option detects failures such as removed cables and physical switch power failures.
Beacon Probing - Sends out and listens for beacon probes on all NICs in the team, and
uses this information, in addition to link status, to determine link failure.ESXi sends beacon
packets every second. The NICs must be in an active/active or active/standby
configuration because the NICs in an unused state do not participate in beacon probing.
Notify Switches - specifies whether the virtual switch notifies the physical switch in case of a
failover.
Failover - specifies whether a physical adapter is returned to active status after recovering from a
failure.
If failback is set to Yes, the default selection, the adapter is returned to active duty
immediately upon recovery, displacing the standby adapter that took over its slot, if any.
If failback is set to No for a standard port, a failed adapter is left inactive after recovery until
another currently active adapter fails and must be replaced.
You can also override the default virtual switch setting for the Failover order of the physical
adapters.
No changes are needed here and you may proceed to the next step.
Since we don't want to make any changes to the port group, click the Cancel button.
HOL-SDC-1410-UPD
Page 236
Conclusion
The vSphere Standard Switch is a simple virtual switch configured and managed at the host level.
This switch provides access, traffic aggregation and fault tolerance by allowing multiple physical
adapters to be bound to each virtual switch.
The VMware vSphere Distributed Switch builds on the capabilities of the vSS and simplifies
management in large deployments by appearing as a single switch spanning multiple associated
hosts. This allows changes to be made once and propagated to every host that is a member of the
switch.
HOL-SDC-1410-UPD
Page 237
Datacenter Site A
In the Navigator, right-click on Datacenter Site A and select Distributed Switch --> New Distributed
Switch...
HOL-SDC-1410-UPD
Page 238
Keep the default name for the new distributed switch then click Next.
Select version
HOL-SDC-1410-UPD
Page 239
Edit Settings
Ready to complete
HOL-SDC-1410-UPD
Page 240
Add Hosts
Expand Datacenter Site A until you see the Distributed Switch we just created, DSwitch.
Right-click on DSwitch and select Add and Manage Hosts.
HOL-SDC-1410-UPD
Page 241
Select task
Select hosts
To add hosts to the Distributed Switch, click the green '+'.
HOL-SDC-1410-UPD
Page 242
Select ALL ESXi hosts shown (esx-01a.corp.local and esx-02a.corp.local) and click OK.
HOL-SDC-1410-UPD
Page 243
HOL-SDC-1410-UPD
Page 244
HOL-SDC-1410-UPD
Page 245
Confirm Addition
(Optionally) You can add vmnic from an ESXi host (ex. esx-02a.corp.local) that is is NOT "In Use
by Switch" by following the above steps or just click Next to continue.
HOL-SDC-1410-UPD
Page 246
Warning message
If you did not add vmnic from an ESXi host, you will receive this warning. Just click OK to
continue.
In your environment, you may choose to migrate virtual network adapters from a vSphere
Standard or Distributed switch to this new one. We won't move anything, just click Next to
continue.
HOL-SDC-1410-UPD
Page 247
Analyze Impact
A check will be made to verify nothing you've done will impact other network dependent services,
like iSCSI. Click Next to continue.
HOL-SDC-1410-UPD
Page 248
Ready to complete
You are now asked to verify the changes you are about to make. Click Finish to commit the
changes.
HOL-SDC-1410-UPD
Page 249
Right-click DSwitch in the navigator and select Add and Manage Hosts.
Select Task
On the 'Select tasks' page, select Manage host networking and click Next.
HOL-SDC-1410-UPD
Page 250
Select hosts
On the 'Select member hosts' page, select esx-01a.corp.local for the task then click OK.
HOL-SDC-1410-UPD
Page 251
HOL-SDC-1410-UPD
Page 252
Let's add a VM network on the new switch. Click on "On this switch" and then "New adapter".
HOL-SDC-1410-UPD
Page 253
Click the Browse button to select the distributed port group and switch.
Select Network
HOL-SDC-1410-UPD
Page 254
Port Properties
HOL-SDC-1410-UPD
Page 255
IPv4 settings
HOL-SDC-1410-UPD
Page 256
Ready to complete
View the new virtual network adapter we just created. Click Next to continue.
HOL-SDC-1410-UPD
Page 257
Analyze impact
The wizard will again check and see if the changes being made will impact other dependent
network services. Click Next to continue.
HOL-SDC-1410-UPD
Page 258
Ready to complete
Click Finish
HOL-SDC-1410-UPD
Page 259
Click Edit.
HOL-SDC-1410-UPD
Page 260
HOL-SDC-1410-UPD
Page 261
Click Advanced to view the vSphere distributed switch settings. Click 'OK'.
Click Advanced. Here you will find the following advanced settings for the switch:
MTU (Bytes): Maximum MTU size for the vSphere Distributed Switch. To enable jumbo frames,
set a value greater than 1500 bytes. Make sure you check with your Networking team prior to
modifying this setting in your environment.
Multicast filtering mode
Basic - The distributed switch forwards traffic that is related to a multicast group based on
a MAC address generated from the last 23 bits of the IPv4 address of the group.
IGMP/MLD snooping - The distributed switch forwards multicast traffic to virtual machines
according to the IPv4 and IPv6 addresses of subscribed multicast groups by using
membership messages defined by the Internet Group Management Protocol (IGMP ) and
Multicast Listener Discovery protocol.
Discovery Protocol
Type - Cisco Discovery Protocol, Link Layer Discovery Protocol, or disabled..
Operation - to Listen, Advertise, or Both.
Administrator Contact: Type the name and other details of the administrator for the distributed
switch.
We don't want to make any changes here, just click Cancel.
HOL-SDC-1410-UPD
Page 262
Health check
Click on the Health check tab for DSwitch. We can see that Health check is disabled for VLAN
and MTU as well as Teaming and failover.
Click the Edit button.
HOL-SDC-1410-UPD
Page 263
Right-click the DSwitch in the navigator and select Distributed Port Group --> New Distributed Port
Group.
HOL-SDC-1410-UPD
Page 264
Configure settings
When creating a Distributed Port Group, you have the following options available:
Port binding - Choose when ports are assigned to virtual machines connected to this distributed
port group.
Static binding - Assign a port to a virtual machine when the virtual machine connects to the
distributed port group.
Dynamic binding - Assign a port to a virtual machine the first time the virtual machine
powers on after it is connected to the distributed port group. Dynamic binding has been
deprecated since ESXi 5.0.
Ephemeral - No port binding. You can assign a virtual machine to a distributed port group
with ephemeral port binding also when connected to the host.
Port allocation
Elastic - The default number of ports is eight. When all ports are assigned, a new set of
eight ports is created. This is the default.
Fixed - The default number of ports is set to eight. No additional ports are created when all
ports are assigned.
Number of ports: Enter the number of ports on the distributed port group.
Network resource pool: If you have created network pool to help control network traffic, you can
select it here.
VLAN: Use the Type drop-down menu to select VLAN options:
None - Do not use VLAN.
VLAN - In the VLAN ID field, enter a number between 1 and 4094.
HOL-SDC-1410-UPD
Page 265
Ready to complete
Review your settings and click Finish to create the Distributed Port Group.
HOL-SDC-1410-UPD
Page 266
In the Navigator, expand out DSwitch and you will see the newly created WebVMTraffic Distributed
Port Group.
HOL-SDC-1410-UPD
Page 267
HOL-SDC-1410-UPD
Page 268
HOL-SDC-1410-UPD
Page 269
Security Profile
Before we configure Host Lockdown Mode, let's verify the SSH service is running on
esx-01a.corp.local.
Start by clicking Manage and Settings for esx-01a. Then click Security Profile under System.
HOL-SDC-1410-UPD
Page 270
You will need to scroll down a bit until you see the Services section.
We can see that the SSH service is enabled and running on esx-01a.corp.local.
HOL-SDC-1410-UPD
Page 271
Connect to esx-01a
Under Saved Sessions, click on esx-01a.corp.local and click the Open button.
HOL-SDC-1410-UPD
Page 272
HOL-SDC-1410-UPD
Page 273
Close the PuTTY session by typing 'exit' and hitting Enter. Once you hit Enter, the PuTTY window
will disappear.
HOL-SDC-1410-UPD
Page 274
Back in the vSphere Web Client, you will need to scroll down a bit until you see the Lockdown
Mode section.
Click on the Edit button.
HOL-SDC-1410-UPD
Page 275
Lockdown Mode
Wait for the vSphere Web Client to refresh to see that Lockdown Mode has been enabled.
HOL-SDC-1410-UPD
Page 276
Using the same steps we used above, open the PuTTY application from the Windows Taskbar.
Click on esx-01a.corp.local under Saved Sessions and click Open.
HOL-SDC-1410-UPD
Page 277
Denied!
You should receive an error when trying to connect to esx-01a.corp.local. The host has been
configured with Host Lockdown Mode and will refuse any remote connections, unless those users
were added to the Exception User list.
Click OK and close PuTTY by clicking the 'X' in the top right-hand corner of the window.
HOL-SDC-1410-UPD
Page 278
Back in the vSphere Web Client, click on the Edit button again under Lockdown Mode.
HOL-SDC-1410-UPD
Page 279
HOL-SDC-1410-UPD
Page 280
HOL-SDC-1410-UPD
Page 281
Administration
In the vSphere Web Client, click the Home icon and select Administration.
HOL-SDC-1410-UPD
Page 282
Roles
Create a Role
HOL-SDC-1410-UPD
Page 283
Role name
HOL-SDC-1410-UPD
Page 284
HOL-SDC-1410-UPD
Page 285
Remove Permissions
Let's say that your company has separate teams to manage networking and storage, so the HOL
Role does not need access to either of them.
Uncheck the boxes for Networking and Storage views and click OK.
HOL-SDC-1410-UPD
Page 286
Clone a Role
HOL-SDC-1410-UPD
Page 287
1. Name the cloned role 'HOL Dev Role' Since we cloned the role, it is missing the Network
and Storage views privileges that the HOL Dev users require.
2. Tick the All Privileges box to restore full Administrative privileges to this role.
3. Click OK to complete the clone
HOL-SDC-1410-UPD
Page 288
HOL-SDC-1410-UPD
Page 289
Click on the role "HOL Role" to select it and then click the Edit button.
HOL-SDC-1410-UPD
Page 290
New Name
HOL-SDC-1410-UPD
Page 291
Delete Role
Confirm Deletion
HOL-SDC-1410-UPD
Page 292
Role Deleted
We can see that the role named "HOL Admin Role" has been deleted.
Creating unique and granular roles for users in your organization enables better security for your
vSphere infrastructure.
This concludes this lesson on User Access and Authentication Roles.
HOL-SDC-1410-UPD
Page 293
HOL-SDC-1410-UPD
Page 294
Login to the vSphere Web Client with an account which has the SSO Admin privilege:
1.
2.
3.
4.
Click the "Mozilla Firefox" icon from the Control Center desktop
Username - administrator@vsphere.local
Password - VMware1!
Click "Login"
Navigate to Administration
HOL-SDC-1410-UPD
Page 295
When the machine with the Platform Services Controller (PSC), which runs the Single Sign-On
component, is added to an Active Directory domain, the Identity Source for that domain is
automatically added to SSO.
Click on Configuration in the Single Sign-On section of the Navigator
1. Click on the Identity Sources tab
2. Notice that the corp.local domain is listed as an Active Directory identity source
3. Notice that the vsphere.local domain is listed with an unspecified type. This is the internal
SSO domain.
Users in the domains listed here can be granted permissions within vSphere.
Add a vCenter Single Sign On User with the vSphere Web Client
In the vSphere Web Client, users listed on the Users tab are internal to vCenter Single Sign On.
These users are not the same as local operating system users, which are local to the operating
system of the machine where Single Sign On is installed (for example, Windows). When you add a
Single Sign On user with the Single Sign On administration tool, that user is stored in the Single
Sign On database, which runs on the system where Single Sign On is installed. These users are
part of the SSO domain, by default, "vsphere.local" -- or "System-Domain" for vSphere 5.1. Exactly
one system identity source is associated with an installation of Single Sign On.
HOL-SDC-1410-UPD
Page 296
Login to the vSphere Web Client as the administrator@vsphere.local user with password
VMware1! and navigate to the Administration section, as indicated in the previous exercise.
1. Click on Users and Groups under Single Sign-On
2. On the Users tab, click the New User icon.
HOL-SDC-1410-UPD
Page 297
Type a user name and password for the new user. Note that the password must meet the
password policy requirements for the system. The policy can be displayed by hovering your
mouse cursor over the "i" icon to the right of the password field.
Enter First name and Last Name, then enter an email address.
Click OK to create the user.
NOTE: You cannot change the user's name after you create the user. First and Last name are
optional parameters.
Edit a vCenter Single Sign On User with the vSphere Web Client
HOL-SDC-1410-UPD
Page 298
Login to the vSphere Web Client as the administrator@vsphere.local user with password
VMware1! and navigate to the Administration section, as indicated in the previous exercise.
1. Click on Users and Groups under Single Sign-On
2. On the Users tab, click the New User icon.
HOL-SDC-1410-UPD
Page 299
Make changes to the user. The password must meet the password policy requirements for the
system.
Click 'OK' to save any changes.
Add a vCenter Single Sign On Group with the vSphere Web Client
In the vSphere Web Client, groups listed on the Groups tab are internal to vCenter Single Sign On.
A group lets you create a container for a collection of group members called principals. When you
add a Single Sign On group with the Single Sign On administration tool, the group is stored in the
Single Sign On database. The database runs on the system where Single Sign On is installed.
These groups are part of the identity source domain vsphere.local (the dafault for vSphere 5.5 and
higher), or System-Domain for vSphere 5.1.
Group members can be users or other groups, and a group can contain members from across
multiple identity sources. After you create a group and add principals, you apply permissions to the
group. Members of the group inherit the group permissions.
HOL-SDC-1410-UPD
Page 300
Login to the vSphere Web Client as the administrator@vsphere.local user with password
VMware1! and navigate to the Administration section, as indicated in the previous exercise.
1. Click on Users and Groups under Single Sign-On
2. On the Users tab, click the New User icon.
HOL-SDC-1410-UPD
Page 301
Enter a name and description for the group. You cannot change the group name after you create
the group.
Click OK to create the group
HOL-SDC-1410-UPD
Page 302
Login to the vSphere Web Client as the administrator@vsphere.local user with password
VMware1! and navigate to the Administration section, as indicated in the previous exercise.
1. Click on Users and Groups under Single Sign-On
2. On the Users tab, click the New User icon.
HOL-SDC-1410-UPD
Page 303
1.
2.
3.
4.
HOL-SDC-1410-UPD
Page 304
1.
2.
3.
4.
5.
HOL-SDC-1410-UPD
Page 305
Login to the vSphere Web Client as the administrator@vsphere.local user with password
VMware1! and navigate to the Administration section, as indicated in the previous exercise.
1. Click on the Global Permissions item under Access Control
2. Click the Manage tab
SSO provides the ability to grant Global Permissions to an account by specifying the required
access here. In the lab, this list represents the default permissions granted, with the exception of
the CORP.LOCAL\Administrator user that we have added with Administrator permissions to the
entire vSphere infrastructure.
HOL-SDC-1410-UPD
Page 306
The members of the HOL Group will need to manage all virtual machines in the environment, so
we will configure permissions here.
1. Click the green (+) to open the Add New Permission window
2. Click the Add... button
HOL-SDC-1410-UPD
Page 307
1.
2.
3.
4.
5.
HOL-SDC-1410-UPD
Page 308
Permissions are granted to a user for an object by associating a Role with the user. This was
covered in the previous section, User Access and Authentication Roles.
1. Select the Virtual machine power user (sample) role from the Assigned Role list
2. Ensure the Propagate to children box is checked
3. Click OK
HOL-SDC-1410-UPD
Page 309
Note that the HOL Group has been granted Virtual machine power user access to all child objects
in the infrastructure.
If you would like to test this further, logout of the Web Client and log back in as the
holadmin@vsphere.local user with the password you used when creating the account. Notice
that access to the infrastructure is restricted to basic management of virtual machines.
HOL-SDC-1410-UPD
Page 310
By default, after three failed login attempts, the Users' account is locked.
In the lab, this policy has been disabled in order to prevent login issues that frequently occur with
non-US keyboards.
This section has been included for reference purposes only.
Unlocking a User
Login to the vSphere Web Client as a user with SSO Admin privileges and navigate to the Users
list.
1. Locate the locked user account -- it will show as "Yes" in the "Locked" column.
2. Right-click on the locked user and select 'Unlock'
Log out of the Web Client.
HOL-SDC-1410-UPD
Page 311
after 90 days in vSphere 6, but your system administrator might change this depending on the
policy of your organization. If you choose to keep the defaults, remember to change the password
for the administrator@vsphere.local account password every 90 days or it will lock out on day 91.
Change Password
In the upper navigation pane, click your user name to pull down the menu.
Conclusion
Typically, user accounts will not be managed natively within the SSO domain, but will be handled
by an external directory source like Microsoft Active Directory or OpenLDAP. Understanding how
SSO handles accounts and where to look for account-to-permission binding is useful for managing
a vSphere implementation.
HOL-SDC-1410-UPD
Page 312
HOL-SDC-1410-UPD
Page 313
esx-01a.corp.local
Click on esx-01a.corp.local.
TCP/IP Configuration
Click on the Manage tab, then the Networking tab and finally the TCP/IP configuration tab.
HOL-SDC-1410-UPD
Page 314
Click on Default under System stacks and click the edit button.
DNS configuration
HOL-SDC-1410-UPD
Page 315
Settings
HOL-SDC-1410-UPD
Page 316
Join Domain
HOL-SDC-1410-UPD
Page 317
Click OK.
After a few moments, you should see the screen refresh and The Authentication Services section
update to show the host s now connected to the Active Directory domain.
Conclusion
This concludes Module 3 - An Introduction to vSphere Networking and Security . We hope you
have enjoyed taking this lab. Please remember to take the survey at the end.
If you have time remaining, here are the other Modules that are part of this lab, along with an
estimated time to complete each one. Click on the 'Table of Contents' button to quickly jump to
that Module in the Manual.
Module 1 - What' New with vSphere 6 (90 Minutes)
HOL-SDC-1410-UPD
Page 318
HOL-SDC-1410-UPD
Page 319
HOL-SDC-1410-UPD
Page 320
Local Storage
The illustration above depicts virtual machines using Local VMFS storage directly attached to a
single ESXi host.
HOL-SDC-1410-UPD
Page 321
Local storage can be internal hard disks located inside your ESXi host, or it can be external
storage systems located outside and connected to the host directly through protocols such as SAS
or SATA.
Networked Storage
The illustration above depicts virtual machines using networked VMFS storage presented to
multiple ESXi hosts.
Networked storage consists of external storage systems that your ESXi host uses to store virtual
machine files remotely. Typically, the host accesses these systems over a high-speed storage
network. Networked storage devices are typically shared. Datastores on networked storage
devices can be accessed by multiple hosts concurrently, and as a result, enable additional
vSphere technologies such as High Availability host clustering, Distributed Resource Scheduling,
vMotion and Virtual Machines configured with Fault Tolerance. ESXi supports several networked
storage technologies - Fiber Channel, iSCSI, NFS, and Shared SAS.
HOL-SDC-1410-UPD
Page 322
The illustration above depicts virtual machines using different types of virtual disk formats against
a shared VMFS Datastore.
When you perform certain virtual machine management operations, such as creating a virtual disk,
cloning a virtual machine to a template, or migrating a virtual machine, you can specify a
provisioning policy for the virtual disk file format. There are three types of virtual disk formats:
Thin Provision
Use this format to save storage space. For the thin disk, you provision as much datastore space
as the disk would require based on the value that you enter for the disk size. However, the thin
disk starts small and at first, uses only as much datastore space as the disk needs for its initial
operations.
Thick Provision Lazy Zeroed
Creates a virtual disk in a default thick format. Space required for the virtual disk is allocated when
the virtual disk is created. Data remaining on the physical device is not erased during creation, but
is zeroed out on demand at a later time on first write from the virtual machine.
Using the thick-provision, lazy-zeroed format does not zero out or eliminate the possibility of
recovering deleted files or restoring old data that might be present on this allocated space. You
cannot convert a thick-provisioned, lazy-zeroed disk to a thin disk.
HOL-SDC-1410-UPD
Page 323
HOL-SDC-1410-UPD
Page 324
HOL-SDC-1410-UPD
Page 325
HOL-SDC-1410-UPD
Page 326
HOL-SDC-1410-UPD
Page 327
HOL-SDC-1410-UPD
Page 328
HOL-SDC-1410-UPD
Page 329
HOL-SDC-1410-UPD
Page 330
HOL-SDC-1410-UPD
Page 331
HOL-SDC-1410-UPD
Page 332
HOL-SDC-1410-UPD
Page 333
HOL-SDC-1410-UPD
Page 334
HOL-SDC-1410-UPD
Page 335
HOL-SDC-1410-UPD
Page 336
HOL-SDC-1410-UPD
Page 337
HOL-SDC-1410-UPD
Page 338
HOL-SDC-1410-UPD
Page 339
HOL-SDC-1410-UPD
Page 340
1. Click on the Hosts and Clusters icon to return to that Inventory view
2. Select Cluster Site A
3. Click on Summary to view the cluster's current configuration
Note that there are two hosts in the cluster and DRS is enabled in Partially Automated mode
HOL-SDC-1410-UPD
Page 341
HOL-SDC-1410-UPD
Page 342
Enter credentials
HOL-SDC-1410-UPD
Page 343
Host summary
HOL-SDC-1410-UPD
Page 344
11. Click the radio button next to the VMware vSphere with Operations Management 6
Enterprise Plus for vSphere (CPUs) license
12. Ensure the license validates
13. Click Next
HOL-SDC-1410-UPD
Page 345
14. Leave the default Lockdown Mode setting of Disabled and click Next
HOL-SDC-1410-UPD
Page 346
15. Again, this is a new host with an empty inventory, so leave the default and click Next
HOL-SDC-1410-UPD
Page 347
HOL-SDC-1410-UPD
Page 348
Monitor Progress
HOL-SDC-1410-UPD
Page 349
The new host, esx-03a.corp.local has been imported but does not currently have any storage
configured. Clicking on the hostname in the Inventory will show the Warning indicated.
In this section, the new host will have NFS storage added to it.
HOL-SDC-1410-UPD
Page 350
In this case, there are two NFS datastores used by the Cluster Site A cluster. Adding an existing
NFS datastore to a new host is a simple process.
1.
2.
3.
4.
HOL-SDC-1410-UPD
Page 351
HOL-SDC-1410-UPD
Page 352
1. Select the Hosts and Clusters view icon in the Inventory list to switch the Inventory view
HOL-SDC-1410-UPD
Page 353
2.
3.
4.
5.
6.
7.
8. Select OK to continue
The new adapter will be added to the host. The process can be monitored using Recent Tasks as
the wizard opens firewall ports and creates the adapter.
9. Once the tasks complete, it may be necessary to refresh the Web Client's view of the
world.
HOL-SDC-1410-UPD
Page 354
Depending on the size of your screen, it may be necessary to scroll the Adapter list to see the new
vmhba33 that was added.
HOL-SDC-1410-UPD
Page 355
HOL-SDC-1410-UPD
Page 356
Once the new Target has been added, a message will appear in yellow to remind you of the need
to tell the adapter to reach out and query the iSCSI Target.
7. Click on the vmhba33 iSCSI adapter to select it
8. Click the "Rescan this adapter" icon to rescan
HOL-SDC-1410-UPD
Page 357
9. Once the rescan completes, click on Devices to show the LUNs detected on the iSCSI
Target
Note that there should be two 5.5 GB iSCSI LUNs available from the FreeNAS, corresponding to
our two iSCSI datastores, ds-iscsi01 and ds-iscsi02.
10. These devices will also show up in the Strorage Devices area
HOL-SDC-1410-UPD
Page 358
HOL-SDC-1410-UPD
Page 359
Completed Scan
The rescan tasks can be monitored using Recent Tasks. Following the rescan, all available
devices and VMFS datastores should be mounted. These can be verified by visiting the
appropriate locations: the Storage Devices pane for unformatted devices and the Related Objects
> Datastores area for VMFS datastores.
HOL-SDC-1410-UPD
Page 360
There are several ways to take a host out of Maintenance Mode. This process is good ot know
because it can be used to take multiple hosts out of Maintenance Mode (or put them into
Maintenance Mode) simultaneously.
1.
2.
3.
4.
5.
Ready to Go
After a few seconds, the host will exit Maintenance Mode. If you enabled vSphere HA on the
cluster, the HA agent will be configured and started before the host shows a Status of Normal. The
process occurs fairly quickly, so a refresh of the Web Client may be required to show the current
state.
Note that basic networking for virtual machines, vMotion, and IP Storage have been preconfigured
on this host for the purpose of this lab exercise. Adding the new host to the vds-site-a distributed
HOL-SDC-1410-UPD
Page 361
switch would typically be done prior to taking the host out of Maintenance Mode, but is not
required for this exercise. Feel free to migrate this switch to the VDS if you would like the practice.
This host is now able to handle workloads for the cluster.
HOL-SDC-1410-UPD
Page 362
Storage vMotion
Planned downtime typically accounts for over 80% of datacenter downtime. Hardware
maintenance, server migration, and firmware updates all require downtime for physical servers. To
minimize the impact of this downtime, organizations are forced to delay maintenance until
inconvenient and difficult-to-schedule downtime windows.
The vMotion and Storage vMotion functionality in vSphere makes it possible for organizations to
reduce planned downtime because workloads in a VMware environment can be dynamically
moved to different physical servers or to different underlying storage without service interruption.
Administrators can perform faster and completely transparent maintenance operations, without
being forced to schedule inconvenient maintenance windows. With vSphere vMotion and Storage
vMotion, organizations can:
Eliminate downtime for common maintenance operations.
Eliminate planned maintenance windows.
Perform maintenance at any time without disrupting users and services.
In this lab, you will learn how to work with vMotion and move virtual machines to different hosts
within the cluster.
Storage View
If you are not already logged into the vSphere Web Client:
Click the "Mozilla Firefox" icon from the Control Center desktop
Click the "Use Windows session authentication" check box
Click "Login"
HOL-SDC-1410-UPD
Page 363
1. Go the home screen of the vSphere Web Client by clicking the "Home" icon.
2. Click the "Storage" icon.
1. Navigate to and click on the ds-site-a-nfs01 datastore object in the Datacenter Site A
datacenter managed by the vcsa-01a.corp.local vCenter.
2. Click "Related Objects"
3. Click the "Virtual Machines" tab. You should now have a list of all virtual machines on the
selected datastore.
Note: depending on which lessons you have completed, the available datastores and
virtual machines may be different than the images.
HOL-SDC-1410-UPD
Page 364
HOL-SDC-1410-UPD
Page 365
Migrate Datastore
1. Select the radio button to "Change storage only". Note that in vSphere 6.0 we do have the
ability to change compute, network, and storage in the same vMotion operation.
2. Click "Next"
HOL-SDC-1410-UPD
Page 366
Storage Policy
1. Note that the ds-iscsi01 datastore is already selected because that's where we dropped
the VM prior to starting the wizard.
2. Click "Next" to accept the settings for the storage move.
3. Click "Finish" on the next screen to start the move.
This operation will take a few minutes. Feel free to monitor the operation within the Recent Tasks
pane or move on to the next step.
HOL-SDC-1410-UPD
Page 367
The Storage vMotion progress can be monitored in the Recent Tasks panel
1. Once complete, click on the ds-iscsi01 datastore and notice that the TinyLinux-01 virtual
machine is listed under its Related Objects.
The virtual machine's storage has been migrated from NFS to iSCSI storage without the need to
take the virtual machine offline.
HOL-SDC-1410-UPD
Page 368
HOL-SDC-1410-UPD
Page 369
HOL-SDC-1410-UPD
Page 370
HOL-SDC-1410-UPD
Page 371
HOL-SDC-1410-UPD
Page 372
HOL-SDC-1410-UPD
Page 373
HOL-SDC-1410-UPD
Page 374
HOL-SDC-1410-UPD
Page 375
HOL-SDC-1410-UPD
Page 376
HOL-SDC-1410-UPD
Page 377
HOL-SDC-1410-UPD
Page 378
HOL-SDC-1410-UPD
Page 379
HOL-SDC-1410-UPD
Page 380
HOL-SDC-1410-UPD
Page 381
HOL-SDC-1410-UPD
Page 382
HOL-SDC-1410-UPD
Page 383
HOL-SDC-1410-UPD
Page 384
HOL-SDC-1410-UPD
Page 385
HOL-SDC-1410-UPD
Page 386
HOL-SDC-1410-UPD
Page 387
HOL-SDC-1410-UPD
Page 388
HOL-SDC-1410-UPD
Page 389
HOL-SDC-1410-UPD
Page 390
HOL-SDC-1410-UPD
Page 391
HOL-SDC-1410-UPD
Page 392
HOL-SDC-1410-UPD
Page 393
HOL-SDC-1410-UPD
Page 394
Delete Snapshot
HOL-SDC-1410-UPD
Page 395
Delete Snapshot#1
1.
2.
3.
4.
It is a best practice to delete virtual machine snapshots when they are no longer needed. Over
time the snapshot delta can grow to be quite large which could result in issues consolidating the
virtual machine files.
HOL-SDC-1410-UPD
Page 396
HOL-SDC-1410-UPD
Page 397
HOL-SDC-1410-UPD
Page 398
HOL-SDC-1410-UPD
Page 399
HOL-SDC-1410-UPD
Page 400
HOL-SDC-1410-UPD
Page 401
HOL-SDC-1410-UPD
Page 402
Select Storage
The datastore with the most free space is automatically chosen. Please keep the default "ds-sitea-nfs01". Press the "Next" button.
HOL-SDC-1410-UPD
Page 403
HOL-SDC-1410-UPD
Page 404
HOL-SDC-1410-UPD
Page 405
HOL-SDC-1410-UPD
Page 406
HOL-SDC-1410-UPD
Page 407
HOL-SDC-1410-UPD
Page 408
Select storage
7. Leave the default datastore which has the most free space
8. Click "Next"
HOL-SDC-1410-UPD
Page 409
HOL-SDC-1410-UPD
Page 410
Ready to complete
Review the deployment options and then click "Finish".
HOL-SDC-1410-UPD
Page 411
HOL-SDC-1410-UPD
Page 412
Navigate to Storage
HOL-SDC-1410-UPD
Page 413
HOL-SDC-1410-UPD
Page 414
HOL-SDC-1410-UPD
Page 415
Due to the I/O characteristic of the VMware Hands-on Labs environment, please leave the defaults
and select "Next".
Feel free to explore the various settings for Storage DRS automation.
HOL-SDC-1410-UPD
Page 416
Storage DRS provides multiple options for tuning the sensitivity of storage cluster balancing.
Please leave the defaults for now and select "Next".
HOL-SDC-1410-UPD
Page 417
Because there are no standalone hosts, please select "Cluster Site A" and then click the "Next"
button.
HOL-SDC-1410-UPD
Page 418
Select the "ds-iscsi02" and "ds-iscsi01" datastores for the new Datastore Cluster.
HOL-SDC-1410-UPD
Page 419
Review the Storage DRS settings and click the "Finish" button.
HOL-SDC-1410-UPD
Page 420
Conclusion
Leveraging vSphere Datastore Clusters in your vSphere environment can help to ensure
datastores are filled evenly and I/O is spread out across the group of datastores in the cluster.
Storage DRS can automate the initial placement of new virtual machines and adjust virtual
machine placement to maintain an even distribution of I/O across the datastore cluster.
HOL-SDC-1410-UPD
Page 421
HOL-SDC-1410-UPD
Page 422
HOL-SDC-1410-UPD
Page 423
Virtual Volumes
Virtual Volumes is a new feature released with vSphere 2015. Virtual Volumes is a new virtual
machine disk management and integration framework that enables array-based operations at the
virtual disk level. It transforms the data plane of SAN and NAS storage systems by aligning
storage consumption and operations with virtual machines. In other words, Virtual Volumes makes
SAN and NAS storage systems capable of being managed at a virtual machine level and enables
the leveraging of array-based data services and storage array capabilities with a virtual
machinecentric approach at the granularity of a single virtual disk.
Virtual Volumes implements a significantly different and improved storage architecture, enabling
operations to be conducted at the virtual machine level using native array capabilities. With Virtual
Volumes, most data operations are offloaded to the storage arrays. Virtual Volumes eliminates the
need to provision and manage large numbers of LUNs or volumes per host. This reduces
operational overhead while enabling scalable data services on a pervirtual machine level.
Storage PolicyBased Management (SPBM) is a key technology that works in conjunction with
Virtual Volumes. This framework delivers an orchestration and automation engine that translates
the storage requirements expressed in a virtual machine storage policy into virtual machine
granular provisioning capabilities with dynamic resource allocation and management of storagerelated services.
Through the integration of VMware vSphere API for Storage Awareness, storage array capabilities
are pushed through the vSphere stack and are surfaced in the vCenter Server management
interface. Using virtual machine storage policies, vSphere administrators can specify a set of
storage requirements and capabilities for any particular virtual machine to match service levels
required by hosted applications. SPBM leverages Virtual Volumes to recommend compliant
datastores for virtual machine placement and to transparently turn on the necessary data services
based on native array capabilities. Through SPBM, virtual machine tailored data services are
executed by the array. Coupled with Virtual Volumes, SPBM ensures policy compliance throughout
the virtual machine life cycle.
To get hands-on experience with Virtual Volumes, consider taking the Hands-on Lab, HOLSDC-1429 - Virtual Volumes. You may also want to review HOL-SDC-1427 - VMware Software
Defined Storage for the Enterprise where you can gain a better understanding of Storage Policy
Based Management.
Conclusion
This concludes Module 4 - An Introduction to vSphere Storage. We hope you have enjoyed taking
this lab and don't forget to take the survey at the end.
If you have time remaining, here are the other Modules that are part of this lab, along with an
estimated time to complete each one. Click on the 'Table of Contents' button to quickly jump to
that Module in the Manual.
Module 1 - What' New with vSphere 6 (90 Minutes)
Module 2 - An Introduction to Management with vCenter Server (60 Minutes)
Module 3 - An Introduction to vSphere Networking and Security (60 Minutes)
HOL-SDC-1410-UPD
Page 424