Sie sind auf Seite 1von 150

azarpara.vahid@gmail.

com

Digitally signed by vahid

Lab 1 Using vSphere Distributed


Switches

Objective: Create, configure, back up, and check a


distributed switch

In this lab, you perform the following tasks:

1 . Log In to the Student Desktop


2. Verify That the vSphere Licenses Are Valid
3. Assign Valid vSphere Licenses
4. Create a Distributed Switch
5. Add ESXi Hosts to the New Distributed Switch
6. Examine Your Distributed Switch Configuration
7. Migrate the Virtual Machines to a Distributed Switch Port Group
8. Enable the Distributed Switch Health Check
9. Back Up the Distributed Switch Configuration
10. Cause Errors on the Distributed Switch
11. Monitor the Health of the Distributed Switch
12. Restore the Distributed Switch Configuration

Lab 1 Using vSphere Distributed Switches 1

mcse2012.blogfa.com
azarpara.vahid@gmail.com

Task 1 : Log I n to the Student Desktop

You access and log in to your student desktop system to perform all lab activities for this course.
Use the following information from the class configuration handout:

Student desktop user name

Standard lab password
1 . Ask your instructor how to log in to the student desktop system in your lab environment.
For example, your instructor might have you use Remote Desktop Connection to connect to the
student desktop system.
2. Log in to the student desktop system, using your student desktop user name and the standard lab
password.

Task 2: Verify That the vSphere Licenses Are Va lid

You verify that licenses for VMware vCenter Server and the VMware ESXi hosts are valid.
Use the following information from the class configuration handout:

Standard lab password
1 . Log in to the VMware vSphere Web Client interface.
a. On the student desktop machine task bar, click the Internet Explorer shortcut.
b. From the Favorites bar, select vSphere Web Clients > SA-VCSA-0 1.

c. If you receive a security exception for vSphere Web Client, click the Continue to this
website (not recommended) link to open the login screen.

d. Log in with administrator@vsphere.local (the vCenter Server administrator user name) and
the standard lab password.
e. Point to the Home icon and select Home.
2. Verify that the licenses for the vCenter Server system and the ESXi hosts are valid.
a. On the Home page under Administration, click the Licensing icon.
b. In the center pane, click the Assets tab.
c. On the vCenter Server systems tab, verify that the vCenter Server system has a valid license.
d. Click the Hosts tab.
e. Verify that all ESXi hosts have valid licenses.
f. If the vCenter Server system and the ES Xi hosts are not licensed or have licenses that are
expired, go to task 3 .
g. If the licenses are valid, go to task 4.

2 Lab 1 Using vSphere Distributed Switches

mcse2012.blogfa.com
Task 3: Assign Valid vSphere Licenses

If the vCenter Server system and ESXi hosts licenses are expired, you assign valid licenses to these
VMware vSphere components.
Use the following information from the class configuration handout:

vCenter Server license key

vSphere Enterprise Plus license key
1 . In the center pane, click the Licenses tab.
2. Click the Create New Licenses icon (green plus sign).
The New Licenses wizard appears.
3. In the License keys (one per line) text box, enter the 1 icense keys that your instructor gave you
(one per line) and click Next.
4. On the Edit license names page, enter the new license names vcenter Server and
Enterprise Plus in the License Name text boxes and click Next.

5. On the Ready to complete page, click Finish.


6. Assign a vCenter Server license key to the vCenter Server instance.
a. In the center pane, click the Assets tab.
b. Click the vCenter Server systems tab and click the Assign License icon.
c. In the Assign License dialog box, select the vCenter Server license key.
d. Click OK.
7. Assign the vSphere Enterprise Plus license key to the ESXi hosts.
a. In the center pane, click the Hosts tab.
b. Select all hosts by clicking the first host, holding the Shift key, and selecting the last host.
c . Click the Assign License icon.
d. In the Assign License dialog box, select the vSphere Enterprise Plus license key.
e. Click OK.

Lab 1 Using vSphere Distributed Switches 3


8. Reconnect the ESXi hosts.
a. Point to the Home icon and select Hosts and Clusters.
b. In the Navigation pane, expand SA Datacenter and select S A Management.
c . In the center pane, click the Hosts tab.
The three ES Xi hosts have a status of Disconnected.
d. Select all three hosts by clicking the first host, holding the Shift key, and selecting the last host.
e. Right-click the host selection and select Connection > Connect.
f. Verify that all three ESXi hosts have a status of Connected.

Task 4 : Create a Distri buted Switch

You create a distributed switch that functions as a single virtual switch across all associated hosts in
your vSphere environment.
1 . In vSphere Web Client, point to the Home icon and select Networking.
2. In the left pane, expand the inventory until you see SA Datacenter.
3. Right-click S A Datacenter and select Distributed Switch > New Distributed Switch.
4. On the Name and location page, enter dvs -Lab in the Name text box and click Next.

5. On the Select version page, leave Distributed switch: 6.5.0 selected and click Next.
6. On the Edit settings page, enter pg-SA Production in the Port group name text box, keep
all other defaults, and click Next.
7. On the Ready to complete page, review the configuration settings and click Finish.
The dvs-Lab distributed switch is listed in the left pane, also called the Navigator pane.
8. Configure the pg-SA Production port group to use only Uplink 2 .
a. In the left pane, expand dvs-Lab and right-click pg-SA Production.
b. Select Edit Settings.

c. In the Edit Settings window, select Teaming and failover on the left.
d. Select Uplink 1 and click the down arrow until the uplink appears under Unused uplinks.
e. Select Uplink 3 and click the down arrow to move it to the Unused uplinks section.

4 Lab 1 Using vSphere Distributed Switches


f. Select Uplink 4 and move it to the Unused uplinks section.

Failover order

Active uplinks
Uplink2

standby uplinks
Unused uplinks
1Jiii!1 Uplink 1

Uplink3
Uplink4

g. Click OK

Task 5: Add ESXi H osts to the New Distri b uted Switch

You add ESXi hosts and physical adapters to the distributed switch.
1 . In the Navigator pane, right-click the dvs-Lab distributed switch and select Add and Manage
Hosts.

2 . On the Select task page, leave Add hosts clicked and click Next.
3. On the Select hosts page, click New Hosts (the green plus sign).
4. Select sa-esxi-0 1.vclass.local and sa-esxi-02.vclass.local and click OK.
Do not select sa-esxi-03.vclass.local.
5. Click Next.
6. On the Select network adapter tasks page, deselect the Manage VMkernel adapters check box
and leave the Manage physical adapters check box selected.
7. Click Next.

Lab 1 Using vSphere Distributed Switches 5


8. On the Manage physical network adapters page, assign vmnic2 to Uplink 2 on sa-esxi-
0 1 . vclass.local and sa-esxi-02. vclass.local.
a. Under sa-esxi-0 1 .vclass .local, select vmnic2 and click Assign uplink.

Manage physical networl< adauters


Add or remove physical network adapters to this distributed switch.

Assignuplink '\ I 1 g 0 Q Viewsemngs


Hosi!Phys1oal llet.Joik Adapt.rs 1 .. In U;:e by Swl!ell

tJ sa-esxl-01.vclass.local
0 n this SWllC h
On other swilcheslunclaimed

!iii vmnicO ilvs-SA Oatatenter

!iii vmnic1 ilvs-SA Oatacenter

liiiiil vmnic2
Iii! vmnic3
tJ sa-esxi-02.vclass.local

b. Select Uplink 2 and click OK.


c. Under sa-esxi-02.vclass.local, select vmnic2 and click Assign uplink.
d. Select Uplink 2 and click OK.
e. Click Next.

9. On the Analyze impact page, verify that the status is No impact for both ESXi hosts and click Next.
1 0 . On the Ready to complete page, review your settings and click Finish.

Task 6: Examine You r Distri b uted Switch Configuration

You examine the configuration of the distributed switch uplink, which is bound to the associated
physical interfaces on the ESXi hosts. You also examine other distributed switch features, including
the maximum transmission unit (MTU) value, VLAN capabilities, LACP aggregation groups,
NetFlow, and VMware vSphere Network 110 Control.
1 . In the Navigator pane, select the dvs-Lab distributed switch.
2. In the center pane, click the Configure tab and select Topology on the left.

6 Lab 1 Using vSphere Distributed Switches


3. In the distributed switch topology diagram, click the arrow next to Uplink 2 to expand the view.

pg-SA Production
1--
8 ... dvs-Lab-DVUplinks-81

VLA.N ID: -- Ii; Uplink 1 (0 NIC Adapters)


Virtual Machines (0) ..- Uplink 2 (2 NIC Adapters)

O vmnic2 sa-esxi-02.vclass.local 8
O vmnic2 sa-esxi-01.vclass.local 8
Uplink 3 (0 NIC Adapters)

Uplink 4 (0 NIC Adapters)

4. Verify that for both ESXi hosts the vmnic2 is attached and appears under Uplink 2.
5. In the center pane, click Properties on the left and verify the settings.

Network I/O Control is enabled.

Number of uplinks is 4.

The MTU size is 1500 bytes.

The Cisco Discovery Protocol is implemented.
6. Click each additional configuration link on the left and verify the settings.

LACP LAG is not defined.

Private VLAN is not defined.

NetFlow collector is not defined.

Port mirroring is not configured.

Health check is not enabled.
7. In the Navigator pane, select the pg-SA Production port group.
8. Click the Configure tab and select Properties on the left.
9. Verify the distributed port group settings.

Port binding is set to static binding.

Port allocation is set to elastic.

The number of ports is eight.

Lab 1 Using vSphere Distributed Switches 7


Task 7: Mig rate the Virtual Machi nes to a Distrib uted Switch Port G roup

You move the virtual machines from the pg-SA Management port group on the dvs-SA Datacenter
distributed switch to the pg-SA Production port group on the dvs-Lab distributed switch.
Use the following information from the class configuration handout:
Standard lab password
1 . In the Navigator pane, right-click the dvs-Lab distributed switch and select Migrate VMs to
Another Network.

The Migrate VMs to Another Network wizard appears.


2. Migrate the virtual machines from pg-SA Management on the dvs-SA Datacenter distributed
switch to the pg-SA Production network on the dvs-Lab distributed switch.
a. On the Select source and destination networks page, leave Specific network clicked for the
Source network and click Browse.
b. Select pg-SA Management and click OK.

c. For the Destination network, click Browse.


d. Select pg-SA Production and click OK.

e. Click Next.
f. On the Select virtual machines to migrate page, select the All virtual machines check box.
A warning message states that the destination network is inaccessible for one or more
virtual machines and that these virtual machines are not selected for migration.
g. Click OK.

The LAB-VC S-0 1 virtual machine is dimmed. You cannot migrate this virtual machine,
because it is hosted on the sa-esxi-03 .vclass. local host, which is inaccessible to the pg-SA
Production port group.
h. Click Next.
3 . On the Ready to complete page, review the settings and click Finish.

8 Lab 1 Using vSphere Distributed Switches


4. Verify your distributed switch configuration.
a. In the Navigator pane, select dvs-Lab and click the Hosts tab in the center pane.
b. Verify that sa-esxi- 0 1 .vclass.local and sa-esxi-02.vclass. local are connected to the
distributed switch.
The state of the ESXi hosts should be Connected.
c. Click the VMs tab and verify that your virtual machines are listed.
If the virtual machines are listed, then they reside on the new distributed switch.
d. Click the Ports tab and verify that pg-SA Production is listed in the Port Group column and
that an uplink port group is created for the distributed switch.
You can expand the Port Group column so that you can view the full name of the uplink
port group.
5. In vSphere Web Client, point to the Home icon and select Hosts and Clusters.

6. Power on LinuxO 1 and log in to its console.


a. In the Navigator pane, expand SA Datacenter and expand the SA Management cluster.
b. Right-click LinuxOl and select Power > Power On.

c . Right-click LinuxOl and select Open Console.


d. If you receive a security exception, click the Continue to this website (not
recommended) link to continue.

Wait for the virtual machine to finish booting.


e . Log in as user root and use the standard lab password.
7 . Verify that the virtual machine has full network connectivity.
a. At the command prompt, ping 1 72.20 . 1 0. 1 0 (the domain controller's IP address) to verify
the virtual machine 's network connectivity.
p i ng 1 7 2 . 2 0 . 1 0 . 1 0

The p i ng command should b e successful.


b. If the p i n g command is successful, press Ctrl+C to end the pi ng command.
c. If the ping command is not successful, enter the service network restart command
to ensure that your virtual machine has a valid DHCP-assigned IP address.
d. Try the p i ng command again.
e . I f the p i n g command is successful, press Ctrl+C to end the pi ng command.
8. Close the LinuxOl virtual machine console tab.

Lab 1 Using vSphere Distributed Switches 9


Task 8: Enable the D istri buted Switch Health C heck

You enable the health check service on the dvs-Lab distributed switch.
1 . In vSphere Web Client, point to the Home icon and select Networking.
2. In the Navigator pane, select the dvs-Lab distributed switch.
3. In the center pane, click the Configure tab and select Health check on the left.
4. Click Edit.
5. Set VLAN and M T U to Enabled.

6. Set Teaming and failover to Enabled.

7. Click OK

Task 9: Back U p the Distri b uted Switch C o nfi g u ration

You save a backup of the dvs-Lab distributed switch configuration.


1 . In the Navigator pane, right-click the dvs-Lab distributed switch.
2 . Select Settings > Export Configuration.
3 . In the Export Configuration dialog box, leave Distributed switch and all port groups clicked
and click OK.
4. When prompted, click Yes to save the exported configuration.
5. Save the distributed switch configuration to the desktop of the student desktop machine, using
the default bac kup . zip filename.

Task 1 0: Ca use Errors on the Distri b uted Switch

You purposely cause errors by configuring an inval id VLAN ID on the pg-SA Production port group
and setting the MTU value to 9000 on the dvs-Lab distributed switch. These misconfigurations are
reported by the distributed switch health check service.

I M P O RTANT

Use only the dvs-Lab distributed switch for this task. Do not try to cause errors on the dvs-SA
Datacenter distributed switch.

10 Lab 1 Using vSphere Distributed Switches


1 . Configure an invalid VLAN ID on the distributed port group.
a. In the Navigator pane, right-click pg-SA Production and select Edit Settings.

b. In the Edit Settings window, click VLAN on the left.


c . From the VLAN type list, select VLAN.
d. In the VLAN ID box, enter 37.

VLAN ID 37 is not a valid VLAN ID because the physical switch is not configured for
VLAN 37. An invalid VLAN ID causes an error after you save the configuration.
e. Click OK.
2. Misconfigure the distributed switch by setting the MTU value to 9000.
a. In the Navigator pane, right-click the dvs-Lab distributed switch and select Settings > Edit
Settings.

b. In the Edit Settings dialog box, select Advanced on the left.


c . In the M T U (Bytes) box, change the value to 9000 .
This setting causes an error after you save the configuration because jumbo frames are not
configured in your environment.
d. Click OK.

Task 1 1 : Mon itor the Health of the Distrib uted Switch

You check the health of the dvs-Lab distributed switch.


1 . In the Navigator pane, select the dvs-Lab distributed switch.
2. In the center pane, click the Monitor tab and click Health.

3. Select the first ESXi host in the list.


4. View the VLAN tab at the bottom of the page.
The VLAN configuration status might take a few minutes to update.
5. Wait for the VLAN configuration status to change to Not Supported.
You might need to click the Refresh icon a few times in the vSphere Web Client interface to
update the status.
6. Click the MT U tab at the bottom of the page.
The MTU configuration status might take a few minutes to update. Until then, the configuration
status is Unknown.
7. Wait for the MTU configuration status to change to Not Supported.
You might need to click the Refresh icon a few times in the vSphere Web Client interface to
update the status.

Lab 1 Using vSphere Distributed Switches 11


Task 1 2: Resto re the D istri buted Switch Config u ration

You restore the dvs-Lab distributed switch configuration to reset any configuration change made
since the configuration was saved.
1 . In the Navigator pane, right-click the dvs-Lab distributed switch and select Settings > Restore
Configuration.

The Restore Configuration wizard appears.


2. On the Restore switch configuration page, click Browse, select the backup.zip file, and click
Open.

3. Leave Restore distributed switch and all port groups clicked and click Next.
4. On the Ready to complete page, review the settings and click Finish.
5 . If you lose connection to vSphere Web Client, restart the Internet Explorer browser.
6. After the switch configuration is restored, verify the configuration.
a. View the Health panel and verify that the overall health of the dvs-Lab distributed switch is
back to normal.
You might need to click the Refresh icon in the vSphere Web Client interface to update
the status.
b. View the VLAN settings of the pg-SA Production port group and verify that no VLAN is
configured.
c. View the advanced settings of the dvs-Lab distributed switch and verify that the MTU
value is 1 500.
7. Point to the Home icon and select Home.

12 Lab 1 Using vSphere Distributed Switches


Lab 2 Using Port Mirroring

Objective: Configure port mirroring and capture network


traffic on a distributed switch

In this lab, you perform the following tasks:

1 . Prepare to Capture Mirrored Network Traffic


2. Configure Port Mirroring on the Distributed Switch
3. Verify That Port Mirroring Is Capturing Traffic

Task 1 : Prepare to Capture M i rrored Network Traffic

You use the LinuxO l virtual machine to capture and monitor mirrored traffic.
1. If you are logged out of vSphere Web Client, log back in.
a. Open a new tab in Internet Explorer.
b. From the Favorites bar, select vSphere Web Clients > SA-VCSA-0 1.

c. Log in with administrator@vsphere.local (the vCenter Server administrator user name) and
the standard lab password.
2. In vSphere Web Client, point to the Home icon and select Hosts and Clusters.

3 . In the left pane, expand SA Datacenter and expand the S A Management cluster.
4. In the left pane, log in to the LinuxO 1 virtual machine console.
a. Right-click LinuxOl and select Open Console.
b. If prompted, click the Continue t o this website (not recommended) link to continue.
You should be logged in to LinuxO l as root.
c. If you are not logged in, then log in as user root with the standard lab password.

13
5. In the LinuxO 1 console, monitor ICMP network traffic.
t cpdump -nn i cmp

lrnntfllor,1lhw,t Ill trpciump nn 1rmp


tr:pc1ump vr-rhosc 011tp11t 11pprr::-;scc1, 11sc v nr vv for fu 11 protoco 1 c1croc1('
]10.k111114 u11 t:llil'J, l111k t4e ENHIMB Ull1t:r11t'll, Lcl]JlllrT 0.1;.::t 'JG b4lts

6. Monitor the command output for a few seconds and verify that ICMP traffic is not being
captured.
tcpdump output remains silent until ICMP traffic is detected on the network.
7. Leave the console window open, with the t cpdump command running uninterrupted.
8. In the Internet Explorer window, click the vSphere Web Client tab.

9. Power on the Linux02 virtual machine and log in to its console.


a. In the left pane, right-click Linux02 and select Power > Power On.

b. Right-click Linux02 and select Open Console.


c. If prompted, click the Continue to this website (not recommended) link to continue.
Wait for the virtual machine to finish booting.
d. Log in as user root and use the standard lab password.
The Linux02 virtual machine is used as the traffic source to be monitored.
1 0 . At the Linux02 command prompt, ping 1 72.20. 1 0 . 1 0 (the default router IP address).
p i ng 1 7 2 . 2 0 . 1 0 . 1 0

1 1 . If the p i n g command does not work, enter service network restart and repeat step 1 0 .
1 2 . After the p i ng command begins working, click the LinuxO l console tab.
1 3 . In the LinuxO 1 console window, verify that the running t cpdump command output remains
silent and has not captured any ICMP traffic .

Task 2: Confi g u re Port Mi rroring on the Distrib uted Switch

You configure port mirroring so that the port connected to the Linux02 machine is the mirror source
and the port connected to the LinuxO 1 machine is the mirror destination. All the traffic present on
the Linux02 port is forwarded to the LinuxO 1 port for examination.
1 . In the Internet Explorer window, click the vSphere Web Client tab.
2. Point to the Home icon and select Networking.

14 Lab 2 Using Port Mirroring


3. In the Navigator pane, select the dvs-Lab distributed switch.
4. In the center pane, click the Configure tab and select Port mirroring on the left.
5. In the Port mirroring panel, click the New icon.
The Add Port Mirroring Session wizard appears.
6. On the Select session type page, leave Distributed Port Mirroring clicked and click Next.
When you select this session type, distributed ports can only be local. If the source and
destination ports are on different hosts, port mirroring between them does not work. The
LinuxO I and Linux02 virtual machines both reside on sa-esxi-01 .vclass.local.
7. On the Edit properties page, configure the port mirroring session.
a. Select Enabled from the Status drop-down menu.
b. Select Allowed from the Normal 1/0 on destination ports drop-down menu.
c. Keep the rest of the defaults and click Next.
8. On the Select sources page, configure the port mirroring source.
a. Click the Select distributed ports icon.

Select sources
Select the source distributed po

Port ID Host
+

b. In the Select Ports dialog box, select the check box for the row with a connected entity of
Linux02 and click OK.

c. Click Next.
9. On the Select destinations page, configure the port mirroring destination.
a. Click the Select distributed ports icon.
b. In the Select Ports dialog box, select the check box for the row with a connected entity of
LinuxO I and click OK.
c. Click Next.
1 0 . On the Ready to complete page, review the settings and click Finish.

Lab 2 Using Port M i rroring 15


Task 3: Verify That Port M i rro ring Is Capturing Traffic

With mirroring between ports configured, you view the t cpdump command output and verify that
any ICMP traffic appearing on the Linux02 port is duplicated on the LinuxO 1 port.
1 . In the Internet Explorer window, click the Linux02 console tab.
2 . Verify that the p i ng command is still reaching the default router IP address.
3 . Click the LinuxO l console tab.
4. In the LinuxO 1 console, examine the t cpdump output in the terminal window.
The output looks similar to the screenshot.

Linux01

11 : 1.:1: /.H. 'i 13'J'JH Ip 1'?1. ./.H.11./.H1 > 1'?1. ./.H.1H.1H: ICMP P.cho rf(llf-".'St 1 i<I :nH4H, SF.
'I -}7.1 , lc1111th f14
1J :I. J:/. ll . '.1 144 '? ') II' 1'?1. ./.H.1H.1H > Ul..1.H.11 ./.H1: ICM!' (!t:hll I' ql
l
lJ , id :L!H41l, SCC{
'.124, Icnqth 64
Ll:/.J:2'J.'.,14b21l II' UZ.ZH.11./.Hl > li/..ZH.lH.lU: ICM!' echo re4uest, id JJH4U, se
ci '1/.1, Icnuth h4
U:2J:?.'J.1l>l'.16 IP 1'12./.H.lU.lU > U2.2H.11.2Ul: ICMP t:cho repltJ, id :UU4B, se11
'1/.'1, I e1111th f14

5 . Record the local address that appears in the captured traffic. ----

The local address begins with 1 72.20. 1 1 .


6. In the LinuxO l console window, press Ctrl+C to stop the tcpdump command.
7. In the Internet Explorer window, click the Linux02 console tab.
8. In the Linux02 console window, press Ctrl+C to stop the p i ng command.
9. At the Linux02 command prompt, examine the IP configuration.
i fconfig

10. Using the command output, verify that the Linux02 IP address matches the address that you
recorded in step 5.
l l . Close the LinuxOl and Linux02 console tabs.
1 2 . Shut down LinuxO l and Linux02.
a. Point to the Home icon and select Hosts and Clusters.
b. In the left pane, right-click LinuxO l and select Power > Shut Down Guest OS.

c. In the pop-up window, click Yes to confirm the shutdown operation.


d. Repeat steps b and c to shut down Linux02.
1 3 . Point to the Home icon and select Home.

16 Lab 2 Using Port Mirroring


Lab 3 Policy-Based Storage

Objective: Use policy-based storage to create tiered


storage

In this lab, you perform the following tasks:

1 . Add Datastores for Use by Policy-Based Storage


2 . Use vSphere Storage vMotion to Migrate a Virtual Machine to the Gold Datastore
3 . Configure Storage Tags
4. Create Virtual Machine Storage Policies
5 . Assign Storage Policies to Virtual Machines

Task 1 : Add Datastores for Use by Policy-Based Storage

You create two small datastores for use by your vCenter Server instance as simple tiered storage.
Each datastore is approximately 8 GB in size.
1 . If you are logged out of vSphere Web Client, log back in.
2. Point to the Home icon and select Storage.
3 . Create a datastore named Gold.
a. In the Navigator pane, right-click SA Datacenter and select Storage > New Datastore.

The New Datastore wizard appears.


b. On the Location page, click Next.
c . On the Type page, leave VMFS clicked and click Next.
d. On the Name and device selection page, enter Gold in the Datastore name text box.
e. In the Select a host to view its accessible disks/LUNs list, select sa-esxi-02. vclass.local.

17
f. In the disk/LUN l ist, select the entry for the lowest LUN number attached to an iSCSI
device.
Local drives are labeled as Local VMware Disk. Do not select these drives.
g. If iSCSI devices are not present, ask the instructor for instructions on how to add them.
h. Click Next.
1. On the VMFS version page, leave VMFS 6 clicked and click Next.

J. On the Partition configuration page, keep the defaults and click Next.

k. On the Ready to complete page, review the settings and click Finish.
I. Verify that the Gold datastore appears in the Navigator pane.
4. Create a datastore named Silver.
a. In the Navigator pane, right-click SA Datacenter and select Storage > New Datastore.

The New Datastore wizard appears.


b. On the Location page, click Next.

c. On the Type page, leave VMFS clicked and click Next.


d. On the Name and device selection page, enter Si lver in the Datastore name text box.
e. In the Select a host to view its accessible disks/LUNs list, select sa-esxi-02.vclass.local.
f. In the disk/LUN list, select the entry for the lowest LUN number attached to an iSCSI
device and click Next.
Local drives are labeled as Local VMware Disk. Do not select these drives.
g. On the VMFS version page, leave VMFS 6 cl icked and click Next.
h. On the Partition configuration page, keep the defaults and click Next.

1. On the Ready to complete page, review the settings and click Finish.

J. Verify that the Silver datastore appears in the Navigator pane.

18 Lab 3 Policy-Based Storage


Task 2: Use vSphere Storage vMotion to Mig rate a Virtual Mac h i ne to
the Gold Datasto re

Use VMware vSphere Storage vMotion to migrate the VMO l virtual machine to the Gold
datastore.
1 . Power on VMO l .
a. Point to the Home icon and select Hosts and Clusters.
b. Right-click VMO l and select Power > Power On.

c . When VMO l i s powered on, go to the next step.


2. In the Navigator pane, right-click VMOl and select Migrate.
The Migrate wizard appears.
3. On the Select the migration type page, click Change storage only and click Next.
4. On the Select storage page, select the Gold datastore, leave all other settings at their default
values, and click Next.
5. On the Ready to complete page, click Finish.
6. In the Recent Tasks pane, monitor the migration task to completion.
7. Verify that the migration was successful.
You might have to refresh vSphere Web Client to see that the migration has completed.
a. In the left pane, select VMO l.
b. In the center pane, click the Datastores tab and verify that the Gold datastore is listed.

Task 3: Confi g u re Storage Tags

You create the tags necessary to implement simple tiering. The Storage Tiers tag category contains
the Gold and Silver identifier tags associated with individual datastores.
1 . Point to the Home icon and select Tags & Custom Attributes from the list.
2. In the center pane, click the Tags tab.

Lab 3 Policy-Based Storage 19


3. Configure a new tag category and the Gold Tier identifier tag.
a. In the Tags panel, click the New tag icon.

[ Tags 1 Categories J

Tag Name

b. From the Category drop-down menu, select New Category.


The dialog box expands to include both tag and category configuration options.
Categories can be created only as part of the identifier tag creation process.
c . In the Name text box, enter Gold Tier.

d. In the Category Name text box, enter Storage Tiers.

e. Keep the default values for the remaining settings and click OK.
4. Create a Silver Tier identifier tag.
a. In the center pane, click the New Tag icon.
b. In the Name text box, enter Silver Tier.

c. Select Storage Tiers from the Category drop-down menu and click OK.
5. Assign the Gold Tier tag to the Gold datastore.
a. Point to the Home icon and select Storage.
b. In the left pane, right-click the Gold datastore and select Tags & Custom Attributes >
Assign Tag.

c . Select the Gold Tier tag and click Assign.


d. In the left pane, select the Gold datastore .
e . In the center pane, click the Summary tab.

f. In the Tags panel, verify that the Gold Tier tag is associated with the Gold datastore.

20 Lab 3 Policy-Based Storage


6. Assign the Silver Tier tag to the Silver datastore .
a. Right-click the Silver datastore and select Tags & Custom Attributes > Assign Tag.

b. Select the Silver Tier tag and click Assign.


c . In the left pane, select the Silver datastore.
d. In the center pane, click the Summary tab.

e. In the Tags panel, verify that the Silver Tier tag is associated with the Silver datastore .

Task 4 : C reate Virtual Machin e Storage Policies

You assign storage policies to virtual machines and specify the configuration settings to be enforced.
1 . Point to the Home icon and select Policies and Profiles.

2. In the left pane, click VM Storage Policies.


3 . Create a Gold Tier storage policy.
a. In the VM Storage Policies panel, click the Create VM Storage Policy icon.

3 VM storage Policies

VM storage Policies Storage Po lie\

Create VM Storage Policy... /I

The Create New VM Storage Policy wizard appears.


b. On the Name and description page, enter Gold Tier Policy in the Name text box and
click Next.
c. On the Policy structure page, review the information and click Next.
d. On the Common rules for data services provided by hosts page, click Next.
e. On the Rule-set 1 page, select Tags from category from the <Add rule> list.
f. From the Tags from category <Select category> drop-down menu, select Storage T iers.

g. Click Add tags, select the Gold T ier check box, and click OK.
h. Click Next.
1. On the Storage compatibility page, verify that the Gold datastore is listed under Compatible
storage and click Next.

J. On the Ready to complete page, click Finish.


4. Repeat step 3 to create a Silver Tier policy, using the Silver Tier tag.

Lab 3 Policy-Based Storage 21


Task 5: Assign Storage Policies to Vi rtual Machi nes

You assign the Gold and Silver storage policies to individual virtual machines and mitigate
compliance issues.
1 . Power off VMO 1 .
A storage policy can be assigned to a virtual machine while the virtual machine is either
powered on or powered off.
a. Point to the Home icon and select Hosts and Clusters.
b. Right-click VMO l and select Power > Power Off.

c . Click Yes to confirm the power-off operation.


2. Apply the Gold Tier storage policy to the VMO 1 virtual machine.
a. In the left pane, right-click VMOl and select VM Policies > Edit VM Storage Policies.
b. In the Edit VM Storage Policies dialog box, select Gold T ier Policy from the VM storage
policy drop-down menu and click Apply to all.

c. In the list, verify that the Gold Tier policy is assigned to VM home and Hard disk 1 and
click OK
d. In the left pane, select VMO l.
e. In the center pane, click the Summary tab.

f. In the VM Storage Policies panel, verify that Gold Tier Policy appears and that VMO l is
compliant.
The VMO 1 virtual machine is compliant because it was already moved to a policy
appropriate datastore .

.,. VM storage Policies D

VM Storage Policies Gold Tier Policy


VM Storage Policy Compliance Compliant

Last Checked Date 111312016 2 59 PM

Check Compliance

22 Lab 3 Policy-Based Storage


3. Apply the Silver Tier storage policy to the VM02 virtual machine.
a. In the left pane, right-click VM02 and select VM Policies> Edit VM Storage Policies.
b. In the Edit VM Storage Policies dialog box, select Silver Tier Policy from the VM storage
policy drop-down menu and click Apply to all.

c. In the list, verify that the Silver Tier policy is assigned to VM home and Hard disk 1 and
click OK
d. In the left pane, select VM02.
e. In the center pane, click the Summary tab.

f. In the VM Storage Policies panel, click the Check Compliance link.


g. Verify that Silver Tier Policy appears and that VM02 is not compliant.
The VM02 virtual machine is noncompliant because its virtual disk is stored on a datastore
that is not tagged as a part of the assigned policy.

... VM S1orage Policies D

VM Storage Policies ijj Silver Tier Policy


VM Storage Policy Compliance O Noncompliant

Last Checked Date 11!3!2015 3:02 PM

Check Compliance
.:::t

4. Remediate the compliance issue for VM02.


a. In the left pane, right-click VM02 and select Migrate.

The Migrate wizard appears.


b. On the Select the migration type page, click Change storage only and click Next.
c. On the Select storage page, select the Silver datastore in the datastore list and click Next.

With a virtual machine storage policy assigned to the VM02 virtual machine, datastores are
listed as either Compatible or Incompatible.
d. On the Ready to complete page, review the migration details and click Finish.
e. In the Recent Tasks pane, monitor the migration task to completion.
The migration must complete successfully.
5. Verify that VM02 is reported as compliant.
a. In the center pane, click the Check Compliance link in the VM Storage Policies panel.
b. Verify that the status changes to Compliant.
6. Point to the Home icon and select Home.

Lab 3 Policy-Based Storage 23


24 Lab 3 Policy-Based Storage
Lab 4 Managing Datastore Clusters

Objective: Create a datastore cluster and work with


vSphere Storage DRS

In this lab, you perform the following tasks:

1 . Create a Datastore Cluster with vSphere Storage DRS Enabled


2 . Evacuate a Datastore Using Datastore Maintenance Mode
3. Run vSphere Storage DRS and Apply Migration Recommendations
4. Clean Up for the Next Lab

Task 1 : C reate a Datastore Cluster with vSphere Storage DRS Enab led

You create a datastore cluster that is enabled for VMware vSphere Storage DRS. The Gold and
Silver datastores are reused as members of the cluster.
1 . If you are logged out of vSphere Web Client, log back in.
2. Point to the Home icon and select Storage.
3. In the left pane, right-click S A Datacenter and select Storage> New Datastore Cluster.

The New Datastore Cluster wizard appears.


4. On the Name and location page, name the datastore cluster and enable vSphere Storage DRS.
a. In the Datastore cluster name text box, enter Cluster-DRS.
b. Leave the Turn ON Storage DRS check box selected and click Next.

25
5. On the Storage DRS Automation page, view the automation settings.
a. Leave No Automation (Manual Mode) selected.
b. Keep the rest of the defaults and click Next.
6. On the Storage DRS Runtime Settings page, keep the defaults and click Next.
7. On the Select Clusters and Hosts page, select the SA Management check box on the Filter tab
and click Next.
8. On the Select Datastores page, select the datastores for the datastore cluster.
a. Select Show all datastores from the drop-down menu.
b. Select the Gold and Silver check boxes and click Next.

9. On the Ready to Complete page, review the configuration summary and click Finish.
In a production environment, the best practice is to select datastores that are connected to all
hosts in the cluster and to group them by storage capabilities.
10. In the left pane, expand Cluster-DRS and verify that the Gold and Silver datastores appear.

..... IJ sa-vcsa-01.vclass.local
..,.. JIT3. SA Datacenter

..,.. Cluster-DRS
I Gold
I Silver

11. View information about the Gold datastore.


a. In the left pane, select the Gold datastore .
b. In the center pane, click the VMs tab.
c. Verify that the datastore contains only one virtual machine.
12. View information about the Silver datastore.
a. In the left pane, select the Silver datastore.
b. In the center pane, click the VMs tab.
c. Verify that the datastore contains only one virtual machine.

26 Lab 4 Managing Datastore Clu sters


1 3 . View information about the datastore cluster.
a. In the left pane, select Cluster-DRS.
b. In the center pane, click the Configure tab and click Storage DRS on the left.
c . In the vSphere Storage DRS panel, expand each item and verify the settings.

Cluster automation level is set to No Automation (Manual Mode).

Space threshold is 80 percent.

1/0 metrics for vSphere Storage DRS recommendations are enabled.


Imbalances are checked every 8 hours.

Minimum space utilization difference is 5 percent.

Task 2: Evacuate a Datasto re Using Datastore Mai ntenance Mode

You place a datastore in maintenance mode to demonstrate the capabilities of vSphere Storage DRS.
1 . Put the Silver datastore in maintenance mode.
a. In the left pane, right-click the Silver datastore.
b. Select Maintenance Mode> Enter Maintenance Mode.
c . In the SDRS Maintenance Mode Migration Recommendations dialog box, read the
provided recommendation description.
d. Click Apply Recommendations.
e. If prompted to apply recommendations despite warnings, click Yes.
The VM02 virtual machine is migrated to the Gold datastore .
f. In the Recent Tasks pane, monitor the migration task to completion.
2. In the left pane, verify that the Silver datastore is in maintenance mode.

r1!2.
...... sa-vcsa-01.vclass.local
....,.. fil SA Datacenter

....,.. Cluster-DRS

Gold

I Silver I
3 . Click the Refresh icon in the vSphere Web Client interface.

Lab 4 Managing Datastore Clusters 27


4. View information about the Silver and Gold datastores.
a. Select the Silver datastore.
b. In the Details panel of the Summary tab, verify that zero virtual machines are stored on the
Silver datastore.
c . Select the Gold datastore.
d. In the Details panel of the Summary tab, verify that two virtual machines are stored on the
Gold datastore.
5 . Take the Silver datastore out o f maintenance mode.
a. Right-click the Silver datastore and select Maintenance Mode> Exit Maintenance Mode.
b. Verify that the Silver datastore icon no longer indicates maintenance mode.
6. Point to the Home icon and select Hosts and Clusters.
7. Power on the VMO l and VM02 virtual machines.

Task 3: Run vSphere Storage DRS and Apply M i g ration


Recommendations

You configure vSphere Storage DRS to maintain a balance in usage across all datastores in a cluster.
The cluster imbalance is mitigated by using vSphere Storage DRS recommendations.
1 . Point to the Home icon and select Storage.
2. In the left pane, select Cluster-DRS.
3. In the center pane, click the Configure tab and select Storage DRS on the left.
4. Configure vSphere Storage DRS so that recommendations are reported.
a. In the vSphere Storage DRS panel, click Edit.

b. In the Edit Storage DRS Settings dialog box, expand the Storage DRS Automation
section.
c. Next to Space Threshold, drag the Utilized Space slider to the far left to set the threshold
to 50 percent.
The imbalance between the Gold and Silver datastore util ization is detected at a 50 percent
space threshold trigger.
d. Click OK.

28 Lab 4 Managing Datastore Clu sters


5. Run vSphere Storage DRS and review recommendations.
a. In the center pane, click the Monitor tab and click Storage DRS.
b. Select Recommendations on the left and click Run Storage DRS Now.

A vSphere Storage DRS recommendation appears in the recommendation list.


c. Review the recommendation and reason.
vSphere Storage DRS recommends the migration of the VM02 Hard disk 1 .
6. Examine the vSphere Storage DRS recommendation alarm.
a. In the center pane, click the Summary tab and find the yellow vSphere Storage DRS
recommendation alarm.
The administrator can reset the recommendation alarm manually. The vSphere Storage
DRS recommendation alarm is reset when the recommendation is applied.
7. Apply the vSphere Storage DRS recommendation.
a. In the center pane, click the Monitor tab.

b. In the bottom-right corner of the Storage DRS Recommendations panel, click Apply
Recommendations.

c. In the Recent Tasks pane, monitor the migration task to completion.


8 . In the center pane, click the Summary tab and verify that no alarms appear.
9. Review vSphere Storage DRS history.
a. In the center pane, click the Monitor tab.

The Storage DRS panel should appear.


b. Below the Recommendations link, click the History link.
c. Verify in the vSphere Storage DRS history that Hard disk 1 for VM02 was migrated from
Gold to Silver.
d. Verify in the vSphere Storage DRS history that Hard disk 1 for VM02 was migrated from
Silver to Gold.
This migration occurred when the Silver datastore was placed in maintenance mode.

Lab 4 Managing Datastore Clusters 29


Task 4 : C lean U p for the Next Lab

You remove the vSphere Storage DRS cluster to prepare for the next lab.
1 . Point to the Home icon and select Hosts and Clusters.
2. Power off the VMO l and VM02 virtual machines.
3. Delete the vSphere Storage DRS cluster.
a. Point to the Home icon and select Storage.
b. In the left pane, right-click Cluster-DRS and select Delete.
c . When prompted, click Yes to delete the datastore cluster.
d. After the cluster is deleted, verify that the Gold and Silver datastores appear in the left
pane, directly under the data center.
4. Point to the Home icon and select Home.

30 Lab 4 Managing Datastore Clu sters


Lab 5 Working with Virtual Volu mes

Objective: Configure N FS- and iSCSl-backed virtual


volumes

In this lab, you perform the following tasks:

1 . Register the Storage Provider


2 . Create a NAS-Backed Virtual Volume Datastore
3. Create an iSCSI-Backed Virtual Volume Datastore

Task 1 : Register the Storage Provider

You register the storage provider, and you confirm its URL and version. You also view the storage
systems that are made available by the storage provider.
1 . In vSphere Web Client, point to the Home icon and select Hosts and Clusters.

2. At the top of the left pane, select sa-vcsa-01.vclass.local (your VMware vCenter Server
Appl iance instance).
3. In the center pane, click the Configure tab and select Storage Providers on the left side.
4. In the center pane, click the Register a new storage provider icon.

Storage Providers

31
5. In the New Storage Provider dialog box, configure the VASA storage provider.

Option Action

Name Enter VASAS ource.

URL Enter https : I /1 72 . 2 0 . 1 0 . 97 : 8 4 4 3 /vasa /ver sion . xml .

User name Enter u sername .

Password Enter pas sword.

6. Click OK.
7. Click Yes to acknowledge and accept the self-signed certificate warning.
8 . Validate that the VASASource storage provider appears in the Storage Providers list.

Q1. I n the storage providers win dow, what i s the storage provider U R L for VASASource?

Q2. Which version of vSphere API for Storage Awareness ap pears in the VASA API
Ve rsion column?

Q3. Which types of storage systems are l isted for this storage provider?

Task 2: Create a NAS-Backed Vi rtual Vo l u me Datasto re

You mount a virtual volume datastore by using an NFS protocol endpoint.


1 . Create a virtual volume datastore by using the NFS container.
a. Point to the Home icon and select Hosts and Clusters.
b. In the left pane, right-click sa-esxi-01 .vclass.local and select Storage > New Datastore.
The New Datastore wizard appears.
c . On the Type page, click VVol and click Next.
d. On the Name and container selection page, enter SA-NAS -VVo l in the Datastore name
text box.
e. From the Backing Storage Container l ist, select SA-NFS -vVol and click Next.
f. On the Ready to complete page, click Finish.

32 Lab 5 Wo rking with Virtual Volumes


2. Validate the new datastore by creating a folder in it.
a. Point to the Home icon and select Storage.
b. In the left pane, select the SA-NAS -VVol datastore.
c. In the center pane, click the Files tab.
d. In the center pane, click the Create a new folder icon.

I >C

e. In the Create a new folder window, enter SA-NAS in the Enter a name fo r the new folder
text box and click Create.
The creation of the folder validates that the datastore is available.

Task 3: Create an iSCSl -Backed Virtual Vol ume Datastore

You create a virtual volume datastore that is backed by an iSCSI protocol endpoint.
1 . Create a virtual volume datastore that uses the iSCSI storage container.
a. In the left pane, right-click SA Datacenter and select Storage> New Datastore.
The New Datastore wizard appears.
b. On the Location page, click Next.
c . On the Type page, click VVol and click Next.
d. On the Name and container selection page, enter SA- iSCS I -VVol in the Datastore name
text box.
e. In the Backing Storage Container list, select SA-iSCSI-vVol and click Next.
f. On the Select hosts accessibility page, select the sa-esxi-0 1 .vclass.local check box and
click Next.
g. On the Ready to complete page, click Finish.
2. In the Recent Tasks pane, monitor the Create Virtual Volume datastore task to completion.
3. After the task completes, click the Refresh icon in vSphere Web Client.

Lab 5 Working with Virtual Volumes 33


4. In the left pane, verify that SA-iSCSI-VVol appears in the list.
After a short while, the datastore is marked as inactive.

Q1 . Why is the virtual volume datastore that is backed by the iSCSI container marked as
i nactive?

5. Create a folder on the datastore and validate that the folder is not available.
a. In the left pane, select the SA-iSCS I-VVol datastore.
b. In the center pane, click the Files tab.
c . In the center pane, click the Create a new folder icon.
d. In the Create a new folder window, enter SA- iSCSI in the Enter a name for the new
folder text box and click Create.

The folder creation fails, validating that the datastore is not accessible.
e . Close the folder creation failure alert.
6. Add the Storage Provider as a target to the host's iSCSI storage adapter.
a. Point to the Home icon and select Hosts and Clusters.

b. In the left pane, select sa-esxi-0 1.vclass.local.


c. In the center pane, click the Configure tab and select Storage Adapters on the left.
d. Scroll through the Storage Adapters list until the iSCSI software adapter is visible.
e. Select vmhba##, the iSCSI software adapter.
f. In the Adapter Details panel, click the Paths tab.
g. Scroll through the list.
Several paths appear in the 1 ist.
h. Click the Targets tab and click Add.
1. In the Add Send Target Server window, enter 1 7 2 . 2 0 . 1 0 . 97 in the iSCSI Server text
box.
1 72.20. 1 0.97 is the IP address of the VASA storage provider.

J. Click OK

34 Lab 5 Wo rking with Virtual Volumes


k. In the center pane, click the Rescan all storage adapters icon.

storage Adapters

l. In the Rescan Storage window, click OK.


m. In the Adapter Details panel, click the Paths tab.
n. Verify that LUN 260 appears in the list.
LUN 260 is the LUN on which the SA-iSCSI-VVol datastore is located.
7. Point to the Home icon and select Storage.
8 . In the left pane, verify that the SA-iSCSI-VVol datastore i s not inactive.
9. If the datastore appears as inactive, click the Refresh icon in vSphere Web Client.
1 0 . Verify that the datastore is accessible.
a. In the left pane, select the SA-iSCS I-VVol datastore.
b. In the center pane, click the Create a new folder icon on the Files page.
c. In the Create a new folder window, enter SA- iSCSI in the text box and click Create.
The creation of the folder validates that the datastore is available.
1 1 . Point to the Home icon and select Home.

Lab 5 Working with Virtual Volumes 35


36 Lab 5 Wo rking with Virtual Volumes
Lab 6 Creating a Content Library

Objective: Create a multisite content library

In this lab, you perform the following tasks:

1 . Create a Content Library


2 . Upload Data to the New Content Library
3. Create a Subscriber Content Library
4. Clone a Template to the Source Library
5. Synchronize the Content Libraries
6. Deploy a Virtual Machine from the Library

Task 1 : Create a Co ntent Library

You configure a local content library that you publish externally for other content libraries to
subscribe to.
1 . In vSphere Web Client, point to the Home icon and select Content Libraries.

2. In the center pane, click the Objects tab and click the Create a new content library icon.

fJ Content Libraries

G etti n g Started Objects

37
3. On the Name and location page, name the content library and verify the vCenter Server
location.
a. In the Name text box, enter SA- Source.

b. In the vCenter Server drop-down menu, verify that sa-vcsa-01.vclass.local is selected and
click Next.
4. On the Configure content library page, configure a local content library.
a. Leave Local content library selected.
b. Select the Publish externally check box.
c. Select the Enable authentication check box.
d. In the Password and Confirm password text boxes, enter the standard lab password.
e. Click Next.
5. On the Add storage page, select the datastore to use for the content library.
a. Click Select a datastore.

b. Click SA-Source and click Next.


6. On the Ready to complete page, click Finish.
7. Verify that the content library appears in the list.

Task 2: U pload Data to the New Content Library

You upload an Open Virtualization Format (OVF) file from your student desktop to the new content
library.
1 . In the center pane, right-click the SA-Source library and select Import Item.

2. In the Import Library Item window, click Local file and click Browse.
3. In the Choose File to Upload window, click the Desktop icon on the left bar.
4. Double-click the Class Materials and Licenses folder and double-click the Downloads folder.
5 . In the Downloads folder, double-click the SampleVM folder.
6. Double-click SampleVM.ovf.
7. In the Select referenced files window, click Browse.
8. Select the SampleVM-1 .vmdk file, click Open, and click OK.
9. Click OK.
1 0 . View the Recent Tasks pane to monitor the task to completion.

38 Lab 6 Creating a Content Library


1 1 . After the task is complete, click the name of the content library in the center pane to open the
content library.
1 2 . In the left pane, click the Templates link.
The uploaded SampleVM template is listed in the left pane.

Task 3: Create a Su bscri ber Co ntent L i b rary

You configure a content library that is subscribed to the first library.


1 . At the top of the left pane, click the navigation back arrow until the Content Libraries center
pane appears.
2 . Copy to the clipboard the link to the local content library.
a. In the center pane, click the SA-Source link.
b. In the center pane, click the Summary tab and scroll down until the Publication panel
appears.
c . In the Publication panel, click Copy Link.
3. Point to the Home icon and select Content Libraries.

4. In the center pane, click Create a new content library.

The New Content Library wizard appears.


5. On the Name and location page, name the content library and verify the vCenter Server
location.
a. In the Name text box, enter SA-Subscriber.
b. In the vCenter Server drop-down menu, verify that sa-vcsa-0 1.vclass.local is selected.
c. Click Next.
6. On the Configure content library page, configure a subscribed content library.
a. Click Subscribed content library.
b. Click the Subscription URL text box and press Ctrl+V.
The subscription URL is pasted into the text box. If Ctrl+ V does not work, you must enter
the URL manually.
c. Select the Enable Authentication check box.
d. In the Password text box, enter the standard lab password.
e . Click Download library content only when needed.

f. Click Next.

Lab 6 Creating a Content Library 39


7. On the Add storage page, select the SA-Subscriber datastore and click Next.

8 . On the Ready to complete page, click Finish.


9. View the Recent Tasks pane to monitor the task to completion.
1 0 . View the contents of the content library subscriber.
a. In the left pane, select the SA-Subscriber library.
b. In the center pane, click the Templates tab.
c. On the Templates tab, verify that the SampleVM template is present.
This virtual machine template is the same one that is in the source content library.
d. Verify that the Stored Content Locally column indicates No.
The SA-Subscriber library is configured to download library content only when needed. As
a result, only the template 's metadata has been synchronized. The actual template has not
been synchronized with the SA-Subscriber library, because it is not needed yet.
1 1 . Turn off enable automatic synchronization.
a. In the center pane, click the Summary tab.

b. In the Subscription panel, click the Edit Settings link.


c. Deselect the Enable automatic synchronization with the external content library check
box.
d. Even though the Password text box appears to be populated, reenter the standard lab password.
Otherwise, the process fails.
e. Click OK.
f. In the Subscription panel, verify that automatic synchronization is off.

40 Lab 6 Creating a Content Library


Task 4 : C l one a Tem p late to the Source L i b rary

You use vSphere Web Client to clone a virtual machine template into the published content l ibrary.
1 . Point to the Home icon and select Hosts and Clusters.
2. In the left pane, right-click the VMO l virtual machine and select Clone > Clone to Template
in Library.

The Clone to Template in Content Library window appears.


3. In the Filter tab, select the SA-Source library.
4. Append -Library to the virtual machine name in the Template name text box and click OK.

5. In the Recent Tasks pane, view the tasks that start up and monitor the tasks to completion.
6. View the template list in both libraries.
a. Point to the Home icon and select Content Libraries.
b. In the left pane, select the SA-S ource library.
c. In the center pane, click the Templates tab and verify that both templates are listed.
d. In the left pane, select the SA-Subscriber library.
e. In the center pane, view the Templates tab and verify that only the original template is
listed.

Task 5: Synch ron ize the Co ntent Libraries

You use vSphere Web Client to synchronize the content libraries.


1 . In the center pane at the top, click the Synchronize icon.

SA_Subscriber @ Act i o n s ...


Getti n g Started S u m m a ry C o nt l g u re Templates I Oth e r Typ e s

2 . In the Recent Tasks pane, monitor the task to completion.


The synchronization might take a few minutes to complete. You might need to press the
synchronization icon a few times before you see both files.
3 . Verify that both the virtual machine templates appear in the SA-Subscriber library.

Lab 6 Creating a Content Library 41


Task 6: Dep loy a Virtual Mac h i ne from the L i b rary

You use vSphere Web Client to deploy a new virtual machine from the VMO I -Library template
available in the SA-Subscriber library.
I . In the left pane, select the SA-Subscriber library.
2. In the center pane, right-click VMOl-Library and select New VM from T his Template.

The New Virtual Machine from Content Library wizard appears.


3. On the Select name and location page, name the virtual machine and select the inventory tree
location.
a. In the Name text box, enter VM0 3 .
b. Select SA Datacenter and click Next.
4. On the Select a resource page, expand SA Management, select sa-esxi-01.vclass.local, and
click Next.
5. On the Review details page, click Next.
6. On the Select storage page, configure the virtual disk format and select a datastore.
a. Select Thin provision from the Select virtual disk format list.
b. Select None from the VM storage policy list.
c. In the Filter > Datastores tab, click SA-Shared-01 -Remote and click Next.

7. On the Select networks page, keep the default and click Next.
8 . On the Ready to complete page, click Finish.
9. View the Stored Content Locally column.
The column value changed to Yes because this template is now needed because it is used to
deploy a virtual machine.
1 0 . In the Recent Tasks pane, view the tasks that are started and monitor the tasks to completion.
1 1 . Verify that the virtual machine is deployed.
a. Point to the Home icon and select Hosts and Clusters.
b. In the left pane, verify that the VM03 virtual machine is displayed in the inventory.
1 2 . Point to the Home icon and select Home.

42 Lab 6 Creating a Content Library


Lab 7 Host Profiles

Objective: Use host profiles and manage compliance

In this lab, you perform the following tasks:

1 . Create and Export a Host Profile


2 . Import a Host Profile
3. Attach an ESXi Host to the Imported Host Profile
4. Run an Initial Compliance Check
5. Introduce a Configuration Drift
6. Run a Compliance Check and Remediate the Configuration Drift
7. Detach the Host Profile

Task 1 : Create and Export a Host Profile

A host profile is a configuration template that is applied to any or all ESXi hosts in a cluster to
verify and enforce specific configuration rules. Normally, a host profile has a reference host.
You export a profile for importation. The imported profile lacks a reference host.
1 . In vSphere Web Client, point to the Home icon and select Policies and Profiles.
2. In the left pane, select Host Profiles.

43
3. Extract a host profile from an ESXi host.
a. In the Objects panel, click the Extract profile from a host icon (green plus sign).
The Extract Host Profile wizard appears.
b. On the Select Host page, click sa-esxi-0 1 .vclass.local and click Next.
c. On the Name and Description page, enter Loca l - Profile in the Name text box and click
Next.

d. On the Ready to complete page, click Finish.


e . In the Recent Tasks pane, monitor the task to completion.
4. Export the host profile to a file.
a. In the center pane, right-click the new profile and select Export Host Profile.
b. In the warning message box, click Save.
c. Navigate to the desktop of the student machine and save the profile as p ro f i l e . vp f .

Task 2 : I m port a Host P rofi le

You import the host profile that you exported in task 1 . Because host profiles do not store the
reference host, host profiles can easily be imported and exported.
1 . At the top of the Objects panel, click the Import Host Profile icon.

Objects

I flt 1
'---

+ Extract proL I m p ort H o s .. HJ D u p l i cate . .

1. .... C o m p l i ant Ho:rts

Lo c a l- P rofile 0

2. In the Import Host Profile dialog box, import the host profile that you previously saved.
a. Click Browse, navigate to the desktop of the student machine, select the profile.vpf file,
and click Open .
b. Enter Imported- Profile in the Name text box and click OK.
c. In the Recent Tasks pane, monitor the task to completion.

44 Lab 7 Host Profiles


Task 3: Attach an ESXi H ost to the I m ported H ost Profile

Hosts and clusters can be attached or detached from a host profile in the host profiles view or in the
Hosts and Clusters inventory.
1 . In the Objects panel, click the Imported-Profile link to navigate to that object.
2. In the center pane, click the Configure tab.
You can review and edit the comprehensive list of configuration settings that define the host
profile.
3. Select Attach/Detach Hosts and Clusters from the Actions drop-down menu.

IJJ- Imported-Profile 'HJ rn ilJ' {} Acti o n s ...


Getting Started S u m m ary Monitor Configun
11'.J Actions - Imported-Profile
C h e c k Host Profile C o m p l i a n c e

q
. R e m e diate.

Settings View:
Atta ch/Detach Hosts a n d Clusters...

The Attach/Detach Hosts and Clusters wizard appears.


4. On the Select hosts/clusters page, attach sa-esxi-0 1 .vclass.local to the host profile.
a. In the Host/Cluster list, expand the SA Management cluster and select sa-esxi-
01. vclass.local.

b. Click Attach> to move the selected host to the list on the right and click Next.
A list of settings that can be customized for the first ESXi host appears. The customized
values are prepopulated based on information extracted from the selected host.
c. Review the host customization settings and click Finish.
d. In the Recent Tasks pane, monitor the task to completion.

Lab 7 Host Profiles 45


Task 4 : Run an I n itial Compliance Ch eck

You run a compliance check to verify the attached host configuration against all the settings that are
specified by the host profile.
1 . In the center pane, click the Monitor tab and click Compliance.
2. Select sa-esxi -01.vclass.local and click the Check Host Profile Compliance icon.

Getting Started S u m m a ry Monitor C o nfigure H o sts

[ Issues I S c h e d u l e d Tasks r Compliance 1



H ost/C I usle r
[f
H ost C o m p l i a n c e

I sa-esxi- 0 1 .vc l a s s . l o c a l U n kn own

3 . In the Recent Tasks pane, monitor the compliance check to completion.


4. Select the ESXi host and view the compliance information near the bottom of the panel .
The host is not compliant, because the IPv6 vmknic gateway configuration does not match the
specification.
5 . Resolve the IPv6 configuration issue occurring on the ESXi host.
a. In the center pane, click the Configure tab.
b. Click Edit Host Profile.

The Edit Host Profile wizard appears.


c. On the Name and description page, click Next.
d. On the Edit host profile page, expand Networking configuration > Host virtual NIC.

e. Expand dvs-SA Datacenter: pg-SA Management: management.

f. Select IP address settings.


g. In the right pane, from the Vnic Default gateway for 1Pv6 routing list, select User must
explicitly choose the policy option and click Finish.

h. In the Recent Tasks pane, monitor the task to completion.

46 Lab 7 Host Profiles


6. Check the ESXi host for compliance.
a. In the center pane, click the Monitor tab.
b. Select the ESXi host and click the Check Host Profile Compliance icon.
c. In the Recent Tasks pane, monitor the compliance check to completion.
d. View the Compliance panel.
e. Verify that the host is compliant.

Task 5: I ntrod uce a Confi g u ration Drift

You test host profile compliance verification and remediation by introducing a noncompliant change
on the host. The noncompliant change is that you remove the vmnic2 adapter from the dvs-Lab
distributed switch.
1 . Point to the Home icon and select Networking.
2. In the left pane, right-click the dvs-Lab distributed switch and select Add and Manage Hosts.
The Add and Manage Hosts wizard appears.
3. On the Select task page, select Manage host networking and click Next.
4. On the Select hosts page, click Attached hosts.
5. In the Select member hosts window, select the sa-esxi-0 1.vclass.local check box and click OK.
6. Click Next.
7. On the Select network adapter tasks page, deselect the Manage VMkernel adapters check box
and click Next.
8 . On the Manage physical network adapters page, unassign the vmnic2 adapter on sa-esxi-
0 1 .vclass.local.
a. Under the sa-esxi-0 1 . vclass.local, select vmnic2 and record the attached uplink.

b. Click Unassign adapter and click Next.

c. Click OK in the warning message dialog box.


9. On the Analyze impact page, click Next.
1 0 . On the Ready to complete page, click Finish.

Lab 7 Host Profiles 47


Task 6: Run a Compl iance C heck and Remed iate the Confi g u ration Drift

You run a compliance check to detect noncompliant configuration changes that were made to hosts
attached to a host profile.
1 . Point to the Home icon and select Policies and Profiles.

2 . In the left pane, select Host Profiles.

3. In the left pane, select Imported-Profile.


4. In the center pane, click Monitor > Compliance.
5. Select the ESXi host and click the Check Host Profile Compliance icon.
6. In the Recent Tasks pane, monitor the compliance check to completion.
7. In the Compliance panel, review the compliance categories.

Q1. How d o the resu lts of the compliance check d iffer from the compl iance check
performed in task 4?

Q2. In the new category, does the specific issue reported relate to the config uration
change made in tas k 5?

8 . Remediate the host.


a. Click the Remediate host based on its host profile icon.

Getting Started S u m m ary Monitor C1

[ Issues I S c h e d u l e d Tasks f 1
C o m p lian c e

H o st/ C l u st e r

Ii sa-esxi-02 .vcl a s s .l ocal

The ESXi host is listed on the Ready to complete page .

48 Lab 7 Host Profiles


b. Click Pre-check Remediation.
The precheck remediation takes several seconds to complete.

Q3. Will the host be put in maintenance mode?

For the host to enter maintenance mode, the virtual machines on this host must be powered
off or moved to another host. All virtual machines on this host are currently powered off.
c . Expand the ESXi host to review the host customization tasks to b e performed.
d. Click Finish.
9. In the Recent Tasks pane, monitor the remediation and subsequent compliance check tasks to
completion.
1 0 . Verify that the host is now compliant.
1 1 . Verify the action taken by host remediation.
a. Point to the Home icon and select Networking.
b. In the left pane, select the dvs-Lab distributed switch.
c . In the center pane, click the Configure tab and click Topology on the left.
d. Verify that remediation automatically reconnected vmnic2 on sa-esxi-0 1 . vclass.local to the
appropriate uplink.

Task 7: Detach the H ost Profi le

Detach the host profile from sa-esxi-01 .vclass. local.


1 . Point to the Home icon and select Policies and Profiles.

2. In the left pane, click Host Profiles.


3. In the left pane, select Imported-Profile.
4. In the center pane, select Attach/Detach Hosts and Clusters from the Actions drop-down
menu.
The Attach/Detach Hosts and Clusters wizard appears.
5. On the Select hosts/clusters page, detach sa-esxi-0 1 .vclass.local from the host profile.
a. In the Host/Cluster list on the right, select sa-esxi-0 1 .vclass.local.
b. Click < Detach to move the selected host to the list on the left.
c. Click Ne xt.

Lab 7 Host Profiles 49


6. On the Customize hosts page, click Finish.
7. In the Recent Tasks pane, monitor the task to completion.
8 . Point to the Home icon and select Home.

50 Lab 7 Host Profiles


Lab B Using vSphere Auto Deploy

Objective: Configure vSphere Auto Deploy on vCenter


Server Appliance to boot stateless hosts

In this lab, you perform the following tasks:

1 . Create a Container for Autodeployed Hosts


2. Start the vSphere Auto Deploy Service
3. Start the vSphere ESXi Image Builder Service
4. Import a Software Depot and Create a Custom Depot
5. Create a Custom Image Profile and Export the Image Profile
6. Create and Activate a Deployment Rule
7. Configure DHCP
8. Start the TFTP Service on vCenter Server Appliance
9. Review the Autodeployment Preparation Steps
1 0 . Prepare to Monitor ESXi Bootup During the Autodeploy Process
1 1 . Power On the ESXi Host and Monitor the Bootup Process
1 2 . Check the Host Profile Compliance of the Autodeployed Host

51
Task 1 : Create a Co ntai ner for Autodep loyed H osts

You create a folder in the vCenter Server inventory into which autodeployed hosts are placed. A
deploy rule assigns hosts to this folder.
1 . In vSphere Web Client, point to the Home icon and select Hosts and Clusters.

2. In the Hosts and Clusters inventory tree, right-click S A Datacenter and select New Folder >
New Host and Cluster Folder from the drop-down menu.

3 . Enter Auto-Deployed -Hosts in the folder name text box and click OK.
At this stage, you can create clusters, folders, or other vSphere configurations to apply to
autodeployed hosts. Deploy rules enable selective application of host profiles and destination
containers to hosts that are booting up.

Task 2: Start the vSphere Auto Dep loy Service

The VMware vSphere Auto Deploy capability is already installed on vCenter Server Appliance,
but the service is not started by default. You start the service and set the startup type to automatic.
1 . Point to the Home icon and select Home.
2. Select the vSphere Auto Deploy service.
a. In the center pane, click the System Configuration icon under Administration.
b. In the left pane, select Services.
c. Under Services, select Auto Deploy.
3 . Start the vSphere Auto Deploy service.
a. Select Start from the Actions drop-down menu.
b. In the center pane, view the Summary tab and verify that the service state is Running.
4. Configure the vSphere Auto Deploy service to automatically start when vCenter Server starts.
a. Select Edit Startup Type from the Actions drop-down menu.
b. In the Edit Startup Type window, click Automatic and click OK.
c . In the Summary tab, verify that the startup type is Automatic.

52 Lab 8 Using vSphere Auto Deploy


Task 3: Start the vSph ere ESXi I mage Bu ilder Service

On vCenter Server Appliance, the VMware vSphere ESXi Image Builder CLI capability is
already installed, but the service is not started by default.
1 . In the left pane under Services, select ImageBuilder Service.
2. Start the vSphere ESXi Image Builder service.
a. Select Start from the Actions drop-down menu.
b. In the center pane, view the Summary tab and verify that the service state is Running.
3. Configure the vSphere ESXi Image Builder service to automatically start when vCenter Server
starts.
a. Select Edit Startup Type from the Actions drop-down menu.
b. In the Edit Startup Type window, select Automatic and click OK.
c. In the Summary tab, verify that the startup type is Automatic.
4. Make the Auto Deploy icon visible in vSphere Web Client.
The Auto Deploy icon is not visible until you log out and log back in to vSphere Web Client.
a. Log out of vSphere Web Client.
b. Log in to vSphere Web Client as administrator@vsphere .local, using the standard lab
password.

Task 4 : I m port a Software Depot and Create a C ustom Depot

You use vSphere Web Client to import an ESXi software depot into vCenter Server and to create a
custom software depot.
I. Point to the Home icon and select Home.
2. In the center pane, click the Auto Deploy icon under Operations and Policies.

Lab 8 Using vSphere Auto Deploy 53


3. Import an ESXi software depot into vCenter Server.
a. In the center pane, click the Software Depots tab.
b. Click the Import software depot icon.

Auto Deploy
Getting Started Software Depots

lo.I .. ..... ....

c . In the Name text box, enter SA Depot.

d. Click Browse next to the File text box.


e. In the Choose File to Upload window, navigate to c : \M a t e r i a l s \ Downloads .

f. Select VMware-ESXi-6.5.0-depot.zip and click Open.


g. Click Upload and wait for the file to upload.
h. When the file is successfully uploaded, click Close.
i. Verify that the software depot appears in the list.
4. Create a custom software depot.
a. Click the Add Software Depot icon.

Auto Deploy
Getting Started Software Depots l
@] )j (q_ Filter

b. In the Add Software Depot dialog box, click Custom depot.


c. In the Name text box, enter My Depot.

d. Click OK.

54 Lab 8 Using vSphere Auto Deploy


Task 5: Create a C ustom Image Profile and Export the I mage Profi le

You use vSphere Web Client to clone an image profile and export the profile to a ZIP archive.
1. Clone an image profile.
a. In the center pane, select SA Depot on the Software Depots tab.
b. Under Image Profiles, select the image profile whose name ends in -
no t o o l s
-
.

c. Click the Clone image profile icon.

Software Depot: SA Depot

f I m a g e Profi l e s I Software P a c k a g e s J
I Clone... 1 1\) C o m p a re To . . . .ij Ex1

The Clone Image Profile wizard appears.


d. On the Name and details page, keep the default name in the Name text box.
e. In the Vendor text box, enter VMware.
f. From the Software depot list, select My Depot and click Next.
g. On the Select software packages page, view the various software packages and click Next.

h. On the Ready to complete page, click Finish.

2. Verify that the clone is created.


a. Select My Depot.
b. Under Image Profiles, verify that the cloned image profile appears.

Lab 8 Using vSphere Auto Deploy 55


3. Export the image profile to a ZIP archive.
a. Under Image Profiles, select the cloned image profile.
b. Click the Export the selected image profile as ISO or ZIP icon.

Software Depot: My Depot

f I m a g e Profi l e s ] S oftware P a c k a g e s J
+ I / )(

c. In the Export Image Profile dialog box, click ZIP.


d. Click Generate image.
e. When the image generation completes, click the Download image link .

., I m a g e g e n e rated s u c c e s sfu l ! : Download i m a g e

A new Internet Explorer browser tab opens.


f. If you receive a security exception, click Continue to this website (not recommended).

g. In the pop-up window, click Save as.


h. Save the ZIP file to the desktop, using the default name.
1. Click Close in the View Downloads - Internet Explorer window that opened when you
downloaded the image.

J. In the Export Image Profile dialog box, verify that the image is generated successfully and
click Close.

56 Lab 8 Using vSphere Auto Deploy


Task 6: Create and Activate a Deployment Rule

Deployment rules associate host profiles, image profiles, destination containers, and many other
capabilities to hosts engaged in the autodeploy process. Different sets of rules can associate different
characteristics to hosts, based on several conditions and qualifiers, such as the network on which the
host boots.
1 . Create a deployment rule.
a. In the center pane, click the Deploy Rules tab.
b. Click the New Deploy Rule icon.
The New Deploy Rule wizard appears.
c. On the Name and hosts page, enter S A Deploy Rule in the Name text box.
d. Verify that Hosts that match the following pattern is clicked.
e . From the <Add pattern> list, select 1Pv4.
f. In the 1Pv4 text box, enter 1 7 2 . 2 0 . 1 0 . 2 1 9 and click Next.
1 72.20. 1 0 . 2 1 9 is the IP address that you will assign to the ESXi host to autodeploy.
g. On the Select image profile page, select My Depot from the Software depot list.
h. Verify that the clone of the image profile is selected and click Next.
1. On the Select host profile page, click Autodeployed-Host-Profile and click Next.
Autodeployed-Host-Profile is preconfigured for use in this lab.

J. On the Select host location page, expand SA Datacenter and select Auto-Deployed-Hosts.
k. Click Next.
1. On the Ready to complete page, click Finish.
m. In the Recent Tasks pane, monitor the task to completion.
This task takes several minutes.
n. Verify that the deploy rule is successfully created.

Lab 8 Using vSphere Auto Deploy 57


2. Activate the deployment rule.
a. In the center pane, select SA Deploy Rule.
b. Click Activate/Deactivate rules.
The Activate and Reorder wizard appears.
c. On the Activate and reorder page, select the rule at the bottom and click Activate.
d. Click Next.
e. On the Ready to complete page, click Finish.
f. Verify that the rule status changes to Active.

Task 7: Confi g u re D H C P

You configure a single DHCP reservation in the Management network scope to focus vSphere Auto
Deploy on a single ESXi host based on the host MAC address. Individual reservations are used,
instead of configuring options for a full scope. More realistically, you can simultaneously
autodeploy hosts using the same DHCP scope with different options set for each reservation.
Use the following information from the class configuration handout:

MAC address of ESXi host to autodeploy
1 . On the student machine desktop, click the DHCP icon in the task bar.

2. In the left pane, expand DHCP and expand dc.vclass.local.


3. Expand 1Pv4.
The IPv4 scopes are visible.
4. Resize the left pane by dragging the pane separator to the right.
5. Expand the Scope [ 1 72.20.10.0] SA-Management scope and select Reservations.

58 Lab 8 Using vSphere Auto Deploy


6. Configure a new reservation that uses the MAC address of your ESXi host.
a. Right-click Reservations and select New Reservation.
b. In the Reservation Name text box, enter SA_reservation.

c. In the IP address text box, enter 172 . 2o . 1o . 219 (the IP address of the ES Xi host to
autodeploy).
d. In the MAC address text box, enter the MAC address of the ESXi host to autodeploy.
The MAC address is in the class configuration handout.
You must use hyphens, not colons, between hexadecimal values.
For example: 00-50-56-0 1-34-28
e. Leave the rest of the settings at their defaults and click Add.
f. Click Close.
The new reservation appears in the DHCP console window, in the right pane.
7. In the left pane, expand Reservations so that your new reservation appears.
The reservation name is in the form [ 1 72 .20 . 1 0 .2 1 9] SA_reservation.
8 . Select your reservation and verify that options inherited from the parent scope appear in the
right pane.
The scope-inherited options should include the following items:

003 Router

006 DNS Servers

0 1 5 DNS Domain Name
9. In the left pane, right-click your reservation and select Configure Options.

1 0 . On the General tab of the Reserved Options dialog box, scroll down to the 066 Boot Server
Host Name option.
1 1 . Select the 066 Boot Server Host Name check box and enter 1 7 2 . 2 0 . 1 0 . 94 in the String
value text box.

1 72.20. 1 0 .94 is the IP address of the vCenter Server Appliance instance.


1 2 . In the options list, select the 067 Bootfile Name check box and enter undionly . kpxe . vmw
hardwired in the String value text box.

1 3 . Click OK

Lab 8 Using vSphere Auto Deploy 59


1 4 . Verify that your new options appear in the right pane.
The inherited options and reservation-specific options have different icons to identify them.
1 5 . Minimize the DHCP console window.

Task 8: Start the TFTP Service on vCenter Server Appl iance

vCenter Server Appliance is already configured to serve as a TFTP server for vSphere Auto Deploy.
The service must be started.
1. Start an S SH session to vCenter Server Appliance.
a. On the student desktop task bar, click the MTPuT T Y shortcut.
b. In the Servers pane on the left, double-click SA-VCSA-01.

c. If the PuTTY security alert appears, click Yes.


You are automatically logged in to vCenter Server Appliance as user root.
2. At the command prompt, enter shell to start the Bash shell.
3. At the Bash prompt, view the TFTP service configuration.
cat / e t c / s y s c o n f i g / a t ftpd

Q1 . What is the TFTP directory set to?

4. View the contents of the TFTP directory.


ls /var / l i b / t ftpboot

Q2. In the /var/li b/tftpboot file list, do you see the TFTP boot image filename that you
entered when configuring DHCP options for your reservation?

5. Start the TFTP service.


s e rvice a t f t p d s t a r t

6. Verify that the TFTP service has started.


s e rvice a t f t p d s t a t u s

The TFTP service does not start automatically when the vSphere Auto Deploy service is started
from vSphere Web Client.
7. Open the TFTP firewall port on the vCenter Server Appliance instance.
iptab l e s -A p o r t_f i l t e r -p udp -m udp --dport 69 -j A C C E P T

8. Enter exit and enter exit again to close the MTPuTTY window.

60 Lab 8 Using vSphere Auto Deploy


Task 9: Review the Autodeployment P repa ration Steps

You review your work and prepare for autodeployment.


1 . Review the configuration and autodeployment steps.

Containers and host profiles for use by autodeployed hosts are configured.
The use of containers can be beneficial when designing prestaging and poststaging
scenarios for host deployments.

The vSphere Auto Deploy service is started in vSphere Web Client.

A custom host image profile is created.
Custom image profiles enable you to customize deployments for different sets of hosts and
can be updated and customized with additional VMware or third-party software packages.

A deployment rule is created to associate an image profile, a host profile, and a container to
specific autodeployed hosts.
Using rules with different patterns enables different image, host profile, and other
configurations to be assigned to groups of hosts.

DHCP options are configured to identify a TFTP server and a boot image filename.

The TFTP service is started on vCenter Server Appliance.
For the sake of expediency, the lab environment uses vCenter Server Appliance as the
TFTP server. In production, a compatible TFTP service can be used that is not colocated
with vCenter Server Appliance.

Task 1 0: Prepare to Mon itor ESXi Bootu p D u ring the Autodeploy


Process

You move out of your student desktop and use the VMware OneCloud Web interface to open a
console to the ESXi host to autodeploy.
1 . Verify that you have your student login credentials.
Your login credentials are sent to you in a class welcome email. Your instructor can help you if
you have lost your login information.
2. Record the VMware OneCloud URL provided by your instructor. _____

The URL should be similar to wdc-vclass-a.vmeduc .com/cloud/org/classroom- 1 0 1 .


3. Minimize the Remote Desktop Protocol (RDP) session to the student desktop machine in your
lab sandbox.
You can access the desktop of the server that you first logged in to at the start of the class.
4. On the login server desktop, double-click the Internet Explorer shortcut.

Lab 8 Using vSphere Auto Deploy 61


5. In the Internet Explorer window, browse to the VMware OneCloud URL that you recorded in
step 2.
6. When prompted, log in using the student credentials.
The user name and password are the same as those that you used to access the login server at
the start of the class.
7. In the VMware vCloud Director OneCloud interface, one vApp appears on the Home tab.

Sto p p e d Open

8 . In the vApp panel, click the Open link above the Stop icon.
The vCloud Director OneCloud interface changes to the My Cloud tab, with the vApp details
in the right pane.
9. In the right pane, click the Virtual Machines tab.
1 0 . In the virtual machines list, find SA-ESXi-04.
SA-ESXi-04 is the name of the ESXi host to autodeploy.

Task 1 1 : Power O n the ESXi H ost and Mon itor the Bootup Process

You power on the ESXi host to autodeploy (SA-ESXi-04), and you monitor the ESXi host console
to observe the autodeploy process.
1 . Power off and power on the ESXi host to autodeploy.
a. Right-click SA-ESXi-04 and select Power Off.
b. Click Yes to confirm the power-off operation.
c . Right-click SA-ESXi-04 and select Power On.
2. When the ESXi host status changes to Powered On, right-click SA-ESXi-04 and select Popout
Console.

A new window shows the console view of the selected ESXi host.
3. If the Internet Explorer pop-up blocker blocks the console from opening, select the Always
allow pop-ups option and repeat step 2.

62 Lab 8 Using vSphere Auto Deploy


4. If a window appears asking if you want to upgrade to a newer version of the Client Integration
Plug-In, click No.
5. Monitor the ESXi host bootup process.
The host performs a network preboot execution environment (PXE) boot. The host contacts the
TFTP server identified in the DHCP scope options.
The image binaries are transferred to the host and installed. This process can take up to 20
minutes to complete.
ESXi modules are loaded and associated host profile tasks are performed.
Services are started.
6. Wait for the autodeploy process to complete.
The autodeploy process is complete when the main Direct Console User Interface screen
appears.

Oowllood tools to MM9C this host frOR:


http,//172 .28. 18 .219/ (Olla' )

7. Restore the minimized RDP session to the student desktop machine.

Lab 8 Using vSphere Auto Deploy 63


Task 1 2: Ch eck the Host P rofi le Compliance of the Autodeployed Host

Each autodeployed host must be minimally configured so that the host can handle workloads as a
member of a cluster. You perform the minimal configuration of the host networking.
1 . Restore the minimized Internet Explorer window and click the vSphere Web Client tab.
2 . Point to the Home icon and select Hosts and Clusters.
3. In the left pane, expand the Auto-Deployed-Hosts folder.
The autodeployed host appears in the folder, with the reservation IP as the host name.
4. Point to the Home icon and select Policies and Profiles.
5. In the left pane, click Host Profiles.
6. In the left pane, select Autodeployed-Host-Profile.
7. In the center pane, click the Monitor tab and click Compliance.
8 . In the host list, select the autodeployed ESXi host.
9. Click the Check Host Profile Compliance icon.
1 0 . In the Recent Tasks pane, monitor the task and wait for the compliance check to complete.
1 1 . Verify that the ESXi host is in compliance with the host profile.
1 2 . Point to the Home icon and select Home.

64 Lab 8 Using vSphere Auto Deploy


Lab 9 Monitoring CPU Performance

Objective: Use the esxtop command to monitor CPU


performance

In this lab, you perform the following tasks:

1 . Set vSphere DRS to Manual Mode


2 . Run a Single-Threaded Program in a Single-vCPU Virtual Machine
3 . Start esxtop and View Statistics
4. Record Statistics for Case 1: Single Thread and Single vCPU
5 . Run a Single-Threaded Program in a Dual-vCPU Virtual Machine
6. Record Statistics for Case 2 : One Thread and Two vCPUs
7. Run a Dual-Threaded Program in a Dual-vCPU Virtual Machine
8 . Record Statistics for Case 3 : Two Threads and Two vCPUs
9. Analyze the Test Results

65
Task 1 : Set vSphere DRS to Manual Mode

You set the VMware vSphere Distributed Resource Scheduler automation mode to manual to
ensure that vSphere DRS does not migrate virtual machines to different hosts.
This lab requires that the virtual machines remain on their current host.
1 . In vSphere Web Client, point to the Home icon and select Hosts and Clusters.

2. In the left pane, select the SA Management cluster.


3. In the center pane, click the Configure tab.
4. Select vSphcrc DRS on the left and click Edit.
5. From the DRS Automation drop-down menu, select Manual and click OK.

Task 2: Run a Sing le-Threaded P rogram i n a S i n g le-v C P U Virtual


Mac h i ne

You run a test program to generate continuous database activity on the test virtual machine for
statistical analysis. The test virtual machine is configured with one vCPU.
1 . Confirm that the LinuxO l virtual machine is hosted on sa-esxi-0 1 .vclass.local.
a. In the left pane, select LinuxO l .
b. In the center pane, click the Summary tab.

c. Verify that the host on which LinuxO l resides is sa-esxi-0 1 .vclass.local.


2. IfLinuxO l is not hosted on sa-esxi-0 1 , migrate LinuxO l to sa-esxi-0 1 .
a. Right-click LinuxOl and click Migrate.

The Migrate wizard appears.


b. On the Select the migration type page, click Change compute resource only and click
Next.

c. On the Select a compute resource page, select sa-esxi-0 1.vclass.local and click Next.
d. On the Select networks page, keep the default and click Next.
e. On the Ready to complete page, click Finish.
f. Wait for the migration to complete.
3 . Power on the LinuxO 1 virtual machine.
4. In the Power On Recommendations dialog box, verify that LinuxO l will be placed on sa-esxi-
0 1 . vclass.local and click OK.

66 Lab 9 Monitoring CPU Performance


5. Log in to the LinuxO l virtual machine console.
a. Right-click LinuxO l and select Open Console.
b. If you receive the security exception message, click the Continue to this website (not
recommended) l ink.

c . Wait fo r the virtual machine to complete its bootup process.


d. Log in as user root and use the standard lab password.
6. Verify that you are in the I root directory.
pwd

7. If you are not in the /root directory, enter cd /root.

8. Start the test program on LinuxO 1 .


. / s tart t e s t l

The test program generates database operations to a medium-size database and writes output to
the screen. The program must run uninterrupted.

Task 3: Start esxtop and View Statistics

You use the e s xtop command to observe performance statistics for supported objects.
1. Start an SSH session to sa-esxi-0 l .vclass. local.
a. On the student desktop task bar, click the MTPuT T Y shortcut.
b. In the Servers pane on the left, double-click SA-ESXi-0 1.
c . I f the PuTTY security alert appears, click Yes.
You are automatically logged in to the appliance as user root.
2. Start e s xtop.
By default, e s xtop starts with the CPU screen.
3. Change the update delay from the default (5 seconds) to 1 0 seconds.
a. Enter s .
b . Enter 1 0 .
c . Press Enter.
4. To filter the CPU screen output only to the virtual machines, enter uppercase v
By default, the CPU screen shows statistics for virtual machine processes and active ESXi host
processes.
5. In the output table, find the LinuxO 1 virtual machine statistics.

Lab 9 M o nitoring CPU Performance 67


Task 4 : Record Statistics for Case 1 : Single Thread and S i n g le vCPU

You record statistics for the first test case.


1 . After 30 seconds of statistics collection, record the values for the LinuxO 1 virtual machine in
the Case 1 column in the class configuration handout.
%USED
%RDY
%IDLE
2. Record the operations per minute (opm) value in the test script.
a. In the Internet Explorer window, switch to the LinuxO l console tab.
b. Record the opm reported by the test script in the Case 1 column in the class configuration
handout.
The counter value is reported with each iteration that the test script performs. Use the
counter reported in the last iteration.
3 . Press Ctrl+C to stop the test script.
4. Close the LinuxO l console tab.

Task 5: Run a Sing le-Threaded P rogram i n a Dual-vCPU Virtual


Mac h i ne

You modify the LinuxO l virtual machine to have two vCPUs, and you restart the test script.
1 . Shut down the LinuxO l virtual machine.
2. Wait for the running indicator to be removed from the LinuxO l virtual machine icon in the
inventory tree.
3 . Add a second vCPU to the LinuxO l virtual machine.
a. In the left pane, right-click LinuxO l and select Edit Settings.
b. On the Virtual Hardware tab in the Edit Settings dialog box, select 2 from the CPU drop
down menu and click OK.
c. In the Recent Tasks pane, monitor the reconfiguration task to completion.
4. Power on the LinuxO l virtual machine and verify that LinuxO l will be placed on sa-esxi-
0 1 . vclass.local.
5. Click the LinuxO l console tab and log in to LinuxO l as user root with the standard lab
password.

68 Lab 9 Monitoring CPU Performance


6. On the LinuxO l console tab, restart the test program.
. / s tartt e s t l

This script generates database operations to a medium-size database. The number of threads is
set to 1 . The script must run uninterrupted.

Task 6: Record Statistics for Case 2: One Th read and Two v C P U s

You record statistics fo r the second test case.


1 . Record the e s x t op counter values.
a. Switch to the MTPuTTY window.
b. Enter e.
c. Enter the GID for LinuxO 1 .
d. Examine the two lines in the NAME column that start with vmx-vcpu.
These two lines show the activity of each of the vCPU s in the LinuxO 1 virtual machine.
e. After 30 seconds of statistics collection, record the values for vCPUO and vCPU 1 in the
Case 2 column in the class configuration handout.
%USED
%RDY
%IDLE
2 . Record the operations per minute value in the test script.
a. In the Internet Explorer window, switch to the LinuxO l console tab.
b. Record the opm value reported by the test script in the Case 2 column in the class
configuration handout.
The counter value is reported with each iteration that the test script performs. Use the
counter reported in the last iteration.
3 . Press Ctrl+C to stop the test script.

Task 7: Run a Dual-Threaded Program i n a Dual-v C P U Virtual Machine

You configure the third case parameters by running a two-threaded test program on a virtual
machine with two vCPUs.
1 . On the LinuxO l console tab, start the two-threaded test program .
. / starttest2

This script generates database operations to a medium-size database. The number of threads is
set to 2 . The script must run uninterrupted.

Lab 9 M o nitoring CPU Performance 69


Task 8: Record Statistics for Case 3: Two Th reads and Two v C P U s

You record statistics for the final test case.


1 . Record the e s xtop counter values.
a. Switch to the MTPuTTY window.
b. Examine the two lines in the NAME column that start with vmx-vcpu.
These two lines show the activity of each of the vCPU s in the LinuxO 1 virtual machine.
c. After 30 seconds of statistics collection, record the values for vCPUO and vCPU 1 in the
Case 3 column in the class configuration handout.
%USED
%RDY
%IDLE
2. Record the operations per minute value in the test script.
a. In the Internet Explorer window, switch to the LinuxO l console tab.
b. Record the opm value reported by the test script in the Case 3 column in the class
configuration handout.
3 . Press Ctrl+C to stop the test script.
4. Stop the e s xtop program.
a. Switch to the MTPuTTY window.
b. Enter q to stop e s xtop.
c. Keep the SA-ESXi-0 1 MTPuTTY session open for the next lab.

Task 9: Ana lyze the Test Resu lts

You analyze the captured statistics and document your conclusions.


1 . Review the statistics that you recorded in tasks 4, 6, and 8 .
2. Record the conclusions that you can draw from the data. ____

70 Lab 9 Monitoring CPU Performance


Lab 10 Monitoring Memory Perform ance

Objective: Use the esxtop command to monitor memory


performance under load

In this lab, you perform the following tasks:

1 . Generate Database Activity in the Test Virtual Machine


2 . Check for Overcommittment of Virtual Machine Memory
3 . Configure esxtop to Report Virtual Machine Memory Statistics
4. Observe Memory Statistics
5. Start a Memory Test on ResourceHogO l and ResourceHog02
6. Record Memory Statistics
7. Clean Up for the Next Lab

71
Task 1 : Generate Database Activity i n the Test Vi rtual Machin e

You start the test program to generate database activity.


1 . In the Internet Explorer window, click the LinuxO l console tab.
2. If necessary, log in to the LinuxO 1 virtual machine as user root with the standard lab password.
3. In the LinuxO l console, enter . / s tarttest2 .

This test program performs continuous database operations to a medium-size database. The
number of threads is set to 2 . The script must run uninterrupted.

Task 2: C heck for Overcom mittment of Virtual Mac h i ne Memory

You use resource allocation reports to determine whether memory is overcommitted for a virtual
machine.
1 . In the Internet Explorer window, click the vSphere Web Client tab.
2 . Point to the Home icon and select Hosts and Clusters.
3 . In the left pane, select the LinuxO l virtual machine .
4. In the center pane, click the Monitor tab and click Utilization.
5. Find the Virtual Machine Memory panel.
6. Record the value for VM Consumed. -----

7. Find the Guest Memory panel, in the lower-left corner of the pane.
8 . Record the value for Active Guest Memory. ----

Q1. I s the consumed host memory greater than the active guest memory?

If the consumed host memory is greater than the active guest memory, memory is not
overcommitted. If the consumed host memory is less than active guest memory, then
overcommitment is occurring and might cause degraded performance.

72 Lab 1 0 Monitoring Memory Performance


Task 3: Confi g u re esxtop to Report Virtual Mac h i ne Memory Statistics

You start e s xtop and configure it for memory statistics.


1 . Switch to the MTPuTTY window for sa-esxi- 0 1 .vclass.local.
a. If you need to restart the SSH session to sa-esxi-01 .vclass.local, click the MT PuT T Y
shortcut on the task bar.
b. In the Servers pane on the left, double-click SA-ESXi-0 1.
c . When the PuTTY security alert appears, click Yes.
You are automatically logged in to sa-esxi-0 1 .vclass.local as user root.
2. Start e s xtop.
3. In e s xt op, enter rn to view the memory statistics screen.
4. Set a 1 0-second update delay.
a. Enter s to display the delay prompt.
b. At the delay prompt, enter 1 0 and press Enter.
5. Enter uppercase v to filter only the display virtual machine statistics.
6. Remove all statistics columns from the output table, except D, H, J, and K.
Removing counters that are not monitored during the test can make isolation of the desired
counters easier.
a. Enter f to access the field order screen.
b. For fields other than D, H, J, and K, if an asterisk appears to the left of the field name,
press the corresponding letter to remove the asterisk.
c. For the D, H, J, and K fields, if an asterisk does not appear to the left of the field name,
press the corresponding letter to add an asterisk.
d. Press Enter to return to the memory statistics output.

Task 4 : Observe Memory Statistics

You observe e s xtop counters to determine memory conditions.


1 . Examine e s xtop statistics.
a. In the e s xtop output, view the LinuxO l virtual machine statistics.
b. Verify that the MCTLSZ, MCTLTGT, SWCUR, SWTGT, SWR/s, and SWW/s values are
at or near zero.
c. If you cannot see all of values listed in step b, close the left pane.

Lab 1 0 M onitoring Memory Performance 73


2. Record the operations per minute (opm) value in the test script.
a. In the Internet Explorer window, switch to the LinuxO l console tab.
b. Record the opm value reported by the test script. ____

The counter value is reported with each iteration that the test script performs. Use the
counter reported in the last iteration.

Task 5: Start a Memory Test on Resou rceHog01 and ResourceHog02

You start a memory test on the ResourceHogO 1 and ResourceHog02 virtual machines.
1. Switch to the vSphere Web Client tab in Internet Explorer.
2. Power on, open a console, and boot to the ResourceHogO 1 virtual machine.
You must enter the console within 30 seconds.
a. Right-click ResourceHogO l and select Power > Power On.
b. In the Power On Recommendations window, verify that ResourceHogO 1 will be placed on
sa-esxi-0 1 .vclass.local and click OK.
c. Right-click ResourceHogO l and select Open Console.
d. Click anywhere in the console window.
e . At the BIOS screen, press Enter.
f. At the boot : prompt, press Enter to load the Ultimate Boot CD menu.
If you see a Boot ing prompt, you did not enter the console within 30 seconds. You must
return to substep a to reset the power on the virtual machine and enter the console to the
virtual machine within 30 seconds.
g. Use the arrow keys and the Enter key to select Mainboard Tools > Memory Tests>
Memtest86+ Vl.70.

The exact keystroke sequence is Enter, down arrow, down arrow, Enter, down arrow, down
arrow, Enter.
h. After the memory test utility is running, press Ctrl+Alt to release the pointer focus.
3 . Switch to the vSphere Web Client tab.
4. Repeat step 2 for the ResourceHog02 virtual machine.

74 Lab 1 0 Monitoring Memory Performance


Task 6: Record Memory Statistics

You record and evaluate memory statistics with a significant load consuming ESXi host memory.
1 . Switch to the MTPuTTY window.
2 . After at least one minute of statistics collection, record the values for the ResourceHog02,
ResourceHogO 1 , and LinuxO 1 virtual machines in the class configuration handout.
MCTL?
MCTLSZ
MCTLTGT
SWCUR
SWTGT
SWR/s
SWW/s

01. For Linux0 1 , does the value of MCTLSZ converge with the value of M CTLTGT?

02. For Linux0 1 , does the value of SWCUR converge with the value of SWTGT?

3 . Monitor the statistics output until the host reaches a steady state where the counters in each set
are close in value to each other.
If the counters in each set are close in value to each other, the host has reached a steady state.
4. To determine which virtual machines do not have the balloon driver installed, examine the
MCTL? value for each virtual machine.
The MCTL? field indicates the presence of the balloon driver. If the MCTL? value is Y, then
that virtual machine has a balloon driver installed. Otherwise, the virtual machine lacks a
balloon driver.

03. Which virtual machines do not have the balloon driver i nstalled?

5. To determine whether the virtual machines are swapping, examine the values for SWR/s and
SWWIs for each virtual machine.

04. Which virtual machines are swapping?

Lab 10 M onitoring Memory Performance 75


6. Determine which virtual machines have experienced degraded performance due to swapping.
a. Enter lowercase c to switch to the CPU screen.
b. Enter uppercase v to display only virtual machine statistics.
c. Examine the %SWPWT value for each virtual machine identified as actively swapping.
As %SWPWT exceeds 5 percent, the performance of the virtual machine degrades
significantly.

Q5. What are the %SWPWT values for each of the virtual machines?

7. Enter m to return to the e s xtop memory screen.

Q6. What is the memory state: high, clear, soft, hard, or low?

8 . Record the opm value in the test script.


a. In the Internet Explorer window, switch to the LinuxO l console tab.
b. Record the opm value reported by the test script. _____

c. Compare this opm value with the value that you recorded in task 4, step 2, substep b.

Q7. Has the performance of the test script degraded?

Task 7: C lean U p for the Next Lab

You stop the test script on the LinuxO l virtual machine. You also stop the memory tests on
ResourceHogO 1 and ResourceHog02.
1 . In the MTPuTTY window, select View > Servers to display the Servers pane on the left.
2 . Keep e s xtop running in the MTPuTTY window
3. Switch to the Internet Explorer window
4. On the LinuxOl console tab, press Ctrl+C to stop the test script.
Keep the console tab open.
5 . Close the ResourceHogO l and ResourceHog02 console tabs.
6. On the vSphere Web Client tab, power off the ResourceHogO l and ResourceHog02 virtual
machines.

76 Lab 1 0 Monitoring Memory Performance


Lab 11 Monitoring Storage Performance

Objective: Use the esxtop command to monitor disk


performance across a series of tests

In this lab, you perform the following tasks:

1 . Prepare to Run Tests


2. Measure Continuous Sequential Write Activity to a Virtual Disk on a Remote Datastore
3. Measure Continuous Random Write Activity to a Virtual Disk on a Remote Datastore
4. Measure Continuous Random Read Activity to a Virtual Disk on a Remote Datastore
5. Measure Continuous Random Read Activity to a Virtual Disk on a Local Datastore
6. Analyze the Test Results

Task 1 : Prepare to Run Tests

You use several test scripts on the LinuxO l virtual machine to generate continuous random and
sequential I/O operations against both local and remote (network) datastores.
The LinuxO l virtual machine is located on sa-esxi-0 1 .vclass. local and is configured with two hard
drives to serve as local and remote I/O targets . The SCSI (0: 1 ) drive is stored on SA-ESXi-0 1-Local,
the local datastore. The SCSI (0:2) drive is stored on SA- Shared-0 1 -Remote, the remote datastore.
You monitor storage preparation tasks to completion and then change folders.
1 . In the Internet Explorer window, click the LinuxOl console tab.
2. If necessary, log in as user root with the standard lab password.

77
3 . Configure storage .
. / s t o r ageco n f i g . s h

The storage preparation might take a few minutes to complete. The script must run
uninterrupted to completion.
4. When the script is complete, navigate to the test scripts folder.
cd a i o - s t re s s

Task 2: Meas ure Contin uous Seq uential Write Activity to a Virtual Disk
on a Remote Datastore

You run the l o g w r i t e . s h test script to generate continuous sequential write activity to the hard
disk on the remote datastore.
1 . Start the l o gwr i t e . s h test script.
. / logwr ite . s h

2. Allow the script to run uninterrupted.


3. View the MTPuTTY session to the sa-esxi-01 host.
MTPuTTY should be logged in to SA-ESXi-0 1 , and e s xtop should be running.
4. If MTPuTTY is not logged in, and e s xtop is not running, start a new MTPuTTY session to sa
esxi-0 1 .vclass.local.
a. In the MTPuTTY window, open a connection to SA-ESXi-0 1 .
b. Enter esxtop at the command prompt.
c. Set a 1 0-second update delay by entering s, and then entering 10 and pressing Enter.
5. Enter d to display device adapter output and examine the reads and writes to the adapter paths.

Q1. Which adapter has the most disk 110 activity?

6. Enter u to display individual device output, and examine the reads and writes to the devices.
One of the remote devices has more disk 1/0 activity than the others.
7. Enter v to display virtual machine output.
8 . After 30 seconds of statistics collection, record the values for the LinuxO 1 virtual machine in
the Sequential Writes/Remote Datastore column in the class configuration handout.
READS/s
WRITES/s

78 Lab 1 1 Monitoring Storage Performance


9. In the Internet Explorer window, click the LinuxOl console tab.
1 0 . Press Ctrl+C to stop the test script.

Task 3: Meas ure Contin uous Random Write Activ ity to a Virtual Disk
on a Rem ote Datastore

You run the dataw r i t e . s h test script to generate continuous random write activity to the virtual
machine hard disk on the remote datastore.
1 . In the LinuxO l console, start the da t a w r i t e . sh test script.
. / da t a w r i t e . s h

2. Allow the script to run uninterrupted.


3 . Return to the MTPuTTY window.
4. Enter d to display device adapter output and examine the reads and writes to the adapter paths.
5 . Enter u t o display individual device output and examine the reads and writes to the devices.
6. Enter v to display virtual machine output.
7. After 30 seconds of statistics collection, record the values for LinuxO l in the Random Writes/
Remote Datastore column in the class configuration handout.
READS/s
WRITES/s
8 . In the Internet Explorer window, click the LinuxOl console tab.
9. Press Ctrl+C to stop the test script.

Task 4 : Meas ure Contin uous Random Read Activity to a Virtual Disk
on a Remote Datastore

You run the f i l e s e rver2 . s h test script to generate continuous random read activity from the hard
disk on the remote datastore.
1 . In the LinuxO l console, start the f i l e s e rver2 . s h test script.
. / f i l e s e r ver2 . s h

2. Allow the script to run uninterrupted.


3. Return to the MTPuTTY window.
4. Enter d to display device adapter output and examine the reads and writes to the adapter paths.
5. Enter u to display individual device output and examine the reads and writes to the devices.
6. Enter v to display virtual machine output.

Lab 1 1 Monitoring Storage Performance 79


7. After 30 seconds of statistics collection, record the values for LinuxO I in the Random Reads/
Remote Datastore column in the class configuration handout.
READS/s
WRITES/s
8 . In the Internet Explorer window, click the LinuxOl console tab.
9. Press Ctrl+C to stop the test script.

Task 5: Meas ure Contin uous Random Read Activity to a Virtual Disk
on a Local Datastore

You run the f i l e s e rverl . sh test script to generate continuous random read activity from the
virtual machine hard disk on the local datastore attached to the ESXi host.
I. In the LinuxO I console, start the f i l e s e rverl . s h test script.
. / f i l e s e r verl . s h

This test script first creates the file to be read, which can take 5 minutes or more.
The test script must run uninterrupted.
2. Monitor the script output.
The output remains silent during file creation.
3. After the S t a r t ing w i t h random r e a d message appears, view information in e s xtop.
a. Enter d to display device adapter output.

Q1. Which adapter has the most disk 1/0 activity?

b. Enter u to display individual device output.


One of the local devices, rather than a remote device, is used for this test.
c . Enter v to display virtual machine output.
4. After 30 seconds of statistics collection, record the values for LinuxO I in the Random Reads/
Local Datastore column in the class configuration handout.
READS/s
WRITES/s
5 . In the Internet Explorer window, click the LinuxOl console tab.
6. Press Ctrl+C to stop the test script.

80 Lab 1 1 Monitoring Storage Performance


Task 6: Ana lyze the Test Resu lts

Your instructor conducts an in-class review to compare test results from each group.
1 . Record the conclusions that you draw from the test data collected in tasks 2 through 5.

2. In the Internet Explorer window, leave the vSphere Web Client and the LinuxO l tabs open for
the next lab.

Lab 1 1 Monitoring Storage Performance 81


82 Lab 1 1 Monitoring Storage Performance
Lab 1 2 Monitoring Network Performance

Objective: Use the esxtop command to monitor network


performance

In this lab, you perform the following tasks:

1 . Prepare to Monitor Network Performance


2. Prepare the Client and the Server Virtual Machines
3 . Measure Network Activity on an ESXi Physical Network Interface
4. Use Traffic Shaping to Simulate Network Congestion
5 . Position the Client and the Server on the Same Port Group
6. Restart the Test and Measure Network Activity
7. Stop the Test and Analyze Results
8 . Clean Up for the Next Lab

Task 1 : Prepare to Mon itor Network Performance

You use the e s xtop network statistics screen to monitor network performance.
1 . View the MTPuTTY session to the sa-esxi-01 host.
MTPuTTY should be logged in to the sa-esxi-0 1 host, and e s xtop should be running.
2. If MTPuTTY is not logged in, and e s xtop is not running, start a new MTPuTTY session to
sa-esxi-0 l .vclass. local.
a. In the MTPuTTY window, open a connection to SA-ESXi-0 1 .
b. Enter esxtop at the command prompt.
c . Set a 1 0-second update delay.

83
3. Enter n to switch to the network statistics screen.
4. Remove unused counters to make the e s xtop network screen easier to monitor.
a. Enter f to display the Current Field Order table.
b. In the Current Field Order table, enter g and j to remove PKTRX/s and PKTTX/s from the
e s xtop display.

c. Press Enter to return to the network statistics screen.

Task 2: Prepare the C l ient and the Server Vi rtual Machi nes

You use scripts on the LinuxO 1 and Linux02 virtual machines to generate network traffic so that
network performance can be measured.
The LinuxO l virtual machine acts as a client, and the Linux02 virtual machine acts as a server. The
Linux:O l virtual machine is connected to the pg-SA Production port group. You move the Linux02
virtual machine to the pg-SA Management port group so that the virtual machines are connected to
different virtual switches, forcing their traffic to traverse the physical network.
1 . Migrate the Linux02 virtual machine to the pg-SA Management port group.
a. In the Internet Explorer window, click the vSphere Web Client tab.

b. Point to the Home icon and select Networking.


c. In the Navigator pane, right-click the dvs-Lab distributed switch and select Migrate VMs
to Another Network.

d. For the source network, leave Specific network selected, click Browse, select pg-SA
Production, and click OK.

e. For the destination network, click Browse, select the pg-SA Management port group, and
click OK.
f. Click Next.
g. On the Select virtual machines to migrate page, select the Linux02 check box and click
Next.

h. On the Ready to complete page, click Finish.


1. In the Recent Tasks pane, monitor the migration task to completion.

84 Lab 1 2 Monitoring Network Performance


2 . View the IP address of the Linux02 virtual machine.
a. Point to the Home icon and select Hosts and Clusters.
b. Power on the Linux02 virtual machine.
c. In the Power On Recommendations window, keep the recommendation to place Linux02
on host sa-esxi-0 l .vclass.local selected and click OK.
Wait for the virtual machine to boot up completely.
d. In the left pane, select Linux02.
e. From the Summary tab in the center pane, record the Linux02 IP address. _____

The Linux02 IP address starts with 1 72.20. 1 0 (the management network DHCP range).
3 . View the IP address of the LinuxO l virtual machine.
a. In the left pane, select the LinuxO l virtual machine .
b. From the Summary tab, record the LinuxO l IP address. _____

The LinuxO l IP address starts with 1 72.20. 1 1 (the production network DHCP range).
4. Start the server on Linux02.
a. In the left pane, right-click the Linux02 virtual machine and select Open Console.
b. In the Linux02 console window, log in as user root with the standard lab password.
c . Navigate to the network scripts folder.
cd netp e r f

d . Start the server program .


. /net s e rver

The server program runs as a background process.

S t a r t i n g n e t s e r v e r at p o r t 12865
S t a r t i n g n e t s e r v e r a t h o s t na m e 0 . . e . e p o rt 12865

e. Verify that the server program is running.


ps -ef I grep ne t s e r ver

The server and grep processes are listed.

ee : e e : ee 1 . 1netse rve r I
ee : e e : ee g re p n e t s e r v e r

Lab 1 2 Monitoring Network Performance 85


Task 3: Meas ure Network Activity on an ESXi P hysical Network
I nterface

You measure the network performance of the ESXi host network interface with the LinuxO l and
Linux02 virtual machines positioned on different physical network segments across a router.
Requests sent from the LinuxO 1 client enter the physical network through the ES Xi network
interface vmnic2 that is bound to a dvs-Lab distributed switch uplink. The client requests are routed
to the management network where the Linux02 server is positioned, using the pg-SA Management
port group on the dvs-SA Datacenter distributed switch.
1. Switch to the LinuxOl console tab.
2 . Start the client on LinuxO 1 .
a. Navigate to the network scripts folder.
cd / r o o t /netp e r f

b. Start the client test script.


. / np t e s t l . s h s erver_ IP_address
server_IP_address is the Linux02 IP address that you recorded in task 2 .

The client and server programs must run uninterrupted.


3. Monitor network activity and record your findings.
a. Switch to the MTPuTTY window.
b. In the e s xtop output, find the vmnic2 physical network interface.
c. After 30 seconds of statistics collection, record the values for vmnic2 in the vmnic2
column in the class configuration handout.
MbTX/s
MbRX/s

Task 4: Use Traffic Shaping to S i m u late Network Co ngestion

You use traffic shaping to control the network speed to simulate congestion.
1. Switch to the Internet Explorer window and click the vSphere Web Client tab.
2 . Point to the Home icon and select Networking.
3 . In the networking inventory, expand the dvs-Lab distributed switch.
4. Right-click the pg-SA Production port group and select Edit Settings.
5. In the Edit Settings dialog box, click Traffic shaping on the left.

86 Lab 1 2 Monitoring Network Performance


6. Select Enabled from the Status drop-down menus for ingress traffic shaping and egress traffic
shaping.
7. Configure ingress and egress traffic shaping.

Option Action

Average bandwidth (kbit/s) Enter 1 0 0 0 0 .

Peak bandwidth (kbits/s) Enter 1 0 0 0 0 .

Burst size (KB) Enter 1 0 0 0 0 .

8 . Verify that you configured both ingress and egress traffic shaping and click OK
9. Monitor network performance and record your findings.
a. Switch to the MTPuTTY window.
b. In the e s xtop output, find the vmnic2 physical interface item.
c. After 30 seconds of statistics collection, record the values for vmnic2 in the vmnic2 1 0 Mb/
s column in the class configuration handout.
MbTX/s
MbRX/s
1 0 . Disable ingress and egress traffic shaping.
a. Switch to the vSphere Web Client tab in the Internet Explorer window.
b. Right-click the pg-SA Production port group and select Edit Settings.

c. Click Traffic shaping.


d. For both ingress and egress traffic shaping, select Disabled from each Status drop-down
menu.
e . Click O K to close the Edit Settings dialog box.

Lab 1 2 Monitoring Network Performance 87


Task 5: Position the C l ient and the Server on the Same Port Group

You migrate the Linux02 virtual machine back to the pg-SA Production port group to show that
virtual machines communicating on the same ESXi host and virtual switch port group can
communicate at a faster rate than the rate dictated by the physical network hardware.
1. Stop the client.
a. In the Internet Explorer window, click the LinuxO l console tab.
b. In the LinuxO 1 console, press Ctrl+C to stop the test script.
2. Stop the server.
a. Click the Linux02 console tab.
b. In the Linux02 console, end the server program.
ps -ef I grep ne t s e r ver

kill process_id
In the k i l l command, process_id is the netserver process I D as reported by the p s
command.
In the example ps output, the netserver process ID is 6487. The screenshot does not
include the leftmost columns of the p s output.

I I
I J '

64 8 7 1 e e9 : 5 5 ? ee : e e : e 9 . /netse rve r
7 629 6393 2 1 9 : 4 1 pts/l ee : 9 B : e 9 g r ep n e t s e r v e r

3 . Migrate the Linux02 virtual machine to the pg-SA Production port group.
a. Click the vSphere Web Client tab.
b. In the left pane, right-click the dvs-Lab distributed switch and select Migrate VMs to
Another Network.

c. For the source network, leave Specific network selected, click Browse, select pg-SA
Management, and click OK.

d. For the destination network, click Browse, select the pg-SA Production port group, and
click OK.
e. Click Next.
f. Under Select virtual machines to migrate, select the Linux02 check box and click Next.

g. Click Finish.
h. In the Recent Tasks pane, monitor the migration task to completion.
4. In the Internet Explorer window, click the Linux02 console tab.

88 Lab 1 2 Monitoring Network Performance


5 . Restart the network service, and verify that the IP address i s within the production network
DHCP range.
a. In the terminal window, restart the network service.
s e rvice netwo rk r e s t a r t

The network service might take up to a minute to restart and acquire a new DHCP address.
b. Verify that a new DHCP-assigned address was acquired.
i fconfig

c. In the i f c o n f i g command output, verify that the IP address starts with 1 72.20. 1 1 (the
production network DHCP range).
d. Record the postmigration Linux02 IP address. _____

Task 6: Restart the Test and Meas ure Netwo rk Activ ity

You measure network activity when the client and the server communicate across a virtual network
contained within a single ESXi host and port group.
1 . In the Linux02 console window, start the server program .
. /net s e rv e r

2. In the Internet Explorer window, click the LinuxOl console tab.


3 . Start the client script.
. / np t e s t l . s h se rver_ IP_address
server_IP_address is the postmigration Linux02 IP address that you recorded in task 5.

4. Monitor network activity and record your findings.


a. Switch to the MTPuTTY window.
b. In the e s xtop output, find the vmnic2 row and verify that the traffic is no longer traversing
the physical interface.
c. Find the LinuxO l . ethO row.
d. After 30 seconds of statistics collection, record the values for LinuxO l .ethO in the
LinuxO l .ethO column in the class configuration handout.
MbTX/s
MbRX/s

Lab 1 2 Monitoring Network Performance 89


Task 7: Stop the Test and Ana lyze Res ults

You use samples that you recorded to determine whether network performance was affected by the
simulated congestion in an expected manner and to determine the fastest network configuration.
1 . Stop the test.
a. Switch to the Internet Explorer window and click the LinuxOl console tab.
b. In the LinuxO 1 console, press Ctrl+C to stop the client script.
c. Click the Linux02 console tab.
d. In the Linux02 console, kill the server process to end the server program.
ps -ef I grep ne t s e r ver

k i l l process_ i d

process_id is the n e t s e rver process ID that appears in the ps command output.

2. Review the sample values that you recorded in task 6.

Q1 . Do you see an obvious difference in network throughput for each test?

Q2. Which test resulted in the h ighest throughput (hig hest values)?

Q3. Why was this test the fastest?

Task 8: C lean U p for the Next Lab

You end e s xtop and you close the LinuxO l and Linux02 console tabs. You also change the
vSphere DRS automation mode to Fully Automated.
1 . In the MTPuTTY window, enter q to end e s xtop.
2. Close the MTPuTTY session.
3. In the Internet Explorer window, close the LinuxO l and Linux02 console tabs.
4. Power off LinuxO l and Linux02.
5. On the vSphere Web Client tab, point to the Home icon and select Hosts and Clusters.

90 Lab 1 2 Monitoring Network Performance


6. Change the vSphere DRS automation mode to Fully Automated.
a. In the left pane, select the SA Management cluster.
b. In the center pane, click the Configure tab.
c. Select vSphere DRS on the left and click Edit.
d. From the DRS Automation drop-down menu, select Fully Automated and click OK.
7. Migrate the local storage of LinuxO l to shared storage.
a. Right-click LinuxO l and select Migrate.
The Migrate wizard appears.
b. On the Select the migration type page, click Change storage only and click Next.
c . On the Select storage page, select SA-S hared-0 1 -Remote and click Next.
d. On the Ready to complete page, click Finish.
e. In the Recent Tasks pane, monitor the migration task to completion.
8 . Point to the Home icon and select Home.

Lab 1 2 Monitoring Network Performance 91


92 Lab 1 2 Monitoring Network Performance
Lab 13 Using vRealize Log Insight

Objective: Configure and use vRealize Log Insight

In this lab, you perform the following tasks:

1 . Configure vRealize Log Insight


2 . Configure vRealize Log Insight to Ingest Data from vSphere
3. Create Events to Analyze
4. Examine vRealize Log Insight Dashboards
5. Use vRealize Log Insight Interactive Analytics to Search for an Event
6. Examine vRealize Log Insight Resource Usage
7. Create an Additional vRealize Log Insight User
8. Access vRealize Log Insight as Another User
9. Prepare for the Next Lab

Task 1 : Confi g u re vReal ize Log I nsight

You configure VMware vRealize Log Insight.

Use the following information from the class configuration handout:

vRealize Log Insight license key


1 . Open a new tab in Internet Explorer.
2 . From the Favorites bar, select vRealize Log Insight.
3. If you receive a security exception, click the Continue t o this website (not recommended)
link.

93
4. On the Setup page for vRealize Log Insight, click Next.
5. On the Choose Deployment Type page, click Start New Deployment.
It can take a couple of minutes to start the new deployment.
6. On the Admin Credentials page, configure the email address and password.

Option Action

Email Enter admini s trator@vcla s s . local.

New password Enter the standard lab password.

Confirm new password Enter the standard lab password.

7. Click Save and Continue.

8 . On the License page, verify that the license i s still valid.


9. If the license has expired, add a new license.
a. Click +Add New License.
b. In the License Key text box, enter the vRealize Log Insight license key provided by your
instructor.
c. Click Add License.
d. Click Save and Continue.
1 0 . On the General Configuration page, do not join the customer experience improvement program.
a. Deselect the Join the VMware Customer Experience Improvement Program check
box.
b. Click Save and Continue.

1 1 . On the Time Configuration page, synchronize server time with the ESXi host.
a. From the Sync Server T ime With drop-down menu, select ESX/ESXi host.
b. Click Save and Continue.
1 2 . On the SMTP Configuration page, click Skip.

1 3 . On the Setup Complete page, click Finish.

94 Lab 1 3 Using vRealize Log Insight


Task 2: Confi g u re vReal ize Log I nsight to I ngest Data from vSphere

You add your vSphere details to vRealize Log Insight so that it can use vSphere logs.

1 . In the top-right corner, click the menu icon and select Administration.

admin =

2 . In the left pane, click vSphere under Integration.


3. In the vSphere Integration panel, specify the vCenter Server name and login credentials.

Option Action

Hostname Enr sa-vcs a - 0 1 . vcla s s . loca l .

Username Enter administrator@ vsphere . local.

Password Enter the standard lab password.

4. Click Test Connection.

Verify that the test is successful.


5. Click Save.

6. When the configuration is complete, click OK.

Task 3: C reate Events to Ana lyze

You create events in the logs of ESXi hosts that will be analyzed by vRealize Log Insight. The
events are to allow and disallow access through the firewall for the SSH client.

1 . In vSphere Web Client, point to the Home icon and select Hosts and Clusters.

2. Allow SSH cl ient access through the firewall .


a. In the left pane, select sa-esxi-0 1.vclass.local.
b. In the center pane, click the Configure tab and select Security Profile on the left.
c. In the Firewall panel, click Edit.
d. In the Edit Security Profile dialog box, select the SSH Client check box.
e. Click OK.

Lab 1 3 Using vRealize Log Insight 95


3 . Disallow S S H client access through the firewall .
a. In the Firewall panel, click Edit.

b. In the Edit Security Profile dialog box, deselect the SSH Client check box.
c. Click OK.

4. Repeat steps 2 and 3 for the sa-esxi-02.vclass.local and sa-esxi-03.vclass.local hosts.

Task 4 : Exami ne vReal ize Log I nsight Dash boards

You examine the information provided by the standard dashboards available from vRealize Log
Insight.

1 . Click the vRealize Log Insight tab.


2. At the top of the vRealize Log Insight interface, click Dashboards.
The Overview dashboard appears.
3 . In the left pane, select Event Types and examine the dashboard.
For example, you can view the number of unique event types and the pie chart that shows the
unique event types by host name.
4. In the left pane, select Security and examine the dashboard.
For example, you can view the bar graph that shows the number of events that contain user
information over time.
5. From the drop-down menu in the top left pane, select VMware - vSphere.

illl General

Custom Dashboards

My Dashboards

Shared Dashboards

Content Pack Dashboard:s

I General

I VMware - vSphere

The General-Overview dashboard appears.

96 Lab 1 3 Using vRealize Log Insight


6. At the top of the right pane, select Latest 48 hours of data from the drop-down menu.

Dashboards Interactive

Latest 5 m i nutes of data v

latest 5 m inutes of data

Latest hour of data

Latest 24 hours of d ata

Latest 48 hours of d ata

Custom time range

7. Click the refresh icon and examine the changes made in the output.
8 . In the left pane, select vSphere-Overview and examine the dashboard.
Most of the charts in the dashboard contain no results because vRealize Log Insight is only now
starting to collect data.
9. In the left pane, select vSphere-ESXi and examine the dashboard.
1 0 . View the ESX/ESXi YOB events by component and event type panel.
The firewall. config.changed event type has a count of 6, which corresponds to the number of
times that you changed the firewall configuration on your ESXi hosts in task 3 .

Tas k 5: Use v Real ize Log I ns i g ht I nteractive Analytics to Search fo r


an Event

You use vRealize Log Insight interactive analytics to search for types of events.

1 . At the top of the vRealize Log Insight interface, click Interactive Analytics.
2 . From the Chart Type drop-down menu, near the middle-right side o f the window, select Line.

Lab 1 3 Using vRealize Log Insight 97


3 . Notice how the graph display changes.
4. Search for events that contain the word "firewall."
a. In the wide text box in the middle of the window, enter firewall.

Count of events
+ over time R...et

+ AD D Fl L u r n

b. From the time range drop-down menu, select Latest 6 hours of data.

*? Latest 5 minutes of dBta v

6-12- 04 !6:25:41 -378

I Latest 5 m i n utes of data

h
o I1 Latest hour of d ata

Latest 6 hours of data


es.t First -..

23.a727t ...--
.
Latest 24 hours of d ata al lbac:k Fie I'

Latest 48 hours of d ata

23.a 7 2 7 t ------.
> caill
7 days of data
to
Latest
-

All time

n.a1 2tt Custom time range 4340 (at

c . Click the search icon .

..
d. View all the events that are found.

98 Lab 1 3 Using vRealize Log Insight


5. Create a filter to find firewall events for the sa-esxi-0 1 host.
a. Click Add Filter.
b. From the first drop-down menu, select hostname.
c . From the second drop-down menu, select contains.
d. In the text box, enter sa-esxi - 0 1 and press Enter.

xi hostname v I1_
co
... _n_
m_m
_ s____ "'_.l I sa-esxi-01

+ ADD FILHR x CL E:AR ALL F I LT E R S

e. Click the search icon.


f. View all the events that are found.
6. Create a filter to find firewall events on the sa-esxi-0 I host that contain the word "disable ."
a. Click Add Filter.
b. From the first drop-down menu, select text.
c . From the second drop-down menu, select contains.
d. In the text box, enter disable and press Enter.

r f irewall

::: Match Bii of the follOW1rig fllters:

X hostname v co ntains v sa-esxi-01

IX text v co ntains v d]sabfe r


e. Click the search icon.
f. View all the events that are found.
g. Delete "disable" from the text box, enter enabl.e, and press Enter.
h. Click the search icon.
1. View all the events that are found.
7. Clear the filters.
a. Click Clear All Filters.
b. Delete "firewall" from the search text box.
c. Click the search icon.

Lab 1 3 Using vRealize Log Insight 99


Task 6: Examine vReal ize Log I ns i g ht Resou rce Usage

You use the reporting feature in vRealize Log Insight to examine the resources that it is using.

1 . In the top-right corner, click the menu icon and select Administration.
2 . In the left pane, select System Monitor.
3. In the center pane, select Resources and examine the output.
4. In the center pane, select Statistics and examine the output.

Task 7: Create an Add itional vReal ize Log I nsight User

You create a user who can access vRealize Log Insight.

1 . In the left pane, select Access Control.

2. In the center pane, select Users and click New User.


3 . On the New User page, configure the user's name, password, and role.
a. In the Username text box, enter regadmin.
b. In the Password text box, enter the standard lab password.
c. In the Roles panel, select the Dashboard User check box and deselect all other check
boxes.
d. Click Save.

Task 8: Access v Realize Log I ns i g ht as Another User

You log in to vRealize Log Insight as a user other than Admin, and you access various dashboards.

1 . At the top right of the vRealize Log Insight interface, click admin and select Logout.


2 . Log in to vRealize Log Insight as user regadmin.
a. In the Username text box, enter regadmin.
b. In the Password text box, enter the standard lab password and click Login.
3 . Verify that Interactive Analytics does not appear at the top of the vRealize Log Insight
interface.
The user regadmin is allowed only to view dashboards.

1 00 Lab 1 3 Using vRealize Log Insight


4. Examine various dashboards.
a. At the top of the vRealize Log Insight interface, click Dashboards.

b. Ensure that General is selected from the drop-down menu at the top of the left pane.
c . In the left pane, select Overview and examine the dashboard.
d. In the left pane, select Event Types and examine the dashboard.
e. In the left pane, select Security and examine the dashboard.
f. From the drop-down menu at the top of the left pane, select VMware - vSphere.

g. In the left pane, select General-Overview and examine the dashboard.


h. In the left pane, select vSphere-Overview and examine the dashboard.
5. At the top right of the vRealize Log Insight interface, click regadmin and select Logout.
6. In the Internet Explorer window, close the vRealize Log Insight tab.

Task 9: Prepare for the Next Lab

In preparation for the next lab, you add a second adapter to the VCHA virtual machine and you
power on the VCHA virtual machine.

1 . In the vSphere Web Client tab, point to the Home icon and select Hosts and Clusters.
2. Add a second network adapter to the VCHA virtual machine.
a. In the left pane, right-click VCHA and select Edit Settings.
The Edit Settings dialog box appears.
b. Near the bottom of the dialog box, select Network from the New device drop-down menu.
c. Click Add.
The new network adapter is added to the virtual hardware list.
d. Select pg-VCHA-Cluster from the New Network drop-down menu.
You might have to select Show more networks from the drop-down menu before you can
select the pg-VCHA-Cluster network.
e. In the Edit Settings dialog box, click OK.

3 . Power on the VCHA virtual machine.


The VCHA virtual machine takes a few minutes to start up completely.
You use the VCHA virtual machine to configure VMware vCenter Server High Availability in
the next lab.
4. Point to the Home icon and select Home.

Lab 1 3 Using vRealize Log Insight 101


1 02 Lab 1 3 Using vRealize Log Insight
Lab 14 Using vCenter Server Hig h
Availability

Objective: Configure vCenter Server Appliance for high


availability

In this lab, you perform the following tasks:

1 . Configure the vCenter Server High Availability Network


2 . Log In to the High Availabil ity vCenter Server Appliance Instance
3. Configure vCenter Server High Availability
4. Create the Passive Node
5. Create the Witness Node
6. Finish Configuring vCenter Server High Availability
7. (Optional) Redo the vCenter Server High Availability Configuration If Failure Occurred
8 . Manually Initiate a vCenter Server Failover
9. Verify That Your vCenter Server Failover Occurred
1 0 . Prepare for the Next Lab

Lab 14 Using vCenter Server High Availability 1 03


Task 1 : Confi g u re the vCenter Server H i g h Availab i l ity Network

At the end of lab 1 3 , you added the second network adapter to the vCenter Server Appliance
instance that you will use for this lab exercise. The second network adapter is used for the private,
vCenter Server High Availability network, which is used for communication between the vCenter
Server High Availability nodes.
You ensure that the vCenter Server Appliance instance is powered on, you view information about
the network adapters, and you verify that the second network adapter is online.
1 . In the Internet Explorer window, click the vSphere Web Client tab.
2. Point to the Home icon and select Hosts and Clusters.
3 . In the left pane, verify that the VCHA virtual machine is powered on.
4. If you did not power on VCHA before the start of the lab, power on the virtual machine now.
5. View information about the network adapters connected to VCHA.
a. In the left pane, select VCHA.
b. In the center pane, click the Summary tab.

c . Expand the VM Hardware panel.


d. Verify that Network adapter 1 is connected to the pg-VCHA-Management network.
e. Verify that Network adapter 2 is connected to the pg-VCHA-Cluster network.
pg-VCHA-Cluster is the private network used for communication between the vCenter
Server High Availability nodes.
6. Verify that the second network adapter on VCHA is online.
a. Open a new tab in the Internet Explorer window.
b. In the URL box, enter https : // vcha . vclass . local : 5 4 8 0 .
vcha.vclass .local i s the name of the vCenter Server Appliance instance that you will make
highly available.
c. If you receive a security exception, click the Continue to this website link to display the
login screen.
The VMware vSphere Appliance Management login page appears.
d. Log in as user root with the standard lab password.
e . In the Navigator pane, select Networking and click the Manage tab.

f. Under Networking Interfaces, verify that both nicO and nic l are up.

1 04 Lab 1 4 Using vCenter Server High Availability


7. If nic l is down, then configure the IP settings for nic l .
a. Click Edit next to Networking Interfaces.
The Edit IP Configuration dialog box appears.
b. Expand nicl and click Use the following 1Pv4 settings.

c. In the 1Pv4 Address text box, enter 1 9 2 . 168 1 95.


. .

d. In the 1Pv4 Address Prefix text box, enter 2 4 .


e . Keep the rest of the defaults and click OK.

f. Verify that the status of nic 1 is Up.


8 . In the Navigator pane, select Access.
9. In the right pane, verify that SSH Login is enabled.
1 0 . Log out of the Virtual Appliance Management interface and close the tab.

Task 2: Log I n to the H i g h Availability vCenter Server Appl ia nce


I nsta nce

You use vSphere Web Client to log in to the vCenter Server Appliance instance that will be
configured for high availability.
1 . Open a new tab in Internet Explorer.
2 . In the Favorites bar, select vSphere Web Clients > VCHA.
3. When the security exception for vSphere Web Cl ient appears, click the Continue to this
website link to display the login screen.

If you did not power on VCHA before the start of this lab, then the Web server takes a few
minutes to initialize. When the Web server finishes initializing, the VMware vCenter Single
Sign-On login page appears.
4. In the User name text box, enter admin istrator@ vcha . local.
The domain is vcha. local, not vsphere.local.
5. In the Password text box, enter the standard lab password.
6. Click Login.
The vSphere Web Client page appears.

Lab 14 Using vCenter Server High Availability 1 05


Task 3: Confi g u re vCenter Server H i g h Availabil ity

You configure the vCenter Server Appliance instance for high availability. You perform the
advanced configuration, which means that you must manually create the passive node and the
witness node.
1 . In the left pane, select vcha.vclass.local.
2 . In the center pane, click the Configure tab and select vCenter HA on the left.
3. In the upper-right corner of the center pane, click Configure.
The Configure vCenter HA wizard appears.
4. On the Select a configuration option page, select Advanced and click Next.
5. On the Connection IP settings page, configure the IP settings for the passive node and the
witness node.
a. Under Passive Node, enter 1 92 . 1 68 . 1 . 96 in the vCenter HA IP address text box.
This address is the IP address on the private vCenter Server High Availability network for
the passive node.
b. In the Subnet mask (prefix for 1Pv6) text box, enter 2 5 5 . 2 5 5 . 2 5 5 . o.
c. Under Witness Node, enter 1 92 . 1 6 8 . 1 . 97 in the vCenter HA IP address text box.
This address is the IP address on the private network for the witness node.
d. In the Subnet mask (prefix for IPv6) text box, enter 2 5 5 . 2 5 5 . 2 5 5 . o .
e. Click Next.
The Clone VMs page appears. Do not click Finish yet.
You must create the passive node and the witness node before you can complete the
vCenter Server High Availability configuration.

Task 4: Create the Passive N ode

You create the passive node by cloning the vCenter Server High Availability active node. The active
node is the vCenter Server Appliance instance, VCHA. The passive node is created on sa-esxi-
02. vclass.local.
1 . In Internet Explorer, switch to the vSphere Web Client tab for sa-vcsa-01 .vclass.local.
2. In the left pane, right-click VCHA and select Clone> Clone t o Virtual Machine.
The Clone Existing Virtual Machine wizard appears.
3. On the Select a name and folder page, enter VCHA- Pass ive for the virtual machine name and
click Next.

1 06 Lab 1 4 Using vCenter Server High Availability


4. On the Select a compute resource page, expand the SA Management cluster and select sa-esxi-
02.vclass.local.

5. Click Next.
6. On the Select storage page, select the datastore and virtual disk format.
a. Select SA-ESXi-02-Local.
b. From the Select virtual disk format drop-down menu, select Same format as source.

c. Click Next.
7. From the Select clone options page, select the Customize the operating system check box and
select the Power on virtual machine after creation check box.
8. Click Next.
9. On the Customize guest OS page, create a new customization specification for the passive node .
A preconfigured customization specification named VCHA Passive Specification was created
for the sake of convenience. As an alternative to performing step 9, you can select VCHA
Passive Specification and click Next, instead of creating a new customization specification.

a. Click the Create a new specification icon.


The New VM Guest Customization Spec wizard appears.
b. On the New Customization Specification page, enter the name of your choice in the
Customization Spec Name text box and click Next.

c. On the Computer Name page, select the Enter a name check box and enter vcha in the
text box.
The computer name of the passive node must match the computer name of the active node.
d. In the Domain name text box, enter vc lass . local and click Next.
e . On the Time Zone page, configure the time zone settings and click Next.

Option Action

Area Select America.

Location Select Los Angeles.

f. On the Configure Network page, select NICI and click the Edit icon.
g. Click Use the following IP settings.

Lab 1 4 Using vCenter Server High Availability 1 07


h. Configure the IP settings for NIC 1 and click OK.

Option Action

IP Address Enter 172 . 2 0 . 1 1 0 . 95.


This IP address is the public address
of the active node.

Subnet Mask Enr 255 . 2 55 . 2 55 . 0 .

Default Gateway Enter 172 . 2 0 . 1 1 0 . 1 0 .

Alternate Gateway Leave blank.

l. On the Configure Network page, select NIC2 and click the Edit icon.

J. Click Use the following IP settings.

k. Configure the IP settings for NIC2 and click OK.

Option Action

IP Address Enter 1 92 . 1 68 . 1 . 96.

Subnet Mask Enter 255 . 255 . 255 . o .

Default Gateway Leave blank.

Alternate Gateway Leave blank.

l. On the Configure Network page, click Next.


m. On the Enter DNS and Domain Settings page, configure the DNS and domain information
and click Add.

Option Action

Primary DNS Enter 172 . 20 . 1 1 0 . 1 0 .

Secondary DNS and Tertiary DNS Leave blank.

DNS Search Path Enter vc lass . local.

1 08 Lab 1 4 Using vCenter Server High Availability


n. Click Next.
o. On the Ready to complete page, review the settings and click Finish.
The Clone Existing Virtual Machine wizard reappears.
p. On the Customize guest OS page, select the passive node customization specification that
you created and click Next.
1 0 . On the Ready to complete page, review the settings and click Finish.

1 1 . View the Recent Tasks pane and monitor the Clone Virtual Machine task to completion.
This task takes several minutes to complete.
You must wait for this task to complete before going to the next task.
1 2 . In the left pane, verify that the VCHA-Passive virtual machine appears and is powered on.

Task 5: Create the Witness Node

You create the witness node by cloning the vCenter Server High Availability active node. The active
node is the vCenter Server Appliance instance, VCHA. The witness node is created on sa-esxi-
03. vclass.local.
1 . In the left pane, right-click VCHA and select Clone > Clone to Virtual Machine.
The Clone Existing Virtual Machine wizard appears.
2 . On the Select a name and folder page, enter VCHA-Wi tness for the virtual machine name and
click Next.
3 . On the Select a compute resource page, expand the S A Management cluster and select sa-esxi-
03. vclass.local.

4. Click Next.

5. On the Select storage page, select the datastore and virtual disk format.
a. Select SA-ESXi-03-Local.
b. From the Select virtual disk format drop-down menu, select Same format as source.

c. Click Next.
6. From the Select clone options page, select the Customize the operating system check box and
select the Power on virtual machine after creation check box.
7. Click Next.

Lab 14 Using vCenter Server High Availability 1 09


8. On the Customize guest OS page, create a new customization specification for the witness
node.
A preconfigured customization specification named VCHA Witness Specification was created
for the sake of convenience. As an alternative to performing step 8, you can select VCHA
Witness Specification and click Next, instead of creating a new customization specification.

a. Click the Create a new specification icon.


The New VM Guest Customization Spec wizard appears.
b. On the New Customization Specification page, enter the name of your choice in the
Customization Spec Name text box and click Next.

c. On the Computer Name page, select the Enter a name check box and enter vcha
wi tne ss in the text box.

The computer name of the witness node must not match the computer name of the active
node.
d. In the Domain name text box, enter vc lass . local and click Next.
e . On the Time Zone page, configure the time zone settings and click Next.

Option Action

Area Select America.

Location Select Los Angeles.

f. On the Configure Network page, select NICI and click the Edit icon.
g. Leave Use DHCP to obtain an IP address automatically clicked and click OK.
h. On the Configure Network page, select NIC2 and click the Edit icon.
1. Click Use the following IP settings, configure the IP settings for NIC2, and click OK.

Option Action

IP Address Enter 1 92 . 1 68 . 1 . 97.

Subnet Mask Enr 2ss . 2 s s . 2 s s . o .

Default Gateway Leave blank.

Alternate Gateway Leave blank.

110 Lab 1 4 Using vCenter Server High Availability


J. On the Configure Network page, click Next.
k. On the Enter DNS and Domain Settings page, configure the DNS and domain information
and click Add.

Option Action

Primary DNS Enr 112 . 2 0 . 1 1 0 . 1 0 .

Secondary DNS and Tertiary DNS Leave blank.

DNS Search Path Enter vc 1ass . 1oca1 .

I. Click Next.
m. On the Ready to complete page, review the settings and click Finish.
The Clone Existing Virtual Machine wizard reappears.
n. On the Customize guest OS page, select the witness node customization specification that
you created and click Next.
9. On the Ready to complete page, review the settings and click Finish.
1 0 . View the Recent Tasks pane and monitor the Clone Virtual Machine task to completion.
This task takes several minutes to complete.
You must wait until this task completes before continuing.
1 1 . In the left pane, verify that the VCHA-Witness virtual machine appears and is powered on.
1 2 . Wait at least one minute before going to the next task.
Waiting for at least one minute gives the wizard enough time to finish preparing the witness
node.

Task 6: F i nish Config u ring vCenter Server H ig h Ava ilabi lity

With the passive node and the witness node created, you finish configuring vCenter Server High
Availability on the high availability vCenter Server Appliance instance.
1 . In Internet Explorer, switch to the vSphere Web Client tab for vcha.vclass.local.
The Configure vCenter HA wizard is open.
2 . On the Clone VMs page, click Finish to complete the vCenter High Availability configuration.

Lab 14 Using vCenter Server High Availability 111


3 . While you wait for the configuration task to complete, view the Recent Tasks pane to monitor
the configuration task.
The configuration task takes several minutes to complete.
4. Verify that vCenter Server High Availability is successfully configured.
a. Verify that the center pane shows that vCenter HA is enabled.
b. In the upper-right corner of the center pane, click the vCenter HA Monitoring link.

c. Verify that the health is good for the active, passive, and witness nodes.
d. In the upper-right corner of the center pane, click the vCenter HA Settings link.

Task 7: (Optional) Redo the vCenter Server H ig h Availability


Confi g u ration If Fai l u re Occu rred

You remove the existing passive and witness nodes, and you revert the VCHA virtual machine to a
known good starting point.

I M P O RTA N T

Perform this task only if your vCenter Server High Availability configuration failed in task 6. If you
successfully configured vCenter Server High Availability in task 6, go to task 8.

1 . In Internet Explorer, switch to the vSphere Web Client tab for sa-vcsa-0 I .local.
2. Point to the Home icon and select Hosts and Clusters.
3. Power off the VCHA, VCHA-Passive, and VCHA-Witness virtual machines.
4. Revert to the last snapshot for VCHA.
a. Right-click VCHA and select Snapshots > Revert to Latest Snapshot.
b. Click Yes to confirm reverting to the latest (most recent) snapshot.
The latest snapshot has network adapter 2 already configured for you.
5. Delete the VCHA-Passive and VCHA-Witness virtual machines.
a. Right-click VCHA-Passive and select Delete from Disk.

b. Click Yes to confirm deletion.


c. Right-click VCHA-Witness and select Delete from Disk.
d. Click Yes to confirm deletion.
6. Perform tasks 2 through 6 again.

112 Lab 1 4 Using vCenter Server High Availability


Task 8: Manually I n itiate a vCenter Server Fai lover

You use vSphere Web Client to initiate a vCenter Server failover from the active vCenter Server
Appliance instance.
1 . In the upper-right corner in the center pane, click Initiate Failover.
2. In the Initiate vCenter HA Failover window, click Yes.
As the failover takes place, connectivity to the vCenter Server Appliance instance is lost for a
short time.
It might take 5 minutes before you see the Connection Error dialog box indicating a loss of
connectivity to the vCenter Server Appliance instance.
3. After connectivity to the vCenter Server instance is lost, close the vSphere Web Client tab to
vcha. vclass . local .
4. Open a new tab and select vSphere Web Clients > VCHA in the Favorites bar.
Failover takes several minutes to complete. It will still be in progress.
5. Periodically click the Refresh icon in the Web browser to refresh the tab.
You can expect to see Fai lover in P r ogre s s messages every time you refresh the browser
page for as long as 1 5 minutes before you see the VMware vCenter Single Sign-On screen.
Failover is complete when the VMware vCenter Single Sign-On screen appears.

Task 9: Verify That Yo ur vCenter Server Failover Occu rred

You use vSphere Web Client to examine the settings and events to verify that the active vCenter
Server instance is the peer vCenter Server instance.
1 . In the vSphere Web Client tab for vcha.vclass. local, log in to as administrator@vcha.local with
the standard lab password.
It might take up to 5 minutes after you log in before the vSphere Web Client screen appears.
2 . In the left pane, click vcha.vclass.local at the top of the inventory tree.
3. In the center pane, click the Configure tab and click vCenter HA on the left.
4 . In the center pane, select the Active node.
5. In the Active Settings pane, view the IP address of the active node.
The IP address belongs to the VCHA-Passive virtual machine.
6. Verify that the virtual machine is the passive node, VCHA-Passive.
7. In the center pane, click the Monitor tab and click Tasks & Events.

Lab 14 Using vCenter Server High Availability 113


8. Select Tasks on the left and examine the output for indications that a vCenter Server failover
was initiated.
9. Select Events and examine the output for indications that a vCenter Server failover occurred.
10. In the center pane, click the Monitor tab and click vCenter HA.
1 1 . Examine the health of the cluster.
1 2 . Close the vSphere Web Client tab to vcha.vclass .local.

Task 1 0: Prepare for the Next Lab

In preparation for the next lab, you power on the LAB-VCS-0 1 virtual machine.

1 . On the vSphere Web Client tab for sa-vcsa-01 .vclass.local, point to the Home icon and select
Hosts and Clusters.

2 . Power off the VCHA, VCHA-Passive, and VCHA-Witness virtual machines.


3. Power on the LAB-VCS-0 1 virtual machine.
LAB-VCS-0 1 takes a few minutes to start up completely.
The LAB-VCS-0 1 virtual machine is a Windows vCenter Server 5.5 system that you migrate to
a vCenter Server Appliance instance in the next lab.
4. Point to the Home icon and select Home.

114 Lab 1 4 Using vCenter Server High Availability


Lab 15 Migrating Windows vCenter
Server to vCenter Server Appliance

Objective: Migrate a Windows vCenter Server instance to


vCenter Server Appliance

In this lab, you perform the following tasks:

1 . Confirm That vCenter Server for Windows Is Running


2. Start the Migration Assistant on the Windows vCenter Server System
3 . Run the vCenter Server Appliance Installer and Perform Stage 1 of the Migration Process
4. Monitor Stage 1 of the Deployment Process
5. Perform Stage 2 of the Deployment Process
6. Confirm Successful Migration
7. Clean Up for Later Labs

Task 1 : Confirm That vCenter Server for Windows Is Running

You log in to the Windows vCenter Server 5.5 system, verify that vCenter Server is running, and
view its inventory.
1 . In the Internet Explorer window, go to the vSphere Web Client tab for sa-vcsa-01 .vclass.local.
2 . Point to the Home icon and select Hosts and Clusters.
3. In the left pane, verify that the LAB-VCS-0 1 virtual machine is powered on.
4. If the LAB-VCS-0 1 virtual machine is not powered on, power it on and wait a few minutes for
it boot up completely and for the vCenter services to start.

115
5 . Use vSphere Web Client to log in to the Windows vCenter Server system.
a. Open a new tab in Internet Explorer.
b. From the Favorites bar, select vSphere Web Clients > LAB-VCS -0 1 .

This shortcut goes to https ://lab-vcs-0 l .vclass.local:9443/vsphere-client.


c. If you receive a security exception for vSphere Web Client, click the Continue t o this
website link to display the login screen.

If you did not power on LAB-VCS-0 1 before the start of this lab, then it takes a few
minutes for the vSphere Client Web server to initialize. When the Web server finishes
initializing, the vSphere Web Client login screen appears.
d. In the login screen, enter admin i s trator@ vsphere . local in the User name text box.
e. In the Password text box, enter the standard lab password and click Login.

6. Verify that vCenter Server 5.5 for Windows is running.


a. From the Help menu in the upper-right corner, select About VMware vSphere.

The About VMware vSphere window appears.


b. View the vSphere Web Client line (the first line in the window) and verify that you are
running version 5 . 5 .0.
c. Click OK to close the About VMware vSphere window.
7. On the Home page, point to the Home icon and select Hosts and Clusters.
8 . In the left pane, verify that you have two objects: Training Datacenter and Lab Cluster.
9 . Close the vSphere Web Client tab to lab-vcs-0 1 . vclass.local.

Task 2: Start the M i g ration Assistant on the Wind ows vCenter Server
System

The Migration Assistant is an application that runs on the Windows vCenter Server 5.5 system. You
use the Migration Assistant to extract the configuration data from the Windows vCenter Server 5.5
system and send it to a vCenter Server Appliance 6.5 instance.
The Migration Assistant is in the m i g r a t i o n- a s s i s t ant folder.

116 Lab 1 5 Migrating Windows vCenter Server to vCenter Server Appliance


1 . Open a console to the LAB-VCS-0 1 virtual machine.
a. Click the Remote Desktop Connection Manager icon in the Windows desktop tool bar.

The Remote Desktop Connection Manager window appears.


b. In the left pane, double-click LAB-VCS-01 (vclass.local).

c. If you do not connect to LAB-VCS-0 1 , then right-click LAB-VCS-01 (vclass.local) and


select Connect server.
The desktop for LAB-VCS-0 1 appears in the center pane.
2. Open the M i g r a t i o n - a s s i s t ant folder on the LAB-VCS-0 1 desktop.
3. Double-click VMware-Migration-Assistant to start the Migration Assistant.
The Migration Assistant console window appears.
4. If you see a security warning, click Run.
5. For the Administrator@vsphere. local password, enter the standard lab password.
Extracting the Migration Assistant scripts and running the prechecks takes a couple of minutes.
Information about the existing deployment appears on the screen. The migration steps are also
detailed there.
6. Wait until the Wait ing f o r m i g r a t i o n to start message appears.
The Migration Assistant pauses at this screen while the migration is in progress.

I M P O RTA N T

Do not close the console until the migration is complete.

7. Minimize the Remote Desktop Connection Manager window.


You return to this window later.

Lab 1 5 Migrating Windows vCenter Server to vCenter Server Appliance 117


Task 3: Run the vCenter Server Appliance I nstaller and Perform Stage
1 of the M i g ration P rocess

You use the vCenter Server Appliance installer to perform stage 1 of the migration process.
1 . Mount the vCenter Server Appliance installer ISO file.
a. On the Student-a-O l desktop, double-click Class Materials and Licenses.

b. Double-click Downloads.
c. Double-click VMware-VCSA-all-6.5.0.iso.
This file contains the vCenter Server Appliance installer ISO image.
The installer ISO file is mounted as the E: drive.
2. Run the vCenter Server Appliance installer program.
a. Navigate to v c s a - u i - i n s t a l l e r \ w i n 3 2 .
The i n s t a l l e r . exe file is in this folder.
b. Double-click installer.exe to start the migration process.
c. If you see a security warning, click Run.
The vCenter Server Appliance 6.5 Installer window appears.
3. Select the Migrate option.
The Migrate - Stage 1 : Deploy appliance wizard appears.
4. On the Introduction page, read the information about what occurs during the migration process
and click Next.
5 . On the End user license agreement page, accept the license agreement and click Next.
6 . On the Connect to source server page, specify the Windows vCenter Server instance.
a. In the Source Windows server text box, enter lab-vc s - 0 1 . vclass . local.
b. In the SSO password text box, enter the standard lab password and click Next.
c. In the Verify Thumbprint window, click Yes to accept the certificate.

118 Lab 1 5 Migrating Windows vCenter Server to vCenter Server Appliance


7. On the Appliance deployment target page, specify the ESXi host on which to deploy the
vCenter Server Appliance instance.
a. In the ESXi host or vCenter Server name text box, enter sa-esxi - 0 1 . vclass . local.
In this lab, you deploy to an ESXi host. However, you can deploy to a vCenter Server
system as well.
b. In the User name text box, enter root.
c. In the Password text box, enter the standard lab password and click Next.
d. In the Certificate Warning window, click Yes to accept the certificate .
8 . On the Set up target appliance VM page, configure the appliance name and the root password.
a. In the VM name text box, enter VCSA- 0 2 . vclass . local .
b. In the Root password and Confirm root password text boxes, enter the standard lab
password and click Next.
9. On the Select deployment size page, keep the default (Tiny) and click Next.
1 0 . On the Select datastore page, specify the datastore information.
a. Select the SA-ESXi-01 -Local datastore .
b. Select the Enable T hin Disk Mode check box and click Next.
1 1 . On the Configure network settings page, configure the vCenter Server Appliance network settings.

Option Action

Network Select pg-SA Management.


This port group uses ephemeral port binding,
which is a requirement for the migration.

IP version Select IPv4.

IP assignment Select static.

Temporary IP address Enr 1 7 2 . 2 0 . 1 0 . 7 0 .

Subnet mask or prefix length Enter 2 4 .

Default gateway Enter 1 7 2 . 2 o . 1 o . 1 o .

DNS servers Enter 1 7 2 . 2 o . 1 o . 1 o .

1 2 . Click Next.

Lab 1 5 Migrating Windows vCenter Server to vCenter Server Appliance 119


1 3 . On the Ready to complete stage 1 page, review your settings and click Finish.
Stage 1 takes several minutes to complete.
14. Go to the next task to monitor the progress of stage 1 .

Task 4 : Mon itor Stage 1 of the Dep loyment P rocess

You monitor the progress of stage 1 of the deployment process.


1 . Use VMware Host Client to log in to SA-ESXi-0 1 .
a. In the Internet Explorer window, open a new tab.
b. In the Favorites toolbar, select Host Clients> SA-ESXi-01.

c. If you receive a security exception for VMware Host Client, click the Continue to this
website link.

The ESXi login page appears.


d. On the login page, enter root in the User name text box.
e. Enter the standard lab password in the Password text box.
f. Click Log in.
g. In the informational message window, deselect the Join CEIP check box and click OK.
The VMware Host Client page appears.
2 . Open a console window to monitor the deployment of vCenter Server Appliance.
a. In the left pane, click Virtual Machines.
b. Wait until VCSA-02.vclass.local is powered on.
c. In the center pane, right-click VCSA-02.vclass.local and select Console> Open console
in new window.

3 . Monitor the progress of the stage 1 deployment process.


a. Position the VCSA-02 console window and the vCenter Server Appliance Installer
progress bar window so that both windows are visible on your monitor.
Or you can alternate between viewing the two windows.
b. Notice changes that occur on the console screen.
For example, if the progress bar is at about 80 percent, the VCSA-02 console window
changes to a virtual appliance screen.
c. In the vCenter Server Appliance Installer progress bar window, wait for stage 1 to be 100
percent complete.
d. When stage 1 is complete, click Continue.

The Stage 2 : vCenter Server Appliance with an Embedded PSC wizard appears.

1 20 Lab 1 5 Migrating Windows vCenter Server to vCenter Server Appliance


4. Monitor messages in the Migration Assistant on the Windows vCenter Server system.
a. Switch back to the Migration Assistant in the Remote Desktop Connection Manager window.
b. Confirm that the Suc c e s s f u l l y re turned cac hed p r e c h e c k s r e s u lt message
appears in the Migration Assistant output.
c. Return to the vCenter Server Appliance Installer window.

Task 5: Perform Stage 2 of the Dep loyment Process

You perform stage 2 of the migration process.


1 . On the Introduction page of the vCenter Server Appliance Installer window, read the
information and click Next.
2 . On the Join AD Domain page, configure the Active Directory domain settings.

Option Action

AD domain Verify that the domain is vclass.local.

AD User name Enter administrator.

AD Password Enter the standard lab password.

3. Click Next.

4. On the Select migration data page, select Configuration, events, tasks, and performance
metrics and click Next.

5. On the Configure CEIP page, deselect the Join the VMware's Customer Experience
Improvement Program (CEIP) check box and click Next.

6. On the Ready to complete page, select the I have backed u p the source vCenter Server and
all the required data from the database check box.

7. Click Finish.
The Shutdown Warning window warns that vCenter Server will shut down when the network
configuration is enabled on the destination vCenter Server Appliance.

Lab 1 5 Migrating Windows vCenter Server to vCenter Server Appliance 121


8 . Click OK.

The rest of the migration takes about 30 minutes to complete:



Data transfer - Export data: Data will be copied from the source vCenter Server instance to
the target vCenter Server instance.

Shutdown source machine: After the data is copied, the source vCenter Server instance will
be shut down.

Copy data from source vCenter Server to target vCenter Server: The Active Directory
configuration will be applied.

Set up target vCenter Server and start services: The vCenter Server service will be configured.

Import data: Some vCenter services will be stopped, and the data copied from the source
vCenter Server instance will be imported to the target vCenter Server instance.

Migration complete : After the data is transferred, the migration of the Windows vCenter
Server instance to the vCenter Server Appliance instance is complete.
When stage 2 is complete, the Complete screen appears.

Complete

1 Copy data from source vCenter Server to target vCenter Server


$
2. Set up target vCenter Server and start services
$
3. Import copied data to target vCenter Server
$
00'11>

Comp lete

Data uansfer and appliance setup has been completed successrully Click on one ofthe links below, to manage the
appliance Press dose to exit

vSphere Web Client httpsl/SA-VCS-01 vclass local 443/Vsphere-cllenU

Appliance Getting Started Page httpsl/SA-VCS-01 .vclass.local 443

Close

9. Click Close to exit the vCenter Server Appliance Installer.

1 22 Lab 1 5 Migrating Windows vCenter Server to vCenter Server Appliance


Task 6: Confi rm S uccessful M i g ration

You confirm that the Windows vCenter Server system was migrated to vCenter Server Appliance.
1 . Use vSphere Web Client to log in to the newly migrated vCenter Server instance.
a. Open a new Internet Explorer tab.
b. From the Favorites bar, select vSphere Web Clients > LAB-VCS -0 1 .

c . I f you receive a security exception for vSphere Web Client, click the Continue to this
website link to display the login screen.

d. Log in with the vCenter Server Appliance user name and the standard lab password.
2. Point to the Home icon and select Host and Clusters.

3 . In the left pane, select LAB-VCS-01 .vclass.local.


4 . In the center pane, click the Summary tab.
5 . In the Version Information panel, verify that the version is 6.5.
6. In the left pane, verify that you have two objects in the inventory tree: Training Datacenter and
Lab Cluster.
7. Point to the Home icon and select Administration.
8. In the left pane, select System Configuration.
9. Select Nodes.
1 0 . Select LAB-VCS-01 .vclass.local and review the information about the vCenter Server
Appl iance instance.
1 1 . Log out of vSphere Web Client and close the tab.

Task 7: C lean U p for Later Labs

You delete the new vCenter Server Appliance instance to free up resources in the lab.
1 . Click the vSphere Web Client tab for sa-vcsa-01 .vclass.Iocal.
2. Point to the Home icon and select Hosts and Clusters.
3. In the left pane, select VCSA-02.vclass.local.
4. Shut down VCSA-02.vclass.local.
5 . Right-click VCSA-02.vclass.local and select Delete from Disk.
6. Point to the Home icon and select Home.

Lab 1 5 Migrating Windows vCenter Server to vCenter Server Appliance 1 23


1 24 Lab 1 5 Migrating Windows vCenter Server to vCenter Server Appliance
Lab 1 6 Config uring Lockdown Mode

Objective: Configure and test lockdown mode

In this lab, you perform the following tasks:

1. Start the vSphere ESXi Shell and SSH Services


2 . Test the SSH Connection
3 . Enable and Test Lockdown Mode
4. Disable Lockdown Mode
5 . Examine the DCUI.Access List

Task 1 : Sta rt the vSphere ESXi Shell and SSH Services

You use vSphere Web Client to start VMware vSphere ESXi Shell and SSH services on your
host.
1 . In the Internet Explorer window, click the vSphere Web Client tab to sa-vcsa-0 1 .vclass. local.
2. Point to the Home icon and select Hosts and Clusters.
3. In the left pane, select sa-esxi-0 1.vclass.local.
4 . In the center pane, click the Configure tab.
5. On the left under System, click Security Profile.
6. In the center pane, scroll down to the Services panel.
To make navigation easier, you can minimize the Firewall Incoming Connections list and the
Firewall Outgoing Connections list.
7. Click Edit next to Services.

1 25
8 . Verify that the vSphere ESXi Shell service is running.
a. In the Edit Security Profile window, select ESXi Shell

b. In the Service Details pane, confirm that the correct settings are configured.

Startup policy is set to Start and stop with host.

Status is Running.
c. If the correct settings are not configured, change the startup policy to Start and stop with
host and click Start.

By default, this service is not configured to start with the host. This setting was enabled as
part of the lab kit configuration.
9. Verify that the SSH service is running.
a. In the Edit Security Profile window, select SSH.
b. In the Service Details pane, confirm that the correct settings are configured.

Startup policy is set to Start and stop with host.

Status is Running.
c. If the correct settings are not configured, change the startup policy to Start and stop with
host and click Start.

By default, this service is not configured to start with the host. This setting was enabled as
part of the lab kit configuration.
d. Click OK.

Task 2: Test the SSH Con nection

You use MTPuTTY to connect to the ESXi host and confirm that SSH is working.
1 . Click MTPuT T Y in the Windows desktop taskbar.
The MTPuTTY utility window appears.
2 . In the left pane, double-click SA-ESXi-0 1.
A new SA-ESXi-0 1 tab opens in the center pane.
MTPuTTY is configured to automatically log in to the ESXi host as user root.
3. If the login is successful, enter exit.

1 26 Lab 1 6 Configuring Lockdown Mode


Task 3: Enable and Test Lockdown Mode

You use vSphere Web Client to enable lockdown mode for your assigned ESXi host.
1 . In the Internet Explorer window, click the vSphere Web Client tab.
2. In the left pane, select sa-esxi-01.vclass.local.
3 . In the center pane, click the Configure tab.
4 . On the left, click Security Profile and scroll down until the Lockdown Mode panel is visible.
5. Enable normal lockdown mode.
a. Click Edit next to Lockdown Mode.
The Lockdown Mode wizard appears.
b. On the Lockdown Mode page, click Normal.
C. Click Exception Users on the left.
Users are not listed.
d. Click OK.
6. Verify that normal lockdown mode works properly.
The user root must be denied access in an SSH session. In general, all users, including user root,
will be denied access in an SSH session.
a. Go to the MT PuT T Y window.
b. In the left pane, double-click SA-ESXi-0 1.
MTPuTTY automatically tries to log in as root.
c. Verify that user root is not logged in and that the Acce s s Denied message appears.
d. Close the MTPuTTY window.

Task 4 : D isable Lockdown Mode

You use vSphere Web Cl ient to disable lockdown mode.


1 . In the Internet Explorer window, click the vSphere Web Client tab.
2 . Click Edit next to Lockdown Mode.
3. On the Lockdown Mode page, click Disabled.
4. Click OK.

Lab 1 6 Configuring Lockdown Mode 1 27


Task 5: Exami ne the D C U l .Access List

The DCUI.Access list is a list of local users on an ESXi host. These users have rights to disable
lockdown mode when a catastrophic failure occurs and administrators need direct host access again.
These users do not need the administrator role on the ESXi host.
1 . In the center pane on the left, click Advanced System Settings under System.
2. In the Advanced System Settings pane, scroll down to the DCUI.Access entry.
You can also use the Filter box and search for "DCUI ."
3. Examine the value of the DCUI.Access setting.
The root user is added to the DCUI.Access list by default. Thus, the root user can disable
lockdown mode but cannot bypass lockdown mode.
4. Point to the Home icon and select Home.

1 28 Lab 1 6 Configuring Lockdown Mode


Lab 1 7 Working with Certificates

Objective: Generate and replace a vCenter Server


certificate

In this lab, you perform the following tasks:

1 . Examine vSphere Certificates


2. Create a Windows 20 12 Certificate Authority Template for vSphere
3. Create a Certificate Signing Request
4. Download the CSR to the Student Desktop
5 . Request a Signed Custom Certificate
6. Replace a Machine Certificate with the New Custom Certificate

Task 1 : Examine vSphere Certifi cates

You examine the default certificates issued by VMware Certificate Authority in a nonproduction
vCenter Server system.
1 . In the Internet Explorer window, go to the vSphere Web Client tab for sa-vcsa-0 l .vclass.local.
2 . Point to the Home icon and select Administration.
3. In the left pane, click System Configuration.
4. In the left pane, click Nodes and click sa-vcsa-0 1.vclass.local.
5. In the center pane, click the Manage tab and click Certificate Authority.
6. In the Certificate Authority panel, click the Verify password link.

1 29
7. In the Password text box, enter the standard lab password and click OK.

Q1 . How many active certificates are in the certificate store for this node?

Q2. How long are the certificates valid for?

Q3. On what date do the certificates expire?

8. Select the first C=US,CN=sa-vcsa-0 1.vclass.local certificate in the list.


9. Record the expiration date of the certificate. _____

1 0 . Click the Show Details for certificate icon.

S u bj e ct

C = U S , CN=sa-vcsa-01 .vc l a s s . l o c a l

C = U S , CN=sa-vcsa-01 .vc l a s s . l o c a l

Q4. Who issued the certificate?

1 1 . Click OK
1 2 . Widen the Subject column in the center pane until you can see the CN= part of the subject
name for each certificate.
1 3 . Select the first certificate in the list that has a Subject field that begins with OU=.
1 4 . Click the Show Details for certificate icon.

Q5. Based on the Common name field under S u bject, what is the type of this
certificate?

1 5 . Click OK.

1 30 Lab 1 7 Working with Certificates


1 6 . Use the Show Details for certificate icon to examine the other certificates with Subject fields
that begin with OU=.
These certificates are called vSphere solution user certificates.

Q6. How many solution user certificates do you see?

Q7. What are the names of the solution users that have certificates (from the
Subject field)?

1 7 . In the center pane, click Root Certificates.


1 8 . Select the root certificate in the list.
The certificate begins with OU=VMware Engineering.
1 9 . Click the Show Details for certificate icon.

Q8. What is the organ ization in the Issuer section of this certificate?

20. Click OK.

Task 2: Create a Windows 201 2 Certificate Autho rity Tem p late for
vSphere

You create a vSphere 6.5 certificate template on a Windows 20 1 2 Server domain controller that you
can use to create certificates that work with vSphere 6.5. The certificate template can be used to
create machine SSL or solution user certificates in VMware CA.
1 . Open a console to dc.vclass.local.
a. Click the Remote Desktop Connection Manager icon in the Windows desktop toolbar.
The Remote Desktop Connection Manager window appears.
b. In the left pane, double-click DC (vclass.local).
The desktop for dc.vclass.local appears in the center pane.
You are automatically logged in as a domain administrator.

Lab 1 7 Wo rking with Certificates 131


2. Open the certification authority console.
a. Click the Windows Start button on the dc.vclass.local desktop.
b. On the Apps page, click the up arrow icon.
c. Click Administrative Tools.

d. In the Administrative Tools window, double-click Certification Authority.

The Certification Authority window appears.


3. Open the certificate templates console.
a. Expand vclass-DC-CA.

b. Right-click Certificate Templates and select Manage.


4. Configure a new certificate template.
a. Right-click the existing Web Server template and select Duplicate Template.

The Properties of New Template dialog box appears.


b. Click the General tab and enter vSphere 65 in the Template display name text box.
c. Click the Extensions tab.
d. Select Key Usage and click Edit.
e. In the Edit Key Usage Extension dialog box, select the Signature is proof of origin
(nonrepudiation) check box and the Allow encryption of user data check box.

f. Click OK.
g. Select Application Policies and click Edit.
h. In the Edit Application Policies Extension dialog box, click Add and select Client
Authentication.

1. Click OK and click OK again.

J. Click the Request Handling tab and select the Allow private key to be exported check box.
k. Click O K to save the new certificate template.
I. Close the Certificate Templates Console window.

1 32 Lab 1 7 Working with Certificates


5. Enable the new certificate template.
a. In the Certification Authority console window, right-click Certificate Templates and
select New> Certificate Template to Issue.
The Enable Certificate Templates window appears.
b. Select vSphere65 and click OK.
c . Close all open windows.
d. In the left pane of the Remote Desktop Connection Manager, right-click DC (vclass.local)
and select Disconnect server.
6. Close the Remote Desktop Connection Manager window.

Task 3: Create a Certifi cate S i g n i n g Req uest

You use vSphere Certificate Manager to create a certificate signing request (CSR) that you use to
request a signed custom certificate from the domain controller certificate authority (CA) for the lab.
1. Start an S SH session with SA-VCSA-0 1 .
a. Click MTPuT T Y in the Windows desktop toolbar.
The MTPuTTY utility window appears.
b. In the left pane, double-click SA-VCSA-0 1.
A new SA-VCSA-01 tab opens in the center pane.
c. Enter shell to start a Bash shell.
2. Create a certificate signing request.
a. Enter /usr/lib/vmware-vmca/bin/certificate-manager and press Enter.
The vSphere Certificate Manager program starts.
b. Enter 1 to select the Replace Machine SSL certificate with Custom Certificate option.
c. Press Enter to accept the default user name of Adminstrator@vsphere.Iocal.
d. Enter the standard lab password.
e . Enter 1 to select the Generate Certificate Signing Request option.
f. For the output directory path, enter /var/ tmp .
The /var / tmp directory on Linux and UNIX systems is a temporary directory. The
contents of the /var /tmp directory are not deleted during a reboot.

Lab 17 Wo rking with Certificates 133


3. Configure the certificate properties.
a. For Country, press Enter to accept the default.
b. For Name, enter VMware.
C. For Organization, enter VMeduc.
d. For OrgUnit, enter vcl ass.
e. For State, press Enter.
f. For Locality, press Enter.
g. For IPAddress, press Enter.
h. For Email, enter certadmin@vclass . local .
I. For Hostname, enter sa-vcsa-01 . vc lass . local.
4. Enter 2 to exit vSphere Certificate Manager.

Task 4 : Down load the CSR to the Student Desktop

You download the CSR from the vCenter Server system to your student desktop.
1 . Enter chsh - s /bin/bash to temporarily change the login shell of the root account to /bin/
bash.

This step is necessary for WinSCP to connect to the vCenter Server system so that you can
download the CSR to your student desktop.
2. Start the WinSCP application.
a. On the student desktop taskbar, click the WinSCP icon.

b. In the left pane, double-click SA-VCSA-0 1.


c. In the Warning dialog box, click Update to accept and remember the Certificate Lab vCenter
Server public key for SSH.
d. Click Continue to close the Authentication Banner dialog box.
In the WinSCP window, you should see the c : \Mat e r i a l s \ Downloads folder on your
student desktop in the left pane and the I root directory on the vCenter Server Appliance
instance in the right pane.
3. Use the folder controls to navigate to the /va r / tmp directory in the right pane.

1 34 Lab 1 7 Working with Certifi cates


4. If the left pane is not c : \Mat e r i a l s \ D ownloads, then use the folder controls to navigate to
the C : \Ma t e r i a l s \ D ownloads folder .
5 . Drag the vmca_ i s sued_c s r . c s r and vmca _ i s s ued_k e y . k e y files from the /var /tmp
directory in the right pane to the c : \Mater i a l s \ Downloads folder in the left pane.
This action copies the files from the vCenter Server system to the Downloads folder on your
student desktop.
6. Leave the WinSCP window open.

Task 5: Req uest a Signed C ustom Certifi cate

You request a signed custom certificate from the domain controller CA for the lab.
1 . Copy the contents of the vmca_ i s s ued_c s r . c s r file to the clipboard.
a. On your student desktop, open Windows Explorer and navigate to the
C : \Ma t e r i a l s \ Downloads folder.

b. Right-click the vmca_issued_csr.csr file and select Open with.

c . Open vmca_ i s s ued_cs r . c s r in WordPad.


d. Click Select all in the WordPad toolbar.
e . Press Ctrl+C to copy the selected text to the clipboard.
2. Go to the certificate services program on the domain controller and request a certificate.
a. On your student desktop, open a new Internet Explorer tab and go to
http://dc. vclass. local/certsrv.
b. Log in with user name administrator and the standard lab password.
c. On the Microsoft Active Directory Certificate Services page, click the Request a
certificate link.

d. Click the advanced certificate request link.


e. Click Submit a certificate request b y using a base-64 -encoded CMC o r PKCS # 1 0 file,
or submit a renewal request by using a base-64-encoded PKCS #7 file.

f. Under Saved Request, press Ctrl+V to paste the CSR text into the Base-64-encoded
certificate request text box.

g. From the Certificate Template drop-down menu, select vSphere65.


h. Click Submit.

1. Click Base 64 encoded.

J. Click the Download certificate link.

Lab 17 Wo rking with Certificates 135


k. Click Save As in the Internet Explorer dialog box and navigate to the
c : \Ma t e r i a l s \ Downloads folder on your student desktop to save the certificate.

I. Save the file as ma chine s s l . c e r.

IHHi
The filename is case-sensitive and must exactly match the correct filename in order for the
script to use it.

3. Download the certificate chain.


a. In the Internet Explorer window, click the Download certificate chain link.
Base 64 encoded should still be clicked.
b. Click Save as in the Internet Explorer dialog box and navigate to the
c : \M a t e r i a l s \ Downloads folder on your student desktop to save the certificate.

c . Save the file as cachain . p 7 b .

IHHi
The filename is case-sensitive and must exactly match the correct filename in order for the
script to use it.

d. Close the Microsoft Active Directory Certificate Services page.


e. If WordPad is open, close it.
4. Export the root certificate.
a. Switch to the Windows Explorer window and navigate to the c : \Ma t e r i a l s \ Downloads

directory.
b. Right-click the cachain.p7b file and select Open.
The Certificate Manager Console opens.
c. In the left pane, expand the inventory tree until you see the Certificates folder.
d. Select the Certificates folder.
You should see two certificates: the root certificate for your domain controller and the
custom certificate for your vCenter Server Appliance instance.
The custom certificate appears as VMware. vSphere65 appears under the Certificate
Template column at the far right.
e. To export the root certificate, right-click the root certificate vclass-DC-CA and select All
Tasks > Export.

The Certificate Export wizard appears.

1 36 Lab 1 7 Working with Certifi cates


f. Click Next.
g. On the Export File Format page, click Base-64 encoded X.509 (.CER) and click Next.
h. On the File to Export page, click Browse.

1. Navigate to the c : \ Ma t e r i a l s \ D ownloads folder.

J. Enter roo t-64 . cer in the File name text box.

IHHi
The filename is case-sensitive and must exactly match the correct filename in order for the
script to use it.

k. Click Save.
1. On the File to Export page, click Next.
m. Click Finish.
n. Click OK.

o. Close the Certificate Manager Console.

Task 6: Replace a Machine Certifi cate with the New C ustom Certificate

You replace the machine SSL certificate for vCenter Server with the new custom certificate so that
VMware CA acts as a subordinate CA to the domain controller CA.
1 . Copy the certificate files from the student desktop to the vCenter Server system.
a. Switch to the WinSCP window.
b. In the WinSCP window, drag the machine_ssl.cer and root-64.cer files from the
C:\Materials\Downloads folder to the /var/tmp folder in the right pane.

This action copies the certificate files from the student desktop to the vCenter Server
system.
2 . In the MTPuTTY session, change the login shell of the root account back to the vCenter Server
Appliance shell.
a. Switch to the MTPuTTY window.
b. If the SSH session to SA-VCSA-0 1 is not open, reconnect to SA-VCSA-0 1 .
c. If you see the message t imed out wait ing for input : aut o - l o gout, enter she l l .
d. Enter chsh -s /bin/appliancesh to change the login shell of the root account back to
the vCenter Server Appliance shell.
This step returns the vCenter Server system to its more secure posture.

Lab 1 7 Wo rking with Certificates 1 37


3. Replace the machine SSL certificate with the custom certificate.
a. Enter cd /var/tmp to change to the /var / tmp directory.
If you run vSphere Certificate Manager from the /var / tmp directory, you do not have to
enter the full path for each of the certificate and key files that you import.
b. Enter /usr/ lib/vmware-vmca/bin/certificate-manager to start vSphere
Certificate Manager.
c . Enter 1 to select the Replace Machine SSL certificate with Custom Certificate option.
d. Press Enter to use the default user name of Administrator@vsphere .local.
e . When prompted, enter the standard lab password.
f. Enter 2 to select the Import custom certificate(s) and key(s) option.
g. Import the custom certificate.

Option Action

Please provide valid custom certificate for Enter machine s s l . cer.


Machine SSL

Please provide valid custom key for Machine SSL Enter vmca_is sued_key . key.

Please provide the signing certificate of the Enter root-64 . cer.


Machine SSL certificate

You are going to replace Machine SSL cert using Enter y.


custom cert. Continue operation: Option[Y/N] ?:

You must wait for the process to complete. This process takes several minutes while the
services are restarted.
During this operation, notice the number of services that are updated.
h. Wait until the 1 0 0 % Comp l e t e [ A l l ta s k s comp l e ted succe s s f u l l y ] message
appears.
l. After the operation is 1 00 percent complete, press Ctrl+D.

1 38 Lab 1 7 Working with Certifi cates


4. Close and reopen Internet Explorer, and log back in to vSphere Web Client.
a. Close the Internet Explorer window.
b. Start Internet Explorer.
c. From the Favorites bar, select vSphere Web Clients> SA-VCSA-01.

The vSphere Web Cl ient login screen appears.


d. Log in to vSphere Web Client as administrator@vsphere.local with the standard lab
password.

Q1. What color i s the background o f the Internet Explorer location bar?

5. In Internet Explorer, click the Security report icon (padlock) to the right of the Location text
box.
6. View information about the machine certificate.
a. Click the View certificates link.
The Certificate dialog box appears.
In this dialog box, you can view the machine certificate that was used to authenticate the
vCenter Server system.
b. Click the Details tab.
c. Scroll down and click Subject Alternative Name.

Q2. To which machine was the certificate issued?

d. Scroll up and click Issuer.

Q3 . Who issued the certificate?

e. Click Valid from.

Q4. On what day did the certificate become valid?

f. Click the Certification Path tab.

Lab 17 Wo rking with Certificates 139


Q5. What is the certificate signing chain?

QS. Why does Internet Explorer on your student desktop trust the vCenter Server
certificate?

g. Click OK to close the Certificate dialog box.


7. In vSphere Web Client, point to the Home icon and select Home.
8 . Leave vSphere Web Client open.
9. Close all other applications.
a. Close the WordPad application.
b. Close the WinSCP application.
c. Close the MTPuTTY application.
d. Close the Windows Explorer window.

1 40 Lab 1 7 Working with Certifi cates


Lab 18 Virtual Machine Encryption

Objective: Register a KMS with vCenter Server and


encrypt a virtual machine

In this lab, you perform the following tasks:

1 . Verify Access to the Key Management Server


2 . Register the KMS with vCenter Server
3. Create an Encryption Storage Policy
4. Encrypt a Virtual Machine
5. Check vCenter Server Events
6. Use Encrypted vSphere vMotion to Migrate Virtual Machines

Task 1 : Verify Access to the Key Management Server

You verify that you can access the key management server (KMS).
The KMS used in this lab is a simple Python-based key server that keeps keys while the KMS is running.
1 . Use MTPuTTY to log in to vCenter Server Appliance.
a. On the taskbar, click the MT PuT T Y icon.
b. In the left pane, double-click SA-VCSA-0 1.
You are logged in to vCenter Server Appliance as user root.

141
2. Ping sa-keyserver-0 1 , the key management server.
a. At the command prompt, enter shell.
b. At the shell command prompt, ping the key management server.
p i ng sa- k e y s e rve r - 0 1

c. Verify that the ping is successful.


d. Press Ctrl+C to end the p i n g command.
3. Exit the MTPuTTY session and close the MTPuTTY window.

Task 2: Register the KMS with vCenter Server

You register the KMS with vCenter Server, and you mark the KMS cluster as the default.
1 . Point to the Home icon and select Hosts and Clusters.
2 . At the top of the left pane, select sa-vcsa-01.vclass.local.
3 . In the center pane, click the Configure tab and click Key Management Servers on the left.
4. Click Add KMS .

.J sa-vcsa-01.vclass.local 1mJ. eJ <!l' @ Acti o n s "'


Getting SL S u m m a ry M o n itor Configu re P e rm i s s i o . . . Data c e nters Hosts & (

Key Management Servers

.... Settings

General
+ Add KMS ... I All Act i o n s .... -

5. In the Add KMS dialog box, enter SA KMS -Clu s ter in the Cluster name text box.
6. In the Server alias text box, enter KMS l .
7. In the Server address text box, enter 1 7 2 . 20 . 1 0 . 2 0 1 .

1 72.20. 1 0.20 1 is the IP address o f the KMS .


8 . In the Server port text box, enter 5 6 9 6 .
9. Leave the rest of the text boxes blank and click OK.
1 0 . When prompted to set the default KMS cluster, click Yes.
1 1 . When the trust certificate window appears, click Trust.
1 2 . Verify that the KMS appears in the list and that the KMS cluster that you created is marked as
the default cluster.

1 42 Lab 1 8 Vi rtual Machine Encryption


Task 3: Create an Encryption Storage Pol icy

You create a virtual machine storage policy that includes only the encryption common rule.
Although a prebuilt policy called VM Encryption Policy is available, you should understand how
the policy is created.
1 . Point to the Home icon and select Policies and Profiles.

2 . In the Navigator pane, select VM Storage Policies.


3 . In the center pane, click the Create VM Storage Policy icon.

VM Storage Policies

Sto ra g e Pc

The Create New VM Storage Policy wizard appears.


4. On the Name and description page, enter SA Encryption Policy in the Name text box and
click Next.
5. On the Policy structure page, click Next.
6. On the Common rules page, select the Use common rules i n the VM storage policy check
box.
7. Click Add component and select Encryption > Custom.
The custom properties show that the provider is VMware VM Encryption and that I/O filters are
not allowed before encryption.
8. Click Next.
9. On the Rule-set 1 page, deselect the Use rule-sets in the storage policy check box and click
Next.

1 0 . On the Storage compatibility page, review the compatible storage.


All storage is compatible with the encryption filter because the filter is applied as a common
rule, so the filter is storage agnostic.
1 1 . Click Next.
1 2 . On the Ready to complete page, click Finish.

1 3 . Verify that your encryption policy appears in the storage policies list.

Lab 1 8 Virtual Machine Encryption 143


Task 4 : Encry pt a Vi rtual Mac h i ne

You encrypt a virtual machine.


1 . Point to the Home icon and select Hosts and Clusters.
2. In the left pane, right-click VMOl and select V M Policies> Edit VM Storage Policies.

3. In the Edit VM Storage Policies dialog box, select S A Encryption Policy from the V M storage
policy drop-down menu.

4. Click Apply to all and click OK.


5. In the Recent Tasks pane, monitor the task to completion.
6. Verify that the virtual machine is encrypted.
a. In the left pane, select VMO l.
b. In the center pane, click the Summary tab.

c. Expand the VM Hardware panel.


The panel states that the virtual machine configuration files and the hard disk are encrypted.

Task 5: C heck vCenter Server Events

You view vCenter Server cryptographic events.


1 . At the top of the left pane, select sa-vcsa-0 1. vclass.local.
2. In the center pane, click the Monitor tab.
3 . Click Tasks & Events and click Events on the left.
4. In the filter box, enter crypto and press Enter.
5. Select the cryptographic operation that was performed when the virtual machine was encrypted.
The cryptographic operation is recorded along with the user that initiated the task.

1 44 Lab 1 8 Vi rtual Machine Encryption


Task 6: Use Encrypted vSphere vMotion to M i g rate Virtual Machi nes

You use encrypted vSphere vMotion to migrate VMO l (the encrypted virtual machine) and VM02
(an unencrypted virtual machine) to a different host.
1 . View the vSphere vMotion encryption state on VMO l .
a. In the left pane, right-click VMO l and select Edit Settings.
b. Click the VM Options tab.
c. Expand the Encryption panel.
Because VMO 1 is encrypted, the Encrypted vMotion state is always Required and cannot
be changed.
d. Click Cancel.

2 . View the vSphere vMotion encryption state on VM02.


a. In the left pane, right-click VM02 and select Edit Settings.

b. Click the VM Options tab.


c . Expand the Encryption panel.
Because VM02 is not encrypted, the default state is Opportunistic.
d. Keep the default and click Cancel.
3 . Power on VMO 1 and VM02.
4. Migrate VMO l and VM02 to sa-esxi-03.vclass.local.
a. Right-click VMOl and select Migrate.
b. On the Select the migration type page, leave Change compute resource only clicked and
click Next.
c. On the Select a compute resource page, click sa-esxi-03.vclass.local and click Next.
d. On the Select networks page, select pg-SA Management and click Next.
e . On the Select vMotion priority page, click Next.
f. On the Ready to complete page, click Finish.
g. Click the Summary tab ofVMO l and verify that VMO l is now on sa-esxi-03 .vclass .local.
h. Repeat steps a through g to migrate VM02.

Lab 1 8 Virtual Machine Encryption 145


5. View the hot migration events that occurred.
a. At the top of the left pane, select sa-vcsa-01.vclass.local.
b. In the center pane, click the Monitor tab.

c. Click Tasks & Events and click Events on the left.


d. In the filter box, enter encryption.
You should see two events that begin with "Hot migrating VM02" and "Hot migrating
VMO l . "
e . Select each of these events and view the description.
The description mentions that a hot migration was performed with encryption.

1 46 Lab 1 8 Vi rtual Machine Encryption


A nswer Key

Lab 5: Worki ng with Virtua l Vol u mes


Task 1 : Register the Storage Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
1. http://1 72.20 . 1 0.97:8443/vasa/version.xml. 3. xVP SCSI Array and xVP NFS Array.
2. Version 3.0.

Task 3: Create an iSCSl- Backed Virtual Volume Datastore . . . . . . . . . . . . . . . . . . . . . . . . 33


1. The datastore i s inactive because the storage
provider must also be configured as a target of
the software iSCSI adapter.

Lab 7: Host Profi les

Task 6: Run a Complia nce Check and Remediate the Configuration Drift . . . . . . . . . . . . . 48
1. The Virtual Network Setting category appears. 2. Yes. The uplink i s not con nected t o the
If the category was previously reported , a new expected physical N I C on dvs-Lab.
issue is added relating to the uplink 3. Yes.
reconfiguration.

Lab 8: Using vSphere Auto Deploy

Task 8: Start the TFTP Service on vCenter Server Appliance . . . . . . . . . . . . . . . . . . . . . . 60


1. ATFTP D_D IRECTORY = "/var/lib/tftpboot".
2. Yes. It is undionly.kpxe.vmw-hardwired.

1 47
Lab 1 0: M o n itoring Memory Performance

Task 2: Check for Overcom mittment of Virtual Machine Memory . . . . . . . . . . . . . . . . . . . . 72


1. Answers vary depending on the current
workload.

Task 6: Record Memory Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75


1. Yes, the values should converge over time. 5. ResourceHog01 and ResourceHog02 should
2. Yes, the values should converge over time. be experiencing high %SWPWT values
because their memory i s being swapped out
3. ResourceHog02 and ResourceHog01 .
and they must wait whenever those pages are
4. Although all three VMs might be swapping,
accessed. Linux01 should be experiencing
the levels of swapping on ResourceHog01
low %SWPWT values, possibly zero.
and ResourceHog02 are going to be much
larger than the level of swapping on Linux01 .
6. Answers vary.
7. Answers vary.

Lab 1 1 : Monitoring Storage Performance

Task 2: Measure Continuous Sequential Write Activity to a Virtual Disk on a


Remote Datastore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
1. vmhba65, the software iSCS I adapter.

Task 5: Measure Continuous Random Read Activity to a Virtual Disk on a


Local Datastore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
1. vmhba 1 , a local host bus adapter.

Lab 1 2: M o n itoring Network Performance


Task 7: Stop the Test and Analyze Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
1. Yes. Network throughput values will vary. 3. Because network 1/0 did not pass through the
2. The test with the client and server on the same physical network ha rdware.
port group.

Lab 1 7: Working with Certificates

Task 1 : Examine vSphere Certifi cates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 29


1. The total might vary. Typically, eight o r more 7. Machine, vsphere-webclient, vpxd, vpxd
certificates are in the Active Certificates list. extension, and localhost.
2. By default, tickets issued by VMware CA are 8. The organization is the name of your Platform
valid for 1 0 years. Services Controller instance, which, in this lab
3. The expiration date varies in different lab environment, is embedded in the vCenter
environments. Server instance. In this lab configuration, the
name is sa-vcsa-01 .vclass.local. This name is
4. The Issuer Common Name field contains
specified in the O= field in the Subj ect field.
CN=CA, which indicates that VMware CA
This certificate is the VMware CA root
issued the certificate .
certificate i n which VMware CA is a
5. The certificate is a machine certificate.
standalone root certificate auth ority.
6. Five solution user certificates are in this
configuration.

1 48
Task 6: Replace a Machine Certificate with the New Custom Certificate . . . . . . . . . . . . . 1 37
1. The location bar can be blue or gray, but it 5. The domain controller CA is the root. The
should not be red. vCenter Server certificate is subordinate to
2. The certificate was issued to the vCenter the root certificate.
Server-Pl atform Services Controller system, 6. The student desktop is a member of the same
sa-vcsa-0 1 .vclass.local. Active Directory domain, and Internet Explorer
3. The domain controller CA issued the is using the same certificate store. Because
certificate. the vCenter Server certificate is signed by the
domain controller CA, Internet Explorer trusts
4. The certificate was signed now, so it is valid
the subordinate certificate.
from today.

1 49
1 50