Lab 1 Using vSphere Distributed Switches Objective: Create, configure, back up, and check a distributed switch In this lab, you perform the following tasks: 1. Log In to the Student Desktop Verify That the vSphere Licenses Are Valid Assign Valid vSphere Licenses Create a Distributed Switch Add ESXi Hosts to the New Distributed Switch 2. 3 4 5, 6. Examine Your Distributed Switch Configuration 7. Migrate the Virtual Machines to a Distributed Switch Port Group 8. Enable the Distributed Switch Health Check 9. Back Up the Distributed Switch Configuration 10. Cause Errors on the Distributed Switch 11, Monitor the Health of the Distributed Switch 12. Restore the Distributed Switch Configuration Lab 1 Using vSphere Distributed SwitchesTask 1: Log In to the Student Desktop You access and log in to your student desktop system to perform all lab activities for this course Use the following information from the class configuration handout: 1 Student desktop user name Standard lab password Ask your instructor how to log in to the student desktop system in your lab environment, For example, your instructor might have you use Remote Desktop Connection to connect to the student desktop system. Log ino the student desktop system, using your student desktop user name and the standard lab password Task 2: Verify That the vSphere Licenses Are Valid You verify that licenses for VMware vCenter Server® and the VMware ESXi™ hosts are valid, Use the following information from the class configuration handout 1 Standard lab password Log in to the VMware vSphere® Web Client interface On the student desktop machine task bar, click the Internet Explorer shortcut b. From the Favorites bar, select vSphere Web Clients > SA-VCSA-O1 ©. Ifyou receive a security exception for vSphere Web Client, click the Continue to this website (not recommended) link to open the login screen. d._ Log in with administrator@vsphere local (the vCenter Server administrator user name) and the standard lab password €. Point to the Home icon and select Home. Verify that the licenses for the vCenter Server system and the ESXi hosts are valid, a On the Home page under Administration, click the Licensing icon b._ In the center pane, click the Assets tab. ©. Onthe vCenter Server systems tab, verify that the vCenter Server system has a valid license d. Click the Hosts tab. Verify that all ESXi hosts have valid licenses f. Ifthe vCenter Server system and the ESXi hosts are not licensed or have licenses that are expired, go to task 3 g. Ifthe licenses are valid, go to task 4 Lab 1 Using vSphere Distributed SwitchesTask 3: Assign Valid vSphere Licenses Ifthe vCenter Server system and ESXi hosts li ‘VMware vSphere® components. enses are expired, you assign valid licenses to these Use the following information from the class configuration handout + vCenter Server license key + vSphere Enterprise Plus license key 1. In the center pane, click the Licenses tab. 2. Click the Create New ses icon (green plus sign) ‘The New Licenses wizard appears. 3. Inthe License keys (one per line) text box, enter the license keys that your instructor gave you (one per line) and click Next. 4. On the Edit license names page, enter the new license names vcenter Server and Enterprise Pius in the License Name text boxes and click Next 5. On the Ready to complete page, click Finish 6. Assign a Center Server license key to the vCenter Server instance a Inthe center pane, click the Assets tab b. Click the vCenter Server systems tab and click the Assign License icon. €. Inthe Assign License dialog box, select the vCenter Server license key. 4. Click OK. 7. Assign the vSphere Enterprise Plus license key to the ESXi hosts. a. Inthe center pane, click the Hosts tab, b. Select all hosts by clicking the first host, holding the Shift key, and selecting the last host. €. Click the Assign License icon 4d. Inthe Assign License dialog box, select the vSphere Enterprise Plus license key. ©. Click OK Lab 1 Using vSphere Distributed Switches 38. Reconnect the ESXi hosts. a, Point to the Home icon and select Hosts and Clusters. b. Inthe Navigation pane, expand SA Datacenter and select SA Management. ©. Inthe center pane, click the Hosts tab. The three ESXi hosts have a status of Disconnected. d._ Select all three hosts by clicking the first host, holding the Shift key, and selecting the last host. €. Right-click the host selection and select Connection > Connect, f, Verify that all three ESXi hosts have a status of Connected Task 4: Create a Distributed Switch You create a distributed switch that functions as a single virtual switch across all associated hosts in your vSphere environment 1. In vSphere Web Client, point to the Home icon and select Networking, In the left pane, expand the inventory until you see SA Datacenter. Right-click SA Datacenter and select Distributed Switch > New istributed Switch 2. 3 4, On the Name and location page, enter dve-Lab in the Name text box and click Next 5. On the Select version page, leave Distributed switch: 6.5.0 selected and click Next. 6 On the Edit settings page, enter pg-SA Production in the Port group name text box, keep all other defaults, and click Next 7. On the Ready to complete page, review the configuration settings and eliek Finish ‘The dvs-Lab distributed switch is listed in the left pane, also called the Navigator pane. 8. Configure the pg-SA Production port group to use only Uplink 2. a. Inthe left pane, expand dvs-Lab and right-click pg-SA Produc b. Select Edit Settings. ©. Inthe Edit Settings window, select Teaming and failover on the left. d. Select Uplink I and click the down arrow until the uplink appears under Unused uplinks. €. Select Uplink 3 and click the down arrow to move it to the Unused uplinks section, 4 Lab 1 Using vSphere Distributed Switches£ Select Uplink 4 and move it to the Unused uplinks section Failover order oa Active uplinks wal Uplink? fa Uplink s Fat Uplink s g. Click OK Task 5: Add ESXi Hosts to the New Distributed Switch You add ESXi hosts and physical adapters to the distributed switeh 1. Inthe Navigator pane, right-click the dvs-Lab distributed switch and select Add and Manage Hosts. 2. On the Select task page, leave Add hosts clicked and click Next. 3. On the Select hosts page, click New Hosts (the green plus sign), 4. Select sa-esxi-L.velass.tocal and sa-esxi-02.velass.local and click OK. Do not select sa-esxi-03.velass local. 5. Click Next 6. Onthe Select network adapter tasks page, deselect the Manage VMkernel adapters check box and leave the Manage physical adapters check box selected, 7. Click Next. Lab 1 Using vSphere Distributed Switches 58. On the Manage physical network adapters page, assign vmnic2 to Uplink 2 on sa-esxi- O1.velass.local and sa-esxi-02.velass. local a. Under sa-esxi-01 velass.local, select vmnic? and click Assign uplink manage pyc newark aan 2 creme pil neva adage oti ible ie, G seestotlesincal nts san + name swtenesintmas Farmnicd (re SADataentr Fabrics rs-8ADitacnte a rie2 3 Fab ries 1G sveesiozvtestses b. Select Uplink 2 and click OK. ©. Under sa-esxi-02. velass local, select vmnie2 and click Assign uplink d._ Select Uplink 2 and click OK ©. Click Next. 9. On the Analyze impact page, verify thatthe status is No impact for both ESXi hosts and click Next 10. On the Ready to complete page, review your settings and click Finish. Task 6: Examine Your Distributed Switch Configuration You examine the configuration of the distributed switch uplink, which is bound to the associated physical interfaces on the ESXi hosts. You also examine other distributed switch features, including the maximum transmission unit (MTU) value, VLAN capabilities, LACP aggregation groups, NetFlow, and VMware vSphere® Network 1/0 Control. 1. Inthe Navigator pane, select the dvs-Lab distributed switch 2. Inthe center pane, click the Configure tab and select Topology on the left. 6 Lab 1 Using vSphere Distributed Switches3. In the distributed switch topology diagram, click the arrow next to Uplink 2 to expand the view: (Brverrreducton (vr wisLabovORine ct YUN ID - Bi Uplink 1 0 NIC Adapters) viral Machines () FB Upto MC Aas “bt Ligh “winczseomtoaassiod @ GH, wrinizseessot elas oxal @ BB Uplink 3 (0 NIC Adapters) GE Upc ONC Adar) 4. Verify that for both ESXi hosts the vmnic2 is attached and appears under Uplink 2 5. Inthe center pane, click Properties on the left and verify the settings. + Network /O Control is enabled. + Number of uplinks is 4 + The MTU size is 1500 bytes + The Cisco Discovery Protocol is implemented. 6. Click each additional configuration link on the left and verify the settings. + LACP LAG is not defined. * Private VLAN is not defined + NetFlow collector is not defined + Port mirroring is not configured + Health check is not enabled 7. Inthe Navigator pane, select the pg-SA Production port group. 8. Click the Configure tab and select Properties on the left. 9. Verify the distributed port group settings + Port binding is set to static binding + Port allocation is set to elastic. + The number of ports is eight. Lab 1 Using vSphere Distributed Switches 7Task 7: Migrate the Virtual Machines to a Distributed Switch Port Group You move the virtual machines from the pg-SA Management port group on the dvs-SA Datacenter distributed switch to the pg-SA Production port group on the dvs-Lab distributed switch. Use the following information from the class configuration handout + Standard lab password 1. Inthe Navigator pane, right-click the dvs-Lab distributed switch and select Migrate VMs to Another Network The Migrate VMs to Another Network wizard appears 2. Migrate the virtual machines from pg-SA Management on the dvs-SA Datacenter distributed switch to the pg-SA Production network on the dvs-Lab distributed switch. &. On the Select source and destination networks page, leave Specifie network clicked for the Source network and click Browse. b. Select pg-SA Management and click OK. ¢. For the Destination network, click Browse. d._ Select pg-SA Production and click OK. e. Click Next, £ On the Select virtual machines to migrate page, select the All irtual machines check box. A warming message states that the destination network is inaccessible for one or more Virtual machines and that these virtual machines are not selected for migration, g. Click OK ‘The LAB-VCS-01 virtual machine is dimmed. You cannot migrate this virtual machine, because itis hosted on the sa-esxi-03.vclass.local host, which is inaccessible to the pg-SA- Production port group, h. Click Next, 3. On the Ready to complete page, review the settings and click Finish. 8 Lab 1 Using vSphere Distributed SwitchesVerify your distributed switch configuration. a. Inthe Navigator pane, select dvs-Lab and click the Hosts tab in the center pane. b. Verify that sa-esxi-01.velass local and sa-esxi-02.velass local are connected to the distributed switch, ‘The state of the ESXi hosts should be Connected, ¢. Click the VMs tab and verify that your virtual machines are listed If the virtual machines are listed, then they reside on the new distributed switch. d._ Click the Ports tab and verify that pg-SA Production is listed in the Port Group column and that an uplink port group is created for the distributed switch, ‘You can expand the Port Group column so that you can view the full name of the uplink port group, In vSphere Web Client, point to the Home icon and select Hosts and Clusters. Power on Linux0l and log in to its console. a In the Navigator pane, expand SA Datacenter and expand the SA Management cluster. b. Right-click Linux01 and select Power > Power On ©. Right-click Linux01 and select Open Console. d,_ Ifyou receive a security exception, click the Continue to this website (not recommended) link to continue Wait for the virtual machine to finish booting. €. Log in as user root and use the standard lab password. Verify that the virtual machine has full network connectivity. a. Atthe command prompt, ping 172.20.10.10 (the domain controller's IP address) to verify the virtual machine’s network connectivity. ping 172.20.10.10 ‘The ping command should be successful b. Ifthe ping command is successful, press Ctrl+C to end the ping command, ¢. Ifthe ping command is not successful, enter the service network restart command to ensure that your virtual machine has a valid DHCP-assigned IP address. d. Try the ping command again, €. Ifthe ping command is successful, press Ctrl+C to end the ping command. Close the Linux01 virtual machine console tab. Lab 1 Using vSphere Distributed Switches 9Task 8: Enable the Distributed Switch Health Check You enable the health check service on the dvs-Lab distributed switch. 1, InvSphere Web Client, point to the Home icon and select Networking, In the Navigator pane, select the dvs-Lab distributed switch. In the center pane, click the Configure tab and select Health eheek on the lef Click Bait. 2, 3 4 5. Set VLAN and MTU to Enabled. 6. Set Teaming and failover to Enabled, 4 Click OK. Task 9: Back Up the Distributed Switch Configuration You save a backup of the dvs-Lab distributed switch configuration 1. In the Navigator pane, right-click the dvs-Lab distributed switch. 2. Select Settings > Export Configuration 3. In the Export Configuration dialog box, leave Distributed switch and all port groups clicked and click OK, 4. When prompted, click Yes to save the exported configuration. 5. Save the distributed switch configuration to the desktop of the student desktop machine, using the default backup. zip filename. uted Switch You purposely cause errors by configuring an invalid VLAN ID on the pg-SA Production port group and setting the MTU value to 9000 on the dvs-Lab distributed switch. These misconfigurations are reported by the distributed switch health check service. ec Use only the dvs-Lab distributed switch for this task, Do not try to cause errors on the dvs-SA. Datacenter distributed switch, Task 10: Cause Errors on the 10 Lab4_ Using vSphere Distributed Switches1. Configure an invalid VLAN ID on the distributed port group. a. Inthe Navigator pane, right-click pg-SA Production and select Edit Settings. b. Inthe Edit Settings window, click VLAN on the left, ©. From the VLAN type list, select VLAN d. Inthe VLAN ID box, enter 37. VLAN ID 37 is nota valid VLAN ID because the physical switch is not configured for VLAN 37. An invalid VLAN ID causes an error after you save the configuration e. Click OK. 2. Misconfigure the distributed switch by setting the MTU value to 9000. Inthe Navigator pane, right-click the dvs-Lab distributed switeh and select Settings > Edit Settings. b, Inthe Edit Settings dialog box, select Advanced on the left, ¢. Inthe MTU (Bytes) box, change the value to 9000. ‘This setting causes an error after you save the configuration because jumbo frames are not configured in your environment, d. Click OK Task 11: Monitor the Health of the Distributed Switch You check the health of the dvs-Lab distributed switch 1. Inthe Navigator pane, select the dvs-Lab distributed switch. In the center pane, click the Monitor tab and click Health 2 3. Select the first ESXi host in the list. 4, View the VLAN tab at the bottom of the page. ‘The VLAN configuration status might take a few minutes to update Wait for the VLAN configuration status to change to Not Supported. ‘You might need to click the Refresh icon a few times in the vSphere Web Client interface to update the status. 6. Click the MTU tab at the bottom of the page. ‘The MTU configuration status might take a few minutes to update. Until then, the configuration status is Unknown, 7. Wait for the MTU configuration status to change to Not Supported. ‘You might need to click the Refresh icon a few times in the vSphere Web Client interface to update the status. Lab 1 Using vSphere Distributed Switches 11Task 12: Restore the Distributed Switch Configuration You restore the dvs-Lab distributed switch configuration to reset any configuration change made since the configuration was saved. 1. In the Navigator pane, right-click the dvs-Lab distributed switch and select Settings > Restore Configuration. ‘The Restore Configuration wizard appears, 2. On the Restore switch configuration page, click Browse, select the backup.zip file, and click Open. 3. Leave Restore distributed switch and all port groups clicked and click Next. 4, On the Ready to complete page, review the settings and click Finish 5. Ifyou lose connection to vSphere Web Client, restart the Intemet Explorer browser, 6. After the switch configuration is restored, verify the configuration a, View the Health panel and verify that the overall health of the dvs-Lab distributed switch is back to normal. ‘You might need to click the Refresh icon in the vSphere Web Client interface to update the status. b. View the VLAN settings of the pg-SA Production port group and verify that no VLAN is configured. €. View the advanced settings of the dvs-Lab distributed switeh and verify that the MTU value is 1500. 7. Point to the Home icon and select Home 12 Lab4_ Using vSphere Distributed SwitchesLab 2 Using Port Mirroring Objective: Configure port mirroring and capture network traffic on a distributed switch In this lab, you perform the following tasks 1. Prepare to Capture Mirrored Network Traftic 2. Configure Port Mirroring on the Distributed Switch 3. Verify That Port Mirroring Is Capturing Traffic Task 1: Prepare to Capture Mirrored Network Traffic You use the Linux01 virtual machine to capture and monitor mirrored traffic. 1. Ifyou are logged out of vSphere Web Client, log back in. Open a new tab in Internet Explorer. b, From the Favorites bar, select vSphere Web Clients > SA-VCSA-O1 ©. Log in with administrator the standard lab password ssphere local (the vCenter Server administrator user name) and. In vSphere Web Client, point to the Home icon and select Hosts and Clusters, In the left pane, expand SA Datacenter and expand the SA Management cluster. In the left pane, log in to the Linux01 virtual machine console. a. Right-click Linux01 and select Open Console. b. Ifprompted, click the Continue to this website (not recommended) link to continue ‘You should be logged in to Linux01 as root ¢. Ifyou are not logged in, then log in as user root with the standard lab password. 13In the Linux01 console, monitor ICMP network traffic. dump -na icmp Tee eer por erate Praesens are See researc) Pett Risen ete et 6. Monitor the command output for a few seconds and verify that ICMP traffic is not being captured. ;dump output remains silent until ICMP traffic is detected on the network. 7. Leave the console window open, with the eepdunp command running uninterrupted. 8, Inthe Internet Explorer window, click the vSphere Web Client tab, 9. Power on the Linux02 virtual machine and log in to its console. Inthe left pane, right-click Linux02 and select Power > Power On b. Right-click Linux02 and select Open Console €. If prompted, click the Continue to this website (not recommended) link to continue. Wait for the virtual machine to finish booting, d. Log in as user root and use the standard lab password. ‘The Linux02 virtual machine is used as the traffic source to be monitored 10, At the Linux02 command prompt, ping 172.20.10.10 (the default router IP address), ping 172.20.10.10 11, If the ping command does not work, enter service network restart and repeat step 10. 12. After the ping command begins working, click the Linux01 console tab, 13, In the Linux01 console window, verify that the running tcpdump command output remains silent and has not captured any ICMP traffic. Task 2: Configure Port Mirroring on the Distributed Switch You configure port mirroring so that the port connected to the Linux02 machine is the mirror source and the port connected to the Linux01 machine is the mirror destination. All the traffic present on the Linux02 port is forwarded to the Linux01 port for examination 1. Inthe Internet Explorer window, click the vSphere Web Client tab. 2. Point to the Home icon and select Networking 44 Lab2_ Using Port Mirroring3. Inthe Navigator pane, select the dvs-Lab distributed switch. 4. In the center pane, click the Configure tab and select Port mirroring on the left. 5. Inthe Port mirroring panel, click the New icon. ‘The Add Port Mirroring Session wizard appears 6. On the Select session type page. leave Distributed Port Mirroring clicked and click Next. ‘When you select this session type, distributed ports can only be local. Ifthe source and destination ports are on different hosts, port mirroring between them does not work. The Linux01 and Linux02 virtual machines both reside on sa-esxi-01L.velass local 7. On the Edit properties page, configure the port mirroring session, a. Select Enabled from the Status drop-down menu. b. Select Allowed from the Normal 1/O on destination ports drop-down menu. ¢. Keep the rest of the defaults and click Next 8. On the Select sources page, configure the port mirroring source. a. Click the Select distributed ports icon Select sources Select he source alstriouted ov fk Poni Hort, b. Inthe Select Ports dialog box, select the check box for the row with a connected entity of Linux02 and click OK. . Click Next. 9. On the Select destinations page, configure the port mirroring destination. Click the Seleet distributed ports icon. b. In the Select Ports dialog box, select the check box for the row with a connected entity of Linux01 and click OK. © Click Next. 10. On the Ready to complete page, review the settings and click Finish. Lab 2 Using Port Mirroring 15,Task 3: Verify That Port Mirroring Is Capturing Traffic With mirroring between ports con! gured, you view the t jump command output and verify that any ICMP traffic appearing on the Linux02 port is duplicated on the Linux01 port. 1 16 In the Internet Explorer window, click the Linux02 console tab. Verify that the ping command is still reaching the default router IP address, Click the Linux01 console tab, In the Linux01 console, examine the tcpdump output in the terminal window. ‘The output looks similar to the sereenshot. Record the local address that appears in the captured traffic. ‘The local address begins with 172.20.11 In the Linux01 console window, press Ctrl+C to stop the tepdunp command. In the Internet Explorer window, click the Linux02 console tab. In the Linux02 console window, press Ctrl+C to stop the ping command, At the Linux02 command prompt, examine the IP configuration onfig Using the command output, verify that the Linux02 IP address matches the address that you recorded in step 5 Close the Linux01 and Linux02 console tabs. Shut down Linux01 and Linux02, a. Point to the Home icon and select Hosts and Clusters. b. Inthe left pane, right-click Linux01 and select Power > Shut Down Guest OS. ©. Inthe pop-up window, click Yes to confirm the shutdown operation. d. Repeat steps b and to shut down Linux02 Point to the Home icon and select Home. Lab 2 Using Port MirroringLab 3 Policy-Based Storage Objective: Use policy-based storage to create tiered storage In this lab, you perform the following tasks 1. Add Datastores for Use by Policy-Based Storage 2. Use vSphere Storage vMotion to Migrate a Virtual Machine to the Gold Datastore 3. Configure Storage Tags 4 Create Virtual Machine Storage Policies Assign Storage Policies to Virtual Machines Task 1: Add Datastores for Use by Policy-Based Storage You create two small datastores for use by your vCenter Server instance as simple tiered storage. Each datastore is approximately 8 GB in size. 1. Ifyou are logged out of vSphere Web Client, log back in. 2. Point to the Home icon and select Storage. 3. Create a datastore named Gold. a. In the Navigator pane, right-click SA Datacenter and select Storage > New Datastore ‘The New Datastore wizard appears b, On the Location page, click Next ©. On the Type page, leave VMES clicked and click Next d. On the Name and device selection page, enter God in the Datastore name text box. €. Inthe Select a host to view its accessible disks/LUNS list, select sa-esxi-02.velass.local 74 18 £. Inthe disk/LUN list, select the entry for the lowest LUN number attached to an iSCSI device Local drives are labeled as Local VMware Disk. Do not select these drives. &. IFiSCSI devices are not present, ask the instructor for instructions on how to add them. h. Click Next i Onthe VMES version page, leave VMES 6 clicked and click Next. j. On the Partition configuration page, keep the defaults and click Next. k. On the Ready to complete page. review the settings and click Finish |. Verify that the Gold datastore appears in the Navigator pane. Create a datastore named Silver. a. In the Navigator pane, right-click SA Datacenter and select Storage > New Datastore. ‘The New Datastore wizard appears. b. On the Location page, click Next ©. On the Type page, leave VMES clicked and click Next. 4d. On the Name and device selection page, enter iver in the Datastore name text box. €. Inthe Select a host to view its accessible disks/LUNS list, select sa-esxi-02.velass.local £ Inthe disk/LUN list, select the entry for the lowest LUN number attached to an iSCSI device and click Next. Local drives are labeled as Local VMware Disk. Do not select these drives, On the VMFS version page, leave VMES 6 clicked and click Next. h. On the Partition configuration page, keep the defaults and click Next. i, On the Ready to complete page, review the settings and click Finish. 4. Verify that the Silver datastore appears in the Navigator pane Lab 3 Policy-Based StorageTask 2: Use vSphere Storage vMotion to Migrate a Virtual Machine to the Gold Datastore Use VMware vSphere® Storage vMotion® to migrate the VM01 virtual machine to the Gold datastore. 1. Power on VMOL. a. Point to the Home icon and select Hosts and Clusters. b. Right ick VMOI and sele Power > Power On. €. When VMO1 is powered on, go to the next step 2. Inthe Navigator pane, right-click VMO1 and select Migrate. ‘The Migrate wizard appears 3. On the Select the migration type page, click Change storage only and click Next. 4. On the Select storage page, select the Gold datastore, leave all other settings at their default values, and click Next. 5. On the Ready to complete page, click Finish, 6. Inthe Recent Tasks pane, monitor the migration task to completion. 7. Verify that the migration was successful You might have to refresh vSphere Web Client to see that the migration has completed. a. Inthe left pane, select VMO1 b. Inthe center pane, click the Datastores tab and verify that the Gold datastore is listed, Task 3: Configure Storage Tags You create the tags necessary to implement simple tiering. The Storage Tiers tag category contains the Gold and Silver identifier tags associated with individual datastores, 1. Point to the Home icon and select Tags & Custom Attributes from the list 2. Inthe center pane, click the Tags tab. Lab3 Policy-Based Storage 19