VMware VSphere Optimize and Scale 6.5 - Labs...
[email protected]
Digitally signed by vahid
Lab 1 Using vSphere Distributed
Switches
Objective: Create, configure, back up, and check a distributed switch In this lab, you perform the following tasks: 1 . Log In to the Student Desktop 2.
Verify That the vSphere Licenses Are Valid
3. Assign Valid vSphere Licenses 4. Create a Distributed Switch 5. Add ESXi Hosts to the New Distributed Switch 6. Examine Your Distributed Switch Configuration 7. Migrate the Virtual Machines to a Distributed Switch Port Group 8.
Enable the Distributed Switch Health Check
9. Back Up the Distributed Switch Configuration 10.
Cause Errors on the Distributed Switch
11.
Monitor the Health of the Distributed Switch
12.
Restore the Distributed Switch Configuration
Lab 1
Using vSphere Distributed Switches
mcse2012.blogfa.com
1
[email protected]
Task 1 : Log I n to the Student Desktop You access and log in to your student desktop system to perform all lab activities for this course. Use the following information from the class configuration handout: •
Student desktop user name
•
Standard lab password
1 . Ask your instructor how to log in to the student desktop system in your lab environment. For example, your instructor might have you use Remote Desktop Connection to connect to the student desktop system. 2. Log in to the student desktop system, using your student desktop user name and the standard lab password. Task 2: Verify That the vSphere Licenses Are Va lid You verify that licenses for VMware vCenter Server® and the VMware ESXi™ hosts are valid. Use the following information from the class configuration handout: •
Standard lab password
1 . Log in to the VMware vSphere® Web Client interface. a. On the student desktop machine task bar, click the Internet Explorer shortcut. b. From the Favorites bar, select vSphere Web
Clients > SA-VCSA-0 1.
c. If you receive a security exception for vSphere Web Client, click the Continue to this website (not recommended) link to open the login screen. d. Log in with
[email protected] (the vCenter Server administrator user name) and the standard lab password. e. Point to the Home icon and select Home. 2. Verify that the licenses for the vCenter Server system and the ESXi hosts are valid. a. On the Home page under Administration, click the Licensing icon. b. In the center pane, click the Assets tab. c. On the vCenter
Server systems
d. Click the
tab.
Hosts
tab, verify that the vCenter Server system has a valid license.
e. Verify that all ESXi hosts have valid licenses. f.
If the vCenter Server system and the ES Xi hosts are not licensed or have licenses that are expired, go to task 3 .
g. If the licenses are valid, go to task 4. 2
Lab 1
Using vSphere Distributed Switches
mcse2012.blogfa.com
Task 3: Assign Valid vSphere Licenses If the vCenter Server system and ESXi hosts licenses are expired, you assign valid licenses to these VMware vSphere® components. Use the following information from the class configuration handout: •
vCenter Server license key
•
vSphere Enterprise Plus license key
1 . In the center pane, click the Licenses tab. 2. Click the
Create New Licenses
icon (green plus sign).
The New Licenses wizard appears. 3. In the License keys (one per line) text box, enter the 1 icense keys that your instructor gave you (one per line) and click Next. 4.
On the Edit license names page, enter the new license names vcenter Enterprise Plus in the License Name text boxes and click Next.
Server
and
5. On the Ready to complete page, click Finish. 6. Assign a vCenter Server license key to the vCenter Server instance. a. In the center pane, click the Assets tab. b.
Click the vCenter Server systems tab and click the Assign License icon.
c. In the Assign License dialog box, select the vCenter Server license key. d. Click OK. 7. Assign the vSphere Enterprise Plus license key to the ESXi hosts. a. In the center pane, click the Hosts tab. b.
Select all hosts by clicking the first host, holding the Shift key, and selecting the last host.
c . Click the
Assign License
icon.
d. In the Assign License dialog box, select the vSphere Enterprise Plus license key. e. Click OK.
Lab 1
Using vSphere Distributed Switches
3
8.
Reconnect the ESXi hosts. a. Point to the Home icon and select Hosts and Clusters. b. In the Navigation pane, expand SA Datacenter and select S A Management. c . In the center pane, click the
Hosts
tab.
The three ES Xi hosts have a status of Disconnected. d. Select all three hosts by clicking the first host, holding the Shift key, and selecting the last host. e. Right-click the host selection and select Connection > Connect. f.
Verify that all three ESXi hosts have a status of Connected.
Task 4 : Create a Distri buted Switch You create a distributed switch that functions as a single virtual switch across all associated hosts in your vSphere environment. 1 . In vSphere Web Client, point to the Home icon and select Networking. 2. In the left pane, expand the inventory until you see SA Datacenter. 3. Right-click S A Datacenter and select Distributed Switch > New Distributed Switch. 4.
On the Name and location page, enter dvs -Lab in the
5. On the Select version page, leave Distributed switch: 6. On the Edit settings page, enter pg-SA all other defaults, and click Next.
Production
Name text box and click Next. 6.5.0
selected and click Next.
in the Port
group name
text box, keep
7. On the Ready to complete page, review the configuration settings and click Finish. The dvs-Lab distributed switch is listed in the left pane, also called the Navigator pane. 8.
Configure the pg-SA Production port group to use only Uplink 2 . a. In the left pane, expand dvs-Lab and right-click pg-SA Production. b.
Select Edit
Settings.
c. In the Edit Settings window, select Teaming and failover on the left. d. Select Uplink e.
4
Select
Lab 1
1
Uplink 3
and click the down arrow until the uplink appears under Unused uplinks. and click the down arrow to move it to the Unused uplinks section.
Using vSphere Distributed Switches
f.
Select Uplink 4 and move it to the Unused uplinks section. Failover order
Active
�
uplinks Uplink2
standby uplinks Unused uplinks 1Jiii!1
Uplink 1
�
Uplink3
�
Uplink4
g. Click OK Task 5: Add ESXi H osts to the New Distri b uted Switch You add ESXi hosts and physical adapters to the distributed switch. 1 . In the Navigator pane, right-click the
dvs-Lab
distributed switch and select Add and Manage
Hosts.
2 . On the Select task page, leave Add hosts clicked and click Next. 3. On the Select hosts page, click New Hosts (the green plus sign). 4.
Select sa-esxi-0 1.vclass.local and
sa-esxi-02.vclass.local
and click OK.
Do not select sa-esxi-03.vclass.local. 5. Click Next. 6. On the Select network adapter tasks page, deselect the Manage VMkernel adapters check box and leave the Manage physical adapters check box selected. 7.
Click
Next.
Lab 1
Using vSphere Distributed Switches
5
8.
On the Manage physical network adapters page, assign vmnic2 to Uplink 2 on sa-esxi0 1 . vclass.local and sa-esxi-02. vclass.local. a. Under sa-esxi-0 1 .vclass .local, select vmnic2 and click Assign uplink. Manage physical networl< adauters
Add or remove
physical network adapters to this
� Assignuplink Hosi!Phys1oal •
·
·
'\ I
1
g
llet.Joik Adapt.rs
0
distributed switch.
Q Viewsemngs 1 .. In U;:e by Swl!ell
tJ sa-esxl-01.vclass.local 0 n this SWllC h •
On other swilcheslunclaimed
!iii vmnicO !iii vmnic1
ilvs-SA Oatatenter ilvs-SA Oatacenter
liiiiil vmnic2 Iii! vmnic3 •
b.
tJ
sa-esxi-02.vclass.local
Select Uplink 2 and click OK.
c. Under sa-esxi-02.vclass.local, select vmnic2 and click Assign uplink. d. Select Uplink 2 and click OK. e.
Click
Next.
9. On the Analyze impact page, verify that the status is No impact for both ESXi hosts and click Next. 1 0 . On the Ready to complete page, review your settings and click Finish. Task 6: Examine You r Distri b uted Switch Configuration You examine the configuration of the distributed switch uplink, which is bound to the associated physical interfaces on the ESXi hosts. You also examine other distributed switch features, including the maximum transmission unit (MTU) value, VLAN capabilities, LACP aggregation groups, NetFlow, and VMware vSphere® Network 110 Control. 1 . In the Navigator pane, select the dvs-Lab distributed switch. 2. In the center pane, click the Configure tab and select Topology on the left.
6
Lab 1
Using vSphere Distributed Switches
3. In the distributed switch topology diagram, click the arrow next to Uplink 2 to expand the view. �
pg-SA Production
8
1--���������
�
...
dvs-Lab-DVUplinks-81
Ii; Uplink 1 (0 NIC Adapters)
VLA.N ID: -Virtual Machines (0)
..-
O O
Uplink 2
(2
NIC Adapters)
vmnic2 sa-esxi-02.vclass.local vmnic2 sa-esxi-01.vclass.local
8 8
Uplink 3 (0 NIC Adapters)
� Uplink 4 (0 NIC Adapters)
4.
Verify that for both ESXi hosts the vmnic2 is attached and appears under Uplink 2.
5. In the center pane, click Properties on the left and verify the settings. •
Network I/O Control is enabled.
•
Number of uplinks is 4.
•
The MTU size is 1500 bytes.
•
The Cisco Discovery Protocol is implemented.
6. Click each additional configuration link on the left and verify the settings. •
LACP LAG is not defined.
•
Private VLAN is not defined.
•
NetFlow collector is not defined.
•
Port mirroring is not configured.
•
Health check is not enabled.
7. In the Navigator pane, select the pg-SA Production port group. 8.
Click the Configure tab and select Properties on the left.
9. Verify the distributed port group settings. •
Port binding is set to static binding.
•
Port allocation is set to elastic.
•
The number of ports is eight.
Lab 1
Using vSphere Distributed Switches
7
Task 7: Mig rate the Virtual Machi nes to a Distrib uted Switch Port G roup You move the virtual machines from the pg-SA Management port group on the dvs-SA Datacenter distributed switch to the pg-SA Production port group on the dvs-Lab distributed switch. Use the following information from the class configuration handout: •
Standard lab password
1 . In the Navigator pane, right-click the
dvs-Lab
distributed switch and select Migrate VMs to
Another Network.
The Migrate VMs to Another Network wizard appears. 2. Migrate the virtual machines from pg-SA Management on the dvs-SA Datacenter distributed switch to the pg-SA Production network on the dvs-Lab distributed switch. a. On the Select source and destination networks page, leave Specific network clicked for the Source network and click Browse. b.
Select
pg-SA Management
and click
OK.
c. For the Destination network, click Browse. d.
Select pg-SA Production and click
OK.
e. Click Next. f.
On the Select virtual machines to migrate page, select the All virtual machines check box. A warning message states that the destination network is inaccessible for one or more virtual machines and that these virtual machines are not selected for migration.
g. Click
OK.
The LAB-VC S-0 1 virtual machine is dimmed. You cannot migrate this virtual machine, because it is hosted on the sa-esxi-03 .vclass. local host, which is inaccessible to the pg-SA Production port group. h. Click Next. 3 . On the Ready to complete page, review the settings and click Finish.
8
Lab 1
Using vSphere Distributed Switches
4.
Verify your distributed switch configuration. a. In the Navigator pane, select
dvs-Lab
and click the Hosts tab in the center pane.
b. Verify that sa-esxi- 0 1 .vclass.local and sa-esxi-02.vclass. local are connected to the distributed switch. The state of the ESXi hosts should be Connected. c. Click the
VMs
tab and verify that your virtual machines are listed.
If the virtual machines are listed, then they reside on the new distributed switch. d. Click the Ports tab and verify that pg-SA Production is listed in the Port Group column and that an uplink port group is created for the distributed switch. You can expand the Port Group column so that you can view the full name of the uplink port group. 5. In vSphere Web Client, point to the Home icon and select Hosts
and Clusters.
6. Power on LinuxO 1 and log in to its console. a. In the Navigator pane, expand
SA Datacenter
and expand the SA Management cluster.
b. Right-click LinuxOl and select Power > Power
On.
c . Right-click LinuxOl and select Open Console. d. If you receive a security exception, click the recommended) link to continue.
Continue to this website (not
Wait for the virtual machine to finish booting. e . Log in as user root and use the standard lab password. 7 . Verify that the virtual machine has full network connectivity. a. At the command prompt, ping 1 72.20 . 1 0. 1 0 (the domain controller's IP address) to verify the virtual machine 's network connectivity. p i ng 1 7 2 . 2 0 . 1 0 . 1 0
The p i ng command should b e successful. b. If the p i n g command is successful, press Ctrl+C to end the pi ng command. c. If the ping command is not successful, enter the service network restart command to ensure that your virtual machine has a valid DHCP-assigned IP address. d. Try the p i ng command again. e . I f the p i n g command is successful, press Ctrl+C to end the pi ng command. 8.
Close the
LinuxOl
virtual machine console tab. Lab 1
Using vSphere Distributed Switches
9
Task 8: Enable the D istri buted Switch Health C heck You enable the health check service on the dvs-Lab distributed switch. 1 . In vSphere Web Client, point to the Home icon and select Networking. 2. In the Navigator pane, select the
dvs-Lab
distributed switch.
3. In the center pane, click the Configure tab and select Health 4.
Click Edit.
5.
Set VLAN and M T U to
6.
Set Teaming and
7.
Click
check
on the left.
Enabled.
failover
to
Enabled.
OK
Task 9: Back U p the Distri b uted Switch C o nfi g u ration You save a backup of the dvs-Lab distributed switch configuration. 1 . In the Navigator pane, right-click the
dvs-Lab
distributed switch.
2 . Select Settings > Export Configuration. 3 . In the Export Configuration dialog box, leave Distributed switch and click OK. 4.
and all port groups
clicked
When prompted, click Yes to save the exported configuration.
5. Save the distributed switch configuration to the desktop of the student desktop machine, using the default bac kup . zip filename. Task 1 0: Ca use Errors on the Distri b uted Switch You purposely cause errors by configuring an inval id VLAN ID on the pg-SA Production port group and setting the MTU value to 9000 on the dvs-Lab distributed switch. These misconfigurations are reported by the distributed switch health check service. I M P O RTANT
Use only the dvs-Lab distributed switch for this task. Do not try to cause errors on the dvs-SA Datacenter distributed switch.
10
Lab 1
Using vSphere Distributed Switches
1 . Configure an invalid VLAN ID on the distributed port group. a. In the Navigator pane, right-click pg-SA Production and select
Edit Settings.
b. In the Edit Settings window, click VLAN on the left. c . From the d. In the
VLAN type
VLAN ID
list, select VLAN.
box, enter
37.
VLAN ID 37 is not a valid VLAN ID because the physical switch is not configured for VLAN 37. An invalid VLAN ID causes an error after you save the configuration. e. Click OK. 2. Misconfigure the distributed switch by setting the MTU value to 9000. a. In the Navigator pane, right-click the dvs-Lab distributed switch and select Settings > Edit Settings.
b. In the Edit Settings dialog box, select Advanced on the left. c . In the M T U (Bytes) box, change the value to 9000 . This setting causes an error after you save the configuration because jumbo frames are not configured in your environment. d. Click OK. Task 1 1 : Mon itor the Health of the Distrib uted Switch You check the health of the dvs-Lab distributed switch. 1 . In the Navigator pane, select the dvs-Lab distributed switch. 2. In the center pane, click the Monitor tab and click 3.
Select the first ESXi host in the list.
4.
View the
VLAN tab
Health.
at the bottom of the page.
The VLAN configuration status might take a few minutes to update. 5. Wait for the VLAN configuration status to change to Not Supported. You might need to click the Refresh icon a few times in the vSphere Web Client interface to update the status. 6. Click the
MT U
tab at the bottom of the page.
The MTU configuration status might take a few minutes to update. Until then, the configuration status is Unknown. 7. Wait for the MTU configuration status to change to Not Supported. You might need to click the Refresh icon a few times in the vSphere Web Client interface to update the status. Lab 1
Using vSphere Distributed Switches
11
Task 1 2: Resto re the D istri buted Switch Config u ration You restore the dvs-Lab distributed switch configuration to reset any configuration change made since the configuration was saved. 1 . In the Navigator pane, right-click the
dvs-Lab
distributed switch and select Settings > Restore
Configuration.
The Restore Configuration wizard appears. 2. On the Restore switch configuration page, click Browse, select the
backup.zip
file, and click
Open.
3. Leave Restore distributed switch 4.
and all port groups
clicked and click Next.
On the Ready to complete page, review the settings and click Finish.
5 . If you lose connection to vSphere Web Client, restart the Internet Explorer browser. 6. After the switch configuration is restored, verify the configuration. a. View the Health panel and verify that the overall health of the dvs-Lab distributed switch is back to normal. You might need to click the the status.
Refresh
icon in the vSphere Web Client interface to update
b. View the VLAN settings of the pg-SA Production port group and verify that no VLAN is configured. c. View the advanced settings of the dvs-Lab distributed switch and verify that the MTU value is 1 500. 7. Point to the Home icon and select Home.
12
Lab 1
Using vSphere Distributed Switches
Lab 2 Using Port Mirroring
Objective: Configure port mirroring and capture network traffic on a distributed switch In this lab, you perform the following tasks: 1 . Prepare to Capture Mirrored Network Traffic 2. Configure Port Mirroring on the Distributed Switch 3. Verify That Port Mirroring Is Capturing Traffic Task 1 : Prepare to Capture M i rrored Network Traffic You use the LinuxO l virtual machine to capture and monitor mirrored traffic. 1. If you are logged out of vSphere Web Client, log back in. a. Open a new tab in Internet Explorer. b. From the Favorites bar, select vSphere Web
Clients > SA-VCSA-0 1.
c. Log in with
[email protected] (the vCenter Server administrator user name) and the standard lab password. 2. In vSphere Web Client, point to the Home icon and select Hosts
and Clusters.
3 . In the left pane, expand SA Datacenter and expand the S A Management cluster. 4.
In the left pane, log in to the LinuxO 1 virtual machine console. a. Right-click LinuxOl and select Open Console. b. If prompted, click the
Continue t o this website (not recommended)
link to continue.
You should be logged in to LinuxO l as root. c. If you are not logged in, then log in as user root with the standard lab password. 13
5. In the LinuxO 1 console, monitor ICMP network traffic. t cpdump
-nn i cmp
lrnntfllor,1lhw,t ·Ill trpciump tr:pc1ump
nn
1rmp
vr-rhosc 011tp11t ·�11pprr::-;scc1,
]10.k111114
u11
t:llil'J,
l111k t4µe ENHIMB
11sc
v nr
vv for fu
Ull1t:r·11t'll,
11
protoco 1
c1croc1('
Lcl]JlllrT 0.1;.::t· 'JG b4lt·s
6. Monitor the command output for a few seconds and verify that ICMP traffic is not being captured. tcpdump
output remains silent until ICMP traffic is detected on the network.
7. Leave the console window open, with the
t cpdump
8.
vSphere Web Client tab.
In the Internet Explorer window, click the
command running uninterrupted.
9. Power on the Linux02 virtual machine and log in to its console. a. In the left pane, right-click
Linux02
and select Power > Power
On.
b. Right-click Linux02 and select Open Console. c. If prompted, click the
Continue to this website (not recommended)
link to continue.
Wait for the virtual machine to finish booting. d. Log in as user root and use the standard lab password. The Linux02 virtual machine is used as the traffic source to be monitored. 1 0 . At the Linux02 command prompt, ping 1 72.20. 1 0 . 1 0 (the default router IP address). p i ng 1 7 2 . 2 0 . 1 0 . 1 0
1 1 . If the p i n g command does not work, enter service 1 2 . After the p i ng command begins working, click the
network restart
LinuxO l
and repeat step 1 0 .
console tab.
1 3 . In the LinuxO 1 console window, verify that the running t cpdump command output remains silent and has not captured any ICMP traffic . Task 2: Confi g u re Port Mi rroring on the Distrib uted Switch You configure port mirroring so that the port connected to the Linux02 machine is the mirror source and the port connected to the LinuxO 1 machine is the mirror destination. All the traffic present on the Linux02 port is forwarded to the LinuxO 1 port for examination. 1 . In the Internet Explorer window, click the 2. Point to the
14
Lab 2
Home
vSphere Web Client
icon and select Networking.
Using Port Mirroring
tab.
3. In the Navigator pane, select the dvs-Lab distributed switch. 4.
In the center pane, click the Configure tab and select Port
5. In the Port mirroring panel, click the
New
mirroring
on the left.
icon.
The Add Port Mirroring Session wizard appears. 6. On the Select session type page, leave Distributed Port Mirroring clicked and click Next. When you select this session type, distributed ports can only be local. If the source and destination ports are on different hosts, port mirroring between them does not work. The LinuxO I and Linux02 virtual machines both reside on sa-esxi-01 .vclass.local. 7. On the Edit properties page, configure the port mirroring session. a.
Select Enabled from the
Status
b.
Select Allowed from the
Normal
drop-down menu. 1/0
on destination ports
drop-down menu.
c. Keep the rest of the defaults and click Next. 8.
On the Select sources page, configure the port mirroring source. a.
Click the Select distributed ports icon. Select sources Select the source distributed po
� Port ID
+�� Host
b. In the Select Ports dialog box, select the check box for the row with a connected entity of Linux02 and click OK. c. Click Next. 9. On the Select destinations page, configure the port mirroring destination. a. Click the
Select distributed ports
icon.
b. In the Select Ports dialog box, select the check box for the row with a connected entity of LinuxO I and click OK. c. Click Next. 1 0 . On the Ready to complete page, review the settings and click Finish.
Lab 2
Using Port M i rroring
15
Task 3: Verify That Port M i rro ring Is Capturing Traffic With mirroring between ports configured, you view the t cpdump command output and verify that any ICMP traffic appearing on the Linux02 port is duplicated on the LinuxO 1 port. 1 . In the Internet Explorer window, click the
Linux02
console tab.
2 . Verify that the p i ng command is still reaching the default router IP address. 3 . Click the LinuxO l console tab. 4.
In the LinuxO 1 console, examine the
t cpdump
output in the terminal window.
The output looks similar to the screenshot. Linux01
Ip 1'?1. ./.H.11./.H1 > 1'?1. ./.H.1H.1H: ICMP 'I �-}7.1 , lc1111th f14 1J :I. J:/. ll . '.1 144 '? ') II' 1'?1. ./.H.1H.1H > Ul..1.H.11 ./.H1: ICM!'
11 : 1.:1: /.H. 'i 13'J'JH
'.124,
Icnqth 64
Ll:/.J:2'J.'.,14b21l
ci
'1/.�1,
Icnuth h4
U:2J:?.'J.�1l�>l'.16 '1/.'1,
II'
UZ.ZH.11./.Hl
IP
1'12./.H.lU.lU
> >
P.cho
r�f(llf-".'St 1 l
(!t:hll
I' ql
lJ ,
id
li/..ZH.lH.lU:
ICM!'
echo
re4uest,
U2.2H.11.2Ul:
ICMP
t:cho
repltJ,
id
i Shut Down Guest
to confirm the shutdown operation.
d. Repeat steps b and c to shut down Linux02. 1 3 . Point to the Home icon and select Home. 16
Lab 2
Using Port Mirroring
OS.
Lab 3 Policy-Based Storage
Objective: Use policy-based storage to create tiered storage In this lab, you perform the following tasks: 1 . Add Datastores for Use by Policy-Based Storage 2 . Use vSphere Storage vMotion to Migrate a Virtual Machine to the Gold Datastore 3 . Configure Storage Tags 4.
Create Virtual Machine Storage Policies
5 . Assign Storage Policies to Virtual Machines Task 1 : Add Datastores for Use by Policy-Based Storage You create two small datastores for use by your vCenter Server instance as simple tiered storage. Each datastore is approximately 8 GB in size. 1 . If you are logged out of vSphere Web Client, log back in. 2. Point to the
Home
icon and select Storage.
3 . Create a datastore named Gold. a. In the Navigator pane, right-click SA Datacenter and select Storage >
New Datastore.
The New Datastore wizard appears. b. On the Location page, click Next. c . On the Type page, leave VMFS clicked and click Next. d. On the Name and device selection page, enter Gold in the Datastore name text box. e. In the Select
a host to view its accessible disks/LUNs
list, select sa-esxi-02. vclass.local. 17
f.
In the disk/LUN l ist, select the entry for the lowest LUN number attached to an iSCSI device. Local drives are labeled as Local VMware Disk. Do not select these drives.
g. If iSCSI devices are not present, ask the instructor for instructions on how to add them. h. Click Next. 1.
On the VMFS version page, leave VMFS
J.
On the Partition configuration page, keep the defaults and click
6
clicked and click
Next. Next.
k. On the Ready to complete page, review the settings and click Finish. I. 4.
Verify that the Gold datastore appears in the Navigator pane.
Create a datastore named Silver. a. In the Navigator pane, right-click SA Datacenter and select Storage >
New Datastore.
The New Datastore wizard appears. b. On the Location page, click
Next.
c. On the Type page, leave VMFS clicked and click Next. d. On the Name and device selection page, enter Si lver in the e. In the Select f.
a host to view its accessible disks/LUNs
Datastore name
list, select sa-esxi-02.vclass.local.
In the disk/LUN list, select the entry for the lowest LUN number attached to an iSCSI device and click Next. Local drives are labeled as Local VMware Disk. Do not select these drives.
g. On the VMFS version page, leave
VMFS 6
cl icked and click Next.
h. On the Partition configuration page, keep the defaults and click
18
text box.
Next.
1.
On the Ready to complete page, review the settings and click Finish.
J.
Verify that the Silver datastore appears in the Navigator pane.
Lab 3
Policy-Based Storage
Task 2: Use vSphere Storage vMotion to Mig rate a Virtual Mac h i ne to the Gold Datasto re Use VMware vSphere® Storage vMotion® to migrate the VMO l virtual machine to the Gold datastore. 1 . Power on VMO l . a. Point to the Home icon and select Hosts and Clusters. b. Right-click VMO l and select Power > Power
On.
c . When VMO l i s powered on, go to the next step. 2. In the Navigator pane, right-click VMOl and select Migrate. The Migrate wizard appears. 3. On the Select the migration type page, click Change storage only and click Next. 4.
On the Select storage page, select the Gold datastore, leave all other settings at their default values, and click Next.
5. On the Ready to complete page, click Finish. 6. In the Recent Tasks pane, monitor the migration task to completion. 7. Verify that the migration was successful. You might have to refresh vSphere Web Client to see that the migration has completed. a. In the left pane, select VMO l. b. In the center pane, click the
Datastores
tab and verify that the Gold datastore is listed.
Task 3: Confi g u re Storage Tags You create the tags necessary to implement simple tiering. The Storage Tiers tag category contains the Gold and Silver identifier tags associated with individual datastores. 1 . Point to the
Home
icon and select Tags & Custom Attributes from the list.
2. In the center pane, click the Tags tab.
Lab 3
Policy-Based Storage
19
3. Configure a new tag category and the Gold Tier identifier tag. a. In the Tags panel, click the
[
Tags
1
Categories
New tag icon.
J
Tag Name
b. From the
Category
drop-down menu, select New Category.
The dialog box expands to include both tag and category configuration options. Categories can be created only as part of the identifier tag creation process. c . In the
Name
text box, enter Gold
d. In the
Category Name text
Tier.
box, enter Storage
Tiers.
e. Keep the default values for the remaining settings and click OK. 4.
Create a Silver Tier identifier tag. a. In the center pane, click the New Tag icon. b. In the
Name text
box, enter
Silver Tier.
c. Select Storage Tiers from the
Category
drop-down menu and click OK.
5. Assign the Gold Tier tag to the Gold datastore. a. Point to the Home icon and select Storage. b. In the left pane, right-click the Gold datastore and select Tags &
Custom Attributes >
Assign Tag.
c . Select the Gold Tier tag and click Assign. d. In the left pane, select the Gold datastore . e . In the center pane, click the f.
20
Summary tab.
In the Tags panel, verify that the Gold Tier tag is associated with the Gold datastore.
Lab 3
Policy-Based Storage
6. Assign the Silver Tier tag to the Silver datastore . a. Right-click the Silver datastore and select
Tags & Custom Attributes > Assign Tag.
b. Select the Silver Tier tag and click Assign. c . In the left pane, select the Silver datastore. d. In the center pane, click the
Summary tab.
e. In the Tags panel, verify that the Silver Tier tag is associated with the Silver datastore . Task 4 : C reate Virtual Machin e Storage Policies You assign storage policies to virtual machines and specify the configuration settings to be enforced. 1 . Point to the
Home
icon and select Policies
and Profiles.
2. In the left pane, click VM Storage Policies. 3 . Create a Gold Tier storage policy. a. In the VM Storage Policies panel, click the Create VM Storage Policy icon.
§3 VM storage Policies VM storage Policies
Storage Po lie\
�Create VM Storage Policy...
/I
The Create New VM Storage Policy wizard appears. b. On the Name and description page, enter Gold click Next.
Tier Policy
in the Name text box and
c. On the Policy structure page, review the information and click Next. d. On the Common rules for data services provided by hosts page, click Next. e. On the Rule-set 1 page, select Tags from category from the list. f.
From the Tags from category drop-down menu, select
g. Click Add tags, select the
Gold T ier
Storage T iers.
check box, and click OK.
h. Click Next.
4.
1.
On the Storage compatibility page, verify that the Gold datastore is listed under Compatible storage and click Next.
J.
On the Ready to complete page, click Finish.
Repeat step 3 to create a Silver Tier policy, using the Silver Tier tag. Lab 3
Policy-Based Storage
21
Task 5: Assign Storage Policies to Vi rtual Machi nes You assign the Gold and Silver storage policies to individual virtual machines and mitigate compliance issues. 1 . Power off VMO 1 . A storage policy can be assigned to a virtual machine while the virtual machine is either powered on or powered off. a. Point to the Home icon and select Hosts and Clusters. b. Right-click VMO l and select Power > Power
Off.
c . Click Yes to confirm the power-off operation. 2. Apply the Gold Tier storage policy to the VMO 1 virtual machine. a. In the left pane, right-click VMOl and select VM Policies > Edit VM Storage Policies. b. In the Edit VM Storage Policies dialog box, select Gold T ier Policy from the policy drop-down menu and click Apply to all.
VM storage
c. In the list, verify that the Gold Tier policy is assigned to VM home and Hard disk 1 and click OK d. In the left pane, select VMO l. e. In the center pane, click the f.
Summary tab.
In the VM Storage Policies panel, verify that Gold Tier Policy appears and that VMO l is compliant. The VMO 1 virtual machine is compliant because it was already moved to a policy appropriate datastore . .,.
VM storage Policies
D
VM Storage Policies
� Gold Tier Policy
VM Storage Policy Compliance
� Compliant
Last Checked Date
111312016 2 59 PM Check Compliance
22
Lab 3
Policy-Based Storage
3.
Apply the Silver Tier storage policy to the VM02 virtual machine. a. In the left pane, right-click VM02 and select VM Policies> Edit VM Storage Policies. b. In the Edit VM Storage Policies dialog box, select Silver Tier Policy from the VM storage policy drop-down menu and click Apply to all. c. In the list, verify that the Silver Tier policy is assigned to VM home and Hard disk 1 and click OK d. In the left pane, select VM02. e. In the center pane, click the f.
Summary tab.
In the VM Storage Policies panel, click the
Check Compliance
link.
g. Verify that Silver Tier Policy appears and that VM02 is not compliant. The VM02 virtual machine is noncompliant because its virtual disk is stored on a datastore that is not tagged as a part of the assigned policy. ...
VM S1orage Policies
D
VM Storage Policies
ijj Silver Tier Policy
VM Storage Policy Compliance
O
Last Checked Date
11!3!2015 3:02 PM
Noncompliant
Check Compliance .:::t
4.
Remediate the compliance issue for VM02. a. In the left pane, right-click VM02 and select
Migrate.
The Migrate wizard appears. b. On the Select the migration type page, click Change storage only and click Next. c. On the Select storage page, select the Silver datastore in the datastore list and click
Next.
With a virtual machine storage policy assigned to the VM02 virtual machine, datastores are listed as either Compatible or Incompatible. d. On the Ready to complete page, review the migration details and click Finish. e. In the Recent Tasks pane, monitor the migration task to completion. The migration must complete successfully. 5. Verify that VM02 is reported as compliant. a. In the center pane, click the
Check Compliance
link in the VM Storage Policies panel.
b. Verify that the status changes to Compliant. 6. Point to the
Home
icon and select Home. Lab 3
Policy-Based Storage
23
24
Lab 3
Policy-Based Storage
Lab 4 Managing Datastore Clusters
Objective: Create a datastore cluster and work with vSphere Storage DRS In this lab, you perform the following tasks: 1 . Create a Datastore Cluster with vSphere Storage DRS Enabled 2 . Evacuate a Datastore Using Datastore Maintenance Mode 3. Run vSphere Storage DRS and Apply Migration Recommendations 4.
Clean Up for the Next Lab
Task 1 : C reate a Datastore Cluster with vSphere Storage DRS Enab led You create a datastore cluster that is enabled for VMware vSphere® Storage DRS™. The Gold and Silver datastores are reused as members of the cluster. 1 . If you are logged out of vSphere Web Client, log back in. 2. Point to the
Home
icon and select Storage.
3. In the left pane, right-click S A Datacenter and select Storage> New Datastore
Cluster.
The New Datastore Cluster wizard appears. 4.
On the Name and location page, name the datastore cluster and enable vSphere Storage DRS. a. In the Datastore cluster
name
text box, enter Cluster-DRS.
b. Leave the Turn ON Storage DRS check box selected and click Next.
25
5. On the Storage DRS Automation page, view the automation settings. a. Leave
No Automation (Manual Mode)
selected.
b. Keep the rest of the defaults and click Next. 6. On the Storage DRS Runtime Settings page, keep the defaults and click Next. 7. On the Select Clusters and Hosts page, select the SA Management check box on the and click Next. 8.
Filter tab
On the Select Datastores page, select the datastores for the datastore cluster. a. Select Show all datastores from the drop-down menu. b.
Select the Gold and Silver check boxes and click
Next.
9. On the Ready to Complete page, review the configuration summary and click Finish. In a production environment, the best practice is to select datastores that are connected to all hosts in the cluster and to group them by storage capabilities. 10.
In the left pane, expand
and verify that the Gold and Silver datastores appear.
Cluster-DRS
..... IJ sa-vcsa-01.vclass.local ..,.. JIT3. SA Datacenter ..,.. �Cluster-DRS
§I Gold §I Silver 11.
View information about the Gold datastore. a. In the left pane, select the
Gold
b. In the center pane, click the
datastore .
VMs
tab.
c. Verify that the datastore contains only one virtual machine. 12.
View information about the Silver datastore. a. In the left pane, select the
Silver
b. In the center pane, click the
datastore.
VMs
tab.
c. Verify that the datastore contains only one virtual machine.
26
Lab 4
Managing Datastore Clu sters
1 3 . View information about the datastore cluster. a. In the left pane, select Cluster-DRS. b. In the center pane, click the
Configure
tab and click Storage DRS on the left.
c . In the vSphere Storage DRS panel, expand each item and verify the settings. •
Cluster automation level is set to No Automation (Manual Mode).
•
Space threshold is 80 percent.
•
1/0 metrics for vSphere Storage DRS recommendations are enabled.
•
Imbalances are checked every 8 hours.
•
Minimum space utilization difference is 5 percent.
Task 2: Evacuate a Datasto re Using Datastore Mai ntenance Mode You place a datastore in maintenance mode to demonstrate the capabilities of vSphere Storage DRS. 1 . Put the Silver datastore in maintenance mode. a. In the left pane, right-click the b.
Silver
datastore.
Select Maintenance Mode> Enter Maintenance Mode.
c . In the SDRS Maintenance Mode Migration Recommendations dialog box, read the provided recommendation description. d. Click Apply Recommendations. e. If prompted to apply recommendations despite warnings, click Yes. The VM02 virtual machine is migrated to the Gold datastore . f.
In the Recent Tasks pane, monitor the migration task to completion.
2. In the left pane, verify that the Silver datastore is in maintenance mode.
�r�·1!2.
� ...... � sa-vcsa-01.vclass.local ....,.. fil SA Datacenter ....,.. �Cluster-DRS �Gold
I� 3 . Click the
Silver
Refresh
I
icon in the vSphere Web Client interface.
Lab 4
Managing Datastore Clusters
27
4.
View information about the Silver and Gold datastores. a.
Select the Silver datastore.
b. In the Details panel of the Summary tab, verify that zero virtual machines are stored on the Silver datastore. c . Select the Gold datastore. d. In the Details panel of the Gold datastore.
Summary
tab, verify that two virtual machines are stored on the
5 . Take the Silver datastore out o f maintenance mode. a. Right-click the Silver datastore and select Maintenance Mode> Exit Maintenance Mode. b. Verify that the Silver datastore icon no longer indicates maintenance mode. 6. Point to the
Home
icon and select Hosts and Clusters.
7. Power on the VMO l and VM02 virtual machines. Task 3: Run vSphere Storage DRS and Apply M i g ration Recommendations You configure vSphere Storage DRS to maintain a balance in usage across all datastores in a cluster. The cluster imbalance is mitigated by using vSphere Storage DRS recommendations. 1 . Point to the Home icon and select Storage. 2. In the left pane, select Cluster-DRS. 3. In the center pane, click the Configure tab and select Storage DRS on the left. 4.
Configure vSphere Storage DRS so that recommendations are reported. a. In the vSphere Storage DRS panel, click
Edit.
b. In the Edit Storage DRS Settings dialog box, expand the section.
Storage DRS Automation
c. Next to Space Threshold, drag the Utilized Space slider to the far left to set the threshold to 50 percent. The imbalance between the Gold and Silver datastore util ization is detected at a 50 percent space threshold trigger. d. Click OK.
28
Lab 4
Managing Datastore Clu sters
5. Run vSphere Storage DRS and review recommendations. a. In the center pane, click the Monitor tab and click Storage DRS. b. Select Recommendations on the left and click Run Storage DRS
Now.
A vSphere Storage DRS recommendation appears in the recommendation list. c. Review the recommendation and reason. vSphere Storage DRS recommends the migration of the VM02 Hard disk 1 . 6. Examine the vSphere Storage DRS recommendation alarm. a. In the center pane, click the Summary tab and find the yellow vSphere Storage DRS recommendation alarm. The administrator can reset the recommendation alarm manually. The vSphere Storage DRS recommendation alarm is reset when the recommendation is applied. 7. Apply the vSphere Storage DRS recommendation. a. In the center pane, click the
Monitor tab.
b. In the bottom-right corner of the Storage DRS Recommendations panel, click Apply Recommendations.
c. In the Recent Tasks pane, monitor the migration task to completion. 8 . In the center pane, click the Summary tab and verify that no alarms appear. 9. Review vSphere Storage DRS history. a. In the center pane, click the
Monitor tab.
The Storage DRS panel should appear. b. Below the
Recommendations
link, click the
History
link.
c. Verify in the vSphere Storage DRS history that Hard disk 1 for VM02 was migrated from Gold to Silver. d. Verify in the vSphere Storage DRS history that Hard disk 1 for VM02 was migrated from Silver to Gold. This migration occurred when the Silver datastore was placed in maintenance mode.
Lab 4
Managing Datastore Clusters
29
Task 4 : C lean U p for the Next Lab You remove the vSphere Storage DRS cluster to prepare for the next lab. 1 . Point to the
Home
icon and select Hosts and Clusters.
2. Power off the VMO l and VM02 virtual machines. 3. Delete the vSphere Storage DRS cluster. a. Point to the Home icon and select Storage. b. In the left pane, right-click Cluster-DRS and select Delete. c . When prompted, click Yes to delete the datastore cluster. d. After the cluster is deleted, verify that the Gold and Silver datastores appear in the left pane, directly under the data center. 4.
30
Point to the
Lab 4
Home
icon and select Home.
Managing Datastore Clu sters
Lab 5 Working with Virtual Volu mes
Objective: Configure N FS- and iSCSl-backed virtual volumes In this lab, you perform the following tasks: 1 . Register the Storage Provider 2 . Create a NAS-Backed Virtual Volume Datastore 3. Create an iSCSI-Backed Virtual Volume Datastore Task 1 : Register the Storage Provider You register the storage provider, and you confirm its URL and version. You also view the storage systems that are made available by the storage provider. 1 . In vSphere Web Client, point to the Home icon and select Hosts
and Clusters.
2. At the top of the left pane, select sa-vcsa-01.vclass.local (your VMware vCenter® Server Appl iance™ instance). 3. In the center pane, click the Configure tab and select Storage Providers on the left side. 4.
In the center pane, click the Register a new storage provider icon. Storage Providers
31
5. In the New Storage Provider dialog box, configure the VASA storage provider. Option
Action
Name
Enter VASAS ource.
URL
Enter https : I /1 72 . 2 0 . 1 0 . 97 : 8 4 4 3 /vasa /ver sion . xml .
User name
Enter u sername .
Password
Enter pas sword.
6. Click OK. 7. Click Yes to acknowledge and accept the self-signed certificate warning. 8 . Validate that the VASASource storage provider appears in the
Storage Providers
list.
Q1.
I n the storage providers win dow, what i s the storage provider U R L for VASASource?
Q2.
Which version of vSphere API for Storage Awareness ap pears in the VASA API Ve rsion column?
Q3.
Which types of storage systems are l isted for this storage provider?
Task 2: Create a NAS-Backed Vi rtual Vo l u me Datasto re You mount a virtual volume datastore by using an NFS protocol endpoint. 1 . Create a virtual volume datastore by using the NFS container. a. Point to the Home icon and select Hosts and Clusters. b. In the left pane, right-click sa-esxi-01 .vclass.local and select Storage > New Datastore. The New Datastore wizard appears. c . On the Type page, click VVol and click Next. d. On the Name and container selection page, enter SA-NAS -VVo l in the Datastore text box. e. From the f.
32
Backing Storage Container
l ist, select SA-NFS -vVol and click Next.
On the Ready to complete page, click Finish. Lab 5
Wo rking with Virtual Volumes
name
2. Validate the new datastore by creating a folder in it. a. Point to the Home icon and select Storage. b. In the left pane, select the
SA-NAS -VVol
datastore.
c. In the center pane, click the
Files
d. In the center pane, click the
Create a new folder
�
I
tab. icon.
>C
e. In the Create a new folder window, enter SA-NAS in the Enter a name fo r the new folder text box and click Create. The creation of the folder validates that the datastore is available. Task 3: Create an iSCSl -Backed Virtual Vol ume Datastore You create a virtual volume datastore that is backed by an iSCSI protocol endpoint. 1 . Create a virtual volume datastore that uses the iSCSI storage container. a. In the left pane, right-click SA Datacenter and select Storage> New Datastore. The New Datastore wizard appears. b. On the Location page, click Next. c . On the Type page, click VVol and click Next. d. On the Name and container selection page, enter SA- iSCS I -VVol in the text box.
Datastore name
e. In the Backing Storage Container list, select SA-iSCSI-vVol and click Next. f.
On the Select hosts accessibility page, select the click Next.
sa-esxi-0 1 .vclass.local
check box and
g. On the Ready to complete page, click Finish. 2. In the Recent Tasks pane, monitor the Create Virtual Volume datastore task to completion. 3. After the task completes, click the Refresh icon in vSphere Web Client.
Lab 5
Working with Virtual Volumes
33
4.
In the left pane, verify that SA-iSCSI-VVol appears in the list. After a short while, the datastore is marked as inactive. Q1 .
Why is the virtual volume datastore that is backed by the iSCSI container marked as i nactive?
5. Create a folder on the datastore and validate that the folder is not available. a. In the left pane, select the
SA-iSCS I-VVol
datastore.
b. In the center pane, click the
Files
tab.
c . In the center pane, click the
Create a new folder
d. In the Create a new folder window, enter folder text box and click Create.
icon.
SA- iSCSI
in the Enter a name
for the new
The folder creation fails, validating that the datastore is not accessible. e . Close the folder creation failure alert. 6. Add the Storage Provider as a target to the host's iSCSI storage adapter. a. Point to the Home icon and select Hosts
and Clusters.
b. In the left pane, select sa-esxi-0 1.vclass.local. c. In the center pane, click the d. Scroll through the
Configure
Storage Adapters
tab and select Storage Adapters on the left.
list until the iSCSI software adapter is visible.
e. Select vmhba##, the iSCSI software adapter. f.
In the Adapter Details panel, click the Paths tab.
g.
Scroll through the list. Several paths appear in the 1 ist.
h. 1.
Click the Targets tab and click Add. In the Add Send Target Server window, enter 1 7 2 . 2 0 . 1 0 . 97 in the iSCSI Server text box. 1 72.20. 1 0.97 is the IP address of the VASA storage provider.
J.
34
Click OK
Lab 5
Wo rking with Virtual Volumes
k. In the center pane, click the Rescan all storage adapters icon.
storage Adapters
l. In the Rescan Storage window, click OK. m.
In the Adapter Details panel, click the
Paths
tab.
n. Verify that LUN 260 appears in the list. LUN 260 is the LUN on which the SA-iSCSI-VVol datastore is located. 7. Point to the
Home
icon and select Storage.
8 . In the left pane, verify that the SA-iSCSI-VVol datastore i s not inactive. 9. If the datastore appears as inactive, click the
Refresh
icon in vSphere Web Client.
1 0 . Verify that the datastore is accessible. a. In the left pane, select the
SA-iSCS I-VVol
b. In the center pane, click the
datastore.
Create a new folder
c. In the Create a new folder window, enter
icon on the Files page.
SA- iSCSI
in the text box and click Create.
The creation of the folder validates that the datastore is available. 1 1 . Point to the Home icon and select Home.
Lab 5
Working with Virtual Volumes
35
36
Lab 5
Wo rking with Virtual Volumes
Lab 6 Creating a Content Library
Objective: Create a multisite content library In this lab, you perform the following tasks: 1 . Create a Content Library 2 . Upload Data to the New Content Library 3. Create a Subscriber Content Library 4.
Clone a Template to the Source Library
5.
Synchronize the Content Libraries
6. Deploy a Virtual Machine from the Library Task 1 : Create a Co ntent Library You configure a local content library that you publish externally for other content libraries to subscribe to. 1 . In vSphere Web Client, point to the Home icon and select Content 2. In the center pane, click the Objects tab and click the
f§J
Libraries.
Create a new content library
icon.
Content Libraries
G etti n g Started
Objects
37
3. On the Name and location page, name the content library and verify the vCenter Server location. a. In the
Name text
box, enter
SA- Source.
b. In the vCenter Server drop-down menu, verify that sa-vcsa-01.vclass.local is selected and click Next. 4.
On the Configure content library page, configure a local content library. a. Leave
Local content library
b. Select the Publish c.
check box.
Select the Enable authentication check box.
d. In the e.
externally
selected.
Password
and Confirm password text boxes, enter the standard lab password.
Click Next.
5. On the Add storage page, select the datastore to use for the content library. a. Click Select a
datastore.
b. Click SA-Source and click Next. 6. On the Ready to complete page, click Finish. 7. Verify that the content library appears in the list. Task 2: U pload Data to the New Content Library You upload an Open Virtualization Format (OVF) file from your student desktop to the new content library. 1 . In the center pane, right-click the
SA-Source
library and select Import
Item.
2. In the Import Library Item window, click Local file and click Browse. 3. In the Choose File to Upload window, click the Desktop icon on the left bar. 4.
Double-click the Class Materials
5 . In the
Downloads
and Licenses
folder, double-click the
folder and double-click the Downloads folder.
SampleVM
folder.
6. Double-click SampleVM.ovf. 7. In the Select referenced files window, click Browse. 8.
Select the
SampleVM-1 .vmdk file,
click Open, and click OK.
9. Click OK. 1 0 . View the Recent Tasks pane to monitor the task to completion.
38
Lab 6
Creating a Content Library
1 1 . After the task is complete, click the name of the content library in the center pane to open the content library. 1 2 . In the left pane, click the
Templates
link.
The uploaded SampleVM template is listed in the left pane. Task 3: Create a Su bscri ber Co ntent L i b rary You configure a content library that is subscribed to the first library. 1 . At the top of the left pane, click the navigation back arrow until the Content Libraries center pane appears. 2 . Copy to the clipboard the link to the local content library. a. In the center pane, click the
SA-Source
link.
b. In the center pane, click the Summary tab and scroll down until the Publication panel appears. c . In the Publication panel, click Copy Link. 3. Point to the Home icon and select Content 4.
Libraries.
In the center pane, click Create a new content
library.
The New Content Library wizard appears. 5. On the Name and location page, name the content library and verify the vCenter Server location. a. In the
Name text
box, enter SA-Subscriber.
b. In the vCenter Server drop-down menu, verify that sa-vcsa-0 1.vclass.local is selected. c. Click Next. 6. On the Configure content library page, configure a subscribed content library. a. Click Subscribed content library. b. Click the
Subscription URL
text box and press Ctrl+V.
The subscription URL is pasted into the text box. If Ctrl+ V does not work, you must enter the URL manually. c.
Select the
d. In the
Enable Authentication
Password text
check box.
box, enter the standard lab password.
e . Click Download library content only when f.
needed.
Click Next. Lab 6
Creating a Content Library
39
7. On the Add storage page, select the
SA-Subscriber
datastore and click
Next.
8 . On the Ready to complete page, click Finish. 9. View the Recent Tasks pane to monitor the task to completion. 1 0 . View the contents of the content library subscriber. a. In the left pane, select the
SA-Subscriber
library.
b. In the center pane, click the Templates tab. c. On the Templates tab, verify that the SampleVM template is present. This virtual machine template is the same one that is in the source content library. d. Verify that the Stored Content Locally column indicates No. The SA-Subscriber library is configured to download library content only when needed. As a result, only the template 's metadata has been synchronized. The actual template has not been synchronized with the SA-Subscriber library, because it is not needed yet. 1 1 . Turn off enable automatic synchronization. a. In the center pane, click the
Summary tab.
b. In the Subscription panel, click the Edit
Settings
link.
c. Deselect the Enable automatic synchronization with the external content library check box. d. Even though the Password text box appears to be populated, reenter the standard lab password. Otherwise, the process fails. e. Click OK. f.
40
In the Subscription panel, verify that automatic synchronization is off.
Lab 6
Creating a Content Library
Task 4 : C l one a Tem p late to the Source L i b rary You use vSphere Web Client to clone a virtual machine template into the published content l ibrary. 1 . Point to the
Home
icon and select Hosts and Clusters.
2. In the left pane, right-click the
VMO l
virtual machine and select Clone >
Clone to Template
in Library.
The Clone to Template in Content Library window appears. 3. In the 4.
Filter
Append
tab, select the
-Library
SA-Source
library.
to the virtual machine name in the
Template name
text box and click
OK.
5. In the Recent Tasks pane, view the tasks that start up and monitor the tasks to completion. 6. View the template list in both libraries. a. Point to the Home icon and select Content Libraries. b. In the left pane, select the
SA-S ource
library.
c. In the center pane, click the Templates tab and verify that both templates are listed. d. In the left pane, select the
SA-Subscriber
library.
e. In the center pane, view the Templates tab and verify that only the original template is listed. Task 5: Synch ron ize the Co ntent Libraries You use vSphere Web Client to synchronize the content libraries. 1 . In the center pane at the top, click the
� SA_Subscriber Getti n g Started
S u m m a ry
Synchronize
@ Act i o n s ... C o nt l g u re
Templates
I
icon.
Oth e r Typ e s
2 . In the Recent Tasks pane, monitor the task to completion. The synchronization might take a few minutes to complete. You might need to press the synchronization icon a few times before you see both files. 3 . Verify that both the virtual machine templates appear in the SA-Subscriber library.
Lab 6
Creating a Content Library
41
Task 6: Dep loy a Virtual Mac h i ne from the L i b rary You use vSphere Web Client to deploy a new virtual machine from the VMO I -Library template available in the SA-Subscriber library. I . In the left pane, select the
SA-Subscriber
library.
2. In the center pane, right-click VMOl-Library and select New VM
from T his Template.
The New Virtual Machine from Content Library wizard appears. 3. On the Select name and location page, name the virtual machine and select the inventory tree location. a. In the b. 4.
Name text box,
enter VM0 3 .
Select SA Datacenter and click Next.
On the Select a resource page, expand click Next.
SA Management,
select sa-esxi-01.vclass.local, and
5. On the Review details page, click Next. 6. On the Select storage page, configure the virtual disk format and select a datastore. a.
Select Thin provision from the Select virtual disk format list.
b.
Select None from the VM storage policy list.
c. In the
Filter > Datastores
tab, click
SA-Shared-01 -Remote
and click
Next.
7. On the Select networks page, keep the default and click Next. 8 . On the Ready to complete page, click Finish. 9. View the Stored Content Locally column. The column value changed to Yes because this template is now needed because it is used to deploy a virtual machine. 1 0 . In the Recent Tasks pane, view the tasks that are started and monitor the tasks to completion. 1 1 . Verify that the virtual machine is deployed. a. Point to the Home icon and select Hosts and Clusters. b. In the left pane, verify that the VM03 virtual machine is displayed in the inventory. 1 2 . Point to the
42
Lab 6
Home
icon and select Home.
Creating a Content Library
Lab 7 Host Profiles
Objective: Use host profiles and manage compliance In this lab, you perform the following tasks: 1 . Create and Export a Host Profile 2 . Import a Host Profile 3. Attach an ESXi Host to the Imported Host Profile 4.
Run an Initial Compliance Check
5. Introduce a Configuration Drift 6. Run a Compliance Check and Remediate the Configuration Drift 7. Detach the Host Profile Task 1 : Create and Export a Host Profile A host profile is a configuration template that is applied to any or all ESXi hosts in a cluster to verify and enforce specific configuration rules. Normally, a host profile has a reference host. You export a profile for importation. The imported profile lacks a reference host. 1 . In vSphere Web Client, point to the Home icon and select Policies and Profiles. 2. In the left pane, select Host Profiles.
43
3. Extract a host profile from an ESXi host. a. In the Objects panel, click the Extract profile from a host icon (green plus sign). The Extract Host Profile wizard appears. b. On the Select Host page, click sa-esxi-0 1 .vclass.local and click Next. c. On the Name and Description page, enter Loca l - Profile in the Name text box and click Next.
d. On the Ready to complete page, click Finish. e . In the Recent Tasks pane, monitor the task to completion. 4.
Export the host profile to a file. a. In the center pane, right-click the new profile and select Export Host Profile. b. In the warning message box, click Save. c. Navigate to the desktop of the student machine and save the profile as p ro f i l e . vp f .
Task 2 : I m port a Host P rofi le You import the host profile that you exported in task 1 . Because host profiles do not store the reference host, host profiles can easily be imported and exported. 1 . At the top of the Objects panel, click the Import Objects
+ �
I flt
1
Host Profile
icon.
'--�����-
Extract proL
I m p ort H o s
Lo c a l- P rofile
.. HJ 1.
....
D u p l i cate . .
C o m p l i ant Ho:rts 0
2. In the Import Host Profile dialog box, import the host profile that you previously saved. a. Click Browse, navigate to the desktop of the student machine, select the profile.vpf file, and click Open . b. Enter
Imported- Profile
in the
Name
text box and click OK.
c. In the Recent Tasks pane, monitor the task to completion.
44
Lab 7
Host Profiles
Task 3: Attach an ESXi H ost to the I m ported H ost Profile Hosts and clusters can be attached or detached from a host profile in the host profiles view or in the Hosts and Clusters inventory. 1 . In the Objects panel, click the
Imported-Profile
link to navigate to that object.
2. In the center pane, click the Configure tab. You can review and edit the comprehensive list of configuration settings that define the host profile. 3.
Select Attach/Detach Hosts and Clusters from the Actions drop-down menu. IJJ- Imported-Profile Getting Started
'HJ rn ilJ' � �
S u m m ary
Monitor
{§} Acti o n s
Configun
...
11'.J Actions - Imported-Profile � C h e c k Host Profile C o m p l i a n c e
q�
.� R e m e diate.
Settings
View:
Atta ch/Detach Hosts a n d Clusters...
The Attach/Detach Hosts and Clusters wizard appears. 4.
On the Select hosts/clusters page, attach sa-esxi-0 1 .vclass.local to the host profile. a. In the Host/Cluster list, expand the SA Management cluster and select sa-esxi01. vclass.local.
b. Click Attach> to move the selected host to the list on the right and click Next. A list of settings that can be customized for the first ESXi host appears. The customized values are prepopulated based on information extracted from the selected host. c. Review the host customization settings and click Finish. d. In the Recent Tasks pane, monitor the task to completion.
Lab 7
Host Profiles
45
Task 4 : Run an I n itial Compliance Ch eck You run a compliance check to verify the attached host configuration against all the settings that are specified by the host profile. 1 . In the center pane, click the Monitor tab and click Compliance. 2.
Select sa-esxi -01.vclass.local and click the Getting Started
[
Issues
I
S c h e d u l e d Tasks
���
H ost/C I usle r
I�
S u m m a ry
r
Monitor
Compliance
[f
sa-esxi- 0 1 .vc l a s s . l o c a l
Check Host Profile Compliance
C o nfigure
icon.
H o sts
1 H ost C o m p l i a n c e
®
U n kn own
3 . In the Recent Tasks pane, monitor the compliance check to completion. 4.
Select the ESXi host and view the compliance information near the bottom of the panel . The host is not compliant, because the IPv6 vmknic gateway configuration does not match the specification.
5 . Resolve the IPv6 configuration issue occurring on the ESXi host. a. In the center pane, click the Configure tab. b.
Click
Edit Host Profile.
The Edit Host Profile wizard appears. c. On the Name and description page, click Next. d. On the Edit host profile page, expand Networking configuration > Host virtual e. Expand f.
dvs-SA Datacenter: pg-SA Management: management.
Select IP address settings.
g. In the right pane, from the Vnic Default gateway for explicitly choose the policy option and click Finish.
1Pv6 routing
h. In the Recent Tasks pane, monitor the task to completion.
46
NIC.
Lab 7
Host Profiles
list, select User
must
6.
Check the ESXi host for compliance. a. In the center pane, click the b.
Monitor
Select the ESXi host and click the
tab.
Check Host Profile Compliance
icon.
c. In the Recent Tasks pane, monitor the compliance check to completion. d. View the Compliance panel. e. Verify that the host is compliant. Task 5: I ntrod uce a Confi g u ration Drift You test host profile compliance verification and remediation by introducing a noncompliant change on the host. The noncompliant change is that you remove the vmnic2 adapter from the dvs-Lab distributed switch. 1 . Point to the
Home
icon and select Networking.
2. In the left pane, right-click the
dvs-Lab
distributed switch and select Add and Manage Hosts.
The Add and Manage Hosts wizard appears. 3. On the Select task page, select Manage host networking and click Next. 4.
On the Select hosts page, click Attached hosts.
5. In the Select member hosts window, select the 6.
sa-esxi-0 1.vclass.local
check box and click OK.
Click Next.
7. On the Select network adapter tasks page, deselect the and click Next.
Manage VMkernel adapters
check box
8 . On the Manage physical network adapters page, unassign the vmnic2 adapter on sa-esxi0 1 .vclass.local. a. Under the sa-esxi-0 1 . vclass.local, select vmnic2 and record the attached uplink. b.
Click Unassign adapter and click
Next.
c. Click OK in the warning message dialog box. 9. On the Analyze impact page, click Next. 1 0 . On the Ready to complete page, click Finish.
Lab 7
Host Profiles
47
Task 6: Run a Compl iance C heck and Remed iate the Confi g u ration Drift You run a compliance check to detect noncompliant configuration changes that were made to hosts attached to a host profile. 1 . Point to the
Home
icon and select Policies
2 . In the left pane, select Host
and Profiles.
Profiles.
3. In the left pane, select Imported-Profile. 4.
In the center pane, click Monitor > Compliance.
5.
Select the ESXi host and click the
6.
In the Recent Tasks pane, monitor the compliance check to completion.
Check Host Profile Compliance
icon.
7. In the Compliance panel, review the compliance categories. Q1.
How d o the resu lts of the compliance check d iffer from the compl iance check performed in task 4?
Q2.
In the new category, does the specific issue reported relate to the config uration change made in tas k 5?
8 . Remediate the host. a. Click the
Remediate host based on its host profile
Getting Started
[
Issues
I
S u m m ary
S c h e d u l e d Tasks
f
icon.
C1
Monitor
1
C o m p lian c e
H o st/ C l u st e r
Ii
sa-esxi-02 .vcl a s s .l ocal
The ESXi host is listed on the Ready to complete page .
48
Lab 7
Host Profiles
b. Click Pre-check Remediation. The precheck remediation takes several seconds to complete. Q3.
Will the host be put in maintenance mode?
For the host to enter maintenance mode, the virtual machines on this host must be powered off or moved to another host. All virtual machines on this host are currently powered off. c . Expand the ESXi host to review the host customization tasks to b e performed. d. Click Finish. 9. In the Recent Tasks pane, monitor the remediation and subsequent compliance check tasks to completion. 1 0 . Verify that the host is now compliant. 1 1 . Verify the action taken by host remediation. a. Point to the Home icon and select Networking. b. In the left pane, select the dvs-Lab distributed switch. c . In the center pane, click the
Configure
tab and click Topology on the left.
d. Verify that remediation automatically reconnected vmnic2 on sa-esxi-0 1 . vclass.local to the appropriate uplink. Task 7: Detach the H ost Profi le Detach the host profile from sa-esxi-01 .vclass. local. 1 . Point to the
Home
icon and select Policies
and Profiles.
2. In the left pane, click Host Profiles. 3. In the left pane, select Imported-Profile. 4.
In the center pane, select Attach/Detach Hosts menu.
and Clusters
from the Actions drop-down
The Attach/Detach Hosts and Clusters wizard appears. 5. On the Select hosts/clusters page, detach sa-esxi-0 1 .vclass.local from the host profile. a. In the Host/Cluster list on the right, select sa-esxi-0 1 .vclass.local. b. Click < Detach to move the selected host to the list on the left. c. Click Ne xt.
Lab 7
Host Profiles
49
6.
On the Customize hosts page, click Finish.
7. In the Recent Tasks pane, monitor the task to completion. 8 . Point to the
50
Lab 7
Home
icon and select Home.
Host Profiles
Lab B Using vSphere Auto Deploy
Objective: Configure vSphere Auto Deploy on vCenter Server Appliance to boot stateless hosts In this lab, you perform the following tasks: 1 . Create a Container for Autodeployed Hosts 2.
Start the vSphere Auto Deploy Service
3.
Start the vSphere ESXi Image Builder Service
4.
Import a Software Depot and Create a Custom Depot
5. Create a Custom Image Profile and Export the Image Profile 6.
Create and Activate a Deployment Rule
7. Configure DHCP 8.
Start the TFTP Service on vCenter Server Appliance
9. Review the Autodeployment Preparation Steps 1 0 . Prepare to Monitor ESXi Bootup During the Autodeploy Process 1 1 . Power On the ESXi Host and Monitor the Bootup Process 1 2 . Check the Host Profile Compliance of the Autodeployed Host
51
Task 1 : Create a Co ntai ner for Autodep loyed H osts You create a folder in the vCenter Server inventory into which autodeployed hosts are placed. A deploy rule assigns hosts to this folder. 1 . In vSphere Web Client, point to the Home icon and select Hosts
and Clusters.
2. In the Hosts and Clusters inventory tree, right-click S A Datacenter and select New Folder > New Host and Cluster Folder from the drop-down menu. 3 . Enter Auto-Deployed -Hosts in the folder name text box and click OK. At this stage, you can create clusters, folders, or other vSphere configurations to apply to autodeployed hosts. Deploy rules enable selective application of host profiles and destination containers to hosts that are booting up. Task 2: Start the vSphere Auto Dep loy Service The VMware vSphere® Auto Deploy™ capability is already installed on vCenter Server Appliance, but the service is not started by default. You start the service and set the startup type to automatic. 1 . Point to the 2.
Home
icon and select Home.
Select the vSphere Auto Deploy service. a. In the center pane, click the
System Configuration
icon under Administration.
b. In the left pane, select Services. c. Under Services, select Auto Deploy. 3 . Start the vSphere Auto Deploy service. a.
Select
Start
from the Actions drop-down menu.
b. In the center pane, view the Summary tab and verify that the service state is Running. 4.
Configure the vSphere Auto Deploy service to automatically start when vCenter Server starts. a. Select Edit Startup Type from the Actions drop-down menu. b. In the Edit Startup Type window, click Automatic and click OK. c . In the Summary tab, verify that the startup type is Automatic.
52
Lab 8
Using vSphere Auto Deploy
Task 3: Start the vSph ere ESXi I mage Bu ilder Service On vCenter Server Appliance, the VMware vSphere® ESXi™ Image Builder CLI capability is already installed, but the service is not started by default. 1 . In the left pane under Services, select ImageBuilder Service. 2.
Start the vSphere ESXi Image Builder service. a. Select Start from the Actions drop-down menu. b. In the center pane, view the Summary tab and verify that the service state is Running.
3. Configure the vSphere ESXi Image Builder service to automatically start when vCenter Server starts. a.
Select Edit Startup Type from the Actions drop-down menu.
b. In the Edit Startup Type window, select Automatic and click OK. c. In the Summary tab, verify that the startup type is Automatic. 4.
Make the Auto Deploy icon visible in vSphere Web Client. The Auto Deploy icon is not visible until you log out and log back in to vSphere Web Client. a. Log out of vSphere Web Client. b. Log in to vSphere Web Client as administrator@vsphere .local, using the standard lab password.
Task 4 : I m port a Software Depot and Create a C ustom Depot You use vSphere Web Client to import an ESXi software depot into vCenter Server and to create a custom software depot. I.
Point to the
Home
icon and select Home.
2. In the center pane, click the Auto Deploy icon under Operations and Policies.
Lab 8
Using vSphere Auto Deploy
53
3. Import an ESXi software depot into vCenter Server. a. In the center pane, click the Software Depots tab. b. Click the
Import software depot
icon.
� Auto Deploy Getting Started
Software Depots
lo.I .. ..... ....
c . In the
Name
text box, enter SA
d. Click Browse next to the
File
Depot.
text box.
e. In the Choose File to Upload window, navigate to f.
c : \M a t e r i a l s \ Downloads .
Select VMware-ESXi-6.5.0-depot.zip and click Open.
g. Click Upload and wait for the file to upload. h. When the file is successfully uploaded, click Close. i.
4.
Verify that the software depot appears in the list.
Create a custom software depot. a.
Click the Add Software Depot icon.
� Auto Deploy Getting Started
@] )j
Software Depots
(
l
q_ Filter
b. In the Add Software Depot dialog box, click Custom depot.
54
c. In the
Name
d. Click
OK.
Lab 8
text box, enter My
Depot.
Using vSphere Auto Deploy
Task 5: Create a C ustom Image Profile and Export the I mage Profi le You use vSphere Web Client to clone an image profile and export the profile to a ZIP archive. 1.
Clone an image profile. a. In the center pane, select SA Depot on the Software Depots tab. b. Under Image Profiles, select the image profile whose name ends in c. Click the
Clone image profile
-
no t o o l s -
.
icon.
Software Depot: SA Depot
f
I m a g e Profi l e s
I�
Clone...
I
1 1\)
Software P a c k a g e s
C o m p a re To . . .
.ij
J Ex1
The Clone Image Profile wizard appears. d. On the Name and details page, keep the default name in the
Name text
box.
e. In the Vendor text box, enter VMware. f.
From the
Software depot
list, select My Depot and click Next.
g. On the Select software packages page, view the various software packages and click h. On the Ready to complete page, click
Next.
Finish.
2. Verify that the clone is created. a. Select My Depot. b. Under Image Profiles, verify that the cloned image profile appears.
Lab 8
Using vSphere Auto Deploy
55
3. Export the image profile to a ZIP archive. a. Under Image Profiles, select the cloned image profile. b. Click the Export
the selected image profile as ISO or ZIP
icon.
Software Depot: My Depot
f
I m a g e Profi l e s
]
S oftware P a c k a g e s
J
+ I / )(
c. In the Export Image Profile dialog box, click ZIP. d. Click Generate image. e. When the image generation completes, click the Download image link . .,
I m a g e g e n e rated s u c c e s sfu l ! : Download i m a g e
A new Internet Explorer browser tab opens. f.
If you receive a security exception, click Continue to
this website (not recommended).
g. In the pop-up window, click Save as. h. Save the ZIP file to the desktop, using the default name.
56
1.
Click Close in the View Downloads - Internet Explorer window that opened when you downloaded the image.
J.
In the Export Image Profile dialog box, verify that the image is generated successfully and click Close.
Lab 8
Using vSphere Auto Deploy
Task 6: Create and Activate a Deployment Rule Deployment rules associate host profiles, image profiles, destination containers, and many other capabilities to hosts engaged in the autodeploy process. Different sets of rules can associate different characteristics to hosts, based on several conditions and qualifiers, such as the network on which the host boots. 1 . Create a deployment rule. a. In the center pane, click the
Deploy Rules
b. Click the
icon.
New Deploy Rule
tab.
The New Deploy Rule wizard appears. c. On the Name and hosts page, enter S A d. Verify that Hosts that match the e . From the f.
Deploy Rule
following pattern
in the
Name
text box.
is clicked.
list, select 1Pv4.
In the 1Pv4 text box, enter 1 7 2 . 2 0 . 1 0 . 2 1 9 and click Next. 1 72.20. 1 0 . 2 1 9 is the IP address that you will assign to the ESXi host to autodeploy.
g. On the Select image profile page, select My Depot from the
Software depot
list.
h. Verify that the clone of the image profile is selected and click Next. 1.
On the Select host profile page, click Autodeployed-Host-Profile and click Next. Autodeployed-Host-Profile is preconfigured for use in this lab.
J.
On the Select host location page, expand
SA Datacenter
and select Auto-Deployed-Hosts.
k. Click Next. 1.
On the Ready to complete page, click Finish.
m. In the Recent Tasks pane, monitor the task to completion. This task takes several minutes. n. Verify that the deploy rule is successfully created.
Lab 8
Using vSphere Auto Deploy
57
2. Activate the deployment rule. a. In the center pane, select SA Deploy Rule. b. Click Activate/Deactivate rules. The Activate and Reorder wizard appears. c. On the Activate and reorder page, select the rule at the bottom and click Activate. d. Click Next. e. On the Ready to complete page, click Finish. f.
Verify that the rule status changes to Active.
Task 7: Confi g u re D H C P You configure a single DHCP reservation in the Management network scope to focus vSphere Auto Deploy on a single ESXi host based on the host MAC address. Individual reservations are used, instead of configuring options for a full scope. More realistically, you can simultaneously autodeploy hosts using the same DHCP scope with different options set for each reservation. Use the following information from the class configuration handout: •
MAC address of ESXi host to autodeploy
1 . On the student machine desktop, click the DHCP icon in the task bar.
2. In the left pane, expand DHCP and expand dc.vclass.local. 3. Expand 1Pv4. The IPv4 scopes are visible. 4. Resize the left pane by dragging the pane separator to the right. 5. Expand the Scope
58
Lab 8
[ 1 72.20.10.0] SA-Management
Using vSphere Auto Deploy
scope and select Reservations.
6. Configure a new reservation that uses the MAC address of your ESXi host. a. Right-click Reservations and select New Reservation. b. In the
Reservation Name
text box, enter
c. In the IP address text box, enter autodeploy). d. In the
MAC address
SA_reservation.
172 . 2o . 1o . 219
(the IP address of the ES Xi host to
text box, enter the MAC address of the ESXi host to autodeploy.
The MAC address is in the class configuration handout. You must use hyphens, not colons, between hexadecimal values. For example: 00-50-56-0 1-34-28 e. Leave the rest of the settings at their defaults and click Add. f.
Click Close. The new reservation appears in the DHCP console window, in the right pane.
7. In the left pane, expand Reservations so that your new reservation appears. The reservation name is in the form [ 1 72 .20 . 1 0 .2 1 9] SA_reservation. 8 . Select your reservation and verify that options inherited from the parent scope appear in the right pane. The scope-inherited options should include the following items: •
003 Router
•
006 DNS Servers
•
0 1 5 DNS Domain Name
9. In the left pane, right-click your reservation and select 1 0 . On the
Configure Options.
tab of the Reserved Options dialog box, scroll down to the option.
General
Host Name
1 1 . Select the 066 Boot value text box.
Server Host Name
check box and enter
066 Boot Server
1 7 2 . 2 0 . 1 0 . 94
in the String
1 72.20. 1 0 .94 is the IP address of the vCenter Server Appliance instance. 1 2 . In the options list, select the 067 Bootfile Name check box and enter undionly . kpxe . vmw hardwired in the String value text box. 1 3 . Click OK
Lab 8
Using vSphere Auto Deploy
59
1 4 . Verify that your new options appear in the right pane. The inherited options and reservation-specific options have different icons to identify them. 1 5 . Minimize the DHCP console window. Task 8: Start the TFTP Service on vCenter Server Appl iance vCenter Server Appliance is already configured to serve as a TFTP server for vSphere Auto Deploy. The service must be started. 1.
Start an S SH session to vCenter Server Appliance. a. On the student desktop task bar, click the
MTPuT T Y
b. In the Servers pane on the left, double-click
shortcut.
SA-VCSA-01.
c. If the PuTTY security alert appears, click Yes. You are automatically logged in to vCenter Server Appliance as user root. 2. At the command prompt, enter shell to start the Bash shell. 3. At the Bash prompt, view the TFTP service configuration. cat / e t c / s y s c o n f i g / a t ftpd
Q1 .
What is the TFTP directory set to?
4. View the contents of the TFTP directory. ls
/var / l i b / t ftpboot
Q2.
5.
In the /var/li b/tftpboot file list, do you see the TFTP boot image filename that you entered when configuring DHCP options for your reservation?
Start the TFTP service. s e rvice a t f t p d s t a r t
6.
Verify that the TFTP service has started. s e rvice a t f t p d s t a t u s
The TFTP service does not start automatically when the vSphere Auto Deploy service is started from vSphere Web Client. 7. Open the TFTP firewall port on the vCenter Server Appliance instance. iptab l e s -A p o r t_f i l t e r -p udp -m udp --dport
69
8. Enter exit and enter exit again to close the MTPuTTY window. 60
Lab 8
Using vSphere Auto Deploy
-j A C C E P T
Task 9: Review the Autodeployment P repa ration Steps You review your work and prepare for autodeployment. 1 . Review the configuration and autodeployment steps. •
Containers and host profiles for use by autodeployed hosts are configured. The use of containers can be beneficial when designing prestaging and poststaging scenarios for host deployments.
•
The vSphere Auto Deploy service is started in vSphere Web Client.
•
A custom host image profile is created. Custom image profiles enable you to customize deployments for different sets of hosts and can be updated and customized with additional VMware or third-party software packages.
•
A deployment rule is created to associate an image profile, a host profile, and a container to specific autodeployed hosts. Using rules with different patterns enables different image, host profile, and other configurations to be assigned to groups of hosts.
•
DHCP options are configured to identify a TFTP server and a boot image filename.
•
The TFTP service is started on vCenter Server Appliance. For the sake of expediency, the lab environment uses vCenter Server Appliance as the TFTP server. In production, a compatible TFTP service can be used that is not colocated with vCenter Server Appliance.
Task 1 0: Prepare to Mon itor ESXi Bootu p D u ring the Autodeploy Process You move out of your student desktop and use the VMware OneCloud Web interface to open a console to the ESXi host to autodeploy. 1 . Verify that you have your student login credentials. Your login credentials are sent to you in a class welcome email. Your instructor can help you if you have lost your login information. 2. Record the VMware OneCloud URL provided by your instructor.
_ _ _ _ _
The URL should be similar to wdc-vclass-a.vmeduc .com/cloud/org/classroom- 1 0 1 . 3. Minimize the Remote Desktop Protocol (RDP) session to the student desktop machine in your lab sandbox. You can access the desktop of the server that you first logged in to at the start of the class. 4. On the login server desktop, double-click the
Internet Explorer Lab 8
shortcut.
Using vSphere Auto Deploy
61
5. In the Internet Explorer window, browse to the VMware OneCloud URL that you recorded in step 2. 6.
When prompted, log in using the student credentials. The user name and password are the same as those that you used to access the login server at the start of the class.
7. In the VMware vCloud Director® OneCloud interface, one vApp appears on the
Sto p p e d
Home
tab.
Open
0 8 . In the vApp panel, click the
Open
link above the
Stop
icon.
The vCloud Director OneCloud interface changes to the in the right pane.
My Cloud tab, with the
vApp details
9. In the right pane, click the Virtual Machines tab. 1 0 . In the virtual machines list, find SA-ESXi-04. SA-ESXi-04 is the name of the ESXi host to autodeploy. Task 1 1 : Power O n the ESXi H ost and Mon itor the Bootup Process You power on the ESXi host to autodeploy (SA-ESXi-04), and you monitor the ESXi host console to observe the autodeploy process. 1 . Power off and power on the ESXi host to autodeploy. a. Right-click SA-ESXi-04 and select Power Off. b. Click Yes to confirm the power-off operation. c . Right-click SA-ESXi-04 and select Power On. 2. When the ESXi host status changes to Powered On, right-click SA-ESXi-04 and select Popout Console.
A new window shows the console view of the selected ESXi host. 3. If the Internet Explorer pop-up blocker blocks the console from opening, select the Always allow pop-ups option and repeat step 2. 62
Lab 8
Using vSphere Auto Deploy
4. If a window appears asking if you want to upgrade to a newer version of the Client Integration Plug-In, click No. 5. Monitor the ESXi host bootup process. The host performs a network preboot execution environment (PXE) boot. The host contacts the TFTP server identified in the DHCP scope options. The image binaries are transferred to the host and installed. This process can take up to 20 minutes to complete. ESXi modules are loaded and associated host profile tasks are performed. Services are started. 6.
Wait for the autodeploy process to complete. The autodeploy process is complete when the main Direct Console User Interface screen appears.
Oowllood tools to MM9C this host frOR: http,//172 .28. 18 .219/ (Olla' )
7. Restore the minimized RDP session to the student desktop machine.
Lab 8
Using vSphere Auto Deploy
63
Task 1 2: Ch eck the Host P rofi le Compliance of the Autodeployed Host Each autodeployed host must be minimally configured so that the host can handle workloads as a member of a cluster. You perform the minimal configuration of the host networking. 1 . Restore the minimized Internet Explorer window and click the 2 . Point to the
Home
vSphere Web Client
tab.
icon and select Hosts and Clusters.
3. In the left pane, expand the Auto-Deployed-Hosts folder. The autodeployed host appears in the folder, with the reservation IP as the host name. 4.
Point to the Home icon and select Policies and Profiles.
5. In the left pane, click Host Profiles. 6.
In the left pane, select Autodeployed-Host-Profile.
7. In the center pane, click the Monitor tab and click Compliance. 8 . In the host list, select the autodeployed ESXi host. 9. Click the
Check Host Profile Compliance
icon.
1 0 . In the Recent Tasks pane, monitor the task and wait for the compliance check to complete. 1 1 . Verify that the ESXi host is in compliance with the host profile. 1 2 . Point to the Home icon and select Home.
64
Lab 8
Using vSphere Auto Deploy
Lab 9 Monitoring CPU Performance
Objective: Use the esxtop command to monitor CPU performance In this lab, you perform the following tasks: 1 . Set vSphere DRS to Manual Mode 2 . Run a Single-Threaded Program in a Single-vCPU Virtual Machine 3 . Start esxtop and View Statistics 4. Record Statistics for Case 1: Single Thread and Single vCPU 5 . Run a Single-Threaded Program in a Dual-vCPU Virtual Machine 6.
Record Statistics for Case 2 : One Thread and Two vCPUs
7. Run a Dual-Threaded Program in a Dual-vCPU Virtual Machine 8 . Record Statistics for Case 3 : Two Threads and Two vCPUs 9. Analyze the Test Results
65
Task 1 : Set vSphere DRS to Manual Mode You set the VMware vSphere® Distributed Resource Scheduler™ automation mode to manual to ensure that vSphere DRS does not migrate virtual machines to different hosts. This lab requires that the virtual machines remain on their current host. 1 . In vSphere Web Client, point to the Home icon and select Hosts 2. In the left pane, select the
SA Management
and Clusters.
cluster.
3. In the center pane, click the Configure tab. 4.
Select vSphcrc DRS on the left and click Edit.
5. From the
DRS Automation
drop-down menu, select Manual and click OK.
Task 2: Run a Sing le-Threaded P rogram i n a S i n g le-v C P U Virtual Mac h i ne You run a test program to generate continuous database activity on the test virtual machine for statistical analysis. The test virtual machine is configured with one vCPU. 1 . Confirm that the LinuxO l virtual machine is hosted on sa-esxi-0 1 .vclass.local. a. In the left pane, select LinuxO l . b. In the center pane, click the
Summary tab.
c. Verify that the host on which LinuxO l resides is sa-esxi-0 1 .vclass.local. 2. IfLinuxO l is not hosted on sa-esxi-0 1 , migrate LinuxO l to sa-esxi-0 1 . a. Right-click LinuxOl and click
Migrate.
The Migrate wizard appears. b. On the Select the migration type page, click Change compute resource only and click Next.
c. On the Select a compute resource page, select sa-esxi-0 1.vclass.local and click Next. d. On the Select networks page, keep the default and click Next. e. On the Ready to complete page, click Finish. f.
Wait for the migration to complete.
3 . Power on the LinuxO 1 virtual machine. 4.
66
In the Power On Recommendations dialog box, verify that LinuxO l will be placed on sa-esxi0 1 . vclass.local and click OK.
Lab 9
Monitoring CPU Performance
5. Log in to the LinuxO l virtual machine console. a. Right-click LinuxO l and select Open Console. b. If you receive the security exception message, click the recommended) l ink.
Continue to this website (not
c . Wait fo r the virtual machine to complete its bootup process. d. Log in as user root and use the standard lab password. 6.
Verify that you are in the I root directory. pwd
7. If you are not in the 8.
/root
directory, enter cd
/root.
Start the test program on LinuxO 1 . . / s tart t e s t l
The test program generates database operations to a medium-size database and writes output to the screen. The program must run uninterrupted. Task 3: Start esxtop and View Statistics You use the e s xtop command to observe performance statistics for supported objects. 1.
Start an SSH session to sa-esxi-0 l .vclass. local. a. On the student desktop task bar, click the
MTPuT T Y
shortcut.
b. In the Servers pane on the left, double-click SA-ESXi-0 1. c . I f the PuTTY security alert appears, click Yes. You are automatically logged in to the appliance as user root. 2. Start e s xtop. By default,
e s xtop
starts with the CPU screen.
3. Change the update delay from the default (5 seconds) to 1 0 seconds. a. Enter s . b . Enter 1 0 . c . Press Enter. 4. To filter the CPU screen output only to the virtual machines, enter uppercase v By default, the CPU screen shows statistics for virtual machine processes and active ESXi host processes. 5. In the output table, find the LinuxO 1 virtual machine statistics. Lab 9
M o nitoring CPU Performance
67
Task 4 : Record Statistics for Case 1 : Single Thread and S i n g le vCPU You record statistics for the first test case. 1 . After 30 seconds of statistics collection, record the values for the LinuxO 1 virtual machine in the Case 1 column in the class configuration handout. •
•
•
%USED %RDY %IDLE
2. Record the operations per minute (opm) value in the test script. a. In the Internet Explorer window, switch to the LinuxO l console tab. b. Record the opm reported by the test script in the Case 1 column in the class configuration handout. The counter value is reported with each iteration that the test script performs. Use the counter reported in the last iteration. 3 . Press Ctrl+C to stop the test script. 4. Close the
LinuxO l
console tab.
Task 5: Run a Sing le-Threaded P rogram i n a Dual-vCPU Virtual Mac h i ne You modify the LinuxO l virtual machine to have two vCPUs, and you restart the test script. 1 . Shut down the LinuxO l virtual machine. 2. Wait for the running indicator to be removed from the LinuxO l virtual machine icon in the inventory tree. 3 . Add a second vCPU to the LinuxO l virtual machine. a. In the left pane, right-click LinuxO l and select Edit Settings. b. On the Virtual Hardware tab in the Edit Settings dialog box, select 2 from the down menu and click OK.
CPU
c. In the Recent Tasks pane, monitor the reconfiguration task to completion. 4. Power on the LinuxO l virtual machine and verify that LinuxO l will be placed on sa-esxi0 1 . vclass.local. 5. Click the LinuxO l console tab and log in to LinuxO l as user root with the standard lab password.
68
Lab 9
Monitoring CPU Performance
drop
6.
On the
LinuxO l
console tab, restart the test program.
. / s tartt e s t l
This script generates database operations to a medium-size database. The number of threads is set to 1 . The script must run uninterrupted. Task 6: Record Statistics for Case 2: One Th read and Two v C P U s You record statistics fo r the second test case. 1 . Record the
e s x t op
counter values.
a. Switch to the MTPuTTY window. b.
Enter e.
c. Enter the GID for LinuxO 1 . d. Examine the two lines in the NAME column that start with vmx-vcpu. These two lines show the activity of each of the vCPU s in the LinuxO 1 virtual machine. e. After 30 seconds of statistics collection, record the values for vCPUO and vCPU 1 in the Case 2 column in the class configuration handout. •
%USED
•
%RDY
•
%IDLE
2 . Record the operations per minute value in the test script. a. In the Internet Explorer window, switch to the LinuxO l console tab. b. Record the opm value reported by the test script in the Case 2 column in the class configuration handout. The counter value is reported with each iteration that the test script performs. Use the counter reported in the last iteration. 3 . Press Ctrl+C to stop the test script. Task 7: Run a Dual-Threaded Program i n a Dual-v C P U Virtual Machine You configure the third case parameters by running a two-threaded test program on a virtual machine with two vCPUs. 1 . On the LinuxO l console tab, start the two-threaded test program . . / starttest2
This script generates database operations to a medium-size database. The number of threads is set to 2 . The script must run uninterrupted. Lab 9
M o nitoring CPU Performance
69
Task 8: Record Statistics for Case 3: Two Th reads and Two v C P U s You record statistics for the final test case. 1 . Record the
e s xtop
counter values.
a. Switch to the MTPuTTY window. b. Examine the two lines in the NAME column that start with vmx-vcpu. These two lines show the activity of each of the vCPU s in the LinuxO 1 virtual machine. c. After 30 seconds of statistics collection, record the values for vCPUO and vCPU 1 in the Case 3 column in the class configuration handout. •
%USED
•
%RDY
•
%IDLE
2. Record the operations per minute value in the test script. a. In the Internet Explorer window, switch to the LinuxO l console tab. b. Record the opm value reported by the test script in the Case 3 column in the class configuration handout. 3 . Press Ctrl+C to stop the test script. 4. Stop the a.
e s xtop
program.
Switch to the MTPuTTY window.
b. Enter q to stop e s xtop. c. Keep the SA-ESXi-0 1 MTPuTTY session open for the next lab. Task 9: Ana lyze the Test Resu lts You analyze the captured statistics and document your conclusions. 1 . Review the statistics that you recorded in tasks 4, 6, and 8 . 2. Record the conclusions that you can draw from the data.
70
Lab 9
Monitoring CPU Performance
_ _ _ _
Lab 10 Monitoring Memory Perform ance
Objective: Use the esxtop command to monitor memory performance under load In this lab, you perform the following tasks: 1 . Generate Database Activity in the Test Virtual Machine 2 . Check for Overcommittment of Virtual Machine Memory 3 . Configure esxtop to Report Virtual Machine Memory Statistics 4. Observe Memory Statistics 5.
Start a Memory Test on ResourceHogO l and ResourceHog02
6.
Record Memory Statistics
7. Clean Up for the Next Lab
71
Task 1 : Generate Database Activity i n the Test Vi rtual Machin e You start the test program to generate database activity. 1 . In the Internet Explorer window, click the
LinuxO l
console tab.
2. If necessary, log in to the LinuxO 1 virtual machine as user root with the standard lab password. 3. In the LinuxO l console, enter
.
/ s tarttest2 .
This test program performs continuous database operations to a medium-size database. The number of threads is set to 2 . The script must run uninterrupted. Task 2: C heck for Overcom mittment of Virtual Mac h i ne Memory You use resource allocation reports to determine whether memory is overcommitted for a virtual machine. 1 . In the Internet Explorer window, click the 2 . Point to the
Home
vSphere Web Client
tab.
icon and select Hosts and Clusters.
3 . In the left pane, select the LinuxO l virtual machine . 4. In the center pane, click the Monitor tab and click Utilization. 5. Find the Virtual Machine Memory panel. 6.
Record the value for VM Consumed.
-----
7. Find the Guest Memory panel, in the lower-left corner of the pane. 8 . Record the value for Active Guest Memory. Q1.
----
I s the consumed host memory greater than the active guest memory?
If the consumed host memory is greater than the active guest memory, memory is not overcommitted. If the consumed host memory is less than active guest memory, then overcommitment is occurring and might cause degraded performance.
72
Lab 1 0
Monitoring Memory Performance
Task 3: Confi g u re esxtop to Report Virtual Mac h i ne Memory Statistics You start e s xtop and configure it for memory statistics. 1 . Switch to the MTPuTTY window for sa-esxi- 0 1 .vclass.local. a. If you need to restart the SSH session to sa-esxi-01 .vclass.local, click the MT PuT T Y shortcut on the task bar. b. In the Servers pane on the left, double-click SA-ESXi-0 1. c . When the PuTTY security alert appears, click Yes. You are automatically logged in to sa-esxi-0 1 .vclass.local as user root. 2. Start e s xtop. 3. In e s xt op, enter rn to view the memory statistics screen. 4. Set a 1 0-second update delay. a. Enter
s
to display the delay prompt.
b. At the delay prompt, enter 1 0 and press Enter. 5. Enter uppercase v to filter only the display virtual machine statistics. 6.
Remove all statistics columns from the output table, except D, H, J, and K. Removing counters that are not monitored during the test can make isolation of the desired counters easier. a. Enter f to access the field order screen. b. For fields other than D, H, J, and K, if an asterisk appears to the left of the field name, press the corresponding letter to remove the asterisk. c. For the D, H, J, and K fields, if an asterisk does not appear to the left of the field name, press the corresponding letter to add an asterisk. d. Press Enter to return to the memory statistics output.
Task 4 : Observe Memory Statistics You observe e s xtop counters to determine memory conditions. 1 . Examine
e s xtop
a. In the
statistics.
e s xtop
output, view the LinuxO l virtual machine statistics.
b. Verify that the MCTLSZ, MCTLTGT, SWCUR, SWTGT, SWR/s, and SWW/s values are at or near zero. c. If you cannot see all of values listed in step b, close the left pane. Lab 1 0
M onitoring Memory Performance
73
2. Record the operations per minute (opm) value in the test script. a. In the Internet Explorer window, switch to the LinuxO l console tab. b. Record the opm value reported by the test script.
_ _ _ _
The counter value is reported with each iteration that the test script performs. Use the counter reported in the last iteration. Task 5: Start a Memory Test on Resou rceHog01 and ResourceHog02 You start a memory test on the ResourceHogO 1 and ResourceHog02 virtual machines. 1.
Switch to the vSphere Web Client tab in Internet Explorer.
2. Power on, open a console, and boot to the ResourceHogO 1 virtual machine. You must enter the console within 30 seconds. a. Right-click ResourceHogO l and select Power > Power On. b. In the Power On Recommendations window, verify that ResourceHogO 1 will be placed on sa-esxi-0 1 .vclass.local and click OK. c. Right-click ResourceHogO l and select Open Console. d. Click anywhere in the console window. e . At the BIOS screen, press Enter. f.
At the boot : prompt, press Enter to load the Ultimate Boot CD menu. If you see a Boot ing prompt, you did not enter the console within 30 seconds. You must return to substep a to reset the power on the virtual machine and enter the console to the virtual machine within 30 seconds.
g. Use the arrow keys and the Enter key to select Mainboard Tools > Memory Tests> Memtest86+ Vl.70.
The exact keystroke sequence is Enter, down arrow, down arrow, Enter, down arrow, down arrow, Enter. h. After the memory test utility is running, press Ctrl+Alt to release the pointer focus. 3 . Switch to the vSphere Web Client tab. 4. Repeat step 2 for the ResourceHog02 virtual machine.
74
Lab 1 0
Monitoring Memory Performance
Task 6: Record Memory Statistics You record and evaluate memory statistics with a significant load consuming ESXi host memory. 1 . Switch to the MTPuTTY window. 2 . After at least one minute of statistics collection, record the values for the ResourceHog02, ResourceHogO 1 , and LinuxO 1 virtual machines in the class configuration handout. •
•
•
•
•
•
•
MCTL? MCTLSZ MCTLTGT SWCUR SWTGT SWR/s SWW/s 01.
For Linux0 1 , does the value of MCTLSZ converge with the value of M CTLTGT?
02.
For Linux0 1 , does the value of SWCUR converge with the value of SWTGT?
3 . Monitor the statistics output until the host reaches a steady state where the counters in each set are close in value to each other. If the counters in each set are close in value to each other, the host has reached a steady state. 4. To determine which virtual machines do not have the balloon driver installed, examine the MCTL? value for each virtual machine. The MCTL? field indicates the presence of the balloon driver. If the MCTL? value is Y, then that virtual machine has a balloon driver installed. Otherwise, the virtual machine lacks a balloon driver. 03.
Which virtual machines do not have the balloon driver i nstalled?
5. To determine whether the virtual machines are swapping, examine the values for SWR/s and SWWIs for each virtual machine. 04.
Which virtual machines are swapping?
Lab 10
M onitoring Memory Performance
75
6.
Determine which virtual machines have experienced degraded performance due to swapping. a. Enter lowercase
c
to switch to the CPU screen.
b. Enter uppercase v to display only virtual machine statistics. c. Examine the %SWPWT value for each virtual machine identified as actively swapping. As %SWPWT exceeds 5 percent, the performance of the virtual machine degrades significantly. Q5.
What are the %SWPWT values for each of the virtual machines?
7. Enter m to return to the Q6.
e s xtop
memory screen.
What is the memory state: high, clear, soft, hard, or low?
8 . Record the opm value in the test script. a. In the Internet Explorer window, switch to the LinuxO l console tab. b. Record the opm value reported by the test script.
_ _ _ _ _
c. Compare this opm value with the value that you recorded in task 4, step 2, substep b. Q7.
Has the performance of the test script degraded?
Task 7: C lean U p for the Next Lab You stop the test script on the LinuxO l virtual machine. You also stop the memory tests on ResourceHogO 1 and ResourceHog02. 1 . In the MTPuTTY window, select View > Servers to display the Servers pane on the left. 2 . Keep
e s xtop
running in the MTPuTTY window
3.
Switch to the Internet Explorer window
4.
On the
LinuxOl
console tab, press Ctrl+C to stop the test script.
Keep the console tab open. 5 . Close the ResourceHogO l and ResourceHog02 console tabs. 6.
76
On the vSphere Web Client tab, power off the ResourceHogO l and ResourceHog02 virtual machines. Lab 1 0
Monitoring Memory Performance
Lab 11 Monitoring Storage Performance
Objective: Use the esxtop command to monitor disk performance across a series of tests In this lab, you perform the following tasks: 1 . Prepare to Run Tests 2. Measure Continuous Sequential Write Activity to a Virtual Disk on a Remote Datastore 3. Measure Continuous Random Write Activity to a Virtual Disk on a Remote Datastore 4. Measure Continuous Random Read Activity to a Virtual Disk on a Remote Datastore 5. Measure Continuous Random Read Activity to a Virtual Disk on a Local Datastore 6.
Analyze the Test Results
Task 1 : Prepare to Run Tests You use several test scripts on the LinuxO l virtual machine to generate continuous random and sequential I/O operations against both local and remote (network) datastores. The LinuxO l virtual machine is located on sa-esxi-0 1 .vclass. local and is configured with two hard drives to serve as local and remote I/O targets . The SCSI (0: 1 ) drive is stored on SA-ESXi-0 1-Local, the local datastore. The SCSI (0:2) drive is stored on SA- Shared-0 1 -Remote, the remote datastore. You monitor storage preparation tasks to completion and then change folders. 1 . In the Internet Explorer window, click the
LinuxOl
console tab.
2. If necessary, log in as user root with the standard lab password.
77
3 . Configure storage . . / s t o r ageco n f i g . s h
The storage preparation might take a few minutes to complete. The script must run uninterrupted to completion. 4. When the script is complete, navigate to the test scripts folder. cd a i o - s t re s s
Task 2: Meas ure Contin uous Seq uential Write Activity to a Virtual Disk on a Remote Datastore You run the l o g w r i t e . s h test script to generate continuous sequential write activity to the hard disk on the remote datastore. 1 . Start the
l o gwr i t e . s h
test script.
. / logwr ite . s h
2. Allow the script to run uninterrupted. 3. View the MTPuTTY session to the sa-esxi-01 host. MTPuTTY should be logged in to SA-ESXi-0 1 , and e s xtop should be running. 4. If MTPuTTY is not logged in, and e s xtop is not running, start a new MTPuTTY session to sa esxi-0 1 .vclass.local. a. In the MTPuTTY window, open a connection to SA-ESXi-0 1 . b. Enter esxtop at the command prompt. c.
Set a 1 0-second update delay by entering s, and then entering
10
and pressing Enter.
5. Enter d to display device adapter output and examine the reads and writes to the adapter paths. Q1.
6.
Which adapter has the most disk 110 activity?
Enter u to display individual device output, and examine the reads and writes to the devices. One of the remote devices has more disk 1/0 activity than the others.
7. Enter v to display virtual machine output. 8 . After 30 seconds of statistics collection, record the values for the LinuxO 1 virtual machine in the Sequential Writes/Remote Datastore column in the class configuration handout. •
•
78
READS/s WRITES/s Lab 1 1
Monitoring Storage Performance
9. In the Internet Explorer window, click the
LinuxOl
console tab.
1 0 . Press Ctrl+C to stop the test script. Task 3: Meas ure Contin uous Random Write Activ ity to a Virtual Disk on a Rem ote Datastore You run the dataw r i t e . s h test script to generate continuous random write activity to the virtual machine hard disk on the remote datastore. 1 . In the LinuxO l console, start the
da t a w r i t e . sh
test script.
. / da t a w r i t e . s h
2. Allow the script to run uninterrupted. 3 . Return to the MTPuTTY window. 4. Enter d to display device adapter output and examine the reads and writes to the adapter paths. 5 . Enter u t o display individual device output and examine the reads and writes to the devices. 6.
Enter v to display virtual machine output.
7. After 30 seconds of statistics collection, record the values for LinuxO l in the Random Writes/ Remote Datastore column in the class configuration handout. •
•
READS/s WRITES/s
8 . In the Internet Explorer window, click the
LinuxOl
console tab.
9. Press Ctrl+C to stop the test script. Task 4 : Meas ure Contin uous Random Read Activity to a Virtual Disk on a Remote Datastore You run the f i l e s e rver2 . s h test script to generate continuous random read activity from the hard disk on the remote datastore. 1 . In the LinuxO l console, start the
f i l e s e rver2 . s h
test script.
. / f i l e s e r ver2 . s h
2. Allow the script to run uninterrupted. 3. Return to the MTPuTTY window. 4. Enter d to display device adapter output and examine the reads and writes to the adapter paths. 5. Enter u to display individual device output and examine the reads and writes to the devices. 6.
Enter v to display virtual machine output. Lab 1 1
Monitoring Storage Performance
79
7. After 30 seconds of statistics collection, record the values for LinuxO I in the Random Reads/ Remote Datastore column in the class configuration handout. •
•
READS/s WRITES/s
8 . In the Internet Explorer window, click the
LinuxOl
console tab.
9. Press Ctrl+C to stop the test script. Task 5: Meas ure Contin uous Random Read Activity to a Virtual Disk on a Local Datastore You run the f i l e s e rverl . sh test script to generate continuous random read activity from the virtual machine hard disk on the local datastore attached to the ESXi host. I.
In the LinuxO I console, start the
f i l e s e rverl . s h
test script.
. / f i l e s e r verl . s h
This test script first creates the file to be read, which can take 5 minutes or more. The test script must run uninterrupted. 2. Monitor the script output. The output remains silent during file creation. 3. After the
S t a r t ing w i t h random r e a d
message appears, view information in e s xtop.
a. Enter d to display device adapter output. Q1.
Which adapter has the most disk 1/0 activity?
b. Enter u to display individual device output. One of the local devices, rather than a remote device, is used for this test. c . Enter v to display virtual machine output. 4. After 30 seconds of statistics collection, record the values for LinuxO I in the Random Reads/ Local Datastore column in the class configuration handout. •
•
READS/s WRITES/s
5 . In the Internet Explorer window, click the 6.
80
LinuxOl
Press Ctrl+C to stop the test script.
Lab 1 1
Monitoring Storage Performance
console tab.
Task 6: Ana lyze the Test Resu lts Your instructor conducts an in-class review to compare test results from each group. 1 . Record the conclusions that you draw from the test data collected in tasks 2 through 5. 2. In the Internet Explorer window, leave the the next lab.
vSphere Web Client
Lab 1 1
and the LinuxO l tabs open for
Monitoring Storage Performance
81
82
Lab 1 1
Monitoring Storage Performance
Lab 1 2 Monitoring Network Performance
Objective: Use the esxtop command to monitor network performance In this lab, you perform the following tasks: 1 . Prepare to Monitor Network Performance 2. Prepare the Client and the Server Virtual Machines 3 . Measure Network Activity on an ESXi Physical Network Interface 4. Use Traffic Shaping to Simulate Network Congestion 5 . Position the Client and the Server on the Same Port Group 6.
Restart the Test and Measure Network Activity
7.
Stop the Test and Analyze Results
8 . Clean Up for the Next Lab Task 1 : Prepare to Mon itor Network Performance You use the
e s xtop
network statistics screen to monitor network performance.
1 . View the MTPuTTY session to the sa-esxi-01 host. MTPuTTY should be logged in to the sa-esxi-0 1 host, and e s xtop should be running. 2.
If MTPuTTY is not logged in, and e s xtop is not running, start a new MTPuTTY session to sa-esxi-0 l .vclass. local. a. In the MTPuTTY window, open a connection to SA-ESXi-0 1 . b. Enter esxtop at the command prompt. c . Set a 1 0-second update delay. 83
3. Enter n to switch to the network statistics screen. 4. Remove unused counters to make the
e s xtop
network screen easier to monitor.
a. Enter f to display the Current Field Order table. b. In the Current Field Order table, enter g and j to remove PKTRX/s and PKTTX/s from the e s xtop display. c. Press Enter to return to the network statistics screen. Task 2: Prepare the C l ient and the Server Vi rtual Machi nes You use scripts on the LinuxO 1 and Linux02 virtual machines to generate network traffic so that network performance can be measured. The LinuxO l virtual machine acts as a client, and the Linux02 virtual machine acts as a server. The Linux:O l virtual machine is connected to the pg-SA Production port group. You move the Linux02 virtual machine to the pg-SA Management port group so that the virtual machines are connected to different virtual switches, forcing their traffic to traverse the physical network. 1 . Migrate the Linux02 virtual machine to the pg-SA Management port group. a. In the Internet Explorer window, click the
vSphere Web Client tab.
b. Point to the Home icon and select Networking. c. In the Navigator pane, right-click the
dvs-Lab
distributed switch and select Migrate VMs
to Another Network.
d. For the source network, leave Production, and click OK.
Specific network
selected, click
Browse,
select pg-SA
e. For the destination network, click Browse, select the pg-SA Management port group, and click OK. f.
Click Next.
g. On the Select virtual machines to migrate page, select the
Linux02
Next.
h. On the Ready to complete page, click Finish. 1.
84
In the Recent Tasks pane, monitor the migration task to completion.
Lab 1 2
Monitoring Network Performance
check box and click
2 . View the IP address of the Linux02 virtual machine. a. Point to the Home icon and select Hosts and Clusters. b. Power on the Linux02 virtual machine. c. In the Power On Recommendations window, keep the recommendation to place Linux02 on host sa-esxi-0 l .vclass.local selected and click OK. Wait for the virtual machine to boot up completely. d. In the left pane, select Linux02. e. From the Summary tab in the center pane, record the Linux02 IP address.
_ _ _ _ _
The Linux02 IP address starts with 1 72.20. 1 0 (the management network DHCP range). 3 . View the IP address of the LinuxO l virtual machine. a. In the left pane, select the b. From the
Summary tab,
LinuxO l
virtual machine .
record the LinuxO l IP address.
_ _ _ _ _
The LinuxO l IP address starts with 1 72.20. 1 1 (the production network DHCP range). 4.
Start the server on Linux02. a. In the left pane, right-click the Linux02 virtual machine and select Open Console. b. In the Linux02 console window, log in as user root with the standard lab password. c . Navigate to the network scripts folder. cd netp e r f
d . Start the server program . . /net s e rver
The server program runs as a background process. S t a r t i n g n e t s e r v e r at p o r t
12865
S t a r t i n g n e t s e r v e r a t h o s t na m e 0 . ® . e . e p o rt
12865
e. Verify that the server program is running. ps
-ef
I
grep ne t s e r ver
The server and grep processes are listed. ee : e e : ee
1
. 1netse rve r
I
ee : e e : ee g re p n e t s e r v e r
Lab 1 2
Monitoring Network Performance
85
Task 3: Meas ure Network Activity on an ESXi P hysical Network I nterface You measure the network performance of the ESXi host network interface with the LinuxO l and Linux02 virtual machines positioned on different physical network segments across a router. Requests sent from the LinuxO 1 client enter the physical network through the ES Xi network interface vmnic2 that is bound to a dvs-Lab distributed switch uplink. The client requests are routed to the management network where the Linux02 server is positioned, using the pg-SA Management port group on the dvs-SA Datacenter distributed switch. 1.
Switch to the LinuxOl console tab.
2 . Start the client on LinuxO 1 . a. Navigate to the network scripts folder. cd / r o o t /netp e r f
b. Start the client test script. . / np t e s t l . s h
s erver_ IP_address
server_IP_address is the Linux02 IP address that you recorded in task 2 .
The client and server programs must run uninterrupted. 3. Monitor network activity and record your findings. a. Switch to the MTPuTTY window. b. In the
e s xtop
output, find the vmnic2 physical network interface.
c. After 30 seconds of statistics collection, record the values for vmnic2 in the vmnic2 column in the class configuration handout. •
•
MbTX/s MbRX/s
Task 4: Use Traffic Shaping to S i m u late Network Co ngestion You use traffic shaping to control the network speed to simulate congestion. 1.
Switch to the Internet Explorer window and click the
2 . Point to the
Home
vSphere Web Client
icon and select Networking.
3 . In the networking inventory, expand the
dvs-Lab
distributed switch.
4. Right-click the pg-SA Production port group and select Edit Settings. 5. In the Edit Settings dialog box, click Traffic shaping on the left.
86
Lab 1 2
Monitoring Network Performance
tab.
6.
Select Enabled from the Status drop-down menus for ingress traffic shaping and egress traffic shaping.
7. Configure ingress and egress traffic shaping. Option
Action
Average bandwidth (kbit/s)
Enter 1 0 0 0 0 .
Peak bandwidth (kbits/s)
Enter 1 0 0 0 0 .
(KB)
Enter 1 0 0 0 0 .
Burst size
8 . Verify that you configured both ingress and egress traffic shaping and click OK 9. Monitor network performance and record your findings. a.
Switch to the MTPuTTY window.
b. In the
e s xtop
output, find the vmnic2 physical interface item.
c. After 30 seconds of statistics collection, record the values for vmnic2 in the vmnic2 1 0 Mb/ s column in the class configuration handout. •
•
MbTX/s MbRX/s
1 0 . Disable ingress and egress traffic shaping. a. Switch to the vSphere Web Client tab in the Internet Explorer window. b. Right-click the pg-SA Production port group and select Edit
Settings.
c. Click Traffic shaping. d. For both ingress and egress traffic shaping, select Disabled from each Status drop-down menu. e . Click O K to close the Edit Settings dialog box.
Lab 1 2
Monitoring Network Performance
87
Task 5: Position the C l ient and the Server on the Same Port Group You migrate the Linux02 virtual machine back to the pg-SA Production port group to show that virtual machines communicating on the same ESXi host and virtual switch port group can communicate at a faster rate than the rate dictated by the physical network hardware. 1.
Stop the client. a. In the Internet Explorer window, click the LinuxO l console tab. b. In the LinuxO 1 console, press Ctrl+C to stop the test script.
2.
Stop the server. a. Click the
Linux02
console tab.
b. In the Linux02 console, end the server program. ps
-ef
kill
I
grep ne t s e r ver
process_id
In the k i l l command, process_id is the netserver process I D as reported by the p s command. In the example ps output, the netserver process ID is 6487. The screenshot does not include the leftmost columns of the p s output.
I
64 8 7
7 629
I
1
6393
e e9 : 5 5
J
I
?
2 1 9 : 4 1 pts/l
'
ee : e e : e 9
. /netse rve r
ee : 9 B : e 9 g r ep n e t s e r v e r
3 . Migrate the Linux02 virtual machine to the pg-SA Production port group. a. Click the
vSphere Web Client
b. In the left pane, right-click the
tab. dvs-Lab
distributed switch and select Migrate
VMs to
Another Network.
c. For the source network, leave Management, and click OK.
Specific network
selected, click Browse, select pg-SA
d. For the destination network, click Browse, select the click OK.
pg-SA Production
port group, and
e. Click Next. f.
Under Select virtual machines to migrate, select the Linux02 check box and click
g. Click Finish. h. In the Recent Tasks pane, monitor the migration task to completion. 4. In the Internet Explorer window, click the Linux02 console tab. 88
Lab 1 2
Monitoring Network Performance
Next.
5 . Restart the network service, and verify that the IP address i s within the production network DHCP range. a. In the terminal window, restart the network service. s e rvice netwo rk r e s t a r t
The network service might take up to a minute to restart and acquire a new DHCP address. b. Verify that a new DHCP-assigned address was acquired. i fconfig
c. In the i f c o n f i g command output, verify that the IP address starts with 1 72.20. 1 1 (the production network DHCP range). d. Record the postmigration Linux02 IP address.
_ _ _ _ _
Task 6: Restart the Test and Meas ure Netwo rk Activ ity You measure network activity when the client and the server communicate across a virtual network contained within a single ESXi host and port group. 1 . In the Linux02 console window, start the server program . . /net s e rv e r
2. In the Internet Explorer window, click the
LinuxOl
console tab.
3 . Start the client script. . / np t e s t l . s h
se rver_ IP_address
server_IP_address is the postmigration Linux02 IP address that you recorded in task 5.
4. Monitor network activity and record your findings. a. Switch to the MTPuTTY window. b. In the e s xtop output, find the vmnic2 row and verify that the traffic is no longer traversing the physical interface. c. Find the LinuxO l . ethO row. d. After 30 seconds of statistics collection, record the values for LinuxO l .ethO in the LinuxO l .ethO column in the class configuration handout. •
•
MbTX/s MbRX/s
Lab 1 2
Monitoring Network Performance
89
Task 7: Stop the Test and Ana lyze Res ults You use samples that you recorded to determine whether network performance was affected by the simulated congestion in an expected manner and to determine the fastest network configuration. 1 . Stop the test. a. Switch to the Internet Explorer window and click the
LinuxOl
console tab.
b. In the LinuxO 1 console, press Ctrl+C to stop the client script. c. Click the
Linux02
console tab.
d. In the Linux02 console, kill the server process to end the server program. ps
-ef
I
grep ne t s e r ver
k i l l process_ i d
process_id is the n e t s e rver process ID that appears in the ps command output.
2. Review the sample values that you recorded in task 6. Q1 .
Do you see an obvious difference in network throughput for each test?
Q2.
Which test resulted in the h ighest throughput (hig hest values)?
Q3.
Why was this test the fastest?
Task 8: C lean U p for the Next Lab You end e s xtop and you close the LinuxO l and Linux02 console tabs. You also change the vSphere DRS automation mode to Fully Automated. 1 . In the MTPuTTY window, enter q to end e s xtop. 2. Close the MTPuTTY session. 3. In the Internet Explorer window, close the
LinuxO l
and Linux02 console tabs.
4. Power off LinuxO l and Linux02. 5. On the
90
vSphere Web Client
Lab 1 2
tab, point to the
Home
Monitoring Network Performance
icon and select Hosts and Clusters.
6.
Change the vSphere DRS automation mode to Fully Automated. a. In the left pane, select the SA b. In the center pane, click the c.
Management
Configure
cluster.
tab.
Select vSphere DRS on the left and click Edit.
d. From the DRS Automation drop-down menu, select Fully Automated and click OK. 7. Migrate the local storage of LinuxO l to shared storage. a. Right-click LinuxO l and select Migrate. The Migrate wizard appears. b. On the Select the migration type page, click Change storage only and click Next. c . On the Select storage page, select SA-S hared-0 1 -Remote and click Next. d. On the Ready to complete page, click Finish. e. In the Recent Tasks pane, monitor the migration task to completion. 8 . Point to the
Home
icon and select Home.
Lab 1 2
Monitoring Network Performance
91
92
Lab 1 2
Monitoring Network Performance
Lab 13 Using vRealize Log Insight
Objective: Configure and use vRealize Log Insight In this lab, you perform the following tasks: 1 . Configure vRealize Log Insight 2 . Configure vRealize Log Insight to Ingest Data from vSphere 3. Create Events to Analyze 4. Examine vRealize Log Insight Dashboards 5. Use vRealize Log Insight Interactive Analytics to Search for an Event 6.
Examine vRealize Log Insight Resource Usage
7. Create an Additional vRealize Log Insight User 8. Access vRealize Log Insight as Another User 9. Prepare for the Next Lab Task 1 : Confi g u re vReal ize Log I nsight You configure VMware vRealize® Log Insight™. Use the following information from the class configuration handout: •
vRealize Log Insight license key
1 . Open a new tab in Internet Explorer. 2 . From the Favorites bar, select vRealize Log Insight. 3. If you receive a security exception, click the Continue t o this link.
website (not recommended)
93
4. On the Setup page for vRealize Log Insight, click Next. 5. On the Choose Deployment Type page, click Start New Deployment. It can take a couple of minutes to start the new deployment. 6.
7.
On the Admin Credentials page, configure the email address and password. Option
Action
Email
Enter admini s trator@vcla s s . local.
New password
Enter the standard lab password.
Confirm new password
Enter the standard lab password.
Click
Save and Continue.
8 . On the License page, verify that the license i s still valid. 9. If the license has expired, add a new license. a. Click +Add New License. b. In the License Key text box, enter the vRealize Log Insight license key provided by your instructor. c. Click Add License. d. Click Save and Continue. 1 0 . On the General Configuration page, do not join the customer experience improvement program. a. Deselect the Join box. b.
Click
the VMware Customer Experience Improvement Program check
Save and Continue.
1 1 . On the Time Configuration page, synchronize server time with the ESXi host. a. From the
Sync Server T ime With
drop-down menu, select ESX/ESXi host.
b. Click Save and Continue. 1 2 . On the SMTP Configuration page, click
Skip.
1 3 . On the Setup Complete page, click Finish.
94
Lab 1 3
Using vRealize Log Insight
Task 2: Confi g u re vReal ize Log I nsight to I ngest Data from vSphere You add your vSphere details to vRealize Log Insight so that it can use vSphere logs. 1 . In the top-right corner, click the menu icon and select Administration.
� admin
=
2 . In the left pane, click
vSphere
under Integration.
3. In the vSphere Integration panel, specify the vCenter Server name and login credentials. Option
Action
Hostname
En�r sa-vcs a - 0 1 . vcla s s . loca l .
Username
Enter administrator@ vsphere . local.
Password
Enter the standard lab password.
4. Click Test
Connection.
Verify that the test is successful. 5. Click 6.
Save.
When the configuration is complete, click OK.
Task 3: C reate Events to Ana lyze You create events in the logs of ESXi hosts that will be analyzed by vRealize Log Insight. The events are to allow and disallow access through the firewall for the SSH client. 1 . In vSphere Web Client, point to the Home icon and select Hosts
and Clusters.
2. Allow SSH cl ient access through the firewall . a. In the left pane, select sa-esxi-0 1.vclass.local. b. In the center pane, click the
Configure
tab and select Security Profile on the left.
c. In the Firewall panel, click Edit. d. In the Edit Security Profile dialog box, select the
SSH Client
check box.
e. Click OK. Lab 1 3
Using vRealize Log Insight
95
3 . Disallow S S H client access through the firewall . a. In the Firewall panel, click
Edit.
b. In the Edit Security Profile dialog box, deselect the c. Click
SSH Client
check box.
OK.
4. Repeat steps 2 and 3 for the sa-esxi-02.vclass.local and sa-esxi-03.vclass.local hosts. Task 4 : Exami ne vReal ize Log I nsight Dash boards You examine the information provided by the standard dashboards available from vRealize Log Insight. 1 . Click the
vRealize Log Insight
tab.
2. At the top of the vRealize Log Insight interface, click Dashboards. The Overview dashboard appears. 3 . In the left pane, select Event Types and examine the dashboard. For example, you can view the number of unique event types and the pie chart that shows the unique event types by host name. 4. In the left pane, select Security and examine the dashboard. For example, you can view the bar graph that shows the number of events that contain user information over time. 5. From the drop-down menu in the top left pane, select VMware
illl
General
Custom Dashboards
My Dashboards Shared Dashboards Content Pack Dashboard:s
I
I
General VMware
-
vSphere
The General-Overview dashboard appears.
96
Lab 1 3
Using vRealize Log Insight
- vSphere.
6.
At the top of the right pane, select Latest 48 Dashboards
hours of data
from the drop-down menu.
Interactive
Latest 5 m i nutes of data
v
latest 5 m inutes of data Latest hour of data Latest 24 hours of d ata Latest 48 hours of d ata Custom time range
7. Click the refresh icon and examine the changes made in the output. 8 . In the left pane, select vSphere-Overview and examine the dashboard. Most of the charts in the dashboard contain no results because vRealize Log Insight is only now starting to collect data. 9. In the left pane, select vSphere-ESXi and examine the dashboard. 1 0 . View the ESX/ESXi YOB events by component and event type panel. The firewall. config.changed event type has a count of 6, which corresponds to the number of times that you changed the firewall configuration on your ESXi hosts in task 3 . Tas k 5: Use v Real ize Log I ns i g ht I nteractive Analytics to Search fo r an Event You use vRealize Log Insight interactive analytics to search for types of events. 1 . At the top of the vRealize Log Insight interface, click Interactive Analytics. 2 . From the
Chart Type
drop-down menu, near the middle-right side o f the window, select Line.
Lab 1 3
Using vRealize Log Insight
97
3 . Notice how the graph display changes. 4.
Search for events that contain the word "firewall." a. In the wide text box in the middle of the window, enter firewall. Count of events
•
+
over time
R�...et
•
+ AD D Fl L u r n
b. From the time range drop-down menu, select Latest
*? Latest 5 minutes of dBta I h o
I1
23.a727t
Latest 5 m i n utes of data Latest hour of d ata Latest 6 hours of data
...-.
Latest 24 hours of d ata
v 6-12- 04 !6:25:41 -378
es.t First -.. �al lbac:k
Latest 48 hours of d ata 23.a 7 2 7 t
------.
Latest 7 days of data
> caill
to
All time n.a1 2tt
Custom time range
4340
c . Click the search icon .
.. d. View all the events that are found.
98
Lab 1 3
Using vRealize Log Insight
(at
Fie I'
6 hours of data.
5. Create a filter to find firewall events for the sa-esxi-0 1 host. a. Click Add Filter. b. From the first drop-down menu, select hostname. c . From the second drop-down menu, select contains. d. In the text box, enter
xi
sa-esxi - 0 1
hostname
+ ADD FILHR
v
and press Enter.
I1
"'_.l I
... _ co _ n_ m _ m _ s_ _ _ _
x CL E:AR ALL F I LT E R S
sa-esxi-01
e. Click the search icon. f. 6.
View all the events that are found.
Create a filter to find firewall events on the sa-esxi-0 I host that contain the word "disable ." a. Click Add Filter. b. From the first drop-down menu, select text. c . From the second drop-down menu, select contains. d. In the text box, enter disable and press Enter.
r
f irewall
::: Match Bii � of the follOW1rig fllters:
X IX
hostname
v
co ntains
v
sa-esxi-01
text
v
co ntains
v
d]sabfe
r
e. Click the search icon. f.
View all the events that are found.
g. Delete "disable" from the text box, enter enabl.e, and press Enter. h. Click the search icon. 1.
View all the events that are found.
7. Clear the filters. a. Click Clear All Filters. b. Delete "firewall" from the search text box. c. Click the search icon. Lab 1 3
Using vRealize Log Insight
99
Task 6: Examine vReal ize Log I ns i g ht Resou rce Usage You use the reporting feature in vRealize Log Insight to examine the resources that it is using. 1 . In the top-right corner, click the menu icon and select Administration. 2 . In the left pane, select System Monitor. 3. In the center pane, select Resources and examine the output. 4. In the center pane, select Statistics and examine the output. Task 7: Create an Add itional vReal ize Log I nsight User You create a user who can access vRealize Log Insight. 1 . In the left pane, select Access
Control.
2. In the center pane, select Users and click New User. 3 . On the New User page, configure the user's name, password, and role. a. In the
Username
text box, enter regadmin.
b. In the
Password text
box, enter the standard lab password.
c. In the Roles panel, select the Dashboard User check box and deselect all other check boxes. d. Click Save. Task 8: Access v Realize Log I ns i g ht as Another User You log in to vRealize Log Insight as a user other than Admin, and you access various dashboards. 1 . At the top right of the vRealize Log Insight interface, click admin and select Logout.
• 2 . Log in to vRealize Log Insight as user regadmin. a. In the Username text box, enter regadmin. b. In the
Password
text box, enter the standard lab password and click Login.
3 . Verify that Interactive Analytics does not appear at the top of the vRealize Log Insight interface. The user regadmin is allowed only to view dashboards.
1 00
Lab 1 3
Using vRealize Log Insight
4. Examine various dashboards. a. At the top of the vRealize Log Insight interface, click
Dashboards.
b. Ensure that General is selected from the drop-down menu at the top of the left pane. c . In the left pane, select Overview and examine the dashboard. d. In the left pane, select Event Types and examine the dashboard. e. In the left pane, select Security and examine the dashboard. f.
From the drop-down menu at the top of the left pane, select
VMware - vSphere.
g. In the left pane, select General-Overview and examine the dashboard. h. In the left pane, select vSphere-Overview and examine the dashboard. 5. At the top right of the vRealize Log Insight interface, click regadmin and select Logout. 6.
In the Internet Explorer window, close the vRealize Log Insight tab.
Task 9: Prepare for the Next Lab In preparation for the next lab, you add a second adapter to the VCHA virtual machine and you power on the VCHA virtual machine. 1 . In the
vSphere Web Client
tab, point to the Home icon and select Hosts and Clusters.
2. Add a second network adapter to the VCHA virtual machine. a. In the left pane, right-click VCHA and select Edit Settings. The Edit Settings dialog box appears. b. Near the bottom of the dialog box, select Network from the New device drop-down menu. c. Click Add. The new network adapter is added to the virtual hardware list. d. Select pg-VCHA-Cluster from the
New Network
drop-down menu.
You might have to select Show more networks from the drop-down menu before you can select the pg-VCHA-Cluster network. e. In the Edit Settings dialog box, click
OK.
3 . Power on the VCHA virtual machine. The VCHA virtual machine takes a few minutes to start up completely. You use the VCHA virtual machine to configure VMware vCenter Server® High Availability in the next lab. 4. Point to the
Home
icon and select Home. Lab 1 3
Using vRealize Log Insight
101
1 02
Lab 1 3
Using vRealize Log Insight
Lab 14 Using vCenter Server Hig h
Availability
Objective: Configure vCenter Server Appliance for high availability In this lab, you perform the following tasks: 1 . Configure the vCenter Server High Availability Network 2 . Log In to the High Availabil ity vCenter Server Appliance Instance 3. Configure vCenter Server High Availability 4. Create the Passive Node 5. Create the Witness Node 6.
Finish Configuring vCenter Server High Availability
7. (Optional) Redo the vCenter Server High Availability Configuration If Failure Occurred 8 . Manually Initiate a vCenter Server Failover 9. Verify That Your vCenter Server Failover Occurred 1 0 . Prepare for the Next Lab
Lab 14
Using vCenter Server High Availability
1 03
Task 1 : Confi g u re the vCenter Server H i g h Availab i l ity Network At the end of lab 1 3 , you added the second network adapter to the vCenter Server Appliance instance that you will use for this lab exercise. The second network adapter is used for the private, vCenter Server High Availability network, which is used for communication between the vCenter Server High Availability nodes. You ensure that the vCenter Server Appliance instance is powered on, you view information about the network adapters, and you verify that the second network adapter is online. 1 . In the Internet Explorer window, click the
vSphere Web Client
tab.
2. Point to the Home icon and select Hosts and Clusters. 3 . In the left pane, verify that the VCHA virtual machine is powered on. 4. If you did not power on VCHA before the start of the lab, power on the virtual machine now. 5. View information about the network adapters connected to VCHA. a. In the left pane, select VCHA. b. In the center pane, click the
Summary tab.
c . Expand the VM Hardware panel. d. Verify that Network adapter 1 is connected to the pg-VCHA-Management network. e. Verify that Network adapter 2 is connected to the pg-VCHA-Cluster network. pg-VCHA-Cluster is the private network used for communication between the vCenter Server High Availability nodes. 6.
Verify that the second network adapter on VCHA is online. a. Open a new tab in the Internet Explorer window. b. In the URL box, enter https : // vcha . vclass . local : 5 4 8 0 . vcha.vclass .local i s the name of the vCenter Server Appliance instance that you will make highly available. c. If you receive a security exception, click the login screen.
Continue to this website
The VMware vSphere Appliance Management login page appears. d. Log in as user root with the standard lab password. e . In the Navigator pane, select Networking and click the f.
1 04
Manage tab.
Under Networking Interfaces, verify that both nicO and nic l are up.
Lab 1 4
Using vCenter Server High Availability
link to display the
7. If nic l is down, then configure the IP settings for nic l . a. Click Edit next to Networking Interfaces. The Edit IP Configuration dialog box appears. b. Expand
nicl
and click Use the following 1Pv4
c. In the
1Pv4 Address
d. In the
1Pv4 Address Prefix
text box, enter 1 9 2
168 1 95. .
.
text box, enter 2 4 .
e . Keep the rest of the defaults and click f.
.
settings.
OK.
Verify that the status of nic 1 is Up.
8 . In the Navigator pane, select Access. 9. In the right pane, verify that SSH Login is enabled. 1 0 . Log out of the Virtual Appliance Management interface and close the tab. Task 2: Log I n to the H i g h Availability vCenter Server Appl ia nce I nsta nce You use vSphere Web Client to log in to the vCenter Server Appliance instance that will be configured for high availability. 1 . Open a new tab in Internet Explorer. 2 . In the Favorites bar, select vSphere Web Clients > VCHA. 3. When the security exception for vSphere Web Cl ient appears, click the Continue to this website link to display the login screen. If you did not power on VCHA before the start of this lab, then the Web server takes a few minutes to initialize. When the Web server finishes initializing, the VMware vCenter Single Sign-On login page appears. 4. In the User
name text
box, enter admin istrator@ vcha . local.
The domain is vcha. local, not vsphere.local. 5. In the Password text box, enter the standard lab password. 6.
Click Login. The vSphere Web Client page appears.
Lab 14
Using vCenter Server High Availability
1 05
Task 3: Confi g u re vCenter Server H i g h Availabil ity You configure the vCenter Server Appliance instance for high availability. You perform the advanced configuration, which means that you must manually create the passive node and the witness node. 1 . In the left pane, select vcha.vclass.local. 2 . In the center pane, click the Configure tab and select vCenter HA on the left. 3. In the upper-right corner of the center pane, click Configure. The Configure vCenter HA wizard appears. 4. On the Select a configuration option page, select Advanced and click Next. 5. On the Connection IP settings page, configure the IP settings for the passive node and the witness node. a. Under Passive Node, enter 1 92 . 1 68 . 1 . 96 in the vCenter HA IP address text box. This address is the IP address on the private vCenter Server High Availability network for the passive node. b. In the Subnet mask (prefix for 1Pv6) text box, enter 2 5 5 . 2 5 5 . 2 5 5 . o. c. Under Witness Node, enter
1 92 . 1 6 8 . 1 . 97
in the
vCenter HA IP address
text box.
This address is the IP address on the private network for the witness node. d. In the Subnet mask (prefix for IPv6) text box, enter 2 5 5 . 2 5 5 . 2 5 5 . o . e. Click Next. The Clone VMs page appears. Do not click
Finish
yet.
You must create the passive node and the witness node before you can complete the vCenter Server High Availability configuration. Task 4: Create the Passive N ode You create the passive node by cloning the vCenter Server High Availability active node. The active node is the vCenter Server Appliance instance, VCHA. The passive node is created on sa-esxi02. vclass.local. 1 . In Internet Explorer, switch to the
vSphere Web Client
tab for sa-vcsa-01 .vclass.local.
2. In the left pane, right-click VCHA and select Clone> Clone t o Virtual Machine. The Clone Existing Virtual Machine wizard appears. 3. On the Select a name and folder page, enter VCHA- Pass ive for the virtual machine name and click Next. 1 06
Lab 1 4
Using vCenter Server High Availability
4. On the Select a compute resource page, expand the SA Management cluster and select sa-esxi02.vclass.local.
5. Click Next. 6.
On the Select storage page, select the datastore and virtual disk format. a.
Select SA-ESXi-02-Local.
b. From the
Select virtual disk format
drop-down menu, select Same
format as source.
c. Click Next. 7. From the Select clone options page, select the Customize the operating system check box and select the Power on virtual machine after creation check box. 8.
Click Next.
9. On the Customize guest OS page, create a new customization specification for the passive node . A preconfigured customization specification named VCHA Passive Specification was created for the sake of convenience. As an alternative to performing step 9, you can select VCHA Passive Specification and click Next, instead of creating a new customization specification. a.
Click the Create a new specification icon. The New VM Guest Customization Spec wizard appears.
b. On the New Customization Specification page, enter the name of your choice in the Customization Spec Name text box and click Next. c. On the Computer Name page, select the text box.
Enter a name
check box and enter vcha in the
The computer name of the passive node must match the computer name of the active node. d. In the
Domain name
text box, enter vc lass . local and click Next.
e . On the Time Zone page, configure the time zone settings and click Next.
f.
Option
Action
Area
Select America.
Location
Select Los Angeles.
On the Configure Network page, select
NICI
and click the
Edit
icon.
g. Click Use the following IP settings.
Lab 1 4
Using vCenter Server High Availability
1 07
h. Configure the IP settings for NIC 1 and click
OK.
Option
Action
IP Address
Enter 172 . 2 0 . 1 1 0 . 95. This IP address is the public address of the active node.
Subnet Mask
En�r 255 . 2 55 . 2 55 . 0 .
Default Gateway
Enter 172 . 2 0 . 1 1 0 . 1 0 .
Alternate Gateway
Leave blank.
l.
On the Configure Network page, select NIC2 and click the Edit icon.
J.
Click Use
the following IP settings.
k. Configure the IP settings for NIC2 and click
OK.
Option
Action
IP Address
Enter 1 92 . 1 68 . 1 . 96.
Subnet Mask
Enter 255 . 255 . 255 . o .
Default Gateway
Leave blank.
Alternate Gateway
Leave blank.
l. On the Configure Network page, click Next. m. On the Enter DNS and Domain Settings page, configure the DNS and domain information and click Add. Option
Action
Primary DNS
Enter 172 . 20 . 1 1 0 . 1 0 .
Secondary DNS
and Tertiary DNS
DNS Search Path
1 08
Lab 1 4
Leave blank. Enter vc lass . local.
Using vCenter Server High Availability
n. Click Next. o. On the Ready to complete page, review the settings and click Finish. The Clone Existing Virtual Machine wizard reappears. p. On the Customize guest OS page, select the passive node customization specification that you created and click Next. 1 0 . On the Ready to complete page, review the settings and click
Finish.
1 1 . View the Recent Tasks pane and monitor the Clone Virtual Machine task to completion. This task takes several minutes to complete. You must wait for this task to complete before going to the next task. 1 2 . In the left pane, verify that the VCHA-Passive virtual machine appears and is powered on. Task 5: Create the Witness Node You create the witness node by cloning the vCenter Server High Availability active node. The active node is the vCenter Server Appliance instance, VCHA. The witness node is created on sa-esxi03. vclass.local. 1 . In the left pane, right-click VCHA and select Clone > Clone to Virtual Machine. The Clone Existing Virtual Machine wizard appears. 2 . On the Select a name and folder page, enter VCHA-Wi tness for the virtual machine name and click Next. 3 . On the Select a compute resource page, expand the S A Management cluster and select sa-esxi03. vclass.local.
4.
Click
Next.
5. On the Select storage page, select the datastore and virtual disk format. a.
Select SA-ESXi-03-Local.
b. From the c.
Select virtual disk format
drop-down menu, select Same
format as source.
Click Next.
6.
From the Select clone options page, select the Customize the operating system check box and select the Power on virtual machine after creation check box.
7.
Click Next.
Lab 14
Using vCenter Server High Availability
1 09
8. On the Customize guest OS page, create a new customization specification for the witness node. A preconfigured customization specification named VCHA Witness Specification was created for the sake of convenience. As an alternative to performing step 8, you can select VCHA Witness Specification and click Next, instead of creating a new customization specification. a. Click the
Create a new specification
icon.
The New VM Guest Customization Spec wizard appears. b. On the New Customization Specification page, enter the name of your choice in the Customization Spec Name text box and click Next. c. On the Computer Name page, select the Enter a wi tne ss in the text box.
name
check box and enter vcha
The computer name of the witness node must not match the computer name of the active node. d. In the
Domain name
text box, enter vc lass . local and click Next.
e . On the Time Zone page, configure the time zone settings and click Next.
f.
Option
Action
Area
Select America.
Location
Select Los Angeles.
On the Configure Network page, select
NICI
and click the
Edit
icon.
g. Leave Use DHCP to obtain an IP address automatically clicked and click OK. h. On the Configure Network page, select NIC2 and click the 1.
110
Click Use the
following IP settings,
Edit
icon.
configure the IP settings for NIC2, and click
Option
Action
IP Address
Enter 1 92 . 1 68 . 1 . 97.
Subnet Mask
En�r 2ss . 2 s s . 2 s s . o .
Default Gateway
Leave blank.
Alternate Gateway
Leave blank.
Lab 1 4
Using vCenter Server High Availability
OK.
J.
On the Configure Network page, click Next.
k. On the Enter DNS and Domain Settings page, configure the DNS and domain information and click Add. Option
Action
Primary DNS
En�r 112 . 2 0 . 1 1 0 . 1 0 .
Secondary DNS
and Tertiary DNS
Enter vc 1ass . 1oca1 .
DNS Search Path
I.
Leave blank.
Click Next.
m. On the Ready to complete page, review the settings and click Finish. The Clone Existing Virtual Machine wizard reappears. n. On the Customize guest OS page, select the witness node customization specification that you created and click Next. 9. On the Ready to complete page, review the settings and click Finish. 1 0 . View the Recent Tasks pane and monitor the Clone Virtual Machine task to completion. This task takes several minutes to complete. You must wait until this task completes before continuing. 1 1 . In the left pane, verify that the VCHA-Witness virtual machine appears and is powered on. 1 2 . Wait at least one minute before going to the next task. Waiting for at least one minute gives the wizard enough time to finish preparing the witness node. Task 6: F i nish Config u ring vCenter Server H ig h Ava ilabi lity With the passive node and the witness node created, you finish configuring vCenter Server High Availability on the high availability vCenter Server Appliance instance. 1 . In Internet Explorer, switch to the vSphere Web Client tab for vcha.vclass.local. The Configure vCenter HA wizard is open. 2 . On the Clone VMs page, click Finish to complete the vCenter High Availability configuration.
Lab 14
Using vCenter Server High Availability
111
3 . While you wait for the configuration task to complete, view the Recent Tasks pane to monitor the configuration task. The configuration task takes several minutes to complete. 4. Verify that vCenter Server High Availability is successfully configured. a. Verify that the center pane shows that vCenter HA is enabled. b. In the upper-right corner of the center pane, click the
vCenter HA Monitoring link.
c. Verify that the health is good for the active, passive, and witness nodes. d. In the upper-right corner of the center pane, click the
vCenter HA Settings
link.
Task 7: (Optional) Redo the vCenter Server H ig h Availability Confi g u ration If Fai l u re Occu rred You remove the existing passive and witness nodes, and you revert the VCHA virtual machine to a known good starting point. I M P O RTA N T
Perform this task only if your vCenter Server High Availability configuration failed in task 6. If you successfully configured vCenter Server High Availability in task 6, go to task 8. 1 . In Internet Explorer, switch to the 2. Point to the
Home
vSphere Web Client
tab for sa-vcsa-0 I .local.
icon and select Hosts and Clusters.
3. Power off the VCHA, VCHA-Passive, and VCHA-Witness virtual machines. 4. Revert to the last snapshot for VCHA. a. Right-click VCHA and select Snapshots > Revert to Latest Snapshot. b. Click Yes to confirm reverting to the latest (most recent) snapshot. The latest snapshot has network adapter 2 already configured for you. 5. Delete the VCHA-Passive and VCHA-Witness virtual machines. a. Right-click VCHA-Passive and select Delete
from Disk.
b. Click Yes to confirm deletion. c. Right-click VCHA-Witness and select Delete from Disk. d. Click Yes to confirm deletion. 6.
112
Perform tasks 2 through 6 again.
Lab 1 4
Using vCenter Server High Availability
Task 8: Manually I n itiate a vCenter Server Fai lover You use vSphere Web Client to initiate a vCenter Server failover from the active vCenter Server Appliance instance. 1 . In the upper-right corner in the center pane, click Initiate Failover. 2. In the Initiate vCenter HA Failover window, click Yes. As the failover takes place, connectivity to the vCenter Server Appliance instance is lost for a short time. It might take 5 minutes before you see the Connection Error dialog box indicating a loss of connectivity to the vCenter Server Appliance instance. 3. After connectivity to the vCenter Server instance is lost, close the vcha. vclass . local . 4. Open a new tab and select vSphere Web
Clients > VCHA
vSphere Web Client
tab to
in the Favorites bar.
Failover takes several minutes to complete. It will still be in progress. 5. Periodically click the Refresh icon in the Web browser to refresh the tab. You can expect to see Fai lover in P r ogre s s messages every time you refresh the browser page for as long as 1 5 minutes before you see the VMware vCenter Single Sign-On screen. Failover is complete when the VMware vCenter Single Sign-On screen appears. Task 9: Verify That Yo ur vCenter Server Failover Occu rred You use vSphere Web Client to examine the settings and events to verify that the active vCenter Server instance is the peer vCenter Server instance. 1 . In the vSphere Web Client tab for vcha.vclass. local, log in to as
[email protected] with the standard lab password. It might take up to 5 minutes after you log in before the vSphere Web Client screen appears. 2 . In the left pane, click
vcha.vclass.local
at the top of the inventory tree.
3. In the center pane, click the Configure tab and click vCenter HA on the left. 4 . In the center pane, select the Active node. 5. In the Active Settings pane, view the IP address of the active node. The IP address belongs to the VCHA-Passive virtual machine. 6.
Verify that the virtual machine is the passive node, VCHA-Passive.
7. In the center pane, click the Monitor tab and click
Lab 14
Tasks & Events.
Using vCenter Server High Availability
113
8.
Select Tasks on the left and examine the output for indications that a vCenter Server failover was initiated.
9.
Select Events and examine the output for indications that a vCenter Server failover occurred.
10. In the center pane, click the Monitor tab and click vCenter HA. 1 1 . Examine the health of the cluster. 1 2 . Close the
vSphere Web Client
tab to vcha.vclass .local.
Task 1 0: Prepare for the Next Lab In preparation for the next lab, you power on the LAB-VCS-0 1 virtual machine. 1 . On the
vSphere Web Client
tab for sa-vcsa-01 .vclass.local, point to the Home icon and select
Hosts and Clusters.
2 . Power off the VCHA, VCHA-Passive, and VCHA-Witness virtual machines. 3. Power on the LAB-VCS-0 1 virtual machine. LAB-VCS-0 1 takes a few minutes to start up completely. The LAB-VCS-0 1 virtual machine is a Windows vCenter Server 5.5 system that you migrate to a vCenter Server Appliance instance in the next lab. 4. Point to the Home icon and select Home.
114
Lab 1 4
Using vCenter Server High Availability
Lab 15 Migrating Windows vCenter
Server to vCenter Server Appliance
Objective: Migrate a Windows vCenter Server instance to vCenter Server Appliance In this lab, you perform the following tasks: 1 . Confirm That vCenter Server for Windows Is Running 2.
Start the Migration Assistant on the Windows vCenter Server System
3 . Run the vCenter Server Appliance Installer and Perform Stage 1 of the Migration Process 4. Monitor Stage 1 of the Deployment Process 5. Perform Stage 2 of the Deployment Process 6.
Confirm Successful Migration
7. Clean Up for Later Labs Task 1 : Confirm That vCenter Server for Windows Is Running You log in to the Windows vCenter Server 5.5 system, verify that vCenter Server is running, and view its inventory. 1 . In the Internet Explorer window, go to the 2 . Point to the
Home
vSphere Web Client
tab for sa-vcsa-01 .vclass.local.
icon and select Hosts and Clusters.
3. In the left pane, verify that the LAB-VCS-0 1 virtual machine is powered on. 4. If the LAB-VCS-0 1 virtual machine is not powered on, power it on and wait a few minutes for it boot up completely and for the vCenter services to start.
115
5 . Use vSphere Web Client to log in to the Windows vCenter Server system. a. Open a new tab in Internet Explorer. b. From the Favorites bar, select vSphere Web
Clients > LAB-VCS -0 1 .
This shortcut goes to https ://lab-vcs-0 l .vclass.local:9443/vsphere-client. c. If you receive a security exception for vSphere Web Client, click the Continue t o this website link to display the login screen. If you did not power on LAB-VCS-0 1 before the start of this lab, then it takes a few minutes for the vSphere Client Web server to initialize. When the Web server finishes initializing, the vSphere Web Client login screen appears. d. In the login screen, enter admin i s trator@ vsphere . local in the User e. In the Password text box, enter the standard lab password and click
name
text box.
Login.
6. Verify that vCenter Server 5.5 for Windows is running. a. From the Help menu in the upper-right corner, select
About VMware vSphere.
The About VMware vSphere window appears. b. View the vSphere Web Client line (the first line in the window) and verify that you are running version 5 . 5 .0. c. Click OK to close the About VMware vSphere window. 7. On the Home page, point to the Home icon and select Hosts and Clusters. 8 . In the left pane, verify that you have two objects: Training Datacenter and Lab Cluster. 9 . Close the
vSphere Web Client
tab to lab-vcs-0 1 . vclass.local.
Task 2: Start the M i g ration Assistant on the Wind ows vCenter Server System The Migration Assistant is an application that runs on the Windows vCenter Server 5.5 system. You use the Migration Assistant to extract the configuration data from the Windows vCenter Server 5.5 system and send it to a vCenter Server Appliance 6.5 instance. The Migration Assistant is in the m i g r a t i o n- a s s i s t ant folder.
116
Lab 1 5
Migrating Windows vCenter Server to vCenter Server Appliance
1 . Open a console to the LAB-VCS-0 1 virtual machine. a.
Click the Remote Desktop
Connection Manager
icon in the Windows desktop tool bar.
The Remote Desktop Connection Manager window appears. b. In the left pane, double-click LAB-VCS-01
(vclass.local).
c. If you do not connect to LAB-VCS-0 1 , then right-click LAB-VCS-01 select Connect server.
(vclass.local)
and
The desktop for LAB-VCS-0 1 appears in the center pane. 2. Open the
M i g r a t i o n - a s s i s t ant
folder on the LAB-VCS-0 1 desktop.
3. Double-click VMware-Migration-Assistant to start the Migration Assistant. The Migration Assistant console window appears. 4. If you see a security warning, click Run. 5. For the Administrator@vsphere. local password, enter the standard lab password. Extracting the Migration Assistant scripts and running the prechecks takes a couple of minutes. Information about the existing deployment appears on the screen. The migration steps are also detailed there. 6. Wait until the Wait ing
f o r m i g r a t i o n to
start
message appears.
The Migration Assistant pauses at this screen while the migration is in progress. I M P O RTA N T
Do not close the console until the migration is complete. 7. Minimize the Remote Desktop Connection Manager window. You return to this window later.
Lab 1 5
Migrating Windows vCenter Server to vCenter Server Appliance
117
Task 3: Run the vCenter Server Appliance I nstaller and Perform Stage 1 of the M i g ration P rocess You use the vCenter Server Appliance installer to perform stage 1 of the migration process. 1 . Mount the vCenter Server Appliance installer ISO file. a. On the Student-a-O l desktop, double-click Class Materials
and Licenses.
b. Double-click Downloads. c. Double-click VMware-VCSA-all-6.5.0.iso. This file contains the vCenter Server Appliance installer ISO image. The installer ISO file is mounted as the E: drive. 2. Run the vCenter Server Appliance installer program. a. Navigate to v c s a - u i - i n s t a l l e r \ w i n 3 2 . The
i n s t a l l e r . exe
file is in this folder.
b. Double-click installer.exe to start the migration process. c. If you see a security warning, click Run. The vCenter Server Appliance 6.5 Installer window appears. 3.
Select the Migrate option. The Migrate - Stage 1 : Deploy appliance wizard appears.
4. On the Introduction page, read the information about what occurs during the migration process and click Next. 5 . On the End user license agreement page, accept the license agreement and click Next. 6 . On the Connect to source server page, specify the Windows vCenter Server instance. a. In the Source Windows server text box, enter lab-vc s - 0 1 . vclass . local. b. In the SSO password text box, enter the standard lab password and click Next. c. In the Verify Thumbprint window, click Yes to accept the certificate.
118
Lab 1 5
Migrating Windows vCenter Server to vCenter Server Appliance
7. On the Appliance deployment target page, specify the ESXi host on which to deploy the vCenter Server Appliance instance. a. In the ESXi
host or vCenter Server name
text box, enter sa-esxi - 0 1 . vclass . local.
In this lab, you deploy to an ESXi host. However, you can deploy to a vCenter Server system as well. b. In the
User name
text box, enter root.
c. In the Password text box, enter the standard lab password and click Next. d. In the Certificate Warning window, click Yes to accept the certificate . 8 . On the Set up target appliance VM page, configure the appliance name and the root password. a. In the VM name text box, enter VCSA- 0 2 . vclass . local . b. In the Root password and Confirm root password text boxes, enter the standard lab password and click Next. 9. On the Select deployment size page, keep the default (Tiny) and click Next. 1 0 . On the Select datastore page, specify the datastore information. a.
Select the SA-ESXi-01 -Local datastore .
b. Select the Enable T hin Disk Mode check box and click Next. 1 1 . On the Configure network settings page, configure the vCenter Server Appliance network settings. Option
Action
Network
Select pg-SA Management. This port group uses ephemeral port binding, which is a requirement for the migration.
IP version
Select IPv4.
IP assignment
Select static.
Temporary IP address
En�r 1 7 2 . 2 0 . 1 0 . 7 0 .
Subnet mask or prefix length
Enter 2 4 .
Default gateway
Enter 1 7 2 . 2 o . 1 o . 1 o .
DNS servers
Enter 1 7 2 . 2 o . 1 o . 1 o .
1 2 . Click Next. Lab 1 5
Migrating Windows vCenter Server to vCenter Server Appliance
119
1 3 . On the Ready to complete stage 1 page, review your settings and click Finish. Stage 1 takes several minutes to complete. 14. Go to the next task to monitor the progress of stage 1 . Task 4 : Mon itor Stage 1 of the Dep loyment P rocess You monitor the progress of stage 1 of the deployment process. 1 . Use VMware Host Client™ to log in to SA-ESXi-0 1 . a. In the Internet Explorer window, open a new tab. b. In the Favorites toolbar, select Host
Clients> SA-ESXi-01.
c. If you receive a security exception for VMware Host Client, click the Continue to this website link. The ESXi login page appears. d. On the login page, enter root in the User e. Enter the standard lab password in the f.
name
text box.
Password
text box.
Click Log in.
g. In the informational message window, deselect the Join
CEIP
check box and click OK.
The VMware Host Client page appears. 2 . Open a console window to monitor the deployment of vCenter Server Appliance. a. In the left pane, click Virtual Machines. b. Wait until VCSA-02.vclass.local is powered on. c. In the center pane, right-click VCSA-02.vclass.local and select Console> Open console in new window.
3 . Monitor the progress of the stage 1 deployment process. a. Position the VCSA-02 console window and the vCenter Server Appliance Installer progress bar window so that both windows are visible on your monitor. Or you can alternate between viewing the two windows. b. Notice changes that occur on the console screen. For example, if the progress bar is at about 80 percent, the VCSA-02 console window changes to a virtual appliance screen. c. In the vCenter Server Appliance Installer progress bar window, wait for stage 1 to be 100 percent complete. d. When stage 1 is complete, click
Continue.
The Stage 2 : vCenter Server Appliance with an Embedded PSC wizard appears. 1 20
Lab 1 5
Migrating Windows vCenter Server to vCenter Server Appliance
4. Monitor messages in the Migration Assistant on the Windows vCenter Server system. a.
Switch back to the Migration Assistant in the Remote Desktop Connection Manager window.
b. Confirm that the Suc c e s s f u l l y re turned appears in the Migration Assistant output.
cac hed p r e c h e c k s r e s u lt
message
c. Return to the vCenter Server Appliance Installer window. Task 5: Perform Stage 2 of the Dep loyment Process You perform stage 2 of the migration process. 1 . On the Introduction page of the vCenter Server Appliance Installer window, read the information and click Next. 2 . On the Join AD Domain page, configure the Active Directory domain settings.
3.
Option
Action
AD domain
Verify that the domain is vclass.local.
AD User name
Enter administrator.
AD Password
Enter the standard lab password.
Click
Next.
4. On the Select migration data page, select Configuration, metrics and click Next.
events, tasks, and performance
5. On the Configure CEIP page, deselect the Join the VMware's Customer Improvement Program (CEIP) check box and click Next.
Experience
6. On the Ready to complete page, select the I have backed u p the source vCenter Server and all the required data from the database check box. 7.
Click Finish. The Shutdown Warning window warns that vCenter Server will shut down when the network configuration is enabled on the destination vCenter Server Appliance.
Lab 1 5
Migrating Windows vCenter Server to vCenter Server Appliance
121
8 . Click
OK.
The rest of the migration takes about 30 minutes to complete: •
•
•
•
•
•
Data transfer - Export data: Data will be copied from the source vCenter Server instance to the target vCenter Server instance. Shutdown source machine: After the data is copied, the source vCenter Server instance will be shut down. Copy data from source vCenter Server to target vCenter Server: The Active Directory configuration will be applied. Set up target vCenter Server and start services: The vCenter Server service will be configured. Import data: Some vCenter services will be stopped, and the data copied from the source vCenter Server instance will be imported to the target vCenter Server instance. Migration complete : After the data is transferred, the migration of the Windows vCenter Server instance to the vCenter Server Appliance instance is complete.
When stage 2 is complete, the Complete screen appears. Complete
$
1 Copy data from source vCenter Server to target vCenter Server
$
2. Set up target vCenter Server and start services
$
3. Import copied data to target vCenter Server 00'11> Comp lete
Data uansfer and appliance setup has been completed successrully Click on one ofthe links below, to manage the appliance Press dose to exit
vSphere Web Client
httpsl/SA-VCS-01 vclass local 443/Vsphere-cllenU
Appliance Getting Started Page
httpsl/SA-VCS-01 .vclass.local 443
Close
9. Click Close to exit the vCenter Server Appliance Installer.
1 22
Lab 1 5
Migrating Windows vCenter Server to vCenter Server Appliance
Task 6: Confi rm S uccessful M i g ration You confirm that the Windows vCenter Server system was migrated to vCenter Server Appliance. 1 . Use vSphere Web Client to log in to the newly migrated vCenter Server instance. a. Open a new Internet Explorer tab. b. From the Favorites bar, select vSphere Web
Clients > LAB-VCS -0 1 .
c . I f you receive a security exception for vSphere Web Client, click the Continue to this website link to display the login screen. d. Log in with the vCenter Server Appliance user name and the standard lab password. 2. Point to the
Home
icon and select Host
and Clusters.
3 . In the left pane, select LAB-VCS-01 .vclass.local. 4 . In the center pane, click the Summary tab. 5 . In the Version Information panel, verify that the version is 6.5. 6. In the left pane, verify that you have two objects in the inventory tree: Training Datacenter and Lab Cluster. 7. Point to the Home icon and select Administration. 8. In the left pane, select System Configuration. 9.
Select Nodes.
1 0 . Select LAB-VCS-01 .vclass.local and review the information about the vCenter Server Appl iance instance. 1 1 . Log out of vSphere Web Client and close the tab. Task 7: C lean U p for Later Labs You delete the new vCenter Server Appliance instance to free up resources in the lab. 1 . Click the vSphere Web 2. Point to the
Home
Client
tab for sa-vcsa-01 .vclass.Iocal.
icon and select Hosts and Clusters.
3. In the left pane, select VCSA-02.vclass.local. 4. Shut down VCSA-02.vclass.local. 5 . Right-click VCSA-02.vclass.local and select Delete from Disk. 6. Point to the
Home
icon and select Home.
Lab 1 5
Migrating Windows vCenter Server to vCenter Server Appliance
1 23
1 24
Lab 1 5
Migrating Windows vCenter Server to vCenter Server Appliance
Lab 1 6 Config uring Lockdown Mode
Objective: Configure and test lockdown mode In this lab, you perform the following tasks: 1.
Start the vSphere ESXi Shell and SSH Services
2 . Test the SSH Connection 3 . Enable and Test Lockdown Mode 4. Disable Lockdown Mode 5 . Examine the DCUI.Access List Task 1 : Sta rt the vSphere ESXi Shell and SSH Services You use vSphere Web Client to start VMware vSphere® ESXi™ Shell and SSH services on your host. 1 . In the Internet Explorer window, click the 2. Point to the
Home
vSphere Web Client
tab to sa-vcsa-0 1 .vclass. local.
icon and select Hosts and Clusters.
3. In the left pane, select sa-esxi-0 1.vclass.local. 4 . In the center pane, click the Configure tab. 5. On the left under System, click Security Profile. 6. In the center pane, scroll down to the Services panel. To make navigation easier, you can minimize the Firewall Incoming Connections list and the Firewall Outgoing Connections list. 7. Click Edit next to Services.
1 25
8 . Verify that the vSphere ESXi Shell service is running. a. In the Edit Security Profile window, select ESXi
Shell
b. In the Service Details pane, confirm that the correct settings are configured. •
Startup policy is set to Start and stop with host.
•
Status is Running.
c. If the correct settings are not configured, change the startup policy to Start and stop with host and click Start. By default, this service is not configured to start with the host. This setting was enabled as part of the lab kit configuration. 9. Verify that the SSH service is running. a. In the Edit Security Profile window, select SSH. b. In the Service Details pane, confirm that the correct settings are configured. •
Startup policy is set to Start and stop with host.
•
Status is Running.
c. If the correct settings are not configured, change the startup policy to Start and stop with host and click Start. By default, this service is not configured to start with the host. This setting was enabled as part of the lab kit configuration. d. Click
OK.
Task 2: Test the SSH Con nection You use MTPuTTY to connect to the ESXi host and confirm that SSH is working. 1 . Click MTPuT T Y in the Windows desktop taskbar. The MTPuTTY utility window appears. 2 . In the left pane, double-click SA-ESXi-0 1. A new SA-ESXi-0 1 tab opens in the center pane. MTPuTTY is configured to automatically log in to the ESXi host as user root. 3. If the login is successful, enter exit.
1 26
Lab 1 6
Configuring Lockdown Mode
Task 3: Enable and Test Lockdown Mode You use vSphere Web Client to enable lockdown mode for your assigned ESXi host. 1 . In the Internet Explorer window, click the
vSphere Web Client
tab.
2. In the left pane, select sa-esxi-01.vclass.local. 3 . In the center pane, click the Configure tab. 4 . On the left, click Security Profile and scroll down until the Lockdown Mode panel is visible. 5. Enable normal lockdown mode. a.
Click
Edit next to
Lockdown Mode.
The Lockdown Mode wizard appears. b. On the Lockdown Mode page, click Normal. C.
Click Exception Users on the left. Users are not listed.
d. Click OK. 6. Verify that normal lockdown mode works properly. The user root must be denied access in an SSH session. In general, all users, including user root, will be denied access in an SSH session. a. Go to the
MT PuT T Y
window.
b. In the left pane, double-click SA-ESXi-0 1. MTPuTTY automatically tries to log in as root. c. Verify that user root is not logged in and that the Acce s s
Denied
message appears.
d. Close the MTPuTTY window. Task 4 : D isable Lockdown Mode You use vSphere Web Cl ient to disable lockdown mode. 1 . In the Internet Explorer window, click the
vSphere Web Client
tab.
2 . Click Edit next to Lockdown Mode. 3. On the Lockdown Mode page, click Disabled. 4.
Click
OK.
Lab 1 6
Configuring Lockdown Mode
1 27
Task 5: Exami ne the D C U l .Access List The DCUI.Access list is a list of local users on an ESXi host. These users have rights to disable lockdown mode when a catastrophic failure occurs and administrators need direct host access again. These users do not need the administrator role on the ESXi host. 1 . In the center pane on the left, click Advanced System Settings under System. 2. In the Advanced System Settings pane, scroll down to the DCUI.Access entry. You can also use the
Filter
box and search for "DCUI ."
3. Examine the value of the DCUI.Access setting. The root user is added to the DCUI.Access list by default. Thus, the root user can disable lockdown mode but cannot bypass lockdown mode. 4. Point to the Home icon and select Home.
1 28
Lab 1 6
Configuring Lockdown Mode
Lab 1 7 Working with Certificates
Objective: Generate and replace a vCenter Server certificate In this lab, you perform the following tasks: 1 . Examine vSphere Certificates 2. Create a Windows 20 12 Certificate Authority Template for vSphere 3. Create a Certificate Signing Request 4. Download the CSR to the Student Desktop 5 . Request a Signed Custom Certificate 6. Replace a Machine Certificate with the New Custom Certificate Task 1 : Examine vSphere Certifi cates You examine the default certificates issued by VMware Certificate Authority in a nonproduction vCenter Server system. 1 . In the Internet Explorer window, go to the 2 . Point to the
Home
vSphere Web Client
tab for sa-vcsa-0 l .vclass.local.
icon and select Administration.
3. In the left pane, click System Configuration. 4. In the left pane, click
Nodes
and click sa-vcsa-0 1.vclass.local.
5. In the center pane, click the Manage tab and click Certificate Authority. 6. In the Certificate Authority panel, click the
Verify password
link.
1 29
7. In the Password text box, enter the standard lab password and click OK.
8.
Q1 .
How many active certificates are in the certificate store for this node?
Q2.
How long are the certificates valid for?
Q3.
On what date do the certificates expire?
Select the first C=US,CN=sa-vcsa-0 1.vclass.local certificate in the list.
9. Record the expiration date of the certificate. 1 0 . Click the
Show Details for certificate
_ _ _ _ _
icon.
S u bj e ct C = U S , CN=sa-vcsa-01 .vc l a s s . l o c a l C = U S , CN=sa-vcsa-01 .vc l a s s . l o c a l
Q4.
Who issued the certificate?
1 1 . Click OK 1 2 . Widen the Subject column in the center pane until you can see the CN= part of the subject name for each certificate. 1 3 . Select the first certificate in the list that has a Subject field that begins with OU=. 1 4 . Click the Q5.
Show Details for certificate
Based on the Common name field under S u bject, what is the type of this certificate?
1 5 . Click OK.
1 30
icon.
Lab 1 7
Working with Certificates
1 6 . Use the Show Details for that begin with OU=.
certificate
icon to examine the other certificates with Subject fields
These certificates are called vSphere solution user certificates. Q6.
How many solution user certificates do you see?
Q7. What are the names of the solution users that have certificates (from the Subject field)?
1 7 . In the center pane, click Root Certificates. 1 8 . Select the root certificate in the list. The certificate begins with OU=VMware Engineering. 1 9 . Click the Show Details for certificate icon. Q8. What is the organ ization in the Issuer section of this certificate?
20. Click
OK.
Task 2: Create a Windows 201 2 Certificate Autho rity Tem p late for vSphere You create a vSphere 6.5 certificate template on a Windows 20 1 2 Server domain controller that you can use to create certificates that work with vSphere 6.5. The certificate template can be used to create machine SSL or solution user certificates in VMware CA. 1 . Open a console to dc.vclass.local. a. Click the Remote Desktop
Connection Manager
icon in the Windows desktop toolbar.
The Remote Desktop Connection Manager window appears. b. In the left pane, double-click DC (vclass.local). The desktop for dc.vclass.local appears in the center pane. You are automatically logged in as a domain administrator.
Lab 1 7
Wo rking with Certificates
131
2. Open the certification authority console. a.
Click the Windows Start button on the dc.vclass.local desktop.
b. On the Apps page, click the up arrow icon. c.
Click
Administrative Tools.
d. In the Administrative Tools window, double-click Certification
Authority.
The Certification Authority window appears. 3. Open the certificate templates console. a. Expand
vclass-DC-CA.
b. Right-click Certificate Templates and select Manage. 4. Configure a new certificate template. a. Right-click the existing Web Server template and select
Duplicate Template.
The Properties of New Template dialog box appears. b. Click the
General
tab and enter vSphere 65 in the Template display name text box.
c. Click the
Extensions
tab.
d. Select Key Usage and click Edit. e. In the Edit Key Usage Extension dialog box, select the Signature is proof of origin (nonrepudiation) check box and the Allow encryption of user data check box. f.
Click OK.
g.
Select Application Policies and click Edit.
h. In the Edit Application Policies Extension dialog box, click Add and select Client Authentication. 1.
Click
J.
Click the
OK
and click
OK
again.
Request Handling tab and
select the Allow private
k. Click O K to save the new certificate template. I.
1 32
Close the Certificate Templates Console window.
Lab 1 7
Working with Certificates
key to be exported
check box.
5. Enable the new certificate template. a. In the Certification Authority console window, right-click Certificate Templates and select New> Certificate Template to Issue. The Enable Certificate Templates window appears. b. Select vSphere65 and click OK. c . Close all open windows. d. In the left pane of the Remote Desktop Connection Manager, right-click DC (vclass.local) and select Disconnect server. 6. Close the Remote Desktop Connection Manager window. Task 3: Create a Certifi cate S i g n i n g Req uest You use vSphere Certificate Manager to create a certificate signing request (CSR) that you use to request a signed custom certificate from the domain controller certificate authority (CA) for the lab. 1.
Start an S SH session with SA-VCSA-0 1 . a. Click MTPuT T Y in the Windows desktop toolbar. The MTPuTTY utility window appears. b. In the left pane, double-click SA-VCSA-0 1. A new SA-VCSA-01 tab opens in the center pane. c. Enter shell to start a Bash shell.
2. Create a certificate signing request. a. Enter
/usr/lib/vmware-vmca/bin/certificate-manager
and press Enter.
The vSphere Certificate Manager program starts. b. Enter
1
to select the Replace Machine SSL
certificate with Custom Certificate
option.
c. Press Enter to accept the default user name of
[email protected]. d. Enter the standard lab password. e . Enter f.
1
to select the Generate Certificate Signing Request option.
For the output directory path, enter /var/ tmp . The /var / tmp directory on Linux and UNIX systems is a temporary directory. The contents of the /var /tmp directory are not deleted during a reboot.
Lab 17
Wo rking with Certificates
133
3. Configure the certificate properties. a. For Country, press Enter to accept the default. b. For Name, enter VMware. C.
For Organization, enter VMeduc.
d. For OrgUnit, enter vcl ass. e. For State, press Enter. f.
For Locality, press Enter.
g. For IPAddress, press Enter. h. For Email, enter certadmin@vclass . local . I.
For Hostname, enter sa-vcsa-01 . vc lass . local.
4. Enter 2 to exit vSphere Certificate Manager. Task 4 : Down load the CSR to the Student Desktop You download the CSR from the vCenter Server system to your student desktop. 1 . Enter chsh
- s /bin/bash
to temporarily change the login shell of the root account to
/bin/
bash.
This step is necessary for WinSCP to connect to the vCenter Server system so that you can download the CSR to your student desktop. 2.
Start the WinSCP application. a. On the student desktop taskbar, click the WinSCP icon.
b. In the left pane, double-click SA-VCSA-0 1. c. In the Warning dialog box, click Update to accept and remember the Certificate Lab vCenter Server public key for SSH. d. Click Continue to close the Authentication Banner dialog box. In the WinSCP window, you should see the c : \Mat e r i a l s \ Downloads folder on your student desktop in the left pane and the I root directory on the vCenter Server Appliance instance in the right pane. 3. Use the folder controls to navigate to the
1 34
Lab 1 7
Working with Certifi cates
/va r / tmp
directory in the right pane.
4. If the left pane is not c : \Mat e r i a l s \ D ownloads, then use the folder controls to navigate to the C : \Ma t e r i a l s \ D ownloads folder . 5 . Drag the vmca_ i s sued_c s r . c s r and vmca _ i s s ued_k e y . k e y files from the /var /tmp directory in the right pane to the c : \Mater i a l s \ Downloads folder in the left pane. This action copies the files from the vCenter Server system to the student desktop.
Downloads
folder on your
6. Leave the WinSCP window open. Task 5: Req uest a Signed C ustom Certifi cate You request a signed custom certificate from the domain controller CA for the lab. 1 . Copy the contents of the vmca_ i s s ued_c s r . c s r file to the clipboard. a. On your student desktop, open Windows Explorer and navigate to the C : \Ma t e r i a l s \ Downloads folder. b. Right-click the
vmca_issued_csr.csr
file and select Open
with.
c . Open vmca_ i s s ued_cs r . c s r in WordPad. d. Click Select all in the WordPad toolbar. e . Press Ctrl+C to copy the selected text to the clipboard. 2. Go to the certificate services program on the domain controller and request a certificate. a. On your student desktop, open a new Internet Explorer tab and go to http://dc. vclass. local/certsrv. b. Log in with user name administrator and the standard lab password. c. On the Microsoft Active Directory Certificate Services page, click the certificate link. d. Click the
advanced certificate request
e. Click Submit a certificate
Request a
link.
request b y using a base-64 -encoded CMC o r PKCS # 1 0 file,
or submit a renewal request by using a base-64-encoded PKCS #7 file.
f.
Under Saved Request, press Ctrl+V to paste the CSR text into the Base-64-encoded certificate request text box.
g. From the h. Click
Certificate Template
drop-down menu, select vSphere65.
Submit.
1.
Click Base
J.
Click the Download certificate link.
64 encoded.
Lab 17
Wo rking with Certificates
135
k. Click Save As in the Internet Explorer dialog box and navigate to the c : \Ma t e r i a l s \ Downloads folder on your student desktop to save the certificate. I.
Save the file as ma chine
s s l . c e r.
IH·Hi The filename is case-sensitive and must exactly match the correct filename in order for the script to use it. 3. Download the certificate chain. a. In the Internet Explorer window, click the Base
Download certificate chain
link.
64 encoded should still be clicked.
b. Click Save as in the Internet Explorer dialog box and navigate to the c : \M a t e r i a l s \ Downloads folder on your student desktop to save the certificate. c . Save the file as
cachain . p 7 b .
IH•Hi The filename is case-sensitive and must exactly match the correct filename in order for the script to use it. d. Close the Microsoft Active Directory Certificate Services page. e. If WordPad is open, close it. 4. Export the root certificate. a.
Switch to the Windows Explorer window and navigate to the directory.
b. Right-click the
cachain.p7b
c : \Ma t e r i a l s \ Downloads
file and select Open.
The Certificate Manager Console opens. c. In the left pane, expand the inventory tree until you see the
Certificates
folder.
d. Select the Certificates folder. You should see two certificates: the root certificate for your domain controller and the custom certificate for your vCenter Server Appliance instance. The custom certificate appears as VMware. vSphere65 appears under the Certificate Template column at the far right. e. To export the root certificate, right-click the root certificate vclass-DC-CA and select All Tasks > Export.
The Certificate Export wizard appears.
1 36
Lab 1 7
Working with Certifi cates
f.
Click Next.
g. On the Export File Format page, click Base-64 h. On the File to Export page, click 1.
Navigate to the
J.
Enter roo t-64 . cer in the
encoded X.509 (.CER)
and click Next.
Browse.
c : \ Ma t e r i a l s \ D ownloads
File name
folder.
text box.
IH·Hi The filename is case-sensitive and must exactly match the correct filename in order for the script to use it. k. Click Save. 1.
m.
On the File to Export page, click Next. Click Finish.
n. Click
OK.
o. Close the Certificate Manager Console. Task 6: Replace a Machine Certifi cate with the New C ustom Certificate You replace the machine SSL certificate for vCenter Server with the new custom certificate so that VMware CA acts as a subordinate CA to the domain controller CA. 1 . Copy the certificate files from the student desktop to the vCenter Server system. a. Switch to the WinSCP window. b. In the WinSCP window, drag the machine_ssl.cer and root-64.cer files from the C:\Materials\Downloads folder to the /var/tmp folder in the right pane. This action copies the certificate files from the student desktop to the vCenter Server system. 2 . In the MTPuTTY session, change the login shell of the root account back to the vCenter Server Appliance shell. a. Switch to the MTPuTTY window. b. If the SSH session to SA-VCSA-0 1 is not open, reconnect to SA-VCSA-0 1 . c. If you see the message
t imed out wait ing for input :
aut o - l o gout,
enter she l l .
d. Enter chsh -s /bin/appliancesh to change the login shell of the root account back to the vCenter Server Appliance shell. This step returns the vCenter Server system to its more secure posture.
Lab 1 7
Wo rking with Certificates
1 37
3. Replace the machine SSL certificate with the custom certificate. a. Enter cd
/var/tmp
to change to the
/var / tmp
directory.
If you run vSphere Certificate Manager from the /var / tmp directory, you do not have to enter the full path for each of the certificate and key files that you import. b. Enter /usr/ lib/vmware-vmca/bin/certificate-manager to start vSphere Certificate Manager. c . Enter
1
to select the Replace Machine SSL
certificate with Custom Certificate
option.
d. Press Enter to use the default user name of Administrator@vsphere .local. e . When prompted, enter the standard lab password. f.
Enter 2 to select the Import custom certificate(s)
and key(s)
option.
g. Import the custom certificate. Option
Action
Please provide valid custom certificate for
Enter machine
s s l . cer.
Machine SSL Please provide valid custom key for Machine SSL
Enter vmca_is sued_key . key.
Please provide the signing certificate of the
Enter root-64 . cer.
Machine SSL certificate You are going to replace Machine SSL cert using
Enter y.
custom cert. Continue operation: Option[Y/N] ?:
You must wait for the process to complete. This process takes several minutes while the services are restarted. During this operation, notice the number of services that are updated. h. Wait until the appears. l.
1 38
1 0 0 % Comp l e t e
[ A l l ta s k s comp l e ted succe s s f u l l y ]
After the operation is 1 00 percent complete, press Ctrl+D.
Lab 1 7
Working with Certifi cates
message
4. Close and reopen Internet Explorer, and log back in to vSphere Web Client. a. Close the Internet Explorer window. b.
Start Internet Explorer.
c. From the Favorites bar, select vSphere Web
Clients> SA-VCSA-01.
The vSphere Web Cl ient login screen appears. d. Log in to vSphere Web Client as
[email protected] with the standard lab password. Q1.
What color i s the background o f the Internet Explorer location bar?
5. In Internet Explorer, click the box.
Security report
icon (padlock) to the right of the
Location
text
6. View information about the machine certificate. a. Click the View certificates link. The Certificate dialog box appears. In this dialog box, you can view the machine certificate that was used to authenticate the vCenter Server system. b. Click the Details tab. c.
Scroll down and click Q2.
Subject Alternative Name.
To which machine was the certificate issued?
d. Scroll up and click Issuer. Q3 .
e.
Click Valid Q4.
f.
Who issued the certificate?
from.
On what day did the certificate become valid?
Click the
Certification Path
tab.
Lab 17
Wo rking with Certificates
139
Q5.
What is the certificate signing chain?
QS.
Why does Internet Explorer on your student desktop trust the vCenter Server certificate?
g. Click
OK
to close the Certificate dialog box.
7. In vSphere Web Client, point to the Home icon and select Home. 8 . Leave vSphere Web Client open. 9. Close all other applications. a.
Close the WordPad application.
b. Close the WinSCP application. c.
Close the MTPuTTY application.
d. Close the Windows Explorer window.
1 40
Lab 1 7
Working with Certifi cates
Lab 18 Virtual Machine Encryption
Objective: Register a KMS with vCenter Server and encrypt a virtual machine In this lab, you perform the following tasks: 1 . Verify Access to the Key Management Server 2 . Register the KMS with vCenter Server 3. Create an Encryption Storage Policy 4. Encrypt a Virtual Machine 5. Check vCenter Server Events 6. Use Encrypted vSphere vMotion to Migrate Virtual Machines Task 1 : Verify Access to the Key Management Server You verify that you can access the key management server (KMS). The KMS used in this lab is a simple Python-based key server that keeps keys while the KMS is running. 1 . Use MTPuTTY to log in to vCenter Server Appliance. a. On the taskbar, click the
MT PuT T Y
icon.
b. In the left pane, double-click SA-VCSA-0 1. You are logged in to vCenter Server Appliance as user root.
141
2. Ping sa-keyserver-0 1 , the key management server. a. At the command prompt, enter shell. b. At the shell command prompt, ping the key management server. p i ng sa- k e y s e rve r - 0 1
c. Verify that the ping is successful. d. Press Ctrl+C to end the p i n g command. 3. Exit the MTPuTTY session and close the MTPuTTY window. Task 2: Register the KMS with vCenter Server You register the KMS with vCenter Server, and you mark the KMS cluster as the default. 1 . Point to the
Home
icon and select Hosts and Clusters.
2 . At the top of the left pane, select sa-vcsa-01.vclass.local. 3 . In the center pane, click the Configure tab and click Key Management Servers on the left. 4. Click Add KMS .
.J sa-vcsa-01.vclass.local Getting SL
S u m m a ry
1mJ. M o n itor
eJ Custom. The custom properties show that the provider is VMware VM Encryption and that I/O filters are not allowed before encryption. 8.
Click Next.
9. On the Rule-set 1 page, deselect the Use rule-sets
in the storage policy
check box and click
Next.
1 0 . On the Storage compatibility page, review the compatible storage. All storage is compatible with the encryption filter because the filter is applied as a common rule, so the filter is storage agnostic. 1 1 . Click Next. 1 2 . On the Ready to complete page, click
Finish.
1 3 . Verify that your encryption policy appears in the storage policies list.
Lab 1 8
Virtual Machine Encryption
143
Task 4 : Encry pt a Vi rtual Mac h i ne You encrypt a virtual machine. 1 . Point to the
Home
icon and select Hosts and Clusters.
2. In the left pane, right-click VMOl and select V M Policies> Edit
VM Storage Policies.
3. In the Edit VM Storage Policies dialog box, select S A Encryption Policy from the V M storage policy drop-down menu. 4. Click Apply to all and click OK. 5. In the Recent Tasks pane, monitor the task to completion. 6. Verify that the virtual machine is encrypted. a. In the left pane, select VMO l. b. In the center pane, click the
Summary tab.
c. Expand the VM Hardware panel. The panel states that the virtual machine configuration files and the hard disk are encrypted. Task 5: C heck vCenter Server Events You view vCenter Server cryptographic events. 1 . At the top of the left pane, select sa-vcsa-0 1. vclass.local. 2. In the center pane, click the Monitor tab. 3 . Click Tasks & Events and click Events on the left. 4. In the filter box, enter crypto and press Enter. 5.
Select the cryptographic operation that was performed when the virtual machine was encrypted. The cryptographic operation is recorded along with the user that initiated the task.
1 44
Lab 1 8
Vi rtual Machine Encryption
Task 6: Use Encrypted vSphere vMotion to M i g rate Virtual Machi nes You use encrypted vSphere vMotion to migrate VMO l (the encrypted virtual machine) and VM02 (an unencrypted virtual machine) to a different host. 1 . View the vSphere vMotion encryption state on VMO l . a. In the left pane, right-click VMO l and select Edit Settings. b. Click the VM Options tab. c. Expand the Encryption panel. Because VMO 1 is encrypted, the Encrypted vMotion state is always Required and cannot be changed. d.
Click
Cancel.
2 . View the vSphere vMotion encryption state on VM02. a. In the left pane, right-click VM02 and select Edit
Settings.
b. Click the VM Options tab. c . Expand the Encryption panel. Because VM02 is not encrypted, the default state is Opportunistic. d. Keep the default and click Cancel. 3 . Power on VMO 1 and VM02. 4. Migrate VMO l and VM02 to sa-esxi-03.vclass.local. a. Right-click VMOl and select Migrate. b. On the Select the migration type page, leave click Next.
Change compute resource only
clicked and
c. On the Select a compute resource page, click sa-esxi-03.vclass.local and click Next. d. On the Select networks page, select pg-SA Management and click Next. e . On the Select vMotion priority page, click Next. f.
On the Ready to complete page, click Finish.
g. Click the Summary tab ofVMO l and verify that VMO l is now on sa-esxi-03 .vclass .local. h. Repeat steps a through g to migrate VM02.
Lab 1 8
Virtual Machine Encryption
145
5. View the hot migration events that occurred. a. At the top of the left pane, select sa-vcsa-01.vclass.local. b. In the center pane, click the
Monitor tab.
c. Click Tasks & Events and click Events on the left. d. In the filter box, enter encryption. You should see two events that begin with "Hot migrating VM02" and "Hot migrating VMO l . " e . Select each of these events and view the description. The description mentions that a hot migration was performed with encryption.
1 46
Lab 1 8
Vi rtual Machine Encryption
A nswer Key
Lab 5: Worki ng with Virtua l Vol u mes Task 1 : Register the Storage Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 1.
http://1 72.20 . 1 0.97:8443/vasa/version.xml.
2.
Version 3.0.
3.
xVP SCSI Array and xVP NFS Array.
Task 3: Create an iSCSl- Backed Virtual Volume Datastore 1.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
33
The datastore i s inactive because the storage provider must also be configured as a target of the software iSCSI adapter.
Lab 7: Host Profi les Task 6: Run a Complia nce Check and Remediate the Configuration Drift 1.
The Virtual Network Setting category appears.
2.
If the category was previously reported , a new issue is added relating to the uplink
48
Yes. The uplink i s not con nected t o the expected physical N I C on dvs-Lab.
3.
Yes.
reconfiguration.
Lab 8: Using vSphere Auto Deploy Task 8: Start the TFTP Service on vCenter Server Appliance 1.
ATFTP D_D IRECTORY = "/var/lib/tftpboot".
2.
Yes. It is undionly.kpxe.vmw-hardwired.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
60
1 47
Lab 1 0: M o n itoring Memory Performance Task 2: Check for Overcom mittment of Virtual Machine Memory 1.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
72
Answers vary depending on the current workload.
Task 6: Record Memory Statistics 1.
.
.
.
.
.
.
.
.
.
.
.
Yes, the values should converge over time.
3.
ResourceHog02 and ResourceHog01 .
4.
Although all three VMs might be swapping,
.
.
.
5.
Yes, the values should converge over time.
2.
.
.
.
.
.
.
.
.
.
.
75
ResourceHog01 and ResourceHog02 should be experiencing high %SWPWT values because their memory i s being swapped out and they must wait whenever those pages are accessed. Linux01 should be experiencing
the levels of swapping on ResourceHog01
low %SWPWT values, possibly zero.
and ResourceHog02 are going to be much larger than the level of swapping on Linux01 .
6.
Answers vary.
7.
Answers vary.
Lab 1 1 : Monitoring Storage Performance Task 2: Measure Continuous Sequential Write Activity to a Virtual Disk on a Remote Datastore .
1.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
78
vmhba65, the software iSCS I adapter.
Task 5: Measure Continuous Random Read Activity to a Virtual Disk on a Local Datastore .
1.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
80
vmhba 1 , a local host bus adapter.
Lab 1 2: M o n itoring Network Performance Task 7: Stop the Test and Analyze Results
.
1.
Yes. Network throughput values will vary.
2.
The test with the client and server on the same
.
.
.
.
90
Because network 1/0 did not pass through the
3.
physical network ha rdware.
port group.
Lab 1 7: Working with Certificates Task 1 : Examine vSphere Certifi cates 1.
.
.
.
.
The total might vary. Typically, eight o r more
.
.
.
.
.
7.
3. 4.
By default, tickets issued by VMware CA are
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
1 29
Machine, vsphere-webclient, vpxd, vpxd
8.
The organization is the name of your Platform
valid for 1 0 years.
Services Controller instance, which, in this lab
The expiration date varies in different lab
environment, is embedded in the vCenter
environments.
Server instance. In this lab configuration, the
The Issuer Common Name field contains CN=CA, which indicates that VMware CA issued the certificate .
5.
The certificate is a machine certificate.
6.
Five solution user certificates are in this configuration.
1 48
.
extension, and localhost.
certificates are in the Active Certificates list.
2.
.
name is sa-vcsa-01 .vclass.local. This name is specified in the O= field in the Subj ect field. This certificate is the VMware CA root certificate i n which VMware CA is a standalone root certificate auth ority.
Task 6: Replace a Machine Certificate with the New Custom Certificate 1. 2.
The location bar can be blue or gray, but it
.
.
.
.
.
.
.
.
.
.
.
1 37
The domain controller CA is the root. The vCenter Server certificate is subordinate to
The certificate was issued to the vCenter
the root certificate.
Server-Pl atform Services Controller system,
4.
.
should not be red.
sa-vcsa-0 1 .vclass.local.
3.
5.
.
6.
The student desktop is a member of the same Active Directory domain, and Internet Explorer
The domain controller CA issued the
is using the same certificate store. Because
certificate.
the vCenter Server certificate is signed by the
The certificate was signed now, so it is valid from today.
domain controller CA, Internet Explorer trusts the subordinate certificate.
1 49
1 50