Mastering VMware® Infrastructure3

Each of The Bottom Line sections in the chapters suggest exercises to deepen skills and understanding. Sometimes there is only one possible solution, but often you are encouraged to use your skills and creativity to create something that builds on what you know and lets you explore one of many possible solutions.

Chapter 1: Introducing VMware Infrastructure 3

Identify the role of each product in the VI3 suite. Now that you've been introduced to the products included in the VMware Infrastructure 3 suite, we can begin discussing the technical details, best practices, and how-tos that will make your life as a virtual infrastructure administrator a whole lot easier. This chapter has shown that each of the products in the VI3 suite plays an integral part in the overall process of creating, managing, and maintaining a virtual enterprise. Figure 1.9 highlights the VI3 product suite and how it integrates and interoperates to provide a robust set of tools upon which a scalable, reliable, and redundant virtual enterprise can be built.

The next chapter will begin a start-to-finish look at designing, implementing, managing, monitoring, and troubleshooting a virtual enterprise built on VI3. I'll dive into much greater detail on each of the products I introduced in this chapter. This introduction should provide you with a solid foundation so we can discuss the different products beginning with the next chapter. You can use this introduction as a reference throughout the remaining chapters if you want to refresh your base knowledge for each of the products in the suite.

Master It You want to centralize the management of ESX Server hosts and all virtual machines.

Solution Install VMware VirtualCenter Server and add each host to the VirtualCenter inventory.

Master It You want to minimize the occurrence of system downtime during periods of planned maintenance.

Solution Implement VMware VMotion for the hot migration of running virtual machines.

Master It You want to provide an automated method of maintaining fairness and balance of resource utilization.

Solution Implement a cluster of ESX Server hosts and enable the Distributed Resource Scheduler (DRS) feature.

Master It You want to provide an automated restart of virtual machines when an ESX Server fails.

Solution Implement a cluster of ESX Server hosts and enable the High Availability (HA) feature.

Master It You want to institute a method of providing disaster recovery and business continuity in the event of virtual machine failure.

Solution Install VMware Consolidated Backup with a supported third-party backup application. Construct a backup plan based on company policy.

Figure 1.9 The products in the VMware Infrastructure suite work together to provide a scalable, robust, and reliable framework for creating, managing, and monitoring a virtual enterprise.

Chapter 2: Planning and Installing ESX Server

Understand ESX Server compatibility requirements. ESX Server has tight restrictions with regard to supported hardware. VMware is the only company that provides hardware drivers for the VMware-supported hardware. The compatibility lists provided by VMware are living documents that will continue to change as new hardware is approved.

Master It You want to reconfigure an existing physical server as an ESX Server host.

Solution Review the ESX Server Systems Compatibility Guide to identify if the existing server is compatible with ESX Server.

Plan an ESX Server deployment. A great deal of detailed planning and projecting is required to deploy a scalable virtual infrastructure.

Master It Your company wants to achieve the greatest ROI while maintaining high performance and availability levels. You need to produce a report that details the virtual infrastructure hardware specifications and costs.

Solution For the greatest ROI, the server specifications for each ESX Server host should maximize the number of cores per slot as well as the speed of each core. Physical memory should be maximized to provide ample room for current, future, and failover virtual machines.

Install ESX Server. ESX Server is a fairly straightforward installation process with only one or two details to pay close attention to.

Master It You need to reinstall ESX Server and want to be sure that inadvertent data loss cannot occur. The ESX Server will boot from local disks.

Solution Disconnect the new ESX Server from the storage area networks to prevent the discovery of existing LUNs that might contain data.

Perform postinstallation configuration. Once the installation of ESX Server is complete the configuration can be tweaked to meet the needs of the organization.

Master It After installing ESX Server, the web-based management page is returning a ‘‘page not found’’ error.

Solution Use the esxcfg-nics and esxcfg-vswitch commands to identify and edit the Service Console NIC association.

Master It Your department heads have defined a company policy mandating the installation of antivirus software into the Service Console. Additional software might be installed at a later date.

Solution Adjust the amount of RAM allocated to the Service Console. Increase it to the maximum value of 800MB.

Install the Virtual Infrastructure Client (VI Client). The Virtual Infrastructure Client is a flexible management tool that allows management of an ESX Server host directly or by connecting to a VirtualCenter installation.

Master It You want to manage the ESX Server hosts from your administrative workstation.

Solution Install the VI Server host home page or the VirtualCenter home page.

Chapter 3: Creating and Managing Virtual Networks

Identify the components of virtual networking. Virtual networking is made up of a combination of relationships that exist between the logical networking components created in the VMkernel of ESX Server and the physical network devices. The virtual machines are configured on vSwitches bound to physical network adapters that are connected to physical switches.

Create virtual switches and virtual switch port groups. Virtual switches, ports, and port groups are the cornerstone of the virtual networking architecture. These virtual components provide the tools for connecting to the physical network components to allow communication between the virtual and physical environments.

Master It Virtual machines need to communicate with physical servers on the production network.

Solution Create a vSwitch with a virtual machine port group. Associate the vSwitch with a physical network adapter connected to a physical switch used for the production network.

Master It Service console communication must occur on a dedicated management network.

Solution Create a vSwitch with a Service Console port, assigning it a valid IP address for the management network. Associate the vSwitch with a physical network adapter connected to a physical switch for the management network.

Master It A dedicated network has been implemented to support VMotion.

Solution Create a vSwitch with a VMkernel port, assigning it a valid IP address for the VMotion network. Associate the vSwitch with a physical network adapter connected to a physical switch for the VMotion network.

Master It A dedicated storage network has been implemented to support communication to iSCSI and NFS storage devices.

Solution Create a vSwitch with a VMkernel port, assigning it a valid IP address for the storage network. Associate the vSwitch with a physical network adapter connected to a physical switch for the storage network.

Create and manage NIC teams. NIC teams offer the opportunity for redundancy and load balancing of network traffic. NIC teams offer three load-balancing policies: port-based, source MAC-based, and IP hash-based load balancing.

Master It Virtual machines with one virtual network adapter must be capable of using multiple physical network adapters when connecting to multiple network destinations.

Solution Create a NIC team set to use the IP hash-based load balancing policy.

Master It A vSwitch configured with a NIC team needs to experience failback when a physical network adapter is repaired after failover.

Solution Configure the virtual switch Rolling Failover policy to No or create an explicit Failover Order.

Master It Bandwidth available on multiple physical network adapters must be accessible to a single virtual network adapter on a virtual machine.

Solution Connect the virtual machine to a vSwitch with a NIC team using multiple physical network adapters connected to the same physical switch. Configure the physical switch for link aggregation in static (manual) mode and configure the vSwitch to use the IP hash-based failover policy.

Master It Discovery time after a failover event on a NIC team needs to be minimized to prevent unnecessary delays.

Solution Configure the virtual switch's Notify Switches setting to Yes.

Create and manage virtual LANs (VLANs). The use of vLANs in a virtual networking architecture offers security, scalability, and communication efficiency.

Master It A vSwitch needs to be configured with two vLANs named VLAN101 and VLAN102.

Solution Create two virtual machine port groups with the appropriate VLAN IDs in the port group configuration.

Master It A vSwitch is configured with vLANs identical to those configured on the physical switch to which it is connected; however, traffic between the two switches is not functioning.

Solution Configure the physical switch port to which the vSwitch is connected as a trunk port.

Configure virtual switch security policies. Virtual switch security comes in a tight little package that includes three specific security settings that deal with identifying and processing traffic through a virtual switch. Promiscuous Mode, MAC Address Changes, and Forged Transmits each provides a securable vSwitch architecture, which ensures that only the right systems are sending and receiving traffic as expected.

Master It A virtual machine with an installed intrusion detection system (IDS) needs to "sniff" the traffic passing through a vSwitch but the vSwitch is not configured to allow virtual machines to identify all traffic on the switch. You need to allow the functionality of the IDS while minimizing the security impact on the network.

Solution Create a virtual machine port group on the switch. Set the Promiscuous Mode option to Accept and configure the virtual machine to use the new virtual machine port group.

Master It An administrator of a Windows Server 2003 computer has changed the IP address of the guest operating system from the properties of the network adapter. The administrator now states that the Windows Server 2003 computer cannot communicate with requesting clients. You identify that the virtual machine port group to which the virtual machine is connected does not permit the vSwitch to send traffic when the effective and initial MAC addresses do not match.

Solution On the virtual machine port group, set the Forged Transmits option to Accept.

Chapter 4: Creating and Managing Storage Devices

Differentiate among the various storage options available to VI3. The storage options available for VMware Infrastructure 3 offer a wide range of performance and cost options. From the high-speed, high-cost fibre channel solution to the efficient, cost-effective iSCSI solution, to the slower, yet cheaper NAS/NFS, each solution has a place in any organization on a mission to virtualize.

Master It Identify the characteristics of each storage technology and which VI3 features each supports.

Solution Fibre channel, iSCSI, and NAS/NFS all allow for VMotion, DRS, and HA. Fibre channel is traditionally more expensive than iSCSI, which is more expensive than NAS/NFS. Fibre channel and iSCSI storage support a boot from SAN configuration for ESX Server. Only fibre channel SANs support virtual machines configured as part of Microsoft Server Cluster.

Design a storage area network for VI3. Once you've selected a storage technology, begin with the implementation of a dedicated storage network to optimize the transfer of storage traffic. A dedicated network for an iSCSI or NAS/NFS deployment will isolate the storage traffic from the e-mail, Internet, and file transfer traffic of the standard corporate LAN. From there, the LUN design for a fibre channel or iSCSI storage solution will work itself out in the form of the adaptive approach, predictive approach, or a hybrid of the two.

Master It Identify use cases for the adaptive and predictive LUN design schemes.

Solution The adaptive scheme is good for non-disk-intensive virtual machines and for minimizing administrative overhead. The predictive scheme involves more administrative effort for designing and creating the LUN strategy but offers a better performance opportunity for the VM.

Configure and manage fibre channel and iSCSI storage networks. Deploying a fibre channel SAN involves the development of a zoning and LUN masking strategy that ensures data security across ESX Server hosts while still providing for the needs of VMotion, HA, and DRS. The nodes in the fibre channel infrastructure are identified by 64-bit unique addresses called World Wide Names (WWNs). The iSCSI storage solution continues to use IP and MAC addresses for node identification and communication. ESX Server hosts use a four-part naming structure for accessing pools of storage on a SAN. Communication to an iSCSI storage device requires that both the Service Console and the VMkernel be able to communicate with the device.

Master It Identify the SAN LUNs that have been available to an ESX Server host. Solution Use the Rescan link from the Storage node of the Configuration tab.

Configure and manage NAS storage. NAS storage offers a cheap solution for providing a shared storage pool for ESX Server hosts. Since the ESX Server host connects under the context of root, the NFS server must be configured with the no_root_squash parameter. A VMkernel port with access to the NAS server is required for an ESX Server host to function.

Master It Identify the ESX Server and NFS server requirements for using a NAS/NFS device.

Solution Configure the ESX Server with a VMkernel port. Configure the shared directory on the NFS server using the rw, no_root_squash, and sync parameters.

Create and manage VMFS volumes. VMFS is the proprietary, highly efficient file system used by ESX Server hosts for storing virtual machine files, ISO files, and templates. VMFS volumes can be extended to overcome the 2TB limitation, but the file sizes within the VMFS volume still keep a maximum of 2TB. VMFS is managed through the VI Client or from a series of command-line tools, including vmkfstools and esxcfg-vmhbadevs.

Master It Increase the size of a VMFS volume.

Solution Use the datastore properties page to add a non-VMFS LUN as an extent in the existing datastore.

Master It Balance the I/O of an ESX Server to use all existing hardware.

Solution Use the datastore properties page to manually set the active paths to each LUN so that all HBAs in the local ESX Server host are being utilized.

Chapter 5: Installing and Configuring VirtualCenter 2.0

Understand the features and role of VirtualCenter. If ESX Server 3.0 is the heart and soul of the virtual infrastructure, then VirtualCenter is the equivalent of the brain that keeps it all moving. VirtualCenter keeps the management capabilities within a defined framework and allows for controlled, detailed delegation of permissions assignment to meet a company's management needs. Access control strategies maintain the principle of least privilege, while VMotion and DRS maintain performance levels and resource fairness.

The VirtualCenter inventory will be a living entity in your virtual world; it will change regularly in response to the changing demands of the network and the consistently changing management practices of today's IT environments. There is no single way to design or implement a VirtualCenter inventory, just as there is no single design implementation that will stand the test of time. Be open to change and to utilizing the dynamic nature of VirtualCenter to allow your infrastructure to be flexible, scalable, and secure.

Install and configure a VirtualCenter database. VirtualCenter can use Oracle, SQL Server, or MSDE as its back-end database platform. Production environments will not be supported unless running on Oracle or SQL Server, reserving MSDE for nonproduction, demonstration, or evaluation purposes.

Master It Configure a SQL Server 2000 database to support VirtualCenter.

Solution Provide the SQL authenticated user account with membership in the db_owner database role for the VirtualCenter database.

Master It Configure a SQL 2005 database to support VirtualCenter.

Solution Provide the SQL authenticated user account with membership in the db_owner database role for the MSDB database and configure the account as the owner of the Virtual-Center database.

Install and configure a VirtualCenter Server. VirtualCenter and the VirtualCenter License Server should be installed on the same server. For web access to VirtualCenter, the Apache Tomcat service can be installed and enabled.

Use VirtualCenter topology maps. VirtualCenter topology maps offer a graphical display of the relationships that exist between hosts, virtual machines, datastores, and networks.

Plan a VirtualCenter deployment. The VirtualCenter application is a proxy that acts on the ESX Server hosts that are in the inventory. Ensuring availability of the VirtualCenter application requires planning the redundancy and availability of the backend VirtualCenter database.

Chapter 6: Creating and Managing Virtual Machines

While company policy should ultimately drive virtual machine creation, there are best practices that can be followed to ensure performance and ease management. Virtual machines should always start as single virtual CPU systems with a minimum of two hard drives for separating the operating system from the user data.

Install a guest operating system. Installing a guest operating system on a set of virtual machine hardware is similar to an installation on physical hardware and requires the same licensing considerations.

Install the VMware Tools. The VMware Tools provide valuable additions to virtual machines and, although they are not installed by default, they should not be treated as an optional component. The VMware Tools install drivers and features for better memory management, optimized SCSI drivers, and enhanced video and mouse, among other benefits.

Master It Install the VMware Tools into a guest operating system. Solution Use the Inventory menu to select the Install VMware Tools option.

Manage and modify a virtual machine. A running virtual machine is limited in its modifications. Only a hard disk can be added to a running virtual machine, but CD/DVD-ROM drives, floppy drives, and network adapters can all be configured while the virtual machine is in a powered-on state.

Master It Add a new network adapter to a virtual machine.

Solution Turn off the virtual machine, and add the new network adapter through the virtual machine settings.

Master It Add a new hard drive to a virtual machine.

Solution Add the new hard drive through the virtual machine settings.

Create templates and deploy virtual machines. Templates save administrators a great deal of time when deploying new virtual machines. Not only will templates reduce deployment times, but they also help reduce mistakes for new machines.

Master It Prepare VirtualCenter for guest operating system customizations.

Solution Extract the sysprep.exe and setupcl.exe files from the Windows Server 2003 CD to the directory C:\Documents and Settings\All Users\Application Data\VMware\ VMware VirtualCenter\sysprep\svr2003. Or use older versions of sysprep extracted to the appropriate subdirectory on the VirtualCenter server.

Chapter 7: Migrating and Importing Virtual Machines

Use the VirtualCenter 2.5 Consolidation feature. The Consolidation feature of VirtualCenter 2.5 offers a simplified utility for creating a consolidation plan for small- and medium-sized businesses.

Master It Your company has 27 physical servers that it has identified as virtualization candidates. You need to provide a documented effort for determining which systems are ideal candidates and where on the four-node cluster the virtual machine should run.

Solution Use the VirtualCenter 2.5 Consolidation feature to monitor resource utilization on the 27 hosts. Once the confidence level is high, review the consolidation plan to see which servers are good candidates for virtual machines and which ESX Server hosts are best for running the converted system.

Perform physical-to-virtual migrations of running computers. A hot migration, or hot clone, is the conversion of a running computer into a virtual machine. The hot cloning process is ideal for systems with relatively static data sets to ensure time-consistent conversions of the target computer.

Master It Your company's business hours are 8:00 ~AM to 6:00 ~PM. There are four physical servers that function as domain controllers. You want to convert three of them to virtual machines running in your new three-node ESX Server cluster.

Solution Perform a hot clone of the three domain controllers during nonbusiness hours. Once the conversion is complete, power off the physical computers and power on the virtual machines.

Master It You have an existing virtual machine that has a 10GB C drive with only 1MB of space remaining. You need to provide an additional 20GB of space to the C drive.

Solution Use the VMware Converter to perform a virtual-to-virtual migration. During the migration process, add 20GB of space to the C:\volume of the new virtual machine. After the migration, decommission the old virtual machine.

Perform physical-to-virtual migrations of computers that are powered off. A cold migration, or cold clone, is the conversion of a computer into a virtual machine while booted from the VMware Converter boot CD. The cold cloning process is ideal for systems that rely on frequently changing data sets, since the data cannot be modified during the conversion process.

Master It Your company has a computer that runs Microsoft SQL Server 2005. The IT staff has identified the system as a good target for becoming a virtual machine. You need to plan the conversion of the SQL Server 2005 computer into a virtual machine.

Solution Schedule a planned outage during nonbusiness hours to perform a cold clone of the SQL Server 2005 computer.

Import virtual appliances. The ability to import virtual appliances is a new feature of VirtualCenter 2.5. Appliances can be pulled directly from VMware or can be imported from a local file or URL.

Master It You need to deploy the remote command-line management tool as a virtual appliance in your VirtualCenter 2.5 inventory.

Solution Use the Import Virtual Appliance feature to import the virtual machine directly from the VMware website.

Chapter 8: Configuring and Managing Virtual Infrastructure Access Controls

Manage and maintain ESX Server permissions. Grant permissions to an ESX Server host with caution. Ideally, the number of individuals who have the ability to connect directly to an ESX Server host should be minimized.

Master It A group of administrators needs the ability to connect directly to an ESX Server host to perform management tasks.

Solution Create Service Console user accounts for each administrator who requires direct access.

Manage and maintain VirtualCenter permissions. The VirtualCenter permissions model builds off Windows-based user accounts and provides a great degree of flexibility, thus allowing virtual infrastructure administrators to maintain the principle of least privilege.

Master It Domain administrators from a Windows Active Directory domain should not be able to manage the virtual infrastructure.

Solution Create a new group in Active Directory and assign the new group the Administrator role at the Hosts & Clusters level in VirtualCenter. Remove the local Administrators group permission.

Master It Users with Windows-based groups need varying levels of access to the VirtualCenter inventory.

Solution Assign the Windows group to the appropriate VirtualCenter roles and assign the permission at the appropriate VirtualCenter inventory object.

Master It A default VirtualCenter role provides too much permission for a new user who needs access to VirtualCenter objects.

Solution Create a custom VirtualCenter role and assign the appropriate privileges.

Manage virtual machines using the web console. The web console utility is solely for the management of virtual machines. It is a great tool for allowing virtual machine administrators management capabilities without using the full VI Client. Like the VI Client, however, the web console is an excellent means for connecting to a virtual machine when traditional in-band management tools are not available.

Master It You need to access a virtual machine but the corporate firewall does not permit traffic on nonstandard ports.

Solution Use the web access utility to connect to VirtualCenter and establish a remote console session.

Master It You need to send a Windows administrator a link that will provide access to a virtual machine console. The administrator wants to establish this link as an Internet Explorer favorite.

Solution Generate a remote console URL by connecting to the web access utility of VirtualCenter.

Chapter 9: Managing and Monitoring Resource Access

Manage virtual machine memory. The VMkernel is active and aggressive in its management of memory utilization across the virtual machines.

Master It A virtual machine needs to be guaranteed 1GB of RAM.

Solution Configure the virtual machine with a 1GB reservation.

Master It A virtual machine should never exceed 2GB of physical memory.

Solution Configure the virtual machine with a 2GB limit.

Manage virtual machine CPU allocation. The VMkernel works actively to monitor, schedule, and migrate data across CPUs.

Master It A virtual machine must be guaranteed 1000MHz of CPU. Solution Configure the virtual machine with 1000MHz of CPU.

Create and manage resource pools. Resource pools portion CPU and memory from a host or cluster to establish resource limits for pools of virtual machines.

Master It A resource pool needs to be able to exceed its reservation to provide for additional resource guarantees to virtual machines within the pool.

Solution Configure the resource pool with an expandable reservation.

Configure and execute VMotion. VMotion technology is a unique feature of VMware Infrastructure 3 (VI3) that allows a running virtual machine to be moved between hosts.

Master It Identify the virtual machine requirement for VMotion.

Solution Virtual machines cannot be connected to a CD-ROM or floppy image on a nonshared datastore. Virtual machines cannot be connected to an internal-only virtual switch. Virtual machines cannot be part of a Microsoft Server Cluster. Virtual machines cannot be configured with CPU affinity.

Master It Identify the ESX Server host requirements for VMotion.

Solution Both ESX Server hosts must have access to the same storage devices (fibre channel, iSCSI, and NAS devices). Both ESX Server hosts must have exactly the same labeled virtual switches that provide access to the same physical networks configured with the same IP subnets. Both ESX Server hosts must have compatible CPUs (CPU family, CPU vendor, SSE instructions, VT configuration, NX/XD configuration). Both ESX Server hosts must have access to the same VMotion network.

Create and manage clusters.

Master It Five ESX Server hosts need to be grouped together for the purpose of enabling the Distributed Resource Scheduler (DRS) feature of VI3.

Solution Create a cluster object in the VirtualCenter inventory and enable DRS on the cluster.

Configure and manage Distributed Resource Scheduling (DRS). DRS builds off the success and efficiency of VMotion by offering an automated VMotion based on an algorithm that analyzes system workloads across all ESX Server nodes in a cluster.

Master It A DRS cluster should determine on which ESX Server host a virtual machine runs when the virtual machine is powered, but it should only recommend migrations for VMotion.

Solution Configure the DRS cluster to use the Partially Automated setting.

Master It A DRS cluster should determine on which ESX Server host a virtual machine runs when the virtual machine is powered on, and it should also manage where it runs for best performance. A VMotion should only occur if a recommendation is determined to be a four- or five-star recommendation.

Solution Configure the DRS cluster to use the Fully Automated setting with the moderately conservative setting.

Master It Two virtual machines running a web application and a back-end database should be kept together on an ESX Server host at all times. If one should be the target of a VMotion migration, the other should be as well.

Solution Configure both virtual machines in an affinity rule that keeps the virtual machines together.

Master It Two virtual machines with database applications should never run on the same ESX Server host.

Solution Configure the virtual machines in an anti-affinity rule that separates the virtual machines.

Chapter 10: High Availability and Business Continuity

Cluster virtual machines with Microsoft Clustering Services (MSCS) Clustering virtual machines provides a means of creating an infrastructure that supports high availability for individual virtual machines.

Master It A critical network service requires minimal downtime. You need to design a failover solution for the virtual machine that hosts the network service. Your solution should provide the least amount of service outage while utilizing existing hardware and software platforms.

Solution Configure two virtual machines in a cluster-across-boxes. Use raw device mappings (RDMs) for the shared storage device required by the cluster nodes.

Implement and manage VMware High Availability (HA). VMware HA enabled on clusters of ESX Servers allows virtual machines from a failed ESX Server host to be restarted on another host. This features offers reduced downtime and eliminates administrative effort as a response to a failed server situation.

Master It Domain controller, mail servers, and database servers must be the first virtual machines to restart in the event of server failure.

Solution Configure a restart priority of High for each of the virtual machines hosting the domain controller, mail server, or database server role.

Master It In the event of server failure, you do not want virtual machines to be prevented from being powered on because of excessive resource contention.

Solution Configure the HA cluster to use guaranteed admission control.

Master It Virtual machines used for testing purposes should not be powered on by cluster nodes if they were running on the ESX Sever host that failed.

Solution Configure the testing virtual machines with a per-virtual machine setting that disables the HA restart.

Master It Your virtual infrastructure includes redundancy at each level, including switches and NICs. Service Console ports, VMkernel ports, and virtual machine port groups exist on separate virtual switches. You need to ensure that virtual machines continue to run even if the Service Console loses network connectivity.

Solution Configure each virtual machine with an isolation response that leaves them powered on.

Back up virtual machines with VMware Consolidated Backup (VCB). VCB is a framework upon which third-party backup solutions can be constructed to perform full virtual machine and file level backups. While the framework can be used on its own, it lacks any type of automation feature or the ability to write directly to tape.

Master It You need to design a data-recovery plan. The company purchased licenses for VMware Consolidated Backup. You must determine how VCB can accomplish your backup goals. What types of backups does VCB support?

Solution VCB allows full virtual machine backups for any guest operating system. VCB allows single VMDK backups for any guest operating system. It allows file- and folder-level backups of Windows guest operating systems only.

Master It You need to implement VCB as part of a regularly scheduled backup job.

Solution Review the VCB compatibility guide to determine which third-party backup tools have VCB integration modules.

Restore virtual machines with VMware Consolidated Backup (VCB). The VCB framework encompasses not just the backup processes but also restore capabilities. Tools included with VCB allow backups of full virtual machines, individual VMDK files, or specific files from within the virtual machine operating system. In addition VMware Enterprise Converter offers the simplest restore procedure, with its support for restoring VCB backups.

Master It You need to minimize the financial impact of implementing a backup strategy for your virtual infrastructure.

Solution Implement a single backup agent on the VCB proxy. Use the VCB proxy for all backup and restore tasks.

Master It You need to minimize the amount of time required to restore data to any of the virtual machines in your environment.

Solution Install a backup agent inside of each virtual machine. Perform restores directly into the virtual machine.

Master It You have a full virtual machine backup of a system named Server1. A user deletes a file that is included on the last backup of Server1. You need to recover the file.

Solution Mount the full virtual machine backup into the file system of the VCB proxy server. Copy the file from the mount point. Remove the mount point.

Master It You need to quickly restore a VCB backup of a virtual machine. The backup is stored in a shared folder named VMBackups on a server named Backup1. The name of the virtual machine is Server1 7.

Solution Use the VMware Converter Enterprise Import Wizard to restore from \\Backup1\VMBackups\Server17.vmx.

Chapter 11: Monitoring Virtual Infrastructure Performance

Create an alarm. Creating host and virtual machine alarms is a proactive way to be alerted to abnormal behavior for all four resource groups or state changes. Alarms can be applied to a single host or virtual machine or a group of either object in the VirtualCenter hierarchy.

Master it Creating host and virtual machine alarms.

Solution There are many variations to alarms. Be sure to monitor only what is necessary to respond to problems or to alert service-level issues.

Work with graphs Creating and working with Performance graphs is the best way to monitor what is currently happening in your virtual infrastructure. Maybe more importantly, though, is a graph's ability to analyze trends in the performance of your hosts and virtual machines. Graphs can be saved and archived or printed for justifying purchase decisions or showing Before and After comparisons after adjustments have been made to either hosts or virtual machines.

Master It Creating graphs for hosts and virtual machines.

Solution Know your graph options, chart types, objects, and counters to get the most out of them. Practice their use every day to become familiar with their subtleties.

Master It Using esxtop to monitor resources on a single ESX host.

Solution Use the four letters C, M, N, and D on your keyboard to change your resource views.

Master It Use the graphs to monitor CPU usage regularly for hosts and the virtual machines.

Solution Use Change Chart Options to customize your graphs to zero in on problems. Allow the graphs to be your guide when making decisions about capacity or service-level agreements. When monitoring virtual machines, be sure to use the counter CPU Ready to provide some insight on a virtual machine's ability to be scheduled.

Master It Create graphs showing host memory usage using the various objects, counters, and chart types.

Solution Use Change Chart Options to customize your graphs to look specifically for host memory bottlenecks such as ballooning and swap usage.

Master It Create graphs showing virtual machine memory usage using the various objects, counters, and chart types.

Solution Use Change Chart Options to customize your graphs to look for virtual machine problems such as configuring a virtual machine with too little or too much memory.

Master It Create graphs showing host and virtual machine network usage using the various objects, counters, and chart types.

Solution Monitoring for overall virtual machine network activity can be achieved by using those vmnic objects that correspond with the appropriate vSwitch the virtual machines are connected to. Use the graphs to make decisions about traffic shaping and nic-teaming.

Master It Create graphs showing host and virtual machine usage using the various objects, counters, and chart types.

Solution The Disk Usage counter for both host and virtual machine graphs will be the most often used. Use the longer intervals to spot trends in disk I/O behaviors.

Save a graph. Saving graphics provides evidence of the occurrence of an event and justification for adding more hardware to the virtual infrastructure.

Master It You need to provide a graph to upper management in support of your proposal for 2 new servers to be configured as ESX Server hosts.

Solution Use the Performance tab for hosts and virtual machines to save charts any hardware device that is identified as a bottleneck that causes problems or will lead to a contention issue.

Chapter 12: Securing a Virtual Infrastructure

Create and apply roles and permissions in VirtualCenter. Creating host and virtual machine alarms is a proactive way to be alerted to abnormal behavior for all four resource groups or state changes. Alarms can be applied to a single host, a virtual machine, or a group of either object in the VirtualCenter hierarchy.

Master It Company security policy dictates that access to VirtualCenter requires users to only be granted the rights necessary to perform their jobs.

Solution There are several predefined roles, and roles can be created to fit particular job requirements. Assign roles to the lowest object in the inventory that allows users to do their job.

Master It Create ESX Server user accounts.

Solution You have two options for creating local users accounts on ESX Server: using command line and using the VI Client.

Create users on the ESX Service Console. Restricting which users and hosts can connect to an ESX Server is one of the most important security steps you can implement.

Master It Company security policy dictates that direct access to the Service Console must be restricted.

Solution Configure sshd_config with AllowUsers to specify the users who are allowed to log in to the Service Console.

Master It Configure TCP wrappers to restrict host access to the Service Console.

Solution Edit hosts.allow to specify which hosts are allowed to connect to the Service Console.

Enable and disable services on the firewall. The Service Console firewall is locked down by default for only those ports needed to provide management for virtualization. There are times when other ports will need to be opened using esxcfg-firewall.

Master It A security inspection requires an audit of the existing Service Console firewall configuration.

Solution Use esxcfg-firewall -q to audit your ESX Server's current firewall setup.

Master It Open the firewall for specific services or agents.

Solution Use esxcfg-firewall -e service_name to enable firewall access to specific services. Use esxcfg-firewall -o to open lesser-known ports for services or agents.

Use Kerberos authentication on ESX Server. Kerberos authentication allows for Active Directory authentication of local ESX Server user accounts. This simplifies account management and centralizes user account security policies.

Master It Direct authentication to ESX Server hosts should be secured using an existing Active Directory infrastructure.

Solution Use esxcfg-auth to implement Kerberos authentication.

Audit and monitor important files. Changes to Service Console files should be audited and monitored on a regular basis.

Master It A server failure results in a call to VMware support. The technician requests that you send information about your environment for further review.

Solution Create and extract the vm-support file. Send the file to the technician.

Manage updates and patches with VMware Update Manager VMware Update Manager provides an integrated and easy-to-use utility for managing ESX Server host and virtual machine updates.

Master It You have just installed ESX 3.5 on seven new Dell Poweredge 2950 servers into a DRS/HA cluster. No virtual machines exist. You need to apply all updates immediately.

Solution Create a custom baseline for all updates, attach the baseline at the cluster level, and perform an immediate remediation.

Master It Two days ago you added a new Dell Poweredge R900 server named silo3507 .vdc.local to a partially automated DRS/HA cluster. There are six virtual machines running on silo3507. You need to apply critical updates to silo3507.

Solution Attach the critical updates baseline to silo3507 and perform an immediate remediation. Either alter the failure options to power off or suspend virtual machines or manually relocate virtual machines off of silo3507 to allow it to enter maintenance mode and begin remediation.

Master It You have ten virtual machines that serve as domain controllers. You want to install all of the latest Windows updates on all ten virtual machines using VMware Update Manager. The installation of updates should not affect production during business hours of 9:00 AM to 5:00 PM. You want a 24-hour window of opportunity to remove the update.

Solution Use the Virtual Machines & Templates view to create a folder to hold the ten virtual machines. Create a baseline that includes all updates and attach the baseline at the folder level. Schedule a remediation to happen during non-business hours. Configure VMware Update Manager to maintain the rollback snapshot for a period of 24 hours.

Chapter 13: Configuring and Managing ESXi

Understand the architecture of ESXi. ESXi presents a radical change not just to the virtualization world but to the system manufacturers that want to be part of virtualization evolution. By removing the local management component, the Service Console, ESXi presents a thin yet highly functional hypervisor on which virtual machines can run. But don't mistake thin for meaning not as feature-rich. ESXi supports all the same enterprise features of VMotion, DRS, and HA that have made VMware ESX the number one choice for the foundation of virtualization platforms around the world.

Master It You manage a datacenter that experiences rapid growth. You need to identify a way to introduce new hardware resources into the virtual infrastructure with minimal administrative effort and maximum security.

Solution Build a VI3 solution on top of ESXi. Take advantage of the “plug-and-play” nature of the solution, its minimal footprint design, and its enhanced security through Service Console elimination.

Deploy ESXi Installable. ESXi Installable provides existing VI3 licensees with the ability to shift their infrastructure to the new thin hypervisor architecture. The installation files can be downloaded as part of the existing license agreement without any penalty or additional cost. ESXi Installable installs onto local disk drives.

Master It You manage a datacenter with five existing ESX Server 3.5 hosts. You wish to restructure the datacenter to use the thin hypervisor architecture of ESXi.

Solution Download the ESXi Installable installation files from http://www.vmware.com/downloads. Burn the ISO image to a CD and perform the installation on local disks.

Deploy ESXi Embedded. ESXi Embedded, like ESXi Installable, is a thin hypervisor architecture with no reliance on a console operating system; however, the hypervisor runs from an embedded storage module on the host. System manufacturers like Dell offer next-generation products that include internal storage functionality for running ESXi Embedded.

Master It You want to construct a virtual infrastructure on physical servers without local storage devices. You want the CPU and memory of each server to be allocated to a VMware cluster for supporting HA and DRS.

Solution Purchase new server hardware that includes support for an internal, on-board storage module with ESXi Embedded preinstalled on the server.

Manage ESXi. Managing ESXi can be done using the console of the system, the VI Client connected directly to the server, the VI Client connected to VirtualCenter, or from a command line using the remote CLI tools. The remote CLI tools can be deployed on a Windows host, Linux host, or from within a downloadable virtual appliance. All are available from the VMware website.

Master It You have deployed four servers running ESXi. You need to configure them into a cluster that supports DRS and HA.

Solution Use the VI Client to connect to a VirtualCenter 2.5 server and add each of the hosts into a cluster. Enable the cluster for DRS and HA.

Master It You have 30 ESXi hosts to which you need to add a new virtual switch. Your administrative desktop runs Windows XP Professional.

Solution Download the remote CLI tools for Windows. Install the tools and create a script that adds the virtual switch using the vicfg-vswitch command.