Virtualization = > VMWare using ESX Server

If you remove users from the VirtualCenter domain, they lose permissions to all objects in the VMware Infrastructure and will not be able to log on again. Users who are currently logged on and are removed from the domain retain their Vmware Infrastructure permissions only until the next validation period (the default is every 24 hours)

Vmware doesn’t not explicitly restrict users from with same login and password from accessing and taking action within the VC.

If you rename user domain account, it becomes invalid in VC and same applies to group but before that(for groups only) you need to restart virtucal center.

Following activities can be scheduled as Tasks

• Change the power state of a VM
• Create a VM template
• Move a VM with Vmotion
• Create a VM
• Make snapshot of VM
• Customize VM
• Add a Host

This was the last part of the series from basic administration task,this pdf is in more details and end in 364 pages. There should be more information which be might be useful for VCP. I might add more to this series soon.

With ESX 3.0 you can migrate suspended VMs under cold migration process. You can move files of VMs only when they are power off and suspended.

When you modify User’s permissions, Users do not need to log off and log on into Virtual Center for changes to take effect. All changes take effect immediately.

You can define permission on

• VM
• Folders
• Datacenters
• Resource pools
• Templates
• Host
• Clusters

You cannot directy define permission on

1. Networks
2. Datastores

In virtual center you can assign permission to

• Folder
• Datacenter
• Host
• VM
• Templates
• Cluster
• Resource Pools
• In ESX server you can assign permission to
• Resource Pool
• VMs
• Hosts

There are two types of roles

System (cannot be modified): administrator/read-only/No-access

Sample (can be modified):

Detail Description is available in Excel Sheet HERE

When you install VMWARE Tools it installs

1. Vmware tool service
2. Set of Vmware device drivers

• SVGA Display drivers

• Vmxnet networking drivers

• Bus Logic SCSI drivers

• Memory control driver

• Vmware mouse driver

• I/O consolidate backup to quiesce I/O

3. set of scripts that let’s you automate guest OS
4. component that supports copying between the guest and managed host

If you don’t have vmware tools installed you don’t have option to restart or shutdown option. You will’ve to gracefully shutdown OS within VMs console. In order to upgrade VMWare tools, you need to shutdown VMs.

When you suspend VMs, a file is created with a. vmss extension is created, which contains the entire state of VMs. The remove from inventory cmd removes the VM only from VI client and not from from it’s datastore, however delete from disk removes it from datastore. Similiarly .vmtx is extension for template and remove from inventory and delete from datastores applies here as well. File with NVRAM extensions contains BIOS Settings.

In many cases, you can get past the problem by temporarily disabling acceleration in the virtual machine, but the applications stablize deselect “disable acceleration”

Choose Hyperthreading Sharing Mode from the pull-down menu. The options are:

Any – (default) The virtual CPUs of this virtual machine can freely share cores with other virtual CPUs of this or other virtual machines.

None – The virtual CPUs of this virtual machine have exclusive use of a processor core whenever they are scheduled to it. The other hyperthread of the core is halted while this virtual machine is using the core.

Internal – On a virtual machine with exactly two virtual processors, the two virtual processors are allowed to share one physical core (at the discretion ofthe ESX Server scheduler), but this virtual machine never shares a core with any other virtual machine. If this virtual machine has any other number of processors other than two, this setting is the same as the none setting.

Audio is available only for Windows XP and not for Window2000/windows 2003

If you wish to edit template, you’ll need to convert the template into VM.

Customization of guest OS is saved in xml file. Saved customization files are unique to each VirtualCenter Server and to each version of VirtualCenter due to encryption. You must recreate the customization files for each VirtualCenter Server. Also if you uninstall VirtualCenter and later do a fresh installation, the ability to decrypt passwords from the earlier installation is lost.

Bullet points from Basic system Administration Guide -Part01

• The text is sent as a notice message to all active session users and to new users when they log in. The MIB definition files can be found at C:\Program Files\VMware\Vmware VirtualCenter\MIBS when the default installation directory is used.

• You can perform migration between datacenters, the root folder is set as a default for every virtualcenter server, you can change the name but not add or remove it.

• ESX SERVER SUPPORTS 5 DIRECT, CONCURRENT VI CLIENT CONNECTIONS

• When you add multiple ESX servers to Virtual Center, VC will identify any naming conflicts that exist between virtual machines and alerts system administrator, who can rename virtual machines as necessary. The name can be 80 character long and may contact underscore,hypen.

• Disconnecting managed hosts differs from removing it, when you disconnect it; virtual center monitoring activities are temporarily suspended. When you remove it, VC stops are monitoring and managing functions of that managed host. Hosts and all VMs on the host are removed from the inventory but historical data is not removed from VC database.

• When adding or removing hosts, make sure NFS mounts are active, if NFS are unresponsive, the operation fails.

• Systems with dual-core processor (two CPU cores in each processor) must use ESX server 2.5.2. VC licenses are issused by pairs of processor packages not by processor cores. Host can be removed from the cluster only if all of the virtual machines on it are powered off and host is placed into maintenance mode.

• The Virtual CPUs page does not appear if the host is single-processor or the guest operating system does not support SMP (for example, NetWare and Windows NT 4.0)

• When you map a LUN to a VMFS volume, virtual center creates a file that point to the LUN.Encapsulating disk information to the file allows VC to lock the LUN so that only one Virtual Machine can write to it.

CONSIDERATION WHEN CREATING VMFS

You should always have one VMFS volume per LUN, however you can have multiple smaller or one larger VMFS volume. With ESX Server you can create 1.2 GB Minimum and 256 VMFS volume per system. You can connect upto 32 ESX servers to single volume.

Environment where you should go for Larger VMFS Volume:

When you need more flexibility in creating VMs, more flexibility for resizing VMDKs,snapshots

Few Volumes better management

If you go for smaller VMFS Volume you following Advantages:

• Less wasted storage space
• Less contention on each VMFS due to locking and SCSI reservation issues
• More flexibility, as the multipathing policy and disk shares are set per LUN
• Use of MSCS requires each cluster disk resources has its own LUN

NB: Best practise would be configure few servers with Larger VMFS vols and few with smaller VMFS vols

• Maximum VMDK file size: 2 TB
• Maximum file size: 2TB
• Block size: 1 MB to 8 MB

When you add datastore, name must be unique within the current Virtual Infrastructure instances. Before creating a new datastore on a FC device, rescan a fibre channel adapater to discover any newly added LUNs.

UPGRADING VMFS 2.0 TO VMFS 3.0

When upgrading to 3.0 ESX server file-lock mechanism ensures that no remote ESX Server or local process is accessing the VMFS volume being converted. ESX Server 3.0 supports VMFS 3. VMFS-3 is not backward compatible with earlier versions of ESX server

Before you carry out upgrade process make sure

• Commit or discard any changes to VMDK
• Backup the VMDK suppose to be upgraded
• No Power ON VM is using VMFS2.0
• No ESX Server is accessing VMFS2.0 or mounted on any ESX Server

ESX server does not typically perform I/O load balancing across paths for a given storage device.At any given time, only single path is used, which is called as Active Path. The ESX server host automatically sets multipathing policy according to the make and model of the array it detects. If the detected array is not supported, it is treated as active/active.

Manually changing MRU to Fixed is not recommended. If you are using Fixed Policy, you can see which path is the preferred path with an asterisk mark.

It is recommended to use fixed policy when SP are active/active and for MRU should be used when SP are active/passive mode

RDM is a special mapping file in VMFS volume that manages metadata for its mapped device. Mapping file has a .vmdk extension, but the file contains only disk information describing the mapping to the LUN on the ESX server system

Benefits of Raw Device Mapping (RDM)

• User-friendly persistent name
• Dynamic name resolution
• Distributed file locking: distributed locking on a RDM makes it safe to use a shared RAW SCSI devices without losing date when two VM are accessing the same LUN.
• File permissions
• File system operations
• Snapshots
• Vmotion

In RDM there are two modes physical modes and virtual modes

In Physical mode, VMKernel passess are SCSI commands to the device except REPORT LUN command is virtualized so the Vmkernel can isolate the Lun from the owning VM.

All mapped LUNs are uniquely identified by VMFS, RDM lets you give a permanent name to a device name, which is relative to the first visible LUN. so that any change in HBA,FC failure can change Vmhba because name includes initiator,HBA,SP,LUN. Dynamic resolution can compensate this.

Vmkfstools can used for managing RDM from SVC console, typical operations are querying mapping information, create mapping file and to import or export a virtual disk.

For preparing VCP you first need to read the Exam Blue print available on vmware site, after going through it you would realize that one should go through

1. Basic Administration Guide
2. Server configuration Guide
3. Resource Administration

All the above guides and additional guides are available at Vi3 Documents in PDF

Below are the contents from all three guide, they are actually few important concepts rather than entire text. This blog talks about storage.

STORAGE

TYPES OF STORAGE

• Local
• Fibre Channel (FC)
• ISCSI (Hardware iniatiated)
• ISCSI (software iniatiated)
• NFS (NFS client is built-in into ESX server)

iSCSI

With iSCSI, SCSI storage cmds are send by VM to its VMDKs & are converted into TCP/IP protocol packets and transmitted to a remote device or target, that stores the virtual disk. ISCSI initiators are responsible for transporting SCSI requests between ESX Server and the target storage device on the IP Network.

There are two types of ISCSI initiators

1. Software based

2. Hardware based

Software based iSCSI initiators have a code built into VMKernel which carries out the transporting job, using software initiators, the ESX server connects to a LAN through an existing NIC card using network stacks, in short you can implement iSCSI without purchasing specialized hardware. You also need to open a firewall port by enabling the iSCSI software client service.

Hardware based iSCSI initiators requires HBA cards which are specialized to transport iSCSI cmds over LAN to the target. Currently ESX Server supports only Qlogic QLA4010 iSCSI HBA.

NB: ESX 3.0 does not support both types of initiators on single system.

Naming requirements:

IQN (iSCSI qualified name)

e.g. iqn.1998-01.com.mycompany:myserver

Format Template: iqn.<year-mo>.<reversed_domain_name>:<unique_name>

Discovery methods

Initiator discovers iSCSI targets by sending a sendtargets requested for specific target address.

Static: Only available for Hardware based iSCSI initiators, you can manually add additional targets or remove unneeded targets. If you remove a dynamically discovery static target, the target can be returned to the list the next time a rescan happens, the HBA is reset, or the system is rebooted.

Dynamic: to use this method enter the address of the target device so that the initiator can established a discovery session with this target. The target device then responds by forwarding a list of additional targets that the initiator is allowed to access.

iSCSI Security

Since iSCSI communications between initiator and target happens over TCP/IP stack, it is necessary to ensure security of the connection. ESX server supports CHAP that iSCSI initiators can use for authentication purposes.

You can’t store VM on IDE or SATA, but on SCSI,NAS or FC storage only.

VMs communicate with datastore (where vmdk is placed) using SCSI commands, SCSI commands are encapsulated into various protocols e.g. FC,iSCSI, NFS depending type of physical storage.

HBA Naming convention vmhba1:1:3:1, Hba card 1, on Storage processor 1, using LUN3 and partition 1. First 2 numbers can change but last will remain unchanged

Select a large LUN if you plan to create multiple virtual machines on it., if more space is needed you can increase the VMS volume at any time –up to 64 TB.

Clustering in VMWare is based upon customer requirements.

Cluster-in-a-Box: Both the Nodes in same Physical Hosts, this type of configuration is suitable in case there is possibility of data crashes or administrative errors, but there is no cover if ESX host fails on hardware front.

Cluster-across-Boxes: Both the nodes are placed on seperate ESX host, and this takes of ESX host's hardware failure.

Physical-to-Virtual Cluster: Here Node A is actually physical box and Node B is Virtual Machine in ESX host, acting as standby host.

VMWARE HA solutions has some advantages which not very obvious. But we should any case apply VM HA for one simple reason, if the ESX host fails, all VM’s at least get started at other host. You don’t have to manually do that. Downtime will be Non-Zero

VMHA and VC 2.0 deals only with Host failures, for VM's (Node failure) you monitor Heart Beat using Alarm

• Each host must be able to poweron VM's i.e. Each host must have access to VM's files, in other words all VMotion requirements are met.
• ESX server is reachable when you type it's fully qualified domain name

For VMHA heartbeats it is recommended to set

• Two service console port on different virtual switch
• One service console with NIC teaming enable at virtual switch level

VMHA is fully integrated with DRS, which means when your host fails and all VM’s are moved to different hosts, DRS takes care of resource management. VMHA is reactive solution, which means it will act only when one or more host fails but VMDRS is proactive solution, it is always best to implement both VMHA & VMDRS

Failover capacity: When you enable cluster, two important configurations you need to do and they are again dependant upon client's requirement.

1. Number of host allowed failures allowed

   Maximum is 04 and Minimum is 01. This configuration help HA to determine if there are enough resources to power on VM in the cluster. But it is we who decided how much redudant capacity to be made available.

2. Admission Control
   1. Do not power ON VM if they violate availability constraints (Selected as default option)
   2. Allow virtual machines to be powered on if they violate availability constraints

Depending upon adminission control option you select, VM will be either powered ON or NOT. These values help VMHA to balance and calculated enough resource across hosts in case there is any host failures. Current failover capacity under Cluster's summary tab informs how many hosts are available at that time to hold the VM's

We only need to provide number of host, rest like resources required to power on VM’s across these host or only 1 host is alive, decision like this is taken by VMHA. If resources are not enough VMHA wouldn’t all VM’s to be powered ON(default option). You can force VMHA to start VM’s(when you like the constraints to be voilated), in this case Cluster will show RED sign, which means failover might not be guaranteed. It is not recommended that you work with red clusters. Also if you have 3 hosts and 2 fails cluster will turn RED.

So when you enable VMHA, you should design in such a way that hosts in ESX will be able to handle additional VM's without any over utilization of resource.

For example: Two ESX Host having equal capacity handling 50 VM's each. We should design in way that each Host should be able to handle 100 VM's.

Clustering in VMWare is based upon customer requirements.

Cluster-in-a-Box: Both the Nodes in same Physical Hosts, this type of configuration is suitable in case there is possibility of data crashes or administrative errors, but there is no cover if ESX host fails on hardware front.

Cluster-across-Boxes: Both the nodes are placed on seperate ESX host, and this takes of ESX host's hardware failure.

Physical-to-Virtual Cluster: Here Node A is actually physical box and Node B is Virtual Machine in ESX host, acting as standby host.

VMWARE HA solutions has some advantages which not very obvious. But we should any case apply VM HA for one simple reason, if the ESX host fails, all VM’s at least get started at other host. You don’t have to manually do that. Downtime will be Non-Zero

VMHA and VC 2.0 deals only with Host failures, for VM's (Node failure) you monitor Heart Beat using Alarm

• Each host must be able to poweron VM's i.e. Each host must have access to VM's files, in other words all VMotion requirements are met.
• ESX server is reachable when you type it's fully qualified domain name

For VMHA heartbeats it is recommended to set

• Two service console port on different virtual switch
• One service console with NIC teaming enable at virtual switch level

VMHA is fully integrated with DRS, which means when your host fails and all VM’s are moved to different hosts, DRS takes care of resource management. VMHA is reactive solution, which means it will act only when one or more host fails but VMDRS is proactive solution, it is always best to implement both VMHA & VMDRS

Failover capacity: When you enable cluster, two important configurations you need to do and they are again dependant upon client's requirement.

1. Number of host allowed failures allowed

   Maximum is 04 and Minimum is 01. This configuration help HA to determine if there are enough resources to power on VM in the cluster. But it is we who decided how much redudant capacity to be made available.

2. Admission Control
1. Do not power ON VM if they violate availability constraints
2. Allow virtual machines to be powered on if they violate availability constraints

Depending upon adminission control option you select, VM will be either powered ON or NOT. These values help VMHA to balance and calculated enough resource across hosts in case there is any host failures. Current failover capacity under Cluster's summary tab informs how many hosts are available at that time to hold the VM's

We only need to provide number of host, rest like resources required to power on VM’s across these host or only 1 host is alive, decision like this is taken by VMHA. If resources are not enough VMHA wouldn’t all VM’s to be powered ON. You can force VMHA to start VM’s, in this case Cluster will show RED sign, which means failover might not be guaranteed. It is not recommended that you work with red clusters. Also if you have 3 hosts and 2 fails cluster will turn RED.

There are two things when you think of backup of virtual machines

• Application back which is called File Level Backup
• Entire VM back Image Level Backup, ( which is quite easy, cause you just need to back VMDK)

File Level Backup: It is recommended that you put all your data in Non-System Disk, it brings it's own advantages.

Backup Proxy Server is required for carrying out this task, this has been implemented especially to remove backup overheads from ESX/VM's. This would be Windows 2003 server, with Backup software installed(for example netbackup) which has VCB plugin to carry out the task.

COMPONENTS involved in VCB back process are:

• Hostd: On ESX Server and interacts with Virtual center
• VM to be backup:
• Backup Proxy server with 3rd party software installed on it.
• VCB Framework which consists of
  • vcbMounter
  • vLUN driver
  • Integration module
    • Pre & Post-backup scripts which ties with
  • Backup application (for example Netbackup)

VCB WORKFLOW:

• Backup application starts backup job as per pre-schedule time
• Pre-backup script is intiated by backup software 
  • Quiesces NTFS/FAT (only in case of MS Guest OS),this ensure no write operations are pending
  • Puts VM in snapshot mode
  • Snapshot is taken and put's VM into normal opertion
  • Backup software mounts this Snapshot for File Level Backup, and selected files are copied. (Done by Backup client)
  • For Image level back, entire disk is export to Backup proxy server.(Done by backup client)
• Post-backup script is called
  • which unmounts VM snapshot from backup proxy
  • Takes VM out of snapshot mode, commits any changes made to the disk during the snapshot mode.

Restoring backups done using VCB approach

Restoring file/Images taken via backup is not straight forward. There are three approaches for this

• Self-Service restore : Backup agent Installed on each and every VM
• Per-group restore : Select VM's which will do restore work (i.e. install backup agent only these VM's) and then get someone to restore files of those specific VM's
• Centralized restore: Backup agent is installed only on Backup Proxy and restore file/Image on backup proxy. After you can uses windows share to copy data over the location

These approachs differs from each other at one level i.e. present of backup agents. Backup agents here are only doing restore work.

For Image level backup you can use VCBMounter to backup entire virtual machine in the service console. VCBMounter quiesce the snapshot of the VM and export the setfiles which can be later on used to restore using VCBRestore. For file level back you have to use third party backup software. This can be done only from Service Console.

Before we talk about Resource Pool we need to know what are resources in VMware terminology. Resources are

• CPU's
• Memory
• Disk (Manages which proportional share mechanisim)
• Network (are controlled by using Network-traffic shaping)

Resources are provided by ESX host and they are consumed by VM's. if ESX host are clustered, then Cluster is actual resource provider.

Every VM will be allocated Memory and CPU resources, there are 3 settings in resource pool which influence as to what memory and CPU any VM would get.

RESERVATION:Reservation specified for the resource pool or VM, if the reservation is set to Zero (which is by default), it means no reservation is set. VM will not start if its reservation is not met or guaranteed. When reservations are not utilized ESX host can assign them to other VM's. Lets take example

You have VM's A and B. A & B is configured for 1GHZ reservation. Now during some days A only goes as far a 0.5 GHz, under such case B can use 1.5 GHz. But if B is using 1.5GHz and A is poweroff, Once A is powerON B has to give away 0.5 GHz

LIMIT:Specified limit for the VM, default is unlimited. Server can allocate more memory/CPU than reservation but it cannot assign more than it's limit. Applying limit will vary depending upon the circumstances or your design requirement.

It is recommended to apply limit, when you wish to manage few VM's and you know Max Memory/CPU utilization of these VM's applications. Because one you apply limit, even if the resource on one system is under utilize and other machine is going to require more CPU/Memory sometime, it won't be able to get that idle resource and there are chance paging would start happening.

SHARES: Number of shares determine which VM will get resources when there is competition for resources among VM's.Specifying shares makes sense only with regard to sibling virtual machines or resource pools, that is, virtual machines or resource pools with the same parent in the resource pool hierarchy.

The amount of resources represented by each share changes when a new virtual machine is powered on. This affects all virtual machines. Shares are typically specified as high, normal, or low. High, normal, and low specify share values with a 4:2:1 ratio.

For example:Two virtual machines run on a host with 8GHz. Both are set to Normal and get 4GHz each.A third virtual machine is powered on. It is set to High, which means it should have twice as many shares as the machines set to Normal. The new virtual machine receives 4GHz and the two other machines get only 2GHz each.

Share values default to:

• High — 2000 shares per virtual CPU, 20 shares per MB of virtual machine memory
• Normal — 1000 shares per virtual CPU, 10 shares per MB of virtual machine memory
• Low — 500 shares per virtual CPU, 5 shares per MB of virtual machine memory

By going by above defination, if we've VM with 2 CPU's and 1 GB RAM and shares is defined as High, so this VM is going to get

• 2000 Shares x 2 CPU's =Shares of CPU Power
• 20 Shares x 1024MB=Shares of Memory

Mind you, this is just shares and they will be useful in cases where VM is competing either for CPU or Memory resources.

Resource pool is used to distribute CPU's and Memory across VM. resource pools can have child resource pool or VM or Both.Resource pool or VM which are at the same level of heirarchy, it is called sibling. Picture below gives very good information about the relation.

You can actually create resources pool as per the department's requirement and can guarantee that particular resource pool will provide required processing power when the condition demands.

You don't need to configure resources to each VM, in fact you apply common settings across group of VM using resource poo. In above figure RP-Marketing is a resource pool, all resources defined in it, will be automatically applied to VM's under it, with configuring such setting for each VM.

In order to really leverage the power of resource pools, Group hosts into cluster. When you create cluster, resource are managed at the cluster level rather host level. In short resources on each host are combined into one. This one resource is total resource which can be allocated to all VM's under that cluster. Figure below explains it briefly.

Now that we have installed virtual center, next steps would be assigning permission to all those people who are responsible for managing managing VMware Infra 3.0. In order to do that we need to understand how the permissioning works. There are two elements in this, First is ESX host and other is Virtual Center. Permissioning on both these element is seperate and cannot be mix with eachother. For simple reason, one is Linux and other is Windows.

Security Model explained.

Let take user Greg, who works in first line support and need maximum rights to shutdown VM in case it hangs or user request.

Greg ------->Needs to Reset VM's ------->To achieve this we need to assign permission

[ User ]                [ROLE ]                                      [Priviliges]

1. Needs to Reset VM's = TASK [ROLE]
2. In order to do the TASK=Need to assign Permissions
3. USER

All three makes Permissions in VMWare and in all security model. However to little bit more to it, permission is also a combination of user account, Role,priviliges and position in the inventory to which the user/role applies.

Now Greg can be restricted to do Datacenter, VM. We can decide whether we need same permissions to flown across the datacenter or to specific folder. This is called as propogations of permissions. VMware has come with pre-defined roles, these roles are can been seen when you assign permission. You have the option of selecting the pre-defined roles or create one for yourself. But these pre-defined roles are again differ from ESX and Virtual Center perspective.

Predefined ESX Servers Roles:

1. No Access
2. Read-Only
3. Administrator

Predefined Virtual Center Roles:+ Predefined ESX Servers Roles

1. VM Administrator
2. Datacenter Administrator
3. Virtual Machine Power User
4. Virtual Machine User
5. Resource Pool Administrator

But customs roles can be created for both ESX aswell VC.

Virtual Center Security Model:

Virtual center security model includes accounts created in Windows which could be local or domain account. This account is again assigned role which is again decided at what heirarchy you apply this role. Default permission for VC is assigned to local Administrators groups of Windows 2003 server at the top level in the inventry.

ESX Security Model:

ESX security model includes user account created on ESX Server which is basically a linux user account. This account is again assigned role which is again decided at what heirarchy you apply this role. By default vpxuser and root are already created and assigned to administrator roles. Vpxuser is used for interacting ESX server. Root is admin account and performs task  assigned by virtual center.

Step-by-Step process of assigning permissions:

Select object on which you wish to apply permisison.

Expand the inventory

Right the click object, select add permission

Select role to be select from predefined list or select custom roles

Select if you wish to propogate the permission to child objects

Select user (Local/Domain) user

Add the user to users or group fields

 In order to create custom roles, go to the admin tab, right anywhere

Name the role and select priviliges you wish to give it to the role

There is lot in permissioning, I will update that later on

You can move VM's between ESX servers. Moving VM's when they are power off it is called Cold Migration. So what would be Hot Migration, nothing but VMotion. We will deal with it in more details in later posts. Cold migration of VM gives you option to move the files to different datastores, but in most cases Datastores are shared and ESX shouldn't have problem in accessing those files. In case situation where it is not possible to access these files, files are also moved along.

So when you perform Cold Migration ?

• When you would like to move VM' to local datastore of ESX server
• And when VM's are to be moved to two different CPU families
• Or when are upgrading your ESX hosts

Adding Devices:

VM need to be Power Off for adding most of the devices, Except for Hard disk, which is called Hot Plug. In case you need to add additional NIC, you can do only when the VM is power off. In order add device, Power off VM. In the summary tab, click Edit settings, VM properties are displayed. Click on add hardware Wizard and select the device you would like to add.

Adding SCSI Device

Select Device, remember to tick Device Status 

Select Device to be mapped on VM

Summary to finish

More Information:

http://pubs.vmware.com/vi301/wwhelp/wwhimpl/js/html/wwhelp.htm and Search for add device

Cloning a VM is equivalent to deploying VM from template. Here as well you get option to customize guest OS. To clone VM, simply right click VM, say clone this VM. In order to enable Guest OS customization.

In order to enable guest OS customization, you need to configure Virtual center. Download latest sysprep tool from Microsoft, this customization applies only for Windows,for Linux it is inbuilt. Launch the installer and extract the contents to C:\Documents and Settings\All Users\Application Data\Vmware\VMware VirtualCenter\sysprep1.1

Some folders as per OS configuration are already created under this folder, extract them into respective folders.

Guest OS customization would look like

1) Enter Name and Organization

2) Guest OS Name, you have various option to select from, Select as per your organization's policy

3) Enter Product ID and License information

4) Enter Administrator Password, also in the same screen if you would like Admin to logon and how many times, you select.

5) Pick up appropriate time zone

6) Run once keep default

7) Workgroup or domain select as per your organization policy

8) Operating system options

Generate SID's

Delete all user accounts

9) In the end you have option to save customization for later use and it finishes OS customization part.

http://pubs.vmware.com/vi301/wwhelp/wwhimpl/js/html/wwhelp.htm

Template is used for provisioning of VM's in VMware. Provisioning is inbuilt feature in VMInfra 3.0. Technically Template is a VM which cannot be powered ON. Templates/VMDK can be stored in Monolithic form or sparse file format.

What is monolithic or spare file format ?

lets take a example:  If you create a monolithic file format of 16 GB, totally 16 GB is claimed  at one go, But if you create sparse file format 16GB will be consumed as and when it is utilized. Templates can be stored in NFS/SVC Console/VMFS

Templates can be created in two ways

• Clone to template - Original VM is retained.
• Convert to template - converts VM to template

DEPLOY VM FROM TEMPLATE

 Connect to Virtual center via VI client

Change the view to VM and Templates

Right click the template and select deploy this VM from this template.

Wizard will ask you VM's Name and Host on which you want to put this VM

Next select resource pool

Last you get option to customize OS.

You can select YES /NO depending upon your choices.

1) Select Template

2) Select Datacenter and ESX Host

UPDATING TEMPLATES:

In case you need to include latest Hotfix/Patches into templates, you easily do it. In order to achieve this task. Select template and select convert to virtual machine. Once VM is powered ON, apply patches and etc. Convert the same VM back to template.

The virtual Machine's display name is used to name the files of the Virtual Machine itself. Therefore avoid using special characters, including spaces, in the VM's display name.

When you create virtual machine you have by default 6 PCI slot, one reserved for Video Adapater and therefore effectively you have 5 to work on.Virtual chipset is Intel 440X-Based motherboard with an NS338 SIO chip. This ensure wider range of OS compatibility.

RESOURCE ALLOCATION TO VM:

Maximum of 16 GB RAM and 4 CPU can be allocated to VM. But it is recommended against allocated more than 1 CPU to VM unless and until application on VM is going to make use of it. More CPU is allocated, more hard CPU scheduling has to work, which might cause overburden on Physical CPU.

VM Creation:

In order to create VM you need to have following details handy

• Location where to Store VM's files. i.e. VMDK file
• Location where the ISO Image of the Guest OS is kept.
• VM's Name, it Location in Datacenter
• Number of Processor,Memory Allocation,Disk Size
• NIC to connect to
• Virtual Device Node and Disk Mode

What is Disk Mode?

In simple word they way you wish VM to react to changes made to it. If you want to those change permanent select Persistent Mode or select Non-Persistent mode. In non-persistent mode, all changes made to VM is lost when you powercycle VM. Both Persistent and Non-Persistent mode comes under Independant category. There is other category called as Snapshots. Snapshots is selected by default and it allows to take snapshot of disk, you can restore the snapshot, in case you had undesirable result of changes you made.

Virtual Device node asks how you wish to connect VMDK to VM.

More detail Information is available at http://pubs.vmware.com/vi301/wwhelp/wwhimpl/js/html/wwhelp.htm

Step-By-Step Procedure for creation of VM ScreenShots

1) Virtual Machine Name and Select Datacenter where VM should reside

2) Select ESX server which will Host VM

3) Memory selection

4) Where your VM files, configuration files resides

5) Select OS version to Install

6) Select NICs and remember to select connect a power ON

7) Select disk Capacity

8) Select destination where you wish to store VMDK

9) Select Virtual Disk Node

More information in detail is availabe at http://pubs.vmware.com/vi301/wwhelp/wwhimpl/js/html/wwhelp.htm

Virtual center can be access using VI client or Web access(With Limited functionality), Web Access provides browser based interface for managing VM's.

Hostd and VPXA are two services which are running on ESX host responsible for performing tasks assigned by Virtual Center.

Virtual Center deployment:

Virtual Center with Minimum Hardware requirement can Handle

--------->20 concurrent connections

   ------->50 Managed Hosts

     ----->1000 VM's

With Dual CPU and 3Gig RAM

--------->50 concurrent connections

   ------->1000 Managed Hosts

     ----->2000 VM's

 BACKUP Strategy for VirtualCenter Server:

Virtual Center is recommended to be on Physical Box, as a DR strategy you can created one VM and leave it powered off. Use it only when Primary fails. When Primary fails, Power On DR server, Point it to Virtual Center database. Have System Admins point to DR server till you bring back the Primary.

Other recommended strategy is to use Cluster capabilities of SQL database.

The VMware License Server and Virtual Center Server typical reside on the same system.

The inventory hierarchy is used to group your hosts and virtual machines in meaningful way. It also provides the natural structure upon which you apply permissions. Datacenter is aggregration of all the different types of objects needed to work in a virtual Infra,Hosts,VM,Networks and Datastores.

Datacenter can be divided on the basis of Geographical locations by creating folder inside it or as per your convenience.But make sure you design in way which will allow to delegate roles and responsibilities for Managing VMInfra.

You can Group them on basis on

• VMotion requirement
• To form single pool of resources
• Single Administrative control

 Typically a datacenter consists of Managed Objects Viz:

• Virtual Machines
• Hosts
• Virtual Machine Templates

Tasks such as Cloning VM's,deploying VM's from templates or Migrating VM's can be only be performed with objects in the same datacenter.

VM,VMTemplates can be organized based on Functions and departments. CPU family,Application servers,Infra Servers. Below Image is very example of it.

In order to use feature like VMHA,VMDRS  we have to cluster servers.

Above view can change according to our needs. It is categorized as

1. Hosts and Clusters
2. VM and Templates
3. Networks
4. Datastores

First two are most commonly used. In above image it is Hosts and Templates. In above examples Hosts are group into folders viz

Racks

==>    Hosts

      ====>Server types (Messaging,SQL,IIS)

In order to add Host to Virtual Center, you need

1. FQDN of ESX Host
2. Root Password or equivalent user account

once you add ESX host, change the license type to Server based pointing it to License server

Virtual Switches uses software constructs implemented by VMKernel. VMKernel itself uses virtual switches to access iSCSI and NAS based storage and to implement VMotion.

NIC Team, which is simply a virtual switch connected to 2 or more Physical NIC's. And NIC team provides automatic distribution of packets and failover.

Each Switch is internal LAN, implemented entirely in software by the VMKernel. Internal only switch is used for network isolation for testing purpose for example Anti-virus software and IDS and One Box Firewall enviornment.

Default number of ports on switch is 54, however one created during installation has 24 ports and maximum limit is 1024.

The simplest way to give virtual machine access to network is to make virtual switch and associated it with outbound Phyical Nic. High performance application can benefit from NIC teaming which offers higher bandwidth and provide automatic load balancing and network fail over.

There are three types of Network connections

• Service console:Managing ESX hosts
• VMKernel Port:For managing iSCSI and NAS devices
• Virtual Machine port group:For accessing VM Networks

More than one connection type can exist on a single virtual switch. Seperate IP Stacks are configured for the service console and the VMkernel, which means each port must be assigned with it's own IP address.

When creating new virtual switch you have to specify connection type.

All virtual switches are known as vSwitch# (remember S is captial, since LINUX is case sensitive), Each Port or Port group has a network label

While Service console port are known as vSwif#

Virtual Switch Properties

General: Allows to configure number of ports

Network Policies: VLAN,Security,Traffic Shaping and NIC Teaming.

Network policies for virtual switch becomes default policies at port and port group level, which can be override at the respective level.

To change the speed of the NIC card,

Configuration Tab->Networking ->Properties->Network Adapters->Edit

 LittleBit about VLANS

VLAN are a network layer 2 concept (the same layer at which MAC address and Ethernet live, one layer below IP addressing and routing). Smart L2 switches that can keep track of which ports belongs to which VLAN. In order to extend VLAN across switches, a trunk link must interconnect switches.

ESX server provides VLAN support through virtual switch tagging, which is simply provided by giving port group VLAN ID. Then VMKernel takes care of all tagging and untagging as the packets pass through the virtual switches. VLAN ID is optional by default.

Security:There are three security policies exception; Promiscuous [Default -Reject];MAC Address Changes [Default -Accept];Forget Transmits; [Default -Accept]

Traffic Shaping:VM's Network Bandwidth can be controlled by Traffic Shaping. Traffic shaper only controls outbound network traffic only.To control inbound traffic, use a load-balancing system, or turn on rate limiting features of your router. Network traffic shaping is off by default. That is, each VM can consume as much outbound traffic as its guest is configured for. VM subject to these controls may exceed its average bandwidth and spike up to its peak bandwidth -but only enough to transmit data defined in Burst Size. 

Port Group level: If you set average Bandwidth at 1000 kbps on a port group, then any VM connected to that port group can use an average bandwidth of 1000kbps

Host-based licensing

Advantages:

One less piece of Infrastructure

sufficient for small organization

Disadvantages:

Licenses do not float

features which requires virtual center cannot be used.

ESX server features do not require Virtual Center nor a license server and are transferable.

There are two types of licenses, Starter and Standard

Starters License :

1. Only 4 Processors
2. 8 GB RAM
3. No fiber channel or iSCSI storage available only Local and NAS
4. VMFS (Virtual Machine File System) only on local storage
5. Virtual Center Agent

However you would be able to add few features using add-on license, seperate charges apply

Standard License :

1. No limitations on RAM and Processor
2. Local/NAS/SAN/iSCSI storage available
3. Virtual center agent
4. VMFS

Enterprize License :

Standard License +

1. VMotion
2. VMWare HA
3. VMWare DRS
4. VCB (VMware consolidated Backup) (This is also available as add-on cost license)

More information could be found at Doc ID: 5357713 under VMTN

Virtual Center has

• Core Services

1. Mgmt of Resources
2. VM's
3. Mgmt Alarms,Events
4. VM Provisioning
5. Host and VM Configuration

• Distributed Services

1. VMotion
2. VMware DRS
3. VMWare HA

Database Interface

Active directory Interface.

Order of Installation

1. Database Server (Create a connection to SQL or Oracle Database
2. License Server
3. Virtual Center
4. VI Client -in Windows World RDP software

Virtual center database contains

• configuration information
• Current Status and
• utilization data of the managed Hosts and Virtual Machines

If you are using VC then you must use License server for completetly using its features

If License server is not available then still VMWare Infra can survive for 14 days of grace period.

There are three software editions

• Starter
• Standard and
• Enterprize.

License based model is named similiarly

Starter and Standard. However standard license licenses both standard and Enterprize mode.

When you install License server, Following services is seen in Services.msc console.

VMWare License Server

Similiarly when you install Virtual Center Following services is seen in Services.msc console.

• => VMware Virtual Infrastructure Web Access
• => VMware Virtual Mount Manager Extended
• => VMware VirtualCenter Server

If Management Server must go through firewall Open Port 902

VMFS

VMWare file system is a file system optimized for storing VM’s. A virtual disk stored on a VMFS always appears to the virtual machine as mounted SCSI device. VMFS store is used to ISO Images,templates.

VMFS volumes are accessible in the service console underneath /vmfs/volumes directory

To create VMFS datastore

Configuration tab ->

- > Hardware

o Storage(SCSI,SAN and NFS)

§ Add Storage

Adding extends to datastore

Datastore can span upto 32 physical disks. You generally wish to add extend when VM’s need more space or you need to create more space.

To add one or more extend to the datastore

Configuration

Storage

Properties

Volume properties

Extends

Select the disk which you want to add as an extend and click next

If disk or partition you add was formatted previously, it will be reformatted and loose file systems and any data it contained.you have the option to decided the disk space to utilize.

To remove extends you will have to delete the entire VMFS, to remove VMFS, select VMFS and click remove. Make sure there no running VM’s on it. Removing datastore from the ESX server breaks the connection between system and storage device that holds the datastore and stops all functions of that storage device.

Managing Paths for Fibre Channel and iSCSI

ESX Server supports multipathing to maintain a constant connection between the server machine and the storage device in case of the failure of an HBA, switch, storage processor (SP), or cable. Multipathing support does not require specific failover drivers.

To support path switching, the server typically has two or more HBAs available, from which the storage array can be reached using one or more switches. Alternatively, the setup could include one HBA and two storage processors so that the HBA can use a different path to reach the disk array.

By default, ESX Server systems use only one path from the host to a given LUN at any given time. If the path being used by the ESX Server system fails, the server selects another of the available paths. The process of detecting a failed path and switching to another is called path failover. A path fails if any of the components—HBA, cable, switch port, or storage processor—along the path fails.

The process of one HBA taking over for another is called HBA failover. The process of 1 SP taking over SP2 is called SP failover. VMware ESX Server supports both HBA and SP failover with its multipathing capability.

Setting Multipathing policies for LUN’s

MRU: Most recently used: [Default] which means once failover occur, we do not automatically failover. Recommended under Active/Passive storage devices

Fixed: means ESX server will always try to use preferred path. Recommended under active/active storage devices

The ESX Server host automatically sets the multipathing policy according to the make and model of the array it detects. If the detected array is not supported, it is treated as active/active.

NAS and NFS

NAS is a specialised storage device that connects to a network and can provide file level access services to an ESX server. VMWare only support NFS for access file system over network.

NAS is low cost and less infrastructure investment required than FC. NFS volumes are treated just like VMFS volume, can hold ISO/Templates and VM’s. ESX server supports

- VMotion

- Create VM

- Boot virtual Machines

- Mount ISO files

- Create virtual machine snapshots on NFS mounted volumes. The snapshot feature lets you preserve the state of the virtual machine so you can return to the same state repeatedly.

NFS client built into ESX server lets us access NFS Server and use NFS volume for storing VM’s.

When ESX Server accesses a virtual machine disk file on an NFS-based datastore, a special .lck-XXX lock file is generated in the same directory where the disk file resides to prevent other ESX Server hosts from accessing this virtual disk file. Don’t remove the .lck-XXX lock file, otherwise the running virtual machine will not be able to access its virtual disk file.

NFS and Permission

ESX server must be configured with a VMKernel port defined on a virtual switch. VMkernel port must be access NFS server over the network.

/Etc/Exports defines the systems allowed to access the shared directory. The options used in this file are :

Name of the directory to be shared

Subnet allowed to access the share

The root squash feature maps root to a user with no significant privileges on the NFS server, limiting the root user's abilities. This feature is commonly used to prevent unauthorized access to files on an NFS volume. If the NFS volume was exported with root squash enabled, the NFS server might refuse access to the ESX Server host. To ensure that you can create and manage virtual machines from your host, the NFS administrator must turn off the root squash feature or add the ESX Server host’s physical network adapter to the list of trusted servers

If the NFS administrator is unwilling to take either of these actions, you can change the delegate user to a different identity through experimental ESX Server functionality. This identity must match the owner of the directory on the NFS server otherwise the ESX Server host will be unable to perform file level operations. To set up a different identity for the delegate user, acquire the following information:

• User name of the directory owner

• User ID (UID) of the directory owner

• Group ID (GID) of the directory owner

The delegate user is configured globally, and the same identity is used to access to every volume.

Setting up the delegate user on an ESX Server host requires that you complete these activities:

• From the Users & Groups tab for a VI Client running directly on the ESX Server host, either:

• Edit the user named vimuser to add the correct UID and GID. vimuser is an ESX Server host user provided to you as a convenience for setting up delegate users. By default, vimuser has a UID of 12 and a GID of 20.

• Add a completely new user to the ESX Server host with the delegate user name, UID, and GID.

You must perform one of these steps regardless of whether you manage the host through a direct connection or through the VirtualCenter Server. Also, you need to make sure that the delegate user (vimuser or a delegate user you create) is identical across all ESX Server hosts that use the NFS datastore.

To change the virtual machine delegate

1 Log on to the VI Client through the ESX Server host.

2 Select the server from the inventory panel.

1. The hardware configuration page for this server appears with the Summary tab displayed.

3 Click Enter Maintenance Mode.

4 Click the Configuration tab and click Security Profile.

5 Click Virtual Machine Delegate > Edit to open the Virtual Machine Delegate dialog box.

2. Enter the user name for the delegate user.

3.

6 Click OK.

7 Reboot the ESX Server host.

After you reboot the host, the delegate user setting is visible in both VirtualCenter and the VI Client running directly on the ESX Server host.

Before you begin access NFS datastore you have to create VMKernel port manually.VMkernel port can be created on an existing virtual switch or as new connection on a new virtual switch