Basic System Administration -Part 04
Vmware doesn’t not explicitly restrict users from with same login and password from accessing and taking action within the VC.
If you rename user domain account, it becomes invalid in VC and same applies to group but before that(for groups only) you need to restart virtucal center.
Following activities can be scheduled as Tasks
- Change the power state of a VM
- Create a VM template
- Move a VM with Vmotion
- Create a VM
- Make snapshot of VM
- Customize VM
- Add a Host
This was the last part of the series from basic administration task,this pdf is in more details and end in 364 pages. There should be more information which be might be useful for VCP. I might add more to this series soon.
When you modify User’s permissions, Users do not need to log off and log on into Virtual Center for changes to take effect. All changes take effect immediately.
You can define permission on
- VM
- Folders
- Datacenters
- Resource pools
- Templates
- Host
- Clusters
You cannot directy define permission on
- Networks
- Datastores
In virtual center you can assign permission to
- Folder
- Datacenter
- Host
- VM
- Templates
- Cluster
- Resource Pools
- In ESX server you can assign permission to
- Resource Pool
- VMs
- Hosts
There are two types of roles
System (cannot be modified): administrator/read-only/No-access
Sample (can be modified):
Detail Description is available in Excel Sheet HERE
Basic System Administration -Part 2
- Vmware tool service
- Set of Vmware device drivers
-
SVGA Display drivers
-
Vmxnet networking drivers
-
Bus Logic SCSI drivers
-
Memory control driver
-
Vmware mouse driver
-
I/O consolidate backup to quiesce I/O
- set of scripts that let’s you automate guest OS
- component that supports copying between the guest and managed host
If you don’t have vmware tools installed you don’t have option to restart or shutdown option. You will’ve to gracefully shutdown OS within VMs console. In order to upgrade VMWare tools, you need to shutdown VMs.
When you suspend VMs, a file is created with a. vmss extension is created, which contains the entire state of VMs. The remove from inventory cmd removes the VM only from VI client and not from from it’s datastore, however delete from disk removes it from datastore. Similiarly .vmtx is extension for template and remove from inventory and delete from datastores applies here as well. File with NVRAM extensions contains BIOS Settings.
In many cases, you can get past the problem by temporarily disabling acceleration in the virtual machine, but the applications stablize deselect “disable acceleration”
Choose Hyperthreading Sharing Mode from the pull-down menu. The options are:
Any – (default) The virtual CPUs of this virtual machine can freely share cores with other virtual CPUs of this or other virtual machines.
None – The virtual CPUs of this virtual machine have exclusive use of a processor core whenever they are scheduled to it. The other hyperthread of the core is halted while this virtual machine is using the core.
Internal – On a virtual machine with exactly two virtual processors, the two virtual processors are allowed to share one physical core (at the discretion ofthe ESX Server scheduler), but this virtual machine never shares a core with any other virtual machine. If this virtual machine has any other number of processors other than two, this setting is the same as the none setting.
Audio is available only for Windows XP and not for Window2000/windows 2003
If you wish to edit template, you’ll need to convert the template into VM.
Customization of guest OS is saved in xml file. Saved customization files are unique to each VirtualCenter Server and to each version of VirtualCenter due to encryption. You must recreate the customization files for each VirtualCenter Server. Also if you uninstall VirtualCenter and later do a fresh installation, the ability to decrypt passwords from the earlier installation is lost.
Basic System Administration
- The text is sent as a notice message to all active session users and to new users when they log in. The MIB definition files can be found at C:\Program Files\VMware\Vmware VirtualCenter\MIBS when the default installation directory is used.
- You can perform migration between datacenters, the root folder is set as a default for every virtualcenter server, you can change the name but not add or remove it.
- ESX SERVER SUPPORTS 5 DIRECT, CONCURRENT VI CLIENT CONNECTIONS
- When you add multiple ESX servers to Virtual Center, VC will identify any naming conflicts that exist between virtual machines and alerts system administrator, who can rename virtual machines as necessary. The name can be 80 character long and may contact underscore,hypen.
- Disconnecting managed hosts differs from removing it, when you disconnect it; virtual center monitoring activities are temporarily suspended. When you remove it, VC stops are monitoring and managing functions of that managed host. Hosts and all VMs on the host are removed from the inventory but historical data is not removed from VC database.
- When adding or removing hosts, make sure NFS mounts are active, if NFS are unresponsive, the operation fails.
- Systems with dual-core processor (two CPU cores in each processor) must use ESX server 2.5.2. VC licenses are issused by pairs of processor packages not by processor cores. Host can be removed from the cluster only if all of the virtual machines on it are powered off and host is placed into maintenance mode.
- The Virtual CPUs page does not appear if the host is single-processor or the guest operating system does not support SMP (for example, NetWare and Windows NT 4.0)
- When you map a LUN to a VMFS volume, virtual center creates a file that point to the LUN.Encapsulating disk information to the file allows VC to lock the LUN so that only one Virtual Machine can write to it.
VMFS -VMWARE
CONSIDERATION WHEN CREATING VMFS
You should always have one VMFS volume per LUN, however you can have multiple smaller or one larger VMFS volume. With ESX Server you can create 1.2 GB Minimum and 256 VMFS volume per system. You can connect upto 32 ESX servers to single volume.
Environment where you should go for Larger VMFS Volume:
When you need more flexibility in creating VMs, more flexibility for resizing VMDKs,snapshots
Few Volumes better management
If you go for smaller VMFS Volume you following Advantages:
- Less wasted storage space
- Less contention on each VMFS due to locking and SCSI reservation issues
- More flexibility, as the multipathing policy and disk shares are set per LUN
- Use of MSCS requires each cluster disk resources has its own LUN
NB: Best practise would be configure few servers with Larger VMFS vols and few with smaller VMFS vols
- Maximum VMDK file size: 2 TB
- Maximum file size: 2TB
- Block size: 1 MB to 8 MB
When you add datastore, name must be unique within the current Virtual Infrastructure instances. Before creating a new datastore on a FC device, rescan a fibre channel adapater to discover any newly added LUNs.
UPGRADING VMFS 2.0 TO VMFS 3.0
When upgrading to 3.0 ESX server file-lock mechanism ensures that no remote ESX Server or local process is accessing the VMFS volume being converted. ESX Server 3.0 supports VMFS 3. VMFS-3 is not backward compatible with earlier versions of ESX server
Before you carry out upgrade process make sure
- Commit or discard any changes to VMDK
- Backup the VMDK suppose to be upgraded
- No Power ON VM is using VMFS2.0
- No ESX Server is accessing VMFS2.0 or mounted on any ESX Server
STORAGE -02 VMWARE
Manually changing MRU to Fixed is not recommended. If you are using Fixed Policy, you can see which path is the preferred path with an asterisk mark.
It is recommended to use fixed policy when SP are active/active and for MRU should be used when SP are active/passive mode
RDM is a special mapping file in VMFS volume that manages metadata for its mapped device. Mapping file has a .vmdk extension, but the file contains only disk information describing the mapping to the LUN on the ESX server system
Benefits of Raw Device Mapping (RDM)
- User-friendly persistent name
- Dynamic name resolution
- Distributed file locking: distributed locking on a RDM makes it safe to use a shared RAW SCSI devices without losing date when two VM are accessing the same LUN.
- File permissions
- File system operations
- Snapshots
- Vmotion
In RDM there are two modes physical modes and virtual modes
In Physical mode, VMKernel passess are SCSI commands to the device except REPORT LUN command is virtualized so the Vmkernel can isolate the Lun from the owning VM.
All mapped LUNs are uniquely identified by VMFS, RDM lets you give a permanent name to a device name, which is relative to the first visible LUN. so that any change in HBA,FC failure can change Vmhba because name includes initiator,HBA,SP,LUN. Dynamic resolution can compensate this.
Vmkfstools can used for managing RDM from SVC console, typical operations are querying mapping information, create mapping file and to import or export a virtual disk.
STORAGE-Advance Concepts
For preparing VCP you first need to read the Exam Blue print available on vmware site, after going through it you would realize that one should go through
- Basic Administration Guide
- Server configuration Guide
- Resource Administration
All the above guides and additional guides are available at Vi3 Documents in PDF
Below are the contents from all three guide, they are actually few important concepts rather than entire text. This blog talks about storage.
STORAGE
TYPES OF STORAGE
- Local
- Fibre Channel (FC)
- ISCSI (Hardware iniatiated)
- ISCSI (software iniatiated)
- NFS (NFS client is built-in into ESX server)
iSCSI
With iSCSI, SCSI storage cmds are send by VM to its VMDKs & are converted into TCP/IP protocol packets and transmitted to a remote device or target, that stores the virtual disk. ISCSI initiators are responsible for transporting SCSI requests between ESX Server and the target storage device on the IP Network.
There are two types of ISCSI initiators
1. Software based
2. Hardware based
Software based iSCSI initiators have a code built into VMKernel which carries out the transporting job, using software initiators, the ESX server connects to a LAN through an existing NIC card using network stacks, in short you can implement iSCSI without purchasing specialized hardware. You also need to open a firewall port by enabling the iSCSI software client service.
Hardware based iSCSI initiators requires HBA cards which are specialized to transport iSCSI cmds over LAN to the target. Currently ESX Server supports only Qlogic QLA4010 iSCSI HBA.
NB: ESX 3.0 does not support both types of initiators on single system.
Naming requirements:
IQN (iSCSI qualified name)
e.g. iqn.1998-01.com.mycompany:myserver
Format Template: iqn.<year-mo>.<reversed_domain_name>:<unique_name>
Discovery methods
Initiator discovers iSCSI targets by sending a sendtargets requested for specific target address.
Static: Only available for Hardware based iSCSI initiators, you can manually add additional targets or remove unneeded targets. If you remove a dynamically discovery static target, the target can be returned to the list the next time a rescan happens, the HBA is reset, or the system is rebooted.
Dynamic: to use this method enter the address of the target device so that the initiator can established a discovery session with this target. The target device then responds by forwarding a list of additional targets that the initiator is allowed to access.
iSCSI Security
Since iSCSI communications between initiator and target happens over TCP/IP stack, it is necessary to ensure security of the connection. ESX server supports CHAP that iSCSI initiators can use for authentication purposes.
You can’t store VM on IDE or SATA, but on SCSI,NAS or FC storage only.
VMs communicate with datastore (where vmdk is placed) using SCSI commands, SCSI commands are encapsulated into various protocols e.g. FC,iSCSI, NFS depending type of physical storage.
HBA Naming convention vmhba1:1:3:1, Hba card 1, on Storage processor 1, using LUN3 and partition 1. First 2 numbers can change but last will remain unchanged
Select a large LUN if you plan to create multiple virtual machines on it., if more space is needed you can increase the VMS volume at any time –up to 64 TB.
Cluster-across-Boxes: Both the nodes are placed on seperate ESX host, and this takes of ESX host’s hardware failure.
Physical-to-Virtual Cluster: Here Node A is actually physical box and Node B is Virtual Machine in ESX host, acting as standby host.
VMWARE HA solutions has some advantages which not very obvious. But we should any case apply VM HA for one simple reason, if the ESX host fails, all VM’s at least get started at other host. You don’t have to manually do that. Downtime will be Non-Zero
VMHA and VC 2.0 deals only with Host failures, for VM’s (Node failure) you monitor Heart Beat using AlarmPRE-REQUISITES VMHA:
- Each host must be able to poweron VM’s i.e. Each host must have access to VM’s files, in other words all VMotion requirements are met.
- ESX server is reachable when you type it’s fully qualified domain name
For VMHA heartbeats it is recommended to set
- Two service console port on different virtual switch
- One service console with NIC teaming enable at virtual switch level
VMHA is fully integrated with DRS, which means when your host fails and all VM’s are moved to different hosts, DRS takes care of resource management. VMHA is reactive solution, which means it will act only when one or more host fails but VMDRS is proactive solution, it is always best to implement both VMHA & VMDRS
Failover capacity: When you enable cluster, two important configurations you need to do and they are again dependant upon client’s requirement.
- Number of host allowed failures allowed
Maximum is 04 and Minimum is 01. This configuration help HA to determine if there are enough resources to power on VM in the cluster. But it is we who decided how much redudant capacity to be made available.
- Admission Control
- Do not power ON VM if they violate availability constraints (Selected as default option)
- Allow virtual machines to be powered on if they violate availability constraints
Depending upon adminission control option you select, VM will be either powered ON or NOT. These values help VMHA to balance and calculated enough resource across hosts in case there is any host failures. Current failover capacity under Cluster’s summary tab informs how many hosts are available at that time to hold the VM’s
We only need to provide number of host, rest like resources required to power on VM’s across these host or only 1 host is alive, decision like this is taken by VMHA. If resources are not enough VMHA wouldn’t all VM’s to be powered ON(default option). You can force VMHA to start VM’s(when you like the constraints to be voilated), in this case Cluster will show RED sign, which means failover might not be guaranteed. It is not recommended that you work with red clusters. Also if you have 3 hosts and 2 fails cluster will turn RED.
So when you enable VMHA, you should design in such a way that hosts in ESX will be able to handle additional VM’s without any over utilization of resource.
For example: Two ESX Host having equal capacity handling 50 VM’s each. We should design in way that each Host should be able to handle 100 VM’s.
VMWARE HA
Cluster-across-Boxes: Both the nodes are placed on seperate ESX host, and this takes of ESX host’s hardware failure.
Physical-to-Virtual Cluster: Here Node A is actually physical box and Node B is Virtual Machine in ESX host, acting as standby host.
VMWARE HA solutions has some advantages which not very obvious. But we should any case apply VM HA for one simple reason, if the ESX host fails, all VM’s at least get started at other host. You don’t have to manually do that. Downtime will be Non-Zero
VMHA and VC 2.0 deals only with Host failures, for VM’s (Node failure) you monitor Heart Beat using AlarmPRE-REQUISITES VMHA:
- Each host must be able to poweron VM’s i.e. Each host must have access to VM’s files, in other words all VMotion requirements are met.
- ESX server is reachable when you type it’s fully qualified domain name
For VMHA heartbeats it is recommended to set
- Two service console port on different virtual switch
- One service console with NIC teaming enable at virtual switch level
VMHA is fully integrated with DRS, which means when your host fails and all VM’s are moved to different hosts, DRS takes care of resource management. VMHA is reactive solution, which means it will act only when one or more host fails but VMDRS is proactive solution, it is always best to implement both VMHA & VMDRS
Failover capacity: When you enable cluster, two important configurations you need to do and they are again dependant upon client’s requirement.
- Number of host allowed failures allowed
Maximum is 04 and Minimum is 01. This configuration help HA to determine if there are enough resources to power on VM in the cluster. But it is we who decided how much redudant capacity to be made available.
- Admission Control
- Do not power ON VM if they violate availability constraints
- Allow virtual machines to be powered on if they violate availability constraints
Depending upon adminission control option you select, VM will be either powered ON or NOT. These values help VMHA to balance and calculated enough resource across hosts in case there is any host failures. Current failover capacity under Cluster’s summary tab informs how many hosts are available at that time to hold the VM’s
We only need to provide number of host, rest like resources required to power on VM’s across these host or only 1 host is alive, decision like this is taken by VMHA. If resources are not enough VMHA wouldn’t all VM’s to be powered ON. You can force VMHA to start VM’s, in this case Cluster will show RED sign, which means failover might not be guaranteed. It is not recommended that you work with red clusters. Also if you have 3 hosts and 2 fails cluster will turn RED.
- Application back which is called File Level Backup
- Entire VM back Image Level Backup, ( which is quite easy, cause you just need to back VMDK)
File Level Backup: It is recommended that you put all your data in Non-System Disk, it brings it’s own advantages.
Backup Proxy Server is required for carrying out this task, this has been implemented especially to remove backup overheads from ESX/VM’s. This would be Windows 2003 server, with Backup software installed(for example netbackup) which has VCB plugin to carry out the task.
COMPONENTS involved in VCB back process are:
- Hostd: On ESX Server and interacts with Virtual center
- VM to be backup:
- Backup Proxy server with 3rd party software installed on it.
- VCB Framework which consists of
- vcbMounter
- vLUN driver
- Integration module
- Pre & Post-backup scripts which ties with
- Backup application (for example Netbackup)
VCB WORKFLOW:
- Backup application starts backup job as per pre-schedule time
- Pre-backup script is intiated by backup software
- Quiesces NTFS/FAT (only in case of MS Guest OS),this ensure no write operations are pending
- Puts VM in snapshot mode
- Snapshot is taken and put’s VM into normal opertion
- Backup software mounts this Snapshot for File Level Backup, and selected files are copied. (Done by Backup client)
- For Image level back, entire disk is export to Backup proxy server.(Done by backup client)
- Post-backup script is called
- which unmounts VM snapshot from backup proxy
- Takes VM out of snapshot mode, commits any changes made to the disk during the snapshot mode.
Restoring backups done using VCB approach
Restoring file/Images taken via backup is not straight forward. There are three approaches for this
- Self-Service restore : Backup agent Installed on each and every VM
- Per-group restore : Select VM’s which will do restore work (i.e. install backup agent only these VM’s) and then get someone to restore files of those specific VM’s
- Centralized restore: Backup agent is installed only on Backup Proxy and restore file/Image on backup proxy. After you can uses windows share to copy data over the location
These approachs differs from each other at one level i.e. present of backup agents. Backup agents here are only doing restore work.
For Image level backup you can use VCBMounter to backup entire virtual machine in the service console. VCBMounter quiesce the snapshot of the VM and export the setfiles which can be later on used to restore using VCBRestore. For file level back you have to use third party backup software. This can be done only from Service Console.
Shares,Reservation,Limits -CPU/Memory Resource settings
- CPU’s
- Memory
- Disk (Manages which proportional share mechanisim)
- Network (are controlled by using Network-traffic shaping)
Resources are provided by ESX host and they are consumed by VM’s. if ESX host are clustered, then Cluster is actual resource provider.
Every VM will be allocated Memory and CPU resources, there are 3 settings in resource pool which influence as to what memory and CPU any VM would get.
RESERVATION:Reservation specified for the resource pool or VM, if the reservation is set to Zero (which is by default), it means no reservation is set. VM will not start if its reservation is not met or guaranteed. When reservations are not utilized ESX host can assign them to other VM’s. Lets take example
You have VM’s A and B. A & B is configured for 1GHZ reservation. Now during some days A only goes as far a 0.5 GHz, under such case B can use 1.5 GHz. But if B is using 1.5GHz and A is poweroff, Once A is powerON B has to give away 0.5 GHz
LIMIT:Specified limit for the VM, default is unlimited. Server can allocate more memory/CPU than reservation but it cannot assign more than it’s limit. Applying limit will vary depending upon the circumstances or your design requirement.
It is recommended to apply limit, when you wish to manage few VM’s and you know Max Memory/CPU utilization of these VM’s applications. Because one you apply limit, even if the resource on one system is under utilize and other machine is going to require more CPU/Memory sometime, it won’t be able to get that idle resource and there are chance paging would start happening.
SHARES: Number of shares determine which VM will get resources when there is competition for resources among VM’s.Specifying shares makes sense only with regard to sibling virtual machines or resource pools, that is, virtual machines or resource pools with the same parent in the resource pool hierarchy.
The amount of resources represented by each share changes when a new virtual machine is powered on. This affects all virtual machines. Shares are typically specified as high, normal, or low. High, normal, and low specify share values with a 4:2:1 ratio.
For example:Two virtual machines run on a host with 8GHz. Both are set to Normal and get 4GHz each.A third virtual machine is powered on. It is set to High, which means it should have twice as many shares as the machines set to Normal. The new virtual machine receives 4GHz and the two other machines get only 2GHz each.
Share values default to:
- High — 2000 shares per virtual CPU, 20 shares per MB of virtual machine memory
- Normal — 1000 shares per virtual CPU, 10 shares per MB of virtual machine memory
- Low — 500 shares per virtual CPU, 5 shares per MB of virtual machine memory
By going by above defination, if we’ve VM with 2 CPU’s and 1 GB RAM and shares is defined as High, so this VM is going to get
- 2000 Shares x 2 CPU’s =Shares of CPU Power
- 20 Shares x 1024MB=Shares of Memory
Mind you, this is just shares and they will be useful in cases where VM is competing either for CPU or Memory resources.
Resource pool is used to distribute CPU’s and Memory across VM. resource pools can have child resource pool or VM or Both.Resource pool or VM which are at the same level of heirarchy, it is called sibling. Picture below gives very good information about the relation.
You can actually create resources pool as per the department’s requirement and can guarantee that particular resource pool will provide required processing power when the condition demands.
You don’t need to configure resources to each VM, in fact you apply common settings across group of VM using resource poo. In above figure RP-Marketing is a resource pool, all resources defined in it, will be automatically applied to VM’s under it, with configuring such setting for each VM.
In order to really leverage the power of resource pools, Group hosts into cluster. When you create cluster, resource are managed at the cluster level rather host level. In short resources on each host are combined into one. This one resource is total resource which can be allocated to all VM’s under that cluster. Figure below explains it briefly.
VirtualCenter Security Model
Let take user Greg, who works in first line support and need maximum rights to shutdown VM in case it hangs or user request.
Greg ——->Needs to Reset VM’s ——->To achieve this we need to assign permission
[ User ] [ROLE ] [Priviliges]
- Needs to Reset VM’s = TASK [ROLE]
- In order to do the TASK=Need to assign Permissions
- USER
All three makes Permissions in VMWare and in all security model. However to little bit more to it, permission is also a combination of user account, Role,priviliges and position in the inventory to which the user/role applies.
Now Greg can be restricted to do Datacenter, VM. We can decide whether we need same permissions to flown across the datacenter or to specific folder. This is called as propogations of permissions. VMware has come with pre-defined roles, these roles are can been seen when you assign permission. You have the option of selecting the pre-defined roles or create one for yourself. But these pre-defined roles are again differ from ESX and Virtual Center perspective.
Predefined ESX Servers Roles:
- No Access
- Read-Only
- Administrator
Predefined Virtual Center Roles:+ Predefined ESX Servers Roles
- VM Administrator
- Datacenter Administrator
- Virtual Machine Power User
- Virtual Machine User
- Resource Pool Administrator
But customs roles can be created for both ESX aswell VC.
Virtual Center Security Model:
Virtual center security model includes accounts created in Windows which could be local or domain account. This account is again assigned role which is again decided at what heirarchy you apply this role. Default permission for VC is assigned to local Administrators groups of Windows 2003 server at the top level in the inventry.
ESX Security Model:
ESX security model includes user account created on ESX Server which is basically a linux user account. This account is again assigned role which is again decided at what heirarchy you apply this role. By default vpxuser and root are already created and assigned to administrator roles. Vpxuser is used for interacting ESX server. Root is admin account and performs task assigned by virtual center.
Step-by-Step process of assigning permissions:
Select object on which you wish to apply permisison.
Expand the inventory
Right the click object, select add permission
Select role to be select from predefined list or select custom roles
Select if you wish to propogate the permission to child objects
Select user (Local/Domain) user
Add the user to users or group fields
In order to create custom roles, go to the admin tab, right anywhere
Name the role and select priviliges you wish to give it to the role
There is lot in permissioning, I will update that later on
VMware -VM Management
- When you would like to move VM’ to local datastore of ESX server
- And when VM’s are to be moved to two different CPU families
- Or when are upgrading your ESX hosts
Adding Devices:
VM need to be Power Off for adding most of the devices, Except for Hard disk, which is called Hot Plug. In case you need to add additional NIC, you can do only when the VM is power off. In order add device, Power off VM. In the summary tab, click Edit settings, VM properties are displayed. Click on add hardware Wizard and select the device you would like to add.
Adding SCSI Device
Select Device, remember to tick Device Status
Select Device to be mapped on VM
Summary to finish
More Information:
http://pubs.vmware.com/vi301/wwhelp/wwhimpl/js/html/wwhelp.htm and Search for add device
Some folders as per OS configuration are already created under this folder, extract them into respective folders.
Guest OS customization would look like
1) Enter Name and Organization
2) Guest OS Name, you have various option to select from, Select as per your organization’s policy
3) Enter Product ID and License information
4) Enter Administrator Password, also in the same screen if you would like Admin to logon and how many times, you select.
5) Pick up appropriate time zone
6) Run once keep default
7) Workgroup or domain select as per your organization policy
Operating system options
Generate SID’s
Delete all user accounts
9) In the end you have option to save customization for later use and it finishes OS customization part.MORE INFORMATION:
http://pubs.vmware.com/vi301/wwhelp/wwhimpl/js/html/wwhelp.htm
What is monolithic or spare file format ?
lets take a example: If you create a monolithic file format of 16 GB, totally 16 GB is claimed at one go, But if you create sparse file format 16GB will be consumed as and when it is utilized. Templates can be stored in NFS/SVC Console/VMFS
Templates can be created in two ways
- Clone to template – Original VM is retained.
- Convert to template – converts VM to template
DEPLOY VM FROM TEMPLATE
Connect to Virtual center via VI client
Change the view to VM and Templates
Right click the template and select deploy this VM from this template.
Wizard will ask you VM’s Name and Host on which you want to put this VM
Next select resource pool
Last you get option to customize OS.
You can select YES /NO depending upon your choices.
1) Select Template
2) Select Datacenter and ESX Host
UPDATING TEMPLATES:
In case you need to include latest Hotfix/Patches into templates, you easily do it. In order to achieve this task. Select template and select convert to virtual machine. Once VM is powered ON, apply patches and etc. Convert the same VM back to template.
VMWare -VM Creation
RESOURCE ALLOCATION TO VM:
Maximum of 16 GB RAM and 4 CPU can be allocated to VM. But it is recommended against allocated more than 1 CPU to VM unless and until application on VM is going to make use of it. More CPU is allocated, more hard CPU scheduling has to work, which might cause overburden on Physical CPU.
VM Creation:
In order to create VM you need to have following details handy
- Location where to Store VM’s files. i.e. VMDK file
- Location where the ISO Image of the Guest OS is kept.
- VM’s Name, it Location in Datacenter
- Number of Processor,Memory Allocation,Disk Size
- NIC to connect to
- Virtual Device Node and Disk Mode
What is Disk Mode?
In simple word they way you wish VM to react to changes made to it. If you want to those change permanent select Persistent Mode or select Non-Persistent mode. In non-persistent mode, all changes made to VM is lost when you powercycle VM. Both Persistent and Non-Persistent mode comes under Independant category. There is other category called as Snapshots. Snapshots is selected by default and it allows to take snapshot of disk, you can restore the snapshot, in case you had undesirable result of changes you made.
Virtual Device node asks how you wish to connect VMDK to VM.
More detail Information is available at http://pubs.vmware.com/vi301/wwhelp/wwhimpl/js/html/wwhelp.htm
Step-By-Step Procedure for creation of VM ScreenShots
1) Virtual Machine Name and Select Datacenter where VM should reside
2) Select ESX server which will Host VM
3) Memory selection
4) Where your VM files, configuration files resides
5) Select OS version to Install
6) Select NICs and remember to select connect a power ON
7) Select disk Capacity
Select destination where you wish to store VMDK
9) Select Virtual Disk Node
More information in detail is availabe at http://pubs.vmware.com/vi301/wwhelp/wwhimpl/js/html/wwhelp.htm
VMWare -Virtual Center -03
Virtual Center deployment:
Virtual Center with Minimum Hardware requirement can Handle
———>20 concurrent connections
——->50 Managed Hosts
—–>1000 VM’s
With Dual CPU and 3Gig RAM
———>50 concurrent connections
——->1000 Managed Hosts
—–>2000 VM’s
BACKUP Strategy for VirtualCenter Server:
Virtual Center is recommended to be on Physical Box, as a DR strategy you can created one VM and leave it powered off. Use it only when Primary fails. When Primary fails, Power On DR server, Point it to Virtual Center database. Have System Admins point to DR server till you bring back the Primary.
Other recommended strategy is to use Cluster capabilities of SQL database.
VMWare -Virtual Center -02
The inventory hierarchy is used to group your hosts and virtual machines in meaningful way. It also provides the natural structure upon which you apply permissions. Datacenter is aggregration of all the different types of objects needed to work in a virtual Infra,Hosts,VM,Networks and Datastores.
Datacenter can be divided on the basis of Geographical locations by creating folder inside it or as per your convenience.But make sure you design in way which will allow to delegate roles and responsibilities for Managing VMInfra.
You can Group them on basis on
- VMotion requirement
- To form single pool of resources
- Single Administrative control
Typically a datacenter consists of Managed Objects Viz:
- Virtual Machines
- Hosts
- Virtual Machine Templates
Tasks such as Cloning VM’s,deploying VM’s from templates or Migrating VM’s can be only be performed with objects in the same datacenter.
VM,VMTemplates can be organized based on Functions and departments. CPU family,Application servers,Infra Servers. Below Image is very example of it.
In order to use feature like VMHA,VMDRS we have to cluster servers.
Above view can change according to our needs. It is categorized as
- Hosts and Clusters
- VM and Templates
- Networks
- Datastores
First two are most commonly used. In above image it is Hosts and Templates. In above examples Hosts are group into folders viz
Racks
==> Hosts
====>Server types (Messaging,SQL,IIS)
In order to add Host to Virtual Center, you need
- FQDN of ESX Host
- Root Password or equivalent user account
once you add ESX host, change the license type to Server based pointing it to License server
VM Networking
NIC Team, which is simply a virtual switch connected to 2 or more Physical NIC’s. And NIC team provides automatic distribution of packets and failover.
Each Switch is internal LAN, implemented entirely in software by the VMKernel. Internal only switch is used for network isolation for testing purpose for example Anti-virus software and IDS and One Box Firewall enviornment.
Default number of ports on switch is 54, however one created during installation has 24 ports and maximum limit is 1024.
The simplest way to give virtual machine access to network is to make virtual switch and associated it with outbound Phyical Nic. High performance application can benefit from NIC teaming which offers higher bandwidth and provide automatic load balancing and network fail over.
There are three types of Network connections
- Service console:Managing ESX hosts
- VMKernel Port:For managing iSCSI and NAS devices
- Virtual Machine port group:For accessing VM Networks
More than one connection type can exist on a single virtual switch. Seperate IP Stacks are configured for the service console and the VMkernel, which means each port must be assigned with it’s own IP address.
When creating new virtual switch you have to specify connection type.
All virtual switches are known as vSwitch# (remember S is captial, since LINUX is case sensitive), Each Port or Port group has a network label
While Service console port are known as vSwif#
Virtual Switch Properties
General: Allows to configure number of ports
Network Policies: VLAN,Security,Traffic Shaping and NIC Teaming.
Network policies for virtual switch becomes default policies at port and port group level, which can be override at the respective level.
To change the speed of the NIC card,
Configuration Tab->Networking ->Properties->Network Adapters->Edit
LittleBit about VLANS
VLAN are a network layer 2 concept (the same layer at which MAC address and Ethernet live, one layer below IP addressing and routing). Smart L2 switches that can keep track of which ports belongs to which VLAN. In order to extend VLAN across switches, a trunk link must interconnect switches.
ESX server provides VLAN support through virtual switch tagging, which is simply provided by giving port group VLAN ID. Then VMKernel takes care of all tagging and untagging as the packets pass through the virtual switches. VLAN ID is optional by default.
Security:There are three security policies exception; Promiscuous [Default -Reject];MAC Address Changes [Default -Accept];Forget Transmits; [Default -Accept]
Traffic Shaping:VM’s Network Bandwidth can be controlled by Traffic Shaping. Traffic shaper only controls outbound network traffic only.To control inbound traffic, use a load-balancing system, or turn on rate limiting features of your router. Network traffic shaping is off by default. That is, each VM can consume as much outbound traffic as its guest is configured for. VM subject to these controls may exceed its average bandwidth and spike up to its peak bandwidth -but only enough to transmit data defined in Burst Size.
Port Group level: If you set average Bandwidth at 1000 kbps on a port group, then any VM connected to that port group can use an average bandwidth of 1000kbps
VMWare -License Information
Host-based licensing
Advantages:
One less piece of Infrastructure
sufficient for small organization
Disadvantages:
Licenses do not float
features which requires virtual center cannot be used.
ESX server features do not require Virtual Center nor a license server and are transferable.
There are two types of licenses, Starter and Standard
Starters License :
- Only 4 Processors
- 8 GB RAM
- No fiber channel or iSCSI storage available only Local and NAS
- VMFS (Virtual Machine File System) only on local storage
- Virtual Center Agent
However you would be able to add few features using add-on license, seperate charges apply
Standard License :
- No limitations on RAM and Processor
- Local/NAS/SAN/iSCSI storage available
- Virtual center agent
- VMFS
Enterprize License :
Standard License +
- VMotion
- VMWare HA
- VMWare DRS
- VCB (VMware consolidated Backup) (This is also available as add-on cost license)
More information could be found at Doc ID: 5357713 under VMTN
VMWARE – Virtual Center
- Core Services
- Mgmt of Resources
- VM’s
- Mgmt Alarms,Events
- VM Provisioning
- Host and VM Configuration
- Distributed Services
- VMotion
- VMware DRS
- VMWare HA
Database Interface
Active directory Interface.
Order of Installation
- Database Server (Create a connection to SQL or Oracle Database
- License Server
- Virtual Center
- VI Client -in Windows World RDP software
Virtual center database contains
- configuration information
- Current Status and
- utilization data of the managed Hosts and Virtual Machines
If you are using VC then you must use License server for completetly using its features
If License server is not available then still VMWare Infra can survive for 14 days of grace period.
There are three software editions
- Starter
- Standard and
- Enterprize.
License based model is named similiarly
Starter and Standard. However standard license licenses both standard and Enterprize mode.
When you install License server, Following services is seen in Services.msc console.
VMWare License Server
Similiarly when you install Virtual Center Following services is seen in Services.msc console.
- => VMware Virtual Infrastructure Web Access
- => VMware Virtual Mount Manager Extended
- => VMware VirtualCenter Server
If Management Server must go through firewall Open Port 902
VMFS volumes are accessible in the service console underneath /vmfs/volumes directory
To create VMFS datastore
Configuration tab ->
- > Hardware
o Storage(SCSI,SAN and NFS)
§ Add Storage
Adding extends to datastore
Datastore can span upto 32 physical disks. You generally wish to add extend when VM’s need more space or you need to create more space.
To add one or more extend to the datastore
Configuration
Storage
Properties
Volume properties
Extends
Select the disk which you want to add as an extend and click next
If disk or partition you add was formatted previously, it will be reformatted and loose file systems and any data it contained.you have the option to decided the disk space to utilize.
To remove extends you will have to delete the entire VMFS, to remove VMFS, select VMFS and click remove. Make sure there no running VM’s on it. Removing datastore from the ESX server breaks the connection between system and storage device that holds the datastore and stops all functions of that storage device.
Managing Paths for Fibre Channel and iSCSI
ESX Server supports multipathing to maintain a constant connection between the server machine and the storage device in case of the failure of an HBA, switch, storage processor (SP), or cable. Multipathing support does not require specific failover drivers.
To support path switching, the server typically has two or more HBAs available, from which the storage array can be reached using one or more switches. Alternatively, the setup could include one HBA and two storage processors so that the HBA can use a different path to reach the disk array.
By default, ESX Server systems use only one path from the host to a given LUN at any given time. If the path being used by the ESX Server system fails, the server selects another of the available paths. The process of detecting a failed path and switching to another is called path failover. A path fails if any of the components—HBA, cable, switch port, or storage processor—along the path fails.
The process of one HBA taking over for another is called HBA failover. The process of 1 SP taking over SP2 is called SP failover. VMware ESX Server supports both HBA and SP failover with its multipathing capability.
Setting Multipathing policies for LUN’s
MRU: Most recently used: [Default] which means once failover occur, we do not automatically failover. Recommended under Active/Passive storage devices
Fixed: means ESX server will always try to use preferred path. Recommended under active/active storage devices
The ESX Server host automatically sets the multipathing policy according to the make and model of the array it detects. If the detected array is not supported, it is treated as active/active.
NAS and NFS
NAS is a specialised storage device that connects to a network and can provide file level access services to an ESX server. VMWare only support NFS for access file system over network.
NAS is low cost and less infrastructure investment required than FC. NFS volumes are treated just like VMFS volume, can hold ISO/Templates and VM’s. ESX server supports
- VMotion
- Create VM
- Boot virtual Machines
- Mount ISO files
- Create virtual machine snapshots on NFS mounted volumes. The snapshot feature lets you preserve the state of the virtual machine so you can return to the same state repeatedly.
NFS client built into ESX server lets us access NFS Server and use NFS volume for storing VM’s.
When ESX Server accesses a virtual machine disk file on an NFS-based datastore, a special .lck-XXX lock file is generated in the same directory where the disk file resides to prevent other ESX Server hosts from accessing this virtual disk file. Don’t remove the .lck-XXX lock file, otherwise the running virtual machine will not be able to access its virtual disk file.
NFS and Permission
ESX server must be configured with a VMKernel port defined on a virtual switch. VMkernel port must be access NFS server over the network.
/Etc/Exports defines the systems allowed to access the shared directory. The options used in this file are :
Name of the directory to be shared
Subnet allowed to access the share
The root squash feature maps root to a user with no significant privileges on the NFS server, limiting the root user’s abilities. This feature is commonly used to prevent unauthorized access to files on an NFS volume. If the NFS volume was exported with root squash enabled, the NFS server might refuse access to the ESX Server host. To ensure that you can create and manage virtual machines from your host, the NFS administrator must turn off the root squash feature or add the ESX Server host’s physical network adapter to the list of trusted servers
If the NFS administrator is unwilling to take either of these actions, you can change the delegate user to a different identity through experimental ESX Server functionality. This identity must match the owner of the directory on the NFS server otherwise the ESX Server host will be unable to perform file level operations. To set up a different identity for the delegate user, acquire the following information:
• User name of the directory owner
• User ID (UID) of the directory owner
• Group ID (GID) of the directory owner
The delegate user is configured globally, and the same identity is used to access to every volume.
Setting up the delegate user on an ESX Server host requires that you complete these activities:
• From the Users & Groups tab for a VI Client running directly on the ESX Server host, either:
• Edit the user named vimuser to add the correct UID and GID. vimuser is an ESX Server host user provided to you as a convenience for setting up delegate users. By default, vimuser has a UID of 12 and a GID of 20.
• Add a completely new user to the ESX Server host with the delegate user name, UID, and GID.
You must perform one of these steps regardless of whether you manage the host through a direct connection or through the VirtualCenter Server. Also, you need to make sure that the delegate user (vimuser or a delegate user you create) is identical across all ESX Server hosts that use the NFS datastore.
To change the virtual machine delegate
1 Log on to the VI Client through the ESX Server host.
2 Select the server from the inventory panel.
1. The hardware configuration page for this server appears with the Summary tab displayed.
3 Click Enter Maintenance Mode.
4 Click the Configuration tab and click Security Profile.
5 Click Virtual Machine Delegate > Edit to open the Virtual Machine Delegate dialog box.
2. Enter the user name for the delegate user.
3.
6 Click OK.
7 Reboot the ESX Server host.
After you reboot the host, the delegate user setting is visible in both VirtualCenter and the VI Client running directly on the ESX Server host.
Before you begin access NFS datastore you have to create VMKernel port manually.VMkernel port can be created on an existing virtual switch or as new connection on a new virtual switch
