Edu en Vsos65 Lab Ie

VMware vSphere: Optimize and Scale Lab Manual ESXi 6.5 and vCenter Server 6.5

VMware® Education Services VMware, Inc. www.vmware.com/education

VMware vSphere: Optimize and Scale ESXi 6.5 and vCenter Server 6.5 Part Number EDU-EN-VSOS65-LAB (4/2017) Lab Manual Copyright © 2017 VMware, Inc. All rights reserved. This manual and its accompanying materials are protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents http://www.vmware.com/go/patents.. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions.  All other marks and names mentioned herein may be trademarks of their respective companies. companies. The training material is provided “as is,” and all express or implied conditions, representations, and warranties, including any implied warranty of merchantability, fitness for a particular purpose or noninfringement, are disclaimed, even if VMware, Inc. , has been advised of the possibility of such claims. This training material is designed to support an instructor-led training course and is intended to be used for reference purposes in conjunction with the instructor-led training course. The training material is not a standalone training tool. Use of the training material for self-study without class attendance is not recommended. These materials and the computer programs to which i t relates are the property of, and embody trade secrets and confidential information proprietary to, VMware, Inc., and may not be reproduced, copied, disclosed, transferred, adapted or modified without the express written approval of VMware, Inc.

www.vmware.com/education

VMware vSphere: Optimize and Scale ESXi 6.5 and vCenter Server 6.5 Part Number EDU-EN-VSOS65-LAB (4/2017) Lab Manual Copyright © 2017 VMware, Inc. All rights reserved. This manual and its accompanying materials are protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents http://www.vmware.com/go/patents.. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions.  All other marks and names mentioned herein may be trademarks of their respective companies. companies. The training material is provided “as is,” and all express or implied conditions, representations, and warranties, including any implied warranty of merchantability, fitness for a particular purpose or noninfringement, are disclaimed, even if VMware, Inc. , has been advised of the possibility of such claims. This training material is designed to support an instructor-led training course and is intended to be used for reference purposes in conjunction with the instructor-led training course. The training material is not a standalone training tool. Use of the training material for self-study without class attendance is not recommended. These materials and the computer programs to which i t relates are the property of, and embody trade secrets and confidential information proprietary to, VMware, Inc., and may not be reproduced, copied, disclosed, transferred, adapted or modified without the express written approval of VMware, Inc.

www.vmware.com/education

CONTENTS  Lab 1 Using vSphere Distributed Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1  Lab 2 Using Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13  Lab 3 Policy-Based Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17  Lab 4 Managing Datastore Clusters  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25  Lab 5 Working with Virtual Volumes  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31  Lab 6  Creating a Content Library  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37  Lab 7  Host Profiles  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43  Lab 8 Using vSphere Auto Deploy  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51  Lab 9 Monitoring CPU Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65  Lab 10 Monitoring Memory Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71  Lab 11 Monitoring Storage Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77  Lab 12 Monitoring Network Performance  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83  Lab 13 Using vRealize Log Insight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93  Lab 14 Using vCenter Server High Availability Availability  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103  Lab 15 Migrating Windows vCenter Server to vCenter Server Appliance . . . . . . . . . . . . . . . . . . . 115  Lab 16  Configuring Lockdown Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125  Lab 17  Working with Certificates  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129  Lab 18 Virtual Machine Encryption  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141  Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

iii

iv

VMware vSphere: Optimize and Scale

Lab 1 Using vSphere Distributed

Switches Objective: Create, configure, back up, and check a distributed switch In this lab, you perform the following tasks: 1. Log In to the Student Desktop 2. Verify That the vSphere Licenses Are Valid 3. Assign Valid vSphere Licenses 4. Create a Distributed Switch 5. Add ESXi Hosts to the New Distributed Switch 6. Examine Your Distributed Switch Configuration 7. Migrate the Virtual Machines to a Distributed Switch Port Group 8. Enable the Distributed Switch Health Check  9. Back Up the Distributed Switch Configuration 10. Cause Errors on the Distributed Switch 11. Monitor the Health of the Distributed Switch 12. Restore the Distributed Switch Configuration

1

Task 1: Log In to the Student Desktop You access and log in to your student desktop system to perform all lab activities for this course. Use the following information from the class configuration handout: • Student desktop user name • Standard lab password 1. Ask your instructor how to log in to the student desktop system in your lab environment. For example, your instructor might have you use Remote Desktop Connection to connect to the student desktop system. 2. Log in to the student desktop system, using your student desktop user name and the standard lab  password.

Task 2: Verify That the vSphere Licenses Are Valid You verify that licenses for VMware vCenter Server® and the VMware ESXi™ hosts are valid. Use the following information from the class configuration handout: • Standard lab password 1. Log in to the VMware vSphere® Web Client interface. a. On the student desktop machine task bar, click the Internet Explorer shortcut.  b. From the Favorites bar, select vSphere Web Clients  > SA-VCSA-01. c. If you receive a security exception for vSphere Web Client, click the Continue to this website (not recommended) link to open the login screen. d. Log in with [email protected] (the vCenter Server administrator user name) and the standard lab password. e. Point to the Home  icon and select Home. 2. Verify that the licenses for the vCenter Server system and the ESXi hosts are valid. a. On the Home page under Administration, click the Licensing icon.  b. In the center pane, click the Assets tab. c. On the vCenter Server systems  tab, verify that the vCenter Server system has a valid license. d. Click the Hosts tab. e. Verify that all ESXi hosts have valid licenses. f. If the vCenter Server system and the ESXi hosts are not licensed or have licenses that are expired, go to task 3. g. If the licenses are valid, go to task 4. 2

Lab 1

Using vSphere Distributed Switches

Task 3: Assign Valid vSphere Licenses If the vCenter Server system and ESXi hosts licenses are expired, you assign valid licenses to these VMware vSphere® components. Use the following information from the class configuration handout: • vCenter Server license key • vSphere Enterprise Plus license key 1. In the center pane, click the Licenses tab. 2. Click the Create New Licenses  icon (green plus sign). The New Licenses wizard appears. 3. In the License keys (one per line) text box, enter the license keys that your instructor gave you (one per line) and click Next. 4. On the Edit license names page, enter the new license names vCenter Server and Enterprise Plus in the License Name text boxes and click Next. 5. On the Ready to complete page, click Finish. 6. Assign a vCenter Server license key to the vCenter Server instance. a. In the center pane, click the Assets tab.  b. Click the vCenter Server systems  tab and click the Assign License icon. c. In the Assign License dialog box, select the vCenter Server license key. d. Click OK . 7. Assign the vSphere Enterprise Plus license key to the ESXi hosts. a. In the center pane, click the Hosts tab.  b. Select all hosts by clicking the first host, holding the Shift key, and selecting the last host. c. Click the Assign License icon. d. In the Assign License dialog box, select the vSphere Enterprise Plus license key. e. Click OK .

Lab 1

Using vSphere Distributed Switches

3

8. Reconnect the ESXi hosts. a. Point to the Home  icon and select Hosts and Clusters .  b. In the Navigation pane, expand SA Datacenter and select SA Management. c. In the center pane, click the Hosts tab. The three ESXi hosts have a status of Disconnected. d. Select all three hosts by clicking the first host, holding the Shift key, and selecting the last host. e. Right-click the host selection and select Connection > Connect. f. Verify that all three ESXi hosts have a status of Connected.

Task 4: Create a Distributed Switch You create a distributed switch that functions as a single virtual switch across all associated hosts in your vSphere environment. 1. In vSphere Web Client, point to the Home icon and select Networking. 2. In the left pane, expand the inventory until you see SA Datacenter. 3. Right-click SA Datacenter  and select Distributed Switch  > New Distributed Switch . 4. On the Name and location page, enter dvs-Lab in the Name text box and click Next. 5. On the Select version page, leave Distributed switch: 6.5.0  selected and click Next. 6. On the Edit settings page, enter pg-SA Production in the Port group name  text box, keep all other defaults, and click Next. 7. On the Ready to complete page, review the configuration settings and click Finish. The dvs-Lab distributed switch is listed in the left pane, also called the Navigator pane. 8. Configure the pg-SA Production port group to use only Uplink 2. a. In the left pane, expand dvs-Lab and right-click pg-SA Production .  b. Select Edit Settings . c. In the Edit Settings window, select Teaming and failover on the left. d. Select Uplink 1 and click the down arrow until the uplink appears under Unused uplinks. e. Select Uplink 3 and click the down arrow to move it to the Unused uplinks section.

4

Lab 1

Using vSphere Distributed Switches

f. Select Uplink 4 and move it to the Unused uplinks section.

g. Click OK .

Task 5: Add ESXi Hosts to the New Distributed Switch You add ESXi hosts and physical adapters to the distributed switch. 1. In the Navigator pane, right-click the dvs-Lab distributed switch and select Add and Manage Hosts. 2. On the Select task page, leave Add hosts clicked and click Next. 3. On the Select hosts page, click New Hosts (the green plus sign). 4. Select sa-esxi-01.vclass.local and sa-esxi-02.vclass.local and click OK . Do not select sa-esxi-03.vclass.local. 5. Click Next. 6. On the Select network adapter tasks page, deselect the Manage VMkernel adapters  check box and leave the Manage physical adapters  check box selected. 7. Click Next.

Lab 1

Using vSphere Distributed Switches

5

8. On the Manage physical network adapters page, assign vmnic2 to Uplink 2 on sa-esxi01.vclass.local and sa-esxi-02.vclass.local. a. Under sa-esxi-01.vclass.local, select vmnic2 and click Assign uplink .

 b. Select Uplink 2 and click OK . c. Under sa-esxi-02.vclass.local, select vmnic2 and click Assign uplink . d. Select Uplink 2 and click OK . e. Click Next. 9. On the Analyze impact page, verify that the status is No impact for both ESXi hosts and click Next. 10. On the Ready to complete page, review your settings and click Finish.

Task 6: Examine Your Distributed Switch Configuration You examine the configuration of the distributed switch uplink, which is bound to the associated  physical interfaces on the ESXi hosts. You also examine other distributed switch features, including the maximum transmission unit (MTU) value, VLAN capabilities, LACP aggregation groups,  NetFlow, and VMware vSphere® Network I/O Control. 1. In the Navigator pane, select the dvs-Lab distributed switch. 2. In the center pane, click the Configure  tab and select Topology  on the left.

6

Lab 1

Using vSphere Distributed Switches

3. In the distributed switch topology diagram, click the arrow next to Uplink 2 to expand the view.

4. Verify that for both ESXi hosts the vmnic2 is attached and appears under Uplink 2. 5. In the center pane, click Properties on the left and verify the settings. • Network I/O Control is enabled. • Number of uplinks is 4. • The MTU size is 1500 bytes. • The Cisco Discovery Protocol is implemented. 6. Click each additional configuration link on the left and verify the settings. • LACP LAG is not defined. • Private VLAN is not defined. • NetFlow collector is not defined. • Port mirroring is not configured. • Health check is not enabled. 7. In the Navigator pane, select the pg-SA Production  port group. 8. Click the Configure tab and select Properties on the left. 9. Verify the distributed port group settings. • Port binding is set to static binding. • Port allocation is set to elastic. • The number of ports is eight.

Lab 1

Using vSphere Distributed Switches

7

Task 7: Migrate the Virtual Machines to a Distributed Switch Port Group You move the virtual machines from the pg-SA Management port group on the dvs-SA Datacenter distributed switch to the pg-SA Production port group on the dvs-Lab distributed switch. Use the following information from the class configuration handout: • Standard lab password 1. In the Navigator pane, right-click the dvs-Lab distributed switch and select Migrate VMs to Another Network . The Migrate VMs to Another Network wizard appears. 2. Migrate the virtual machines from pg-SA Management on the dvs-SA Datacenter distributed switch to the pg-SA Production network on the dvs-Lab distributed switch. a. On the Select source and destination networks page, leave Specific network  clicked for the Source network and click Browse .  b. Select pg-SA Management  and click OK . c. For the Destination network, click Browse . d. Select pg-SA Production  and click OK . e. Click Next. f. On the Select virtual machines to migrate page, select the All virtual machines  check box. A warning message states that the destination network is inaccessible for one or more virtual machines and that these virtual machines are not selected for migration. g. Click OK . The LAB-VCS-01 virtual machine is dimmed. You cannot migrate this virtual machine,  because it is hosted on the sa-esxi-03.vclass.local host, which is inaccessible to the pg-SAProduction port group. h. Click Next. 3. On the Ready to complete page, review the settings and click Finish.

8

Lab 1

Using vSphere Distributed Switches

4. Verify your distributed switch configuration. a. In the Navigator pane, select dvs-Lab and click the Hosts tab in the center pane.  b. Verify that sa-esxi-01.vclass.local and sa-esxi-02.vclass.local are connected to the distributed switch. The state of the ESXi hosts should be Connected. c. Click the VMs tab and verify that your virtual machines are listed. If the virtual machines are listed, then they reside on the new distributed switch. d. Click the Ports tab and verify that pg-SA Production is listed in the Port Group column and that an uplink port group is created for the distributed switch. You can expand the Port Group column so that you can view the full name of the uplink  port group. 5. In vSphere Web Client, point to the Home icon and select Hosts and Clusters . 6. Power on Linux01 and log in to its console. a. In the Navigator pane, expand SA Datacenter and expand the SA Management cluster.  b. Right-click Linux01 and select Power > Power On. c. Right-click Linux01 and select Open Console. d. If you receive a security exception, click the Continue to this website (not recommended) link to continue. Wait for the virtual machine to finish booting. e. Log in as user root and use the standard lab password. 7. Verify that the virtual machine has full network connectivity. a. At the command prompt, ping 172.20.10.10 (the domain controller’s IP address) to verify the virtual machine’s network connectivity. ping 172.20.10.10

The ping command should be successful.  b. If the ping command is successful, press Ctrl+C to end the ping command. c. If the ping command is not successful, enter the service network restart command to ensure that your virtual machine has a valid DHCP-assigned IP address. d. Try the ping  command again. e. If the ping command is successful, press Ctrl+C to end the ping command. 8. Close the Linux01 virtual machine console tab. Lab 1

Using vSphere Distributed Switches

9

Task 8: Enable the Distributed Switch Health Check You enable the health check service on the dvs-Lab distributed switch. 1. In vSphere Web Client, point to the Home icon and select Networking. 2. In the Navigator pane, select the dvs-Lab distributed switch. 3. In the center pane, click the Configure  tab and select Health check  on the left. 4. Click Edit. 5. Set VLAN and MTU to Enabled. 6. Set Teaming and failover  to Enabled. 7. Click OK .

Task 9: Back Up the Distributed Switch Configuration You save a backup of the dvs-Lab distributed switch configuration. 1. In the Navigator pane, right-click the dvs-Lab distributed switch. 2. Select Settings > Export Configuration . 3. In the Export Configuration dialog box, leave Distributed switch and all port groups  clicked and click OK . 4. When prompted, click Yes to save the exported configuration. 5. Save the distributed switch configuration to the desktop of the student desktop machine, using the default backup.zip  filename.

Task 10: Cause Errors on the Distributed Switch You purposely cause errors by configuring an invalid VLAN ID on the pg-SA Production port group and setting the MTU value to 9000 on the dvs-Lab distributed switch. These misconfigurations are reported by the distributed switch health check service. IMPORTANT

Use only the dvs-Lab distributed switch for this task. Do not try to cause errors on the dvs-SA Datacenter distributed switch.

10

Lab 1

Using vSphere Distributed Switches

1. Configure an invalid VLAN ID on the distributed port group. a. In the Navigator pane, right-click pg-SA Production  and select Edit Settings .  b. In the Edit Settings window, click VLAN on the left. c. From the VLAN type list, select VLAN. d. In the VLAN ID box, enter 37. VLAN ID 37 is not a valid VLAN ID because the physical switch is not configured for VLAN 37. An invalid VLAN ID causes an error after you save the configuration. e. Click OK . 2. Misconfigure the distributed switch by setting the MTU value to 9000. a. In the Navigator pane, right-click the dvs-Lab distributed switch and select Settings > Edit Settings.  b. In the Edit Settings dialog box, select Advanced on the left. c. In the MTU (Bytes) box, change the value to 9000. This setting causes an error after you save the configuration because jumbo frames are not configured in your environment. d. Click OK .

Task 11: Monitor the Health of the Distributed Switch You check the health of the dvs-Lab distributed switch. 1. In the Navigator pane, select the dvs-Lab distributed switch. 2. In the center pane, click the Monitor tab and click Health. 3. Select the first ESXi host in the list. 4. View the VLAN tab at the bottom of the page. The VLAN configuration status might take a few minutes to update. 5. Wait for the VLAN configuration status to change to Not Supported. You might need to click the Refresh icon a few times in the vSphere Web Client interface to update the status. 6. Click the MTU tab at the bottom of the page. The MTU configuration status might take a few minutes to update. Until then, the configuration status is Unknown. 7. Wait for the MTU configuration status to change to Not Supported. You might need to click the Refresh icon a few times in the vSphere Web Client interface to update the status. Lab 1

Using vSphere Distributed Switches

11

Task 12: Restore the Distributed Switch Configuration You restore the dvs-Lab distributed switch configuration to reset any configuration change made since the configuration was saved. 1. In the Navigator pane, right-click the dvs-Lab distributed switch and select Settings > Restore Configuration. The Restore Configuration wizard appears. 2. On the Restore switch configuration page, click Browse , select the backup.zip file, and click Open. 3. Leave Restore distributed switch and all port groups  clicked and click Next. 4. On the Ready to complete page, review the settings and click Finish. 5. If you lose connection to vSphere Web Client, restart the Internet Explorer browser. 6. After the switch configuration is restored, verify the configuration. NOTE

If the switch configuration did not restore properly, repeat steps 1 through 4. a. View the Health panel and verify that the overall health of the dvs-Lab distributed switch is  back to normal. You might need to click the Refresh  icon in the vSphere Web Client interface to update the status.  b. View the VLAN settings of the pg-SA Production port group and verify that no VLAN is configured. c. View the advanced settings of the dvs-Lab distributed switch and verify that the MTU value is 1500. 7. Point to the Home icon and select Home.

12

Lab 1

Using vSphere Distributed Switches

Lab 2 Using Port Mirroring Objective: Configure port mirroring and capture network traffic on a distributed switch In this lab, you perform the following tasks: 1. Prepare to Capture Mirrored Network Traffic 2. Configure Port Mirroring on the Distributed Switch 3. Verify That Port Mirroring Is Capturing Traffic

Task 1: Prepare to Capture Mirrored Network Traffic You use the Linux01 virtual machine to capture and monitor mirrored traffic. 1. If you are logged out of vSphere Web Client, log back in. a. Open a new tab in Internet Explorer.  b. From the Favorites bar, select vSphere Web Clients  > SA-VCSA-01. c. Log in with [email protected] (the vCenter Server administrator user name) and the standard lab password. 2. In vSphere Web Client, point to the Home icon and select Hosts and Clusters . 3. In the left pane, expand SA Datacenter  and expand the SA Management  cluster. 4. In the left pane, log in to the Linux01 virtual machine console. a. Right-click Linux01 and select Open Console.  b. If prompted, click the Continue to this website (not recommended) link to continue. You should be logged in to Linux01 as root. c. If you are not logged in, then log in as user root with the standard lab password. 13

5. In the Linux01 console, monitor ICMP network traffic. tcpdump -nn icmp

6. Monitor the command output for a few seconds and verify that ICMP traffic is not being captured. tcpdump  output remains silent until ICMP traffic is detected on the network.

7. Leave the console window open, with the tcpdump  command running uninterrupted. 8. In the Internet Explorer window, click the vSphere Web Client tab. 9. Power on the Linux02 virtual machine and log in to its console. a. In the left pane, right-click Linux02 and select Power > Power On.  b. Right-click Linux02 and select Open Console. c. If prompted, click the Continue to this website (not recommended)  link to continue. Wait for the virtual machine to finish booting. d. Log in as user root and use the standard lab password. The Linux02 virtual machine is used as the traffic source to be monitored. 10. At the Linux02 command prompt, ping 172.20.10.10 (the default router IP address). ping 172.20.10.10

11. If the ping command does not work, enter service network restart and repeat step 10. 12. After the ping command begins working, click the Linux01 console tab. 13. In the Linux01 console window, verify that the running tcpdump  command output remains silent and has not captured any ICMP traffic.

Task 2: Configure Port Mirroring on the Distributed Switch You configure port mirroring so that the port connected to the Linux02 machine is the mirror source and the port connected to the Linux01 machine is the mirror destination. All the traffic present on the Linux02 port is forwarded to the Linux01 port for examination. 1. In the Internet Explorer window, click the vSphere Web Client  tab. 2. Point to the Home icon and select Networking. 3. In the Navigator pane, select the dvs-Lab distributed switch. 14

Lab 2

Using Port Mirroring

4. In the center pane, click the Configure tab and select Port mirroring  on the left. 5. In the Port mirroring panel, click the New icon. The Add Port Mirroring Session wizard appears. 6. On the Select session type page, leave Distributed Port Mirroring  clicked and click Next. When you select this session type, distributed ports can only be local. If the source and destination ports are on different hosts, port mirroring between t hem does not work. The Linux01 and Linux02 virtual machines both reside on sa-esxi-01.vclass.local. 7. On the Edit properties page, configure the port mirroring session. a. Select Enabled from the Status drop-down menu.  b. Select Allowed from the Normal I/O on destination ports  drop-down menu. c. Keep the rest of the defaults and click Next . 8. On the Select sources page, configure the port mirroring source. a. Click the Select distributed ports icon.

 b. In the Select Ports dialog box, select the check box for the row with a connected entity of Linux02 and click OK . c. Click Next. 9. On the Select destinations page, configure the port mirroring destination. a. Click the Select distributed ports  icon.  b. In the Select Ports dialog box, select the check box for the row with a connected entity of Linux01 and click OK . c. Click Next. 10. On the Ready to complete page, review the settings and click Finish.

Lab 2

Using Port Mirroring

15

Task 3: Verify That Port Mirroring Is Capturing Traffic With mirroring between ports configured, you view the tcpdump  command output and verify that any ICMP traffic appearing on the Linux02 port is duplicated on the Linux01 port. 1. In the Internet Explorer window, click the Linux02 console tab. 2. Verify that the ping command is still reaching the default router IP address. 3. Click the Linux01 console tab. 4. In the Linux01 console, examine the tcpdump  output in the terminal window. The output looks similar to the screenshot.

5. Record the local address that appears in the captured traffic. __________ The local address begins with 172.20.11. 6. In the Linux01 console window, press Ctrl+C to stop the tcpdump  command. 7. In the Internet Explorer window, click the Linux02 console tab. 8. In the Linux02 console window, press Ctrl+C to stop the ping command. 9. At the Linux02 command prompt, examine the IP configuration. ifconfig

10. Using the command output, verify that the Linux02 IP address matches the address that you recorded in step 5. 11. Close the Linux01 and Linux02 console tabs. 12. Shut down Linux01 and Linux02. a. Point to the Home  icon and select Hosts and Clusters .  b. In the left pane, right-click Linux01 and select Power > Shut Down Guest OS . c. In the pop-up window, click Yes to confirm the shutdown operation. d. Repeat steps b and c to shut down Linux02. 13. Point to the Home icon and select Home. 16

Lab 2

Using Port Mirroring

Lab 3 Policy-Based Storage Objective: Use policy-based storage to create tiered storage In this lab, you perform the following tasks: 1. Add Datastores for Use by Policy-Based Storage 2. Use vSphere Storage vMotion to Migrate a Virtual Machine to the Gold Datastore 3. Configure Storage Tags 4. Create Virtual Machine Storage Policies 5. Assign Storage Policies to Virtual Machines

Task 1: Add Datastores for Use by Policy-Based Storage You create two small datastores for use by your vCenter Server instance as simple tiered storage. Each datastore is approximately 8 GB in size. 1. If you are logged out of vSphere Web Client, log back in. 2. Point to the Home icon and select Storage. 3. Create a datastore named Gold. a. In the Navigator pane, right-click SA Datacenter  and select Storage > New Datastore . The New Datastore wizard appears.  b. On the Location page, click Next. c. On the Type page, leave VMFS clicked and click Next. d. On the Name and device selection page, enter Gold   in the Datastore name  text box. e. In the Select a host to view its accessible disks/LUNs  list, select sa-esxi-02.vclass.local. 17

f. In the disk/LUN list, select the entry for the lowest LUN number attached to an iSCSI device. Local drives are labeled as Local VMware Disk. Do not select these drives. g. If iSCSI devices are not present, ask the instructor for instructions on how to add them. h. Click Next. i. On the VMFS version page, leave VMFS 6 clicked and click Next.  j. On the Partition configuration page, keep the defaults and click Next. k. On the Ready to complete page, review the settings and click Finish. l. Verify that the Gold datastore appears in the Navigator pane. 4. Create a datastore named Silver. a. In the Navigator pane, right-click SA Datacenter  and select Storage > New Datastore . The New Datastore wizard appears.  b. On the Location page, click Next. c. On the Type page, leave VMFS clicked and click Next. d. On the Name and device selection page, enter Silver in the Datastore name  text box. e. In the Select a host to view its accessible disks/LUNs  list, select sa-esxi-02.vclass.local. f. In the disk/LUN list, select the entry for the lowest LUN number attached to an iSCSI device and click Next. Local drives are labeled as Local VMware Disk. Do not select these drives. g. On the VMFS version page, leave VMFS 6 clicked and click Next. h. On the Partition configuration page, keep the defaults and click Next. i. On the Ready to complete page, review the settings and click Finish.  j. Verify that the Silver datastore appears in the Navigator pane.

18

Lab 3

Policy-Based Storage

Task 2: Use vSphere Storage vMotion to Migrate a Virtual Machine to the Gold Datastore Use VMware vSphere® Storage vMotion® to migrate the VM01 virtual machine to the Gold datastore. 1. Power on VM01. a. Point to the Home  icon and select Hosts and Clusters .  b. Right-click VM01 and select Power > Power On. c. When VM01 is powered on, go to the next step. 2. In the Navigator pane, right-click VM01 and select Migrate. The Migrate wizard appears. 3. On the Select the migration type page, click Change storage only  and click Next. 4. On the Select storage page, select the Gold datastore, leave all other settings at their default values, and click Next. 5. On the Ready to complete page, click Finish. 6. In the Recent Tasks pane, monitor the migration task to completion. 7. Verify that the migration was successful. You might have to refresh vSphere Web Client to see that the migration has completed. a. In the left pane, select VM01.  b. In the center pane, click the Datastores  tab and verify that the Gold datastore is listed.

Task 3: Configure Storage Tags You create the tags necessary to implement simple tiering. The Storage Tiers tag category contains the Gold and Silver identifier tags associated with individual datastores. 1. Point to the Home icon and select Tags & Custom Attributes  from the list. 2. In the center pane, click the Tags tab.

Lab 3

Policy-Based Storage

19

3. Configure a new tag category and the Gold Tier identifier tag. a. In the Tags panel, click the New tag icon.

 b. From the Category drop-down menu, select New Category. The dialog box expands to include both tag and category configuration options. Categories can be created only as part of the identifier tag creation process. c. In the Name text box, enter Gold Tier. d. In the Category Name  text box, enter Storage Tiers. e. Keep the default values for the remaining settings and click OK . 4. Create a Silver Tier identifier tag. a. In the center pane, click the New Tag icon.  b. In the Name text box, enter Silver Tier. c. Select Storage Tiers  from the Category drop-down menu and click OK . 5. Assign the Gold Tier tag to the Gold datastore. a. Point to the Home  icon and select Storage.  b. In the left pane, right-click the Gold datastore and select Tags & Custom Attributes  > Assign Tag. c. Select the Gold Tier tag and click Assign. d. In the left pane, select the Gold datastore. e. In the center pane, click the Summary tab. f. In the Tags panel, verify that the Gold Tier tag is associated with the Gold datastore.

20

Lab 3

Policy-Based Storage

6. Assign Assign the the Silver Silver Tier Tier tag tag to the Silver Silver datastore. datastore. a. RightRight-cli click ck the Silve Silverr datasto datastore re and selec selectt Tags & Custom Attributes  > Assign Tag .  b. Select the Silver Tier tag and click Assign. c. In the left left pane pane,, select select the Silv Silver er datas datastor tore. e. d. In the center center pane, pane, click click the Summary tab. e. In the Tags Tags panel, panel, verify verify that the Silver Silver Tier Tier tag is associat associated ed with the Silver Silver datastor datastore. e.

Task 4: Create Virtual Virtual Machine Storage Storage Policies You assign storage policies to virtual machines and specify the configuration settings to be enforced. 1. Point to to th the Home icon and select Policies and Profiles . 2. In the the lef leftt pan pane, e, clic click k VM Storage Policies . 3. Create Create a Gold Gold Tier Tier stor storage age poli policy cy.. a. In the the VM Stor Storage age Poli Policie ciess panel, panel, clic click k the Create VM Storage Policy  icon.

The Create New VM Storage Policy wizard appears.  b. On the Name and description page, enter Gold Tier Policy in Policy  in the Name text box and click Next. c. On the Policy Policy structure structure page, page, review review the informa information tion and and click click Next. d. On the Common Common rules rules for data data service servicess provided provided by by hosts page, click Next. e. On the Rule-s Rule-set et 1 page page,, sele select ct Tags from category  from the  list. f. From th the Tags from category  drop-down menu, select Storage Tiers . g. Click Add tags, select the  Gold Tier check box, and click OK . h. Click Next. i. On the Storage Storage compatib compatibility ility page, page, verify verify that the Gold datasto datastore re is listed under under Compatible Compatible storage and click Next.  j. On the Ready to complete page, click click Finish. 4. Repeat st step 3 to create a Silver Tier policy, using the Silver Tier tag. Lab 3

Policy-Based Storage

21

Task 5: Assign Storage Storage Policies to Virtual Virtual Machines You assign the Gold and Silver storage policies to individual virtual machines and mitigate compliance issues. 1. Powe ower of off VM VM01. 01. A storage policy can be assigned to a virtual machine while the virtual machine is either  powered on or powered powered off. a. Point to to th the Home icon and select Hosts and Clusters .  b. Right-click VM01 and select Power > Power Off . c. Click Yes to confirm the power-off power-off operation. 2. Apply the Gold Gold Tier Tier storage storage policy policy to the VM01 virtual virtual machine. machine. a. In the left left pane pane,, rightright-cli click ck VM01 and select VM Policies > Edit VM Storage Storage Policies .  b. In the Edit VM Storage Policies Policies dialog box, select select Gold Tier Policy  from the VM storage policy drop-down menu and click Apply to all. c. In the list, list, verify verify that the the Gold Tier Tier policy policy is assign assigned ed to VM home home and Hard Hard disk 1 and and click OK . d. In the the left left pan pane, e, sele select ct VM01. e. In the center center pane, pane, click click the Summary tab. f. In the VM Storag Storagee Policies Policies panel, panel, verify that that Gold Tier Tier Policy Policy appears appears and that that VM01 is compliant. The VM01 virtual machine is compliant because it was already moved to a policyappropriate datastore.

22

Lab 3

Policy-Based Storage

3.

Apply the Silver Silver Tier Tier storage storage policy to the VM02 virtua virtuall machine. machine. a. In the left left pane pane,, righ right-c t-clic lick k VM02 and select VM Policies > Edit VM Storage Storage Policies .  b. In the Edit Edit VM Storage Storage Policies dialog box, select Silver Tier Policy  from the VM storage policy drop-down menu and click Apply to all. c. In the list, verify verify that that the Silver Silver Tier Tier policy is assigne assigned d to VM home and Hard Hard disk 1 and click OK . d. In the the left left pan pane, e, sele select ct VM02. e. In the center center pane, pane, click click the Summary tab. f. In the the VM Stora Storage ge Polic Policies ies panel panel,, click click the the Check Compliance  link. g. Verify that that Silver Silver Tier Tier Policy appears appears and and that VM02 VM02 is not compliant compliant.. The VM02 virtual machine is noncompliant because its virtual disk is stored on a datastore that is not tagged as a part of the assigned policy.

4. Remedi Remediate ate the the compl complian iance ce issue issue for for VM02. VM02. a. In the left left pane pane,, righ right-c t-clic lick k VM02 and select Migrate. The Migrate wizard appears.  b. On the Select the migration type page, page, click Change storage only and click Next. c. On the the Selec Selectt storag storagee page, page, sele select ct the the Silver datastore in the datastore list and click Next. With a virtual machine storage policy assigned to the VM02 virtual machine, datastores are listed as either Compatible or Incompatible. d. On the Ready Ready to complet completee page, review review the the migration migration detail detailss and click click Finish. e. In the Recent Recent Tasks Tasks pane, pane, monitor monitor the the migration migration task task to complet completion. ion. The migration must complete successfully. successfully. 5. Verify that VM02 is reporte reported d as compliant. compliant. a. In the the cen cente terr pane pane,, clic click k the the Check Compliance  link in the VM Storage Policies panel.  b. Verify that the status changes to Compliant. Compliant. 6. Point to to th the Home icon and select Home. Lab 3

Policy-Based Storage

23

24

Lab 3

Policy-Based Storage

Lab 4 Managing Datastore Clusters Objective: Create a datastore cluster and work with vSphere Storage DRS In this lab, you perform the following tasks: 1. Create a Datastore Cluster with vSphere Storage DRS Enabled 2. Evacuate a Datastore Using Datastore Maintenance Mode 3. Run vSphere Storage DRS and Apply Migration Recommendations 4. Clean Up for the Next Lab

Task 1: Create a Datastore Cluster with vSphere Storage DRS Enabled You create a datastore cluster that is enabled for VMware vSphere® Storage DRS™. The Gold and Silver datastores are reused as members of the cluster. 1. If you are logged out of vSphere Web Client, log back in. 2. Point to the Home icon and select Storage. 3. In the left pane, right-click SA Datacenter  and select Storage > New Datastore Cluster. The New Datastore Cluster wizard appears. 4. On the Name and location page, name the datastore cluster and enable vSphere Storage DRS. a. In the Datastore cluster name  text box, enter Cluster-DRS.  b. Leave the Turn ON Storage DRS  check box selected and click Next .

25

5. On the Storage DRS Automation page, view the automation settings. a. Leave No Automation (Manual Mode) selected.  b. Keep the rest of the defaults and click Next . 6. On the Storage DRS Runtime Settings page, keep the defaults and click Next. 7. On the Select Clusters and Hosts page, select the SA Management check box on the Filter tab and click Next. 8. On the Select Datastores page, select the datastores for the datastore cluster. a. Select Show all datastores  from the drop-down menu.  b. Select the Gold and Silver check boxes and click Next . 9. On the Ready to Complete page, review the configuration summary and click Finish. In a production environment, the best practice is to select datastores that are connected to all hosts in the cluster and to group them by storage capabilities. 10. In the left pane, expand Cluster-DRS  and verify that the Gold and Silver datastores appear.

11. View information about the Gold datastore. a. In the left pane, select the Gold datastore.  b. In the center pane, click the VMs tab. c. Verify that the datastore contains only one virtual machine. 12. View information about the Silver datastore. a. In the left pane, select the Silver datastore.  b. In the center pane, click the VMs tab. c. Verify that the datastore contains only one virtual machine.

26

Lab 4

Managing Datastore Clusters

13. View information about the datastore cluster. a. In the left pane, select Cluster-DRS .  b. In the center pane, click the Configure  tab and click Storage DRS  on the left. c. In the vSphere Storage DRS panel, expand each item and verify the settings. • Cluster automation level is set to No Automation (Manual Mode). • Space threshold is 80 percent. • I/O metrics for vSphere Storage DRS recommendations are enabled. • Imbalances are checked every 8 hours. • Minimum space utilization difference is 5 percent.

Task 2: Evacuate a Datastore Using Datastore Maintenance Mode You place a datastore in maintenance mode to demonstrate the capabilities of vSphere Storage DRS. 1. Put the Silver datastore in maintenance mode. a. In the left pane, right-click the Silver datastore.  b. Select Maintenance Mode > Enter Maintenance Mode . c. In the SDRS Maintenance Mode Migration Recommendations dialog box, read the  provided recommendation description. d. Click Apply Recommendations . e. If prompted to apply recommendations despite warnings, click Yes. The VM02 virtual machine is migrated to the Gold datastore. f. In the Recent Tasks pane, monitor the migration task to completion. 2. In the left pane, verify that the Silver datastore is in maintenance mode.

3. Click the Refresh icon in the vSphere Web Client interface.

Lab 4

Managing Datastore Clusters

27

4. View information about the Silver and Gold datastores. a. Select the Silver datastore.  b. In the Details panel of the Summary tab, verify that zero virtual machines are stored on the Silver datastore. c. Select the Gold datastore. d. In the Details panel of the Summary tab, verify that two virtual machines are stored on the Gold datastore. 5. Take the Silver datastore out of maintenance mode. a. Right-click the Silver datastore and select Maintenance Mode > Exit Maintenance Mode .  b. Verify that the Silver datastore icon no longer indicates maintenance mode. 6. Point to the Home icon and select Hosts and Clusters . 7. Power on the VM01 and VM02 virtual machines.

Task 3: Run vSphere Storage DRS and Apply Migration Recommendations You configure vSphere Storage DRS to maintain a balance in usage across all datastores in a cluster. The cluster imbalance is mitigated by using vSphere Storage DRS recommendations. 1. Point to the Home icon and select Storage. 2. In the left pane, select Cluster-DRS . 3. In the center pane, click the Configure  tab and select Storage DRS  on the left. 4. Configure vSphere Storage DRS so that recommendations are reported. a. In the vSphere Storage DRS panel, click Edit.  b. In the Edit Storage DRS Settings dialog box, expand the Storage DRS Automation section. c. Next to Space Threshold, drag the Utilized Space slider to the far left to set the threshold to 50 percent. The imbalance between the Gold and Silver datastore utilization is detected at a 50 percent space threshold trigger. d. Click OK .

28

Lab 4

Managing Datastore Clusters

5. Run vSphere Storage DRS and review recommendations. a. In the center pane, click the Monitor tab and click Storage DRS .  b. Select Recommendations on the left and click Run Storage DRS Now. A vSphere Storage DRS recommendation appears in the recommendation list. c. Review the recommendation and reason. vSphere Storage DRS recommends the migration of the VM02 Hard disk 1. 6. Examine the vSphere Storage DRS recommendation alarm. a. In the center pane, click the Summary tab and find the yellow vSphere Storage DRS recommendation alarm. The administrator can reset the recommendation alarm manually. The vSphere Storage DRS recommendation alarm is reset when the recommendation is applied. 7. Apply the vSphere Storage DRS recommendation. a. In the center pane, click the Monitor tab.  b. In the bottom-right corner of the Storage DRS Recommendations panel, click Apply Recommendations. c. In the Recent Tasks pane, monitor the migration task to completion. 8. In the center pane, click the Summary tab and verify that no alarms appear. 9. Review vSphere Storage DRS history. a. In the center pane, click the Monitor tab. The Storage DRS panel should appear.  b. Below the Recommendations link, click the History link. c. Verify in the vSphere Storage DRS history that Hard disk 1 for VM02 was migrated from Gold to Silver. d. Verify in the vSphere Storage DRS history that Hard disk 1 for VM02 was migrated from Silver to Gold. This migration occurred when the Silver datastore was placed in maintenance mode.

Lab 4

Managing Datastore Clusters

29

Task 4: Clean Up for the Next Lab You remove the vSphere Storage DRS cluster to prepare for the next lab. 1. Point to the Home icon and select Hosts and Clusters . 2. Power off the VM01 and VM02 virtual machines. 3. Delete the vSphere Storage DRS cluster. a. Point to the Home  icon and select Storage.  b. In the left pane, right-click Cluster-DRS  and select Delete. c. When prompted, click Yes to delete the datastore cluster. d. After the cluster is deleted, verify that the Gold and Silver datastores appear in the left  pane, directly under the data center. 4. Point to the Home icon and select Home.

30

Lab 4

Managing Datastore Clusters

Lab 5 Working with Virtual Volumes Objective: Configure NFS- and iSCSI-backed virtual volumes In this lab, you perform the following tasks: 1. Register the Storage Provider  2. Create a NAS-Backed Virtual Volume Datastore 3. Create an iSCSI-Backed Virtual Volume Datastore

Task 1: Register the Storage Provider  You register the storage provider, and you confirm its URL and version. You also view the storage systems that are made available by the storage provider. 1. In vSphere Web Client, point to the Home icon and select Hosts and Clusters . 2. At the top of the left pane, select sa-vcsa-01.vclass.local (your VMware vCenter® Server Appliance™ instance). 3. In the center pane, click the Configure tab and select Storage Providers  on the left side. 4. In the center pane, click the Register a new storage provider icon.

31

5. In the New Storage Provider dialog box, configure the VASA storage provider.

Option

Action

Name

Enter VASASource.

URL

Enter https://172.20.10.97:8443/vasa/version.xml .

User name

Enter username.

Password

Enter password  .

6. Click OK . 7. Click Yes to acknowledge and accept the self-signed certificate warning. 8. Validate that the VASASource storage provider appears in the Storage Providers  list. Q1. In the storage providers window, what is the storage provider URL for VASASource? 1. http://172.20.10.97:8443/vasa/version.xml. Q2. Which version of vSphere API for Storage Awareness appears in the VASA API Version column? 2. Version 3.0. Q3. Which types of storage systems are listed for this storage provider? 3. xVP SCSI Array and xVP NFS Array.

Task 2: Create a NAS-Backed Virtual Volume Datastore You mount a virtual volume datastore by using an NFS protocol endpoint. 1. Create a virtual volume datastore by using the NFS container. a. Point to the Home icon and select Hosts and Clusters .  b. In the left pane, right-click sa-esxi-01.vclass.local and select Storage > New Datastore . The New Datastore wizard appears. c. On the Type page, click VVol and click Next. d. On the Name and container selection page, enter SA-NAS-VVol in the Datastore name text box. e. From the Backing Storage Container  list, select SA-NFS-vVol and click Next. f. On the Ready to complete page, click Finish. 32

Lab 5

Working with Virtual Volumes

2. Validate the new datastore by creating a folder in it. a. Point to the Home icon and select Storage.  b. In the left pane, select the SA-NAS-VVol datastore. c. In the center pane, click the Files tab. d. In the center pane, click the Create a new folder  icon.

e. In the Create a new folder window, enter SA-NAS in the Enter a name for the new folder text box and click Create . The creation of the folder validates that the datastore is available.

Task 3: Create an iSCSI-Backed Virtual Volume Datastore You create a virtual volume datastore that is backed by an iSCSI protocol endpoint. 1. Create a virtual volume datastore that uses the iSCSI storage container. a. In the left pane, right-click SA Datacenter  and select Storage > New Datastore . The New Datastore wizard appears.  b. On the Location page, click Next. c. On the Type page, click VVol and click Next. d. On the Name and container selection page, enter SA-iSCSI-VVol in the Datastore name text box. e. In the Backing Storage Container  list, select SA-iSCSI-vVol  and click Next. f. On the Select hosts accessibility page, select the sa-esxi-01.vclass.local check box and click Next. g. On the Ready to complete page, click Finish. 2. In the Recent Tasks pane, monitor the Create Virtual Volume datastore task to completion. 3. After the task completes, click the Refresh icon in vSphere Web Client.

Lab 5

Working with Virtual Volumes

33

4. In the left pane, verify that SA-iSCSI-VVol appears in the list. After a short while, the datastore is marked as inactive. Q1. Why is the virtual volume datastore that is backed by the iSCSI container marked as inactive? 1. The datastore is inactive because the storage provider must also be configured as a target of the software iSCSI adapter.

5. Create a folder on the datastore and validate that the folder is not available. a. In the left pane, select the SA-iSCSI-VVol  datastore.  b. In the center pane, click the Files tab. c. In the center pane, click the Create a new folder icon. d. In the Create a new folder window, enter SA-iSCSI in the Enter a name for the new folder text box and click Create . The folder creation fails, validating that the datastore is not accessible. e. Close the folder creation failure alert. 6. Add the Storage Provider as a target to the host’s iSCSI storage adapter. a. Point to the Home icon and select Hosts and Clusters .  b. In the left pane, select sa-esxi-01.vclass.local. c. In the center pane, click the Configure  tab and select Storage Adapters on the left. d. Scroll through the Storage Adapters  list until the iSCSI software adapter is visible. e. Select vmhba##, the iSCSI software adapter. f. In the Adapter Details panel, click the Paths tab. g. Scroll through the list. Several paths appear in the list. h. Click the Targets  tab and click Add. i. In the Add Send Target Server window, enter 172.20.10.97 in the iSCSI Server text box. 172.20.10.97 is the IP address of the VASA storage provider.  j. Click OK .

34

Lab 5

Working with Virtual Volumes

k. In the center pane, click the Rescan all storage adapters  icon.

l. In the Rescan Storage window, click OK . m. In the Adapter Details panel, click the Paths tab. n. Verify that LUN 260 appears in the list. LUN 260 is the LUN on which the SA-iSCSI-VVol datastore is located. 7. Point to the Home icon and select Storage. 8. In the left pane, verify that the SA-iSCSI-VVol datastore is not inactive. 9. If the datastore appears as inactive, click the Refresh  icon in vSphere Web Client. 10. Verify that the datastore is accessible. a. In the left pane, select the SA-iSCSI-VVol  datastore.  b. In the center pane, click the Create a new folder  icon on the Files page. c. In the Create a new folder window, enter SA-iSCSI in the text box and click Create . The creation of the folder validates that the datastore is available. 11. Point to the Home icon and select Home.

Lab 5

Working with Virtual Volumes

35

36

Lab 5

Working with Virtual Volumes

Lab 6 Creating a Content Library Objective: Create a multisite content library In this lab, you perform the following tasks: 1. Create a Content Library 2. Upload Data to the New Content Library 3. Create a Subscriber Content Library 4. Clone a Template to the Source Library 5. Synchronize the Content Libraries 6. Deploy a Virtual Machine from the Library

Task 1: Create a Content Library You configure a local content library that you publish externally for other content libraries to subscribe to. 1. In vSphere Web Client, point to the Home icon and select Content Libraries . 2. In the center pane, click the Objects tab and click the Create a new content library  icon.

37

3. On the Name and location page, name the content library and verify the vCenter Server location. a. In the Name text box, enter SA-Source.  b. In the vCenter Server drop-down menu, verify that sa-vcsa-01.vclass.local is selected and click Next. 4. On the Configure content library page, configure a local content library. a. Leave Local content library  selected.  b. Select the Publish externally check box. c. Select the Enable authentication check box. d. In the Password and Confirm password  text boxes, enter the standard lab password. e. Click Next. 5. On the Add storage page, select the datastore to use for the content library. a. Click Select a datastore .  b. Click SA-Source and click Next. 6. On the Ready to complete page, click Finish. 7. Verify that the content library appears in the list.

Task 2: Upload Data to the New Content Library You upload an Open Virtualization Format (OVF) file from your student desktop to the new content library. 1. In the center pane, right-click the SA-Source library and select Import Item . 2. In the Import Library Item window, click Local file and click Browse . 3. In the Choose File to Upload window, click the Desktop icon on the left bar. 4. Double-click the Class Materials and Licenses  folder and double-click the Downloads folder. 5. In the Downloads  folder, double-click the SampleVM folder. 6. Double-click SampleVM.ovf . 7. In the Select referenced files window, click Browse . 8. Select the SampleVM-1.vmdk  file, click Open, and click OK . 9. Click OK . 10. View the Recent Tasks pane to monitor the task to completion.

38

Lab 6

Creating a Content Library

11. After the task is complete, click the name of the content library in the center pane to open the content library. 12. In the left pane, click the Templates link. The uploaded SampleVM template is listed in the left pane.

Task 3: Create a Subscriber Content Library You configure a content library that is subscribed to the first library. 1. At the top of the left pane, click the navigation back arrow until the Content Libraries center  pane appears. 2. Copy to the clipboard the link to the local content library. a. In the center pane, click the SA-Source  link.  b. In the center pane, click the Summary tab and scroll down until the Publication panel appears. c. In the Publication panel, click Copy Link . 3. Point to the Home icon and select Content Libraries . 4. In the center pane, click Create a new content library. The New Content Library wizard appears. 5. On the Name and location page, name the content library and verify the vCenter Server location. a. In the Name text box, enter SA-Subscriber.  b. In the vCenter Server drop-down menu, verify that sa-vcsa-01.vclass.local is selected. c. Click Next. 6. On the Configure content library page, configure a subscribed content library. a. Click Subscribed content library.  b. Click the Subscription URL  text box and press Ctrl+V. The subscription URL is pasted into the text box. If Ctrl+V does not work, you must enter the URL manually. c. Select the Enable Authentication  check box. d. In the Password text box, enter the standard lab password. e. Click Download library content only when needed . f. Click Next. Lab 6

Creating a Content Library

39

7. On the Add storage page, select the SA-Subscriber datastore and click Next. 8. On the Ready to complete page, click Finish. 9. View the Recent Tasks pane to monitor the task to completion. 10. View the contents of the content library subscriber. a. In the left pane, select the SA-Subscriber library.  b. In the center pane, click the Templates tab. c. On the Templates tab, verify that the SampleVM template is present. This virtual machine template is the same one that is in the source content library. d. Verify that the Stored Content Locally column indicates No. The SA-Subscriber library is configured to download library content only when needed. As a result, only the template’s metadata has been synchronized. The actual template has not  been synchronized with the SA-Subscriber library, because it is not needed yet. 11. Turn off enable automatic synchronization. a. In the center pane, click the Summary tab.  b. In the Subscription panel, click the Edit Settings  link. c. Deselect the Enable automatic synchronization with the external content library  check  box. d. Even though the Password text box appears to be populated, reenter the standard lab password. Otherwise, the process fails. e. Click OK . f. In the Subscription panel, verify that automatic synchronization is off.

40

Lab 6

Creating a Content Library

Task 4: Clone a Template to the Source Library You use vSphere Web Client to clone a virtual machine template into the published content library. 1. Point to the Home icon and select Hosts and Clusters . 2. In the left pane, right-click the VM01 virtual machine and select Clone > Clone to Template in Library. The Clone to Template in Content Library window appears. 3. In the Filter tab, select the SA-Source library. 4. Append -Library to the virtual machine name in the Template name  text box and click OK . 5. In the Recent Tasks pane, view the tasks that start up and monitor the tasks to completion. 6. View the template list in both libraries. a. Point to the Home icon and select Content Libraries .  b. In the left pane, select the SA-Source library. c. In the center pane, click the Templates tab and verify that both templates are listed. d. In the left pane, select the SA-Subscriber library. e. In the center pane, view the Templates tab and verify that only the original template is listed.

Task 5: Synchronize the Content Libraries You use vSphere Web Client to synchronize the content libraries. 1. In the center pane at the top, click the Synchronize icon.

2. In the Recent Tasks pane, monitor the task to completion. The synchronization might take a few minutes to complete. You might need to press the synchronization icon a few times before you see both files. 3. Verify that both the virtual machine templates appear in the SA-Subscriber library.

Lab 6

Creating a Content Library

41

Task 6: Deploy a Virtual Machine from the Library You use vSphere Web Client to deploy a new virtual machine from the VM01-Library template available in the SA-Subscriber library. 1. In the left pane, select the SA-Subscriber library. 2. In the center pane, right-click VM01-Library and select New VM from This Template . The New Virtual Machine from Content Library wizard appears. 3. On the Select name and location page, name the virtual machine and select the inventory tree location. a. In the Name text box, enter VM03.  b. Select SA Datacenter  and click Next. 4. On the Select a resource page, expand SA Management , select sa-esxi-01.vclass.local, and click Next. 5. On the Review details page, click Next. 6. On the Select storage page, configure the virtual disk format and select a datastore. a. Select Thin provision from the Select virtual disk format list.  b. Select None from the VM storage policy  list. c. In the Filter > Datastores tab, click SA-Shared-01-Remote and click Next. 7. On the Select networks page, keep the default and click Next. 8. On the Ready to complete page, click Finish. 9. View the Stored Content Locally column. The column value changed to Yes because this template is now needed because it is used to deploy a virtual machine. 10. In the Recent Tasks pane, view the tasks that are started and monitor the tasks to completion. 11. Verify that the virtual machine is deployed. a. Point to the Home icon and select Hosts and Clusters .  b. In the left pane, verify that the VM03 virtual machine is displayed in the inventory. 12. Point to the Home icon and select Home.

42

Lab 6

Creating a Content Library

Lab 7 Host Profiles Objective: Use host profiles and manage compliance In this lab, you perform the following tasks: 1. Create and Export a Host Profile 2. Import a Host Profile 3. Attach an ESXi Host to the Imported Host Profile 4. Run an Initial Compliance Check  5. Introduce a Configuration Drift 6. Run a Compliance Check and Remediate the Configuration Drift 7. Detach the Host Profile

Task 1: Create and Export a Host Profile A host profile is a configuration template that is applied to any or all ESXi hosts in a cluster to verify and enforce specific configuration rules. Normally, a host profile has a reference host. You export a profile for importation. The imported profile lacks a reference host. 1. In vSphere Web Client, point to the Home icon and select Policies and Profiles . 2. In the left pane, select Host Profiles .

43

3. Extract a host profile from an ESXi host. a. In the Objects panel, click the Extract profile from a host  icon (green plus sign). The Extract Host Profile wizard appears.  b. On the Select Host page, click sa-esxi-01.vclass.local and click Next. c. On the Name and Description page, enter Local-Profile in the Name text box and click Next. d. On the Ready to complete page, click Finish. e. In the Recent Tasks pane, monitor the task to completion. 4. Export the host profile to a file. a. In the center pane, right-click the new profile and select Export Host Profile .  b. In the warning message box, click Save. c. Navigate to the desktop of the student machine and save the profile as profile.vpf .

Task 2: Import a Host Profile You import the host profile that you exported in task 1. Because host profiles do not store the reference host, host profiles can easily be imported and exported. 1. At the top of the Objects panel, click the Import Host Profile  icon.

2. In the Import Host Profile dialog box, import the host profile that you previously saved. a. Click Browse , navigate to the desktop of the student machine, select the profile.vpf  file, and click Open.  b. Enter Imported-Profile in the Name text box and click OK . c. In the Recent Tasks pane, monitor the task to completion.

44

Lab 7

Host Profiles

Task 3: Attach an ESXi Host to the Imported Host Profile Hosts and clusters can be attached or detached from a host profile in the host profiles view or in the Hosts and Clusters inventory. 1. In the Objects panel, click the Imported-Profile link to navigate to that object. 2. In the center pane, click the Configure  tab. You can review and edit the comprehensive list of configuration settings that define the host  profile. 3. Select Attach/Detach Hosts and Clusters  from the Actions drop-down menu.

The Attach/Detach Hosts and Clusters wizard appears. 4. On the Select hosts/clusters page, attach sa-esxi-01.vclass.local to the host profile. a. In the Host/Cluster list, expand the SA Management  cluster and select sa-esxi01.vclass.local.  b. Click Attach > to move the selected host to the list on the right and click Next. A list of settings that can be customized for the first ESXi host appears. The customized values are prepopulated based on information extracted from the selected host. c. Review the host customization settings and click Finish. d. In the Recent Tasks pane, monitor the task to completion.

Lab 7

Host Profiles

45

Task 4: Run an Initial Compliance Check You run a compliance check to verify the attached host configuration against all the settings that are specified by the host profile. 1. In the center pane, click the Monitor tab and click Compliance. 2. Select sa-esxi-01.vclass.local and click the Check Host Profile Compliance  icon.

3. In the Recent Tasks pane, monitor the compliance check to completion. 4. Select the ESXi host and view the compliance information near the bottom of the panel. The host is not compliant, because the IPv6 vmknic gateway configuration does not match the specification. 5. Resolve the IPv6 configuration issue occurring on the ESXi host. a. In the center pane, click the Configure  tab.  b. Click Edit Host Profile . The Edit Host Profile wizard appears. c. On the Name and description page, click Next. d. On the Edit host profile page, expand Networking configuration  > Host virtual NIC . e. Expand dvs-SA Datacenter: pg-SA Management: management . f. Select IP address settings . g. In the right pane, from the Vnic Default gateway for IPv6 routing  list, select User must explicitly choose the policy option  and click Finish. h. In the Recent Tasks pane, monitor the task to completion.

46

Lab 7

Host Profiles

6. Check the ESXi host for compliance. a. In the center pane, click the Monitor tab.  b. Select the ESXi host and click the Check Host Profile Compliance  icon. c. In the Recent Tasks pane, monitor the compliance check to completion. d. View the Compliance panel. e. Verify that the host is compliant.

Task 5: Introduce a Configuration Drift You test host profile compliance verification and remediation by introducing a noncompliant change on the host. The noncompliant change is that you remove the vmnic2 adapter from the dvs-Lab distributed switch. 1. Point to the Home icon and select Networking. 2. In the left pane, right-click the dvs-Lab distributed switch and select Add and Manage Hosts . The Add and Manage Hosts wizard appears. 3. On the Select task page, select Manage host networking  and click Next. 4. On the Select hosts page, click Attached hosts . 5. In the Select member hosts window, select the sa-esxi-01.vclass.local check box and click OK . 6. Click Next. 7. On the Select network adapter tasks page, deselect the Manage VMkernel adapters  check box and click Next. 8. On the Manage physical network adapters page, unassign the vmnic2 adapter on sa-esxi01.vclass.local. a. Under the sa-esxi-01.vclass.local, select vmnic2 and record the attached uplink.  __________   b. Click Unassign adapter and click Next. c. Click OK  in the warning message dialog box. 9. On the Analyze impact page, click Next. 10. On the Ready to complete page, click Finish.

Lab 7

Host Profiles

47

Task 6: Run a Compliance Check and Remediate the Configuration Drift You run a compliance check to detect noncompliant configuration changes that were made to hosts attached to a host profile. 1. Point to the Home icon and select Policies and Profiles . 2. In the left pane, select Host Profiles. 3. In the left pane, select Imported-Profile. 4. In the center pane, click Monitor > Compliance. 5. Select the ESXi host and click the Check Host Profile Compliance  icon. 6. In the Recent Tasks pane, monitor the compliance check to completion. 7. In the Compliance panel, review the compliance categories. Q1. How do the results of the compliance check differ from the compliance check performed in task 4? 1. The Virtual Network Setting category appears. If the category was previously reported, a new issue is added relating to the uplink reconfiguration. Q2. In the new category, does the specific issue reported relate to the configuration change made in task 5? 2. Yes. The uplink is not connected to the expected physical NIC on dvs-Lab.

8. Remediate the host. a. Click the Remediate host based on its host profile icon.

The ESXi host is listed on the Ready to complete page.

48

Lab 7

Host Profiles

 b. Click Pre-check Remediation . The precheck remediation takes several seconds to complete. Q3. Will the host be put in maintenance mode? 3. Yes.

For the host to enter maintenance mode, the virtual machines on this host must be powered off or moved to another host. All virtual machines on this host are currently powered off. c. Expand the ESXi host to review the host customization tasks to be performed. d. Click Finish. 9. In the Recent Tasks pane, monitor the remediation and subsequent compliance check tasks to completion. 10. Verify that the host is now compliant. 11. Verify the action taken by host remediation. a. Point to the Home  icon and select Networking.  b. In the left pane, select the dvs-Lab distributed switch. c. In the center pane, click the Configure  tab and click Topology on the left. d. Verify that remediation automatically reconnected vmnic2 on sa-esxi-01.vclass.local to the appropriate uplink.

Task 7: Detach the Host Profile Detach the host profile from sa-esxi-01.vclass.local. 1. Point to the Home icon and select Policies and Profiles . 2. In the left pane, click Host Profiles . 3. In the left pane, select Imported-Profile. 4. In the center pane, select Attach/Detach Hosts and Clusters  from the Actions drop-down menu. The Attach/Detach Hosts and Clusters wizard appears. 5. On the Select hosts/clusters page, detach sa-esxi-01.vclass.local from the host profile. a. In the Host/Cluster list on the right, select sa-esxi-01.vclass.local.  b. Click < Detach to move the selected host to the list on the left. c. Click Next.

Lab 7

Host Profiles

49

6. On the Customize hosts page, click Finish. 7. In the Recent Tasks pane, monitor the task to completion. 8. Point to the Home icon and select Home.

50

Lab 7

Host Profiles

Lab 8 Using vSphere Auto Deploy Objective: Configure vSphere Auto Deploy on vCenter Server Appliance to boot stateless hosts In this lab, you perform the following tasks: 1. Create a Container for Autodeployed Hosts 2. Start the vSphere Auto Deploy Service 3. Start the vSphere ESXi Image Builder Service 4. Import a Software Depot and Create a Custom Depot 5. Create a Custom Image Profile and Export the Image Profile 6. Create and Activate a Deployment Rule 7. Configure DHCP 8. Start the TFTP Service on vCenter Server Appliance 9. Review the Autodeployment Preparation Steps 10. Prepare to Monitor ESXi Bootup During the Autodeploy Process 11. Power On the ESXi Host and Monitor the Bootup Process 12. Check the Host Profile Compliance of the Autodeployed Host

51

Task 1: Create a Container for Autodeployed Hosts You create a folder in the vCenter Server inventory into which autodeployed hosts are placed. A deploy rule assigns hosts to this folder. 1. In vSphere Web Client, point to the Home icon and select Hosts and Clusters . 2. In the Hosts and Clusters inventory tree, right-click SA Datacenter  and select New Folder > New Host and Cluster Folder  from the drop-down menu. 3. Enter Auto-Deployed-Hosts in the folder name text box and click OK . At this stage, you can create clusters, folders, or other vSphere configurations to apply to autodeployed hosts. Deploy rules enable selective application of host profiles and destination containers to hosts that are booting up.

Task 2: Start the vSphere Auto Deploy Service The VMware vSphere® Auto Deploy™ capability is already installed on vCenter Server Appliance,  but the service is not started by default. You start the service and set the startup type to automatic. 1. Point to the Home icon and select Home. 2. Select the vSphere Auto Deploy service. a. In the center pane, click the System Configuration  icon under Administration.  b. In the left pane, select Services. c. Under Services, select Auto Deploy. 3. Start the vSphere Auto Deploy service. a. Select Start from the Actions drop-down menu.  b. In the center pane, view the Summary tab and verify that the service state is Running. 4. Configure the vSphere Auto Deploy service to automatically start when vCenter Server starts. a. Select Edit Startup Type from the Actions drop-down menu.  b. In the Edit Startup Type window, click Automatic and click OK . c. In the Summary tab, verify that the startup type is Automatic.

52

Lab 8

Using vSphere Auto Deploy

Task 3: Start the vSphere ESXi Image Builder Service On vCenter Server Appliance, the VMware vSphere® ESXi™ Image Builder CLI capability is already installed, but the service is not started by default. 1. In the left pane under Services, select ImageBuilder Service . 2. Start the vSphere ESXi Image Builder service. a. Select Start from the Actions drop-down menu.  b. In the center pane, view the Summary tab and verify that the service state is Running. 3. Configure the vSphere ESXi Image Builder service to automatically start when vCenter Server starts. a. Select Edit Startup Type from the Actions drop-down menu.  b. In the Edit Startup Type window, select Automatic and click OK . c. In the Summary tab, verify that the startup type is Automatic. 4. Make the Auto Deploy  icon visible in vSphere Web Client. The Auto Deploy icon is not visible until you log out and log back in to vSphere Web Client. a. Log out of vSphere Web Client.  b. Log in to vSphere Web Client as [email protected], using the standard lab  password.

Task 4: Import a Software Depot and Create a Custom Depot You use vSphere Web Client to import an ESXi software depot into vCenter Server and to create a custom software depot. 1. Point to the Home icon and select Home. 2. In the center pane, click the Auto Deploy icon under Operations and Policies.

Lab 8

Using vSphere Auto Deploy

53

3. Import an ESXi software depot into vCenter Server. a. In the center pane, click the Software Depots  tab.  b. Click the Import software depot  icon.

c. In the Name text box, enter SA Depot. d. Click Browse  next to the File text box. e. In the Choose File to Upload window, navigate to C:\Materials\Downloads . f. Select VMware-ESXi-6.5.0-depot.zip and click Open. g. Click Upload and wait for the file to upload. h. When the file is successfully uploaded, click Close. i. Verify that the software depot appears in the list. 4. Create a custom software depot. a. Click the Add Software Depot  icon.

 b. In the Add Software Depot dialog box, click Custom depot . c. In the Name text box, enter My Depot. d. Click OK .

54

Lab 8

Using vSphere Auto Deploy

Task 5: Create a Custom Image Profile and Export the Image Profile You use vSphere Web Client to clone an image profile and export the profile to a ZIP archive. 1. Clone an image profile. a. In the center pane, select SA Depot on the Software Depots  tab.  b. Under Image Profiles, select the image profile whose name ends in -no-tools . c. Click the Clone image profile  icon.

The Clone Image Profile wizard appears. d. On the Name and details page, keep the default name in the Name text box. e. In the Vendor text box, enter VMware. f. From the Software depot  list, select My Depot and click Next. g. On the Select software packages page, view the various software packages and click Next. h. On the Ready to complete page, click Finish. 2. Verify that the clone is created. a. Select My Depot.  b. Under Image Profiles, verify that the cloned image profile appears.

Lab 8

Using vSphere Auto Deploy

55

3. Export the image profile to a ZIP archive. a. Under Image Profiles, select the cloned image profile.  b. Click the Export the selected image profile as ISO or ZIP  icon.

c. In the Export Image Profile dialog box, click ZIP. image . d. Click Generate  

e. When the image generation completes, click the Download image  link.

A new Internet Explorer browser tab opens. f. If you receive a security exception, click Continue to this website (not recommended) . g. In the pop-up window, click Save as. h. Save the ZIP file to the desktop, using the default name. i. Click Close in the View Downloads - Internet Explorer window that opened when you downloaded the image.  j. In the Export Image Profile dialog box, verify that the image is generated successfully and click Close.

56

Lab 8

Using vSphere Auto Deploy

Task 6: Create and Activate a Deployment Rule Deployment rules associate host profiles, image profiles, destination containers, and many other capabilities to hosts engaged in the autodeploy process. Different sets of rules can associate different characteristics to hosts, based on several conditions and qualifiers, such as the network on which the host boots. 1. Create a deployment rule. a. In the center pane, click the Deploy Rules  tab.  b. Click the New Deploy Rule  icon. The New Deploy Rule wizard appears. c. On the Name and hosts page, enter SA Deploy Rule in the Name text box. d. Verify that Hosts that match the following pattern  is clicked. e. From the  list, select IPv4. f. In the IPv4 text box, enter 172.20.10.219 and click Next. 172.20.10.219 is the IP address that you will assign to the ESXi host to autodeploy. g. On the Select image profile page, select My Depot from the Software depot  list. h. Verify that the clone of the image profile is selected and click Next. i. On the Select host profile page, click Autodeployed-Host-Profile and click Next. Autodeployed-Host-Profile is preconfigured for use in this lab.  j. On the Select host location page, expand SA Datacenter  and select Auto-Deployed-Hosts. k. Click Next. l. On the Ready to complete page, click Finish. m. In the Recent Tasks pane, monitor the task to completion. This task takes several minutes. n. Verify that the deploy rule is successfully created.

Lab 8

Using vSphere Auto Deploy

57

2. Activate the deployment rule. a. In the center pane, select SA Deploy Rule .  b. Click Activate/Deactivate rules . The Activate and Reorder wizard appears. c. On the Activate and reorder page, select the rule at the bottom and click Activate. d. Click Next. e. On the Ready to complete page, click Finish. f. Verify that the rule status changes to Active.

Task 7: Configure DHCP You configure a single DHCP reservation in the Management network scope to focus vSphere Auto Deploy on a single ESXi host based on the host MAC address. Individual reservations are used, instead of configuring options for a full scope. More realistically, you can simultaneously autodeploy hosts using the same DHCP scope with different options set for each reservation. Use the following information from the class configuration handout: • MAC address of ESXi host to autodeploy 1. On the student machine desktop, click the DHCP icon in the task bar.

2. In the left pane, expand DHCP and expand dc.vclass.local. 3. Expand IPv4. The IPv4 scopes are visible. 4. Resize the left pane by dragging the pane separator to the right. 5. Expand the Scope [172.20.10.0] SA-Management  scope and select Reservations.

58

Lab 8

Using vSphere Auto Deploy

6. Configure a new reservation that uses the MAC address of your ESXi host. a. Right-click Reservations and select New Reservation .  b. In the Reservation Name  text box, enter SA_reservation. c. In the IP address text box, enter 172.20.10.219 (the IP address of the ESXi host to autodeploy). d. In the MAC address text box, enter the MAC address of the ESXi host to autodeploy. The MAC address is in the class configuration handout. You must use hyphens, not colons, between hexadecimal values. For example: 00-50-56-01-34-28 e. Leave the rest of the settings at their defaults and click Add. f. Click Close. The new reservation appears in the DHCP console window, in the right pane. 7. In the left pane, expand Reservations so that your new reservation appears. The reservation name is in the form [172.20.10.219] SA_reservation. 8. Select your reservation and verify that options inherited from the parent scope appear in the right pane. The scope-inherited options should include the following items: • 003 Router  • 006 DNS Servers • 015 DNS Domain Name 9. In the left pane, right-click your reservation and select Configure Options . 10. On the General tab of the Reserved Options dialog box, scroll down to the 066 Boot Server Host Name  option. 11. Select the 066 Boot Server Host Name  check box and enter 172.20.10.94 in the String value text box. 172.20.10.94 is the IP address of the vCenter Server Appliance instance. 12. In the options list, select the 067 Bootfile Name  check box and enter undionly.kpxe.vmw in the String value text box. hardwired  13. Click OK .

Lab 8

Using vSphere Auto Deploy

59

14. Verify that your new options appear in the right pane. The inherited options and reservation-specific options have different icons to identify them. 15. Minimize the DHCP console window.

Task 8: Start the TFTP Service on vCenter Server Appliance vCenter Server Appliance is already configured to serve as a TFTP server for vSphere Auto Deploy. The service must be started. 1. Start an SSH session to vCenter Server Appliance. a. On the student desktop task bar, click the MTPuTTY shortcut.  b. In the Servers pane on the left, double-click SA-VCSA-01. c. If the PuTTY security alert appears, click Yes. You are automatically logged in to vCenter Server Appliance as user root. 2. At the command prompt, enter shell to start the Bash shell. 3. At the Bash prompt, view the TFTP service configuration. cat /etc/sysconfig/atftpd Q1. What is the TFTP directory set to? 1. ATFTPD_DIRECTORY = “/var/lib/tftpboot”.

4. View the contents of the TFTP directory. ls /var/lib/tftpboot Q2. In the /var/lib/tftpboot file list, do you see the TFTP boot image filename that you entered when configuring DHCP options for your reservation? 2. Yes. It is undionly.kpxe.vmw-hardwired.

5. Start the TFTP service. service atftpd start

6. Verify that the TFTP service has started. service atftpd status

The TFTP service does not start automatically when the vSphere Auto Deploy service is started from vSphere Web Client. 7. Open the TFTP firewall port on the vCenter Server Appliance instance. iptables -A port_filter -p udp -m udp --dport 69 -j ACCEPT

8. Enter exit and enter exit again to close the MTPuTTY window. 60

Lab 8

Using vSphere Auto Deploy

Task 9: Review the Autodeployment Preparation Steps You review your work and prepare for autodeployment. 1. Review the configuration and autodeployment steps. • Containers and host profiles for use by autodeployed hosts are configured. The use of containers can be beneficial when designing prestaging and poststaging scenarios for host deployments. • The vSphere Auto Deploy service is started in vSphere Web Client. • A custom host image profile is created. Custom image profiles enable you to customize deployments for different sets of hosts and can be updated and customized with additional VMware or third-party software packages. • A deployment rule is created to associate an image profile, a host profile, and a container to specific autodeployed hosts. Using rules with different patterns enables different image, host profile, and other configurations to be assigned to groups of hosts. • DHCP options are configured to identify a TFTP server and a boot image filename. • The TFTP service is started on vCenter Server Appliance. For the sake of expediency, the lab environment uses vCenter Server Appliance as the TFTP server. In production, a compatible TFTP service can be used that is not colocated with vCenter Server Appliance.

Task 10: Prepare to Monitor ESXi Bootup During the Autodeploy Process You move out of your student desktop and use the VMware OneCloud Web interface to open a console to the ESXi host to autodeploy. 1. Verify that you have your student login credentials. Your login credentials are sent to you in a class welcome email. Your instructor can help you if you have lost your login information. 2. Record the VMware OneCloud URL provided by your instructor. __________  The URL should be similar to wdc-vclass-a.vmeduc.com/cloud/org/classroom-101. 3. Minimize the Remote Desktop Protocol (RDP) session to the student desktop machine in your lab sandbox. You can access the desktop of the server that you first logged in to at the start of the class. 4. On the login server desktop, double-click the Internet Explorer  shortcut. Lab 8

Using vSphere Auto Deploy

61

5. In the Internet Explorer window, browse to the VMware OneCloud URL that you recorded in step 2. 6. When prompted, log in using the student credentials. The user name and password are the same as those that you used to access the login server at the start of the class. 7. In the VMware vCloud Director® OneCloud interface, one vApp appears on the Home tab.

8. In the vApp panel, click the Open link above the Stop icon. The vCloud Director OneCloud interface changes to the My Cloud tab, with the vApp details in the right pane. 9. In the right pane, click the Virtual Machines  tab. 10. In the virtual machines list, find SA-ESXi-04. SA-ESXi-04 is the name of the ESXi host to autodeploy.

Task 11: Power On the ESXi Host and Monitor the Bootup Process You power on the ESXi host to autodeploy (SA-ESXi-04), and you monitor the ESXi host console to observe the autodeploy process. 1. Power off and power on the ESXi host to autodeploy. a. Right-click SA-ESXi-04 and select Power Off .  b. Click Yes to confirm the power-off operation. c. Right-click SA-ESXi-04 and select Power On . 2. When the ESXi host status changes to Powered On, right-click SA-ESXi-04 and select Popout Console. A new window shows the console view of the selected ESXi host. 3. If the Internet Explorer pop-up blocker blocks the console from opening, select the Always allow pop-ups  option and repeat step 2. 62

Lab 8

Using vSphere Auto Deploy

4. If a window appears asking if you want to upgrade to a newer version of the Client Integration Plug-In, click No. 5. Monitor the ESXi host bootup process. The host performs a network preboot execution environment (PXE) boot. The host contacts the TFTP server identified in the DHCP scope options. The image binaries are transferred to the host and installed. This process can take up to 20 minutes to complete. ESXi modules are loaded and associated host profile tasks are performed. Services are started. 6. Wait for the autodeploy process to complete. The autodeploy process is complete when the main Direct Console User Interface screen appears.

7. Restore the minimized RDP session to the student desktop machine.

Lab 8

Using vSphere Auto Deploy

63

Task 12: Check the Host Profile Compliance of the Autodeployed Host Each autodeployed host must be minimally configured so that the host can handle workloads as a member of a cluster. You perform the minimal configuration of the host networking. 1. Restore the minimized Internet Explorer window and click the vSphere Web Client  tab. 2. If you are logged out of vSphere Web Client, log back in. 3. Point to the Home icon and select Hosts and Clusters . 4. In the left pane, expand the Auto-Deployed-Hosts  folder. The autodeployed host appears in the folder, with the reservation IP as the host name. 5. Point to the Home icon and select Policies and Profiles . 6. In the left pane, click Host Profiles . 7. In the left pane, select Autodeployed-Host-Profile. 8. In the center pane, click the Monitor tab and click Compliance. 9. In the host list, select the autodeployed ESXi host. 10. Click the Check Host Profile Compliance  icon. 11. In the Recent Tasks pane, monitor the task and wait for the compliance check to complete. 12. Verify that the ESXi host is in compliance with the host profile. 13. Point to the Home icon and select Home.

64

Lab 8

Using vSphere Auto Deploy

Lab 9 Monitoring CPU Performance Objective: Use the esxtop command to monitor CPU performance In this lab, you perform the following tasks: 1. Set vSphere DRS to Manual Mode 2. Run a Single-Threaded Program in a Single-vCPU Virtual Machine 3. Start esxtop and View Statistics 4. Record Statistics for Case 1: Single Thread and Single vCPU 5. Run a Single-Threaded Program in a Dual-vCPU Virtual Machine 6. Record Statistics for Case 2: One Thread and Two vCPUs 7. Run a Dual-Threaded Program in a Dual-vCPU Virtual Machine 8. Record Statistics for Case 3: Two Threads and Two vCPUs 9. Analyze the Test Results

65

Task 1: Set vSphere DRS to Manual Mode You set the VMware vSphere® Distributed Resource Scheduler™ automation mode to manual to ensure that vSphere DRS does not migrate virtual machines to different hosts. This lab requires that the virtual machines remain on their current host. 1. In vSphere Web Client, point to the Home icon and select Hosts and Clusters . 2. In the left pane, select the SA Management cluster. 3. In the center pane, click the Configure  tab. 4. Select vSphere DRS  on the left and click Edit. 5. From the DRS Automation  drop-down menu, select Manual and click OK .

Task 2: Run a Single-Threaded Program in a Single-vCPU Virtual Machine You run a test program to generate continuous database activity on the test virtual machine for statistical analysis. The test virtual machine is configured with one vCPU. 1. Confirm that the Linux01 virtual machine is hosted on sa-esxi-01.vclass.local. a. In the left pane, select Linux01.  b. In the center pane, click the Summary tab. c. Verify that the host on which Linux01 resides is sa-esxi-01.vclass.local. 2. If Linux01 is not hosted on sa-esxi-01, migrate Linux01 to sa-esxi-01. a. Right-click Linux01 and click Migrate. The Migrate wizard appears.  b. On the Select the migration type page, click Change compute resource only  and click Next. c. On the Select a compute resource page, select sa-esxi-01.vclass.local and click Next. d. On the Select networks page, keep the default and click Next. e. On the Ready to complete page, click Finish. f. Wait for the migration to complete. 3. Power on the Linux01 virtual machine. 4. In the Power On Recommendations dialog box, verify that Linux01 will be placed on sa-esxi01.vclass.local and click OK .

66

Lab 9

Monitoring CPU Performance

5. Log in to the Linux01 virtual machine console. a. Right-click Linux01 and select Open Console.  b. If you receive the security exception message, click the Continue to this website (not recommended) link. c. Wait for the virtual machine to complete its bootup process. d. Log in as user root and use the standard lab password. 6. Verify that you are in the /root directory. pwd

7. If you are not in the /root  directory, enter cd /root. 8. Start the test program on Linux01. ./starttest1

The test program generates database operations to a medium-size database and writes output to the screen. The program must run uninterrupted.

Task 3: Start esxtop and View Statistics You use the esxtop  command to observe performance statistics for supported objects. 1. Start an SSH session to sa-esxi-01.vclass.local. a. On the student desktop task bar, click the MTPuTTY shortcut.  b. In the Servers pane on the left, double-click SA-ESXi-01. c. If the PuTTY security alert appears, click Yes. You are automatically logged in to the appliance as user root. 2. Start esxtop . By default, esxtop  starts with the CPU screen. 3. Change the update delay from the default (5 seconds) to 10 seconds. a. Enter s.  b. Enter 10. c. Press Enter. 4. To filter the CPU screen output only to the virtual machines, enter uppercase V  . By default, the CPU screen shows statistics for virtual machine processes and active ESXi host  processes. 5. In the output table, find the Linux01 virtual machine statistics. Lab 9

Monitoring CPU Performance

67

Task 4: Record Statistics for Case 1: Single Thread and Single vCPU You record statistics for the first test case. 1. After 30 seconds of statistics collection, record the values for the Linux01 virtual machine in the Case 1 column in the class configuration handout. • %USED • %RDY • %IDLE 2. Record the operations per minute (opm) value in the test script. a. In the Internet Explorer window, switch to the Linux01 console tab.  b. Record the opm reported by the test script in the Case 1 column in the class configuration handout. The counter value is reported with each iteration that the test script performs. Use the counter reported in the last iteration. 3. Press Ctrl+C to stop the test script. 4. Close the Linux01 console tab.

Task 5: Run a Single-Threaded Program in a Dual-vCPU Virtual Machine You modify the Linux01 virtual machine to have two vCPUs, and you restart the test script. 1. Shut down the Linux01 virtual machine. 2. Wait for the running indicator to be removed from the Linux01 virtual machine icon in the inventory tree. 3. Add a second vCPU to the Linux01 virtual machine. a. In the left pane, right-click Linux01 and select Edit Settings .  b. On the Virtual Hardware  tab in the Edit Settings dialog box, select 2 from the CPU dropdown menu and click OK . c. In the Recent Tasks pane, monitor the reconfiguration task to completion. 4. Power on the Linux01 virtual machine and verify that Linux01 will be placed on sa-esxi01.vclass.local. 5. Click the Linux01 console tab and log in to Linux01 as user root with the standard lab  password.

68

Lab 9

Monitoring CPU Performance

6. On the Linux01 console tab, restart the test program. ./starttest1

This script generates database operations to a medium-size database. The number of threads is set to 1. The script must run uninterrupted.

Task 6: Record Statistics for Case 2: One Thread and Two vCPUs You record statistics for the second test case. 1. Record the esxtop  counter values. a. Switch to the MTPuTTY window.  b. Enter e. c. Enter the GID for Linux01. d. Examine the two lines in the NAME column that start with vmx-vcpu. These two lines show the activity of each of the vCPUs in the Linux01 virtual machine. e. After 30 seconds of statistics collection, record the values for vCPU0 and vCPU1 in the Case 2 column in the class configuration handout. • %USED • %RDY • %IDLE 2. Record the operations per minute value in the test script. a. In the Internet Explorer window, switch to the Linux01 console tab.  b. Record the opm value reported by the test script in the Case 2 column in the class configuration handout. The counter value is reported with each iteration that the test script performs. Use the counter reported in the last iteration. 3. Press Ctrl+C to stop the test script.

Task 7: Run a Dual-Threaded Program in a Dual-vCPU Virtual Machine You configure the third case parameters by running a two-threaded test program on a virtual machine with two vCPUs. 1. On the Linux01 console tab, start the two-threaded test program. ./starttest2

This script generates database operations to a medium-size database. The number of threads is set to 2. The script must run uninterrupted. Lab 9

Monitoring CPU Performance

69

Task 8: Record Statistics for Case 3: Two Threads and Two vCPUs You record statistics for the final test case. 1. Record the esxtop  counter values. a. Switch to the MTPuTTY window.  b. Examine the two lines in the NAME column that start with vmx-vcpu. These two lines show the activity of each of the vCPUs in the Linux01 virtual machine. c. After 30 seconds of statistics collection, record the values for vCPU0 and vCPU1 in the Case 3 column in the class configuration handout. • %USED • %RDY • %IDLE 2. Record the operations per minute value in the test script. a. In the Internet Explorer window, switch to the Linux01 console tab.  b. Record the opm value reported by the test script in the Case 3 column in the class configuration handout. 3. Press Ctrl+C to stop the test script. 4. Stop the esxtop  program. a. Switch to the MTPuTTY window.  b. Enter q   to stop esxtop . c. Keep the SA-ESXi-01 MTPuTTY session open for the next lab.

Task 9: Analyze the Test Results You analyze the captured statistics and document your conclusions. 1. Review the statistics that you recorded in tasks 4, 6, and 8. 2. Record the conclusions that you can draw from the data. __________ 

70

Lab 9

Monitoring CPU Performance

Lab 10 Monitoring Memory Performance Objective: Use the esxtop command to monitor memory performance under load In this lab, you perform the following tasks: 1. Generate Database Activity in the Test Virtual Machine 2. Check for Overcommittment of Virtual Machine Memory 3. Configure esxtop to Report Virtual Machine Memory Statistics 4. Observe Memory Statistics 5. Start a Memory Test on ResourceHog01 and ResourceHog02 6. Record Memory Statistics 7. Clean Up for the Next Lab

71

Task 1: Generate Database Activity in the Test Virtual Machine You start the test program to generate database activity. 1. In the Internet Explorer window, click the Linux01 console tab. 2. If necessary, log in to the Linux01 virtual machine as user root with the standard lab password. 3. In the Linux01 console, enter ./starttest2. This test program performs continuous database operations to a medium-size database. The number of threads is set to 2. The script must run uninterrupted.

Task 2: Check for Overcommittment of Virtual Machine Memory You use resource allocation reports to determine whether memory is overcommitted for a virtual machine. 1. In the Internet Explorer window, click the vSphere Web Client  tab. 2. Point to the Home icon and select Hosts and Clusters . 3. In the left pane, select the Linux01 virtual machine. 4. In the center pane, click the Monitor tab and click Utilization. 5. Find the Virtual Machine Memory panel. 6. Record the value for VM Consumed. __________  7. Find the Guest Memory panel, in the lower-left corner of the pane. 8. Record the value for Active Guest Memory. __________  Q1. Is the consumed host memory greater than the active guest memory? 1. Answers vary depending on the current workload.

If the consumed host memory is greater than the active guest memory, memory is not overcommitted. If the consumed host memory is less than active guest memory, then overcommitment is occurring and might cause degraded performance.

72

Lab 10

Monitoring Memory Performance

Task 3: Configure esxtop to Report Report Virtual Machine Memory Memory Statistics Statistics You start st art esxtop  and configure it for memory statistics. 1. Switch Switch to the MTPuTTY MTPuTTY window window for for sa-esxisa-esxi-01.vc 01.vclass. lass.local local.. a. If you need need to restart restart the the SSH session session to sa-esx sa-esxi-01. i-01.vclas vclass.lo s.local, cal, click click the MTPuTTY shortcut on the task bar.  b. In the Servers pane pane on the left, double-click SA-ESXi-01. c. When When the PuTTY PuTTY secu securit rity y alert alert appears appears,, click click Yes. You are automatically logged in to sa-esxi-01.vclass.local sa-esxi-01.vclass.local as user root. 2. Start esxtop . 3. In esxtop , enter m   to view the memory statistics screen.  to  m  4. Set a 10-se 10-secon cond d updat updatee delay delay.. a. Enter s to display the delay prompt.  b. At the delay prompt, prompt, enter 10 and 10 and press Enter. 5. Ente Enterr upp upper erca case se V   to filter only the display virtual machine statistics.  to 6. Remove Remove all statisti statistics cs columns columns from from the output output table, table, except except D, H, H, J, and K. K. Removing counters that are not monitored during the test can make isolation i solation of the desired counters easier. a. Enter f to access the field order screen.  b. For fields other than than D, H, J, and K, if an asterisk asterisk appears to the left of the field name,  press the corresponding corresponding letter to remove remove the asterisk. c. For the D, D, H, J, and and K fields, fields, if an asteris asterisk k does not not appear to to the left left of the field field name, name,  press the corresponding corresponding letter to add an asterisk. d. Press Enter to return return to to the memory memory statisti statistics cs output. output.

Task 4: Observe Memory Statistics Statistics You observe obs erve esxtop  counters to determine memory conditions. 1. Examine esxtop  statistics. a. In the esxtop  output, view the Linux01 virtual v irtual machine statistics.  b. Verify that the MCTLSZ, MCTLSZ, MCTLTGT MCTLTGT,, SWCUR, SWTGT SWTGT,, SWR/s, and SWW/s values are at or near zero. c. If you you cannot cannot see see all all of value valuess listed listed in in step step  b,  b, close the left pane. Lab 10

Monitoring Memory Performance

73

2. Record Record the operations operations per per minute minute (opm) (opm) value value in the the test script. script. a. In the the Interne Internett Explorer Explorer window window, switch switch to the the Linux01 console tab.  b. Record the opm value reported by the test script. __________  __________  The counter value is reported with each iteration that the test script performs. Use the counter reported in the last iteration. i teration.

Task 5: Start a Memory Test Test on ResourceHog01 and ResourceHog02 You start a memory test on the ResourceHog01 and ResourceHog02 virtual machines. 1. Switc witch h to the the vSphere Web Client  tab in Internet Explorer. 2. Power Power on, open open a console, console, and and boot to the Resour ResourceHo ceHog01 g01 virtual virtual machine machine.. You must enter the console within 30 seconds. a. Right ight-c -cli licck ResourceHog01 and select Power > Power On.  b. In the Power On Recommendations window window,, verify that ResourceHog01 ResourceHog01 will be placed on sa-esxi-01.vclass.local sa-esxi-01.vclass.local and click OK . c. Right ight-c -cli licck ResourceHog01 and select Open Console . d. Click Click anywh anywhere ere in in the cons console ole wind window ow.. e. At the the BIOS BIOS screen screen,, press press Enter Enter.. f. At the boot:  prompt, press Enter to load the Ultimate Boot CD menu. If you see a Booting  prompt, you did not enter the console within 30 seconds. You You must return to substep a to reset the power on the virtual machine and enter the console to the virtual machine within 30 seconds. g. Use the the arrow arrow keys keys and and the the Enter Enter key key to selec selectt Mainboard Tools  > Memory Tests > Memtest86+ V1.70 . The exact keystroke sequence is Enter, down arrow, down arrow, Enter, down arrow, down arrow, Enter. h. After After the memory memory test utility utility is running, running, press press Ctrl+Alt Ctrl+Alt to release release the pointer pointer focus. focus. 3. Swit Switch ch to the the vSphere Web Client  tab. 4. Repeat st step 2 for the ResourceHog02 virtual machine.

74

Lab 10

Monitoring Memory Performance

Task 6: Record Memory Statistics Statistics You record and evaluate memory statistics with a significant load consuming ESXi host memory. memory. 1. Switch Switch to the the MTPuTT MTPuTTY Y windo window w. 2. After at least least one minute minute of statistics statistics collection, collection, record record the values values for the ResourceHo ResourceHog02, g02, ResourceHog01, and Linux01 virtual machines in the class configuration handout. • MCTL? • MCTLSZ • MCTLTGT • SWCUR   • SWTGT • SWR/s • SWW/s Q1. For Linux01, Linux01, does the value value of MCTLSZ MCTLSZ converge converge with the value value of MCTLTGT? MCTLTGT? 1. Yes, the values should converge over time. Q2. For Linux01 Linux01,, does the the value value of SWCUR conve converge rge with with the value value of SWTGT? SWTGT? 2. Yes, the values should converge over time.

3. Monitor Monitor the statisti statistics cs output output until the host host reaches reaches a steady state state where where the counters counters in each each set are close in value to each other. If the counters in each set are close in value to each other, the host has reached a steady state. 4. To determine determine which virtual virtual machines machines do not have the balloon balloon driver driver installed, installed, examine examine the MCTL? value for each virtual machine. The MCTL? field indicates the presence of the balloon driver. If the MCTL? value is Y, then that virtual machine has a balloon driver installed. Otherwise, the virtual machine lacks a  balloon driver. driver. Q3. Which virtua virtuall machines machines do not not have have the balloon balloon driver driver inst installed alled? ? 3. ResourceHog02 and ResourceHog01.

5. To determine determine whether whether the virtual virtual machines machines are swapping, swapping, examine examine the values values for SWR/s SWR/s and SWW/s for each virtual machine. Q4. Q4. Which Which virtu virtual al mach machine ines s are swap swappin ping? g? 4. Although all three VMs might be swapping, the levels of swapping on ResourceHog01 and ResourceHog02 are going to be much larger than the level of swapping on Linux01.

Lab 10

Monitoring Memory Performance

75

6. Determine which virtual machines have experienced degraded performance due to swapping. a. Enter lowercase c to switch to the CPU screen.  b. Enter uppercase V   to display only virtual machine statistics. c. Examine the %SWPWT value for each virtual machine identified as actively swapping. As %SWPWT exceeds 5 percent, the performance of the virtual machine degrades significantly. Q5. What are the %SWPWT values for each of the virtual machines? 5. ResourceHog01 and ResourceHog02 should be experiencing high %SWPWT values because their memory is being swapped out and they must wait whenever those pages are accessed. Linux01 should be experiencing low %SWPWT values, possibly zero.

7. Enter m   to return to the esxtop  memory screen. Q6. What is the memory state: high, clear, soft, hard, or low? 6. Answers vary.

8. Record the opm value in the test script. a. In the Internet Explorer window, switch to the Linux01 console tab.  b. Record the opm value reported by the test script. __________  c. Compare this opm value with the value that you recorded in task 4, step 2, substep b. Q7. Has the performance of the test script degraded? 7. Answers vary.

Task 7: Clean Up for the Next Lab You stop the test script on the Linux01 virtual machine. You also stop the memory tests on ResourceHog01 and ResourceHog02. 1. In the MTPuTTY window, select View > Servers to display the Servers pane on the left. 2. Keep esxtop  running in the MTPuTTY window. 3. Switch to the Internet Explorer window. 4. On the Linux01 console tab, press Ctrl+C to stop the test script. Keep the console tab open. 5. Close the ResourceHog01 and ResourceHog02 console tabs. 6. On the vSphere Web Client  tab, power off the ResourceHog01 and ResourceHog02 virtual machines. 76

Lab 10

Monitoring Memory Performance

Lab 11 Monitoring Storage Performance Objective: Use the esxtop command to monitor disk performance across a series of tests In this lab, you perform the following tasks: 1. Prepare to Run Tests 2. Measure Continuous Sequential Write Activity to a Virtual Disk on a Remote Datastore 3. Measure Continuous Random Write Activity to a Virtual Disk on a Remote Datastore 4. Measure Continuous Random Read Activity to a Virtual Disk on a Remote Datastore 5. Measure Continuous Random Read Activity to a Virtual Disk on a Local Datastore 6. Analyze the Test Results

Task 1: Prepare to Run Tests You use several test scripts on the Linux01 virtual machine to generate continuous random and sequential I/O operations against both local and remote (network) datastores. The Linux01 virtual machine is located on sa-esxi-01.vclass.local and is configured with two hard drives to serve as local and remote I/O targets. The SCSI (0:1) drive is stored on SA-ESXi-01-Local, the local datastore. The SCSI (0:2) drive is stored on SA-Shared-01-Remote, the remote datastore. You monitor storage preparation tasks to completion and then change folders. 1. In the Internet Explorer window, click the Linux01 console tab. 2. If necessary, log in as user root with the standard lab password.

77

3. Configure storage. ./storageconfig.sh

The storage preparation might take a few minutes to complete. The script must run uninterrupted to completion. 4. When the script is complete, navigate to the test scripts folder. cd aio-stress

Task 2: Measure Continuous Sequential Write Activity to a Virtual Disk on a Remote Datastore You run the logwrite.sh  test script to generate continuous sequential write activity to the hard disk on the remote datastore. 1. Start the logwrite.sh  test script. ./logwrite.sh

2. Allow the script to run uninterrupted. 3. View the MTPuTTY session to the sa-esxi-01 host. MTPuTTY should be logged in to SA-ESXi-01, and esxtop  should be running. 4. If MTPuTTY is not logged in, and esxtop  is not running, start a new MTPuTTY session to saesxi-01.vclass.local. a. In the MTPuTTY window, open a connection to SA-ESXi-01.  b. Enter esxtop at the command prompt. c. Set a 10-second update delay by entering s, and then entering 10 and pressing Enter. 5. Enter d   to display device adapter output and examine the reads and writes to the adapter paths. Q1. Which adapter has the most disk I/O activity? 1. vmhba65, the software iSCSI adapter.

6. Enter u to display individual device output, and examine the reads and writes to the devices. One of the remote devices has more disk I/O activity than the others. 7. Enter v to display virtual machine output. 8. After 30 seconds of statistics collection, record the values for the Linux01 virtual machine in the Sequential Writes/Remote Datastore column in the class configuration handout. • READS/s • WRITES/s 78

Lab 11

Monitoring Storage Performance

9. In the Internet Explorer window, click the Linux01 console tab. 10. Press Ctrl+C to stop the test script.

Task 3: Measure Continuous Random Write Activity to a Virtual Disk on a Remote Datastore You run the datawrite.sh  test script to generate continuous random write activity to the virtual machine hard disk on the remote datastore. 1. In the Linux01 console, start the datawrite.sh  test script. ./datawrite.sh

2. Allow the script to run uninterrupted. 3. Return to the MTPuTTY window. 4. Enter d   to display device adapter output and examine the reads and writes to the adapter paths. 5. Enter u to display individual device output and examine the reads and writes to the devices. 6. Enter v to display virtual machine output. 7. After 30 seconds of statistics collection, record the values for Linux01 in the Random Writes/ Remote Datastore column in the class configuration handout. • READS/s • WRITES/s 8. In the Internet Explorer window, click the Linux01 console tab. 9. Press Ctrl+C to stop the test script.

Task 4: Measure Continuous Random Read Activity to a Virtual Disk on a Remote Datastore You run the fileserver2.sh  test script to generate continuous random read activity from the hard disk on the remote datastore. 1. In the Linux01 console, start the fileserver2.sh  test script. ./fileserver2.sh

2. Allow the script to run uninterrupted. 3. Return to the MTPuTTY window. 4. Enter d   to display device adapter output and examine the reads and writes to the adapter paths. 5. Enter u to display individual device output and examine the reads and writes to the devices. 6. Enter v to display virtual machine output. Lab 11

Monitoring Storage Performance

79

7. After 30 seconds of statistics collection, record the values for Linux01 in the Random Reads/ Remote Datastore column in the class configuration handout. • READS/s • WRITES/s 8. In the Internet Explorer window, click the Linux01 console tab. 9. Press Ctrl+C to stop the test script.

Task 5: Measure Continuous Random Read Activity to a Virtual Disk on a Local Datastore You run the fileserver1.sh  test script to generate continuous random read activity from the virtual machine hard disk on the local datastore attached to the ESXi host. 1. In the Linux01 console, start the fileserver1.sh  test script. ./fileserver1.sh

This test script first creates the file to be read, which can take 5 minutes or more. The test script must run uninterrupted. 2. Monitor the script output. The output remains silent during file creation. 3. After the Starting with random read  message appears, view information in esxtop . a. Enter d   to display device adapter output. Q1. Which adapter has the most disk I/O activity? 1. vmhba1, a local host bus adapter.

 b. Enter u to display individual device output. One of the local devices, rather than a remote device, is used for this test. c. Enter v to display virtual machine output. 4. After 30 seconds of statistics collection, record the values for Linux01 in the Random Reads/ Local Datastore column in the class configuration handout. • READS/s • WRITES/s 5. In the Internet Explorer window, click the Linux01 console tab. 6. Press Ctrl+C to stop the test script.

80

Lab 11

Monitoring Storage Performance

Task 6: Analyze the Test Results Your instructor conducts an in-class review to compare test results from each group. 1. Record the conclusions that you draw from the test data collected in tasks 2 through 5.  __________  2. In the Internet Explorer window, leave the vSphere Web Client  and the Linux01 tabs open for the next lab.

Lab 11

Monitoring Storage Performance

81

82

Lab 11

Monitoring Storage Performance

Lab 12 Monitoring Network Performance Objective: Use the esxtop command to monitor network performance In this lab, you perform the following tasks: 1. Prepare to Monitor Network Performance 2. Prepare the Client and the Server Virtual Machines 3. Measure Network Activity on an ESXi Physical Network Interface 4. Use Traffic Shaping to Simulate Network Congestion 5. Position the Client and the Server on the Same Port Group 6. Restart the Test and Measure Network Activity 7. Stop the Test and Analyze Results 8. Clean Up for the Next Lab

Task 1: Prepare to Monitor Network Performance You use the esxtop  network statistics screen to monitor network performance. 1. View the MTPuTTY session to the sa-esxi-01 host. MTPuTTY should be logged in to the sa-esxi-01 host, and esxtop  should be running. 2. If MTPuTTY is not logged in, and esxtop  is not running, start a new MTPuTTY session to sa-esxi-01.vclass.local. a. In the MTPuTTY window, open a connection to SA-ESXi-01.  b. Enter esxtop at the command prompt. c. Set a 10-second update delay. 83

3. Enter n to switch to the network statistics screen. 4. Remove unused counters to make the esxtop  network screen easier to monitor. a. Enter f to display the Current Field Order table.  b. In the Current Field Order table, enter g and j to remove PKTRX/s and PKTTX/s from the esxtop  display. c. Press Enter to return to the network statistics screen.

Task 2: Prepare the Client and the Server Virtual Machines You use scripts on the Linux01 and Linux02 virtual machines to generate network traffic so that network performance can be measured. The Linux01 virtual machine acts as a client, and the Linux02 virtual machine acts as a server. The Linux01 virtual machine is connected to the pg-SA Production port group. You move the Linux02 virtual machine to the pg-SA Management port group so that the virtual machines are connected to different virtual switches, forcing their traffic to traverse the physical network. 1. Migrate the Linux02 virtual machine to the pg-SA Management port group. a. In the Internet Explorer window, click the vSphere Web Client  tab.  b. Point to the Home  icon and select Networking. c. In the Navigator pane, right-click the dvs-Lab distributed switch and select Migrate VMs to Another Network . d. For the source network, leave Specific network  selected, click Browse , select pg-SA Production, and click OK . e. For the destination network, click Browse , select the pg-SA Management port group, and click OK . f. Click Next. g. On the Select virtual machines to migrate page, select the Linux02 check box and click Next. h. On the Ready to complete page, click Finish. i. In the Recent Tasks pane, monitor the migration task to completion.

84

Lab 12

Monitoring Network Performance

2. View the the IP address address of the Linux0 Linux02 2 virtual virtual machine machine.. a. Point to to th the Home icon and select Hosts and Clusters .  b. Power on the Linux02 Linux02 virtual machine. machine. c. In the Power Power On Recommenda Recommendations tions window window,, keep the recomme recommendati ndation on to place Linux0 Linux02 2 on host sa-esxi-01.vclass.local selected and click OK . Wait for the virtual machine to boot up completely. d. In the the left left pan pane, e, sele select ct Linux02. e. From th the Summary tab in the center pane, record the Linux02 IP address. __________  The Linux02 IP address starts with 172.20.10 (the management network DHCP range). 3. View the the IP address address of the Linux0 Linux01 1 virtual virtual machine machine.. a. In the the lef leftt pane pane,, sele select ct the the Linux01 virtual machine.  b. From the Summary tab, record the Linux01 IP address. __________  The Linux01 IP address starts with 172.20.11 172.20.11 (the production network DHCP range). 4. Start tart the the ser serve verr on Lin Linux ux02 02.. a. In the the left left pane, pane, rightright-cli click ck the Linux02 virtual machine and select Open Console.  b. In the Linux02 console console window, window, log in as user root with the standard standard lab password. c. Naviga Navigate te to the the network network scrip scripts ts folde folderr. cd netperf

d. Star Startt the the serv server er pro progr gram am.. ./netserver

The server program runs as a background process.

e. Verify that the server server program program is is running. running. ps -ef | grep netserver

The server and grep processes are listed.

Lab 12

Monitoring Network Performance

85

Task 3: Measure Network Network Activity on an ESXi ESXi Physical Network Interface You measure the network performance of the ESXi host network interface with the Linux01 and Linux02 virtual machines positioned on different physical network segments across a router. Requests sent from the Linux01 client enter the physical network through the ESXi network interface vmnic2 that is bound to a dvs-Lab distributed switch uplink. The client requests are routed to the management network where the Linux02 server is positioned, using the pg-SA Management  port group on the the dvs-SA Datacenter Datacenter distributed switch. 1. Swit witch to the the Linux01 console tab. 2. Start tart the the cli clien entt on Lin Linux ux01 01.. a. Naviga Navigate te to the the network network scri scripts pts folde folderr. cd /root/netperf

 b. Start the client client test script. ./nptest1.sh server_IP_address

 server_IP_address  server_IP_address is  is the Linux02 IP address that you recorded in task 2. The client and server programs must run uninterrupted. 3. Monitor Monitor networ network k activity activity and recor record d your your finding findings. s. a. Switch Switch to the the MTPuTT MTPuTTY Y wind window ow..  b. In the esxtop  output, find the vmnic2 physical network interface. c. After After 30 seconds seconds of statistics statistics collecti collection, on, record record the values values for vmnic2 vmnic2 in the vmnic2 vmnic2 column in the class configuration handout. • MbTX/s • MbRX/s

Task 4: Use Traffic Traffic Shaping to Simulate Network Network Congestion You use traffic shaping to control the network speed to simulate congestion. 1. Switch Switch to the the Internet Internet Explorer Explorer window window and click click the vSphere Web Client tab. 2. Point to to th the Home icon and select Networking. 3. In the netwo networki rking ng inven inventor tory y, expand expand the the dvs-Lab distributed switch. 4. Righ Rightt-cl clic ick k the the pg-SA Production  port group and select Edit Settings. 5. In the the Edit Edit Setti Settings ngs dialog dialog box, box, click click Traffic shaping  on the left.

86

Lab 12

Monitoring Network Performance

6. Select Enabled from the Status drop-down menus for ingress traffic shaping and egress traffic shaping. 7. Config Configure ure ingre ingress ss and egres egresss traffic traffic shapi shaping. ng.

Option

Action

Average bandwidth (kbit/s)

Enter 10000. 10000.

Peak bandwidth (kbits/s)

Enter 10000. 10000.

Burst size (KB)

Enter 10000. 10000.

8. Verify that that you configur configured ed both ingress ingress and egress egress traffi trafficc shaping shaping and click OK . 9. Monitor Monitor network network performan performance ce and and record record your your finding findings. s. a. Switch Switch to the the MTPuTT MTPuTTY Y windo window w.  b. In the esxtop  output, find the vmnic2 physical interface item. c. After After 30 seconds seconds of statistics statistics collecti collection, on, record record the values values for vmnic2 vmnic2 in the vmnic2 vmnic2 10 Mb/ Mb/ s column in the class configuration handout. • MbTX/s • MbRX/s 10. Disable Disable ingress ingress and and egress egress traffic traffic shaping. shaping. a. Switc witch h to the the vSphere Web Client  tab in the Internet Explorer window. window.  b. Right-click the pg-SA Production port group and select Edit Settings . c. Click Traffic shaping . d. For both ingress ingress and and egress egress traff traffic ic shaping shaping,, select select Disabled from each Status drop-down menu. e. Click OK  to  to close the Edit Settings dialog box.

Lab 12

Monitoring Network Performance

87

Task 5: Position the Client and the Server on the Same Port Group You migrate the Linux02 virtual machine back to the pg-SA Production port group to show that virtual machines communicating on the same ESXi host and virtual switch port group can communicate at a faster rate than the rate dictated by the physical network hardware. 1. Stop the client. a. In the Internet Explorer window, click the Linux01 console tab.  b. In the Linux01 console, press Ctrl+C to stop the test script. 2. Stop the server. a. Click the Linux02 console tab.  b. In the Linux02 console, end the server program. ps -ef | grep netserver kill  process_id 

In the kill command, process_id  is the netserver process ID as reported by the ps command. In the example ps output, the netserver process ID is 6487. The screenshot does not include the leftmost columns of the ps output.

3. Migrate the Linux02 virtual machine to the pg-SA Production port group. a. Click the vSphere Web Client  tab.  b. In the left pane, right-click the dvs-Lab distributed switch and select Migrate VMs to Another Network . c. For the source network, leave Specific network  selected, click Browse , select pg-SA Management, and click OK . d. For the destination network, click Browse , select the pg-SA Production  port group, and click OK . e. Click Next. f. Under Select virtual machines to migrate, select the Linux02 check box and click Next. g. Click Finish. h. In the Recent Tasks pane, monitor the migration task to completion. 4. In the Internet Explorer window, click the Linux02 console tab. 88

Lab 12

Monitoring Network Performance

5. Restart the network service, and verify that the IP address is within the production network DHCP range. a. In the terminal window, restart the network service. service network restart

The network service might take up to a minute to restart and acquire a new DHCP address.  b. Verify that a new DHCP-assigned address was acquired. ifconfig

c. In the ifconfig  command output, verify that the IP address starts with 172.20.11 (the  production network DHCP range). d. Record the postmigration Linux02 IP address. __________ 

Task 6: Restart the Test and Measure Network Activity You measure network activity when the client and the server communicate across a virtual network contained within a single ESXi host and port group. 1. In the Linux02 console window, start the server program. ./netserver

2. In the Internet Explorer window, click the Linux01 console tab. 3. Start the client script. ./nptest1.sh server_IP_address

 server_IP_address is the postmigration Linux02 IP address that you recorded in task 5. 4. Monitor network activity and record your findings. a. Switch to the MTPuTTY window.  b. In the esxtop  output, find the vmnic2 row and verify that the traffic is no longer traversing the physical interface. c. Find the Linux01.eth0 row. d. After 30 seconds of statistics collection, record the values for Linux01.eth0 in the Linux01.eth0 column in the class configuration handout. • MbTX/s • MbRX/s

Lab 12

Monitoring Network Performance

89

Task 7: Stop the Test and Analyze Results You use samples that you recorded to determine whether network performance was affected by the simulated congestion in an expected manner and to determine the fastest network configuration. 1. Stop the test. a. Switch to the Internet Explorer window and click the Linux01 console tab.  b. In the Linux01 console, press Ctrl+C to stop the client script. c. Click the Linux02 console tab. d. In the Linux02 console, kill the server process to end the server program. ps -ef | grep netserver kill  process_id 

 process_id  is the netserver  process ID that appears in the ps command output. 2. Review the sample values that you recorded in task 6. Q1. Do you see an obvious difference in network throughput for each test? 1. Yes. Network throughput values will vary. Q2. Which test resulted in the highest throughput (highest values)? 2. The test with the client and server on the same port group. Q3. Why was this test the fastest? 3. Because network I/O did not pass through the physical network hardware.

Task 8: Clean Up for the Next Lab You end esxtop  and you close the Linux01 and Linux02 console tabs. You also change the vSphere DRS automation mode to Fully Automated. 1. In the MTPuTTY window, enter q   to end esxtop . 2. Close the MTPuTTY session. 3. In the Internet Explorer window, close the Linux01 and Linux02 console tabs. 4. Power off Linux01 and Linux02. 5. On the vSphere Web Client  tab, point to the Home icon and select Hosts and Clusters .

90

Lab 12

Monitoring Network Performance

6. Change the vSphere DRS automation mode to Fully Automated. a. In the left pane, select the SA Management cluster.  b. In the center pane, click the Configure  tab. c. Select vSphere DRS  on the left and click Edit. d. From the DRS Automation  drop-down menu, select Fully Automated and click OK . 7. Migrate the local storage of Linux01 to shared storage. a. Right-click Linux01 and select Migrate. The Migrate wizard appears.  b. On the Select the migration type page, click Change storage only  and click Next. c. On the Select storage page, select SA-Shared-01-Remote and click Next. d. On the Ready to complete page, click Finish. e. In the Recent Tasks pane, monitor the migration task to completion. 8. Point to the Home icon and select Home.

Lab 12

Monitoring Network Performance

91

92

Lab 12

Monitoring Network Performance

Lab 13 Using vRealize Log Insight Objective: Configure and use vRealize Log Insight In this lab, you perform the following tasks: 1. Configure vRealize Log Insight 2. Configure vRealize Log Insight to Ingest Data from vSphere 3. Create Events to Analyze 4. Examine vRealize Log Insight Dashboards 5. Use vRealize Log Insight Interactive Analytics to Search for an Event 6. Examine vRealize Log Insight Resource Usage 7. Create an Additional vRealize Log Insight User  8. Access vRealize Log Insight as Another User  9. Prepare for the Next Lab

Task 1: Configure vRealize Log Insight You configure VMware vRealize® Log Insight™. Use the following information from the class configuration handout: • vRealize Log Insight license key 1. Open a new tab in Internet Explorer. 2. From the Favorites bar, select vRealize Log Insight . 3. If you receive a security exception, click the Continue to this website (not recommended) link.

93

4. On the Setup page for vRealize Log Insight, click Next. 5. On the Choose Deployment Type page, click Start New Deployment . It can take a couple of minutes to start the new deployment. 6. On the Admin Credentials page, configure the email address and password.

Option

Action

Email

Enter [email protected] .

New password

Enter the standard lab password.

Confirm new password

Enter the standard lab password.

7. Click Save and Continue . 8. On the License page, verify that the license is still valid. 9. If the license has expired, add a new license. a. Click +Add New License .  b. In the License Key text box, enter the vRealize Log Insight license key provided by your instructor. c. Click Add License. d. Click Save and Continue . 10. On the General Configuration page, do not join the customer experience improvement program. a. Deselect the Join the VMware Customer Experience Improvement Program  check  box.  b. Click Save and Continue . 11. On the Time Configuration page, synchronize server time with the ESXi host. a. From the Sync Server Time With drop-down menu, select ESX/ESXi host .  b. Click Save and Continue . 12. On the SMTP Configuration page, click Skip. 13. On the Setup Complete page, click Finish.

94

Lab 13

Using vRealize Log Insight

Task 2: Configure vRealize Log Insight to Ingest Data from vSphere You add your vSphere details to vRealize Log Insight so that it can use vSphere logs. 1. In the top-right corner, click the menu icon and select Administration.

2. In the left pane, click vSphere under Integration. 3. In the vSphere Integration panel, specify the vCenter Server name and login credentials.

Option

Action

Hostname

Enter sa-vcsa-01.vclass.local.

Username

Enter [email protected] .

Password

Enter the standard lab password.

4. Click Test   Connection . Verify that the test is successful. 5. Click Save. 6. When the configuration is complete, click OK .

Task 3: Create Events to Analyze You create events in the logs of ESXi hosts that will be analyzed by vRealize Log Insight. The events are to allow and disallow access through the firewall for the SSH client. 1. In vSphere Web Client, point to the Home icon and select Hosts and Clusters . 2. Allow SSH client access through the firewall. a. In the left pane, select sa-esxi-01.vclass.local.  b. In the center pane, click the Configure  tab and select Security Profile  on the left. c. In the Firewall panel, click Edit. d. In the Edit Security Profile dialog box, select the SSH Client check box. e. Click OK . Lab 13

Using vRealize Log Insight

95

3. Disallow SSH client access through the firewall. a. In the Firewall panel, click Edit.  b. In the Edit Security Profile dialog box, deselect the SSH Client check box. c. Click OK . 4. Repeat steps 2 and 3 for the sa-esxi-02.vclass.local and sa-esxi-03.vclass.local hosts.

Task 4: Examine vRealize Log Insight Dashboards You examine the information provided by the standard dashboards available from vRealize Log Insight. 1. Click the vRealize Log Insight  tab. 2. At the top of the vRealize Log Insight interface, click Dashboards. The Overview dashboard appears. 3. In the left pane, select Event Types and examine the dashboard. For example, you can view the number of unique event types and the pie chart that shows the unique event types by host name. 4. In the left pane, select Security and examine the dashboard. For example, you can view the bar graph that shows the number of events that contain user information over time. 5. From the drop-down menu in the top left pane, select VMware - vSphere .

The General-Overview dashboard appears.

96

Lab 13

Using vRealize Log Insight

6. At the top of the right pane, select Latest 48 hours of data  from the drop-down menu.

7. Click the refresh icon and examine the changes made in the output. 8. In the left pane, select vSphere-Overview and examine the dashboard. Most of the charts in the dashboard contain no results because vRealize Log Insight is only now starting to collect data. 9. In the left pane, select vSphere-ESXi and examine the dashboard. 10. View the ESX/ESXi VOB events by component and event type panel. The firewall.config.changed event type has a count of 6, which corresponds to the number of times that you changed the firewall configuration on your ESXi hosts in task 3.

Task 5: Use vRealize Log Insight Interactive Analytics to Search for an Event You use vRealize Log Insight interactive analytics to search for types of events. 1. At the top of the vRealize Log Insight interface, click Interactive Analytics . 2. From the Chart Type  drop-down menu, near the middle-right side of the window, select Line.

Lab 13

Using vRealize Log Insight

97

3. Notice how the graph display changes. 4. Search for events that contain the word “firewall.” a. In the wide text box in the middle of the window, enter firewall.

 b. From the time range drop-down menu, select Latest 6 hours of data .

c. Click the search icon.

d. View all the events that are found.

98

Lab 13

Using vRealize Log Insight

5. Create a filter to find firewall events for the sa-esxi-01 host. a. Click Add Filter.  b. From the first drop-down menu, select hostname. c. From the second drop-down menu, select contains. d. In the text box, enter sa-esxi-01 and press Enter.

e. Click the search icon. f. View all the events that are found. 6. Create a filter to find firewall events on the sa-esxi-01host that contain the word “disable.” a. Click Add Filter.  b. From the first drop-down menu, select text. c. From the second drop-down menu, select contains. d. In the text box, enter disable and press Enter.

e. Click the search icon. f. View all the events that are found. g. Delete “disable” from the text box, enter enable, and press Enter. h. Click the search icon. i. View all the events that are found. 7. Clear the filters. a. Click Clear All Filters .  b. Delete “firewall” from the search text box. c. Click the search icon. Lab 13

Using vRealize Log Insight

99

Task 6: Examine vRealize Log Insight Resource Usage You use the reporting feature in vRealize Log Insight to examine the resources that it is using. 1. In the top-right corner, click the menu icon and select Administration. 2. In the left pane, select System Monitor. 3. In the center pane, select Resources and examine the output. 4. In the center pane, select Statistics  and examine the output.

Task 7: Create an Additional vRealize Log Insight User  You create a user who can access vRealize Log Insight. 1. In the left pane, select Access Control . 2. In the center pane, select Users and click New User. 3. On the New User page, configure the user’s name, password, and role. a. In the Username text box, enter regadmin.  b. In the Password text box, enter the standard lab password. c. In the Roles panel, select the Dashboard User  check box and deselect all other check  boxes. d. Click Save.

Task 8: Access vRealize Log Insight as Another User  You log in to vRealize Log Insight as a user other than Admin, and you access various dashboards. 1. At the top right of the vRealize Log Insight interface, click admin and select Logout.

2. Log in to vRealize Log Insight as user regadmin. a. In the Username text box, enter regadmin.  b. In the Password text box, enter the standard lab password and click Login. 3. Verify that Interactive Analytics  does not appear at the top of the vRealize Log Insight interface. The user regadmin is allowed only to view dashboards.

100

Lab 13

Using vRealize Log Insight

4. Examine various dashboards. a. At the top of the vRealize Log Insight interface, click Dashboards.  b. Ensure that General is selected from the drop-down menu at the top of the left pane. c. In the left pane, select Overview and examine the dashboard. d. In the left pane, select Event Types and examine the dashboard. e. In the left pane, select Security and examine the dashboard. f. From the drop-down menu at the top of the left pane, select VMware - vSphere . g. In the left pane, select General-Overview and examine the dashboard. h. In the left pane, select vSphere-Overview and examine the dashboard. 5. At the top right of the vRealize Log Insight interface, click regadmin  and select Logout. 6. In the Internet Explorer window, close the vRealize Log Insight  tab.

Task 9: Prepare for the Next Lab In preparation for the next lab, you add a second adapter to the VCHA virtual machine and you  power on the VCHA virtual machine. 1. In the vSphere Web Client  tab, point to the Home  icon and select Hosts and Clusters . 2. Add a second network adapter to the VCHA virtual machine. a. In the left pane, right-click VCHA and select Edit Settings . The Edit Settings dialog box appears.  b. Near the bottom of the dialog box, select Network  from the New device  drop-down menu. c. Click Add. The new network adapter is added to the virtual hardware list. d. Select pg-VCHA-Cluster from the New Network  drop-down menu. You might have to select Show more networks  from the drop-down menu before you can select the pg-VCHA-Cluster network. e. In the Edit Settings dialog box, click OK . 3. Power on the VCHA virtual machine. The VCHA virtual machine takes a few minutes to start up completely. You use the VCHA virtual machine to configure VMware vCenter Server® High Availability in the next lab. 4. Point to the Home icon and select Home. Lab 13

Using vRealize Log Insight

101

102

Lab 13

Using vRealize Log Insight

Lab 14 Using vCenter Server High

 Availability Objective: Configure vCenter Server Appliance for high availability In this lab, you perform the following tasks: 1. Configure the vCenter Server High Availability Network  2. Log In to the High Availability vCenter Server Appliance Instance 3. Configure vCenter Server High Availability 4. Create the Passive Node 5. Create the Witness Node 6. Finish Configuring vCenter Server High Availability 7. (Optional) Redo the vCenter Server High Availability Configuration If Failure Occurred 8. Manually Initiate a vCenter Server Failover  9. Verify That Your vCenter Server Failover Occurred 10. Prepare for the Next Lab

103

Task 1: Configure the vCenter Server High Availability Network At the end of lab 13, you added the second network adapter to the vCenter Server Appliance instance that you will use for this lab exercise. The second network adapter is used for the private, vCenter Server High Availability network, which is used for communication between the vCenter Server High Availability nodes. You ensure that the vCenter Server Appliance instance is powered on, you view information about the network adapters, and you verify that the second network adapter is online. 1. In the Internet Explorer window, click the vSphere Web Client  tab. 2. Point to the Home icon and select Hosts and Clusters . 3. In the left pane, verify that the VCHA virtual machine is powered on. 4. If you did not power on VCHA before the start of the lab, power on the virtual machine now. 5. View information about the network adapters connected to VCHA. a. In the left pane, select VCHA.  b. In the center pane, click the Summary tab. c. Expand the VM Hardware panel. d. Verify that Network adapter 1 is connected to the pg-VCHA-Management network. e. Verify that Network adapter 2 is connected to the pg-VCHA-Cluster network.  pg-VCHA-Cluster is the private network used for communication between the vCenter Server High Availability nodes. 6. Verify that the second network adapter on VCHA is online. a. Open a new tab in the Internet Explorer window.  b. In the URL box, enter https://vcha.vclass.local:5480 . vcha.vclass.local is the name of the vCenter Server Appliance instance that you will make highly available. c. If you receive a security exception, click the Continue to this website  link to display the login screen. The VMware vSphere Appliance Management login page appears. d. Log in as user root with the standard lab password. e. In the Navigator pane, select Networking and click the Manage tab. f. Under Networking Interfaces, verify that both nic0 and nic1 are up.

104

Lab 14

Using vCenter Server High Availability

7. If nic1 is down, then configure the IP settings for nic1. a. Click Edit next to Networking Interfaces. The Edit IP Configuration dialog box appears.  b. Expand nic1 and click Use the following IPv4 settings . c. In the IPv4 Address  text box, enter 192.168.1.95. d. In the IPv4 Address Prefix  text box, enter 24. e. Keep the rest of the defaults and click OK . f. Verify that the status of nic1 is Up. 8. In the Navigator pane, select Access. 9. In the right pane, verify that SSH Login is enabled. 10. Log out of the Virtual Appliance Management interface and close the tab.

Task 2: Log In to the High Availability vCenter Server Appliance Instance You use vSphere Web Client to log in to the vCenter Server Appliance instance that will be configured for high availability. 1. Open a new tab in Internet Explorer. 2. In the Favorites bar, select vSphere Web Clients > VCHA. 3. When the security exception for vSphere Web Client appears, click the Continue to this website link to display the login screen. If you did not power on VCHA before the start of this lab, then the Web server takes a few minutes to initialize. When the Web server finishes initializing, the VMware vCenter Single Sign-On login page appears. 4. In the User name text box, enter [email protected] . The domain is vcha.local, not vsphere.local. 5. In the Password text box, enter the standard lab password. 6. Click Login. The vSphere Web Client page appears.

Lab 14

Using vCenter Server High Availability

105

Task 3: Configure vCenter Server High Availability You configure the vCenter Server Appliance instance for high availability. You perform the advanced configuration, which means that you must manually create the passive node and the witness node. 1. In the left pane, select vcha.vclass.local. 2. In the center pane, click the Configure  tab and select vCenter HA on the left. 3. In the upper-right corner of the center pane, click Configure. The Configure vCenter HA wizard appears. 4. On the Select a configuration option page, select Advanced and click Next. 5. On the Connection IP settings page, configure the IP settings for the passive node and the witness node. a. Under Passive Node, enter 192.168.1.96 in the vCenter HA IP address  text box. This address is the IP address on the private vCenter Server High Availability network for the passive node.  b. In the Subnet mask (prefix for IPv6) text box, enter 255.255.255.0. c. Under Witness Node, enter 192.168.1.97 in the vCenter HA IP address  text box. This address is the IP address on the private network for the witness node. d. In the Subnet mask (prefix for IPv6) text box, enter 255.255.255.0. e. Click Next. The Clone VMs page appears. Do not click Finish yet. You must create the passive node and the witness node before you can complete the vCenter Server High Availability configuration.

Task 4: Create the Passive Node You create the passive node by cloning the vCenter Server High Availability active node. The active node is the vCenter Server Appliance instance, VCHA. The passive node is created on sa-esxi02.vclass.local. 1. In Internet Explorer, switch to the vSphere Web Client  tab for sa-vcsa-01.vclass.local. 2. In the left pane, right-click VCHA and select Clone > Clone to Virtual Machine . The Clone Existing Virtual Machine wizard appears. 3. On the Select a name and folder page, enter VCHA-Passive for the virtual machine name and click Next. 106

Lab 14

Using vCenter Server High Availability

4. On the Select a compute resource page, expand the SA Management cluster and select sa-esxi02.vclass.local. 5. Click Next. 6. On the Select storage page, select the datastore and virtual disk format. a. Select SA-ESXi-02-Local.  b. From the Select virtual disk format  drop-down menu, select Same format as source . c. Click Next. 7. From the Select clone options page, select the Customize the operating system  check box and select the Power on virtual machine after creation  check box. 8. Click Next. 9. On the Customize guest OS page, create a new customization specification for the passive node. A preconfigured customization specification named VCHA Passive Specification was created for the sake of convenience. As an alternative to performing step 9, you can select VCHA Passive Specification  and click Next, instead of creating a new customization specification. a. Click the Create a new specification  icon. The New VM Guest Customization Spec wizard appears.  b. On the New Customization Specification page, enter the name of your choice in the Customization Spec Name  text box and click Next. c. On the Computer Name page, select the Enter a name  check box and enter vcha in the text box. The computer name of the passive node must match the computer name of the active node. d. In the Domain name text box, enter vclass.local and click Next. e. On the Time Zone page, configure the time zone settings and click Next.

Option

Action

Area

Select America.

Location

Select Los Angeles.

f. On the Configure Network page, select NIC1 and click the Edit icon. g. Click Use the following IP settings .

Lab 14

Using vCenter Server High Availability

107

h. Configure the IP settings for NIC1 and click OK .

Option

Action

IP Address

Enter 172.20.110.95. This IP address is the public address of the active node.

Subnet Mask 

Enter 255.255.255.0.

Default Gateway

Enter 172.20.110.10.

Alternate Gateway

Leave blank.

i. On the Configure Network page, select NIC2 and click the Edit icon.  j. Click Use the following IP settings . k. Configure the IP settings for NIC2 and click OK .

Option

Action

IP Address

Enter 192.168.1.96.

Subnet Mask 

Enter 255.255.255.0.

Default Gateway

Leave blank.

Alternate Gateway

Leave blank.

l. On the Configure Network page, click Next. m. On the Enter DNS and Domain Settings page, configure the DNS and domain information and click Add.

108

Option

Action

Primary DNS

Enter 172.20.110.10.

Secondary DNS  and Tertiary DNS

Leave blank.

DNS Search Path

Enter vclass.local.

Lab 14

Using vCenter Server High Availability

n. Click Next. o. On the Ready to complete page, review the settings and click Finish. The Clone Existing Virtual Machine wizard reappears.  p. On the Customize guest OS page, select the passive node customization specification that you created and click Next. 10. On the Ready to complete page, review the settings and click Finish. 11. View the Recent Tasks pane and monitor the Clone Virtual Machine task to completion. This task takes several minutes to complete. You must wait for this task to complete before going to the next task. 12. In the left pane, verify that the VCHA-Passive virtual machine appears and is powered on.

Task 5: Create the Witness Node You create the witness node by cloning the vCenter Server High Availability active node. The active node is the vCenter Server Appliance instance, VCHA. The witness node is created on sa-esxi03.vclass.local. 1. In the left pane, right-click VCHA and select Clone > Clone to Virtual Machine . The Clone Existing Virtual Machine wizard appears. 2. On the Select a name and folder page, enter VCHA-Witness for the virtual machine name and click Next. 3. On the Select a compute resource page, expand the SA Management cluster and select sa-esxi03.vclass.local. 4. Click Next. 5. On the Select storage page, select the datastore and virtual disk format. a. Select SA-ESXi-03-Local.  b. From the Select virtual disk format  drop-down menu, select Same format as source . c. Click Next. 6. From the Select clone options page, select the Customize the operating system  check box and select the Power on virtual machine after creation  check box. 7. Click Next.

Lab 14

Using vCenter Server High Availability

109

8. On the Customize guest OS page, create a new customization specification for the witness node. A preconfigured customization specification named VCHA Witness Specification was created for the sake of convenience. As an alternative to performing step 8, you can select VCHA Witness Specification  and click Next, instead of creating a new customization specification. a. Click the Create a new specification  icon. The New VM Guest Customization Spec wizard appears.  b. On the New Customization Specification page, enter the name of your choice in the Customization Spec Name  text box and click Next. c. On the Computer Name page, select the Enter a name  check box and enter vcha witness in the text box. The computer name of the witness node must not match the computer name of the active node. d. In the Domain name text box, enter vclass.local and click Next. e. On the Time Zone page, configure the time zone settings and click Next.

Option

Action

Area

Select America.

Location

Select Los Angeles.

f. On the Configure Network page, select NIC1 and click the Edit icon. g. Leave Use DHCP to obtain an IP address automatically clicked and click OK . h. On the Configure Network page, select NIC2 and click the Edit icon. i. Click Use the following IP settings , configure the IP settings for NIC2, and click OK .

110

Option

Action

IP Address

Enter 192.168.1.97.

Subnet Mask 

Enter 255.255.255.0.

Default Gateway

Leave blank.

Alternate Gateway

Leave blank.

Lab 14

Using vCenter Server High Availability

 j. On the Configure Network page, click Next. k. On the Enter DNS and Domain Settings page, configure the DNS and domain information and click Add.

Option

Action

Primary DNS

Enter 172.20.110.10.

Secondary DNS  and Tertiary DNS

Leave blank.

DNS Search Path

Enter vclass.local.

l. Click Next. m. On the Ready to complete page, review the settings and click Finish. The Clone Existing Virtual Machine wizard reappears. n. On the Customize guest OS page, select the witness node customization specification that you created and click Next. 9. On the Ready to complete page, review the settings and click Finish. 10. View the Recent Tasks pane and monitor the Clone Virtual Machine task to completion. This task takes several minutes to complete. You must wait until this task completes before continuing. 11. In the left pane, verify that the VCHA-Witness virtual machine appears and is powered on. 12. Wait at least one minute before going to the next task. Waiting for at least one minute gives the wizard enough time to finish preparing the witness node.

Task 6: Finish Configuring vCenter Server High Availability With the passive node and the witness node created, you finish configuring vCenter Server High Availability on the high availability vCenter Server Appliance instance. 1. In Internet Explorer, switch to the vSphere Web Client  tab for vcha.vclass.local. The Configure vCenter HA wizard is open. 2. On the Clone VMs page, click Finish to complete the vCenter High Availability configuration.

Lab 14

Using vCenter Server High Availability

111

3. While you wait for the configuration task to complete, view the Recent Tasks pane to monitor the configuration task. The configuration task takes several minutes to complete. 4. Verify that vCenter Server High Availability is successfully configured. a. Verify that the center pane shows that vCenter HA is enabled.  b. In the upper-right corner of the center pane, click the vCenter HA Monitoring  link. c. Verify that the health is good for the active, passive, and witness nodes. d. In the upper-right corner of the center pane, click the vCenter HA Settings  link.

Task 7: (Optional) Redo the vCenter Server High Availability Configuration If Failure Occurred You remove the existing passive and witness nodes, and you revert the VCHA virtual machine to a known good starting point. IMPORTANT

Perform this task only if your vCenter Server High Availability configuration failed in task 6. If you successfully configured vCenter Server High Availability in task 6, go to task 8. 1. In Internet Explorer, switch to the vSphere Web Client  tab for sa-vcsa-01.local. 2. Point to the Home icon and select Hosts and Clusters . 3. Power off the VCHA, VCHA-Passive, and VCHA-Witness virtual machines. 4. Revert to the last snapshot for VCHA. a. Right-click VCHA and select Snapshots > Revert to Latest Snapshot .  b. Click Yes to confirm reverting to the latest (most recent) snapshot. The latest snapshot has network adapter 2 already configured for you. 5. Delete the VCHA-Passive and VCHA-Witness virtual machines. a. Right-click VCHA-Passive and select Delete from Disk .  b. Click Yes to confirm deletion. c. Right-click VCHA-Witness and select Delete from Disk . d. Click Yes to confirm deletion. 6. Perform tasks 2 through 6 again.

112

Lab 14

Using vCenter Server High Availability

Task 8: Manually Initiate a vCenter Server Failover  You use vSphere Web Client to initiate a vCenter Server failover from the active vCenter Server Appliance instance. 1. In the upper-right corner in the center pane, click Initiate Failover. 2. In the Initiate vCenter HA Failover window, click Yes. As the failover takes place, connectivity to the vCenter Server Appliance instance is lost for a short time. It might take 5 minutes before you see the Connection Error dialog box indicating a loss of connectivity to the vCenter Server Appliance instance. 3. After connectivity to the vCenter Server instance is lost, close the vSphere Web Client  tab to vcha.vclass.local. 4. Open a new tab and select vSphere Web Clients  > VCHA in the Favorites bar. Failover takes several minutes to complete. It will still be in progress. 5. Periodically click the Refresh icon in the Web browser to refresh the tab. You can expect to see Failover in Progress  messages every time you refresh the browser  page for as long as 15 minutes before you see the VMware vCenter Single Sign-On screen. Failover is complete when the VMware vCenter Single Sign-On screen appears.

Task 9: Verify That Your vCenter Server Failover Occurred You use vSphere Web Client to examine the settings and events to verify that the active vCenter Server instance is the peer vCenter Server instance. 1. In the vSphere Web Client  tab for vcha.vclass.local, log in to as [email protected] with the standard lab password. It might take up to 5 minutes after you log in before the vSphere Web Client screen appears. 2. In the left pane, click vcha.vclass.local at the top of the inventory tree. 3. In the center pane, click the Configure tab and click vCenter HA on the left. 4. In the center pane, select the Active node. 5. In the Active Settings pane, view the IP address of the active node. The IP address belongs to the VCHA-Passive virtual machine. 6. Verify that the virtual machine is the passive node, VCHA-Passive. 7. In the center pane, click the Monitor tab and click Tasks & Events .

Lab 14

Using vCenter Server High Availability

113

8. Select Tasks on the left and examine the output for indications that a vCenter Server failover was initiated. 9. Select Events and examine the output for indications that a vCenter Server failover occurred. 10. In the center pane, click the Monitor tab and click vCenter HA. 11. Examine the health of the cluster. 12. Close the vSphere Web Client  tab to vcha.vclass.local.

Task 10: Prepare for the Next Lab In preparation for the next lab, you power off all the vCenter Server High Availability nodes, and you power on the LAB-VCS-01 virtual machine. 1. On the vSphere Web Client  tab for sa-vcsa-01.vclass.local, point to the Home icon and select Hosts and Clusters . 2. Power off the VCHA, VCHA-Passive, and VCHA-Witness virtual machines. 3. Power on the LAB-VCS-01 virtual machine. LAB-VCS-01 takes a few minutes to start up completely. The LAB-VCS-01 virtual machine is a Windows vCenter Server 5.5 system that you migrate to a vCenter Server Appliance instance in the next lab. 4. Point to the Home icon and select Home.

114

Lab 14

Using vCenter Server High Availability

Lab 15 Migrating Windows vCenter

Server to vCenter Server Appliance Objective: Migrate a Windows vCenter Server instance to vCenter Server Appliance In this lab, you perform the following tasks: 1. Confirm That vCenter Server for Windows Is Running 2. Start the Migration Assistant on the Windows vCenter Server System 3. Run the vCenter Server Appliance Installer and Perform Stage 1 of the Migration Process 4. Monitor Stage 1 of the Deployment Process 5. Perform Stage 2 of the Deployment Process 6. Confirm Successful Migration 7. Clean Up for Later Labs

Task 1: Confirm That vCenter Server for Windows Is Running You log in to the Windows vCenter Server 5.5 system, verify that vCenter Server is running, and view its inventory. 1. In the Internet Explorer window, go to the vSphere Web Client  tab for sa-vcsa-01.vclass.local. 2. Point to the Home icon and select Hosts and Clusters . 3. In the left pane, verify that the LAB-VCS-01 virtual machine is powered on. 4. If the LAB-VCS-01 virtual machine is not powered on, power it on and wait a few minutes for  it boot up completely and for the vCenter services to start.

115

5. Use vSphere vSphere Web Web Client Client to log in in to the Window Windowss vCenter vCenter Server Server system. system. a. Open Open a new new tab in Inter Internet net Explor Explorer er..  b. From the Favorites bar, select vSphere Web Clients  > LAB-VCS-01. This shortcut goes to https://lab-vcs-01.vclass.local:9443/vspherehttps://lab-vcs-01.vclass.local:9443/vsphere-client. client. c. If you receive receive a secur security ity exceptio exception n for vSphere vSphere Web Web Client, Client, click click the Continue to this website link to display the login screen. If you did not power on LAB-VCS-01 before the start of this lab, then it takes a few minutes for the vSphere Client Web server to initialize. When the Web server finishes initializing, the vSphere Web Client login screen appears. d. In the the log login in scr scree een, n, ent enter er [email protected]  in the User name text box. e. In the Password text box, enter the standard lab password and click Login. 6. Verify that that vCenter vCenter Server Server 5.5 5.5 for Window Windowss is running. running. a. From the Help menu in the upper-right corner, corner, select About VMware vSphere . The About VMware vSphere window appears.  b. View the vSphere Web Web Client line (the (the first line in the window) and verify that you are running version 5.5.0. c. Click OK  to  to close the About VMware vSphere window. 7. On the Home Home page page,, poin pointt to to the the Home icon and select Hosts and Clusters . 8. In the left pane, pane, verify verify that that you have two object objects: s: Training Training Datace Datacenter nter and Lab Lab Cluster Cluster.. 9. Close th the vSphere Web Client tab to lab-vcs-01.vclass.local. lab-vcs-01.vclass.local.

116

Lab 15

Migrating Windows vCenter Server to vCenter Server Appliance

Task 2: Start Start the Migration Assistant Assistant on the Windows vCenter Server System The Migration Assistant is an application that runs on the Windows vCenter Server 5.5 system. You You use the Migration Assistant to extract the configuration data from the Windows vCenter Server 5.5 system and send it to a vCenter Server Appliance 6.5 instance. The Migration Assistant is in the migration-assistant  folder. 1. Open a console console to the the LAB-VC LAB-VCS-01 S-01 virtual virtual machine machine.. a. Click the Remote Desktop Connection Manager icon in the Windows desktop toolbar.

The Remote Desktop Connection Manager window appears.  b. In the left pane, double-click LAB-VCS-01 (vclass.local) . c. If you you do not connect connect to LAB-VCS LAB-VCS-01, -01, then right-click right-click LAB-VCS-01 (vclass.local)  and select Connect server. The desktop for LAB-VCS-01 appears in the center pane. 2. Open th the Migration-assistant  folder on the LAB-VCS-01 desktop. 3. Doub ouble-c le-cli lick ck VMware-Migration-Assistant to start the Migration Assistant. The Migration Assistant console window appears. 4. If you you see see a securi security ty warn warning ing,, click click Run. 5. For the Administr Administrator@ ator@vsphe vsphere.lo re.local cal password, password, enter enter the standard standard lab password. password. Extracting the Migration Assistant scripts and running the prechecks takes a couple of minutes. Information about the existing deployment appears on the screen. The migration steps are also detailed there. 6. Wait ait unt until il the the Waiting for migration to start  message appears. The Migration Assistant pauses at this screen while the migration is in progress. IMPORTANT

Do not close the console until the migration is complete. 7. Minimize Minimize the the Remote Remote Desktop Desktop Connec Connection tion Manag Manager er window window.. You return to this window later. Lab 15

Migrating Windows vCenter Server to vCenter Server Appliance

117

Task 3: Run the vCenter Server Appliance Appliance Installer and Perform Perform Stage Stage 1 of the Migration Process You use the vCenter Server Appliance installer to perform stage 1 of the migration process. 1. Mount Mount the vCenter vCenter Server Server Appliance Appliance installer installer ISO ISO file. file. a. On the StudentStudent-a-01d a-01deskto esktop, p, double-cli double-click ck Class Materials and Licenses .  b. Double-click Downloads. c. Doub ouble-c le-cli lick ck VMware-VCSA-all-6.5.0.iso. This file contains the vCenter Server Appliance installer ISO image. The installer ISO file is mounted as the E: drive. 2. Run the vCenter vCenter Server Server Appliance Appliance installer installer program. program. a. Navigate to to vcsa-ui-installer\win32 . The installer.exe  file is in this folder.  b. Double-click installer.exe  to start the migration process. c. If you you see see a securi security ty warn warning ing,, click click Run. The vCenter Server Appliance 6.5 Installer window appears. 3. Select the Migrate option. The Migrate - Stage 1: Deploy appliance wizard appears. 4. On the Introducti Introduction on page, read read the information information about about what occurs occurs during during the migration migration process process and click Next. 5. On the End End user license license agreem agreement ent page, page, accept accept the license license agreem agreement ent and click click Next . 6. On the Connect Connect to source source server server page, specif specify y the Window Windowss vCenter vCenter Server instanc instance. e. a. In the Source Windows server  text box, enter lab-vcs-01.vclass.local .  b. In the SSO password text box, enter the standard lab password and click Next. c. In the the Verify Verify Thumbprin Thumbprintt window window,, click click Yes to accept the certificate.

118

Lab 15

Migrating Windows vCenter Server to vCenter Server Appliance

7. On the Appliance deployment target page, specify the ESXi host on which to deploy the vCenter Server Appliance instance. a. In the ESXi host or vCenter Server name  text box, enter sa-esxi-01.vclass.local . In this lab, you deploy to an ESXi host. However, you can deploy to a vCenter Server system as well.  b. In the User name text box, enter root. c. In the Password text box, enter the standard lab password and click Next. d. In the Certificate Warning window, click Yes to accept the certificate. 8. On the Set up target appliance VM page, configure the appliance name and the root password. a. In the VM name text box, enter VCSA-02.vclass.local.  b. In the Root password and Confirm root password  text boxes, enter the standard lab  password and click Next. 9. On the Select deployment size page, keep the default (Tiny) and click Next. 10. On the Select datastore page, specify the datastore information. a. Select the SA-ESXi-01-Local datastore.  b. Select the Enable Thin Disk Mode  check box and click Next. 11. On the Configure network settings page, configure the vCenter Server Appliance network settings.

Option

Action

Network 

Select pg-SA Management . This port group uses ephemeral port binding, which is a requirement for the migration.

IP version

Select IPv4.

IP assignment

Select static.

Temporary IP address

Enter 172.20.10.70.

Subnet mask or prefix length

Enter 24.

Default gateway

Enter 172.20.10.10.

DNS servers

Enter 172.20.10.10.

12. Click Next. Lab 15

Migrating Windows vCenter Server to vCenter Server Appliance

119

13. On the Ready to complete stage 1 page, review your settings and click Finish. Stage 1 takes several minutes to complete. 14. Go to the next task to monitor the progress of stage 1.

Task 4: Monitor Stage 1 of the Deployment Process You monitor the progress of stage 1 of the deployment process. 1. Use VMware Host Client™ to log in to SA-ESXi-01. a. In the Internet Explorer window, open a new tab.  b. In the Favorites toolbar, select Host Clients > SA-ESXi-01 . c. If you receive a security exception for VMware Host Client, click the Continue to this website link. The ESXi login page appears. d. On the login page, enter root in the User name text box. e. Enter the standard lab password in the Password text box. f. Click Log in. g. In the informational message window, deselect the Join CEIP check box and click OK . The VMware Host Client page appears. 2. Open a console window to monitor the deployment of vCenter Server Appliance. a. In the left pane, click Virtual Machines.  b. Wait until VCSA-02.vclass.local is powered on. c. In the center pane, right-click VCSA-02.vclass.local and select Console > Open console in new window. 3. Monitor the progress of the stage 1 deployment process. a. Position the VCSA-02 console window and the vCenter Server Appliance Installer  progress bar window so that both windows are visible on your monitor. Or you can alternate between viewing the two windows.  b. Notice changes that occur on the console screen. For example, if the progress bar is at about 80 percent, the VCSA-02 console window changes to a virtual appliance screen. c. In the vCenter Server Appliance Installer progress bar window, wait for stage 1 to be 100  percent complete. d. When stage 1 is complete, click Continue. The Stage 2: vCenter Server Appliance with an Embedded PSC wizard appears. 120

Lab 15

Migrating Windows vCenter Server to vCenter Server Appliance

4. Monitor messages in the Migration Assistant on the Windows vCenter Server system. a. Switch back to the Migration Assistant in the Remote Desktop Connection Manager window.  b. Confirm that the Successfully returned cached prechecks result  message appears in the Migration Assistant output. c. Return to the vCenter Server Appliance Installer window.

Task 5: Perform Stage 2 of the Deployment Process You perform stage 2 of the migration process. 1. On the Introduction page of the vCenter Server Appliance Installer window, read the information and click Next. 2. On the Join AD Domain page, configure the Active Directory domain settings.

Option

Action

AD domain

Verify that the domain is vclass.local.

AD User name

Enter administrator.

AD Password

Enter the standard lab password.

3. Click Next. 4. On the Select migration data page, select Configuration, events, tasks, and performance metrics and click Next. 5. On the Configure CEIP page, deselect the Join the VMware’s Customer Experience Improvement Program (CEIP)  check box and click Next. 6. On the Ready to complete page, select the I have backed up the source vCenter Server and all the required data from the database  check box. 7. Click Finish. The Shutdown Warning window warns that vCenter Server will shut down when the network configuration is enabled on the destination vCenter Server Appliance.

Lab 15

Migrating Windows vCenter Server to vCenter Server Appliance

121

8. Click OK . The rest of the migration takes about 30 minutes to complete: • Data transfer - Export data: Data will be copied from the source vCenter Server instance to the target vCenter Server instance. • Shutdown source machine: After the data is copied, the source vCenter Server instance will  be shut down. • Copy data from source vCenter Server to target vCenter Server: The Active Directory configuration will be applied. • Set up target vCenter Server and start services: The vCenter Server service will be configured. • Import data: Some vCenter services will be stopped, and the data copied from the source vCenter Server instance will be imported to the target vCenter Server instance. • Migration complete: After the data is transferred, the migration of the Windows vCenter Server instance to the vCenter Server Appliance instance is complete. When stage 2 is complete, the Complete screen appears.

9. Click Close to exit the vCenter Server Appliance Installer.

122

Lab 15

Migrating Windows vCenter Server to vCenter Server Appliance

Task 6: Confirm Successful Migration You confirm that the Windows vCenter Server system was migrated to vCenter Server Appliance. 1. Use vSphere Web Client to log in to the newly migrated vCenter Server instance. a. Open a new Internet Explorer tab.  b. From the Favorites bar, select vSphere Web Clients  > LAB-VCS-01. c. If you receive a security exception for vSphere Web Client, click the Continue to this website link to display the login screen. d. Log in with the vCenter Server Appliance user name and the standard lab password. 2. Point to the Home icon and select Host and Clusters . 3. In the left pane, select  LAB-VCS-01.vclass.local . 4. In the center pane, click the Summary tab. 5. In the Version Information panel, verify that the version is 6.5. 6. In the left pane, verify that you have two objects in the inventory tree: Training Datacenter and Lab Cluster. 7. Point to the Home icon and select Administration. 8. In the left pane, select System Configuration . 9. Select Nodes. 10. Select LAB-VCS-01.vclass.local and review the information about the vCenter Server Appliance instance. 11. Log out of vSphere Web Client and close the tab.

Task 7: Clean Up for Later Labs You delete the new vCenter Server Appliance instance to free up resources in the lab. 1. Click the vSphere Web Client  tab for sa-vcsa-01.vclass.local. 2. Point to the Home icon and select Hosts and Clusters . 3. In the left pane, select VCSA-02.vclass.local. 4. Shut down VCSA-02.vclass.local. 5. Right-click VCSA-02.vclass.local and select Delete from Disk . 6. Point to the Home icon and select Home.

Lab 15

Migrating Windows vCenter Server to vCenter Server Appliance

123

124

Lab 15

Migrating Windows vCenter Server to vCenter Server Appliance

Lab 16 Configuring Lockdown Mode Objective: Configure and test lockdown mode In this lab, you perform the following tasks: 1. Start the vSphere ESXi Shell and SSH Services 2. Test the SSH Connection 3. Enable and Test Lockdown Mode 4. Disable Lockdown Mode 5. Examine the DCUI.Access List

Task 1: Start the vSphere ESXi Shell and SSH Services You use vSphere Web Client to start VMware vSphere® ESXi™ Shell and SSH services on your host. 1. In the Internet Explorer window, click the vSphere Web Client  tab to sa-vcsa-01.vclass.local. 2. Point to the Home  icon and select Hosts and Clusters . 3. In the left pane, select sa-esxi-01.vclass.local. 4. In the center pane, click the Configure tab. 5. On the left under System, click Security Profile . 6. In the center pane, scroll down to the Services panel. To make navigation easier, you can minimize the Firewall Incoming Connections list and the Firewall Outgoing Connections list. 7. Click Edit next to Services.

125

8. Verify that the vSphere ESXi Shell service is running. a. In the Edit Security Profile window, select ESXi Shell.  b. In the Service Details pane, confirm that the correct settings are configured. • Startup policy is set to Start and stop with host . • Status is Running. c. If the correct settings are not configured, change the startup policy to Start and stop with host and click Start. By default, this service is not configured to start with the host. This setting was enabled as  part of the lab kit configuration. 9. Verify that the SSH service is running. a. In the Edit Security Profile window, select SSH.  b. In the Service Details pane, confirm that the correct settings are configured. • Startup policy is set to Start and stop with host . • Status is Running. c. If the correct settings are not configured, change the startup policy to Start and stop with host and click Start. By default, this service is not configured to start with the host. This setting was enabled as  part of the lab kit configuration. d. Click OK .

Task 2: Test the SSH Connection You use MTPuTTY to connect to the ESXi host and confirm that SSH is working. 1. Click MTPuTTY in the Windows desktop taskbar. The MTPuTTY utility window appears. 2. In the left pane, double-click SA-ESXi-01. A new SA-ESXi-01 tab opens in the center pane. MTPuTTY is configured to automatically log in to the ESXi host as user root. 3. If the login is successful, enter exit.

126

Lab 16

Configuring Lockdown Mode

Task 3: Enable and Test Lockdown Mode You use vSphere Web Client to enable lockdown mode for your assigned ESXi host. 1. In the Internet Explorer window, click the vSphere Web Client  tab. 2. In the left pane, select sa-esxi-01.vclass.local. 3. In the center pane, click the Configure  tab. 4. On the left, click Security Profile  and scroll down until the Lockdown Mode panel is visible. 5. Enable normal lockdown mode. a. Click Edit next to Lockdown Mode. The Lockdown Mode wizard appears.  b. On the Lockdown Mode page, click Normal . c. Click Exception Users  on the left. Users are not listed. d. Click OK . 6. Verify that normal lockdown mode works properly. The user root must be denied access in an SSH session. In general, all users, including user root, will be denied access in an SSH session. a. Go to the MTPuTTY window.  b. In the left pane, double-click SA-ESXi-01. MTPuTTY automatically tries to log in as root. c. Verify that user root is not logged in and that the Access Denied  message appears. d. Close the MTPuTTY window.

Task 4: Disable Lockdown Mode You use vSphere Web Client to disable lockdown mode. 1. In the Internet Explorer window, click the vSphere Web Client  tab. 2. Click Edit next to Lockdown Mode. 3. On the Lockdown Mode page, click Disabled. 4. Click OK .

Lab 16

Configuring Lockdown Mode

127

Task 5: Examine the DCUI.Access List The DCUI.Access list is a list of local users on an ESXi host. These users have rights to disable lockdown mode when a catastrophic failure occurs and administrators need direct host access again. These users do not need the administrator role on the ESXi host. 1. In the center pane on the left, click Advanced System Settings under System. 2. In the Advanced System Settings pane, scroll down to the DCUI.Access entry. You can also use the Filter box and search for “DCUI.” 3. Examine the value of the DCUI.Access setting. The root user is added to the DCUI.Access list by default. Thus, the root user can disable lockdown mode but cannot bypass lockdown mode. 4. Point to the Home icon and select Home.

128

Lab 16

Configuring Lockdown Mode

Lab 17 Working with Certificates Objective: Generate and replace a vCenter Server certificate In this lab, you perform the following tasks: 1. Examine vSphere Certificates 2. Create a Windows 2012 Certificate Authority Template for vSphere 3. Create a Certificate Signing Request 4. Download the CSR to the Student Desktop 5. Request a Signed Custom Certificate 6. Replace a Machine Certificate with the New Custom Certificate

Task 1: Examine vSphere Certificates You examine the default certificates issued by VMware Certificate Authority in a nonproduction vCenter Server system. 1. In the Internet Explorer window, go to the vSphere Web Client  tab for sa-vcsa-01.vclass.local. 2. Point to the Home icon and select Administration. 3. In the left pane, click System Configuration . 4. In the left pane, click Nodes and click sa-vcsa-01.vclass.local. 5. In the center pane, click the Manage tab and click Certificate Authority. 6. In the Certificate Authority panel, click the Verify password  link.

129

7. In the Password text box, enter the standard lab password and click OK . Q1. How many active certificates are in the certificate store for this node? 1. The total might vary. Typically, eight or more certificates are in the Active Certificates list. Q2. How long are the certificates valid for? 2. By default, tickets issued by VMware CA are valid for 10 years. Q3. On what date do the certificates expire? 3. The expiration date varies in different lab environments.

8. Select the first C=US,CN=sa-vcsa-01.vclass.local certificate in the list. 9. Record the expiration date of the certificate. __________  10. Click the Show Details for certificate  icon.

Q4. Who issued the certificate? 4. The Issuer Common Name field contains CN=CA, which indicates that VMware CA issued the certificate.

11. Click OK . 12. Widen the Subject column in the center pane until you can see the CN= part of the subject name for each certificate. 13. Select the first certificate in the list that has a Subject field that begins with OU=. 14. Click the Show Details for certificate  icon. Q5. Based on the Common name field under Subject, what is the type of this certificate? 5. The certificate is a machine certificate.

15. Click OK .

130

Lab 17

Working with Certificates

16. Use the Show Details for certificate  icon to examine the other certificates with Subject fields that begin with OU=. These certificates are called vSphere solution user certificates. Q6. How many solution user certificates do you see? 6. Five solution user certificates are in this configuration. Q7. What are the names of the solution users that have certificates (from the Subject field)? 7. Machine, vsphere-webclient, vpxd, vpxd-extension, and localhost.

17. In the center pane, click Root Certificates . 18. Select the root certificate in the list. The certificate begins with OU=VMware Engineering. 19. Click the Show Details for certificate  icon. Q8. What is the organization in the Issuer section of this certificate? 8. The organization is the name of your Platform Services Controller instance, which, in this lab environment, is embedded in the vCenter Server instance. In this lab configuration, the name is sa-vcsa-01.vclass.local. This name is specified in the O= field in the Subject field. This certificate is the VMware CA root certificate in which VMware CA is a standalone root certificate authority.

20. Click OK .

Task 2: Create a Windows 2012 Certificate Authority Template for vSphere You create a vSphere 6.5 certificate template on a Windows 2012 Server domain controller that you can use to create certificates that work with vSphere 6.5. The certificate template can be used to create machine SSL or solution user certificates in VMware CA. 1. Open a console to dc.vclass.local. a. Click the Remote Desktop Connection Manager icon in the Windows desktop toolbar. The Remote Desktop Connection Manager window appears.  b. In the left pane, double-click DC (vclass.local) . The desktop for dc.vclass.local appears in the center pane. You are automatically logged in as a domain administrator.

Lab 17

Working with Certificates

131

2. Open the certification authority console. a. Click the Windows Start button on the dc.vclass.local desktop.  b. On the Apps page, click the up arrow icon. c. Click Administrative Tools . d. In the Administrative Tools window, double-click Certification Authority. The Certification Authority window appears. 3. Open the certificate templates console. a. Expand vclass-DC-CA.  b. Right-click Certificate Templates  and select Manage. 4. Configure a new certificate template. a. Right-click the existing Web Server template and select Duplicate Template . The Properties of New Template dialog box appears.  b. Click the General tab and enter vSphere65 in the Template display name  text box. c. Click the Extensions tab. d. Select Key Usage and click Edit. e. In the Edit Key Usage Extension dialog box, select the Signature is proof of origin (nonrepudiation) check box and the Allow encryption of user data  check box. f. Click OK . g. Select Application Policies  and click Edit. h. In the Edit Application Policies Extension dialog box, click Add and select Client Authentication. i. Click OK  and click OK  again.  j. Click the Request Handling tab and select the Allow private key to be exported check  box. k. Click OK  to save the new certificate template. l. Close the Certificate Templates Console window.

132

Lab 17

Working with Certificates

5. Enable the new certificate template. a. In the Certification Authority console window, right-click Certificate Templates  and select New > Certificate Template to Issue . The Enable Certificate Templates window appears.  b. Select vSphere65 and click OK. c. Close all open windows. d. In the left pane of the Remote Desktop Connection Manager, right-click DC (vclass.local) and select Disconnect server. 6. Close the Remote Desktop Connection Manager window.

Task 3: Create a Certificate Signing Request You use vSphere Certificate Manager to create a certificate signing request (CSR) that you use to request a signed custom certificate from the domain controller certificate authority (CA) for the lab. 1. Start an SSH session with SA-VCSA-01. a. Click MTPuTTY in the Windows desktop toolbar. The MTPuTTY utility window appears.  b. In the left pane, double-click SA-VCSA-01. A new SA-VCSA-01 tab opens in the center pane. c. Enter shell to start a Bash shell. 2. Create a certificate signing request. a. Enter /usr/lib/vmware-vmca/bin/certificate-manager  and press Enter. The vSphere Certificate Manager program starts.  b. Enter 1 to select the Replace Machine SSL certificate with Custom Certificate  option. c. Press Enter to accept the default user name of [email protected]. d. Enter the standard lab password. e. Enter 1 to select the Generate Certificate Signing Request  option. f. For the output directory path, enter /var/tmp. The /var/tmp  directory on Linux and UNIX systems is a temporary directory. The contents of the/var/tmp  directory are not deleted during a reboot.

Lab 17

Working with Certificates

133

3. Configure the certificate properties. a. For Country, press Enter to accept the default.  b. For Name, enter VMware. c. For Organization, enter VMeduc. d. For OrgUnit, enter vclass. e. For State, press Enter. f. For Locality, press Enter. g. For IPAddress, press Enter. h. For Email, enter [email protected]. i. For Hostname, enter sa-vcsa-01.vclass.local . 4. Enter 2 to exit vSphere Certificate Manager.

Task 4: Download the CSR to the Student Desktop You download the CSR from the vCenter Server system to your student desktop. 1. Enter chsh -s /bin/bash to temporarily change the login shell of the root account to /bin/ bash. This step is necessary for WinSCP to connect to the vCenter Server system so that you can download the CSR to your student desktop. 2. Start the WinSCP application. a. On the student desktop taskbar, click the WinSCP icon.

 b. In the left pane, double-click SA-VCSA-01. c. In the Warning dialog box, click Update to accept and remember the Certificate Lab vCenter Server public key for SSH. d. Click Continue to close the Authentication Banner dialog box. In the WinSCP window, you should see the C:\Materials\Downloads  folder on your student desktop in the left pane and the /root directory on the vCenter Server Appliance instance in the right pane. 3. Use the folder controls to navigate to the /var/tmp  directory in the right pane.

134

Lab 17

Working with Certificates

4. If the left pane is not C:\Materials\Downloads , then use the folder controls to navigate to the C:\Materials\Downloads  folder . 5. Drag the vmca_issued_csr.csr  and vmca_issued_key.key  files from the /var/tmp directory in the right pane to the C:\Materials\Downloads  folder in the left pane. This action copies the files from the vCenter Server system to the Downloads  folder on your student desktop. 6. Leave the WinSCP window open.

Task 5: Request a Signed Custom Certificate You request a signed custom certificate from the domain controller CA for the lab. 1. Copy the contents of the vmca_issued_csr.csr  file to the clipboard. a. On your student desktop, open Windows Explorer and navigate to the C:\Materials\Downloads  folder.  b. Right-click the vmca_issued_csr.csr file and select Open with. c. Open vmca_issued_csr.csr  in WordPad. d. Click Select all in the WordPad toolbar. e. Press Ctrl+C to copy the selected text to the clipboard. 2. Go to the certificate services program on the domain controller and request a certificate. a. On your student desktop, open a new Internet Explorer tab and go to http://dc.vclass.local/certsrv.  b. Log in with user name administrator and the standard lab password. c. On the Microsoft Active Directory Certificate Services page, click the Request a certificate link. d. Click the advanced certificate request link. e. Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file . f. Under Saved Request, press Ctrl+V to paste the CSR text into the Base-64-encoded certificate request  text box. g. From the Certificate Template  drop-down menu, select vSphere65. h. Click Submit. i. Click Base 64 encoded.  j. Click the Download certificate  link. Lab 17

Working with Certificates

135

k. Click Save As in the Internet Explorer dialog box and navigate to the C:\Materials\Downloads  folder on your student desktop to save the certificate. l. Save the file as machine_ssl.cer . NOTE

The filename is case-sensitive and must exactly match the correct filename in order for the script to use it. 3. Download the certificate chain. a. In the Internet Explorer window, click the Download certificate chain  link. Base 64 encoded  should still be clicked.

 b. Click Save as in the Internet Explorer dialog box and navigate to the C:\Materials\Downloads  folder on your student desktop to save the certificate. c. Save the file as cachain.p7b . NOTE

The filename is case-sensitive and must exactly match the correct filename in order for the script to use it. d. Close the Microsoft Active Directory Certificate Services page. e. If WordPad is open, close it. 4. Export the root certificate. a. Switch to the Windows Explorer window and navigate to the C:\Materials\Downloads directory.  b. Right-click the cachain.p7b file and select Open. The Certificate Manager Console opens. c. In the left pane, expand the inventory tree until you see the Certificates  folder. d. Select the Certificates folder. You should see two certificates: the root certificate for your domain controller and the custom certificate for your vCenter Server Appliance instance. The custom certificate appears as VMware. vSphere65 appears under the Certificate Template column at the far right. e. To export the root certificate, right-click the root certificate vclass-DC-CA and select All Tasks > Export. The Certificate Export wizard appears.

136

Lab 17

Working with Certificates

f. Click Next. g. On the Export File Format page, click Base-64 encoded X.509 (.CER)  and click Next. h. On the File to Export page, click Browse . i. Navigate to the C:\Materials\Downloads  folder.  j. Enter root-64.cer in the File name text box. NOTE

The filename is case-sensitive and must exactly match the correct filename in order for the script to use it. k. Click Save. l. On the File to Export page, click Next. m. Click Finish. n. Click OK . o. Close the Certificate Manager Console.

Task 6: Replace a Machine Certificate with the New Custom Certificate You replace the machine SSL certificate for vCenter Server with the new custom certificate so that VMware CA acts as a subordinate CA to the domain controller CA. 1. Copy the certificate files from the student desktop to the vCenter Server system. a. Switch to the WinSCP window.  b. In the WinSCP window, drag the machine_ssl.cer and root-64.cer files from the C:\Materials\Downloads folder to the /var/tmp folder in the right pane. This action copies the certificate files from the student desktop to the vCenter Server system. 2. In the MTPuTTY session, change the login shell of the root account back to the vCenter Server Appliance shell. a. Switch to the MTPuTTY window.  b. If the SSH session to SA-VCSA-01 is not open, reconnect to SA-VCSA-01. c. If you see the message timed out waiting for input: auto-logout , enter shell. d. Enter chsh -s /bin/appliancesh to change the login shell of the root account back to the vCenter Server Appliance shell. This step returns the vCenter Server system to its more secure posture.

Lab 17

Working with Certificates

137

3. Replace the machine SSL certificate with the custom certificate. a. Enter cd /var/tmp to change to the /var/tmp  directory. If you run vSphere Certificate Manager from the /var/tmp  directory, you do not have to enter the full path for each of the certificate and key files that you import.  b. Enter /usr/lib/vmware-vmca/bin/certificate-manager  to start vSphere Certificate Manager. c. Enter 1 to select the Replace Machine SSL certificate with Custom Certificate  option. d. Press Enter to use the default user name of [email protected]. e. When prompted, enter the standard lab password. f. Enter 2 to select the Import custom certificate(s) and key(s)  option. g. Import the custom certificate.

Option

Action

Please provide valid custom certificate for Machine SSL

Enter machine_ssl.cer.

Please provide valid custom key for Machine SSL

Enter vmca_issued_key.key.

Please provide the signing certificate of the Machine SSL certificate

Enter root-64.cer.

You are going to replace Machine SSL cert using custom cert. Continue operation: Option[Y/N]?:

Enter y.

You must wait for the process to complete. This process takes several minutes while the services are restarted. During this operation, notice the number of services that are updated. h. Wait until the 100% Complete [All tasks completed successfully]  message appears. i. After the operation is 100 percent complete, press Ctrl+D.

138

Lab 17

Working with Certificates

4. Close and reopen Internet Explorer, and log back in to vSphere Web Client. a. Close the Internet Explorer window.  b. Start Internet Explorer. c. From the Favorites bar, select vSphere Web Clients > SA-VCSA-01 . The vSphere Web Client login screen appears. d. Log in to vSphere Web Client as [email protected] with the standard lab  password. Q1. What color is the background of the Internet Explorer location bar? 1. The location bar can be blue or gray, but it should not be red.

5. In Internet Explorer, click the Security report  icon (padlock) to the right of the Location text  box. 6. View information about the machine certificate. a. Click the View certificates link . The Certificate dialog box appears. In this dialog box, you can view the machine certificate that was used to authenticate the vCenter Server system.  b. Click the Details tab. c. Scroll down and click Subject Alternative Name . Q2. To which machine was the certificate issued? 2. The certificate was issued to the vCenter Server-Platform Services Controller system, sa-vcsa01.vclass.local.

d. Scroll up and click Issuer. Q3. Who issued the certificate? 3. The domain controller CA issued the certificate.

e. Click Valid from. Q4. On what day did the certificate become valid? 4. The certificate was signed now, so it is valid from today.

Lab 17

Working with Certificates

139

f. Click the Certification Path  tab. Q5. What is the certificate signing chain? 5. The domain controller CA is the root. The vCenter Server certificate is subordinate to the root certificate. Q6. Why does Internet Explorer on your student desktop trust the vCenter Server certificate? 6. The student desktop is a member of the same Active Directory domain, and Internet Explorer is using the same certificate store. Because the vCenter Server certificate is signed by the domain controller CA, Internet Explorer trusts the subordinate certificate.

g. Click OK  to close the Certificate dialog box. 7. In vSphere Web Client, point to the Home icon and select Home . 8. Leave vSphere Web Client open. 9. Close all other applications. a. Close the WordPad application.  b. Close the WinSCP application. c. Close the MTPuTTY application. d. Close the Windows Explorer window.

140

Lab 17

Working with Certificates

Lab 18 Virtual Machine Encryption Objective: Register a KMS with vCenter Server and encrypt a virtual machine In this lab, you perform the following tasks: 1. Verify Access to the Key Management Server  2. Register the KMS with vCenter Server  3. Create an Encryption Storage Policy 4. Encrypt a Virtual Machine 5. Check vCenter Server Events 6. Use Encrypted vSphere vMotion to Migrate Virtual Machines

Task 1: Verify Access to the Key Management Server  You verify that you can access the key management server (KMS). The KMS used in this lab is a simple Python-based key server that keeps keys while the KMS is running. 1. Use MTPuTTY to log in to vCenter Server Appliance. a. On the taskbar, click the MTPuTTY icon.  b. In the left pane, double-click SA-VCSA-01. You are logged in to vCenter Server Appliance as user root.

141

2. Ping sa-keyserver-01, the key management server. a. At the command prompt, enter shell.  b. At the shell command prompt, ping the key management server. ping sa-keyserver-01

c. Verify that the ping is successful. d. Press Ctrl+C to end the ping command. 3. Exit the MTPuTTY session and close the MTPuTTY window.

Task 2: Register the KMS with vCenter Server  You register the KMS with vCenter Server, and you mark the KMS cluster as the default. 1. Point to the Home icon and select Hosts and Clusters . 2. At the top of the left pane, select sa-vcsa-01.vclass.local. 3. In the center pane, click the Configure  tab and click Key Management Servers  on the left. 4. Click Add KMS.

5. In the Add KMS dialog box, enter SA KMS-Cluster in the Cluster name text box. 6. In the Server alias text box, enter KMS1. 7. In the Server address text box, enter 172.20.10.201. 172.20.10.201 is the IP address of the KMS. 8. In the Server port text box, enter 5696. 9. Leave the rest of the text boxes blank and click OK . 10. When prompted to set the default KMS cluster, click Yes. 11. When the trust certificate window appears, click Trust. 12. Verify that the KMS appears in the list and that the KMS cluster that you created is marked as the default cluster. 142

Lab 18

Virtual Machine Encryption

Task 3: Create an Encryption Storage Policy You create a virtual machine storage policy that includes only the encryption common rule. Although a prebuilt policy called VM Encryption Policy is available, you should understand how the policy is created. 1. Point to the Home icon and select Policies and Profiles . 2. In the Navigator pane, select VM Storage Policies . 3. In the center pane, click the Create VM Storage Policy  icon.

The Create New VM Storage Policy wizard appears. 4. On the Name and description page, enter SA Encryption Policy in the Name text box and click Next. 5. On the Policy structure page, click Next. 6. On the Common rules page, select the Use common rules in the VM storage policy  check  box. 7. Click Add component and select Encryption > Custom. The custom properties show that the provider is VMware VM Encryption and that I/O filters are not allowed before encryption. 8. Click Next. 9. On the Rule-set 1 page, deselect the Use rule-sets in the storage policy  check box and click Next. 10. On the Storage compatibility page, review the compatible storage. All storage is compatible with the encryption filter because the filter is applied as a common rule, so the filter is storage agnostic. 11. Click Next. 12. On the Ready to complete page, click Finish. 13. Verify that your encryption policy appears in the storage policies list.

Lab 18

Virtual Machine Encryption

143

Task 4: Encrypt a Virtual Machine You encrypt a virtual machine. 1. Point to the Home icon and select Hosts and Clusters . 2. In the left pane, right-click VM01 and select VM Policies > Edit VM Storage Policies . 3. In the Edit VM Storage Policies dialog box, select SA Encryption Policy  from the VM storage policy drop-down menu. 4. Click Apply to all and click OK . 5. In the Recent Tasks pane, monitor the task to completion. 6. Verify that the virtual machine is encrypted. a. In the left pane, select VM01.  b. In the center pane, click the Summary tab. c. Expand the VM Hardware panel. The panel states that the virtual machine configuration files and the hard disk are encrypted.

Task 5: Check vCenter Server Events You view vCenter Server cryptographic events. 1. At the top of the left pane, select sa-vcsa-01.vclass.local. 2. In the center pane, click the Monitor tab. 3. Click Tasks & Events  and click Events on the left. 4. In the filter box, enter crypto and press Enter. 5. Select the cryptographic operation that was performed when the virtual machine was encrypted. The cryptographic operation is recorded along with the user that initiated the task.

144

Lab 18

Virtual Machine Encryption

Task 6: Use Encrypted vSphere vMotion to Migrate Virtual Machines You use encrypted vSphere vMotion to migrate VM01 (the encrypted virtual machine) and VM02 (an unencrypted virtual machine) to a different host. 1. View the vSphere vMotion encryption state on VM01. a. In the left pane, right-click VM01 and select Edit Settings.  b. Click the VM Options tab. c. Expand the Encryption panel. Because VM01 is encrypted, the Encrypted vMotion state is always Required and cannot  be changed. d. Click Cancel. 2. View the vSphere vMotion encryption state on VM02. a. In the left pane, right-click VM02 and select Edit Settings.  b. Click the VM Options tab. c. Expand the Encryption panel. Because VM02 is not encrypted, the default state is Opportunistic. d. Keep the default and click Cancel. 3. Power on VM01 and VM02. 4. Migrate VM01 and VM02 to sa-esxi-03.vclass.local. a. Right-click VM01 and select Migrate.  b. On the Select the migration type page, leave Change compute resource only clicked and click Next. c. On the Select a compute resource page, click sa-esxi-03.vclass.local and click Next. d. On the Select networks page, select pg-SA Management  and click Next. e. On the Select vMotion priority page, click Next. f. On the Ready to complete page, click Finish. g. Click the Summary tab of VM01 and verify that VM01 is now on sa-esxi-03.vclass.local. h. Repeat steps a through g to migrate VM02.

Lab 18

Virtual Machine Encryption

145

5. View the hot migration events that occurred. a. At the top of the left pane, select sa-vcsa-01.vclass.local.  b. In the center pane, click the Monitor tab. c. Click Tasks & Events  and click Events on the left. d. In the filter box, enter encryption. You should see two events that begin with “Hot migrating VM02” and “Hot migrating VM01.” e. Select each of these events and view the description. The description mentions that a hot migration was performed with encryption.

146

Lab 18

Virtual Machine Encryption

 Answer Key 

Lab 5: Working with Virtual Volumes Task 1: Register the Storage Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 1.

http://172.20.10.97:8443/vasa/version.xml.

2.

Version 3.0.

3.

xVP SCSI Array and xVP NFS Array.

Task 3: Create an iSCSI-Backed Virtual Volume Datastore . . . . . . . . . . . . . . . . . . . . . . . .33 1.

The datastore is inactive because the storage provider must also be configured as a target of  the software iSCSI adapter.

Lab 7: Host Profiles Task 6: Run a Compliance Check and Remediate the Configuration Drift . . . . . . . . . . . . . 48 1.

The Virtual Network Setting category appears. If the category was previously reported, a new issue is added relating to the uplink reconfiguration.

2.

Yes. The uplink is not connected to the expected physical NIC on dvs-Lab.

3.

Yes.

Lab 8: Using vSphere Auto Deploy Task 8: Start the TFTP Service on vCenter Server Appliance . . . . . . . . . . . . . . . . . . . . . .60 1.

 ATFTPD_DIRECTORY = “/var/lib/tftpboot”.

2.

Yes. It is undionly.kpxe.vmw-hardwired.

Lab 10: Monitoring Memory Performance Task 2: Check for Overcommittment of Virtual Machine Memory . . . . . . . . . . . . . . . . . . . .72 1.

 Answers vary depending on the current workload.

Task 6: Record Memory Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 1.

Yes, the values should converge over time.

2.

Yes, the values should converge over time.

3.

ResourceHog02 and ResourceHog01.

147

4.

 Although all three VMs might be swapping, the levels of swapping on ResourceHog01 and ResourceHog02 are going to be much larger than the level of swapping on Linux01.

5.

ResourceHog01 and ResourceHog02 should be experiencing high %SWPWT values because their memory is being swapped out and they must wait whenever those pages are accessed. Linux01 should be experiencing low %SWPWT values, possibly zero.

6.

 Answers vary.

7.

 Answers vary.

Lab 11: Monitoring Storage Performance Task 2: Measure Continuous Sequential Write Activity to a Virtual Disk on a Remote Datastore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 1.

vmhba65, the software iSCSI adapter.

Task 5: Measure Continuous Random Read Activity to a Virtual Disk on a Local Datastore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 1.

vmhba1, a local host bus adapter.

Lab 12: Monitoring Network Performance Task 7: Stop the Test and Analyze Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90 1.

Yes. Network throughput values will vary.

2.

The test with the client and server on the same port group.

3.

Because network I/O did not pass through the physical network hardware.

Lab 17: Working with Certificates Task 1: Examine vSphere Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129 1.

The total might vary. Typically, eight or more certificates are in the Active Certificates list.

7.

Machine, vsphere-webclient, vpxd, vpxdextension, and localhost.

2.

By default, tickets issued by VMware CA are valid for 10 years.

8.

3.

The expiration date varies in different lab environments.

4.

The Issuer Common Name field contains CN=CA, which indicates that VMware CA issued the certificate.

5.

The certificate is a machine certificate.

6.

Five solution user certificates are in this configuration.

The organization is the name of your Platform Services Controller instance, which, in this lab environment, is embedded in the vCenter Server instance. In this lab configuration, the name is sa-vcsa-01.vclass.local. This name is specified in the O= field in the Subject f ield. This certificate is the VMware CA root certificate in which VMware CA is a standalone root certificate authority.

Task 6: Replace a Machine Certificate with the New Custom Certificate . . . . . . . . . . . . . 137 1.

The location bar can be blue or gray, but it should not be red.

3.

The domain controller CA issued the certificate.

2.

The certificate was issued to the vCenter Server-Platform Services Controller system, sa-vcsa-01.vclass.local.

4.

The certificate was signed now, so it is valid from today.

148

5.

The domain controller CA is the root. The vCenter Server certificate is subordinate to the root certificate.

6.

The student desktop is a member of the same  Active Directory domain, and Internet Explorer is using the same certificate store. Because the vCenter Server certificate is signed by the domain controller CA, Internet Explorer trusts the subordinate certificate.

149

×

Report "Edu en Vsos65 Lab Ie"

Your name