VCP 5 Section 1

Configure network security policies

* MAC Address Changes - With this policy set to Accept (Default), ESXi allows the changing of effective MAC address to something other than the initial MAC address. When set to Reject ESXi does not allow for those changes to occur. This prevents host against MAC spoofing. * Forged Transmissions - With this policy set to Accept (Default), ESXi does not compare source and effective MAC addresses. When set to Reject the ESXi host does compare the source and effective MAC addresses of the client. If they do not match the ESXi host drops the packet. * Promiscuous Mode - With this policy set to Reject (Default) guest operating systems are not allowed to receive all network traffic on the wire. When set to Accept the guest operating system can receive all network packets. Helpful when doing troubleshooting with a tool such as WireShark. Note however, this does introduce some security concerns.

Explain Private/Public/Hybrid cloud concepts

* Private Cloud - Datacenter virtualization that is managed by and running on internal assets * Public Cloud - Datacenter virtualization that is managed by and running on 3rd party equipment housed in their facility. Compute resources are accessed via the Internet * Hybrid Cloud - A combination of both Private and Public clouds. You may have pieces of your business running on internal compute resources, but for DR/BC you may leverage a 3rd party facility accessed via the Inernet

Determine use case for vSphere Client and Web Client

* vSphere Client - As VMware Administrators we are quite familiar with the traditional vSphere Client. It is the one stop shop to configure and maintain your entire environment. Using this client may not be suitable for non-administrators (think VM owners or Operations staff). * Web Client - Better suited for your non-administrative users. Uses a java based web page to allow for the basic tasks of managing VM's.

Deploy the vCenter Appliance

- As an alternative to installing vCenter Server on a Windows machine, you can download the VMware vCenter Server Appliance. The vCenter Server Appliance is a preconfigured Linux-based virtual machine optimized for running vCenter Server and associated services. Microsoft SQL Server and IBM DB2 are not supported for remote databases with the vCenter Server Appliance. The vCenter Server Appliance does not support Linked Mode configuration nor does it support IPv6.

Create/Clone/Edit vCenter Server Roles

- Create a vCenter Server Role 1. Within the vSphere Client select the Home page and click Roles 2. In the upper left corner click Add Role 3. Provide a name of the new role in the Name field 4. Select the privileges you would like to provide the roll from the tree 5. Click OK when completed - Clone a vCenter Server Role 1. Within the vSphere Client select the Home page and click Roles 2. Under Roles -> Name right click the role you wish to clone 3. Select Clone from the options menu 4. A new role is created with the name Copy of <role name> - Edit a vCenter Server Role 1. Within the vSphere Client select the Home page and click Roles 2. Under Roles -> Name right click the roll you wish to edit 3. In the Edit Role screen you can change the roll name as well as change the roles privileges 4. When edits are completed click OK

Perform an interactive installation of ESXi

- ESXi can be installed either using CD/DVD or USB flash drive. Regardless of which media type you use, the following prerequisites should be applied: * Verify that the server hardware clock is set to UTC in the system BIOS * Verify that a keyboard and monitor are attached to the machine on which the ESXi software will be installed. Alternatively, use a remote management application * Consider disconnecting your network storage. This action decreases the time it takes the installation to search for available disk drives. - I thought about including screen shots, but as I assume most are familiar with the ESXi installation so I will outline the general procedure: 1. Place the CD/DVD into the ROM drive of the host or connect your USB flash drive that contains the ESXi installer files 2. Boot the host (if needed set the appropriate BIOS boot order, CD/DVD drive or USB) 3. Press Enter to select ESXi 5 Installer or allow the timer to finish counting down 4. Press Enter on the "Welcome to the VMware ESXi 5.0.0 Installation" screen 5. Read and press F11 to Accept the End User License Agreement (EULA) 6. Highlight the appropriate disk on the "Select a Disk to Install or Upgrade" and press Enter to continue 7. Select the appropriate keyboard layout, press Enter to continue 8. Set a root password (note this is not required but recommended), press Enter to continue 9. Remove media and reboot the host system Note for step 6 - If the drive you are installing to currently has an installation of ESXi you will be provided with additional choices: * Upgrade ESXi, preserve VMFS datastore * Install ESXi, preserve VMFS datastore * Install ESXi, overwrite VMFS datastore Select the appropriate option for your host installation and press Enter to continue

Identify upgrade requirements for ESXi hosts

- Hardware Requirements * Supported server platform - Check the Hardware Compatability List (HCL) * ESXi 5.0 will install and run only on servers with 64-bit x86 CPUs * ESXi 5.0 requires a host machine with at least two cores * ESXi 5.0 supports only LAHD and SAHF CPU instructions * Known 64-bit processors * 2GB RAM minimum * One or more Gigabit or 10GB Ethernet controllers - Again check the HCL * Any combination of one or more of the following controllers * * Basic SCSI controllers * RAID controllers * SCSI disk or a local, non-networked, RAID LUN with unpartitioned space for the virtual machines * For Serial ATA (SATA), a disk connected through supported SAS controllers or supported on-board SATA controllers - ESXi 5.0 supports installing and booting from the following storage devices * SATA disk drives - SATA disk drives connected behind supported SAS controlles or supported on-board SATA controllers (See page 12 of the vSphere Upgrade Guide for full listing) * Serial Attached SCSI (SAS) disk drives * Dedicated SAN disk on Fibre Channel or iSCSI * USB Device - Check the HCL for supported devices

Upgrade Virtual Machine Hardware

- Hardware version 8 is the newest version in ESXi 5. VMware recommends that all VM's running on a ESXi 5 host run hardware version 8. - Prerequisites * Create a backup or snapshot of the virtual machine. If you have a snapshot of the VM it is possible to reverse the upgrade if there are issues * Upgrade VMware Tools first. On Microsoft Windows VM's if you upgrade the hardware prior to upgrading VMware Tools, networking settings maybe lost * Verify that all .vmdk files are available to the ESX/ESXi hosts on a VMFS3, VMFS5, or NFS datastore * Determine the current version of the virtual hardware by selecting the VM's Summary tab and checking the VM Version value - Installation 1. Within the vSphere Client select the VM you wish to upgrade 2. Power down the VM 3. Right click on the VM and select Upgrade Virtual Hardware 4. Click Yes on the Confirm Virtual Machine Upgrade dialog box 5. Verify the upgrade task has completed and power on the VM 6. For Windows operating systems upon boot up new hardware devices will be detected requiring another system reboot. 7. Within the vSphere Client select the VM and verify on the Summary tab that the VM Version has been updated

Explain ESXi and vCenter Server architectures

- In a VMware vSphere deployment if you want to take full advantage of the features available to you vCenter Server must be used. vCenter Server is the single point that allows you to centrally manage your connected ESXi hosts as well as deploy new virtual machines at the basic level. As you move up through the vSphere licensed editions vCenter Server allows for the use of vMotion, Fault Tolerance, DRS, etc. Without it, you are just connecting directly to an ESXi host and managing them in a singular fashion and without the more advanced features outlined above.

Upgrade from VMFS3 to VMFS5

- Prerequisites * If you use a VMFS2 datastore, you must first upgrade to VMFS3 prior to upgrading to VMFS5 * All hosts accessing the datastore must support VMFS5 * Verify that the volume to be upgraded has at least 2MB of free blocks available and 1 free file descriptor - Procedure 1. Within the vSphere Client select a host and click on the Configuration tab 2. In the left hand pane under Hardware select Storage 3. In the right hand pane select the VMFS3 datastore you wish to upgrade 4. Click the link that says Upgrade to VMFS5 in the lower right 5. Click Ok on the Upgrade to VMFS-5 dialog box 6. Verify that the Upgrade VMFS task has completed 7. Rescan all hosts that are presented the datastore

Upgrade an ESXi Host using vCenter Update Manager

- This is a long section to discuss. In the effort of saving time and space be sure to read pages 92 thru 103 of the vSphere Upgrade documentation

License an ESXi host

- You can assign a license to a host in one of two ways, either with using vCenter Server or without. With vCenter Server 1. Within the vSphere Client click Inventory in the navigation bar 2. Expand the inventory tree and select the location were you would like to add the new host 3. Right-click and select Add Host 4. When completing the Add New Host Wizard at the licensing screen allocate an existing license key or add a new key if needed Without vCenter Server 1. Within the vSphere Client select the host and click the Configuration tab 2. Under Software select Licensed Features 3. Click Edit in the upper right hand corner 4. Configure a license key either with an existing key or select Assign a new key to this host 5. Click OK

Describe how permissions are applied and inherited in vCenter Server

- vSphere allows the assignment of permissions to objects in the vSphere Client. When assigning permissions you select to have the permissions propagate down through the object tree or not. If you allow for propagation objects lower in the tree "inherit" the set permissions. However, if a permission is set at the child object it will take prescedance over an inherited permission.

Enable Lockdown Mode

-Enabled via the vSphere Client 1. Within the vSphere Client select a host and click on the Configuration tab 2. In the left hand pane under Software select Security Profile 3. In the right hand pane select Edit to the right of Lockdown Mode 4. Check the box Enable Lockdown Mode 5. Click OK - Enabled via the Direct Console User Interface (DCUI) 1. From the DCUI press F2 and log in 2. Select the option Configure Lockdown Mode and press Enter 3. Press the ESC to back out of the menus till you are back at the DCUI

View/Sort/Export user and group lists

1. Connect the vSphere Client directly to an ESXi host 2. Select the host and click the Local Users & Groups tab 3. Sort the columns either by UID, User, Name, GID, or Group 4. Right click any where in the right hand pane and click Export List 5. Provide a File Name as well as the Location in the Save As dialog box 6. Click Save

Add/Modify/Remove permissions for users and groups on vCenter Server inventory objects

1. Connect the vSphere Client directly to an ESXi host or vCenter Server 2. Select an inventory object and select the Permissions tab 3. In the right hand pane right click anywhere and select Add Permission 4. Select a given roll from the Assigned Role menu 5. Under Users and Groups click Add 6. Add the required user or groups to the role (either local or Active Directory) 7. Click OK 8. Click OK 9. Verify that permissions have been applied correctly

Upgrade a vNetwork Distributed Switch

1. Within the vSphere Client from the Home screen select Networking from the Inventory section 2. In the left hand pane select the virtual Distributed Switch to be upgraded 3. Under the Summary tab in the right hand pane click Upgrade next to Version 4. The wizard Upgrade vDS to newer version will launch 5. Select the vSphere Distributed Switch version to upgrade to Note - Depending on what version you currently running your upgrade options maybe different OptionDescriptionvSphere Distributed Switch Version: 4.1.0Compatible with ESX/ESXi versions 4.1 and latervSphere Distributed Switch Version: 5.0.0Compatible with ESXi version 5.0 and later 6. Click Next The upgrade wizard lists the hosts associated with the vDS and whether or not they are compatible with the upgraded vDS. You can only continue with the upgrade if all hosts are compatible 7.Click Next 8.Verify that the upgrade information listed is correct and click Finish

Add an ESXi Host to a directory service

1. Within the vSphere Client select a host and click on the Configuration tab 2. In the left hand pane under Software select Authentication Services 3. In the right hand pane select Properties to the right of Authentication Services Settings 4. Change the drop down to Active Directory under User Directory Service 5. Under Domain Settings enter the FQDN of the domain you wish to join in the Domain field 6. Click the Join Domain button 7. Enter a user name and password for account that has the rights to join the system to the Active Directory domain. 8. Click OK 9. Click OK to close the Directory Services Configuration window

Configure and administer the ESXi firewall Enable/Configure/Disable services in the ESXi firewall

1. Within the vSphere Client select a host and click on the Configuration tab 2. In the left hand pane under Software select Security Profile 3. In the right hand pane select Properties to the right of the Firewall section 4. Check or uncheck the services you wish to enable or disable 5. (Optional) With a service highlighted click Options in the lower right 6. (Optional) Select a Startup Policy from the following: 1. Start Automatically if any ports are open, and stop when all ports are closed 2. Start and stop with host 3. Start and stop manually 7. (Optional) Click OK 8. (Optional) Click the Firewall button in the lower right 9. (Optional) Select to Allow connections from any IP address or Only allow connections from the following networks 10. (Optional) Click OK 11. Click OK

Apply permissions to ESXi Hosts using Host Profiles

1. Within the vSphere Client select the Home page and click Host Profiles 2. Right click an existing host profile in the left hand pane and select Edit Profile 3. Expand the profile tree, and then expand Security Configuration 4. Right-click the Permission rules folder and select Add Profile 5. Expand Permission Rules and select Permission 6. On the Configuration Details tab in the right hand pane, click the Configure a permissiondrop-down menu and select Require a Permission Rule 7. Enter the name of a user and group 8. Enter the assigned role name for the user or group 9. Select the Propagate permission check box and click OK

Install/Remove & Enable/Disable vSphere Client plug-ins

After the server components of a plug-in is installed and registered with vCenter Server, its client component is available to vSphere clients. Client component installation and enablement are managed through the Plug-in Manager dialog box. The Plug-in Manager lets your perform the following actions: * View available plug-ins that are not currently installed on the client * View installed plug-ins * Download and install available plug-ins * Enable and disable installed plug-ins

Install additional vCenter Server components

Besides vCenter Server there are several additional components you may wish to install. Full details on pages 204 thru 211 of the vSphere Installation and Setup document. * vSphere Client- Windows program that you can use to configure the host and to operate its virtual machines * vSphere Web Client - Allows you to connect to a vCenter Server system to manage an ESXi host through a web browser * Update Manager Server - Allows for the patching of ESXi hosts as well as virtual machines. Can be installed on the same computer as vCenter Server or a different computer. * vSphere ESXi Dump Collector - ESXi can be configured to dump its vmkernel memory to a network server instead of writing it to disk when the system has had a critical failure (Purple Screen of Death). ESXi Dump Collector can be used as the network server * vSphere Syslog Collector - Allows ESXi hosts to be configured for their system logs to be captured on a network server * vSphere Auto Deploy - Allows for the deployment and customization of ESXi hosts by loading the ESXi image into the hosts memory * vSphereAuthentication Proxy - Enables ESXi hosts to join a domain without using Active Directory credentials. Enhances security for PXE-booted hosts and hosts that are provisioned using Auto Deploy, by removing the need to store Active Directory credentials in the host configuration.

Determine appropriate vSphere edition based on customer requirements

For the exam (and in your career) beware of what features are available based on the different vSphere editions (host profiles only with Enterprise Plus, etc). Also with the changes in licensing know the vRAM entitlements (and maximums for Acceleration Kits) for each vSphere edition.

Determine availability requirements for a vCenter Server in a given vSphere implementation

Obviously you want as little down time as possible for your vCenter server. Just be aware of the options to allow vCenter Server to highly available: * Run vCenter Server in a VM to take advantage of VMware HA/DRS * vCenter Server Cluster Heartbeat * Cold standby vCenter Server (virtual or physical)

Enable/Size/Disable memory compression cache

One of the memory management techniques ESXi uses is Memory Compression. When a given ESXi host is under memory strain ESXi will compress virtual pages and store them in memory. Using this memory management technique allows for better performance then accessing memory that has been swapped to disk. You can also set the size of the compression cache as percentage of the assigned memory to a VM. Enable/Disable Memory Compression 1. Within the vSphere Client select the host and click the Configuration tab 2. Under Software select Advanced Settings 3. In the left hand pane select Mem and scroll down till you find Mem.MemZipEnable 4. The default value is 1 (enabled), to disable change the value to 0 (disabled) 5. Click OK Sizing the Memory Compression Cache 1. Within the vSphere Client select the host and click the Configuration tab 2. Under Software select Advanced Settings 3. In the left hand pane select Mem and scroll down till you find Mem.MemZipMaxPct 4. The default value is 10 with a minimum of 5 and a maximum of 100. Set the value to desired percentage 5. Click OK Refer to the Understanding Memory Management in VMware vSphere 5 White Paper for further information on Memory Compression as well as the other memory reclamation techinques used by ESXi 5.

Determine the appropriate set of privileges for common tasks in vCenter Server

See section "Common Privileges" above

Identify steps required to upgrade a vSphere implementation

Since each perspective environment is unique, the vSphere Upgrade documentation outlines several example upgrade scenarios. The scenarios include: * Upgrading environments with Host Clusters * Upgrading environments without Host Clusters * Moving virtual machines using vMotion during an upgrade * Moving powered off or suspended virtual machines during an upgrade with vCenter Server * Upgrading to vCenter Server on a new machine * Migrating ESX 4.x or ESXi 4.x hosts to ESXi 5.0 in a PXE-booted Auto Deploy installation * Upgrading vSphere components separately in a VMware View environment

Identify available vSphere editions and features

Standard Enterprise Enterprise Plus

Size the vCenter Server Database

The size of your vCenter Database is dependent on how many hosts you have, have many VM's you have, and the level of statistics you are using. From within vCenter Server under Administration -> vCenter Server Settings-> Statistics there is a section for Database Size. You can plug in your environments specifics and get a DB size. Also, on VMware's website there is a Database Sizing Calculator. Currently available is the calculator for vSphere 4.

License vCenter Server

To license a single vCenter Server 5.0, you need a vCenter Server 5.0 license key with a capacity for one instance. If you have vCenter Server systems in Linked Mode group, you can purchase a vCenter Server license key with a larger capacity and assign the key to all vCenter Server systems in the group.

Upgrade VMware Tools

Upgrade VMware Tools

Enable/Configure/Disable hyperthreading

Via the vSphere Client you can configure host for hyperthreading: 1. Within the vSphere Client select the host and click the Configuration tab 2. Under Hardware select Processors 3. Click Properties in the upper right 4. Select or Deselect Enable Hyperthreading 5. Click OK Note - For this option to be available your CPU's need to support hyperthreading and it needs to be enabled in the system BIOS

Configure DNS and Routing on an ESXi Host

Via the vSphere Client you can configure the DNS servers your host will use as well as the default gateway: 1. Within the vSphere Client select the host and click the Configuration tab 2. Under Software select DNS and Routing 3. Click Properties in the upper right 4. Under Use the following DNS server address set your DNS servers 5. Click the Routing tab 6. Specify the default gateway for the VMkernel 7. Click OK

Configure NTP on an ESXi Host

Via the vSphere Client you can configure the startup mode for the NTP service as well as list the hosts you wish to query: 1. Within the vSphere Client select the host and click the Configuration tab 2. Under Software select Time Configuration 3. Click Properties in the upper right 4. Click Options and select Start and stop with host 5. In left hand pane you can select NTP Settings to add your list of NTP hosts 6. Click OK

Install vCenter Server into a virtual machine

When installing vCenter Server on a virtual machine the "hardware" recommendations and software prerequisites do not change. The following are advantages when doing so: * Rather then dedicating a separate server to the vCenter Server system, you can place it in a virtual machine running on the same host where your other virtual machines run * You can provide high availability for the vCenter Server system by using vSphere HA * You can migrate the virtual machine containing the vCenter Server system from one host to another, enabling maintenance and other activities * You can create snapshots of the vCenter Server virtual machine and use them for backups, archiving, and so on

Identify available vCenter Server editions

vCenter Server Essentials vCenter Server Foundation vCenter Server Standard

Deploy an ESXi host using Auto Deploy

vSphere Auto Deploy is a new feature of vSphere 5 that allows for provisioning ESXi hosts on a large scale. With this feature you are able to install ESXi on a new host (first boot), reboot hosts, or reimage an existing host with an upgraded image. The procedure to install on a new host (first boot): 1. Power on the host - The host will attempt to contact the DHCP server and download the gPXE. The Auto Deploy server will install the new host with the image specified and apply a Host Profile if one is provided. To finish up, Auto Deploy will add the host to vCenter 2. (Optional) - If Auto Deploy applies a host profile that requires user input such as an IP address, the host is placed in maintenance mode.