VCP5-DCV: Objective 1 – Plan, Install, Configure and Upgrade vCenter Server and VMware ESXi
Editors Note: In partnership with the good folks at professionalvmware.com, we’ve worked to provide written transcripts of the best of the vBrownbag podcast series for offline reading. Transcripts are in order of VCP Study Guide, starting with the VCP5-DCV Series:
- VCP5-DCV: Objective 1 – Plan, Install, Configure and Upgrade vCenter Server and VMware ESXi
- VCP5-DCV: Objective 2 – Plan and Configure vSphere Networking
- VCP5-DCV: Objective 3 – Plan and Configure vSphere Storage
- VCP5-DCV: Objective 4 – Deploy and Administer Virtual Machines and vApps
- VCP5-DCV: Objective 5 – Establish and Maintain Service Levels
- VCP5-DCV: Objective 6 – Perform Basic Troubleshooting
- VCP5-DCV: Objective 7 – Monitor a vSphere Implementation and Manage vCenter Server Alarms
Transcript Objective 1 with Damian Karlson:
Damien: This is Professional VMware Brown Bag. We’re doing the VCP 5 series. Tonight is Wednesday, January the 11th. It is 7PM Central. I’ll be acting as the host and the presenter this evening to get things started. Over the next few weeks, we’re going to be having a guest host come on o work through the sections of the VCP 5 blueprint which of course, if you don’t know, is available on VMware.com underneath the education dropdown I believe.
Anyhow, my name is Damien Karlson. I’m on Twitter. I’m @[inaudible 0:00:44]. I’ve been doing these Brown bag [inaudible 0:00:46] for a while. I’ve got all of my VCP 4 [inaudible 0:00:51] such as VCP 4, the VCA 4, the VCV 4. Of course the 5 track is the new track that we’re all going for this time. I’m not yet at the VCP 5. There are a few folks that have already. One of them is Nick Marshall. You can find him on Twitter as well as Jason [inaudible 0:01:16]. They both have their VCP 5. If you guys have any que — … section 1 is to install and configure your vCenter server. Some basic things to get out of the way …
I haven’t really had a whole lot of experience with the lower end of the vSphere stack in terms of what’s available for us and [inaudible 0:02:07] and things like that. But there are multiple available vCenter server editions. There’s the foundation, which has up to 3 hosts. There’s the vCenter server essentials. There’s actually a number of essentials kits that are available for the small to medium business market as well as the vCenter server that I’m sure most of it have all used. Probably a good portion [inaudible 0:02:31] vCenter server standard.
There are a couple of resources available to help understand the differences between the vCenter server editions as well as the specific feature differences. I’m not sure how much of a part that’s going to play within the VCP 5 exam. But as all things with the blueprint go, it’s always good to at least be aware of it. It’s just not for the exam’s sake but for your career and professional goals’ sake. Next up on the blueprint is to deploy the vCenter appliance. If you have another chance to do this and you … run it on your own, a hardware, you’d like to take a look at it. It is a cool alternative to installing vCenter on a physical Windows spot or on a Windows VM.
There are some downsides to it and some of those downsides are things like [inaudible 0:03:57] available, there’s no linked mode, no support for the [inaudible 0:04:04] appliance ad Oracle is the only external database. I’m sure we all just love this in Oracle. The imbedded database is DB2. That only supports 5 hosts and 50 VMs. In additional, there’s no vCenter heartbeat, which I guess makes sense. Next up on the blueprint is to install the vCenter server into a virtual machine.
There are a few design considerations that need to be taken into account whenever you install a vCenter server into a virtual machine. Some of those design considerations can include what happens if there is an isolation event or what happens if there’s a [inaudible 0:04:51] or something like that. Where does the vCenter server live and are your resources that you’re making available to vCenter, things like virtual distributed switching an stuff like that, does that depend on vCenter being available towards work? If it does, you definitely want to make sure that you got something like a management cluster available where you at least … sorry, I’m getting a glass of water here … where you a least have an idea of where to start looking for your vCenter server of you need to go in and manually [inaudible 0:05:25] to get everything else back up and running.
That being said, there are some really cool benefits to running vCenter within a virtual machine. I’m sure that if you’re into virtualization, you already know a lot of those benefits to running as a VM. You can leverage the VHA and the DRS abilities available within vCenter as well as snapshot capability. If you wanted to make some changes, you have snapshot support available to you. Next up on the blueprint is sizing the vCenter database.
I really won’t go into a whole lot of detail about that. But there is a sizing calculator availed on VMware.com. At last check, it only supported vSpeher 4. If there’s a vSphere5 out there and you guys know about it, please let me know within the questions or within the chat. As well as sizing should be performed within the vCenter client. I’m going to go ahead and start jumping into the live [inaudible 0:06:27] section of things. While that’s logging in, as I said earlier, I haven’t sat the VCP but everyone that I’ve talked to personally or the blog posts that I’ve read about folks’ experiences with the VCP 5 all really point to a strong need to have hands on experience with the product.
I think that’s good in a way that I think VMware’s trying to discourage some of the brain dumps in the other test websites that have crept up over the years. At the same time, folks who don’t have access to live equipment or a test environment at work or something like that, they make it hard for you to touch your teeth on vSphere 5. I’m hoping that by some of the live [inaudible 0:07:29] that we’ll be doing over the next couple of weeks, you’ll at least have some exposure to what the interface might look like if you have not taken it before. That being said, I believe there’s still a course requirement for folks who do not currently own a VCP4 in order to obtain a VCP5 certification.
What I understand, you can sit the exam but you won’t actually get your official cert until after you passed a certified course for that. Anyhow, let’s see if there’s any questions or whatever. Most of you folks are off mute so if you guys have any questions or whatever else, just please feel free to jump in. I certainly don’t want to sit here and listen to myself talking for an hour and I’d like talk to a lot of you guys.
As I’ve said, if you have any questions, please jump in. If you’re muted and you just joined us, raise your hand within the webinar interface or pop me a question through chat and I’ll go ahead and get you unmuted. We’re talking about sizing the vCenter database. This is actually a … one of those inception labs in the fact that I’ve got access to a host over there in the UK and on that host, I’ve set up the ability to run [inaudible 0:08:50]. I’ve got a couple [inaudible 0:08:54] boxes or VMs that you can see here. I’ve got a vCenter VM. I’ve also got the beginnings of a V Cloud director VM that is running the V Cloud director appliance.
Although that’s outside the scope of section 1, hopefully we can leverage this for some of the other things as we go along. What you’re seeing here is the console on my vCenter VM. I’m actually logged into vCenter. I’ve got the color [inaudible 0:09:29] all the way down because I was having a lot of latency issues between talking the host in the UK. Hopefully it can still be pretty enough for you guys, see and understand what we’re doing here. I was talking about actually sizing the database.
Tim: Here’s a question, Damien.
Damien: Yes, sir.
Tim: I’m just looking at your screen. How you getting an evaluation license that good through November?
Damien: Pay no attention to the evaluation [inaudible 0:10:14] … I am a V Expert for 2011. It’s a community-based award. It really … doesn’t really mean anything in the big scheme of things but its’ the equivalent of a … oh, good lord, I’m trying to think of the Microsoft equivalent. The MVP that Microsoft does. It’s one of the cool wards that folks like to get but it doesn’t really hold any true value like with a real certification like a VCP or [inaudible 0:10:49] or VC [inaudible 0:10:50] might hold. One of the benefits of being a V Expert for 2011 is Mr. John [Sawyer 0:10:57] and a lot of the project groups over at VMware gave us access to extended evaluation licenses for a lot of the VMware stack. Does that answer your question?
Damien: All right. I actually … here we go. Here’s the database size. Feeling like a fool for having to poke around for it for a minute. This is one of the things that I mentioned here in the PowerPoint where it can be done within the client itself or it can be done from the calcu8lator that’s available on VMware.com. as you can see here, you can estimate your number of physical hosts and virtual machines and it will give you an estimate on the amount of database size that you’re [inaudible 0:11:40].
Next up on the objective 1.1 is to understand the additional vCenter server components that come with the vCenter server iso. Of course we’ve got the client, which everyone knows. The client’s connected to a host, just refer it as a client, connected to a vCenter server. It’s usually the vCenter client. Although it’s basically the same program, just that you got different features available, depending on whether you’re [inaudible 0:12:18] host or to the vCenter server itself.
Also the web client which … we talked about actually farther down the blueprint … the web client, it’s typically based more for non-administrative users. You don’t have the full width and depth of features and functionality available within the web client that you do within the installable client. It is really cool for non-admin folks; say operations or maybe application support or something like that. Folks want to be able to go in, make minor changes to VMs, perform power operations on VMs, things along those lines.
Next up, we’ve got the ESXi dump collector. This is a new feature with vSphere 5. It can collect memory dumps … those to VMware support and to help get some troubleshooting on those issues rather than it being dumped into the nether of the network and it’s gone and then you can no longer retrieve it. Next up is the syslog collector. It can collect system logs of ESXi hosts on a network location.
This isn’t a new idea. This is something that we’ve had for a while now with the vSphere. Back with vSphere 4.1, one of the [inaudible 0:14:05] things that we talked about was being able to set up a ESXi logging to a network drive. Because as you may or may not be aware of, whenever ESXi reboots, they work in a way that those logs specifically disappear by default unless you automatically [inaudible 0:14:24] with some other means.
You want to be able to collect logs, collect dumps, things like that, to be able to analyze what’s going on with your EXi hosts. Next up is auto deploy. This is a really cool thing and I believe underlines VMware’s forward moving stance to basically enable cloud operations. What I mean by that is auto deploy gives you the ability to deploy ESXi hosts through PXE. If you think about it from a physical server perspective, let’s say you have a [n 0:15:09] that are set aside for your cluster and this cluster is smart enough to understand the demands needed to increase the number of hosts available to it, you can actually power on a blade, that blade based on the [inaudible 0:15:21] that it picks up and [inaudible 0:15:23] PXE host.
It’ll pull in PXE, it will auto deploy ESXi, it can leverage the authentication process that [inaudible 0:15:31] below, help adjoin the domain, get the credential that it needs to, and basically auto add itself to the cluster, which is a really cool feature. [inaudible 0:15:45] talked about a whole lot because I think it’s not really a sexy, cool headline kind of stuff, but if you think about being able to deploy and manage an elastic private cloud, it definitely comes in handy.
I apologize here, if you guys are asking questions or chatting, I’m unable to see it. Being both presenter and host does present some challenges which I didn’t fully think through. Let me go ahead and take a look at some of the questions here before we move forward. I mentioned Jason Langer and Nick Marshall as bo0th having sat the VCP 5 and both of them being resources available for you on Twitter if you guys have any questions; guys or girls, I’m just saying guys in the non-gender specific sense. Jason Langer is @jaslanger; J-A-S-L-A-N-G-E-R. Nick Marshall, he’s also the guy that handles our iTunes podcasts. He’s @nickmarshall9.
Tim, you have a question. Is the [inaudible 0:16:56] going to be available for download or is it already? It will be available for download along with the video that I’m recording right now. You can find it on prefessionalVMware.com. I’ll probably also have a link to it in damiencarlson.com. Timmy said, will it work with workstation 7 or 8 only? I’m guessing you’re probably talking about the vCenter appliance.
Tim: Yeah, correct.
Damien: I believe only workstation 8 because that gave us the 64 but guests nesting ability, although I’m probably wrong on that one. If anyone knows any better, please give me a shout.
Damien: Time, you also had a question if these brown bags are going straight to end of next month. I’ve got enough folks set aside to get it through all the way to the end of next month, although [inaudible 0:17:44] service is only 7 sections in the blueprint, which … I’m doing my math. [inaudible 0:17:50] through to February the 18th or maybe the 25th so not all the way through but pretty close to the February 29th cut off that VCP 4 have available to them to avoid the course requirement.
Tim: Great. Thank you.
Damien: John, update manger will work with VCSA. You just have to install another Windows server. I wouldn’t be surprised but it is not made available with vCenter server [inaudible 0:18:19] clients. Not really sure what Nick and Jason were talking about. Again, I apologize. I’ve only got one 14 inch screen here that I’m trying to pack everything in as well as not [inaudible 0:18:19]. Please don’t get mad at me. Next up, objective 1.2, installing VMware ESXi, perform an interactive installation of ESXi. I would imagine if you’re already a VCP 4, you’ve done it at least once. But in terms of the what’s new features of vSphere 5, of course we all know that the ESXi doesn’t have a service console.
That was one of the big differences between that and the now dead, thankfully dead, ESX. No service console, no [inaudible 0:19:14] installation available to ESXi. The installation … the installer, rather, actually looks quite a bit different from the installer that we’re probably used to from 4.1 and the 4.0 days. It is a little bit cooler. You can do things like set root passwords on install rather than having to go and set it afterwards. If you’re going to be installing it where you’re already attached to VMFS data source, let’s say within an upgrade or a fresh install situation, you’ll be presented with a number of different options.
Those 3 options are to upgrade ESXi and … and preserve the [inaudible 0:19:14] or install ESXi and override the VMFS 3 with VMFS 5. You want to be careful with that of course. Make sure if you’re working in the production environment, that you know what you’re doing and you understand the consequences of overriding VMFS. But as a general rule, those are the upgrade options that they’ve got available to you.
Nick Marshall also wants to say to practice auto deploy. Thanks, Nick. Let’s next pull it down. Practice auto deploy. It says there were a number of questions on it. I’m going to assume he’s not thinking about the VCP exam. He says that the yellow bricks link that I had here was a good help to him. You’ll have to read his blog about it at virtualnetworkdesign.com. deploying the ESXi host using auto deploy, it was a little bit too much to get into for the sake of the brown bag here but I do show a link to Duncan [Epping’s 0:21:07] website @yellowbricks.com, about how to use vSphere 5 auto deploy within your home lab.
They get it configured and mess around with it. I would not be surprised at all if that was on the VCP 5 exam because I truly believe that auto deploy is the key feature of VMware’s cloud vision moving forward. You’ll be able to have elasticity to bring new hosts online as well as the elasticity to turn them off [inaudible 0:21:07] and things like that. They’ve had [inaudible 0:21:34] for a while. Let’s see. Next up; configure NTP on an ESXi host.
I’ll go ahead and dive in and show you guys how that’s done. While I’m doing that, Jason Langer just posted here a link to … I believe that’s for [inaudible 0:22:03] website; VMwaretips.com to … talking about the vSphere 5 auto deploy feature that [inaudible 0:22:10] available. There’s a number of bullet points around the blue prints that are covered off within the client so I wanted to pull the client up and take a look at a number of those things, although I imagine that a lot of folks [inaudible 0:22:41] spend time with [inaudible 0:22:43] environment, you already know where these things are available. [inaudible 0:22:46] of brown bag, it would be nice to show it within a real life environment.
In terms of configuring NTP, you’re going to be able to select your host, configuration tab, time configuration, which is listed here underneath the [inaudible 0:23:01] window. The settings, this is where you would actually put in your network time protocol server, address and then of course, once that’s all configured and you restart the NTP server to apply those changes, it won’t go ahead and start bringing in proper time. It is critical to be able to use an NTP service first of all on your ESXi client because you think about things like [inaudible 0:24:05] dumps and syslog collections and things like that, you want to be able to accurately pinpoint the time that it’s using.
If you’re servers are all running on different times because [inaudible 0:24:17] to a time, it’s not really going to be of any use to you to go ahead and look [inaudible 0:24:24] of those logs. It’s just not going to be helpful at all. NTP is key and especially becomes key if you actually VMs that are pulling their virtual machine system time from the host; although that’s not really within the scope of this brown bag, but just something to think about.
Configure DNS and routing on an ESXi host. This can actually be done all the way to the vSphere client, partially on the DCUI which is the direct console user interface. That’s the cool yellow and grey or yellow and black interface [inaudible 0:25:03]. Whenever you walk up to a console of an ESXi host, or you [inaudible 0:25:11] into it or if you’re running it on a VM, you can actually open up the console, you can see the DCUI itself. Within the DCUI, you can actually set the DNS server settings. However, I don’t believe that any routing is available. That’s typically done through the client itself.
Again, if I say something that is just completely idiotic, please feel free to say, “You’re being an idiot,” and I’ll fix myself. There it is, the real [inaudible 0:25:55] he didn’t think he’d make it but he did; although he doesn’t have any audio. Cody’s been busy at school and with other personal obligations so he hasn’t been able to do these brown bags, but he definitely has been a key help with planning and just being a great support person for these brown bags. Although you may not hear or see Cody on the brown bags, just know that he’s working on the background, just helping [inaudible 0:26:25].
DNS configuration is done here to the DCUI as you see. [inaudible 0:26:32] make these changes, of course you have to restart your management network. It’ll restart it quickly, bring in those DNS changes and move on. As well as through the client itself. Here, you actually go to DNS and routing. This is where you can set things like looking in the following domains, your host names, and DNS servers. This tab is available within the DCUI, just in a different view. Then of course your default gateway. Enable/ configure/ disable hyper threading.
I was taking a look at a number of VCP 5 resources last night, one of them being Jason Langer’s website. If you guys haven’t been out there, go to virtuallanger.com. Jason has done an amazing job with working through each specific step of the blueprint, pulling in VMware [inaudible 0:27:43] articles where appropriate, referencing VMware documentation or even blog posts where appropriate. He’s done a fantastic job with knocking out [inaudible 0:27:53]. I couldn’t help but repurpose some of the information that he had for the sake of this brown bag, but he’s done an amazing job.
I’ve actually taken a whole lot of things that he’s written about specific CPU instructions and things like that that ESXI required. I just [inaudible 0:28:16] all that down to say with proper hardware support, it can be enabled or disabled to the client self. Let me show you what that has done. We go up here to processors once you’ve got your host selected and if you are on an eligible host. This is [inaudible 0:28:35] not eligible, but if you’re on an eligible host, you can actually get properties and set the hyper threading. I believe that the physical host that I’m inceptioning into has that ability, so if I go up here o configuration and then to [inaudible 0:28:49] and if I do it in a way that … totally confusing. No, I guess it’s not.
Anyhow, in a perfect world, if you have hardware support for it, this is where you would enable, configure or disable hyper threading. I’m sure there’s also some options available in a lot of [inaudible 0:29:15] for servers where you can enable and disable hyper threading, but this is at the hyper module level. Enable size or disable memory compression cache. This is actually something that I somehow left out at the top point, but this is done through the configuration tab as well. it is down here within the advanced settings.
Help me out here, Jason. I think it’s memory if I’m not mistaken. Here you can actually change a number of those host-specific configurations within advanced settings. Virtuallanger.com has those specific things. I’m sure [inaudible 0:30:16] knowledge base as well. Here he says mem.mem zip enable. These advanced settings are all organized alphabetically so we can scroll down here to our good friend mem.mem zip enable and mem.mem zip max percent. I’m sure everyone is going to memorize for the sake of this exam.
Jason says, “Refer to the [inaudible 0:30:54] memory management in VMware vSphere 5 whitepaper for further information on memory compression as well as the other memory reclamation techniques used by ESXi 5. That sounds like it came right out of some VMware documentations [inaudible 0:31:11], his blog. Awesome. This is where you would actually configure it. Here is the mem.mem zip enable and of course we’ve got our friend the zip max percent. I think it’s just a couple of mouse clicks down the screen. [inaudible 0:31:35] VCP 5 exam but it is good to know these advanced settings area viable through the client by selecting the host on the configuration.
Going all the way down to the software box here and going to advanced settings. We’ve got license and ESXi host. This can be done 2 different ways. You can do it through the vCenter server license plug in or you can do it through the vCenter client connected directly to the host. Fortunately, because of my [inaudible 0:32:08] that I’ve got here, I have the ability to show both. I know that’s terribly exciting for everyone to see. Connected directly to a host, as you can see here, my license features. I don’t believe that I … yes, I do.
You click edit. You’re going to find an existing license for you to host. License key is the term in the features that you’re going to have made available to the ESXi host. Some licenses based on the licensing [inaudible 0:32:38] more features than others. It’s the same hyper [inaudible 0:32:42] no matter which way you cut it. It’s the key that determines what you get. That is done here by connecting directly to the host. [inaudible 0:32:51] clicking on configuration and then going to license features as well as can be done within a vCenter client [inaudible 0:32:58] very much the same way. Not very exciting. Or by going to home and then to the …
Moving on. Identify the upgrade requirements for ESXi hosts. This is part of objective 1.3; planning and performing upgrades of vCenter. A lot of these [inaudible 0:33:53] upgrades things that they talk about in the blueprint. [inaudible 0:33:57] didn’t really lend themselves very well to this format or even to a PowerPoint presentation. If you’ve ever gone about the task of designing an upgrade, I’m sure you can imagine that it can be very complex and there’s a number of steps needed to be made in order to do it correctly.
[inaudible 0:34:21] that I don’t really choose to dive into, I do want to point you guys to the vSphere upgrade guide. It’s a PDF available within the vSphere documentation set or even an HTML version as well. Go ahead and read into that and understand the implications, the pros and cons, of different upgrade strategies within an existing vSphere environment. Some of the upgrade requirements for ESXi host; this again is one of those things that I just boil down to this real basic 64 bit only, follow the VMware hardware compatibility list.
That’s usually available at VMware.com/go/hel. ESXi host also requires 2 hosts and 2 gig of RAM at a minimum. Identify the steps required to upgrade a vSphere implementation. A number of these steps involve upgrading your vCenter server first, upgrading your client for [inaudible 0:35:24] vCenter server, upgrading the host, upgrading the VMware tools on the VMs themselves. You can even include upgrading the virtual hardware that those VMs run on. That can include upgrading the VMFS version on the data source.
Although, if you are going to be upgrading VMFS [inaudible 0:35:42] VMFS 5, understand the differences between upgrading in place and a fresh install. The actual specific term is slipping my mind at the moment but there is a key difference in result between upgrading in place to new installs. I believe that’s actually the unified block size. I don’t believe that you get the unified block if you upgrade in place versus a new install.
The current version, [Alex 0:36:14], of the VMware hardware is virtual machine hardware version 8. I believe ESX [inaudible 0:36:22] brought us hardware version 7 and now we’re on hardware version 8. Upgrading VMware tools, I’m sure you guys are all familiar with that [inaudible 0:36:32] amount of time within a [inaudible 0:36:35] environment. Thank you, Matt.
Initial block size remains on VMFS upgrade. If you want to take advantage of the cool unified block size, always do new VMFS 5 installed. Don’t upgrade existing VMFS 3 [inaudible 0:36:54]. That’s another key thing to bear in mind if you’re talking about an upgrade. Are we going to be provisioning new storage pools, making VMFS 5 data storage on that, perform [inaudible 0:37:08] motions of those VMs [inaudible 0:37:09], what are the impacts to the business, what are the maintenance and strategies and things like that, that are involved.
Although a lot of those things aren’t really key to understanding or to what VMware is trying to communicate or trying to make sure that you know. These are good practices to know of as an admin working within the vSphere environment. Jason Langer points to an awesome article from Jason [Backey 0:37:37] about VMFS 5 versus VMFS 3. What are the give and takes between an upgrade and an install? I think Backey’s in London this week for the [inaudible 0:37:49]. Otherwise, I’m sure he would be here being awesome as usual. Upgrading the tools on a VM, of course I can’t actually do that here on my ESXi VM because it doesn’t work that well.
But typically what you would do is you would [inaudible 0:38:08] on it, you would upgrade your VMware tools and it will give you the option to do an automated upgrade, which I believe includes a reboot of the VM, or a manual upgrade, which will just mount that tool’s iso that’s available on the data source to that VM and then you would go in and actually connect to that C drive and run the upgrade process there. Josh [Atwell 0:38:45] wants to point out the virtual hardware changes overtime on his website, his at thetesseract.com. Hey Josh, you on the phone? Are you muted? Yes. Josh, are you theer, sir?
Josh: How you doing? Can you hear me?
Damien: Hey, what’s up man? How are you?
Josh: I’m doing okay.
Damien: Where does tesseract come from? Wasn’t that a wrinkle in time [I’m 0:39:20] or something?
Josh: No, tesseract is a 4 dimensional shape.
Damien: 4 dimensional shape.
Josh: Yeah, so with the [crosstalk 0:39:29] …
Damien: about with the wrinkle in time [I’m 0:39:28]. I thought it was something like that. I could be totally wrong and I apologize [inaudible 0:39:40] on Twitter or in person the [inaudible 0:39:43].
Josh: No worries. I get the question a lot actually.
Damien: Yeah? Cool. Let me go ahead and pause here and make sure that I don’t have any other questions. We were talking about the upgrades of VMFS data source. Marshall pointed out that the storage [inaudible 0:40:06] VMs of reformat the data [inaudible 0:40:11]. Probably the best way to go ahead and handle that. Of course, if you guys have ever been in a place where you’ve got your vSphere clusters license at different tiers … sometimes you run into the issue where you need to perform an action on a cluster that doesn’t have that [inaudible 0:40:30] licensing.
One cool thing that VMware doesn’t really ding you about is you can actually license a host up and then license it back down providing you don’t have a specific feature enabled that requires a higher license. What I mean by that is … in my old job, I had a primary data center that I had to take care of and then I had a number of remote sites. It didn’t really make a whole lot of sense from a business perspective for what was needed such times and from a financial perspective to go ahead and put enterprise plus in all of these hosts across the country.
It just made sense to get the lower tiers in there to give it some of the basic things, like [inaudible 0:41:18], but we didn’t need DRS. There were a number of occasions where we might want to leverage DRS to be able to do things quickly and efficiently in terms of upgrades, so you can actually go in and you can license a host or a cluster up and enable things like DRS to your work, turn DRS off and then license it back down. What I meant by that is you can actually license back down as long as you don’t still have that higher feature enabled.
You want to go ahead and turn off DRS and then license it backed own, otherwise it will throw an error at you. Mike Preston says that he believes he can license it back to evaluations as well. That’s interesting. I don’t think I’ve ever tried that. I guess I probably always assumed that evaluation would stop after the [inaudible 0:42:09]. Okay, as long as it’s still valid. Right.
As long as you’re within your initial eval time, you can always drop it back to eval and then you take it to a license [inaudible 0:42:22] possibly feature restricted version. Hope that made sense to everybody and that I’m not just rambling on and on over here. Some of the other things that are probably here within objective 1.3; update an ESXi host using vCenter update manager. That’s [inaudible 0:42:44] read the upgrade guide. There are some changes from update manager as well as some other changes that are being done from a VMA, a VMware management appliance [inaudible 0:43:04] for what you can … down time and still accomplish the job. Matt says that [inaudible 0:43:48] that have taken the VCP 5 said that it would be good in allocate manager as well. Even if that’s on the exam or not, it’s always good to know the update manager.
I know that there’s also a number of [inaudible 0:43:48] manager which is really powerful if you start thinking about a large vSphere environment and being able to leverage the power of computable, predictable scripting or updating your environment and shuffling VMs around and things like that [inaudible 0:44:20] …
Objective 1.4; secure vCenter server and ESXi. First bullet point is to identify the common vCenter server privileges and roles. I just took the easy way out and say read the security guide. That’s a definite must. Also, even though it’s probably not a core vSphere documentation artifact, it still is critical in your life as a vSphere professional to read the [harding 0:45:00] guide as well. Don’t know if there’s a harding guide out for 5 yet but I know that there’s one for 4.1.
That really points to a lot of design considerations that you’d have as you’re designing a vSphere environment. Just as a general rule, the point that I wanted to make here is that as you’re going through and you might be making changes to roles and privileges and things like that within vCenter server, understand that specific use chases or actions that need to be performed within a vSphere environment, I’d touch various resource objects.
What I mean by that, if you’re going to be assigning the ability to provision a virtual machine to a non-admin or maybe a less than admin user, understand that you’re going to have permissions that apply to the virtual machine, there’s going to be permissions that apply to the resource pool, there are going to be permissions that apply to the data source, permissions that apply to the network, etc. understand what each use case is doing and all the different pieces that an object within a vSphere environment might ouch and need to take a look at or its roles and responsibilities [inaudible 0:46:18].
Nick Marshall says VCP5 tip, don’t forget to freshen up on the older vSphere 4 stuff. He says that he concentrated too much study on just the new vSphere 5 features. I think that points to VMware’s slight alteration in tactic for the certification for vSphere 5 and that is more pointing towards the need to have hands on administration.
The goal here is that you’re actually a certified profession; meaning that you worked with it actively, not that you’ve maybe taken a couple brain dumps and you’re basically a paper VCP. I think that’s’ important because it strengthens the value of the certification for those of us who hold it as well as the value for that certification to secure and possibly improve on the [inaudible 0:46:18] already have. It’s always good that they’re making it sometimes more difficult because it does raise the bar and [inaudible 0:47:28] value within that certification.
Cody Bunch says for permissions, it’s … that’s my earlier point. It’s not always straightforward. I’ve actually had this experience in the “real world” customer side of the table. If you find a role that you think will get something done, chances are, at least in my case, I found that there was something that I missed. You want to make sure that you read and understand the security guide and that you have it available to you within your toolbox of documentation. Understand and describe how permission are applied and inherited within vCenter server.
Permission can propagate. There’s a check box that say propagate down within the tree. Child object permission settings override the inherited ones. A lot like [inaudible 0:48:25] policy or something like that if you’re familiar with that directory. A lot like Windows as well. The most restrictive security always applies. If there’s ever a question of being more permissive or more restrictive, always going to get the more restrictive side.
Jonathan, you mentioned that the data center guide has good examples of what permissions are needed for a number of tasks. I haven’t read all of the vSphere 5 documentation set. Is there a data center guide for vSphere 5 or is that the 4.1 set that I’m thinking of?
I apologize. I think that more folks here are muted than what I had [inaudible 0:49:18]. We had a number of people join since we started and I hadn’t [inaudible 0:49:23] very good at all with unmuting people. Tell you what, if you want to be unmuted, can you guys raise your hand in the webinar interface? I’ll go ahead and get that done. Because I would really like to hear more folks talking than just me. Tim, you’re unmuted. Jason, Paul. Anyone else? If you’re muted and you don’t want to be and you haven’t raised your hand, you’re still going to be muted.
Let’s move forward. Configure and administer the ESXi firewall. That is done through the vSphere client which I’ll show you in a moment. As well as through the VMA. I don’t have the VMA set up here in my [inaudible 0:50:12] environment yet so I can’t show you that, but I can show you what it looks like on the client if you’d like to see. Here on the client, you would go to our good friend, Mr. Configuration Tab. You would scroll down and go to security profile.
I apologize, this is a little bit … the resolution on my windows of clients here is not set up very high. Hopefully you guys can still see what I’m doing here. Here you would actually view your firewall properties or your services. Here you can actually go through and enable it, disable it. there’s different options you can set. This is going to be the start up policy. You can have it start now if you want or start with the host if you want to reboot it. Of course there’s the firewall settings as well as what’s available through the vSphere management appliance.
Hopefully that is helpful to you guys if you haven’t already seen it. There are a number of other services here that if memory serves, are now available with 5 it didn’t used to be there for 4.1 or 3 and 4. Here you can go in and you can [inaudible 0:51:52] your services, you can do your options, start, stop, things like that.
Enable/ configure/ disable services in the firewall. We already covered that. Enable lockdown mode, that can be done through the client as well as to the DCUI. Help me out here. Here it is. Lockdown mode, go to edit, you can lock that down. [inaudible 0:52:23] prevent remote users from logging indirectly to the host so it’s still available through the DCUI or through an authorize centralized [inaudible 0:52:31] such as vCenter. Here’s our good friend Mr. DCUI.
Log in, you can actually go over here to configure our lockdown mode. There’s some other things that aren’t really mentioned on this section of the blueprint but it’s good to know. Down here in your troubleshooting options, you can actually enable the ESXi shell, you can enable SHS, you can modify the shell … and if they do get this far in, then [inaudible 0:53:36]. My lab is the least of my concerns.
Damien: Yes, sir?
Male: Are we to assume now that since there’s no service console, that for the exam they’re not going to be asking us command line settings for turning services on and enabling firewall settings and so forth, like in 4?
Damien: That’s a good question.
Male: They would probably do it the VMA.
Male: Yeah, the commands.
Male: Is that Josh?
Damien: Probably be my guess as well. [crosstalk 0:54:17]. There definitely would not be any ESX questions, although the VCP 5 exam could have vSphere 4 things on it I imagine, but they’re probably not going to talk about ESX at all because that’s [inaudible 0:54:34] product direction and marketing and things like that. You definitely want to make sure that you understand the ESX CLI commands, power CLI, where applicable, as well as the things that are available to VMA. Probably not to the level that you might expect from the [inaudible 0:54:55] VCA exam. But at least have a familiarity with it. [crosstalk 0:55:01]
Male: I would only [inaudible 0:55:01] … I haven’t sat the exam but I would say know the difference between those ESX service console commands and what’s available on the VMA because it could sucker you in with potential answers. They’re not applicable.
Damien: Absolutely. Those [inaudible 0:55:01] questions. You got to know enough to be able to weed out the ones that are wrong. At least narrow down one or two possible answers. Moving on to objective 1.4 within section 1; secure vCenter server and ESXi, configure network security policies. As we all know, there’s a number of different places to enable your network security policies [inaudible 0:55:49] level or group level or group can override switch, etc. It could be done at the uplink level.
That is all available through your good friend, Mr. Configuration Tab, networking, for the virtual standard [inaudible 0:56:08] as well as to the [inaudible 0:56:10] as well. I don’t have any [inaudible 0:56:11] here in my lab. You want to be able to go into the properties of your vSwitch and then set your security properties here. Promiscuous mode, [inaudible 0:56:24] changes, force transmits, etc. All that’s covered within the networking guide as well as within the security and harding guide as well.
Understand what each one means and [inaudible 0:56:36]. Those things are also available through power CLI. I would imagine EXS CLI as well. View/ sort/ export user and group lists. [inaudible 0:56:51] client connection directly to an ESXi host and go to the user and groups tab. Export all of your users and groups here as well as I believe you can go to your vCenter server and do your permissions as well.
Add/ modify/ remove permissions for users and groups on vCenter server inventory objects. That’s’ going to be done through the permissions tab within vCenter or your specific ESXi host through the vCenter client. Apply permissions ESXi host using host profiles. I don’t have that enabled here in the lab but that’s done through the vSphere client connected to the vSPhere server host profile. You need to make sure that you [inaudible 0:57:45] host profile.
Edit your profile, go to security configuration within there. there you can add, configure, make changes, you can require certain security configurations and then you can propagate that back down to the profile. Of course [inaudible 0:57:59] the host or the [inaudible 0:58:03] that you’d like to apply it to. Determining the appropriate set of privileges for common tasks within vCenter server.
I think that that ties back to the previous discussion that we had about roles and permissions and actions being taken on objects and touching different other objects within vSphere and being able to understand the key points that you need to enable, disable, etc. This one [inaudible 0:58:36] for self-study because we’re coming up against the top of the hour and I want to be respectful of everyone’s time. My voice is also starting to hurt a little bit from talking for an hour straight.
Definitely understand the different vSphere additions that are available, understand the different feature tiers that are available between things like enterprise and enterprise plus. Be able to explain ESXi and vCenter server architectures. I believe what [inaudible 0:59:03] about is if you’re going to draw up a logical and a physical architecture diagram of the vSphere [inaudible 0:59:13], be able to know what’s physical, what’s virtual, what’s logical, where the database sits, where services sit, where a hyper visor sits, where does VM sit and those files that actually comprise a VM, where those sit, etc.
Explain private, public and hybrid cloud concepts. Not surprised at all that VMware is just starting to bring cloud into the vSphere 5 certification. It makes a lot of sense considering that this cloud was a big part of the vSphere 5 product launch. It’s good not only for your career because let me tell you, cloudy is a big thing these days. It’s also good from a vSphere point of view to understand the differences between private, public and hybrid. What makes it private versus public, what make sit hybrid, as well as the enabling technologies that can give you the ability to have a hybrid cloud.
From a abstract point of view, it’s easy to say, “We’ve got a hybrid cloud and workload is increasing so we can push this application from our private cloud out into an external service provider and voila, we’ve got a hybrid cloud.” That’s sounds really cool and great but technology is not yet at the point where we can do … not without a lot of money and a lot of very specific technical restrictions. We’re not really at the point where we can live migrate live workloads across network boundaries and from private to public clouds.
There’s a lot of interaction between storage, between [inaudible 1:01:09] on that VM as well as the networking to be able to get to that VM. That being said, going around the trail, be able to explain the different cloud concepts and at least have a general understanding of what public, private and hybrid [inaudible 1:01:24] and of course be able to determine your appropriate vSphere edition [inaudible 1:01:28] requirements. …
Before I run out of voice here, thank you very much. I will have someone far better and far more entertaining than myself next week to talk about section 2 of the [inaudible 1:04:26] 5 blueprint. Have a great week everyone. Talk to you guys soon.
Male: Thanks, Damien. We appreciate it.
Male: Good job buddy.
Damien: Thank you, good night.
Male: Thanks a lot.
Male: Good night guys.
Next Transcript in This Series
Proceed to the next transcript: VCP5-DCV: Objective 2 – Plan and Configure vSphere Networking