Vi3!35!25 u2 3i Server Config

8/14/2019 Vi3!35!25 u2 3i Server Config

1/214

ESX Server 3i Configuration GuideUpdate 2 and later for

ESX Server 3i version 3.5 and VirtualCenter 2.5


2/214

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

2 VMware, Inc.

ESX Server 3i Configuration Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

[email protected]

20072009 VMware, Inc. All rights reserved. This product is protected by U.S. and internationalcopyright and intellectual property laws. VMware products are covered by one or more patents listedat http://www.vmware.com/go/patents.

VMware, the VMware boxes logo and design, Virtual SMP, and VMotion are registered trademarks ortrademarks of VMware, Inc. in the United States and/or other jurisdictions. All other marks and namesmentioned herein may be trademarks of their respective companies.


Revision: 20090313Item: EN-000032-03
http://www.vmware.com/supportmailto:[email protected]:[email protected]://www.vmware.com/supporthttp://www.vmware.com/support/


3/214

VMware, Inc. 3

Contents

AboutThisBook 9

1 Introduction 13Networking 14

Storage 14

Security 15

Networking

2 Networking 19NetworkingConcepts 20

ConceptsOverview 20

VirtualSwitches 21

PortGroups 24

NetworkServices 24

ViewingNetworking

Information

in

the

VI Client 24

VirtualNetworkConfigurationforVirtualMachines 26

VMkernelNetworkingConfiguration 28

TCP/IPStackattheVMkernelLevel 29

3 AdvancedNetworking 31VirtualSwitchConfiguration 32

VirtualSwitch

Properties 32

EditingVirtualSwitchProperties 32

CiscoDiscoveryProtocol 35

VirtualSwitchPolicies 36

Layer2SecurityPolicy 37

TrafficShapingPolicy 38

LoadBalancingandFailoverPolicy 40

PortGroupConfiguration 42DNSandRouting 43


4/214


4 VMware, Inc.

TCPSegmentationOffloadandJumboFrames 44

EnablingTSO 44

EnablingJumboFrames 45

NetQueueandNetworkingPerformance 46

SettingUpMACAddresses 48

MACAddressesGeneration 48

SettingMACAddresses 49

UsingMACAddresses 50

NetworkingTipsandBestPractices 50

NetworkingBestPractices 50

MountingNFSVolumes 51

NetworkingTips 51

NetworkingTroubleshooting 52

TroubleshootingPhysicalSwitchConfiguration 52

TroubleshootingPortGroupConfiguration 52

Storage

4 IntroductiontoStorage 55StorageOverview 56

TypesofPhysicalStorage 56

LocalStorage 57

NetworkedStorage 58

SupportedStorageAdapters 59

Datastores 59

VMFSDatastores 60

CreatingandGrowingVMFSDatastores 60

ConsiderationswhenCreatingVMFSDatastores 61

SharingaVMFSVolumeAcrossESXServer3iSystems 62

NFSDatastore 63

HowVirtualMachinesAccessStorage 63

ComparingTypesofStorage 64

ViewingStorageInformationintheVMwareInfrastructureClient 65

DisplayingDatastores 65

UnderstandingStorageDeviceNamingintheDisplay 67

ViewingStorageAdapters 68

ConfiguringandManagingStorage 69


5/214

VMware, Inc. 5

Contents

5 ConfiguringStorage 71LocalStorage 72

AddingLocal

Storage 72

FibreChannelStorage 74

AddingFibreChannelStorage 75

iSCSIStorage 76

iSCSIInitiators 76

NamingRequirements 78

DiscoveryMethods 78

iSCSISecurity 79

ConfiguringHardwareiSCSIInitiatorsandStorage 79

InstallingandViewingHardwareiSCSIInitiators 79

ConfiguringHardwareiSCSIInitiators 81

AddingiSCSIStorageAccessibleThroughHardwareInitiators 86

ConfiguringSoftwareiSCSIInitiatorsandStorage 87

ViewingSoftwareiSCSIInitiators 87

ConfiguringSoftwareiSCSIInitiators 89

AddingiSCSIStorageAccessibleThroughSoftwareInitiators 91

PerformingaRescan 92

NetworkAttachedStorage 93

HowVirtualMachinesUseNFS 93

NFSVolumesandVirtualMachineDelegateUsers 94

ConfiguringESXServer3itoAccessNFSVolumes 95

CreatinganNFSBasedDatastore 95

CreatingaDiagnosticPartition 95

6 ManagingStorage 99ManagingDatastores 99

EditingVMFSDatastores 101

UpgradingDatastores 101

Changing

the

Names

of

Datastores 102AddingExtentstoDatastores 102

ManagingMultiplePaths 103

MultipathingwithLocalStorageandFibreChannelSAN 104

MultipathingwithiSCSISAN 106

ViewingtheCurrentMultipathingStatus 107

SettingMultipathingPoliciesforLUNs 109

DisablingPaths 110

ThevmkfstoolsCommands 110


6/214


6 VMware, Inc.

7 RawDeviceMapping 111AboutRawDeviceMapping 111

Benefitsof

Raw

Device

Mapping 113LimitationsofRawDeviceMapping 116

RawDeviceMappingCharacteristics 117

VirtualCompatibilityModeComparedtoPhysicalCompatibilityMode 117

DynamicNameResolution 119

RawDeviceMappingwithVirtualMachineClusters 120

ComparingRawDeviceMappingtoOtherMeansofSCSIDeviceAccess 120

ManagingMappedLUNs 121

VMwareInfrastructureClient 121

CreatingVirtualMachineswithRDMs 121

ManagingPathsforaMappedRawLUN 123

ThevmkfstoolsUtility 124

Security

8 SecurityforESXServer3iSystems 127ESXServer3iArchitectureandSecurityFeatures 128

SecurityandtheVirtualizationLayer 128

SecurityandVirtualMachines 129

SecurityandtheVirtualNetworkingLayer 131

SecurityResourcesandInformation 137

9 SecuringanESXServer3iConfiguration 139SecuringtheNetworkwithFirewalls 139

FirewallsforConfigurationswithaVirtualCenterServer 140

FirewallsforConfigurationsWithoutaVirtualCenterServer 143

TCPandUDPPortsforManagementAccess 144

ConnectingtoVirtualCenterServerThroughaFirewall 146

ConnectingtotheVirtualMachineConsoleThroughaFirewall 146

ConnectingESXServer3iHostsThroughFirewalls 148

ConfiguringFirewallsforSupportedServicesandManagementAgents 148


7/214


8/214


8 VMware, Inc.

11 SecurityDeploymentsandRecommendations 187SecurityApproachesforCommonESXServer3iDeployments 187

Single

Customer

Deployment 188MultipleCustomerRestrictedDeployment 189

MultipleCustomerOpenDeployment 190

ESXServer3iLockdownMode 192

VirtualMachineRecommendations 193

InstallingAntivirusSoftware 193

DisablingCopyandPasteOperationsBetweentheGuestOperatingSystemandRemoteConsole 193

RemovingUnnecessaryHardwareDevices 195

LimitingGuestOperatingSystemWritestoHostMemory 196

ConfiguringLoggingLevelsfortheGuestOperatingSystem 199

Index 203


9/214

VMware, Inc. 9

Thismanual,theESXServer3iConfigurationGuide,providesinformationonhowto

configurenetworkingforESXServer3i,includinghowtocreatevirtualswitchesand

portsandhowtosetupnetworkingforvirtualmachines,VMotion,andIPstorage.It

alsocoversconfiguringfilesystemandvarioustypesofstoragesuchasiSCSI,FibreChannel,andsoforth.TohelpyouprotectyourESXServer3i,theguideprovidesa

discussionofsecurityfeaturesbuiltintoESXServer3iandthemeasuresyoucantake

tosafeguarditfromattack.Inaddition,itincludesalistofESXServer3itechnical

supportcommandsalongwiththeirVMwareInfrastructureClient(VIClient)

equivalentsandadescriptionofthevmkfstoolsutility.

TheESXServer3iConfigurationGuidecoversESXServer3iversion3.5.Toreadabout

ESX Server 3.5,seehttp://www.vmware.com/support/pubs/vi_pubs.html .

Foreaseofdiscussion,thisbookusesthefollowingproductnamingconventions:

FortopicsspecifictoESXServer3.5,thisbookusesthetermESXServer3.

FortopicsspecifictoESXServer3iversion3.5,thisbookusestheterm

ESX Server 3i.

Fortopics

common

to

both

products,

this

book

uses

the

term

ESX

Server.

Whentheidentificationofaspecificreleaseisimportanttoadiscussion,thisbook

referstotheproductbyitsfull,versionedname.

WhenadiscussionappliestoallversionsofESXServerforVMwareInfrastructure

3,thisbookusesthetermESXServer3.x.

About This Book
http://www.vmware.com/support/pubs/vi_pubs.htmlhttp://www.vmware.com/support/pubs/vi_pubs.html


10/214


10 VMware, Inc.

Intended Audience

ThismanualisintendedforanyonewhoneedstouseESXServer3i.Theinformationin

thismanualiswrittenforexperiencedWindowsorLinuxsystemadministratorswhoarefamiliarwithvirtualmachinetechnologyanddatacenteroperations.

Document Feedback

VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhave

comments,sendyourfeedbackto:

[email protected]

VMware Infrastructure Documentation

TheVMwareInfrastructuredocumentationconsistsofthecombinedVMware

VirtualCenterandESXServerdocumentationset.

Abbreviations Used in FiguresThefiguresinthismanualusetheabbreviationslistedinTable 1.

Technical Support and Education Resources

Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.You

canaccess

the

most

current

versions

of

this

manual

and

other

books

by

going

to:

http://www.vmware.com/support/pubs

Table 1. Abbreviations

Abbreviation Description

database VirtualCenterdatabase

datastore Storageforthemanagedhost

dsk# Storagediskforthemanagedhost

hostn VirtualCentermanagedhosts

SAN Storageareanetworktypedatastoresharedbetweenmanagedhosts

tmplt Template

user# Userwithaccesspermissions

VC VirtualCenter

VM# Virtualmachinesonamanagedhost
mailto:[email protected]://www.vmware.com/support/pubsmailto:[email protected]://www.vmware.com/support/pubs


11/214

VMware, Inc. 11

About This Book

Online and Telephone Support

Useonlinesupporttosubmittechnicalsupportrequests,viewyourproductand

contractinformation,andregisteryourproducts.Gotohttp://www.vmware.com/support.

Customerswithappropriatesupportcontractsshouldusetelephonesupportforthe

fastestresponseonpriority1issues.Goto

http://www.vmware.com/support/phone_support.html.

Support Offerings

FindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds.Goto

http://www.vmware.com/support/services.

VMware Professional Services

VMwareEducationServicescoursesofferextensivehandsonlabs,casestudy

examples,andcoursematerialsdesignedtobeusedasonthejobreferencetools.

Coursesareavailableonsite,intheclassroom,andliveonline.Foronsitepilot

programs andimplementationbestpractices,VMwareConsultingServicesprovides

offeringsto helpyouassess,plan,build,andmanageyourvirtualenvironment.To

accessinformationabouteducationclasses,certificationprograms,andconsulting

services,gotohttp://www.vmware.com/services.
http://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://www.vmware.com/services/http://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/supporthttp://www.vmware.com/services/


12/214


12 VMware, Inc.


13/214

VMware, Inc. 13

1

TheESXServer3iConfigurationGuidedescribesthetasksyouneedtocompleteto

configureESXServer3ihostnetworking,storage,andsecurity.Inaddition,itprovides

overviews,recommendations,andconceptualdiscussionstohelpyouunderstand

thesetasksandhowtodeployanESXServer3ihosttomeetyourneeds.BeforeusingtheinformationintheESXServer3iConfigurationGuide,readtheIntroductiontoVMware

Infrastructureforanoverviewofsystemarchitectureandthephysicalandvirtual

devicesthatmakeupaVMwareInfrastructuresystem.

Thisintroductionsummarizesthecontentsofthisguidesothatyoucanfindthe

informationyouneed.Thisguidecoversthesesubjects:

ESXServer

3i

network

configurations

ESXServer3istorageconfigurations

ESXServer3isecurityfeatures

Introduction

1


14/214


14 VMware, Inc.

Networking

TheESXServer3inetworkingchaptersprovideyouwithaconceptualunderstanding

ofphysicalandvirtualnetworkconcepts,adescriptionofthebasictasksyouneedtocompletetoconfigureyourESXServer3ihostsnetworkconnections,andadiscussion

ofadvancednetworkingtopicsandtasks.Thenetworkingsectioncontainsthe

followingchapters:

NetworkingIntroducesyoutonetworkconceptsandguidesyouthroughthe

mostcommontasksyouneedtocompletewhensettingupthenetworkforthe

ESX Server3ihost.

AdvancedNetworkingCoversadvancednetworkingtaskssuchassettingup

MACaddresses,editingvirtualswitchesandports,andDNSrouting.Inaddition,

itprovidestipsonmakingyournetworkconfigurationmoreefficient.

Storage

TheESXServer3istoragechaptersprovideyouwithabasicunderstandingofstorage,

adescriptionofthebasictasksyouperformtoconfigureandmanageyour

ESX Server 3ihostsstorage,andadiscussionofhowtosetuprawdevicemapping.The

storagesectioncontainsthefollowingchapters:

IntroductiontoStorageIntroducesyoutothetypesofstoragedevicesyoucan

usetoconfigurestoragefortheESXServer3ihost.ItalsoaddressesVMFSandNFS

datastoresyoucandeployforyourstorageneeds.

ConfiguringStorage

Explains

how

to

configure

local

storage,

Fibre

Channel

storage,iSCSIstorage,andNASstorage.

ManagingStorageExplainshowtomanageexistingdatastoresandthefile

systemsthatcomprisedatastores.

RawDeviceMappingDiscussesrawdevicemapping,howtoconfigurethistype

ofstorage,andhowtomanagerawdevicemappingsbysettingupmultipathing,

failover,andsoforth.


15/214

VMware, Inc. 15

Chapter 1 Introduction

Security

TheESXServer3isecuritychaptersdiscusssafeguardsVMwarehasbuiltinto

ESX Server3iandmeasuresyoucantaketoprotectyourESXServer3ihostfromsecuritythreats.Thesemeasuresincludeusingfirewalls,leveragingthesecurity

featuresofvirtualswitches,andsettingupuserauthentication andpermissions.The

securitysectioncontainsthefollowingchapters:

SecurityforESXServer3iSystemsIntroducesyoutotheESXServer3ifeatures

thathelpyouensureasecureenvironmentforyourdataandgivesyouan

overviewofsystemdesignasitrelatestosecurity.

SecuringanESXServer3iConfigurationExplainshowtoconfigurefirewallports

forESXServer3ihostsandVMwareVirtualCenter,howtousevirtualswitches

andVLANstoensurenetworkisolationforvirtualmachines,andhowtosecure

iSCSIstorage.

AuthenticationandUserManagementDiscusseshowtosetupusers,groups,

permissions,androlestocontrolaccesstoESXServer3ihostsandVirtualCenter.

Italso

discusses

encryption

and

delegate

users.

SecurityDeploymentsandRecommendationsProvidessomesample

deploymentstogiveyouanideaoftheissuesyouneedtoconsiderwhensetting

upyourownESXServer3ideployment.Thischapteralsotellsyouaboutactions

youcantaketofurthersecurevirtualmachines.


16/214


16 VMware, Inc.


17/214

VMware, Inc. 17

Networking


18/214


18 VMware, Inc.


19/214

VMware, Inc. 19

2

ThischapterguidesyouthroughthebasicconceptsofnetworkingintheESX Server3i

environmentandhowtosetupandconfigureanetworkinavirtualinfrastructure

environment.

UsetheVMwareInfrastructureClient(VIClient)toaddnetworkingbasedontwo

categoriesthatreflectthetwotypesofnetworkservices:

Virtualmachines

VMkernel

Thischapterdiscussesthefollowingtopics:

NetworkingConcepts

on

page 20

NetworkServicesonpage 24

ViewingNetworkingInformationintheVI Clientonpage 24

VirtualNetworkConfigurationforVirtualMachinesonpage 26

VMkernelNetworkingConfigurationonpage 28

Networking

2

ESX S 3i C fi ti G id


20/214


20 VMware, Inc.

Networking Concepts

Afewconceptsareessentialtoathoroughunderstandingofvirtualnetworking.Ifyou

arenew

to

ESX

Server

3i,

VMware

recommends

you

read

this

section.

Concepts Overview

Aphysicalnetworkisanetworkofphysicalmachinesthatareconnectedsothattheycan

senddatatoandreceivedatafromeachother.VMwareESX Server3irunsonaphysical

machine.

Avirtual

network

is

anetwork

of

virtual

machines

running

on

asingle

physical

machine

thatareconnectedlogicallytoeachothersothattheycansenddatatoandreceivedata

fromeachother.Virtualmachinescanbeconnectedtothevirtualnetworksthatyou

createintheproceduretoaddanetwork.Eachvirtualnetworkisservicedbyasingle

virtualswitch.Avirtualnetworkcanbeconnectedtoaphysicalnetworkbyassociating

oneormorephysicalEthernetadapters,alsoreferredtoasuplinkadapters,withthe

virtualnetworksvirtualswitch.Ifnouplinkadaptersareassociatedwiththevirtual

switch,alltrafficonthevirtualnetworkisconfinedwithinthephysicalhostmachine.

Ifoneormoreuplinkadaptersareassociatedwiththevirtualswitch,virtualmachines

connectedtothatvirtualnetworkarealsoabletoaccessthephysicalnetworks

connectedtotheuplinkadapters.

AphysicalEthernetswitchmanagesnetworktrafficbetweenmachinesonthephysical

network.Aswitchhasmultipleports,eachofwhichcanbeconnectedtoasingleother

machineoranotherswitchonthenetwork.Eachportcanbeconfiguredtobehavein

certain

ways

depending

on

the

needs

of

the

machine

connected

to

it.

The

switch

learns

whichhostsareconnectedtowhichofitsportsandusesthatinformationtoforward

traffictothecorrectphysicalmachines.Switchesarethecoreofaphysicalnetwork.

Multipleswitchescanbeconnectedtogethertoformlargernetworks.

Avirtualswitch,vSwitch,worksmuchlikeaphysicalEthernetswitch.Itdetectswhich

virtualmachinesarelogicallyconnectedtoeachofitsvirtualportsandusesthat

informationtoforwardtraffictothecorrectvirtualmachines.AvSwitchcanbe

connectedto

physical

switches

using

physical

Ethernet

adapters,

also

referred

to

as

uplinkadapters,tojoinvirtualnetworkswithphysicalnetworks.Thistypeof

connectionissimilartoconnectingphysicalswitchestogethertocreatealarger

network.EventhoughavSwitchworksmuchlikeaphysicalswitch,itdoesnothave

someoftheadvancedfunctionalityofaphysicalswitch.SeeVirtualSwitcheson

page 21.

Chapter 2 Networking


21/214

VMware, Inc. 21


Aportgroupspecifiesportconfigurationoptionssuchasbandwidthlimitationsand

VLANtaggingpoliciesforeachmemberport.NetworkservicesconnecttovSwitches

throughportgroups.PortgroupsdefinehowaconnectionismadethroughthevSwitch

tothenetwork.Intypicaluse,oneormoreportgroupsisassociatedwithasinglevSwitch.SeePortGroupsonpage 24.

NICteamingoccurswhenmultipleuplinkadaptersareassociatedwithasinglevSwitch

toformateam.Ateamcaneithersharetheloadoftrafficbetweenphysicalandvirtual

networksamongsomeorallofitsmembersorprovidepassivefailoverintheeventof

ahardwarefailureoranetworkoutage.

VLANsenable

asingle

physical

LAN

segment

to

be

further

segmented

so

that

groups

ofportsareisolatedfromoneanotherasiftheywereonphysicallydifferentsegments.

802.1Qisthestandard.

TheVMkernelTCP/IPnetworkingstackprovidesnetworkconnectivityforan

ESX Server 3ihostandsupportsiSCSI,NFS,andVMotion.Virtualmachinesruntheir

ownsystemsTCP/IPstacks,andconnecttotheVMkernelattheEthernetlevelthrough

virtualswitches.

TCPsegmentationoffload,TSO,allowsaTCP/IPstacktoemitverylargeframes(upto

64k)eventhoughthemaximumtransmissionunit(MTU)oftheinterfaceissmaller.The

networkadapterthenchopsthelargeframeupintoMTUsizedframesandprepends

anadjustedcopyoftheinitialTCP/IPheaders.SeeTCPSegmentationOffloadand

JumboFramesonpage 44.

MigrationwithVMotionenablesapoweredonvirtualmachinetobetransferredfrom

oneESX Server3ihosttoanotherwithoutshuttingdownthevirtualmachine.

The optionalVMotionfeaturerequiresitsownlicensekey.

Virtual Switches

VMwareInfrastructureletsyou,throughtheVMwareInfrastructureClientordirectSDKAPIs,createabstractednetworkdevicescalledvirtualswitches(vSwitches).A

vSwitchcanroutetrafficinternallybetweenvirtualmachinesandlinktoexternal

networks.

NOTE ThenetworkingchapterscoverhowtosetupnetworkingforiSCSIandNFS.

To configurethestorageportionofiSCSIandNFS,seethestoragechapters.

NOTE Youcancreateamaximumof127vSwitchesonasinglehost.



22/214


22 VMware, Inc.

Usevirtualswitchestocombinethebandwidthofmultiplenetworkadaptersand

balancecommunicationstrafficamongthem.Youcanalsoconfigurethemtohandle

physicalNICfailover.

AvSwitchmodelsaphysicalEthernetswitch.Thedefaultnumberoflogicalportsfora

vSwitchis56.However,youcancreateavSwitchwithupto1016portsinESX Server 3i.

Youcanconnectonenetworkadapterofavirtualmachinetoeachport.Eachuplink

adapterassociatedwithavSwitchusesoneport.EachlogicalportonthevSwitchisa

memberofasingleportgroup.EachvSwitchcanalsohaveoneormoreportgroups

assignedtoit.SeePortGroupsonpage 24.

Beforeyou

can

configure

virtual

machines

to

access

anetwork,

you

must

take

the

followingsteps:

1 CreateavSwitchandconfigureittoconnecttothephysicaladapter(s)onthehost

forthephysicalnetwork.

2 CreateavirtualmachineportgroupconnectedtothatvSwitchandgiveitaname

bywhichitwillbereferencedduringvirtualmachineconfiguration.

Whentwo

or

more

virtual

machines

are

connected

to

the

same

vSwitch,

network

traffic

betweenthemisroutedlocally.IfanuplinkadapterisattachedtothevSwitch,each

virtualmachinecanaccesstheexternalnetworkthattheadapterisconnectedtoas

showninFigure 21.

Figure 2-1. Virtual Switch Connections

IntheVI Client,thedetailsfortheselectedvSwitcharepresentedasaninteractive

diagramasshowninFigure 22.ThemostimportantinformationforeachvSwitchisalwaysvisible.


23/214



24/214

24 VMware, Inc.

Port Groups

Portgroupsaggregatemultipleportsunderacommonconfigurationandprovidea

stableanchor

point

for

virtual

machines

connecting

to

labeled

networks.

Each

port

groupisidentifiedbyanetworklabel,whichisuniquetothecurrenthost.

AVLANID,whichrestrictsportgrouptraffictoalogicalEthernetsegmentwithinthe

physicalnetwork,isoptional.

Networklabels

are

used

to

make

virtual

machine

configuration

portable

across

hosts.

Allportgroupsinadatacenterthatarephysicallyconnectedtothesamenetwork

(in thesensethateachcanreceivebroadcastsfromtheothers)shouldbegiventhesame

label.Conversely,iftwoportgroupscannotreceivebroadcastsfromeachother,they

shouldbegivendistinctlabels.

IfyouuseVLANIDs,youwillneedtochangeportgrouplabelsandVLANIDs

togethersothatthelabelsstillproperlyrepresentconnectivity.

Network Services

YouneedtoenabletwotypesofnetworkservicesinESX Server 3i:

Connectingvirtualmachinestothephysicalnetwork

ConnectingVMkernelservices(suchasNFS,iSCSI,orVMotion)tothephysical

network

Viewing Networking Information in the VI Client

TheVIClientdisplaysbothgeneralnetworkinginformationandinformationspecific

tonetworkadapters.

To view general networking information in the VI Client

1 LogontotheVMwareVI Clientandselecttheserverfromtheinventorypanel.

2 ClicktheConfigurationtab,andclickNetworking.

NOTE Youcancreateamaximumof512portgroupsonasinglehost.

NOTE ForaportgrouptoreachportgroupslocatedonotherVLANs,youmustsetthe

VLANIDto4095.



25/214

VMware, Inc. 25

Figure 2-4. General Networking Information

To view network adapter information in the VI Client

1 LogintotheVMwareVI Clientandselecttheserverfromtheinventorypanel.

Thehardwareconfigurationpageforthisserverappears.

2 ClicktheConfigurationtab,andclickNetworkAdapters.

Thenetworkadapterspaneldisplaysthefollowinginformation:

DeviceNameofthenetworkadapter

SpeedActualspeedandduplexofthenetworkadapter

ConfiguredConfiguredspeedandduplexofthenetworkadapter

vSwitchvSwitchthatthenetworkadapterisassociatedwith

ObservedIPrangesIPaddressesthatthenetworkadapterhasaccessto

WakeonLANsupportedNetworkadapterabilitytosupportWakeonLAN

IP address

vSwitch

VM network properties pop-up window

network adapterport group



26/214

26 VMware, Inc.

Virtual Network Configuration for Virtual Machines

TheVI ClientAddNetworkWizardstepsyouthroughthetaskstocreateavirtual

networkto

which

virtual

machines

can

connect.

These

tasks

include:

Settingtheconnectiontypeforavirtualmachine

AddingthevirtualnetworktoaneworanexistingvSwitch

ConfiguringtheconnectionsettingsforthenetworklabelandtheVLANID

Forinformationonconfiguringnetworkconnectionsforanindividualvirtualmachine,

seetheBasicSystemAdministrationGuide.

Whensettingupvirtualmachinenetworks,considerwhetheryouwanttomigratethe

virtualmachinesinthenetworkbetweenESXServer3ihosts.Ifso,besurethatboth

hostsareinthesamebroadcastdomainthatis,thesameLayer2subnet.

ESXServer3idoesntsupportvirtualmachinemigrationbetweenhostsindifferent

broadcastdomainsbecausethemigratedvirtualmachinemightrequiresystemsand

resourcesthatitwouldnolongerhaveaccesstobyvirtueofbeingmovedtoaseparate

network.Evenifyournetworkconfigurationissetupasahighavailabilityenvironmentorincludesintelligentswitchescapableofresolvingthevirtualmachines

needsacrossdifferentnetworks,youmayexperiencelagtimesastheARPtable

updatesandresumesnetworktrafficforthevirtualmachines.

Virtualmachinesreachphysicalnetworksthroughuplinkadapters.AvSwitchisable

totransferdataonlytoexternalnetworkswhenoneormorenetworkadaptersare

attachedtoit.WhentwoormoreadaptersareattachedtoasinglevSwitch,theyare

transparentlyteamed.



27/214

VMware, Inc. 27

To create or add a virtual network for a virtual machine

1 LogontotheVMwareVI Clientandselecttheserverfromtheinventorypanel.



Virtualswitchesarepresentedinanoverviewplusdetailslayout.

3 Ontherightsideofthescreen,clickAddNetworking.

TheAddNetworkWizardappears.

4 Acceptthedefaultconnectiontype,VirtualMachines.

VirtualMachinesletsyouaddalabelednetworktohandlevirtualmachine

networktraffic.

5 ClickNext.

6 SelectCreateavirtualswitch.

YoucancreateanewvSwitchwithorwithoutEthernetadapters.

IfyoucreateavSwitchwithoutphysicalnetworkadapters,alltrafficonthat

vSwitchisconfinedtothatvSwitch.Nootherhostsonthephysicalnetworkor

virtualmachinesonothervSwitcheswillbeabletosendorreceivetrafficoverthis

vSwitch.

ChangesappearinthePreviewpane.

NOTE TheAddNetworkWizardisreusedfornewportsandportgroups.



28/214

28 VMware, Inc.

7 ClickNext.

8 UnderPortGroupProperties,enteranetworklabelthatidentifiestheportgroup

thatyouarecreating.

Usenetworklabelstoidentifymigrationcompatibleconnectionscommontotwo

ormorehosts.

9 IfyouareusingaVLAN,intheVLANIDfield,enteranumberbetween

1 and 4094.

Ifyouareunsureaboutwhattoenter,leavethisblankoraskyournetwork

administrator.Ifyouenter0orleavethefieldblank,theportgroupcanseeonlyuntagged

(nonVLAN)traffic.Ifyouenter4095,theportgroupcanseetrafficonanyVLAN

whileleavingtheVLANtagsintact.

10 ClickNext.

11 AfteryoudeterminethatthevSwitchisconfiguredcorrectly,clickFinish.

VMkernel Networking Configuration

InESX Server 3i,theVMkernelnetworkinginterfaceprovidesnetworkconnectivityfor

theESX Server 3ihostaswellashandlingVMotionandIPstorage.

Movingavirtualmachinefromonehosttoanotheriscalledmigration.Migratinga

poweredonvirtualmachineiscalledVMotion.MigrationwithVMotion,letsyou

migratevirtualmachineswithnodowntime.YourVMkernelnetworkingstackmustbe

setupproperlytoaccommodateVMotion.

IPStoragereferstoanyformofstoragethatusesTCP/IPnetworkcommunicationasits

foundation,whichincludesiSCSIandNFSforESX Server3i.Becausebothofthese

storagetypesarenetworkbased,bothtypescanusethesameVMkernelinterfaceport

group.

ThenetworkservicesprovidedbytheVMkernel(iSCSI,NFS,andVMotion)usea

TCP/IPstackintheVMkernel.EachoftheseTCP/IPstacksaccessesvariousnetworks

byattachingtooneormoreportgroupsononeormorevSwitches.

NOTE Toenablefailover(NICteaming),bindtwoormoreadapterstothesame

switch.Ifoneuplinkadapterisnotoperational,networktrafficisroutedtoanother

adapterattachedtotheswitch.NICteamingrequiresbothEthernetdevicestobe

onthesameEthernetbroadcastdomain.



29/214

VMware, Inc. 29

TCP/IP Stack at the VMkernel Level

TheVMwareVMkernelTCP/IPnetworkingstackhasbeenextendedtohandleiSCSI,

NFS,

and

VMotion

in

the

following

ways: iSCSIasavirtualmachinedatastore.

iSCSIforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto

virtualmachines.

NFSasavirtualmachinedatastore.

NFSforthedirectmountingof.ISOfiles,whicharepresentedasCDROMsto

virtualmachines.

MigrationwithVMotion.

To set up the VMkernel

1 Logon

to

the

VMware

VI Client

and

select

the

server

from

the

inventory

panel.



3 ClicktheAddNetworkinglink.

TheAddNetworkWizardappears.

4 SelectVMkernel

and

click

Next.

TheNetworkAccesspageappears.

5 SelectthevSwitchtouse,orclickCreateavirtualswitchtocreateanewvSwitch.

6 SelectthecheckboxesforthenetworkadaptersyourvSwitchwilluse.

YourchoicesappearinthePreviewpane.

Selectadapters

for

each

vSwitch

so

that

virtual

machines

or

other

services

that

connectthroughtheadaptercanreachthecorrectEthernetsegment.Ifnoadapters

appearunderCreateanewvirtualswitch,allthenetworkadaptersinthesystem

arebeingusedbyexistingvSwitches.YoucaneithercreateanewvSwitchwithout

anetworkadapterorselectanetworkadapterusedbyanexistingvSwitch.

ForinformationonmovingnetworkadaptersbetweenvSwitches,seeToadd

uplinkadaptersonpage 33.

NOTE ESXServer3isupportsonlyNFSversion3overTCP/IP.



30/214

30 VMware, Inc.

7 ClickNext.

TheConnectionSettingspageappears.

8 UnderPort

Group

Properties,

select

or

enter

anetwork

label

and

aVLAN

ID.

NetworkLabelAnamethatidentifiestheportgroupthatyouarecreating.

Thisisthelabelthatyouspecifywhenconfiguringavirtualadaptertobe

attachedtothisportgroup,whenyouconfigureVMkernelservices,suchas

VMotionandIPstorage.

VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill

use.

9 SelecttheUsethisportgroupforVMotioncheckboxtoenablethisportgroupto

advertiseitselftoanotherESX Server3iasthenetworkconnectionwhereVMotion

trafficshouldbesent.

YoucanenablethispropertyforonlyoneVMotionandIPstorageportgroupfor

eachESX Server 3ihost.Ifthispropertyisnotenabledforanyportgroup,

migrationwithVMotiontothishostisnotpossible.

10 EntertheIPAddressandSubnetMask,orselectObtainIPsettingautomatically

fortheIPaddressandsubnetmask.

11 ClickEdittosettheVMkernelDefaultGateway.

TheDNSandRoutingConfigurationdialogboxappears.UndertheDNS

Configurationtab,thenameofthehostisenteredintothenamefieldbydefault.

TheDNS

server

addresses

that

were

specified

during

installation

are

also

preselectedasisthedomain.

UndertheRoutingtab,entergatewayinformationfortheVMkernel.Agatewayis

neededifconnectivitytomachinesnotonthesameIPsubnetastheVMkernel.

StaticIPsettingsisthedefault.

12 ClickOKtosaveyourchangesandclosetheDNSConfigurationandRouting

dialogbox.

13 ClickNext.

14 UsetheBackbuttontomakeanychanges.

15 ReviewyourchangesontheReadytoCompletepageandclickFinish.


31/214

VMware, Inc. 31

3

ThischapterguidesyouthroughadvancednetworkingtopicsinanESX Server 3i

environmentandhowtosetupandchangeadvancednetworkingconfiguration

options.

Thischapterdiscussesthefollowingtopics:

VirtualSwitchConfigurationonpage 32

PortGroupConfigurationonpage 42

DNSandRoutingonpage 43

TCPSegmentationOffloadandJumboFramesonpage 44

ToenableJumboFramesupportonavirtualmachineonpage 45

NetQueueandNetworkingPerformanceonpage 46

SettingUpMACAddressesonpage 48

NetworkingTipsandBestPracticesonpage 50

NetworkingTroubleshootingonpage 52

Advanced Networking 3



32/214

32 VMware, Inc.

Virtual Switch Configuration

Thissectionguidesyouthroughconfiguringvirtualswitchpropertiesandnetworking

policiesset

at

the

virtual

switch

level.

Virtual Switch Properties

VirtualswitchsettingscontrolvSwitchwidedefaultsforports,whichcanbe

overriddenbyportgroupsettingsforeachvSwitch.

Editing Virtual Switch Properties

EditingvSwitchpropertiesconsistsof:

Configuringports

Configuringtheuplinknetworkadapters

To edit the number of ports for a vSwitch

1 LogintotheVMwareVI Client,andselecttheserverfromtheinventorypanel.



3 Ontherightsideofthewindow,findthevSwitchthatyouwanttoedit,andclick

PropertiesforthatvSwitch.

4 ClickthePortstab.

5 SelectthevSwitchitemintheConfigurationlistandclickEdit.

6 ClicktheGeneraltabtosetthenumberofports.

7 Choosethenumberofportsyouwanttousefromthedropdownmenu.

8 ClickOK.

To configure the uplink network adapter by changing its speed



2 ClicktheConfigurationtabandclickNetworking.

3 SelectavSwitchandclickProperties.

4 Inthe

vSwitch

Propertiesdialog

box,

click

the

Network

Adapterstab.

Chapter 3 Advanced Networking


33/214

VMware, Inc. 33

5 Tochangetheconfiguredspeedandduplexvalueofanetworkadapter,selectthe

networkadapterandclickEdit.

TheStatusdialogboxappears.ThedefaultisAutonegotiate,whichisusuallythe

correctchoice.

6 Toselecttheconnectionspeedmanually,selectthespeed/duplexfromthe

dropdownmenu.

Choosetheconnectionspeedmanuallyifthenetworkadapterandaphysical

switchmightfailtonegotiatetheproperconnectionspeed.Symptomsof

mismatchedspeedandduplexincludelowbandwidthornolinkconnectivityat

all.

Theadapterandthephysicalswitchportitisconnectedtomustbesettothesame

value,thatis,auto/autoorND/NDwhereNDissomespeedandduplex,butnot

auto/ND.

7 ClickOK.

To add uplink adapters





4 InthePropertiesdialogboxforthevSwitch,clicktheNetworkAdapterstab.

5 ClickAddtolaunchtheAddAdapterWizard.

YoucanassociatemultipleadapterstoasinglevSwitchtoprovideNICteaming.

Suchateamcansharetrafficandprovidefailover.

6 SelectoneormoreadaptersfromthelistandclickNext.

CAUTION MisconfigurationcanresultinthelossoftheVIClientabilitytoconnect

tothehost.



34/214

34 VMware, Inc.

7 Toorderthenetworkadapters,selectanetworkadapterandclickthebuttonsto

moveitupordownintothecategory(ActiveorStandby)thatyouwant.

ActiveAdaptersAdapterscurrentlyusedbythevSwitch.

StandbyAdaptersAdaptersthatbecomeactiveifoneormoreoftheactive

adaptersshouldfail.

8 ClickNext.

9 Reviewtheinformation,usetheBackbuttontochangeanyentries,andclick

FinishtoleavetheAddAdapterWizard.

Thelistofnetworkadaptersreappears,showingthoseadaptersnowclaimedbythevSwitch.

10 ClickClose

TheNetworkingsectionintheConfigurationtabshowsthenetworkadaptersin

theirdesignatedorderandcategories.



35/214

VMware, Inc. 35

Cisco Discovery Protocol

CiscoDiscoveryProtocol(CDP)allowsESXServer 3iadministratorstodetermine

whichCiscoswitchportisconnectedtoagivenvSwitch.WhenCDPisenabledfora

particularvSwitch,youcanviewpropertiesoftheCiscoswitch(suchasdeviceID,

softwareversion,andtimeout)fromtheVIClient.

InESX Server 3i,CDPissettolisten,whichmeansthatESXServer 3idetectsand

displaysinformationabouttheassociatedCiscoswitchport,butinformationaboutthe

vSwitchisnotavailabletotheCiscoswitchadministrator.

To view Cisco switch information from the VI Client






36/214

36 VMware, Inc.

3 ClicktheinfoicontotherightofthevSwitch.

Virtual Switch Policies

YoucanapplyasetofvSwitchwidepoliciesbyselectingthevSwitchatthetopofthe

PortstabandclickingEdit.

Tooverrideanyofthesesettingsforaportgroup,selectthatportgroupandclickEdit.

AnychangestothevSwitchwideconfigurationareappliedtoanyoftheportgroups

onthatvSwitchexceptforthoseconfigurationoptionsthathavebeenoverriddenbythe

portgroup.


Th S h l f


37/214

VMware, Inc. 37

ThevSwitchpoliciesconsistof:

Layer2Securitypolicy

Traffic

Shaping

policy

LoadBalancingandFailoverpolicy

Layer 2 Security Policy

Layer2isthedatalinklayer.ThethreeelementsoftheLayer2Securitypolicyare

PromiscuousMode,MACAddressChanges,andForgedTransmits.

Innon

promiscuous

mode,

aguest

adapter

listens

to

traffic

only

on

its

own

MAC

address.Inpromiscuousmode,itcanlistentoallthepackets.Bydefault,guestadapters

aresettononpromiscuousmode.

SeeSecuringVirtualSwitchPortsonpage 155.

To edit the Layer 2 Security policy




3 ClickPropertiesforthevSwitchwhoseLayer2Securitypolicyyouwanttoedit.

4 InthePropertiesdialogboxforthevSwitch,clickthePortstab.

5 SelectthevSwitchitemandclickEdit.

6 InthePropertiesdialogboxforthevSwitch,clicktheSecuritytab.

Bydefault,PromiscuousModeissettoReject,MACAddressChanges,and

ForcedTransmitsaresettoAccept.

ThepolicyhereappliestoallvirtualadaptersonthevSwitchexceptwheretheport

groupforthevirtualadapterspecifiesapolicyexception.

7 InthePolicyExceptionspane,selectwhethertorejectoraccepttheLayer2Security

policyexceptions:

PromiscuousMode

RejectHasnoeffectonwhichframesarereceivedbytheadapter.

AcceptCausestheadaptertodetectallframespassedonthevSwitch

thatareallowedundertheVLANpolicyfortheportgroupthatthe

adapterisconnectedto.


MACAdd Ch


38/214

38 VMware, Inc.

MACAddressChanges

RejectIfyousettoRejectandtheguestoperatingsystemchangesthe

MACaddressoftheadaptertoanythingotherthanwhatisinthe.vmx

configurationfile,allinboundframesaredropped.

IftheGuestOSchangestheMACaddressbacktomatchtheMAC

addressinthe.vmx configurationfile,inboundframeswillbepassed

again.

AcceptChangingtheMACaddressfromtheGuestOShasthe

intendedeffect:framestothenewMACaddressarereceived.

ForgedTransmits

RejectAnyoutboundframewithasourceMACaddressthatis

differentfromtheonesetontheadapteraredropped.

AcceptNofilteringisperformedandalloutboundframesarepassed.

8 ClickOK.

Traffic Shaping Policy

ESX Server 3ishapestrafficbyestablishingparametersforthreeoutboundtraffic

characteristics:AverageBandwidth,BurstSize,andPeakBandwidth.Youcanset

valuesforthesecharacteristicsthroughtheVI Client,establishingatrafficshaping

policyforeachportgroup.

AverageBandwidthestablishesthenumberofbitspersecondtoallowacrossthe

vSwitchaveragedovertimetheallowedaverageload.

BurstSizeestablishesthemaximumnumberofbytestoallowinaburst.Ifaburst

exceedstheburstsizeparameter,excesspacketsarequeuedforlatertransmission.

Ifthequeueisfull,thepacketsaredropped.Whenyouspecifyvaluesforthesetwo

characteristics,youindicatewhatyouexpectthevSwitchtohandleduringnormal

operation.

Peak

Bandwidthis

the

maximum

bandwidth

the

vSwitch

can

absorb

without

droppingpackets.Iftrafficexceedsthepeakbandwidthyouestablish,excess

packetsarequeuedforlatertransmissionaftertrafficontheconnectionhas

returnedtotheaverageandthereareenoughsparecyclestohandlethequeued

packets.Ifthequeueisfull,thepacketsaredropped.Evenifyouhavespare

bandwidthbecausetheconnectionhasbeenidle,thepeakbandwidthparameter

limitstransmissiontonomorethanpeakuntiltrafficreturnstotheallowed

averageload.


To edit the Traffic Shaping policy


39/214

VMware, Inc. 39

To edit the Traffic Shaping policy


Thehardware

configuration

page

for

this

server

appears.



4 InthevSwitchPropertiesdialogbox,clickthePortstab.

5 SelectthevSwitchandclickEdit.

TheProperties

dialog

box

for

the

selected

vSwitch

appears.

6 ClicktheTrafficShapingtab.

ThePolicyExceptionspaneappears.Youcanselectivelyoverrideall

trafficshapingfeaturesattheportgroupleveliftrafficshapingisenabled.

Thesearethepoliciestowhichtheperportgroupexceptionsareapplied.

Thepolicyhereisappliedtoeachvirtualadapterattachedtotheportgroup,notto

thevSwitchasawhole.

StatusIfyouenablethepolicyexceptionintheStatusfield,youaresetting

limitsontheamountofnetworkingbandwidthallocationeachvirtualadapter

associatedwiththisparticularportgroup.Ifyoudisablethepolicy,serviceswill

haveafree,clearconnectiontothephysicalnetworkbydefault.

Theremainingfieldsdefinenetworktrafficparameters:

AverageBandwidthAvaluemeasuredoveraparticularperiodoftime.

PeakBandwidthAvaluethatisthemaximumbandwidthallowedandthat

canneverbesmallerthanaveragebandwidth.Thisparameterlimitsthe

maximumbandwidthduringaburst.

BurstSizeAvaluespecifyinghowlargeaburstcanbeinkilobytes(KB).

Thisparametercontrolstheamountofdatathatcanbesentinoneburstwhile

exceedingtheaveragerate.


Load Balancing and Failover Policy


40/214

40 VMware, Inc.

Load Balancing and Failover Policy

LoadBalancingandFailoverpoliciesletyoudeterminehownetworktrafficis

distributedbetweenadaptersandhowtoreroutetrafficintheeventofanadapter

failurebyconfiguringthefollowingparameters:

LoadBalancingpolicy

TheLoadBalancingpolicydetermineshowoutgoingtrafficisdistributedamong

thenetworkadaptersassignedtoavSwitch.

FailoverDetection:LinkStatus/BeaconProbing

NetworkAdapterOrder(Active/Standby)

To edit the failover and load balancing policy




3 SelectavSwitchandclickEdit.

4 InthevSwitchPropertiesdialogbox,clickthePortstab.

5 ToedittheFailoverandLoadBalancingvaluesforthevSwitch,selectthevSwitch

itemandclickProperties.

ThePropertiesdialogboxforthevSwitchappears.

6 ClicktheNICTeamingtab.

ThePolicyExceptionsareaappears.Youcanoverridethefailoverorderattheport

grouplevel.Bydefault,newadaptersareactiveforallpolicies.Newadapterscarry

trafficforthevSwitchanditsportgroupunlessyouspecifyotherwise.

7 InthePolicyExceptionspane:

LoadBalancingSpecifyhowtochooseanuplink.

RoutebasedontheoriginatingportIDChooseanuplinkbasedonthe

virtualportwherethetrafficenteredthevirtualswitch.

RoutebasedoniphashChooseanuplinkbasedonahashofthe

sourceand

destination

IP

addresses

of

each

packet.

For

non

IP

packets,

whateverisatthoseoffsetsisusedtocomputethehash.

NOTE IncomingtrafficiscontrolledbytheLoadBalancingpolicyonthephysical

switch.


Route based on sourceMAC hash Choose an uplink based on a hash


41/214

VMware, Inc. 41

RoutebasedonsourceMAChash Chooseanuplinkbasedonahash

ofthesourceEthernet.

UseexplicitfailoverorderAlwaysusethehighestorderuplinkfrom

thelistofActiveadapterswhichpassesfailoverdetectioncriteria.

NetworkFailoverDetectionSpecifythemethodtouseforfailover

detection.

LinkStatus

onlyReliessolelyonthelinkstatusprovidedbythe

networkadapter.Thisdetectsfailures,suchascablepullsandphysical

switchpowerfailures,butnotconfigurationerrors,suchasaphysical

switchportbeingblockedbyspanningtreeormisconfiguredtothe

wrongVLANorcablepullsontheothersideofaphysicalswitch.

BeaconProbingSendsoutandlistensforbeaconprobesonallnetwork

adaptersintheteamandusesthisinformation,inadditiontolinkstatus,

todeterminelinkfailure.Thisdetectsmanyofthefailuresmentioned

abovethatarenotdetectedbylinkstatusalone.

NotifySwitchesSelectYesorNotonotifyswitchesinthecaseoffailover.

IfyouselectYes,wheneveravirtualnetworkadapterisconnectedtothe

vSwitchorwheneverthatvirtualnetworkadapterstrafficwouldberouted

overadifferentphysicalnetworkadapterintheteamduetoafailoverevent,

anotification

is

sent

out

over

the

network

to

update

the

lookup

tables

on

physicalswitches.Inalmostallcases,thisisdesirableforthelowestlatencyof

failoveroccurrencesandmigrationswithVMotion.

FailbackSelectYesorNotodisableorenablefailback.

Thisoptiondetermineshowaphysicaladapterisreturnedtoactivedutyafter

recoveringfromafailure.IffailbackissettoYes(default),theadapteris

returnedtoactivedutyimmediatelyuponrecovery,displacingthestandby

adapterthattookoveritsslot,ifany.IffailbackissettoNo,afailedadapteris

leftinactiveevenafterrecoveryuntilanothercurrentlyactiveadapterfails,

requiringitsreplacement.

NOTE IPbasedteamingrequiresthatthephysicalswitchbeconfiguredwith

etherchannel.Forallotheroptions,etherchannelshouldbedisabled.

NOTE Donotusethisoptionwhenthevirtualmachinesusingtheportgroup

areusingMicrosoftNetworkLoadBalancinginunicastmode.Nosuchissue

existswithNLBrunninginmulticastmode.


FailoverOrderSpecifyhowtodistributetheworkloadforadapters.Touse


42/214

42 VMware, Inc.

p y p

someadaptersbutreserveothersincasetheonesinusefail,setthiscondition

usingthedropdownmenutoplacethemintothetwogroups:

ActiveAdaptersContinuetouseitwhenthenetworkadapter

connectivityisupandactive.

StandbyAdaptersUsethisadapterifoneoftheactiveadapters

connectivityisdown.

UnusedAdaptersArenotused.

Port Group ConfigurationYoucanchangethefollowingportgroupconfigurations:

Portgroupproperties

Labelednetworkpolicies

To edit port group properties




3 Ontherightsideofthewindow,clickPropertiesforanetwork.

ThevSwitchPropertiesdialogboxappears.

4 ClickthePortstab.

5 SelecttheportgroupandclickEdit.

6 InthePropertiesdialogboxfortheportgroup,clicktheGeneraltabtochange:

NetworkLabelIdentifiestheportgroupthatyouarecreating.Specifythis

labelwhenconfiguringavirtualadaptertobeattachedtothisportgroup,

either

when

configuring

virtual

machines

or

VMkernel

services,

such

as

VMotionandIPstorage.

VLANIDIdentifiestheVLANthattheportgroupsnetworktrafficwill

use.

7 ClickOKtoexitthevSwitchPropertiesdialogbox.


To override labeled network policies


43/214

VMware, Inc. 43

1 Tooverrideanyofthesesettingsforaparticularlabelednetwork,selectthe

network.

2 ClickEdit.

3 ClicktheSecuritytab.

4 Selectthecheckboxforthelabelednetworkpolicythatyouwanttooverride.

5 ClicktheTrafficShapingtab.

6 SelectthecheckboxtooverridetheenabledordisabledStatus.

7 ClicktheNICTeamingtab.

8 Selecttheassociatedcheckboxtooverridetheloadbalancingorfailoverorder

policies.

9 ClickOK.

DNS and RoutingConfigureDNSandroutingthroughtheVI Client.

To change the DNS and Routing configuration



2 ClicktheConfigurationtab,andclickDNSand

Routing.

3 Ontherightofthewindow,clickProperties.

4 IntheDNSConfigurationtab,entervaluesfortheNameandDomainfields.

5 ChoosetoeitherobtaintheDNSserveraddressoruseaDNSserveraddress.

6 Specifythedomainsinwhichtolookforhosts.

7 IntheRoutingtab,changedefaultgatewayinformationasneeded.

8 ClickOK.


TCP Segmentation Offload and Jumbo Frames


44/214

44 VMware, Inc.

g

TCPSegmentationOffload(TSO)andJumboFramesupportareaddedin

ESX Server 3i.JumboFramesmustbeenabledattheserverlevelusingtheRemoteCLI

toconfiguretheMTUsizeforeachvSwitch.TSOisenabledontheVMkernelinterface

bydefault,butmustbeenabledatthevirtualmachinelevel.

Enabling TSO

TSOsupportthroughtheEnhancedvmxnetnetworkadapterisavailableforvirtual

machinesrunningthefollowingguestoperatingsystems:

MicrosoftWindows2003EnterpriseEditionwithServicePack2(32bitand64bit)

RedHatEnterpriseLinux4(64bit)

RedHatEnterpriseLinux5(32bitand64bit)

SuSELinuxEnterpriseServer10(32bitand64bit)

ToenableTSOatthevirtualmachinelevel,youmustreplacetheexistingvmxnetor

FlexiblevirtualnetworkadapterswithEnhancedvmxnetvirtualnetworkadapters.ThismayresultinachangeintheMACaddressofthevirtualnetworkadapter.

To enable TSO support for a virtual machine

1 LogintotheVI Clientandselectthevirtualmachinefromtheinventorypanel.


2 ClicktheSummarytab,andclickEdit

Settings.

3 SelectthenetworkadapterfromtheHardwarelist.

4 RecordthenetworksettingsandMACaddressthatthenetworkadapterisusing.

5 ClickRemovetoremovethenetworkadapterfromthevirtualmachine.

6 ClickAdd.

7 SelectEthernetAdapterandclickNext.

8 IntheAdapterTypegroup,selectEnhancedvmxnet.

9 SelectthenetworksettingandMACaddressthattheoldnetworkadapterwas

usingandclickNext.

10 ClickFinish.


11 ClickOK.


45/214

VMware, Inc. 45

12 IfthevirtualmachineisnotsettoupgradeVMwareToolsateachpoweron,you

mustupgradeVMwareToolsmanually.SeetheBasicSystemAdministrationGuide.

TSOisenabledbydefaultonaVMkernelinterface.IfTSOgetsdisabledforaparticular

VMkernelinterface,theonlywaytoenableTSOistodeletethatVMkernelinterfaceand

recreateitwithTSOenabled.SeeVMkernelNetworkingConfiguration onpage 28.

Enabling Jumbo Frames

JumboFramesallowESXServer3itosendlargerframesoutontothephysicalnetwork.

ThenetworkmustsupportJumboFramesendtoendforJumboFramestobeeffective.JumboFramesupto9kB(9000Bytes)aresupported.JumboFramesarenotsupported

forVMkernelnetworkinginterfacesinESX Server 3i.

JumboFramesmustbeenabledforeachvSwitchthroughtheRemoteCLIonyour

ESX Server3ihostandforeachvirtualmachinebychoosingtheEnhancedvmxnet

networkadapterintheVIClient.BeforeenablingJumboFrames,checkwithyour

hardwarevendortoensureyourphysicalnetworkadaptersupportsJumboFrames.

To create a Jumbo Frames-enabled vSwitch

1 LogintoyourESXServer3iRemoteCLI.

TheRCLIrequiresloginverificationwitheachcommand.SeetheRemote

CommandLineInterfaceInstallationandReference.

2 Usetheesxcfg-vswitch -m commandtosettheMTUsize

forthevSwitch.

ThiscommandsetstheMTUforalluplinksonthatvSwitch.TheMTUsizeshould

besettothelargestMTUsizeamongallthevirtualnetworkadaptersconnectedto

thevSwitch.

3 Usetheesxcfg-vswitch -lcommandtodisplayalistofvSwitchesonthehost,

andcheckthattheconfigurationofthevSwitchiscorrect.

To enable Jumbo Frame support on a virtual machine



2 ClicktheSummarytab,andclickEdit

Settings.

NOTE ESXServer3supportsamaximumMTUsizeof9000.




46/214

46 VMware, Inc.

4 RecordthenetworkandMACaddressthatthenetworkadapterisusing.

5 Click

Remove

to

remove

the

network

adapter

from

the

virtual

machine.6 ClickAdd.

7 SelectEthernetAdapterandclickNext.

8 IntheAdapterTypegroup,selectEnhancedvmxnet.

9 SelectthenetworkthattheoldnetworkadapterwasusingandclickNext.

10 ClickFinish.

11 SelectthenewnetworkadapterfromtheHardwarelist.

12 UnderMACAddress,selectManual,andentertheMACaddressthattheold

networkadapterwasusing.

13 ClickOK.

14 Insidetheguestoperatingsystem,configurethenetworkadaptertoallowJumbo

Frames.Seeyourguestoperatingsystemsdocumentationfordetails.

15 Configureallphysicalswitchesandanyphysicalorvirtualmachinestowhichthis

virtualmachineconnectstosupportJumboFrames.

NetQueue and Networking Performance

NetQueueinESXServer3itakesadvantageofthecapabilityofsomenetworkadapters

todelivernetworktraffictothesysteminmultiplereceivequeuesthatcanbeprocessed

separately.ThisallowsprocessingtobescaledtomultipleCPUs,improving

receivesizenetworkingperformance.

To enable NetQueue on an ESX Server 3i host

1 LogintotheVI Clientandselecttheserverfromtheinventorypanel.

2 Clickthe

Configuration

tab,

and

click

Advanced

Settings.

3 SelectVMkernel.

4 SelectVMkernel.Boot.netNetQueueEnable andclickOK.


5 UsetheRemoteCommandLineInterfacetoconfigureyourNICdrivertouse

NetQueue


47/214

VMware, Inc. 47

NetQueue.

TheRCLIrequiresloginverificationwitheachcommand.SeetheRemote

CommandLine

Interface

Installation

and

Reference.

Ifyouareusingthes2ioNICdriver,usethevicfg-module -s

"intr_type=2 rx_ring_num=8" s2iocommandtosettheappropriate

parametersonthes2iomodule.

IfyouareusingtheixgbeNICdriver,usethevicfg-module -s

InterruptType=2 MQ=1 VMDQ=16 ixgbecommandtosettheappropriate

parameterson

the

ixgbe

module.

Forthirdpartydrivers,contactthethirdpartyvendorforappropriate

configurations.

6 ReboottheESXServer3ihost.

To disable NetQueue on an ESX Server 3i host

1 Log

in

to

the

VI Client

and

select

the

server

from

the

inventory

panel.


2 ClicktheConfigurationtab,andclickAdvancedSettings.

3 DeselectVMkernel.Boot.netNetQueueEnable andclickOK.

4 UsetheRemoteCommandLineInterfacetodisableNetQueueonyourNICdriver.

TheRCLI

requires

log

in

verification

with

each

command.

See

the

Remote

CommandLineInterfaceInstallationandReference.

5 Usethevicfg-module -s "" [module name]command.

Forexample,ifyouareusingthes2ioNICdriver,usevicfg-module -s "" s2io

6 ReboottheESXServer3ihost.


Setting Up MAC Addresses


48/214

48 VMware, Inc.

MACaddressesaregeneratedforvirtualnetworkadaptersusedbytheVMkerneland

virtualmachines.Inmostcases,theseMACaddressesareappropriate.However,you

mightneedtosetaMACaddressforavirtualnetworkadapterasinthefollowing

cases:

Virtualnetworkadaptersondifferentphysicalserverssharethesamesubnetand

areassignedthesameMACaddress,causingaconflict.

Youwanttoensurethatavirtualnetworkadapteralwayshasthesame

MAC address.

ThefollowingsectionsdescribehowMACaddressesaregeneratedandhowyoucan

settheMACaddressforavirtualnetworkadapter.

MAC Addresses Generation

Eachvirtualnetworkadapterinavirtualmachineisassigneditsownunique

MAC address.AMACaddressisasixbytenumber.Eachnetworkadapter

manufacturerisassignedauniquethreebyteprefixcalledanOUI(OrganizationallyUniqueIdentifier)thatitcanusetogenerateuniqueMACaddresses.

VMwarehasthreeOUIs:

OneforgeneratedMACaddresses.

OneformanuallysetMACaddresses.

One

that

was

used

for

pre

ESX

3

virtual

machines,

but

is

no

longer

used

with

ESX Server 3i.

ThefirstthreebytesoftheMACaddressthatisgeneratedforeachvirtualnetwork

adapterhavethisvalue.ThisMACaddressgenerationalgorithmproducestheother

threebytes.ThealgorithmguaranteesuniqueMACaddresseswithinamachineand

attemptstoprovideuniqueMACaddressesacrossmachines.

Thenetworkadaptersforeachvirtualmachineonthesamesubnetshouldhaveunique

MACaddresses.Otherwise,theycanbehaveunpredictably.Thealgorithmputsalimitonthenumberofrunningandsuspendedvirtualmachinesatanyonetimeonany

givenserver.Italsodoesnothandleallcaseswhenvirtualmachinesondistinct

physicalmachinesshareasubnet.

TheVMwareUniversallyUniqueIdentifier(UUID)generatesMACaddressesthatare

checkedforanyconflicts.ThegeneratedMACaddressesarecreatedusingthreeparts:

theVMwareOUI,theSMBIOSUUIDforthephysicalESX Server 3imachine,anda

hashbasedonthenameoftheentitythattheMACaddressisbeinggeneratedfor.


AftertheMACaddresshasbeengenerated,itdoesnotchangeunlessthevirtual

machineismovedtoadifferentlocation,forexample,toadifferentpathonthesame


49/214

VMware, Inc. 49

, p , p

server.TheMACaddressintheconfigurationfileofthevirtualmachineissaved.

All MACaddressesthathavebeenassignedtonetworkadaptersofrunningand

suspendedvirtualmachinesonagivenphysicalmachinearetracked.

TheMACaddressofapoweredoffvirtualmachineisnotcheckedagainstthoseof

runningorsuspendedvirtualmachines.Itispossiblethatwhenavirtualmachineis

poweredonagain,itcanacquireadifferentMACaddress.Thisacquisitionisduetoa

conflictwithavirtualmachinethatwaspoweredonwhenthisvirtualmachinewas

poweredoff.

Setting MAC Addresses

Tocircumventthelimitof256virtualnetworkadaptersperphysicalmachineand

possibleMACaddressconflictsbetweenvirtualmachines,systemadministrators can

manuallyassignMACaddresses.VMwareusesthisOUIformanuallygenerated

addresses:00:50:56.

The

MAC

address

range

is00:50:56:00:00:00-00:50:56:3F:FF:FF

Youcansettheaddressesbyaddingthefollowinglinetoavirtualmachines

configurationfile:

ethernet .address = 00:50:56:XX:YY:ZZ

wherereferstothenumberoftheEthernetadapter,XX isavalid

hexadecimalnumberbetween00and3F,andYYandZZarevalidhexadecimalnumbersbetween00andFF.ThevalueforXXmustnotbegreaterthan3Ftoavoidconflictwith

MACaddressesthataregeneratedbytheVMwareWorkstationandVMwareServer

products.ThemaximumvalueforamanuallygeneratedMACaddressis

ethernet.address = 00:50:56:3F:FF:FF

Youmustalsosettheoptioninavirtualmachinesconfigurationfile:

ethernet.addressType="static"

BecauseVMwareESX Server 3ivirtualmachinesdonotsupportarbitrary

MAC addresses,theaboveformatmustbeused.Aslongasyouchooseauniquevalue

forXX:YY:ZZ amongyourhardcodedaddresses,conflictsbetweentheautomatically

assignedMACaddressesandthemanuallyassignedonesshouldneveroccur.


Using MAC Addresses

Y h d d i l hi i l NIC


50/214

50 VMware, Inc.

YoucanchangeapowereddownvirtualmachinesvirtualNICstouse

staticallyassignedMACaddressesusingtheVIClient.

To set up a MAC address


2 ClicktheSummarytab,andclickEditSettings.


4 In

the

MAC

Address

group,

select

Manual.5 EnterthedesiredstaticMACaddress,andclickOK.

Networking Tips and Best Practices

Thissectionprovidesinformationabout:

Networkingbestpractices

Networkingtips

Networking Best Practices

Considerthesebestpracticesforconfiguringyournetwork:

Separatenetworkservicesfromoneanothertoachievegreatersecurityorbetter

performance.

Ifyouwantaparticularsetofvirtualmachinestofunctionatthehighest

performancelevels,putthemonaseparatephysicalnetworkadapter.

This separationallowsforaportionofthetotalnetworkingworkloadtobemore

evenlysharedacrossmultipleCPUs.Theisolatedvirtualmachinesarethenmore

abletoservetrafficfromaWebclient,forinstance.

KeeptheVMotionconnectiononaseparatenetworkdevotedtoVMotion.

When migrationwithVMotionoccurs,thecontentsoftheguestoperatingsystemsmemoryaretransmittedoverthenetwork.YoucandothiseitherbyusingVLANs

tosegmentasinglephysicalnetworkorbyusingseparatephysicalnetworks

(the latterispreferable)


Mounting NFS Volumes

In ESX Server 3i the model of how ESX Server 3i accesses NFS storage of ISO images


51/214

VMware, Inc. 51

InESX Server 3i,themodelofhowESX Server 3iaccessesNFSstorageofISOimages

thatareusedasvirtualCDROMsforvirtualmachinesisdifferentfromthemodelused

inESX Server2.x.

ESX Server 3ihassupportforVMkernelbasedNFSmounts.Thenewmodelisto

mountyourNFSvolumewiththeISOimagesthroughtheVMkernelNFSfunctionality.

AllNFSvolumesmountedinthiswayappearasdatastoresintheVI Client.Thevirtual

machineconfigurationeditorallowsyoutobrowsetheESXServerfilesystemforISO

imagestobeusedasvirtualCDROMdevices.

Networking Tips

Considerthefollowingnetworkhints:

Theeasiestwaytophysicallyseparatenetworkservicesandtodedicatea

particularsetofnetworkadapterstoaspecificnetworkserviceistocreatea

vSwitchforeachservice.Ifthisisnotpossible,theycanbeseparatedfromeach

otheronasinglevSwitchbyattachingthemtoportgroupswithdifferentVLAN

IDs.Ineithercase,confirmwithyournetworkadministratorthatthenetworksorVLANsyouchooseareisolatedintherestofyourenvironment,thatis,norouters

connectthem.

YoucanaddandremovenetworkadaptersfromthevSwitchwithoutaffectingthe

virtualmachinesorthenetworkservicethatisrunningbehindthatvSwitch.Ifyou

removedalltherunninghardware,thevirtualmachineswouldstillbeableto

communicateamongstthemselves.Moreover,ifyouleftonenetworkadapter

intact,allofthevirtualmachineswouldstillbeabletoconnectwiththephysicalnetwork.

Useportgroupswithdifferentsetsofactiveadaptersintheirteamingpolicyto

separatevirtualmachinesintogroups.Thesecanuseseparateadaptersaslongas

alladaptersareupbutstillfallbacktosharingintheeventofanetworkor

hardwarefailure.

Deployfirewalls

in

virtual

machines

that

route

between

virtual

networks

with

uplinkstophysicalnetworksandpurevirtualnetworkswithnouplinkstoprotect

yourmostsensitivevirtualmachines.


Networking Troubleshooting

Thi ti id th h t bl h ti t ki i


52/214

52 VMware, Inc.

Thissectionguidesyouthroughtroubleshootingcommonnetworkingissues.

Troubleshooting Physical Switch Configuration

Insomecases,youmightlosevSwitchconnectivitywhenafailoverorfailbackevent

occurs.ThiscausestheMACaddressesusedbyvirtualmachinesassociatedwiththat

vSwitchtoappearonadifferentswitchportthantheypreviouslydid.

Toavoidthisproblem,putyourphysicalswitchinportfastorportfasttrunkmode.

Troubleshooting Port Group Configuration

Changingthenameofaportgroupwhenvirtualmachinesarealreadyconnectedto

thatportgroupcausesthevirtualmachinesconfiguredtoconnecttothatportgroupto

haveinvalidnetworkconfiguration.

Theconnectionfromvirtualnetworkadapterstoportgroupsismadebyname,andthe

nameiswhatisstoredinthevirtualmachineconfiguration.Changingthenameofa

portgroupdoesnotcauseamassreconfigurationofallthevirtualmachinesconnectedtothatportgroup.Virtualmachinesthatarealreadypoweredonwillcontinueto

functionuntiltheyarepoweredoffbecausetheirconnectionstothenetworkhave

alreadybeenestablished.

Thebestprincipleistoavoidrenamingnetworksaftertheyareinuse.Afteryourename

aportgroup,youmustreconfigureeachassociatedvirtualmachineusingtheRemote

CLItoreflectthenewportgroupname.


53/214

VMware, Inc. 53

Storage



54/214

54 VMware, Inc.

4


55/214

VMware, Inc. 55

TheStoragesectioncontainsoverviewinformationaboutavailablestorageoptionsfor

ESXServer3iandexplainshowtoconfigureyourESXServer3isystemsoitcanuseand

managedifferenttypesofstorage.

Forinformation

on

specific

activities

that

astorage

administrator

might

need

to

performonastorageside,seetheFibreChannelSANConfigurationGuideandtheiSCSI

SANConfigurationGuide.

Thischaptercoversthefollowingtopics:

StorageOverviewonpage 56

TypesofPhysicalStorageonpage 56

SupportedStorageAdaptersonpage 59

Datastoresonpage 59

HowVirtualMachinesAccessStorageonpage 63

ComparingTypesofStorageonpage 64

ViewingStorageInformationintheVMwareInfrastructureClientonpage 65

ConfiguringandManagingStorageonpage 69

Introduction to Storage 4


Storage Overview

AnESXServer3ivirtualmachineusesavirtualharddisktostoreitsoperatingsystem,


56/214

56 VMware, Inc.

p g y ,

programfiles,andotherdataassociatedwithitsactivities.Avirtualdiskisalarge

physicalfile,orasetoffiles,thatcanbecopied,moved,archived,andbackedupaseasilyasanyotherfile.Tostorevirtualdiskfilesandbeabletomanipulatethefiles,

ESX Server3irequiresspecializeddedicatedstoragespace.

ESXServer3iusesstoragespaceonavarietyofphysicalstoragedevices,includingyour

hostsinternalandexternalstoragedevices,ornetworkedstoragedevices.Thestorage

deviceisaphysicaldiskordiskarraydedicatedtothespecifictasksofstoringand

protectingdata.

ESXServer3icandiscoverstoragedevicesithasaccesstoandformatthemas

datastores.Thedatastoreisaspeciallogicalcontainer,analogoustoafilesystemona

logicalvolume,whereESXServer3iplacesvirtualdiskfilesandotherfilesthat

encapsulateessentialcomponentsofavirtualmachine.Deployedondifferentdevices,

thedatastoreshidespecificsofeachstorageproductandprovideauniformmodelfor

storingvirtualmachinefiles.

UsingtheVIClient,youcansetupdatastoresinadvanceonanystoragedevicethatyourESXServer3idiscovers.

Tolearnhowtoaccessandconfigureyourstoragedevices,aswellashowtocreateand

managedatastores,seethefollowingchapters:

ConfiguringStorageonpage 71

ManagingStorageonpage 99

Afteryoucreatethedatastores,youcanusethemtostorevirtualmachinefiles.

For informationoncreatingvirtualmachines,seeBasicSystemAdministration.

Types of Physical Storage

ESXServer3istoragemanagementprocessstartswithastoragespacethatyourstorage

administratorpreallocatesondifferentstoragedevices.

ESXServer3isupportsthefollowingtypesofstoragedevices:

LocalStoresvirtualmachinefilesoninternalorexternalstoragedevicesorarrays

attachedtoyourESXServer3ihostthroughadirectconnection.

NetworkedStoresvirtualmachinefilesonexternalsharedstoragedevicesor

arrayslocatedoutsideofyourESXServer3ihost.Thehostcommunicateswiththe

networkeddevicesthroughahighspeednetwork.

Chapter 4 Introduction to Storage

Local Storage

LocalstoragedevicescanbeinternalharddiskslocatedinsideyourESXServer3ihost,


57/214

VMware, Inc. 57

orexternalstoragesystems,locatedoutsideandconnectedtothehostdirectly.

Localstoragedevicesdonotrequireastoragenetworktocommunicatewithyour

ESX Server3i.Allyouneedisacableconnectedtothestoragedeviceand,when

required,acompatibleHBAinyourESXServer3ihost.

Generally,youcanconnectmultipleESXServer3ihoststoasinglelocalstoragesystem.

Theactualnumberofhostsyouconnectvariesdependingonthetypeofstoragedevice

andtopologyyouuse.

Manystoragesystemssupportredundantconnectionpathstoensurefaulttolerance.Formoreinformationonmultipathing,seeManagingMultiplePathsonpage 103.

WhenmultipleESXServer3ihostsconnecttothelocalstorageunit,theyaccessstorage

LUNsintheunsharedmode.TheunsharedmodedoesnotpermitseveralESXServer 3i

hoststoaccessthesameVMFSdatastoreconcurrently.However,afewSASstorage

systemsoffersharedaccesstomultipleESXServer3ihosts.Thistypeofaccesspermits

multipleESXServer3ihoststoaccessthesameVMFSdatastoreonaLUN.SeeSharing

aVMFSVolumeAcrossESXServer3iSystemsonpage 62.

ESXServer3isupportsavarietyofinternalorexternallocalstoragedevices,including

SCSI,IDE,SATA,andSASstoragesystems.Nomatterwhichtypeofstorageyouuse,

ESXServer3ihidesaphysicalstoragelayerfromvirtualmachines.

Whensettingupyourlocalstorage,keepinmindthefollowing:

YoucannotuseIDE/ATAdrivestostorevirtualmachines.

UselocalSATAstorage,bothinternalandexternal,inunsharedmodeonly.

SATA storagedoesnotsupportsharingthesameLUNsand,therefore,thesame

VMFSdatastoreacrossmultipleESXServer3ihosts.

WhenusingSATAstorage,ensurethatyourSATAdrivesareconnectedthrough

supporteddualSATA/SAScontrollers.

Some

SAS

storage

systems

can

offer

shared

access

to

the

same

LUNs

(and, therefore,thesameVMFSdatastores)tomultipleESXServer3ihosts.For

information,seeStorage/SANCompatibilityGuideforESXServer3.xat

www.vmware.com/support/pubs/vi_pubs.html.

Forinformationonsupportedlocalstoragedevices,seeI/OCompatibilityGuideat

www.vmware.com/support/pubs/vi_pubs.html.


Networked Storage

Networkedstoragedevicesareexternalstoragedevices,orarrays,thatyour

ESX S 3i i l hi fil l Th ESX S 3i h
http://www.vmware.com/support/pubs/vi_pubs.htmlhttp://www.vmware.com/support/pubs/vi_pubs.htmlhttp://www.vmware.com/support/pubs/vi_pubs.htmlhttp://www.vmware.com/support/pubs/vi_pubs.html


58/214

58 VMware, Inc.

ESX Server 3iusestostorevirtualmachinefilesremotely.TheESXServer3ihost

accessesthesedevicesoverahighspeednetwork.

ESXServer3isupportsthefollowingnetworkedstoragetechnologies:

FibreChannel(FC)SANStoresvirtualmachinefilesremotelyonanFCStorage

AreaNetwork(SAN).FCSANisaspecializedhighspeednetworkthatconnects

yourESXServer3ihoststohighperformancestoragedevices.Thenetworkuses

FibreChannelprotocoltotransportSCSItrafficfromvirtualmachinestotheFC

SANdevices.

ToconnecttotheFCSAN,yourESXServer3ihostshouldbeequippedwithFibre

Channelhostbusadapters(HBAs).Inaddition,yourhostrequiresFibreChannel

switchesthathelproutestoragetraffic.

InternetSCSI(iSCSI)SANStoresvirtualmachinefilesonremoteiSCSIstorage

devices.iSCSIpackagesSCSIstoragetrafficintotheTCP/IPprotocolsoitcantravel

throughstandardTCP/IPnetworksinsteadofthespecializedFCnetwork.With

iSCSIconnection,yourESXServer3ihostservesasinitiatorthatcommunicates

withatarget,locatedinremoteiSCSIstoragesystems.

ESXServer3ioffersthefollowingtypesofiSCSIconnection:

HardwareInitiatediSCSIYourESXServer3ihostconnectstostorage

throughaspecialthirdpartyHBAwiththeiSCSIoverTCP/IPcapability.

SoftwareInitiatediSCSIYourESXServer3iusesasoftwarebasediSCSI

codeintheVMkerneltoconnecttostorage.WiththistypeofiSCSIconnection,

yourhostneedsonlyastandardnetworkadapterfornetworkconnectivity.

NetworkAttachedStorage(NAS)Storesvirtualmachinefilesonremotefile

serversaccessedoverstandardTCP/IPnetwork.TheNFSclientbuiltinto

ESX Server3iusesthenetworkfilesystem(NFS)protocolversion3tocommunicate

withtheNAS/NFSservers.Fornetworkconnectivity,theESXServer3ihost

requiresastandardnetworkadapter.

Formoreinformationonsupportednetworkedstoragedevices,seeStorage/SAN

CompatibilityGuideatwww.vmware.com/pdf/vi3_san_guide.pdf.


Supported Storage Adapters

Dependingonthetypeofstorageavailabletoyou,yourESXServer3isystemmight

d d h id i i ifi d i k
http://www.vmware.com/pdf/vi3_san_guide.pdfhttp://www.vmware.com/pdf/vi3_san_guide.pdf


59/214

VMware, Inc. 59

needadaptersthatprovideconnectivitytoaspecificstoragedeviceornetwork.

ESX Server3isupportsdifferentclassesofadapters,includingSCSI,iSCSI,RAID,FibreChannel,andEthernet.ESXServer3iaccessestheadaptersdirectlythroughdevice

driversintheVMkernel.

FordetailsonthetypesofadaptersESXServer3isupports,seeI/OCompatibilityGuide

atwww.vmware.com/support/pubs/vi_pubs.html.

DatastoresYouusetheVIClienttoaccessdifferenttypesofstoragedevicesyourESXServer3ihost

discoversandtodeploydatastoresonthem.Datastoresarespeciallogicalcontainers,

analogoustofilesystems,thathidespecificsofeachstoragedeviceandprovidea

uniformmodelforstoringvirtualmachinefiles.

DatastorescanbealsousedforstoringISOimages,virtualmachinetemplates,and

floppyimages.Formoreinformation,seeBasicSystemAdministrationat

www.vmware.com/support/pubs/.

Dependingonthetypeofstorageyouuse,ESXServer3idatastorescanhavethe

followingfilesystemformats:

VMFS(VMwareFileSystem)Specialhighperformancefilesystemoptimized

forstoringESXServer3ivirtualmachines.ESXServer3icandeployVMFSonany

SCSIbasedlocalornetworkedstoragedevice,includingFibreChannelandiSCSI

SANequipment.

AsanalternativetousingtheVMFSdatastore,yourvirtualmachinecanhave

directaccesstorawdevicesusingamappingfile(RDM)asaproxy.Formore

informationonRDMs,seeRawDeviceMappingonpage 111.

NFS(NetworkFileSystem)FilesystemonaNASstoragedevice.ESXServer3i

supportsNFSversion3overTCP/IP.ESXServer3icanaccessadesignatedNFS

volumelocated

on

an

NFS

server.

ESX

Server

3i

mounts

the

NFS

volume

and

uses

itforitsstorageneeds.


VMFS Datastores

WhenyourESXServer3ihostaccessesSCSIbasedstoragedevicessuchasSCSI,iSCSI,

or FC SAN the storage space is presented to your ESX Server 3i as a LUN A LUN is a
http://www.vmware.com/support/pubs/vi_pubs.htmlhttp://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/vi_pubs.html


60/214

60 VMware, Inc.

orFCSAN,thestoragespaceispresentedtoyourESXServer3iasaLUN.ALUNisa

logicalvolumethatrepresentsstoragespaceonasinglephysicaldiskoronanumberofdisksaggregatedinadiskarray.AsingleLUNcanbecreatedfromtheentirespace

onthestoragediskorarray,orfromapartofthespace,calledpartition.TheLUNthat

usesdiskspaceonmorethanonephysicaldiskorpartitionstillpresentsitselfasa

singlelogicalvolumetoyourESXServer3i.

ESXServer3icanformatLUNsasVMFSdatastores.VMFSdatastoresprimarilyserve

asrepositoriesforvirtualmachines.Youcanstoremultiplevirtualmachinesonthe

sameVMFSvolume.Eachvirtualmachine,encapsulatedinasetoffiles,occupiesaseparatesingledirectory.Fortheoperatingsysteminsidethevirtualmachine,VMFS

preservestheinternalfilesystemsemantics,whichensurescorrectapplicationbehavior

anddataintegrityforapplicationsrunninginvirtualmachines.

Inaddition,youcanusetheVMFSdatastorestostoreotherfiles,suchasvirtual

machinetemplatesandISOimages.

VMFSsupports

the

following

file

and

block

sizes

enabling

your

virtual

machines

to

run

eventhemostdataintensiveapplications,includingdatabases,ERP,andCRMin

virtualmachines:

Maximumvirtualdisksize:2TB

Maximumfilesize:2TB

Blocksize:1MBto8MB

Creating and Growing VMFS Datastores

YouusetheVIClienttosetupaVMFSdatastoreinadvanceonanySCSIbasedstorage

devicethatyourESXServer3idiscovers.ESXServer3iletsyouhaveupto256VMFS

datastorespersystemwiththeminimumvolumesize1.2GB.

ForinformationoncreatingVMFSdatastoresontheSCSIbasedstoragedevices,seethefollowingsections:

AddingLocalStorageonpage 72

AddingFibreChannelStorageonpage 75

AddingiSCSIStorageAccessibleThroughHardwareInitiatorsonpage 86

Adding

iSCSI

Storage

Accessible

Through

Software

Initiators

on

page 91

NOTE YoushouldalwayshaveonlyoneVMFSdatastoreperLUN.


AfteryoucreatetheVMFSdatastore,youcanedititsproperties.Formoreinformation,

seeEditingVMFSDatastoresonpage 101.

IfyourVMFSdatastorerequiresmorespace,youcandynamicallyincreasetheVMFS


61/214

VMware, Inc. 61

y q p , y y y

volume,up

to

64TB,

by

adding

an

extent.

Extent

is

aLUN

on

aphysical

storage

device

thatcanbedynamicallyaddedtoanyexistingVMFSdatastore.Thedatastorecan

stretchovermultipleextents,yetappearasasinglevolume.

Considerations when Creating VMFS Datastores

YouneedtoplanhowtosetupstorageforyourESXServer3isystemsbeforeyou

formatstoragedeviceswithaVMFSdatastore.

Youmightwantfewer,largerVMFSvolumesforthefollowingreasons:

Moreflexibilitytocreatevirtualmachineswithoutgoingbacktothestorage

administratorformorespace.

Moreflexibilityforresizingvirtualdisks,doingsnapshots,andsoon.

FewerVMFSdatastorestomanage.

Youmightwantmore,smallerVMFSvolumesforthefollowingreasons:

LesscontentiononeachVMFSdatastoreduetolockingandSCSIreservation

issues.

Lesswastedstoragespace.

DifferentapplicationsmightneeddifferentRAIDcharacteristics.

Moreflexibility,asthemultipathingpolicyanddisksharesaresetperLUN.

UseofMicrosoftClusterServicerequiresthateachclusterdiskresourceisinits

ownLUN.

Youmightdecidetoconfiguresomeofyourserverstousefewer,largerVMFSvolumes

andotherserverstousemore,smallerVMFSvolumes.

NOTE YoucannotreformataVMFSvolumethatisinusebyaremoteESXServer3i

host.Ifyouattempttodoso,youreceiveawarningtothiseffectthatspecifiesthename

ofthevolumeinuseandtheMACaddressofahostNICthatisusingit.Thiswarning

alsoappearsintheVMkernelandVMkwarninglogfiles.


Sharing a VMFS Volume Across ESX Server 3i Systems

Asaclusterfilesystem,VMFSletsmultipleESXServer3ihostsaccessthesameVMFS

datastoreconcurrently.Youcanconnectupto32hoststoasingleVMFSvolume.


62/214

62 VMware, Inc.

y p g

Figure 4-1. Sharing a VMFS Volume Across ESX Server 3i Hosts

Toensurethatthesamevirtualmachineisnotaccessedbymultipleserversatthesame

time,VMFSprovidesondisklocking.

SharingthesameVMFSvolumeacrossmultipleESXServer3ihostsgivesyouthe

followingadvantages:

YoucanuseVMwareDRSandVMwareHA.

Youcandistributevirtualmachinesacrossdifferentphysicalservers.Thatmeans

yourunamixofvirtualmachinesoneachgivenserversothatnotallexperience

highdemandinthesameareaatthesametime.

Ifaserverfails,youcanrestartvirtualmachinesonanotherphysicalserver.Incase

ofafailure,

the

on

disk

lock

for

each

virtual

machine

is

released.

FormoreinformationonVMwareDRSandVMwareHA,seeResourceManagement

Guideatwww.vmware.com/support/pubs/.

VMFS volume

ESX

Server A

ESX

Server B

ESX

Server C

virtual

disk

files

VM1 VM2 VM3

disk1

disk2

disk3


Youcanperformlivemigrationofrunningvirtualmachinesfromonephysical

servertoanotherusingVMotion.

FormoreinformationonVMotion,seeBasicSystemAdministrationat
http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/http://www.vmware.com/support/pubs/


63/214

VMware, Inc. 63


YoucanuseVMwareConsolidatedBackup,whichletsaproxyserver,calledVCB

proxy,backupasnapshotofavirtualmachinewhilethevirtualmachineis

poweredonandisreadingandwritingtoitsstorage.

FormoreinformationonConsolidatedBackup,seeVirtualMachineBackupGuideat


NFS Datastore

ESXServer3icanaccessadesignatedNFSvolumelocatedonaNASserver,mountthis

volume,anduseitforitsstorageneeds.YoucanuseNFSvolumestostoreandboot

virtualmachinesinthesamewayyouuseVMFSdatastores.

ESXServer3isupportsthefollowingsharedstoragecapabilitiesonNFSvolumes:

UseVMotion.

UseVMwareDRSandVMwareHA.

MountISOimages,whicharepresentedasCDROMstovirtualmachines.

Createvirtualmachinesnapshots.Formoreinformationonsnapshots,seeBasic

SystemAdministrationatwww.vmware.com/support/pubs/.

How Virtual Machines Access Storage

Whenavirtualmachinecommunicateswithitsvirtualdiskstoredonadatastore,it

issuesSCSIcommands.Becausedatastorescanexistonvarioustypesofphysical

storage,thesecommandsareencapsulatedintootherformsdependingontheprotocol

theESXServer3ihostusestoconnecttoastoragedevice.ESXServer3isupportsFibre

Channel(FC),InternetSCSI(iSCSI),andNFSprotocols.

NomatterwhichtypeofstoragedeviceyourESXServer3iuses,thevirtualdiskalwaysappearstothevirtualmachineasamountedSCSIdevice.Thevirtualdiskhidesa

physicalstoragelayerfromthevirtualmachinesoperatingsystem.Thisallowsyouto

runevenoperatingsystemsnotcertifiedforspecificstorageequipment,suchasSAN,

insidethevirtualmachine.

ThediagraminFigure 42depictsfivevirtualmachinesusingdifferenttypesofstorage

toillustratethedifferencesbetweeneachtype.


Figure 4-2. Virtual machines accessing different types of storage

ESX Server

requires TCP/IP connectivity
http://www.vmware.com/support/pu

Documents

Vi3!35!25 u2 3i Server Config