1. Acquisitions Editor: Agatha KimDevelopment Editor: Jennifer LelandTechnical Editor: Duncan Epping Production Editor: Liz BrittenCopy Editor: Linda RecktenwaldEditorial Manager: Pete Gaughan Production Manager: Tim TateVice President and Executive Group Publisher: Richard SwadleyVice President and Publisher: Neil EddeBook Designer: Maureen Forys, Happenstance Type-O-Rama; Judy FungProofreader: Kristy Eldredge; Word One, New York Indexer: Ted Laux Project Coordinator, Cover: Katherine CrockerCover Designer: Ryan Sneed Cover Image: Pete Gardner/DigitalVision/Getty ImagesCopyright 2011 by John Wiley & Sons, Inc., Indianapolis, IndianaPublished simultaneously in Canada ISBN: 978-0-470-89080-6ISBN: 978-1-118-18010-5 (ebk.)ISBN: 978-1-118-18012-9 (ebk.)ISBN: 978-1-118-18011-2 (ebk.) No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning orotherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act,

2. without either the prior written permission of the Publisher, or authorization through paymentof the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission shouldbe addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of thiswork and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials.The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, orother professional services. If professional assistance is required, the services of a competentprofessional person should be sought. Neither the publisher nor the author shall be liable fordamages arising herefrom. The fact that an organization or Web site is referred to in this work as acitation and/or a potential source of further information does not mean that the author or thepublisher endorses the information the organization or Web site may provide or recommendationsit may make. Further, readers should be aware that Internet Web sites listed in this work may havechanged or disappeared between when this work was written and when it is read.For general information on our other products and services or to obtain technical support,please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S.at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Notall content that is available in standard print versions of this book may appear or be packaged in allbook formats. If you have purchased a version of this book that did not include media that is referenced by or accompanies a standard print version, you may request this media by visiting http://booksupport.wiley.com. For more information about Wiley products, visit us atwww.wiley.com.Library of Congress Control Number: 2011937922TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registeredtrademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. VMware vSphere is a registeredtrademark of VMware, Inc. All other trademarks are the property of their respective owners. JohnWiley & Sons, Inc., is not associated with any product or vendor mentioned in this book. 3. Dear Reader,Thank you for choosing Mastering VMware vSphere 5. This book is part of a family ofpremium-quality Sybex books, all of which are written by outstanding authors who combinepractical experience with a gift for teaching. Sybex was founded in 1976. More than 30 years later, were still committed to producingconsistently exceptional books. With each of our titles, were working hard to set a new standardfor the industry. From the paper we print on, to the authors we work with, our goal is to bring youthe best books available. I hope you see all that reflected in these pages. Id be very interested to hear your comments andget your feedback on how were doing. Feel free to let me know what you think about this or anyother Sybex book by sending me an email at nedde@wiley.com. If you think youve found atechnical error in this book, please visit http://sybex.custhelp.com. Customer feedback is critical toour efforts at Sybex. 4. Above all, I dedicate this book to God, whose hand held me up when I needed strength (Psalm37:24). Youd think after three books, this one would have been easy, but the Lord gave me the strength I needed to complete it. I also dedicate this book to my wife, Crystal, and my kids. Aside from the Lord, you guys are and always have been my source of inspiration and joy. Thank you! 5. AcknowledgmentsOne thing Ive learned now after writing three other books is that more people are involved thanmost folks ever realize. Unfortunately, there just isnt enough room on the cover to includeeveryones name, even though they all deserve it. Ill start by thanking my contributing authors, who pitched in and helped me get this book donein a timely fashion. Forbes, it was great working with you again after VMware vSphere Design.Gabe, thanks for your contributions and your attention to detail. Glenn, your expertise is muchappreciated and it shows in your work. To each of you, thank you. Your help is greatly valued.The technical accuracy of a book like this is of paramount importance, and I cant think of abetter person to help in that area than my technical editor, Duncan Epping. Duncan, thank you foryour time and effort. This book is a better work for your involvement, and I hope that we have theopportunity to work together again in the future.Next, Id like to thank the entire Sybex team: Agatha Kim, the acquisitions editor; JenniferLeland, the developmental editor; Liz Britten, the production editor; Linda Recktenwald, thecopyeditor; proofreader, Kristy Eldredge; Pete Gaughan, the editorial manager; and Neil Edde, thepublisher. I cannot adequately describe just how important each of you was in producing this bookand making it what it is. Thank you, each and every one of you.Thank you, Matt Portnoy, for reviewing the content and providing an objective opinion on whatcould be done to improve it. I appreciate your time and your candor.Thank you, EMC Corporation, for your cooperation in getting this book published. Finally, thanks to the vendors who supplied equipment to use while I was writing the book (inalphabetical order): Brocade, Cisco, Dell, EMC, Intel, and NetApp. I sincerely appreciate thesupport of all of these vendors. Id particularly like to thank Cisco, which was gracious enough tohost the entire lab environment for this book in one of their labs. 6. About the AuthorScott Lowe is an author, consultant, speaker, and blogger focusing on virtualization, storage, andother enterprise technologies. Scott is currently the CTO for the vSpecialist team at EMCCorporation. In this role, Scott provides technical leadership, support, and training to thevSpecialist team worldwide. Scotts technical expertise extends into several areas. He holds industry certifications fromCisco, EMC, Microsoft, NetApp, VMware, and others. He also holds the premier VMwareCertified Design Expert (VCDX) certification; Scott is VCDX #39. For Scotts leadership andinvolvement in the VMware community, he was awarded a VMware vExpert award by VMwarethree years in a row: 2009, 2010, and 2011. As an author, Scott has contributed to numerous online magazines focused on VMware andrelated virtualization technologies. He is regularly quoted as a virtualization expert in virtualizationnews stories. He has three other published books: Mastering VMware vSphere 4, VMware vSphere4 Administration Instant Reference (with Jase McCarty and Matthew Johnson), and VMwarevSphere Design (with Forbes Guthrie and Maish Saidel-Keesing), all by Sybex.Scott has spoken at several VMworld conferences as well as other virtualization conferences. Heregularly speaks at VMware user group meetings, both locally and abroad. Scott is perhaps best known for his acclaimed virtualization blog at http://blog.scottlowe.org,where he regularly posts technical articles on a wide variety of topics. VMware, Microsoft, andother virtualization industry leaders regularly refer to content on his site, and it is regularly votedamong the top five virtualization weblogs worldwide. Scotts weblog is one of the oldestvirtualization-centric weblogs that is still active; hes been blogging since early 2005, and hisweblog was among the very first blogs to be aggregated on VMwares Planet V12n website. 7. About the ContributorsThe following individuals also contributed to this book. Forbes Guthrie is a systems engineer and infrastructure architect who specializes invirtualization and storage. He has worked in a variety of technical roles for over 12 years andachieved several industry certifications including VMwares VCP2, VCP3, VCP4, and VCP5. Hisexperience spans many different industries, and he has worked in Europe, Asia-Pacific, and NorthAmerica. He holds a bachelors degree in mathematics and business analysis and is a formercaptain in the British army. Forbes is the lead author of the acclaimed VMware vSphere Design (co-authored by Scott Lowe,along with Maish Saidel-Keesing), also published by Sybex. Forbess blog, http://www.vReference.com, is well regarded in the virtualization field and isaggregated on VMwares Planet V12n website. He is perhaps best known for his collection of freereference cards, long revered by those studying for their VMware qualifications. Forbes was awarded the luminary designation of vExpert by VMware for his contribution to thevirtualization community. His passion and knowledge have also been rewarded with the peer-reviewed top virtualization bloggers listing for the last two years. Gabrie van Zanten is a virtualization specialist. As a consultant, he designs and implementsvirtual infrastructures for customers. Besides being a consultant, Gabrie runs one of the top- 10ranked blogs on VMware at http://www.GabesVirtualWorld.com. He writes about VMware andhelps his readers get in-depth understanding on how VMware products work. His bloggingactivities, the presentations he gives, and the effort he puts into helping members of the VMwarecommunity have earned him the VMware vExpert award in 2009, 2010, and 2011.Glenn Sizemore has held just about every position one could hold in ITeverything from cabledog to enterprise architect. He started scripting early in his IT career and had mastered VBScriptby the time PowerShell first shipped. As a scripter, he was an early adopter and had conqueredPowerShell when the VMware Toolkit for Windows (PowerCLI) first shipped. Curiosity carriedGlenn to an internal team-testing virtualization. Three years later, he was attending his thirdVMworld and had just been awarded the status of VMware vExpert. Along the way, Glenn starteda blog, http://www.Get-Admin.com, to share scripts and automation techniques. Outside of work,Glenn is the proud father of two beautiful children and an avid PowerShell evangelist. 8. IntroductionI remember in 2004 (or was it 2003?) when I first started describing the use of server virtualizationto a colleague of mine. VMware was pretty much the only vendor in the server virtualization spaceat the time, and I was describing to him how you could use virtualization to run multiple instancesof an operating system on the same physical hardware. I was so excited. He merely asked, Why inthe world would you want to do that? The times have changed quite a bit since that time, and now virtualizationespecially servervirtualizationis readily embraced in corporate datacenters worldwide. VMware has gone from arelatively small vendor to one of the corporate heavyweights, garnering a commanding share of theserver virtualization market with their top-notch virtualization products. Even now, when othercompanies such as Microsoft and Citrix have jumped into the server virtualization space, its stillVMware thats almost synonymous with virtualization. For all intents and purposes, VMwareinvented the market. If youre reading this, though, theres a chance youre just now starting to learn aboutvirtualization. What is virtualization, and why is it important to you? I define virtualization as the abstraction of one computing resource from another computingresource. Consider storage virtualization; in this case, you are abstracting servers (one computingresource) from the storage to which they are connected (another computing resource). This holdstrue for other forms of virtualization, too, like application virtualization (abstracting applicationsfrom the operating system). When most information technology professionals think ofvirtualization, they think of hardware (or server) virtualization: abstracting the operating systemfrom the underlying hardware on which it runs and thus enabling multiple operating systems to runsimultaneously on the same physical server. That is the technology on which VMware has built itsmarket share. Almost singlehandedly, VMwares enterprise-grade virtualization solution has revolutionizedhow organizations manage their datacenters. Prior to the introduction of VMwares powerfulvirtualization solution, organizations bought a new server every time a new application needed tobe provisioned. Over time, datacenters became filled with servers that were all using only afraction of their overall capacity. Even though these servers were operating at only a fraction oftheir total capacity, organizations still had to pay to power them and to dissipate the heat theygenerated. Now, using VMwares server virtualization products, organizations can run multiple operatingsystems and applications on their existing hardware, and new hardware needs to be purchased onlywhen capacity needs dictate. No longer do organizations need to purchase a new physical serverwhenever a new application needs to be deployed. By stacking workloads together usingvirtualization, organizations derive greater value from their hardware investments. They alsoreduce operational costs by reducing the number of physical servers and associated hardware in thedatacenter, in turn reducing power usage and cooling needs in the datacenter. In some cases theseoperational cost savings can be quite significant. But consolidation is only one benefit of virtualization; companies also realize greater workloadmobility, increased uptime, streamlined disaster-recovery options, and a bevy of other benefitsfrom adopting virtualization. And virtualization, specifically server virtualization, has created thefoundation for a new way of approaching the computing model: cloud computing. 9. Cloud computing is built on the tenets of broad network access, resource pooling, rapidelasticity, on-demand self service, and measured service. Virtualization, such as that provided byVMwares products, enables the IT industry to embrace this new operational model of moreefficiently providing services to their customers, whether those customers are internal (theiremployees) or external (partners, end users, or consumers). That ability to efficiently provideservices is the reason why virtualization is important to you.This book provides all the information you, as an information technology professional, need todesign, deploy, configure, manage, and monitor a dynamic virtualized environment built onVMwares fifth-generation enterprise-class server virtualization product, vSphere 5. What Is Covered in This BookThis book is written with a start-to-finish approach to installing, configuring, managing, andmonitoring a virtual environment using the VMware vSphere 5 product suite. The book begins byintroducing the vSphere product suite and all of its great features. After introducing all of the bellsand whistles, this book details an installation of the product and then moves into configuration.This includes configuring vSpheres extensive networking and storage functionality. I wrap up theconfiguration section with sections on high availability, redundancy, and resource utilization.Upon completion of the installation and configuration, I move into virtual machine creation andmanagement and then into monitoring and troubleshooting. This book can be read from cover tocover to gain an understanding of the vSphere product suite in preparation for a new virtualenvironment. Or it can also be used as a reference for IT professionals who have begun theirvirtualization and want to complement their skills with real-world tips, tricks, and best practices asfound in each chapter. This book, geared toward the aspiring as well as the practicing virtualization professional,provides information to help implement, manage, maintain, and troubleshoot an enterprisevirtualization scenario.Here is a glance at whats in each chapter:Chapter 1: Introducing VMware vSphere 5 I begin with a general overview of all theproducts that make up the vSphere 5 product suite. This chapter also covers vSpherelicensing and provides some examples of benefits that an organization might see fromadopting vSphere as its virtualization solution.Chapter 2: Planning and Installing VMware ESXi This chapter looks at selecting thephysical hardware, choosing your version of VMware ESXi, planning your installation,and actually installing VMware ESXi, both manually and in an unattended fashion.Chapter 3: Installing and Configuring vCenter Server In this chapter, I dive deepinto planning your vCenter Server environment. vCenter Server is a critical managementcomponent of vSphere, and so this chapter discusses the proper design, planning,installation, and configuration for vCenter Server.Chapter 4: Installing and Configuring vSphere Update Manager This chapterdescribes what is involved in planning, designing, installing and configuring vSphereUpdate Manager. Youll use vCenter Update Manager to keep your vSphereenvironment patched and up to date. 10. Chapter 5: Creating and Configuring Virtual Networks The virtual networkingchapter covers the design, management, and optimization of virtual networks, includingnew features like the vSphere Distributed Switch and the Cisco Nexus 1000V. Inaddition, it initiates discussions and provides solutions on how to integrate the virtualnetworking architecture with the physical network architecture while maintainingnetwork security.Chapter 6: Creating and Configuring Storage Devices This in-depth chapter providesan extensive overview of the various storage architectures available for vSphere. Thischapter discusses Fibre Channel, iSCSI, and NAS storage design and optimizationtechniques as well as storage features like thin provisioning, multipathing, and round-robin load balancing.Chapter 7: Ensuring High Availability and Business Continuity This excitingchapter covers the hot topics regarding business continuity and disaster recovery. Iprovide details on building highly available server clusters in virtual machines. Inaddition, this chapter discusses the use of vSphere High Availability (HA) and vSphereFault Tolerance (FT) as ways of providing failover for virtual machines running in avSphere environment. I also discuss backup options using vSpheres Storage APIsData Protection and Data Recovery.Chapter 8: Securing VMware vSphere Security is an important part of anyimplementation, and in this chapter I cover different security management aspects,including managing direct ESXi host access and integrating vSphere with ActiveDirectory. This chapter also covers how to manage user access for environments withmultiple levels of system administration and how to employ Windows users and groupsin conjunction with the vSphere security model to ease the administrative delegation thatcomes with enterprise-level deployments. I also touch on the VMware vShield family ofproducts and discuss some techniques for incorporating security through the vSphereenvironment.Chapter 9: Creating and Managing Virtual Machines This chapter introduces thepractices and procedures involved in provisioning virtual machines through vCenterServer. In addition, youre introduced to timesaving techniques, virtual machineoptimization, and best practices that will ensure simplified management as the number ofvirtual machines grows larger over time.Chapter 10: Using Templates and vApps Chapter 10 introduces the idea of templates,a mechanism for more rapidly deploying standardized VM images. I also discuss cloningand the concept of a vAppa specialized container used by vSphere for the distributionof multi-VM environments. I also discuss the OVF standard used by VMware and othervendors for distributing VMs.Chapter 11: Managing Resource Allocation In this chapter I provide a comprehensivelook at managing resource allocation. From individual virtual machines to resource poolsto clusters of ESXi hosts, this chapter explores how resources are consumed in vSphereand addresses the mechanisms you can usereservations, limits, and sharesto manageand modify that resource allocation.Chapter 12: Balancing Resource Utilization Resource allocation isnt the same asresource utilization, and this chapter follows up the discussion of resource allocation inChapter 11 with a look at some of the ways vSphere offers to balance resourceutilization. In this chapter, youll learn about vSphere vMotion, Enhanced vMotionCompatibility, vSphere Distributed Resource Scheduler (DRS), Storage vMotion, and 11. Storage DRS.Chapter 13: Monitoring VMware vSphere Performance In Chapter 13 I look at someof the native tools in vSphere that give virtual infrastructure administrators the ability totrack and troubleshoot performance issues. The chapter focuses on monitoring CPU,memory, disk, and network adapter performance across ESXi hosts, resource pools, andclusters in vCenter Server.Chapter 14: Automating VMware vSphere Many tasks VMware vSphereadministrators face are repetitive, and here automation can help. In Chapter 14 I discussseveral different ways to bring automation to your vSphere environment, includingvCenter Orchestrator and PowerCLI.Appendix A: Solutions to the Master It Problems This appendix offers solutions tothe Master It problems at the end of each chapter. The Mastering SeriesThe Mastering series from Sybex provides outstanding instruction for readers with intermediateand advanced skills, in the form of top-notch training and development for those already workingin their field and clear, serious education for those aspiring to become pros. Every Mastering bookincludes the following: Real-World Scenarios, ranging from case studies to interviews, that show how the tool, technique, or knowledge presented is applied in actual practice Skill-based instruction, with chapters organized around real tasks rather than abstract concepts or subjects Self-review test questions, so you can be certain youre equipped to do the job rightThe Hardware behind the BookBecause of the specificity of the hardware for installing VMware vSphere 5, it can be difficult tobuild an environment in which you can learn by implementing the exercises and practices detailedin this book. It is possible to build a practice lab to follow along with the book; however, the labwill require specific hardware and might be quite costly. Be sure to read Chapter 2 and Chapter 3before you attempt to construct any type of environment for development purposes.For the purpose of writing this book, I used the following hardware configuration: 12. Four Cisco UCS B200 blade servers connected to a pair of UCS 6120 fabric interconnects Four Dell PowerEdge R610 servers Several models of Fibre Channel host bus adapters (HBAs) and Fibre Channel over Ethernet (FCoE) converged network adapters (CNAs), including adapters from both QLogic and Emulex Intel X520 10 Gigabit Ethernet network adapters A number of different storage arrays, including NetApp FAS6080 EMC Symmetrix VMAX EMC VNX7500 Several models of Fibre Channel switches, including Cisco MDS 9134 and MDS 9148, Brocade 200e, and Brocade Silkworm 3800 Fibre Channel switches Several models of Ethernet switches, including Cisco Nexus 5010 and Dell PowerConnect 6248Clearly, this is not the sort of environment to which most people have access. For entry-levelNFS and iSCSI testing, a number of vendors including EMC, HP, and NetApp offer virtual storageappliances or simulators that you can use to gain some familiarity with shared storage concepts andthat specific vendors products. I encourage you to use these sorts of tools where applicable inyour learning process.Special thanks go to Brocade, Cisco, Dell, EMC, Intel, and NetApp for their help in supplyingthe equipment used during the writing of this book. Who Should Buy This BookThis book is for IT professionals looking to strengthen their knowledge of constructing andmanaging a virtual infrastructure on vSphere 5. While the book can also be helpful for those newto IT, a strong set of assumptions is made about the target reader: 13. A basic understanding of networking architecture Experience working in a Microsoft Windows environment Experience managing DNS and DHCP A basic understanding of how virtualization differs from traditional physical infrastructures A basic understanding of hardware and software components in standard x86 and x64 computingHow to Contact the AuthorI welcome feedback from you about this book or about books youd like to see from me in thefuture. You can reach me by writing to scott.lowe@scottlowe.org or by visiting my blog athttp://blog.scottlowe.org. 14. Table of ContentsCoverTitle PageCopyrightPublishers NoteDedicationAcknowledgmentsAbout the AuthorAbout the ContributorsIntroduction What Is Covered in This Book The Mastering Series The Hardware behind the Book Who Should Buy This Book How to Contact the AuthorChapter 1: Introducing VMware vSphere 5 Exploring VMware vSphere 5 15. Why Choose vSphere? The Bottom LineChapter 2: Planning and Installing VMware ESXi Planning a VMware vSphere Deployment Deploying VMware ESXi Deploying VMware ESXi Embedded Performing Post-installation Configuration The Bottom LineChapter 3: Installing and Configuring vCenter Server Introducing vCenter Server Choosing the Version of vCenter Server Planning and Designing a vCenter Server Deployment Installing vCenter Server Installing vCenter Server in a Linked Mode Group Deploying the vCenter Server Virtual Appliance Exploring vCenter Server Creating and Managing a vCenter Server Inventory Exploring vCenter Servers Management Features Managing vCenter Server Settings The Bottom LineChapter 4: Installing and Configuring vSphere Update Manager 16. Overview of vSphere Update Manager Installing vSphere Update Manager Configuring vSphere Update Manager Routine Updates Upgrading Hosts with vSphere Update Manager Performing an Orchestrated Upgrade Investigating Alternative Update Options The Bottom LineChapter 5: Creating and Configuring Virtual Networks Putting Together a Virtual Network Working with vSphere Standard Switches Working with vSphere Distributed Switches Installing and Configuring the Cisco Nexus 1000V Configuring Virtual Switch Security The Bottom LineChapter 6: Creating and Configuring Storage Devices Reviewing the Importance of Storage Design Examining Shared Storage Fundamentals Implementing vSphere Storage Fundamentals Leveraging SAN and NAS Best Practices The Bottom LineChapter 7: Ensuring High Availability and Business Continuity 17. Understanding the Layers of High Availability Clustering VMs Implementing vSphere High Availability Implementing vSphere Fault Tolerance Planning for Business Continuity The Bottom LineChapter 8: Securing VMware vSphere Overview of vSphere Security Securing ESXi Hosts Securing vCenter Server Securing Virtual Machines The Bottom LineChapter 9: Creating and Managing Virtual Machines Understanding Virtual Machines Creating a Virtual Machine Installing a Guest Operating System Installing VMware Tools Managing Virtual Machines Modifying Virtual Machines The Bottom LineChapter 10: Using Templates and vApps 18. Cloning VMs Creating Templates and Deploying Virtual Machines Using OVF Templates Working with vApps Importing Machines from Other Environments The Bottom LineChapter 11: Managing Resource Allocation Reviewing Virtual Machine Resource Allocation Working with Virtual Machine Memory Managing Virtual Machine CPU Utilization Using Resource Pools Regulating Network I/O Utilization Controlling Storage I/O Utilization The Bottom LineChapter 12: Balancing Resource Utilization Comparing Utilization with Allocation Exploring vMotion Ensuring vMotion Compatibility Exploring vSphere Distributed Resource Scheduler Using Storage vMotion Introducing and Working with Storage DRS The Bottom Line 19. Chapter 13: Monitoring VMware vSphere Performance Overview of Performance Monitoring Using Alarms Working with Performance Graphs Working with resxtop Monitoring CPU Usage Monitoring Memory Usage Monitoring Network Usage Monitoring Disk Usage The Bottom LineChapter 14: Automating VMware vSphere Why Use Automation? Using Workflows with vCenter Orchestrator Automating with PowerShell and PowerCLI Using vCLI from vSphere Management Assistant Using vSphere Management Assistant for Automation with vCenter Leveraging the Perl Toolkit with vSphere Management Assistant The Bottom LineAppendix A: The Bottom Line Chapter 1: Introducing VMware vSphere 5 Chapter 2: Planning and Installing VMware ESXi Chapter 3: Installing and Confi guring vCenter Server 20. Chapter 4: Installing and Confi guring vSphere Update ManagerChapter 5: Creating and Confi guring Virtual NetworksChapter 6: Creating and Confi guring Storage DevicesChapter 7: Ensuring High Availability and Business ContinuityChapter 8: Securing VMware vSphereChapter 9: Creating and Managing Virtual MachinesChapter 10: Using Templates and vAppsChapter 11: Managing Resource AllocationChapter 12: Balancing Resource UtilizationChapter 13: Monitoring VMware vSphere PerformanceChapter 14: Automating VMware vSphereIndex 21. Chapter 1 Introducing VMware vSphere 5Now in its fifth generation, VMware vSphere 5 builds on previous generations of VMwaresenterprise-grade virtualization products. vSphere 5 extends fine-grained resource allocationcontrols to more types of resources, enabling VMware administrators to have even greater controlover how resources are allocated to and used by virtual workloads. With dynamic resourcecontrols, high availability, unprecedented fault-tolerance features, distributed resourcemanagement, and backup tools included as part of the suite, IT administrators have all the toolsthey need to run an enterprise environment ranging from a few servers up to thousands of servers.In this chapter, you will learn to Identify the role of each product in the vSphere product suite Recognize the interaction and dependencies between the products in the vSphere suite Understand how vSphere differs from other virtualization productsExploring VMware vSphere 5The VMware vSphere product suite is a comprehensive collection of products and features thattogether provide a full array of enterprise virtualization functionality. The vSphere product suiteincludes the following products and features: VMware ESXi VMware vCenter Server vSphere Update Manager VMware vSphere Client and vSphere Web Client 22. VMware vShield Zones VMware vCenter Orchestrator vSphere Virtual Symmetric Multi-Processing vSphere vMotion and Storage vMotion vSphere Distributed Resource Scheduler vSphere Storage DRS Storage I/O Control and Network I/O Control Profile-Driven Storage vSphere High Availability vSphere Fault Tolerance vSphere Storage APIs for Data Protection and VMware Data Recovery Rather than waiting to introduce these products and features in their own chapters, Ill introduceeach product or feature in the following sections. This will allow me to explain how each productor feature affects the design, installation, and configuration of your virtual infrastructure. After Icover the features and products in the vSphere suite, youll have a better grasp of how each ofthem fits into the design and the big picture of virtualization. Certain products outside the vSphere product suite extend the vSphere product line with newfunctionality. Examples of these additional products include VMware View, VMware vCloudDirector, VMware vCloud Request Manager, VMware vCenter AppSpeed, and VMware vCenterSite Recovery Manager, just to name a few. Because of the size and scope of these products andbecause they are developed and released on a schedule separate from VMware vSphere, they arenot covered in this book.As of the writing of this book, VMware vSphere 5 is the latest release of the VMware vSphereproduct family. This book covers functionality found in version 5. Where possible, Ive tried tonote differences between 4.x and 5. For detailed information on VMware vSphere 4.0, refer toMastering VMware vSphere 4, also published by Sybex. 23. To help simplify navigation and to help you find information on the breadth of products andfeatures in the vSphere product suite, Ive prepared Table 1.1, which contains cross-references towhere you can find more information about that particular product or feature elsewhere in thebook.Table 1.1 Product and feature cross-referencesVMware vSphere Product or FeatureMore Information Found in This Chapter Installation Chapter 2VMware ESXiNetworking Chapter 5 Storage Chapter 6 Installation Chapter 3 Networking Chapter 5VMware vCenter Server Storage Chapter 6 Security Chapter 8vSphere Update Manager Chapter 4 Installation Chapter 2vSphere Client and vSphere Web Client Usage Chapters 3VMware vShield Zones Chapter 8VMware vCenter OrchestratorChapter 14vSphere Virtual Symmetric Multi-Processing Chapter 9vSphere vMotion and Storage vMotionChapter 12vSphere Distributed Resource Scheduler Chapter 12vSphere Storage DRSChapter 12Storage I/O Control and Network I/O Control Chapter 11Profile-Driven Storage Chapter 6vSphere High AvailabilityChapter 7vSphere Fault ToleranceChapter 7vSphere Storage APIs for Data Protection Chapter 7VMware Data Recovery Chapter 7First I look at the actual products that make up the VMware vSphere product suite, and then Iexamine the major features. Lets start with the products in the suite; in particular, lets start withVMware ESXi. Examining the Products in the vSphere SuiteIn this section, Ill describe and review the products found in the vSphere product suite.VMware ESXiThe core of the vSphere product suite is the hypervisor, which is the virtualization layer that servesas the foundation for the rest of the product line. In vSphere 5, the hypervisor comes in the form ofVMware ESXi. This is a significant difference from earlier versions of the VMware vSphere product suite. Inearlier versions of VMware vSphere, the hypervisor was available in two forms: VMware ESXand VMware ESXi. Although both products shared the same core virtualization engine, supportedthe same set of virtualization features, leveraged the same licenses, and were both considered bare-metal installations, there were still notable architectural differences. In VMware ESX, VMware 24. used a Linux-derived Service Console to provide an interactive environment through whichusers could interact with the hypervisor. The Linux-based Service Console also included servicesfound in traditional operating systems, such as a firewall, Simple Network Management Protocol(SNMP) agents, and a web server.Type 1 and Type 2 Hypervisors Hypervisors are generally grouped into two classes: type 1 hypervisors and type 2 hypervisors. Type 1 hypervisors run directly on the system hardware and thus are often referred to as bare-metal hypervisors. Type 2 hypervisors require a host operating system, and the host operating system provides I/O device support and memory management. VMware ESXi is a type 1 bare-metal hypervisor. (In earlier versions of vSphere, VMware ESX was also considered a type 1 bare-metal hypervisor.) Other type 1 bare-metal hypervisors include Microsoft Hyper-V and products based on the open source Xen hypervisor like Citrix XenServer and Oracle VM. VMware ESXi, on the other hand, is the next generation of the VMware virtualizationfoundation. Unlike VMware ESX, ESXi installs and runs without the Linux-based ServiceConsole. This gives ESXi an ultralight footprint of approximately 70 MB. Despite the lack of theService Console, ESXi provides all the same virtualization features that VMware ESX supportedin earlier versions. Of course, ESXi 5 has been enhanced from earlier versions to support evenmore functionality, as youll see in this chapter and in future chapters.The key reason that VMware ESXi is able to support the same extensive set of virtualizationfunctionality as VMware ESX without the Service Console is that the core of the virtualizationfunctionality wasnt (and still isnt) found in the Service Console. Its the VMkernel that is thefoundation of the virtualization process. Its the VMkernel that manages the VMs access to theunderlying physical hardware by providing CPU scheduling, memory management, and virtualswitch data processing. Figure 1.1 shows the structure of VMware ESXi.Figure 1.1 The VMkernel is the foundation of the virtualization functionality found in VMwareESXi.I mentioned earlier that VMware ESXi 5 is enhanced over earlier releases. One such area ofenhancement is in the limits of what the hypervisor is capable of supporting. Table 1.2 shows theconfiguration maximums for the last few versions of VMware ESX/ESXi. 25. Table 1.2 VMware ESXi Maximums These are just some of the configuration maximums. Where appropriate, future chapters willinclude additional values for VMware ESXi maximums for network interface cards (NICs),storage, VMs and so forth. Given that VMware ESXi is the foundation of virtualization within the vSphere product suite,youll see content for VMware ESXi throughout the book. Table 1.1, earlier in this section, tellsyou where you can find more information about specific features of VMware ESXi elsewhere inthe book.Im Only Talking VMware ESXi 5 Here Throughout this book, Ill refer only to ESXi. Its true that some of the information I present in this book could apply to earlier versions of the product and thus could potentially apply to VMware ESX as well as VMware ESXi. However, I will refer only to ESXi throughout this book, and the information presented will have been tested only with VMware ESXi 5.VMware vCenter ServerStop for a moment to think about your current network. Does it include Active Directory? There isa good chance it does. Now imagine your network without Active Directory, without the ease of acentralized management database, without the single sign-on capabilities, and without thesimplicity of groups. That is what managing VMware ESXi hosts would be like without usingVMware vCenter Server. Not a very pleasant thought, is it? Now calm yourself down, take a deepbreath, and know that vCenter Server, like Active Directory, is meant to provide a centralizedmanagement utility for all ESXi hosts and their respective VMs. vCenter Server allows ITadministrators to deploy, manage, monitor, automate, and secure a virtual infrastructure in acentralized fashion. To help provide scalability, vCenter Server leverages a backend database(Microsoft SQL Server and Oracle are both supported, among others) that stores all the data about 26. the hosts and VMs. In previous versions of VMware vSphere, vCenter Server was a Windows-only application.Version 5 of vSphere still offers this Windows-based installation of vCenter Server. However, inthis version VMware adds a prebuilt vCenter Server appliance (a virtual appliance, in fact,something youll learn about in Chapter 10, Using Templates and vApps that is based on Linux.The delivery of a Linux-based vCenter Server is a deliverable that VMware has been discussingfor quite some time, and its nice to see it finally arrive in vSphere 5! In addition to vCenter Servers configuration and management capabilitieswhich includefeatures such as VM templates, VM customization, rapid provisioning and deployment of VMs,role-based access controls, and fine-grained resource allocation controlsvCenter Server providesthe tools for the more advanced features of vSphere vMotion, vSphere Distributed ResourceScheduler, vSphere High Availability, and vSphere Fault Tolerance. All of these features aredescribed briefly in this chapter and in more detail in later chapters.In addition to vSphere vMotion, vSphere Distributed Resource Scheduler, vSphere HighAvailability, and vSphere Fault Tolerance, using vCenter Server to manage ESXi hosts enables anumber of other features: Enhanced vMotion Compatibility (EVC), which leverages hardware functionality from Intel and AMD to enable greater CPU compatibility between servers grouped into vSphere DRS clusters Host profiles, which allow administrators to bring greater consistency to host configurations across larger environments and to identify missing or incorrect configurations Storage I/O Control, which provides cluster-wide quality of service (QoS) controls so that administrators can ensure that critical applications receive sufficient I/O resources even during times of congestion vSphere Distributed Switches, which provide the foundation for cluster-wide networking settings and third-party virtual switches Network I/O Control, which allows administrators to flexibly partition physical NIC bandwidth for different types of traffic vSphere Storage DRS, which enables VMware vSphere to dynamically migrate storage resources to meet demand, much in the same way that DRS balances CPU and memory utilization vCenter Server plays a central role in any sizable VMware vSphere implementation. In Chapter3, Installing and Configuring vCenter Server, I discuss planning and installing vCenter Server aswell as look at ways to ensure its availability. Chapter 3 will also examine the differences between 27. the Windows-based version of vCenter Server and the Linux-based vCenter Server virtualappliance. Because of vCenter Servers central role in a VMware vSphere deployment, Ill touchon vCenter Server in almost every chapter throughout the rest of the book. Refer to Table 1.1previously in this chapter for specific cross-references.vCenter Server is available in three packages: vCenter Server Essentials is integrated into the vSphere Essentials kits for small office deployment. vCenter Server Standard provides all the functionality of vCenter Server, including provisioning, management, monitoring, and automation. vCenter Server Foundation is like vCenter Server Standard but is limited to managing three ESXi hosts and does not include vCenter Orchestrator or support for linked-mode operation.You can find more information on licensing and product editions for VMware vSphere in thesection Licensing VMware vSphere.vSphere Update ManagervSphere Update Manager is a plug-in for vCenter Server that helps users keep their ESXi hosts andselect VMs patched with the latest updates. vSphere Update Manager provides the followingfunctionality: Scans to identify systems that are not compliant with the latest updates User-defined rules for identifying out-of-date systems Automated installation of patches for ESXi hosts Full integration with other vSphere features like Distributed Resource SchedulervSphere Update Manager works with both the Windows-based installation of vCenter Server aswell as the prepackaged vCenter Server virtual appliance. Refer to Table 1.1 for more informationon where vSphere Update Manager is described in this book. 28. VMware vSphere Client and vSphere Web ClientvCenter Server provides a centralized management framework for VMware ESXi hosts, but itsthe vSphere Client where vSphere administrators will spend most of their time. The vSphere Client is a Windows-based application that allows you to manage ESXi hosts,either directly or through an instance of vCenter Server. You can install the vSphere Client bybrowsing to the URL of an ESXi host or vCenter Server and selecting the appropriate installationlink (although keep in mind that Internet access might be required in order to download the clientin some instances). The vSphere Client provides a rich graphical user interface (GUI) for all day-to-day management tasks and for the advanced configuration of a virtual infrastructure. While youcan connect the vSphere Client either directly to an ESXi host or to an instance of vCenter Server,the full set of management capabilities are only available when connecting the vSphere Client tovCenter Server. With the release of vSphere 5, VMware also adds a robust new vSphere Web Client as well. ThevSphere Web Client provides a dynamic, web-based user interface for managing a virtualinfrastructure, and enables vSphere administrators to manage their infrastructure without firstneeding to install the full vSphere Client on a system. However, the vSphere Web Client in itscurrent form only provides a subset of the functionality available to the full vSphere Client. Because the vSphere Web Client currently only provides a subset of the functionality, I focusprimarily on how to use the vSphere Client throughout this book. Tasks in the vSphere Web Clientshould be similar.VMware vShield ZonesVMware vSphere offers some compelling virtual networking functionality, and vShield Zonesbuilds on vSpheres virtual networking functionality to add virtual firewall functionality. vShieldZones allows vSphere administrators to see and manage the network traffic flows occurring on thevirtual network switches. You can apply network security policies across entire groups ofmachines, ensuring that these policies are maintained properly even though VMs may move fromhost to host using vSphere vMotion and vSphere DRS.Other Members of the vShield Family vShield Zones is not the only member of the vShield family of products. VMware also offers vShield App, a guest- level firewall that operates at a virtual NIC level and enforces access control policies even between VMs in the same port group; vShield Edge, which provides network edge security and gateway services such as DHCP, NAT, site-to- site VPN, and load balancing; and vShield Endpoint, which enables an introspection-based antivirus solution that third-party antivirus vendors can leverage for more efficient antivirus protection. Because these products arent part of the VMware vSphere suite, I dont discuss them in great detail in this book.VMware vCenter OrchestratorVMware vCenter Orchestrator is a workflow automation engine that is automatically installed withevery instance of vCenter Server. Using vCenter Orchestrator, vSphere administrators can buildautomated workflows for a wide variety of tasks available within vCenter Server. The automated 29. workflows you build using vCenter Orchestrator range from simple to complex. VMware alsomakes vCenter Orchestrator plug-ins to extend the functionality to include manipulating MicrosoftActive Directory, Ciscos Unified Computing System (UCS), and VMware vCloud Director. Thismakes vCenter Orchestrator a powerful tool to use in building automated workflows in thevirtualized data center. Now that Ive discussed the specific products in the VMware vSphere product suite, Id like totake a closer look at some of the significant features.Examining the Features in VMware vSphereIn this section, Ill take a closer look at some of the features that are available in the vSphereproduct suite. Ill start with Virtual SMP.vSphere Virtual Symmetric Multi-ProcessingThe vSphere Virtual Symmetric Multi-Processing (vSMP or Virtual SMP) product allows virtualinfrastructure administrators to construct VMs with multiple virtual processors. vSphere VirtualSMP is not the licensing product that allows ESXi to be installed on servers with multipleprocessors; it is the technology that allows the use of multiple processors inside a VM. Figure 1.2identifies the differences between multiple processors in the ESXi host system and multiple virtualprocessors.Figure 1.2 vSphere Virtual SMP allows VMs to be created with more than one virtual CPU.With vSphere Virtual SMP, applications that require and can actually use multiple CPUs can berun in VMs configured with multiple virtual CPUs. This allows organizations to virtualize even 30. more applications without negatively impacting performance or being unable to meet service-level agreements (SLAs). vSphere 5 expands this functionality by also allowing users to specify multiple virtual cores pervirtual CPU. Using this feature, a user could provision a dual socket VM with two cores persocket for a total of four virtual cores. This gives users tremendous flexibility in carving upCPU processing power among the VMs.vSphere vMotion and vSphere Storage vMotionIf you have read anything about VMware, you have most likely read about the extremely usefulfeature called vMotion. vSphere vMotion, also known as live migration, is a feature of ESXi andvCenter Server that allows an administrator to move a running VM from one physical host toanother physical host without having to power off the VM. This migration between two physicalhosts occurs with no downtime and with no loss of network connectivity to the VM. The ability tomanually move a running VM between physical hosts on an as-needed basis is a powerful featurethat has a number of use cases in todays datacenters. Suppose a physical machine has experienced a non-fatal hardware failure and needs to berepaired. Administrators can easily initiate a series of vMotion operations to remove all VMs froman ESXi host that is to undergo scheduled maintenance. After the maintenance is complete and theserver is brought back online, administrators can utilize vMotion to return the VMs to the originalserver.Alternately, consider a situation in which you are migrating from one set of physical servers to anew set of physical servers. Assuming that the details have been addressedand Ill discuss thedetails around vMotion in Chapter 12, Balancing Resource Utilizationyou can use vMotion tomove the VMs from the old servers to the newer servers, making quick work of a server migrationwith no interruption of service. Even in normal day-to-day operations, vMotion can be used when multiple VMs on the samehost are in contention for the same resource (which ultimately is causing poor performance acrossall the VMs). vMotion can solve the problem by allowing an administrator to migrate any VMsthat are facing contention to another ESXi host with greater availability for the resource indemand. For example, when two VMs are in contention with each other for CPU resources, anadministrator can eliminate the contention by using vMotion to move of one of the VMs to anESXi host that has more available CPU resources.vMotion EnhancementsvSphere 5 enhances vMotions functionality, making VM migrations faster and enabling more concurrent VMmigrations than were supported in previous versions of vSphere or VMware Infrastructure 3. vSphere 5 also enhancesvMotion to take advantage of multiple network interfaces, further improving live migration performance. vMotion moves the execution of a VM, relocating the CPU and memory footprint betweenphysical servers but leaving the storage untouched. Storage vMotion builds on the idea andprinciple of vMotion by providing the ability to leave the CPU and memory footprint untouchedon a physical server but migrating a VMs storage while the VM is still running.Deploying vSphere in your environment generally means that lots of shared storageFibreChannel or iSCSI SAN or NFSis needed. What happens when you need to migrate from an 31. older storage array to a newer storage array? What kind of downtime would be required? Orwhat about a situation where you need to rebalance utilization of the array, either from a capacityor performance perspective? vSphere Storage vMotion directly addresses these situations. By providing the ability to movethe storage for a running VM between datastores, Storage vMotion enables administrators toaddress all of these situations without downtime. This feature ensures that outgrowing datastoresor moving to a new SAN does not force an outage for the affected VMs and providesadministrators with yet another tool to increase their flexibility in responding to changing businessneeds.vSphere Distributed Resource SchedulervMotion is a manual operation, meaning that an administrator must initiate the vMotion operation.What if VMware vSphere could perform vMotion operations automatically? That is the basic ideabehind vSphere Distributed Resource Scheduler (DRS). If you think that vMotion sounds exciting,your anticipation will only grow after learning about DRS. DRS, simply put, leverages vMotion toprovide automatic distribution of resource utilization across multiple ESXi hosts that areconfigured in a cluster. Given the prevalence of Microsoft Windows Server in todays datacenters, the use of the termcluster often draws IT professionals into thoughts of Microsoft Windows Server clusters.Windows Server clusters are often active-passive or active-active-passive clusters. However, ESXiclusters are fundamentally different, operating in an active-active mode to aggregate and combineresources into a shared pool. Although the underlying concept of aggregating physical hardware toserve a common goal is the same, the technology, configuration, and feature sets are quite differentbetween VMware ESXi clusters and Windows Server clusters. Aggregate Capacity and Single Host CapacityAlthough I say that a DRS cluster is an implicit aggregation of CPU and memory capacity, its important to keep inmind that a VM is limited to using the CPU and RAM of a single physical host at any given time. If you have twoESXi servers with 32 GB of RAM each in a DRS cluster, the cluster will correctly report 64 GB of aggregate RAMavailable, but any given VM will not be able to use more than approximately 32 GB of RAM at a time. An ESXi cluster is an implicit aggregation of the CPU power and memory of all hosts involvedin the cluster. After two or more hosts have been assigned to a cluster, they work in unison toprovide CPU and memory to the VMs assigned to the cluster. The goal of DRS is twofold: At startup, DRS attempts to place each VM on the host that is best suited to run that VM at that time. While a VM is running, DRS seeks to provide that VM with the required hardware resources while minimizing the amount of contention for those resources in an effort to maintain balanced utilization levels. 32. The first part of DRS is often referred to as intelligent placement. DRS can automate theplacement of each VM as it is powered on within a cluster, placing it on the host in the cluster thatit deems to be best suited to run that VM at that moment. DRS isnt limited to operating only at VM startup, though. DRS also manages the VMslocation while it is running. For example, lets say three servers have been configured in an ESXicluster with DRS enabled. When one of those servers begins to experience a high contention forCPU utilization, DRS detects that the cluster is imbalanced in its resource usage and uses aninternal algorithm to determine which VM(s) should be moved in order to create the leastimbalanced cluster. For every VM, DRS will simulate a migration to each host and the results willbe compared. The migrations that create the least imbalanced cluster will be recommended orautomatically performed, depending upon DRSs configuration.DRS performs these on-the-fly migrations without any downtime or loss of networkconnectivity to the VMs by leveraging vMotion, the live migration functionality I describedearlier. This makes DRS extremely powerful because it allows clusters of ESXi hosts todynamically rebalance their resource utilization based on the changing demands of the VMsrunning on that cluster. Fewer Bigger Servers or More Smaller Servers?Remember from Table 1.2 that VMware ESXi supports servers with up to 160 CPU cores (64 CPU cores in vSphere4.0) and up to 2 TB of RAM. With vSphere DRS, though, you can combine multiple smaller servers for the purpose ofmanaging aggregate capacity. This means that bigger, more powerful servers might not be better servers forvirtualization projects. These larger servers, in general, are significantly more expensive than smaller servers, andusing a greater number of smaller servers (often referred to as scaling out) may provide greater flexibility than asmaller number of larger servers (often referred to as scaling up). The new vRAM licensing model for vSphere 5,discussed in the Licensing VMware vSphere section, would also affect this decision. The key thing to remember isthat a bigger server isnt necessarily a better server.vSphere Storage DRSvSphere Storage DRS, a major new feature of VMware vSphere 5, takes the idea of vSphere DRSand applies it to storage. Just as vSphere DRS helps to balance CPU and memory utilization acrossa cluster of ESXi hosts, Storage DRS helps balance storage capacity and storage performanceacross a cluster of datastores using mechanisms that echo those used by vSphere DRS. I described vSphere DRSs feature called intelligent placement, which automates the placementof new VMs based on resource usage within an ESXi cluster. In the same fashion, Storage DRShas an intelligent placement function that automates the placement of VM virtual disks based onstorage utilization. Storage DRS does this through the use of datastore clusters. When you create anew VM, you simply point it to a datastore cluster, and Storage DRS automatically places theVMs virtual disks on an appropriate datastore within that datastore cluster.Likewise, just as vSphere DRS uses vMotion to balance resource utilization dynamically,Storage DRS uses Storage vMotion to rebalance storage utilization. Because Storage vMotionoperations are typically much more resource intensive than vMotion operations, vSphere providesextensive controls over the thresholds, timing, and other guidelines that will trigger a Storage DRSautomatic migration via Storage vMotion.Storage I/O Control and Network I/O Control 33. VMware vSphere has always had extensive controls for modifying or controlling the allocation ofCPU and memory resources to VMs. What vSphere didnt have prior to the release of vSphere 4.1was a way to apply these same sort of extensive controls to storage I/O and network I/O. StorageI/O Control and Network I/O Control address that shortcoming. Storage I/O Control allows vSphere administrators to assign relative priority to storage I/O aswell as assign storage I/O limits to VMs. These settings are enforced cluster-wide; when an ESXihost detects storage congestion through an increase of latency beyond a user-configured threshold,it will apply the settings configured for that VM. The result is that VMware administrators canensure that the VMs that need priority access to storage resources get the resources they need. InvSphere 4.1, Storage I/O Control applied only to VMFS storage; vSphere 5 extends thatfunctionality to NFS datastores.The same goes for Network I/O Control, but for network traffic on the physical NICs. As thewidespread adoption of 10 Gigabit Ethernet continues, Network I/O Control provides VMwareadministrators a way to more reliably ensure that network bandwidth is properly allocated to VMsbased on priority and limits.Profile-Driven StorageWith profile-driven storage, a new feature found in vSphere 5, vSphere administrators are able touse storage capabilities and VM storage profiles to ensure that VMs are residing on storage that isable to provide the necessary levels of capacity, performance, availability, and redundancy.Profile-driven storage is built on two key components: Storage capabilities, leveraging vSpheres storage awareness APIs VM storage profilesStorage capabilities are either provided by the storage array itself (if the array is capable ofusing vSpheres storage awareness APIs) and/or defined by a vSphere administrator. These storagecapabilities represent various attributes of the storage solution. VM storage profiles define the storage requirements for a VM and its virtual disks. You createVM storage profiles by selecting the storage capabilities that must be present in order for the VMto run. Datastores that have all the capabilities defined in the VM storage profile are compliantwith the VM storage profile and represent possible locations where the VM could be stored.This functionality gives vSphere administrators much greater control over the placement ofVMs on shared storage and helps ensure that the appropriate functionality for each VM is indeedbeing provided by the underlying storage.Refer to Table 1.1 to find out which chapter discusses profile-driven storage in more detail. 34. vSphere High AvailabilityIn many cases, high availability (HA)or the lack of high availabilityis the key argument usedagainst virtualization. The most common form of this argument more or less sounds like this:Before virtualization, the failure of a physical server affected only one application or workload.After virtualization, the failure of a physical server will affect many more applications orworkloads running on that server at the same time. We cant put all our eggs in one basket! VMware addresses this concern with another feature present in ESXi clusters called vSphereHA. Once again, by nature of the naming conventions (clusters, high availability), many traditionalWindows administrators will have preconceived notions about this feature. Those notions,however, are incorrect in that vSphere HA does not function like a high-availability configurationin Windows. The vSphere HA feature provides an automated process for restarting VMs that wererunning on an ESXi host at a time of complete server failure. Figure 1.3 depicts the VM migrationthat occurs when an ESXi host that is part of an HA-enabled cluster experiences failure.Figure 1.3 The vSphere HA feature will restart any VMs that were previously running on an ESXihost that experiences server failure. The vSphere HA feature, unlike DRS, does not use the vMotion technology as a means ofmigrating servers to another host. vMotion is applicable only for planned migrations, where boththe source and destination ESXi host are running and functioning properly. In a vSphere HAfailover situation, there is no anticipation of failure; it is not a planned outage, and therefore thereis no time to perform a vMotion operation. vSphere HA is intended to address unplanneddowntime because of the failure of a physical ESXi host. vSphere HA Improvements in vSphere 5 35. vSphere HA has received a couple of notable improvements since vSphere 4.0. First, the scalability of vSphere HAhas been significantly improved; you can now run up to 512 VMs per host (up from 100 in earlier versions) and 3,000VMs per cluster (up from 1,280 in earlier versions). Second, vSphere HA now integrates more closely with vSphereDRSs intelligent placement functionality, giving vSphere HA greater ability to restart VMs in the event of a hostfailure. The third and perhaps most significant improvement is the complete rewrite of the underlying architecture forvSphere HA; this entirely new architecture, known as Fault Domain Manager (FDM), eliminates many of theconstraints found in earlier versions of VMware vSphere. By default, vSphere HA does not provide failover in the event of a guest OS failure, althoughyou can configure vSphere HA to monitor VMs and restart them automatically if they fail torespond to an internal heartbeat. This feature is called VM Failure Monitoring, and it uses acombination of internal heartbeats and I/O activity to attempt to detect if the guest OS inside a VMhas stopped functioning. If the guest OS has stopped functioning, the VM can be restartedautomatically. With vSphere HA, its important to understand that there will be an interruption of service. If aphysical host fails, vSphere HA restarts the VM, and during that period of time while the VM isrestarting, the applications or services provided by that VM are unavailable. For users who needeven higher levels of availability than can be provided using vSphere HA, vSphere Fault Tolerance(FT), which is described in the next section, can help.vSphere Fault ToleranceFor users who require even greater levels of high availability than vSphere HA can provide,VMware vSphere has a feature known as vSphere Fault Tolerance (FT). As I described in the previous section, vSphere HA protects against unplanned physical serverfailure by providing a way to automatically restart VMs upon physical host failure. This need torestart a VM in the event of a physical host failure means that some downtimegenerally less thanthree minutesis incurred. vSphere FT goes even further and eliminates any downtime in theevent of a physical host failure. Using vLockstep technology that is based on VMwares earlierrecord and replay functionality, vSphere FT maintains a mirrored secondary VM on a separatephysical host that is kept in lockstep with the primary VM. Everything that occurs on the primary(protected) VM also occurs simultaneously on the secondary (mirrored) VM, so that if the physicalhost on which the primary VM is running fails, the secondary VM can immediately step in andtake over without any loss of connectivity. vSphere FT will also automatically re-create thesecondary (mirrored) VM on another host if the physical host on which the secondary VM isrunning fails, as illustrated in Figure 1.4. This ensures protection for the primary VM at all times.Figure 1.4 vSphere FT provides protection against host failures with no downtime experienced bythe VMs. 36. In the event of multiple host failuressay, the hosts running both the primary and secondaryVMs failedvSphere HA will reboot the primary VM on another available server, and vSphereFT will automatically create a new secondary VM. Again, this ensures protection for the primaryVM at all times. vSphere FT can work in conjunction with vMotion, but in vSphere 4.0 it could not work withDRS; DRS had to be manually disabled on VMs that were protected with vSphere FT. In vSphere5, FT is now integrated with vSphere DRS, although this feature does require Enhanced vMotionCompatibility (EVC).vSphere Storage APIs for Data Protection and VMware DataRecoveryOne of the most critical aspects to any network, not just a virtualized infrastructure, is a solidbackup strategy as defined by a companys disaster recovery and business continuity plan. To helpaddress the needs of organizations for backup, VMware vSphere 5 has two key components: thevSphere Storage APIs for Data Protection (VADP) and VMware Data Recovery (VDR).VADP is a set of application programming interfaces (APIs) that backup vendors leverage inorder to provide enhanced backup functionality of virtualized environments. VADP enablesfunctionality like file-level backup and restore; support for incremental, differential, and full-imagebackups; native integration with backup software; and support for multiple storage protocols.On its own, though, VADP is just a set of interfaces, like a framework for making backupspossible. You cant actually back up VMs with VADP. Youll need a VADP-enabled backupapplication. There are a growing number of third-party backup applications that are designed towork with VADP, and VMware also offers its own backup tool, VMware Data Recovery (VDR).VDR leverages VADP to provide a full backup solution for smaller VMware vSphere 37. environments.VMware vSphere Compared to Hyper-V and XenServer Its not really possible to compare some virtualization solutions to other virtualization solutions because they are fundamentally different in approach and purpose. Such is the case with VMware ESXi and some of the other virtualization solutions on the market. To make accurate comparisons between vSphere and other virtualization solutions, you must include only type 1 (bare-metal) virtualization solutions. This would include ESXi, of course, and Microsoft Hyper-V and Citrix XenServer. It would not include products such as VMware Server or Microsoft Virtual Server, both of which are type 2 (hosted) virtualization products. Even within the type 1 hypervisors, there are architectural differences that make direct comparisons difficult. For example, both Microsoft Hyper-V and Citrix XenServer route all the VM I/O through the parent partition or dom0. This typically provides greater hardware compatibility with a wider range of products. In the case of Hyper- V, for example, as soon as Windows Server 2008the general-purpose operating system running in the parent partitionsupports a particular type of hardware, then Hyper-V supports it also. Hyper-V piggybacks on Windows hardware drivers and the I/O stack. The same can be said for XenServer, although its dom0 runs Linux and not Windows. VMware ESXi, on the other hand, handles I/O within the hypervisor itself. This typically provides greater throughput and lower overhead at the expense of slightly more limited hardware compatibility. In order to add more hardware support or updated drivers, the hypervisor must be updated because the I/O stack and device drivers are in the hypervisor. This architectural difference is fundamental. Nowhere is this architectural difference more greatly demonstrated than in ESXi, which has a small footprint yet provides a full-featured virtualization solution. Both Citrix XenServer and Microsoft Hyper-V require a full installation of a general-purpose operating system (Windows Server 2008 for Hyper- V, Linux for XenServer) in the parent partition/dom0 in order to operate. In the end, each of the virtualization products has its own set of advantages and disadvantages, and large organizations may end up using multiple products. For example, VMware vSphere might be best suited in the large corporate datacenter, while Microsoft Hyper-V or Citrix XenServer might be acceptable for test, development, or branch-office deployment. Organizations that dont require VMware vSpheres advanced features like vSphere DRS, vSphere FT, or Storage vMotion may also find that Microsoft Hyper-V or Citrix XenServer is a better fit for their needs. As you can see, VMware vSphere offers some pretty powerful features that will change the wayyou view the resources in your datacenter. The latest release of vSphere, version 5, expandsexisting features and adds powerful new features like Storage I/O Control. Some of these features,though, might not be applicable to all organizations, which is why VMware has crafted a flexiblelicensing scheme for organizations of all sizes.Licensing VMware vSphereWith the introduction of VMware vSphere 4, VMware introduced new licensing tiers and bundlesthat were intended to provide a good fit for every market segment. VMware has refined thislicensing arrangement with the release of VMware vSphere 5. In this section, Ill explain how thevarious features that Ive discussed so far fit into vSpheres licensing model.Youve already seen how VMware packages and licenses VMware vCenter Server, but heres aquick review: 38. VMware vCenter Server for Essentials kits, which is bundled with the vSphere Essentials kits (more on the kits in just a moment). VMware vCenter Server Foundation supports the management of up to three vSphere hosts. VMware vCenter Server Standard, which includes all functionality and does not have a preset limit on the number of vSphere hosts it can manage (although normal sizing limits do apply). vCenter Orchestrator is only included in the Standard edition of vCenter Server. In addition to the three editions of vCenter Server, VMware also offers three editions ofVMware vSphere: vSphere Standard Edition vSphere Enterprise Edition vSphere Enterprise Plus EditionNo More vSphere AdvancedIf you were familiar with the editions of VMware vSphere 4, youll note that the Advanced Edition no longer exists invSphere 5. Users who purchased Advanced Edition are entitled to use the Enterprise Edition in vSphere 5.These three editions are differentiated by two things: the features each edition supports and thevRAM entitlement. Before I get to the features supported by each edition, Id like to first discussvRAM entitlements. Starting with vSphere 5.0, VMware now uses vRAM entitlements as a part of the licensingscheme. Prior to vSphere 5, VMwares licensing was per-processor but included restrictions on thenumber of physical cores and the amount of the physical RAM in the server. For example, theEnterprise Edition of VMware vSphere 4 limited users to 6 cores per CPU socket and a maximumof 256GB of RAM in the server. The idea of limits on physical CPU cores and physical RAM goesaway in vSphere 5. Servers licensed with VMware vSphere 5 can have as many cores per CPUsocket and as much physical memory installed as the user would like. The licensing is still per-processor, but instead of using CPU core or memory limits, VMware has introduced the concept ofvRAM entitlements. vRAM is the term used to describe the amount of RAM configured for a VM. For example, aVM configured to use 8 GB of RAM is configured for 8 GB of vRAM. (Youll see more on howto configure VMs and memory assigned to VMs in Chapter 9.) In vSphere 5, each edition has an 39. associated vRAM entitlementa soft limit on the amount of vRAM configured for your VMsassociated with the license. Here are the vRAM entitlements for the different editions: vSphere Standard Edition: vRAM entitlement of 32 GB vSphere Enterprise Edition: vRAM entitlement of 64 GB vSphere Enterprise Plus Edition: vRAM entitlement of 96 GB These vRAM entitlements are per license of vSphere 5, and vSphere 5 continues to be licensedon a per-processor basis. So, a physical server with two physical CPUs would need two licenses,and there is no limit on the number of cores or the amount of RAM that can be physically installedin the server. If you were to license that server with two licenses of vSphere Enterprise Plus, youwould have a vRAM entitlement of 192 GB. This means that you can have up to 192 GB of vRAMallocated to running VMs. (The vRAM entitlement only applies to powered-on VMs.) If you wereto license the server with Standard Edition, you would have a vRAM entitlement of 64 GB, andyou could have up to 64 GB of vRAM allocated to running VMs on that server. Further, vRAM entitlements can be pooled across all the hosts being managed by vCenterServer. So, if you had five dual-socket hosts, youd need ten vSphere 5 licenses (one each for theten CPUs across the five dual-socket hosts). Depending on which edition you used, you wouldhave a pooled vRAM entitlement for the entire pool of servers of 320 GB (for Standard Edition),640 GB (for Enterprise Edition), or 960 GB (for Enterprise Plus Edition). vRAM entitlements thatarent being used by one server can be used on another server, as long as the total across the entirepool falls below the limit. This gives administrators greater flexibility in managing vRAMentitlements. The basic idea behind vRAM entitlements is to help organizations move closer to usage-basedcost and chargeback models that are more typical of cloud computing environments andInfrastructure as a Service (IaaS) models. Lets now summarize the features that are supported for each edition of VMware vSphere 5,along with the associated vRAM entitlements for each edition. This information is presented inTable 1.3.Table 1.3 Overview of VMware vSphere product editions 40. Source: VMware vSphere 5.0 Licensing, Pricing and Packaging white paper published by VMware, available atwww.vmware.com. Its important to note that all editions of VMware vSphere 5 include support for thinprovisioning, vSphere Update Manager, and the vSphere Storage APIs for Data Protection. I didnot include them in Table 1.3 because these features are supported in all editions. Because priceschange and vary depending on partner, region, and other factors, I have not included any pricinginformation here. On all editions of vSphere, VMware requires at least one year of Support and Subscription 41. (SnS). The only exception is the Essential Kits, as Ill explain in a moment. In addition to the different editions described above, VMware also offers some bundles, referredto as kits. VMware offers both Essentials Kits as well as Acceleration Kits. Essentials Kits are all-in-one solutions for small environments (up to three vSphere hosts withtwo CPUs each and a 32 GB vRAM entitlement). To support three hosts with two CPUs each, theEssentials Kits come with 6 licenses and a total pooled vRAM entitlement of 192 GB. All theselimits are product-enforced. There are three Essentials Kits available: VMware vSphere Essentials VMware vSphere Essentials Plus VMware vSphere Essentials for Retail and Branch Offices You cant buy these kits on a per-CPU basis; these are bundled solutions for three servers.vSphere Essentials includes one year of subscription; support is optional and available on a per-incident basis. Like other editions, vSphere Essentials Plus requires at least one year of SnS; thismust be purchased separately and is not included in the bundle.The Retail and Branch Offices (RBO) kits are differentiated from the normal Essentials andEssentials Plus kits only by the licensing guidelines. These kits are licensed per site (10 sitesminimum, with a maximum of three hosts per site), and customers can add additional sites asrequired.VMware also has Acceleration Kits, which combine the different components of the vSphereproduct suite together. There are three Acceleration Kits: Standard Acceleration Kit: This kit includes one license of vCenter Server Standard plus licenses for vSphere Standard Edition. Enterprise Acceleration Kit: The Enterprise Acceleration Kit includes one license of vCenter Server Standard and licenses for vSphere Enterprise Edition. Enteprise Plus Acceleration Kit: This kit includes both licenses for vSphere Enterprise Plus Edition and a single license for vCenter Server Standard. While the Essentials Kits are bundled and treated as a single unit, the Acceleration Kits merelyoffer customers an easier way to purchase the necessary licenses in one step. 42. Now that you have an idea of how VMware licenses vSphere, Ill review why an organizationmight choose to use vSphere and what benefits that organization could see as a result. Why Choose vSphere?Much has been said and written about the total cost of ownership (TCO) and return on investment(ROI) for virtualization projects involving VMware virtualization solutions. Rather than rehashingthat material here, Ill instead focus, briefly, on why an organization should choose VMwarevSphere as their virtualization platform.Online TCO Calculator VMware offers a web-based TCO calculator that helps you calculate the TCO and ROI for a virtualization project using VMware virtualization solutions. This calculator is available online at www.vmware.com/go/calculator.Youve already read about the various features that VMware vSphere offers. To help youunderstand how these features can benefit your organization, Ill apply them to the fictional XYZCorporation. Ill walk through several different scenarios and look at how vSphere helps in thesescenarios: Scenario 1 XYZ Corporations IT team has been asked by senior management to rapidly provision six new servers to support a new business initiative. In the past, this meant ordering hardware, waiting on the hardware to arrive, racking and cabling the equipment once it arrived, installing the operating system and patching it with the latest updates, and then installing the application. The time frame for all these steps ranged anywhere from a few days to a few months and was typically a couple of weeks. Now, with VMware vSphere in place, the IT team can use vCenter Servers templates functionality to build a VM, install the operating system, and apply the latest updates, and then rapidly cloneor copythis VM to create additional VMs. Now their provisioning time is down to hours, likely even minutes. Chapter 10 discusses this functionality in detail. Scenario 2 Empowered by the IT teams ability to quickly respond to the needs of this new business initiative, XYZ Corporation is moving ahead with deploying updated versions of a line-of-business application. However, the business leaders are a bit concerned about upgrading the current version. Using the snapshot functionality present in ESXi and vCenter Server, the IT team can take a point-in-time picture of the VM so that if something goes wrong during the upgrade, its a simple rollback to the snapshot for recovery. Chapter 9 discusses snapshots. Scenario 3 XYZ Corporation is impressed with the IT team and vSpheres functionality and is now interested in expanding their use of virtualization. In order to do so, however, a hardware upgrade is needed on the servers currently running ESXi. The business is worried about the downtime that will be necessary to perform the hardware upgrades. The IT team uses vMotion to move VMs off one host at a time, upgrading each host in turn without incurring any downtime to the companys end users. Chapter 12 discusses vMotion in more depth. Scenario 4 After the great success it has had virtualizing its infrastructure with vSphere, 43. XYZ Corporation now finds itself in need of a new, larger shared storage array.vSpheres support for Fibre Channel, iSCSI, and NFS gives XYZ room to choose themost cost-effective storage solution available, and the IT team uses Storage vMotion tomigrate the VMs without any downtime. Chapter 12 discusses Storage vMotion. These scenarios begin to provide some idea of the benefits that organizations see whenvirtualizing with an enterprise-class virtualization solution like VMware vSphere.What Do I Virtualize with VMware vSphere?Virtualization, by its very nature, means that you are going to take multiple operating systemssuch as MicrosoftWindows, Linux, Solaris, or Novell NetWareand run them on a single physical server. While VMware vSphereoffers broad support for virtualizing a wide range of operating systems, it would be almost impossible for me todiscuss how virtualization impacts all the different versions of all the different operating systems that vSpheresupports.Because the majority of organizations that adopt vSphere are primarily virtualizing Microsoft Windows, that operatingsystem will receive the majority of attention when it comes to describing procedures that must occur within avirtualized operating system. You will also see coverage of tasks for a virtualized installation of Linux as well, but themajority of the coverage will be for Microsoft Windows.If you are primarily virtualizing something other than Microsoft Windows, VMware provides more in-depthinformation on all the operating systems it supports and how vSphere interacts with those operating systems on itswebsite at www.vmware.com. The Bottom LineIdentify the role of each product in the vSphere product suite.The VMware vSphere product suite contains VMware ESXi and vCenter Server. ESXiprovides the base virtualization functionality and enables features like Virtual SMP. vCenterServer provides management for ESXi and enables functionality like vMotion, StoragevMotion, vSphere Distributed Resource Scheduler (DRS), vSphere High Availability (HA),and vSphere Fault Tolerance (FT). Storage I/O Control (SIOC) and Network I/O Control(NetIOC) provide granular resource controls for VMs. The vSphere Storage APIs for DataProtection (VADP) provide a backup framework that allows for the integration of third-partybackup solutions into a vSphere implementation.Master ItWhich products are licensed features within the VMware vSphere suite?Master ItWhich two features of VMware ESXi and VMware vCenter Server together aim to reduce oreliminate downtime due to unplanned hardware failures?Recognize the interaction and dependencies between the products in the vSphere suiteVMware ESXi forms the foundation of the vSphere product suite, but some features requirethe presence of vCenter Server. Features like vMotion, Storage vMotion, vSphere DRS,vSphere HA, vSphere FT, SIOC, and NetIOC require both ESXi as well as vCenter Server. 44. Master ItName three features that are supported only when using vCenter Server along with ESXi.Master ItName two features that are supported without vCenter Server but with a licensed installationof ESXi.Understand how vSphere differs from other virtualization products.VMware vSpheres hypervisor, ESXi, uses a type 1 bare-metal hypervisor that handles I/Odirectly within the hypervisor. This means that a host operating system, like Windows orLinux, is not required in order for ESXi to function. Although other virtualization solutionsare listed as type 1 bare-metal hypervisors, most other type 1 hypervisors on the markettoday require the presence of a parent partition or dom0, through which all VM I/O musttravel.MasterOne of the administrators on your team asked whether he should install Windows Server onthe new servers you purchased for ESXi. What should you tell him, and why? 45. Chapter 2Planning and Installing VMware ESXiNow that youve taken a closer look at VMware vSphere and its suite of applications in Chapter 1,Introducing VMware vSphere 5, its easy to see that VMware ESXi is the foundation ofvSphere. The deployment, installation, and configuration of VMware ESXi require adequateplanning for a successful, VMware-supported implementation.In this chapter, you will learn to Understand the differences between ESXi Installable and ESXi Embedded Understand ESXi compatibility requirements Plan an ESXi deployment Deploy ESXi Perform post-installation configuration of ESXi Install the vSphere Client Planning a VMware vSphere DeploymentDeploying VMware vSphere is more than just virtualizing servers. A vSphere deployment affectsstorage, networking, and security in as equally significant ways as the physical servers themselves.As a result of this broad impact on numerous facets of your organizations IT, the process ofplanning the vSphere deployment becomes even more important. Without the appropriateplanning, your vSphere implementation runs the risk of configuration problems, instability,incompatibilities, and diminished financial impact. Your planning process for a vSphere deployment involves answering a number of questions(please note that this list is far from comprehensive): 46. What form of ESXi will I use: Installable or Embedded? What types of servers will I use for the underlying physical hardware? What kinds of storage will I use, and how will I connect that storage to my servers? How will the networking be configured? In some cases, the answers to these questions will determine the answers to other questions.After you have answered these questions, you can then move on to more difficult issues. Thesecenter on how the vSphere deployment will impact your staff, your business processes, and youroperational procedures. Im not going to help you answer those sorts of questions here; instead,lets just focus on the technical issues. vSphere Design Is a Topic on Its OwnThe first section of this chapter barely scratches the surface of what is involved in planning and designing a vSpheredeployment. vSphere design is significant enough a topic that it warranted its own book: VMware vSphere Design,published in March 2011 by Sybex. If you are interested in a more detailed discussion of design decisions and designimpacts, thats the book for you.In the next few sections, Ill discuss the four major questions that I outlined previously that are akey part of planning your vSphere deployment.Selecting ESXi Installable or ESXi EmbeddedAs of the 5.0 release, vSphere no longer includes ESX. In previous versions of vSphere, users hadto choose between using ESXwith the full Linux-based Service Consoleor ESXi. Now, withthis release of vSphere, ESXi is the only form of the VMware hypervisor available.Even though users no longer need to choose between ESX and ESXi, they do need to choosewhich variant of ESXi they will use: ESXi Installable or ESXi Embedded. ESXi Installable (which Ill refer to hereafter as just ESXi) is the traditional form of thevSphere hypervisor. Users have the option of installing ESXi onto local hard drives within theserver or installing ESXi in a boot from a SAN configuration, and you can either interactivelyinstall ESXi or perform an unattended (or scripted) installation. You also have the option ofprovisioning ESXi in a stateless fashion. Each of these approaches has its own advantages anddisadvantages. Ill discuss some of the specifics of each approach later in this chapter in the sectionDeploying VMware ESXi.ESXi Embedded refers to the original equipment manufacturer (OEM) installation of thevSphere hypervisor onto a persistent storage device inside qualified hardware. This is an excitingoption that saves administrators the time of performing any type of installation. The embedded 47. hypervisor truly allows for the Plug and Play hardware-type atmosphere. You can see that majorserver manufacturers are banking on