Most viewed posts

VCP5 Exam Prep – Part 1.5

3 August 2011
Comments off
Reading Time: < 1 minute

Objective 1.5 – Identify vSphere Architecture and Solutions Knowledge

See also those similar posts: Objective 1.5 – Identify vSphere Architecture and Solutions and Objective 1.5 – Identify vSphere Architecture and Solutions.

Identify available vSphere editions and features (some changes from vSphere 4.x)

See the Compare vSphere 5.0 Kits and Compare vSphere 5.0 Editions.

Explain ESXi and vCenter Server architectures (similar as vSphere 4.x)

See the VMware Sphere Basic guide, the Objective 0.1 – VMware Products and also VMware Web Site.

Explain Private/Public/Hybrid cloud concepts

See the Objective 0.2 – Cloud Concepts.

Determine appropriate vSphere edition based on customer requirements (some changes from vSphere 4.x)

Of course this depends by several factors, not only the requirements but also the constraints and assumptions. Price and vRAM entitlement could be a factor, for this see vSphere 5.0 Licensing, Pricing and Packaging Whitepaper.

Usually Essential bundles could be fine for SMB, the Standard could be a way to upgrade and scale an Essential+ bundle, the Enterprise could be fine for most cases (note that the Advanced is no more available) and Enterprise+ is for who need specific features (like DVS, Auto Deploy, SDRS, SIOC, NIOC, …).

vCertification, vDesign, vSphere none

VCP5 Exam Prep – Part 1.4

2 August 2011
Comments off
Reading Time: 5 minutes

Objective 1.4 –Secure vCenter Server and ESXi

Most of the references are from the vSphere Security Guide, but also the old (from VI 3.x) Managing VMware VirtualCenter Roles and Permissions is still a good reference.

See also: Objective 1.4 – Secure vCenter Server and ESXi e Objective 1.4 –Secure vCenter Server and ESXi.

Identify common vCenter Server privileges and roles (similar as vSphere 4.x)

See: vSphere Security Guide (page 59). Some are available both in ESXi and vCenter Server:

  • No Access: Cannot view or change the assigned object. vSphere Client tabs associated with an object appear without content. Can be used to revoke permissions that would otherwise be propagated to an object from a parent object.
  • Read Only: View the state and details about the object. View all the tab panels in the vSphere Client except the Console tab. Cannot perform any actions through the menus and toolbars.
  • Administrator: All privileges for all objects. Add, remove, and set access rights and privileges for all the vCenter Server users and all the virtual objects in the vSphere environment. NOTE Users who are in the Active Directory group ESX Admins are automatically assigned the Administrator role.

Describe how permissions are applied and inherited in vCenter Server (same as vSphere 4.x)

See: vSphere Security Guide (page 48 and also page 51 for some examples).

When you assign a permission to an object, you can choose whether the permission propagates down the object hierarchy. You set propagation for each permission. Propagation is not universally applied. Permissions defined for a child object always override the permissions that are propagated from parent objects.

Note that in previous releases of vCenter Server, datastores and networks inherited access permissions from the datacenter. In vCenter Server 5.0, they have their own set of privileges that control access to them. This might require you to manually assign privileges, depending on the access level you require. For more info see the vSphere Upgrade Guide (page 61).

Configure and administer the ESXi firewall (new in vSphere 5.x)

See: What’s new in vSphere 5: ESXi firewall.

Enable/Configure/Disable services in the ESXi firewall (new in vSphere 5.x)

See: What’s new in vSphere 5: ESXi firewall.

Enable Lockdown Mode (same as vSphere 4.1)

See: The New Lockdown Mode in ESXi 4.1 and the vSphere Security Guide (page 81).

Note that lockdown mode does not apply to root users who log in using authorized keys. When you use an authorized key file for root user authentication, root users are not prevented from accessing a host with SSH when the host is in lockdown mode. Also the root user is still authorized to log in to the direct console user interface when lockdown mode is enabled.

Configure network security policies (same as vSphere 4.x)

See: VMware Virtual Networking Concepts and the vSphere Security Guide (page 25).

The virtual switch (but also a port group) has the ability to enforce L2 security policies to prevent virtual machines from impersonating other nodes on the network. There are three components to this feature:

  • Promiscuous mode is disabled by default for all virtual machines. This prevents them from seeing unicast traffic to other nodes on the network.
  • MAC address change lockdown prevents virtual machines from changing their own unicast addresses. This also prevents them from seeing unicast traffic to other nodes on the network, blocking a potential security vulnerability that is similar to but narrower than promiscuous mode.
  • Forged transmit blocking, when you enable it, prevents virtual machines from sending traffic that appears to come from nodes on the network other than themselves

For VLAN security see vSphere Security Guide (page 20).

View/Sort/Export user and group lists (same as vSphere 4.x)

See: vSphere Security Guide (page 45). Note that there are local users/groups (both ESXi and vCenter Server local users) and centralized users/groups (from a directory service).

Add/Modify/Remove permissions for users and groups on vCenter Server inventory objects (same as vSphere 4.x)

See: vSphere Security Guide (page 53) and http://www.vmwarehub.com/Permissions.html.

Create/Clone/Edit vCenter Server Roles (same as vSphere 4.x)

See: vSphere Security Guide (page 61). When you remove a role that is assigned to a user or group, you can remove assignments or replace them with an assignment to another role.

Add an ESXi Host to a directory service (similar as vSphere 4.1)

There are two different way to use an Active Directory solution in ESXi 5:

Apply permissions to ESXi Hosts using Host Profiles (same as vSphere 4.x)

See Use Host Profiles to Apply Permissions to Hosts (for host added in the AD) and the vSphere Security Guide (at page 67 to use with the vSphere Authentication Proxy).

Determine the appropriate set of privileges for common tasks in vCenter Server (similar as vSphere 4.x)

See the vSphere Security Guide and also, for other guide, the privileges requirements are always specificated.

vCertification, vSphere none

What’s new in ESXi 5 – Embedded firewall

1 August 2011
Comments off
Reading Time: < 1 minute

In vSphere 5, for the first time, ESXi has now an integrated firewall. In this way another feature gap between ESXi and ESX has been filled. But this firewall is quite new and different compared to the one from ESX, although the management (at the GUI mode) remain similar of the old one.

For more info see: http://vinfrastructure.it/vdesign/esxi-5-firewall/

VMware, vSecurity, vSphere none

New VCP blueprints

30 July 2011
Comments off
Reading Time: < 1 minute

On the VMware site there are new version of the VCP blueprint, both for VCP4 and VCP5:

About the VCP5 document, still i cover the beta exam and it does not make any changes in the covered objectives. My version with study notes is still a work in progress.

vDesign none

VCP5 Exam Prep – Part 1.3

29 July 2011
Comments off
Reading Time: 6 minutes

Objective 1.3 – Plan and Perform Upgrades of vCenter Server and VMware ESXi

See also this similar post: Objective 1.3 – Plan and Perform Upgrades of vCenter Server and VMware ESXi and Objective 1.3 – Plan and Perform Upgrades of vCenter Server and VMware ESXi.

Identify upgrade requirements for ESXi hosts (similar as vSphere 4.x)

See: vSphere Upgrade Guide (page 11) and vSphere Upgrade Guide (page 69).

ESXi 5 system requirements are the same for a clean installation: 64 bit CPU, one or more supported NIC, 2098 MB RAM (note that are more than 2 GB), supported storage, … There are other requirements based on the type of source.

Note that there upgrade and migration are used in the guide in the same way, but a ESXi 4.x to ESXi 5 is an upgrade and ESX 4.x to ESXi 5 is a migration. Upgrade/migration can be perform in an automated mode (with VUM or by scripting) or in a interactive mode (you can boot the ESXi installer from a CD, DVD, or USB flash drive to upgrade ESX/ESXi 4.x hosts to ESXi 5.0).

Study also the files that are migrated from a ESX 4.x to a ESXi 5. Some are converted, other make not sense on a ESXi.

Identify steps required to upgrade a vSphere implementation (similar as vSphere 4.1)

See the entire vSphere Upgrade Guide. Basically the steps are (after the requirements check):

  • Upgrade of vCenter Server (upgrade from vCenter Server 4.1 is possible, exept if it installed on a 64 bit Windows XP) or deploy on a new vCenter Server 5. There is a downtime but it related only to vCenter Server.
  • Optional, upgrade or install of VMware Update Manager to handle the hosts upgrade/migration.
  • Upgrade or migration or reinstallation of hosts (vMotion across old and new host will work)… with vMotion an more hosts (and enough resources) this step can be done without downtime.
  • Upgrade of VMware Tools in all VMs (new Tools can works also on vSphere 4.x)… task not stricly required but recomended. There is a downtime in each Windows VMs (due to reboot needed after VMware Tools upgrade).
  • Upgrade of VMFS (could be done with running VMs on it and without downtime)… task not stricly required but recomended… note that old hosts cannot read VMFS5 and new hosts can work fine on VMFS3.
  • Upgrade of virtual hardware to v8 (but ESXi 5 can also run VMs in v7 and v4 format)… task suggested. There is a downtime in each VM (VM must be powered off to perform the upgrade of virtual hardware).

Note that VUM can orchestrate hosts, VMware Tools and virtual hardware upgrade.

Upgrade a vNetwork Distributed Switch (similar as vSphere 4.1)

A vSphere distributed switch version 4.0 or 4.1 can be upgraded to a later version (5.0), enabling the distributed switch to take advantage of features that are only available in the later version.

For the DVS upgrade see the vSphere Networking Guide (page 24).  Log in to the vSphere Client and select the Networking inventory view. Select the vSphere distributed switch in the inventory pane. On the Summary tab, next to Version, select Upgrade.

Upgrade from VMFS3 to VMFS5 (new in vSphere 5.x)

vSphere 5 offers a pain free upgrade path from VMFS-3 to VMFS-5. The upgrade is an online and non-disruptive operation which allows the resident virtual machines to continue to run on the datastore. But upgraded VMFS datastores may have impact on SDRS operations, specifically virtual machine migrations.

When upgrading a VMFS datastore from VMFS-3 to VMFS-5, the current VMFS-3 block size will be maintained and this block size may be larger than the VMFS-5 block size as VMFS-5 uses unified 1MB block size.

In upgraded hosts, the VMFS partition is not upgraded from VMFS3 to VMFS5. ESXi 5.0 is compatible with VMFS3 partitions. You can upgrade the partition to VMFS5 after the host is upgraded to ESXi 5.0. See the information on upgrading datastores from command line to VMFS5 in the vSphere Storage Guide (page 206).

Also note that new ESXi use a different partition schema (GPT instead of MBR) to handle disks and LUNs larger than 2 TB. For new installation the GPT partition table is used.

For more info about VMFS see also: http://www.boche.net/blog/index.php/2011/07/21/vmfs-5-vmfs-3-whats-the-deal/

Upgrade VMware Tools (same as vSphere 4.x)

See the vSphere Upgrade Guide (page 138). This task can be done manually (from vSphere Client) or with VUM. Note that:

  • The version of VMware Tools included in vSphere 5.0 is supported on vSphere 4.x and 5.0 virtual machines. That is, you can also use this new version of VMware Tools in virtual machines on ESX/ESXi 4.x hosts.
  • Virtual machines in a vSphere 5.0 environment support the versions of VMware Tools included in vSphere 4.0-5.0. That is, you are not strictly required to upgrade VMware Tools if VMware Tools was installed from an ESX/ESXi 4.x host.

Upgrade Virtual Machine hardware (same as vSphere 4.x)

See the vSphere Upgrade Guide (page 154). Can be done only with the VM powered off. Some new features (like more than 8 vCPU, for example) require the new virtual hardware (v8). ESXi 5 can create, edit and run v8 and v7 VMs, and can edit and run v4 VMs.

Paravirtualization (VMI) is not supported on ESXi 5.0. Hence, you cannot move VMI-enabled virtual machines from an ESX 3.x or ESX 4.x/ESXi 4.x host to an ESXi 5.0 host when the virtual machines are powered on.

Upgrade an ESXi Host using vCenter Update Manager (similar as vSphere 4.x)

See the vSphere Upgrade Guide (page 92). You can use Update Manager to perform orchestrated upgrades of the ESX/ESXi hosts in your vSphere inventory by using a single upgrade baseline.  You can create upgrade baselines for ESX/ESXi hosts with ESXi 5.x images that you import to the Update Manager repository. You can use ESXi .iso images to upgrade ESXi 4.x hosts to ESXi 5.x or migrate ESX 4.x hosts to ESXi 5.x.

Determine whether an in-place upgrade is appropriate in a given upgrade scenario (similar as vSphere 4.x)

Some upgrade/migration paths are not supported, like:

  • ESX/ESXi 3.x hosts: You must upgrade them to ESX (see next point) or ESXi version 4.x.
  • ESX 4.x host that was upgraded from ESX 3.x with a partition layout incompatible with ESXi 5.0.
  • You cannot use Auto Deploy to upgrade or migrate version 4.x ESX and ESXi hosts to ESXi 5.0, because version 4.x ESX and ESXi hosts are deployed by the traditional method of installing the software on the host hard disk.
  • You cannot change the installation location of the hypervisor (for example to move from local disk to a flash card.
vCertification, VMware, vSphere none

Last VCDX4 defense session has been announced

28 July 2011
Comments off
Reading Time: 2 minutes

See on: http://communities.vmware.com/thread/323082

As most people reading this know, VMware recently announced its vSphere 5 product release.  Although certifications based on vSphere 4 retain their value, we must march onwards; for instance, VCP5 has already been announced.  To this end, today there is the announce of the final opportunity to attempt the VCDX certification based on vSphere 4 designs (this would mean that the VCDX5 certification could be near the corner? maybe in middle 2012?).

The city will be Frankfurt, Germany, and the dates will be February 6-10, 2012.  Applications for this session will open on November 14, 2011, and will close on December 5, 2011.

Sharp-eyed readers will notice that this schedule is somewhat compressed: if a candidate attempts VCDX4 in Singapore during the week of November 14, 2011, and is unsuccessful, he or she will not have a lot of time to build an improved VCDX4 application for Frankfurt.  This was a deliberate choice.  We need to balance the needs of VCDX4 candidates with those who are eager to embark on the vSphere 5 version of the program.  Candidates who defend in Singapore and feel strongly that they will want to reattempt in Frankfurt would be advised not to wait for their results before enhancing their applications.  Instead, they should use the feedback provided by their Singapore panel to begin improving their application right away.

As before, applications must be submitted in English, and the Frankfurt defenses, by default, will be conducted in English.  However, VMware would like to run a trial program under which Frankfurt candidates could choose to defend in German (in front of a panel of German-speaking VCDXes).  If you’d be interested in this, send a message to [email protected].

vCertification, VMware

VCP5 Exam Prep – Part 1.2

28 July 2011
Comments off
Reading Time: 4 minutes

Objective 1.2 – Install and Configure VMware ESXi

See also this similar post: Objective 1.2 – Install and Configure VMware ESXi and Objective 1.2 – Install and Configure VMware ESXi.

Perform an interactive installation of ESXi (similar as vSphere 4.x)

Interactive installation is quite simple and similar to a generic ESXi 4.x.

Seems strange but there is no mention on scripted installation (introduced first time, for ESXi, in version 4.1) in the blueprint, but IMHO you must know them, at least how you can boot from (you can PXE boot the ESXi installer or boot it from a CD/DVD or USB drive) and where you can put the kickstart file (the installation script can be stored in a location that the host can access by HTTP, HTTPS, FTP, NFS, CDROM, or USB). Also check the format of the kickstart file to know required and optional fields.

Of course the questions are not too deep on this aspects (there will be also a VCAP5-DCA exam…)

Deploy an ESXi host using Auto Deploy (new in vSphere 5.x)

See also: vSphere Installation and Setup Guide (page 57).

Auto Deploy is a new method for provisioning ESXi hosts in vSphere 5.0.  At a high level the ESXi host boots over the network (using PXE/gPXE), contacts the Auto Deploy Server which loads the ESXi image into the hosts memory (the host become stateless).  After loading the ESXi image the Auto Deploy Server coordinates with vCenter Server to configure the host, using Host Profiles (same as in vSphere 4.x) and Answer Files (answer files are new in 5.0). You can create image profiles with ESXi Image Builder CLI, and host profiles using the vSphere Client.

Configure NTP on an ESXi Host (same as vSphere 4.x)

Is the same for ESX/ESXi from version 3.5 and can be configured from the vSphere Client. See also: How to configure NTP on VMware ESX.

Configure DNS and Routing on an ESXi Host (same as vSphere 4.x)

Is the same for ESX/ESXi from version 3.x and can be configured from the vSphere Client. See also: Use the VI Client to change DNS, gateway, and hostname.

Note that, compared to the old ESX host, in the ESXi there is only a single gateway (not one for Service Console and one, optional, for vmkernel interfaces).

Enable/Configure/Disable hyperthreading (same as vSphere 4.x)

See: vSphere Resource Management Guide (page 19).

To enable hyperthreading, you must first enable it in your system’s BIOS settings and then turn it on in the vSphere Client (in host Configuration tab / Processors / Properties). Hyperthreading is enabled by default.
Some Intel processors, for example Xeon 5500 processors or those based on the P4 microarchitecture, support hyperthreading. Consult your system documentation to determine whether your CPU supports hyperthreading.

Enable/Size/Disable memory compression cache (same as vSphere 4.1)

This new feature introduced in vSphere 4.1 is another memory management solution (faster that the last change: the VM swap). See official documentation for more info.

  • To enable or disable this feature (enabled by default): change host Advanced Settings (Mem.MemZipEnable, 1 to enable or 0 to disable the memory compression cache).
  • To change the size: still in host Advanced Settings (Mem.MemZipMaxPct, the value is a percentage of the size of the virtual machine and must be between 5 and 100 percent).

License an ESXi host (new in vSphere 5.x)

Host licensing in quite new in vSphere 5… But do not expect too much questions about it (is not a VSP5 exam).

The vCenter Server is still licensed on instance, but now each host is licensed not only per socket (one socket is a physical CPU package) but also per vRAM Entitlement and this value depends on the ESXi edition (note that the edition are the same as vSphere 4.x exept the Advanced that has been suppressed). For more info see: the vSphere 5 licensing model.

vCertification, vSphere
© 2024-2011 vInfrastructure Blog | Disclaimer & Copyright