VCP5: Difference between revisions

From vwiki
Jump to navigation Jump to search
Line 77: Line 77:


== Secure vCenter Server and ESXi ==
== Secure vCenter Server and ESXi ==
{|cellpadding="4" cellspacing="0" border="1"
|- style="background-color:#bbddff;"
! Role                  !! Type  !! ESX / VC !! Description
|-
| '''No Access'''      || System || ESX & VC || No view or do.  Can be used to stop permissions propagating.
|-
| '''Read Only'''      || System || ESX & VC || View all except Console, no do.
|-
| '''Administrator'''  || System || ESX & VC || Full rights
|-
| '''VM User'''        || Sample || VC only  || VM start/stop, console, insert media (CD)
|-
| '''VM Power User'''  || Sample || VC only  || As user plus hardware and snapshot operations
|-
| '''Resource Pool Admin''' || Sample || VC Only || Akin to an OU admin, full rights for child objects
Cannot create new VM's without additional VM and datastore privileges.
|-
| '''Datastore Consumer''' || Sample || VC Only || Allows creation of VMDK's or snapshots in datastore (additional VM privileges to action)
|-
| '''Network Consumer''' || Sample || VC Only || Allows assignment of VM's to networks (additional VM privileges to action)
|}
'''vCentre Access'''
* Disabled logged in users use access as next validation period (default is 24hrs)
'''ESXi Firewall'''
* New for v5
* Rule set XML files found in <code>/etc/vmware/firewall/</code>
* Should be edited via GUI
'''ESXi and Active Directory'''
* ESX FQDN must match AD domain
* ESX and AD should be synced to same time
* ESX's DNS must be able to resolve the AD domain
* Add to OU container using domain name format
** <code> sandfordit.local/SiliconOU1/MondeoOU2 </code>
== Identify vSphere Architecture and Solutions ==
== Identify vSphere Architecture and Solutions ==



Revision as of 11:41, 11 January 2012

This page shows my crib notes created into to obtain the VCP5 certification. I've been using the technology for a while now, and I've only bothered to document the gaps in my own knowledge, so it is by no means concise and unlikely to cover much that would also apply to previous certs. VMware's What's New course covers the following...

  • List and describe key enhancements in vSphere 5.0
  • Upgrade a deployment from vSphere 4.x to vSphere 5.0
  • Use Image Builder to modify and export an image profile as part of Auto Deploy
  • Use Auto Deploy to Install a stateless ESXi host
  • Manage a version 8 virtual machine with the next-generation Web-based VMware vSphere Client
  • List and describe key networking enhancements, including the ESXi firewall and new features in vNetwork distributed switches
  • Upgrade and manage a VMware vSphere VMFS5 datastore
  • Understand and configure policy-driven storage management
  • Create a datastore cluster and configure Storage DRS
  • Configure a VMware High Availability cluster based on the new Fault Domain Manager agents
  • Use the Linux-based VMware vCenter Server Appliance

Plan, Install, Configure and Upgrade vCenter Server and VMware ESXi

Install and Configure vCenter Server

vCentre Server Appliance

  • Deployed via OVF, requires 7 GB disk (max 80 GB)
  • Supports up to 5 ESXs / 50 VMs with embedded db

vCentre Server Components

  • Update Manager - requires 32-bit DSN db
  • ESXi Dump Collector - requires IPv4
  • Syslog Collector - requires IPv4
  • Auto Deploy - deploys ESXi image direct to ESX memory
  • Authentication Proxy - allows ESXi servers to join AD domain

vCentre Availability

  • Must match any requirements to support Auto Deploy
  • Must run on ESXi's not supported by Auto Deploy

Client version use cases

  • vSphere Client - Primary vSphere management tool (for infrastructure sys admins)
  • vSphere Web Client - Primarily intended for inventory display, and VM deployment/configuration (for infrastructure mgrs and consumers)

Install and Configure VMware ESXi

vSphere Auto Deploy Image Builder

  • Creates ESXi images in VIB packages

Auto Deploy rules

  • Rules identify an ESX by...
    • boot MAC (as seen in PXE boot)
    • SMBIOS info
    • BIOS UUID
    • Vendor / Model
    • Fixed DHCP IP address
  • Active Rule Set - used to match ESXs at boot time
  • Working Rule Set - used test compliance prior to adding to rule to Active Rule Set

On an ESX's 1st boot

  1. ESX boots, gets IP from DHCP server
  2. ESX downloads and runs gPXE from TFTP server
  3. gPXE gets image from Auto-Deploy server over HTTP
  4. ESX boots image and registers with VC that the Auto Deploy server is registered with
  5. If Host Profile requires user entry, ESX will boot into Maintenance Mode
  6. If ESX is part of DRS cluster, ESX may receive VM's as soon as online

Memory Compression Cache

  • Mem.MemZipEnable - set to 0 to disable
  • Mem.MemZipMaxPct - changes %age of VM memory allowed to be compressed (default is 10%)

Plan and Perform Upgrades of vCenter Server and VMware ESXi

ESX

  • ESX's can be upgraded via (ESX will retain MS-DOS based partitioning)
    • Update Manager
    • ISO installer
    • Script
  • Or installed fresh via (ESX will use GUID partition tables)
    • esxcli
    • Auto Deploy (not an upgrade, ESX is re-provisioned from scratch)
    • ISO installer

VMFS

  • v3 -> v5 Upgrade...
    • Requires exclusive access to datastore
    • Original block size is retained

Secure vCenter Server and ESXi

Role Type ESX / VC Description
No Access System ESX & VC No view or do. Can be used to stop permissions propagating.
Read Only System ESX & VC View all except Console, no do.
Administrator System ESX & VC Full rights
VM User Sample VC only VM start/stop, console, insert media (CD)
VM Power User Sample VC only As user plus hardware and snapshot operations
Resource Pool Admin Sample VC Only Akin to an OU admin, full rights for child objects

Cannot create new VM's without additional VM and datastore privileges.

Datastore Consumer Sample VC Only Allows creation of VMDK's or snapshots in datastore (additional VM privileges to action)
Network Consumer Sample VC Only Allows assignment of VM's to networks (additional VM privileges to action)

vCentre Access

  • Disabled logged in users use access as next validation period (default is 24hrs)

ESXi Firewall

  • New for v5
  • Rule set XML files found in /etc/vmware/firewall/
  • Should be edited via GUI

ESXi and Active Directory

  • ESX FQDN must match AD domain
  • ESX and AD should be synced to same time
  • ESX's DNS must be able to resolve the AD domain
  • Add to OU container using domain name format
    • sandfordit.local/SiliconOU1/MondeoOU2

Identify vSphere Architecture and Solutions

Plan and Configure vSphere Networking

Configure vNetwork Standard Switches

Configure vNetwork Distributed Switches

Configure vSS and vDS Policies

Plan and Configure vSphere Storage

Configure Shared Storage for vSphere

Configure the Storage Virtual Appliance for vSphere

Create and Configure VMFS and NFS Datastores

Deploy and Administer Virtual Machines and vApps

Create and Deploy Virtual Machines

Create and Deploy vApps

Manage Virtual Machine Clones and Templates

Administer Virtual Machines and vApps

Establish and Maintain Service Levels

Create and Configure VMware Clusters

Plan and Implement VMware Fault Tolerance

Create and Administer Resource Pools

Migrate Virtual Machines

Backup and Restore Virtual Machines

Patch and Update ESXi and Virtual Machines

Perform Basic Troubleshooting

Perform Basic Troubleshooting for ESXi Hosts

Perform Basic vSphere Network Troubleshooting

Perform Basic vSphere Storage Troubleshooting

Perform Basic Troubleshooting for HA/DRS Clusters and vMotion/Storage vMotion

Monitor a vSphere Implementation and Manage vCenter Server Alarms

Monitor ESXi, vCenter Server and Virtual Machines

Create and Administer vCenter Server Alarms