VCIX-NV Objective 2.2 – Configure and Manage Layer 2 Bridging

Underneath todays objective we have the following topics:

  • Add Layer 2 Bridging
  • Connect Layer 2 Bridging to the appropriate distributed virtual port group

So first let’s do a little background on what we are doing and more importantly the why. Layer 2 bridging in this case, is an ability we have in NSX to take a workload that currently only exists in our NSX world and “bridge” that with the outside world. We could use this to reach a physical server being used as a proxy or gateway for example. We create this bridge between a logical switch inside NSX and it routes out to a VLAN. I am going to borrow the picture from the NSX guide to try to simplify it a bit more. (credit to VMware for the pic)

In the above picture you have the NSX VXLAN 5001 that is running our workload inside ESXi. We have a need to communicate to a physical workload labeled as such. In order to do that, we have an NSX Edge logical router that has L2 bridging enabled on it. The Bridging tab itself will allow us to choose a logical switch and distributed port group that will be connected together. To do this here are the following steps:

  1. If you don’t already have one, you will need to deploy a new Logical Router. To do that, you will need to go to the NSX Edges subsection of the Networking and Security screen of NSX.
  2. Click on the green + icon on the middle pane
  3. The first information you will need to fill out will be Install Type, and Name. The rest of the options we won’t go over in this walkthrough.
  4. We will need to select Logical Router as the Install Type and then type in a name.
  5. On the next screen, we will need to input a password for the Edge device.
  6. On the Configure Deployment Screen, we will need to add an actual appliance here by clicking on the green + icon.
  7. This popups with a screen for us to select where we wish to place the device’s compute and storage resources.
  8. On the Configure Interfaces screen, I’ve chosen to connect it to my management network. You don’t really need to configure an interface as the actual bridging work will be done by a different mechanism.
  9. You can click past the Default Gateway screen.
  10. Click Finish on the Ready to Complete screen and away you go.

Now the actual bridging mechanism is found by going into the Edge itself

  1. Double click on the Edge device you are going to use for bridging.
  2. Click on Manage, then on Bridging tabs in the center pane.
  3. To add a bridge, click on the green + arrow
  4. Give the Bridge a name, select the Logical Switch you are bridging, and the VLAN Port Group you will be bridging to. (Just as a side note, none of the normal dv Port Groups will show up unless you have a VLAN assigned to them. Something I discovered while writing this )
  5. Once you click Ok, you will exit out to the Bridging screen again, and you will now need to publish your changes to make it work.
  6. Once published, you will have a Bridging ID
  7. You can have more than one Bridge using the same Edge device, but they won’t be able to bridge the same networks. In otherwords you can’t use a bridge to connect the same VXLAN to two different VLAN Port Groups.

And that covers this objective. Stay tuned for the next objective!

Mike

VCIX-NV Objective 2.1 – Create and Manage Logical Switches

Recovering from dual hernia surgery and changing job roles…….it’s me and I’m back. Moving back into the Blueprint, we are working on Objective 2.1 – Create and Manage Logical Switches. We will be covering the following points in this blog post.

  • Create and Delete Logical Switches
  • Assign and configure IP addresses
  • Connect a Logical Switch to an NSX edge
  • Deploy services on a Logical Switch
  • Connect/Disconnect virtual machines to/from a Logical Switch
  • Test Logical Switch connectivity

First it would probably be appropriate to make sure that we know what a logical switch can do. Just like its physical counterpart, an NSX switch can create a logical broadcast domain and segment. This keeps broadcasts from one switch from spilling over to another and saving network bandwidth. Feasibly you can argue that the network bandwidth is a bit more precious than real network bandwidth because it requires not only real network bandwidth but also requires processing on the side of the hosts (whereas normal network bandwidth would be processed by the ASIC on the physical network switch).

A logical switch is mapped to a unique VXLAN which then encapsulates the traffic and carries it over the physical network medium. The NSX controllers are the main center where all the logical switches are managed.

In order to add a logical switch, you must obviously have all the needed components setup and installed (NSX manager, controllers, etc) I am guessing you have already done that.

  1. In the vSphere Web Client, navigate to Home > Networking & Security > Logical Switches.
  2. If your environment has more than one NSX Manager, you will need to select the one you wish to create the switch on, and if you are creating a Universal Logical Switch, you will need to select the primary NSX Manager.
  3. Click on the green ‘+’ symbol.
  4. Give it a name and optional description
  5. Select the transport zone where you wish this logical switch to reside. If you select a Universal Transport Zone, it will create a Universal Logical Switch.
  6. You can click Enable IP Discovery if you wish to enable ARP suppression. This setting is enabled by default. This setting will minimize ARP flooding on this segment.
  7. You can click Enable MAC learning if you have VMs that have multiple MAC addresses or Virtual NICs that are trunking VLANs.

The next point, assign and configure IP addresses, is a bit confusing. There is no IP address you can “assign” to just the logical switch. There is no interface on the switch itself. What I am guessing they meant to say here was that you should be familiar with adding an Edge Gateway interface to a switch, and adding a VM to the switch. Both of these would in a roundabout way assign and configure a subnet or IP address to a logical switch. That’s the only thing I can think of anyways.

The next bullet point is, connecting a logical switch to an NSX Edge. This is done quickly and easily.

  1. While you are in the Logical Switches section (Home > Networking & Security > Logical Switches), you would then click on the switch you want to add the Edge device to.
  2. Next, click the Connect an Edge icon.
  3. Select the Edge device that you wish to connect to the switch.
  4. Select the interface that you want to use.
  5. Type a name for the interface
  6. Select whether the link will be internal or uplink
  7. Select the connectivity status. (Connected or not)
  8. If the NSX Edge you are connecting has Manual HA Configuration selected, you will need to input both management IP addresses in CIDR format.
  9. Optionally, edit the MTU
  10. Click Next and then Finish

The next bullet point covers deploying services on a logical switch. This is accomplished easily by:

  1. Click on Networking & Security and then click on Logical Switches.
  2. Select the logical switch you wish to deploy services on.
  3. Click on the Add Service Profile Icon.
  4. Select the service and service profile that you wish to apply.

There is an important caveat here, the icon will not show up unless you have already installed the third party virtual appliance in your environment. Otherwise your installation will look like mine and not have that icon.

The next bullet point, Connecting and Disconnecting VMs from a Logical Switch is also simply done.

  1. While in the Logical Switch section (kind of a theme here huh?), right click on the switch you wish to add the VM to.
  2. You have the option to Add or Remove VMs from that switch – as shown here in the pic

The final point, testing connectivity, can be done numerous ways. The simplest way would just be to test a ping from one VM to another. This could be done on pretty much any VM with an OS on it. You can even test connectivity between switches (provided there is some sort of routing setup between them. If you only had one VM on that segment (switch) but you had a Edge on it as well, you could pin the Edge interface from the VM as well. There are many ways to test connectivity. And with that, this post draws to a close. I will be back soon with the next Objective Point 2.2 Configure and Manage Layer 2 Bridging.

VCIX-NV Objective 1.3 Configure and Manage Transport Zones

Covering Objective 1.3 now we will be covering the following topics

  • Create Transport Zones according to a deployment plan
  • Configure the control plane mode for a Transport Zone
  • Add clusters to Transport Zones
  • Remove clusters from Transport Zones

So, beginning with the first point, Create Transport Zones according to a deployment plan. What is a transport zone? Well simply, a transport zone is a virtual fence around the clusters that can talk to each other over NSX. If you want a cluster to be able to talk to other clusters that are on NSX, they must be included in the same transport zone. It is important to note that all VMs included in a cluster that is part of a transport zone will have access to that transport zone. Another thing to be careful of is that while a transport zone can span multiple VDSs, you should be sure that all the clusters that are on that VDS are included in the transport zone. You may run into situations where machines won’t be able to talk to each other otherwise if you have improper alignment.

Shown in the above example, you can see that even though you have the DVS Compute_DVS that spans across 2 clusters, since you add to a transport zone by cluster, it is possible to have just half of the clusters that make up that DVS on the transport zone. This leaves the hosts in Cluster A unable to talk to anyone on the NSX networks.

On to the next point. Configure the control plane mode for a Transport Zone. You can choose between three different control plane modes available.

  • Multicast
  • Unicast
  • Hybrid

These modes control how BUM (Broadcast, Unicast, Multicast) traffic is distributed and more.

Multicast replication mode depends on the underlaying architecture being a full Multicast implementation. The VTEPs on each host join a Multicast group so when BUM traffic is sent, they will receive it. The advantage of this is BUM traffic is only distributed to hosts that participate, possibly cutting the traffic down. Downsides of this are, IGMP, PIM, and Layer 3 Multicast routing are required at the hardware layer adding complexity to the original design.

Unicast replication mode, is everything multicast is not. More specifically, when a BUM packet is sent out, it is sent to every other host on the VXLAN segment. It will then pick a host on the other VXLAN segments and designate it a Unicast Tunnel End Point or UTEP and it will forward the frame to that and then the UTEP will forward it to all other hosts on its VXLAN segment. The advantages of this are not caring about the underlying hardware at all. This is a great thing from the decoupling from hardware standpoint, on the other hand the downside to it is, it uses a lot more bandwidth.

Hybrid replication mode is exactly that. Hybrid. It is a good mix between the above. Instead of needing all the things in multicast, only IGMP is used. Unicast is used between the VXLAN segments to avoid the need for PIM and Layer 3 routing, but internally on the VXLAN segment, IGMP is used and it cuts down on the bandwidth quite a bit. With Hybrid mode, instead of a UTEP being used between segments, it is now called a MTEP or Multicast Tunnel Endpoint.

Unicast is what is used most commonly on smaller networks and Hybrid in larger networks.

As far as adding and removing clusters from Transport Zones, you can do that a different times (adding). You can add when you initially create the transport zone, or you can do it afterwards. If you do it afterwards you will need to be in the Installation sub menu on the navigation menu on the left side of the screen. You then will need to click on the Transport Zones tab and then click on the transport zone you wish to expand. Then click on the Add Cluster icon, which looks like three little computers with a + symbol on the left side. Then select the clusters you wish to add. To remove a cluster, you need to be in the same place, but click on the Remove Clusters icon instead.

That’s the end of section 1. Next up. Section 2. Create and Manage VMware NSX Virtual Networks.

Objective 1.2 – Prepare Host Clusters for Network Virtualization

As mentioned above the next objective is preparing your environment for network virtualization. We will cover the following topics specified in the blueprint.

  • Prepare vSphere Distributed Switching for NSX
  • Prepare a cluster for NSX
    • Add / Remove Hosts from cluster
  • Configure appropriate teaming parameters for a given implementation
  • Configure VXLAN Transport parameters according to a deployment plan

Kicking off with preparing the distributed switching for NSX… First, we need to cover a little about distributed switches. A lot of people, myself included, just use standard switches due to the simplicity of them. Like an unmanaged hardware switch, there isn’t much that can go wrong with it. It either works or it doesn’t. There are a number of things you are missing out with however, by not using distributed switches.

Distributed Switches can:

  • Shape Inbound traffic
  • Be managed through a central location (vCenter)
  • Support PVLANs (yeah I don’t know anybody using these)
  • Netflow
  • Port Mirroring
  • Support LLDP (Link Layer Discovery Protocol)
  • SR-IOV and 40GB NIC support
  • Addtl types of Link Aggregation
  • Port Security
  • NIOC (v6.x)
  • Multicast Snooping (v6.x)
  • Multiple TCP/IP stacks for vMotion (v6.x)

These are the main improvements. You can see a better detailed list here – https://kb.vmware.com/s/article/1010555

The main takeaway though, if you didn’t already know, is that NSX won’t be able to do its job without distributed switches.

To prepare for NSX you will need to make sure that all the distributed switches are created and hosts are joined to them. There will be different setups that will all be dependent on environments. You can join hosts to multiple distributed switches if need be. Most sample setups will have you separate out your compute and management hosts and keep them on separate switches. There are advantages to doing it this way but it can add complexity. Just make sure if you are doing it this way you know the reasons why and it makes sense for you. The other main thing to realize is that a minimum MTU frame size of 1600 bytes is required. This is due to the additional overhead that VXLAN encapsulation creates.

For the purposes of the test I am going to assume that they will want you to know about the MTU, and how to add and remove hosts/vmkernel ports/VMs from a distributed switch. This IS something you should probably already know if you have gone through VCP level studies. If you don’t feel free to reach out to me and we’ll talk, or reference one of the VMware books, Hands on Labs, or other materials that can assist.

Next objective is preparing the cluster/s for NSX.

What are we doing when we prepare the cluster? The VMware installation bundles are loaded onto the hosts and installed. The number of VIBs installed depends on the version of NSX and ESXi installed. If you do need to look for them these are what they will be called, and in the following groups.

esx-vxlan, esx-dvfilter-switch-security, esx-vsip
esx-vxlan, esx-vsip
esx-nsxv

The control and management planes are also built.

When we click on Host Preparation tab in Installation, we are presented with clusters. Select the cluster desired, and then click on Actions and Install. This will kick off the installation. -Note: If you are using stateless mode (non-persistent state across reboots) you will need to manually add them to the image.

A few other housekeeping things. I’d imagine you already have things like DNS sorted. But if you didn’t before, make sure the little stuff is sorted. If you don’t weird issues can pop up at the worst time.

To check to see the VIB installed on your ESXi hosts, open SSH on them and type in the following:

Esxcli software vib list | grep esx

This will, regardless of version, give you all the installed VIBs with ESX in the name.

In order to add a new host to an already prepared cluster, do the following:

  1. Add the server as a regular host
  2. Add the host to the distributed switch that the other hosts are part of and that is used for NSX
  3. Place the host into maintenance mode
  4. Add the host to the cluster
  5. Remove the host from maintenance mode

The host, when it is added to the cluster will automatically be installed with the necessary VIBs for NSX. DRS will also balance machines over to the new host.

To remove a host from a prepared cluster:

  1. Place the host in maintenance mode
  2. Remove host from the cluster
  3. Make sure VIBs are removed and then place host how you want it.

Configure appropriate teaming policy for a given implementation is next. I am going to lift some information from a Livefire class I just went through for this. First, when NSX is deployed to the cluster, a VXLAN port-group is created automatically. The teaming option on this should be the same across all ESXi hosts and across all clusters using that VDS. You can see the port group in my environment that is created for the VTEPs

You choose the teaming option when you configure the VXLAN in the Host Preparation tab. The Teaming mode determines the number of VTEPs you can use.

  • Route based on originating port = Multi VTEP = Uplinks both active
  • Route based on MAC hash = Multi VTEP = Uplinks both active
  • LACP = Single VTEP = Flow Based
  • Route Based on IP Hash = Single VTEP = Flow based
  • Explicit failover = Single VTEP = One Active

It is recommended you use source port. The reasoning behind this is so you don’t have a single point of failure. Single VTEPs would essentially cripple the host and VMs that resided on it until failover occurred or it was brought back online.

Configure VXLAN Transport parameters according to deployment plan is last in this objective. This most likely covers configuring VXLAN on the Host Preparation page and then configuring a Segment ID range on the Logical Network tab.

When you prepare the VXLAN on the host prep tab, this involves setting the VDS you are going to use, a VLAN ID (even if default), an MTU size, and a NIC teaming policy. One interesting thing is if your VDS switch is set to a lower MTU size, by changing here, it will also change the VDS to match the VXLAN MTU. The number of VTEPs are not editable in the UI here. You can set the VTEPs to be assigned an IP with an IP Pool that can be setup during this. You can go back later to add or change parameters of the IP Pool or even add IP Pools by going to the NSX Manager, managing it, and then going to Grouping Objects.

When everything is configured it will look similar to this:

Going to the next button, takes you the Segment ID. You can create one here, if you need to create more than one segment ID, you will need to do it via API. Remember Segment IDs are essentially the number of Logical Switches you can create. While you can technically create more than 16 million, you are limited to 10,000 dvPortGroups in vCenter. A much smaller subset is usually used. Here is mine. Since it’s a home lab I’m not likely going to be butting up against that 10k limit any time soon.

And that’s the end of 1.2 Objective. Next up is the exciting world of Transport Zones in 1.3.

Objective 8.1: Deploy ESXi Hosts Using Auto Deploy

So I have skipped a few sections dealing with troubleshooting. I may circle back around and get to them if I can but I am shooting to try to get all the other stuff done. Besides, I am sure if you have gotten this far – you have had at least a couple problems and have at least a rudimentary knowledge of troubleshooting (REBOOT ALL THE THINGS!! J ).

Looking to try to keep the momentum going we are going to discuss the following topics:

  • Identify ESXi Auto Deploy requirements
  • Configure Auto Deploy
  • Explain PowerCLI cmdlets for Auto Deploy
  • Deploy/Manage multiple ESXi hosts using Auto Deploy

Identify ESXi Auto Deploy requirements

Generally, as sysadmins, we don’t like to do the same thing over and over again. I am not saying we are lazy (some of us are J) but let’s face it, there are much cooler things to learn and do than load a system and put a config on it a couple of hundred times. So for those people, VMware has offered up Auto Deploy and Host Profiles. We will go over Host Profiles in the next objective point of 8, so don’t worry.

We will start off by explaining just what Auto Deploy does. Auto Deploy is a vSphere component that uses PXE boot infrastructure in conjunction with vSphere host profiles to provision and customize one to hundreds of hosts. No state is stored on the ESXi box itself, it is held by Auto Deploy. Now you don’t necessarily HAVE to use Host Profiles, but it does make you job a lot easier once it’s setup. You can even deploy different images such as versions and driver loads to different servers, based on criteria you specify.

We will now list the requirements, as it is always good to begin with those:

  1. The Hosts you are going to provision need to be setup in BIOS mode (not UEFI)
  2. If you are going to use VLANs make sure that is all setup prior and there is connectivity
  3. Verify you have enough storage for the Auto Deploy repository (Best Practice is to allow about 2GB for 4 images)
  4. DHCP server
  5. TFTP server
  6. Admin privileges to the DHCP server
  7. While not a requirement, it would be a good idea to setup a remote syslog server and ESXi Dump Collector in case things go wrong.
  8. PXE does not support IPv6 so make sure you have IPv4 (PXE doesn’t support it, specifically)

How do we configure it?

Configure Auto Deploy

  1. Install the vCenter Windows app or VCSA
  2. You will need to start up the Auto Deploy service
    1. You will need to log into your Web Client
    2. Click on Administration
    3. Under System Configuration, click Services
    4. Select Auto Deploy and select Edit Startup Type
    5. On Windows the service is disabled – select Manual or Automatic to enable it
    6. On the VCSA the service is set to Manual by default, you can select Automatic to have it start unassisted
  3. Configure the TFTP server (there are many different ones to choose from)
    1. In the Web Client go to the Inventory List and select your vCenter server System
    2. Click the Manage tab, select Settings, and click Auto Deploy
    3. Click Download TFTP Boot zip to download the configuration file and unzip the file to the directory in which your TFTP server stores files.
  4. Setup your DHCP server to point to the TFTP server where you just downloaded the config files.
    1. Specify the TFTP server’s IP address in the DHCP server using Option 66 (also called next-server)
    2. Specify the boot file name which is undionly.kpxe.vmw-hardwired in the DHCP option 67 (also called boot-filename)
  5. Set each host you want to provision with Auto Deploy to network boot or PXE boot.
  6. Locate the image profile you want to use and the depot it is located
  7. Write a rule that assigns an image profile to hosts

Next you are going to need to install PowerCLI to be able to create rules that assigns the image profile and optionally a host profile.

Explain PowerCLI cmdlets for Auto Deploy

Help is always just a command away by just typing Get-Help<cmdlet>. Also remember that Powershell isn’t case sensitive and you can tab to complete. You can also clean up output using Format-List or Format-Table. Now.. the commands:

Connect-VIServer 192.x.x.x – This command will, as you might have guessed, connect you to the vCenter that you plan to use for Auto Deploy. The IP address will need to be changed to yours. This command might return a certificate error. This is normal in development environments.

Add-EsxSoftwareDepot <c:\location.zip> – This will add the image profile to the PowerCLI session that you are in so that you can work with it.

Get-EsxImageProfile – This will list out the Image Profiles that are included in the zip that you are using. Usually there are a couple of them in there that may include VMware Tools and one that does not.

New-DeployRule –Name “testrule” –Item “My Profile25” –Pattern “vendor=Acme,Dell”, “ipv4=192.168.1.10-192.168.1.20” – This is a little meatier. This is creating a rule with the name “testrule” that is going to use the image profile “My Profile25” and will only be applied to a system from either Acme or Dell that is using an ip address in the range from 192.168.1.10-20. Double quotes are required if there are spaces, otherwise they are optional. You can specify –AllHosts instead of pattern to just carpet bomb your machines. If you have a host profile to add to it you can do so with the –Item <name of profile> and it will apply this profile to those hosts.

Add-DeployRule testrule – This adds the rule to the active rule set.

That is all the rules you have to have to have. But there are some more that you might find useful with Auto Deploy. They include

Get-DeployRule – This will get all current rules

Copy-DeployRule –DeployRule <name of rule> -ReplaceItem MyNewProfile – This will copy a rule and change the profile. You cannot edit a rule after it is added. You have to copy and replace.

Deploy/Manage multiple ESXi hosts using Auto Deploy

The beauty of the above is that you can use it for multiple ESXi hosts. I mean that is what it was really meant to be used for. You also have the ability of load balancing the TFTP servers to help distribute the load.

And that’s all I will write on this objective. Next stop, 8.2

Objective 6.1: Configure and Administer a vSphere Backups/Restore/Replication Solution

Welcome back to another version of Mike’s VMware show! Up for today, we are going to discuss Backups and Replication. In specific, the topics we are going to cover are:

  • Identify snapshot requirements
  • Identify VMware Data Protection requirements
  • Explain VMware Data Protection sizing Guidelines
  • Identify VMware Data Protection version offerings
  • Describe vSphere Replication architecture
  • Create/Delete/Consolidate virtual machine snapshots
  • Install and Configure VMware Data Protection
  • Create a backup job with VMware Data Protection
  • Install/Configure/Upgrade vSphere Replication
  • Configure VMware Certificate Authority (VMCA) integration with vSphere Replication
  • Configure Replication for Single/Multiple VMs
  • Identify vSphere Replication compression methods
  • Recover a VM using vSphere Replication
  • Perform a failback operation using vSphere Replication
  • Determine appropriate backup solution for a given vSphere implementation

Identify snapshot requirements

So as we are all aware, snapshots are not backups and have no place in being used as such. So why would we put that in this objective? Well because most of our backup programs do use the snapshot mechanism to take a picture point in time of a VM. We can also use this mechanism to take a crash and application consistent snapshot that will allow us to reboot the VM and still be able to have our programs work properly. So first, what options can I specify when I create a snapshot?

  • Name: This is used to identify the snapshot
  • Description: Give it a wordier description of the snapshot
  • Memory – We can select whether or not we are including the memory of the VM when taking a snapshot. This will take longer but allows us to revert to a running VM vs a just booted machine. If this option is selected, the machine will be stunned (paused briefly) while the snapshot is being taken.
  • Quiesce: VMware tools must be installed in order to use this option. This option will flush all the buffers from the OS to make sure that the disk is in a state fully suitable for backups

When a snapshot is created, it is comprised of the following files:

  • <vm><number>.vmdk and <vm><number>-delta.vmdk
  • <vm>.vmsd : this is a database of the virtual machine’s snapshot information and the primary source of information for the snapshot manager. This file contains line entries which define the relationships between snapshots as well as the child disks for each snapshot
  • <vm>snapshot<number>.vmsn : Current configuration and optionally the active state of the virtual machine.

Some of the products which use snapshots are:

  • VMware Data Recovery
  • VMware Lab Manager (now vCloud Director)
  • Storage vMotion
  • VDP and VDPA

This is why we are going over this a bit. It is also important to note that it uses a Copy on Write (COW) mechanism in which the virtual disk contains no data until copied there by a write. The other thing I think it is important to note is space. While you have a Snapshot, the total disk space used is the original base disk + any changes made to it after the snapshot is done. Feasibly, the child disk could be as large as the parent disk.

Identify VMware Data Protection Requirements

So there are a number of different types of requirements for VMware Data Protection. We should really start off first though with an explanation of what VMware Data Protection is. You might remember it by its acronym, VDP and VDPA (‘A’ being for Advanced). VMware Data Protection is a robust, simple to deploy, disk based backup and recovery solution powered by EMC. The product they are referring to is EMC’s Avamar. Now the Requirements.

Capacity Requirements depend on a number of things including:

  • Number of VMs protected
  • Amount of data contained in each protected machine
  • Types of data being backed up
  • Backup retention policy
  • Data retention rates

As far as software requirements go, VDP 6.0 requires at least vCenter 5.1 with 5.5 or later recommended. If for some reason the VM of VDP was migrated to a vSphere host with 5.1 or earlier, it wouldn’t be functional.

It is deployed as a VM with a hardware version of 7 – Therefore if you are intending to backup a VM that is Flash Read Cache backed, it will use the network block device protocol instead of HotAdd affecting performance.

Also be aware that VDP does not support the following disk types:
– Independent
– RDM Independent – Virtual Compatibility Mode
– RDM Physical Compatibility Mode

VDP is available as a .5TB, 1TB, 2TB, 4TB, 6TB, 8TB configuration. You will need to follow the following table for hardware configurations (lifted from the vSphere guide)


You will also need your normal DNS and NTP settings setup.

Explain VMware Data Protection sizing Guidelines

So look to the table above for sizing Guidelines. Keep in mind that you can expand after its deployed if need be (this is different than the old VDP which required you to just deploy a new appliance. The old VDPA would allow you to expand though). One thing to also be aware of is VMware will try to Dedupe the drive, so try to group the same type of VMs together on the same appliance so that you can conserve more space.

Identify VMware Data Protection version offerings

There used to be two versions of VMware Data Protection. There was VDP and VDPA. But since 6.0 rolled out, VMware has decided to roll the features of the higher end product (VMware Data Protection Advanced) and just call it VDP. So among other things, VDP can support up to 400 virtual machines per appliance. You can also have up to 8TB of storage size for your backups. It supports File Level, Image Level, Individual disk backups, and even has support for guest level backups and restores of MS Exchange, SQL, and Sharepoint Servers.

Describe vSphere Replication architecture

So as far as vSphere Replication goes, you will need a few things which you more than likely already have. One is a vCenter Server – version 6.0 since Replication 6.0. Also you will need SSO. You can use SRM with it as well, but they will need to be the same versions.

vSphere Replication itself is deployed as one or more prebuilt, Linux-based, virtual appliances. A maximum of 10 can be deployed per vCenter server. Each appliance is deployed with 4GB of RAM and 2vCPUs for small environments or 4 vCPUs for larger environments. The appliance also has two VMDKs totaling 18GB in size.

One of the nice things about vSphere Replication is since it is host based, it is independent of the underlying storage. This means you can use a number of storage types or more than one. vCloud Air is also supported as a migration location.

Create/Delete/Consolidate virtual machine snapshots

We won’t spend too much time on snapshots since I figure most people already know about them. I will, however run through a quick demonstration of how you would do each of these.

First, you would right-click on whatever VM you are working with – you will be presented with a menu that looks like this


Next you are going to click on the snapshot option – you will have these options


You can click on Take Snapshot in order to create one. Depending on whether your machine is on, your options might be greyed out.


You will now need to give it a name and if you want, a description. You can also choose here to snapshot the virtual machines memory and whether you will quiesce the guest file system. It will point out that it needs VMware Tools installed in order to do this. Keep in mind that if you want to snapshot the memory, you will need to make sure you have enough disk space and also, realize it will take a little longer since you are going to write extra data to the disk. Once done, it will say the task is completed down in the Recent Tasks bar.

If we want to perform other tasks such as delete or consolidate we will go back to the same menu option, and choose our task there. If we are going to delete we will want to choose Manage Snapshots


This is now the screen that will come up.


We can revert back to a snapshot or delete one, or all of the snapshots we have. I am going to Delete All. Once done, I am now presented with a nice clean window.


And that is all there is to it.

Install and Configure VMware Data Protection

To install VMware Data Protection, just need to deploy the .ova. This is just like most other ova’s so I won’t bother you too much with the details of that. After you have finished that and turned it on, the console gives you nice helpful hints what to do next.


When we go to the above address we are given a nice gui wizard


Now we go through the setup and make sure that DNS is resolvable. One of the things I would like to call out here in this setup is the storage setup. We have a few different options available to us.


As mentioned before, this is not static but can be enlarged later, so for now, I am going to leave it at 500MB. I then have the option of putting it on a different datastore


The next screen will give you the vCPU and Memory requirements needed for the storage size that you have chosen.


You then have the opportunity to run a performance analysis on your storage configuration.

After that is done, it will restart the appliance.

Create a backup job with VMware Data Protection

So now the appliance is installed and you are ready to start protecting things… All sorts of things. You will need to make sure the plug-in is installed in the Web Client and you reload it. Once you do, you will see a new icon in the home screen.


When you click on it, you will be prompted to connect to an appliance.


Click on Connect and now you have a whole new world of options available to you. You can now create backups and restore and all sorts of things. In order to create a backup job, click on the Basic Tasks: Create a Backup Job, under the Getting Started page. Or go to the Backup tab, click on Backup job actions and click New. It will open a new window where the first screen is to ask you what type of Backup job you want to create.



Now choose your VM to protect


Choose your schedule


Retention Policy (How long to keep the backups)


Name the job


Click on Finish


You have now created your first job.

Install/Configure/Upgrade vSphere Replication

That was so much fun, let’s do it with Replication. Once again deploying the ovf (comes to you in a zip or ISO) is old hat so we won’t cover that. So after you install the ovf, the next thing you will need to do is configure it to work with the vCenter. You will need to go to the appliances address with :5480 on the end. When you get there and logon, you will need to go to the VR tab and then Configuration. There you will add in the user name and password and double check the rest of the information. Then click on Save and Restart Service.


Accept the cert. After a few minutes it will start up the service and save the configuration. You then can go back to your web client and make sure the plugin is enabled for replication. Once it is, you will see a new option called vSphere Replication. And when you click on it you will see something that looks like this.


There are a couple of different ways to replicate. You can replicate between different vCenters, sites, or even hosts. There is an option to replicate to a cloud provider as well. Since I am just a poor education consultant, I am just going to do an intra-site replication.

First I will need to right click on the VM I want to replicate


The first one is what I am going to choose. This can be to the same vCenter or a separate vCenter. Next window I will choose which vCenter.


Next window I can allow it to auto-assign a replication server, or I can manually choose one. I will let it auto-regulate.


The next window, I will tell it where I want it to replicate to. In this case, I am choosing a local datastore of one of my ESXi servers.


I am now presented with a few options of quiescing and network compression. I am going to choose network compression to save bandwidth at the expense of CPU power. (It will consume additional CPU cycles to compress) Now I click Next.


I now have the option of choosing my Recover Point Objective. This is where I want to be able to recover to if I have an issue. This is not the same as the Recovery Time Objective. This is basically saying that wherever I set this, it will try to have a backup of a point in time of every N hours. It will try to start the backup before to try to meet it. But be aware that if you don’t plan for how much data you will be moving you can easily overlap. Don’t get caught by that!! The other option is Point in Time Instances. After the primary copy, each additional copy is a snapshot. This is how many of those deltas you are willing to keep. I am not really worried about this VM and am only creating this for the sake of this lab, so I will leave defaults.


Summary… Here we go. One other thing to note…. Replication will not work unless ——– the machine is turned on! If it isn’t important enough to have turned on, then do you really need to replicate it? J

You can check status of the machine by going to replication and then Monitor


Finally, to upgrade your replication. Back to the appliance at :5480 (or you can update via Update Manager) This is the page to update. It is relatively straightforward.


Configure VMware Certificate Authority (VMCA) integration with vSphere Replication

By default, Replication uses a self-signed cert. In order to use one from the vCenter’s CA its rather easy. Just log back into the appliance’s config page and click on the SSL Certificate Policy – Accept only SSL certificates signed by a trusted Certificate Authority. Then Save and Restart. That’s it. Here is where it is….


Configure Replication for Single/Multiple VMs

I won’t go over this again since I already did above. The only difference is you highlight multiple VMs instead of just one.

Identify vSphere Replication compression methods

So this is basically a simple table.

Source ESXi Host        ESXi that manages the Target Datastore        Supports

Earlier than 6.0            Any Supported Version                Nope no compression
6.0                Earlier than 6.0                    Looks for a ESXi 6.0 host to do work. Else the Replication App. does the work
6.0                6.0                        Full speed ahead!!!

Recover a VM using vSphere Replication

This is relatively simple as well. Just go to the Replication section, and choose monitor. After you are there, choose Incoming Replication and choose the VM / VMs you wish to recover and right click and choose Recover. You are given three options to choose from now.

  1. Synchronize recent changes – The VM will need to be off, but it will try to sync to that VM before it restores. Use this if the VM is available and you can get at it. If not….Then
  2. Use latest available data – This will use the replicated info and copy back over.
  3. Point in Time – This is only available if you chose it when you configured the replication.

Next screen, choose the Folder in your environment to restore to.

And then choose the target compute/datastore resource.

Summary and Voila, restore

Perform a failback operation using vSphere Replication

Just going to tell you what the guide says on this one. ”

Failback of virtual machines between vCenter Server sites is a manual task in vSphere Replication.

Automated failback is not available.

After performing a successful recovery on the target vCenter Server site, you can perform failback. You log

in to the target site and manually configure a new replication in the reverse direction, from the target site to

the source site. The disks on the source site are used as replication seeds, so that vSphere Replication only
synchronizes the changes made to the disk files on the target site.”

Determine appropriate backup solution for a given vSphere implementation

This one is all you. You will need to figure out depending on customer’s requirements and the capabilities of the equipment you have and might be able to purchase. You will also need to find (ask the customer) how much risk they are willing to assume. Keep in mind that the less risk they assume, the more the cost will be.

Happy VM’ing and remember if women don’t find you handsome, they should at least find you handy.


Objective 5.1: Configure Advanced/Multilevel Resource Pools

Back again with a new objective. This time we are going to go over Resource Pools. Over the course of the blog post we will cover the following points.

  • Describe the Resource Pool hierarchy
  • Define the Expandable Reservation parameter
  • Describe vFlash architecture
  • Create/Remove a Resource Pool
  • Configure Resource Pool attributes
  • Add/Remove virtual machines from a Resource Pool
  • Create/Delete vFlash Resource Pool
  • Assign vFlash resources to VMDKs
  • Determine Resource Pool requirements for a given vSphere implementation
  • Evaluate appropriate shares, reservations and limits for a Resource Pool based on virtual machine workloads

So jumping right in…

Describe the Resource Pool hierarchy

Whether you create additional pools or not, you already have a resource pool in your environment. That’s right, your original hosts whether by themselves or in a cluster make up a resource pool. So what is a resource pool? Well the official definition of a resource pool is: A logical abstraction for flexible management of resources. They can be used to partition available CPU and memory resources.

As mentioned before, whether you have a standalone host or DRS cluster, you have a resource pool. EVEN if it doesn’t show in your client. This is your root resource pool. Now you can create additional pools that further partition those resources from there. These are known as child resource pools. Depending on which pool you are talking about in reference to which pool, the relationship is familial. So the upstream pool is known as a Parent Resource pool and the downstream is known as the Child Resource pool. Continuing along in this family thing, if the pools are at the same level, they are known as Sibling Resource pools. A resource pool can contain child resource pools or virtual machines.

Define the Expandable Reservation parameter

So you have gone ahead and partitioned off resources. That’s great and you have officially been heralded as the savior of at least two different departments. The only issue is that one of the departments you have restricted the usage to, was the payroll department. At least occasionally, they may need a bit more resources-to make sure your check goes out on time. Since you don’t necessarily wish to have to answer every email when they need it, you would like a better way to occasionally give them more resources. Enter the expandable reservation check mark. Checking this button allows your resource pool to occasionally grab more resources, if they are available, from the parent resource pool. And once again, the peasants rejoiced.

Describe vFlash architecture

Starting with version 5.5 a new architecture and vFlash setup started being used. This is now vSphere Flash Read Cache. The design is based off a framework made up of two parts:

  • vSphere Flash Read Cache Infrastructure
  • vSphere Flash Read Cache software

This architecture allows for the pooling of multiple Flash-based devices into a single consumable object, called a Virtual Flash Resource. This can be consumed and managed in the same way CPU and memory are done. So how does it work?

The vSphere Flash Read Cache infrastructure becomes the resource manager and broker for the consumption of the Virtual Flash Resources and also enforces admission control policies. The Flash resource is broken into two different pieces. Virtual Flash Host Swap Cache for VMware vSphere Hypervisor and Virtual Flash Read Cache for virtual machines.

The first object is used as one of the memory reclamation techniques. This replaces the previous tool, swap to SSD. The Hypervisor can use up to 4TB available for Swap Cache.

Virtual Flash Cache software is natively built into the hypervisor. This provides a mechanism for the VMs to use SSD directly to enhance the read portion of their operations, without having to modify anything inside the VM. The amount of cache space used is assigned on a per VMDK basis and only consumed when the machine is turned on. vSphere uses a filesystem called VFFS or VMware Flash File System.

Create/Remove a Resource Pool

In order to create a Resource Pool, we will need to:

  1. Navigate to the parent object where we will want to place the resource pool.
  2. Right Click on the object and select New Resource Pool
  3. Now you will need to assign it a name you can also specify how to divvy up the CPU or Memory resources of the parent
  4. Here you see the finished resource pool in native habitat

Kind of looks like a pie chart signifying cutting up a piece of the resources for you. To remove it, just right-click on the resource pool and delete.

Configure Resource Pool attributes

Now I could be really lazy and say to configure the resource pools attributes, just right click and click Edit. But I won’t do that to you. Yes, that is the way to do it. However, you should know what all those things are before you start meddling with them. So here is an explanation of what you will find on that screen:

Shares: This on the surface looks simple enough, right? Shares should equal how many shares of the resource. But it gets a little deeper. It is dependent on the number of shares owned by the parent. If you are inside another resource pool, then you get that many shares of the original shares. Or a fraction. The other thing to keep in mind as well is shares only come into play when there is contention for that resource. So as long as everyone has enough…. Shares don’t matter. You can specify Low, Normal, High, or Custom. Low=2000 shares, Normal=4000, and High=8000. The number doesn’t really matter as it is just based on the overall shares assigned in the pool. Custom allows you to specify any number you want.

Reservation: This specifies a guaranteed CPU or memory allocation for that resource pool. The interesting thing about this is, that regardless if there is a VM inside the pool, the reservation is still in effect.

Expandable Reservation: As mentioned before, if this box is checked, it allows a VM inside the resource pool to borrow resources from the parent pool (if available).

Limit: You can use this to specify an upper limit to this type of resource. Use this sparingly as this will prevent you from starting machines or worse, if you use it unscrupulously.

Add/Remove virtual machines from a Resource Pool

You can move a VM into or out of a resource pool a couple of different ways. The resource management guide from VMware has you right click on the VM and Migrate it. You can also just drag it into it or out of it. That is to me the easier way. Now when you do that you need to be mindful that if you have assigned any shares to the VM, they will change according to the overall number of shares already in the resource pool. Also be mindful of any reservations you have set. If the resource pool can’t support the reservation, it will cause the move to fail. Likewise, moving a machine out of a resource pool will once again redistribute the weight of the shares, as there is a smaller number of overall shares so each one will be worth more.

Create/Delete vFlash Resource Pool

In order to create a vFlash Resource Pool you will need to navigate to a host with SSDs and then click on Manage>Settings>Virtual Flash and then click on Add Capacity. To remove you would click on the Remove All


Assign vFlash resources to VMDKs

To assign vFlash resource to a VMDK you will need to have some to assign (obviously) but then you would go to the VM and edit the settings. Then click on the Hard Drive with the VMDK you wish to add the flash resource to.

When you expand it out you can see Virtual Flash Read Cache with a number specifying how much space you wish to assign to it.

Determine Resource Pool requirements for a given vSphere implementation
Evaluate appropriate shares, reservations and limits for a Resource Pool based on virtual machine workloads

So the above two points are going to be really based on a lot of factors. You should first keep the goals of Resource Management in mind.

  • Performance Isolation: prevent virtual machines from monopolizing resources and guarantee predictable service rates.
  • Efficient Utilization: exploit undercommitted resources and overcommit with graceful degradation.
  • Easy Administration: control the relative importance of virtual machines, provide flexible dynamic partitioning, and meet absolute service-level agreements.

The next thing you will need to do is remember that there is overhead associated with your VM. Sure you may have given that VM 4GB of RAM but it is consuming more than that due to VMware needing to use RAM to manage it. How do you figure out how much you need? You need to go to the VM and then click over to Monitor > Utilization. When you get there, you will see a bunch of line graphs and numbers. What you are looking for here is on the memory and CPU, Worst Case Allocation. This is the absolute worst case scenario that you would need to prepare for.

In my example here, CPU worst case is 3.54 GHz. This is because I have allocated 2 vCPUs to the machine and both of those cores are running at 1.6Ghz. Then add in overhead. With RAM, I am looking at 4.08GB as my worst case scenario. This is the 4GB I have allocated to this box plus overhead needed to manage it. You can also work with Guest Memory to figure out how much memory your workload / app is actually using. Keep these in mind when sizing and working with your resource pools.

Next Up….. Objective 6.1 – Where we talk about Backups / Restores / and Replication

Objective 4.2: Perform vCenter Server Upgrades

To wrap up upgrade processes and things, we are going to go over vCenter Upgrades. The following points will be covered:

  • Identify steps required to upgrade a vSphere implementation
  • Identify upgrade requirements for vCenter
  • Upgrade vCenter Server Appliance (VCA)
  • Identify the methods of upgrading vCenter
  • Identify/troubleshoot vCenter upgrade errors

Identify steps required to upgrade a vSphere implementation

There are many things to think about for your vCenter and vSphere architecture. Especially now that we have the split of new types of Roles. The Platform Services Controller and the vCenter Role. You have the options of creating an Embedded installation which has all the roles installed on one server, or you can do an External Installation with a separation of the roles. There are advantages and disadvantages of each of these installations. Namely:

Embedded:

Advantages

  1. Connection between the vCenter and the PSC (Platform Services Controller) is not over the network and is not subject to issues associated with DNS and connectivity
  2. Licensing is cheaper (if installed on Windows machines)
  3. Fewer Machines to keep track of and manage
  4. You don’t need to think about distributing loads with a load balancer across Platform Services Controllers

Disadvantages

  1. There is a Platform Services Controller for each product – This consumes more resources
  2. The model is suitable for small-scale environments

vCenter with External Platform Services Controller:

    Advantages

  1. Less Resources consumed by the combines services in the Platform Services Controller, reducing the footprint and reduced maintenance
  2. Your environment can consist of more vCenter Server instances

Disadvantages

  1. The connection between the vCenter/s and Platform Services Controller is over the network and is subject to any issues with connectivity or DNS
  2. You need more Windows licenses (if using Windows)
  3. You must manage more virtual machines or physical – causing more work for you, the admin

The actual steps for the upgrade process are as follows

  1. Read the vSphere release notes… This should go without saying. There are a lot of services going on in the background, you don’t want to have to hurt your current setup (which brings us to Step 3- Backup your configuration)
  2. Verify that your system vSphere hardware and software requirements
  3. Backup your current configuration including your DB
  4. If your vSphere system includes VMWare solutions and/or plugins, verify they will work with the version you are upgrading to. Think about all them. It is a bad day if you upgrade and then realize your backup software won’t work with the new version.
  5. Upgrade vCenter Server

Concurrent upgrades are not supported and upgrade order matters. You will need to give this due consideration if you have multiple vCenters or services that are not installed on the same physical or virtual server.

Identify upgrade requirements for vCenter

The upgrade requirements will in part depend on your current setup. Do you have the Windows version? Or the Appliance? Do you have the Full on SQL server, Express? And so on. Documentation will be your best friend here, but we are going to go over the highlights.

For Windows Server PreReqs:

  • Synchronize the clocks on the machines running the vCenter Server 5.x services
  • Verify the DNS name of the machines running vCenter are valid and accessible from the other machines
  • Verify that if the user you are using to run the vCenter services is an account other than a Local System Account, it has the following permissions 1) Member of Administrators Group 2) Log on as a Service and 3) Act as part of the OS
  • Verify the connection between the vCenter and the Domain Controller

When you run the installer it will perform the following checks on its own

  • Windows Version
  • Minimum Processor Requirements
  • Minimum Memory Requirement
  • Minimum Disk Requirements
  • Permissions on the selected install and data directory
  • Internal and External Port availability
  • External Database version
  • External Database connectivity
  • Administrator privileges on the Windows System
  • Any credentials you enter
  • vCenter 5.x servers

The next thing you will need to think about it disk space. Depending on what type of deployment model you are going with, the requirements change. An embedded will require about 17 GB minimum. If you are using an external PSC, you will need that 17GB on the one machine but you will need 4GB minimum on the external PSCs.

Hardware Requirements again depend on the type of installation you require (based on size). A PSC will require 2 CPUs and 2 GB of RAM regardless – since it is scaling out vs scaling up. The others are based on the size:

  • Tiny (10 or under Hosts and 100 or under VMs) = 2 CPUs and 8 GB of RAM,
  • Small (up to 100 Hosts and 1000 VMs) = 4 CPUs and 16 GB RAM
  • Medium (up to 400 Hosts and 4000 VMs) = 8 CPUs and 24GB RAM
  • Large (up to 1000 Hosts and 10,000 VMs) =16 CPUs and 32 GB RAM

You will also need a 64-Bit Windows OS to put this on. The earliest version that will work is Windows 2008 SP2. You will also need a 64 bit DSN to connect to your Database.

Those are all the normal things you consider when simply deploying the machine. What does it do when you upgrade it though? Well there is a decent amount going on behind the scenes. The database schema is upgraded; the old Single Sign-On will be migrated to the new Platform Services Controller. And then you have the upgrade of the normal vCenter server software. Some of the upgrades depend on your current version.

  • For vCenter 5.0 you can choose to configure either an embedded or external PSC during the upgrade.
  • For vCenter 5.1 or 5.5 with all services deployed on a single machine, you can upgrade to a vCenter with an Embedded PSC.
  • For vCenter 5.1. or 5.5 with a separate SSO server, you will need to upgrade that to a PSC first
  • If you have multiple instances of vCenter installed, concurrent upgrades are not supported and order does matter.

The following information is a good check list to have before upgrading, as they will ask you for these information items.

Upgrade vCenter Server Appliance (VCA)

This is a bit simpler in my opinion, than the Windows version. There are still a few gotchas you need to be mindful of however. You need to make sure that you are running at least vCenter 5.1 Update 3, or 5.5 Update 2 before you can do an upgrade to 6.0. So if you are not at least at those levels, you will need to update those first to the needed version. In order to do this, it is really simple. Go to the IP or URL of the vCenter Appliance and port 5480. When you login, go to the Update tab and click on Check Updates

Then go ahead and click on Install Updates – You are asked to confirm and after you click yes, it will start.

A reboot is required afterwards for the changes to take effect.

Now that you are at a required level for you to be able to upgrade, you will need to have the VCSA install ISO and the Client Integration Plugin installed on your computer. Then open up the ISO (or burn it to a CD) and run the vcsa-setup.html file

You want to do an upgrade – So go ahead and click on that.

You will next need to accept the EULA
Now you need to tell it the host you are going to deploy the appliance to

The rest of the setup is just as if you are going to deploy a new appliance (because you are) with the addition of one screen. Where you tell it where the source appliance is and user name and password for it, so that it can copy the configuration over.

Identify the methods of upgrading vCenter

As of currently, the only supported method is using the user interface based installer (the web page) – Found on KB2109772
As far as the Windows version, you would use the regular installer. Depending on the deployment method you already have (embedded PSC or external)

Identify/troubleshoot vCenter upgrade errors

So as with most things, the best thing to do when things go wrong, is to look at the logs. If there are any error messages, that might be helpful as well. The log you will want to look at is the installation logs. There are a couple of ways you can go about this. If the install errored out before it fully finished, you can leave the check box selected on the screen for collect logs and it will save it in a zip on your desktop. In the Windows Server the logs will be located at:

%PROGRAMDATA%\VMware\CIS\logs directory, usually C:\ProgramData\VMware\CIS\logs

    %TEMP% directory, usually C:\Users\username\AppData\Local\Temp

You can open the files in the above locations in a text editor such as Notepad++ to look for clues. The Appliance houses the log files in a little different location, since the machine is Linux. First you need to access the appliance. You can do this via SSH or if you have direct access to the appliance (like through the console in the Windows Client). Either way once you get access, you will need to log in and get a command line prompt. If you are not already at a PI Shell prompt, run pi shell to get to the Bash prompt. Then run the vc-support.sh script to get a support bundle. You can then export it from the /var/tmp folder. Either to your desktop or you can cat or vi the firstbootStatus.json file to see which services failed.

You can also grab logs from the ESXi host by running the vm-support command in the ESXi shell or SSH or you can connect via the Windows Client and export logs from there. There are a lot of possible errors – you can go over a few in the Upgrade guide here: vSphere Upgrade Guide .

Next up… Resource Pools.

Objective 4.1: Perform ESXi Host and Virtual Machine upgrades

Here we are again, starting Objective 4.1. The following points will be covered:

  • Identify upgrade requirements for ESXi hosts
  • Upgrade a vSphere Distributed Switch
  • Upgrade Virtual Machine hardware
  • Upgrade an ESXi host using vCenter Update Manager
  • Stage multiple ESXi host upgrades
  • Determine whether an in-place upgrade is appropriate in a given upgrade scenario

So to begin with we should go over a few things before performing an upgrade. Your infrastructure is, I am guessing rather important to you and your company’s livelihood. So we need to take a measured approach to it. We can’t just go ahead and stampede into this without giving it an appropriate amount of thought and planning. There is an order to which components to upgrade first, and there are a number of ways to do it. And for the love of God, make sure your hardware is on the Hardware compatibility list…..before you begin. I just had a case this week from a customer that upgraded to 6 and now will need to downgrade as their server was not on the HCL and they couldn’t get support on it. The PDFs have a pretty good approach to the upgrade process

  1. Read the Release Notes
  2. Verify ALL your equipment you are going to use or need to use, is on the HCL
  3. Make sure you have a good backup of your VM’s as well as your configuration
  4. Make sure the plug-ins or other solutions you are using are compatible with vSphere 6
  5. Upgrade vCenter Server
  6. Upgrade Update Manager
  7. Upgrade Hosts
  8. You can actually stop here, but if you go on you could upgrade your HW version on the VMs etc. and any appliances.

So now we will look directly at the ESXi hosts for upgrading. I am assuming you have gone through the above. In addition to this, make sure there is sufficient disk space for the upgrade. And if there is a SAN connected to the host, for safety sake, it might be best to detach that before performing the upgrade so that you don’t make the mistake of choosing the wrong datastore to overwrite and create a really bad day. If you haven’t already, you will want to move off any remaining VMs or shut them down. When the system is done rolling through the upgrade, apply your licenses. If it wasn’t successful then if you had backed it up, you can restore. Otherwise you can reload it with the new version.

You can upgrade an ESXi 5.x directly to 6.0 a couple of different ways. You can upgrade via Update Manager, interactive upgrade, scripted upgrade, auto deploy, or esxcli command line. A host can also have third part VIBs (VMWare Installation Bundles). They could be driver packages or enhancement packs such as Dell’s Open Manage Plugin. Occasionally you can run into a problem upgrading the host with these installed. You can choose to do a number of things at that point. You can remove the VIB and then retry, or you can create a custom installer ISO.

Upgrade a vSphere Distributed Switch

This is a relatively painless process. You can upgrade from 4.1 all the way to 6.0 if you so choose. You need to make sure your hosts support it. If you have even one host attached to this distributed switch that is at a lower level, that is the level you will need to make the distributed switch. For example, if you have all 6.0 hosts except for one 5.5 host, you will either need to make your distributed switch a 5.5 or remove that host from the vDS. One other thing to be mindful of, you can’t downgrade.

To upgrade, navigate to your networking and then to the distributed switch you wish to upgrade

Now you need to click on upgrade

That will open this dialog

This will show you the versions you can upgrade the switch to. After you click on Next, it will check version against the hosts that are attached to the vDS. It will let you know if any hosts are not able to be upgraded to that version.

Upgrade Virtual Machine hardware

In order to upgrade your virtual machine hardware, you can right-click on the VM you need to upgrade and click on compatibility and then either Upgrade VM Compatibility or Schedule VM Upgrade – as seen here:

This is irreversible and will make it incompatible with previous versions of ESXi. The next screen will ask you what version you want to upgrade to.

This will then upgrade it as soon as you scheduled it.

Upgrade an ESXi host using vCenter Update Manager

To upgrade a host to vSphere 6, you will need to follow the following procedure:

  1. Configure Host Maintenance Mode Settings – Host updates might require you to reboot the host and enter maintenance mode before they can be applied. Update Manager will do this, but you will need to configure what to do with the VMs and the host if it fails to enter maintenance mode
  2. Configure Cluster Settings – The remediation can happen in sequence or in parallel. Temporarily disable DPM, HA Admission Control, and Fault Tolerance to make sure your remediation is successful
  3. Enable Remediation of PXE booted ESXi hosts (if you have them)
  4. Import Host Upgrade Images and create Host Upgrade Baselines
  5. Create a Host Baseline Group – Create a baseline group with the 6 image that you want to apply
  6. Attach Baselines and Baseline groups to Objects – You will need to attach the baseline in Update Manager to the objects you want to upgrade
  7. Manually Initiate a Scan of the ESXi hosts – You will need to do this for Update Manager to pay attention to these hosts
  8. View Compliance Information for vSphere objects – Make sure the baseline that you want to apply is correct for the hosts
  9. Remediate Hosts Against an Upgrade Baseline / Groups – NOW the fun starts, this is where Update Manager starts to apply the patches and upgrades to the ESXi hosts.

Stage multiple ESXi host upgrades

In order to stage patches or upgrades the process is going to be relatively the same as what we just went through. The difference would be you are going to have multiple hosts that are attached to the baseline and instead of Remediating, you will just be Staging. Staging allows you to load the patches or upgrades to the hosts without actually rebooting or applying them yet. This will let you decide when the best time is to take executive action against them. Possibly on the weekend or some other designated time. The actual process is lifted from the guide and transplanted here:

Procedure

1 Connect the vSphere Client to a vCenter Server system with which Update Manager is registered and select Home > Inventory > Hosts and Clusters in the navigation bar.
2 Right click a datacenter, cluster, or host, and select Stage Patches.
3 On the Baseline Selection page of the Stage wizard, select the patch and extension baselines to stage.
4 Select the hosts where patches and extensions will be applied and click Next.

If you select to stage patches and extensions to a single host, it is selected by default.

5 (Optional) Deselect the patches and extensions to exclude from the stage operation.
6 (Optional) To search within the list of patches and extensions, enter text in the text box in the upper-right corner.
7 Click Next.
8 Review the Ready to Complete page and click Finish.

Determine whether an in-place upgrade is appropriate in a given upgrade scenario

This question can encompass a number of things. The hardware requirements aren’t extremely different from ESXi 5.5 to 6. You will need to take into account if you are going to use the same boot type, are you already using something on 5.5 that isn’t yet compatible with 6, or are you more interested in upgrading machines period because your current ones are long in the tooth (old)? All these questions and more are going to have to be considered by you and the members of your team in order to answer if you are going to do an in-place upgrade vs migrate to new systems or installs over the top of the current. There are valid reasons of course for all of them and it all depends on your environment and your vision for it.

This one was the longest to get out so far. Lots of things going on in personal life. I hope to get back to a normal blogging schedule really soon.

-Mike

Objective 3.5 Setup and Configure Storage I/O Control

Moving on to our last sub point in the Storage Objectives, we are going to cover Storage I/O Control. We will cover the following:

  • Enable/Disable Storage I/O Control
  • Configure/Manage Storage I/O Control
  • Monitor Storage I/O Control

Enable / Disable Storage I/O Control

This is relatively easy to do. Click on the datastore you want to modify and then click on Manage > Settings > and then General. Underneath Datastore Capabilities, you can click on Edit and then uncheck the Enable Storage I/O Control.

Configure/Manage Storage I/O Control

The same place is where you can configure it. As you see above you can change the congestion threshold or set a manual latency threshold.

Monitor Storage I/O Control

You can do this on a datastore basis by clicking on the datastore and then clicking on Monitor and then Performance. You can monitor the datastore’s space or Performance. If you click on Performance, you are treated to a lot of graphs detailing everything from latency to IOPs. And that is how you can monitor it – Here is a bonus picture.


And that concludes the Storage Section. Up Next is Virtual Machine Management! So get ready for some fun!