VMware Infrastructure 3: Install and Configure Day 4

I just finished the fourth and final day of the VMware Infrastructure 3 course. I think overall it was pretty worthwhile. Definitely picked up a few good tips and learnt more about some of the more detailed features/functions of the products - especially the newer stuff. And best of all - I just got a nice new VMware bag :-) Cool. It's quite a good one too (better than the Cisco one from Networkers this year!).

Now to study for the VCP exam! (And maybe build myself an ESX Server lab machine at home to help me revise)

Here are my notes on the topics we've been through today.

Resource Management

• VMotion network can be used as a secondary heartbeat network for HA
• The final thing the VMkernel does after a VMotion is a Reverse ARP, ensuring the switch knows the Virtual Machine's MAC address is accessible via the 2nd ESX Host
• The time between VMotion and scheduling instructions on the 2nd ESX Host's CPU is typically between 50 and 200ms.
• For VMotion to work there must be a virtual switch and port group with an identical name (case sensitive) on the 2nd ESX Host.
• As CPU affinity can cause incompatibility with VMotion only use in a lab/testing environment.

Resource Monitoring

• HEC = Hardware Execution Context. An HEC is typically a CPU core (today), but also a HT CPU.
• vmmemctl = Balloon Driver. Takes RAM from guest machines when physical RAM in host is scarce, causing Guests to Page/Swap more.
• By default the Balloon Driver will not expand beyond 65% of the VM configured memory.
• Use iometer to generate artificial disk load for testing purposes

Data and Availability Protection

• Service Console backups are in reality limited to a small amount of configuration settings, 3rd party software/agents, and logs in /var/log partition.
• ESX Host restore can be scripted using anaconda kick-start files, using a finish script to recreate Virtual Switch settings etc.
• VMware HA does not increase availability, it decreases downtime.
• VMware HA restarts virtual machines when physical machines fail.
• VMware HA network ports:
• Incoming - TCP/UDP 8042-8045
• Outgoing - TCP/UDP 2050-2250
• VMware HA best practices: http://kb.vmware.com/kb/1002080

VMware Infrastructure 3: Install and Configure Day 3

And at the end of Day 3 on the VMware Infrastructure 3 course...more notes...

Virtual Machines...

• Open Filer is an Open Source Storage Appliance (NAS), including iSCSI support, runs well in a VM, available as a Virtual Appliance.

VMware Converter

• VMware Converter standard is free. Enterprise costs $.
• VMware Converter standard is used one machine at a time. Enterprise can run unattended converting multiple machines.
• VMware Converter standard can be operated in 'Hot' and 'Remote' modes, Enterprise is required for 'Cold' operation (boot from CD).

Virtual Machine Management

• VirtualCenter can now expand volumes, similar to the command-line tool: vmkfstools

Guided Consolidation

• Limited value - potentially only for very small environments
• Only collects 24 hours of data, from 8 perfmon counters
• Confidence Level is really a progress bar with 100% representing 24 hours of data collected. High Confidence does not necessarily mean the data collected is representative of the environment's typical workload.
• VMware capacity planner is a much better tool, collects all statistics for 30 days, and works on both Windows and Linux

Access Control

• VirtualCenter authentication is Windows only (AD or Local Windows Accounts)
• ESX (Service Console) authentication is local Linux user accounts or PAM (e.g. LDAP back to AD)
• VirtualCenter authenticates to an ESX host as 'vpxuser' (with a random password)
• Permissions = User/Group + Role (+ Privileges). Permissions -> applied to -> Inventory Objects
• Web Access 'Generate Remote Console URL' provides access (directly to an ESX host) for users/administrators to manage a single VM.

Resource Management

• CPU or Memory shares are never used unless there is contention for CPU or Memory resources
• Shares are only relative within resource pool siblings - not between resource pools

VMware Infrastructure 3: Install and Configure Day 2

So today was day two of the VMware Infrastructure 3: Install and Configure course. It was a lot more interesting than Day 1, although still ran at a pretty slow pace. Below are some of my notes made during the course & labs:

Storage

• SAN Troubleshooting Guide available, recommended reading:
• http://www.vmware.com/pdf/vi3_san_design_deploy.pdf
• ESX can boot from an iSCSI SAN only when using a hardware initiator (iSCSI HBA).
• ESX does not currently support TCP/IP offload engine (TOE) NIC cards (although it does support TCP session offload).
• When using a software iSCSI initiator the session is established (TCP/3260) using the Service Console network interface (CHAP & SendTargets IP address discovery). Network Connectivity is required from the service console to the iSCSI SAN (could use a 2nd service console interface, just for this purpose).

VirtualCenter

• ODBC connection from Virtual Center to SQL 2005 DB needs SQL Native Client (not SQL Server ODBC driver)
• Virtual Center SQL Login needs db_owner on vCenter and MSDB databases

Important VMware communications - e.g for firewall security policy

• VirtualCenter to License Server: 27000, 27010
• Rebates and SDK Clients to VirtualCenter: 443, 80
• VirtualCenter to ESX Hosts: 902
• VI Client to VirtualCenter: 443
• VI Client to ESX Host Remote Console: 903

• By default VirtualCenter accumulates performance data on ESX Hosts and VMs for 1 year
• Commands to check the status of, or start the ESX host process (vmware-hostd):
• service mgmt-vmware status, service mgmt-vmware start

Virtual Machines

• As a guideline deploy single CPU VMs unless a multiple CPU VM is absolutely needed (e.g. multithreaded application requirement).
• As a guideline deploy multiple CPU VMs when there is at least a 2:1 ratio between virtual and physical CPU requirements (e.g. dual core VM, have quad core Host. Quad core VM have 8 core Host).
• There is no support in ESX for virtual USB devices (even though there is in VMware Workstation).
• www.digi.com have a USB to TCP/IP (5xUSB, 1xRJ45 - 10/100Mb Ethernet) converter - called AnywhereUSB. Software can be installed in the VM which provides access to the USB device over the VM's network interface.

VMware Infrastructure 3: Install and Configure Training

Today was day one on the 'VMware Infrastructure 3: Install and Configure' training course, which I'm doing mainly because that's the only way VMware will allow you to get the VMware Certified Professional (VCP) certification (you can't just take the exam - the course is required). As the course is pretty slow-paced I thought I'd blog some notes as I go along, which I can refer back to if needed, and they may come in handy for someone else out there too...

Certification & Exams

• Read the VCP on VI3 Exam Blueprint
  


• http://mylearn.vmware.com/lcms/mL_faq/1714/VCP3.5Blueprint.PDF
  


• Take the VCP on VI3 Mock Exam
  


• http://mylearn.vmware.com/quiz.cfm?item=639&ui=www
  


• Book the Exam through Pearson Vue (90 mins, 70% required):
  


• http://www.pearsonvue.com/vmware/

Intro

• VMware Authorized Consultants (VACs) can access a tool, VMware Capacity Planner, which helps plan virtualising a data centre.
  


• VCDX Certification intended to represent a similar 'level' of ability in VMware that the CCIE did 10 years ago. Intended to be very difficult to attain. Requires multi choice exam, hands-on labs and completion and presentation of a design to a board of examiners.
  


• The HCL is three documents, updated almost every week (Wednesday). System (Server), IO (NIC), Storage/SAN.

Installation

• swap Partition size = 2 x Service Console RAM (272MB) = 544MB (No 3rd party modules) = 2 x Service console RAM Maximum (800MB) = 1.6GB (Recommended for Production Use, permits the installation of additional 3rd party modules in the service console)


• /var/log = 500MB minimum, VMware recommends 2GB.

Labs

• Accessed the 'Lab' via VMware's 'Virtual Datacenter' - actually HP Proliant DL360G5 servers in one of two physical datacenters in San Francisco. (VMware have 700 physical hosts to run education around the world). Installed ESX 3.5 using HP iLO access, from a Citrix Metaframe XP connection to a VMware Classroom 'PC' (running the RES PowerFuse locked-down Windows shell).


• Commands for troubleshooting service console connectivity (wrong NIC selected as service console):


• esxcfg-nics -l (list NICs and PCI addresses in system)


• esxcfg-vswitch -l (list NICs and virtual switches)


• esxcfg-vswitch -U and esxcfg-vswitch -L (to link the correct NIC)

Networking

• ESX has three uses for networking:

1. Virtual Machine connectivity


2. Service Console connectivity


3. Kernel Connectivity (Vmotion + Storage (iSCSI, NAS))

• Load balancing VM networking connections across multiple physical NICs based on IP Hash requires Etherchannel/802.3AD Aggregation support in the physical network switching infrastructure.