Guia de Estudio VMware 4.0

Introduction to VMware vSphere
ESX 4.0
ESXi 4.0
vCenter Server 4.0
EN-000102-00
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
©
2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware, the VMware “boxes” logo and design, Virtual SMP, and VMotion are registered trademarks or trademarks of VMware, Inc.
in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About This Book 5
VMware vSphere Introduction 7

VMware vSphere Components 8
Physical Topology of vSphere Datacenter 10
Virtual Datacenter Architecture 11
Network Architecture 17
Storage Architecture 18
VMware vCenter Server 21
Additional Resources 27
Glossary 29
Index 45
VMware, Inc. 3
4 VMware, Inc.
About This Book
®
Introduction to VMware vSphere provides information about the features and functionality of VMware vSphere.
Introduction to VMware vSphere covers ESX, ESXi, and vCenter Server.
Intended Audience
This information is intended for anyone who needs to familiarize themselves with the components and
capabilities of VMware vSphere. This information is for experienced Windows or Linux system administrators
who are familiar with virtual machine technology and datacenter operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to:
VMware vSphere Documentation

The VMware vSphere documentation consists of the combined VMware vCenter Server and ESX/ESXi
documentation set.
Abbreviations Used in Figures

The figures in this manual use the abbreviations listed in Table 1.
Table 1. Abbreviations
Abbreviation Description
database vCenter Server database
datastore Storage for the managed host
dsk# Storage disk for the managed host
hostn vCenter Server managed hosts
SAN Storage area network type datastore shared between managed

hosts
tmplt Template
user# User with access permissions
VC vCenter Server
VM# Virtual machines on a managed host
VMware, Inc. 5
Technical Support and Education Resources

The following technical support resources are available to you. To access the current version of this book and
other books, go to http://www.vmware.com/support/pubs.
Online and Telephone To use online support to submit technical support requests, view your product
Support and contract information, and register your products, go to
http://www.vmware.com/support.
Customers with appropriate support contracts should use telephone support

for the fastest response on priority 1 issues. Go to
http://www.vmware.com/support/phone_support.html.
Support Offerings Find out how VMware support offerings can help meet your business needs.
Go to http://www.vmware.com/support/services.
VMware Professional VMware Education Services courses offer extensive hands-on labs, case study
Services examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
6 VMware, Inc.
VMware vSphere Introduction
VMware vSphere leverages the power of virtualization to transform datacenters into simplified cloud
computing infrastructures and enables IT organizations to deliver flexible and reliable IT services. VMware
vSphere virtualizes and aggregates the underlying physical hardware resources across multiple systems and
provides pools of virtual resources to the datacenter.
As a cloud operating system, VMware vSphere manages large collections of infrastructure (such as CPUs,
storage, and networking) as a seamless and dynamic operating environment, and also manages the complexity
of a datacenter. The following component layers make up VMware vSphere:
Infrastructure Services Infrastructure Services are the set of services provided to abstract, aggregate,
and allocate hardware or infrastructure resources. Infrastructure Services can
be categorized into:
n VMware vCompute—the VMware capabilities that abstract away from
underlying disparate server resources. vCompute services aggregate these
resources across many discrete servers and assign them to applications.
n VMware vStorage—the set of technologies that enables the most efficient
use and management of storage in virtual environments.
n VMware vNetwork—the set of technologies that simplify and enhance
networking in virtual environments.
Application Services Application Services are the set of services provided to ensure availability,
security, and scalability for applications. Examples include HA and Fault
Tolerance.
VMware vCenter Server VMware vCenter Server provides a single point of control of the datacenter. It
provides essential datacenter services such as access control, performance
monitoring, and configuration.
Clients Users can access the VMware vSphere datacenter through clients such as the
vSphere Client or Web Access through a Web browser.
Figure 1 shows the relationships between the component layers of VMware vSphere.
VMware, Inc. 7
Figure 1. VMware vSphere

VMware vSphere
clients vSphere vSphere vSphere other other

Client Web Access SDK Client Client
vCenter Server
Application Availability Security Scalability

Services
Infrastructure vCompute vStorage vNetwork

Services
enterprise
servers
enterprise
network
enterprise
storage
VMware vSphere Components

This topic introduces the components of VMware vSphere.
VMware vSphere includes the following components:

®
VMware ESX and A virtualization layer run on physical servers that abstracts processor, memory,
®
VMware ESXi storage, and resources into multiple virtual machines.
Two versions of ESX are available:
n VMware ESX 4.0 contains a built-in service console. It is available as an
installable CD-ROM boot image.
n VMware ESXi 4.0 does not contain a service console. It is available in two
forms: VMware ESXi 4.0 Embedded and VMware ESXi 4.0 Installable.
ESXi 4.0 Embedded is firmware that is built into a server’s physical
hardware. ESXi 4.0 Installable is software that is available as an installable
CD-ROM boot image. You install the ESXi 4.0 Installable software onto a
server’s hard drive.
®
VMware vCenter Server The central point for configuring, provisioning, and managing virtualized IT
environments.
®
VMware vSphere Client An interface that allows users to connect remotely to vCenter Server or ESX/
ESXi from any Windows PC.
®
VMware vSphere Web A Web interface that allows virtual machine management and access to remote
Access consoles.
8 VMware, Inc.
®
VMware Virtual A high performance cluster file system for ESX/ESXi virtual machines.
Machine File System
(VMFS)
®
VMware Virtual SMP Feature that enables a single virtual machine to use multiple physical
processors simultaneously.
®
VMware VMotion and VMware VMotion enables the live migration of running virtual machines from
Storage VMotion one physical server to another with zero down time, continuous service
availability, and complete transaction integrity. Storage VMotion enables the
migration of virtual machine files from one datastore to another without service
interruption. You can choose to place the virtual machine and all its disks in a
single location, or select separate locations for the virtual machine
configuration file and each virtual disk. The virtual machine remains on the
same host during Storage VMotion.
Migration with VMotion - Moving a powered-on virtual machine to a new host.
Migration with VMotion allows you to move a virtual machine to a new host
without any interruption in the availability of the virtual machine. Migration
with VMotion cannot be used to move virtual machines from one datacenter
to another.
Migration with Storage VMotion - Moving the virtual disks or configuration
file of a powered-on virtual machine to a new datastore. Migration with Storage
VMotion allows you to move a virtual machine's storage without any
interruption in the availability of the virtual machine.
®
VMware High Feature that provides high availability for applications running in virtual
Availability (HA) machines. If a server fails, affected virtual machines are restarted on other
production servers that have spare capacity.
®
VMware Distributed Feature that allocates and balances computing capacity dynamically across
Resource Scheduler collections of hardware resources for virtual machines. This feature includes
(DRS) distributed power management (DPM) capabilities that enable a datacenter to
significantly reduce its power consumption.
®
VMware Consolidated Feature that provides a centralized facility for agent-free backup of virtual
Backup (Consolidated machines. It simplifies backup administration and reduces the impact of
Backup) backups on ESX/ESXi performance.
®
VMware vSphere SDK Feature that provides a standard interface for VMware and third-party
solutions to access the VMware vSphere.
®
VMware Fault When Fault Tolerance is enabled for a virtual machine, a secondary copy of the
Tolerance original (or primary) virtual machine is created. All actions completed on the
primary virtual machine are also applied to the secondary virtual machine. If
the primary virtual machine becomes unavailable, the secondary machine
becomes active, providing continual availability.
vNetwork Distributed Feature that includes a distributed virtual switch (DVS), which spans many
Switch (DVS) ESX/ESXi hosts enabling significant reduction of on-going network
maintenance activities and increasing network capacity. This allows virtual
machines to maintain consistent network configuration as they migrate across
multiple hosts.
VMware, Inc. 9
Host Profiles Feature that simplifies host configuration management through user-defined
configuration policies. The host profile policies capture the blueprint of a
known, validated host configuration and use this to configure networking,
storage, security, and other settings across multiple hosts. The host profile
policies also monitor compliance to standard host configuration settings across
the datacenter. Host profiles reduce manual steps involved in configuring a
host and can help maintain consistency and correctness across the datacenter.
Pluggable Storage Array A storage partner plug-in framework that enables greater array certification
(PSA) flexibility and improved array-optimized performance. PSA is a multipath I/O
framework allowing storage partners to enable their array asynchronously to
ESX release schedules. VMware partners can deliver performance-enhancing
multipath load-balancing behaviors that are optimized for each array.
Physical Topology of vSphere Datacenter

A typical VMware vSphere datacenter consists of basic physical building blocks such as x86 virtualization
servers, storage networks and arrays, IP networks, a management server, and desktop clients.
This physical topology of the vSphere datacenter is illustrated in Figure 2.
Figure 2. VMware vSphere Datacenter Physical Topology

vCenter Server vSphere Client Web access terminal
server server server

group 1 group 2 group 3
virtual machines
VM VM VM
VM VM VM fibre channel switch fabric / IP network

ESX/ESXi
fibre channel iSCSI NAS

storage array storage array storage array
10 VMware, Inc.
The components that make up the vSphere datacenter topology are:
Computing servers Industry standard x86 servers that run ESX/ESXi on the bare metal. ESX/ESXi
software provides resources for and runs the virtual machines. Each computing
server is referred to as a standalone host in the virtual environment. You can
group a number of similarly configured x86 servers with connections to the
same network and storage subsystems to provide an aggregate set of resources
in the virtual environment, called a cluster.
Storage networks and Fibre Channel SAN arrays, iSCSI SAN arrays, and NAS arrays are widely used
arrays storage technologies supported by VMware vSphere to meet different
datacenter storage needs. The storage arrays are connected to and shared
between groups of servers through storage area networks. This arrangement
allows aggregation of the storage resources and provides more flexibility in
provisioning them to virtual machines.
IP networks Each computing server can have multiple Ethernet network interface cards
(NICs) to provide high bandwidth and reliable networking to the entire
VMware vSphere datacenter.
vCenter Server vCenter Server provides a single point of control to the datacenter. It provides
essential datacenter services such as access control, performance monitoring,
and configuration. It unifies the resources from the individual computing
servers to be shared among virtual machines in the entire datacenter. It does
this by managing the assignment of virtual machines to the computing servers
and the assignment of resources to the virtual machines within a given
computing server based on the policies that the system administrator sets.
Computing servers continue to function even in the unlikely event that vCenter
Server becomes unreachable (for example, if the network is severed). They can
be managed separately and continue to run the virtual machines assigned to
them based on the resource assignment that was last set. After connection to
vCenter Server is restored, it can manage the datacenter as a whole again.
Management clients VMware vSphere provides several interfaces for datacenter management and
virtual machine access. These interfaces include VMware vSphere Client
(vSphere Client), web access through a web browser, vSphere Command-Line
Interface (vSphere CLI), or vSphere Management Assistant (vMA).
Virtual Datacenter Architecture

VMware vSphere virtualizes the entire IT infrastructure including servers, storage, and networks.
VMware vSphere aggregates these resources and presents a uniform set of elements in the virtual environment.
With VMware vSphere, you can manage IT resources like a shared utility and dynamically provision resources
to different business units and projects.
Figure 3 shows the key elements in virtual datacenter.
VMware, Inc. 11
Figure 3. Virtual Datacenter Architecture

cluster1
RP2 host1
VM VM
RP1 RP3
VM VM
VM VM
datastores
VM
network A
network B
You can use vSphere to view, configure, and manage these key elements. These elements include:
n Computing and memory resources called hosts, clusters, and resource pools
n Storage resources called datastores
n Networking resources called networks
n Virtual machines
A host is the virtual representation of the computing and memory resources of a physical machine running
ESX/ESXi. When one or more physical machines are grouped together to work and be managed as a whole,
the aggregate computing and memory resources form a cluster. Machines can be dynamically added or
removed from a cluster. Computing and memory resources from hosts and clusters can be finely partitioned
into a hierarchy of resource pools.
Datastores are virtual representations of combinations of underlying physical storage resources in the
datacenter. These physical storage resources can come from the following:
n Local SCSI, SAS, or SATA disks of the server
n Fibre Channel SAN disk arrays
n iSCSI SAN disk arrays
n Network Attached Storage (NAS) arrays
Networks in the virtual environment connect virtual machines to one another and to the physical network
outside of the virtual datacenter.
Virtual machines are designated to a particular host, cluster or resource pool, and a datastore when they are
created. After they are powered-on, virtual machines consume resources dynamically as the workload
increases or give back resources dynamically as the workload decreases.
Provisioning of virtual machines is much faster and easier than physical machines. New virtual machines can
be created in seconds. When a virtual machine is provisioned, the appropriate operating system and
applications can be installed unaltered on the virtual machine to handle a particular workload just as though
they were being installed on a physical machine. A virtual machine can even be provisioned with the operating
system and applications already installed and configured.
12 VMware, Inc.
Resources get provisioned to virtual machines based on the policies set by the system administrator who owns
the resources. The policies can reserve a set of resources for a particular virtual machine to guarantee its
performance. The policies can also prioritize and set a variable portion of the total resources to each virtual
machine. A virtual machine is prevented from being powered-on and consuming resources if doing so violates
the resource allocation policies. For more information on resource and power management, see the Resource
Management Guide.
Hosts, Clusters, and Resource Pools

Hosts, clusters, and resources pools provide flexible and dynamic ways to organize the aggregated computing
and memory resources in the virtual environment and link them back to the underlying physical resources.
A host represents the aggregate computing and memory resources of a physical x86 server. For example, if the
physical x86 server has four dual-core CPUs running at 4GHz each and 32GB of system memory, the host has
32GHz of computing power and 32GB of memory available for running virtual machines that are assigned to
it.
A cluster acts and can be managed as a single entity. It represents the aggregate computing and memory
resources of a group of physical x86 servers sharing the same network and storage arrays. For example, if the
group contains eight servers with four dual-core CPUs each running at 4GHz and 32GB of memory. The cluster
then has and aggregate 256GHz of computing power and 256GB of memory available for running virtual
machines.
Resource pools are partitions of computing and memory resources from a single host or a cluster. Resource
pools can be hierarchical and nested. You can partition any resource pool into smaller resource pools to further
divide and assign resources to different groups or for different purposes.
Figure 4 illustrates the use of resource pools. Three x86 servers with 4GHz computing power and 16GB of
memory each are aggregated to form a cluster of 12GHz computing power and 48GB of memory. The Finance
Department resource pool reserves 8GHz of computing power and 32GB of memory from the cluster, leaving
4GHz computing power and 16GB of memory reserved for the other virtual machine. From the Finance
Department resource pool, the smaller Accounting resource pool reserves 4GHz computing power and 16GB
of memory for the virtual machines from the accounting department. That leaves 4GHz of computing power
and 16GB of memory for the virtual machine called Payroll.
VMware, Inc. 13
Figure 4. Hosts, Clusters, and Resource Pools
Finance Department
Accounting
VM VM VM VM VM
Other Payroll 4 GHz
16 GB RAM
8 GHz
32 GB RAM
Cluster
12 GHz
48 GB RAM
virtual
physical
x86 server x86 server x86 server

4 GHz 4 GHz 4 GHz
16 GB RAM 16 GB RAM 16 GB RAM
You can dynamically change resource allocation policies. For example, at year end, the workload on
Accounting increases, and which requires an increase in the Accounting resource pool reserve of 4GHz of
power to 6GHz. You can make the change to the resource pool dynamically without shutting down the
associated virtual machines.
When reserved resources are not being used by resource pool or virtual machine, they can be shared. In the
example, if the 4GHz of resources reserved for the Accounting department are not being used, the Payroll
virtual machine can use those gigahertz during its peak time. When Accounting resource demands increase,
Payroll dynamically returns them. Even though resources are reserved for different resource pools, they are
not wasted their owner does not use them. This capability helps to maximize resource utilization while also
ensuring that reservations are met and resource policies enforced.
As demonstrated by the example, resource pools can be nested, organized hierarchically, and dynamically
reconfigured so that the IT environment matches the company organization. Individual business units can
receive dedicated resources while still exploiting from the efficiency of resource pooling.
VMware vSphere Distributed Services

VMware VMotion, VMware Storage VMotion, VMware DRS, VMware HA, and Fault Tolerance are distributed
services that enable efficient and automated resource management and high availability for virtual machines.
Virtual machines run on and consume resources from ESX/ESXi. VMotion enables the migration of running
virtual machines from one physical server to another without service interruption, as shown in Figure 5. The
effect is a more efficient assignment of resources. With VMotion, resources can be dynamically reallocated to
virtual machines across physical servers.
14 VMware, Inc.
Figure 5. Migration with VMotion
ESX/ESXi host ESX/ESXi host
VMotion technology
applications applications applications applications

guest operating guest operating guest operating guest operating
system system system system
virtual machine virtual machine virtual machine virtual machine
Storage VMotion enables the migration of virtual machines from one datastore to another datastore without
service interruption. This allows administrators, for example, to off-load virtual machines from one storage
array to another to perform maintenance, reconfigure LUNs, resolve out-of-space issues, and upgrade VMFS
volumes. Administrators can also use Storage VMotion to optimize the storage environment for improved
performance by seamlessly migrating virtual machine disks.
VMware DRS helps you manage a cluster of physical hosts as a single compute resource. You can assign a
virtual machine to a cluster and DRS finds an appropriate host on which to run the virtual machine. DRS places
virtual machines in such a way as to ensure that load across the cluster is balanced, and cluster-wide resource
allocation policies (for example, reservations, priorities, and limits) are enforced. When a virtual machine is
powered on, DRS performs an initial placement of the virtual machine on a host. As cluster conditions change
(for example, load and available resources), DRS migrates (using VMotion) virtual machines to other hosts as
necessary.
Figure 6. VMware DRS

VM VM
VM
VM
VM VM VM VM VM VM VM VM
virtual machines virtual machines virtual machines

ESX/ESXi host ESX/ESXi host ESX/ESXi host
cluster
physical server physical server physical server
When a new physical server is added to a cluster, DRS enables virtual machines to immediately and
automatically take advantage of the new resources because it distributes the running virtual machines.
When DPM is enabled, the system compares cluster-level and host-level capacity to the demands of virtual
machines running in the cluster. If the resource demands of the running virtual machines can be met by a
subset of hosts in the cluster, DPM migrates the virtual machines to this subset and powers down the hosts
that are not needed. Once resource demands increase, DPM powers these hosts back on and migrates the virtual
machines to them. This dynamic cluster right-sizing that DPM performs reduces the power consumption of
the cluster without sacrificing virtual machine performance or availability.
You can configure DRS to automatically execute virtual machine placement, virtual machine migration, and
host power actions, or to provide recommendations which the datacenter administrator can assess and
manually act upon.
VMware, Inc. 15
VMware HA enables quick restart of virtual machines on a different physical server within a cluster
automatically if a host fails. All applications within the virtual machines have the high availability benefit,
through application clustering.
HA monitors all physical hosts in a cluster and detects host failures. An agent placed on each physical host
maintains a heartbeat with the other hosts in the resource pool. Loss of a heartbeat initiates the process of
restarting all affected virtual machines on other hosts. See Figure 7 for an example of VMware HA. HA ensures
that sufficient resources are available in the cluster at all times to restart virtual machines on different physical
hosts in the event of host failure.
Figure 7. VMware HA
VM VM VM
VM VM VM VM VM VM
virtual machines virtual machines virtual machines

cluster
physical server physical server physical server
HA also provides a Virtual Machine Monitoring feature that monitors the status of virtual machines in an HA
cluster. If a virtual machine does not generate heartbeats within a specified time, Virtual Machine Monitoring
identifies it as having failed and automatically restarts it. If restarts occur, policies can control the number of
restarts.
With HA, vCenter Server is not a single point of failure. HA is configured centrally via vCenter Server; however,
once configured, it operates continuously and in a distributed manner on every ESX host. vCenter Server is
no longer involved. Even if vCenter Server fails, HA failovers still occur successfully.
Using VMware vLockstep technology, VMware Fault Tolerance (FT) on the ESX/ESXi host platform provides
continuous availability by protecting a virtual machine (the Primary VM) with a shadow copy (Secondary VM)
that runs in virtual lockstep on a separate host. Inputs and events performed on the Primary VM are recorded
and replayed on the Secondary VM, ensuring that the two remain in an identical state. For example, mouse-
clicks and keystrokes are recorded on the Primary VM and replayed on the Secondary VM. Because the VM
is in virtual lockstep with the Primary VM, it can take over execution at any point without interruption or loss
of data.
16 VMware, Inc.
Network Architecture
VMware vSphere has a set of virtual networking elements that lets you network the virtual machines in the
data center like a physical environment.
Figure 8. Networking with vNetwork Standard Switches
VM VM VM VM VM
Network
C
A B C D E port A B C D E
groups
vSwitch vSwitch
Host1 Host2 virtual
Host1 Host2 physical
physical network adapters
physical network
Figure 8 shows the relationship between the networks inside and outside the virtual environment for
vSwitches. The virtual environment provides networking elements similar to the physical world. They are
virtual network interface cards (vNIC), vNetwork Standard Switches (vSwitch), vNetwork Distributed
Switches (dvSwitch), and port groups. dvSwitch networking is shown in Figure 9.
Like a physical machine, each virtual machine has one or more vNICs. The guest operating system and
application programs communicate with a vNIC through either a commonly available device driver or a
VMware device driver optimized for the virtual environment. In either case, communication in the guest
operating system occurs just as it would with a physical device. Outside the virtual machine, the vNIC has its
own MAC address and one or more IP addresses, and responds to the standard Ethernet protocol as would a
physical NIC. An outside agent does not detect that it is communicating with a virtual machine.
A virtual switch works like a layer 2 physical switch. Each server has its own virtual switches. On one side of
the virtual switch are port groups that connect to virtual machines. On the other side are uplink connections
to physical Ethernet adapters on the server where the virtual switch resides. Virtual machines connect to the
outside world through the physical Ethernet adapters that are connected to the virtual switch uplinks.
A virtual switch can connect its uplinks to more than one physical Ethernet adapter to enable NIC teaming.
With NIC teaming, two or more physical adapters can be used to share the traffic load or provide passive
failover in the event of a physical adapter hardware failure or a network outage. For information on NIC
teaming, see the ESX Configuration Guide or ESXi Configuration Guide.
A vNetwork Distributed Switch (dvSwitch) functions as a single virtual switch across all associated hosts. This
allows virtual machines to maintain consistent network configuration as they migrate across multiple hosts.
Like a vSwitch, each dvSwitch is a network hub that virtual machines can use. A vSwitch can route traffic
internally between virtual machines or link to an external network by connecting to physical Ethernet adapters.
Each vSwitch can also have one or more dvPort groups assigned to it. dvPort groups aggregate multiple ports
under a common configuration and provide a stable anchor point for virtual machines connecting to labeled
networks.
VMware, Inc. 17
Figure 9. Networking with vNetwork Distributed Switches
VM VM VM VM VM
Network
C
dvPort groups
A B C D E F G H I J
vNetwork Distributed Switch
dvUplinkA dvUplinkB dvUplinkA dvUplinkB virtual

Host1 Host2
Host1 Host2 physical
physical
network adapters
physical network
Port group is a unique concept in the virtual environment. A port group is a mechanism for setting policies
that govern the network connected to it. A vSwitch can have multiple port groups. Instead of connecting to a
particular port on the vSwitch, a virtual machine connects its vNIC to a port group. All virtual machines that
connect to the same port group belong to the same network inside the virtual environment even if they are on
different physical servers.
You can configure port groups to enforce policies that provide enhanced networking security, network
segmentation, better performance, high availability, and traffic management.
Layer 2 security options Enforces what vNICs attached to a port group in a virtual machine can do by
controlling capabilities for a promiscuous mode, MAC address changes, or
forged transmissions.
VLAN support Integrates virtual networks with physical network VLANs.
Private VLAN Allows use of VLAN IDs within a private network without having to worry
about duplicating VLAN IDs across a wider network.
Traffic shaping Defines QOS policies for average and peak bandwidth, and traffic burst size.
You set policies to improve traffic management.
NIC teaming Sets the NIC teaming policies for an individual port group or network to share
traffic load or provide failover in case of hardware failure.
Storage Architecture
The VMware vSphere storage architecture consists of layers of abstraction that hide and manage the complexity
and differences among physical storage subsystems.
This storage architecture is shown in Figure 10.
18 VMware, Inc.
Figure 10. Storage Architecture
host1 host2
VM1 VM2 VM3 VM4
datastore1 datastore2
vm1.vmx vm2.vmx vm3.vmx vm4.vmx virtual
file1.vmdk file2.vmdk file3.vmdk file4.vmdk physical
VMFS volume NFS
IP network
DAS SCSI FC SAN iSCSI NAS
To the applications and guest operating systems inside each virtual machine, the storage subsystem appears
as a virtual SCSI controller connected to one or more virtual SCSI disks as shown in Figure 10. These controllers
are the only types of SCSI controllers that a virtual machine can see and access, and include BusLogic Parallel,
LSI Logic Parallel, LSI Logic SAS, and VMware Paravirtual.
The virtual SCSI disks are provisioned from datastore elements in the datacenter. A datastore is like a storage
appliance that delivers storage space for virtual machines across multiple physical hosts.
The datastore abstraction is a model that assigns storage space to virtual machines while insulating the guest
from the complexity of the underlying physical storage technology. The guest virtual machine is not exposed
to Fibre Channel SAN, iSCSI SAN, direct attached storage, and NAS.
Each virtual machine is stored as a set of files in a directory in the datastore. The disk storage associated with
each virtual guest is a set of files within the guest's directory. You can operate on the guest disk storage as an
ordinary file. It can be copies, moved, or backed up. New virtual disks can be added to a virtual machine
without powering it down. In that case, a virtual disk file (.vmdk) is created in VMFS to provide new storage
for the added virtual disk or an existing virtual disk file is associated with a virtual machine.
Each datastore is a physical VMFS volume on a storage device. NAS datastores are an NFS volume with VMFS
characteristics. Datastores can span multiple physical storage subsystems. As shown in Figure 10, a single
VMFS volume can contain one or more LUNs from a local SCSI disk array on a physical host, a Fibre Channel
SAN disk farm, or iSCSI SAN disk farm. New LUNs added to any of the physical storage subsystems are
detected and made available to all existing or new datastores. Storage capacity on a previously created
VMware, Inc. 19
datastore can be extended without powering down physical hosts or storage subsystems. If any of the LUNs
within a VMFS volume fails or becomes unavailable, only virtual machines that touch that LUN are affected.
An exception is the LUN that has the first extent of the spanned volume. All other virtual machines with virtual
disks residing in other LUNs continue to function as normal.
VMFS is a clustered file system that leverages shared storage to allow multiple physical hosts to read and write
to the same storage simultaneously. VMFS provides on-disk locking to ensure that the same virtual machine
is not powered on by multiple servers at the same time. If a physical host fails, the on-disk lock for each virtual
machine is released so that virtual machines can be restarted on other physical hosts.
VMFS also features failure consistency and recovery mechanisms, such as distributed journaling, a failure-
consistent virtual machine I/O path, and machine state snapshots. These mechanisms can aid quick
identification of the cause and recovery from virtual machine, physical host, and storage subsystem failures.
VMFS also supports raw device mapping (RDM). RDM provides a mechanism for a virtual machine to have
direct access to a LUN on the physical storage subsystem (Fibre Channel or iSCSI only). RDM is useful for
supporting two typical types of applications:
n SAN snapshot or other layered applications that run in the virtual machines. RDM better enables scalable
backup offloading systems using features inherent to the SAN.
n Microsoft Clustering Services (MSCS) spanning physical hosts and using virtual-to-virtual clusters as well
as physical-to-virtual clusters. Cluster data and quorum disks must be configured as RDMs rather than
files on a shared VMFS.
Figure 11. Raw Device Mapping
host
VM
read/write open
datastore
virtual
mapping file
physical
VMFS volume
LUN
FC SAN
or iSCSI SAN
20 VMware, Inc.
An RDM is a symbolic link from a VMFS volume to a raw LUN. The mapping makes LUNs appear as files in
a VMFS volume. The mapping file, not the raw LUN, is referenced in the virtual machine configuration.
When a LUN is opened for access, the mapping file is read to obtain the reference to the raw LUN. Thereafter,
reads and writes go directly to the raw LUN rather than going through the mapping file.
VMware Consolidated Backup

The VMware vSphere storage architecture enables VMware Consolidated Backup. Consolidated Backup
provides a centralized facility for LAN-free backup of virtual machines.
As shown in Figure 12, Consolidated Backup works in conjunction with a third-party backup agent residing
on a separate backup proxy server (not on the server running ESX/ESXi) but does not require an agent inside
the virtual machines.
When the third-party backup agent initiates a backup of virtual machine storage, Consolidated Backup runs
a set of scripts. The pre-backup scripts quiesce the virtual disks and generate snapshots. Once completed, the
post-backup scripts restore the virtual machine back to normal operation. At the same time, it mounts the disk
snapshot to the backup proxy server. Finally, the third-party backup agent backs up the files on the mounted
snapshot to its backup targets. By taking snapshots of the virtual disks and backing them up through a separate
backup proxy server, Consolidated Backup provides a simple and low-overhead backup solution for the virtual
environment, and is less intrusive than running backups inside each guest virtual machine.
Figure 12. VMware Consolidated Backup

virtual machines
apps apps apps
OS OS OS
snapshot
ESX/ESXi snapshot
snapshot
SAN storage
MOUNT
physical server
backup
disk backup
centralized proxy
data mover server
VMware vCenter Server

VMware vCenter Server provides centralized management for datacenters.
vCenter Server aggregates physical resources from multiple ESX/ESXi hosts and presents a central collection
of simple and flexible resources for the system administrator to provision to virtual machines in the virtual
environment.
vCenter Server components are user access control, core services, distributed services, plug-ins, and various
interfaces.
Figure 13 shows the key components of vCenter Server.
VMware, Inc. 21
Figure 13. vCenter Server Components

active third-party
directory application
server
Fault Tolerance plug-in
VMotion
vCenter
Server HA
DRS
active
directory
distributed interface
services
host and VM
core services configuration
VM provisioning
database interface
alarms & events user

management access
statistics control
logging vSphere
API
task
scheduler
resources &
virtual machine
inventory
management
ESX Server management
vCenter
Server HA
Agent
vSphere API
Host Agent
vCenter Server
database
VM VM
Host
The User Access Control component allows the system administrator to create and manage different levels of
access to vCenter Server for different classes of users.
For example, a user class might manage and configure the physical virtualization server hardware in the
datacenter. Another user class might only manage virtual resources within a particular resource pool in the
virtual machine cluster.
22 VMware, Inc.
vCenter Server Core Services

Core Services are basic management services for a virtual datacenter.
Core Services include services such as:
Virtual machine Guides and automates the provisioning of virtual machines and their
provisioning resources.
Host and VM Allows the configuration of hosts and virtual machines.

configuration
Resources and virtual Organizes virtual machines and resources in the virtual environment and
machine inventory facilitates their management.
management
Statistics and logging Logs and reports on the performance and resource use statistics of datacenter
elements, such as virtual machines, hosts, and clusters.
Alarms and event Tracks and warns users on potential resource overuse or event conditions.
management Alarms can be set to trigger on events and notify when critical error conditions
occur. In addition, alarms are triggered only when they satisfy certain time
conditions to minimize the number of false triggers.
Task scheduler Schedules actions such as VMotion to occur at a given time.
Consolidation Analyzes the capacity and use of a datacenter’s physical resources. Provides
recommendations for improving use by discovering physical systems that can
be converted to virtual machines and consolidated onto ESX/ESXi. Automates
the consolidation process, but also provides the user flexibility in adjusting
consolidation parameters.
vApp A vApp has the same basic operation as a virtual machine, but can contain
multiple virtual machines or appliances. With vApps, you can perform
operations on multi-tier applications as separate entities (for example, clone,
power on and off, and monitor). vApps package and manage those
applications.
Distributed Services are solutions that extend VMware vSphere capabilities beyond a single physical server.
These include: VMware DRS, VMware HA, and VMware VMotion. Distributed Services allow the
configuration and management of these solutions centrally from vCenter Server.
Multiple vCenter Server hosts can be joined into a single connected group. When a vCenter Server host is part
of a connected group, you can view and manage the inventories of all vCenter Server hosts in that group.
VMware, Inc. 23
vCenter Server Plug-Ins

Plug-ins are applications that can be installed on top of vCenter Server and that add additional features and
functionality.
vCenter Server Plug-ins include:
VMware vCenter Enables users to convert physical machines, and virtual machines in a variety
Converter of formats, to ESX/ESXi virtual machines. Converted systems can be imported
into any location in the vCenter Server inventory.
VMware Update Manager Enables security administrators to enforce security standards across ESX/ESXi
hosts and managed virtual machines. This plug-in provides the ability to create
user-defined security baselines that represent a set of security standards.
Security administrators can compare hosts and virtual machines against these
baselines to identify and remediate virtual machines that are not in compliance.
vCenter Server Interfaces

vCenter Server interfaces integrate vCenter Server with third party products and applications.
vCenter Server has four key interfaces:
ESX management Interfaces with the vCenter Server agent to manage each physical server in the
datacenter.
VMware vSphere API Interfaces with VMware management clients and third-party solutions.
Database interface Connects to Oracle, Microsoft SQL Server, or IBM DB2 to store information,
such as virtual machine configurations, host configurations, resources and
virtual machine inventory, performance statistics, events, alarms, user
permissions, and roles.
Active Directory Connects to Active Directory to obtain user access control information.
interface
Communication Between vCenter Server and ESX

vCenter Server communicates with the ESX/ESXi host agent through the VMware vSphere API (vSphere API).
When a host is first added to vCenter Server, vCenter Server sends a vCenter Server agent to run on the host. As
Figure 14 shows, that agent communicates with the host agent.
24 VMware, Inc.
Figure 14. Host Agent

vSphere Client
vSphere Web Access
vSphere CLI
third-party software
vCenter Server
vCenter
Server HA
Agent
vSphere API
Host Agent
VM VM Terminal
Services
Host
The vCenter Server agent acts as a mini-vCenter Server to perform the following functions:
n Relays and enforces resource allocation decisions made in vCenter Server, including those that the DRS
engine sends.
n Passes virtual machine provisioning and configuration change commands to the host agent.
n Passes host configuration change commands to the host agent.
n Collects performance statistics, alarms, and error conditions from the host agent and sends them to the
vCenter Server.
n Allows management of ESX/ESXi hosts at different release versions.
Accessing the Virtual Datacenter

Users can access the VMware vSphere datacenter through the vSphere Client, Web Access through a Web
browser, or terminal services (such as Windows Terminal Services).
Only physical host administrators in special circumstances should access hosts. All relevant functions that can
be done on the host can also be done in vCenter Server.
VMware, Inc. 25
Figure 15. VMware vSphere Access and Control

vCenter
Server • vCenter Server
access
active
database interface distributed services directory vSphere • host &vm
Web browser
interface Web Access config. &
vSphere
control
user access
API
core services access
control • vm console
access
ESX/ESXi management
• vCenter Server
access
vSphere Client
• host &vm
config. &
control
access
vCenter
Server HA
• vm console
Agent
access
vSphere API
Host Agent
Windows
VM VM Terminal Services/
Host • vm console Xterm
access
The vSphere Client accesses vCenter Server through the VMware API. After the user is authenticated, a session
starts in vCenter Server, and the user sees the resources and virtual machines that are assigned to the user. For
virtual machine console access, the vSphere Client first obtains the virtual machine location from vCenter
Server through the VMware API. It then connects to the appropriate host and provides access to the virtual
machine console.
NOTE vSphere Web Access cannot be used to access a host running ESXi 4.0.
First Time Use

The vSphere Client includes embedded assistance that guides users who are new to virtualization concepts
through the steps to set up their virtual infrastructure. This embedded assistance is in-line content presented
in the vSphere Client GUI and an online tutorial. The assistance can be turned off for experienced users, or
turned back on when new, inexperienced users are introduced to the system.
Web Access
Users can also access vCenter Server through the Web browser by first pointing the browser to an Apache
Tomcat Server set up by vCenter Server. The Apache Tomcat Server mediates the communication between the
browser and vCenter Server through the VMware API.
To access the virtual machine consoles through the Web browser, users can use the bookmark that vCenter
Server creates. The bookmark first points to the vSphere Web Access.
vSphere Web Access resolves the physical location of the virtual machine and redirects the Web browser to
ESX/ESXi where the virtual machine resides.
26 VMware, Inc.
If the virtual machine is running and the user knows the IP address of the virtual machine, the user can also
access the virtual machine console by using standard tools, such as Windows Terminal Services.
NOTE Web Access is turned off by default for ESX hosts.
Additional Resources
Additional tasks are required to set up a virtual infrastructure. References to the documentation are provided
that contains details about those tasks.
Table 2 lists the tasks and references documentation for setting up VMware vSphere. Documentation also exists
for the following topics:
n Documentation road map and quick start
n Virtual machine mobility planning
n VMware SDK and API developer resources
n Configuration maximums and release notes
Table 2. Documentation
Tasks Documents
Install vCenter Server and the vSphere Client ESX and vCenter Server Installation Guide
ESXi Installable and vCenter Server Setup Guide
Install ESX 4.0 ESX and vCenter Server Installation Guide

Install and Configure ESXi 4.0 Installable ESXi Installable and vCenter Server Setup Guide
Upgrade vCenter Server, vSphere Clients, ESX, or ESXi Upgrade Guide
Obtain and install licenses ESX and vCenter Server Installation Guide
ESXi Installable and vCenter Server Setup Guide
Configure storage iSCSI SAN Configuration Guide

Fibre Channel SAN Configuration Guide
ESX Configuration Guide
ESXi Configuration Guide
Configure networks ESX Configuration Guide

ESXi Configuration Guide
Configure security ESX Configuration Guide

n ESX security ESXi Configuration Guide
n User management Basic System Administration
n Virtual machine patch management VMware Update Manager Administration Guide
Deploy virtual machines Basic System Administration

Guest Operating System Installation Guide
Import physical systems, virtual machines, virtual Basic System Administration

appliances, or backup images into the virtual VMware Converter Enterprise Administration Guide
infrastructure
Configure distributed services VMware Availability Guide

n VMware HA and Fault Tolerance Resource Management Guide
n VMware DRS Virtual Machine Backup Guide
n VMware Consolidated Backup
VMware, Inc. 27
28 VMware, Inc.
Glossary
administrative lockout
A global setting that provides password protection for Windows hosts. Administrative lockout restricts
users from creating new virtual machines, editing virtual machine configurations, and changing network
settings.
alarm
An entity that monitors one or more properties of a virtual machine, such as CPU load. Alarms send
notifications as directed by the configurable alarm definition.
allocated disk
A type of virtual disk in which all disk space for the virtual machine is allocated at the time the disk is
created. This is the default type of virtual disk created by vCenter Server.
API (application programming interface)

A specified set of functions that enables you to access a service programmatically.
append mode
In ESX Server 2.x, a disk mode in which software running in the virtual machine appears to write changes
to the disk. Changes are stored in a temporary .REDO file. If a system administrator deletes the redo-log
file, the virtual machine returns to the state it was in the last time it was used in persistent mode. See also
disk mode.
authorization role
A set of privileges grouped for convenient identification under names such as Administrator.
child
A managed entity grouped by a folder object or another managed entity. See also folder.
clone
(n.) A duplicate of a virtual machine. (v.) To make a copy of a virtual machine. When a clone is created,
vCenter Server provides an option for customizing the guest operating system of that virtual machine.
Hosted products distinguish between full clones and linked clones. See also full clone, linked clone.
cluster
A server group in the virtual environment. Clusters enable a high-availability solution.
cluster compute resource

An extended compute resource that represents a cluster of hosts available for backing virtual machines.
See also compute resource.
compute resource
A managed object that represents either a single host or a cluster of hosts available for backing virtual
machines. See also cluster compute resource.
configuration
See virtual machine configuration.
VMware, Inc. 29
console
See service console, VMware virtual machine console.
current virtual machine

A virtual machine of the latest version supported by the product in use. See also legacy virtual machine.
customization
The process of applying new characteristic values to a virtual machine as it is being deployed from a
template or cloned from another existing virtual machine. Customization options include changing the
new virtual machine identification and network information.
custom networking
In hosted products, any type of network connection between virtual machines and the host that does not
use the default bridged, host-only, or network address translation (NAT) configurations. For instance,
different virtual machines can be connected to the host by separate networks or connected to each other
and not to the host. Any network topology is possible.
daemon
A UNIX background program that runs unattended, performing services at a specified time or when some
condition occurs. Analogous to a service in Windows.
datacenter
A required structure under which hosts and their associated virtual machines are added to the vCenter
Server. vCenter Server supports multiple datacenters. A host can be managed under only one datacenter.
datacenter folder
An optional inventory grouping structure contained within the datacenter structure. A vCenter Server
supports multiple datacenter folders. Datacenter folders can contain only datacenters and other datacenter
folders.
datastore
Virtual representations of combinations of underlying physical storage resources in the datacenter. A
datastore is the storage location (for example, a physical disk, a RAID, or a SAN) for virtual machine files.
DHCP (Dynamic Host Configuration Protocol)

A communications protocol that enables dynamic addressing. The software relieves administrators of the
task of assigning an IP address to each device that connects to a network.
disabled
A state in which actions and features are deactivated. The feature is turned off by a choice the user makes.
disk arrays
Groups of multiple disk devices that are the typical SAN disk storage device. These arrays vary in design,
capacity, performance, and other features.
disk mode
A property of a virtual disk that defines its external behavior (how the virtualization layer treats its data.
It is invisible to the guest operating system. Available modes vary by product. See also persistent mode,
nonpersistent mode and append mode.
distributed virtual port group

A dvPort group is a port group associated with a DVS. It specifies port configuration options for each
member port. A dvPort group defines how a connection is made through the DVS to the network.
DNS (Domain Name System)

An Internet data query service that translates host names into IP addresses. Also called Domain Name
Server or Domain Name Service.
dvPort (distributed virtual port)

A port on a DVS that connects to a host’s service console or VMkernel or to a virtual machine’s network
adapter.
30 VMware, Inc.
Glossary
DVS
See vNetwork Distributed Switch (DVS)
enable
A state in which actions and features are active. The feature is turned on by a choice the user makes.
enumeration
The act of discovering resources available in a virtual machine environment. In particular, discovering all
resources of a given type or a list of resources discovered by enumeration.
Ethernet switch
A physical switch that manages network traffic between machines. A switch has multiple ports, each of
which can be connected to a machine or to another switch on the network. See also virtual switch.
EULA (end user license agreement)

The software license that details any restrictions placed on users.
event
An action that is of interest to vCenter Server. Each event triggers an event message. Event messages are
archived in the vCenter Server database. Messages appear in two locations in the user interface: the Events
option in the navigation bar and the Events tab for objects under the Inventory button.
event declaration
Type of event (alert, error, info, warning, or user) and its name, arguments, and message format.
existing partition
A partition on a physical disk. See also physical disk.
fabric
A Fibre Channel network topology in which devices pass data to each other through interconnecting
switches. A fabric is used in many SANs. Fabrics are typically divided into zones. Also called switched
fabric or Fibre Channel fabric. See also FC (Fibre Channel).
FAT (file allocation table)

See file allocation table (FAT).
fault
A data object containing information about an exception condition encountered by an operation.
FC (Fibre Channel)
An ANSI-standard, gigabit-speed network technology used to build storage area networks and transmit
data. Fibre Channel components include HBAs, switches, and cabling.
file
A container for raw data, such as text or an image.
file allocation table (FAT)

An area on a disk that stores information about the location of each piece of every file on the disk and
about the location of unusable areas of the disk.
file system cache

A storage mechanism that speeds access to files stored on a disk by caching frequently accessed data. The
maximum disk cache for 32-bit operating systems is 512MB; for 64-bit operating systems, the maximum
is 1TB. All platforms use file system caches for improved performance.
folder
A managed entity used to group other managed entities. Folder types are determined by the types of child
entities they contain. See also child.
FQDN (fully qualified domain name)

The name of a host that includes the host name and the domain name. For example, the FQDN of a host
named esx1 in the domain vmware.com is esx1.vmware.com.
VMware, Inc. 31
full clone
A complete copy of the original virtual machine, including all associated virtual disks. See also linked
clone.
full screen switch mode

A display mode in which the virtual machine’s display fills the entire screen. (The user has no access to
the VMware Workstation user interface.) The user cannot create, reconfigure, or start virtual machines. A
system administrator performs those functions. See also quick switch mode.
full virtual machine backup

Backs up all files that make up the entire virtual machine. These files include disk images, .vmx files, and
so on.
Go to snapshot
To restore a snapshot of the active virtual machine. See also revert to snapshot.
GOS (guest operating system)

See guest operating system.
group
A set of users assigned a common set of privileges. A group may contain other groups. See also service
console.
growable disk
A type of virtual disk in which the disk space is not preallocated to its full size. The disk files begin small
and grow as data is written to the disk.
guest operating system

An operating system that runs inside a virtual machine. See also host operating system.
guest user
An unauthenticated user who can log in to a system with a temporary user name and password. A guest
user has restricted access to files and folders and has a set of restricted permissions
handle
A temporary token used by a Web service client to invoke Web service operations that require a reference
to an object. Like a file handle, an object handle is a temporary handle that always refers to the same object.
HBA (host bus adapter)

A device that connects one or more peripheral units to a computer and manages data storage and I/O
processing (often for Fibre Channel, IDE, or SCSI interfaces). An HBA can be physical (attached to a host)
or virtual (part of a virtual machine).
HCL (hardware compatibility list)
The definitive list of hardware that VMware supports.
headless
Describes a program that runs in the background without any interface connected to it. A running virtual
machine that has no console connections is running headless.
heartbeat
A signal emitted at regular intervals by software to demonstrate that it is still active. The signal emitted
by a Level 2 Ethernet transceiver at the end of every packet to show that the collision-detection circuit is
still connected.
host
A computer that uses virtualization software to run virtual machines. Also called the host machine or host
computer. The physical computer on which the virtualization (or other) software is installed.
host agent
Software that performs actions on behalf of a remote client when installed on a virtual machine host.
32 VMware, Inc.
Glossary
host-based licensing
In ESX server software, one of two modes for licensing VMware software. License files reside on the host.
Feature availability is tied strictly to the host in which the file resides. See also server-based licensing.
hosted products
VMware products (including Workstation, VMware Player, VMware Server, VMware ACE, and Lab
Manager) that run as applications on physical machines with operating systems such as Microsoft
Windows or Linux. See also hypervisor.
host-only networking
In hosted products, a type of network connection between a virtual machine and the host. With host-only
networking, a virtual machine is connected to the host on a private network, which normally is not visible
outside the host. Multiple virtual machines configured with host-only networking on the same host are
on the same network. See also NAT (network address translation).
host operating system

An operating system that runs on the host machine. See also guest operating system.
hot fix
An installable file that resets a user’s password, renews an expired virtual machine, or enables a copy-
protected virtual machine to run from a new location.
hyperthreading
A technology that allows a single physical processor to behave like two logical processors. The processor
can run two independent applications at the same time.
hypervisor
A platform that allows multiple operating systems to run on a host computer at the same time.
image-level (volume-level) backup

A process that backs up an entire storage volume.
inactive
A feature is not currently functioning because of a constraint other than user choice. Can also be used
when the feature is turned off by indirect user choice. For example, a feature can be “disabled” by direct
user choice or made “inactive” by indirect user choice.
incremental backup
A process that backs up only those files that have changed since the last backup, whether it is a full or
incremental backup.
independent disk
A type of virtual disk that is not affected by snapshots. You can configure independent disks in persistent
and nonpersistent modes. See also nonpersistent mode, persistent mode.
internal storage configuration

Storage virtualization devices are those that aggregate capacity from multiple heterogeneous arrays and
manage a logical representation of this capacity. Models that belong to this group are array-based
controllers only and not server-based or switch-based controllers. Most of these devices can also have
physical disks installed internally that are presented to hosts as physical SAN LUNs, which are not
virtualized. When these devices are supported in the internal storage configuration, this refers to the LUNs
presented from disks internal to the array and not those virtualized from other arrays which they
aggregate.
inventory
A hierarchical structure used by the vCenter Server or the host agent to organize managed entities. This
hierarchy is a list of all the monitored objects in vCenter Server.
inventory mapping
Mapping between resource pools, networks, and virtual machine folders on the protection site and their
destination counterparts on the recovery site.
VMware, Inc. 33
IP storage
Any form of storage that uses TCP/IP network communication as its foundation. Both Network File System
(NFS) and iSCSI storage can be used as virtual machine datastores. NFS can also be used for direct
mounting of .ISO files for presentation to virtual machines as CD-ROM discs.
ISV (independent software vendor)

A company that develops and sells software for use on other companies’ platforms. Includes systems
management vendors, imaging and provisioning vendors, storage management vendors, and so on.
LAN segment
A private virtual network that is available only to virtual machines within the same team. See also team,
virtual network.
legacy virtual machine

A virtual machine supported by the product in use but not current for that product.
license activation code (LAC)

A unique code associated with one or more VMware products purchased. You receive this code after your
order is processed. If you purchase your products from a VMware partner, you receive your license
activation code after you register your partner activation code for your VMware account.
license file
A text file determining the license mode and entitlement to licensed features.
license key
An encrypted block of text within a license file, determining entitlement to one specific licensed feature.
license mode
The method used for licensing VMware software. A license file can be located on an ESX server host or
on a license server. vCenter Server uses server-based licensing. ESX server licensing can be server-based
or host-based at the option of the system administrator. See also host-based licensing, server-based
licensing.
link
A hyperlink that contains a path to another object. As on the Web, links can be relative to the current object
path, relative to the current server’s object root, or on a specific server, as interpreted by the current client’s
host name resolver.
linked clone
A copy of the original virtual machine. The copy must have access to the parent virtual machine’s virtual
disks. The linked clone stores changes to the virtual disks in a separate set of files. See also full clone.
LMHOSTS (LAN Manager HOSTS) file
A text file in a Windows network that maps NetBIOS host names to IP addresses.
lockout
See administrative lockout.
LUN (logical unit number)

An identifier for a disk volume in a storage array.
LUN Masking
A process that is used for permission management to make a LUN available to some hosts and not to other
hosts. Also referred to as Selective Storage Presentation, Access Control, and Partitioning, depending on
the vendor.
managed entity
A managed object that is present in the inventory. See also inventory, managed object.
managed object
An object that resides on a server and is passed between the client and the Web service only by reference.
A managed object has operations associated with it but might not have properties. See also.
34 VMware, Inc.
Glossary
managed object reference

A data object created to uniquely identify a managed object.
message
A data element that is used by an operation to carry data. It lists the data types exchanged between the
Web service and the client.
migration
The process of moving a virtual machine between hosts. Unless VMotion or Storage VMotion is used, the
virtual machine must be powered off when you migrate it. See also migration with VMotion.
migration with VMotion

The process of moving a virtual machine that is powered on and meets selected requirements, including
the activation of VMotion on both the source and target hosts. When you migrate a virtual machine using
VMotion, the operations of the virtual machine can continue without interruption.
MKS (mouse, keyboard, screen)

A set of basic input-output services for user interaction with a virtual machine.
MoRef (managed object reference)

A managed object has a MoRef that is server-specific. The MoRef is a pointer to an object.
MSCS (Microsoft Cluster Service)

Software that distributes data among the nodes of the cluster. If one node fails, other nodes provide failover
support for applications such as databases, file servers, and mail servers.
name
A path (such as a URL) that refers to an object or the name of an item of information in the server.
NAS (network-attached storage)

A complete storage system that is designed to be attached to a traditional data network.
NAT (network address translation)

In hosted networking, a type of network connection that enables you to connect your virtual machines to
an external network when you have only one IP network address and the host computer uses that address.
The VMware NAT device passes network data between one or more virtual machines and the external
network. It identifies incoming data packets intended for each virtual machine and sends them to the
correct destination. See also host-only networking.
nbtstat command
A diagnostic command that helps determine how a system name or IP address is resolved. Because it can
display current connections using NetBIOS over TCP/IP, nbtstat is useful for determining whether
Windows systems are online from a NetBIOS view. See also NetBIOS (network basic input/output
system).
NetBIOS (network basic input/output system)

An API that enables applications on different computers to communicate across a LAN. NetBIOS provides
the name service and offers two communication modes: session service for connection-oriented
communication and datagram distribution service for connectionless communication.
Network access
Policies that give you detailed and flexible control over the network access you can provide to users of
your ACE instances. Using a packet filtering firewall, the network access feature lets you specify exactly
which machines or subnets an ACE instance or its host system may access.
network quarantine
A set of controls, governed by policies, that ensure only up-to-date virtual machines have access to
specified resources on an organization’s network. These controls enable administrators to specify which
machines or subnets a virtual machine may access.
VMware, Inc. 35
NIC (network interface card)

An expansion board that provides a dedicated connection between a computer and a network. Also called
a network adapter.
NIC teaming
The association of multiple NIC adapters with a single virtual switch to form a team. Such teams can
provide passive failover and share traffic loads between members of physical and virtual networks.
NLB (Network Load Balancing)

A Microsoft clustering technology that load balances incoming IP traffic across a cluster of nodes for
applications such as Web servers and terminal services.
nonpersistent mode
A disk mode in which all disk writes issued by software running inside a virtual machine appear to be
written to the independent disk. In fact, they are discarded after the virtual machine is powered off. As a
result, a virtual disk or physical disk in independent-nonpersistent mode is not modified by activity in
the virtual machine. See also disk mode, persistent mode.
not-shared storage
Amount of storage that is used only by a virtual machine and is not shared with other virtual machines.
(This terms was formerly called unshared storage.) Also, the amount of guaranteed storage which can be
reclaimed if a virtual machine is migrated out of a datastore or is deleted.
NTFS file system

The correct, redundant use of new technology file system.
NTP (Network Time Protocol)

A protocol for distributing the Coordinated Universal Time (UTC) by synchronizing the clocks of
computer systems over packet-switched, variable-latency data networks.
open virtual appliance (OVA)

A packaging format for virtual machines that allows virtual machine templates to be distributed,
customized, and instantiated on any OVA supporting VMM.
Open Virtualization Format (OVF)

A distribution format for virtual appliances that uses existing packaging tools to combine one or more
virtual machines with a standards-based XML wrapper. OVF gives the virtualization platform a portable
package containing all required installation and configuration parameters for virtual machines. This
format allows any virtualization platform that implements the standard to correctly install and run virtual
machines.
OUI (organizationally unique identifier)

An IEEE-assigned manufacturer ID value for MAC addresses, Fibre Channel nodes, and ports.
package
An installable bundle for distribution to end users. The package might include one or more virtual
machines and an application used to run virtual machines.
page file
A component of an operating system that provides virtual memory for the system. Recently used pages
of memory are swapped out to this area on the disk to make room in physical memory (RAM) for newer
memory pages. Also called a “swap file.” See also virtual memory.
PAM (pluggable authentication module)

A mechanism (developed at Sun Microsystems) for integrating a variety of existing authentication
technologies in a UNIX or Linux environment. A set of modules can be plugged in to customize the
authentication of users or programs.
paravirtual device
A device designed with specific awareness that it is running in a virtualized environment.
36 VMware, Inc.
Glossary
paravirtual appliance
Free virtual machines that are intended to demonstrate the Virtual Machine Interface (VMI) for virtual
machine hypervisors. See also hypervisor.
parent
(1) The source virtual machine from which you take a snapshot or make a clone. If you delete the parent
virtual machine, any snapshot becomes permanently disabled. (2) In a VMware vSphere inventory, the
managed entity that immediately encloses a given entity (considered the child entity). See also full clone,
linked clone, snapshot, template.
Perfmon
A tool that enables user-level applications to collect and access performance statistics. Some form of
performance monitoring is available on all Windows, Linux, and UNIX platforms, although the specific
information collected and made available varies.
permission
A data object consisting of an authorization role, a user or group name, and a managed entity reference.
A permission allows a specified user to access the entity (such as a virtual machine) with any of the
privileges pertaining to the role.
persistent mode
A disk mode in which all disk writes issued by software running inside a virtual machine are immediately
and permanently written to a virtual disk that is configured as an independent disk. As a result, a virtual
disk or physical disk in independent-persistent mode behaves like a conventional disk drive on a physical
computer. See also disk mode, nonpersistent mode.
physical CPU
A single physical CPU in a physical machine.
physical disk
In hosted products, a hard disk in a virtual machine that is mapped to a physical disk drive or partition
on the host machine. A virtual machine’s disk can be stored as a file on the host file system or on a local
hard disk. When a virtual machine is configured to use a physical disk, vCenter Server directly accesses
the local disk or partition as a raw device (not as a file on a file system). See also virtual disk.
physical Ethernet
Manages network traffic between machines on the physical network. A switch has multiple ports, each of
which can be connected to a single other machine or another switch on the network.
physical network
A network of physical machines (plus cabling, switches, routers, and so on) that are connected so that they
can send data to and receive data from each other. See also virtual network.
policy
A set of system enforced rules that automatically execute or inhibit actions upon entities such as virtual
machines, processes, and users. Policies are set in the policy editor.
port group
A construct for configuring virtual network options such as bandwidth limitations and VLAN tagging
policies for each member port. Virtual networks that are connected to the same port group, share network
policy configuration. See also virtual network, VLAN (virtual local area network).
privilege
Authorization to perform a specific action or set of actions on a managed object or group of managed
objects.
property
An attribute of an object. In the VMware vSphere SDK, a property can be a nested data object, a managed
object reference, or other data such as an integer or string.
VMware, Inc. 37
property collector
A managed object used to control the reporting of managed object properties and the primary means of
monitoring status on host machines.
provisioning
The process of creating a functioning virtual machine by assigning resources such as CPU, memory, and
virtual hardware and then deploying a system image.
quick switch mode

A display mode in which the virtual machine’s display fills most of the screen. In this mode, tabs at the
top of the screen enable you to switch quickly from one running virtual machine to another. See also full
screen switch mode.
raw disk
See physical disk.
RDM (raw device mapping)

A mechanism that enables a virtual machine to have direct access to a LUN on the physical storage
subsystem (Fibre Channel or iSCSI only). At the same time, the virtual machine has access to the disk that
is using a mapping file in the VMFS name space.
read-only user
A role in which the user is allowed to view the inventory but not allowed to perform any tasks.
redo-log file
The file that stores changes made to a disk in all modes except the persistent and independent-persistent
modes. For a disk in nonpersistent mode, the redo-log file is deleted when you power off or reset the
virtual machine without writing any changes to the disk. You can permanently apply the changes saved
in the redo-log file to a disk in undoable mode so that they become part of the main disk files. See also
disk mode.
remote console
An interface that provides nonexclusive access to a virtual machine from the server on which the virtual
machine is running and from workstations connected to that server.
resource pool
A division of computing resources used to manage allocations between virtual machines.
resume
To return a virtual machine to operation from its suspended state. When you resume a suspended virtual
machine, all applications are in the same state as when the virtual machine was suspended. See also
suspend.
revert to snapshot
To restore the status of the active virtual machine to its immediate parent snapshot. This parent is
represented in the Snapshot manager by the snapshot appearing to the left of the You are here icon. See also
Go to snapshot, Snapshot Manager, You are here icon.
role
A defined set of privileges that can be assigned to users and groups to control access to VMware vSphere
objects.
root user
The superuser who has full administrative privileges to log in to an ESX Server host. The root user can
manipulate permissions, create users and groups, and work with events.
SAN (storage area network)

A large-capacity network of storage devices that can be shared among multiple VMware ESX server hosts.
A SAN is required for VMotion.
38 VMware, Inc.
Glossary
SATA (serial advanced technology attachment)

A standard, based on serial signaling technology, for connecting computers and hard drives. Also called
Serial ATA.
scheduled task
A vCenter Server activity that is configured to occur at designated times. In VMware Converter, scheduled
tasks consist of migrations and configurations of virtual machines.
SDK (software development kit)

A set of tools for programmers who are developing software for a particular platform. A VMware SDK
might include an API, an IDL, client stubs, sample code, and documentation.
server
(1) A system capable of managing and running virtual machines. (2) A process capable of accepting and
executing instructions from another process.
server-based licensing
A mode of licensing VMware software in which all license keys are administered by a license server, which
manages a central license pool. Feature entitlement is checked out and returned on demand. See also host-
based licensing.
service console
The command-line interface for an ESX server system that enables administrators to configure the system.
The service console is installed as the first component and used to bootstrap the ESX server installation
and configuration. The service console also boots the system and initiates execution of the virtualization
layer and resource manager. You can open the service console directly on an ESX server system. If the ESX
server system’s configuration allows Telnet or SSH connections, you can also connect remotely to the
service console.
service host
The host on which a Web service executes.
service instance
In the VMware vSphere SDK, the managed entity that provides access to all other managed entities. Clients
must access the service instance to begin a session.
shared folder
A folder on a host computer—or on a network drive accessible from the host computer—that can be used
by both the host computer and one or more virtual machines. It provides a simple way of sharing files
between host and guest or among virtual machines. In a Windows virtual machine, shared folders appear
in My Network Places (Network Neighborhood in a Windows NT virtual machine) under VMware
Shared Folders. In a Linux virtual machine, shared folders appear under a specified mount point.
shrink
To reclaim unused space in a virtual disk. If a disk has empty space, shrinking reduces the amount of
space the virtual disk occupies on the host drive. Shrinking virtual disks is a way to update an older virtual
disk to the format supported by the current version of vCenter Server. You cannot shrink preallocated
virtual disks or physical disks.
slot
A unit of CPU and memory that can accommodate the CPU and memory reservation requirements of the
largest virtual machine in your cluster. Spare capacity for failover is maintained on hosts in the cluster in
slot sizes, so that any virtual machine in the cluster can fit in the slot size and be able to be failed over.
Represents potential computing capacity on a node. A virtual machine can run in an empty slot in the
event of failover.
Technical definition: A unit of CPU and memory that can accommodate the CPU and memory reservation
requirements of the largest virtual machine in the cluster. Spare capacity for failover is maintained on
hosts in the cluster in slot sizes, so that any virtual machine in the cluster can fit in the slot size and be able
to be failed over.
VMware, Inc. 39
snapshot
A reproduction of the virtual machine just as it was when you took the snapshot, including the state of
the data on all the virtual machine’s disks and the virtual machine’s power state (on, off, or suspended).
You can take a snapshot when a virtual machine is powered on, powered off, or suspended. See also
independent disk.
Snapshot Manager
A control that enables you to take actions on any of the snapshots associated with the selected virtual
machine. See also snapshot.
SSH (Secure Shell)

A program for securely logging on to a remote machine and executing commands. SSH provides encrypted
communications between two untrusted hosts over a network. SSH can use several forms of encryption
and has been ported to multiple platforms, including Linux, Microsoft Windows, and Macintosh.
storage array
A storage system that contains multiple disk drives.
suspend
A state in which settings are preserved and actions are no longer performed. To turn off a virtual machine
while preserving the current state of a running virtual machine. See also resume.
target
The object that corresponds to a request URL.
task
A managed object representing the state of a long-running operation.
TCP (Transmission Control Protocol)

A reliable transfer protocol used between two endpoints on a network. TCP is built on top of the Internet
Protocol (IP). See also TCP/IP (Transmission Control Protocol/Internet Protocol).
TCP/IP (Transmission Control Protocol/Internet Protocol)

The set of protocols that is the language of the Internet, designed to enable communication between
networks regardless of the computing technologies that they use. TCP connects hosts and provides a
reliable exchange of data streams with guaranteed delivery. IP specifies the format of packets and handles
addressing. See also UDP (User Datagram Protocol).
team
A group of virtual machines configured to operate as one object. You can power on, power off, and suspend
a team with one command. You can configure a team to communicate independently of any other virtual
or real network by setting up a LAN segment. See also LAN segment, NIC teaming, virtual network.
template
A master image of a virtual machine. The template typically includes a specified operating system and a
configuration that provides virtual counterparts to hardware components. Optionally, a template can
include an installed guest operating system and a set of applications. Templates are used by vCenter Server
to create new virtual machines. See also linked clone, parent, snapshot.
templates list
A list of virtual machines that provides a means to import and store virtual machines as templates. You
can deploy the templates at a later time to create new virtual machines.
UDP (User Datagram Protocol)

One of the core protocols in the Internet protocol suite. UDP enables a program to send packets (datagrams)
to other programs on remote machines. UDP does not require a connection and does not guarantee reliable
communication. It is a quick and efficient method for broadcasting messages over a network. See also
TCP/IP (Transmission Control Protocol/Internet Protocol).
40 VMware, Inc.
Glossary
UUID (universally unique identifier)

A number used to uniquely identify some object or entity. The UUID is either assigned by VMware vSphere
(in the case of virtual machines) or is hardware-assigned (in the case of SCSI LUNs). vCenter Server
attempts to ensure that the UUIDs of all virtual machines being managed are unique, changing the UUIDs
of conflicting virtual machines if necessary.
VCS (Veritas Cluster Server)

Symantec clustering software for reducing application downtime. VCS runs on UNIX, Linux, Windows,
and VMware systems.
view
(1) An XML document that contains information about objects, particularly virtual machines and hosts.
Use a view to access virtual machines and other top-level objects through the Web service. (2) In the Perl
Toolkit, an object stored in the client that encapsulates the properties of a managed object with methods
to access the properties and act on the managed object.
view definition
An XML document that specifies the elements that appear in a view. View definitions typically specify
the items of interest in the view but might include additional elements for presentation or computation
related to those items.
virtual appliance
A software solution that is composed of one or more virtual machines. A virtual appliance is packaged as
a unit by an appliance vendor and is deployed, managed, and maintained as a unit. Converting virtual
appliances allows you to add preconfigured virtual machines to your Virtual Center, ESX Server,
Workstation, or Player inventory.
vCenter Server administrator

A role in which the user can set the user+role permissions and control vCenter Server licensing.
vCenter Server agent

Installed on each virtual machine host, this software coordinates actions received from the vCenter Server.
vCenter Server database

A persistent storage area for maintaining the status of each virtual machine and user that is managed in
the vCenter Server environment. Located on the same machine as the vCenter Server.
virtual disk
A file or set of files that appears as a physical disk drive to a guest operating system. These files can be on
the host machine or on a remote file system. See also growable disk, physical disk.
virtual hardware
The devices that make up a virtual machine. The virtual hardware includes the virtual disk, removable
devices such as the DVD-ROM/CD-ROM and floppy drives, and the virtual Ethernet adapter. See also
virtual machine settings editor.
virtual machine
A virtual machine is a software computer that, like a physical computer, runs an operating system and
applications. Multiple virtual machines can operate on the same host system concurrently.
See the guidelines for using the acronym VM in place of virtual machine.
virtual machine administrator

A role in which the user can perform all the virtual machine management functions.
virtual machine array

A set of virtual machines that can be operated on collectively. Currently called a VM Group or VM Folder
in vCenter Server.
VMware, Inc. 41
virtual machine configuration

The specification of which virtual devices, such as disks and memory, are present in a virtual machine
and how they are mapped to host files and devices. In vConverter, VMware virtual machines whose disks
have been populated by restoring from a backup or by some other direct means of copying undergo
configuration to enable them to boot in VMware products. See also virtual machine.
virtual machine configuration file

A file containing a virtual machine configuration. This .vmx file is created when you create the virtual
machine. It is used to identify and run a specific virtual machine.
virtual machine group

An optional grouping structure and a subset of a farm. vCenter Server supports multiple virtual machine
groups. Virtual machine groups contain virtual machines and other virtual machine groups.
Virtual Machine Properties control panel

In vSphere Client, a point-and-click control panel used to view and modify the resource settings of all the
virtual machines on a host.
virtual machine settings editor

A point-and-click control panel used to view and modify the settings of a virtual machine setting.
virtual memory
An extension of a system’s physical memory, enabled by the declaration of a page file. See also page
file .
virtual network
A network connecting virtual machines that does not depend on physical hardware connections. For
example, you can create a virtual network between a virtual machine and a host that has no external
network connections. You can also create a LAN segment for communication between virtual machines
on a team. See also LAN segment, team.
virtual switch
A virtualized network switch used by ESX server to manage traffic between virtual machines, the service
console, and the physical network adapters on the ESX server machine.
VLAN (virtual local area network)

A software-managed logical segmentation of a physical LAN. Network traffic within each segment is
isolated from traffic in all other segments.
VM (acronym for virtual machine)

Restricted use. A virtual machine is a software computer that, like a physical computer, runs an operating
system and applications. A virtual machine is also referred to as a VM. Use the acronym VM when the
screen or controls do not have sufficient space to use the complete term virtual machine.
VMA (VMware virtual machine agent)

The VMware vCenter Server Web service that provides a Web services interface that enables client
programs to talk to each other using the SOAP protocol.
VMFS (Virtual Machine File System)

A file system that is optimized for storing virtual machines. One VMFS partition is supported per SCSI
storage device or LUN. Each version of ESX server uses a corresponding version of VMFS. For example,
VMFS3 was introduced with ESX Server 3.
VMkernel
In ESX server, a high-performance operating system that occupies the virtualization layer and manages
most of the physical resources on the hardware, including memory, physical processors, storage, and
networking controllers.
VMM (virtual machine monitor)

Software that is responsible for virtualizing the CPUs. One VMM runs in kernel space for each running
virtual machine.
42 VMware, Inc.
Glossary
VMware guest operating system service

A component installed with VMware Tools that executes commands in the virtual machine, gracefully
shuts down and resets the virtual machine, sends a heartbeat to VMware Migration Server, synchronizes
the time of the guest operating system with the host operating system, and passes strings from the host
operating system to the guest operating system.
VMware virtual machine console

An interface that provides access to one or more virtual machines on the local host or on a remote host
running vCenter Server. You can view a virtual machine’s display to run programs within it, or you can
modify guest operating system settings. You can also change the virtual machine’s configuration, install
the guest operating system, or run the virtual machine in full screen mode.
vNetwork Distributed Switch (DVS)

An abstraction representation of multiple hosts defining the same vSwitch (same name, same network
policy) and portgroup. These representations are needed to explain the concept of a virtual machine being
connected to the same network as it migrates among multiple hosts.
VNIC
A virtual network interface card that is configured on top of a system's physical Network adapter. See also
NIC (network interface card).
vSwitch
See virtual switch.
WAN (wide area network)

A computer network that connects a wider area than a local area network, typically by use of high-speed,
long-distance communications technology.
WWPN (World Wide Port Name)

The identifier for a network port in a Fibre Channel SAN.
You are here icon

An icon in the Snapshot manager that indicates the current status of the active virtual machine. Checking
the position of this icon can help you decide whether to revert to a snapshot or go to a snapshot. See also
Go to snapshot, revert to snapshot, Snapshot Manager.
VMware, Inc. 43
44 VMware, Inc.
Index
A F
Active Directory interface 24 fault tolerance 8
alarms 23
APIs, database interface 24 H
HA 8, 14
C high availability 14
clusters 13 host and VM configuration 23
components host profiles 8
fault tolerance 8 hosts 13
host profiles 8
pluggable storage array 8 L
VMware Consolidated Backup 8 logging 23
VMware Distributed Resource Scheduler 8
VMware ESX 8 N
VMware ESXi 8 network architecture 17
VMware High Availability 8
VMware SDK 8 P
physical topology
VMware Storage VMotion 8
computing servers 10
VMware vCenter Server 8
desktop clients 10
VMware Virtual Machine File System 8
IP networks 10
VMware VMotion 8
storage networks and arrays 10
VMware vSphere client 8
vCenter Server 10
VMware vSphere web access 8 pluggable storage array, PSA 8
vNetwork Distributed Switch 8 port group 17
Consolidated Backup 8
consolidation 23 R
resource pools 13
D resources, documentation 27
database interface 24
distributed services S
VMware DRS 14 SDK 8
VMware HA 14 statistics 23
VMware Storage VMotion 14 storage architecture 18
VMware VMotion 14 Storage VMotion 8, 14
DRS 8, 14
DVS 8 T
task scheduler 23
E
ESX V
communication with vCenter Server 24
vApp 23
management 24
vCenter Server
ESX management 24 communication with ESX 24
ESXi 8 core services 23
event management 23 interfaces 24
plug-ins 24
VMware, Inc. 45
virtual datacenter VMware vCenter Server 21

accessing 25 VMware vSphere
architecture 11 components 8
virtual machine inventory management 23 introduction 7
VM provisioning 23 VMware vSphere API 24
VMFS 8 vNetwork Distributed Switch 8
VMotion 8, 14 vSphere client 8
VMware Consolidated Backup, Consolidated vSphere web access 8
Backup 21
VMware Update Manager 24 W
VMware vCenter Converter 24 web access, vSphere Client 25
46 VMware, Inc.
Getting Started with ESX
ESX 4.0
vCenter Server 4.0
EN-000118-00
©
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Getting Started with ESX 5

Getting Started Tasks 5
ESX Installation 6
Prerequisites for Installing ESX 6
ESX Hardware Requirements 6
Install ESX Using the Graphical Mode 7
Managing Your First ESX Host 9
vSphere Client Hardware Requirements 9
vSphere Client Software Requirements 10
Download the vSphere Client 10
Install the vSphere Client 10
Start the vSphere Client and Log In to ESX 11
Add Your First Virtual Machine by Importing a Virtual Appliance 12
Managing Multiple Hosts with vCenter Server 14
vSphere and vCenter Server 14
vCenter Server Installation 15
Setting Up a Basic Inventory with the Getting Started Tabs 20
Start the vSphere Client and Log In to vCenter Server 21
Create a Datacenter 21
Add a Host 23
Create a Virtual Machine 24
Where to Go Next 25
The vSphere Tutorial 25
vSphere Documentation 25
VMware, Inc. 3
4 VMware, Inc.
Get started with ESX quickly with this information about installation and initial setup. Follow the procedures
included here to install and setup a basic inventory for a single-host virtualization environment. After your
host is set up with a working virtual machine, you can install vCenter Server and explore a multiple-host
virtualization environment.
This information is for experienced Windows or Linux system administrators who will be installing VMware
ESX to deploy virtualization for the first time. Specifically, it is for users who meet the following requirements:
n Do not yet have the ESX software installed
n Do not yet have the vSphere Client or VMware vCenter Server installed.
Getting Started Tasks

The getting started tasks take you from initial setup of a new virtualization host to a working virtual machine.
After you have a host and functional virtual machine, you can setup a managed host environment with vCenter
Server.
Getting started with ESX includes the following tasks:

n Installing ESX and adding the host to your network
n Installing the vSphere Client and connecting to the ESX host
n Deploying and running a virtual machine
Completing the getting started tasks sets up the single-host management system for virtualization as shown in
Figure 1.
Figure 1. Basic Single-Host Management System
After the initial setup of ESX, you can deploy vSphere 4.0 with vCenter Server to manage multiple hosts.
VMware, Inc. 5
ESX Installation
Install ESX to get started with running virtual machines. The machine running ESX virtualization software
will act as a host in your virtual infrastructure.
Hosts provide CPU and memory resources, access to storage, and network connectivity for virtual machines
that reside on them.
Prerequisites for Installing ESX

Before you begin the installation procedure, ensure that the host meets the prerequisites.
The prerequisites are as follows:

n If ESX will not use an NTP server, make sure that the server hardware clock is set to UTC. This setting is
in the system BIOS.
n Make sure the host has a supported network adapter.
ESX Hardware Requirements

Using ESX requires specific hardware and system resources.
64-Bit Processor
n VMware ESX 4.0 will only install and run on servers with 64-bit x86 CPUs.
n Known 64-bit processors:
n All AMD Opterons support 64 bit.
n All Intel Xeon 3000/3200, 3100/3300, 5100/5300, 5200/5400, 7100/7300, and 7200/7400 support 64 bit.
n All Intel Nehalem (no Xeon brand number assigned yet) support 64 bit.
RAM
2GB RAM minimum
Network Adapters
One or more network adapters. Supported network adapters include:
n Broadcom NetXtreme 570x gigabit controllers
n Intel PRO 1000 adapters
SCSI Adapter, Fibre Channel Adapter, or Internal RAID Controller

One or more of the following controllers (any combination can be used):
n Basic SCSI controllers are Adaptec Ultra-160 and Ultra-320, LSI Logic Fusion-MPT, and most NCR/
Symbios SCSI controllers.
n Fibre Channel, see the Hardware Compatibility Guide at
http://www.vmware.com/resources/compatibility.
n RAID adapters supported are HP Smart Array, Dell Perc (Adaptec RAID and LSI MegaRAID), and IBM
(Adaptec) ServeRAID controllers.
6 VMware, Inc.
Installation and Storage

n SCSI disk, Fibre Channel LUN, or RAID LUN with unpartitioned space. In a minimum configuration, this
disk or RAID is shared between the service console and the virtual machines.
n For hardware iSCSI, a disk attached to an iSCSI controller, such as the QLogic qla405x. Software iSCSI is
not supported for booting or installing ESX.
n Serial attached SCSI (SAS).
n For Serial ATA (SATA), a disk connected through supported SAS controllers or supported on-board SATA
controllers. SATA disk drives connected behind supported SAS controllers or supported on-board SATA
controllers.
n Supported SAS controllers include:
n LSI1068E (LSISAS3442E)
n LSI1068 (SAS 5)
n IBM ServeRAID 8K SAS controller
n Smart Array P400/256 controller
n Dell PERC 5.0.1 controller
n Supported on-board SATA controllers include:
n Intel ICH9
n Nvidia MCP55
n ServerWorks HT1000
When installing ESX on SATA drives, consider the following:

n Ensure that your SATA drives are connected through supported SAS controllers or supported onboard
SATA controllers.
n Do not use SATA disks to create VMFS datastores shared across multiple ESX hosts.
ATA and IDE disk drives – ESX supports installing and booting on either an ATA drive or ATA RAID is
supported, but ensure that your specific drive controller is included in the supported hardware. IDE drives
are supported for ESX installation and VMFS creation.
Install ESX Using the Graphical Mode

The graphical mode is the recommended installation method if you are installing ESX for the first time. The
graphical mode runs by default if you do not select an alternate installation method.
Prerequisites
See “Prerequisites for Installing ESX,” on page 6.
VMware, Inc. 7
Procedure
1 Use the BIOS to set the server to boot from the DVD.
a Reboot the machine.
b Press the key required to enter your machine’s BIOS setup or boot menu.
This key is often a function key or Delete.
c Set the CD-ROM drive as the first boot device.
2 Select Install ESX in graphical mode.
A series of installation messages scroll past until the Welcome page appears.
3 Click Next to continue.
4 Select I accept the terms of the license agreement and click Next.
You cannot install this product unless you accept the license agreement.
NOTE If the alignment of the license agreement screen is skewed to the left, you might need to auto-adjust
your host monitor.
5 Select your keyboard type from the list and click Next.
6 Select whether to install custom drivers with the ESX installation.
You might need custom drivers if your system is not listed in the Hardware Compatibility Guide and has a
network or storage device that was not originally compatible with ESX 4.0.
n Select Yes and click Add to install custom drivers. The installer prompts you to insert the media
containing the custom drivers. After you add the custom drivers to the list, the installer prompts you
to reinsert the ESX installation DVD and continue with the installation. Click Next to continue.
n Select No if you do not need to install custom drivers. You can install custom drivers after the ESX
installation is complete, using other command-line and GUI tools available to you, such as the vSphere
CLI and vCenter Update Manager. Click Next to continue.
7 Click Yes to load the required ESX drivers.
8 Configure ESX licensing.

n Select Enter a serial number now, enter the vSphere license key, and click Next.
n Select Enter a license key later and click Next. This choice allows you to evaluate ESX (or enter a
vSphere license key later using the vSphere Client).
9 Select the network adapter for the ESX service console.
Virtual machine network traffic shares this network adapter until you configure a virtual switch for
another network adapter. You can configure other network adapters at a later time from the vSphere
Client.
10 If the adapter is connected to a VLAN, select This adapter requires a VLAN ID, enter a VLAN ID number
between 0 and 4095, and click Next.
11 Configure the network settings.
VMware recommends that you use a static IP address to simplify client access. If you want to use static
settings but you do not have the required information, you can use DHCP for the installation and configure
static settings after you consult with your network administrator.
For the host name, type the complete host name including the domain. This option is available only if you
use a static IP address.
12 (Optional) Click Test these settings to test the network interface.
8 VMware, Inc.
13 Select a setup option.
Option Description
Standard Setup The installer configures the default partitions on a single hard drive or LUN
where you install ESX. The default partitions are sized based on the capacity
of the hard drive or LUN.
Advanced Setup Allows you to specify esxconsole.vmdk partition settings, kernel options,
and a bootloader location and password. If you leave the Configure boot
loader automatically option selected, the installer places the boot loader in
the master boot record (MBR).
14 Select a location to install ESX.
CAUTION The installer erases all content on the selected storage device.
Installing ESX on a USB device is not supported.
Click Next and click OK to confirm your selection.
15 Configure the time zone.
16 Configure the date and time settings.

n Select Automatically and enter the IP address or host name of an NTP server.
n Select Manually to use the machine date and time detected by the installer or to set the date and time
yourself. If you select Manually and you do not have a functioning mouse, you can change the
calendar month and year by using Ctrl-left-arrow and Ctrl-right-arrow for the month, and Ctrl-up-
arrow and Ctrl-down-arrow for the year.
17 Enter a root password.
It must contain between 6 and 64 characters.
18 Confirm your installation configuration and click Next.
19 Click Next and then click Finish to exit the installer and reboot the host.
20 During reboot, press the key required to enter your machine’s BIOS setup or boot menu
21 Set the first boot device to be the drive on which you installed ESX.
What to do next
After you complete the installation, use the vSphere Client to connect to the ESX host.
Managing Your First ESX Host

You manage hosts using the vSphere Client.
After you finish initial setup of the host, download and install the vSphere Client. Connect to the host and add
your first virtual machine by importing a virtual appliance.
vSphere Client Hardware Requirements

Make sure that the vSphere Client hardware meets the requirements.
n CPU – 1 CPU
n Processor – 266MHz or faster Intel or AMD processor (500MHz recommended).
VMware, Inc. 9
n Memory – 200MB RAM

n Disk Storage – 1GB free disk space for a complete installation, which includes the following components:
n Microsoft .NET 2.0
n Microsoft .NET 3.0 SP1
n Microsoft Visual J#
n vSphere Client 4.0
n vSphere Host Update Utility 4.0
You must also have 400MB free on the drive that has your %temp% directory.
If all of the prerequisites are already installed, 300MB of free space is required on the drive that has your
%temp% directory, and 450MB is required for the vSphere Client 4.0.
n Networking – Gigabit connection recommended.
vSphere Client Software Requirements

Make sure that your operating system supports the vSphere Client.
The vSphere Client requires the Microsoft .NET 3.0 SP1 Framework. If your system does not have it installed,
the vSphere Client installer installs it.
For a list of supported operating systems, see the Compatibility Matrixes on the VMware vSphere documentation
Web site.
Download the vSphere Client

The vSphere Client is a Windows program that you can use to configure the host and to operate its virtual
machines. You can download vSphere Client from any host.
Prerequisites
You must have the URL of the host. This is the IP address or host name.
Procedure
1 From a Windows machine, open a Web browser.
2 Enter the URL for the host.
For example, http://testserver.vmware.com or http://10.20.80.176.
The welcome page appears.
3 Click Download the vSphere Client under Getting Started.
4 Click Yes in the security warning dialog box that appears.
What to do next
Install the vSphere Client.
Install the vSphere Client

The vSphere Client enables you to connect to an ESX/ESXi host and to a vCenter Server system.
The vSphere Client must be installed on a Windows machine that has network access to the ESX host and
Internet access.
10 VMware, Inc.
Procedure
1 Run the vSphere Client installer.

n In the vCenter Server installer, double-click the autorun.exe file at C:\<vc-installer location>\ and
click VMware vSphere Client.
n If you downloaded the vSphere Client, double-click the VMware-viclient.exe file.
2 Choose a language for the installer and click OK.
3 When the Welcome screen appears, click Next.
4 Select I agree to the terms in the license agreement and click Next.
5 Type your user name and company name and click Next.
6 Select Install VMware vSphere Host Update Utility to manage host patches, updates, and upgrades from
this machine and click Next.
7 Accept the default installation location and click Next, or click Change to select a different location and
click Next.
8 Click Install to begin the installation.
9 Click Finish to complete the installation.
What to do next
Connect to the host with the vSphere Client.
Start the vSphere Client and Log In to ESX

When you connect to an ESX host with the vSphere Client, you can manage the host as well as all of the virtual
machines that the host manages.
VMware, Inc. 11
Procedure
1 Start the vSphere Client.
Double-click a shortcut or select Start > Programs > VMware > VMware vSphere Client.
2 Log in to the ESX host as the administrator.
a Enter the IP address or host name you noted earlier.
b Enter the username root.
c Enter the password you specified using the direct console.
If you did not set the password using the direct console, leave the Password field empty.
3 Click Login.
A security warning appears.
4 To continue, click Ignore.
This security warning message occurs because the vSphere Client detected a certificate that the ESX host
signed (default setting). For highly secure environments, VMware recommends certificates that a trusted
third party generates. You can set up third-party certificates later.
What to do next
After you connect to the host with the vSphere Client, use the Getting Started tabs to import a virtual appliance.
Add Your First Virtual Machine by Importing a Virtual Appliance

After you connect to the host machine, you can add a virtual machine to the host. You can import or create
one or more virtual machines on a single host.
To add virtual machines to hosts, you can build a new virtual machine or import a virtual appliance from the
VMware Web site. A virtual appliance is a prebuilt virtual machine with an operating system and applications
already installed. The vSphere Client Getting Started tab provides steps to guide you through both options.
If this is your first virtual machine, VMware recommends that you import a virtual appliance.
12 VMware, Inc.
Figure 2. Getting Started Tab for a Host
Procedure
1 In the Getting Started tab, click Import a virtual appliance.
2 Select VA Marketplace and click Next.
VMware, Inc. 13
3 Select a virtual appliance from the list and click Download now.
For the shortest download time, VMware recommends that you chose a small virtual appliance.
4 Click Next and follow the on-screen instructions to import the virtual appliance.
After you import the virtual appliance, you can use the Console tab in the vSphere Client to power it on and
view it. To release the pointer from the Console, press Ctrl+Alt. To view the Console in full screen mode, from
the Inventory, right-click the virtual machine and select Open Console.
What to do next
You have completed setup for a single-host management system in which ESX is used to run virtual machines.
Explore the advantages of managing multiple hosts with vCenter Server.
Managing Multiple Hosts with vCenter Server

You can deploy VMware vSphere with vCenter Server to manage multiple hosts at the same time.
Using vCenter Server to manage multiple hosts allows you to experiment with advanced management options,
such as resource sharing, and all of the other options available within the vSphere environment.
Deploying vCenter Server provides many advantages over deploying a single, standalone ESX host. Table 1
illustrates some of the advantages and compares multiple-host management with vCenter Server as opposed
to single-host management.
Table 1. Comparison of Multiple and Single Host Management

Feature vCenter Server ESX
Scale of deployment Multiple hosts Single host
Capacity planning Built in Available separately
Server consolidation wizard Built in Available separately
Instant server provisioning Available with templates and cloning Not available
No downtime maintenance Possible with VMotion Not available
Load balancing Possible with VMware DRS Not available
Failover Possible with VMware HA Not available
Power savings Possible with VMware Distributed Power Not available

Management (DPM)
Centralized access control Available with Active Directory Not available

Integration
vSphere and vCenter Server

VMware vSphere is a suite of virtualization applications that includes ESX and vCenter Server.
vSphere uses virtualization to do the following tasks:

n Run multiple operating systems on a single physical machine simultaneously.
n Reclaim idle resources and balance workloads across multiple physical machines.
n Work around hardware failures and scheduled maintenance.
14 VMware, Inc.
vSphere includes the following components in addition to the ESX host and vSphere Client you have already
setup:
VMware vCenter Server vCenter Server unifies resources from individual hosts so that those resources
can be shared among virtual machines in the entire datacenter. It accomplishes
this by managing the assignment of virtual machines to the hosts and the
assignment of resources to the virtual machines within a given host based on
the policies that the system administrator sets.
vCenter Server allows the use of advanced vSphere features such as VMware
Distributed Resource Scheduler (DRS), VMware High Availability (HA), and
VMware VMotion.
Datacenter A datacenter is a structure under which you add hosts and their associated
virtual machines to the inventory.
Virtual Machine A virtual machine is a software computer that, like a physical computer, runs
an operating system and applications. Multiple virtual machines can run on
the same host at the same time. Virtual machines that vCenter Server manages
can also run on a cluster of hosts.
Figure 3 shows the relationships among the basic components of vSphere and how vCenter Server can be used
to manage hosts and run virtual machines.
Figure 3. vSphere Components
vCenter Server Installation

Install vCenter Server to manage multiple hosts.
To get started with vCenter Server quickly and manage the host you set up, you can installed vCenter Server
on a desktop or laptop. You must install vCenter Server on a Windows machine that has network access to the
ESX host. For production use, VMware recommends that you install vCenter Server on a dedicated server
system.
VMware, Inc. 15
Before you install vCenter Server, make sure your system meets the minimum hardware and software
requirements. vCenter Server requires a database. vCenter Server uses Microsoft SQL Server 2005 Express for
small deployments with up to 5 hosts and 50 virtual machines. For larger deployments, VMware supports
several Oracle and Microsoft SQL Server databases. Refer to the vSphere Compatibility Matrixes for the list of
supported databases.
vCenter Server and the vSphere Client Hardware Requirements

The vCenter Server system is a physical machine or virtual machine with access to a supported database. The
vCenter Server system must meet specific requirements. Also make sure that the vSphere Client machines meet
the hardware requirements.
Minimum Requirements for vCenter Server

n CPU – 2 CPUs
n Processor – 2.0GHz or faster Intel or AMD processor. Processor requirements might be higher if the
database runs on the same machine.
n Memory – 3GB RAM. Memory requirements might be higher if the database runs on the same machine.
vCenter Server includes a service called VMware VirtualCenter Management Webservices. This service
requires 128MB to 1.5GB of additional memory. The VirtualCenter Management Webservices process
allocates the required memory at startup.
n Disk storage – 2GB. Disk requirements might be higher if the database runs on the same machine.
n Microsoft SQL Server 2005 Express disk requirements – Up to 2GB free disk space to decompress the
installation archive. Approximately 1.5GB of these files are deleted after the installation is complete.
See your database documentation for the hardware requirements of your database. The database requirements
are in addition to the vCenter Server requirements if the database and vCenter Server run on the same machine.
vCenter Server Software Requirements

Make sure that your operating system supports vCenter Server.
See the Compatibility Matrixes on the VMware vSphere documentation Web site.
vCenter Server Prerequisites

Before installing vCenter Server, review the prerequisites.
n You must have the installation DVD or download the installation ISO image.
n Your hardware must meet the vCenter Server hardware requirements.
n If the machine on which you are installing vCenter Server has VirtualCenter installed, you might want to
upgrade instead of performing a fresh installation of vCenter Server.
IMPORTANT If you want to keep your existing VirtualCenter configuration, see the Upgrade Guide.
n There must be no Network Address Translation (NAT) between the vCenter Server system and the hosts
it will manage.
n For the installation of vCenter Server, VMware recommends installing the bundled SQL Server 2005
Express database on one of the supported operating systems. If SQL Native Client is already installed,
uninstall SQL Native Client before you begin the vCenter Server installation.
16 VMware, Inc.
n The system that you use for your vCenter Server installation must belong to a domain rather than a
workgroup. If assigned to a workgroup, the vCenter Server system is not able to discover all domains and
systems available on the network when using such features as vCenter Guided Consolidation Service. To
determine whether the system belongs to a workgroup or a domain, right-click My Computer and click
Properties and the Computer Name tab. The Computer Name tab displays either a Workgroup label or
a Domain label.
n During the installation, the connection between the machine and the domain controller must be working.
n The computer name cannot be more than 15 characters.
n The DNS name of the machine must match the actual computer name.
n Make sure the system on which you are installing vCenter Server is not an Active Directory domain
controller.
n On each system that is running vCenter Server, make sure that the domain user account has the following
permissions:
n Member of the Administrators group
n Act as part of the operating system
n Log on as a service
n Assign a static IP address and host name to the Windows server that will host the vCenter Server system.
This IP address must have a valid (internal) domain name system (DNS) registration that resolves properly
from all managed ESX hosts.
n If you install vCenter Server on Windows Server 2003 SP1, the disk for the installation directory must have
the NTFS format, not the FAT32 format.
n vCenter Server, like any other network server, should be installed on a machine with a fixed IP address
and well-known DNS name, so that clients can reliably access the service. If you use DHCP instead of a
static IP address for vCenter Server, make sure that the vCenter Server computer name is updated in the
domain name service (DNS). One way to test this is by pinging the computer name. For example, if the
computer name is host-1.company.com, run the following command in the Windows command prompt:
ping host-1.company.com
If you can ping the computer name, the name is updated in DNS.
Install vCenter Server

vCenter Server allows you to centrally manage hosts from either a physical or virtual Windows machine, and
enables the use of advanced features such as VMware Distributed Resource Scheduler (DRS), VMware High
Availability (HA), and VMware VMotion.
Prerequisites
See “vCenter Server Prerequisites,” on page 16.
VMware, Inc. 17
Procedure
1 In the software installer directory, double-click the autorun.exe file at C:\<installer location>\.
2 Click vCenter Server.
6 Type your user name, organization, and vCenter Server license key, and click Next.
If you omit the license key, vCenter Server will be in evaluation mode, which allows you to use the full
feature set. After installation, you can convert vCenter Server to licensed mode by entering the license key
using the vSphere Client.
7 Click Install SQL Server 2005 Express instance (for small-scale deployments).
This database is suitable for small deployments of up to 5 hosts and 50 virtual machines.
8 Enter the administrator name and password that you use when you log in to the system on which you are
installing vCenter Server and click Next.
You need the user name and password entered here to log in to vCenter Server after you have installed
it.
18 VMware, Inc.
9 Select Use SYSTEM Account and click Next.
10 Accept the default destination folders and click Next.
11 Select Create a standalone VMware vCenter Server instance and click Next.
12 For each component that you install, accept the default port numbers and click Next.
If another service is already using the defaults, specify alternative port and proxy information.
13 Click Install.
Installation might take several minutes. Multiple progress bars appear during the installation of the
selected components.
14 Click Finish.
What to do next
After you complete the installation, use the vSphere Client to connect to vCenter Server.
VMware, Inc. 19
Setting Up a Basic Inventory with the Getting Started Tabs

The Getting Started tabs in the vSphere Client connected to vCenter Server provide a wizard to help you set
up a basic inventory quickly.
Figure 4. vSphere Client Getting Started Tab
Setting up a basic inventory with the Getting Started tabs after you install vCenter Server involves the
following tasks:
n Creating a datacenter
n Adding the host to the datacenter
n Creating a virtual machine
You must have an empty vCenter Server inventory to view the Getting Started tabs wizard. After you have
set up the basic inventory, the Getting Started tabs continue to provide information about inventory objects
but no longer provide inventory setup wizard help.
20 VMware, Inc.
Start the vSphere Client and Log In to vCenter Server

When you connect to vCenter Server with the vSphere Client, you can manage vCenter Server as well as all of
the hosts and virtual machines that it manages.
Procedure
1 Start the vSphere Client.
Double-click the shortcut or select Start > Programs > VMware > VMware vSphere Client.
2 Log in to vCenter Server as the administrator.
a Enter the IP address or vCenter Server name.
b Enter your Windows administrator user name.
c Enter your Windows administrator password.
3 Click Login.
What to do next
After you connect to vCenter Server with the vSphere Client, use the Getting Started tabs to create a datacenter.
Create a Datacenter
The first step in setting up your vSphere environment is to create a datacenter.
If you are logging in for the first time, you should have no inventory items in the Inventory panel.
VMware, Inc. 21
Figure 5. vCenter Server with No Inventory Objects and the First Step in the Getting Started Tab Wizard
Procedure
1 On the Getting Started tab in the Information panel, follow the on-screen instructions and click Create a
datacenter.
This creates a datacenter.
2 Name the datacenter by selecting it and entering a name.
What to do next
After you create a datacenter, add the ESX host to it.
22 VMware, Inc.
Add a Host
When you add your host to a datacenter, vCenter Server manages it.
Procedure
1 In the Inventory panel, select the datacenter you created if it is not selected.
2 On the Getting Started tab, follow the on-screen instructions and click Add a host.
a Type the IP address or name of the ESX host in the Host name field.
b Enter the Username and Password for a user account that has administrative privileges on the selected
managed host.
3 Click Next.
4 To confirm the Host Summary information, click Next.
5 Assign an existing license key to the host and click Next.
6 (Optional) Select Enable Lockdown Mode to disable remote access for the administrator account after
vCenter Server takes control of this host.
Select this check box to ensure that the host is managed only through vCenter Server with root privileges.
7 Click Next.
8 Select a location from the list of inventory objects and click Next.
9 Click Finish to complete adding a host.
The vSphere Client displays a progress bar in the Recent Tasks pane while the host is added. Adding a
new host can take a few minutes and the Status percentage might appear to pause at different increments
during the process.
VMware, Inc. 23
When a new host is added, the host might appear as disconnected until vCenter Server completes the task.
After the host is added, the status changes to connected, indicating that the host connection is complete.
The host you installed and setup earlier and the virtual appliance you imported are added to the inventory
managed by vCenter Server.
What to do next
You already have a virtual machine in the inventory because you added the host with the virtual appliance to
vCenter Server. Try to create a new virtual machine.
Create a Virtual Machine

Creating a virtual machine is like building a computer. After you finish creating a virtual machine, you must
install a guest operating system, applications, and VMware Tools on it.
Prerequisites
Make sure that you have an ISO image and a license for the operating system to install on the virtual machine.
Procedure
1 In the Inventory panel, select the host machine.
2 Click Create a new virtual machine on the Getting Started tab.
3 Select Typical and click Next.
4 Type a virtual machine name and click Next.
5 Select a datastore in which to store the virtual machine files and click Next.
The datastore must be large enough to hold the virtual machine and all of its virtual disk files.
24 VMware, Inc.
6 Under Guest Operating System, select the operating system family (Microsoft Windows, Linux, Novell
NetWare, Solaris, or other) and select the version from the drop-down list.
This is the operating system for your virtual machine. Base your choice on your planned use of the virtual
machine.
NOTE The wizard does not install the guest operating system. The New Virtual Machine wizard uses this
information to select appropriate default values, such as the amount of memory needed.
7 Specify the size of the virtual disk and click Next.
Enter the disk size in megabytes (MB) or gigabytes (GB). The default is 8GB. The virtual disk must be large
enough to hold the guest operating system and all of the software that you intend to install, with room
for data and growth.
8 On the Ready to Complete New Virtual Machine page, review your selections and click Finish to create
the new virtual machine.
After you create the virtual machine, install a guest operating system and VMware Tools on it. You can find
instructions for how to install a guest operating system and VMware Tools in the vSphere Tutorial accessible
from the vSphere Client. Select the virtual machine and follow the links on the Getting Started tab to learn
how to install an operating system.
Where to Go Next
You have set up your vSphere environment. From here, you can do the following:
n Expand your capacity by adding more hosts and storage.
n Expand your virtual datacenter by creating and importing new virtual machines.
n Perform a consolidation of your physical servers using the Consolidation wizard.
For more information about how to evaluate the features and benefits of vSphere, go to
http://www.vmware.com/go/vi_evalresources.
The vSphere Tutorial

The vSphere tutorial contains information about many of the basic vSphere components and tasks.
You can access the tutorial through the Explore Further links on the Getting Started tabs in the vSphere Client
when you want learn more about the object selected in the inventory.
You can also access the tutorial from the Help menu in the vSphere Client.
vSphere Documentation
Refer to the VMware vSphere 4.0 documentation to information on advanced host and vCenter Server
configuration, setup for larger deployments for production environments, as well as information on advanced
vSphere features.
The vSphere documentation consists of the combined vCenter Server and ESX documentation set. To access
the current versions of this manual and other books, go to the vSphere 4.0 Documentation page on the VMware
Web site.
VMware, Inc. 25
26 VMware, Inc.
ESX and vCenter Server Installation
Guide
ESX 4.0
vCenter Server 4.0
EN-000104-01
ESX and vCenter Server Installation Guide
©
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Updated Information 7
About This Book 9
1 Introduction to VMware vSphere 11
2 System Requirements 13
vCenter Server and the vSphere Client Hardware Requirements 16
vCenter Server Software Requirements 17
Support for 64-Bit Guest Operating Systems 18
Requirements for Creating Virtual Machines 18
Required Ports 18
Supported Remote Management Firmware Versions 19
3 Introduction to Installing ESX 21

Prerequisites for Installing ESX 21
About the esxconsole.vmdk 22
Options for Accessing the Installation Media, Booting the Installer, and Running the Installer 22
About ESX Evaluation Mode 23
ESX Installation Options 23
4 Location of the ESX Installation Media 25

Download the ESX ISO Image and Burn the Installation DVD 25
Creating a Media Depot 25
5 Booting the ESX Installer 27

Bootstrap Commands 27
Boot the ESX Installer from the Installation DVD 28
PXE Booting the ESX Installer 29
6 Installing VMware ESX 39

Install ESX Using the Graphical Mode 39
Install ESX Using the Text Mode 42
Installing ESX Using Scripted Mode 45
7 ESX Partitioning 61
Required Partitions 61
Optional Partitions 62
VMware, Inc. 3
8 Post-Installation Considerations for ESX 63

Download the vSphere Client 63
Licensing the Host 63
Set an ESX/ESXi Host to Evaluation Mode 64
9 Installing, Removing, and Updating Third-Party Extensions 65

About Patching Hosts with vSphere Host Update Utility 65
About the vihostupdate Command-Line Utility 66
Update an ESX/ESXi Host Using Offline Bundles with the vihostupdate Utility 66
Update an ESX/ESXi Host Using a Depot with the vihostupdate Utility 67
Remove Custom Packages on ESX Using the Service Console 68
Remove Selected Custom Packages on ESX/ESXi Using the vSphere Command Line 68
10 Preparing the vCenter Server Databases 71

vCenter Server Database Patch and Configuration Requirements 71
Create a 32-Bit DSN on a 64-Bit Operating System 72
Configure vCenter Server to Communicate with the Local Database After Shortening the Computer
Name to 15 Characters or Fewer 73
About the Bundled Microsoft SQL Server 2005 Express Database Package 74
Maintaining a vCenter Server Database 74
Configure Microsoft SQL Server Databases 74
Configure Oracle Databases 78
11 Introduction to Installing vCenter Server 83

vCenter Server Prerequisites 83
Using a User Account for Running vCenter Server with SQL Server 84
About Installing vCenter Server on IPv6 Machines 85
Configure the URLs on a Standalone vCenter Server System 85
Running the vCenter Server and vSphere Client Installers from a Network Drive 85
vCenter Server Components 85
Required Data for Installing vCenter Server 86
12 Installing vCenter Server 89

Download the vCenter Server Installer 89
Install vCenter Server in a Virtual Machine 89
Install vCenter Server 90
13 Postinstallation Considerations for vCenter Server 93

Install the vSphere Client 94
Install the vSphere Host Update Utility 95
Uninstall VMware vSphere Components 96
14 Creating vCenter Server Linked Mode Groups 97

Linked Mode Prerequisites 97
Linked Mode Considerations 98
Configure the URLs on a Linked Mode vCenter Server System 98
Joining to a Linked Mode Group During and After Installation 99
Join a Linked Mode Group After Installation 99
4 VMware, Inc.
Contents
Isolate a vCenter Server Instance from a Linked Mode Group 100

Linked Mode Troubleshooting 101
15 Install Additional Modules 103

Install VMware vCenter Guided Consolidation 103
Install VMware vCenter Update Manager 104
Install VMware vCenter Converter 105
16 Managing ESX/ESXi and vCenter Server Licenses 107

About License Key Capacity 108
About vSphere and vCenter Server License Keys 108
About Using a License Server to Manage ESX 3.x/ESXi 3.5 Hosts 108
About the License Portal 109
About License Inventories 110
Controlling License Permissions 111
View License Information 111
Add a License Key to the License Inventory and Assign It to an Asset 112
Add Multiple License Keys to the License Inventory 113
Assign a License Key to Multiple Assets 113
Export Report Data 114
License a Host Without vCenter Server 115
License a Host When Adding It to the vCenter Server Inventory 115
View Which Features Are Licensed on a Host 115
Set an ESX/ESXi Host to Evaluation Mode 116
Troubleshooting Licensing 116
Index 119
VMware, Inc. 5
6 VMware, Inc.
Updated Information
This ESX and vCenter Server Installation Guide is updated with each release of the product or when necessary.
This table provides the update history of the ESX and vCenter Server Installation Guide.
Revision Description
EN-000104-01 n “Required Partitions,” on page 61 now reflects that the only required VMFS3
partition is for the esxconsole.vmdk.
n Minor revisions.
EN-000104-00 Initial release.
VMware, Inc. 7
8 VMware, Inc.
About This Book
®
The Installation Guide describes how to install new configurations of VMware vCenter Server and ESX. This
installation information covers ESX and vCenter Server only. It does not include setup or installation
information for ESXi.
Intended Audience
This book is intended for anyone who needs to install vCenter Server and install ESX 4.0.
The information in this book is written for experienced Windows or Linux system administrators who are
familiar with virtual machine technology and datacenter operations.
Document Feedback
feedback to docfeedback@vmware.com.

The vSphere documentation consists of the combined VMware vCenter Server and ESX/ESXi documentation
set.


Support Offerings To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware, Inc. 9
10 VMware, Inc.
Introduction to VMware vSphere 1
These topics describe VMware vSphere.
The following figure illustrates the basic components of VMware vSphere.
Figure 1-1. VMware vSphere Components

vSphere Web Access vSphere Client
machines machines
databases
vCenter Server
ESX hosts and
additional modules
Each vCenter Server system manages multiple ESX hosts. You can run the vSphere Client and vSphere Web
Access on multiple workstations.
The major VMware vSphere components are:
VMware ESX Provides a virtualization layer that abstracts the processor, memory, storage,
and networking resources of the physical host into multiple virtual machines.
VMware ESXi Embedded Provides a virtualization layer that abstracts the processor, memory, storage,
You do not need to install ESXi Embedded because it is embedded as firmware
on hardware that you purchase from a vendor.
VMware ESXi Installable Provides a virtualization layer that abstracts the processor, memory, storage,
You can install ESXi Installable on any hard drive on your server.
VMware, Inc. 11
vCenter Server A service that acts as a central administrator for ESX/ESXi hosts connected on
a network. This service directs actions on the virtual machines and the hosts.
The vCenter Server is the working core of vCenter. You can have multiple
vCenter Server systems joined to a Linked Mode group. This allows you to log
in to any single instance of vCenter Server and view and manage the
inventories of all the vCenter Server systems in the group.
vCenter Server Provide additional capabilities and features to vCenter Server. Generally,
additional modules additional modules (sometimes called plug-ins) are released separately, install
on top of vCenter Server, and can be upgraded independently. You can install
additional modules on the same computer as the vCenter Server system or on
a separate one. After the additional module is installed, you can activate the
module’s client component, which enhances the vSphere Client with user
interface (UI) options. Additional modules include vCenter Update Manager,
vCenter Converter, and vCenter Guided Consolidation Service.
vSphere Client Installs on a Windows machine and is the primary method of interaction with
VMware vSphere. The vSphere Client acts as a console to operate virtual
machines and as an administration interface into the vCenter Server systems
and ESX hosts.
The vSphere Client is downloadable from the vCenter Server system and ESX
hosts. The vSphere Client includes documentation for administrators and
console users.
VMware vSphere Web A browser-based interface for system administrators who need to access virtual
Access machines remotely or without a vSphere Client. vSphere Web Access is also
for people who use virtual machines as remote desktops.
Databases Organize all the configuration data for the VMware vSphere environment. For
small deployments, the bundled Microsoft SQL Server 2005 Express database
lets you set up to 5 hosts and 50 virtual machines. vCenter Server supports
other database products for larger deployments. vCenter Update Manager also
requires a database. VMware recommends that you use separate databases for
vCenter Server and vCenter Update Manager.
12 VMware, Inc.
System Requirements 2
Hosts running vCenter Server and ESX must meet specific hardware and operating system requirements.
This chapter includes the following topics:
n “ESX Hardware Requirements,” on page 13
n “vCenter Server and the vSphere Client Hardware Requirements,” on page 16
n “vCenter Server Software Requirements,” on page 17
n “vSphere Client Software Requirements,” on page 18
n “Support for 64-Bit Guest Operating Systems,” on page 18
n “Requirements for Creating Virtual Machines,” on page 18
n “Required Ports,” on page 18
n “Supported Remote Management Firmware Versions,” on page 19

64-Bit Processor
RAM
2GB RAM minimum
Network Adapters
VMware, Inc. 13


controllers.
n LSI1068 (SAS 5)
n Supported on-board SATA controllers include:
n Intel ICH9
n Nvidia MCP55

SATA controllers.
14 VMware, Inc.
Chapter 2 System Requirements
Recommendations for Enhanced ESX Performance

There are several things you can do to enhance ESX performance, including using multiple physical disks,
such as SCSI disks, Fibre Channel LUNs, and RAID LUNs.
Following are some recommendations for enhanced performance:

n RAM – The ESX host might require more RAM for the service console if you are running third-party
management applications or backup agents.
n Network adapters for virtual machines – Dedicated Gigabit Ethernet cards for virtual machines, such as
Intel PRO 1000 adapters, improve throughput to virtual machines with high network traffic.
n Disk location – For best performance, store all data used by your virtual machines on physical disks
allocated to virtual machines. These physical disks should be large enough to hold disk images used by
all the virtual machines.
n Processors – Faster processors improve ESX performance. For certain workloads, larger caches improve
ESX performance.
n Hardware compatibility – Use devices in your server that are supported by ESX 4.0 drivers. See the
Hardware Compatibility Guide at http://www.vmware.com/resources/compatibility.
Tested Software and Firmware for Creating ESX Installation Media

Before you install ESX, you might need to burn the ESX installation ISO image onto DVD or USB media. Review
the firmware and software that VMware has tested and has confirmed works.
VMware has tested these combinations, however, other combinations might work as well.
Table 2-1 lists the tested combinations for burning the ESX installation ISO image onto DVD media.
Table 2-1. Tested Combinations for DVD

DVD Drive (Make, Model, and BIOS) Software to Burn DVD DVD Media
Phillips + RW DVD8801 Roxio Creator Classic version: 6.1.1.48 SONY DVD +RW 120min / 4.7 GB
Philips PLDS DVD + RW DH-16A6S Roxio Creator version: 3.3.0 SONY DVD+RW
Philips PLDS DVD + RW DH-16W1S Roxio Creator version: 3.3.0 SONY DVD+RW
Philips BenQ PBDS + RW DH-16W1S Roxio Creator version: 3.3.0 SONY DVD+RW
HL-DT-ST DVD+-RW GSA-H53N Burn4Free V.4.6.0.0 SONY DVD+RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Memorex DVD-R
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Office Depot DVD+RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Ativa DVD-RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 TDK DVD+R
Verbatim DVD+R
SONY DVD-R
Maxell DVD+R
Table 2-2 lists the tested combinations for burning the ESX installation ISO image onto USB media.
Table 2-2. Tested Combinations for USB

External USB DVD Drive Firmware Version
Iomega Rev: XY13
LaCie Rev: LA00
VMware, Inc. 15
Table 2-2. Tested Combinations for USB (Continued)

LG 8x portable DVD Rewriter Rev: KE01
SONY DVD+- R 20X Rev: SS01


n CPU – 2 CPUs
Minimum Requirements for the vSphere Client

n CPU – 1 CPU
16 VMware, Inc.
32-Bit or 64-Bit Operating System for vCenter Server

When you have up to 200 hosts, you can use a 32-bit Windows operating system, but a 64-bit Windows
operating system is preferred. When you have 200-300 hosts, a 64-bit Windows operating system is required.
Recommendations for Optimal Performance

Depending on the number of ESX hosts and virtual machines in your environment, the following system
requirements should be used as guidelines for optimal performance.
IMPORTANT The recommended disk sizes assume default log levels. If you configure more granular log levels,
more disk space is required.
Table 2-3 summarizes the requirements for a medium deployment.
Table 2-3. Up to 50 Hosts and 250 Powered-On Virtual Machines

Product CPU Memory Disk
vCenter Server 2 4GB 3GB
vSphere Client 1 200MB 1GB
Table 2-4 summarizes the requirements for a large deployment.

Table 2-5 summarizes the requirements for an extra-large deployment.
vCenter Server must be hosted on a 64-bit Windows operating system for this configuration.

Requirements for Installing vCenter Server on a Custom Drive

If you install vCenter Server on the E:\ drive or on any custom drive, note the following space requirements:
n 601MB on the custom drive for vCenter Server
n 1.13GB on the C:\ drive for Microsoft .NET 3.0 SP1, Microsoft ADAM, Microsoft SQL Server 2005 Express
(optional), and Microsoft Visual C++ 2005 Redistributable
n 375MB for the custom drive %temp% directory

VMware, Inc. 17

Web site.
Support for 64-Bit Guest Operating Systems

ESX offers support for several 64-bit guest operating systems.
See the Guest Operating System Installation Guide for a complete list.
64-bit guest operating systems have specific hardware requirements:

n For AMD Opteron-based systems, the processors must be Opteron Rev E and later.
n For Intel Xeon-based systems, the processors must include support for Intel Virtualization Technology
(VT). Many servers that include CPUs with VT support might ship with VT disabled by default, so you
must enable VT manually. If your CPUs support VT but you do not see this option in the BIOS, contact
your vendor to request a BIOS version that lets you enable VT support.
To determine whether your server has 64-bit VMware support, you can download the CPU Identification
Utility at the VMware downloads page: http://www.vmware.com/download/shared_utilities.html.
Requirements for Creating Virtual Machines

To create a virtual machine, the ESX/ESXi host must be able to support a virtual process, a virtual chip set, and
a virtual BIOS.
Each ESX/ESXi machine has the requirements shown in Table 2-6.
Table 2-6. Requirements for Creating Virtual Machines

Component Requirements
Virtual processor One, two, or four processors per virtual machine

NOTE If you create a two-processor virtual machine, your ESXi machine must have
at least two physical processors. For a four-processor virtual machine, your ESXi
machine must have at least four physical processors.
Virtual chip set Intel 440BX-based motherboard with NS338 SIO chip
Virtual BIOS PhoenixBIOS 4.0 Release 6
Required Ports
vCenter Server requires certain ports to send and receive data.
The vCenter Server system must be able to send data to every managed host and receive data from every
vSphere Client. To enable migration and provisioning activities between managed hosts, the source and
destination hosts must be able to receive data from each other.
18 VMware, Inc.
VMware uses designated ports for communication. Additionally, the managed hosts are listening for data from
the vCenter Server system on designated ports. If a firewall exists between any of these elements and Windows
firewall service is in use, the installer opens the ports during the installation. For custom firewalls, you must
manually open the required ports. If you have a firewall between two managed hosts and you want to perform
source or target activities, such as migration or cloning, you must configure a means for the managed hosts to
receive data.
NOTE In Microsoft Windows 2008, a firewall is enabled by default.
Table 2-7 lists the default ports that are required for communication between components.
Table 2-7. Required Ports

Port Description
80 vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port
443. This is useful if you accidentally use http://server instead of https://server.
389 This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port
number for the Directory Services for the vCenter Server group. The vCenter Server system needs to
bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If
another service is running on this port, it might be preferable to remove it or change its port to different
port. If needed, you can run the LDAP service on any port from 1025 through 65535.
If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389
to an available port from 1025 through 65535.
443 The default port that the vCenter Server system uses to listen for connections from the vSphere Client.
To enable the vCenter Server system to receive data from the vSphere Client, open port 443 in the
firewall.
The vCenter Server system also uses port 443 to listen for data transfer from the vSphere Web Access
Client and other SDK clients.
If you use another port number for HTTPS, you must use <ip-address>:<port> when you log in to the
vCenter Server system.
636 For vCenter Linked Mode, this is the SSL port of the local instance. If another service is running on this
port, it might be preferable to remove it or change its port to different port. If needed, you can run the
SSL service on any port from 1025 through 65535.
902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts
also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be
blocked by firewalls between the server and the hosts, or between hosts.
902/903 Ports 902 and 903 must not be blocked between the vSphere Client and the hosts. These ports are used
by the vSphere Client to display virtual machine consoles.
8080 Web Services HTTP. Used for the VMware VirtualCenter Management Webservices.
8443 Web Services HTTPS. Used for the VMware VirtualCenter Management Webservices.
If you want the vCenter Server system to use a different port to receive vSphere Client data, see Basic System
Administration.
To tunnel the vSphere Client data through the firewall to the receiving port on the vCenter Server system, see
Basic System Administration. VMware does not recommended this method because it disables the vCenter Server
console function.
For a discussion of firewall configuration, see the Server Configuration Guide.
Supported Remote Management Firmware Versions

You can use remote management applications for installing ESX or for remote management of ESX/ESXi.
Table 2-8 lists the remote management firmware versions that are supported for installing ESX 4.0 remotely.
VMware, Inc. 19
Table 2-8. Supported Remote Management Server Models and Firmware Versions
Remote Controller
Make and Model Firmware Version Java ActiveX
DRAC 5 1.4 Not applicable 1.4.2_19
1.45 (08.10.06) 2.1,0,14 1.6.0.50
1.40 (08.08.22) 2,1,0,14 1.6.0_11
1.20 (07.03.02) 1.4.2_06 2,1,0,13
1.33 1.6.0_07 2,1,0,14
1.32 (07.12.22) 1.4.2_13 2,1,0,13
1.0 (06.05.12) 1.4.2_13 2,1,0,13
1.32 1.6.0_11 2,1,0,14
1.2 1.6.0_11 2,1,0,14
1.45 (09.01.16) 1.6.0_11 2,1,0,14
1.3 1.6.0_11 2,1,0,14
1.33 1.6.0_11 2,1,0,13
DRAC 4 1.7 1.4.2_06 2,1,0,14
ILO .26 1.6.0_11 2,1,0,14
1.7 1.4.2_19 Not applicable
ILO2 1.91 (07/26/2009) 1.6.0_07 2,1,0,14
1.29 (2/28/2007) 1.4.2_13 Not applicable
RSA 1.09 1.6.0_11 2,1,0,14
1.06 1.6.0_11 2,1,0,14
20 VMware, Inc.
Introduction to Installing ESX 3
These topics discuss the prerequisites and options for installing ESX.
The ESX installation includes the following components:
n ESX
n vSphere Web Access

n “Prerequisites for Installing ESX,” on page 21
n “About the esxconsole.vmdk,” on page 22
n “Options for Accessing the Installation Media, Booting the Installer, and Running the Installer,” on
page 22
n “About ESX Evaluation Mode,” on page 23
n “ESX Installation Options,” on page 23
Prerequisites for Installing ESX

Before you begin the installation procedure, ensure that the host meets the prerequisites.
The prerequisites are as follows:

n If ESX will not use an NTP server, make sure that the server hardware clock is set to UTC. This setting is
in the system BIOS.
n Make sure the host has a supported network adapter.
n If your installation will require a network connection or if you want to test out the network settings, verify
that the network cable is plugged into the Ethernet adapter that you are using for the service console. The
ESX installer needs a live network connection to properly detect certain network settings, such as the host
name under DHCP. IPv6 is not supported for ESX installation. Installation options that require a network
connection include PXE booting the installer, accessing a remote ESX installation script, and accessing
remote installation media.
VMware, Inc. 21
About the esxconsole.vmdk

A virtual machine disk file (.vmdk file) stores the contents of a virtual machine's hard disk drive. A .vmdk file
can be accessed in the same way as a physical hard disk.
In ESX 4.0, the service console's partitions are stored in a .vmdk file. These partitions include /, swap, /var/
log, and all the optional partitions. The name of this file is esxconsole-<system-uuid>/esxconsole.vmdk.
All .vmdk files, including the esxconsole.vmdk, are stored in VMFS volumes.
IMPORTANT The service console must be installed on a VMFS datastore that is resident on a host's local disk or
on a SAN disk that is masked and zoned to that particular host only. The datastore cannot be shared between
hosts.
Options for Accessing the Installation Media, Booting the Installer, and
Running the Installer
When you install ESX, you have several options that allow you to customize the process to meet the needs of
your environment.
These options include how to store and access the installation media, how to boot the installer, and which
mode to use when you run the installer.
By default, when you boot the ESX installer from a DVD, the DVD uses the interactive graphical mode and
uses itself as the source of the installation media. You can modify the default installation process in the
following ways:
n Storing and accessing the ESX installation media:
n DVD (default)
n FTP
n HTTP/HTTPS (HTTPS with a proxy server is not supported.)
n NFS
n USB flash drive
n Booting the installer:
n DVD (default)
n PXE
n Running the installer:
n Interactive graphical (default)
n Interactive text
n Scripted
n For scripted installation, storing and accessing the installation script:
n Default installation script
n FTP
n HTTP/HTTPS
n NFS
n USB flash drive
n Local disk
22 VMware, Inc.
Chapter 3 Introduction to Installing ESX
About ESX Evaluation Mode

Evaluation mode gives you access to all features of ESX.
The evaluation period is 60 days and begins as soon as you power on the ESX machine, even if you start in
license mode initially. To make full use of the evaluation period, make an early decision on whether to use
evaluation mode.
If you do not enter a vSphere license key during installation, ESX is installed in evaluation mode.
ESX Installation Options

This topic describes the methods for installing ESX and the information required for installation.
The following methods are available for installing VMware ESX software:
n Graphical mode – This is the recommended method for interactive installations.
n Text mode – Use this method if your video controller does not function properly using graphical mode.
n Scripted – An efficient way to deploy multiple hosts. See “Installing ESX Using Scripted Mode,” on
page 45.
NOTE The installer for ESX 4.0 is quite different from the installer for ESX 3.x, particularly in the text and
scripted installations.
Table 3-1 lists the information that you are prompted for during the installation. For future use, note the values
entered. Notes are useful if you ever need to reinstall ESX and reenter the values that you originally chose.
Table 3-1. Data for ESX Installation

Required or
Data Optional Default Comments
Keyboard layout Required U.S. English
Custom drivers Optional No If you have network or storage devices that

integrate with ESX software and you need to
install custom drivers, you can do so during the
ESX installation. Post-install, you can use
vCenter Update Manager or the vSphere CLI to
install custom drivers.
If you PXE boot the installer, you cannot install
custom drivers during the installation.
vSphere license key Optional None If you do not enter a vSphere license key, ESX is
installed in evaluation mode.
Network adapter for Required A network adapter that is Virtual machine network traffic shares this
the service console available and connected network adapter until you configure a virtual
switch for another network adapter.
VLAN ID Optional None Range: 0 through 4095
IP address Optional DHCP You can allow DHCP to configure the network
during installation. After installation, you can
Subnet mask Optional Calculated based on the IP change the network settings.
address
Gateway Optional Based on the configured IP

address and subnet mask
Primary DNS Optional Based on the configured IP

address and subnet mask
Secondary DNS Optional None
VMware, Inc. 23
Table 3-1. Data for ESX Installation (Continued)

Required or
Data Optional Default Comments
Host name Required for None vSphere Clients can use either the host name or
static IP the IP address to access the ESX host.
settings
Install location Required None Must be at least 10GB if you install the
components on a single disk.
Datastore Required in In the basic setup, the installer A datastore is a partition that ESX uses to store
advanced creates the /vmfs partition for virtual machines. This datastore is used for the
setup the datastore. service console (esxconsole.vmdk). The service
console must be installed on a VMFS datastore
that is resident on a host's local disk or on a SAN
disk that is masked and zoned to that particular
host only. The datastore cannot be shared
between hosts.
Time zone Required Pacific time
Root password Required None The root password must be between 6 and 64
characters.
Additional user Optional None

accounts
Virtual disk Required in The installer creates three In the advanced setup, you can edit the location
partitions advanced basic partitions: /boot, of the boot loader, edit the / (root), swap, and /
setup vmkcore, and VMFS. var/log default partition sizes, and create
The service console VMDK file additional partitions.
resides on the VMFS partition. The disk that you install the /boot partition onto
The service console VMDK file must be the disk that the BIOS chooses to boot
contains /, swap, and /var/ from.
log, by default, and any other
partitions that you specify.
Bootloader kernel Optional None In the advanced setup, you can specify kernel
options arguments to be written to the grub.conf file
and passed to the kernel every time ESX boots.
Bootloader Optional None In the advanced setup, you can specify a

password bootloader password up to 30 characters.
NTP server Optional None. For text-mode and graphical-mode installations,

By default, if you do not enter you can enter an NTP server name at installation
an NTP server name or IP time.
address, the installer uses the This feature is not available in scripted
system date and time, which installation (unless you script it in a %post
you can modify. section). After installation, you can use the
vSphere Client to configure the host to use an
NTP server.
24 VMware, Inc.
Location of the ESX Installation Media 4
Before you install ESX, you must select a location for the installation media.
The following locations are supported:
n Local DVD
n Local USB
n USB DVD drive. This is useful if you cannot burn a DVD image or the host does not have a DVD drive.
n Remote media (See “Using Remote Management Applications,” on page 37).
n Remote location (media depot), accessible via HTTP/HTTPS, FTP, or NFS

n “Download the ESX ISO Image and Burn the Installation DVD,” on page 25
n “Creating a Media Depot,” on page 25
Download the ESX ISO Image and Burn the Installation DVD
If you do not have an ESX installation DVD, you can create one.
Procedure
1 If you are not already logged into VMware Communities, log on using your VMware store account.
2 Download the ISO image for ESX from the VMware download page at
http://www.vmware.com/download/.
3 Burn the ISO image onto DVD media.
Creating a Media Depot

The media depot is a network-accessible location that contains the ESX installation media. You can use HTTP/
HTTPS, FTP, or NFS to access the depot. The depot must be populated with the entire contents of the ESX
installation DVD, preserving directory structure.
If you are performing a scripted installation, you must point to the media depot in the script by including the
install command with the nfs or url option.
The following code snippet from an ESX installation script demonstrates how to format the pointer to the media
depot if you are using NFS:
install nfs --server=example.com --dir=/nfs3/VMware/ESX/40
If you are performing an interactive installation instead of a scripted installation, include the askmedia boot
option, which causes the installer to prompt you for the location of the media.
VMware, Inc. 25
You can type the askmedia option at the end of the boot options list. For example:
Boot Options initrd=initrd.img vmkopts=debugLogToSerial:1 mem=512M askmedia
The boot options list appears when you boot the installer and press F2.
26 VMware, Inc.
Booting the ESX Installer 5
You can boot the installer from the DVD using the local DVD-ROM drive, or you can PXE boot the installer.
n “Bootstrap Commands,” on page 27
n “Boot the ESX Installer from the Installation DVD,” on page 28
n “PXE Booting the ESX Installer,” on page 29
Bootstrap Commands
Before the ESX installer Welcome screen appears, the installer displays a boot prompt where you can enter
bootstrap commands to pass arguments to the installer.
When the mode selection screen appears, quickly type F2 to stop the timeout counter. If the mode selection
screen times out, the default graphical mode is launched.
The supported bootstrap commands and subcommands are listed in Table 5-1.
Table 5-1. Bootstrap Commands for ESX Installation

Command Description
askmedia Allows you to interactively select the location of the ESX

installation media. This option is required if the image is
hosted at an HTTP, FTP, or NFS location.
BOOTIF Accepts the format for the boot network adapter as supplied
by PXELINUX.
gateway=<ip address> Sets this network gateway as the default gateway during the
install.
ip=<ip address> Specifies a static IP address to be used for downloading the
script and the installation media.
The IPAPPEND option is also supported if you PXE boot the
installer.
ks=cdrom:/<path> Performs a scripted installation with the script at <path>,
which resides on the DVD in the DVD-ROM drive.
ks=file://<path> Performs a scripted installation with the script at <path>,
which resides inside the initial ramdisk image.
ks=ftp://<server>/<path>/ Performs a scripted installation with a script located at the
given URL.
ks=http://<server>/<path> Performs a scripted installation with a script located at the
given URL.
VMware, Inc. 27
Table 5-1. Bootstrap Commands for ESX Installation (Continued)

Command Description
ks=https://<server>/<path> Performs a scripted installation with a script located at the

given URL.
ks=nfs://<server>/<path> Performs a scripted installation with the script located at
<path> on a given NFS server.
ks=usb Performs a scripted installation with the ks.cfg script in the
root directory of the USB flash drive attached to the host. If
multiple flash drives are attached, the installer cycles through
each one, mounting and unmounting them until the file
named ks.cfg is found.
ks=UUID:<partition-UUID>:/<path> Performs a scripted installation with a script located on the

ext partition with the given UUID.
ksdevice=<device> Same as netdevice
nameserver=<ip address> Specifies a domain name server as the nameserver during the
install.
netdevice=<device> Tries to use a network adapter <device> when looking for an
installation script and installation media. Specify as a MAC
address (for example, 00:50:56:C0:00:01). If not specified and
files need to be retrieved over the network, the installer
defaults to the first discovered network adapter.
The IPAPPEND option is also supported if you PXE boot the
installer.
netmask=<subnet mask> Specifies subnet mask for the network interface that
downloads the installation media.
noapic Flags the kernel to use the XTPIC instead of the APIC.
text Starts the ESX installer in text mode.
url=<url> Looks for the installation media at the specified URL. When
you are PXE booting the installer, the url= command only
works with earlier versions of SYSLINUX. The command
does not work with SYSLINUX/PXELINUX version 3.70 and
higher.
vlanid=<vlanid> Configures the VLAN for the network card.
Boot the ESX Installer from the Installation DVD

When you boot the installer from a DVD, you use the local DVD-ROM drive or remote media, such as iLO or
DRAC.
Prerequisites
You must have an ESX installation DVD. See “Download the ESX ISO Image and Burn the Installation DVD,”
on page 25.
Procedure
1 Insert the DVD in the DVD-ROM drive.
2 Use the BIOS to set the host to boot from the CD-ROM drive:
a Reboot the machine.
b Press a function key or Delete to enter the BIOS setup or boot menu for your machine.
c Set the CD-ROM drive as the first boot device.
3 (Optional) When the mode selection page appears, press F2 to enter boot options.
28 VMware, Inc.
Chapter 5 Booting the ESX Installer
What to do next
Continue with the installation. If you are performing a scripted installation, allow the script to run.
PXE Booting the ESX Installer

The preboot execution environment (PXE) is an environment to boot computers using a network interface
independently of available data storage devices or installed operating systems. These topics discuss the
PXELINUX and gPXE methods of PXE booting the ESX installer.
PXE uses DHCP and Trivial File Transfer Protocol (TFTP) to bootstrap an operating system (OS) over a network.
Network booting with PXE is quite similar to booting with a DVD, but requires some network infrastructure
and a machine with a PXE-capable network adapter. Most machines that are capable of running ESX have
network adapters that are able to PXE boot. Once the ESX installer is booted, it works like a DVD-based
installation, except that the location of the ESX installation media (the contents of the ESX DVD) must be
specified.
A host first makes a DHCP request to configure its network adapter and then downloads and executes a kernel
and support files. PXE booting the installer provides only the first step to installing ESX. To complete the
installation, you must provide the contents of the ESX DVD either locally or on a networked server through
HTTP/HTTPS, FTP, or NFS. (See Chapter 4, “Location of the ESX Installation Media,” on page 25.)
About the TFTP Server, PXELINUX, and gPXE

TFTP is a light-weight version of the FTP service, and is typically used only for network booting systems or
loading firmware on network devices such as routers.
Most Linux distributions come with a copy of the tftp-hpa server. You can alternatively obtain one at
http://www.kernel.org/pub/software/network/tftp/.
If your TFTP server is going to run on a Microsoft Windows host, you can use tftpd32 version 2.11 or later. See
http://tftpd32.jounin.net/. Previous versions of tftpd32 were incompatible with PXELINUX and gPXE.
The PXELINUX and gPXE environments allow your target machine to boot the ESX Installer. PXELINUX is
part of the SYSLINUX package which can be found at http://www.kernel.org/pub/linux/utils/boot/syslinux/,
although many Linux distributions include it. Many versions of PXELINUX also include gPXE. Some
distributions, such as Red Hat Enterprise Linux version 5.3, include older versions of PXELINUX that do not
include gPXE.
If you do not use gPXE, you might experience issues while booting the ESX installer on a heavily loaded
network. This is because TFTP is not a robust protocol and is sometimes unreliable for transferring large
amounts of data. If you use gPXE, only the gpxelinux.0 binary and configuration file are transferred via TFTP.
gPXE enables you to use a Web server for transferring the kernel and ramdisk required to boot the ESX installer.
If you use PXELINUX without gPXE, the pxelinux.0 binary, the configuration file, and the kernel and ramdisk
are transferred via TFTP.
NOTE VMware tests PXE booting with PXELINUX version 3.63. This is not a statement of limited support.
Conceptual Overview for PXE Booting the ESX Installer

This topic provides an overview of how all the pieces fit together when you PXE boot the ESX installer.
The network infrastructure for PXE booting the installer includes the following services.
n DHCP server
n TFTP server
n PXELINUX/gPXE (SYSLINUX)
n Network Server (NFS, HTTP or FTP)
VMware, Inc. 29
Figure 5-1 shows the flow of the interaction between the components if you are using PXELINUX with gPXE.
The scripts depot and the media depot are optional. You do not need them if you are performing an interactive
installation with installation media that is stored locally on a DVD or USB.
Figure 5-1. Overview for PXE Booting the ESX Installer Using PXELINUX with gPXE
ESX target host
UDP Give me an IP
DHCP server
IP & TFTP
Give me the
UDP network boot loader
TFTP server
gpxelinux.0
Give me kernel
TCP and ramdisk
Web server
kernel and ramdisk
Installer
TCP Give me a script starts
scripts depot ks.cfg
TCP Give me media
media depot RPMs
ESX host
Figure 5-2 shows the flow of the interaction between the components if you are using PXELINUX without
gPXE. The scripts depot and the media depot are optional. You do not need them if you are performing an
interactive installation with installation media that is stored locally on a DVD or USB.
30 VMware, Inc.
Figure 5-2. Overview for PXE Booting the ESX Installer Using PXELINUX without gPXE
ESX target host
UDP Give me an IP
DHCP server
IP & TFTP
Give me the
UDP network boot loader
TFTP server
pxelinux.0
Give me kernel
UDP and ramdisk
TFTP server
kernel and ramdisk
Installer
TCP Give me a script starts
scripts depot ks.cfg
TCP Give me media
media depot RPMs
ESX host
In the case presented in this document, PXE works as follows:
1 The target ESX host (the PXE client) is booted.
2 The target ESX host makes a DHCP request.
3 The DHCP server responds with the IP information and provides information about the location of a TFTP
server.
4 When the client receives the information, it contacts the TFTP server asking for the file the DHCP server
told it to ask for (in this case, the boot menu).
5 The TFTP server sends the boot menu, and the client executes it.
6 PXELINUX or gPXE searches for a configuration file on the TFTP server, and boots a kernel according to
that configuration file. In our case, the configuration file instructs PXE to load the kernel (vmlinuz) and a
ramdisk (initrd.img).
VMware, Inc. 31
7 The client downloads the files it needs and then loads them.
8 The system boots the ESX installer.
9 The installer runs interactively or scripted, as directed by the PXE configuration file.
10 The installer uses the installation media, either from a media depot stored on the network, or locally via
DVD or USB.
11 ESX is installed.
PXE Boot the ESX Installer

This procedure describes how to use a TFTP server to PXE boot the ESX installer.
Prerequisites
Your environment must have the following components:

n TFTP server that supports PXE boot
n PXELINUX
n (Optional) gPXE, which is part of the SYSLINUX package. If you have a newer version of SYSLINUX,
gPXE is already built. If you are building gPXE from source, you can unpack it on most Linux machines
and run the make command.
n For gPXE, a Web server that is accessible by your target ESX hosts
n DHCP server configured for PXE booting
n (Optional) ESX installation script
n Network adapter with PXE support on the target ESX host
n IPv4 networking (IPv6 is not supported for PXE booting.)
Procedure
1 On a Linux machine, install TFTP server software that supports PXE booting.
If your environment does not have a TFTP server, you can use one of the packaged appliances on the
VMware Marketplace. If you do this, note that certain functions, such as correct operation of the text menu
system, are operating system dependent.
2 Put the menu.c32 file in an accessible place in a supported location.

n For gPXE, put the menu.c32 file on a Web server. For example, you can use the httpd package in
RHEL5, which contains Apache. The HTML documents are placed in /var/www/html, which is where
you can copy menu.c32.
n For PXELINUX without gPXE, put the menu.c32 file on a TFTP server.
3 On the Linux machine, install PXELINUX.
PXELINUX is included in the SYSLINUX package. Extract the files, locate the file pxelinux.0 or gpxelinux.
0, and copy it to the /tftpboot directory on your TFTP server.
4 Configure the DHCP server.
The DHCP server must send the following information to your client hosts:
n The name or IP address of your TFTP server.
n The name of your initial boot file. This is pxelinux.0 gpxelinux.0.
For more information and an example, see “Sample DHCP Configuration,” on page 33.
32 VMware, Inc.
5 Create the kernel image and ramdisk directory by copying the vmlinuz and initrd.img files from the /
isolinux directory on the ESX installation DVD to a supported location.
n Web server, if you are using gPXE.

n /tftpboot directory on the TFTP server, if you are using PXELINUX without gPXE.
For more information and an example, see “Kernel Image and Ramdisk Directory,” on page 37.
6 Create the /tftpboot/pxelinux.cfg directory on your TFTP server.
7 Create a PXE configuration file.
This file defines how the host boots when no operating system is present.
The PXE configuration file references the location of the vmlinuz and initrd.img files in the kernel image
and ramdisk directory.
For more information and an example, see “Creating a PXE Configuration File,” on page 34.
8 Save the PXE configuration file in /tftpboot/pxelinux.cfg on the TFTP server.
You now have an environment that you can using for PXE booting the ESX installer.
Sample DHCP Configuration

To PXE boot the ESX installer, the DHCP server must send the address of the TFTP server and a pointer to the
pxelinux.0 or gpxelinux.0 directory.
The DHCP server is used by the target machine to obtain an IP address. The DHCP server needs to know if
the target machine is allowed to boot and the location is of PXELINUX binary (which usually resides on a TFTP
server). When the target machine first boots, it broadcasts a packet across the network requesting this
information to boot itself, and the DHCP server responds.
CAUTION Setting up a new DHCP server is not recommended if your network already has one. If multiple
DHCP servers respond to DHCP requests, machines can obtain incorrect or conflicting IP addresses, or can
fail to receive the proper boot information. Seek the guidance of a network administrator in your organization
before setting up a DHCP server.
Many DHCP servers are capable of PXE booting hosts. The following samples are for ISC DHCP version 3.0,
which is included with many Linux distributions. If you are using a version of DHCP for Microsoft Windows,
refer to the DHCP server documentation to determine how to pass the next-server and filename arguments to
the target machine.
gPXE Example
This sample shows how to configure the ISC DHCP server to enable gPXE.
allow booting;
allow bootp;
# gPXE options
option space gpxe;
option gpxe-encap-opts code 175 = encapsulate gpxe;
option gpxe.bus-id code 177 = string
class "pxeclients" {
match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
next-server <TFTP server address>;
if not exists gpxe.bus-id {
filename "/gpxelinux.0";
}
}
VMware, Inc. 33
subnet <Network address> netmask <Subnet Mask> {

range <Starting IP Address> <Ending IP Address>;
}
When a machine attempts to PXE boot, the DHCP server provides an IP address and the location of the
gpxelinux.0 binary on the TFTP server. The IP address assigned will be in the range defined in the subnet
section of the configuration file.
PXELINUX (without gPXE) Example

This sample shows how to configure the ISC DHCP server to enable PXELINUX.
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
#
ddns-update-style ad-hoc;
allow booting;
allow bootp;
class "pxeclients" {
match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
next-server 192.168.48.10;
filename = "pxelinux.0";
}
subnet 192.168.48.0 netmask 255.255.255.0 {
range 192.168.48.100 192.168.48.250;
}
When a machine attempts to PXE boot, the DHCP server provides an IP address and the location of the
pxelinux.0 binary on the TFTP server. The IP address assigned will be in the range defined in the subnet section
of the configuration file.
Creating a PXE Configuration File

The PXE configuration file defines the menu displayed to the target ESX host as it boots up and contacts the
TFTP server.
The TFTP server is always listening for PXE clients on the network. When it detects that a PXE client is asking
for PXE services, it sends the client a network package that contains this boot menu.
Each PXE boot menu selection points to the location of the kernel and ramdisk files for ESX. You can create
one PXE configuration file for each target ESX host, or create one PXE configuration file and name it default.
Following is an example of a PXE configuration file that you might use with PXELINUX without gPXE. See
also the /isolinux/isolinux.cfg file on the ESX installation DVD.
default menu.c32
menu title ESX Boot Menu
timeout 30
##PXE boot the installer and perform an interactive installation

##with local media (RPM files)
label local
menu label Interactive Local Installation
kernel http://<server>/vmlinuz
append initrd=http://<server>/initrd.img vmkopts=debugLogToSerial:1 mem=512M quiet
34 VMware, Inc.
##PXE boot the installer and perform a scripted installation with

##local or remote media (RPM files), as specified in the installation script
label scripted
menu label Scripted Installation
append initrd=http://<server>/initrd.img vmkopts=debugLogToSerial:1 mem=512M ks=nfs://
10.20.118.55/ks.cfg

##with the media (RPM files) at a remote location
label network_rpm
menu label Interactive Installation with RPM files on the network
append initrd=http://<server>/initrd.img vmkopts=debugLogToSerial:1 mem=512M askmedia
Following is an example of a PXE configuration file that you might use with PXELINUX without gPXE. See
also the /isolinux/isolinux.cfg file on the ESX installation DVD.
default menu.c32
menu title ESX Boot Menu
timeout 30

##with local media (RPM files)
label local
menu label Interactive Local Installation
kernel test/vmlinuz
append initrd=test/initrd.img vmkopts=debugLogToSerial:1 mem=512M quiet
##PXE boot the installer and perform a scripted installation with

##local or remote media (RPM files), as specified in the installation script
label scripted
menu label Scripted Installation
kernel test/vmlinuz
append initrd=test/initrd.img vmkopts=debugLogToSerial:1 mem=512M ks=nfs://10.20.118.55/ks.cfg

##with the media (RPM files) at a remote location
label network_rpm
menu label Interactive Installation with RPM files on the network
kernel test/vmlinuz
append initrd=test/initrd.img vmkopts=debugLogToSerial:1 mem=512M askmedia
VMware, Inc. 35
Required Files
In the PXE configuration file, you must include paths to the following files:
n vmlinuz is the boot loader kernel code.
n initrd.img is the boot ramdisk.
The path test/ used in the example is relative to /tftpboot. The actual path is /tftpboot/test/ on the TFTP
server.
Installation Mode
ks=nfs://10.20.118.55/ks.cfg is the path to the ESX installation script. In a scripted installation, your script
includes all the necessary responses to fill in the blanks, including the location of the installation media.
In an interactive installation, omit the ks= option. If you are performing an interactive installation with the
installation media at a remote location, include the askmedia boot option, which causes the installer to prompt
you for the location of the installation media.
ESX 3.x supported a hybrid installation. In this mode, you could supply an incomplete ESX installation script,
and the installer prompts you for the missing parts. ESX 4.0 does not support this. You either have all responses
in your ESX installation script or you have no script.
IPAPPEND
For scripted installations, the IPAPPEND option specifies that the same network adapter the machine boots
from is also used for connecting to the network. When you include the IPAPPEND option in the PXE
configuration file, omit the --device option to the installation script network command. The IPAPPEND option
has no impact on interactive installations. The following snippet shows how to include the IPAPPEND option
in the PXE configuration file:
label Installer
menu default
append initrd=http://<server>/initrd.img mem=512M vmkopts=debugLogToSerial:1 ks=nfs://
10.20.118.55/ks.cfg
IPAPPEND 2
For the IPAPPEND flag_val, use IPAPPEND 2. IPAPPEND 1 is not required.
If you omit the network --device option from the installation script, the IPAPPEND option from the PXE
configuration file, and the netdevice bootstrap command, the installer uses the first plugged in network
adapter.
Filename for the PXE Configuration File

For the filename of the PXE configuration file, choose one of the following:
n 01-<mac_address_of_target_ESX_host>. For example, 01-23-45-67-89-0a-bc
n The target ESX host IP address in hexadecimal notation.

n default
The initial boot file, pxelinux.0 tries to load a PXE configuration file. First it tries with the MAC address of the
target ESX host, prefixed with its ARP type code (01 for Ethernet). If that fails, it tries with the hexadecimal
notation of target ESX system IP address. Ultimately, it tries to load a file named default.
For example, you might save the file on the TFTP server at /tftpboot/pxelinux.cfg/01-00-21-5a-ce-40-f6.
The MAC address of the network adapter on the target ESX host is 00-21-5a-ce-40-f6.
36 VMware, Inc.
File Location for the PXE Configuration File

Save the file in /tftpboot/pxelinux.cfg/ on the TFTP server.
Kernel Image and Ramdisk Directory

The kernel image and ramdisk directory contains files that that must be loaded across the network to enable
PXE booting of the ESX installer. vmlinuz is a Linux kernel used for booting. The kernel is located in the
initrd.img file.
The kernel image and ramdisk directory is located on a Web server (for gPXE) or on the TFTP server in the /
tftpboot directory (for PXELINUX without gPXE. For example, the directory might be at /tftpboot/esx/ and
contain the following files:
-r--r--r-- 1 root root 1922578 Nov 12 05:51 initrd.img
-r--r--r-- 1 root root 966633 Nov 12 05:51 vmlinuz
These files come from the ESX installation DVD, under the /isolinux directory.
You reference the vmlinuz and initrd.img files from the PXE configuration file. The following code snippet
shows how you reference vmlinuz and initrd.img in the PXE configuration script:
kernel esx/vmlinuz
append initrd=esx/initrd.img ...
...
Using Remote Management Applications

Remote management applications allow you to install ESX on server machines that are in remote locations.
Remote management applications supported for installation include Integrated Lights-Out (iLO), Dell Remote
Access Card (DRAC), IBM management module (MM), and Remote Supervisor Adapter II (RSA II). For a list
of currently supported server models and remote management firmware versions, see “Supported Remote
Management Firmware Versions,” on page 19.
Generally, administrators use remote management applications to perform GUI-based, remote installations of
ESX. However, you can use a remote management application for scripted installations as well.
If you use remote management applications to install ESX, be careful using the virtual CD feature. The virtual
CD might encounter corruption problems with systems or networks under load. If you must use this method,
run the media test provided by the ESX installer. If a remote installation from an ISO image fails, complete the
installation from the physical DVD media.
VMware recommends that instead of using the virtual CD media for the entire installation, you boot from the
virtual CD, enter the askmedia option in the ESX installer boot screen, and then complete the installation with
NFS, HTTP/HTTPS, or FTP. The ESX ISO must be mounted in a place that is accessible by one of these network
installation methods. This approach is much more reliable than attempting the entire installation via virtual
media.
If you PXE boot the installer, you cannot install custom drivers during the ESX installation. If you choose to
boot the installer from the DVD and install custom drivers during the ESX installation, the drive that you use
for the ESX DVD is the drive that you must use for the custom driver CD/DVD. If the drive is a USB drive
(including an emulated USB drive), you must not detach the drive during the installation procedure. If the
ESX DVD is an ISO image, the custom driver CD/DVD must be an ISO image as well.
VMware, Inc. 37
38 VMware, Inc.
Installing VMware ESX 6
You have multiple options for installing ESX. You can install ESX interactively or by using a script. For
interactive installation, you can use graphical mode or text mode.

n “Install ESX Using the Graphical Mode,” on page 39
n “Install ESX Using the Text Mode,” on page 42
n “Installing ESX Using Scripted Mode,” on page 45
Install ESX Using the Graphical Mode

The graphical mode is the recommended installation method if you are installing ESX for the first time. The
graphical mode runs by default if you do not select an alternate installation method.
Prerequisites
Procedure
1 Choose a method for booting the installer.

n Boot from the DVD using the local CD-ROM drive.
n PXE boot the installer.
2 Select Install ESX in graphical mode.
3 (Optional) Press F2 and type boot options for the installer.
4 Click Next to continue.
5 Select I accept the terms of the license agreement and click Next.
NOTE If the alignment of the license agreement screen is skewed to the left, you might need to auto-adjust
your host monitor.
6 Select your keyboard type from the list and click Next.
VMware, Inc. 39
If you PXE booted the ESX installer, you cannot install custom drivers during the installation process. You
can install them after the ESX installation is complete.
n Select Yes and click Add to install custom drivers. The installer prompts you to insert the media
containing the custom drivers. After you add the custom drivers to the list, the installer prompts you
to reinsert the ESX installation DVD and continue with the installation. Click Next to continue.
n Select No if you do not need to install custom drivers. You can install custom drivers after the ESX
installation is complete, using other command-line and GUI tools available to you, such as the vSphere
CLI and vCenter Update Manager. Click Next to continue.
8 Click Yes to load the required ESX drivers.

n Select Enter a serial number now, enter the vSphere license key, and click Next.
n Select Enter a license key later and click Next. This choice allows you to evaluate ESX (or enter a
vSphere license key later using the vSphere Client).
10 Select the network adapter for the ESX service console.
Virtual machine network traffic shares this network adapter until you configure a virtual switch for
another network adapter. You can configure other network adapters at a later time from the vSphere
Client.
11 If the adapter is connected to a VLAN, select This adapter requires a VLAN ID, enter a VLAN ID number
between 0 and 4095, and click Next.
12 Configure the network settings.
VMware recommends that you use a static IP address to simplify client access. If you want to use static
settings but you do not have the required information, you can use DHCP for the installation and configure
static settings after you consult with your network administrator.
For the host name, type the complete host name including the domain. This option is available only if you
use a static IP address.
13 (Optional) Click Test these settings to test the network interface.
14 (Optional) Select the location of the unpacked ESX installation ISO image.
These options appear if you entered the askmedia bootstrap command at the mode selection screen. You
can specify one of the following locations:
n DVD or USB (You can select a CD-ROM drive other than the one you might be using for booting the
installer.)
n Network file system (NFS) server and a directory path.
n HTTP or HTTPS URL
n FTP URL
40 VMware, Inc.
Chapter 6 Installing VMware ESX
Option Description
Standard Setup The installer configures the default partitions on a single hard drive or LUN
where you install ESX. The default partitions are sized based on the capacity
of the hard drive or LUN.
Advanced Setup Allows you to specify esxconsole.vmdk partition settings, kernel options,
and a bootloader location and password. If you leave the Configure boot
loader automatically option selected, the installer places the boot loader in
the master boot record (MBR).
CAUTION The installer erases all content on the selected storage device.
Installing ESX on a USB device is not supported.
Click Next and click OK to confirm your selection.
17 Configure advanced options.
a Configure a location for the VMFS datastore to store the service console.
n Create new datastore – Select the same disk as ESX or select another disk. If you select another
disk, the disk used for the ESX location contains only the /boot and vmkcore partitions, and the
rest of the disk is unpartitioned. The second disk is formatted as a single VMFS partition that
spans the entire disk.
You can create additional partitions post-install, using the vSphere Client.
n Use existing datastore – Select an existing datastore available to the host.
VMFS2 volumes are not recognized by ESX 4.0.
The service console must be installed on a VMFS datastore that is resident on a host's local disk or on
a SAN disk that is masked and zoned to that particular host only. The datastore cannot be shared
between hosts.
b Create new partitions and edit or delete the default partitions.
VMware recommends that you retain the /var/log partition of 2000MB.
18 Configure advanced bootloader options.
The Bootloader Options page appears if you deselected the Configure boot loader automatically check
box.
a Enter bootloader kernel arguments.
The installer writes the arguments to the grub.conf file and passes them to the ESX kernel every time
ESX boots.
b Enter an optional bootloader password. It can be up to 30 characters.
c Select where the GRUB bootloader is installed.
By default, the GRUB bootloader is installed in the MBR. Use this option for most installations. For
legacy hardware that stores BIOS information in the MBR, click Install GRUB on the first partition
of the disk, instead of the Master Boot Record.
19 Configure the time zone.
VMware, Inc. 41

n Select Automatically and enter the IP address or host name of an NTP server.
n Select Manually to use the machine date and time detected by the installer or to set the date and time
yourself. If you select Manually and you do not have a functioning mouse, you can change the
calendar month and year by using Ctrl-left-arrow and Ctrl-right-arrow for the month, and Ctrl-up-
arrow and Ctrl-down-arrow for the year.
21 Enter a root password.
It must contain between 6 and 64 characters.

22 (Optional) Create additional users by clicking Add.
23 Confirm your installation configuration and click Next.
If an installation error occurs at this point, the ISO image might be invalid or there might be something
wrong with the DVD media. To troubleshoot, try the ISO download process again, make sure the DVD is
in working order, and make sure the DVD drive and DVD media type are compatible. When you retry
the installation, perform the media check operation. Alternatively, use another media access option, such
as HTTP.
24 Click Next and then click Finish to exit the installer and reboot the host.
25 During reboot, press the key required to enter your machine’s BIOS setup or boot menu
After installation, a esxconsole-<system-uuid>/esxconsole.vmdk file is created in a VMFS volume. The /,

swap, /var/log, and any of the optional partitions are stored in the esxconsole.vmdk file.
After you install ESX and reboot the host, you can log in to the service console to read the installation log at /
var/log/esx_install.log.
NOTE In previous releases of ESX, if the system did not boot up after installation, one troubleshooting approach
was to mount the partitions for debugging. For ESX 4.0, mounting the partitions would not be helpful in
resolving the issue. If after installation the system does not boot up, the most likely cause is that the BIOS is
configured to boot from the wrong disk.
Install ESX Using the Text Mode

Use the text interface if your video controller does not function properly when you use graphical mode.
Prerequisites
Procedure

n Boot from the DVD using the local DVD-ROM drive.
2 Select Install ESX in text mode.
3 (Optional) Press F2 and type boot options for the installer.
4 Enter 1 to continue.
42 VMware, Inc.
5 Select a keyboard model.

n To accept the default US English, enter 1.
n To configure the keyboard, enter 2 and enter the number that corresponds to your keyboard model.
6 Enter accept to accept the VMware license agreement.
If you PXE booted the ESX installer, you cannot install custom drivers during the installation process. You
can install them after the ESX installation is complete.
n Enter 1 to install custom drivers with the ESX installation. If you enter 1, the installer prompts you to
insert the media containing the custom drivers. After you add the custom drivers, the installer
prompts you to reinsert the ESX installation DVD and continue with the installation.
n Enter 2 if you do not need to install custom drivers.
You can install custom drivers after the ESX installation is complete, using other command-line and GUI
tools available to you, such as the vSphere CLI and vCenter Update Manager.
8 Enter 1 to load the ESX drivers and continue.

n Enter 1 to enter the vSphere license key now.
n Enter 2 to evaluate ESX and enter a vSphere license key later using the vSphere Client.
10 Select the network adapter for the ESX service console. Virtual machine network traffic shares this network
adapter until you configure a virtual switch for another network adapter. You can configure network
adapters later from the vSphere Client.
Accept the Default Network Adapter and Leave the

VLAN ID Unassigned Select a Network Adapter and Assign a VLAN ID
Enter 1. a Enter 2.
b Enter a number that corresponds to a network adapter.
c Optionally, enter 1 to assign a VLAN ID. Otherwise,
enter 2.
d Enter a VLAN ID number between 0 and 4095.
11 Configure the network settings. VMware recommends that you use a static IP address to simplify client
access. If you want to use static settings but you do not have the required information, you can use DHCP
for the installation and configure static settings after you consult with your network administrator.
n Enter 1 to keep the automatic DHCP settings.
n Enter 2 to configure the IP settings. For the host name, type the complete host name including the
domain.
12 Select the location of the ESX installation ISO image.
These options appear if you entered the askmedia bootstrap command at the mode selection screen.
n Enter 1 to specify DVD or USB media. You can select a DVD-ROM drive other than the one you might
be using to boot the installer.
n Enter 2 to specify a network file system (NFS) server and a directory path.
VMware, Inc. 43
n Enter 3 to specify an HTTP or HTTPS URL.

n Enter 4 to specify an FTP URL.

n Enter 1 for a basic setup that configures the default partitions on a single hard drive or LUN. The
default partitions are sized based on the capacity of the hard drive or LUN.
n Enter 2 for an advanced setup that allows you to specify esxconsole.vmdk partition settings, kernel
options, and a bootloader location and password.

The installer erases all content on the selected storage device. Installing ESX on a USB device is not
supported.
15 (Optional) Configure a location for the VMFS datastore partition for the service console.
n Enter 1 to create a new datastore. For the datastore location, enter 1 to select the same disk as ESX, or
enter 2 to select another disk.
If you select another disk for the VMFS partition, the ESX disk will contain only the /boot and vmkcore
partitions, with the remainder of the disk unpartitioned. The VMFS disk will be formatted as a single
partition that spans the entire disk.
You can create additional partitions post-install, using the vSphere Client.
n Enter 2 to select an existing datastore available to the host.
VMFS2 volumes are not recognized by ESX 4.0.
The service console must be installed on a VMFS datastore that is resident on a host's local disk or on a
SAN disk that is masked and zoned to that particular host only. The datastore cannot be shared between
hosts.
16 (Optional) Name the VMFS datastore.

n Enter 1 to keep the default name, Storage1.
n Enter 2 to change the name.
17 (Optional) Change the partition layout of the service console.

n Enter 1 to keep the default partition layout. You can configure partitions later using the vSphere Client.
n Enter 2 to create, edit, and delete partitions.
18 (Optional) Enter 1 to specify kernel arguments for the GRUB bootloader. To skip this option, enter 2. The
software writes the arguments to the grub.conf file and passes them to the ESX kernel every time ESX
boots.
19 (Optional) Enter 1 to specify a bootloader password. It can be up to 30 characters. To skip this option, enter
2.
20 Enter 1 to keep the default timezone. Enter 2 to configure the timezone.

n Enter 1 to specify an NTP server.
n Enter 2 to configure the date and time manually. This option allows you to use the machine date and
time detected by the installer or set the date and time yourself.
22 Enter a root password. It must contain between 6 and 64 characters.
44 VMware, Inc.
23 Enter 1 to confirm your installation configuration.
If an installation error occurs at this point, the ISO image might be invalid or there might be something
wrong with the DVD media. To troubleshoot, try the ISO download process again, make sure the DVD is
in working order, and make sure the DVD drive and DVD media type are compatible. When you retry
the installation, perform the media check operation. Alternatively, use another media access option, such
as HTTP.
24 Enter 1 to exit the installer and reboot the host.
25 During reboot, press the key required to enter your machine’s BIOS setup or boot menu.
After installation, an esxconsole-<system-uuid>/esxconsole.vmdk file is created in a VMFS volume. The /,

swap, /var/log, and any of the optional partitions are stored in the esxconsole.vmdk file.
After you install ESX and reboot the host, you can log in to the service console to read the installation log at /
var/log/esx_install.log.
NOTE In previous releases of ESX, if the system did not boot up after installation, one troubleshooting approach
was to mount the partitions for debugging. For ESX 4.0, mounting the partitions would not be helpful in
resolving the issue. If after installation the system does not boot up, the most likely cause is that the BIOS is
configured to boot from the wrong disk.
Installing ESX Using Scripted Mode

You can quickly deploy ESX hosts using scripted, unattended installations. Scripted installations provide an
efficient way to deploy multiple hosts.
The installation script contains the installation settings for ESX. You can apply the script to all your hosts that
will have a similar configuration.
Scripted installations include the following steps:
1 Create a script using the supported commands.
2 Edit the installation script as needed to change settings that are unique for each host.
3 Run the scripted installation.
The installation script can reside in one of the following locations:

n Default installation script
n FTP
n HTTP/HTTPS
n NFS
n USB flash drive
n Local disk
VMware, Inc. 45
Approaches for Scripted Installation

You can install onto multiple machines using a single script for all of them or using a separate script for each
machine.
One of the settings that you can configure in a script is the IP setting, which can be static IP or DHCP for the
host on which you are installing ESX. Choose one of the following approaches:
n Create multiple scripts, each containing unique network identification information. The unique network
information includes the static IP address and host name of each ESX host.
n Create one script (or use a default script) that uses DHCP to set up multiple ESX hosts. After you complete
a scripted installation, you can then configure each ESX host separately to assign a unique host name and
IP address. VMware recommends that you use static IP addresses.
The IPAPPEND PXE configuration option specifies that the same network adapter the machine boots from
is also used for connecting to the network. See “IPAPPEND,” on page 36.
About Installation Scripts

The installation script is a text file, for example ks.cfg, that contains supported commands.
The command section of the script contains the options specified for the ESX installation. This section is
required and must appear first in the script.
About Default Installation Scripts

Default installation scripts simplify the task of using scripted mode to perform ESX installations.
Instead of writing a script, you can use the following default scripts:
n After your first interactive installation of ESX, the installer creates a /root/ks.cfg script in the ESX
filesystem. This script reflects the choices you made in the interactive installation. If you perform a second
interactive installation on the same host with choices that differ from the first, /root/ks.cfg is overwritten
with a new version.
n The installation media contains the following default installation scripts:
ks-first-safe.cfg Installs ESX on the first detected disk and preserves the VMFS datastores
on the disk.
ks-first.cfg Installs ESX on the first detected disk.
When you install ESX using ks-first-safe.cfg or ks-first.cfg, the default root password is
mypassword.
Default ks-first.cfg Script

The ESX installer comes with a default installation script that performs a standard installation to the first hard
drive. The default ks-first.cfg script reformats the /dev/sda disk and sets up default partitioning.
This default script runs if you select the ESX Scripted Install to first disk (overwrite VMFS) option in the boot
options menu.
You cannot modify the default script on the installation media. If you run the default script, the root password is
mypassword. After the installation, you can log in to the ESX host and modify the default settings using the
vSphere Client.
46 VMware, Inc.
The default script contains the following commands:

#root Password
rootpw --iscrypted $1$MpéRëÈíÌ$n9sgFQJweS1PeSBpqRRu..
# Authconfig
authconfig --enableshadow --enablemd5
# BootLoader (Use grub by default.)
bootloader --location=mbr
# Timezone
timezone America/Los_Angeles --utc
#Install
install cdrom
#Network install type
network --device=MAC_address --bootproto=dhcp
#Keyboard
keyboard us
#Reboot after install?
reboot
# Clear partitions
clearpart --firstdisk
# Partitioning
part /boot --fstype=ext3 --size= --onfirstdisk
part storage1 --fstype=vmfs3 --size=10000 --grow --onfirstdisk
part None --fstype=vmkcore --size=100 --onfirstdisk
# Create the vmdk on the cos vmfs partition.
virtualdisk cos --size=5000 --onvmfs=storage1
# Partition the virtual disk.
part / --fstype=ext3 --size=0 --grow --onvirtualdisk=cos
part swap --fstype=swap --size=256 --onvirtualdisk=cos
#VMware Specific Commands
accepteula
serialnum --esx=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
Perform a Scripted Installation

This procedure describes the steps for running a custom or default script.
Prerequisites
See “ESX Hardware Requirements,” on page 13.
Procedure

n Boot from the DVD using the local DVD-ROM drive.
2 When the mode selection page appears, press F2.
VMware, Inc. 47
3 From the boot options list, select a scripted install option.
Scripted Install Option Description

ESX Scripted Install using USB To specify a custom script that is not located on the USB:
ks.cfg and customize the ks= option a Select the USB option as a template.
in the boot options list.
b Customize the ks= option to specify the actual name and location of the
custom script.
The script must be located at one of the supported locations. See Step 4.
ESX Scripted Install using USB Custom installation script located on a USB device attached to the machine.
ks.cfg For this option, the script filename must be ks.cfg.
ESX Scripted Install to first disk Default installation script included with the ESX media. You cannot
customize this script. The default root password is mypassword.
ESX Scripted Install to first disk Default installation script included with the ESX media. You cannot
(overwrite VMFS) customize this script. The default root password is mypassword.
4 (Optional) At the end of the boot options list, enter a ks= command.
ks= Option Description

ks=cdrom:/ks.cfg Installation script is located on the DVD-ROM drive attached to the machine.
ks=file://<path>/ks.cfg Installation script is at <path> which resides inside the initial ramdisk image.
ks=ftp://<server>/<path>/ks.cfg Installation script is located at the given URL.
ks=http://<server>/<path>/ Installation script is located at the given URL.
ks.cfg
ks=nfs://<server>/<path>/ks.cfg Installation script is located at <path> on a given NFS server.
5 Press Enter.
The ESX installation proceeds, using the options that you specified.
Installation Script Commands

Review the commands that are supported in ESX installation scripts.
accepteula or vmaccepteula (required)

Accepts the ESX license agreement.
autopart (optional)
Compared to kickstart, the behavior of the ESX 4.0 autopart command is significantly different. Carefully edit
the autopart command in your existing scripts.
Creates the default partitions on the disk. Not required if you include the part or partition command.
--disk= or --drive= Specifies the disk to partition. For the accepted disk name formats, see “Disk
Device Names,” on page 56.
--firstdisk= (Line break is for formatting purposes.)
<disk-type1>, Partitions the first non-USB disk found. This is the same disk as found by the
[<disk-type2>,...] clearpart --firstdisk command.
48 VMware, Inc.
You can add an optional string argument to the --firstdisk flag to select the disk
types. The strings that you can use are as follows:
n local
n remote
n Device driver name in the vmkernel
You can combine multiple values in a comma-separated list to concatenate

other matches onto the list of matches. For example, --firstdisk=local,remote
selects the first detected local disk or, if none are available, the first remote disk.
This is the default behavior. To prefer a disk with the device driver named
mptspi over any other local disks, use --firstdisk=mptspi,local.
--onvmfs= Partitions only the service console VMDK and not the physical disk. The
argument is the VMFS volume name where the VMDK should be placed. The
service console must be installed on a VMFS datastore that is resident on a
host's local disk or on a SAN disk that is masked and zoned to that particular
host only. The datastore cannot be shared between hosts.
--extraspace= Specifies the amount of extra space to add to the / (root) partition. The size is
given in megabytes (MB). Must be greater than 0.
--vmdkpath= Species the path for the VMDK file. Takes the same value format as the
virtualdisk--path= option.
auth or authconfig (optional)

Sets up authentication for the system. Hesiod arguments are not supported.
If you omit this command, MD5-based and shadow passwords are enabled by default.
--disablemd5 Disables MD5-based passwords.

--disableshadow Disables shadow passwords.
--enablemd5 (default) Enables MD5-based passwords.
--enablenis Enables NIS support. Requires nisdomain and nisserver.
--nisdomain=<domain> Sets the NIS domain. Requires --enablenis.
--nisserver=<server> Sets the NIS server (broadcasts by default). Requires --enablenis.
--useshadow or Enables shadow password file.
--enableshadow
(default)
--enablekrb5 Enables Kerberos 5 to authenticate users.

--krb5realm= Specifies the Kerberos 5 realm to which your system belongs.
--krb5kdc= Specifies the KDCs that serve requests for the realm. Separate the names of
multiple KDCs with commas.
--krb5adminserver= Specifies the KDC in your realm that is also running the KADM5
administration server.
--enableldap Enables LDAP.
--enableldapauth Enables LDAP as an authentication method. Requires --enableldap.
--ldapserver= Specifies the name of the LDAP server. Requires --enableldap.
VMware, Inc. 49
--ldapbasedn= Specifies the distinguished name in your LDAP directory tree under which user
information is stored. Requires --enableldap.
--enableldaptls Enables transport layer security lookups. Requires --enableldap.
--enablead Enables active directory authentication. Requires --addomain and --addc.
--addomain Active directory domain name. Requires --enablead.
--addc Active directory domain controller. Requires --enablead.
bootloader (optional)
Sets up the GRUB boot loader.
--append= Specifies extra kernel parameters for when the system is booting.
--driveorder= Specifies which drive is first in the BIOS boot order.
--location (Line break is for formatting purposes.)
=[mbr|partition|none] Specifies where the boot loader is installed. The values are: mbr for the master
boot record, partition for the first sector of the partition with the VMnix kernel,
or none to not install the boot loader. If you omit the location option, the default
location is the MBR.
--md5pass= Sets the GRUB bootloader password with the md5 encrypted password.
--password= Sets the GRUB boot loader password.
--upgrade Upgrades the existing boot loader configuration and preserves existing entries.
clearpart (optional)
Compared to kickstart, the behavior of the ESX 4.0 clearpart command is significantly different. Carefully
edit the clearpart command in your existing scripts.
Removes partitions from the system before creating new partitions.
--all Removes all partitions from the system.

--drives= Specifies which drives to clear partitions from. For the accepted drives, see
Table 6-1.
--alldrives Ignores the --drives= requirement and allows clearing of partitions on every
drive.
--ignoredrives= Removes partitions on all drives except those specified. Required unless the
--drives= or --alldrives flag is specified.
--overwritevmfs Overwrites VMFS partitions on the specified drives. Required if the disk
contains a VMFS partition.
--initlabel Initializes the disk label to the default for your architecture.
<disk-type1>, Clears partitions on the first non-USB disk found. This is the same disk as found
[<disk-type2>,...] by autopart --firstdisk command.
50 VMware, Inc.
n local
n remote

dryrun (optional)
Parses and checks the installation script. Does not perform the installation.
esxlocation (optional)
Specifies an existing Linux partition to use as the /boot partition. The partition must be formatted with an ext2
or ext3 file system, be at least 1100MB, and be a primary partition.
--disk= or --drive= Specifies the disk to search for an existing Linux partition that can be used as /
boot. See Table 6-1 for the accepted disk name formats.
<disk-type1>, Uses the first disk that has a partition suitable to be the /boot partition. Supports
[<disk-type2>, ...] the same argument format as the autopart command.
--uuid=<UUID> Specifies a particular partition using the partition's ext2 UUID.

--clearcontents Removes any files on the partition.
firewall (optional)
Compared to kickstart, the behavior of the ESX 4.0 firewall command is significantly different. Carefully edit
the firewall command in your existing scripts.
Configures firewall options. All nonessential ports are blocked by default.
--allowIncoming Opens all incoming ports on the system.

--allowOutgoing Opens all outgoing ports on the system.
firewallport (optional)
Specifies firewall ports to allow or disallow connections.
--open Allows the specified port to pass through the firewall.

--close Disallows the specified port to pass through the firewall.
--port=<port> Specifies ports allowed or disallowed through the firewall.
--proto=[tcp|udp] Specifies transmission protocols allowed or disallowed through the firewall.
--dir=[in|out] Specifies the direction of traffic to be allowed or disallowed through the
firewall.
VMware, Inc. 51
--name=<name> Assigns a descriptive name to the firewall rule. The name must be specified for
inbound ports.
--enableService=<service> Allows services specified in services.xml to pass through the firewall.
--disableService=<service> Disables services specified in services.xml from passing through the firewall.
install (optional)
Specifies that this is a fresh installation. (All scripted installations are fresh installations.)
<cdrom|usb|nfs|url> Specifies the type of installation. The values are:

n cdrom installs from the DVD-ROM drive. For example:
install cdrom
n nfs.
Installs from the specified NFS server. For example:

install nfs --server=example.com --dir=/nfs3/VMware/ESX/40
n url downloads across the network. For example:
install url http://example.com
n usb
Installs from the first USB media found to contain the installation image.
For example:
install usb
--server= Specifies which NFS server to connect to. Use with nfs.
--dir= Specifies which directory on the NFS server to mount. Use with nfs.
<url> Defines the location of the runtime environment. Use with url (http/https/
ftp/nfs).
keyboard (optional)
Sets the keyboard type for the system.
<keyboardType> Specifies the keyboard map for the selected keyboard type.
serialnum or vmserialnum (optional)

Configures licensing. If not included, ESX installs in evaluation mode.
--esx=<license-key> Specifies the vSphere license key to use. The format is 5 five-character tuples
(XXXXX-XXXXX-XXXXX-XXXXX-XXXXX).
52 VMware, Inc.
network (optional)
Configures network information for the system.
--bootproto=[dhcp|static] Specifies network settings.

--device= Specifies either the MAC address of the network card or the device name, as
in vmnic0. This option refers to the uplink device for the virtual switch created
for the service console. If you omit this option, the installer uses the network
adapter specified with the IPAPPEND PXE configuration option or the
netdevice bootstrap command. If you omit this option, the IPAPPEND option,
and the netdevice bootstrap command, the installer uses the first plugged in
network adapter. See “IPAPPEND,” on page 36 and “Bootstrap Commands,”
on page 27.
--ip= Sets an IP address for the machine to be installed. Required with the
--bootproto=static option.
--gateway= Designates the default gateway as an IP address. Required with the
--bootproto=static option.
--nameserver= Designates the primary name server as an IP address. Used with the
--bootproto=static option. Omit this option if you do not intend to use DNS.
The --nameserver option can accept two IP addresses. For example: --
nameserver="10.126.87.104,10.126.87.120"
--netmask= Specifies the subnet mask for the installed system. Used with the
--bootproto=static option. If you omit this option, the default is the standard
netmask for the given IP address.
--hostname= Specifies the host name for the installed system. Only works with
--bootproto=static.
--vlanid=<vlanid> Specifies a VLAN to use for networking. Set to an integer between 0 and 4095.
--addvmportgroup=(0|1) Specifies whether to add the VM Network port group, which is used by virtual
machines. The default value is 1.
paranoid
Causes any warning messages to interrupt the installation. If you omit this command, warning messages are
just logged.
part or partition (optional)

Compared to kickstart, the behavior of the ESX 4.0 part or partition command is significantly different.
Carefully edit the part or partition command in your existing scripts.
Create service console partitions (except /boot) on the virtual disk and not on the physical disk.
Creates a partition on the system. Not required if you include the autopart command.
<mntpoint> Specifies where to mount the partition.

--asprimary Specifies that the partition must be created as a primary partition and not a
logical partition in the extended partition table.
--size= Defines the minimum partition size in megabytes.
--grow Allows the partition to grow to fill any available space or up to the maximum
size setting.
VMware, Inc. 53
--maxsize= Specifies the maximum size in megabytes for a partition to grow.

--ondisk= or --ondrive= Specifies the disk on which partitions are created. For the accepted disk
formats, see Table 6-1. Cannot be used with the --onvirtualdisk option.
--onfirstdisk= Partitions the first non-USB disk found. This is the same disk as found by the
<disk-type1>, autopart –-firstdisk command.
[<disk-type2>,...]
n local
n remote

--onvirtualdisk= Specifies the virtual disk on which partitions are created. Cannot be used with
the --ondisk option.
--fstype= Sets the file system type for the partition. Usually of type vmfs3, ext3, swap, or
vmkcore.
reboot (optional)
Reboots the system after scripted installation is finished.
--noeject Does not eject the DVD after installation.
rootpw (required)
Sets the root password for the system. Can be between 6 and 64 characters.
--iscrypted Specifies that the password is encrypted.

<password> Specifies the password value.
timezone (required)
Sets the time zone for the system.
--utc (required) Indicates that the BIOS clock is set to UTC (Greenwich Mean) time. Do not omit
this option.
<timezone> (optional) Specifies the timezone value. See the Olson database for supported values.
virtualdisk (optional)
NOTE The service console must be installed on a VMFS datastore that is resident on a host's local disk or on a
SAN disk that is masked and zoned to that particular host only. The datastore cannot be shared between hosts.
Creates a new virtual disk.
<name>-<system-uuid>/ (Line break is for formatting purposes.)

default-<name>.vmdk
54 VMware, Inc.
Specifies the name of the virtual disk. If you omit the --path= option, the name
of the VMDK is <name>/default-<name>.vmdk.
--size= Specifies the size of the virtual disk in megabytes.

--path= Specifies the location where the virtual disk is created. The path must include
a directory and a filename ending in .vmdk. For example: cos/default-
cos.vmdk.
--onvmfs= Specifies the name of the VMFS volume where the VMDK file is created.
--onfirstvmfs= (Line break is for formatting purposes.)
(<disk-type1>, Uses the first VMFS volume on a disk that matches the given description and
[<disk-type2>,...]) has more free space than the requested size. Uses the same argument format as
autopart.
%include or include
Specifies an additional installation script to parse. You can add several include commands to your script. When
you use the %include command, put the <filename> argument on the same line as the command.
<filename> For example: %include part.cfg
%packages
Adds or removes a package from the installation ISO image.
The packages.xml file governs whether a package is added or removed by default. The
requirement="recommended" tag means that the package is installed by default. To override the default setting
in the script, include:
%packages
-<package_name> # The package will not be installed.
The requirement="optional" tag means that the package is not installed by default. To override the default
setting in the script, include:
%packages
<package_name> # The package will be installed.
--resolvedeps Installs the listed packages and automatically resolves package dependencies.
--ignoredeps Ignores the unresolved dependencies and installs the listed packages without
the dependencies.
%pre (optional)
Specifies a script to be executed before the kickstart configuration is evaluated. For example, a %pre script can
generate include files, as shown here:
# Partitioning
%include part.cfg
...
%pre
cat > /tmp/part.cfg <<EOF
VMware, Inc. 55
part /boot --fstype=ext3 --size= --onfirstdisk

part storage1 --fstype=vmfs3 --size=10000 --grow --onfirstdisk
part None --fstype=vmkcore --size=100 --onfirstdisk
EOF
--interpreter (Line break is for formatting purposes.)

=[python|bash] Specifies an interpreter to use. The default is bash.
%post (optional)
Executes the specified script after package installation has been completed. If you specify multiple %post
sections, they are executed in the order they appear in the installation script. For example:
%post
MY_MAC=`esxcfg-nics -l | tail -1 | awk '{print $7}'` CONF_URL="http://example.com/$MY_MAC"
esxcfg-firewall --allowOutgoing
--interpreter python -c "import urllib; urllib.urlretrieve('$CONF_URL', '/tmp/myconfig.sh')"
esxcfg-firewall --blockOutgoing
sh /tmp/myconfig.sh
--interpreter (Line break is for formatting purposes.)

=[perl|python|bash] Specifies an interpreter to use. The default is bash.
--nochroot Indicates whether the script is executed after you chroot into the service console
file system.
--timeout=secs Specifies a timeout for executing the script. If the script has not finished when
the timeout expires, the script is forcefully terminated.
--ignorefailure (Line break is for formatting purposes.)
=[true|false] If true, the installation is considered a success even if the %pre script terminated
with an error.
Disk Device Names

Installation script commands such as autopart and clearpart require the use of disk device names.
Table 6-1 lists the supported disk device names.
Table 6-1. Disk Device Names

Format Examples Description
VML mpx.vmhba0:C0:T0:L0 The vmkernel device name.
/dev/.+ /dev/sda, /dev/cciss/c0d0 Full device path in the service console.
sdX, cciss/cNdN sda, cciss/c0d0 Shortened device path from the service console.
Differences Between Kickstart and ESX Commands

ESX scripted installation is similar to, but incompatible with Red Hat's kickstart.
In general, kickstart and ESX scripts differ as follows:

n ESX scripts use the UUID format for specifying disks.
n ESX scripts use MAC addresses to specify network adapters.
56 VMware, Inc.
n ESX scripts generally allow file and NFS URLs.

n ESX command options and their values require an equal sign (=) instead of a space. For example:
--location=mbr # Correct
--location mbr # Incorrect
Specific command differences are noted in the following summary.
accepteula or vmaccepteula
Only in ESX.
autopart
Compared to kickstart, the behavior of the ESX 4.0 autopart command is significantly different. Carefully edit
the autopart command in your existing scripts.
auth or authconfig
--enablead Only in ESX.
--addomain Only in ESX.
--addc Only in ESX.
--enablehesiod Only in kickstart.
--hesiodlhs Only in kickstart.
--hesiodrhs Only in kickstart.
--enablesmbauth Only in kickstart.
--smbservers Only in kickstart.
--smbworkgroup Only in kickstart.
--enablecache Only in kickstart.
bootloader
--driveorder= Only in ESX.
--upgrade Only in ESX.
--useLilo Only in kickstart.
--lba32 Only in kickstart.
--linear Only in kickstart.
--nolinear Only in kickstart.
clearpart
Compared to kickstart, the behavior of the ESX 4.0 clearpart command is significantly different. Carefully
edit the clearpart command in your existing scripts.
device
Only in kickstart.
VMware, Inc. 57
deviceprobe
Only in kickstart.
driverdisk
Only in kickstart.
dryrun
Only in ESX.
esxlocation
Only in ESX.
firewall
Compared to kickstart, the behavior of the ESX 4.0 firewall command is significantly different. Carefully edit
the firewall command in your existing scripts.
firewallport
Only in ESX.
%include or include
In ESX, the include command can be specified without the leading %.
install
url nfs Only in ESX.
usb Only in ESX.
harddrive Only in kickstart.
interactive
Only in kickstart.
keyboard
Optional in ESX. Mandatory in kickstart.
lang
Only in kickstart.
langsupport
Only in kickstart.
lilocheck
Only in kickstart.
logvol
Only in kickstart.
58 VMware, Inc.
mouse
Only in kickstart.
network
--bootproto=bootp Only in kickstart.
--vlanid=<vlanid> Only in ESX.
--addvmportgroup=(0|1) Only in ESX.
--device= ethX identifiers are only in kickstart.
--nodns Only in kickstart.
paranoid
Only in ESX.
part or partition
Compared to kickstart, the behavior of the ESX 4.0 part or partition command is significantly different.
Carefully edit the part or partition command in your existing scripts.
raid
Only in kickstart.
reboot
--noeject Only in ESX.
skipx
Only in kickstart.
text
Only in kickstart.
virtualdisk
Only in ESX.
volgroup
Only in kickstart.
xconfig
Only in kickstart.
VMware, Inc. 59
60 VMware, Inc.
ESX Partitioning 7
ESX hosts have required and optional partitions.
/boot and vmkcore are physical partitions. /, swap, /var/log, and all the optional partitions are stored on a
virtual disk called esxconsole-<system-uuid>/esxconsole.vmdk. The virtual disk is stored in a VMFS volume.

n “Required Partitions,” on page 61
n “Optional Partitions,” on page 62
Required Partitions
ESX requires several partitions.
If you delete a required partition, be sure to create a new one of the same type. You cannot define the sizes of
the /boot, vmkcore, and /vmfs partitions when you use the graphical or text installation modes. You can define
these partition sizes when you do a scripted installation.
Table 7-1 describes the required partitions.
Table 7-1. ESX Required Partitions

Mount Point Type Size Location Partition Description
/boot ext3 The ESX boot disk requires Physical partition Stores information required to
1.25GB of free space and The boot drive boot the ESX host system.
includes the /boot and usually defaults to For example, this is where the
vmkcore partitions. The /boot the specified /boot grub boot loader resides.
partition alone requires partition location.
1100MB.
Not swap 600MB recommended Virtual disk in a Allows ESX to use disk space
applicable minimum VMFS volume when more memory is needed
1600MB maximum than the physical RAM allows.
Use the default value applied NOTE Do not confuse the ESX
during installation. swap partition with virtual
machine swap space. See the
Resource Management Guide.
/ ext3 Calculated dynamically based Virtual disk in a Contains the ESX operating
on the size of the /usr partition. VMFS volume system and services, accessible
By default, the minimum size is through the service console. Also
5GB and no /usr partition is contains third-party add-on
defined. services or applications you
install.
VMware, Inc. 61
Table 7-1. ESX Required Partitions (Continued)

Not VMFS3 esxconsole.vmdk: 1200MB Physical partition Used to store virtual machines.
applicable located on one of the You can create any number of
following: VMFS volumes on each LUN if the
n Local or boot space is available.
drive VMFS2 is supported in read-only
n Local SCSI mode to import legacy virtual
volume machines.
n Networked SCSI
volume
n SAN
The service console
must be installed on
a VMFS datastore
that is resident on a
host's local disk or
on a SAN disk that is
masked and zoned
to that particular
host only.
Not vmkcore The ESX boot disk requires Physical partition Used to store core dumps for
applicable 1.25GB of free space and located on one of the debugging and technical support.
includes the /boot and following: If multiple ESX hosts share a SAN,
vmkcore partitions. The /boot n Local SCSI configure a vmkcore partition
partition alone requires volume with 100MB for each host.
1100MB. n Networked SCSI
volume
n SAN
Cannot be located on
a software iSCSI
volume.
Optional Partitions
You can create optional partitions during or after the ESX installation procedure.
Table 7-2 describes the optional partitions.
Table 7-2. ESX Optional Partitions

Recommended
/home ext3 512MB Virtual disk in a VMFS volume Used for storage by individual
users.
/tmp ext3 1024MB Virtual disk in a VMFS volume Used to store temporary files.
/usr ext3 Virtual disk in a VMFS volume Used for user programs and
data.
/var/log ext3 2000MB Virtual disk in a VMFS volume Used to store log files.
The graphical and text installers
create this 2000MB partition by
default.
62 VMware, Inc.
Post-Installation Considerations for
ESX 8
After you install ESX, you must consider host management through the vSphere Client, licensing, and adding
and removing custom extensions.

n “Download the vSphere Client,” on page 63
n “Licensing the Host,” on page 63
n “Set an ESX/ESXi Host to Evaluation Mode,” on page 64
Download the vSphere Client

The vSphere Client is a Windows program that you can use to configure the host and to operate its virtual
machines. You can download vSphere Client from any host.
Prerequisites
You must have the URL of the host. This is the IP address or host name.
Procedure
1 From a Windows machine, open a Web browser.
2 Enter the URL for the host.
For example, http://testserver.vmware.com or http://10.20.80.176.
The welcome page appears.
3 Click Download the vSphere Client under Getting Started.
4 Click Yes in the security warning dialog box that appears.
What to do next
Install the vSphere Client.
Licensing the Host

After you purchase a host license, VMware provides a vSphere license key.
See Chapter 16, “Managing ESX/ESXi and vCenter Server Licenses,” on page 107.
VMware, Inc. 63
Set an ESX/ESXi Host to Evaluation Mode

If you entered a license for ESX, you can switch to evaluation mode to explore the full functionality of ESX.
Procedure
1 From the vSphere Client, select the host in the inventory.
2 Click the Configuration tab.
3 Under Software, click Licensed Features.

4 Click Edit next to ESX License Type.
5 Click Product Evaluation.
6 Click OK to save your changes.
64 VMware, Inc.
Installing, Removing, and Updating
Third-Party Extensions 9
A third-party extension is designed to be incorporated into ESX/ESXi in order to enhance, or extend, the
functions of ESX/ESXi. For example, an extension might be a VMkernel module, a driver, or a CIM provider.
VMware provides the following tools for installing, removing, and updating extensions to ESX/ESXi hosts:
vSphere Host Update Graphical utility for ESXi only. See the Upgrade Guide.
Utility
vCenter Update Manager For ESX and ESXi, automates patching and updating of extensions. See the
vCenter Update Manager Administration Guide.
vihostupdate Command-line utility for ESX and ESXi.
esxupdate Command-line utility for ESX only. See the Patch Management Guide.

n “About Patching Hosts with vSphere Host Update Utility,” on page 65
n “About the vihostupdate Command-Line Utility,” on page 66
n “Update an ESX/ESXi Host Using Offline Bundles with the vihostupdate Utility,” on page 66
n “Update an ESX/ESXi Host Using a Depot with the vihostupdate Utility,” on page 67
n “Remove Custom Packages on ESX Using the Service Console,” on page 68
n “Remove Selected Custom Packages on ESX/ESXi Using the vSphere Command Line,” on page 68
About Patching Hosts with vSphere Host Update Utility

With vSphere Host Update Utility, you can download and install maintenance and patch releases, which
provide security, stability, and feature enhancements for ESXi hosts.
You can use vSphere Host Update Utility to check for new release updates and patches that are applicable to
the ESXi hosts registered in the vSphere Host Update Utility. vSphere Host Update Utility builds the host list
by tracking the hosts that you connect to directly through the vSphere Client. You can also add hosts to the
list manually.
VMware, Inc. 65
About the vihostupdate Command-Line Utility

The vihostupdate command applies software updates to ESX/ESXi hosts and installs and updates ESX/ESXi
extensions such as VMkernel modules, drivers, and CIM providers.
IMPORTANT Run vihostupdate on ESX 4.0/ESXi 4.0 hosts. Run vihostupdate35 on ESX 3.5/ESXi 3.5 hosts.
NOTE The esxupdate utility is supported as well. It is for ESX only. See the Patch Management Guide.
The vihostupdate command works with bulletins. Each bulletin consists of one or more vSphere bundles and
addresses one or more issues.
Towards the end of a release, bulletins include a large number of other bulletins. Bulletins are available in
offline bundles and in a depot with associated metadata.zip files.
n If you use offline bundles, all patches and corresponding metadata are available as one ZIP file.
n If you use a depot, the metadata.zip file points to metadata, which describes the location of the files.
The command supports querying installed software on a host, listing software in a patch, scanning for bulletins
that apply to a host, and installing all or some bulletins in the patch. You can specify a patch by using a bundle
ZIP file or a depot’s metadata ZIP file.
vihostupdate supports https://, http://, and ftp:// downloads. You can specify the protocols in the
download URL for the bundle or metadata file. vihostupdate also supports local paths. See “Update an ESX/
ESXi Host Using Offline Bundles with the vihostupdate Utility,” on page 66. To search a local depot where
the vSphere CLI is installed, use /local/depot/metadata.zip without of the file:/// parameter.
Update an ESX/ESXi Host Using Offline Bundles with the vihostupdate

Utility
You can use the vihostupdate utility in conjunction with offline bundles or with a depot. This topic describes
the procedure using offline bundles.
Prerequisites
Before you can update or patch an ESX/ESXi host from the command line, you must have access to a machine
on which you can run the VMware vSphere Command-Line Interface (vSphere CLI). You can install the
vSphere CLI on your Microsoft Windows or Linux system or import the VMware vSphere Management
Assistant (vMA) virtual appliance onto your ESX/ESXi host. For information about importing or installing the
vSphere CLI, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Procedure
1 Power off any virtual machines that are running on the host and place the host into maintenance mode.
2 Find out which bulletins are applicable to the ESX/ESXi host.

n Search an offline HTTP server:
vihostupdate.pl --server <server> --scan --bundle http://<webserver>/rollup.zip
n Search the local machine:

vihostupdate.pl --server <server> --scan --bundle <local_path>/rollup.zip
The --server argument is the ESX/ESXi host name or IP address.
Do not specify more than one bundle ZIP file at the command line each time you run the command. If you
specify --bundle more than once, the command processes only the last file that was specified.
66 VMware, Inc.
Chapter 9 Installing, Removing, and Updating Third-Party Extensions
3 (Optional) List all the bulletins that are available in the bundle.
vihostupdate.pl --server <server> --list --bundle http://<webserver>/rollup.zip

vihostupdate.pl --server <server> --list --bundle <local_path>/rollup.zip
This command lists all the bulletins contained in the bundle, even those that do not apply to the host.
4 Install bulletins from the bundle on the ESX/ESXi host.

n Install from an offline HTTP server:
vihostupdate.pl --server <server> --install --bundle http://<webserver>/rollup.zip --
bulletin bulletin1,bulletin2
n Install from the local machine:

vihostupdate.pl --server <server> --install --bundle <local_path>/rollup.zip --bulletin
bulletin1,bulletin2
If you omit the --bulletin argument, this command installs all the bulletins in the bundle.
5 Verify that the bulletins are installed on your ESX/ESXi host.

vihostupdate.pl --server <server> --query
6 (Optional) Remove individual bulletins.

vihostupdate.pl --server <server> --remove --bulletin bulletin1
Use this option only for removing bulletins that are third-party or VMware extensions. Do not remove
bulletins that are VMware patches or updates. vihostupdate can remove only one bulletin at a time.
Update an ESX/ESXi Host Using a Depot with the vihostupdate Utility

You can use the vihostupdate utility in conjunction with bundles or with a depot. This topic describe the
procedure using depots.
Prerequisites
Procedure
2 Scan the depot for bulletins that are applicable to the host:
vihostupdate.pl --server <server> --scan --metadata http://<webserver>/depot/metadata.zip
Do not specify more than one ZIP file at the command line each time you run the command. If you specify
--metadata more than once, the command processes only the last file that was specified.
3 (Optional) List all bulletins in the depot at the metadata.zip file location:
vihostupdate.pl --list --metadata http://<webserver>/depot/metadata.zip
This command lists all the bulletins in the depot, even those that do not apply to the host.
VMware, Inc. 67
4 Install bulletins in the depot on the host:

vihostupdate.pl --install --metadata http://<webserver>/depot/metadata.zip --bulletin
bulletin1,bulletin2


Remove Custom Packages on ESX Using the Service Console

After adding custom packages, you might decide to remove them. One way to remove custom packages is to
use the service console and the esxupdate command.
Do not remove bulletins that are VMware patches or updates.
For detailed information about the esxupdate command, see the Patch Management Guide.
Prerequisites
Before you remove a custom package, shut down or migrate running virtual machines off of the ESX host.
Procedure
1 Open the ESX service console.
2 Run the esxupdate query command to display a list of the installed bulletins.
3 Run esxupdate -b <bulletinID> remove command, where <bulletinID> is the bulletin for the extension
to remove.
The specified custom package is removed.
Remove Selected Custom Packages on ESX/ESXi Using the vSphere

Command Line
After adding custom packages, you might decide to remove them. One way to remove custom packages is to
use the vSphere CLI and the vihostupdate command.

For detailed information about the vihostupdate command, see the VMware vSphere Command-Line Interface
Installation and Reference Guide.
Prerequisites
Before you remove a custom package, shut down or migrate running virtual machines off of the ESX/ESXi
host.
Procedure
1 Determine which bulletins are installed on your ESX/ESXi host.

68 VMware, Inc.
Chapter 9 Installing, Removing, and Updating Third-Party Extensions
Note the bundle ID for the bundle to uninstall.
2 Run the vihostupdate command.

vihostupdate --server <server> --remove --bulletin <bulletin ID>
vihostupdate can remove only one bulletin at a time.
The specified custom package is removed.
VMware, Inc. 69
70 VMware, Inc.
Preparing the vCenter Server
Databases 10
vCenter Server and vCenter Update Manager require databases to store and organize server data.
You do not need to install a new database for the vCenter Server installation to work. During installation, you
can point the vCenter Server system to any existing supported database. vCenter Server supports Oracle and
Microsoft SQL Server databases. vCenter Update Manager also supports Oracle and Microsoft SQL Server
databases. For detailed information about supported database versions, see the Compatibility Matrixes on the
VMware vSphere documentation Web site.
CAUTION If you have a VirtualCenter database that you want to preserve, do not perform a fresh installation
of vCenter Server. See the Upgrade Guide.
VMware recommends using separate databases for vCenter Server and vCenter Update Manager. However,
for a small deployments, a separate database for vCenter Update Manager might not be necessary.
Each vCenter Server instance must have its own database. vCenter Server instances cannot share the same
database schema. Multiple vCenter Server databases can reside on the same database server, or they can be
separated across multiple database servers. For Oracle, which has the concept of schema objects, you can run
multiple vCenter Server instances in a single database server if you have a different schema owner for each
vCenter Server instance, or use a dedicated Oracle database server for each vCenter Server instance.

n “vCenter Server Database Patch and Configuration Requirements,” on page 71
n “Create a 32-Bit DSN on a 64-Bit Operating System,” on page 72
n “Configure vCenter Server to Communicate with the Local Database After Shortening the Computer
Name to 15 Characters or Fewer,” on page 73
n “About the Bundled Microsoft SQL Server 2005 Express Database Package,” on page 74
n “Maintaining a vCenter Server Database,” on page 74
n “Configure Microsoft SQL Server Databases,” on page 74
n “Configure Oracle Databases,” on page 78
vCenter Server Database Patch and Configuration Requirements

After you choose a database type, make sure you understand the configuration and patch requirements for
the database.
Table 10-1 lists the configuration and patch requirements for the databases that are supported with
vCenter Server.
VMware, Inc. 71
Contact your DBA for the appropriate database credentials, or install the bundled Microsoft SQL Server 2005
Express database.
Table 10-1. Configuration and Patch Requirements

Database Type Patch and Configuration Requirements
Microsoft SQL Server 2005 Bundled database that you can use for small deployments of up to 5 hosts and 50 virtual
Express machines.
If the machine has Microsoft SQL Native Client installed, remove it before installing
vCenter Server with the bundled database.
If the machine has MSXML Core Services 6.0 installed, remove it before installing
vCenter Server with the bundled database. If you cannot remove it using the
Add or Remove Programs utility, use the Windows Installer CleanUp utility. See
http://support.microsoft.com/kb/968749.
Microsoft SQL Server 2005 For Microsoft Windows XP, apply MDAC 2.8 SP1 to the client. Use the SQL Native Client
driver (version 9.x) for the client.
Ensure that the machine has a valid ODBC DSN entry.
If Microsoft SQL Server 2005 is not already installed and the machine has MSXML Core
Services 6.0 installed, remove MSXML Core Services 6.0 before installing Microsoft SQL Server
2005. If you cannot remove it using the Add or Remove Programs utility, use the Windows
Installer CleanUp utility. See http://support.microsoft.com/kb/968749.
Microsoft SQL Server 2008 For Microsoft Windows XP, apply MDAC 2.8 SP1 to the client. Use the SQL Native Client
driver (version 10.x) for the client.
Oracle 10g If necessary, first apply patch 10.2.0.3 (or later) to the client and server. Then apply patch
5699495 to the client.
For the Oracle Instant client, copy ojdbc14.jar to the vCenter Server tomcat directory
(<vCenter install location>\Infrastructure\tomcat\lib)
The Oracle 10g client comes with ojdbc14.jar (<Oracle client install location>
\oracle\product\10.2.0\<instance_name>\jdbc\lib). The vCenter Server installer
copies the file from the Oracle client install location to the vCenter Server tomcat directory
If the ojdbc14.jar file is not found in the Oracle 10g client location, the vCenter Server installer
prompts you to copy the file manually. You can download the file from
http://www.oracle.com/technology/software/tech/java/sqlj_jdbc/htdocs/jdbc101040.html.
Oracle 11g Ensure that the machine has a valid ODBC DSN entry.
For the Oracle Instant client, copy ojdbc14.jar to the vCenter Server tomcat directory
The Oracle 11g client comes with ojdbc14.jar (<Oracle client install location>\app
\Administrator\product\11.1.0\<instancename>\sqldeveloper\jdbc\lib). The
vCenter Server installer copies the file from the Oracle client install location to the vCenter
Server tomcat directory (<vCenter install location>\Infrastructure\tomcat\lib)
Create a 32-Bit DSN on a 64-Bit Operating System

You can install or upgrade to vCenter Server on both 32-bit and 64-bit operating systems.
Even though vCenter Server is supported on 64-bit operating systems, the vCenter Server system must have
a 32-bit DSN. This requirement applies to all supported databases. By default, any DSN created on a 64-bit
system is 64 bit.
72 VMware, Inc.
Chapter 10 Preparing the vCenter Server Databases
Procedure
1 Install the ODBC drivers.

n For Microsoft SQL Server database servers, install the 64-bit database ODBC drivers on your Microsoft
Windows system. When you install the 64-bit drivers, the 32-bit drivers are installed automatically.
n For Oracle database servers, install the 32-bit database ODBC drivers on your Microsoft Windows
system.
NOTE The default install location on 64-bit operating systems is C:\VMware.
2 Run the 32-bit ODBC Administrator application, located at [WindowsDir]\SysWOW64\odbcad32.exe.
3 Use the application to create your DSN.
You now have a DSN that is compatible with vCenter Server. When the vCenter Server installer prompts you
for a DSN, select the 32-bit DSN.
Configure vCenter Server to Communicate with the Local Database

After Shortening the Computer Name to 15 Characters or Fewer
The machine on which you install or upgrade to vCenter Server must have a computer name that is 15
characters or fewer. If your database is located on the same machine that vCenter Server will be installed on
and you have recently changed the name of this machine to comply with the name-length requirement, make
sure the vCenter Server DSN is configured to communicate with the new name of the machine.
Changing the vCenter Server computer name impacts database communication if the database server is on the
same computer with vCenter Server. If you have changed the machine name, verify that communication
remains intact by completing the following procedure.
The name change has no impact on communication with remote databases. You can skip this procedure if your
database is remote.
NOTE The name-length limitation applies to the vCenter Server system. The data source name (DSN) and
remote database systems can have names with more than 15 characters.
Check with your database administrator or the database vendor to make sure all components of the database
are working after you rename the server.
Procedure
1 Make sure the database server is running.
2 Make sure that the vCenter Server computer name is updated in the domain name service (DNS).
One way to test this is by pinging the computer name. For example, if the computer name is
host-1.company.com, run the following command in the Windows command prompt:
3 Update the data source information, as needed.
4 Verify the data source connectivity.
VMware, Inc. 73
About the Bundled Microsoft SQL Server 2005 Express Database

Package
The bundled Microsoft SQL Server 2005 Express database package is installed and configured when you select
Microsoft SQL Server 2005 Express as your database during vCenter Server installation or upgrade.
If the machine has Microsoft SQL Native Client installed, remove it before installing vCenter Server with the
bundled database.
Maintaining a vCenter Server Database

After your vCenter Server database instance and vCenter Server are installed and operational, perform
standard database maintenance processes.
These include:
n Monitoring the growth of the log file and compacting the database log file, as needed. See the
documentation for the database type you are using.
n Scheduling regular backups of the database.
n Backing up the database before any vCenter Server upgrade. See your database documentation for
information on backing up your database.
Configure Microsoft SQL Server Databases

If you use a Microsoft SQL database for your vCenter Server repository, you need to configure your database
to work with vCenter Server.
Use a Script to Create a Local or Remote Microsoft SQL Server Database

To simplify the process of creating the SQL Server database, users, and privileges, you can run a script. If you
do not use this script, you can create the database manually.
In the script, you can customize the location of the data and log files.
The user created by this script does not follow any security policy. The passwords are provided only for
convenience. Change the passwords as appropriate.
To prepare a SQL Server database to work with vCenter Server, you generally need to create a SQL Server
database user with database operator (DBO) rights. When you do this, make sure that the database user login
has the db_owner fixed database role on the vCenter Server database and on the MSDB database. The
db_owner role on the MSDB database is required for installation and upgrade only, and you can revoke it after
installation.
If you run this script as well as the script to create the database schema, you do not have to grant DBO
permissions on the vCenter Server database. For environments in which the vCenter Server database user
cannot have DBO permissions, these scripts are especially useful. The user created by this script has DBO
privileges on both VCDB and MSDB databases. To change this, remove the two occurrences of this line:
sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
IMPORTANT If you remove these lines, you must also run the script that creates the vCenter Server database
schema, instead of allowing the vCenter Server installer to create the schema.
74 VMware, Inc.
Procedure
1 Log in to a Query Analyzer session as the sysadmin (SA) or a user account with sysadmin privileges.
2 Run the following script.
The script is located in the vCenter Server installation package /<installation directory>/vpx/dbschema/
DB_and_schema_creation_scripts_MSSQL.txt file.
use [master]
go
CREATE DATABASE [VCDB] ON PRIMARY
(NAME = N'vcdb', FILENAME = N'C:\VCDB.mdf', SIZE = 2000KB, FILEGROWTH = 10% )
LOG ON
(NAME = N'vcdb_log', FILENAME = N'C:\VCDB.ldf', SIZE = 1000KB, FILEGROWTH = 10%)
COLLATE SQL_Latin1_General_CP1_CI_AS
go
use VCDB
go
sp_addlogin @loginame=[vpxuser], @passwd=N'vpxuser!0', @defdb='VCDB',
@deflanguage='us_english'
go
ALTER LOGIN [vpxuser] WITH CHECK_POLICY = OFF
go
CREATE USER [vpxuser] for LOGIN [vpxuser]
go
go
use MSDB
go
CREATE USER [vpxuser] for LOGIN [vpxuser]
go
go
You now have a Microsoft SQL Server database that you can use with vCenter Server.
What to do next
You can run the script to create the database schema.
Use a Script to Create the Microsoft SQL Server Database Schema (Optional)
The vCenter Server installer creates the schema automatically during installation. For experienced database
administrators who need more control over schema creation due to environmental constraints, you can
optionally use a script to create your database schema.
To have the vCenter Server installer create your schema for you, see “Configure a SQL Server ODBC
Connection,” on page 76.
Prerequisites
Before you use this script, create the SQL Server database. You can create the SQL Server database manually
or by using a script.
Procedure
1 Create a vCenter Server database user with the db_datawriter and db_datareader permissions.
2 Open a query analyzer window with a user having DBO rights on the vCenter Server and MSDB databases.
VMware, Inc. 75
3 Locate the dbschema scripts in the vCenter Server installation package /<installation directory>/vpx/
dbschema directory.
4 Run the scripts in sequence on the database.
The DBO user must own the objects created by these scripts. Open the scripts one at a time in the Query
Analyzer window and press F5 to execute each script in the order shown here.
VCDB_mssql.SQL
purge_stat1_proc_mssql.sql
purge_usage_stats_proc_mssql.sql
stats_rollup1_proc_mssql.sql
cleanup_events_mssql.sql
delete_stats_proc_mssql.sql
upsert_last_event_proc_mssql.sql
5 For all supported editions of Microsoft SQL Server (except Microsoft SQL Server 2005 Express), ensure
that the SQL Server Agent service is running by using these additional scripts to set up scheduled jobs on
the database.
job_schedule1_mssql.sql
job_cleanup_events_mssql.sql
What to do next
1 On the machine on which you intend to install vCenter Server, create a DSN that points to the database
server with the schema.
2 Run the vCenter Server installer.
a If a database reinitialization warning message appears in the vCenter Server installer, select Do not
overwrite, leave my existing database in place and continue the installation.
This message appears if you are using a database that has vCenter Server tables created by a previous
installation. The message does not appear if the database is clean.
If you leave your existing database in place, you cannot join a Linked Mode group during the
installation. You can join after the installation is complete. (See “Join a Linked Mode Group After
Installation,” on page 99.)
b When prompted, provide the database user login.
Configure a SQL Server ODBC Connection

When you install the vCenter Server system, you can establish a connection with a SQL Server database.
If you use SQL Server for vCenter Server, do not use the master database.
See your Microsoft SQL ODBC documentation for specific instructions regarding configuring the SQL Server
ODBC connection.
76 VMware, Inc.
Prerequisites
n Review the required database patches specified in “vCenter Server Database Patch and Configuration
Requirements,” on page 71. If you do not prepare your database correctly, the vCenter Server installer
displays error and warning messages.
n Create a database using SQL Server Management Studio on the SQL Server.
n Create a database user with database operator (DBO) rights.
The default database for the DBO user is the one that you created using SQL Server Management Studio.
Make sure that the database login has the db_owner fixed database role on the vCenter Server database
and on the MSDB database. The db_owner role on the MSDB database is required for installation and
upgrade only. You can revoke this role after installation.
n If you are using a named instance of Microsoft SQL Server 2008 Standard Edition with vCenter Server, do
not name the instance MSSQLSERVER. If you do, the JDBC connection does not work, and certain features,
such as Performance Charts, are not available.
Procedure
1 On your vCenter Server system, open the Microsoft Windows ODBC Data Source Administrator.
n On a 32-bit system, select Settings > Control Panel > Administrative Tools > Data Sources
(ODBC).
n On a 64-bit system, open C:\WINDOWS\SYSWOW64\odbc32.exe.
2 Select the System DSN tab and do one of the following.

n To modify an existing SQL Server ODBC connection, select the connection from the System Data
Source list and click Configure.
n To create a new SQL Server ODBC connection, click Add, select SQL Native Client, and click
Finish.
3 Type an ODBC datastore name (DSN) in the Name text box.
For example, VMware vCenter Server.
4 (Optional) Type an ODBC DSN description in the Description text box.
5 Select the server name from the Server drop-down menu and click Next.
Type the SQL Server host name in the text box if it is not in the drop-down menu.
6 Select one of the authentication methods.
7 If you selected SQL authentication, type your SQL Server login name and password and click Next.
8 Select the database created for the vCenter Server system from the Change the default database to menu
and click Next.
9 Click Finish.
What to do next
To test the data source, from the ODBC Microsoft SQL Server Setup menu, select Test Data Source and click
OK. Ensure that the SQL Agent is running on your database server.
This applies to SQL Server 2005 and SQL Server 2008 editions.
VMware, Inc. 77
Configure Microsoft SQL Server TCP/IP for JDBC

If the Microsoft SQL Server database has TCP/IP disabled and the dynamic ports are not set, the JDBC
connection remains closed. This causes the vCenter Server statistics to malfunction. You can configure the
server TCP/IP for JDBC.
This procedure applies to remote Microsoft SQL Server database servers. You can skip this procedure if your
database is local.
Procedure
1 Start the SQL Server Configuration Manager by selecting Start > All Programs > Microsoft SQL Server
> Configuration Tools > SQL Server Configuration Manager.
2 Select SQL Server Network Configuration > Protocols for <Instance name>.
3 Enable TCP/IP.
4 Open TCP/IP Properties.
5 On the Protocol tab, make the following selections.

n Enabled: Yes
n Listen All: Yes
n Keep Alive: 30000
6 On the IP Addresses tab, make the following selections.

n Active: Yes
n TCP Dynamic Ports: 0
7 Restart the SQL Server service from SQL Server Configuration Manager > SQL Server Services.
8 Start the SQL Server Browser service from SQL Server Configuration Manager > SQL Server
Services.
Configure Oracle Databases

If you use an Oracle database for your vCenter Server repository, you need to configure your database to work
with vCenter Server.
Use a Script to Create a Local or Remote Oracle Database

When you use an Oracle database with vCenter Server, the database must have certain table spaces and
privileges. To simplify the process of creating the database, you can run a script. If you do not use this script,
you can create the database manually.
When using the script, you can customize the location of the data and log files.
NOTE The user created by this script does not follow any security policy. The passwords are provided only
for convenience. Change the passwords as appropriate.
78 VMware, Inc.
Procedure
1 Log in to a SQL*Plus session with the system account.
2 Run the following script.
DB_and_schema_creation_scripts_oracle.txt file.
CREATE SMALLFILE TABLESPACE "VPX" DATAFILE '/u01/app/oracle/oradata/vcdb/vpx01.dbf'

SIZE 1G AUTOEXTEND ON NEXT 10M MAXSIZE UNLIMITED LOGGING EXTENT MANAGEMENT LOCAL SEGMENT
SPACE MANAGEMENT AUTO;
For a Windows installation, change the directory path to the vpx01.dbf file.
You now have an Oracle database that you can use with vCenter Server.
What to do next
You can also run a script to create the database schema.
Configure an Oracle Database User

If you plan to use an Oracle database when you install vCenter Server, you must configure the database user.
You can configure an Oracle database for vCenter Server either locally on the same Microsoft Windows
machine as vCenter Server or remotely on a network-connected Linux, UNIX or Microsoft Windows host.
Prerequisites
Review the software requirements for vCenter Server with Oracle.
Procedure
1 Log in to a SQL*Plus session with the system account.
2 Run the following SQL command to create a vCenter Server database user with the correct permissions.
DB_and_schema_creation_scripts_oracle.txt file.
In this example, the user name is VPXADMIN.

CREATE USER "VPXADMIN" PROFILE "DEFAULT" IDENTIFIED BY "oracle" DEFAULT TABLESPACE
"VPX" ACCOUNT UNLOCK;
grant connect to VPXADMIN;
grant resource to VPXADMIN;
grant create view to VPXADMIN;
grant create sequence to VPXADMIN;
grant create table to VPXADMIN;
grant execute on dbms_lock to VPXADMIN;
grant unlimited tablespace to VPXADMIN;
By default, the RESOURCE role has the CREATE PROCEDURE, CREATE TABLE, and CREATE
SEQUENCE privileges assigned. If the RESOURCE role does not have these privileges, explicitly grant
them to the vCenter Server database user.
You now have an Oracle database user that you can reference in the vCenter Server installer.
What to do next
Create the Oracle database, including all necessary table spaces and privileges.
VMware, Inc. 79
Use a Script to Create the Oracle Database Schema (Optional)

The vCenter Server installer creates the schema automatically during installation. For experienced database
administrators who need more control over schema creation due to environmental constraints, you can
optionally use a script to create your database schema.
To have the vCenter Server installer create your schema for you, see “Configure an Oracle Connection for Local
Access,” on page 81 or “Configure an Oracle Connection for Remote Access,” on page 81, depending on
your environment.
Prerequisites
Before you use this script, create the Oracle database and user. You can create the Oracle database and user
manually or by using scripts.
Procedure
1 Open a SQL*Plus window with a user that has schema owner rights on the vCenter Server database.
2 Locate the dbschema scripts in the vCenter Server installation package /<installation directory>/vpx/
dbschema directory.
3 In SQL*Plus, run the scripts in sequence on the database.
<path> is the directory path to the /<installation directory>/vpx/dbschema folder.
@<path>/VCDB_oracle.SQL
@<path>/purge_stat1_proc_oracle.sql
@<path>/purge_usage_stats_proc_oracle.sql
@<path>/stats_rollup1_proc_oracle.sql
@<path>/cleanup_events_oracle.sql
@<path>/delete_stats_proc_oracle.sql
4 For all supported editions of Oracle Server, run these additional scripts to set up scheduled jobs on the
database.
@<path>/job_schedule1_oracle.sql
@<path>/job_cleanup_events_oracle.sql
You now have a database schema that is compatible with vCenter Server 4.0.
What to do next
1 On the machine where you are installing vCenter Server, create a DSN that points to the database server
with the schema.
2 Run the vCenter Server installer.
a If a database reinitialization warning message appears in the vCenter Server installer, select Do not
overwrite, leave my existing database in place and continue the installation.
This message appears if you are using a database that has vCenter Server tables created by a previous
installation. The message does not appear if the database is clean.
80 VMware, Inc.
If you leave your existing database in place, you cannot join a Linked Mode group during the
installation. You can join after the installation is complete. (See “Join a Linked Mode Group After
Installation,” on page 99.)
b When prompted, provide the database user login.
Configure an Oracle Connection for Local Access

VMware recommends that the vCenter Server database be located on the same system as vCenter Server.
Prerequisites
Before configuring an Oracle connection, review the required database patches specified in “vCenter Server
Database Patch and Configuration Requirements,” on page 71. If you do not prepare your database correctly,
the vCenter Server installer displays error and warning messages.
Procedure
1 Download Oracle 10g or Oracle 11g from the Oracle Web site, install it, and create a database.
2 Configure the TNS Service Name option in the ODBC DSN. The TNS Service Name is the net service name
for the database to which you want to connect. You can find the net service name in the tnsnames.ora file
located in the NETWORK\ADMIN folder in the Oracle database installation location.
Configure an Oracle Connection for Remote Access

A vCenter Server system can access the database remotely.
Prerequisites
Before configuring an Oracle connection, review the required database patches specified in “vCenter Server
Database Patch and Configuration Requirements,” on page 71. If you do not prepare your database correctly,
the vCenter Server installer displays error and warning messages.
Procedure
1 Install the Oracle client on the vCenter Server system machine.
2 Download and install the ODBC driver.
3 Create a new tablespace for a vCenter Server system using a SQL statement such as the following.
CREATE TABLESPACE "VPX" DATAFILE 'C:\Oracle\ORADATA\VPX\VPX.dat' SIZE 1000M AUTOEXTEND ON NEXT
500K;
4 Create a user, such as vpxAdmin, for accessing the tablespace through ODBC.
CREATE USER vpxAdmin IDENTIFIED BY vpxadmin DEFAULT TABLESPACE vpx;
5 Either grant dba permission to the user, or grant the following permissions to the user.
grant connect to <user>grant resource to <user>grant create view to <user>grant unlimited
tablespace to <user> # To ensure space is sufficient
VMware, Inc. 81
6 Use a text editor or the Net8 Configuration Assistant to edit the tnsnames.ora file located in the directory
C:\Oracle\Oraxx\NETWORK\ADMIN, where xx is either 10g or 11g.
Add the following entry, where HOST is the managed host to which the client must connect.
VPX =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS=(PROTOCOL=TCP)(HOST=vpxd-Oracle)(PORT=1521))
)
(CONNECT_DATA =
(SERVICE_NAME = VPX)
)
)
7 Configure the TNS Service Name option in the ODBC DSN.
The TNS Service Name is the net service name for the database to which you want to connect, in this case,
VPX. You can find the net service name in the tnsnames.ora file.
Connect to an Oracle Database Locally

A vCenter Server system can access the database locally.
Procedure
1 Create a new tablespace for a vCenter Server system using a SQL statement such as the following.
CREATE TABLESPACE "VPX" DATAFILE 'C:\Oracle\ORADATA\VPX\VPX.dat' SIZE 1000M AUTOEXTEND ON NEXT
500K;
2 Create a user, such as vpxAdmin, for accessing the tablespace through ODBC.
CREATE USER vpxAdmin IDENTIFIED BY vpxadmin DEFAULT TABLESPACE vpx;
3 Either grant dba permission to the user, or grant the following permissions to the user.
grant connect to <user>grant resource to <user>grant create view to <user>grant unlimited
tablespace to <user> # To ensure space is sufficient
4 Create an ODBC connection to the database.
These are example settings.

Data Source Name: VMware vCenter Server TNS Service Name: VPX User Id: vpxAdmin
You now have a database that you can connect to locally.
What to do next
Install vCenter Server.
82 VMware, Inc.
Introduction to Installing
vCenter Server 11
You can install vCenter Server on a physical system or on a virtual machine running on an ESX host.
n “vCenter Server Prerequisites,” on page 83
n “Using a User Account for Running vCenter Server with SQL Server,” on page 84
n “About Installing vCenter Server on IPv6 Machines,” on page 85
n “Configure the URLs on a Standalone vCenter Server System,” on page 85
n “Running the vCenter Server and vSphere Client Installers from a Network Drive,” on page 85
n “vCenter Server Components,” on page 85
n “Required Data for Installing vCenter Server,” on page 86

Before installing vCenter Server, review the prerequisites.
n You must have the installation DVD or download the installation ISO image.
n Your hardware must meet the requirements listed in “vCenter Server and the vSphere Client Hardware
Requirements,” on page 16 and the required ports must be open, as discussed in “Required Ports,” on
page 18.
n Your database must meet the database requirements. See “vCenter Server Database Patch and
Configuration Requirements,” on page 71 and Chapter 10, “Preparing the vCenter Server Databases,” on
page 71.
n If the machine on which you are installing vCenter Server has VirtualCenter installed, you might want to
upgrade instead of performing a fresh installation of vCenter Server.
IMPORTANT If you want to keep your existing VirtualCenter configuration, see the Upgrade Guide.
n There must be no Network Address Translation (NAT) between the vCenter Server system and the hosts
it will manage.
n Create a vCenter Server database, unless you plan to install the bundled SQL Server 2005 Express.
n The system that you use for your vCenter Server installation must belong to a domain rather than a
workgroup. If assigned to a workgroup, the vCenter Server system is not able to discover all domains and
systems available on the network when using such features as vCenter Guided Consolidation Service. To
determine whether the system belongs to a workgroup or a domain, right-click My Computer and click
Properties and the Computer Name tab. The Computer Name tab displays either a Workgroup label or
a Domain label.
VMware, Inc. 83
n During the installation, the connection between the machine and the domain controller must be working.
n The computer name cannot be more than 15 characters.
n The DNS name of the machine must match the actual computer name.
controller.
n On each system that is running vCenter Server, make sure that the domain user account has the following
permissions:
n Member of the Administrators group
n Act as part of the operating system
n Log on as a service
n Assign a static IP address and host name to the Windows server that will host the vCenter Server system.
This IP address must have a valid (internal) domain name system (DNS) registration that resolves properly
from all managed ESX hosts.
n If you install vCenter Server on Windows Server 2003 SP1, the disk for the installation directory must have
the NTFS format, not the FAT32 format.
n Consider whether the vCenter Server instance will be standalone or in a Linked Mode group. See
Chapter 14, “Creating vCenter Server Linked Mode Groups,” on page 97.
n vCenter Server, like any other network server, should be installed on a machine with a fixed IP address
and well-known DNS name, so that clients can reliably access the service. If you use DHCP instead of a
static IP address for vCenter Server, make sure that the vCenter Server computer name is updated in the
domain name service (DNS). One way to test this is by pinging the computer name. For example, if the
computer name is host-1.company.com, run the following command in the Windows command prompt:
Using a User Account for Running vCenter Server with SQL Server
You can use the Microsoft Windows built-in system account or a user account to run vCenter Server. With a
user account, you can enable Windows authentication for SQL Server, and it also provides more security.
The user account must be an administrator on the local machine. In the installation wizard, you specify the
account name as DomainName\Username. You must configure the SQL Server database to allow the domain
account access to SQL Server.
The Microsoft Windows built-in system account has more permissions and rights on the server than the
vCenter Server system needs, which can contribute to security problems. Even if you do not plan to use
Microsoft Windows authentication for SQL Server or you are using an Oracle database, you might want to set
up a local user account for the vCenter Server system. In this case, the only requirement is that the user account
is an administrator on the local machine.
For SQL Server DSNs configured with Windows authentication, use the same user account for the VMware
VirtualCenter Management Webservices service and the DSN user.
If you install an instance of vCenter Server as a local system account on a local SQL Server database with
Integrated Windows NT Authentication and you add an Integrated Windows NT Authentication user to the
local database server with the same default database as vCenter Server, vCenter Server might not start. To
resolve this issue, remove the Integrated Windows NT Authentication user from the local SQL database server,
or change the default database for the local system user account to the vCenter Server database for the SQL
Server user account setup.
84 VMware, Inc.
Chapter 11 Introduction to Installing vCenter Server
About Installing vCenter Server on IPv6 Machines

If the system on which you install vCenter Server is configured to use IPv6, vCenter Server uses IPv6. When
you connect to that vCenter Server system or install additional modules, you must specify the server address
in IPv6 format, unless you use the fully qualified domain name.
Configure the URLs on a Standalone vCenter Server System

If you are joining a standalone vCenter Server system to a Linked Mode group, the domain name of the system
must match the machine name. If you change either name to make them match, you must also configure the
vCenter Server URLs to make them compatible with the new domain name and machine name.
If you do not update the URLs, remote instances of vCenter Server cannot reach the vCenter Server system,
because the default vCenter Server URL entries are no longer accurate. The vCenter Server installer configures
default URL entries as follows:
n For the VirtualCenter.VimApiUrl key, the default value is http(s)://<FQDN of VC machine>/sdk.
n For the Virtualcenter.VimWebServicesUrl key, the default value is https://<FQDN of VC
machine>:<installed-webservices-port>/vws.
Procedure
1 From the vSphere Client, connect directly to the vCenter Server instance on which you have changed the
domain or host name.
2 Select Administration > vCenter Server Settings and click Advanced Settings.
3 For the Virtualcenter.VimApiUrl key, change the value to point to the location where the vSphere Client
and SDK clients can access the vCenter Server system.
For example: http(s)://<machine-name/ip>:<vc-port>/sdk.
4 For the Virtualcenter.VimWebServicesUrl key, change the value to point to the location where
vCenter Server Webservices is installed.
For example: https://<machine-name/ip>:<webservices-port>/vws.
5 For the Virtualcenter.Instancename key, change the value so that the modified name appears in the
vCenter Server inventory view.
Running the vCenter Server and vSphere Client Installers from a

Network Drive
You can run the installers from a network drive, but you cannot install the software on a network drive.
In Windows, you can map a network drive, run the installers from the network drive, and install the software
on the local machine.
vCenter Server Components

When you install vCenter Server, some additional components are also installed. In some cases, you can control
which components are installed.
The vCenter Server installer installs the following components:
VMware vCenter Server Windows service to manage ESX hosts.
Microsoft.NET 3.0 SP1 Software used by the Database Upgrade wizard and the vSphere Client. Also
Framework used by vCenter Server if you are using the bundled database.
VMware, Inc. 85
VMware vCenter vCenter Server module that provides a comprehensive set of tools to efficiently
Orchestrator manage your virtual IT environment. The vCenter Server performs a silent
installation of vCenter Orchestrator. If you install vCenter Server on an IPv6
operating system, the vCenter Orchestrator module is not supported. If you
install vCenter Server in a mixed environment (both IPv4 and IPv6 enabled),
the vCenter Orchestrator module can only be configured using IPv4. See the
vCenter Orchestrator Administration Guide.
Microsoft SQL Server Free, bundled version of the Microsoft SQL Server database for smaller scale
2005 Express (optional) applications. If you enter a path to an existing database, the installer does not
install the bundled database.
The vCenter Server autorun.exe application includes links to install the following optional components:
vSphere Client Client application used to connect directly to an ESX host or indirectly to an
ESX host through a vCenter Server.
vCenter Converter vCenter Server module that enables you to convert your physical machines to
Enterprise for virtual machines.
vCenter Server
vCenter Guided vCenter Server module that discovers physical systems and analyzes them for
Consolidation Service preparation to be converted into virtual machines.
vCenter Update Manager vCenter Server module that provides security monitoring and patching
support for ESX hosts and virtual machines.
Required Data for Installing vCenter Server

Prepare for the installation by recording the values that the vCenter Server system requires.
Table 11-1 lists the information that you are prompted for during the installation. Note the values entered in
case you need to reinstall vCenter Server and want to use the same values. VMware Knowledge Base
article 1010023 contains a linked worksheet that complements Table 11-1.
Table 11-1. Data Required for vCenter Server Installation

Data Default Comments
User name and organization Your Follow your organization’s policy.

organization’s
name
vCenter Server license key None If you omit the license key, vCenter Server is installed in evaluation
mode. After you install vCenter Server, you can enter the
vCenter Server license in the vSphere Client.
vCenter Server install location Depends on your

operating system
Standalone or join group Standalone Join a Linked Mode group to enable the vSphere Client to view,
search, and manage data across multiple vCenter Server systems.
Fully qualified domain name of None Required if this instance of vCenter Server is joining a group. This is
Directory Services for the the name of a remote instance of vCenter Server. The local and remote
vCenter Server group instances will be members of a Linked Mode group.
LDAP port for the Directory 389 Required if this instance of vCenter Server is joining a Linked Mode
Services for the remote group. This is the remote instance’s LDAP port. See “Required Ports,”
vCenter Server instance on page 18.
Data source name (DSN) None Required to use an existing database. Not required if you are using
the bundled database.
Database user name None
86 VMware, Inc.
Chapter 11 Introduction to Installing vCenter Server
Table 11-1. Data Required for vCenter Server Installation (Continued)

Data Default Comments
Database password None
vCenter Server account Microsoft Use a user-specified account if you plan to use Microsoft Windows
information Windows system authentication for SQL Server. See “Using a User Account for
Can be the Microsoft Windows account Running vCenter Server with SQL Server,” on page 84.
system account or a user-
specified account
HTTPS Web services 443 See “Required Ports,” on page 18.
HTTP Web services 80
Heartbeat (UDP) used for 902

sending data to ESX/ESXi hosts
LDAP port for the Directory 389

Services for the local
vCenter Server instance
SSL port for the Directory 636

Services for the local
vCenter Server instance
VMware VirtualCenter 8080

Management Webservices
VMware VirtualCenter 8443

Management Webservices
VMware, Inc. 87
88 VMware, Inc.
Installing vCenter Server 12
After you install vCenter Server and the vSphere Client, you can configure communication between them.
n “Download the vCenter Server Installer,” on page 89
n “Install vCenter Server in a Virtual Machine,” on page 89
n “Install vCenter Server,” on page 90
Download the vCenter Server Installer

You must download the installer for vCenter Server, the vSphere Client, and the additional modules.
Procedure
1 Download the zip file for the vCenter Server from the VMware product page at
http://www.vmware.com/products/.
The installer filename is VMware-VIMSetup-xx-4.0.0-yyyyyy.zip, where xx is the two-character language

code and yyyyyy is the build number.
2 Extract the files from the zip archive.
Install vCenter Server in a Virtual Machine

You can install vCenter Server in a Microsoft Windows virtual machine, which runs on an ESX host.
Deploying the vCenter Server system in the virtual machine has the following advantages:
n Rather than dedicating a separate server to the vCenter Server system, you can place it in a virtual machine
running on the same ESX host where your other virtual machines run.
n You can provide high availability for the vCenter Server system by using VMware HA.
n You can migrate the virtual machine containing the vCenter Server system from one host to another,
enabling maintenance and other activities.
n You can create snapshots of the vCenter Server virtual machine and use them for backups, archiving, and
so on.
Prerequisites
VMware, Inc. 89
Procedure
1 On a standalone server, install ESX.
2 On any machine that has network access to your ESX host, install the vSphere Client.
3 Using the vSphere Client, access the ESX host directly to create the virtual machine for hosting
vCenter Server.
4 In the virtual machine, install vCenter Server.
Install vCenter Server

vCenter Server allows you to centrally manage hosts from either a physical or virtual Windows machine, and
enables the use of advanced features such as VMware Distributed Resource Scheduler (DRS), VMware High
Availability (HA), and VMware VMotion.
Prerequisites
Procedure
1 In the software installer directory, double-click the autorun.exe file at C:\<installer location>\.
2 Click vCenter Server.

This selection controls the language for only the installer. When you use the vSphere Client to connect to
the vCenter Server system, the vSphere Client appears in the language associated with the locale setting
on your machine. You can alter this behavior with a command-line instruction or by changing the locale
in the registry of the machine. See Basic System Administration.
6 Type your user name, organization, and vCenter Server license key, and click Next.
If you omit the license key, vCenter Server will be in evaluation mode, which allows you to use the full
feature set. After installation, you can convert vCenter Server to licensed mode by entering the license key
using the vSphere Client.
7 Choose the type of database that you want to use.

n If you want to use the bundled database, click Install SQL Server 2005 Express instance (for small-
scale deployments).
This database is suitable for deployments of up to 5 hosts and 50 virtual machines.

n If you want to use an existing database, click Use an existing supported database and select your
database from the list of available DSNs. Enter the user name and password for the DSN and click
Next.
If your database is a local SQL Server database using Windows NT authentication, leave the user
name and password fields blank.
If you specify a remote SQL Server database that uses Windows NT authentication, the database user
and the logged-in user on the vCenter Server machine must be the same.
A dialog box might appear warning you that the DSN points to an older version of a repository that must
be upgraded. If you click Yes, the installer upgrades the database schema, making the database irreversibly
incompatible with previous VirtualCenter versions. See the Upgrade Guide.
90 VMware, Inc.
Chapter 12 Installing vCenter Server
8 Choose the account type.
If you want to use Windows authentication for SQL Server, specify an account that is an administrator on
the local machine. As a best practice, type the account name as <DomainName>\<Username>. Type the
account password, retype the password, and click Next.
9 Either accept the default destination folders or click Change to select another location, and click Next.
The installation path cannot have commas (,) or periods (.).
NOTE To install the vCenter Server on a drive other than C:, verify that there is enough space in the C:
\WINDOWS\Installer folder to install the Microsoft Windows Installer .msi file. If you do not have enough
space, your vCenter Server installation might fail.
10 Select Create a standalone VMware vCenter Server instance or Join Group and click Next.
Join a Linked Mode group to enable the vSphere Client to view, search, and manage data across multiple
vCenter Server systems. See Chapter 14, “Creating vCenter Server Linked Mode Groups,” on page 97.
This option does not appear if you are upgrading the VirtualCenter database schema. If it does not appear,
you can join a Linked Mode group after the installation is complete.
11 If you join a group, enter the fully qualified domain name and LDAP port number of any remote
vCenter Server system and click Next.
In some cases, you can enter the IP address instead of the fully qualified domain name. To help ensure
connectivity, the best practice is to use the fully qualified domain name. For IPv6, unless both the local
and the remote machine are in IPv6 mode, you must enter the fully qualified domain name of the remote
machine instead of the IPv6 address. If the local machine has an IPv4 address and the remote machine has
an IPv6 address, the local machine must support IPv4 and IPv6 mixed mode. The domain name server
must be able to resolve both IPv4 and IPv6 addresses if your environment has both addressing types in a
single Linked Mode group.
12 Enter the port numbers that you want to use or accept the default port numbers and click Next.
See “Required Ports,” on page 18.
13 Click Install.
Installation might take several minutes. Multiple progress bars appear during the installation of the
selected components.
14 Click Finish.
What to do next
See Chapter 13, “Postinstallation Considerations for vCenter Server,” on page 93.
VMware, Inc. 91
92 VMware, Inc.
Postinstallation Considerations for
vCenter Server 13
After you install vCenter Server, consider the postinstallation options and requirements.
n Install the vSphere Client and make sure that you can access the vCenter Server instance.
n Check the license server configuration. A license server is required if this vCenter Server is managing
ESX 3.x/ESXi 3.5 hosts. For information about installing the VMware License Server, see the documentation
for VMware Infrastructure 3.
n For environments that require strong security, VMware recommends that you replace the default
certificates on your vCenter Server system with certificates signed by a commercial Certificate Authority
(CA). See vSphere 4.0 technical note Replacing vCenter Server Certificates at
http://www.vmware.com/resources/techresources/.
n When vCenter Server and the database are installed on the same machine, after rebooting the machine,
the VMware VirtualCenter Management Webservices service might not start. To start the service
manually, select Settings > Control Panel > Administrative Tools > Services > VMware VirtualCenter
Management Webservices and start the service. The machine might require several minutes to start the
service.
n For Oracle databases, note the following:
n For the Oracle Instant client, copy ojdbc14.jar to the vCenter Server tomcat directory (<vCenter
install location>\Infrastructure\tomcat\lib)
n The Oracle 10g client and Oracle 11g client come with ojdbc14.jar (<Install location>\oracle
\product\10.2.0\<instance_name>\jdbc\lib or <Install location>\app\Administrator\product
\11.1.0\<instance_name>\sqldeveloper\jdbc\lib). The vCenter Server installer copies the file from
the Oracle client install location to the vCenter Server tomcat directory (<vCenter install location>
\Infrastructure\tomcat\lib)
n If the ojdbc14.jar file is not found in the Oracle 10g or Oracle 11g client location, the vCenter Server
installer prompts you to copy the file manually. You can download the file from

n “Install the vSphere Client,” on page 94
n “Install the vSphere Host Update Utility,” on page 95
n “Uninstall VMware vSphere Components,” on page 96
VMware, Inc. 93
Install the vSphere Client

The vSphere Client enables you to connect to an ESX/ESXi host and to a vCenter Server system.
Prerequisites
n You must have the vCenter Server installer or the vSphere Client installer.
n You must be a member of the Administrators group on the machine.
Procedure
1 Run the vSphere Client installer.

n In the vCenter Server installer, double-click the autorun.exe file at C:\<vc-installer location>\ and
click VMware vSphere Client.
n If you downloaded the vSphere Client, double-click the VMware-viclient.exe file.
This selection controls the language only for the installer. When you use the vSphere Client, the vSphere
Client appears in the language associated with the locale setting on the machine. You can alter this behavior
with a command-line instruction or by changing the locale in the registry of the machine. See Basic System
Administration.
5 Type your user name and company name and click Next.
6 Select Install VMware vSphere Host Update Utility to manage host patches, updates, and upgrades from
this machine and click Next.
For large deployments and for environments with clustered hosts, VMware recommends that you use
vCenter Update Manager instead of the vSphere Host Update Utility.
click Next.
You can use the vSphere Client to connect to an ESX/ESXi host or to connect to a vCenter Server system.
Start the vSphere Client

After you install the vSphere Client, you can connect to an ESX/ESXi host and to a vCenter Server system.
NOTE Do not use the Windows built-in Guest account to start the vSphere Client. By default, the Guest Account
is disabled. When you use the Guest account to log in to Windows, you cannot access the applications that are
already installed on the computer.
94 VMware, Inc.
Chapter 13 Postinstallation Considerations for vCenter Server
Procedure
1 Select Start > Programs > VMware > VMware vSphere Client.
2 In the vSphere Client login window, log in to an ESX/ESXi host as root or as a normal user, or log in to a
vCenter Server system as the administrator.
a Enter the IP address or host name.
b Enter your user name and password.

When you connect to the vCenter Server, use the vCenter Server IP address with your Windows login
user name and password. Use the login credentials appropriate to the Windows machine on which vCenter
Server is installed. The vCenter Server user name and password might be different than the user name
and password that you use for ESX/ESXi.
3 Click Login.
If you cannot connect to the vCenter Server system, you might need to start the VMware VirtualCenter
Management Webservices service manually. To do this, select Settings > Control Panel > Administrative
Tools > Services > VMware VirtualCenter Management Webservices and start the service. The machine
might require several minutes to start the service.
4 To ignore the security warnings that appear, click Ignore.
Security warning messages appear because the vSphere Client detects certificates signed by the ESX/ESXi
host or vCenter Server system (default setting). For highly secure environments, certificates generated by
a trusted third-party are recommended.
Install the vSphere Host Update Utility

The vSphere Host Update Utility is for updating and patching ESXi 4.0 hosts and upgrading ESX 3.x/ESXi 3.5
hosts to ESX 4.0/ESXi 4.0.
The vSphere Host Update Utility is bundled with the vSphere Client. You can install the utility when you
install the vSphere Client. If the vSphere Client is already installed and the vSphere Host Update Utility is not,
use this procedure to install vSphere Host Update Utility.
Prerequisites
To use vSphere Host Update Utility, you must have the following:
n Workstation or laptop with the vSphere Client installed.
n Network connection between the ESX/ESXi host and the workstation or laptop.
n Internet connectivity to download patch and update bundles or upgrade images from VMware.com if you
do not have a local depot.
Procedure
1 Open a command window by selecting Start > Run and then entering cmd.
2 Navigate to the folder that contains VMware-viclient.exe.
This executable is in the \vpx subfolder of the vCenter Server installation package.
3 Run the following command.

VMware-viclient.exe /S /V" /qr INSTALL_VIUPDATE=1 /L*v %temp%\vim-viu-launch.log"
The vSphere Host Update Utility is installed.
What to do next
Scan hosts and apply available updates or upgrade a host.
VMware, Inc. 95
Uninstall VMware vSphere Components

The VMware vSphere components are uninstalled separately, even if they are on the same machine. You must
have administrator privileges to uninstall the vCenter Server component.
CAUTION Uninstalling a vCenter Server system while it is running disrupts the vSphere Client connections,
which can cause data loss.
Uninstalling vCenter Server or the vSphere Client does not uninstall any of the other components, such as the
bundled database or Microsoft .NET Framework. Do not uninstall the other components if other applications
on your system depend on them.
Procedure
1 If you are uninstalling the vCenter Server, unlicense the vCenter Server and the hosts, and remove the
license keys from the license inventory.
2 If you are uninstalling the vCenter Server, remove the hosts from the Hosts and Clusters inventory.
3 As Administrator on the Microsoft Windows system, select Start > Settings > Control Panel > Add/
Remove Programs.
4 Select the component to remove from the list and click Remove.
5 Click Yes to confirm that you want to remove the program and click Finish.
96 VMware, Inc.
Creating vCenter Server Linked Mode
Groups 14
A Linked Mode group allows you to log in to any single instance of vCenter Server and view and manage the
inventories of all the vCenter Server systems in the group.
You can join multiple vCenter Server systems to form a Linked Mode group. You can configure a Linked Mode
group during vCenter Server installation or after vCenter Server is installed.
To join a vCenter Server group, you enter the fully qualified domain name (or IP address) of a remote machine
on which vCenter Server 4.0 is running. The remote machine can be any vCenter Server 4.0 instance that is or
will become a member of the Linked Mode group.
You must also provide the Lightweight Directory Access Protocol (LDAP) port number of the remote vCenter
Server instance.
vCenter Server instances in a group replicate shared global data to the LDAP directory. The global data includes
the following information for each vCenter Server instance:
n Connection information (IP and ports)
n Certificates
n Licensing information
n User roles

n “Linked Mode Prerequisites,” on page 97
n “Linked Mode Considerations,” on page 98
n “Configure the URLs on a Linked Mode vCenter Server System,” on page 98
n “Joining to a Linked Mode Group During and After Installation,” on page 99
n “Join a Linked Mode Group After Installation,” on page 99
n “Isolate a vCenter Server Instance from a Linked Mode Group,” on page 100
n “Linked Mode Troubleshooting,” on page 101
Linked Mode Prerequisites

Prepare the system for joining a Linked Mode group.
All the requirements for standalone vCenter Server systems apply to Linked Mode systems. See
“vCenter Server Prerequisites,” on page 83.
VMware, Inc. 97
The following requirements apply to each vCenter Server system that is a member of a Linked Mode group:
n DNS must be operational for Linked Mode replication to work.
n The vCenter Server instances in a Linked Mode group can be in different domains if the domains have a
two-way trust relationship. Each domain must trust the other domains on which vCenter Server instances
are installed.
n When adding a vCenter Server instance to a Linked Mode group, the installer must be run by a domain
user who is an administrator on both the machine where vCenter Server is installed and the target machine
of the Linked Mode group.
n All vCenter Server instances must have network time synchronization. The vCenter Server installer
validates that the machine clocks are not more than 5 minutes apart.
Linked Mode Considerations

There are several considerations to take into account before you configure a Linked Mode group.
n Each vCenter Server user sees the vCenter Server instances on which they have valid permissions.
n When first setting up your vCenter Server Linked Mode group, you must install the first vCenter Server
as a standalone instance because you do not yet have a remote vCenter Server machine to join. Subsequent
vCenter Server instances can join the first vCenter Server or other vCenter Server instances that have joined
the Linked Mode group.
n If you are joining a vCenter Server to a standalone instance that is not part of a domain, you must add the
standalone instance to a domain and add a domain user as an administrator.
n The vCenter Server instances in a Linked Mode group do not need to have the same domain user login.
The instances can run under different domain accounts. By default, they run as the LocalSystem account
of the machine on which they are running, which means they are different accounts.
n During vCenter Server installation, if you enter an IP address for the remote instance of vCenter Server,
the installer converts it into a fully qualified domain name.
n You cannot join a Linked Mode group during the upgrade procedure when you are upgrading from
VirtualCenter 2.x to vCenter Server 4.0. You can join after the upgrade to vCenter Server is complete. See
the Upgrade Guide.
Configure the URLs on a Linked Mode vCenter Server System

If you connect a vCenter Server system to a Linked Mode group and the vCenter Server system has a machine
name that does not match the domain name, several connectivity problems arise. This procedure describes
how to correct this situation.
n For the Virtualcenter.VimApiUrl key, the default value is http(s)://<Fully qualified domain name
(FQDN) of VC machine>/sdk.

Procedure
1 Isolate the vCenter Server system from the Linked Mode group.
See “Isolate a vCenter Server Instance from a Linked Mode Group,” on page 100.
2 Change the domain name or the machine name to make them match.
98 VMware, Inc.
Chapter 14 Creating vCenter Server Linked Mode Groups
domain or machine name.
8 Rejoin the vCenter Server system to the Linked Mode group.
See “Join a Linked Mode Group After Installation,” on page 99.
Joining to a Linked Mode Group During and After Installation

You can join a system to a Linked Mode group during or after installing vCenter Server.
For example, suppose you have three machines on which you want to install vCenter Server. You want the
three instances to be members of a Linked Mode group.
1 On Machine 1, you install vCenter Server as a standalone instance because you do not yet have a remote
vCenter Server machine to join.
2 On Machine 2, you install vCenter Server, choose to join a Linked Mode group, and provide the fully
qualified domain name of Machine 1.
3 On Machine 3, you upgrade to vCenter Server 4.0. After the upgrade, you configure Machine 3 to join
either Machine 1 or Machine 2. Machine 1, Machine 2, and Machine 3 are now members of a Linked
Mode group.
Join a Linked Mode Group After Installation

If you have a system that is already running vCenter Server 4.0, you can join the machine to a Linked Mode
group.
Prerequisites
See “Linked Mode Prerequisites,” on page 97 and “Linked Mode Considerations,” on page 98.
Procedure
1 Select Start > All Programs > VMware > vCenter Server Linked Mode Configuration.
2 Click Next.
3 Select Modify linked mode configuration and click Next.
4 Click Join this vCenter Server instance to an existing linked mode group or another instance and click
Next.
5 Enter the server name and LDAP port number of a remote vCenter Server instance that is a member of
the group and click Next.
If you enter an IP address for the remote server, the installer converts it into a fully qualified domain name.
VMware, Inc. 99
6 If the vCenter Server installer detects a role conflict, select how to resolve the conflict.
Option Description
Yes, let VMware vCenter Server Click Next.
resolve the conflicts for me The role on the joining system is renamed to <vcenter_name> <role_name>,
where <vcenter_name> is the name of the vCenter Server system that is
joining the Linked Mode group, and <role_name> is the name of the original
role.
No, I'll resolve the conflicts myself To resolve the conflicts manually:
a Using the vSphere Client, log in to one of the vCenter Server systems
using an account with Administrator privileges.
b Rename the conflicting role.
c Close the vSphere Client session and return to the vCenter Server
installer.
d Click Back and click Next.
The installation continues without conflicts.
A conflict results if the joining system and the Linked Mode group each contain a role with the same name
but with different privileges.
7 Click Finish.
vCenter Server restarts. Depending on the size of your inventory, the change to Linked Mode might take
from a few seconds to a few minutes to complete.
The vCenter Server instance is now part of a Linked Mode group. After you form a Linked Mode group, you
can log in to any single instance of vCenter Server and view and manage the inventories of all the vCenter
Servers in the group. It might take several seconds for the global data (such as user roles) that are changed on
one machine to be visible on the other machines. The delay is usually 15 seconds or less. It might take a few
minutes for a new vCenter Server instance to be recognized and published by the existing instances, because
group members do not read the global data very often.
What to do next
For information about configuring and using your Linked Mode group, see Basic System Administration.
Isolate a vCenter Server Instance from a Linked Mode Group

You can isolate a vCenter Server instance from a Linked Mode group.
Procedure
2 Click Modify linked mode configuration and click Next.
3 Click Isolate this vCenter Server instance from linked mode group and click Next.
4 Click Continue and click Finish.
The vCenter Server instance is no longer part of the Linked Mode group.
100 VMware, Inc.

Chapter 14 Creating vCenter Server Linked Mode Groups
Linked Mode Troubleshooting

If you are having trouble with your Linked Mode group, consider the following points.
n When you have multiple vCenter Server instances, each instance must have a working relationship with
the domain controller and not conflict with another machine that is in the domain. Conflicts can occur, for
example, when you clone a vCenter Server instance that is running in a virtual machine and you do not
use sysprep or a similar utility to ensure that the cloned vCenter Server instance has a globally unique
identifier (GUID).
n The DNS name of the machine must match with the actual machine name. Symptoms of machine names
not matching the DNS name are data replication issues, ticket errors when trying to search, and missing
search results from remote instances.
n There is correct order of operations for joining a Linked Mode group.
a Verify that the vCenter Server domain name matches the machine name. If they do not match, change
one or both to make them match.
b Update the URLs to make them compatible with the new domain name and machine name.
c Join the vCenter Server system to a Linked Mode group.
If you do not update the URLs, remote instances of vCenter Server cannot reach the vCenter Server
system, because the default vCenter Server URL entries are no longer accurate. See “Configure the
URLs on a Linked Mode vCenter Server System,” on page 98.
If a vCenter Server instance is no longer reachable by remote instances of vCenter Server, the following
symptom might occur:
n Clients logging in to other vCenter Server systems in the group cannot view the information that
belongs to the vCenter Server system on which you changed the domain name because the users
cannot log in to the system.
n Any users that are currently logged in to the vCenter Server system might be disconnected.
n Search queries do not return results from the vCenter Server system.
To resolve this issue, make sure that the Virtualcenter.VimApiUrl key points to the location where the
vSphere Client and SDK clients can access the vCenter Server system, and the
Virtualcenter.VimWebServicesUrl key points to the location where vCenter Server Webservices is
installed. For the Virtualcenter.Instancename key, change the value so that the modified name appears in
the vCenter Server inventory view.
n If you cannot join a vCenter Server instance, you can resolve the problem with the following actions:
n Ensure that the machine is grouped into the correct organizational unit in the corresponding domain
controller.
n When you install vCenter Server, ensure that the logged in user account has administrator privileges
on the machine.
n To resolve trust problems between a machine and the domain controller, remove the machine from
the domain and then add it to the domain again.
n To ensure that the Windows policy cache is updated, run the gpupdate /force command from the
Windows command line. This command performs a group policy update.
VMware, Inc. 101

n If the local host cannot reach the remote host during a join operation, verify the following:
n Remote vCenter Server IP address or fully qualified domain name is correct.
n LDAP port on the remote vCenter Server is correct.
n VMwareVCMSDS service is running.
n Make sure your Windows and network-based firewalls are configured to allow Linked Mode.
Configuring a Windows Firewall to Allow a Specified Program Access

vCenter Server 4.0 uses Microsoft ADAM/AD LDS to enable Linked Mode, which uses the Windows RPC port
mapper to open RPC ports for replication. When you install vCenter Server in Linked Mode, the firewall
configuration on the local machine must be modified.
Incorrect configuration of firewalls can cause licenses and roles to become inconsistent between instances.
Prerequisites
n The Windows version must be an earlier than Windows Server 2008. For Windows Server 2008, Windows
automatically configures the firewall to permit access.
n There must be no network-based firewalls between vCenter Server Linked Mode instances. For
environments with network-based firewalls, see “Configuring Firewall Access by Opening Selected
Ports,” on page 102.
Procedure
1 Select Start > Run.
2 Type firewall.cpl and click OK.
3 Make sure that the firewall is set to allow exceptions.
4 Click the Exceptions tab.
5 Click Add Program.
6 Add an exception for C:\Windows\ADAM\dsamain.exe and click OK.
7 Click OK.
Configuring Firewall Access by Opening Selected Ports

configuration on any network-based firewalls must be modified.
Procedure
u Configure Windows RPC ports to generically allow selective ports for machine-to-machine RPC
communication.
Choose one of the following methods.

n Change the registry settings. See http://support.microsoft.com/kb/154596/en-us.
n Use Microsoft's RPCCfg.exe tool. See http://support.microsoft.com/kb/908472/en-us
102 VMware, Inc.

Install Additional Modules 15
You can install additional modules on the same machine that hosts vCenter Server or on remote machines.
n “Install VMware vCenter Guided Consolidation,” on page 103
n “Install VMware vCenter Update Manager,” on page 104
n “Install VMware vCenter Converter,” on page 105
Install VMware vCenter Guided Consolidation

The vCenter Guided Consolidation service is an extension to vCenter Server. vCenter Guided Consolidation
enables you to migrate from physical servers to virtual infrastructure using a wizard that identifies physical
servers for consolidation, converts them to virtual machines, and places them onto ESX/ESXi hosts.
This procedure describes how to install vCenter Guided Consolidation as an additional module (sometimes
called a plug-in) on the same machine that hosts vCenter Server or on a remote machine.
The VMware vCenter Guided Consolidation service includes the following components:
vCenter Collector This service discovers computers in your network and collects performance
service data. To enable this service, the installer prompts you to enter a user name and
password for an administrative account on the local machine. This account can
be a domain user account specified as DomainName\UserName. The vCenter
Collector service uses port 8181 and 8182, by default.
vCenter Web Server Uses ports 8080 and 8443, by default.
Prerequisites
Before you install vCenter Guided Consolidation, download the software installer and install
vCenter Server 4.0 on the local machine or on a machine that is reachable by the local machine.
Procedure
1 In the software installer directory, double-click the autorun.exe file at C:\<vc-installer location>\.
2 Click vCenter Guided Consolidation Service.
6 Accept the default installation location, or click Change to select a different location, and click Next.
VMware, Inc. 103

7 Type an administrative user name and password and click Next.
9 Enter the location of the vCenter Server system.

n Enter an IP address or fully qualified domain name of the remote vCenter Server system to which the
vCenter Guided Consolidation service will be an extension.
n Enter localhost if you are installing the vCenter Guided Consolidation service on the same system
on which you installed vCenter Server.
10 Enter the port number that the vCenter Server system uses for secure HTTP (HTTPS) communication.
The default port is 443.
11 Enter the user name and password for the vCenter Server system and click Next.
The user account must have extension registration privileges on the vCenter Server system.
12 Select the server identity from the drop-down menu and click Next.
The vCenter Guided Consolidation Service is installed.
Install VMware vCenter Update Manager

vCenter Update Manager is for environments with vCenter Server. Using vCenter Update Manager, you can
orchestrate steps of an upgrade process sequentially, based on compliance baselines at the host, virtual
machine, and datastore level.
This procedure describes how to install vCenter Update Manager as an additional module (sometimes called
a plug-in) on the same machine that hosts vCenter Server or on a remote machine.
Prerequisites
Before you install vCenter Update Manager, download the software installer and install vCenter Server 4.0 on
the local machine or on a machine that is reachable by the local machine.
vCenter Update Manager requires a supported database. The database requirements are the same as vCenter
Server. You can use a supported database that is configured to work with vCenter Update Manager, or you
can install the Microsoft SQL Server 2005 Express database that is bundled with vCenter Update Manager.
vCenter Update Manager can use the same database as vCenter Server, but VMware recommends that you
have separate databases for vCenter Server and vCenter Update Manager.
Procedure
2 Click vCenter Update Manager.
104 VMware, Inc.

Chapter 15 Install Additional Modules
6 Enter the connection information for the vCenter Server system to which vCenter Update Manager will
be an extension.
a Enter the IP address. By default, the IP address is that of the local host.
b Enter the port number that the vCenter Server system is configured to use for HTTP. By default,
vCenter Server uses port 80.
c Enter the user name and password for the vCenter Server system.
7 Choose the type of database that you want to use for vCenter Update Manager.
n To use the bundled database, click Install a Microsoft SQL Server 2005 Express instance and click
Next.
This database is suitable for small deployments of up to 5 hosts and 50 virtual machines.
n To use an existing database, click Use an existing supported database, select your database from the
list of available DSNs, and click Next.
8 If you chose to use an existing database, enter the user name and password for the DSN and click Next.
If your database is a local SQL Server database using Microsoft Windows NT authentication, leave the
user name and password fields blank.
9 Select the fully qualified domain name or IP address to identify this instance of vCenter Update Manager
on the network.
Make sure that the fully qualified domain name is accessible by the vCenter Server system and by all the
ESX/ESXi hosts managed by the vCenter Server system.
10 Enter the port numbers that you want to use or accept the default port numbers.
11 (Optional) Select Yes, I have an Internet connection, and I want to configure proxy settings now.
12 Click Next.
13 Enter the proxy server name and port number.
If the local machine has proxy settings configured, the installer uses these settings by default.
14 (Optional) Select Authenticate proxy using the credentials below, and enter the user name and password
to use for authentication.
15 Accept the default installation location or click Change to select a different location.
16 Accept the default location for patch downloads or click Change to select a different location, and click
Next.
The vCenter Update Manager is installed.
What to do next
Install the Update Manager client plug-in. See the vCenter Update Manager Administration Guide.
Install VMware vCenter Converter

vCenter Converter enables you to automate and simplify physical to virtual machine conversions as well as
conversions between virtual machine formats.
This procedure describes how to install vCenter Converter as an additional module (sometimes called a plug-
in) on the same machine that hosts vCenter Server or on a remote machine.
VMware, Inc. 105

Prerequisites
Before you install vCenter Converter, download the software installer and install vCenter Server 4.0 on the
local machine or on a machine that is reachable by the local machine.
Procedure
2 Click vCenter Converter.

click Next.
7 Select the installation mode.

n Select Typical (Recommended) to install the most common components.
n Select Custom to choose the components to install.
8 Enter the connection information for the vCenter Server system to which vCenter Converter will be an
extension.
a Enter the IP address. By default, the IP address is that of the local host.
b Enter the port number that the vCenter Server system is configured to use for secure HTTP (HTTPS).
By default, vCenter Server uses port 443.
c Enter an administrative user name and password for the vCenter Server system.
10 Select the vCenter Server identity from the drop-down menu and click Next.
vCenter Converter is installed.
What to do next
Install the Converter client plug-in. See the vCenter Converter Administration Guide.
106 VMware, Inc.

Managing ESX/ESXi and vCenter
Server Licenses 16
License reporting and management are centralized.
If you upgrade all your hosts, you no longer need a license server or host-based license files. All product licenses
are encapsulated in 25-character license keys that you can manage and monitor from vCenter Server.
Each host requires a license, and each vCenter Server instance requires a license. You cannot assign multiple
license keys to a host or to a vCenter Server system. You can license multiple hosts with one license key if the
key has enough capacity for more than one host. Likewise, you can license multiple vCenter Server instances
with one license key if the key has a capacity greater than one. When you apply a minor upgrade or patch the
ESX/ESXi or vCenter Server software, you do not need to replace the existing license key with a new one. If
you upgrade the edition of the license (for example, from standard to enterprise), you must replace the existing
license key in the inventory with a new upgraded license key.

n “About License Key Capacity,” on page 108
n “About vSphere and vCenter Server License Keys,” on page 108
n “About Using a License Server to Manage ESX 3.x/ESXi 3.5 Hosts,” on page 108
n “About the License Portal,” on page 109
n “About License Inventories,” on page 110
n “Controlling License Permissions,” on page 111
n “View License Information,” on page 111
n “Add a License Key to the License Inventory and Assign It to an Asset,” on page 112
n “Add Multiple License Keys to the License Inventory,” on page 113
n “Assign a License Key to Multiple Assets,” on page 113
n “Export Report Data,” on page 114
n “License a Host Without vCenter Server,” on page 115
n “License a Host When Adding It to the vCenter Server Inventory,” on page 115
n “View Which Features Are Licensed on a Host,” on page 115
n “Set an ESX/ESXi Host to Evaluation Mode,” on page 116
n “Troubleshooting Licensing,” on page 116
VMware, Inc. 107

About License Key Capacity

License keys have a certain amount of capacity. Capacity is based on the number of processors in the host or
the number of instances of the software asset.
Licensing for Each Processor

For most vSphere products, when you purchase vSphere licenses, you must consider the total number of
processors, not hosts, that will run the products. You can assign and reassign the processor capacity to any
combination of hosts. For example, suppose you purchase a 10-processor vSphere license key. You can assign
the 10-processor license key to any of the following combinations of hosts:
n Five 2-processor hosts
n Three 2-processor hosts and one 4-processor host
n Two 4-processor hosts and one 2-processor host
n One 8-processor host and one 2-processor host
Special considerations include:

n Dual-core and quad-core processors, such as Intel processors that combine two or four independent CPUs
on a single chip, count as one processor.
n You cannot partially license a multiprocessor host. For example, a 4-CPU host requires 4-processors of
vSphere license key capacity.
IMPORTANT From the ESX/ESXi license perspective, a CPU is a processor with a physical processor in it. When
you purchase a license, you select the edition, the number of CPUs, and the maximum number of cores per
CPU. For example, if you purchase an enterprise license with 100 CPUs, you must also choose the maximum
number of cores per CPU. For example, you might select a maximum of 2 cores per CPU, 6 cores per CPU, or
12 cores per CPU. The choice depends on the type of hardware on which you are installing ESX/ESXi.
Licensing for Each Asset Instance

Products for which you purchase a license for each instance require a single unit of license key capacity,
regardless of the number of processors in the machine. The vCenter Server is an example of a product that
requires this type of license. If you purchase a vCenter Server license key with a capacity greater than one, you
assign one unit of the capacity to each instance of vCenter Server.
About vSphere and vCenter Server License Keys

The terms vSphere and vCenter Server are used for licenses.
vSphere Licenses For ESX/ESXi.
vCenter Server Licenses For vCenter Server (formerly, VirtualCenter).
About Using a License Server to Manage ESX 3.x/ESXi 3.5 Hosts

vCenter Server 4.0 does not require a license server to manage ESX 4.0/ESXi 4.0 hosts. vCenter Server 4.0
requires a license server to manage ESX 3.x/ESXi 3.5 hosts.
If you do not have a license server installed and you need one, download the VMware License Server from the
VMware Web site.
The License Server installation requires no downtime. No virtual machines, servers, hosts, or clients need to
be powered off for the installation of the license server.
108 VMware, Inc.

Chapter 16 Managing ESX/ESXi and vCenter Server Licenses
Configure vCenter Server to Use a License Server

To manage ESX 3.x/ESXi 3.5 hosts, you must configure vCenter Server to use a license server.
Procedure
1 In vCenter Server, select Administration > vCenter Server Settings.
2 In the License Server text box, enter the port number and license server machine name, as in port@host.
For example: 27000@license-3.companyname.com

3 If you want the hosts and vCenter Server to use the same license server, select the Reconfigure ESX 3
hosts using license servers to use this server check box.
4 Click OK.
About the License Portal

Use the license portal to get upgraded license keys, downgrade license keys, combine the capacity of multiple
license keys, divide the capacity of a single license key, view the change history of your license keys, and find
lost license keys.
Getting Upgraded License Keys

If you have VMware Infrastructure 3 license keys and you have been provided upgrades to vSphere 4.0, use
the license portal to retrieve the new license keys and deactivate the old licenses. After you retrieve the license
keys, enter them into the vCenter Server license inventory.
Downgrading License Keys

If you have vSphere 4.0 license keys but you need to license VMware Infrastructure 3 assets, use the license
portal to downgrade the license keys. When you do this, your vSphere 4.0 license keys remain valid. When
you are ready to upgrade your assets, you can stop using the VMware Infrastructure licenses and start using
the vSphere 4.0 license keys by entering them into the vCenter Server license inventory and assigning them to
your upgraded assets.
Combining the Capacity of License Keys

If your license inventory contains multiple license keys, each with a small amount of capacity, you might want
to combine them into one large-capacity license key. This is useful when the total available capacity across
license keys is large enough to accommodate an asset, but no single license key is large enough to accommodate
the asset.
After you use the license portal to combine license keys, you must add the new license key to the vCenter Server
license inventory and remove the old license keys.
Dividing the Capacity of License Keys

If you have a large-capacity license key, you might want to divide the capacity to create multiple smaller-
capacity license keys. This is useful for managing license keys in different vCenter Server inventories or
assigning different license keys to groups in your organization.
Viewing the Change History of License Keys

The license portal tracks the complete history of license key upgrades, downgrades, combinations, and
divisions for your organization.
VMware, Inc. 109

Finding Lost License Keys

If a license key is misplaced, you can search for it in the license portal using the following criteria:
n Date range
n License key
n Order number
n Transaction type
About License Inventories

The license inventories that are maintained by a vCenter Server system work slightly differently, depending
on whether you have Linked Mode groups or standalone systems.
Example 16-1. Uninstallation Scenarios
1 You uninstall vCenter Server without first unlicensing and removing the hosts.
2 The hosts remain licensed.
3 You add the licensed hosts to another vCenter Server instance.
4 The license keys are transferred with the hosts.
Here is a slightly different scenario:
1 You uninstall vCenter Server without first unlicensing the hosts.
2 You reinstall vCenter Server and make it part of a different Linked Mode group.
3 The host license keys from the previous group are not transferred to the new group.
4 You add hosts that were licensed by the previous vCenter Server group to the new group.
5 The host license keys are transferred to the new group.
6 The host license keys now belong to two Linked Mode groups. If the total assignment of the key exceeds
the key's capacity, this scenario is not supported and causes your license usage to be out of compliance.
Example 16-2. Standalone Scenario

Each vCenter Server instance maintains its own license inventory. If you add an ESX/ESXi host to vCenter
Server and add the same host to another vCenter Server instance, the host license key moves from the first
inventory to the second inventory.
1 You have two vCenter Server instances that are standalone.
2 You assign a license to a host in one vCenter Server instance.
3 You add the host to another vCenter Server instance and choose to retain the license when you perform
the Add Host operation.
4 The host license key belongs to two separate license inventories. If the total assignment of the key exceeds
the key's capacity, this scenario is not supported and causes your license usage to be out of compliance.
110 VMware, Inc.

Example 16-3. Linked Mode Scenario
1 You have two vCenter Server instances that belong to the same Linked Mode group.
2 You assign a license to a host in one vCenter Server instance.
3 The two vCenter Server instances share a single license inventory.
4 When you add a license key, the key becomes available to all the vCenter Server systems within the same
Linked Mode group. The license keys are shared, and each system in the group has the same inventory
view, although this might not always seem so because of replication delays.
Controlling License Permissions

You can control which users are able to view and manage license resources.
The following permission types are supported.
Global.licenses If you have global permission at the root folder, you can view and modify all
licenses in the vCenter Server inventory. This includes other vCenter Server
systems in a Linked Mode group.
Read-only If you have read-only permission on a host, the vCenter Server displays the
first and last five characters of the license key assigned to the host, the features
present in the license, and the expiration date for the license.
If you have neither of these permissions but you can add a host to vCenter Server, you can add a license to the
inventory and assign a license to the host when you perform the add host operation.
View License Information

You can see all the licenses assigned or available in your vSphere inventory using the licensing view.
Procedure
1 From a vSphere Client host that is connected to a vCenter Server system, click Home > Licensing.
2 (Optional) Click Refresh.
3 On the licensing page, select the view.

n To view the available licenses listed by product, select Product.
n To view the available licenses listed by license key, select License key.
n To view licenses listed by the asset (host or vCenter Server system) to which they are assigned, select
Asset.
From these report views, you can right-click entities to add, assign, and remove license keys and copy license
information to your clipboard.
VMware, Inc. 111

Example 16-4. Use the Product View to Add and Assign a License Key
In this example, you select the Product view in the Licensing Report window. In the Evaluation Mode list,
right-click a vCenter Server instance and select Change license key. You can then assign a license key that is
in the license inventory or add a new license key and assign it in a single operation.
What to do next
If you have a license with zero assigned capacity, as seen in the Assigned column of the License Report, ask
yourself the following questions:
n Did I forget to assign this license key to an asset?
n Did I forget to remove this license key from the inventory?
Remove the license key in the following cases:

n The license key has expired.
n You use the license portal to combine the capacities of multiple small-capacity license keys to create
a larger-capacity license key. Then you remove the old license keys and add the new license key to
the vCenter Server inventory.
n You have upgraded your licenses, and you must remove the legacy licenses.
Add a License Key to the License Inventory and Assign It to an Asset

After you purchase an asset, you can add the license key to the inventory and assign it to the asset. Use this
procedure to add one license key and assign it to one asset.
Prerequisites
The vSphere Client must be connected to the vCenter Server system.
Procedure
1 From a vSphere Client host that is connected to a vCenter Server system, select Home > Licensing.
2 For the report view, select Asset.
3 Right-click an asset and select Change license key.
4 Select Assign a new license key and click Enter Key.
112 VMware, Inc.

5 Enter the license key, enter an optional label for the key, and click OK.
6 Click OK.
Add Multiple License Keys to the License Inventory

After you purchase assets, you can add the license keys to the license inventory. You can add multiple license
keys at the same time.
Prerequisites
The vSphere Client must be connected to the vCenter Server system.
Procedure
2 Click Manage vSphere Licenses.
3 In the Add License Keys text area, enter license keys one per line.
You can paste a list of keys in one operation.
4 (Optional) Type a brief description of the keys.
5 Click Add License Keys.
If any of the keys are invalid, an error message lists the invalid keys. You can correct the invalid keys and
try adding them again, or delete them.
6 If you are not ready to assign license keys to assets, click Next through the remaining wizard screens and
click Finish to save your changes.
Assign a License Key to Multiple Assets

You can assign licenses to single or multiple assets, individually or in batches.
NOTE After you assign a license to a host, the software might update the license report before the license
assignment operation is complete. If the host becomes disconnected immediately after you assign the license,
the license report might not accurately reflect the host license state. The report might show the host as licensed,
even though the license assignment operation is not yet complete. When the host is reconnected to a
vCenter Server system, the license assignment operation continues, and the host becomes licensed as shown
in the report.
Prerequisites
To assign a license to a host, the host must be connected to a vCenter Server system.
Procedure
2 Click Manage vSphere Licenses.
3 Click Next to go to the Assign Licenses page.
4 Click the ESX or vCenter Server tab to display the available assets.
5 Click Show Unlicensed assets, Show licensed assets, or Show all.
6 In the Asset window, select one or more assets to license.
To select multiple assets, use Ctrl-click or Shift-click.
VMware, Inc. 113

7 In the Product window, select an appropriate license key and click Next.
The capacity of the license key must be greater than or equal to the sum of the asset CPUs.
8 If you are not ready to remove any license keys, click Next to skip the Remove License Keys page and click
Finish to save your changes.
Example 16-5. Assign a License Key to Two ESX Hosts

In this example, Shift-click to select two 2-CPU ESX hosts and then assign a vSphere Enterprise license key to
the hosts. Before the assignment, the license key has an available capacity of 98 CPUs. After the assignment,
the license key has an available capacity of 94 CPUs. The pop-up tool tip lists the product features included in
the vSphere Enterprise license edition.
Export Report Data

You can export license data to a file that you can open in a third-party application.
Procedure
2 Select the view that you want to export.

n Product
n License key
n Asset
3 From the report screen, click Export.
4 In the Save As dialog box, select a folder, a filename, and a format for the exported license data and click
Save.
114 VMware, Inc.

License a Host Without vCenter Server

If you are directly connected to the host through the vSphere Client, you can license the host.
Procedure
1 From the vSphere Client, click the Configuration tab.
3 Click Edit.
4 Assign a license key.
n Select Assign an existing license key to this host and select a license key from the Product list.
n Select Assign a new license key to this host, click Enter Key, and enter a license key and an optional
label for the license key.
5 Click OK.
License a Host When Adding It to the vCenter Server Inventory

When you add a host to the vCenter Server inventory, you can license the host.
Prerequisites
You must have a communication channel through a firewall before adding a host.
Procedure
1 Click Inventory in the navigation bar.
2 Expand the inventory as needed and click the appropriate datacenter, folder, or cluster.
3 Right-click the datacenter or cluster and select Add Host.
4 When prompted by the Add Host wizard, assign an existing vSphere license key or add a new vSphere
license key.
View Which Features Are Licensed on a Host

You can view which features a host is licensed to use.
If you try to configure features that are not included in the host license, the vSphere Client displays an error
message.
Procedure
The Licensed Features window displays the list of features that you can configure on the host.
VMware, Inc. 115

Set an ESX/ESXi Host to Evaluation Mode

If you entered a license for ESX, you can switch to evaluation mode to explore the full functionality of ESX.
Procedure

4 Click Edit next to ESX License Type.
5 Click Product Evaluation.
Troubleshooting Licensing
These topics provide guidelines for troubleshooting your license setup for environments with only ESX 4.0/
ESXi 4.0 hosts and environments that have a mixture of ESX 4.0/ESXi 4.0 and legacy ESX 3.x/ESXi 3.5 hosts.
If you cannot resolve the problem, contact VMware for support as follows:
n If you have difficulties in configuring licensed features, file a support request at
n To license vCenter Server, you must apply a vCenter Server license key.
n To license ESX/ESXi, you must apply a vSphere license key.
n If you downgrade your license from evaluation mode to a license that does not support the features that
you configured while using evaluation mode, the features might stop working without warning.
n If a licensing-related error message appears when you try to configure a feature, check the licensed features
on the host and on the vCenter Server system to make sure that the host or vCenter Server system is
licensed to use the feature that you are trying to configure.
n If all the hosts in a vCenter Server system inventory become disconnected, this might be because the
vCenter Server license is expired or the 60-day evaluation period has expired.
n If you cannot power on the virtual machines that reside on a host, this might be because the host license
is expired or the 60-day evaluation period is expired.
n If an ESX/ESXi host is managed by a vCenter Server system, changes made to the host license via direct
connection to the host do not persist, because the changes are overwritten by the license key assigned via
vCenter Server. See “About Overriding the Host License Configuration,” on page 117.
n If vCenter Server is managing ESX 3.x/ESXi 3.5 hosts, vCenter Server must check out vCenter Server Agent
licenses from a license server. If vCenter Server is having trouble communicating with your license server,
do the following:
n Check that the license server Microsoft Windows service is running.
n Check that the license server is listening.
n Check the license server status.
116 VMware, Inc.

If your license server is operating properly, you might have a problem with your license file.
If your license server is working correctly and your license file is correct, check that you correctly
configured centralized or single-host licensing, as appropriate to your environment.
For detailed troubleshooting and configuration instructions, see the licensing documentation in the
Installation Guide or the Setup Guide for VMware Infrastructure 3.
Applying Licenses
If you cannot apply a license to an asset, the license might not match the currently configured features and
resources. When you assign a license to an asset, the license must be compatible with all the configured
resources and features.
For example, suppose you add 10 ESX hosts to the vCenter Server inventory during the evaluation period.
After the evaluation period expires, you try to assign a Foundation edition license to a vCenter Server system.
The assignment operation fails because the Foundation edition allows a vCenter Server system to manage up
to three hosts only. To correct this issue, you can upgrade the edition or you can remove seven hosts from the
inventory.
As another example, suppose that you configure VMotion and DRS on a cluster of Enterprise edition hosts.
Later, you try to assign Standard license keys to the hosts. This operation fails because the Standard edition
does not include VMotion and DRS. You must assign Enterprise licenses to the ESX hosts or disable VMotion
and DRS. For detailed information about how to disable features, see the VMware Knowledge Base.
Also, make sure you are applying the correct license key, as follows:
n To license vCenter Server assets, you must apply a vCenter Server license key.
n To license ESX/ESXi assets, you must apply a vSphere license key.
About Overriding the Host License Configuration

If the host is managed by vCenter Server, use either the Home > Licensing interface or the Add Host operation
to configure host licensing.
If you use the Configuration > Licensed Features > Edit operation, the host license configuration is overridden
by any license assignment operation that you perform in vCenter Server.
License Expiration
Upon license expiration, the vCenter Server software and the ESX/ESXi software continue to run, but certain
operations stop working.
If a vCenter Server license expires, the managed hosts become disconnected from the vCenter Server inventory,
and you cannot add hosts to the inventory. The hosts and the virtual machines on the hosts continue to run.
By using the vSphere Client to connect directly to the host, you can power on or reset the virtual machines.
After you assign a valid vCenter Server license, you can reconnect all the hosts at once as follows:
1 From the vCenter Server inventory, select the datacenter.
2 Select the Hosts tab.
3 Shift-click or Ctrl-click to select the hosts.
4 Right-click and select Connect.
If an ESX/ESXi host license expires, the virtual machines that reside on the host continue to run, but you cannot
power on the virtual machines or reset them.
VMware, Inc. 117

Licensing vCenter Server and ESX/ESXi After Evaluation

After the 60-day evaluation period expires, you are no longer able to perform some operations in vCenter Server
and ESX/ESXi. If you want to continue to have full use of ESX/ESXi and vCenter Server operations, you must
acquire a license.
Without a license, you are able to perform some operations, but you cannot power on or reset your virtual
machines. All hosts are disconnected from the vCenter Server system if the evaluation period expires before
you assign a license to the vCenter Server system. Any single ESX/ESXi host is disconnected from the
vCenter Server system if the ESX/ESXi evaluation period expires before you assign a license to the host.
When you switch your vCenter Server system and ESX from evaluation mode to licensed mode, consider the
following:
n If a vCenter Server system is managing VMware Infrastructure 3 hosts (for example, ESX 3.x or ESXi 3.5),
the vCenter Server system must have access to a license server. You can download the VMware License
Server from the VMware Web site.
n To license vCenter Server, you must apply a vCenter Server license key.
n To license ESX/ESXi, you must apply a vSphere license key.
n When you assign a license to a machine on which a VMware vSphere component is installed, the license
must be compatible with all resources and features that you configure during the evaluation period.
For example, suppose you add 10 ESX hosts to the vCenter Server system inventory during the evaluation
period. After the evaluation period expires, you try to assign an edition license that limits the number of
hosts that can be managed by a vCenter Server system. The assignment operation fails because the edition
allows a vCenter Server system to manage fewer than 10 hosts. To correct this issue, you can upgrade your
license key to a higher edition or you can remove hosts from the inventory.
As another example, if you configure a cluster of ESX hosts to use Fault Tolerance and DRS during the
evaluation period, you can only assign a license that allows the use of those features. Hence, the assignment
of a higher edition license succeeds. To assign a lower edition license, you must first disable Fault Tolerance
and DRS.
118 VMware, Inc.

Index
Symbols bulletins 66
/ 61 bulletins, for patching ESX/ESXi 67
/ partition 22, 61 bundled database 74
/boot 61
/boot partition 61 C
/home 62 CIM provider 65
/root/ks.cfg 46 clearpart command 48
/tmp 62 clients, firewall 18
/usr 62 combining license keys 109
/var/log 62 components included with the vCenter Server
installer 85
/vmfs/volumes 61
computer name
%include command 48
Oracle 73
%packages command 48
SQL Server 73
%post command 48
configuration options 27
%pre command 48
configuring ports 18
connecting
Numerics Oracle database 81, 82
32-bit DSN requirement 72
SQL Server database 76
3rd-party extensions 65
cores per CPU 108
3rd-party modules, removing 68
creating a SQL Server database 74
creating an Oracle database 78
A
custom extension, removing 68
accepteula command 48
adding license keys 112, 113
D
additional modules 103
data source name 72
append 25
databases
applying licenses, troubleshooting 117 maintaining 74
applying patches 66 Oracle 81
applying patches to ESX/ESXi 67 preparing 97
askmedia 25, 34 SQL Server 76, 78
assigning license keys 113 DBO privileges 74
ATA disks 13 default installation scripts 46
auth command 48 default root password 46
authconfig command 48 depot, for patching ESX/ESXi 67
autopart command 48 determining which features are licensed 115
DHCP, for PXE booting the ESX installer 33
B Directory Services 99, 100
boot options 25
dividing license keys 109
boot prompt 27
DNS 101
booting the ESX installer 27
domain controller 101
booting the ESX installer from the DVD 28
downgrading license keys 109
bootloader 48
download the vCenter Server installer 89
bootloader kernel options 27
DRAC 19, 37
bootstrap commands 27
drivers 65
VMware, Inc. 119

dryrun command 48 host licensing 63

DSN, 32-bit requirement 72 host patching 65
DVD hosts, configuring licensing 115
booting the ESX installer from 28 hosts firewall 18
burning the ESX ISO image 25
DVD media 15 I
IDE disks 13
E iLO 37
end user license agreement 39, 42 ILO 19
ESX include command 48
booting the installer from the DVD 28
initrd.img 37
differences with kickstart 56
install command 25, 48
installation prerequisites 21
installation logs 39, 42
licensing 107
installation script, creating 46
scripted installation 47
installation scripts, default 46
ESX installation, process and options 22
installing
ESX installation media 25 ESX 39, 42
ESX installation script, about 46 vCenter Server 90
ESX ISO image, burning on a DVD 25
vCenter Server in a virtual machine 89
esxconsole.vmdk 22, 39, 42, 61
VirtualCenter Server 97
esxlocation command 48
vSphere Client 94
Etherboot Project 29
vSphere Host Update Utility 95
EULA 39, 42 installing ESX, scripted 45, 47
evaluation, licensing after 118 interactive installation 25
evaluation mode 23 introduction to vSphere 11
expired license 117 IPAPPEND 34
export license data 114 IPv6 85
extensions, installing, removing, and
updating 65 J
JDBC 78
F
F2 25 K
firewall kernel 37
network-based 102
keyboard command 48
Windows 102
kickstart, differences with ESX 56
firewall command 48
kickstart commands 56
firewallport command 48
kickstart file, creating 46
FTP 29
ks-first-safe.cfg 46
ks-first.cfg 46
G
global data 99, 100
L
Global.licenses permission 111
LDAP 99
gpupdate /force command 101
license expiration 117
gPXE 29
license inventory 110
group policy update 101
license key
groups, requirements 97 applying 115
guest operating systems 18 names 108
GUID 101 license keys
assigning 115
H change history 109
hardware requirements, for vCenter Server 16 combining 109
hardware requirements for the vSphere dividing 109
Client 16
120 VMware, Inc.

Index
license portal 109 script for creating 78

license report, export data 114 user 79
license troubleshooting 117 Oracle, preparing database 81
licensed features 115 OS repository 25
licenses, viewing 111
licensing P
adding license keys 112, 113 packages.xml 25
after evaluation 118 paranoid command 48
assigning 113 part command 48
host 63 partition command 48
legacy assets 107 partitioning
per-instance 108 optional 62
per-processor 108, 113 required 61
troubleshooting 116 partitions 22, 61
Linked Mode patching 66
affect on license inventory 110 patching ESX/ESXi 67
and databases 98 patching hosts, with vSphere Host Update
and permissions 98 Utility 65
reachability 85, 98, 101 per-instance licensing 108
requirements 97 per-processor licensing 108, 113
troubleshooting 101, 102 permissions
listening ports 18 Global.licenses 111
local Oracle database 81, 82 Read-only 111
local SQL Server database 74 physical partitions 61
logs, installation 39, 42 plugins 103
port 389 18
M port 443 18
MAC address 34 port 636 18
maintaining the database 74 port 80 18
media depot 25 ports
memory, server requirements 13 configuring 18
Microsoft .NET Framework 18, 85 firewall 18
Microsoft SQL Native Client 74 ports 1025 through 65535 18
Microsoft SQL Server, requirements 71 ports used by vCenter Server 18
Microsoft SQL Server 2005 Express 74, 85 power on virtual machines 117
Microsoft Windows preparing database 82
authentication for SQL Server 84 prerequisites, ESX 21
system account 84 prerequisites for installing vCenter Server 83
mypassword 46 PXE
configuration files 34
N prerequisites 32
network command 34, 48 setup procedure 32
network drive, installing from 85 PXE boot, overview 29
O R
ODBC databases 76 ramdisk 37
offline bundles 66 Read-only permission 111
optional partitions 22, 61 reboot command 48
Oracle database registry settings 102
changing the computer name 73 reinstalling vCenter Server 96
remote access 81 remote Oracle database 81
requirements 71 remote SQL Server database 74
VMware, Inc. 121

removing 3rd-party modules 68 U

removing custom packages 68 uninstalling vCenter Server 96
removing vCenter Server 96 URLs, configuring 85, 98, 101
required partitions 22, 61 USB 25
requirements for virtual machines 18 USB media 15
requirements for vSphere Client 18 user and group for Oracle database 79
ROM image 29
rootpw command 48 V
RPCCfg.exe 102 vCenter Converter 105
RPMS directory 25 vCenter Converter Enterprise 85
RSA 19 vCenter Guided Consolidation 85, 103
RSA II 37 vCenter Orchestrator 85
vCenter Server
S components 85
SAN 25 configuring URLs 85, 98, 101
SATA disks 13 downloading the installer 89
script, for installing ESX 46 hardware requirements 16
script for Oracle database 78 install procedure 90
script for SQL Server database 74 installing from a network drive 85
scripted installation installing in a virtual machine 89
differences with kickstart 56 installing on IPv6 machine 85
first detected disk 46 joining a group 99, 100
scripted installation of ESX 45, 47 licensing 107
SCSI 13 Linked Mode 97
SCSI disks 13 ports 18
SDK 85, 98, 101 prerequisites for installing 83
security 84 required data for installation 86
serialnum command 48 requirements for joining a group 97
specifications, performance vCenter Server license 108
recommendations 15 vCenter Update Manager 71, 85, 104
SQL Server
vCenterServer.VimApiUrl 85, 98, 101
changing the computer name 73
vCenterServer.VimWebServicesUrl 85, 98, 101
Microsoft Windows authentication 84
vihostupdate 66, 67
preparing the database 76, 78
virtual CD 37
script for creating 74
virtual disk 22, 61
starting the vSphere Client 94
virtual machine, installing vCenter Server in 89
swap 61
virtual machines, requirements 18
swap partition 22, 61
virtualdisk command 48
system requirements, vCenter Server
vmaccepteula command 48
database 71
VMFS3 23
T vmkcore partition 61
TCP/IP setup for SQL Server 78 vmkernel module, removing 68
TFTP 29 VMkernel module 65
tftp-hpa 29 vmlinuz 34, 37
tftpd32 29 vmserialnum command 48
third-party extensions 65 vSphere, introduction 11
timezone command 48 vSphere CLI 66, 67
troubleshooting, Linked Mode 98, 101 vSphere Client
downloading 63
troubleshooting applying licenses 117
hardware requirements 16
troubleshooting for Linked Mode 85
installing 94
troubleshooting licensing 116, 117
122 VMware, Inc.

Index
installing from a network drive 85 vSphere license 108

requirements 18 VWS 85, 98, 101
starting 94
vSphere Host Update Utility
installing 95
patching hosts 65
VMware, Inc. 123

124 VMware, Inc.

vSphere Upgrade Guide
ESX 4.0
ESXi 4.0
vCenter Server 4.0
vSphere Client 4.0
EN-000112-00
©
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About This Book 7
1 Changes to the Upgrade Process 9

vCenter Server Upgrade 9
Host Upgrade 9
Datastore Upgrade 10
Virtual Machine Upgrade 10
Licensing 11
2 Example Upgrade Scenarios 13

About the Upgrade Process 13
Upgrading Environments with Host Clusters 14
Upgrading Environments Without Host Clusters 15
Upgrading by Moving Virtual Machines Using VMotion 16
Upgrading by Moving Virtual Machines Using Upgrade VMotion 18
Upgrading by Moving Powered Off or Suspended Virtual Machines (with vCenter Server) 20
Upgrading by Moving Powered Off or Suspended Virtual Machines (Without vCenter Server) 21
Upgrading to vCenter Server on a New Machine 22
3 Changing Host Types 25

Change ESX to ESXi Installable 25
Change ESXi Embedded to ESX 25
Change ESXi Embedded to ESXi Installable 26
4 System Requirements 27
ESXi Hardware Requirements 30
vCenter Server and the vSphere Client Hardware Requirements 32
vCenter Server Software Requirements 33
Support for 64-Bit Guest Operating Systems 34
Requirements for Creating Virtual Machines 34
Required Ports 34
Supported Remote Management Firmware Versions 35
5 Preparing for the Upgrade to vCenter Server 37

About the vCenter Server 4.0 Upgrade 37
vCenter Server Upgrade Summary 37
Prerequisites for the vCenter Server Upgrade 38
vCenter Server Database Patch and Configuration Requirements 40
Database Scenarios 41
VMware, Inc. 3
Configure vCenter Server to Communicate with the Local Database After Shortening the Computer
Name to 15 Characters or Fewer 42
Back Up VirtualCenter 2.x 43
Downtime During the vCenter Server Upgrade 43
6 Upgrading to vCenter Server 4.0 45

About the Database Upgrade Wizard 45
Upgrade to vCenter Server 45
7 Upgrading to vCenter Server on a Different Machine and Keeping the Existing

Database 49
Back Up and Restore a Microsoft SQL Database 49
Detach and Attach a Microsoft SQL Server Database 50
Back Up and Restore an Oracle Database 51
Create a 32-Bit DSN on a 64-Bit Operating System 52
Upgrade to vCenter Server on a Different Machine 52
8 Postupgrade Considerations for vCenter Server 55

Upgrade to the vSphere Client 56
Using a License Server to Manage ESX 3.x/ESXi 3.5 Hosts 56
License Server Scenarios 57
Join a Linked Mode Group After a vCenter Server 4.0 Upgrade 57
Set the Maximum Number of Database Connections After a vCenter Server Upgrade 58
Restore VirtualCenter 2.x 59
9 Upgrading Datastore and Network Permissions 61

Datastore Privileges 62
Network Privileges 62
Update Datastore Permissions 63
Update Network Permissions 64
10 Preparing for the Upgrade to ESX 4.0/ESXi 4.0 67

About Host Upgrades 67
vSphere Host Update Utility 68
vCenter Update Manager 68
Recommendation for Static IP Addresses 69
List of Upgraded vSphere Components 69
List of Preserved Configuration Components 70
Back Up the ESX Host Configuration 71
Back Up the ESXi Host Configuration 71
Release Upgrade Support for ESX/ESXi 72
11 Upgrade to ESX 4.0 or ESXi 4.0 75

Upgrade ESX Hosts 75
Upgrade ESXi Hosts 77
12 Postupgrade Considerations for Hosts 79

Restore vSphere Web Access on ESX Hosts 80
4 VMware, Inc.
Contents
Evaluation Period Countdown 80

Clean Up the ESX Bootloader Menu After Upgrade 81
Uninstalling the VMware License Server 81
vSphere Host Update Utility Support for Rolling Back ESX/ESXi Upgrades 82
Roll Back an ESX Upgrade 82
Roll Back an ESXi Update, Patch, or Upgrade 83
Restore the ESX Host Configuration 83
Restore the ESXi Host Configuration 83
13 Upgrading Virtual Machines 85

About VMware Tools 86
About Virtual Machines and ESX/ESXi Upgrades 86
Orchestrated Upgrade of Virtual Machines Scenario 86
Planning Downtime for Virtual Machines 87
Downtime for Upgrading Virtual Machines 87
Perform an Interactive Upgrade of VMware Tools on a Microsoft Windows Guest 88
Perform an Interactive Upgrade of VMware Tools on a Linux Guest in an X Terminal 89
Perform an Interactive Upgrade of VMware Tools on a Linux Guest with the RPM Installer 90
Perform an Interactive Upgrade of VMware Tools on a Linux Guest with the Tar Installer 91
Perform an Interactive Upgrade of VMware Tools on a Solaris Guest 93
Perform an Interactive Upgrade of VMware Tools in a Netware Virtual Machine 94
Perform an Automatic Upgrade of VMware Tools 95
Upgrade VMware Tools on Multiple Virtual Machines 96
Configure a Virtual Machine to Automatically Upgrade VMware Tools 97
Upgrade Virtual Hardware 97
Upgrade Virtual Hardware on Multiple Virtual Machines 98
14 About Host Updates and Patches 101

Best Practices for Updates 101
About Patching Hosts with vSphere Host Update Utility 101
About the vihostupdate Command-Line Utility 104
Index 109
VMware, Inc. 5
6 VMware, Inc.
About This Book
The vSphere Upgrade Guide describes the following tasks:

®
n Upgrade to VMware vCenter Server 4.0.
n Install vCenter Server 4.0 on a different machine and keep the VirtualCenter 2.x database. You would do
this if you are upgrading from a 32-bit server to a 64-bit server, for example.
n Upgrade to VMware ESX 4.0 from ESX 3.x.
n Upgrade to VMware ESXi 4.0 from ESXi 3.5.
n Upgrade to ESX 4.0 from ESX 2.5.x using upgrade VMotion.
n Upgrade to ESX 4.0 from ESX 2.5.x using cold migration.
n Change ESX to ESXi and the reverse.
n Upgrade VMware Tools and virtual hardware.
To learn how to simplify and automate your datacenter upgrade, see the vCenter Update Manager Administration
Guide.
If you have legacy versions of ESX, ESXi, and VirtualCenter, and you want to migrate to vSphere 4.0 by
performing fresh installations that do not preserve existing data, see the following manuals:
n ESX and vCenter Server Installation Guide
n ESXi Installable and vCenter Server Setup Guide
n ESXi Embedded and vCenter Server Setup Guide
Intended Audience
This book is intended for anyone who needs to upgrade from earlier versions of ESX/ESXi and vCenter Server
to ESX 4.0/ESXi 4.0 and vCenter Server 4.0. The information in this manual is written for experienced Microsoft
Windows or Linux system administrators who are familiar with virtual machine technology and datacenter
operations.
Document Feedback

set.
VMware, Inc. 7


8 VMware, Inc.
Changes to the Upgrade Process 1
VMware vSphere introduces many changes to the upgrade process for vCenter Server and ESX/ESXi.
n “vCenter Server Upgrade,” on page 9
n “Host Upgrade,” on page 9
n “Datastore Upgrade,” on page 10
n “Virtual Machine Upgrade,” on page 10
n “Licensing,” on page 11
vCenter Server Upgrade

The process of upgrading VirtualCenter includes several changes from the upgrade process in previous
releases.
When you upgrade from VirtualCenter 2.x to vCenter Server 4.0, consider the following:
n The unified installer is no longer supported.
The autorun.exe executable file provides an HTML interface that presents the following installers:
n vCenter Server
n vCenter Guided Consolidation
n vSphere Client
n vCenter Update Manager
n vCenter Converter
n The database schema upgrade occurs before the upgrade to vCenter Server. This ensures that your existing
version of VirtualCenter 2.x remains in place until the database schema upgrade completes successfully.
When the database schema upgrade is successful, the upgrade to vCenter Server begins.
Host Upgrade
The process of upgrading ESX/ESXi hosts includes several changes from the upgrade process in previous
releases.
When you upgrade from ESX 3.x/ESXi 3.5 to ESX 4.0/ESXi 4.0, you can use either the vSphere Host Update
Utility or vCenter Update Manager.
VMware, Inc. 9

This tool is for upgrading ESX 3.x/ESXi 3.5 standalone hosts to ESX 4.0/ESXi 4.0 and for patching ESXi 4.0
standalone hosts. A standalone host is an ESX/ESXi host that is not managed in vCenter Server.
This utility is intended for small deployments with fewer than 10 ESX/ESXi hosts and without vCenter Server
or vCenter Update Manager. The utility includes a wizard that guides you through upgrades. While an upgrade
is in progress, the utility provides visual status.
vCenter Update Manager: Orchestrated Datacenter Upgrades

vCenter Update Manager is for upgrading ESX/ESXi hosts that are managed in vCenter Server.
With Update Manager 4.0 you can perform orchestrated upgrades of hosts and virtual machines. Orchestrated
upgrades allow you to upgrade all hosts in the inventory using host upgrade baselines. Orchestrated upgrades
can be used to upgrade the virtual machine hardware and VMware Tools of virtual machines in the inventory
at once, using baseline groups containing the following baselines:
n VM Hardware Upgrade to Match Host
n VMware Tools Upgrade to Match Host
Orchestrated upgrades can be performed at a cluster, folder, datacenter, or individual entity level.
This significantly simplifies the upgrade of hosts and virtual machines.
In addition, this tool enables you to configure policy-based compliance monitoring and remediation. For
example, you can define a host upgrade baseline to upgrade an ESX host to ESX 4.0, a virtual machine upgrade
baseline to upgrade the virtual machine hardware to the latest version, and VMware Tools to the latest version.
To do this, you use wizard-based workflows to first schedule host upgrades for an entire cluster and then
schedule a virtual machine upgrade for all the virtual machines.
Built-in best practices in the wizard workflows prevent erroneous upgrade sequences. For example, the wizard
prevents you from upgrading virtual machine hardware before you upgrade hosts in a cluster. vCenter Update
Manager monitors hosts and virtual machines for compliance against your defined upgrade baselines.
Noncompliance appears in detailed reports and in the dashboard view. vCenter Update Manager supports
mass remediation.
For detailed information about how to use vCenter Update Manager and how to orchestrate upgrades, see the
Datastore Upgrade
No VMFS upgrade is required if you are upgrading from ESX 3.x/ESXi 3.5 with VMFS3 datastores.
Read-only VMFS2 support is deprecated in vSphere 4.0 and might be removed in future vSphere releases.
Virtual Machine Upgrade

Unlike previous releases, when you upgrade to vSphere 4.0, you must upgrade VMware Tools before
upgrading virtual hardware.
CAUTION If you do not perform the upgrade in the correct order, your virtual machines might lose network
connectivity.
To ensure that the virtual machine upgrade happens in the correct order, you can use vCenter Update Manager
to automate the process. See the vCenter Update Manager Administration Guide.
10 VMware, Inc.
Chapter 1 Changes to the Upgrade Process
Licensing
Licensing is centralized in vCenter Server.
If you upgrade all your hosts, you no longer need a license server or host-based license files. All product licenses
are encapsulated in 25-character license keys that you can manage and monitor from vCenter Server.
Each ESX/ESXi host requires one license key. Each vCenter Server instance requires one license key. You cannot
assign multiple license keys to a host or to a vCenter Server system. When you apply a minor upgrade or patch
the ESX/ESXi or vCenter Server software, you do not need to replace the existing license key with a new one.
If you upgrade the edition of the license (for example, from standard to enterprise), you must replace the
existing license key in the inventory with a new upgraded license key.
On the VMware Web site, log in to your account page to access the license portal. From the license portal,
upgrade your legacy licenses. After you upgrade to vCenter Server and ESX 4.0/ESXi 4.0, use the vSphere Client
to assign the upgraded license keys to your assets.
VMware, Inc. 11
12 VMware, Inc.
Example Upgrade Scenarios 2
Upgrade scenarios for vSphere 4.0 include cases with and without clustered hosts, hosts that you upgrade on
the same machine where they are currently running, and hosts that you upgrade using different machines.

n “About the Upgrade Process,” on page 13
n “Upgrading Environments with Host Clusters,” on page 14
n “Upgrading Environments Without Host Clusters,” on page 15
n “Upgrading by Moving Virtual Machines Using VMotion,” on page 16
n “Upgrading by Moving Virtual Machines Using Upgrade VMotion,” on page 18
n “Upgrading by Moving Powered Off or Suspended Virtual Machines (with vCenter Server),” on
page 20
n “Upgrading by Moving Powered Off or Suspended Virtual Machines (Without vCenter Server),” on
page 21
n “Upgrading to vCenter Server on a New Machine,” on page 22
About the Upgrade Process

Upgrading is a multistage process in which procedures must be performed in a particular order. If you follow
the suggested process, you can help ensure a smooth upgrade with a minimum of system downtime.
CAUTION VMware recommends that you read about the upgrade process before attempting to upgrade. If you
do not follow appropriate safeguards, you might lose data and lose access to your servers. Without careful
planning, you might incur more downtime than is necessary.
You must complete the upgrade process in a specific order. If you do not complete each upgrade stage before
moving on, you can lose data and server access. Order is also important within each upgrade stage.
Generally, you can perform the upgrade process for each component in only one direction. For example, after
you upgrade to vCenter Server, you cannot revert to VirtualCenter 2.x. With appropriate backups and
planning, you can restore your original software records.
You can take any amount of time to complete each of the upgrade procedures. However, keep in mind the
following considerations:
n You must complete one procedure before you move to the next procedure.
n Some major procedures include minor substeps. Follow the directions within each procedure regarding
the required sequence of minor substeps.
VMware, Inc. 13
Because certain commands can simultaneously upgrade more than one stage, VMware recommends that you
thoroughly understand the irreversible changes at each stage before you upgrade your production
environments.
To ensure that your datacenter upgrade goes smoothly, you can use vCenter Update Manager to manage the
process for you.
Upgrading Environments with Host Clusters

This example scenario shows how you can use vCenter Update Manager to simplify the host and virtual
machine upgrade process and minimize downtime in environments that include host clusters.
These are the prerequisites for this scenario:
n You must have VirtualCenter 2.x.
n You must have vCenter Update Manager.
n All your hosts must be ESX 3.x/ESXi 3.5.
The following list of tasks provides a high-level overview of the upgrade process.
1 Upgrade VirtualCenter 2.x to vCenter Server 4.0.
a Make sure your database is compatible with vCenter Server 4.0. This release discontinues support for
some database versions and adds support for other database versions. See the Compatibility Matrixes
on the VMware vSphere documentation Web site.
b Make sure that you have the required permissions to perform this procedure. See “Database
Prerequisites,” on page 39.
c Take a full backup of the VirtualCenter 2.x database. See your database documentation.
d Back up the VirtualCenter 2.x SSL certificates. See “Back Up VirtualCenter 2.x,” on page 43.
The downtime required for this upgrade is based on the amount of data in the database. During this time,
you cannot perform provisioning operations, such as cloning or creating virtual machines. The upgrade
from VirtualCenter 2.5 is faster in comparison to the upgrade from VirtualCenter 2.0.x because of
differences in changes to the database schema and the amount of data migration.
After the upgrade, the ESX hosts are automatically reconnected to vCenter Server 4.0. Your VMware High
Availability (HA) and VMware Distributed Resource Scheduler (DRS) clusters are automatically
reconfigured. (Check to ensure that the automatic reconfiguration is successful. In some cases, you might
need to reconfigure the clusters manually.)
For a detailed description of the upgrade procedure, see Chapter 5, “Preparing for the Upgrade to vCenter
Server,” on page 37 and Chapter 6, “Upgrading to vCenter Server 4.0,” on page 45.
2 Install the vSphere Client.
You can install the vSphere Client on the same machine with your previous version of the VI Client. You
must have the previous version of the VI Client to connect to previous versions of VirtualCenter and ESX/
ESXi.
For a detailed description of the procedure, see “Upgrade to the vSphere Client,” on page 56.
3 If your environment has vCenter Converter, upgrade it to the latest version.
4 If your environment has vCenter Guided Consolidation, complete the consolidation plan and then
upgrade it to the latest version.
5 Upgrade to vCenter Update Manager 4.0.
6 Use vCenter Update Manager to upgrade ESX 3.x hosts to ESX 4.0.
14 VMware, Inc.
Chapter 2 Example Upgrade Scenarios
vCenter Update Manager puts the host into maintenance mode before upgrading the host. The downtime
for the procedure depends on the network speed and the server boot time.
In case of upgrade failure, vCenter Update Manager supports rollback to the previous release.
For a detailed description of the procedure, see the vCenter Update Manager Administration Guide.
7 Use vCenter Update Manager to upgrade your virtual machines. vCenter Update Manager ensures that
the VMware Tools upgrade and the virtual hardware upgrade happen in the correct order to prevent loss
of your network connectivity. vCenter Update Manager also performs automatic backups of your virtual
machines in case you need to roll back after the upgrade. You can upgrade clusters without powering off
the virtual machines if Distributed Resource Scheduler is available for the cluster.
8 Upgrade your product licenses:
a Either your new license keys are sent to you in email, or you get them using the license portal.
b Apply the new license keys to your assets using vCenter Server.
Upgrading Environments Without Host Clusters

If you have standalone ESX 3.x/ESXi 3.5 hosts, you can use vSphere Host Update Utility to upgrade your hosts
and the vSphere Client to upgrade your virtual machines.
This scenario assumes that you do not have host clusters and you do not have vCenter Update Manager. In
such a case, you probably do not have VirtualCenter either. If you do have VirtualCenter, the following process
can apply to your environment as well.
The following list of tasks provides a high-level overview of the upgrade process.
1 If you have VirtualCenter, upgrade VirtualCenter 2.x to vCenter Server 4.0.
After the upgrade, the ESX hosts are automatically reconnected to vCenter Server 4.0.
ESXi.
During vSphere Client installation, install the vSphere Host Update Utility. By default, this utility is not
installed. Install it if you plan to use this Windows machine to initiate host upgrades.
3 If your environment has vCenter Converter, upgrade it.
VMware, Inc. 15
5 Use vSphere Host Update Utility to upgrade ESX 3.x/ESXi 3.5 hosts to ESX 4.0.
This procedure involves putting the host into maintenance mode before you upgrade the host. The
downtime for the procedure depends on the network speed and the server boot time.
In case of upgrade failure, the process supports rollback to the previous release.
For a detailed description of the procedure, see Chapter 11, “Upgrade to ESX 4.0 or ESXi 4.0,” on
page 75.
6 Use the vSphere Client to upgrade your virtual machines:
a If they are not already powered on, power on the virtual machines and upgrade to the latest version
of VMware Tools. This upgrade allows you to use the new features of ESX 4.0.
b Power off the virtual machines and upgrade to the latest version of virtual hardware to take advantage
of the new virtual hardware.
The virtual machine upgrade process has changed in this release. In earlier releases, the virtual hardware
upgrade came before the VMware Tools upgrade. For this release, you must upgrade the VMware Tools
before you upgrade the virtual hardware.
b Apply the new license keys to your assets using the vSphere Client (or vCenter Server if you have it).
You must perform these tasks for each ESX/ESXi host and the virtual machines on the hosts.
Upgrading by Moving Virtual Machines Using VMotion

This scenario is known as a migration upgrade. The migration upgrade is a managed transition rather than a
strict upgrade. By using VMotion to move virtual machines directly from one production host to another
production host, you minimize downtime of the virtual machines.
The following example provides a high-level overview of the upgrade process in an environment with ESX 3.x/
ESXi 3.5 and VirtualCenter 2.x, using VMotion to migrate your running virtual machines to ESX 4.0/ESXi 4.0.
The hosts in your environment must be licensed for and able to use VMotion.
You can perform a migration upgrade without VMotion. The only difference is the amount of downtime for
The disadvantage of a migration upgrade is that this plan requires additional resources. A migration upgrade
calls for sufficient resources to run the production environment partly on older hosts and partly on upgraded
hosts. Any required redundancies and safeguards must be available on both upgraded and non-upgraded
infrastructure during the transition.
Prerequisites
The requirements for a migration upgrade with VMotion are as follows:

n One or more machines meeting ESX 4.0/ESXi 4.0 requirements.
n Empty host storage sufficient to hold a portion of your production virtual machines. Ideally, the storage
should be large enough to hold all of the migrated virtual machines. A larger capacity for virtual machines
on this extra storage means fewer operations are required before all your virtual machines are migrated.
16 VMware, Inc.
Before you begin this procedure, complete the following tasks:
ESXi.
5 If your environment has vCenter Update Manager, upgrade it to the latest version.
Procedure
1 Use VMotion to evacuate the virtual machines from the ESX 3.x/ESXi 3.5 hosts.
2 Upgrade to ESX 4.0/ESXi 4.0, or perform a fresh installation of ESX 4.0/ESXi 4.0.
3 Add the ESX 4.0/ESXi 4.0 host to vCenter Server.
For VMotion to work, the ESX 3.x/ESXi 3.5 and ESX 4.0/ESXi 4.0 hosts must be managed by the same
vCenter Server instance.
4 Use VMotion to move virtual machine to the ESX 4.0/ESXi 4.0 host.
What to do next
1 Upgrade your virtual machines:
of VMware Tools. This upgrade allows you to use the new features of ESX 4.0./ESXi 4.0.
of the new virtual hardware. vSphere 4.0 supports some earlier virtual hardware versions. See Basic
System Administration.
VMware, Inc. 17
The virtual machine upgrade process is different for ESX 4.0/ESXi 4.0. In earlier versions, you upgraded
the virtual hardware upgrade before you upgraded VMware Tools. For ESX 4.0/ESXi 4.0, you upgrade
VMware Tools before you upgrade the virtual hardware.
You can use either the vSphere Client or vCenter Update Manager to upgrade virtual machines. In a
clustered environment, VMware recommends that you use vCenter Update Manager . See the vCenter
Update Manager Administration Guide. If you are using the vSphere Client to upgrade virtual machines, see
Chapter 13, “Upgrading Virtual Machines,” on page 85.
You must perform these tasks for each ESX 2.5.x host and the virtual machines on the hosts.
Upgrading by Moving Virtual Machines Using Upgrade VMotion

This scenario is known as a migration upgrade that includes datastore migration. The migration upgrade is a
managed transition rather than a strict upgrade. By using VMotion to move virtual machines directly from
one datastore to another datastore, you minimize downtime of the virtual machines.
The following example provides a high-level overview of the upgrade process in an environment with ESX 2.5.x
and VirtualCenter 1.4.x, using upgrade VMotion to migrate your running virtual machines to ESX 4.0. The
hosts in your environment must be licensed for and able to use VMotion.
You can perform a migration upgrade without VMotion. The only difference is the amount of downtime for
Upgrade VMotion (also known as VMotion with datastore relocation) is a special case in which you perform
a one-way VMotion. In this scenario, you move virtual disks from a VMFS 2 volume to a VMFS 3 volume.
Requirements include persistent-mode disks, a VMFS 2 volume that is visible to the ESX 4.0 host, and
compatible host CPUs.
NOTE Upgrade VMotion is required if you have ESX 2.5.x hosts.
The disadvantage of a migration upgrade is that this plan requires additional resources. A migration upgrade
calls for sufficient resources to run the production environment partly on older hosts and partly on upgraded
hosts. Any required redundancies and safeguards must be available on both upgraded and non-upgraded
infrastructure during the transition.
Prerequisites
The requirements for upgrade VMotion are as follows:

n Empty host storage sufficient to hold a portion of your production virtual machines. Ideally, the storage
should be large enough to hold all of the migrated virtual machines. A larger capacity for virtual machines
on this extra storage means fewer operations are required before all your virtual machines are migrated.
1 Install vCenter Server 4.0. You cannot upgrade VirtualCenter 1.4.x to vCenter Server 4.0. You must perform
a fresh installation.
For the supported operating systems, database types, and other prerequisites, see the Compatibility
Matrixes and the Installation Guide on the VMware vSphere documentation Web site.
2 Install the vSphere Client 4.0.
18 VMware, Inc.
ESXi.
For the supported operating systems and other prerequisites, see the Compatibility Matrixes and the
Installation Guide.
Procedure
1 Install ESX 4.0/ESXi 4.0.
2 Create a VMFS3 datastore with a capacity that is greater than or equal to the VMFS2 datastore on the
ESX 2.5.x host.
3 Add the ESX 4.0/ESXi 4.0 host to vCenter Server.
4 Remove the ESX 2.5.x host from VirtualCenter 1.4.x and add it to vCenter Server 4.0.
For upgrade VMotion to work, the ESX 2.5.x and ESX 4.0/ESXi 4.0 hosts must be managed by the same
vCenter Server.
5 Expose the VMFS2 volume to the ESX 4.0/ESXi 4.0 host.
Upgrade VMotion requires that both the VMFS2 and VMFS3 volume are visible to the ESX 4.0 host. VMFS2
volumes are read-only on ESX 4.0/ESXi 4.0 hosts.
6 Select a powered on virtual machine and migrate it.
Upgrade VMotion copies the disk from VMFS2 to VMFS3. This process takes a varying amount of time,
depending on the size of the disk and the IO load.
The hardware version of the virtual machines is automatically upgraded from version 3 to version 4.
What to do next
1 Optionally, upgrade the virtual machines further.
b Power off the virtual machines and upgrade to the latest version of virtual hardware (version 7) to
take advantage of the new virtual hardware. vSphere 4.0 supports some earlier virtual hardware
versions. See Basic System Administration.
VMware, Inc. 19
Upgrading by Moving Powered Off or Suspended Virtual Machines

(with vCenter Server)
This scenario is known as a cold migration upgrade. When you use cold migration to move virtual machines
from one host to another host, additional downtime is required for the virtual machines.
This scenario assumes that the hosts do not have VMotion.
Prerequisites
The requirements for a cold migration upgrade are as follows:

n Empty host storage sufficient to hold a portion of your virtual machines. Ideally, the storage should be
large enough to hold all of the migrated virtual machines. A larger capacity for virtual machines on this
extra storage means fewer operations are required before all your virtual machines are migrated.
ESXi.
5 If your environment has vCenter Update Manager, upgrade it to the latest version.
20 VMware, Inc.
Procedure
1 Add ESX 4.0/ESXi 4.0 host to vCenter Server 4.0.
2 Add ESX 2.5.x or ESX 3.x/ESXi 3.5 hosts to vCenter Server 4.0.
3 Power off or suspend the virtual machines on the ESX 2.5.x or ESX 3.x/ESXi 3.5 hosts.
4 Move the virtual machines to the ESX 4.0/ESXi 4.0 hosts.
What to do next

Upgrading by Moving Powered Off or Suspended Virtual Machines

(Without vCenter Server)
This scenario is known as a cold migration upgrade. When you use cold migration to move virtual machines
from one host to another host, additional downtime is required for the virtual machines.
This scenario assumes that the hosts do not have VMotion, VirtualCenter, or vCenter Server.
Prerequisites
The requirements for a cold migration upgrade are as follows:

n Empty host storage sufficient to hold a portion of your virtual machines. Ideally, the storage should be
large enough to hold all of the migrated virtual machines. A larger capacity for virtual machines on this
extra storage means fewer operations are required before all your virtual machines are migrated.
Before you begin this procedure, install the vSphere Client. You can install the vSphere Client on the same
machine with your previous version of the VI Client. You must have the previous version of the VI Client to
connect to previous versions of VirtualCenter and ESX/ESXi. For a detailed description of the procedure, see
“Upgrade to the vSphere Client,” on page 56.
VMware, Inc. 21
Procedure
1 Power off or suspend the virtual machines on the ESX 2.5.x or ESX 3.x/ESXi 3.5 host.
IMPORTANT For suspended virtual machine migrations, both hosts must have identical processors.
2 Evacuate the virtual machines from the host by moving the virtual machines to other hosts.
3 Upgrade ESX 3.x/ESXi 3.5 to ESX 4.0, or perform a fresh installation of ESX 4.0. A fresh installation is
required if your legacy hosts are ESX 2.5.x.
4 (Optional) Create a VMFS3 datastore.
5 Move the virtual machines to ESX 4.0 host.
What to do next
Upgrading to vCenter Server on a New Machine

Instead of performing an in-place upgrade to vCenter Server, you might want to use a different machine for
your upgrade.
One common reason for doing this is to upgrade to a 64-bit platform. When you upgrade to vCenter Server on
a new machine, you can keep your existing database where it is or move it. You might want to move your
database to keep the database local to the vCenter Server machine.
Following is an overview of the process:

n Create a backup of the database.
n Optionally, move the database by performing one of the following procedures:
n Restore the database on the destination machine.
n Detach the database from the source machine and attach it to the destination machine.
n Copy the SSL folder onto the destination machine.
n Run the vCenter Server installer on the destination machine.
22 VMware, Inc.
This process is described in detail in Chapter 7, “Upgrading to vCenter Server on a Different Machine and
Keeping the Existing Database,” on page 49.
VMware, Inc. 23
24 VMware, Inc.
Changing Host Types 3
Changing host types from ESX to ESXi (or ESXi to ESX) have no in-place upgrade, but you can migrate existing
virtual machines and datastores or perform an in-place, fresh installation to replace one host type with another.

n “Change ESX to ESXi Installable,” on page 25
n “Change ESXi Embedded to ESX,” on page 25
n “Change ESXi Embedded to ESXi Installable,” on page 26
Change ESX to ESXi Installable

You might choose to replace ESX with ESXi Installable. The method you use for performing this task depends
on whether you need to preserve VMFS datastores.
If you install ESXi Installable on the same disk where ESX is installed, ESXi overwrites the VMFS datastores
on the disk. To prevent this, you can migrate virtual machines from an ESX host to an ESXi host.
Procedure
1 Choose a method to replace ESX with ESXi.

n If you do not want to preserve the virtual machines on the datastore, install ESXi on the disk on which
ESX is installed.
ESXi writes over ESX.
See the Setup Guide.

n If you do want to preserve the virtual machines on the datastore, migrate virtual machines from an
ESX host to an ESXi host .
See Basic System Administration.
2 Use the vSphere Client to reregister the virtual machines on the ESXi host.
Change ESXi Embedded to ESX

You might choose to replace ESXi Embedded with ESX.
Prerequisites
You must have an ESXi Embedded host. An ESXi Embedded host is a physical server that contains an ESX
image preinstalled as firmware in the factory or burned onto an external USB key.
VMware, Inc. 25
Procedure
1 Choose a method to replace ESXi Embedded with ESX.

n If you do not want to preserve the virtual machines on the datastore, disable ESXi Embedded and
install ESX. See the ESXi Embedded Setup Guide and the ESX Installation Guide.
n If you do want to preserve the virtual machines on the datastore, migrate virtual machines from an
ESXi host to an ESX host. See Basic System Administration.
2 Reregister the virtual machines with the ESX host by using vSphere Client.
Change ESXi Embedded to ESXi Installable

You might choose to replace ESXi Embedded with ESXi Installable. ESXi Installable is a physical server that
contains an ESX image installed on a local hard drive.
IMPORTANT ESXi Installable and ESXi Embedded can exist on the same host. However, having them on the
same host causes ESXi upgrades to fail, so coexistence is not supported.
CAUTION Overwriting the ESXi Embedded image might cause you to lose drivers installed by your hardware
vendor.
Prerequisites
You must have an ESXi Embedded host. An ESXi Embedded host is a physical server that contains an ESX
image preinstalled as firmware in the factory or burned onto an external USB key.
Procedure
1 Install ESXi Installable on the machine's hard disk.
2 Copy virtual machines from the ESXi Embedded VMFS datastore to the ESXi Installable VMFS datastore.
3 Reboot the machine and configure the boot setting to boot from the hard disk where you installed ESXi
rather than the USB disk.
4 If you can remove the ESXi Embedded USB device, remove it. If the USB device is internal, clear or
overwrite the USB partitions.
Removing or overwriting ESXi Embedded is required so that the ESXi host can be upgraded in the future.
26 VMware, Inc.
System Requirements 4
Hosts running vCenter Server and ESX must meet specific hardware and operating system requirements.
n “ESX Hardware Requirements,” on page 27
n “ESXi Hardware Requirements,” on page 30
n “vCenter Server and the vSphere Client Hardware Requirements,” on page 32
n “vCenter Server Software Requirements,” on page 33
n “vSphere Client Software Requirements,” on page 34
n “Support for 64-Bit Guest Operating Systems,” on page 34
n “Requirements for Creating Virtual Machines,” on page 34
n “Required Ports,” on page 34
n “Supported Remote Management Firmware Versions,” on page 35

64-Bit Processor
RAM
2GB RAM minimum
Network Adapters
VMware, Inc. 27


controllers.
n LSI1068 (SAS 5)
n Supported on-board SATAs include:
n Intel ICH9
n Nvidia MCP55

SATA controllers.
28 VMware, Inc.
Recommendations for Enhanced ESX Performance

There are several things you can do to enhance ESX performance, including using multiple physical disks,
such as SCSI disks, Fibre Channel LUNs, and RAID LUNs.
Following are some recommendations for enhanced performance:

n RAM – The ESX host might require more RAM for the service console if you are running third-party
management applications or backup agents.
n Network adapters for virtual machines – Dedicated Gigabit Ethernet cards for virtual machines, such as
Intel PRO 1000 adapters, improve throughput to virtual machines with high network traffic.
n Disk location – For best performance, store all data used by your virtual machines on physical disks
allocated to virtual machines. These physical disks should be large enough to hold disk images used by
all the virtual machines.
n Processors – Faster processors improve ESX performance. For certain workloads, larger caches improve
ESX performance.
n Hardware compatibility – Use devices in your server that are supported by ESX 4.0 drivers. See the
Tested Software and Firmware for Creating ESX Installation Media

Before you install ESX, you might need to burn the ESX installation ISO image onto DVD or USB media. Review
the firmware and software that VMware has tested and has confirmed works.
VMware has tested these combinations, however, other combinations might work as well.
Table 4-1 lists the tested combinations for burning the ESX installation ISO image onto DVD media.
Table 4-1. Tested Combinations for DVD

DVD Drive (Make, Model, and BIOS) Software to Burn DVD DVD Media
Phillips + RW DVD8801 Roxio Creator Classic version: 6.1.1.48 SONY DVD +RW 120min / 4.7 GB
Philips PLDS DVD + RW DH-16A6S Roxio Creator version: 3.3.0 SONY DVD+RW
Philips PLDS DVD + RW DH-16W1S Roxio Creator version: 3.3.0 SONY DVD+RW
Philips BenQ PBDS + RW DH-16W1S Roxio Creator version: 3.3.0 SONY DVD+RW
HL-DT-ST DVD+-RW GSA-H53N Burn4Free V.4.6.0.0 SONY DVD+RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Memorex DVD-R
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Office Depot DVD+RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 Ativa DVD-RW
Dell/_NEC DVD +-RW ND-3530A Roxio Creator Classic version: 6.1.1.48 TDK DVD+R
Verbatim DVD+R
SONY DVD-R
Maxell DVD+R
Table 4-2 lists the tested combinations for burning the ESX installation ISO image onto USB media.
Table 4-2. Tested Combinations for USB

Iomega Rev: XY13
LaCie Rev: LA00
VMware, Inc. 29
Table 4-2. Tested Combinations for USB (Continued)

LG 8x portable DVD Rewriter Rev: KE01
SONY DVD+- R 20X Rev: SS01
ESXi Hardware Requirements

Make sure the host meets the minimum hardware configurations supported by ESXi 4.0.
You need the following hardware and system resources to install and use ESXi 4.0:
n Supported server platform (for a list of supported platforms, see the Systems Compatibility Guide)
n VMware ESXi 4.0 will only install and run on servers with 64-bit x86 CPUs.
n 2GB RAM minimum
n One or more Gigabit or 10Gb Ethernet controllers. For a list of supported network adapter models, see the
n One or more of the following controllers (any combination can be used):
n Basic SCSI controllers – Adaptec Ultra-160 or Ultra-320, LSI Logic Fusion-MPT, or most NCR/Symbios
SCSI.
n RAID controllers – Dell PERC (Adaptec RAID or LSI MegaRAID) or IBM (Adaptec) ServeRAID
controllers.
n SCSI disk or a local (non-network) RAID LUN with unpartitioned space for the virtual machines.
controllers.
NOTE You cannot connect a SATA CD-ROM device to a virtual machine on an ESXi 4.0 host. To use the
SATA CD-ROM device, you must use IDE emulation mode.
ESXi 4.0 Installable supports installing on and booting from the following storage systems:
n SATA disk drives – SATA disk drives connected behind supported SAS controllers or supported on-board
SATA controllers.
Supported SAS controllers include:
n LSI1068 (SAS 5)
30 VMware, Inc.
Supported on-board SATA include:

n Intel ICH9
n Nvidia MCP55
NOTE Sharing VMFS datastores on SATA disks across multiple ESXi 4.0 hosts is not supported.
n SCSI disk drives – Supported for installing ESXi 4.0 and for storing virtual machines.
n Serial Attached SCSI (SAS) disk drives – Supported for installing ESXi 4.0 and for storing virtual machines
on VMFS partitions.
Recommendation for Enhanced ESXi Performance

To enhance performance, VMware recommends that you install ESXi on a robust system with more RAM than
the minimum required and with multiple physical disks.
Consider the following recommendations for enhanced performance:

n RAM – ESXi 4.0 hosts require more RAM than typical servers. An ESXi 4.0 host must be equipped with
sufficient RAM to run concurrent virtual machines.
For example, operating four virtual machines with Red Hat Enterprise Linux or Windows XP requires at
least 3GB of RAM for baseline performance. This includes approximately 1024MB for the virtual machines
(256MB minimum for each operating system as recommended by vendors).
Running these four virtual machines with 512MB RAM requires that the ESXi 4.0 host be equipped with
approximately 4GB RAM, which includes 2048MB for the virtual machines.
These calculations do not take into account possible memory savings from using variable overhead
memory for each virtual machine. See the Resource Management Guide.
n Dedicated Fast Ethernet adapters for virtual machines – Place the management network and virtual
machine networks on different physical network cards. Dedicated Gigabit Ethernet cards for virtual
machines, such as Intel PRO 1000 adapters, improve throughput to virtual machines with high network
traffic.
n Disk location – Place all data used by your virtual machines on physical disks allocated specifically to
virtual machines. Performance is better when you do not place your virtual machines on the disk
containing the ESXi 4.0 Installable boot image. Use physical disks that are large enough to hold disk images
used by all the virtual machines.
n VMFS3 partitioning – The ESXi 4.0 installer creates the initial VMFS volumes automatically on blank local
disks. To add disks or modify the original configuration, use the vSphere Client. This application ensures
that the starting sectors of partitions are 64K-aligned, which improves storage performance.
NOTE For SAS-only environments, the installer might not format the disks. For some SAS disks, it is
difficult to identify whether the disks are local or remote. After the installation, you can use the vSphere
Client to set up VMFS.
n Processors – Faster processors improve ESXi 4.0 performance. For certain workloads, larger caches
improve ESXi 4.0 performance.
n Hardware compatibility – Use devices in your server that are supported by ESXi 4.0 drivers. See the
VMware, Inc. 31


n CPU – 2 CPUs
Minimum Requirements for the vSphere Client

n CPU – 1 CPU
32-Bit or 64-Bit Operating System for vCenter Server

When you have up to 200 hosts, you can use a 32-bit Windows operating system, but a 64-bit Windows
operating system is preferred. When you have 200-300 hosts, a 64-bit Windows operating system is required.
32 VMware, Inc.
Recommendations for Optimal Performance

Depending on the number of ESX hosts and virtual machines in your environment, the following system
requirements should be used as guidelines for optimal performance.
IMPORTANT The recommended disk sizes assume default log levels. If you configure more granular log levels,
more disk space is required.
Table 4-3 summarizes the requirements for a medium deployment.

Table 4-4 summarizes the requirements for a large deployment.

Table 4-5 summarizes the requirements for an extra-large deployment.
vCenter Server must be hosted on a 64-bit Windows operating system for this configuration.

Requirements for Installing vCenter Server on a Custom Drive

If you install vCenter Server on the E:\ drive or on any custom drive, note the following space requirements:
n 601MB on the custom drive for vCenter Server
n 1.13GB on the C:\ drive for Microsoft .NET 3.0 SP1, Microsoft ADAM, Microsoft SQL Server 2005 Express
(optional), and Microsoft Visual C++ 2005 Redistributable
n 375MB for the custom drive %temp% directory

VMware, Inc. 33

Web site.
Support for 64-Bit Guest Operating Systems

ESX offers support for several 64-bit guest operating systems.
See the Guest Operating System Installation Guide for a complete list.
64-bit guest operating systems have specific hardware requirements:

n For AMD Opteron-based systems, the processors must be Opteron Rev E and later.
n For Intel Xeon-based systems, the processors must include support for Intel Virtualization Technology
(VT). Many servers that include CPUs with VT support might ship with VT disabled by default, so you
must enable VT manually. If your CPUs support VT but you do not see this option in the BIOS, contact
your vendor to request a BIOS version that lets you enable VT support.
To determine whether your server has 64-bit VMware support, you can download the CPU Identification
Utility at the VMware downloads page: http://www.vmware.com/download/shared_utilities.html.
Requirements for Creating Virtual Machines

To create a virtual machine, the ESX/ESXi host must be able to support a virtual process, a virtual chip set, and
a virtual BIOS.
Each ESX/ESXi machine has the requirements shown in Table 4-6.
Table 4-6. Requirements for Creating Virtual Machines

Component Requirements
Virtual processor One, two, or four processors per virtual machine

NOTE If you create a two-processor virtual machine, your ESXi machine must have at
least two physical processors. For a four-processor virtual machine, your ESXi machine
must have at least four physical processors.
Virtual chip set Intel 440BX-based motherboard with NS338 SIO chip
Virtual BIOS PhoenixBIOS 4.0 Release 6
Required Ports
vCenter Server requires certain ports to send and receive data.
The vCenter Server system must be able to send data to every managed host and receive data from every
vSphere Client. To enable migration and provisioning activities between managed hosts, the source and
destination hosts must be able to receive data from each other.
34 VMware, Inc.
VMware uses designated ports for communication. Additionally, the managed hosts are listening for data from
the vCenter Server system on designated ports. If a firewall exists between any of these elements and Windows
firewall service is in use, the installer opens the ports during the installation. For custom firewalls, you must
manually open the required ports. If you have a firewall between two managed hosts and you want to perform
source or target activities, such as migration or cloning, you must configure a means for the managed hosts to
receive data.
NOTE In Microsoft Windows 2008, a firewall is enabled by default.
Table 4-7 lists the default ports that are required for communication between components.
Table 4-7. Required Ports

Port Description
80 vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port
443. This is useful if you accidentally use http://server instead of https://server.
389 This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port
number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind
to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another
service is running on this port, it might be preferable to remove it or change its port to different port. If
needed, you can run the LDAP service on any port from 1025 through 65535.
If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389
to an available port from 1025 through 65535.
443 The default port that the vCenter Server system uses to listen for connections from the vSphere Client.
To enable the vCenter Server system to receive data from the vSphere Client, open port 443 in the firewall.
The vCenter Server system also uses port 443 to listen for data transfer from the vSphere Web Access
Client and other SDK clients.
If you use another port number for HTTPS, you must use <ip-address>:<port> when you log in to the
vCenter Server system.
636 For vCenter Linked Mode, this is the SSL port of the local instance. If another service is running on this
port, it might be preferable to remove it or change its port to different port. If needed, you can run the
SSL service on any port from 1025 through 65535.
902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also
send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be blocked
by firewalls between the server and the hosts, or between hosts.
902/903 Ports 902 and 903 must not be blocked between the vSphere Client and the hosts. These ports are used
by the vSphere Client to display virtual machine consoles.
8080 Web Services HTTP. Used for the VMware VirtualCenter Management Webservices.
8443 Web Services HTTPS. Used for the VMware VirtualCenter Management Webservices.
If you want the vCenter Server system to use a different port to receive vSphere Client data, see Basic System
Administration.
To tunnel the vSphere Client data through the firewall to the receiving port on the vCenter Server system, see
Basic System Administration. VMware does not recommended this method because it disables the vCenter Server
console function.
For a discussion of firewall configuration, see the Server Configuration Guide.
Supported Remote Management Firmware Versions

You can use remote management applications for installing ESX or for remote management of ESX/ESXi.
Table 4-8 lists the remote management firmware versions that are supported for installing ESX 4.0 remotely.
NOTE If you are using a remote management application to access the ESXi direct console, consider enabling
high-contrast mode in the direct console by pressing F4.
VMware, Inc. 35
Table 4-8. Supported Remote Management Server Models and Firmware Versions
Remote Controller
Make and Model DRAC Firmware Java ActiveX
DRAC 5 1.4 Not applicable 1.4.2_19
1.45 (08.10.06) 2.1,0,14 1.6.0.50
1.40 (08.08.22) 2,1,0,14 1.6.0_11
1.20 (07.03.02) 1.4.2_06 2,1,0,13
1.33 1.6.0_07 2,1,0,14
1.32 (07.12.22) 1.4.2_13 2,1,0,13
1.0 (06.05.12) 1.4.2_13 2,1,0,13
1.32 1.6.0_11 2,1,0,14
1.2 1.6.0_11 2,1,0,14
1.45 (09.01.16) 1.6.0_11 2,1,0,14
1.3 1.6.0_11 2,1,0,14
1.33 1.6.0_11 2,1,0,13
DRAC 4 1.7 1.4.2_06 2,1,0,14
ILO .26 1.6.0_11 2,1,0,14
1.7 1.4.2_19 Not applicable
ILO2 1.91 (07/26/2009) 1.6.0_07 2,1,0,14
1.29 (2/28/2007) 1.4.2_13 Not applicable
RSA 1.09 1.6.0_11 2,1,0,14
1.06 1.6.0_11 2,1,0,14
36 VMware, Inc.
Preparing for the Upgrade to vCenter
Server 5
Before you upgrade to vCenter Server, review the prerequisites.
n “About the vCenter Server 4.0 Upgrade,” on page 37
n “vCenter Server Upgrade Summary,” on page 37
n “Prerequisites for the vCenter Server Upgrade,” on page 38
n “vCenter Server Database Patch and Configuration Requirements,” on page 40
n “Database Scenarios,” on page 41
n “Configure vCenter Server to Communicate with the Local Database After Shortening the Computer
Name to 15 Characters or Fewer,” on page 42
n “Back Up VirtualCenter 2.x,” on page 43
n “Downtime During the vCenter Server Upgrade,” on page 43
About the vCenter Server 4.0 Upgrade

If you have VirtualCenter 2.x and you want to manage ESX 4.0/ESXi 4.0, you must upgrade the VirtualCenter
software to vCenter Server 4.0.
ESX 4.0 and ESXi 4.0 hosts that are managed together in a vCenter Server system can run the same virtual
machines, use VMotion to migrate virtual machines between the hosts, and access the same datastores.
You can manage ESX 3.x/ESXi 3.5 hosts in the same cluster with ESX 4.0/ESXi 4.0 hosts. You can manage ESX
2.x as standalone hosts in a vCenter Server system. ESX 2.x hosts cannot be added to clusters.
vCenter Server Upgrade Summary

The upgrade to vCenter Server impacts other software components of your datacenter.
Table 5-1 summarizes the impacts on your datacenter components.
Table 5-1. Upgrading vCenter Server Components

Product Component Description
vCenter Server VI Client 1.x Not supported
VirtualCenter Server 1.x Not supported
vSphere Client 4.0 Install
VirtualCenter Server 2.0 Upgrade
VMware, Inc. 37
Table 5-1. Upgrading vCenter Server Components (Continued)

Product Component Description
VirtualCenter Server 2.5 Upgrade
vCenter Server 4.0 Install
Oracle database Verify that your database is supported. Upgrade if necessary.

Oracle 9i is no longer supported.
SQL database Verify that your database is supported. Upgrade if necessary.

Microsoft SQL Server 2000 is no longer supported.
Linked Mode Cannot join a Linked Mode group during the upgrade procedure.
Join after the upgrade to vCenter Server is complete.
License server License server To manage ESX 3.x/ESXi 3.5 hosts, verify that the vCenter Server
system is configured to use a license server. Install a license server if
necessary.
ESX ESX 2.5 host Supported with vCenter Server 4.0, but cannot add the hosts to
clusters.
VMFS2 volumes Supported as read-only (deprecated)
VM2 virtual machines Upgrade (optional)
VMDK2 virtual disk Not supported with vCenter Server 4.0
ESX MUI No change
VMware Tools Upgrade (optional)
ESX 3.x/ESXi 3.5 host Upgrade to ESX 4.0 (optional)
VMFS3 volumes No change
VM3 virtual machines Upgrade to VM4 or VM7 (optional)
VMDK3 virtual disk Not supported with vCenter Server 4.0
Prerequisites for the vCenter Server Upgrade

Before you begin the upgrade to vCenter Server, make sure you have the vCenter Server system and the
database are properly prepared.

The following items are prerequisites for completing the upgrade to vCenter Server:
n VirtualCenter Server 2.x installed on a machine that supports vCenter Server 4.0.
n VMware vCenter Server 4.0 installation media.
n License keys for all purchased functionality.
If you do not currently have the license key, you can install in evaluation mode and use the vSphere Client
to enter the license key later.
n The installation path of the previous version of VirtualCenter must be compatible with the installation
requirements for Microsoft Active Directory Application Mode (ADAM/AD LDS). For example the
installation path cannot have commas (,) or periods (.). If your previous version of VirtualCenter does
not meet this requirement, you must perform a clean installation of vCenter Server 4.0.
controller, primary or backup.
n Make sure that the computer name has no more than 15 characters.
38 VMware, Inc.
Chapter 5 Preparing for the Upgrade to vCenter Server
n vCenter Server 4.0 uses TCP/IP Ports 80 and 443 for the VMware vSphere Web client. You cannot run
vCenter Server on the same machine as a Web server using TCP/IP port 80 (HTTP) or port 443 (HTTPS)
because doing so causes port conflicts.
n If you use vCenter Guided Consolidation Service in the VirtualCenter 2.x environment, complete the
consolidation plan before you upgrade to vCenter Server 4.0. The upgrade to vCenter Server 4.0 does not
preserve or migrate any data gathered by the vCenter Guided Consolidation Service. After the upgrade,
all of the data is cleared, and you cannot restore it.
n Back up the SSL certificates that are on the VirtualCenter 2.x system before you upgrade to
vCenter Server 4.0.
n If you upgrade to vCenter Server on Windows Server 2003 SP1, the disk for the installation directory must
have the NTFS format, not the FAT32 format.
n If you use DHCP instead of a static IP address for vCenter Server, make sure that the vCenter Server
computer name is updated in the domain name service (DNS). One way to test this is by pinging the
computer name. For example, if the computer name is host-1.company.com, run the following command
in the Windows command prompt:
Database Prerequisites
Before you upgrade to vCenter Server, consider the following points:
n If your database server is not supported by vCenter Server, perform a database upgrade to a supported
version or import your database into a supported version. See “Database Scenarios,” on page 41.
n You must perform a complete backup of your VirtualCenter 2.x database before you begin the
vCenter Server upgrade. The VirtualCenter 2.x database schema is not compatible with vCenter Server 4.0.
The vCenter Server 4.0 installer upgrades your existing VirtualCenter Server database schema with extra
fields, thus making the database unusable by VirtualCenter 2.x.
n You must have login credentials, the database name, and the database server name that will be used by
the vCenter Server database. The database server name is typically the ODBC System data store name
(DSN) connection name for the vCenter Server database.
n To use a newly supported Oracle database, such as Oracle 11g, you do not need to perform a clean
installation of vCenter Server if your existing database is also Oracle. For example, you can first upgrade
your existing Oracle 9i database to Oracle 10g or Oracle 11g and then upgrade VirtualCenter 2.x to
vCenter Server 4.0.
n To use a newly supported SQL database, such as Microsoft SQL 2008, you do not need to perform a clean
installation of vCenter Server if your existing database is also Microsoft SQL Server. For example, you can
upgrade a Microsoft SQL Server 2000 database to Microsoft SQL Server 2005 or Microsoft SQL Server 2008
and then upgrade VirtualCenter 2.x to vCenter Server 4.0.
n If you are upgrading from VirtualCenter 2.0.x and you are using the previously bundled demonstration
MSDE database, you must perform a clean installation of vCenter Server. VirtualCenter 2.0.x with the
demonstration MSDE database has no supported upgrade path to vCenter Server 4.0.
n If you are upgrading from VirtualCenter 2.5 with the bundled SQL Server 2005 Express, you do not need
to perform a clean installation of vCenter Server.
n If you have a Microsoft SQL database and you are upgrading from VirtualCenter 2.0.x, make sure that
bulk logging is enabled. You can disable it after the upgrade is complete.
n If you have a Microsoft SQL database, your system DSN must be using the SQL Native Client driver.
VMware, Inc. 39
n Make sure that the database user has the following permissions:
n Oracle Either assign the DBA role or grant the following permissions to the
user:
grant connect to <user>
grant resource to <user>
grant create view to <user>
grant create any sequence to <user> # For upgrade from VC 2.0.x
grant create any table to <user> # For upgrade from VC 2.0.x
grant execute on dbms_lock to <user> # For upgrade from VC 2.0.x/
2.5
grant unlimited tablespace to <user> # To ensure sufficient
space
After the upgrade is complete, you can optionally remove the following
permissions from the user profile: create any sequence and create any
table.
By default, the RESOURCE role has the CREATE PROCEDURE,

CREATE TABLE, and CREATE SEQUENCE privileges assigned. If the
RESOURCE role does not have these privileges, grant them to the
vCenter Server database user.
n Microsoft SQL Server Make sure that the database login has the db_owner fixed database role
on the vCenter Server database and on the MSDB database. The
db_owner role on the MSDB database is required for installation and
upgrade only. You can revoke this role after the installation or upgrade
process is complete.
n Also review “Database Scenarios,” on page 41.
vCenter Server Database Patch and Configuration Requirements

After you choose a database type, make sure you understand the configuration and patch requirements for
the database.
NOTE vCenter Update Manager also requires a database. VMware recommends that you use separate
databases for vCenter Server and vCenter Update Manager.
If your VirtualCenter 2.x database is not supported for upgrade to vCenter Server 4.0, first upgrade your
database (or import your database into a database that is supported for upgrade to vCenter Server) and then
upgrade to vCenter Server.
Table 5-2 lists the configuration and patch requirements for the databases that are supported for upgrade to
vCenter Server. If your database is not listed in this table, see “Database Scenarios,” on page 41.
For a complete list of database versions supported with vCenter Server, see the Compatibility Matrixes on the
VMware vSphere documentation Web site.
40 VMware, Inc.
Table 5-2. Configuration and Patch Requirements

Database Type Patch and Configuration Requirements
Microsoft SQL Server Bundled database that you can use for small deployments of up to 5 hosts and 50 virtual
2005 Express machines.
You cannot install the bundled database during an upgrade to vCenter Server. If you want to
use the bundled database, Microsoft SQL Server 2005 Express must be already installed or you
must perform a clean installation of vCenter Server.
Microsoft SQL Server For Microsoft Windows XP, apply MDAC 2.8 SP1 to the client. Use the SQL Native Client driver
2005 (version 9.x) for the client.
Microsoft SQL Server For Microsoft Windows XP, apply MDAC 2.8 SP1 to the client. Use the SQL Native Client driver
2008 (version 10.x) for the client.
Oracle 10g If necessary, first apply patch 10.2.0.3 (or later) to the client and server. Then apply patch 5699495
to the client.
For the Oracle Instant client, copy ojdbc14.jar to the vCenter Server tomcat directory (<vCenter
The Oracle 10g client comes with ojdbc14.jar (<Oracle client install location>\oracle
\product\10.2.0\<instance_name>\jdbc\lib). The vCenter Server installer copies the file
from the Oracle client install location to the vCenter Server tomcat directory (<vCenter
Oracle 11g Ensure that the machine has a valid ODBC DSN entry.
For the Oracle Instant client, copy ojdbc14.jar to the vCenter Server tomcat directory (<vCenter
The Oracle 11g client comes with ojdbc14.jar (<Oracle client install location>\app
\Administrator\product\11.1.0\<instancename>\sqldeveloper\jdbc\lib). The
vCenter Server installer copies the file from the Oracle client install location to the vCenter
Server tomcat directory (<vCenter install location>\Infrastructure\tomcat\lib)
Database Scenarios
When you upgrade to vCenter Server 4.0, you must make sure your database is supported with
vCenter Server 4.0.
Table 5-3 lists the database types that you can use with either VirtualCenter 2.x or vCenter Server, or both. This
is not a list of supported database versions. For a list of supported database versions, see the Compatibility
Matrixes on the VMware vSphere documentation Web site. The purpose of Table 5-3 is to describe the
vCenter Server upgrade scenarios for each database type.
Table 5-3. vCenter Server Upgrade Scenarios for Each Database Type
Supported in Supported in
Database Type VirtualCenter 2.x vCenter Server 4.0 Supported Scenario
Experimental Yes (VirtualCenter 2.0.x) No After you upgrade to a database server that is
MSDE database supported by vCenter Server, you can perform
a fresh installation or upgrade to
vCenter Server.
Microsoft SQL Yes Yes You can perform a fresh installation or

Server 2005 upgrade to vCenter Server.
Express
VMware, Inc. 41
Table 5-3. vCenter Server Upgrade Scenarios for Each Database Type (Continued)
Supported in Supported in
Database Type VirtualCenter 2.x vCenter Server 4.0 Supported Scenario
Microsoft SQL Yes No After you upgrade to a database server that is

Server 2000 supported by vCenter Server, you can perform
vCenter Server.
Microsoft SQL Yes Yes You can perform a fresh installation or

Microsoft SQL No Yes You can perform a fresh installation or

Oracle 9i Yes No After you upgrade to a database server that is

supported by vCenter Server, you can perform
vCenter Server.
Oracle 10g Yes Yes You can perform a fresh installation or

Oracle 11g No Yes You can perform a fresh installation or

If you perform a fresh installation of vCenter Server 4.0, you can then import your database information into
a database that is supported by vCenter Server 4.0. For information about performing a fresh installation, see
the ESX and vCenter Server Installation Guide or the ESXi and vCenter Server Setup Guide. For information about
importing your database, see your database documentation or consult your database administrator.
Configure vCenter Server to Communicate with the Local Database

After Shortening the Computer Name to 15 Characters or Fewer
The machine on which you install or upgrade to vCenter Server must have a computer name that is 15
characters or fewer. If your database is located on the same machine that vCenter Server will be installed on
and you have recently changed the name of this machine to comply with the name-length requirement, make
sure the vCenter Server DSN is configured to communicate with the new name of the machine.
Changing the vCenter Server computer name impacts database communication if the database server is on the
same computer with vCenter Server. If you have changed the machine name, verify that communication
remains intact by completing the following procedure.
The name change has no impact on communication with remote databases. You can skip this procedure if your
database is remote.
NOTE The name-length limitation applies to the vCenter Server system. The data source name (DSN) and
remote database systems can have names with more than 15 characters.
Check with your database administrator or the database vendor to make sure all components of the database
are working after you rename the server.
Procedure
1 Make sure the database server is running.
2 Make sure that the vCenter Server computer name is updated in the domain name service (DNS).
One way to test this is by pinging the computer name. For example, if the computer name is
host-1.company.com, run the following command in the Windows command prompt:
42 VMware, Inc.
3 Update the data source information, as needed.
4 Verify the data source connectivity.
Back Up VirtualCenter 2.x

You must back up a VirtualCenter 2.x system to ensure that you can restore your previous configuration of
VirtualCenter if the vCenter Server upgrade does not complete successfully.
If you begin the upgrade to vCenter Server, and you did not back up your VirtualCenter 2.x database and SSL
certificates, you cannot restore your previous VirtualCenter configuration. You cannot roll back your database
to the previous database schema. The only way to recover from an unsuccessful upgrade is to use your backed
up database and SSL certificates.
Procedure
1 Make a full backup of the VirtualCenter 2.x database.
See your database documentation.
2 Back up the VirtualCenter 2.x SSL certificates.
a Copy the SSL certificate folder under %ALLUSERSPROFILE%\Application Data\VMware\VMware

VirtualCenter or %ALLUSERSPROFILE%\VMware\VMware VirtualCenter\.
b Paste it at the backup location.
3 Take notes on the existing VirtualCenter installation regarding the selections, settings, and information
used. For example, note any nondefault settings, such as the IP address, the database DSN, user name,
password, and assigned ports.
4 Create a backup copy of vpxd.cfg.
What to do next
Continue with the upgrade to vCenter Server.
Downtime During the vCenter Server Upgrade

When you upgrade to vCenter Server, no downtime is required for the ESX/ESXi hosts that vCenter Server is
managing. Nor is downtime required for the virtual machines that are running on the hosts. Downtime is
required for vCenter Server.
Expect downtime for vCenter Server as follows:

n VMware estimates that the upgrade requires vCenter Server to be out of production for 10 minutes, plus
15 to 20 minutes for the database schema upgrade, depending on the size of the database. This estimate
does not include host reconnection after the upgrade.
If the machine does not have Microsoft .NET Framework already installed, a reboot will be required after
the upgrade to vCenter Server.
n VMware Distributed Resource Scheduler does not work while the upgrade is in progress. VMware HA
does work during the upgrade.
VMware, Inc. 43
44 VMware, Inc.
Upgrading to vCenter Server 4.0 6
The upgrade to vCenter Server includes a database schema upgrade and an upgrade of VirtualCenter 2.x.
n “About the Database Upgrade Wizard,” on page 45
n “Upgrade to vCenter Server,” on page 45
About the Database Upgrade Wizard

The Database Upgrade wizard updates the schema of the VirtualCenter database. The Database Upgrade
wizard runs after you complete the vCenter Server installation wizard.
When you perform an upgrade to vCenter Server, you must use a VirtualCenter 2.x database that is supported
for upgrade by vCenter Server 4.0.
The Database Upgrade wizard runs after you click Install in the vCenter Server installer. The Database
Upgrade wizard upgrades the database schema to make it compatible with vCenter Server 4.0. The schema
defines the tables, the fields in each table, and the relationships between fields and tables.
If you are upgrading from VirtualCenter 2.5, the Database Upgrade wizard runs in the background. If you are
upgrading from VirtualCenter 2.0.x, the Database Upgrade wizard appears and you must complete the wizard.
The Database Upgrade wizard does not upgrade an unsupported database version (for example, Oracle 9i)
into a supported database.
CAUTION You cannot use the updated database schema with previous versions of VirtualCenter. You cannot
roll back the schema update. You must create a back up of your database before you upgrade your database
and before you begin the upgrade to vCenter Server.
Upgrade to vCenter Server

The vCenter Server installer detects any VirtualCenter 2.x release and upgrades it.
This procedure requires downtime for the VirtualCenter Server that you are upgrading. No virtual machines
need to be powered off.
If the upgrade fails, there is no automatic rollback to the previous VirtualCenter version.
Prerequisites
The prerequisites for upgrading to vCenter Server include requirements for the vCenter Server system and
requirements for the database. See “Prerequisites for the vCenter Server Upgrade,” on page 38.
VMware, Inc. 45
Procedure
1 Select Start > Control Panel > Administrative Tools > Services > VMware VirtualCenter Server to stop
the service.
This step is recommended, especially if the VirtualCenter database is on a remote system.
2 As Administrator on the Windows system, insert the VMware vCenter Server Installation CD or double-
click autorun.exe.
3 When the vCenter Server Installer page appears, click vCenter Server.
4 Select a language for the installer and click OK.

5 The Welcome page informs you that an earlier version of VirtualCenter is on the computer and will be
upgraded to vCenter Server 4.0.
When the Welcome page appears, click Next.
7 Type your vCenter Server license key and clickNext.
If you omit the license key, vCenter Server will be in evaluation mode. After installation, you can convert
vCenter Server to licensed mode by entering the license key using the vSphere Client.
8 Enter the database password that corresponds to the username and DSN that the installer displays and
click Next.
You can omit the database username and password if the DSN is using Windows NT authentication.
If you specify a remote SQL Server database that uses Windows NT authentication, the database user and
the logged-in user on the vCenter Server machine must be the same.
9 Select whether to upgrade the vCenter Server database schema.

n Select Yes, I want to upgrade my vCenter Server database to continue with the upgrade to
vCenter Server.
n Select No, I do not want to upgrade my vCenter Server database if you do not have a backup copy
of your database.
If you choose this option, you cannot continue the upgrade. Cancel the upgrade, back up your
VirtualCenter environment (as described in “Back Up VirtualCenter 2.x,” on page 43), and restart the
upgrade process.
If the database schema is current, this dialog does not appear.
10 Click I have taken a backup of the existing vCenter Server database and SSL certificates and click
Next.
11 Specify the account for the vCenter Service to run in.

n Click Next to use the SYSTEM account. You cannot use the SYSTEM account if you are using Windows
authentication for SQL Server.
n Deselect Use SYSTEM Account, accept the default Administrator account name and password, and
click Next.
n Deselect Use SYSTEM Account and enter a different Administrator account name and password.
12 Enter the port numbers to use or accept the default port numbers shown on the page and click Next.
13 Click Install.
If you are upgrading from VirtualCenter 2.0.x, the Database Upgrade wizard appears. The upgrade is not
complete until the wizard upgrades the database schema. If you are upgrading from VirtualCenter 2.5, the
database schema is upgraded in the background.
46 VMware, Inc.
Chapter 6 Upgrading to vCenter Server 4.0
What to do next
See Chapter 8, “Postupgrade Considerations for vCenter Server,” on page 55.
Upgrade the vCenter Server Database Schema

When you upgrade to vCenter Server and use an existing supported database, the Database Upgrade wizard
runs after you click Install in the vCenter Server installer. The Database Upgrade wizard upgrades the existing
database schema to make it compatible with vCenter Server 4.0.
For upgrades from VirtualCenter 2.5, the Database Upgrade wizard runs in the background. This procedure
is for upgrades from VirtualCenter 2.0.x.
Procedure
1 In the Database Upgrade wizard Welcome page, click Next.
2 On the Upgrade Information screen, select an option for performance data.

n Select Keep all performance data and click Next to preserve performance data from your existing
database.
n Select Discard all performance data and click Next to discard performance data from your existing
database.
n Select Keep performance data recorded during past 12 months and click Next to preserve only the
most recent performance data from your existing database.
The table for performance data can be large. If you do not keep the table, you cannot view historical
performance statistics for the time when the database was maintained in VirtualCenter 2.x.
3 Review your selections, click Next, and click Start.
Your database is now compatible with vCenter Server 4.0. It is no longer compatible with VirtualCenter
2.x. The vCenter Server installer begins installing vCenter Server 4.0.
4 Click Finish to complete the upgrade to vCenter Server.
VirtualCenter 2.x is upgraded to vCenter Server 4.0.
What to do next
To view the upgrade log, open %TEMP%\VCDatabaseUpgrade.log.
VMware, Inc. 47
48 VMware, Inc.
Upgrading to vCenter Server on a
Different Machine and Keeping the
Existing Database 7
When you upgrade to vCenter Server, you can install vCenter Server on a new machine. One common reason
for doing this is to run vCenter Server on a 64-bit machine.
Preparing the database for any type of upgrade always means creating a full backup. In addition, you have
the following options:
n After you create a full backup of the database, leave it where it is. This option makes sense if your database
is remote from VirtualCenter, and you want it to remain remote after the upgrade to vCenter Server.
n After you create a full backup of the database, restore it onto the machine on which you are installing
vCenter Server. This option makes sense if the database is local to VirtualCenter and you want it to be
local after the upgrade to vCenter Server.
n For Microsoft SQL Server databases only, create a full backup of the database, detach the database, and
attach it to the machine on which you are installing vCenter Server. This option makes sense if the database
is local to VirtualCenter and you want it to be local after the upgrade to vCenter Server.
For Microsoft SQL Server databases, when you decide between the backup/restore option or the detach/attach
option, consider the downtime required. For guidance on these options, consult your organization's database
administrator.

n “Back Up and Restore a Microsoft SQL Database,” on page 49
n “Detach and Attach a Microsoft SQL Server Database,” on page 50
n “Back Up and Restore an Oracle Database,” on page 51
n “Create a 32-Bit DSN on a 64-Bit Operating System,” on page 52
n “Upgrade to vCenter Server on a Different Machine,” on page 52
Back Up and Restore a Microsoft SQL Database

Before you perform an upgrade to vCenter Server on a different machine, you might want to move the database
as well. Moving the database is optional. To move a Microsoft SQL Server database, you can perform a backup
and restore operation.
Consult your database administrator or see your database documentation about backing up and restoring
databases.
The machine with the VirtualCenter 2.x database is referred to as the source machine. The machine on which
the vCenter Server 4.0 database will reside is referred to as the destination machine.
VMware, Inc. 49
Prerequisites
n You must have a VirtualCenter 2.x system running with a local or remote Microsoft SQL Server database.
n You must have Microsoft SQL Server Management Studio installed on the source machine and the
destination machine. The Express versions (SQLServer2005_SSMSEE.msi and
SQLServer2005_SSMSEE_x64.msi) are free downloads from Microsoft.
Procedure
1 In SQL Server Management Studio, make a full back up of the source machine database.
2 Copy the backup file (.bak) to the C:\ drive on the destination machine.
3 On the destination machine, open SQL Server Management Studio and right-click the Databases folder.
4 Select New Database, enter the source machine database name, and click OK.
5 Right-click the new database icon and select Task > Restore > Database.
6 Select From Device and click Browse.
7 Click Add, navigate to the backup file, and click OK.
8 In the Restore Database window, select the checkbox next to your .bak file.
9 On the Options page, select the Overwrite the existing database checkbox and click OK.
The VirtualCenter 2.x database is successfully restored onto the new database, which you can use for the
upgrade to vCenter Server 4.0.
What to do next
See “Upgrade to vCenter Server on a Different Machine,” on page 52.
Detach and Attach a Microsoft SQL Server Database

Before you perform an upgrade to vCenter Server on a 64-bit machine, you can optionally detach the
VirtualCenter 2.x database from the source machine and attach it to the destination machine. This is an
alternative to the backup and restore operation.
Consult your database administrator or see your database documentation about detaching and attaching
databases.
Prerequisites
n Take a full backup of the database.
n You must have a VirtualCenter 2.x system running with a local or remote Microsoft SQL Server database.
n You must have Microsoft SQL Server Management Studio installed on the source machine and the
destination machine. The Express versions (SQLServer2005_SSMSEE.msi and
SQLServer2005_SSMSEE_x64.msi) are free downloads from Microsoft.
50 VMware, Inc.
Chapter 7 Upgrading to vCenter Server on a Different Machine and Keeping the Existing Database
Procedure
1 On the source machine, stop the VirtualCenter service.
a Selecting Start > Control Panel > Administrative Tools > Services > VMware VirtualCenter
Server.
b Right-click VMware VirtualCenter Server and select Stop.
2 In the SQL Server Management Studio, open the Databases directory, right-click the VirtualCenter 2.x
database, and select Tasks > Detach.
3 Select the database and click OK.

4 When the detach operation is complete, copy the data files (.mdf and .ldf) to the destination machine's
database folder.
By default, the database folder is C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data.
5 In SQL Server Management Studio on the destination machine, right-click the Databases directory and
select Attach.
6 Select the .mdf file that you copied to the destination machine's database folder and click OK.
The database from the source machine is attached to the destination machine.
What to do next
Back Up and Restore an Oracle Database

Before you perform an upgrade to vCenter Server on a different machine, you might want to move the database
as well. Moving the database is optional. To move an Oracle database, you perform a backup and restore
operation.
Consult your database administrator or see your database documentation about backing up and restoring
databases.
Prerequisites
You must have a VirtualCenter 2.x system running with a local or remote Oracle 10g or Oracle 11g database.
Procedure
1 On the source machine, log in to Oracle SQL*Plus as the VirtualCenter 2.x database user and export the
database as a .dmp file.
2 Copy the .dmp file onto the C:\ drive of the destination machine.
3 In Oracle SQL*Plus, run the following command to create the tablespace.

create tablespace vctest datafile 'c:\vctest.dbf' size 100m autoextend on;
4 Create a user.
create user VCUSER identified by CENSORED default tablespace vctest;
5 Import the .dmp file into the Oracle 64-bit database on the destination machine.
The VirtualCenter 2.x database is restored onto the new database, which you can use for the upgrade to
vCenter Server 4.0.
VMware, Inc. 51
What to do next
Create a 32-Bit DSN on a 64-Bit Operating System

You can install or upgrade to vCenter Server on both 32-bit and 64-bit operating systems.
Even though vCenter Server is supported on 64-bit operating systems, the vCenter Server system must have
a 32-bit DSN. This requirement applies to all supported databases. By default, any DSN created on a 64-bit
system is 64 bit.
Procedure
1 Install the ODBC drivers.

n For Microsoft SQL Server database servers, install the 64-bit database ODBC drivers on your Microsoft
Windows system. When you install the 64-bit drivers, the 32-bit drivers are installed automatically.
n For Oracle database servers, install the 32-bit database ODBC drivers on your Microsoft Windows
system.
NOTE The default install location on 64-bit operating systems is C:\VMware.
2 Run the 32-bit ODBC Administrator application, located at [WindowsDir]\SysWOW64\odbcad32.exe.
3 Use the application to create your DSN.
You now have a DSN that is compatible with vCenter Server. When the vCenter Server installer prompts you
for a DSN, select the 32-bit DSN.
Upgrade to vCenter Server on a Different Machine

In this type of upgrade, you upgrade the legacy software on one machine to the updated version on another
machine. Suppose, for example, that you have VirtualCenter 2.x on a 32-bit machine (source machine) and you
want vCenter Server to be on a 64-bit machine (destination machine).
VMware recommends that you back up your VirtualCenter database before you perform this procedure.
Prerequisites
The prerequisites for upgrading to vCenter Server include requirements for the vCenter Server system and
requirements for the database. See “Prerequisites for the vCenter Server Upgrade,” on page 38.
The database for the source machine can be local or remote, but it must be supported with vCenter Server 4.0.
If it is not supported, back it up and upgrade it to a supported database or import the tables into a supported
database. See “Database Scenarios,” on page 41.
If you are upgrading on a 64-bit system, see “Create a 32-Bit DSN on a 64-Bit Operating System,” on page 52.
Procedure
1 On the source machine, copy the SSL certificate folder at %ALLUSERSPROFILE%\Application Data\VMware
\VMware VirtualCenter.
2 Paste it on the destination machine.

n On Microsoft Windows 2003 Server: %ALLUSERSPROFILE%/Application Data/VMWare/VMware
VirtualCenter. Create the folder if it does not exist.
n On Microsoft Windows Vista and Microsoft Windows 2008 Server: %ALLUSERSPROFILE%/VMWare/

VMware VirtualCenter. Create the folder if it does not exist.
52 VMware, Inc.
Chapter 7 Upgrading to vCenter Server on a Different Machine and Keeping the Existing Database
3 On the destination machine, configure a system DSN that points to the database.
The DSN must be 32-bit.
4 On the source machine, stop the VirtualCenter service by selecting Start > Control Panel > Administrative
Tools > Services > VMware VirtualCenter Server.
5 On the destination machine, start the vCenter Server 4.0 installer.
6 When prompted by the installer, select the DSN that you configured on the destination machine.
The Database Upgrade wizard upgrades the database tables to make them compatible with vCenter
Server 4.0. If you are upgrading from VirtualCenter 2.0.x, you must complete the Database Upgrade
wizard. If you are upgrading from VirtualCenter 2.5, the Database Upgrade wizard runs in the
background.
The legacy VirtualCenter data is preserved and the database schema is upgraded to make it compatible with
vCenter Server 4.0. After the schema is upgraded, the database is not compatible with previous versions of
VirtualCenter.
What to do next
See Chapter 8, “Postupgrade Considerations for vCenter Server,” on page 55.
VMware, Inc. 53
54 VMware, Inc.
Postupgrade Considerations for
vCenter Server 8
After you upgrade to vCenter Server, consider the postupgrade options and requirements.
n To view the upgrade log, open %TEMP%\VCDatabaseUpgrade.log.
n Install the vSphere Client and make sure you can access the vCenter Server instance.
n Upgrade any additional modules that are linked to this instance of vCenter Server. Additional modules
might include vCenter Update Manager, vCenter Converter, and vCenter Guided Consolidation, for
example.
n On the VMware Web site, log in to your account page to access the license portal. From the license portal,
upgrade your VirtualCenter 2.x license. Using the vSphere Client, assign the upgraded license key to the
vCenter Server 4.0 host.
n In the vSphere Client, select Home > vCenter Server Settings > Licensing to verify that the vCenter Server
is connected to a license server. A license server is required if this vCenter Server is managing ESX 3.x/
ESXi 3.5 hosts. For information about installing the VMware License Server, see the documentation for
VMware Infrastructure 3.
n For Oracle databases, copy the Oracle JDBC Driver (ojdbc14.jar) driver to the[VMware vCenter Server]
\tomcat\lib folder.
n For SQL Server databases, if you enabled bulk logging for the upgrade, disable it after the upgrade is
complete.
n Optionally, join the vCenter Server system to a Linked Mode group.
n Optionally, upgrade the ESX/ESXi hosts in the vCenter Server inventory to ESX 4.0/ESXi 4.0.
n Optionally, enable SSL certification checking. Select Home > vCenter Server Settings > SSL Settings.
Select vCenter requires verified host SSL certificates and click OK. When you enable SSL checking, the
hosts become disconnected from vCenter Server, and you must reconnect them.

n “Upgrade to the vSphere Client,” on page 56
n “Using a License Server to Manage ESX 3.x/ESXi 3.5 Hosts,” on page 56
n “License Server Scenarios,” on page 57
n “Join a Linked Mode Group After a vCenter Server 4.0 Upgrade,” on page 57
n “Set the Maximum Number of Database Connections After a vCenter Server Upgrade,” on page 58
n “Restore VirtualCenter 2.x,” on page 59
VMware, Inc. 55
Upgrade to the vSphere Client

Virtual machine users and vCenter Server administrators must use the vSphere Client 4.0 to connect to vCenter
Server 4.0 or to connect directly to ESX 4.0 hosts.
The VI Client 2.5 and the vSphere Client 4.0 can be installed on the same machine.
The vSphere Client upgrade operation requires no downtime. No virtual machines or clients need to be
powered off for this process.
Procedure
1 (Optional) Use Add/Remove Programs from the Windows Control Panel to remove any previous vCenter
Server client.
Older vCenter Server clients do not need to be removed and are useful if you need to connect to legacy
hosts.
2 Install the vSphere Client 4.0.
If the vSphere Client installation fails, uninstall the vSphere Client using Add/Remove Programs from
the Windows Control Panel. Then reinstall the vSphere Client.
3 (Optional) Install vSphere Host Update Utility.
Install this utility if your environment does not use vCenter Update Manager and you want to use this
workstation to initiate upgrades of ESX 3.x/ESXi 3.5 hosts and manage ESXi host patching.
After you install the vSphere Client 4.0, you can connect to vCenter Server using the domain name or IP address
of the Windows machine on which vCenter Server is installed and the user name and password of a user on
that machine.
If you do not have the VI Client 2.5 installed and you use vSphere Client to connect to VirtualCenter 2.5, the
vSphere Client prompts you to download and install the VI Client 2.5. After you install the VI Client 2.5, you
can use the vSphere Client log-in interface to connect to VirtualCenter 2.5 or vCenter Server 4.0.
What to do next
Use the vSphere Client to connect to the vCenter Server IP address with your Windows login username and
password. Specifically, use the login credentials appropriate to the Windows machine on which vCenter Server
is installed. The vCenter Server username and password might be different than the username and password
you use for ESX/ESXi.
If the vSphere Client displays security alerts and exceptions when you log in or perform some operations, such
as opening performance charts or viewing the Summary tab, this might mean that your Internet Explorer (IE)
security settings are set to High. If your IE security settings are set to High, enable the Allow scripting of
Internet Explorer web browser control setting in IE.
If you cannot connect to the vCenter Server system, you might need to start the VMware VirtualCenter Server
service manually. To start the service, in the Settings menu, select Control Panel > Administrative Tools >
Services > VMware VirtualCenter Server. The machine might require several minutes to start the service.
Using a License Server to Manage ESX 3.x/ESXi 3.5 Hosts

vCenter Server 4.0 does not require a license server to manage ESX 4.0/ESXi 4.0 hosts. vCenter Server 4.0
requires a license server to manage ESX 3.x/ESXi 3.5 hosts.
If you do not have a license server installed and you need one, download the VMware License Server from the
VMware Web site.
The License Server installation requires no downtime. No virtual machines, servers, hosts, or clients need to
be powered off for the installation of the license server.
56 VMware, Inc.
Chapter 8 Postupgrade Considerations for vCenter Server
License Server Scenarios

If you upgrade to vCenter Server 4.0 and you want the vCenter Server system to manage ESX 3.x/ESXi 3.5
hosts, you might need to verify that the license server is running and reconfigure vCenter Server 4.0 to point
to the license server, depending on your upgrade scenario.
Table 8-1 lists the license server scenarios and the necessary actions.
Table 8-1. License Server Scenarios

Upgrade Scenario Necessary Action
In-place upgrade from VirtualCenter 2.x to vCenter Server. License server is on the same None
machine.
In-place upgrade from VirtualCenter 2.x to vCenter Server. License server is on a None
different machine.
Uninstall VirtualCenter 2.x. Preserve the license server. Perform a clean installation of Point vCenter Server to the
vCenter Server with a rebuilt, clean database. existing license server.
Uninstall VirtualCenter 2.x and the license server. Perform a clean installation of Install a new license server, and
vCenter Server with a rebuilt, clean database. point vCenter Server to the new
license server.
Clean installation of vCenter Server with a rebuilt, clean database. License server was Point vCenter Server to the
on a different machine. existing license server.
Upgrade to vCenter Server using a different machine. The VirtualCenter 2.x system is Point vCenter Server to the
the source machine. The vCenter Server 4.0 system is the destination machine. existing license server.
See Chapter 7, “Upgrading to vCenter Server on a Different Machine and Keeping the
Existing Database,” on page 49.
Join a Linked Mode Group After a vCenter Server 4.0 Upgrade

After you upgrade a machine to vCenter Server 4.0, you can join the system to a Linked Mode group.
Prerequisites
Before you join a Linked Mode group, review the Linked Mode prerequisites and considerations. See the
Installation Guide.
Procedure
1 From the Start menu, select All Programs > VMware > vCenter Server Linked Mode Configuration.
2 Click Next.
4 Click Join vCenter Server instance to an existing linked mode group or another instance and click
Next.
5 Enter the server name and LDAP port number of any remote vCenter Server that is or will be a member
of the group and click Next.
VMware, Inc. 57
Option Description
resolve the conflicts for me The role on the joining system is renamed to <vcenter_name><role_name>
where <vcenter_name> is the name of the vCenter Server system that is
joining the Linked Mode group and <role_name> is the name of the original
role.
a Using the vSphere Client, log in to the vCenter Server system that is
joining the Linked Mode group using an account with Administrator
privileges.
installer.
d Click Back, and click Next.
7 Click Finish.
The vCenter Server instance is now part of a Linked Mode group. It might take several seconds for the global
data (such as user roles) that are changed on one machine to be visible on the other machines. The delay is
usually 15 seconds or less. It might take a few minutes for a new vCenter Server instance to be recognized and
published by the existing instances, because group members do not read the global data very often.
After you form a Linked Mode group, you can log in to any single instance of vCenter Server and view and
manage the inventories of all the vCenter Servers in the group.
What to do next
For more information about Linked Mode groups, see Basic System Administration.
Set the Maximum Number of Database Connections After a vCenter

Server Upgrade
By default, a vCenter Server creates a maximum of 10 simultaneous database connections. If you configure
this setting in the previous version of vCenter Server and then perform the upgrade to vCenter Server 4.0, the
upgrade restores the default setting of 10. You can reconfigure the nondefault setting.
You do not need to change this value. You might want to increase this number if the vCenter Server frequently
performs many operations and performance is critical. You might want to decrease this number if the database
is shared and connections to the database are costly. VMware recommends that you not change this value
unless your system has one of these problems.
Perform this task before you configure the authentication for your database. For more information on
configuring authentication, see the documentation for your database.
Procedure
1 From a vSphere Client host that is connected to a vCenter Server system, select Administration > vCenter
Server Configuration and click Database.
2 In the Current vCenter Server menu, select the appropriate server.
58 VMware, Inc.
Chapter 8 Postupgrade Considerations for vCenter Server
3 In Maximum number, type the number.
4 Restart the vCenter Server.
The new database setting takes effect.
Restore VirtualCenter 2.x

You can restore the previous VirtualCenter configuration if you have a full backup of your VirtualCenter
database and the previous VirtualCenter SSL certificates.
Prerequisites
You might need some or all of the following items to restore VirtualCenter and its components in the event of
a system failure or disaster. Follow your company disaster recovery guidelines for storage and handling of
these items.
n Installation media for the same version of VirtualCenter you are restoring
n VMware Infrastructure 3 license file or a running license server
n Database backup files
n SSL files found in: %ALLUSERSPROFILE%\Application Data\VMware\VMware VirtualCenter\SSL on the
VirtualCenter system
n Notes from the original installation regarding the selections, settings, and information used
n vpxd.cfg
n vCenter Server 4.0 and ESX 4.0/ESXi 4.0 license keys
Procedure
1 Completely uninstall vCenter Server 4.0.
2 Restore the previous version of the VirtualCenter database from the backup.
See your database documentation.
3 Reinstall your original version of VirtualCenter, selecting the restored database during the installation
process.
4 Verify that the license server is running if one was in use in the original installation.
5 Restore the VirtualCenter SSL certificate folder and vpxd.cfg to the %ALLUSERSPROFILE%\Application Data
\VMware\VMware VirtualCenter directory.
6 Make sure the system DSN points to the database.
VMware, Inc. 59
60 VMware, Inc.
Upgrading Datastore and Network
Permissions 9
In previous releases of vCenter Server, datastores and networks inherited access permissions from the
datacenter. In vCenter Server 4.0, they have their own set of privileges that control access to them. This might
require you to manually assign privileges, depending on the access level you require.
In vCenter 4.0, users are initially granted the No Access role on all new managed objects, including datastores
and networks. This means, by default, users cannot view or perform operations on them. All existing objects
in vCenter maintain their permissions after the upgrade. To determine whether to assign permissions to
existing datastores and networks, the upgrade process uses the datacenter's Read-only privilege.
n If the Read-only privilege is nonpropagating (not inherited by child objects), VMware assumes access
privileges should not be assigned to datastores and networks. In such cases, you must update your roles
to include the new datastore and network privileges desired. This is required for users to view and perform
operations on these objects.
n If the Read-only privilege is propagating (inherited by child objects), VMware assumes access privileges
should be assigned to datastores and networks so users can view them and perform basic operations that
require access. In such cases, the default minimum privileges are automatically assigned during the
upgrade process.
After the upgrade process, if your roles require users to have additional privileges, for example, the ability
to delete a datastore or network, you need to update your permission roles.
Table 9-1 lists the privileges assigned to datastores and networks before the upgrade to vCenter 4.0 and after
the upgrade to vCenter 4.0, and the action required by administrators to enable access.
Table 9-1. Datastore and Network Permission Requirements

Object Before Upgrade Privilege After Upgrade Privilege Action Required to Enable Access
Datastore Nonpropagating Read-only No Access Assign access privileges for datastores or

datastore folders.
Propagating Read-only Allocate Space None.
Network Nonpropagating Read-only No Access Assign access privileges for networks or

network folders.
Propagating Read-only Assign Network None.
NOTE The Read-only propagating permission on a datacenter, as well as all other permissions you have set,
will continue to work as expected after the upgrade.

n “Datastore Privileges,” on page 62
n “Network Privileges,” on page 62
VMware, Inc. 61
n “Update Datastore Permissions,” on page 63

n “Update Network Permissions,” on page 64
Datastore Privileges
In VMware vSphere 4.0, datastores have their own set of access control privileges. As a result, you might need
to reconfigure your permissions to grant the new datastore privileges. This is required if you have
nonpropagating Read-only permission set on the datacenter for users.
Table 9-2 lists the default datastore privileges that, when selected for a role, can be paired with a user and
assigned to a datastore.
Table 9-2. Datastore Privileges

Pair with Effective on
Privilege Name Actions Granted to Users Affects Object Object
Allocate Space Allocate space on a datastore for a virtual hosts, vCenter datastores datastores, virtual
machine, snapshot, or clone. Servers disks
Browse Browse files on a datastore, including CD- hosts, vCenter datastores datastores,
Datastore ROM or Floppy media and serial or parallel Servers datastore folders,
port files. In addition, the browse datastore hosts, virtual
privilege allows users to add existing disks machines
to a datastore.
Delete Datastore Remove a datastore. hosts, vCenter datastores datastores,

Servers datastore folders
Delete Datastore Delete a file in the datastore. hosts, vCenter datastores datastores
File Servers
File Carry out file operations in the datastore hosts, vCenter datastores datastores
Management browser. Servers
Move Datastore Move a datastore between folders in the vCenter Servers datastore, datastores,
inventory. source and datastore folders
destination
NOTE Privileges are required on both the
object
source and destination objects.
Rename Rename a datastore. hosts, vCenter datastores datastores

Datastore Servers
Network Privileges
In VMware vSphere 4.0, networks have their own set of access control privileges. As a result, you might need
to reconfigure your permissions to grant the new network privileges. This is required if you have
nonpropagating Read-only permission set on the datacenter.
Table 9-3 lists the default network privileges that, when selected for a role, can be paired with a user and
assigned to a network.
Table 9-3. Network Privileges

Assign Network Assign a network to a virtual VCenter Servers virtual network, virtual
machine. machine machine
Configure Configure a network. hosts, vCenter Servers network, networks, virtual

Network network machines
folder
62 VMware, Inc.
Chapter 9 Upgrading Datastore and Network Permissions
Table 9-3. Network Privileges (Continued)

Delete Network Remove a network. hosts, vCenter Servers datacenter datacenters
Move Network Move a network between folders in hosts, vCenter Servers network, networks
the inventory. source and
destination
NOTE Privileges are required on both
the source and destination objects.
Update Datastore Permissions

You must change Read-only nonpropagating datastore permissions to propagating datastore permissions in
order for users to access the datastores. You can assign datastore permissions on datastores or folders
containing datastores.
Prerequisites
Before performing the update procedure, determine which users need access to each datastore and which
privileges each user needs. If necessary, define new datastore roles or modify the Database Consumer sample
role. This sample role assigns the Allocate Space privilege to the datastore, which enables users to perform
basic virtual machine operations, such as creating clones and taking snapshots. In addition, organize your
datastores in folders that coincide with users' access needs.
NOTE The Read-only propagating permission on a datacenter, in addition to all permissions you have set,
will be kept intact after the datastore permissions upgrade.
Procedure
1 Log in to vSphere Client as an administrator.
2 On the Home page, click Datastores to display the datastores in the inventory.
3 Select the datastore or datastore folder and click the Permissions tab.
4 Right-click in the Permissions tab and from the context pop-up menu, choose Add Permission.
5 In the Assigned Role pane, assign a role.

n To assign specific datastore privileges defined in a role by your company, choose the custom role.
n To migrate read-only nonpropagating datacenter permissions to propagating datastore permissions,
choose Datastore Consumer (sample). This role assigns the Allocate Space privilege to users, which
is required so that users can consume space on the datastores on which this role is granted. In order
to perform a space-consuming operation, such as creating a virtual disk or taking a snapshot, the user
must also have the appropriate virtual machine privileges granted for these operations.
n To assign Read-only datastore privileges, choose Read-only.
This role enables users to browse the datastore without giving them other datastore privileges. For
example, choose Read-only for users who need to attach CD/DVD-ROM ISO images to a datastore.
6 Select Propagate to Child Objects.
7 In the Users and Groups pane, click Add.
8 Select the users and groups for whom to add the role.
To select multiple names, control-click each additional name.
VMware, Inc. 63
9 Click OK.
All users are added to the Users and Groups list for this role.
10 Click OK.
The datastore is saved with the new permissions.
NOTE You need to set up permissions for new datastores that you create. By default, new datastores are created
under the datacenter folder in the inventory. You can move it into a datastore folder, as appropriate.
Update Network Permissions

You must change Read-only nonpropagating network permissions to propagating network permissions in
order for users to access the networks. You can assign network permissions on networks or folders containing
networks.
Before performing the update procedure, determine the network organization for virtual machines, hosts, and
users. If necessary, define new networking roles or modify the Network Consumer sample role. This sample
role assigns the Assign Network privilege. In addition, group your networks in folders that coincide with your
organizational needs.
NOTE The Read-only propagating permission on a datacenter, in addition to all permissions you have set,
will be kept intact after the network permissions upgrade.
Procedure
1 Log in to vSphere Client as an administrator.
2 On the Home page, click Networking to display the networks in the inventory.
3 Select the network or network folder and click the Permissions tab.
4 Right-click in the Permissions tab and from the context menu, choose Add Permission.
5 In the Assigned Role pane, do one of the following:

n To assign specific network privileges defined in a role by your company, choose the custom role.
NOTE The Read-only propagating permission on a datacenter, in addition to all permissions you
have set, will be kept intact after the upgrade.
n To migrate read-only nonpropagating datacenter permissions to propagating network permissions,

choose Network Consumer (sample). This role assigns the Assign Network privilege to users, which
is required so that users can associate a virtual machine's vNIC or host's NIC with the network on
which this role is granted. This requires the appropriate permissions for the assignment are also
granted on the virtual machines or hosts.
6 Select Propagate to Child Objects.
7 In the Users and Groups pane, click Add.
8 Select the users and groups for whom to add the role.
To select multiple names, control-click each additional name.
9 Click OK.
All users are added to the Users and Groups list for this role.
10 Click OK.
64 VMware, Inc.
Chapter 9 Upgrading Datastore and Network Permissions
New networks that you create are added under the datacenter by default.
NOTE You need to set up permissions for new networks that you create. By default, new networks are created
under the datacenter folder in the inventory. You can move it into a network folder, as appropriate.
VMware, Inc. 65
66 VMware, Inc.
Preparing for the Upgrade to ESX 4.0/
ESXi 4.0 10
After completing the upgrade to vCenter Server, upgrade legacy VMware ESX/ESXi hosts to ESX 4.0/ESXi 4.0.
These topics are intended for administrators who are upgrading ESX, ESXi, and virtual machines from ESX 3.x/
ESXi 3.5 hosts to ESX 4.0/ESXi 4.0. One topic discusses the upgrade path from ESX 2.5.5.

n “About Host Upgrades,” on page 67
n “vSphere Host Update Utility,” on page 68
n “vCenter Update Manager,” on page 68
n “Recommendation for Static IP Addresses,” on page 69
n “List of Upgraded vSphere Components,” on page 69
n “List of Preserved Configuration Components,” on page 70
n “Back Up the ESX Host Configuration,” on page 71
n “Back Up the ESXi Host Configuration,” on page 71
n “Release Upgrade Support for ESX/ESXi,” on page 72
About Host Upgrades

To upgrade to vSphere 4.0, upgrade hosts with service consoles to ESX 4.0 (which also has a service console).
Upgrade hosts without service consoles to ESXi 4.0 (which does not have a service console). You cannot use
the upgrade tools to convert ESX hosts to ESXi hosts, or the reverse.
VMware provides the following tools for upgrading ESX/ESXi hosts:
vSphere Host Update Graphical utility for standalone hosts. Allows you to perform remote upgrades
Utility of ESX 3.x/ESXi 3.5 hosts to ESX 4.0/ESXi 4.0. vSphere Host Update Utility
upgrades the virtual machine kernel (vmkernel) and the service console, where
present. vSphere Host Update Utility does not upgrade VMFS datastores or
virtual machine guest operating systems.
vCenter Update Manager Robust software for upgrading, updating, and patching clustered hosts, virtual
machines, and guest operating systems. Orchestrates host and virtual machine
upgrades. If your site uses vCenter Server, VMware recommends that you use
VMware Update Manager instead of vSphere Host Update Utility. See the
VMware, Inc. 67

When you install the vSphere Client, you can also install vSphere Host Update Utility. vSphere Host Update
Utility is a standalone Microsoft Windows application recommended for smaller deployments with fewer than
10 ESX/ESXi hosts, without vCenter Server or Update Manager.
vSphere Host Update Utility provides an easy way to upgrade from a remote location, without a CD, and with
minimum down time. The application upgrades the virtual machine kernel (vmkernel) and the service console,
where present. vSphere Host Update Utility does not upgrade VMFS datastores or virtual machine guest
operating systems.
You can use vSphere Host Update Utility to upgrade ESX 3.x to ESX 4.0 and ESXi 3.5 hosts to ESXi 4.0. You
cannot use vSphere Host Update Utility to convert ESX hosts to ESXi hosts, or the reverse.
When you select a host to be upgraded, the tool performs an automated host compatibility check as a
preupgrade step. The check verifies that each host is compatible with ESX 4.0/ESXi 4.0, including the required
CPU, and has adequate boot and root partition space. In addition to the automated preupgrade script, you can
specify a postupgrade configuration script to ease deployment. This tool effectively eliminates the need for
complex scripted upgrades.
The Host Upgrade wizard allows you to make upgrade configuration choices. Your choices are saved in an
installation script, which the software uploads to the selected host along with the installation ISO image.
vSphere Host Update Utility supports local or remote mounted ISO binary image files.
The software initiates the upgrade by rebooting the host and running the upgrade script. While an upgrade is
in progress, vSphere Host Update Utility provides visual status so that you can monitor the status of the
upgrade. If an error occurs during this process, the software rolls back the host software to the previous ESX
version.
In addition to performing upgrades, vSphere Host Update Utility lets you learn about, download, and install
maintenance and patch releases, which provide security, stability, and feature enhancements for ESXi 4.0.
System Requirements for vSphere Host Update Utility

vSphere Host Update Utility has the same system requirements as the vSphere Client.
To use vSphere Host Update Utility, you must have the following items:
n A workstation or laptop with vSphere Host Update Utility installed.
vSphere Host Update Utility is bundled with the vSphere Client. You can install vSphere Host Update
Utility when you install the vSphere Client. If the vSphere Client is already installed but vSphere Host
Update Utility is not installed, you can install an updated version by rerunning the vSphere Client installer.
n A network connection between the host and the computer that is running vSphere Host Update Utility.
vCenter Update Manager

Orchestrated upgrades allow you to upgrade the objects in your vSphere inventory in a two-step process: host
upgrades followed by virtual machine upgrades. You can configure the process at the cluster level for higher
automation or at the individual host or virtual machine level for granular control.
For example, you can define a host upgrade baseline to upgrade an ESX host to ESX 4.0, a virtual machine
upgrade baseline to upgrade the virtual machine hardware to the latest version, and the VMware Tools to the
latest version. To do this, you use wizard-based workflows to first schedule host upgrades for an entire cluster
and then schedule a virtual machine upgrade for all the virtual machines.
Built-in best practices in the wizard workflows preclude erroneous upgrade sequences. For example, the
wizard prevents you from upgrading virtual machine hardware before you upgrade hosts in a cluster.
68 VMware, Inc.
Chapter 10 Preparing for the Upgrade to ESX 4.0/ESXi 4.0
You can use Distributed Resource Scheduler (DRS) to prevent virtual machine downtime during the upgrade
process.
Update Manager monitors hosts and virtual machines for compliance against your defined upgrade baselines.
Noncompliance appears in detailed reports and in the dashboard view. Update Manager supports mass
remediation.
See the vCenter Update Manager Administration Guide.
Orchestrated Upgrade of Hosts Scenario

Update Manager allows you to perform orchestrated upgrades of the ESX/ESXi hosts in your vSphere inventory
using a single upgrade baseline.
You can perform orchestrated upgrades of hosts at the folder, cluster, or datacenter level.
Recommendation for Static IP Addresses

VMware recommends that you use static IP addresses for ESX/ESXi hosts. During host upgrade, static IP
addresses are a requirement.
DHCP IP addresses can be problematic during host upgrades. Suppose, for example, a host loses its DHCP IP
address during the upgrade because the lease period configured on the DHCP server expires. The host upgrade
tool that you are using (either vCenter Update Manager or vSphere Host Update Utility) would lose
connectivity to the host. The host upgrade might be successful, but the upgrade tool would report the upgrade
as failed, because the tool would be unable to connect to the host. To prevent this scenario, use static IP
addresses for your hosts.
List of Upgraded vSphere Components

vSphere Host Update Utility and Update Manager upgrade multiple VMware vSphere components.
Table 10-1 lists the components that each application upgrades. For components that are not upgraded by the
listed tool, you can perform the upgrade by some other method, generally by using the vSphere Client.
Table 10-1. Upgraded Components

Upgraded by vSphere Host Update
Component Upgraded by Update Manager Utility
Virtual machine kernel (vmkernel) Yes Yes
Service console, where present Yes Yes
Virtual machine hardware Yes No
Virtual Machine Tools Yes No
Guest operating systems Yes, for SP and patch releases No
After the upgrade to ESX 4.0, the service console's partitions are stored in a .vmdk file. These partitions
include /, swap, and all the optional partitions. The name of this file is esxconsole-<system-uuid>/
esxconsole.vmdk. All .vmdk files, including the esxconsole.vmdk, are stored in VMFS volumes.
VMware, Inc. 69
List of Preserved Configuration Components

When you upgrade to ESX 4.0/ESXi 4.0, the host upgrade process preserves many components of the ESX 3.x/
ESXi 3.5 configuration.
ESXi
For ESXi, the upgrade to ESXi 4.0 preserves almost all configuration data, including your networking, security,
and storage configuration. The only configuration not preserved is related to licensing, because a new ESXi 4.0
license is required after the upgrade.
ESX
For ESX, the upgrade reuses the existing /boot partition to hold the ESX 4.0 boot files.
After the upgrade, the ESX 3.x installation is mounted in the new ESX 4.0 installation under the /esx3-
installation directory.
The upgrade to ESX 4.0 preserves almost all configuration data, including your networking, security, and
storage configuration. Specifically, the upgrade to ESX 4.0 preserves the following files from the ESX 3.x file
system.
n /etc/logrotate.conf
n /etc/localtime
n /etc/ntp.conf
n /etc/syslog.conf
n /etc/sysconfig/ntpd
n /etc/sysconfig/xinetd
n /etc/sysconfig/console
n /etc/sysconfig/i18n
n /etc/sysconfig/clock
n /etc/sysconfig/crond
n /etc/sysconfig/syslog
n /etc/sysconfig/keyboard
n /etc/sysconfig/mouse
n /etc/ssh
n /etc/nsswitch.conf
n /etc/yp.conf
n /etc/krb.conf
n /etc/krb.realms
n /etc/krb5.conf
n /etc/login.defs
n /etc/pam.d
n /etc/hosts.allow
70 VMware, Inc.
n /etc/hosts.deny
n /etc/ldap.conf
n /etc/openldap
n /etc/sudoers
n /etc/snmp
n /usr/local/etc
n /etc/rc.d/rc*.d/*
n /etc/xinetd.conf
n /etc/motd
n /etc/initiatorname.vmkiscsi
n /etc/vmkiscsi.conf
NOTE To migrate other files, consider using a postupgrade script. For example, you might want to create a
script that copies the .ssh directory for root. The creation of custom scripts is beyond the scope of this manual.
Back Up the ESX Host Configuration

Before you upgrade an ESX host, back up the local VMFS file system. This ensures that you will not lose data
during the upgrade.
Procedure
n Back up the files in the /etc/passwd, /etc/groups, /etc/shadow, and /etc/gshadow directories.
The /etc/shadow and /etc/gshadow files might not be present on all installations.
n Back up any custom scripts.
n Back up your .vmx files.
n Back up local images, such as templates, exported virtual machines, and .iso files.
Back Up the ESXi Host Configuration

Back up the host configuration before you begin a host upgrade.
For more information about the VMware vSphere Command-Line Interface and the vicfg-cfgbackup
command, see the vSphere Command-Line Interface Installation and Reference Guide.
Procedure
1 Install the vSphere CLI.
2 In the vSphere CLI, run the vicfg-cfgbackup command with the -s flag to save the host configuration to
a specified backup filename.
vicfg-cfgbackup --server <ESXi-host-ip> --portnumber <port_number> --protocol
<protocol_type> --username username --password <password> -s <backup-filename>
VMware, Inc. 71
Release Upgrade Support for ESX/ESXi

If a VMware ESX/ESXi version does not have upgrade support, perform a clean installation, after you save
your VMFS datastore to another location or partition.
You can upgrade most versions of VMware ESX/ESXi to the ESX 4.0/ESXi 4.0 version. You cannot perform an
in-place upgrade from ESX to ESXi (or from ESXi to ESX). To upgrade virtual machines from ESX to ESXi (or
from ESXi to ESX), you must perform a migration upgrade.
Table 10-2 gives details of upgrade support for ESX and ESXi. Upgrade support for a version of ESX/ESXi
includes all associated update releases. For example, where upgrading from ESX 3.5 is supported, upgrades
from ESX 3.5 Update 1, ESX 3.5 Update 2, and so on are included.
Table 10-2. Upgrade Support for ESX/ESXi

ESX Version Support
ESX alpha, beta, or RC release (any) No upgrade support
ESX 1.x No upgrade support
ESX 2 No upgrade support
ESX 2.1 No upgrade support
ESX 2.1.1 No upgrade support
ESX 2.5 No upgrade support
ESX 2.5.5 Limited support
ESX 3.0.0 Yes
ESX 3.0.1 Yes
ESX 3.0.2 Yes
ESX 3.0.3 Yes
ESX 3.5 Yes
ESXi 3.5 Yes
Upgrading from ESX 2.5.5

The only ESX 2.x version that has upgrade support is ESX 2.5.5, though support is limited for this type of
upgrade. VMware supports upgrades from ESX 2.5.5 under certain conditions.
When you upgrade from ESX 2.5.5 to ESX 4.0, you can perform a migration upgrade with or without VMotion.
In a migration upgrade, you migrate ESX 2.5.5 virtual machines to ESX 4.0 hosts, as follows: Evacuate the
virtual machines from the ESX 2.5.5 host. Do a fresh install of ESX 4.0. Migrate the virtual machines back to
the newly installed ESX 4.0 host. See “Upgrading by Moving Virtual Machines Using Upgrade VMotion,” on
page 18.
72 VMware, Inc.
Direct, in-place upgrade from ESX 2.5.5 to ESX 4.0 is not supported, even if you upgrade to ESX 3.x as an
intermediary step. The default ESX 2.5.5 installation creates a /boot partition that is too small to enable
upgrades to ESX 4.0. As an exception, if you have a non-default ESX 2.5.5 installation on which at least 100MB
of space is available on the /boot partition, you can upgrade ESX 2.5.5 to ESX 3.x and then to ESX 4.0.
The upgrade of ESX 2.5.5 to ESX 3.x requires the use of one of the following methods:
n Graphical upgrade from CD
n Text-mode upgrade from CD
n Tarball upgrade using the service console
n Scripted upgrade from CD or PXE server using esxupdate
n Scripted upgrade from CD or PXE server using kickstart commands
For information about these upgrade methods, see the VMware Infrastructure 3 documentation.
For the upgrade of ESX 3.x to ESX 4.0, you can use vSphere Host Update Utility or vCenter Update Manager.
VMware, Inc. 73
74 VMware, Inc.
Upgrade to ESX 4.0 or ESXi 4.0 11
The upgrade procedures differ for ESX 4.0 and ESXi 4.0.
CAUTION You must upgrade to vCenter Server before you upgrade ESX/ESXi. If you do not upgrade in the
correct order, you can lose data and lose access to your servers.

n “Upgrade ESX Hosts,” on page 75
n “Upgrade ESXi Hosts,” on page 77
Upgrade ESX Hosts

You can use vSphere Host Update Utility to upgrade ESX 3.x hosts to ESX 4.x.
vSphere Host Update Utility is meant for small deployments in which a host is being managed by a single
administrator. For example, the following scenario is not supported: Admin 1 starts to upgrade host1 using
vSphere Host Update Utility. Admin 2 starts the vSphere Host Update Utility, detects that host1 is running
ESX 3.5, and tries to upgrade the host. The vSphere Host Update Utility does not report that an upgrade is
already in progress.
VMware supports and recommends that you perform one upgrade at a time when you use vSphere Host
Update Utility. If you do upgrade multiple hosts simultaneously and the upgrade fails for one of the hosts,
you must close and restart vSphere Host Update Utility to retry the upgrade on the host that failed. In this
case, you must wait until the upgrade for all the hosts is complete before you restart the utility. For simplicity,
it is best practice to upgrade one host at a time.
IMPORTANT For large deployments and for environments with clustered hosts, VMware recommends that you
use vCenter Update Manager instead of vSphere Host Update Utility.
When you upgrade a host, no third-party management agents or third-party software applications are
migrated to the ESX 4.0/ESXi 4.0 host.
Prerequisites
Prepare the host before you upgrade it.

n See “ESX Hardware Requirements,” on page 27 and “Recommendations for Enhanced ESX Performance,”
on page 29.
n Make sure you are logged in to an account that has administrator permissions on your computer.
VMware, Inc. 75
Procedure
1 Download an ESX 4.0 ISO file and save it on the same Windows computer on which vSphere Host Update
Utility is installed.
2 Use the vSphere Client to put the host into maintenance mode.
3 Select Start > Programs > VMware > vSphere Host Update Utility 4.0.
4 Select a host from the list and click Upgrade.
If a host is not in the list, you can add it by selecting Host > Add Host.
5 Type the location of the ESX 4.0 installation file to use or click Browse to select the location from a file
browser and click Next.
For ESX 4.0, the installation file is an ISO image.
6 Select I accept the terms in the license agreement and click Next.
7 Type the administrative account information for the selected host and click Next.
The software performs a host compatibility check.
8 Select the datastore and size of the service console virtual disk (VMDK).
VMware recommends that you select a datastore that is local to the ESX host. The service console VMDK
requires at least 8.4GB of available space.
NFS and software iSCSI datastores are not supported as the destination for the ESX 4.0 service console
VMDK.
The service console must be installed on a VMFS datastore that is resident on a host's local disk or on a
SAN disk that is masked and zoned to that particular host only. The datastore cannot be shared between
hosts.
9 (Optional) To disable automatic rollback, deselect the Attempt to reboot host and roll back upgrade in
case of failure check box.
By default, if upgrade errors occur, the host reboots and rolls back the upgrade. If you disable this behavior,
you can troubleshoot the errors manually.
10 (Optional) To automate post-upgrade configuration, select Run a post-upgrade script and type the
location of a custom post-upgrade script, or click Browse to select the location from a file browser.
The upgrade installer supports the Bash (.sh) and Python (.py) interpreters.
11 (Optional) Select Roll back the upgrade if the post-upgrade script fails and select the number of seconds
(0 to 180 seconds) for the installer to wait before it rolls back the upgrade if the post-upgrade script fails.
By default, if the post-upgrade script fails, the host upgrade remains in effect.
12 Click Next.
13 Confirm your upgrade configuration and click Finish.
The host upgrade begins. You can view the upgrade progress in the Host Details pane.
The host is upgraded to ESX 4.0. If the upgrade fails, restart the vSphere Host Update Utility before you retry
the upgrade.
The vSphere Host Update Utility might appear to stop working. If this happens, wait several minutes to see
if the utility starts working again. VMware recommends that you do not cancel the upgrade at any point during
the upgrade process. The host might appear to successfully boot into ESX 4.0. If this happens, continue to wait
until the utility displays the message: Upgrade Succeeded before you close the utility.
76 VMware, Inc.
Chapter 11 Upgrade to ESX 4.0 or ESXi 4.0
What to do next
See Chapter 12, “Postupgrade Considerations for Hosts,” on page 79.
Upgrade ESXi Hosts

You can use vSphere Host Update Utility to upgrade ESXi 3.5 hosts to ESXi 4.x.
vSphere Host Update Utility is meant for small deployments in which a host is being managed by a single
administrator. For example, the following scenario is not supported: Admin 1 starts to upgrade host1 using
vSphere Host Update Utility. Admin 2 starts the vSphere Host Update Utility, sees that host1 is running ESXi
3.5, and tries to upgrade the host. The vSphere Host Update Utility does not report that an upgrade is already
in progress.
VMware supports and recommends that you perform one upgrade at a time when you use vSphere Host
Update Utility. If you do upgrade multiple hosts simultaneously and the upgrade fails for one of the hosts,
you must close and restart vSphere Host Update Utility to retry the upgrade on the host that failed. In this
case, you must wait until the upgrade for all the hosts is complete before you restart the utility. For simplicity,
it is best practice to upgrade one host at a time.
IMPORTANT For large deployments and for environments with clustered hosts, VMware recommends that you
use vCenter Update Manager instead of vSphere Host Update Utility.
When you upgrade a host, no third-party management agents or third-party software applications are
migrated to the ESX 4.0/ESXi 4.0 host.
Prerequisites
Prepare the host before you upgrade it.

n See “ESX Hardware Requirements,” on page 27 and “Recommendations for Enhanced ESX Performance,”
on page 29.
n Make sure you are logged in to an account that has administrator permissions on your computer.
Procedure
1 Download an ESXi 4.0 ZIP file and save it on the same Windows computer on which vSphere Host Update
Utility is installed.
2 Use the vSphere Client to put the host into maintenance mode.
4 Select a host from the list and click Upgrade.
If a host is not in the list, you can add it by selecting Host > Add Host.
5 Type the location of the ESXi 4.0 upgrade file to use or click Browse to select the location from a file browser
and click Next.
For ESXi 4.0, the installation file is a ZIP file.
6 Select I accept the terms in the license agreement and click Next.
7 Type the administrative account information for the selected host and click Next.
The software performs a host compatibility check.
8 Click Finish.
The host upgrade begins. You can view the upgrade progress in the Host Details pane.
When an upgrade is in progress, do not exit vSphere Host Update Utility.
VMware, Inc. 77
The host is upgraded to ESXi 4.0. If the upgrade fails, restart vSphere Host Update Utility before you retry the
upgrade.
vSphere Host Update Utility might appear to stop working. If this happens, wait several minutes to see if the
utility starts working again. VMware recommends that you do not cancel the upgrade at any point during the
upgrade process. The host might appear to successfully boot into ESXi 4.0. If this happens, continue to wait
until the message Upgrade Succeeded appears before you close the utility.
What to do next
See Chapter 12, “Postupgrade Considerations for Hosts,” on page 79.
78 VMware, Inc.
Postupgrade Considerations for
Hosts 12
A host upgrade is not entirely complete until after you have ensured that the host management, configuration,
and licensing is in place.
After you upgrade an ESX/ESXi host, consider the following:

n View the upgrade logs.
For ESXi, you can use the vSphere Client to export the log files.
For a successful ESX upgrade, you can find upgrade log files at these locations on the host:
n /esx3-installation/esx4-upgrade/
n /var/log/vmware/
For an unsuccessful ESX upgrade, you can find upgrade log files at these locations on the host:
n /esx4-upgrade/
n /var/log/vmware/
n If vCenter Server manages the host, you must reconnect the host to vCenter Server by right-clicking the
host in the vCenter Server inventory and selecting Connect.
n When the upgrade is complete, ESX/ESXi is in evaluation mode. Evaluation mode lasts for 60 days. You
must assign an upgraded license to your product within 60 days after the upgrade. Use the License Portal
and the vSphere Client to configure licensing.
n On the VMware Web site, log in to your account page to access the license portal. From the license portal,
upgrade your ESX/ESXi license. Use the vSphere Client to assign the upgraded license key to the ESX/
ESXi host.
n The host sdX devices might be renumbered after the upgrade. If necessary, update any scripts that
reference sdX devices.
n After the ESX/ESXi upgrade, you must convert LUN masking to the claim rule format. To do this, run the
esxcli corestorage claimrule convert command in the vSphere Command-Line Interface. This
command converts the /adv/Disk/MaskLUNs advanced configuration entry in esx.conf to claim rules with
MASK_PATH as the plug-in. See the vSphere Command-Line Interface Installation and Reference Guide.

n “Restore vSphere Web Access on ESX Hosts,” on page 80
n “Evaluation Period Countdown,” on page 80
n “Clean Up the ESX Bootloader Menu After Upgrade,” on page 81
n “Uninstalling the VMware License Server,” on page 81
VMware, Inc. 79
n “vSphere Host Update Utility Support for Rolling Back ESX/ESXi Upgrades,” on page 82
n “Roll Back an ESX Upgrade,” on page 82
n “Roll Back an ESXi Update, Patch, or Upgrade,” on page 83
n “Restore the ESX Host Configuration,” on page 83
n “Restore the ESXi Host Configuration,” on page 83
Restore vSphere Web Access on ESX Hosts

For ESX hosts only, the vSphere Web Access service is disabled after you upgrade the host. If you have Web
Access enabled on the host, you must restore the service after the upgrade is complete.
vSphere Web Access is a user interface that runs in a Web browser and provides access to the virtual machine’s
display. The vSphere Web Access service is installed when you install ESX 4.0 or vCenter Server 4.0, but is not
running by default. Before you log in and start managing virtual machines, you must start the vSphere Web
Access service on your ESX or vCenter Server instance.
NOTE vSphere Web Access is not supported on ESXi hosts.
Prerequisites
You must have root privileges to check the status and run the vSphere Web Access service.
Procedure
1 Log in to the ESX host using root privileges.
2 Type the command to check whether the Web Access service is running.
service vmware-webAccess status
A message appears that says whether the service is running.
3 (Optional) If vSphere Web Access is not running, type the command to start Web Access.
service vmware-webAccess start
What to do next
You can now use vSphere Web Access to log in to the ESX host. See the vSphere Web Access Administrator's
Guide.
Evaluation Period Countdown

The ESX/ESXi 60-day evaluation period begins to count down immediately after the first time you power on
the ESX/ESXi machine.
The 60-day evaluation count down starts even if the host is licensed and you are not using evaluation mode.
For example, suppose you decide 10 days after the first power-on to switch from licensed mode to evaluation
mode. Only 50 days remain of the evaluation period. Sixty days after the first power-on, it is too late to switch
to evaluation mode because zero days remain of the evaluation period. During the evaluation period, if you
switch the ESX/ESXi machine from evaluation mode to licensed mode, the evaluation timer does not stop
counting down.
To prevent losing the availability of the evaluation mode, VMware recommends that before (or shortly after)
you power on your ESX/ESXi machine for the first time, decide whether you want to use evaluation mode.
One advantage of using evaluation mode is that it offers full feature functionality, which lets you try features
that you might not have yet without paying additional license costs.
80 VMware, Inc.
Chapter 12 Postupgrade Considerations for Hosts
Clean Up the ESX Bootloader Menu After Upgrade

After you determine that the ESX 4.0 upgrade is stable, you can remove the ESX 3.x boot option from the ESX
4.0 bootloader menu to disable the ability to roll back to ESX 3.x.
After you upgrade a host from ESX 3.x to ESX 4.0, the ESX bootloader boots into ESX 4.0 by default, but retains
the option to boot into ESX 3.x. The ESX 3.x boot option is useful if the ESX 4.0 upgrade does not work as
expected in your environment. However, after you confirm that the upgrade is stable, you might want to
disable the ability to roll back to ESX 3.x.
This procedure is applicable only if you left the default rollback option enabled when you performed the
upgrade. If you deselected the rollback option, this procedure is not applicable. Only a system administrator
can perform this optional procedure.
Prerequisites
Before executing this script, make sure that you have copied all required data from the legacy ESX mount
points under /esx3-installation.
Procedure
1 In the ESX 4.0 service console, run the cleanup-esx3 command with the optional -f (force) flag.
If you omit the -f flag, the software prompts you to confirm that you want to disable the ability to roll
back to the ESX 3.x.
2 (Optional) Reboot the host.
While the server is powering on, observe that the bootloader menu does not include an option for ESX
3.x.
The host looks the same as a clean installation of ESX 4.0. The cleanup-esx3 script removes the following files
and references from the ESX 4.0 host:
n ESX 3.x references in the /etc/fstab directory
n ESX 3.x boot files in the /boot directory
n The rollback-to-esx3 script in the /usr/sbin/ directory
Uninstalling the VMware License Server

After you upgrade all of your hosts to ESX 4.0/ESXi 4.0, you can optionally uninstall your license server and
remove the license server configuration from vCenter Server.
NOTE Consider leaving the license server and the license server configuration in place if the vCenter Server
instance might need to manage ESX 3.x/ESXi 3.5 hosts in the future. The license server does not interfere with
operations if you leave it in place.
Procedure
1 As Administrator on the Microsoft Windows system, select Start > Settings > Control Panel > Add/
Remove Programs.
2 Select the VMware License Server and click Remove.
3 Click Yes to confirm that you want to remove the program and click Finish.
4 In vCenter Server, select Administration > vCenter Server Settings.
5 In the License Server text box, delete the path to the license server.
VMware, Inc. 81
6 If the Reconfigure ESX 3 hosts using license servers to use this server option is selected, unselect it.
7 Click OK.
vSphere Host Update Utility Support for Rolling Back ESX/ESXi

Upgrades
When you use vSphere Host Update Utility to perform a host upgrade, the support for rolling back upgrades
differs for ESX and ESXi.
For ESX, the default behavior for vSphere Host Update Utility is to roll back the host to the previous version
of ESX if the upgrade does not complete successfully. You can override the default behavior by deselecting the
Attempt to reboot host and roll back upgrade in case of failure check box in the upgrade wizard. Disabling
the roll back allows you to debug your host if the installer fails.
For ESXi, vSphere Host Update Utility does not support roll back. However, after an upgrade, the ESXi host
might reboot into the previous version of the firmware if the upgrade version does not boot successfully. You
cannot disable this behavior. If the upgrade fails for VMware Tools or the vSphere Client, roll back is not
supported and the packages are removed from the host. The packages are removed because insufficient space
is available on ESXi for two versions of VMware Tools and two versions of the vSphere Client. vSphere Host
Update Utility must delete the previous versions before writing the new versions to disk.
After the roll back, upgrade to ESXi 3.5 Update 4 to obtain the latest version of ESXi 3.5 firmware, VMware
Tools and the VI Client.
Roll Back an ESX Upgrade

You might need to roll back to ESX 3.x if the upgrade to ESX 4.0 does not work as expected in your environment.
Optionally, you can remove the ESX 4.0 boot option from the ESX bootloader menu and perform a complete
roll back to ESX 3.x.
Consider the following points:

n Any changes made to the ESX 4.0 service console are lost after the rollback.
n Any changes made to virtual machines will persist after the rollback.
n If you upgraded the virtual machine hardware, the virtual machines will not work after you perform the
ESX rollback. To avoid this situation, take a snapshot of the virtual machine before you upgrade the virtual
machine hardware. After you run the ESX rollback script, boot into ESX 3.x and revert to the snapshot.
n Only a system administrator can perform this optional procedure.
Procedure
1 Run the rollback-to-esx3 command in the ESX 4.0 service console.
The rollback-to-esx3 command reconfigures the bootloader to boot into ESX 3.x and removes the ability
to boot into ESX 4.0.
You can include the optional -f (force) flag. If you omit the -f flag, you are prompted to confirm that you
want to roll back to ESX 3.x.
2 Reboot the server.
While the host is powering on, observe that the boot menu has changed to ESX 3.x.
3 After the host boots into ESX 3.x, delete the ESX 4.0 service console VMDK folder from the VMFS datastore.
The service console VMDK folder name has the following format: esxconsole-<UUID>.
82 VMware, Inc.
Chapter 12 Postupgrade Considerations for Hosts
Roll Back an ESXi Update, Patch, or Upgrade

For purposes of rollback, the term update refers to all ESXi patches, updates, and upgrades. Each time you
update an ESXi host, a copy of the ESXi build is saved on your host. If you think an ESXi patch might be making
your host not work as expected in your environment, you can roll back the update.
ESXi permits only one level of rollback. Only one previous build can be saved at a time. In effect, each ESXi 4.0
host stores up to two builds, one boot build and one standby build.
When you manually boot into the standby build instead of the current boot build, an irreversible rollback
occurs. The standby build becomes the new boot build and remains the boot build until you perform another
update.
Procedure
1 Reboot the ESXi 4.0 host.
2 When the page that displays the current boot build appears, press Shift+r to select the standby build.
3 Press Shift+y to confirm the selection and press Enter.
The previous update rolls back. The standby build becomes the boot build.
Restore the ESX Host Configuration

If you backed up your ESX service console and VMFS files, you can restore your original ESX host configuration.
Procedure
1 Reinstall the original version of ESX on the host. See the Installation Guide.
2 Restore the backed-up service console and local VMFS files.
See http://www.vmware.com/resources/techresources/610.
Restore the ESXi Host Configuration

If you created a backup of the ESXi host configuration, you can restore the configuration.
To restore a configuration on a host, you must run the vSphere CLI virtual appliance from a remote host. When
you restore the configuration, the target host must be in maintenance mode, which means all virtual machines
(including the vSphere CLI virtual appliance) must be powered off.
For more information, see the ESXi and vCenter Server Setup Guide.
For more information about the VMware vSphere Command-Line Interface and the vicfg-cfgbackup
command, see the vSphere Command-Line Interface Installation and Reference Guide.
Procedure
1 Restore the ESXi software.

n Reinstall the ESXi Installable software by using the Installation CD.
n Recover the ESXi Embedded software by using the Recovery CD.
2 Install the vSphere CLI.
3 In the vSphere CLI, run the vicfg-cfgbackup command with the -l flag to load the host configuration
from a specified backup file.
VMware, Inc. 83
84 VMware, Inc.
Upgrading Virtual Machines 13
After you perform an ESX/ESXi upgrade, VMware recommends that you upgrade all the virtual machines that
reside on the host.
The first step in upgrading virtual machines is to upgrade VMware Tools. If the virtual machines do not have
VMware Tools installed, you can use the VMware Tools upgrade procedure to install VMware Tools. After
you install or upgrade VMware Tools, upgrade the virtual machine hardware.
VMware offers the following tools for upgrading virtual machines:
vSphere Client Requires you to perform the virtual machine upgrade one step at a time.
vCenter Update Manager Automates the process of upgrading and patching virtual machines, thereby
ensuring that the steps occur in the correct order. You can use vCenter Update
Manager to directly upgrade virtual machine hardware, VMware Tools, and
virtual appliances. You can also patch and update third-party software running
on the virtual machines and virtual appliances. See the vCenter Update Manager
Administration Guide.
NOTE Do not use vmware-vmupgrade.exe to upgrade virtual machines.

n “About VMware Tools,” on page 86
n “About Virtual Machines and ESX/ESXi Upgrades,” on page 86
n “Orchestrated Upgrade of Virtual Machines Scenario,” on page 86
n “Planning Downtime for Virtual Machines,” on page 87
n “Downtime for Upgrading Virtual Machines,” on page 87
n “Perform an Interactive Upgrade of VMware Tools on a Microsoft Windows Guest,” on page 88
n “Perform an Interactive Upgrade of VMware Tools on a Linux Guest in an X Terminal,” on page 89
n “Perform an Interactive Upgrade of VMware Tools on a Linux Guest with the RPM Installer,” on
page 90
n “Perform an Interactive Upgrade of VMware Tools on a Linux Guest with the Tar Installer,” on
page 91
n “Perform an Interactive Upgrade of VMware Tools on a Solaris Guest,” on page 93
n “Perform an Interactive Upgrade of VMware Tools in a Netware Virtual Machine,” on page 94
n “Perform an Automatic Upgrade of VMware Tools,” on page 95
VMware, Inc. 85
n “Upgrade VMware Tools on Multiple Virtual Machines,” on page 96

n “Configure a Virtual Machine to Automatically Upgrade VMware Tools,” on page 97
n “Upgrade Virtual Hardware,” on page 97
n “Upgrade Virtual Hardware on Multiple Virtual Machines,” on page 98
About VMware Tools

VMware Tools is a suite of utilities that enhances the performance of the virtual machine’s guest operating
system and improves management of the virtual machine.
Although the guest operating system can run without VMware Tools, you lose important functionality and
convenience. If you do not have VMware Tools installed in your virtual machine, you cannot use the shutdown
or restart options. You can use only the power options. Shut down the guest operating system from the virtual
machine console before you power off the virtual machine.
The installers for VMware Tools for Microsoft Windows, Linux, Solaris, and NetWare guest operating systems
are built into ESX/ESXi and VMware Server as ISO image files. An ISO image file looks like a CD-ROM to your
guest operating system and even appears as a CD-ROM disc in Microsoft Windows Explorer. You do not use
an actual CD-ROM disc to install VMware Tools, nor do you need to download the CD-ROM image or burn
a physical CD-ROM of this image file.
When you install VMware Tools, VMware vCenter Server temporarily connects the virtual machine’s first
virtual CD-ROM disk drive to the ISO image file that contains the VMware Tools installer for your guest
operating system. You are ready to begin the installation process.
When you upgrade VMware Tools, the software completely uninstalls and reinstalls the VMware Tools
package. For this reason, some functionality such as networking might temporarily stop working in the middle
of the upgrade procedure. The functionality is restored at the end of the upgrade procedure.
About Virtual Machines and ESX/ESXi Upgrades

Some virtual machines that you create on ESX 4.0/ESXi 4.0 hosts are supported on ESX 3.x/ESXi 3.5 hosts.
If you create a virtual machine on ESX 4.0/ESXi 4.0 and select the typical path, the virtual hardware version is
version 7. Virtual machines with virtual hardware version 7 are not supported on ESX 3.x/ESXi 3.5 hosts. When
you create virtual machines on ESX 4.0/ESXi 4.0, select the custom path and select virtual hardware version 4
to ensure that your virtual machines can run on ESX 3.x/ESXi 3.5 hosts. When the virtual machines have virtual
hardware version 4, you can migrate the virtual machines between the ESX 3.x/ESXi 3.5 and ESX 4.0/ESXi 4.0
hosts and use VMotion.
If you create virtual machines that use paravirtualization (VMI) or an enhanced networking device (vmxnet),
VMotion is not supported. In this case, you can move the virtual machine to the ESX 3.x host if the virtual
machine is powered off. Virtual machines that you create on ESX 4.0/ESXi 4.0 hosts are not supported on ESX 2.x
hosts.
Orchestrated Upgrade of Virtual Machines Scenario

An orchestrated upgrade allows you to upgrade VMware Tools and the virtual hardware of the virtual
machines in your vSphere inventory at the same time. You can perform an orchestrated upgrade of virtual
machines at the folder or datacenter level.
Update Manager makes the process of upgrading the virtual machines convenient by providing baseline
groups. When you remediate a virtual machine against a baseline group containing the
VMware Tools Upgrade to Match Host baseline and the VM Hardware Upgrade to Match Host baseline,
Update Manager sequences the upgrade operations in the correct order. As a result, the guest operating system
is in a consistent state at the end of the upgrade.
86 VMware, Inc.
Chapter 13 Upgrading Virtual Machines
Planning Downtime for Virtual Machines

Plan downtime for each virtual machine during the upgrade process. Typically, this downtime occurs during
the virtual machine upgrade and the VMware Tools upgrade. Depending on your upgrade plan, some virtual
machine downtime might be required during the ESX upgrade.
If an ESX/ESXi host is not managed by vCenter Server, you cannot use VMotion to move virtual machines. The
virtual machines must have some downtime when the ESX/ESXi host reboots after upgrade.
You might not have to shut down more than a single virtual machine at any given time. You can stagger virtual
machine downtimes to accommodate a schedule convenient to you and your customers.
For example:
n If your virtual machine users are located in diverse time zones, you can prepare by migrating virtual
machines to specific hosts to serve a given time zone. This way you can arrange host upgrades so that
virtual machine downtime occurs transparently outside business hours for that time zone.
n If your virtual machine users operate around the clock, you can delay downtime for their virtual machines
to normally scheduled maintenance periods. You do not need to upgrade any stage within a certain time
period. You can take as long as needed at any stage.
Downtime for Upgrading Virtual Machines

When you upgrade virtual machines, the required downtime varies depending on the guest operating system.
The following procedures are involved in upgrading virtual machines:

n Upgrade VMware Tools
n Upgrade virtual hardware
During the VMware Tools upgrade, the virtual machine remains powered on. For Microsoft Windows
operating systems, you must reboot the guest operating system at the end of the VMware Tools upgrade
procedure. For Linux, Netware, and Solaris guest operating systems, no reboot is required at the end of the
procedure.
When you upgrade VMware Tools, expect downtime as follows:

n No downtime is required for vCenter Server.
n No downtime is required for ESX/ESXi hosts.
n You must reboot the virtual machine at the end of the upgrade procedure, or later, to make the upgrade
take effect.
n On Windows guest operating systems, you must reboot the virtual machine a total of three times when
you upgrade VMware Tools and the virtual hardware:
a Power on the virtual machine.
b Upgrade VMware Tools.
c Reboot the virtual machine at the end of the VMware Tools upgrade.
d Power off the virtual machine.
e Upgrade the virtual Hardware.
f Power on the virtual machine.
g The Windows operating system detects new devices and prompts you to reboot the virtual machine.
h Reboot the virtual machine to make the devices work properly.
During the virtual hardware upgrade, the virtual machine must be shut down for all guest operating systems.
VMware, Inc. 87
Table 13-1 summarizes the downtime required by guest operating system and by upgrade operation.
Table 13-1. Virtual Machine Downtime by Guest Operating System

Guest Operating System Upgrade VMware Tools Upgrade Virtual Hardware
Linux No downtime Downtime for shut down and power on of

virtual machine
Netware No downtime Downtime for shut down and power on of

virtual machine
Solaris No downtime Downtime for shut down and power on of

virtual machine
Microsoft Windows Downtime for reboot of guest Downtime for shut down and power on of
operating system virtual machine
Perform an Interactive Upgrade of VMware Tools on a Microsoft

Windows Guest
Upgrade VMware Tools to the latest version to enhance the performance of the virtual machine's guest
operating system and improve virtual machine management.
Prerequisites
n Back up your virtual machines to prevent data loss. See Basic System Administration.
n A supported guest operating system must be installed on the virtual machine.
n You must have an ESX/ESXi license or be using evaluation mode to power on the virtual machine.
Procedure
1 From the vSphere Client, right-click the virtual machine, select Power, and select Power On.
2 Select the virtual machine and click the Summary tab.
The VMware Tools label indicates whether VMware Tools is installed and current, installed and not
current, or not installed.
3 Click the Console tab to make sure that the guest operating system starts successfully and log in if
necessary.
4 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools.
5 Select Interactive Tools Upgrade and click OK.
The upgrade process starts by mounting the VMware Tools bundle on the guest operating system.
6 If the Microsoft Windows New Hardware wizard appears in the virtual machine console, complete the
wizard and accept the defaults.
Upgrading virtual hardware and installing or upgrading VMware Tools includes enhancements to the
virtual network adapter. A Microsoft Windows guest operating system might interpret these changes as
indicating a different network adapter in the virtual machine and start the New Hardware wizard
accordingly.
7 In the virtual machine console, do one of the following:

n If autorun is enabled, click OK to confirm that you want to install VMware Tools and start the
InstallShield wizard.
n If autorun is not enabled, manually start the VMware Tools installer, by clicking Start > Run and
entering D:\setup.exe, where D: is your first virtual CD-ROM drive.
88 VMware, Inc.
8 Follow the onscreen instructions.
9 Reboot to make the changes take effect.
The VMware Tools label on the Summary tab changes to OK.
What to do next
(Recommended) Upgrade the virtual machine hardware to version 7.
Perform an Interactive Upgrade of VMware Tools on a Linux Guest in an

X Terminal
Prerequisites
The following items are prerequisites for completing this procedure:

NOTE This procedure requires the RPM installer. The RPM installer is not available for ESXi hosts. Only the
tar installer is available for ESXi hosts. For ESXi hosts, see “Perform an Interactive Upgrade of VMware Tools
on a Linux Guest with the Tar Installer,” on page 91.
Procedure
3 Click the Console tab to make sure that the guest operating system starts successfully, and log in if
necessary.
6 Start the installer.

n From the desktop, double-click the VMware Tools CD icon or the file manager window and double-
click the RPM installer.
n If the VMware Tools CD icon or file manager window does not appear, install VMware Tools from
the command line.
7 When prompted, enter the root password and click OK.

The installer prepares the packages.
8 In the Completed System Preparationdialog box, click Continue.
When the installer is finished, VMware Tools is installed. No confirmation or finish button appears.
9 In a terminal window, as root (su -), run the following command to configure VMware Tools:
vmware-config-tools.pl
VMware, Inc. 89
10 Answer the prompts and press Enter to accept the default values if appropriate for your configuration
and follow the instructions at the end of the script.
11 For Linux guest operating systems, execute the following commands to restore the network:
/etc/init.d/network stop
rmmod vmxnet
modprobe vmxnet
/etc/init.d/network start
12 Use the exit command to exit from the root account.
What to do next
Perform an Interactive Upgrade of VMware Tools on a Linux Guest with

the RPM Installer
Prerequisites
NOTE The RPM installer is not available for ESXi hosts. Only the tar installer is available for ESXi hosts. For
ESXi hosts, see “Perform an Interactive Upgrade of VMware Tools on a Linux Guest with the Tar Installer,”
on page 91.
Procedure
necessary.
6 In the virtual machine console, log in as root (su -) and, if necessary, create the /mnt/cdrom directory:
mkdir /mnt/cdrom
7 Mount the VMware Tools virtual CD-ROM image.
Some Linux distributions automatically mount CD-ROMs. If your distribution uses automounting, do not
use the mount and umount commands.
90 VMware, Inc.
Some Linux distributions use different device names or organize the /dev directory differently. Modify
the following commands to reflect the conventions used by your distribution:
mount /dev/cdrom /mnt/cdrom
cd /tmp
8 Change to a working directory (for example, /tmp):

cd /tmp
9 (Optional) If you have a previous installation, delete the previous vmware-tools-distrib directory:
rm -rf /tmp/vmware-tools-distrib
The default location of this directory is: /tmp/vmware-tools-distrib.
10 List the contents of the /mnt/cdrom/ directory and note the filename of the VMware Tools RPM installer:
ls /mnt/cdrom
11 Uncompress the rpm installer, where <xxxxxx> is the build or revision number of the ESX/ESXi version:
rpm -Uhv /mnt/cdrom/VMwareTools-4.0.0-<xxxxxx>.i386.rpm
If you attempt to install an RPM installation over a tar installation, or the reverse, the installer detects the
previous installation and must convert the installer database format before continuing.
12 Unmount the CD-ROM image:

umount /dev/cdrom
13 Double-click the RPM installer file and complete the installation.
14 Run the ./usr/bin/vmware-config-tools.pl script to configure tools.
rmmod vmxnet
modprobe vmxnet
17 Log off the root account:

exit
What to do next
Perform an Interactive Upgrade of VMware Tools on a Linux Guest with

the Tar Installer
VMware, Inc. 91
Prerequisites
Procedure

necessary.
mkdir /mnt/cdrom
Some Linux distributions automatically mount CD-ROMs. Verify the state by running the mount
command. If the CD-ROM device is mounted, each of the device's partitions with a recognized file system
appears in the output of the mount command as something like this:
/dev/cdrom on /mnt/cdrom type iso9660 (ro,nosuid,nodev)
If the CD-ROM device is listed, it is mounted. If the CD-ROM device is already mounted, do not use the
mount and umount commands.

cd /tmp
9 If you have a previous installation, delete the previous vmware-tools-distrib directory:

10 List the contents of the /mnt/cdrom/ directory, and note the filename of the VMware Tools tar installer:
ls /mnt/cdrom
11 Uncompress the tar installer, where <xxxxxx> is the build or revision number of the ESX/ESXi version.
tar zxpf /mnt/cdrom/VMwareTools-4.0.0-<xxxxxx>.tar.gz
If you attempt to install a tar installation over an RPM installation, or the reverse, the installer detects the

umount /dev/cdrom
92 VMware, Inc.
13 Run the VMware Tools tar installer:

cd vmware-tools-distrib
./vmware-install.pl
rmmod vmxnet
modprobe vmxnet
16 (Optional) When the upgrade is complete, log off the root account:
exit
What to do next
Perform an Interactive Upgrade of VMware Tools on a Solaris Guest

Prerequisites
Procedure
necessary.
6 In the virtual machine console, log in as root (su -) and, if necessary, mount the VMware Tools virtual
CD-ROM image, as follows.
Usually, the Solaris volume manager mounts the CD-ROM under /cdrom/vmwaretools. If the CD-ROM is
not mounted, restart the volume manager using the following commands:
/etc/init.d/volmgt stop
/etc/init.d/volmgt start
VMware, Inc. 93
7 After the CD-ROM is mounted, change to a working directory (for example, /tmp) and extract VMware
Tools:
cd /tmp
gunzip -c /cdrom/vmwaretools/vmware-solaris-tools.tar.gz | tar xf -
8 Run the VMware Tools tar installer:

./vmware-install.pl
Respond to the prompts and press Enter to accept the default values.
9 Log off of the root account:

exit
What to do next
Perform an Interactive Upgrade of VMware Tools in a Netware Virtual

Machine
Prerequisites
Procedure
necessary.
6 In the virtual machine console, load the CD-ROM driver so the CD-ROM device mounts the ISO image
as a volume.
7 Select Novell > Utilities > Server Console to open the Netware Server Console, and enter one of the
following commands:
n In the NetWare 6.5 Server Console, enter: LOAD CDDVD.
n In the NetWare 6.0 or NetWare 5.1 Server Console, enter: LOAD CD9660.NSS.
94 VMware, Inc.
8 In the Server Console, enter the following command:

vmwtools:\setup.ncf
9 Check the VMware Tools label on the virtual machine Summary tab.
The VMware Tools label should say OK.
When the installation finishes, the message VMware Tools for NetWare are now running appears in the Logger
Screen (NetWare 6.5 and NetWare 6.0 guests) or the Console Screen (NetWare 5.1 guests).
What to do next
Perform an Automatic Upgrade of VMware Tools

When you start an automatic upgrade of VMware Tools, you do not need to perform any operations in the
guest operating system that is running on the virtual machine. The automatic upgrade uninstalls the previous
version of VMware Tools, installs the latest version that is available for your ESX/ESXi host, and if necessary,
reboots the virtual machine.
Automatic VMware Tools upgrade is not supported for virtual machines with Solaris or Netware guest
operating systems.
Prerequisites
You must have the following items before you perform an automatic upgrade:
Procedure
necessary.
Wait until the guest operating system starts.
If the guest operating system has an out-of-date version of VMware Tools, the Install/Upgrade Tools dialog
box appears.
5 Select Automatic Tools Upgrade.
VMware, Inc. 95
6 (Optional) For Microsoft Windows guest operating systems only, specify a location for the log file by
entering values in the Advanced Options field.
Microsoft Windows Guest Operating Systems

Advanced Values Description
/s /v "/qn" Same as the default behavior. Performs a silent upgrade of

VMware Tools.
/s /v "/qn" /l "<Microsoft Windows_location Performs a silent upgrade of VMware Tools and creates a
\filename.log>" log file in the specified location on the guest operating
system.
7 Click OK.
rmmod vmxnet
modprobe vmxnet
What to do next
Upgrade VMware Tools on Multiple Virtual Machines

You can upgrade VMware Tools on multiple virtual machines by using the Virtual Machines tab.
Prerequisites
Create backups or snapshots of the virtual machines. See Basic System Administration.
Procedure
1 Start the vSphere Client and log in to the vCenter Server.
2 Select Inventory > Hosts and Clusters.
3 Select the host or cluster that contains the virtual machines to upgrade.
4 Click the Virtual Machines tab.
5 Select the virtual machines to upgrade and power them on.
6 Right-click your selections, select Install/Upgrade Tools and click OK.
rmmod vmxnet
modprobe vmxnet
What to do next
(Recommended) Upgrade the virtual machine hardware to version 7. See “Upgrade Virtual Hardware on
Multiple Virtual Machines,” on page 98.
96 VMware, Inc.
Configure a Virtual Machine to Automatically Upgrade VMware Tools

You can configure a virtual machine to check for and apply VMware Tools upgrades each time you power on
the virtual machine.
Automatic VMware Tools upgrade is not supported for virtual machines with Solaris or Netware guest
operating systems.
Prerequisites
n Virtual machines must have a version of VMware Tools shipped with ESX 3.0.1 or later installed.
n Virtual machines must be hosted on an ESX 3.0.1 or later, and VirtualCenter must be version 2.0.1 or later.
Virtual machines residing on a VMware Server host cannot be automatically upgraded.
n Virtual machines must be running a Linux or Microsoft Windows guest operating system that is supported
by ESX 3.0.1 or later and VirtualCenter 2.0.1 or later.
Procedure
1 Power off the virtual machine.

2 Right-click the virtual machine and select Edit Settings.
3 On the Options tab, select VMware Tools.
4 In the Advanced pane, select Check and upgrade Tools before each power-on and click OK.
The next time you power on the virtual machine, it checks the ESX/ESXi host for a newer version of VMware
Tools. If a newer version is available, it is installed and the guest operating system is restarted (if required).
What to do next
Upgrade Virtual Hardware

You can upgrade the hardware version of virtual machines to the latest version of ESX/ESXi. For virtual
machines that are running on ESX 4.0/ESXi 4.0, VMware recommends that you upgrade the virtual hardware
to version 7.
Consider the following points:

n When you upgrade from virtual hardware version 3 to version 7, the upgrade is irreversible, even if you
take a virtual machine backup or snapshot before performing the upgrade. When you upgrade from virtual
hardware version 4 to version 7 the upgrade is reversible if you take a virtual machine backup or snapshot
before performing the upgrade.
n Upgraded virtual machines cannot be powered on by an ESX 2.x host, even if relocated to a VMFS2
datastore.
n To automate this process, consider using vCenter Update Manager for virtual machine upgrades. vCenter
Update Manager performs automatic backups before performing virtual machine upgrades. See the
n When you upgrade virtual hardware, no downtime is required for vCenter Server or ESX/ESXi hosts. For
virtual machines, the only significant downtime is the time to reboot the guest operating systems.
VMware, Inc. 97
Prerequisites
n Create a backup or snapshot of the virtual machine. See Basic System Administration.
n Upgrade VMware Tools.
n Make sure that all .vmdk files are available to the ESX/ESXi host on a VMFS3 datastore.
n Make sure that the virtual machine is stored on VMFS3 or NFS datastores.
n Make sure that no suspend files exist.
n Make sure that at least one virtual disk exists.
n Determine the version of the virtual hardware by selecting the virtual machine and clicking the Summary
tab. The VM Version label displays the virtual hardware version.
IMPORTANT VMware recommends that before you upgrade the virtual hardware, first upgrade VMware Tools
on the virtual machine. This is especially important for virtual machines with Microsoft Windows guest
operating systems. On Microsoft Windows virtual machines, if you upgrade the virtual hardware before you
upgrade VMware Tools, the virtual machine might lose its network settings.
To automate this process, consider using vCenter Update Manager for virtual machine upgrades. vCenter
Update Manager ensures that upgrade procedures happen in the correct order. See the vCenter Update Manager
Administration Guide.
Procedure
2 From the vSphere Client, right-click a virtual machine in the inventory and select Upgrade Virtual
Hardware.
The software upgrades the virtual hardware to the latest supported version.
The Upgrade Virtual Hardware option appears if the virtual hardware on the virtual machine is not the
latest supported version.
3 Click Yes to continue with the virtual hardware upgrade.
4 Power on the virtual machine.
If the virtual machine has a Microsoft Windows guest operating system, the operating system detects a
new device, configures the device, and prompts you to reboot the guest operating system. If any unknown
devices are recognized, the operating system prompts you to configure the device manually.
5 For Windows guest operating systems, reboot the guest operating system to make the changes take effect.
The virtual hardware version is 7 on the VM Version label on the virtual machine Summary tab.
Upgrade Virtual Hardware on Multiple Virtual Machines

You can upgrade virtual hardware on multiple virtual machines by using the Virtual Machines tab.
Prerequisites
n Create backups or snapshots of the virtual machines. See Basic System Administration.
n Upgrade VMware Tools.
n Make sure that all .vmdk files are available to the ESX/ESXi host on a VMFS3 datastore.
n Make sure that the virtual machines are stored on VMFS3 or NFS datastores.
n Make sure that no suspend files exist.
n Make sure that at least one virtual disk exists for each virtual machine.
98 VMware, Inc.
Procedure
1 Start the vSphere Client and log in to the vCenter Server.
2 Select Inventory > Hosts and Clusters.
3 Select the host or cluster that contains the virtual machines to upgrade.
5 Select the virtual machines to upgrade and power them off.
6 Right-click your selections, select Upgrade Virtual Hardware and click Yes.
7 Power on the virtual machines.
For Microsoft Windows guest operating systems, the operating system detects a new device, configures
the device, and prompts you to reboot the guest operating system. If any unknown devices are recognized,
the operating system prompts you to configure the device manually.
8 For Windows guest operating systems, reboot the guest operating system to make the changes take effect.
The virtual hardware version is 7 on the VM Version label on the virtual machine Summary tab.
VMware, Inc. 99
100 VMware, Inc.

About Host Updates and Patches 14
Host updates are for maintenance releases. Software patches address critical security issues or urgent bug fixes.
An update or patch can include a new build of firmware, an update of VMware Tools, or an update of the
vSphere Client.
VMware provides the following tools for installing updates and patches to ESX/ESXi hosts:
vSphere Host Update Graphical utility for ESXi only.

Utility
vCenter Update Manager For ESX and ESXi, automates patching and updates. See the vCenter Update
Manager Administration Guide.
vihostupdate Command-line utility for ESX and ESXi.
esxupdate Command-line utility for ESX only. See the Patch Management Guide.

n “Best Practices for Updates,” on page 101
n “About Patching Hosts with vSphere Host Update Utility,” on page 101
n “About the vihostupdate Command-Line Utility,” on page 104
Best Practices for Updates

Follow best practices when you install updates on hosts.
To ensure that each update is successful, use the following strategy:

n After each update, test the system to ensure that the update was completed successfully.
n If the installation was unsuccessful, revert to the last good known image. See “Roll Back an ESXi Update,
Patch, or Upgrade,” on page 83 and “Uninstall a Bundle from a Host,” on page 106.
About Patching Hosts with vSphere Host Update Utility

With vSphere Host Update Utility, you can download and install maintenance and patch releases, which
provide security, stability, and feature enhancements for ESXi hosts.
You can use vSphere Host Update Utility to check for new release updates and patches that are applicable to
the ESXi hosts registered in the vSphere Host Update Utility. vSphere Host Update Utility builds the host list
by tracking the hosts that you connect to directly through the vSphere Client. You can also add hosts to the
list manually.
VMware, Inc. 101

System Requirements for vSphere Host Update Utility

vSphere Host Update Utility has the same system requirements as the vSphere Client.
To use vSphere Host Update Utility, you must have the following items:
n A workstation or laptop with vSphere Host Update Utility installed.
vSphere Host Update Utility is bundled with the vSphere Client. You can install vSphere Host Update
Utility when you install the vSphere Client. If the vSphere Client is already installed but vSphere Host
Update Utility is not installed, you can install an updated version by rerunning the vSphere Client installer.
n A network connection between the host and the computer that is running vSphere Host Update Utility.
Add a Host to the List

vSphere Host Update Utility compiles a list of ESX/ESXi hosts that you connect to directly by using the vSphere
Client. If the list is not complete, you can add hosts to be managed by vSphere Host Update Utility.
Prerequisites
The host must be reachable.
Procedure
2 Select Host > Add Host.
3 Enter the host name or IP address and click Add.
vSphere Host Update Utility verifies that the selected host is reachable and adds the host to the list.
What to do next
Scan hosts and apply available updates or upgrade a host.
Download Patches and Updates

For ESXi, you can download available host patches and maintenance updates.
Procedure
2 Select File > Download Patches from VMware.
vSphere Host Update Utility downloads patches and updates from the official servers.
What to do next
Scan the hosts and apply the updates and patches.
Scan Hosts and Apply Available Updates and Patches

You can check whether updates are available for the reachable hosts in your datacenter.
When you select a patch to install, consider the following points:

n The patch might be part of a bulletin that includes multiple patches.
n The contents of bulletins might overlap with each other.
102 VMware, Inc.

Chapter 14 About Host Updates and Patches
n The patch might depend on other patches as prerequisites.

n One patch might be a subset of another patch.
These behaviors are expected and are managed by vSphere Host Update Utility as needed. If you install a
patch, do not be concerned if vSphere Host Update Utility installs multiple patches.
Procedure
2 Select a host.
3 In the Host Details pane, click Scan for Patches.
4 Enter the host username and password and click Login.
5 (Optional) If updates are available, click Patch Host.
For each host that you scan, vSphere Host Update Utility downloads available updates to the host. After
the host is updated, an OK button appears.
6 Click OK.
After all updates are applied, vSphere Host Update Utility restarts the updated services.
What to do next
If you have multiple hosts, repeat this procedure until all hosts are updated.
Customizing vSphere Host Update Utility

If the default settings for vSphere Host Update Utility do not meet the needs of your environment, you can
customize the application.
Customize the application by modifying the settings.config XML file, located in the application folder. If
you installed the vSphere Client at the default location, the settings.config XML file is located at one of the
following locations:
n 32-bit OS: %PROGRAMFILES%\VMware\Infrastructure\VIUpdate 4.0
n 64-bit OS: %PROGRAMFILES(X86)%\VMware\Infrastructure\VIUpdate 4.0
You can make the following customizations in the settings.config file:
RemoteDepot URL of the remote server to retrieve host patches and updates.
LocalDepot Local path on your machine where host patches and updates are stored.
ProxyServer Proxy server to use for downloads. By default, this element is empty.
UserSettingsDirectory Directory where user settings are stored.
AskBeforeDownload Display a confirmation prompt to download patches from the VMware patch
repository. Can be True or False. By default, the value is set to True.
About ESXi Boot and Standby Builds

ESXi hosts can store a boot build and a standby build.
For each update, the update utility updates the standby build. After the update, you then reboot the host. After
the host reboots, the standby build becomes the boot build, and the previous boot build becomes the standby
build. If the update is successful, the host continues to boot from the new boot build until the next update.
VMware, Inc. 103

For example, suppose the current boot build is 52252 and the current standby build is 51605. When you update
the host to build 52386, the update process replaces build 51605 with build 52386 and makes build 52252 the
standby build. If the update is successful, you continue to boot from build 52386 until the next update.
If an update fails and the ESXi 4.0 host cannot boot from the new build, the host reverts to booting from the
original boot build.
Roll Back an ESXi Update, Patch, or Upgrade

For purposes of rollback, the term update refers to all ESXi patches, updates, and upgrades. Each time you
update an ESXi host, a copy of the ESXi build is saved on your host. If you think an ESXi patch might be making
your host not work as expected in your environment, you can roll back the update.
ESXi permits only one level of rollback. Only one previous build can be saved at a time. In effect, each ESXi 4.0
host stores up to two builds, one boot build and one standby build.
When you manually boot into the standby build instead of the current boot build, an irreversible rollback
occurs. The standby build becomes the new boot build and remains the boot build until you perform another
update.
Procedure
1 Reboot the ESXi 4.0 host.
2 When the page that displays the current boot build appears, press Shift+r to select the standby build.
3 Press Shift+y to confirm the selection and press Enter.
The previous update rolls back. The standby build becomes the boot build.
About the vihostupdate Command-Line Utility

The vihostupdate command applies software updates to ESX/ESXi hosts and installs and updates ESX/ESXi
extensions such as VMkernel modules, drivers, and CIM providers.
IMPORTANT Run vihostupdate on ESX 4.0/ESXi 4.0 hosts. Run vihostupdate35 on ESX 3.5/ESXi 3.5 hosts.
NOTE The esxupdate utility is supported as well. It is for ESX only. See the Patch Management Guide.
The vihostupdate command works with bulletins. Each bulletin consists of one or more vSphere bundles and
addresses one or more issues.
Towards the end of a release, bulletins include a large number of other bulletins. Bulletins are available in
offline bundles and in a depot with associated metadata.zip files.
n If you use offline bundles, all patches and corresponding metadata are available as one ZIP file.
n If you use a depot, the metadata.zip file points to metadata, which describes the location of the files.
The command supports querying installed software on a host, listing software in a patch, scanning for bulletins
that apply to a host, and installing all or some bulletins in the patch. You can specify a patch by using a bundle
ZIP file or a depot’s metadata ZIP file.
vihostupdate supports https://, http://, and ftp:// downloads. You can specify the protocols in the
download URL for the bundle or metadata file. vihostupdate also supports local paths. See “Update an ESX/
ESXi Host Using Offline Bundles with the vihostupdate Utility,” on page 105. To search a local depot where
the vSphere CLI is installed, use /local/depot/metadata.zip without of the file:/// parameter.
104 VMware, Inc.

Update an ESX/ESXi Host Using Offline Bundles with the vihostupdate Utility
You can use the vihostupdate utility in conjunction with offline bundles or with a depot. This topic describes
the procedure using offline bundles.
Prerequisites
Procedure
2 Find out which bulletins are applicable to the ESX/ESXi host.

vihostupdate.pl --server <server> --scan --bundle http://<webserver>/rollup.zip

vihostupdate.pl --server <server> --scan --bundle <local_path>/rollup.zip
Do not specify more than one bundle ZIP file at the command line each time you run the command. If you
specify --bundle more than once, the command processes only the last file that was specified.
3 (Optional) List all the bulletins that are available in the bundle.
vihostupdate.pl --server <server> --list --bundle http://<webserver>/rollup.zip

vihostupdate.pl --server <server> --list --bundle <local_path>/rollup.zip
This command lists all the bulletins contained in the bundle, even those that do not apply to the host.
4 Install bulletins from the bundle on the ESX/ESXi host.

n Install from an offline HTTP server:
vihostupdate.pl --server <server> --install --bundle http://<webserver>/rollup.zip --
bulletin bulletin1,bulletin2
n Install from the local machine:

vihostupdate.pl --server <server> --install --bundle <local_path>/rollup.zip --bulletin
bulletin1,bulletin2


VMware, Inc. 105

Update an ESX/ESXi Host Using a Depot with the vihostupdate Utility

You can use the vihostupdate utility in conjunction with bundles or with a depot. This topic describe the
procedure using depots.
Prerequisites
Procedure
2 Scan the depot for bulletins that are applicable to the host:
vihostupdate.pl --server <server> --scan --metadata http://<webserver>/depot/metadata.zip
Do not specify more than one ZIP file at the command line each time you run the command. If you specify
--metadata more than once, the command processes only the last file that was specified.
3 (Optional) List all bulletins in the depot at the metadata.zip file location:
vihostupdate.pl --list --metadata http://<webserver>/depot/metadata.zip
This command lists all the bulletins in the depot, even those that do not apply to the host.
4 Install bulletins in the depot on the host:

vihostupdate.pl --install --metadata http://<webserver>/depot/metadata.zip --bulletin
bulletin1,bulletin2


Uninstall a Bundle from a Host

Use this procedure to uninstall bulletins that are third-party or VMware extensions.
Prerequisites
Before you can uninstall an update or patch from an ESX/ESXi host from the command line, you must have
access to a machine on which you can run the VMware vSphere Command-Line Interface (vSphere CLI). You
can install the vSphere CLI on your Microsoft Windows or Linux system or import the VMware vSphere
Management Assistant (vMA) virtual appliance onto your ESX/ESXi host. For information about deploying or
installing the vSphere CLI, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
106 VMware, Inc.

Procedure
1 Determine which bulletins are installed on your ESX/ESXi host.

Note the bundle ID for the bundle to uninstall.
2 Run the vihostupdate command.

vihostupdate --server <server> --remove --bulletin <bulletin ID>
vihostupdate can remove only one bulletin at a time.
VMware, Inc. 107

108 VMware, Inc.

Index
Numerics detach and attach (SQL) 50

32-bit DSN requirement 52 upgrade procedure 47
64-bit upgrade wizard 45
moving to 22, 49–52 database connections, number of 58
upgrading vCenter Server to 49 databases 38
datastore permissions
A upgrade 63
adding hosts to vSphere Host Update Utility 102 upgrading 61
applying patches 104, 105 datastore upgrade 10
applying patches to ESX/ESXi 106 datastores, privileges 62
AskBeforeDownload 103 depot, for patching ESX/ESXi 106
ATA disks 27 device.map 79
automatic upgrades, VMware Tools 97 DHCP 69
automatic VMware Tools upgrade 95 directory 57
disks
B local 14, 15
back up, ESX host configuration 71 persistent mode 18
backup, host configuration 71 VMDK 37
backup plans 59 download patches and updates 102
backup VirtualCenter 43 downtime
best practices, updates and upgrades 101 during virtual hardware upgrade 87
boot and standby builds for ESXi 103 during VMware Tools upgrade 87
build numbers 83, 104 vCenter Server 43
bulletins 105 DRAC 35
bulletins, for patching ESX/ESXi 106 DSN, 32-bit requirement 52
DVD media 29
C
changes in this release 9 E
claim rule format 79 ESX
cleanup-esx3 command 81, 82 changing ESXi Embedded to 25
clients, firewall 34 replacing with ESXi Installable 25
cold migration 20, 21 restore 83
computer name rolling back 81, 82
Oracle 42 upgrade support 72
SQL Server 42 ESX 2.5.5 72
configuration, backing up ESX 71 ESX 3.x/ESXi 3.5, licensing 56
configuration, components preserved 70 ESX configuration, backing up 71
configuring ports 34 ESX upgrade 75
customizing vSphere Host Update Utility 103 ESX/ESXi, rolling back 82
ESXi
D boot and standby builds 103
data source name 52 evaluating 80
database restoring the configuration 83
backup and restore (Oracle) 51 update, rolling back 83, 104
backup and restore (SQL) 49
VMware, Inc. 109

ESXi Embedded log files 79

replacing with ESX 25 LUN masking 79
replacing with ESXi Installable 26
ESXi Installable M
changing ESX to 25 memory, ESXi requirements 30, 31
changing ESXi Embedded to 26 memory, server requirements 27
ESXi upgrade 77 Microsoft .NET Framework 34
esxupdate 101 Microsoft SQL Server, requirements 40
evaluating ESXi 80 Microsoft Windows guest, VMware Tools
upgrade 88
F migration upgrade 16, 18, 20, 21, 43
firewall 34
N
G Netware guest, VMware Tools upgrade 94
global data 57 network permissions
groups 57 upgrade 64
guest operating systems 34 upgrading 61
networks, permissions 62
H
hardware requirements O
for ESXi 30 offline bundles 105
for vCenter Server 32 Oracle 41
hardware requirements for the vSphere Oracle database
Client 32 changing the computer name 42
hardware requirements, ESXi 31 requirements 40
host compatibility check 68 Oracle JDBC Driver 55
host patching 101 orchestrated upgrade
host upgrades, about 67 of hosts 69
hosts, upgrade 69 of virtual machines 86
hosts firewall 34
hosts, configuration after upgrade 70 P
patches
I apply to hosts 102
IDE disks 27, 30, 31 download 102
ILO 35 patching 104, 105
in-place upgrades 14, 15, 43 patching ESX/ESXi 106
install, VMware Tools 85, 86 patching hosts, with vSphere Host Update
installing the vSphere Client 56 Utility 101
IP addresses 69 permissions, networks 62
port 389 34
L port 443 34
LDAP 57 port 636 34
license server, uninstalling 81 port 80 34
licensing, vCenter Server 55 ports
licensing upgrades 11 443 38
Linked Mode group 55, 57 80 38
Linux guest, VMware Tools upgrade (on X) 89 configuring 34
Linux guest, VMware Tools upgrade (rpm firewall 34
installer) 90 ports 1025 through 65535 34
Linux guest, VMware Tools upgrade (tar ports used by vCenter Server 34
installer) 91 postupgrade considerations 79
listening ports 34 postupgrade considerations for vCenter
LocalDepot 103 Server 55
110 VMware, Inc.

Index
privileges, datastores 62 system requirements 68, 102

process for upgrading 13–15 uninstall 106
ProxyServer 103 upgrade
changes in this release 9
R in place 14, 15
RemoteDepot 103 migration 16, 18, 20, 21
requirements for virtual machines 34 of hosts 69
requirements for vSphere Client 34 process 13–15
restore ESX 83 virtual machines 86
restoring the ESXi configuration 83 VMware Tools 85, 86
restoring VirtualCenter 2.x 59 upgrade for datastores 10
rollback-to-esx3 command 81, 82 upgrade on new hardware, vCenter Server 41
rolling back an ESX upgrade 81, 82 upgrade scenarios 13, 37, 86
rolling back an ESX/ESXi upgrade 82 upgrade support for ESX 72
rolling back an ESXi update 83, 104 upgrade the database 47
rpm installer 90 upgrade virtual hardware 97
RSA 35 upgrade VMotion 18
upgrade VMware Tools, automatic 95
S upgrade VMware Tools, Linux (on X) 89
SAS disks 30, 31 upgrade VMware Tools, Linux (rpm installer) 90
SATA disks 27, 30, 31 upgrade VMware Tools, Linux (tar installer) 91
scan hosts 102 upgrade VMware Tools, Microsoft Windows 88
scenarios 13, 37, 86 upgrade VMware Tools, Netware 94
schema changes 45 upgrade VMware Tools, Solaris 93
SCSI 27, 30, 31 upgrades, best practices 101
SCSI disks 27 upgrading
services, VMware Tools 85, 86 datastore permissions 61
Solaris guest, VMware Tools upgrade 93 ESX 75
specifications ESXi 77
ESXi hardware requirements 30, 31 licensing 11
performance recommendations 29–31 network permissions 61
SQL Server, changing the computer name 42 stage 1 37, 43
SSL certificates 22, 52, 55 stage 4 86
static IP addresses 69 support 72
supported upgrades, ESX 72 to vCenter Server 45
system requirements vCenter Server 37
updates 68, 102 vCenter Server database 38
vCenter Server database 40 vCenter Server on a different machine 49
virtual machines 10
T
vSphere Client 37
tar installer 91
upgrading virtual hardware 98
TCP/IP 38
USB media 29
use cases 13
U
UserSettingsDirectory 103
uninstall update 106
utilities, VMware Tools 85, 86
uninstalling, the license server 81
Update Manager 9, 68, 69
V
updates vCenter Server
apply to hosts 102 database upgrade 47
best practices 101 hardware requirements 32
download 102 joining a group 57
ports 34
VMware, Inc. 111

postupgrade considerations 55 VMware Tools upgrade, downtime 87

postupgrade tasks 58 VMware Tools upgrade, automatic 95
vCenter Server downtime 43 VMware Tools upgrade, Linux (on X) 89
vCenter Update Manager 9, 67, 101 VMware Tools upgrade, Linux (rpm installer) 90
vCenter upgrade 37 VMware Tools upgrade, Linux (tar installer) 91
VI Client 56 VMware Tools upgrade, Microsoft Windows 88
vicfg-cfgbackup 71 VMware Tools upgrade, Netware 94
vihostupdate 101, 104–106 VMware Tools upgrade, Solaris) 93
virtual hardware, upgrading 85, 98 vSphere CLI 104–106
virtual hardware upgrade, downtime 87 vSphere Client
virtual machine upgrades 10 hardware requirements 32
virtual machines installing 56
downtime during upgrade 87 requirements 34
RAM requirements 30, 31 vSphere Host Update Utility
requirements 34 about 67, 68, 101
upgrade 86 adding hosts 102
virtual machines upgrade 86 customizing 103
VirtualCenter patching hosts 101
backup 43 vSphere Web Access 80
upgrading to vCenter Server 45
VirtualCenter 2.x, restoring after upgrade 59 X
VMotion 16, 18 X terminal 89
VMware Tools
automate upgrades 96, 97
install and upgrade 85, 86
112 VMware, Inc.

vSphere Basic System Administration
vCenter Server 4.0
ESX 4.0
ESXi 4.0
This document supports the version of each product listed and

supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of this
document, see http://www.vmware.com/support/pubs.
EN-000105-03
Copyright © 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual
property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About This Book 11
Getting Started
1 vSphere Components 15
Components of vSphere 15
vSphere Client Interfaces 17
Functional Components 17
Managed Components 19
Access Privileges Components 21
vCenter Server Modules 21
vCenter Components That Require Tomcat 22
Optional vCenter Server Components 22
2 Starting and Stopping the vSphere Components 25

Start an ESX/ESXi Host 25
Reboot or Shut Down an ESX/ESXi Host 25
Stop an ESX Host Manually 26
Starting vCenter Server 26
Start the vSphere Client and Log In 27
Stop the vSphere Client and Log Out 28
vSphere Web Access 28
VMware Service Console 29
3 Using vCenter Server in Linked Mode 31

Linked Mode Prerequisites 31
Linked Mode Considerations 32
Join a Linked Mode Group After Installation 32
Reconciling Roles When Connecting vCenter Server to a Linked Mode Group 33
Isolate a vCenter Server Instance from a Linked Mode Group 34
Change the Domain of a vCenter Server System in a Linked Mode Group 34
Configure the URLs on a Linked Mode vCenter Server System 34
Linked Mode Troubleshooting 35
Monitor vCenter Server Services 37
4 Using the vSphere Client 39

Getting Started Tabs 40
Status Bar, Recent Tasks, and Triggered Alarms 40
Panel Sections 40
VMware, Inc. 3
View Virtual Machine Console 41

Searching the vSphere Inventory 41
Using Lists 42
Custom Attributes 43
Select Objects 44
Manage vCenter Server Plug-Ins 45
Save vSphere Client Data 46
5 Configuring Hosts and vCenter Server 47

Host Configuration 47
Configuring vCenter Server 48
Access the vCenter Server Settings 48
Configuring Communication Among ESX, vCenter Server, and the vSphere Client 49
Configure vCenter Server SMTP Mail Settings 49
Working with Active Sessions 49
SNMP and vSphere 50
System Log Files 65
6 Managing the vSphere Client Inventory 71

Understanding vSphere Client Objects 71
Add an Inventory Object 73
Moving Objects in the Inventory 74
Remove an Inventory Object 74
Browsing Datastores in the vSphere Client Inventory 75
7 Managing Hosts in vCenter Server 77

About Hosts 77
Add a Host 78
Completing the Add Host Process 80
Disconnecting and Reconnecting a Host 80
Remove a Host from a Cluster 81
Understanding Managed Host Removal 82
Remove a Managed Host from vCenter Server 82
Monitoring Host Health Status 83
Virtual Machine Management
8 Consolidating the Datacenter 89

Consolidation First Time Use 90
Consolidation Prerequisites 90
About Consolidation Services 93
Configuring Consolidation Settings 93
Find and Analyze Physical Systems 94
Viewing Analysis Results 95
Converting Physical Systems to Virtual Machines 95
Viewing Consolidation Tasks 96
Troubleshooting Consolidation 97
4 VMware, Inc.
Contents
9 Deploying OVF Templates 101

About OVF 101
Deploy an OVF Template 101
Browse VMware Virtual Appliance Marketplace 103
Export an OVF Template 104
10 Managing VMware vApp 105

Create a vApp 106
Populate the vApp 107
Edit vApp Settings 108
Configuring IP Pools 111
Clone a vApp 113
Power On a vApp 114
Power Off a vApp 114
Edit vApp Annotation 114
11 Creating Virtual Machines 115

Access the New Virtual Machine Wizard 115
Select a Path Through the New Virtual Machine Wizard 116
Enter a Name and Location 116
Select a Resource Pool 116
Select a Datastore 117
Select a Virtual Machine Version 117
Select an Operating System 117
Select the Number of Virtual Processors 117
Configure Virtual Memory 118
Configure Networks 118
About VMware Paravirtual SCSI Adapters 118
Select a SCSI Adapter 119
Selecting a Virtual Disk Type 119
Complete Virtual Machine Creation 122
Installing a Guest Operating System 122
Installing and Upgrading VMware Tools 122
12 Managing Virtual Machines 135

Changing Virtual Machine Power States 136
Adding and Removing Virtual Machines 139
Configure Virtual Machine Startup and Shutdown Behavior 140
13 Virtual Machine Configuration 143

Virtual Machine Hardware Versions 143
Virtual Machine Properties Editor 144
Adding New Hardware 158
Converting Virtual Disks from Thin to Thick 166
14 Working with Templates and Clones 167

Creating Templates 167
VMware, Inc. 5
Edit a Template 169

Change Template Name 170
Deploy Virtual Machines from Templates 170
Convert Templates to Virtual Machines 171
Deleting Templates 171
Regain Templates 172
Clone Virtual Machines 172
Create a Scheduled Task to Clone a Virtual Machine 173
15 Customizing Guest Operating Systems 175

Preparing for Guest Customization 175
Customize Windows During Cloning or Deployment 178
Customize Linux During Cloning or Deployment 179
Create a Customization Specification for Linux 180
Create a Customization Specification for Windows 180
Managing Customization Specification 181
Completing a Guest Operating System Customization 183
16 Migrating Virtual Machines 185

Cold Migration 186
Migrating a Suspended Virtual Machine 186
Migration with VMotion 186
Migration with Storage VMotion 195
Migrate a Powered-Off or Suspended Virtual Machine 196
Migrate a Powered-On Virtual Machine with VMotion 197
Migrate a Virtual Machine with Storage VMotion 198
Storage VMotion Command-Line Syntax 200
17 Using Snapshots 203

About Snapshots 203
Using the Snapshot Manager 206
Restore a Snapshot 207
System Administration
18 Managing Users, Groups, Roles, and Permissions 211

Managing vSphere Users 211
Groups 212
Removing or Modifying Users and Groups 213
Best Practices for Users and Groups 213
Using Roles to Assign Privileges 213
Permissions 217
Best Practices for Roles and Permissions 224
Required Privileges for Common Tasks 225
19 Monitoring Storage Resources 227

Working with Storage Reports 227
6 VMware, Inc.
Contents
Working with Storage Maps 229
20 Using vCenter Maps 231

vCenter VMotion Maps 232
vCenter Map Icons and Interface Controls 232
View vCenter Maps 233
Print vCenter Maps 233
Export vCenter Maps 233
21 Working with Alarms 235

Alarm Triggers 236
Alarm Actions 246
Alarm Reporting 251
Creating Alarms 251
Managing Alarms 255
Managing Alarm Actions 259
Preconfigured VMware Alarms 262
22 Working with Performance Statistics 265

Statistics Collection for vCenter Server 265
vCenter Server Performance Charts 272
Monitoring and Troubleshooting Performance 277
23 Working with Tasks and Events 283

Managing Tasks 283
Managing Events 290
Appendixes
A Defined Privileges 297

Alarms 298
Datacenter 299
Datastore 299
Distributed Virtual Port Group 300
Distributed Virtual Switch 301
Extensions 302
Folders 302
Global 303
Host CIM 304
Host Configuration 304
Host Inventory 306
Host Local Operations 307
Host Profile 308
Network 308
Performance 309
Permissions 310
Resource 310
VMware, Inc. 7
Scheduled Task 312

Sessions 312
Tasks 313
vApp 313
Virtual Machine Configuration 315
Virtual Machine Interaction 319
Virtual Machine Inventory 322
Virtual Machine Provisioning 323
Virtual Machine State 326
B Installing the Microsoft Sysprep Tools 327

Install the Microsoft System Preparation Tools from a Microsoft Web Site Download 327
Install the Microsoft Sysprep Tools from the Windows Operating System CD 328
C Performance Metrics 331

Cluster Services Metrics 332
CPU Metrics 333
Disk Metrics 337
Management Agent Metrics 341
Memory Metrics 342
Network Metrics 350
Storage Utilization Metrics 352
System Metrics 353
Virtual Machine Operations Metrics 354
Index 357
8 VMware, Inc.
Updated Information
This Basic System Administration is updated with each release of the product or when necessary.
This table provides the update history of the Basic System Administration.
EN-000105-03 n The list of supported guest operating systems in topic “Linux Requirements for
Guest Customization,” on page 177 has been revised.
EN-000105-02 n The following sentence has been removed from the note in“Change the Virtual
Processor or CPU Configuration,” on page 150: "Changing the number of
processors an imported virtual machine uses is not supported." This information no
longer pertains to vSphere.
n Added information to “About Snapshots,” on page 203 that clarifies the issue of
using snapshots for virtual machine backups.
EN-000105-01 n The topic “Add a USB Controller to a Virtual Machine,” on page 166 now reflects
that although you can add a USB controller to a virtual machine, adding USB devices
is not supported.
n Chapter 16, “Migrating Virtual Machines,” on page 185 has been revised to remove
references to VMware Server. VMware Server hosts are not supported by vCenter
Server.
n In Table A-21 the description for the Host USB device privilege now reflects that
adding USB devices to virtual machines is not supported.
n Minor revisions.
VMware, Inc. 9
10 VMware, Inc.
About This Book
®
This manual, Basic System Administration, describes how to start and stop the VMware vSphere Client
components, build your vSphere environment, monitor and manage the information generated about the
components, and set up roles and permissions for users and groups using the vSphere environment. This
manual also provides information for managing, creating, and configuring virtual machines in your datacenter.
In addition, this manual provides brief introductions to the various tasks you can perform within the system
as well as cross-references to the documentation that describes all the tasks in detail.
Basic System Administration covers ESX, ESXi, and vCenter Server.
Intended Audience
The information presented in this manual is written for system administrators who are experienced Windows
or Linux system administrators and who are familiar with virtual machine technology and datacenter
operations.
Document Feedback

set.

SAN Storage area network type datastore shared between

managed hosts
tmplt Template
VMware, Inc. 11
Table 1. Abbreviations (Continued)

VC vCenter Server


for priority 1 issues. Go to
12 VMware, Inc.
Getting Started
VMware, Inc. 13
14 VMware, Inc.
vSphere Components 1
VMware vSphere™ includes components and operations essential for managing virtual machines.
With vSphere, you can choose between two approaches to managing virtual machines. vSphere works with
several client interfaces and offers many optional components and modules, such as VMware High Availability
(HA), VMware VMotion™, VMware Distributed Resource Scheduler (DRS), VMware Update Manager, and
VMware Converter Enterprise.
vSphere allows you to treat your virtual environment objects as managed components such as virtual machines,
hosts, datacenters, resource pools, and clusters. Functional components of vSphere provide the best way to
manage each of these managed components of your virtual environment.
Finally, vSphere provides powerful administration tools through access privileges components.

n “Components of vSphere,” on page 15
n “vSphere Client Interfaces,” on page 17
n “Functional Components,” on page 17
n “Managed Components,” on page 19
n “Access Privileges Components,” on page 21
n “vCenter Server Modules,” on page 21
n “vCenter Components That Require Tomcat,” on page 22
n “Optional vCenter Server Components,” on page 22
Components of vSphere
VMware vSphere is a suite of software components for virtualization.
To run your vSphere environment, you need the following components:
ESX/ESXi A virtualization platform used to create the virtual machines as a set of

configuration and disk files that together perform all the functions of a physical
machine.
Through ESX/ESXi, you run the virtual machines, install operating systems,
run applications, and configure the virtual machines. Configuration includes
identifying the virtual machine’s resources, such as storage devices.
The server provides bootstrapping, management, and other services that

manage your virtual machines.
VMware, Inc. 15
Each ESX/ESXi host has a vSphere Client available for your management use.
If your ESX/ESXi host is registered with vCenter Server, a vSphere Client that
accommodates vCenter Server features is available.
vCenter Server A service that acts as a central administrator for VMware ESX/ESXi hosts that
are connected on a network. vCenter Server directs actions on the virtual
machines and the virtual machine hosts (the ESX/ESXi hosts).
vCenter Server is a single Windows Service and is installed to run
automatically. vCenter Server runs continuously in the background,
performing its monitoring and managing activities even when no vSphere
Clients are connected and even if nobody is logged on to the computer where
it resides. It must have network access to all the hosts it manages and be
available for network access from any machine where the vSphere Client is run.
vCenter Server can be installed in a Windows virtual machine on an ESX/ESXi
host, allowing it to take advantage of the high-availability afforded by VMware
HA. See the Installation Guide for details on setting up this configuration.
Multiple vCenter Server systems can be joined together using Linked Mode to
allow them to be managed using a single vSphere Client connection.
vCenter Server plug-ins Applications that provide additional features and functionality to vCenter
Server. Typically, plug-ins consist of a server component and a client
component. After the plug-in server is installed, it is registered with vCenter
Server and the plug-in client is available to vSphere clients for download. After
a plug-in is installed on a vSphere client, it might alter the interface by adding
views, tabs, toolbar buttons, or menu options related to the added functionality.
Plug-ins leverage core vCenter Server capabilities, such as authentication and
permission management, but can have their own types of events, tasks,
metadata, and privileges.
In addition to plug-ins that are available independently of vCenter Server,
some vCenter Server features are implemented as plug-ins, and can be
managed using the vSphere Client Plug-in Manager. These features include
vCenter Storage Monitoring, vCenter Hardware Status, and vCenter Service
Status.
vCenter Server database A persistent storage area for maintaining status of each virtual machine, host,
and user managed in the vCenter Server environment. The vCenter Server
database can be remote or local to the vCenter Server system.
The database is installed and configured during vCenter Server installation.
If you are accessing your ESX/ESXi host directly through a vSphere Client, and
not through a vCenter Server system and associated vSphere Client, you do
not use a vCenter Server database.
Datastore A virtual representation of combinations of underlying physical storage

resources in the datacenter. A datastore is the storage location for virtual
machine files. These physical storage resources can come from the local SCSI
disk of the server, the Fibre Channel SAN disk arrays, the iSCSI SAN disk
arrays, or Network Attached Storage (NAS) arrays. Datastores hide the
idiosyncrasies of the storage options and provide a uniform model for various
storage products required by virtual machines.
vCenter Server agent On each managed host, software that collects, communicates, and executes the
actions received from vCenter Server. The vCenter Server agent is installed the
first time any host is added to the vCenter Server inventory.
16 VMware, Inc.
Chapter 1 vSphere Components
Host agent On each managed host, software that collects, communicates, and executes the
actions received through the vSphere Client. It is installed as part of the ESX/
ESXi installation.
LDAP vCenter Server uses LDAP (Lightweight Directory Access Protocol) to

synchronize data such as license and role information across vCenter Server
systems joined in Linked Mode.
vSphere Client Interfaces

There are several ways to access vSphere components.
vSphere interface options include:
vSphere Client A required component and the primary interface for creating, managing, and
monitoring virtual machines, their resources, and their hosts. It also provides
console access to virtual machines.
vSphere Client is installed on a Windows machine with network access to your

ESX/ESXi or vCenter Server system installation. The interface displays slightly
different options depending on which type of server you are connected to.
While all vCenter Server activities are performed by a vCenter Server system,
you must use the vSphere Client to monitor, manage, and control the server.
A single vCenter Server system or ESX/ESXi host can support multiple,
simultaneously connected vSphere Clients.
vSphere Web Access A Web interface through which you can perform basic virtual machine
management and configuration and get console access to virtual machines. It
is installed with your ESX/ESXi host. Similar to the vSphere Client, vSphere
Web Access works directly with a host or through vCenter Server. See the
vSphere Web Access Administrator’s Guide for additional information.
VMware Service Console A command-line interface for configuring an ESX host. For an ESXi host, use
the vSphere Command-Line Interface.
vSphere Command-Line A command-line interface for configuring an ESXi host. The vSphere
Interface Command-Line Interface can also be used to perform Storage VMotion
operations on both ESX/ESXi hosts.
Functional Components
Functional components are used to monitor and manage your vSphere infrastructure.
The functional components are accessible from the vSphere Client Home page. Functional components are
divided into four categories: Inventory, Administration, Management, and Solutions and Applications.
Inventory
You use the Inventory functional components to view the objects managed by vCenter Server. Managed objects
include datacenters, resource pools, clusters, networks, datastores, templates, hosts, and virtual machines. The
inventory options are:
Search Allows you to search the vSphere inventory for hosts, virtual machines,
networks, datastores, and folders matching specified criteria.
Hosts and Clusters Provides a hierarchical view of hosts, clusters, and their child objects.
VMware, Inc. 17
VMs and Templates Provides a view of all virtual machines and templates in the inventory, grouped
by datacenters and folders.
Datastores Provides a view of all datastores in the inventory, grouped by datacenters and
folders.
Networks Provides a view of all networks in the inventory, grouped by datacenters and
folders.
Administration
You use the Administration functional components to configure and monitor the state of your hosts or vCenter
Server systems. The options are:
Roles Allows you to view and create roles used to grant access privileges to users.
Sessions Allows you to view all vSphere Client sessions currently connected to the
selected vCenter Server system. If you have sufficient privileges, you can
terminate sessions. Sessions are available through vCenter Server only.
Licensing Allows you to view and administer vSphere licenses. This is available through
vCenter Server only. To administer licenses for a standalone host, use the host
Configuration tab.
System Logs Allows you to display and export log files.
vCenter Server Settings Allows you to configure a number of settings for the selected vCenter Server
system. The vCenter Server settings are available through vCenter Server only.
vCenter Server Status Provides a list of vSphere services with their current status. The status details
include warning and alert information.
Guided Consolidation Analyzes computers in your enterprise and recommends the best candidates
to virtualize. The consolidation interface guides you through the conversion
process based on the computers you select for consolidation.
Management
You use the Management functional components to monitor and manage the objects in the vSphere inventory.
Management functional components are available through vCenter Server only. The options are:
Scheduled Tasks Provides a list of activities and a means to schedule those activities. Scheduled
tasks are available through vCenter Server only.
Events Provides a list of all the events that occur in the vCenter Server environment.
Use this option to view all events. To see only events relevant to a particular
object, use the Tasks & Events tab for that object. Events are available through
vCenter Server only.
Maps Provides a visual representation of the status and structure of the vSphere
environment and the relationships between managed objects. This includes
hosts, networks, virtual machines, and datastores. Maps are available only
through vCenter Server.
Host Profiles Allows you to view, create, apply, and check compliance for host profiles.
Customization Allows you to create new virtual machine guest operating system
Specifications Manager specifications and manage existing specifications.
18 VMware, Inc.
Solutions and Applications

You use the Solutions and Applications panel to access vCenter Server extensions installed in your vCenter
Server System. For example, you can access the VMware vCenter Guided Consolidation extension and the
VMware vCenter Update Manager from this panel.
NOTE This panel appears only if you purchased and installed VMware vSphere extensions that are sold
separately from the VMware vCenter Server product.
Managed Components
Managed components are objects in your virtual and physical infrastructure on which you can place
permissions, monitor tasks and events, and set alarms. You can group most managed components by using
folders to more easily manage them.
All managed components, with the exception of hosts, can be renamed to represent their purposes. For
example, they can be named after company departments or locations or functions. vCenter Server monitors
and manages the following components of your virtual and physical infrastructure:
Clusters A collection of ESX/ESXi hosts and associated virtual machines intended to

work together as a unit. When you add a host to a cluster, the host’s resources
become part of the cluster’s resources. The cluster manages the resources of all
hosts.
If you enable VMware DRS on a cluster, the resources of the hosts in the cluster
are merged to allow resource balancing for the hosts in the cluster. If you enable
VMware HA on a cluster, the resources of the cluster are managed as a pool of
capacity to allow rapid recovery from host hardware failures.See the Resource
Management Guide.
Datacenters Unlike a folder, which is used to organize a specific object type, a datacenter is
an aggregation of all the different types of objects needed to do work in virtual
infrastructure: hosts, virtual machines, networks, and datastores.
Within a datacenter there are four separate hierarchies.

n Virtual machines (and templates)
n Hosts (and clusters)
n Networks
n Datastores
The datacenter is the unit of virtualization (the namespace) of networks and

datastores. Within a datacenter, you cannot have two objects (for example, two
hosts) with the same name but you can have two objects with the same name
in different datacenters. Virtual machine names need not be unique within the
datacenter, but must be unique within each virtual machine folder.
If two virtual machines connect to networkA, they are connected to the same
network. Rules are different across datacenters. Theoretically, the same
physical network can appear in two datacenters and be called two different
names. Or networkA might have one meaning in datacenterA and a different
meaning in datacenterB. Moving objects between datacenters can create
problems or, at least, unpredictable results.
VMware, Inc. 19
To have a single namespace (that is, a single datacenter) for all networks and
datastores, use folders within the datacenter to organize the networks and
datastores. To have separate namespaces (separate datacenters) for networks
and datastores, create two datacenters.
Datastores A virtual representation of combinations of underlying physical storage

resources in the datacenter. A datastore is the storage location for virtual
machine files. These physical storage resources can come from the local SCSI
disk of the server, the Fibre Channel SAN disk arrays, the iSCSI SAN disk
arrays, or Network Attached Storage (NAS) arrays. Datastores hide the
idiosyncrasies of the storage options and provide a uniform model for various
storage products required by virtual machines.
Folders A top-level structure for vCenter Server only. Folders allow you to group
objects of the same type so you can easily manage them. For example, you can
use folders to set permissions across objects, to set alarms across objects, and
to organize objects in a meaningful way.
A folder can contain other folders, or a group of objects of the same type:
datacenters, clusters, datastores, networks, virtual machines, templates, or
hosts. For example, one folder can contain hosts and a folder containing hosts,
but it cannot contain hosts and a folder containing virtual machines.
The datacenter folders form a hierarchy directly under the root vCenter Server
and allow users to group their datacenters in any convenient way. Within each
datacenter is one hierarchy of folders with virtual machines and templates, one
with hosts and clusters, one with datastores, and one with networks.
Hosts The physical computer on which the virtualization platform software, such as
ESX/ESXi, is installed and all virtual machines reside. If the vSphere Client is
connected directly to an ESX/ESXi host, only that host is available for
management.
NOTE When vCenter Server refers to a host, this means the physical machine
on which the virtual machines are running. All virtual machines within the
VMware vSphere environment are physically on ESX/ESXi hosts. The term host
in this Help system refers to the ESX/ESXi host that has virtual machines on it.
Networks A set of virtual network interface cards (virtual NIC), virtual switches
(vSwitch), and port groups that connect virtual machines to each other or to
the physical network outside of the virtual datacenter. All virtual machines that
connect to the same port group belong to the same network in the virtual
environment, even if they are on different physical servers. You can monitor
networks and set permissions and alarms on port groups.
Resource pools A structure that allows delegation of control over the resources of a host.
Resource pools are used to compartmentalize all resources in a cluster. You can
create multiple resource pools as direct children of a host or cluster and
configure them. Then delegate control over them to other individuals or
organizations. The managed resources are CPU and memory from a host or
cluster. Virtual machines execute in, and draw their resources from, resource
pools.
vCenter Server provides, through the DRS components, various options in
monitoring the status of the resources and adjusting or suggesting adjustments
to the virtual machines using the resources. You can monitor resources and set
alarms on them.
20 VMware, Inc.
Templates A master copy of a virtual machine that can be used to create and provision
new virtual machines.
Virtual machines A virtualized x86 or x64 personal computer environment in which a guest
operating system and associated application software can run. Multiple virtual
machines can operate on the same managed host machine concurrently.
vApps VMware vApp is a format for packaging and managing applications. A vApp
can contain multiple virtual machines.
Access Privileges Components

vSphere provides access control to managed objects by using user and group permissions and roles.
Each user logs in to a vCenter Server system through the vSphere Client. Each user is identified to the server
as someone who has rights and privileges to selected objects, such as datacenters and virtual machines, within
the vSphere environment. The vCenter Server system has full rights and privileges on all hosts and virtual
machines within the vSphere environment. The server passes on only those actions and requests from a user
that the user has permission to perform. Access privileges affect which vSphere Client objects appear in the
inventory.
The server determines which access privileges and requests to allow based on the role assigned to the user or
the user’s group on each object. vCenter Server administrators can create custom roles with specific sets of
privileges, as well as use the sample roles that vCenter Server provides.
Users and Groups Created through the Windows domain or Active Directory database or on the
ESX/ESXi host. The server, vCenter Server or ESX/ESXi, registers users and
groups as part of the assigning privileges process.
Roles A set of access rights and privileges. Selected sample roles exist. You can also
create roles and assign combinations of privileges to each role.
Permissions A permission consists of a user or group and a role assigned to a particular

inventory object.
vCenter Server Modules

vCenter Server modules extend the capabilities of vCenter Server by providing additional features and
functionality.
Some modules are packaged separately from the base product and require separate installation. Modules and
the base product can be upgraded independently of each other. VMware modules include:
VMware Update Manager Enables administrators to apply updates and patches across ESX/ESXi hosts
and all managed virtual machines. This module provides the ability to create
user-defined security baselines which represent a set of security standards.
Security administrators can compare hosts and virtual machines against these
baselines to identify and remediate systems that are not in compliance.
VMware Converter Enables users to convert physical machines, and virtual machines in a variety
Enterprise for vCenter of formats, to ESX/ESXi virtual machines. Converted systems can be imported
Server into the vCenter Server inventory.
VMware, Inc. 21
vShield Zones vShield Zones is an application-aware firewall built for VMware vCenter
Server integration. vShield Zones inspects client-server communications and
inter-virtual-machine communication to provide detailed traffic analytics and
application-aware firewall partitioning. vShield Zones is a critical security
component for protecting virtualized datacenters from network-based attacks
and misuse.
VMware vCenter VMware vCenter Orchestrator is a workflow engine that enables you to create
Orchestrator and execute automated workflows within your VMware vSphere environment.
vCenter Orchestrator coordinates workflow tasks across multiple VMware
products and third-party management and administration solutions through
its open plug-in architecture. vCenter Orchestrator provides a library of
workflows that are highly extensible; any operation available in the vCenter
Server API can be used to customize vCenter Orchestrator workflows.
VMware Data Recovery VMware Data Recovery is a disk-based backup and recovery solution that
provides complete data protection for virtual machines. VMware Data
Recovery is fully integrated with VMware vCenter Server to enable centralized
and efficient management of backup jobs and includes data de-duplication to
minimize disk usage.
vCenter Components That Require Tomcat

Several vCenter Server components require the Tomcat Web server to be running on the vCenter Server system.
The Tomcat Web server is installed as part of the vCenter Server installation. The components that require
Tomcat to be running include the following.
n Linked Mode
n CIM/Hardware Status tab
n Performance charts
n WebAccess
n vCenter Storage Monitoring/Storage Views tab
n vCenter Service Status
Optional vCenter Server Components

Optional vCenter Server components are packaged and installed with the base product, but require a separate
license.
Optional features include:
VMotion A feature that enables you to move running virtual machines from one ESX/
ESXi host to another without service interruption. It requires licensing on both
the source and target host. vCenter Server centrally coordinates all VMotion
activities.
VMware HA A feature that enables a cluster with High Availability. If a host goes down, all
virtual machines that were running on the host are promptly restarted on
different hosts in the same cluster.
22 VMware, Inc.
When you enable the cluster for HA, you specify the number of hosts you
would like to be able to recover. If you specify the number of host failures
allowed as 1, HA maintains enough capacity across the cluster to tolerate the
failure of one host. All running virtual machines on that host can be restarted
on remaining hosts. By default, you cannot power on a virtual machine if doing
so violates required failover capacity. See the VMware Availability Guide for
more information.
VMware DRS A feature that helps improve resource allocation and power consumption
across all hosts and resource pools. VMware DRS collects resource usage
information for all hosts and virtual machines in the cluster and gives
recommendations (or migrates virtual machines) in one of two situations:
n Initial placement – When you first power on a virtual machine in the
cluster, DRS either places the virtual machine or makes a recommendation.
n Load balancing – DRS tries to improve resource utilization across the
cluster by performing automatic migrations of virtual machines (VMotion)
or by providing a recommendation for virtual machine migrations.
VMware DRS includes distributed power management (DPM) capabilities.

When DPM is enabled, the system compares cluster- and host-level capacity to
the demands of virtual machines running in the cluster. Based on the results of
the comparison, DPM recommends (or automatically implements) actions that
can reduce the power consumption of the cluster.
vSphere SDK package APIs for managing virtual infrastructure and documentation describing those
APIs. The SDK also includes the vCenter Server Web Service interface, Web
Services Description Language (WSDL), and example files. This is available
through an external link. You can download the SDK package from the
VMware APIs and SDKs Documentation page on the VMware Web site.
VMware Data Recovery VMware Data Recovery is a disk-based backup and recovery solution that
provides complete data protection for virtual machines. VMware Data
Recovery is fully integrated with VMware vCenter Server to enable centralized
and efficient management of backup jobs and includes data de-duplication to
minimize disk usage.
VMware, Inc. 23
24 VMware, Inc.
Starting and Stopping the vSphere
Components 2
You can start and stop each one of the major vSphere components, ESX/ESXi, and vCenter Server. You might
want to stop a component to perform maintenance or upgrade operations.

n “Start an ESX/ESXi Host,” on page 25
n “Reboot or Shut Down an ESX/ESXi Host,” on page 25
n “Stop an ESX Host Manually,” on page 26
n “Starting vCenter Server,” on page 26
n “Start the vSphere Client and Log In,” on page 27
n “Stop the vSphere Client and Log Out,” on page 28
n “vSphere Web Access,” on page 28
n “VMware Service Console,” on page 29
Start an ESX/ESXi Host

When you install ESX/ESXi, it starts itself through the installation reboot process. If your ESX/ESXi host is shut
down, you must manually restart it.
Procedure
u On the physical box where ESX/ESXi is installed, press the power button until the power on sequence
begins.
The ESX/ESXi host starts, locates its virtual machines, and proceeds with its normal ESX/ESXi functions.
Reboot or Shut Down an ESX/ESXi Host

You can power off or restart (reboot) any ESX/ESXi host using the vSphere Client. You can also power off ESX
hosts from the service console. Powering off a managed host disconnects it from vCenter Server, but does not
remove it from the inventory.
Procedure
1 Shut down all virtual machines running on the ESX/ESXi host.
2 Select the ESX/ESXi host you want to shut down.
VMware, Inc. 25
3 From the main or right-click menu, select Reboot or Shut Down.

n If you select Reboot, the ESX/ESXi host shuts down and reboots.
n If you select Shut Down, the ESX/ESXi host shuts down. You must manually power the system back
on.
4 Provide a reason for the shut down.
This information is added to the log.
Stop an ESX Host Manually

You can manually shut down an ESX host.
Procedure
1 Log in to the ESX service console.
2 Execute the shutdown command.
For example:shutdown -h now
ESX shuts down. When it is finished, a message indicates that it is safe to power off your system.
3 Press the power button until the machine powers off.
For information about accessing the service console, see “Connect to the Service Console,” on page 29.
Starting vCenter Server

vCenter Server runs as a Windows service. vCenter Server starts when you start the Windows machine on
which it is installed. It also restarts when that machine is rebooted.
Verify That vCenter Server Is Running

You can verify that the vCenter Server service is running.
Procedure
1 Go to the Services console for your version of Windows.
For example, select Control Panel > Administrative Tools > Services and click VMware VirtualCenter
Server.
The Status column indicates whether the service started.
2 Right-click the vCenter Server service and select Properties.
3 In the VMware vCenter Server Services Properties dialog box, click the General tab and view the service
status.
Restart the vCenter Server System

The vCenter Server service starts when the machine on which it is installed is booted. You can manually restart
the vCenter Server system.
If you have manually stopped the vCenter Server service or must start it for any reason, perform the steps
below.
26 VMware, Inc.
Chapter 2 Starting and Stopping the vSphere Components
Procedure
For example, select Control Panel > Administrative Tools > Services and click VMware VirtualCenter
Server.
2 Right-click VMware VirtualCenter Server, select Start, and wait for startup to complete.
3 Close the Properties dialog box.
Stop the vCenter Server System

vCenter Server is a Windows service. You can use the Windows interface to select the service and stop it.
You should not have to stop the vCenter Server service. The vCenter Server should operate without
interruption. Continuous operation ensures that all monitoring and task activities are performed as expected.
Procedure
For example, select Start > Control Panel > Administrative Tools > Services.
2 Click VMware VirtualCenter Server Service.
3 Right-click VMware VirtualCenter Server, select Stop, and wait for it to stop.
4 Close the Properties dialog box.
Start the vSphere Client and Log In

The vSphere Client is a graphical user interface to vCenter Server and to hosts.
A login screen appears when you start the vSphere Client. After you log in, the client displays the objects and
functionality appropriate to the server you are accessing and the permissions available to the user you logged
in as.
Procedure
1 Log in to your Windows system.
If this is the first time you are starting the vSphere Client, log in as the administrator:
n If the managed host is not a domain controller, log in as either <local host name>\<user> or <user>,
where <user> is a member of the local Administrators group.
n If the managed host is a domain controller, you must log in as <domain>\<user>, where <domain> is
the domain name for which the managed host is a controller and <user>is a member of that domain’s
Domain Administrators group. VMware does not recommend running on a domain controller .
2 Double-click a shortcut or select the vSphere Client from Start > Programs > VMware > vSphere Client.
3 Enter or select the server name, your user name, and your password.
If you are logging in to a vCenter Server system that is part of a Connected Group, logging in to that server
connects you to all servers in that group.
NOTE Only previously entered server names appear in the Serverdrop-down menu.
4 Click Login to continue.
You are now connected to the host or vCenter Server system.
VMware, Inc. 27
Stop the vSphere Client and Log Out

When you no longer need to view or alter the activities that the vCenter Server system is performing, log out
of the vSphere Client.
NOTE Closing a vSphere Client session does not stop the server.
Procedure
u Click the close box (X) , or select File > Exit.
The vSphere Client shuts down. The vSphere Client is logged out of the vCenter Server system. The server
continues to run all its normal activities in the background. Any scheduled tasks are saved and performed by
vCenter Server.
vSphere Web Access

vSphere Web Access is the Web interface through which you can manage your virtual machines. vSphere Web
Access is installed when you install ESX/ESXi.
As with the vSphere Client, vSphere Web Access can either be used to connect directly to an ESX/ESXi host or
to a vCenter Server system. The functionality of vSphere Web Access is a subset of vSphere Client functionality.
The vSphere Web Access console provides a remote mouse-keyboard-screen (MKS) for the virtual machines.
You can interact with a guest operating system running in a virtual machine and connect remotely to the virtual
machine’s mouse, keyboard, and screen.
Log In to vSphere Web Access

vSphere Web Access uses a Web interface and an Internet connection to access your ESX/ESXi host or vCenter
Server system.
vSphere Web Access does not have its own concept of users or permissions. Use the same login credentials
you would use to log in to the vSphere Client.
Procedure
1 Launch your Web browser.
2 Enter the URL of your ESX/ESXi or vCenter Server installation:

https://<host or server name>/ui
3 Type your user name and password, and click Log In.
After your user name and password are authorized by vSphere Web Access, the vSphere Web Access
home page appears.
Log Out of vSphere Web Access

Log out when you are finished with your vSphere Web Access activities.
Procedure
u Click the Log Out link at the top right corner of every page.
Remote client devices are disconnected when you log out of vSphere Web Access.
28 VMware, Inc.
Chapter 2 Starting and Stopping the vSphere Components
VMware Service Console

In previous versions of ESX, the service console was one of the interfaces to ESX hosts. Many of the commands
are now deprecated. The service console is typically used only in conjunction with a VMware technical support
representative.
ESXi does not have a service console. Some service console commands are available for ESXi through the remote
command-line interface.
The vSphere SDK is used for scripted manipulation of your vSphere instead. The vSphere Client is the primary
interface to all nonscripted activities, including configuring, monitoring, and managing your virtual machines
and resources.
Using DHCP for the Service Console

The recommended setup is to use static IP addresses for the service console of an ESX host. You can set up the
service console to use DHCP, if your DNS server is capable of mapping the service console’s host name to the
dynamically generated IP address.
If your DNS server cannot map the host’s name to its DHCP-generated IP address, you must determine the
service console's numeric IP address. Another caution against using DHCP is that the numeric IP address might
change as DHCP leases run out or when the system is rebooted.
VMware does not recommend using DHCP for the service console unless your DNS server can handle the host
name translation.
CAUTION Do not use dynamic (DHCP) addressing when sharing the network adapter assigned to the service
console with virtual machines. ESX requires a static IP address for the service console when sharing a network
adapter.
Connect to the Service Console

If you have direct access to the system where ESX is running, you can log in to the physical console on that
system.
Whether you use the service console locally or through a remote connection, you must log in using a valid user
name and password.
NOTE Depending on the security settings for your ESX computer, you might be able to connect remotely to
the service console using SSH or Telnet. For more information on the security settings, see the ESX Configuration
Guide.
Procedure
u Press Alt+F2 to get to the login screen and log in.
Using Commands on the Service Console

The service console runs a modified version of Linux, and many of the commands available on Linux or UNIX
are also available on the service console.
Detailed usage notes for most service console commands are available as manual or man pages.
NOTE ESXi does not have a service console. However, many of the functions provided by the service console
are available through the vSphere CLI.
VMware, Inc. 29
View the man Page for a Service Console Command

man pages provide information about commands, their usage, options, and syntax.
Procedure
u At the service console command line, type the man command followed by the name of the command for
which you want to see information.
For example: man <command>
30 VMware, Inc.
Using vCenter Server in Linked Mode 3
You can join multiple vCenter Server systems using vCenter Linked Mode to allow them to share information.
When a server is connected to other vCenter Server systems using Linked Mode, you can connect to that
vCenter Server system and view and manage the inventories of all the vCenter Server systems that are linked.
Linked Mode uses Microsoft Active Directory Application Mode (ADAM) to store and synchronize data across
multiple vCenter Server systems. ADAM is installed automatically as part of vCenter Server installation. Each
ADAM instance stores data from all of the vCenter Server systems in the group, including information about
roles and licenses. This information is regularly replicated across all of the ADAM instances in the connected
group to keep them in sync.
When vCenter Server systems are connected in Linked Mode, you can:
n Log in simultaneously to all vCenter Server systems for which you have valid credentials.
n Search the inventories of all the vCenter Server systems in the group.
n View the inventories off all of the vCenter Server systems in the group in a single inventory view.
You cannot migrate hosts or virtual machines between vCenter Server systems connected in Linked Mode.
For additional information on troubleshooting Linked Mode groups, see ESX and vCenter Server Installation
Guide.

n “Linked Mode Prerequisites,” on page 31
n “Linked Mode Considerations,” on page 32
n “Join a Linked Mode Group After Installation,” on page 32
n “Reconciling Roles When Connecting vCenter Server to a Linked Mode Group,” on page 33
n “Isolate a vCenter Server Instance from a Linked Mode Group,” on page 34
n “Change the Domain of a vCenter Server System in a Linked Mode Group,” on page 34
n “Configure the URLs on a Linked Mode vCenter Server System,” on page 34
n “Linked Mode Troubleshooting,” on page 35
n “Monitor vCenter Server Services,” on page 37
Linked Mode Prerequisites

Prepare the system for joining a Linked Mode group.
All the requirements for standalone vCenter Server systems apply to Linked Mode systems. For more
information, see ESX and vCenter Server Installation Guide.
VMware, Inc. 31
The following requirements apply to each vCenter Server system that is a member of a Linked Mode group:
n DNS must be operational for Linked Mode replication to work.
n The vCenter Server instances in a Linked Mode group can be in different domains if the domains have a
two-way trust relationship. Each domain must trust the other domains on which vCenter Server instances
are installed.
n When adding a vCenter Server instance to a Linked Mode group, the installer must be run by a domain
user who is an administrator on both the machine where vCenter Server is installed and the target machine
of the Linked Mode group.
n All vCenter Server instances must have network time synchronization. The vCenter Server installer
validates that the machine clocks are not more than 5 minutes apart.
Linked Mode Considerations

There are several considerations to take into account before you configure a Linked Mode group.
n Each vCenter Server user sees the vCenter Server instances on which they have valid permissions.
n When first setting up your vCenter Server Linked Mode group, you must install the first vCenter Server
as a standalone instance because you do not yet have a remote vCenter Server machine to join. Subsequent
vCenter Server instances can join the first vCenter Server or other vCenter Server instances that have joined
the Linked Mode group.
n If you are joining a vCenter Server to a standalone instance that is not part of a domain, you must add the
standalone instance to a domain and add a domain user as an administrator.
n The vCenter Server instances in a Linked Mode group do not need to have the same domain user login.
The instances can run under different domain accounts. By default, they run as the LocalSystem account
of the machine on which they are running, which means they are different accounts.
n During vCenter Server installation, if you enter an IP address for the remote instance of vCenter Server,
the installer converts it into a fully qualified domain name.
n You cannot join a Linked Mode group during the upgrade procedure when you are upgrading from
VirtualCenter 2.x to vCenter Server 4.0. You can join after the upgrade to vCenter Server is complete. See
the Upgrade Guide.
Join a Linked Mode Group After Installation

If you have a system that is already running vCenter Server 4.0, you can join the machine to a Linked Mode
group.
Prerequisites
See “Linked Mode Prerequisites,” on page 31 and “Linked Mode Considerations,” on page 32.
Procedure
2 Click Next.
4 Click Join this vCenter Server instance to an existing linked mode group or another instance and click
Next.
5 Enter the server name and LDAP port number of a remote vCenter Server instance that is a member of
the group and click Next.
32 VMware, Inc.
Chapter 3 Using vCenter Server in Linked Mode
Option Description
resolve the conflicts for me The role on the joining system is renamed to <vcenter_name> <role_name>,
where <vcenter_name> is the name of the vCenter Server system that is joining
the Linked Mode group, and <role_name> is the name of the original role.
a Using the vSphere Client, log in to one of the vCenter Server systems
using an account with Administrator privileges.
installer.
d Click Back and click Next.
7 Click Finish.
The vCenter Server instance is now part of a Linked Mode group. After you form a Linked Mode group, you
can log in to any single instance of vCenter Server and view and manage the inventories of all the vCenter
Servers in the group. It might take several seconds for the global data (such as user roles) that are changed on
one machine to be visible on the other machines. The delay is usually 15 seconds or less. It might take a few
minutes for a new vCenter Server instance to be recognized and published by the existing instances, because
group members do not read the global data very often.
Reconciling Roles When Connecting vCenter Server to a Linked Mode

Group
When you join a vCenter Server system to a linked mode group, the roles defined on each vCenter Server
system in the group are replicated to the other systems in the group.
If the roles defined on each vCenter Server system are different, the roles lists of the systems are combined into
a single common list. For example, if vCenter Server 1 has a role named Role A and vCenter Server 2 has a role
named Role B, then both servers will have both Role A and Role B after they are joined in a linked mode group.
If two vCenter Server systems have roles with the same name, the roles are combined into a single role if they
contain the same privileges on each vCenter Server system. If two vCenter Server systems have roles with the
same name that contain different privileges, this conflict must be resolved by renaming at least one of the roles.
You can choose to resolve the conflicting roles either automatically or manually.
If you choose to reconcile the roles automatically, the role on the joining system is renamed to <vcenter_name>
<role_name> where <vcenter_name> is the name of the vCenter Server system that is joining the Linked Mode
group and <role_name> is the name of the original role.
If you choose to reconcile the roles manually, connect to one of the vCenter Server systems with the vSphere
Client and rename one instance of the role before proceeding to join the vCenter Server system to the Linked
Mode group.
If you remove a vCenter Server system from a linked mode group, the vCenter Server system retains all the
roles it had as part of the group.
VMware, Inc. 33
Isolate a vCenter Server Instance from a Linked Mode Group

You can isolate a vCenter Server instance from a Linked Mode group.
Procedure
2 Click Modify linked mode configuration and click Next.
3 Click Isolate this vCenter Server instance from linked mode group and click Next.
4 Click Continue and click Finish.
The vCenter Server instance is no longer part of the Linked Mode group.
Change the Domain of a vCenter Server System in a Linked Mode Group

To change the domain of a vCenter Server system in a Linked Mode group, isolate the vCenter Server system
from the Linked Mode group first.
vCenter Server systems in a Linked Mode group can be in different domains as long as the domains have a
trust relationship.
Procedure
2 Change the domain of the vCenter Server system.
Refer to Microsoft documentation for more information on changing the domain.
Configure the URLs on a Linked Mode vCenter Server System

If you connect a vCenter Server system to a Linked Mode group and the vCenter Server system has a machine
name that does not match the domain name, several connectivity problems arise. This procedure describes
how to correct this situation.
n For the Virtualcenter.VimApiUrl key, the default value is http(s)://<Fully qualified domain name
(FQDN) of VC machine>/sdk.

Procedure
See “Isolate a vCenter Server Instance from a Linked Mode Group,” on page 34.
2 Change the domain name or the machine name to make them match.
domain or machine name.
34 VMware, Inc.
See “Join a Linked Mode Group After Installation,” on page 32.
Linked Mode Troubleshooting

If you are having trouble with your Linked Mode group, consider the following points.
n When you have multiple vCenter Server instances, each instance must have a working relationship with
the domain controller and not conflict with another machine that is in the domain. Conflicts can occur, for
example, when you clone a vCenter Server instance that is running in a virtual machine and you do not
use sysprep or a similar utility to ensure that the cloned vCenter Server instance has a globally unique
identifier (GUID).
n The DNS name of the machine must match with the actual machine name. Symptoms of machine names
not matching the DNS name are data replication issues, ticket errors when trying to search, and missing
search results from remote instances.
n There is correct order of operations for joining a Linked Mode group.
a Verify that the vCenter Server domain name matches the machine name. If they do not match, change
one or both to make them match.
b Update the URLs to make them compatible with the new domain name and machine name.
c Join the vCenter Server system to a Linked Mode group.
If you do not update the URLs, remote instances of vCenter Server cannot reach the vCenter Server
system, because the default vCenter Server URL entries are no longer accurate. See “Configure the
URLs on a Linked Mode vCenter Server System,” on page 34.
If a vCenter Server instance is no longer reachable by remote instances of vCenter Server, the following
symptom might occur:
n Clients logging in to other vCenter Server systems in the group cannot view the information that
belongs to the vCenter Server system on which you changed the domain name because the users
cannot log in to the system.
n Any users that are currently logged in to the vCenter Server system might be disconnected.
n Search queries do not return results from the vCenter Server system.
To resolve this issue, make sure that the Virtualcenter.VimApiUrl key points to the location where the
vSphere Client and SDK clients can access the vCenter Server system, and the
Virtualcenter.VimWebServicesUrl key points to the location where vCenter Server Webservices is
installed. For the Virtualcenter.Instancename key, change the value so that the modified name appears in
the vCenter Server inventory view.
VMware, Inc. 35
n If you cannot join a vCenter Server instance, you can resolve the problem with the following actions:
n Ensure that the machine is grouped into the correct organizational unit in the corresponding domain
controller.
n When you install vCenter Server, ensure that the logged in user account has administrator privileges
on the machine.
n To resolve trust problems between a machine and the domain controller, remove the machine from
the domain and then add it to the domain again.
n To ensure that the Windows policy cache is updated, run the gpupdate /force command from the
Windows command line. This command performs a group policy update.
n If the local host cannot reach the remote host during a join operation, verify the following:
n Remote vCenter Server IP address or fully qualified domain name is correct.
n LDAP port on the remote vCenter Server is correct.
n VMwareVCMSDS service is running.
n Make sure your Windows and network-based firewalls are configured to allow Linked Mode.
Configuring a Windows Firewall to Allow a Specified Program Access

configuration on the local machine must be modified.
Prerequisites
n The Windows version must be an earlier than Windows Server 2008. For Windows Server 2008, Windows
automatically configures the firewall to permit access.
n There must be no network-based firewalls between vCenter Server Linked Mode instances. For
environments with network-based firewalls, see “Configuring Firewall Access by Opening Selected
Ports,” on page 36.
Procedure

2 Type firewall.cpl and click OK.
3 Make sure that the firewall is set to allow exceptions.
4 Click the Exceptions tab.

5 Click Add Program.
6 Add an exception for C:\Windows\ADAM\dsamain.exe and click OK.
7 Click OK.
Configuring Firewall Access by Opening Selected Ports

configuration on any network-based firewalls must be modified.
36 VMware, Inc.
Procedure
u Configure Windows RPC ports to generically allow selective ports for machine-to-machine RPC
communication.
Choose one of the following methods.

n Change the registry settings. See http://support.microsoft.com/kb/154596/en-us.
n Use Microsoft's RPCCfg.exe tool. See http://support.microsoft.com/kb/908472/en-us
Monitor vCenter Server Services

When you are logged in to a vCenter Server system that is part of a connected group, you can monitor the
health of services running on each server in the group.
Procedure
u From the vSphere Client Home page, click vCenter Service Status.
The vCenter Service Status screen appears and enables you to view the following information:
n A list of all vCenter Server systems and their services, and vCenter Server plug-ins.
n The status of all listed items.
n The date and time when the last change in status occurred.
n Any messages associated with the change in status.
VMware, Inc. 37
38 VMware, Inc.
Using the vSphere Client 4
The vSphere Client serves as the principal interface for administering vCenter Server and ESX/ESXi.
The vSphere Client user interface is configured based on the server to which it is connected:
n When the server is a vCenter Server system, the vSphere Client displays all the options available to the
vSphere environment, according to the licensing configuration and the user permissions.
n When the server is an ESX/ESXi host, the vSphere Client displays only the options appropriate to single
host management.
When you first log in to the vSphere Client, it displays a Home page with icons that you select to access various
vSphere Client functions. When you log out of the vSphere Client, the client application remembers the view
that was displayed when it was closed, and will return you to that view when you next log in.
You perform many management tasks from the Inventory view, which consists of a single window containing
a menu bar, a navigation bar, a toolbar, a status bar, a panel section, and pop-up menus.

n “Getting Started Tabs,” on page 40
n “Status Bar, Recent Tasks, and Triggered Alarms,” on page 40
n “Panel Sections,” on page 40
n “View Virtual Machine Console,” on page 41
n “Searching the vSphere Inventory,” on page 41
n “Using Lists,” on page 42
n “Custom Attributes,” on page 43
n “Select Objects,” on page 44
n “Manage vCenter Server Plug-Ins,” on page 45
n “Save vSphere Client Data,” on page 46
VMware, Inc. 39
Getting Started Tabs

In the case where vCenter Server is newly installed and no inventory objects have been added, the Getting
Started tabs guide you through the steps of adding items to the inventory and setting up the virtual
environment.
Disable Getting Started Tabs

You can disable the Getting Started tabs if you no longer want to display them.
There are two ways to disable the tabs.
Procedure
n Click the Close Tab link to disable Getting Started tabs for the type of object selected.
n Change the vSphere Client settings to turn off display of all Getting Started tabs.
a Select Edit > Client Settings.
b Select the General tab.
c Deselect the Show Getting Started Tabs check box and click OK.
Restore Getting Started Tabs

If you have turned off display of the Getting Started tabs, you can restore them to display these tabs for all
inventory objects.
Procedure
1 Select Edit > Client Settings.
2 Click the General tab.
3 Select Show Getting Started Tabs and click OK.
Status Bar, Recent Tasks, and Triggered Alarms

Use the status bar to view information about alarms and recently completed or active tasks.
The status bar appears at the bottom of the window. It contains icons to view triggered alarms or recent tasks.
The Tasks button displays any currently running or recently completed active tasks. Included is a progress
bar indicating the percentage complete of each task. The recent tasks and the triggered alarm panels display
across the bottom of the vSphere Client window.
Panel Sections
In the body of the vSphere Client page is a panel section. In most views, there is a left and a right panel: the
Inventory panel and the Information panel.
These panels can be resized.
Inventory panel Displays a hierarchical list of vSphere objects when an Inventory or Maps view
appears.
Information panels Display lists and charts. Depending on the navigation items or Inventory item
selected, the Information panel is divided into tabbed elements.
40 VMware, Inc.
Chapter 4 Using the vSphere Client
View Virtual Machine Console

The console of a powered-on virtual machine is available through a connected server. All console connections
to the virtual machine see the same display information. The message line indicates if others are viewing the
virtual machine.
Procedure
1 Select a powered-on virtual machine.
2 In the Information panel, click the Console tab.

3 (Optional) Click the pop-out icon in the navigation bar to pop out the virtual machine console in a separate
window.
Searching the vSphere Inventory

The vSphere Client allows you to search your vSphere inventory for virtual machines, hosts, datastores,
networks, or folders that match specified criteria.
If the vSphere Client is connected to a vCenter Server system that is part of a connected group in vCenter
Linked Mode, then you can search the inventories of all vCenter Server systems in that group. You can only
view and search for inventory objects that you have permission to view. Because the search service queries
Active Directory for information about user permissions, you must be logged in to a domain account in order
to search all vCenter Server systems in Linked Mode. If you log in using a local account, searches return results
only for the local vCenter Server system, even if it is joined to other servers in Linked Mode.
NOTE If your permissions change while you are logged in, the search service might not immediately recognize
these changes. To ensure that your search is carried out with up-to-date permissions, log out of all your open
sessions and log in again before performing the search.
Perform a Simple Search

A simple search searches all the properties of the specified type or types of objects for the entered search term.
Procedure
1 Click the icon in the search field at the top right of the vSphere Client window and select the type of
inventory item to search for.
n Virtual Machines
n Folders
n Hosts
n Datastores
n Networks
n Inventory, which finds matches to the search criteria in any of the available managed object types.
2 Type one or more search terms into the search field and press Enter.
3 (Optional) If more items are found than can be displayed in the results pane, click Show all to display all
results.
What to do next
If you are not satisfied with the results of the simple search and want to refine your search, perform an advanced
search.
VMware, Inc. 41
Perform an Advanced Search

Using advanced search allows you to search for managed objects that meet multiple criteria.
For example, you can search for virtual machines matching a particular search string which reside on hosts
whose names match a second search string.
Procedure
1 Choose View > Inventory > Search to display the advanced search page.
2 Click the icon in the search field at the top right of the vSphere Client window and select the type of
inventory item to search for.
n Virtual Machines
n Folders
n Hosts
n Datastores
n Networks
n Inventory, which finds matches to the search criteria in any of the available managed object types.
3 Type one or more search terms into the search box.
4 To refine the search based on additional properties, do the following:
a Click Show options.
b From the drop-down menu, select the additional property that you want to use to restrict the search
results.
The available properties depend on the type of object you are searching for.
c Select or type the appropriate options for the property you have selected.
d To add more properties, click Add and repeat steps Step b through Step c.
An advanced search always finds objects that match all the properties in the list.
5 Click Search.
The search results appear below the search specification.
Using Lists
Many vSphere Client inventory tabs display lists of information.
For example, the Virtual Machines tab displays a list of all the virtual machines associated with a host or a
cluster. Sort any list in the vSphere Client by clicking the column label heading. A triangle in the column head
shows the sort order as ascending or descending.
You can also filter a list, sorting and including only selected items. A filter is sorted by a keyword. Select the
columns you want to include in the search for the keyword.
42 VMware, Inc.
Filter a List View

You can filter the list view.
The list is updated based on whether filtering is on or off. For example, if you are in the Virtual Machines tab,
you have filtered the list, and the filtered text is “powered on”, you see a list only of virtual machines whose
state is set to powered on. If the state of any of these virtual machines changes to something else, they are
removed from the list. New virtual machines that are added are also being filtered. Filtering is persistent for
the user session.
Procedure
1 On any inventory panel displaying a list, click the arrow next to the filter box at the top right of the pane
and select the attributes on which to filter.
2 Type text directly into the filtering field to specify search criteria.
There is a one-second interval between keystrokes. If you type in the text and wait for one second, the
search starts automatically. The Filter field does not support boolean expressions or special characters and
is not case sensitive.
3 (Optional) Click Clear to change the filter.
Export a List
You can export a list.
Procedure
1 Select the list to export.
2 Select File > Export > Export List.
3 Type a filename, select a file type in the dialog box, and click Save.
Custom Attributes
Custom attributes can be used to associate user-specific meta-information with virtual machines and managed
hosts.
Attributes are the resources that are monitored and managed for all the managed hosts and virtual machines
in your vSphere environment. Attributes’ status and states appear on the various Inventory panels.
After you create the attributes, set the value for the attribute on each virtual machine or managed host, as
appropriate. This value is stored with vCenter Server and not with the virtual machine or managed host. Then
use the new attribute to filter information about your virtual machines and managed hosts. If you no longer
need the custom attribute, remove it. A custom attribute is always a string.
For example, suppose you have a set of products and you want to sort them by sales representative. Create a
custom attribute for sales person name, Name. Add the custom attribute, Name, column to one of the list views.
Add the appropriate name to each product entry. Click the column title Name to sort alphabetically.
The custom attributes feature is available only when connected to a vCenter Server system.
VMware, Inc. 43
Add Custom Attributes

You can create custom attributes to associate with virtual machines or managed hosts.
Procedure
1 Select Administration > Custom Attributes.
This option is not available when connected only to an ESX/ESXi host.
2 Click Add and enter the values for the custom attribute.
a In the Name text box, type the name of the attribute.
b In the Type drop-down menu, select the attribute type:Virtual Machine, Host, or Global.
c In the Value text box, type the value you want to give to the attribute for the currently selected object.
d Click OK.
After you have defined an attribute on a single virtual machine or host, it is available to all objects of
that type in the inventory. However, the value you specify is applied only to the currently selected
object.
3 (Optional) To change the attribute name, click in the Name field and type the name you want to assign to
the attribute.
4 Click OK.
Edit a Custom Attribute

You can edit custom attributes and add annotations for a virtual machine or host from the Summary tab for
the object. Annotations can be used to provide additional descriptive text or comments for an object.
Procedure
1 Select the virtual machine or host in the inventory.
2 Click the Summary tab for the virtual machine or host.
3 In the Annotations box, click the Edit link.
The Edit Custom Attributes dialog box appears.
4 To edit the value of an attribute that has already been defined, double-click the Value field for that attribute
and enter the new value.
Select Objects
vCenter Server objects are datacenters, networks, datastores, resource pools, clusters, hosts, and virtual
machines.
Selecting an object does the following:

n Allows you to view the status of the object.
n Enables the menus so you can select actions to take on the object.
44 VMware, Inc.
Procedure
u Locate the object by browsing or search.
n From the vSphere Client Home page, click the icon for the appropriate inventory view, and browse
through the inventory hierarchy to select the object.
n Perform a search for the object, and double-click it in the search results.
Manage vCenter Server Plug-Ins

After the server component of a plug-in is installed and registered with vCenter Server, its client component
is available to vSphere clients. Client component installation and enablement are managed through the Plug-
in Manager dialog box.
The Plug-in Manager enables users to do the following:

n View available plug-ins that are not currently installed on the client.
n View installed plug-ins.
n Download and install available plug-ins.
n Enable and disable installed plug-ins.
Install Plug-Ins
You can install plug-ins using the Plug-in Manager.
Procedure
1 Launch the vSphere Client and log in to a vCenter Server system.
2 Select Plug-ins > Manage Plug-ins.
3 Select the Available tab in the Plug-in Manager dialog box.
4 Click Download and Install for the plug-in you want.
5 Follow the prompts in the installation wizard.
6 After installation is complete, verify that the plug-in is listed under the Installed tab and that it is enabled.
Disable and Enable Plug-Ins

You can disable or enable plug-ins using the Plug-in Manager.
Procedure
1 Launch the vSphere Client and log in to a vCenter Server system.
2 Select Plug-ins > Manage Plug-ins.
3 Select the Installed tab in the Plug-in Manager dialog box.
4 Select Enable to enable a plug-in, or deselect Enable to disable it.
Disabling a plug-in does not remove it from the client. You must uninstall the plug-in to remove it.
VMware, Inc. 45
Remove Plug-Ins
You can remove plug-ins through the operating system’s control panel.
Procedure
u Consult your operating system’s documentation for instructions on how to use the Add/Remove Programs
control panel.
Troubleshooting Extensions
In cases were vCenter Server extensions are not working, you have several options to correct the problem.
vCenter Server extensions running on the tomcat server have extension.xml files which contain the URL where
the corresponding Web application can be accessesed (files are located in C:\Program Files\VMware
\Infrastructure\VirtualCenter Server\extensions). Extension installers populate these XML files using the
DNS name for the machine.
Example from the stats extension.xml file: <url>https://SPULOV-XP-VM12.vmware.com:8443/statsreport/

vicr.do</url>.
vCenter Server, extension servers, and the vSphere Clients that will use them must be located on systems under
the same domain. If they are not, or the DNS of the extension server is changed, the extension clients will not
be able to access the URL and the extension will not work.
You can edit the XML files manually by replacing the DNS name with an IP address. Re-register the extension
after editing its extension.xml file.
Save vSphere Client Data

The vSphere Client user interface is similar to a browser. Most user manipulations are persistent in vCenter
Server data displayed; therefore, you do not normally need to save the data.
If you need to save vSphere Client data, you can do one of the following:
Procedure
n Use the Microsoft Windows Print Screen option to print a copy of the vSphere Client window.
n Select File > Export and select a format in which to save the vCenter Server data. Open the data in an
appropriate application and print from that application.
46 VMware, Inc.
Configuring Hosts and vCenter Server 5
Configuring ESX hosts, vCenter Server systems, and the vSphere Client involves several tasks. This section
contains information about some of the most common tasks.
For complete information about configuring ESX hosts, vCenter Server, and the vSphere Client, see the
following manuals:
n Introduction to vSphere
Provides an overview of the system architecture of vSphere.

n ESX Configuration Guide
Provides information about how to configure ESX host networking, storage, and security.
n ESXi Configuration Guide
Provides information about how to configure an ESXi host.

n “Host Configuration,” on page 47
n “Configuring vCenter Server,” on page 48
n “Access the vCenter Server Settings,” on page 48
n “Configuring Communication Among ESX, vCenter Server, and the vSphere Client,” on page 49
n “Configure vCenter Server SMTP Mail Settings,” on page 49
n “Working with Active Sessions,” on page 49
n “SNMP and vSphere,” on page 50
n “System Log Files,” on page 65
Host Configuration
Before you create virtual machines on your hosts, you must configure them to ensure that they have correct
licensing, network and storage access, and security settings. Each type of host has a manual that provides
information on the configuration for that host.
n For information on configuring an ESX host, see the ESX Configuration Guide.
n For information on configuring an ESXi host, see the ESXi Configuration Guide.
VMware, Inc. 47
Configuring vCenter Server

You use the vCenter Server Settings dialog box to configure a number of elements.
The vCenter Server Settings dialog box enables you to configure the following items:
Licensing Assign vCenter Server a new or existing license key. Specify whether to use a
VMware License Server.
Statistics Specify the amount of data collected for performance statistics.
Runtime Settings View the unique runtime settings for a vCenter Server system. If you change
the DNS name of the vCenter Server, use this option to modify the vCenter
Server name to match.
Active Directory Specify the active directory timeout, maximum number of users and groups to
display in the Add Permissions dialog box, and the frequency for performing
a synchronization and validation of the vCenter Server system’s known users
and groups.
Mail Specify the SMTP server and mail account.
SNMP Specify the SNMP receiver URLs, ports, and community strings.
Ports Specify the HTTP and HTTPS ports for the Web Service to use
Timeout Settings Specify how long, in seconds, the vSphere Client waits for a response from
vCenter Server before timing out.
Logging Options Specify the amount of detail collected in vCenter Server log files.
Database Specify the password required to access the vCenter Server database and the
maximum number of database connections to be created.
Database Retention Specify when vCenter Server tasks and events should be deleted.
Policy
SSL Settings Specify whether you want vCenter Server and the vSphere Client to verify the
SSL certificates of the remote host when establishing remote connections. The
vCenter requires verified host SSL certificates option is enabled by default,
and is required for the VMware Fault Tolerance feature to operate.
Advanced Settings Specify advanced settings. VMware recommends that you do not change these
settings without contacting VMware technical support.
See the vSphere Client online Help for more information on these settings.
Access the vCenter Server Settings

Use the vCenter Server Settings dialog box to configure server settings.
Procedure
1 Select Administration > vCenter Server Settings.
2 If the vCenter Server system is part of a connected group, select the server to configure from the Current
vCenter Server drop-down menu.
Changes to the vCenter Server configuration apply to the current vCenter Server system only.
48 VMware, Inc.
Chapter 5 Configuring Hosts and vCenter Server
Configuring Communication Among ESX, vCenter Server, and the

vSphere Client
The vSphere Client uses ports 80 and 443 to communicate with vCenter Server and ESX/ESXi hosts. These ports
cannot be changed.
Configure your firewall to allow communication between the vSphere Client and vCenter Server by opening
ports 80 and 443.
vCenter Server acts as a web service. If your environment requires the use of a web proxy, vCenter Server can
be proxied like any other web service.
Configure vCenter Server SMTP Mail Settings

You can configure vCenter Server to send email notifications as alarm actions.
Prerequisites
Before vCenter Server can send email, you must perform the following tasks:
n Configure the SMTP server settings for vCenter Server or Microsoft Outlook Express.
n Specify email recipients through the Alarm Settings dialog box when you configure alarm actions.
To perform this task, the vSphere Client must be connected to a vCenter Server.
Procedure
2 If the vCenter Server system is part of a connected group, in Current vCenter Server, select the vCenter
Server system to configure.
3 Select Mail in the navigation list.
4 For email message notification, set the SMTP server and SMTP port:
Option Description
SMTP Server The DNS name or IP address of the SMTP gateway to use for sending email
messages.
Sender Account The email address of the sender, for example, notifications@example.com.
5 Click OK.
Working with Active Sessions

You can view a list of users who are logged in to a vCenter Server system when your vSphere Client is connected
to that server. You can terminate sessions, and you can send a message to all users logged on to an active
session.
These features are not available when your vSphere Client is connected to an ESX/ESXi host.
View Active Sessions

You can view active sessions on the Home page of a vSphere Client.
Procedure
u From the Home page of a vSphere Client connected to a vCenter Server system, click the Sessions button.
VMware, Inc. 49
Terminate Active Sessions

Terminating an active session ends the vSphere Client session and any remote console connections launched
by the user during that session.
Procedure
1 On the Home page of a vSphere Client connected to a vCenter Server system, click the Sessions button.
2 Right-click a session and select Terminate.

3 To confirm the termination, click OK.
Send a Message to All Active Users

You can a Message of the Day to all active session user and new users when they log into the vSphere Client.
The Message of the day text is sent as a notice message to all active session users and to new users when they
log in.
Procedure
1 On the Home page of a vSphere Client connected to a vCenter Server system, click the Sessions button.
2 Type a message in the Message of the day field.
3 Click Change.
SNMP and vSphere

Simple Network Management Protocol (SNMP) allows management programs to monitor and control a variety
of networked devices.
Managed systems run SNMP agents, which can provide information to a management program in at least one
of the following ways:
n In response to a GET operation, which is a specific request for information from the management system.
n By sending a trap, which is an alert sent by the SNMP agent to notify the management system of a particular
event or condition.
Management Information Base (MIB) files define the information that can be provided by managed devices.
The MIB files contain object identifiers (OIDs) and variables arranged in a hierarchy.
vCenter Server and ESX/ESXi have SNMP agents. The agent provided with each product has differing
capabilities.
Using SNMP Traps with vCenter Server

The SNMP agent included with vCenter Server can be used to send traps when when the vCenter Server system
is started and when an alarm is triggered on vCenter Server. The vCenter Server SNMP agent functions only
as a trap emitter, and does not support other SNMP operations, such as GET.
The traps sent by vCenter Server are typically sent to other management programs. You must configure your
management server to interpret the SNMP traps sent by vCenter Server.
To use the vCenter Server SNMP traps, configure the SNMP settings on vCenter Server and configure your
management client software to accept the traps from vCenter Server.
The traps sent by vCenter Server are defined in VMWARE-VC-EVENT-MIB.mib. See “VMWARE-VC-EVENT-MIB,”
on page 62.
50 VMware, Inc.
Configure SNMP Settings for vCenter Server

To use SNMP with vCenter Server, you must configure SNMP settings using the vSphere Client.
Prerequisites
To complete the following task, the vSphere Client must be connected to a vCenter Server. In addition, you
need the DNS name and IP address of the SNMP receiver, the port number of the receiver, and the community
identifier.
Procedure
2 If the vCenter Server is part of a connected group, in Current vCenter Server, select the appropriate server.
3 Click SNMP in the navigation list.
4 Enter the following information for the Primary Receiver of the SNMP traps.
Option Description
Receiver URL The DNS name and IP address of the SNMP receiver.
Receiver port The port number of the receiver to which the SNMP agent sends traps.
If the port value is empty, vCenter Server uses the default port, 162.
Community The community identifier.
5 (Optional) Enable additional receivers in the Enable Receiver 2, Enable Receiver 3, and Enable Receiver 4
options.
6 Click OK.
The vCenter Server system is now ready to send traps to the management system you have specified.
What to do next
Configure your SNMP management software to receive and interpret data from the vCenter Server SNMP
agent. See “Configure SNMP Management Client Software,” on page 53.
Configure SNMP for ESX/ESXi

ESX/ESXi includes an SNMP agent embedded in hostd that can both send traps and receive polling requests
such as GET requests. This agent is referred to as the embedded SNMP agent.
Versions of ESX prior to ESX 4.0 included a Net-SNMP-based agent. You can continue to use this Net-SNMP-
based agent in ESX 4.0 with MIBs supplied by your hardware vendor and other third-party management
applications. However, to use the VMware MIB files, you must use the embedded SNMP agent.
By default, the embedded SNMP agent is disabled. To enable it, you must configure it using the vSphere CLI
command vicfg-snmp. For a complete reference to vicfg-snmp options, see vSphere Command-Line Interface
Prerequisites
SNMP configuration for ESX/ESXi requires the vSphere CLI. For information on installing and using the
vSphere CLI, see vSphere Command-Line Interface Installation and Reference Guide.
Procedure
1 Configure SNMP Communities on page 52

Before you enable the ESX/ESXi embedded SNMP agent, you must configure at least one community for
the agent.
VMware, Inc. 51
2 Configure the SNMP Agent to Send Traps on page 52

You can use the ESX/ESX embedded SNMP agent to send virtual machine and environmental traps to
management systems. To configure the agent to send traps, you must specify a target address and
community.
3 Configure the SNMP Agent for Polling on page 53

If you configure the ESX/ESXi embedded SNMP agent for polling, it can listen for and respond to requests
from SNMP management client systems, such as GET requests.
Configure SNMP Communities

Before you enable the ESX/ESXi embedded SNMP agent, you must configure at least one community for the
agent.
An SNMP community defines a group of devices and management systems. Only devices and management
systems that are members of the same community can exchange SNMP messages. A device or management
system can be a member of multiple communities.
Prerequisites
Procedure
u From the vSphere CLI, type
vicfg-snmp.pl --server <hostname> --username <username> --password <password> -c <com1>.
Replace <com1> with the community name you wish to set. Each time you specify a community with this
command, the setings you specify overwrite the previous configuration. To specify multiple communities,
separate the community names with a comma.
For example, to set the communities public and internal on the host host.example.com, you might type
vicfg-snmp.pl --server host.example.com --username user --password password -c public,
internal.
Configure the SNMP Agent to Send Traps

You can use the ESX/ESX embedded SNMP agent to send virtual machine and environmental traps to
management systems. To configure the agent to send traps, you must specify a target address and community.
To send traps with the SNMP agent, you must configure the target (receiver) address, community, and an
optional port. If you do not specify a port, the SNMP agent sends traps to UDP port 162 on the target
management system by default.
Prerequisites
52 VMware, Inc.
Procedure
1 From the vSphere CLI, type

vicfg-snmp.pl --server <hostname> --username <username> --password <password> -t <target
address>@<port>/<community>.
Replace <target address>, <port>, and <community> with the address of the target system, the port number
to send the traps to, and the community name, respectively. Each time you specify a target with this
command, the settings you specify overwrite all previously specified settings. To specify multiple targets,
separate them with a comma.
For example, to send SNMP traps from the host host.example.com to port 162 on target.example.com using
the public community, type
vicfg-snmp.pl --server host.example.com --username user --password password -t
target.example.com@162/public.
2 (Optional) Enable the SNMP agent by typing

vicfg-snmp.pl --server <hostname> --username <username> --password <password> --enable.
3 (Optional) Send a test trap to verify that the agent is configured correctly by typing
vicfg-snmp.pl --server <hostname> --username <username> --password <password> --test.
The agent sends a warmStart trap to the configured target.
Configure the SNMP Agent for Polling

If you configure the ESX/ESXi embedded SNMP agent for polling, it can listen for and respond to requests
from SNMP management client systems, such as GET requests.
By default, the embedded SNMP agent listens on UDP port 161 for polling requests from management systems.
You can use the vicfg-snmp command to configure an alternative port. To avoid conflicting with other services,
use a UDP port that is not defined in /etc/services.
IMPORTANT Both the embedded SNMP agent and the Net-SNMP-based agent available in the ESX service
console listen on UDP port 161 by default. If you enable both of these agents for polling on an ESX host, you
must change the port used by at least one of them.
Prerequisites
Procedure
1 From the vSphere CLI, type

vicfg-snmp.pl --server <hostname> --username <username> --password <password> -p <port>.
Replace <port> with the port for the embedded SNMP agent to use for listening for polling requests.
2 (Optional) If the SNMP agent is not enabled, enable it by typing

vicfg-snmp.pl --server <hostname> --username <username> --password <password> --enable.
Configure SNMP Management Client Software

After you have configured a vCenter Server system or an ESX/ESXi host to send traps, you must configure
your management client software to receive and interpret those traps.
To configure your management client software, you must specify the communities for the managed device,
configure the port settings, and load the VMware MIB files. Refer to the documentation for your management
system for specific instructions for these steps.
VMware, Inc. 53
Prerequisites
To complete this task, you must download the VMware MIB files from the VMware website.
Procedure
1 In your management software, specify the vCenter Server or ESX/ESXi system as an SNMP-based
managed device.
2 Set up appropriate community names in the management software.
These must correspond to the communities set for the SNMP agent on the vCenter Server system or ESX/
ESXi host.
3 (Optional) If you configured the SNMP agent to send traps to a port on the management system other
than the default UDP port 162, configure the management client software to listen on the port you
configured.
4 Load the VMware MIBs into the management software so you can view the symbolic names for the vCenter
Server or ESX/ESXi variables.
To prevent lookup errors, load the MIB files in the following order:
a VMWARE-ROOT-MIB.mib
b VMWARE-TC-MIB.mib
c VMWARE-PRODUCTS-MIB.mib
d VMWARE-SYSTEM-MIB.mib
e VMWARE-ENV-MIB.mib
f VMWARE-RESOURCES-MIB.mib
g VMWARE-VMINFO-MIB.mib
h VMWARE-OBSOLETE-MIB.mib (for use with versions of ESX/ESXi prior to 4.0)
i VMWARE-AGENTCAP-MIB.mib
j VMWARE-VC-EVENT-MIB.mib
The management software can now receive and interpret traps from vCenter Server or ESX/ESXi systems.
SNMP Diagnostics
Use SNMP tools to diagnose configuration problems.
You can use the following tools to diagnose problems with SNMP configuration:
n Type vicfg-snmp.pl --server <hostname> --username <username> --password <password> --test at the
vSphere command-line interface to prompt the embedded SNMP agent to send a test warmStart trap.
n Type vicfg-snmp.pl --server <hostname> --username <username> --password <password> --show to
display the current configuration of the embedded SNMP agent.
n The SNMPv2-MIB.mib file provides a number of counters to aid in debugging SNMP problems. See
“SNMPv2 Diagnostic Counters,” on page 65.
n The VMWARE-AGENTCAP-MIB.mib file defines the capabilities of the VMware SNMP agents by product
version. Use this file to determine if the SNMP functionality that you want to use is supported.
54 VMware, Inc.
Using SNMP with Guest Operating Systems

You can use SNMP to monitor guest operating systems or applications running in virtual machines.
The virtual machine uses its own virtual hardware devices. Do not install agents in the virtual machine that
are intended to monitor physical hardware.
Procedure
u Install the SNMP agents you normally would use for that purpose in the guest operating systems. No
special configuration is required on ESX.
VMware MIB Files

VMware MIB files define the information provided by ESX/ESXi hosts and vCenter Server to SNMP
management software. You can download these MIB files from the VMware Web site.
Table 5-1 lists the MIB files provided by VMware and describes the information that each file provides.
Table 5-1. VMware MIB Files

MIB File Description
VMWARE-ROOT-MIB.mib Contains VMware’s enterprise OID and top level OID assignments.
VMWARE-AGENTCAP-MIB.mib Defines the capabilities of the VMware agents by product versions.
VMWARE-ENV-MIB.mib Defines variables and trap types used to report on the state of physical hardware
components of the host computer.
VMWARE-OBSOLETE-MIB.mib Defines OIDs that have been made obsolete to maintain backward compatibility
with earlier versions of ESX/ESXi. Includes variables formerly defined in the
files VMWARE-TRAPS-MIB.mib and VMWARE-VMKERNEL-MIB.mib.
VMWARE-PRODUCTS-MIB.mib Defines OIDs to uniquely identify each SNMP agent on each VMware platform
by name, version, and build platform.
VMWARE-RESOURCES-MIB.mib Defines variables used to report information on resource usage of the VMkernel,
including physical memory, CPU, and disk utilization.
VMWARE-SYSTEM-MIB.mib The VMWARE-SYSTEM-MIB.mib file is obsolete. Use the SNMPv2-MIB to obtain
information from sysDescr.0 and sysObjec ID.0.
VMWARE-TC-MIB.mib Defines common textual conventions used by VMware MIB files.

VMWARE-VC-EVENTS-MIB.mib Defines traps sent by vCenter Server. Load this file if you use vCenter Server to
send traps.
VMWARE-VMINFO-MIB.mib Defines variables for reporting information about virtual machines, including
virtual machine traps.
Table 5-2 lists MIB files included in the VMware MIB files package that are not created by VMware. These can
be used with the VMware MIB files to provide additional information.
Table 5-2. Other MIB Files

MIB File Description
IF-MIB.mib Defines attributes related to physical NICs on the host

system.
SNMPv2-CONF.mib Defines conformance groups for MIBs.
SNMPv2-MIB.mib Defines the SNMP version 2 MIB objects.
SNMPv2-TC.mib Defines textual conventions for SNMP version 2.
VMware, Inc. 55
VMWARE-ROOT-MIB
The VMWARE-ROOT-MIB.mib file defines the VMware enterprise OID and top level OID assignments.
Table 5-3 lists the identification mapping defined in VMWARE-ROOT-MIB.mib.
Table 5-3. Definition Mapping for VMWARE-ROOT-MIB.mib

Label Identification Mapping
vmware enterprises 6876
vmwSystem vmware 1
vmwVirtMachines vmware 2
vmwResources vmware 3
vmwProductSpecific vmware 4
vmwLdap vmware 40
vmwTraps vmware 50
vmwOID vmware 60
vmwareAgentCapabilities vmware 70
vmwExperimental vmware 700
vmwObsolete vmware 800
VMWARE-ENV-MIB
The VMWARE-ENV-MIB.mib defines variables and trap types used to report on the state of physical components
of the host computer.
VMWARE-ENV-MIB.mib defines two traps:
n vmwEnvHardwareEvent, which is sent when an ESXi host has detected a material change in the physical
condition of the hardware.
n vmwESXEnvHardwareEvent, which is sent when an ESX host has detected a material change in the physical
condition of the hardware.
Table 5-4 lists the variables defined in VMWARE-ENV-MIB.mib.
Table 5-4. Variable Definitions in VMWARE-ENV-MIB

Variable ID Mapping Description
vmwEnv vmwProductSpecific 20 Defines the OID root for this MIB

module.
vmwEnvNumber vmwEnv 1 Number of conceptual rows in
vmwEnvTable.
vmwEnvLastChange vmwEnv 2 The value of sysUptime when a

conceptual row was last added to or
deleted from vmwEnvTable.
vmwEnvTable vmwEnv 3 This table is populated by monitoring

subsystems such as IPMI.
vmwEnvEntry vmwEnvTable 1 One entry is created in the table for each
physical component reporting its status
to ESX/ESXi.
vmwEnvIndex vmwEnvEntry 1 A unique identifier for the physical
component. This identifier does not
persist across management restarts.
56 VMware, Inc.
Table 5-4. Variable Definitions in VMWARE-ENV-MIB (Continued)

vmwSubsystemType vmwEnvEntry 2 The type of hardware component that is

reporting its environmental state.
vmwHardwareStatus vmwEnvEntry 3 The last reported status of the
component.
vmwEventDescription vmwEnvEntry 4 A description of the last reported event
for this hardware component.
vmwHardwareTime vmwEnvEntry 5 The value of sysUptime when
vmwHardwareStatus was reported.
VMWARE-OBSOLETE-MIB
The VMWARE-OBSOLETE-MIB.mib file contains all previously published managed objects that have been made
obsolete. This file is provided to maintain compatibility with older versions of ESX/ESXi.
The variables defined in this file were originally defined in previous versions of the VMWARE-RESOURCES-MIB.mib
and VMWARE-TRAPS-MIB.mib files. Table 5-5 lists the variables defined in VMWARE-OBSOLETE-MIB.mib.
Table 5-5. Variables Defined in VMWARE-OBSOLETE-MIB

Obsolete variables originally from VMWARE-RESOURCES-MIB

vmwResources vmware 3
vmwCPU vmwResources 1 Defines the root OID for the subtree of

variables used to report CPU
information.
vmwCpuTable vmwCPU 2 A table of CPU usage by each virtual
machine.
vmwCpuEntry vmwCpuTable 1 An entry in cpuTable that records CPU
usage for a single virtual machine.
vmwCpuVMID vmwCpuEntry 1 The identification number allocated to
the virtual machine by the VMkernel.
vmwCpuShares vmwCpuEntry 2 The share of the CPU allocated to the
virtual machine by the VMkernel.
vmwCpuUtil vmwCpuEntry 3 Amount of time the virtual machine has
been running on the CPU (in seconds).
vmwMemTable vmwMemory 4 A table of memory usage by each virtual
machine.
vmwMemEntry vmwMemTable 1 An entry in memTable that records
memory usage by a single virtual
machine.
vmwMemVMID vmwMemEntry 1 The identification number allocated to
the virtual machine by the VMkernel.
vmwMemShares vmwMemEntry 2 The shares of memory allocated to the
virtual machine by the VMkernel.
vmwMemConfigured vmwMemEntry 3 The amount of memory the virtual
machine was configured with (in KB).
vmwMemUtil vmwMemEntry 4 The amount of memory currently used
by the virtual machine (in KB).
vmwHBATable vmwResources 3 A table used for reporting disk adapter
and target information.
VMware, Inc. 57
Table 5-5. Variables Defined in VMWARE-OBSOLETE-MIB (Continued)

vmwHBAEntry vmwHBATable 1 A record for a single HBA connected to

the host machine.
vmwHbaIdx vmwHBAEntry 1 Index for the HBA table.
vmwHbaName vmwHBAEntry 2 A string describing the disk. Format:
<devname#>:<tgt>:<lun>.
vmwHbaVMID vmwHBAEntry 3 The identification number allocated to

the running virtual machine by the
VMkernel.
vmwDiskShares vmwHBAEntry 4 Share of disk bandwidth allocated to
this virtual machine.
vmwNumReads vmwHBAEntry 5 Number of reads to this disk since the
disk module was loaded.
vmwKbRead vmwHBAEntry 6 Kilobytes read from this disk since the
vmwNumWrites vmwHBAEntry 7 Number of writes to this disk since the
vmwKbWritten vmwHBAEntry 8 Number of kilobytes written to this disk
since the disk module was loaded.
vmwNetTable vmwResources 4 A table used for reporting network
adapter statistics.
vmwNetEntry vmwNetTable 1 A record for a single network adapter on
vmwNetIdx vmwNetEntry 1 Index for the network table.
vmwNetName vmwNetEntry 2 A string describing the network
adapter.
vmwNetVMID vmwNetEntry 3 The identification number allocated to
the running virtual machine by the
VMkernel.
vmwNetIfAddr vmwNetEntry 4 The MAC address of the virtual
machine’s virtual network adapter.
vmwNetShares vmwNetEntry 5 Share of network bandwidth allocate d
to this virtual machine. This object has
not been implemented.
vmwNetPktsTx vmwNetEntry 6 The number of packets transmitted on
this network adapter since the network
module was loaded. Deprecated in
favor of vmwNetHCPktsTx.
vmwNetKbTx vmwNetEntry 7 The number of kilobytes sent from this

network adapter since the network
favor of vmwNetHCKbTx.
vmwNetPktsRx vmwNetEntry 8 The number of packets received on this

favor of vmwNetHCPktsRx.
vmwNetKbRx vmwNetEntry 9 The number of kilobytes received on

favor of vmwNetHCKbRx
58 VMware, Inc.
Table 5-5. Variables Defined in VMWARE-OBSOLETE-MIB (Continued)

vmwNetHCPktsTx vmwNetEntry 10 The number of packets transmitted on

module was loaded. This counter is the
64-bit version of vmwNetPktsTx.
vmwNetHCKbTx vmwNetEntry 11 The number of kilobytes sent from this

64-bit version of vmwNetKbTx.
vmwNetHCPktsRx vmwNetEntry 12 The number of packets received on this

64-bit version of vmwNetPktsRx.
vmwNetHCKbRx vmwNetEntry 13 The number of kilobytes received on

64-bit versin of vmwNetKbRx.
Obsolete variables originally defined in VMWARE-TRAPS-MIB

vmID vmwTraps 101 The ID of the affected virtual machine
generating the trap. If there is no virtual
machine ID (for example, if the virtual
machine has been powered off), the
vmID is -1.
vmConfigFile vmwTraps 102 The configuration file of the virtual

machine generating the trap.
vpxdTrapType vmwTraps 301 The trap type of the vCenter Server trap.
vpxdHostName vmwTraps 302 The name of the affected host.
vpxdVMName vmwTraps 303 The name of the affected virtual
machine.
vpxdOldStatus vmwTraps 304 The prior status.
vpxdNewStatus vmwTraps 305 The new status.
vpxdObjValue vmwTraps 306 The object value.
Table 5-6 lists the traps defined in VMWARE-OBSOLETE-MIB.mib. These traps were originally defined in VMWARE-
TRAPS-MIB.mib.
Table 5-6. Traps Defined in VMWARE-OBSOLETE-MIB

Trap Description
ESX/ESXi Traps
vmPoweredOn This trap is sent when a virtual machine is powered on from a suspended or powered off
state.
vmPoweredOff This trap is sent when a virtual machine is powered off.
vmHBLost This trap is sent when a virtual machine detects a loss in guest heartbeat. VMware Tools
must be installed in the guest operating system in order for this value to be valid.
vmHBDetected This trap is sent when a virtual machine detects or regains the guest heartbeat. VMware
Tools must be installed in the guest operating system in order for this value to be valid.
vmSuspended This trap is sent when a virtual machine is suspended.
vCenter Server Traps

vpxdTrap This trap is sent when an entity status has changed.
VMware, Inc. 59
VMWARE-PRODUCTS-MIB
The VMWARE-PRODUCTS-MIB.mib file defines OIDs to uniquely identify each SNMP agent on each VMware
platform.
Table 5-7 lists identification mappings defined in VMWARE-PRODUCTS-MIB.mib.
Table 5-7. Identification Mappings for VMWARE-PRODUCTS-MIB.mib

Label Identification Mapping
oidESX vmwOID 1
vmwESX vmwProductSpecific 1
vmwDVS vmwProductSpecific 2
vmwVC vmwProductSpecific 3
vmwServer vmwProductSpecific 4
VMWARE-RESOURCES-MIB
The VMWARE-RESOURCES-MIB.mib file defines variables used to report information on resource usage.
Table 5-8 lists the identification mappings defined in VMWARE-RESOURCES-MIB.mib.
Table 5-8. Identification Mappings for VMWARE-RESOURCES-MIB

CPU Subtree
vmwCPU vmwResources 1 Defines the root OID for the subtree of variables
used to report CPU information.
vmwNumCPUs vmwCPU 1 The number of physical CPUs present on the
system.
Memory Subtree
vmwMemory vmwResources 2 Defines the root OID for the subtree of variables
used to report memory information.
vmwMemSize vmwMemory 1 Amount of physical memory present on the host (in
KB).
vmwMemCOS vmwMemory 2 Amount of physical memory allocated to the service
console (in KB). This variable does not apply to ESXi
hosts, which do not have a service console.
vmwMemAvail vmwMemory 3 The amount of memory available to run virtual
machines and to allocate to the hypervisor. It is
computed by subtracting vmwMemCOS from
vmwMemSize.
Storage Subtree
vmwStorage vmwResources 5 Defines the root OID for the subtree of variables
used to report memory information.
vmwHostBusAdapterNumber vmwStorage 1 The number of entries in the
vmwHostBusAdapterTable.
vmwHostBusAdapterTable vmwStorage 2 A table of Host Bus Adapters found in this host.
vmwHostBusAdapterEntry vmwHostBusAdapterTable 1 An entry in the Host Bus Adapter table holding
details for a particular adapter.
vmwHostBusAdapterIndex vmwHostBusAdapterEntry 1 An arbitrary index assigned to this adapter.
vmwHbaDeviceName vmwHostBusAdapterEntry 2 The system device name for this adapter.
60 VMware, Inc.
Table 5-8. Identification Mappings for VMWARE-RESOURCES-MIB (Continued)

vmwHbaBusNumber vmwHostBusAdapterEntry 3 The host bus number. For unsupported adapters,

returns -1.
vmwHbaStatus vmwHostBusAdapterEntry 4 The operational status of the adapter.
vmwHbaModelName vmwHostBusAdapterEntry 5 The model name of the adapter.
vmwHbaDriverName vmwHostBusAdapterEntry 6 The name of the adapter driver.
vmwHbaPci vmwHostBusAdapterEntry 7 The PCI ID of the adapter.
VMWARE-SYSTEM-MIB
The VMWARE-SYSTEM-MIB.mib file provides variables for identifying the VMware software running on a managed
system by product name, version number, and build number.
Table 5-9 lists the variables defined in VMWARE-SYSTEM-MIB.mib.
Table 5-9. Variables Defined in VMWARE-SYSTEM-MIB

vmwProdName vmwSystem 1 The product name.

vmwProdVersion vmwSystem 2 The product version number, in the format
<Major>.<Minor>.<Update>.
vmwProdBuild vmwSystem 4 The product build number.
VMWARE-TC-MIB
The VMWARE-TC-MIB.mib file provides common textual conventions used by VMware MIB files.
VMWARE-TC-MIB.mib defines the following integer values for VmwSubsystemTypes:
n unknown(1)
n chassis(2)
n powerSupply(3)
n fan(4)
n cpu(5)
n memory(6)
n battery(7)
n temperatureSensor(8)
n raidController(9)
n voltage(10)
VMWARE-TC-MIB.mib defines the following integer values for VmwSubsystemStatus:
n unknown(1)
n normal(2)
n marginal(3)
n critical(4)
n failed(5)
VMware, Inc. 61
VMWARE-VC-EVENT-MIB
The VMWARE-VC-EVENT-MIB.mib file provides definitions for traps sent by vCenter Server. These definitions were
provided by VMWARE-TRAPS-MIB.mib in earlier versions of VirtualCenter Server.
Table 5-10 lists the traps defined for vCenter Server.
Table 5-10. Alarms Defined in VMWARE-VC-EVENT-MIB

Trap ID Mapping Description
vpxdAlarm vmwVCNotifications 201 The vCenter Server SNMP agent sends

this trap when an entity's alarm status
changes.
vpxdDiagnostic vmwVCNotifications 202 The vCenter Server SNMP agent sends
this trap when vCenter Server starts or
is restarted, or when a test notification
is requested. vCenter Server can be
configured to send this trap periodically
at regular intervals.
Table 5-11 lists the variables defined for the vCenter Server traps.
Table 5-11. Variables Defined in VMWARE-VC-EVENT-MIB

vmwVpxdTrapType vmwVC 301 The trap type of the vCenter Server trap.
vmwVpxdHostName vmwVC 302 The name of the affected host.
vmwVpxdVMName vmwVC 303 The name of the affected virtual machine.
vmwVpxdOldStatus vmwVC 304 The prior status.
vmwVpxdNewStatus vmwVC 305 The new status.
vmwVpxdObjValue vmwVC 306 The object value.
VMWARE-VMINFO-MIB
The VMWARE-VMINFO-MIB.mib file defines variables and traps for reporting virtual machine information.
Table 5-12 lists the variables defined in VMWARE-VMINFO-MIB.mib.
Table 5-12. Identification Mappings for VMWARE-VMINFO-MIB

Virtual Machine Variables

vmwVmTable vmwVirtMachines 1 A table containing information on the virtual machines
that have been configured on the system.
vmwVmEntry vmwVmTable 1 The record for a single virtual machine.
vmwVmIdx vmwVmEntry 1 An index for the virtual machine entry.
vmwVmDisplayName vmwVmEntry 2 The display name for the virtual machine.
vmwVmConfigFile vmwVmEntry 3 The path to the configuration file for this virtual
machine.
vmwVmGuestOS vmwVmEntry 4 The guest operating system running on the virtual
machine.
vmwVmMemSize vmwVmEntry 5 The memory (in MB) configured for this virtual
machine.
vmwVmState vmwVmEntry 6 The virtual machine power state (on or off).
62 VMware, Inc.
Table 5-12. Identification Mappings for VMWARE-VMINFO-MIB (Continued)

vmwVmVMID vmwVmEntry 7 An identification number assigned to running virtual

machines by the VMkernel. Powered-off virtual
machines to not have this ID.
vmwVmGuestState vmwVmEntry 8 The state of the guest operating system (on or off).
vmwVmCpus vmwVmEntry 9 The number of virtual CPUs assigned to this virtual
machine.
Virtual Machine HBA Variables

vmwVmHbaTable vmwVirtMachines 2 A table of HBAs visible to a virtual machine.
vmwVmHbaEntry vmwVmHbaTable 1 Record for a single HBA.
vmwHbaVmIdx vmwVmHbaEntry 1 A number corresponding to the virtual machine’s index
in the vmwVmTable.
vmwVmHbaIdx vmwVmHbaEntry 2 Uniquely identifies a given HBA in this VM. May

change across system reboots.
vmwHbaNum vmwVmHbaEntry 3 The name of the HBA as it appears in the virtual
machine settings.
vmwHbaVirtDev vmwVmHbaEntry 4 The HBA hardware being emulated to the guest
operating system.
vmwHbaTgtTable vmwVirtMachines 3 The table of all virtual disks configure for virtual
machines in vmwVmTable.
vmwHbaTgtEntry vmwHbaTgtTable 1 A record for a specific storage disk. May change across
reboots.
vmwHbaTgtVmIdx vmwHbaTgtEntry 1 A number corresponding to the virtual machine’s index
(vmwVmIdx) in the vmwVmTable.
vmwHbaTgtIdx vmwHbaTgtEntry 2 This value identifies a particular disk.

vmwHbaTgtNum vmwHbaTgtEntry 3 Identifies the disk as seen from the host bus controller.
Virtual Machine Network Variables

vmwVmNetTable vmwVirtMachines 4 A table of network adapters for all virtual machines in
vmwVmTable.
vmwVmNetEntry vmwVmNetTable 1 Identifies a unique network adapter in this table.

vmwVmNetVmIdx vmwVmNetEntry 1 A number corresponding to the virtual machine’s index
in the vmwVmTable.
vmwVmNetIdx vmwVmNetEntry 2 Identifies a unique network adapter in this table. May

change across sytem reboots.
vmwVmNetNum vmwVmNetEntry 3 The name of the network adapter as it appears in the
virtual machine settings.
vmwVmNetName vmwVmNetEntry 4 Identifies what the network adapter is connected to.
vmwVmNetConnType vmwVmNetEntry 5 Obsolete. Do not use.
vmwVmNetConnected vmwVmNetEntry 6 Reports true if the ethernet virtual device is connected
to the virtual machine.
vmwVmMAC vmwVmNetEntry 7 Reports the configured virtual hardware MAC address.
If VMware Tools is not running, the value is zero or
empty.
Virtual Floppy Device Variables

vmwFloppyTable vmwVirtMachines 5 A table of floppy drives for all virtual machines in
vmwVmTable.
VMware, Inc. 63
Table 5-12. Identification Mappings for VMWARE-VMINFO-MIB (Continued)

vmwFloppyEntry vmwFloppyTable 1 Identifies a single floppy device. May change across

system reboots.
vmwFdVmIdx vmwFloppyEntry 1 A number corresponding to the virtual machine’s index
in the vmwVmTable.
vmwFdIdx vmwFloppyEntry 2 Identifies a specific virtual floppy device.

vmwFdName vmwFloppyEntry 3 The file or device that this virtual floppy device is
connected to.
vmwFdConnected vmwFloppyEntry 4 Reports true if the floppy device is connected.
Virtual DVD or CD-ROM Variables

vmwCdromTable vmwVirtMachines 6 A table of DVD or CD-ROM drives for all virtual
machines in vmwVmTable.
vmwCdromEntry vmwCdromTable 1 Identifies a specific CD-ROM or DVD drive. May

change across system reboots.
vmwCdVmIdx vmwCdromEntry 1 A number corresponding to the virtual machine’s index
in the vmwVmTable.
vmwCdromIdx vmwCdromEntry 2 Identifies the specific DVD or CD-ROM drive.

vmwCdromName vmwCdromEntry 3 The file or device that the virtual DVD or CD-ROM
drive has been configured to use.
vmwCdromConnected vmwCdromEntry 4 Reports true the CD-ROM device is connected.
Virtual Machine Trap Variables

vmwVmID vmwTraps 101 Holds the same value as vmwVmVMID of the affected
virtual machine generating the trap, to allow polling of
the affected virtual machine in vmwVmTable.
vmwVmConfigFilePath vmwTraps 102 The configuration file of the virtual machine generating
the trap.
Table 5-13 lists the traps defined in VMWARE-VMINFO-MIB.mib. These traps were formely defined in VMWARE-TRAPS-
MIB.mib.
Table 5-13. Traps Defined in VMWARE-VMINFO-MIB

Trap ID Mapping Description
vmwVmPoweredOn vmwVmNotifications 1 This trap is sent when a virtual machine

is powered on from a suspended or
powered off state.
vmwVmPoweredOff vmwVmNotifications 2 This trap is sent when a virtual machine
is powered off.
vmwVmHBLost vmwVmNotifications 3 This trap is sent when a virtual machine
detects a loss in guest heartbeat.
VMware Tools must be installed in the
guest operating system in order for this
value to be valid.
vmwVmHBDetected vmwVmNotifications 4 This trap is sent when a virtual machine
detects or regains the guest heartbeat.
VMware Tools must be installed in the
guest operating system in order for this
value to be valid.
vmwVmSuspended vmwVmNotifications 5 This trap is sent when a virtual machine
is suspended.
64 VMware, Inc.
SNMPv2 Diagnostic Counters

The SNMPv2-MIB.mib file provides a number of counters to aid in debugging SNMP problems.
Table 5-14 lists some of these diagnostic counters.
Table 5-14. Diagnostic Counters from SNMPv2-MIB

snmpInPkts snmp 1 The total number of messages delivered to the SNMP entity
from the transport service.
snmpInBadVersions snmp 3 The total number of SNMP messages that were delivered
to the SNMP entity and were for an unsupported SNMP
version.
snmpInBadCommunityNames snmp 4 The total number of community-based SNMP messages
delivered to the SNMP entity that used an invalid SNMP
community name.
snmpInBadCommunityUses snmp 5 The total number of community-based SNMP messages
delivered to the SNMP entity that represented an SNMP
operation that was not allowed for the community named
in the message.
snmpInASNParseErrs snmp 6 The total number of ASN.1 or BER errors encountered by
the SNMP entity when decoding received SNMP messages.
snmpEnableAuthenTraps snmp 30 Indicates whether the SNMP entity is permitted to generate
authenticationFailure traps. The value of this object
overrides any configuration information. It therefore
provides a means of disabling all authenticationFailure
traps.
snmpSilentDrops snmp 31 The total number of Confirmed Class PDUs delivered to
the SNMP entity that were silently dropped because the
size of a reply containing an alternate Response Class PDU
with an empty variable-bindings field was greater than
either a local constraint or the maximum message size
associated with the originator of the request.
snmpProxyDrops snmp 32 The total number of Confirmed Class PDUs delivered to
the SNMP entity that were silently dropped because the
transmission of the message to a proxy target failed in a
manner other than a time-out such that no Response Class
PDU could be returned.
System Log Files

In addition to lists of events and alarms, vSphere components generate assorted logs. These logs contain
additional information about activities in your vSphere environment.
View System Log Entries

You can view system logs generated by vSphere components.
The following task describes how to access and view system logs.
Procedure
1 From the Home page of a vSphere Client connected to either a vCenter Server system or an ESX/ESXi host,
click System Logs.
2 From the drop-down menu, select the log and entry you want to view.
3 Select View > Filtering to refer to the filtering options.
VMware, Inc. 65
4 Enter text in the data field.
5 Click Clear to empty the data field.
External System Logs

VMware technical support might request several files to help resolve any issues you have with the product.
This section describes the types and locations of log files found on various ESX 4.0 component systems.
NOTE On Windows systems, several log files are stored in the Local Settings directory, which is located at C:
\Documents and Settings\<user name>\Local Settings\. This folder is hidden by default.
ESX/ESXi System Logs

You may need the ESX/ESXi system log files to resolve technical issues.
Table 5-15 lists log files associated with ESX systems.
Table 5-15. ESX/ESXi System Logs

Component Location
ESX Server 2.x Service log /var/log/vmware/vmware-serverd.log
ESX Server 3.x or ESX Service log /var/log/vmware/hostd.log
vSphere Client Agent log /var/log/vmware/vpx/vpxa.log
Virtual Machine Kernel Core file /root/vmkernel-core.<date>

and
/root/vmkernel-log.<date>
These files are present after you reboot your machine.
Syslog log /var/log/messages
Service Console Availability report /var/log/vmkernel
VMkernel Messages /var/log/vmkernel
VMkernel Alerts and Availability report /var/log/vmkernel
VMkernel Warning /var/log/vmkwarning
Virtual Machine log file vmware.log in the same directory as the .vmx file for the virtual machine
Virtual Machine Configuration file <virtual_machine_name>/<virtual_machine_name>.vmx located on a

datastore associated with the managed host. Used the virtual machine
summary page in the vSphere Client to determine the datastore on which
this file is located.
vSphere Client System Logs

You may need the vSphere Client system log files to resolve technical issues.
Table 5-16 lists log files associated with the vSphere Client machine.
66 VMware, Inc.
Table 5-16. vSphere Client System Logs

Component Location
vSphere Client Temp directory on the vSphere Client machine.

Installation log Example: C:\Documents and Settings\<user name>\Local Settings\Temp\vmmsi.log or
C:\Users\<user name>\Local Settings\Temp\vmmsi.log
vSphere Client \vpx directory in the Application Data directory on the vSphere Client machine.
Service log Example: C:\Documents and Settings\<user name>\Local Settings\Application Data
\vpx\viclient-x.log or C:\Users\<user name>\Local Settings\Application Data\vpx
\viclient-x.log
x(=0, 1, ... 9)
VMware Server System Logs

You may need the VMware Server system log files and the configuration file to resolve technical issues.
Table 5-17 lists log files associated with VMware Server hosts.
Table 5-17. VMware Server System Logs

Operating
Component System Location
Virtual Machine Console log Windows Temp directory

Example:C:\Documents and Settings\<username>\Local
Settings\Temp\vmware-<username>-<PID>.log
Linux Temp directory

Example:/tmp/vmware-<username>/ui-<PID>.log
If you encounter problems with the VMware Virtual Machine console on a remote vSphere
Client, please submit a support request and this log file.
Virtual Machine log Windows and vmware.log

Linux Located in the same directory as the virtual machine .vmx file.
Run the support script or save the log file before you launch the failed virtual machine
again.
Virtual Machine Event log Windows C:\Program Files\VMware\VMware Virtual Infrastructure\

vmserverdRoot\eventlog\vent-
<path_to_configuration_file>.vmx.log
Linux /var/log/vmware/event-<path_to_
configuration_file>.vmx.log
Virtual Machine Windows <virtual_machine_name>/<virtual_machine_name>.vmx
Configuration file Located in the folder where virtual machines are stored.
Linux <virtual_machine_name>/<virtual_machine_name>.vmx
Located in the folder where virtual machines are stored.
VMware, Inc. 67
Configure Syslog on ESXi Hosts

All ESX/ESXi hosts run a syslog service (syslogd), which logs messages from the VMkernel and other system
components to a file.
On an ESXi host, you can use the vSphere Client or the vSphere CLI command vicfg-syslog to configure the
following options:
Log file path Specifies a datastore path to a file in which syslogd logs all messages.
Remote host Specifies a remote host to which syslog messages are forwarded. In order to
receive the forwarded syslog messages, your remote host must have a syslog
service installed and correctly configured. Consult the documentation for the
syslog service installed on your remote host for information on configuration.
Remote port Specifies the port on which the remote host receives syslog messages.
You cannot use the vSphere Client or vicfg-syslog to configure syslog behavior for an ESX host. To configure
syslog for an ESX host, you must edit the /etc/syslog.conf file.
For more information on vicfg-syslog, see the vSphere Command-Line Interface Installation and Reference
Guide.
Procedure
1 In the vSphere Client inventory, select the host.
3 Click Advanced Settings.
4 Select Syslog in the tree control.
5 In the Syslog.Local.DatastorePath text box, enter the datastore path for the file to which syslog will log
messages.
The datastore path should be of the form [<datastorename>] </path/to/file>, where the path is relative to the
root of the volume backing the datastore. For example, the datastore path [storage1] var/log/messages
would map to the path /vmfs/volumes/storage1/var/log/messages.
If no path is specified, the default path is /var/log/messages.
6 In the Syslog.Remote.Hostname text box, enter the name of the remote host to which syslog data will be
forwarded.
If no value is specified, no data is forwarded.
7 In the Syslog.Remote.Port text box, enter the port on the remote host to which syslog data will be
forwarded.
By default, this option is set to 514, which is the default UDP port used by syslog. Changes to this option
take effect only if Syslog.Remote.Hostname is configured.
8 Click OK.
Changes to the syslog options take effect immediately.
Export Diagnostic Data

You can export all or part of your log file data.
When you export log file data, the vm-support script creates a file of the selected data and stores it in a location
you specify. The default file type is .txt if no other extension is specified. The file contains Type, Time, and
Description.
68 VMware, Inc.
Procedure
1 From the vSphere Client connected to a vCenter Server system or ESX/ESXi host, select Administration >
Export Diagnostic Data.
2 If the vSphere Client is connected to a vCenter Server system, specify the host whose logs you want to
export and the location for storing the log files.
3 If the vSphere Client is connected to an ESX/ESXi host, specify the location for the log files.
4 Click OK.
Collecting Log Files

VMware technical support might request several files to help resolve technical issues. The following sections
describe script processes for generating and collecting some of these files.
Set Verbose Logging

You can specify how verbose log files will be.
Procedure
2 Select Logging Options.

3 Select Verbose from the pop-up menu.
4 Click OK.
Collect vSphere Log Files

You can collect vSphere log files into a single location.
Select from the options:
Procedure
n To view the viclient-*.log files, change to the directory, %temp%.
n If you are running the vSphere Client connected to a vCenter Server system, download the log bundle.
The log bundle is generated as a .zip file. By default, the vpxd logs within the bundle are compressed
as .gz files. You must use gunzip to uncompress these files.
n From the vCenter Server system, select Start > Programs > VMware > Generate vCenter Server log
bundle.
You can use this to generate vCenter Server log bundles even when you are unable to connect to the
vCenter Server using the vSphere Client.
The log bundle is generated as a .zip file. By default, the vpxd logs within the bundle are compressed
as .gz files. You must use gunzip to uncompress these files.
Collect ESX Log Files Using the Service Console

You can collect and package all relevant ESX system and configuration information, a well as ESX log files.
This information can be used to analyze the problems.
Procedure
u Run the following script on the service console: /usr/bin/vm-support
The resulting file has the following format: esx-<date>-<unique-xnumber>.tgz
VMware, Inc. 69
Turn Off Compression for vpxd Log Files

By default, vCenter Server vpxd log files are rolled up and compressed into .gz files. You can turn off this
setting to leave the vpxd logs uncompressed.
Procedure
1 Log in to the vCenter Server using the vSphere Client.
3 In the Key text box, type log.compressOnRoll.
4 In the Value text box, type false.
5 Click Add, and click OK.
ESX/ESXi VMkernel Files

If the VMkernel fails, an error message appears and then the virtual machine reboots. If you specified a VMware
core dump partition when you configured your virtual machine, the VMkernel also generates a core dump
and error log.
More serious problems in the VMkernel can freeze the machine without an error message or core dump.
70 VMware, Inc.
Managing the vSphere Client
Inventory 6
The topics in this section describe how to manage the objects in your vSphere environment.
The views and capabilities displayed vary depending on whether the vSphere Client is connected to a vCenter
Server system or an ESX/ESXi host. Unless indicated, the process, task, or description applies to all kinds of
vSphere Client connections.

n “Understanding vSphere Client Objects,” on page 71
n “Add an Inventory Object,” on page 73
n “Moving Objects in the Inventory,” on page 74
n “Remove an Inventory Object,” on page 74
n “Browsing Datastores in the vSphere Client Inventory,” on page 75
Understanding vSphere Client Objects

Inventory objects in the vSphere Client include folders, datacenters, clusters, resource pools, datastores, and
networks. These objects are used to help manage or organize monitored and managed hosts, as well as virtual
machines.
Each object in the vSphere Client has a particular place in the overall object hierarchy. An object’s position in
the hierarchy is determined by the object’s functionality.
An object's name must be unique with its parent. vApp names must be unique within the Virtual Machines
and Templates view.
Identifying Objects in the vSphere Client Inventory

Inventory objects in the vSphere Client represent resources in your virtual infrastructure.
Objects in vSphere Client are as follows:
Root folder In vCenter Server only. Child objects are datacenters or subfolders. The root
folder is set as a default for every vCenter Server system. You can change the
name, but not add or remove it.
In a vCenter Server Connected Group, there is one root folder for each vCenter
Server system in the group. The name of the root folder is the name of the
vCenter Server system which it represents.
Folders In vCenter Server only. Child objects are datacenters, hosts, clusters,
networking objects, datastores, virtual machines, templates, or subfolders.
VMware, Inc. 71
Datacenters In vCenter Server only. A datacenter contains folders, clusters, hosts, networks,
datastores and virtual machines. All actions taken upon managed hosts and
virtual machines are applied within their datacenter. Within a datacenter, you
can monitor and manage virtual machines separately from their hosts and use
VMotion.
Clusters In vCenter Server only. Child objects are hosts, virtual machines, or resource
pools.
Hosts Child objects of hosts are virtual machines or resource pools. Hosts are ESX/
ESXi systems. The term host refers to the virtualization platform that is the host
to one or more virtual machines. A host object is the default top structure for
a standalone ESX/ESXi machine.
When the vCenter Server system is connected to the vSphere Client, all ESX/
ESXi systems registered with vCenter Server are referred to as hosts. ESX/ESXi
systems directly connected to the vSphere Client are referred to as standalone
hosts.
Resource pools Child objects of resource pools are virtual machines or other resource pools.
Resource pools are available on ESX/ESXi hosts as well as through vCenter
Server systems.
A vSphere Client resource pool is used to allocate host-provided CPU and

memory to the virtual machines resident to the host.
Virtual machines Located within a host, virtual disks on a datastore, associated within a cluster
or resource pool. Can be listed as a child object to hosts, clusters, or resource
pools. Can be moved between hosts or clusters. When adding to a cluster or
resource pool, you must specify or have in the cluster or resource pool a
designated target host.
Templates A template is a master copy of a virtual machine that can be used to create and
provision new virtual machines.
Networks In vCenter Server only. Child object to datacenters and network folders. There
are two types of networks: vNetwork Standard Switches (vSwitches) and
vNetwork Distributed Switches. vNetwork Standard Switches are associated
with a single host and are discovered when hosts are added to the vSphere
environment. You can add and remove vNetwork Standard Switches through
the vSphere Client. vNetwork Distributed Switches span multiple hosts. You
can add and remove vNetwork Distributed Switches through the vSphere
Client.
Datastores In vCenter Server only. Child object to datacenters and datastore folders.
Datastores are logical containers that hold virtual disk files and other files
necessary for virtual machine operations. Datastores exist on different types of
physical storage devices, including local storage, iSCSI and Fibre Channel
SANs, and NFS. You create datastores by formatting storage devices or by
mounting NFS volumes on your host. In addition, you can add a host with
existing datastores to the inventory.
Libraries Central repositories for virtual machine provisioning media such as virtual
machine templates, ISO images, floppy images, VMDK files, guest
customization files, and so on.
72 VMware, Inc.
Chapter 6 Managing the vSphere Client Inventory
Viewing Object Relationships

One of the features of managing your virtual infrastructure with vSphere is viewing relationships between
inventory objects.
You can view the relationships between inventory objects relationships in the following ways:
Using the Maps feature Shows the inventory object relationships in graphical form.
Clicking an object in the Provides a list of tabbed content that lists related objects.
inventory For example, a datastore has a virtual machine tab that lists the virtual machines
that use the datastore. There is also a host tab that list the hosts that can access
the datastore.
Selecting Hosts and Provides a view of the set of virtual machines that run on a particular host,
Clusters from the Home cluster, or resource pool. Each object has a tab that displays all the virtual
page machines associated or contained within it.
When you view the hosts and clusters page, virtual machine folders are not
displayed. Because virtual machine names are unique within virtual machine
folders, you might see more than one virtual machine with the same name. To
view virtual machines as they are arranged in the folder hierarchy, use the VMs
and Templates view.
Selecting VMs and Displays all virtual machines and templates. Through this view you can
Templates from the organize virtual machines into folder hierarchies.
Home page
Selecting Datastores Displays all datastores in the datacenter. Through this view you can organize
from the Home page datastores into arbitrary folder hierarchies.
Selecting Networking Displays all abstract network devices, called vSwitches and vNetwork
objects from the Home Distributed Switches. Through this view you can organize networking devices
page into arbitrary folder hierarchies.
Add an Inventory Object

You can add an inventory object only to its corresponding hierarchical parent. Objects you are allowed to add
are listed on the parent menus.
Add a Cluster, Resource Pool, Host, or Virtual Machine

Clusters, resource pools, hosts, and virtual machines can be added from the Hosts and Clusters view in vSphere
Client.
Procedure
1 From the vSphere Client, right-click the parent object in the inventory.
2 Select New <Object>, where <Object> is a folder, datacenter, cluster, resource pool, host, or virtual machine.
3 Complete the wizard and click Finish.
VMware, Inc. 73
Add a Folder or Datacenter

Folders and datacenters add organization to your inventory. Add folders or datacenters from any Inventory
view in the vSphere Client.
Procedure
1 From the vSphere Client, right-click the parent object in the inventory.
2 Select New <Object>, where <Object> is a folder, datacenter, cluster, resource pool, host, or virtual machine.
An icon representing the new object is added to the inventory.
3 Enter a name for the object.
Moving Objects in the Inventory

You can move most objects manually between folders, datacenters, resource pools, and hosts in the vSphere
Client inventory.
You cannot move the root folder. If you connect directly to a host using the vSphere Client, you cannot move
the host.
You can move inventory objects in the following ways:

n Folders — move within a datacenter.
n Datacenter — move between folders at a sibling or parent level.
n Cluster — move between folders and within datacenters at a sibling or parent level.
n Host — move between clusters and datacenters. When managed by vCenter Server, if a host is in a cluster,
all virtual machines on the host must be shut down and the host must be placed into maintenance mode
before it can be moved from the cluster.
n Resource pools — move to other resource pools and folders.
n Virtual machines — move to other resource pools, clusters, folders, datacenters, or hosts. When adding
to anything other than a host, you must specify a target host.
n Networks — move between folders at a sibling or parent level. You cannot move a dvPort Group
independently of its parent Distributed Virtual Switch.
n Datastores — move between folders at a sibling or parent level.
Remove an Inventory Object

Removing an object from the inventory discontinues the management of the object by vCenter Server.
When you remove an object (such as a folder, datacenter, cluster, or resource pool) from the inventory, vCenter
Server does the following:
n Removes all of the object’s child inventory objects.
n Removes all the tasks and alarms associated with the object.
n Returns all processor and migration licenses assigned to the object to available status.
n If the object is a host, ceases to manage the object’s virtual machines, but allows them to remain on the
host.
NOTE Removing a virtual machine from the inventory does not delete it from its datastore.
74 VMware, Inc.
Chapter 6 Managing the vSphere Client Inventory
Procedure
1 From the vSphere Client, right-click the object and select Remove.
2 In the confirmation dialog box that appears, confirm that you want to remove the object.
Browsing Datastores in the vSphere Client Inventory

The Datastore Browser allows you to manage the contents of datastores in the vSphere Client inventory.
To use the Datastore Browser, you need to have a role with the Browse Datastore privilege.
You can use the Datastore Browser to:
n View or search the contents of a datastore.
n Add a virtual machine or template stored on a datastore to the vSphere Client inventory.
n Copy or move files from one location to another, including to another datastore.
n Upload a file or folder from the client computer to a datastore.
n Download a file from a datastore to the client computer.
n Delete or rename files on a datastore.
The Datastore Browser operates in a manner similar to file system applications like Windows Explorer. It
supports many common file system operations, including copying, cutting, and pasting files. The Datastore
Browser does not support drag-and-drop operations.
Copying Virtual Machine Disks with the Datastore Browser

You can use the Datastore Browser to copy virtual machine disk files between hosts. Disk files are copied as-
is, without any format conversion. Disks copied from one type of host to a different type of host might require
conversion before they can be used on the new host.
You can download virtual disks from a datastore to local storage, but you cannot upload virtual disks from
local storage to a datastore, because the disk format cannot be verified during the upload.
VMware, Inc. 75
76 VMware, Inc.
Managing Hosts in vCenter Server 7
To access the full capabilities of your hosts and to simplify the management of multiple hosts, you should
connect your hosts to a vCenter Server system.
For information on configuration management of ESX/ESXi hosts, see the ESX Configuration Guide or ESXi
Configuration Guide.
The views and capabilities displayed vary depending on whether the vSphere Client is connected to a vCenter
Server system or an ESX/ESXi host. Unless indicated, the process, task, or description applies to all kinds of
vSphere Client connections.

n “About Hosts,” on page 77
n “Add a Host,” on page 78
n “Completing the Add Host Process,” on page 80
n “Disconnecting and Reconnecting a Host,” on page 80
n “Remove a Host from a Cluster,” on page 81
n “Understanding Managed Host Removal,” on page 82
n “Remove a Managed Host from vCenter Server,” on page 82
n “Monitoring Host Health Status,” on page 83
About Hosts
A host is a virtualization platform that supports virtual machines. A vCenter Server managed host is a host
that is registered with vCenter Server.
The task of managing a host is accomplished through the vSphere Client. This vSphere Client can be connected
either directly to an ESX/ESXi host or indirectly to hosts through a connection to a vCenter Server system.
When ESX/ESXi hosts are connected to the vSphere Client directly, you manage them individually as
standalone hosts. Most of the host configuration and virtual machine configuration features still apply.
Features that require multiple hosts, such as migration with VMotion of a virtual machine from one host to
another, are not available through the standalone host connection.
VMware, Inc. 77
When ESX/ESXi hosts are managed by vCenter Server, they are added to the vSphere environment through a
vSphere Client connected to a vCenter Server system. Managed hosts are hierarchically placed in datacenters,
folders, or clusters under the root vCenter Server system.
CAUTION If an ESX/ESXi host is connected with a vCenter Server system and you attached a vSphere Client
to manage the ESX/ESXi host directly, you receive a warning message but are allowed to proceed. This might
result in conflicts on the host, especially if the host is part of a cluster. This action is strongly discouraged.
All virtual machines on managed hosts are discovered and imported into vCenter Server. When you add
multiple managed hosts, vCenter Server identifies any naming conflicts that exist between virtual machines
and alerts the system administrator, who can then rename virtual machines as necessary.
When vCenter Server connects to a managed host, it does so as a privileged user. The individual vSphere Client
user does not necessarily need to be an administrative user on the managed host.
Add a Host
To manage ESX/ESXi hosts using vCenter Server, you must add the hosts to the vSphere environment through
the vSphere Client.
When you add a host, vCenter Server discovers and adds all the virtual machines contained within that
managed host to the environment.
Before you begin this task:

n Ensure a communication channel through a firewall, if needed. If any managed host in the vCenter Server
environment is behind a firewall, ensure that the managed host can communicate with vCenter Server
and with all other hosts. See the ESX Server Configuration Guide or the ESXi Server Configuration Guide for
information on which ports are necessary.
n Make sure NFS mounts are active. If NFS mounts are unresponsive, the operation fails.
NOTE If you are connecting your vSphere Client to an ESX/ESXi host directly, the tasks in this section do not
apply.
Add a Host to a vCenter Server Cluster

Use the vSphere Client to add a host to a cluster.
Procedure
1 In the vSphere Client, display the inventory and select the cluster where you will add the host.
2 From the File menu, select New > Add Host.
3 Enter the managed host connection settings and click Next.
a Type the name or IP address of the managed host in the Host name field.
managed host.
vCenter Server uses the root account to log in to the system and then creates a special user account.
vCenter Server then uses this account for all future authentication.
This option is available for ESXi hosts only. Selecting this check box ensures that the host is managed only
through vCenter Server. Certain limited management tasks can be performed while in lockdown mode
by logging into the local console on the host.
78 VMware, Inc.
Chapter 7 Managing Hosts in vCenter Server
5 Confirm the Host Summary information and click Next.
6 Select whether to assign a new or existing license key to the host and click Next.
7 Specify what should happen to the resource pools on the host.
The options are:

n Put all the host’s virtual machines into the cluster’s root resource pool.
n Create new resource pool for the host’s virtual machines. The default resource pool name is derived
from the host’s name. Type over the text to supply your own name.
8 Click Next.
9 Click Finish.
Add a Host to a vCenter Server Datacenter

Use the vSphere Client to add a host to a datacenter.
Procedure
1 In the vSphere Client, display the inventory and select the datacenter or folder where you will add the
host.
2 Select File > New > Add Host.
3 Enter the managed host connection settings and click Next.
a Type the name or IP address of the managed host in the Host name field.
managed host.
vCenter Server uses the root account to log in to the system and then creates a special user account.
vCenter Server then uses this account for all future authentication.
This option is available for ESXi hosts only. Selecting this check box ensures that the host is managed only
through vCenter Server. Certain limited management tasks can be performed while in lockdown mode
by logging into the local console on the host.
5 Confirm the Host Summary information and click Next.
6 Select whether to assign a new or existing license key to the host and click Next.
7 Select the location for the host's virtual machines and click Next.
Select a virtual machine folder, or the datacenter itself if you do not want to place the virtual machines
into a folder.
8 Click Finish.
VMware, Inc. 79
Completing the Add Host Process

After you complete the Add Host wizard, vCenter Server verifies that the host is compatible and completes
the process of adding it to the vCenter Server inventory.
After you dismiss the Add Host wizard, vCenter Server finishes the process of adding a host by performing
the following steps.
1 Searches the network for the specified managed host and identifies all the virtual machines on the managed
host.
2 Connects to the managed host.
If the wizard cannot connect to the managed host, the managed host is not added to the inventory.
3 Verifies that the managed host is not already being managed.
If the host is already being managed by another vCenter Server system, vCenter Server displays a message.
If the vCenter Server can connect to the managed host, but for some reason cannot remain connected, the
host is added, but is in a disconnected state.
4 Reads the number of processors on the managed host and allocates the appropriate number of licenses.
The number of processors is stored in the vCenter Server database and is verified upon each managed
host reconnection and vCenter Server system startup.
5 Verifies that the managed host version is supported.
If it is not, and the managed host version can be upgraded, vCenter Server prompts you to perform an
upgrade.
6 Imports existing virtual machines.
Disconnecting and Reconnecting a Host

You can disconnect and reconnect a host that is being managed by vCenter Server. Disconnecting a managed
host does not remove it from vCenter Server; it temporarily suspends all monitoring activities performed by
vCenter Server.
The managed host and its associated virtual machines remain in the vCenter Server inventory. By contrast,
removing a managed host from vCenter Server removes the managed host and all its associated virtual
machines from the vCenter Server inventory.
Disconnect a Managed Host

Use the vSphere Client to disconnect a managed host from vCenter Server.
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory and click the
managed host to disconnect.
2 Right-click the host and select Disconnect from the pop-up menu.
3 In the confirmation dialog box that appears, click Yes.
If the managed host is disconnected, the word “disconnected” is appended to the object name in
parentheses, and the object is dimmed. All associated virtual machines are similarly dimmed and labeled.
80 VMware, Inc.
Reconnect a Managed Host

Use the vSphere Client to reconnect a managed host to a vCenter Server system.
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory and click the
managed host to reconnect.
2 Right-click the host and select Connect from the pop-up menu.
When the managed host’s connection status to vCenter Server is changed, the statuses of the virtual
machines on that managed host are updated to reflect the change.
Reconnecting Hosts After Changes to the vCenter Server SSL Certificate

vCenter Server uses an SSL certificate to encrypt and decrypt host passwords stored in the vCenter Server
database. If the certificate is replaced or changed, vCenter Server cannot decrypt host passwords, and therefore
cannot connect to managed hosts.
If vCenter Server fails to decrypt a host password, the host is disconnected from vCenter Server. You must
reconnect the host and supply the login credentials, which will be encrypted and stored in the database using
the new certificate.
Remove a Host from a Cluster

When a host is removed from a cluster, the resources it provides are deducted from the total cluster resources.
The virtual machines deployed on the host are either migrated to other hosts within the cluster, or remain with
the host and are removed from the cluster, depending on the state of the virtual machines when the host is
removed from the cluster.
You can remove hosts from a cluster by selecting them in the inventory and dragging them to a new location
within the inventory. The new location can be a folder as a standalone host or another cluster.
Prerequisites
Before you can remove a host from a cluster, you must power off all virtual machines that are running on the
host, or migrate the virtual machines to a new host using VMotion.
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory.
2 Right-click the appropriate managed host icon in the inventory panel, and select Enter Maintenance Mode
from the pop-up menu.
3 In the confirmation dialog that appears, click Yes.
The host icon changes and the term “maintenance mode” is added to the name in parentheses.
4 Select the host icon in the inventory panel, and drag it to the new location.
The host can be moved to another cluster or another datacenter. When the new location is selected, a blue
box surrounds the cluster or datacenter name.
vCenter Server moves the host to the new location.
5 Right-click the host, and select Exit Maintenance Mode from the pop-up menu.
6 (Optional) Restart any virtual machines, as needed.
VMware, Inc. 81
Understanding Managed Host Removal

Removing a managed host from vCenter Server breaks the connection and stops all monitoring and managing
functions of that managed host and of all the virtual machines on that managed host. The managed host and
its associated virtual machines are removed from the inventory.
Historical data for removed hosts remains in the vCenter Server database.
Removing a managed host differs from disconnecting the managed host from vCenter Server. Disconnecting
a managed host does not remove it from vCenter Server; it temporarily suspends all vCenter Server monitoring
activities. The managed host and its associated virtual machines remain in the vCenter Server inventory.
Removing a managed host from vCenter Server does not remove the virtual machines from the managed host
or datastore. It removes only vCenter Server’s access to the managed host and virtual machines on that
managed host.
Figure 7-1 illustrates the process for removing a managed host from vCenter Server. In the example here, notice
the lost link between vCenter Server and the removed managed host, while the managed host files remain on
the datastore.
Figure 7-1. Removing a Host
1. Registered host and virtual machines
host A
VM1
VM2 VM1.dsk
VM2.dsk
vCenter
host B VM3.dsk
VM3
VM4.dsk
VM4
shared datastore
2. Remove host. Virtual machines stay on the host’s datastore.
host A
VM1
vCenter
VM2 VM1.dsk
VM2.dsk
host B VM3.dsk
VM3
VM4.dsk
VM4
shared datastore
Remove a Managed Host from vCenter Server

Remove a managed host from vCenter Server to stop all vCenter Server monitoring and management of that
host.
If possible, remove managed hosts while they are connected. Removing a disconnected managed host does
not remove the vCenter Server agent from the managed host.
82 VMware, Inc.
Prerequisites
Make sure NFS mounts are active. If NFS mounts are unresponsive, the operation fails.
Procedure
1 From the vSphere Client connected to a vCenter Server system, display the inventory.
2 (Optional) If the host is part of a cluster, you must put it in maintenance mode.
a Right-click the managed host in the inventory and select Enter Maintenance Mode from the pop-up
menu.
b On the confirmation dialog, click Yes.
The host icon changes and the term “maintenance mode” is added to the name in parentheses.
3 Right-click the appropriate host in the inventory panel, and select Remove from the pop-up menu.
4 In the confirmation dialog that appears, click Yes to remove the managed host.
vCenter Server removes the managed host and associated virtual machines from the vCenter Server
environment. vCenter Server then returns the status of all associated processor and migration licenses to
available.
Monitoring Host Health Status

You can use the vSphere Client to monitor the state of host hardware components, such as CPU processors,
memory, fans, and other components.
The host health monitoring tool allows you to monitor the health of a variety of host hardware components
including:
n CPU processors
n Memory
n Fans
n Temperature
n Voltage
n Power
n Network
n Battery
n Storage
n Cable/Interconnect
n Software components
n Watchdog
n Other
The host health monitoring tool presents data gathered using Systems Management Architecture for Server
Hardware (SMASH) profiles. The information displayed depends on the sensors available on your server
hardware.
You can monitor a host’s health status either by connecting the vSphere Client directly to a host, or by
connecting to a vCenter Server system. You can also set alarms to trigger when the host health status changes.
VMware, Inc. 83
Monitor Host Health Status When Connected Directly to a Host

When you connect the vSphere Client directly to a host, you can view the health status from the host’s
Configuration tab.
When you are connected to a host through vCenter Server, you must use the Hardware Status tab rather than
the Configuration tab to monitor the host health.
If a component is functioning normally, the status indicator is green. The status indicator changes to yellow
or red if a system component violates a performance threshold or is not functioning properly. Generally, a
yellow indicator signifies degraded performance. A red indicator signifies that a component stopped operating
or exceeded the highest threshold.
The Reading column displays the current values for the sensors. For instance, the column displays rotations
per minute (RPM) for fans and degrees Celsius for temperature.
Procedure
1 Log in to the host using the vSphere Client, and select the host in the inventory.
2 Click the Configuration tab, and click Health Status.
The sensor data appears in a tree. The root of the tree displays the overall host health status.
Monitor Host Health Status When Connected to vCenter Server

When you connect the vSphere Client to vCenter Server system, you can view the health status on the Hardware
Status tab.
When you are connected to a host through vCenter Server, you must use the Hardware Status tab rather than
the Configuration tab to monitor the host health.
Procedure
1 Log in to a vCenter Server system using the vSphere Client, and display the Hosts and Clusters view in
the inventory.
2 Select the host in the inventory and click the Hardware Status tab.
3 Select the type of information to view:

n To view all sensors arranged in a tree view, select Sensors from the View menu.
n To see only alerts and warnings, select Alerts and Warnings from the View menu.
n To view the system event log, select System Event Log from the View menu.
84 VMware, Inc.
Troubleshoot the Hardware Health Service

The Hardware Health service is a vCenter Server extension that uses an Internet Explorer Webbrowser control
to display information about host hardware health. Use the information in this topic to troubleshoot problems
with Hardware Health.
Procedure
u Take the appropriate action based on the observed problem.
Problem Action
The Hardware Status tab is not Select Plug-ins > Plug-in Manager and verify that the Hardware Status plug-
visible in the vSphere Client. in is enabled.
The Hardware Status tab displays This error appears when the client system is unable to resolve the domain
the following error message: the name of the vCenter Server system. Either fix the domain name resolution
remote name could not be problem, or edit the file C:\Program Files\VMware\Infrastructure
resolved <SERVER-NAME> where \VirtualCenter Server\extensions\cim-ui\extensions.xml on the
<SERVER-NAME> is the domain vCenter Server system and replace the vCenter Server domain name with its
name of the vCenter Server system. IP address.
The Hardware Status tab displays a Your Internet Explorer security settings are set too high. To change the
security alert. security settings:
a Launch Internet Explorer.
b Select Tools > Internet Options.
c Click the Security tab.
d Select the Local intranet Web content zone.
e Click Custom Level.
f Underneath Allow scripting of Internet Explorer Webbrowser
control, select Enable.
g Click OK to close the Security Settings dialog box, and click OK to close
the Internet Options dialog box.
VMware, Inc. 85
86 VMware, Inc.
Virtual Machine Management
VMware, Inc. 87
88 VMware, Inc.
Consolidating the Datacenter 8
VMware vCenter Guided Consolidation, recommended for smaller IT environments, enables you to streamline
your datacenter by moving business applications, spread across multiple disparate physical systems, into a
centrally managed virtual environment. Use the consolidation feature to start building your virtual
environment, or to further consolidate your datacenter as it grows.
Multiple virtual machines can be hosted on a single physical system, enabling more efficient use of computing
resources. Consolidating your datacenter involves the following process:
Find You search for and select the physical systems in your datacenter that you want
analyzed.
Analyze Selected physical systems are analyzed and performance data on each selected
system is collected. Generally, the longer the duration of the analysis phase,
the higher the confidence in the vCenter Server’s recommendations.
Consolidate Performance data is compared to the resources available on the virtual machine
host systems. The selected physical systems are converted to virtual machines
and imported into vCenter Server on the recommended hosts where they are
managed along with other components of your virtual environment.
Access the Guided Consolidation feature by clicking the Consolidation button.

n “Consolidation First Time Use,” on page 90
n “Consolidation Prerequisites,” on page 90
n “About Consolidation Services,” on page 93
n “Configuring Consolidation Settings,” on page 93
n “Find and Analyze Physical Systems,” on page 94
n “Viewing Analysis Results,” on page 95
n “Converting Physical Systems to Virtual Machines,” on page 95
n “Viewing Consolidation Tasks,” on page 96
n “Troubleshooting Consolidation,” on page 97
VMware, Inc. 89
Consolidation First Time Use

The first time you use the Consolidation feature, VMware recommends that you specify consolidation settings.
These settings include default system credentials and active domains.
Default system credentials enable you to store a set of credentials so that you do not have to enter them each
time you add systems for analysis. You can override default credentials when necessary.
Active domains enable you to register domains with the Consolidation feature. Active domains are scanned
daily so that newly added systems are readily available.
Consolidation Prerequisites
Guided Consolidation requires that at least one host is managed through vSphere. It also requires that you
provide credentials to the target physical systems.
Guided Consolidation can convert systems that are configured to any locale. Before you use the feature, ensure
that the following prerequisites are met:
Guided Consolidation Server Host Requirements

Guided Consolidation server must be installed on a host that meets the following system requirements:
n Located within the company's network and have access to target systems for performance data collection.
n The Guided Consolidation host must have a name that can be resolved from any machine on the network
n The Guided Consolidation host must have a static IP address.
n Located in a domain and can access the Active Directory server.
n One of the following operating systems installed:
n Windows 2003 Server SP2
n Windows XP Professional SP3
n Windows Server 2008 (Ensure that Computer Browser Windows Service is enabled)
n Windows Vista (Ensure that Computer Browser Windows Service is enabled)
n .NET Framework 3.0 SP1 installed
n Windows Management Instrumentation (WMI) and Remote Registry installed, enabled, and running on
host and all target systems
n Minimum 1000MHz CPU
n Minimum 1.8GB available RAM
n 3GB free disk space
n Authorized and able to connect to all the servers to be analyzed and consolidated using the protocols and
ports listed in the section below, “Network Connections,” on page 91.
n Access to general purpose ports that Windows uses for most of its communications for file/print sharing
and authentication
General Requirements
n The following operating systems on systems targeted for analysis are supported:
n Windows 2000 Professional/Server/Advanced
n Windows XP Professional (32 bit and 64 bit)
90 VMware, Inc.
Chapter 8 Consolidating the Datacenter
n Windows Server 2003 Standard/Web/Enterprise (32 bit and 64 bit)

n Windows Vista (32 bit and 64 bit)
n Windows Server 2008 (32 and 64 bit)
n Credentials with Log on as service privileges on the system where the Guided Consolidation server is
installed must be provided at the time of installation. If Active Directory is deployed on your network,
the provided credentials must also have sufficient privileges to query the Active Directory database.
n File and Printer Sharing must be enabled on the system where Guided Consolidation is installed and
enabled on all systems targeted for analysis. Windows XP Simple File Sharing is insufficient.
n Guided Consolidation extension must be installed, enabled, and running on the vSphere Client.
n At least one datacenter inventory object exists. See “Add an Inventory Object,” on page 73.
n At least one host is registered with vCenter Server. See “Add a Host,” on page 78.
n Guided Consolidation requires administrator access to the systems selected for analysis. Specifically, the
vCenter Collector Service uses these credentials to connect to and retrieve configuration and performance
data from the physical systems under analysis. Accounts must be fully-qualified and can be any of the
following:
n account of the target system.
n account of the target system domain.
n account of a trusted domain of the target system.
Network Connections
The Guided Consolidation server must have access to the ports listed in the Table 8-1.
Table 8-1. Network Connections

Port Protocol Service Description MS Windows
135 TCP/UDP Loc-srv/epmap Microsoft DCE DHCP Server

Locator service, also DNS Server
known as End-point WINS Server
Mapper.
137 TCP/UDP Netbios-ns NetBIOS names WINS Server

service. DNS Server
Firewall
administrators
frequently see larger
numbers of incoming
packets to port 137.
This is because of
Windows servers that
use NetBIOS (as well
as DNS) to resolve IP
addresses to names
using the
gethostbyaddr()
function. As users
behind the firewalls
visit Windows-based
Web sites, those
servers frequently
respond with
NetBIOS lookups.
VMware, Inc. 91
Table 8-1. Network Connections (Continued)

Port Protocol Service Description MS Windows
138 TCP/UDP Netbios-dgm NetBIOS datagram

Used by Windows, as
well as UNIX services
(such as SAMBA).
Port 138 is used
primarily by the SMB
browser service that
obtains Network
Neighborhood
information.
139 TCP/UDP Netbios-ssn NetBIOS Session

Windows File and
Printer sharing.
445 TCP/UDP DNS DNS Direct Hosting Active Directory

port.
In Windows 2000 and
Windows XP,
redirector and server
components now
support direct
hosting for
communicating with
other computers
running Windows
2000 or Windows XP.
Direct hosting does
not use NetBIOS for
name resolution.
DNS is used for name
resolution, and the
Microsoft networking
communication is
sent directly over
TCP without a
NetBIOS header.
Direct hosting over
TCP/IP uses TCP and
UDP port 445 instead
of the NetBIOS
session TCP port 139.
92 VMware, Inc.
About Consolidation Services

Guided Consolidation can be installed together with vCenter Server, or can be installed on a separate host. For
best performance, install Guided Consolidation on a separate host.
Guided Consolidation include the following services:
vCenter Collector Discovers domains and systems within domains. Collects performance data on
Service those systems.
vCenter Provider Helper service to vCenter Collector Service. Communicates with target systems
Service and passes the data back to vCenter Collector Service.
vCenter Guided Coordinates all communication among Guided Consolidation components.

Consolidation Saves the performance data collected by the vCenter Collector Service.
Analyzes the data and generates placement recommendations. Also
communicates with vCenter Server to perform conversion. Runs inside a
generic servlet container labeled VMware vCenter Management
Webservices. The services of other vCenter features and extensions might also
be present inside that servlet container.
Configuring Consolidation Settings

It is recommended that you specify Consolidation settings before using the feature. Consolidation settings are
located in the Configuration tab of the Guided Consolidation section of the vSphere Client.
The Configuration tab displays name, location, and health of Consolidation services. It also enables you to
configure the following settings:
Default system Used by Guided Consolidation to access target physical systems. If necessary,
credentials the default credentials can be overridden.
Active Domains Guided Consolidation automatically scans active domains and caches
information about the systems in them. This information is updated daily. If
you intend to add systems for analysis by selecting them from a domain, you
must specify the domain as Active.
Specify Default Credentials

Default credentials are used to access systems selected for analysis when no other administrator credentials
are specified.
Procedure
1 Click Change in the Default System Credentials area of the Configuration tab.
2 Enter a domain-qualified user name and password.
For example: DOMAIN\username.
3 Confirm the password and click OK.
VMware, Inc. 93
Specify Active Domains

Specifying a domain as Active populates the Add to Analysis dialog box with a list of systems on that domain.
That information is updated daily as long as the domain remains active.
VMware recommends that you leave domains where new systems are frequently added as Active and that
you remove domains that do not frequently change after their information has been cached. Because scanning
active domains is resource intensive, VMware also recommends that no more than 50 domains are
simultaneously active.
NOTE In some cases it can take the system several hours to collect a domain's containment information.
Procedure
1 From the vSphere Client Home page, select Guided Consolidation > Configuration.
2 Click Add in the Active Domains section.
3 Select the domains you want to make active.
4 Click OK.
Find and Analyze Physical Systems

The Add to Analysis dialog box enables you to find systems in your environment and add them for analysis,
to manually search for physical systems, or to select systems from the list of systems found in active domains.
You can select systems and add them for analysis.
You can add systems manually by entering a computer name, IP address or range of IP addresses, or file name.
Alternatively, you can select a domain - it must be active - and select systems found within that domain. You
can analyze up to 100 systems simultaneously.
NOTE After adding a system for analysis, it can take up to one hour before the status of the newly added
system changes from Collecting System Information to Analyzing.
Procedure
1 In the Analysis tab, click Add to Analysis.
2 Specify the systems you want to analyze.
Option Description
Manually specify the computers Provide computer names, IP addresses, a range of IP addresses, or path to a
file that contains the computer names or IP addresses of the systems you
want according to the following rules:
n Separate multiple computer names, or IP address, with a comma.
n Multiple IP ranges are not permitted.
n If you chose to use a file, each computer name or IP address must be on
a separate line in the file. The file must be accessible to the vSphere Client.
Select the computers by domains Select the systems you want to analyze.
3 Click Add to Analysis.
4 Select whether you want to use the configured default credentials, or whether you want to supply a
different set of credentials.
If you chose to override the default credentials, ensure that you enter a domain-qualified user name (for
example, DOMAIN\username) and password.
5 Click OK.
94 VMware, Inc.
Viewing Analysis Results

Analysis results are displayed in the Analysis tab.
When analysis is complete, the following information appears:

n Physical Computer – Displays the host name of the physical system being analyzed or imported.
n CPU Info – Displays the number of CPUs and their clock speed.
n Memory Info – Displays the amount of RAM on the system.
n Status – Displays the progress of the analysis.
n Confidence – Indicates the degree to which vCenter Server is able to gather performance data about the
system and how good a candidate the system is based on the available data.
n CPU Usage – Displays the system’s average CPU usage over time.
n Memory Usage – Displays the system’s average memory usage over time.
About the Confidence Metric

One important metric displayed in the Analysis tab is the Confidence metric. During the analysis phase,
performance data about each selected system is collected. This data is used to find a host with resources that
match the collected data to determine a recommendation for each candidate.
The recommendation indicates how well suited, based on the collected data, a candidate is to a particular
virtual machine host system. Confidence refers to the reliability of the recommendation and it is a function of
the duration of the analysis. Recommendations based on longer periods of analysis – and therefore more
performance data – receive a higher level of confidence.
NOTE After 24 hours of analysis, vCenter Server indicates a high level of confidence in its recommendations.
However, this can be misleading if a system’s workload varies significantly over weeks or months. To ensure
a high level of confidence in a recommendation, allow the duration of the analysis phase to encompass an
amount of time that includes representative peaks and troughs in the systems’ workload. Analysis can run up
to one month.
Converting Physical Systems to Virtual Machines

You can convert systems using auto-generated recommendations, or you can manually specify conversion
parameters.
About Disk Resizing

During the conversion process, physical disks are typically resized to conserve space on the datastore while
providing room for growth on the resultant virtual disk.
The following formula is used to resize converted disks:

amount of space used on physical disk * 1.25 = resultant virtual disk size
Virtual disks are set to a size of 4GB or larger.
VMware, Inc. 95
Convert Systems Manually

You can convert systems manually if you want to specify values other than the default values for the resultant
virtual machine's properties.
The option to convert systems manually is available only if the VMware Converter Enterprise Client is installed
and enabled on your vSphere Client. You can verify whether VMware Converter Enterprise Client is installed
and enabled through the Plug-in Manager.
Procedure
1 In the Analysis tab, right-click on a system and select Convert to Virtual Machine > Manually.
2 Complete the wizard to manually specify virtual machine properties.
Convert Systems Using Recommendations

Guided Consolidation recommendations are based on collected performance data and the capacity of available
hosts.
Procedure
1 In the Analysis tab, select the systems you want to consolidate and click Plan Consolidation.
2 Select a system.
3 (Optional) Change the name displayed in the Physical Computer column by double-clicking it and
entering a new name.
Your entry will be used as the name for the resultant virtual machine.
4 (Optional) Change destinations, if alternative destinations are available, by clicking in the Destinations
column and selecting a destination from the drop-down menu.
The number of stars displayed in the Destination Rating column indicate the degree to which the host
system can comfortably accommodate the estimated resource needs of the resultant virtual machine.
5 Click Consolidate.
A conversion task is instantiated.
What to do next
You can view task progress in the Recent Tasks pane. You view additional information about the task in the
Tasks tab.
Viewing Consolidation Tasks

A task is created for each system being converted.
Recent tasks are displayed in the Recent Tasks pane. The Tasks tab lists all consolidation tasks. You can view
detailed information about a task by selecting it. Information about events related to the selected task are
displayed in the Task Details pane.
You can filter the list of tasks by entering criteria in the search field and selecting any combination of the
following:
n Name
n Target
n Status
n Initiated by
96 VMware, Inc.
n Start Time
n Complete Time
Troubleshooting Consolidation
The topics in this section contain information about identifying and solving problems with Guided
Consolidation.
Negative Impact on vCenter Server Performance

Analyzing many systems simultaneously can impact vCenter Server performance.
Problem
Although up to 100 systems can be simultaneously analyzed, you might notice performance issues on the
vCenter Server that are due to running Guided Consolidation.
Cause
Analysis is resource intensive and can negatively impact vCenter Server performance.
Solution
Reduce the number of systems that are being analyzed. If necessary, you can either disable Guided
Consolidation or uninstall the Guided Consolidation Service. If you disable Guided Consolidation, collected
data is preserved and no further data is collected. If you uninstall the Guided Consolidation Service, the data
that has been collected will no longer be usable.
Windows Systems Not Discovered

Guided Consolidation does not discover some Windows systems.
Problem
Windows systems that match all of the following conditions will not be discovered by Guided Consolidation
and will not be listed as candidates for analysis:
n The system is not listed in Microsoft Windows Network. The following commands do not list the system:
NET VIEW
NET VIEW /DOMAIN:<the Workgroup or Domain the system belongs to>
n The system is listed in Active Directory but does not have the operatingSystem attribute defined. This can
happen if the system never synchronizes with the Active Directory to which it belongs or was improperly
configured.
Solution
n Enable the Computer Browser service on the machine where Guided Consolidation is installed and on
the systems that are not discovered.
n Ensure that the Log On As credentials for VMware vCenter Collector Provider Service met the
prerequisites as mentioned in “Consolidation Prerequisites,” on page 90.
n Manually enter the static IP address of the target system.
VMware, Inc. 97
Windows Operating Systems Prevent Guided Consolidation from Collecting

Performance Data
Problem
The default settings for some configurations of Windows XP, Windows Vista, and Windows Server 2008
prevent Guided Consolidation from collecting performance data against systems with those operating systems.
n The system is not listed in Microsoft Windows Network. The following commands do not list the system:
NET VIEW
NET VIEW /DOMAIN:<the Workgroup or Domain the system belongs to>
n The system is listed in Active Directory but does not have the operatingSystem attribute defined. This can
happen if the system never synchronizes with the Active Directory to which it belongs or was improperly
configured.
Solution
1 Set the Guided Consolidation target systems' Network access: Sharing and security model for local
accounts option to Classic - local users authenticate as themselves
3 Run either gpedit.msc or secpol.msc
4 In the left pane, select one of the following depending on which command you ran in the previous step:
a (gpedit.msc) Local Computer Policy > Computer Configuration > Windows Settings > Security
Settings > Local Policies > Security Options
b (secpol.msc) Security Settings > Local Policies > Security Options > Double-click on Network
access: Sharing and security model for local accounts.
c Double-click on Network access: Sharing and security model for local accounts. Ensure that Classic
- local users authenticate as themselves is selected.
5 Ensure the changed settings are applied.

n Restart VMware vCenter Collector Provider Service.
n Run gpupdate /force.
n Reboot the Guided Consolidation host system.
Available Domains List Remains Empty

Analyzing many systems simultaneously can impact vCenter Server performance.
Problem
The list of available domains remains empty for Guided Consolidation installed on Windows Server 2008 and
Windows Vista.
Cause
Some configurations of Windows Vista and Windows Server 2008 prevent Guided Consolidation from
discovering LAN Manager Workgroups. The Link-layer discovery protocol (LLDP), introduced in Windows
2008 Server, is not backward compatible with LAN Manager-based protocols and can not discover machines
with earlier operating systems if those systems do not have the appropriate drivers installed. Additionally,
Guided Consolidation does not use LLDP to perform discovery and will not find systems that can only be
discovered through that protocol, or when the Computer Browser Windows Service is not running.
98 VMware, Inc.
Solution
Ensure that the Computer Browser Windows Service is enabled on the Windows Vista or Windows Server
2008 system where Guided Consolidation is installed and that it is also enabled on all systems to be discovered.
Alternatively, manually enter the static IP address of the system to be analyzed.
Guided Consolidation Erroneously Reports Analysis Disabled

Under some conditions, temporary network errors can disable analysis on multiple systems.
Problem
Temporary network errors can sometimes cause Guided Consolidation to stop analysis on one or more systems,
even when the systems are reachable.
Solution
Right-click on the affected systems and select Resume Analysis.
Disable Guided Consolidation

You can disable Guided Consolidation.
Procedure
1 On the Guided Consolidation host system, open the Services control panel.
2 Stop theVMware vCenter Management Webservices (applicable when Guided Consolidation and
vCenter Server are not collocated), the VMware Collector for vCenter, and the VMware Provider for
vCenter services.
Uninstall Guided Consolidation

Uninstall Guided Consolidation to completely remove the feature. All collected data is also removed.
Procedure
1 Open the Add or Remove Programs control panel.
2 Remove vCenter Guided Consolidation for vCenter Server.

All vCenter Guided Consolidation services are removed.
CAUTION Do not uninstall the vCenter Collector Service alone. Doing so prevents Guided Consolidation from
operating and will require that you perform a clean installation of Guided Consolidation, which will delete
existing Guided Consolidation data.
VMware, Inc. 99
100 VMware, Inc.

Deploying OVF Templates 9
The VMware vSphere Client (vSphere Client) allows you to import and export virtual machines, virtual
appliances, and vApps stored in Open Virtual Machine Format (OVF). An appliance is a pre-configured virtual
machine that typically includes a preinstalled guest operating system and other software.
Deploying an OVF template allows you to add pre-configured virtual machines to your vCenter Server or ESX/
ESXi inventory. Deploying an OVF template is similar to deploying a virtual machine from a template.
However, you can deploy an OVF template from any local file system accessible from the vSphere Client
machine, or from a remote web server. The local file systems can include local disks (such as C:), removable
media (such as CDs or USB keychain drives), and shared network drives.
Exporting OVF templates allows you to create virtual appliances that can be imported by other users. You can
use the export function to distribute pre-installed software as a virtual appliance, or as a means of distributing
template virtual machines to users, including users who cannot directly access and use the templates in your
vCenter Server inventory.

n “About OVF,” on page 101
n “Deploy an OVF Template,” on page 101
n “Browse VMware Virtual Appliance Marketplace,” on page 103
n “Export an OVF Template,” on page 104
About OVF
OVF is a file format that allows for exchange of virtual appliances across products and platforms.
The OVF format offers the following advantages:

n OVF files are compressed, allowing for faster downloads.
n The vSphere Client validates an OVF file before importing it, and ensures that it is compatible with the
intended destination server. If the appliance is incompatible with the selected host, it cannot be imported
and an error message appears.
Deploy an OVF Template

You can deploy an OVF template from a local file system accessible to the vSphere Client machine, or from a
web URL.
NOTE To import a virtual machine that was created by another VMware product and is not in OVF format,
use the VMware vCenter Converter module. See the VMware Converter Enterprise for vCenter Server
documentation for more information.
VMware, Inc. 101

Procedure
1 In the vSphere Client, select File > Deploy OVF Template.
The Deploy OVF Template wizard appears.
2 Specify the source location and click Next.
Option Description
Deploy from File Browse your file system for an OVF or OVA template.
Deploy from URL Specify a URL to an OVF template located on the internet. Example: http://
vmware.com/VMTN/appliance.ovf
3 View the OVF Template Details page and click Next.
4 If license agreements are packaged with the OVF template, the End User License Agreement page appears.
Agree to accept the terms of the licenses and click Next.
5 (Optional) Edit the name and select the folder location within the inventory where the vApp will reside.
Click Next.
6 Select the deployment configuration from the drop-down menu and click Next.
The option selected typically controls the memory settings, number of CPUs and reservations, and
application-level configuration parameters.
NOTE This page of the wizard is only shown if the OVF template contains deployment options.
7 Select the host or cluster on which you want to deploy the OVF template and click Next.
8 Select the host on which you want to run the deployed OVF template, and click Next.
This page is only shown if the destination is a resource pool associated with a cluster with DRS disabled
or in manual mode.
9 Navigate to, and select the resource pool where you want to run the OVF template and click Next.
This page is only displayed if resource pools or clusters are configured on the host.
10 Select a datastore to store the OVF template file, and click Next.
Datastores are a unifying abstraction for storage locations such as Fibre Channel, iSCSI LUNs, or NAS
volumes. On this page, you select from datastores already configured on the destination cluster or host.
The virtual machine configuration file and virtual disk files are stored on the datastore. Select a datastore
large enough to accommodate the virtual machine and all of its virtual disk files.
11 For each network specified in the OVF template, select a network by right-clicking the Destination
Network column in your infrastructure to set up the network mapping and click Next.
12 On the IP Allocation page, configure how IP addresses are allocated for the virtual appliance and click
Next.
Option Description
Fixed You will be prompted to enter the IP addresses in the Appliance Properties
page.
Transient IP addresses are allocated from a specified range when the appliance is
powered on. The IP addresses are released when the appliance is powered
off.
DHCP A DHCP server is used to allocate the IP addresses.
This page is not shown if the deployed OVF template does not contain information about the IP scheme
it supports.
102 VMware, Inc.

Chapter 9 Deploying OVF Templates
13 Set the user-configurable properties and click Next.
The set of properties that you are prompted to enter depend on the selected IP allocation scheme. For
example, you are prompted for IP related information for the deployed virtual machines only in the case
of a fixed IP allocation scheme.
14 Review your settings and click Finish.
The progress of the import task appears in the vSphere Client Status panel.
Browse VMware Virtual Appliance Marketplace

Available vApps appear in the main panel.
To get to the Virtual Appliance Marketplace page, select File > Browse VA Marketplace from the main menu.
Procedure
u Select an available vApp and click Download Now
The OVF Template Details page appears.
VMware, Inc. 103

Export an OVF Template

You can export a virtual machine, virtual appliance, or vApp to OVF format to make it available to other users
to import into their inventory.
Procedure
1 Select the virtual machine or vApp and select File > Export > Export OVF Template.
2 In the Export OVF Template dialog, perform the following steps:

a Type the Name of the template.
For example, type MyVm
NOTE When exporting an OVF template with a name that contain asterisk (*) characters, those
characters turn into underscore characters (_).
b Enter the Directory location where the exported virtual machine template is saved, or click “...” to
browse for the location.
For example, C:\OvfLib\.
c In the Optimized for field, determine how you want to store the files.
Select Web (OVF) to store the OVF template as a set of files (.ovf, .vmdk, and .mf) This format is
optimal if you plan to publish the OVF files on a web server or image library. The package can be
imported, for example, into the vSphere client by publishing the URL to the .ovf file.
Select Physical Media (OVA) to package the OVF template into a single .ova file. This might be
convenient to distribute the OVF package as a single file if it needs to be explicitly downloaded from
a web site or moved around using a USB key.
d (Optional) To create a new folder for the OVF file, select the Create folder for OVF template checkbox.
For example, the following files might be created:

n C:\OvfLib\MyVm\MyVm.ovf
n C:\OvfLib\MyVm.mf
n C:\OvfLib\MyVm-disk1.vmdk
e (Optional) In Description, type a description for the virtual machine.
By default, the text from the Notes pane on the virtual machine’s Summary tab appears in this text
box.
The download process is shown in the Export window.
104 VMware, Inc.

Managing VMware vApp 10
You can use VMware vSphere as a platform for running applications, in addition to using it as a platform for
running virtual machines. The applications can be packaged to run directly on top of VMware vSphere. The
®
format of how the applications are packaged and managed is called VMware vApp.
A vApp is a container, like a resource pool and can contain one or more virtual machines. In addition, a vApp
also shares some functionality with virtual machines. A vApp can power on and power off, and can also be
cloned.
In the vSphere client, a vApp is both represented in the Host and Clusters view and the VM and Template
view. Each view has a specific summary page with the current status of the service and relevant summary
information, as well as operations on the service.
NOTE The vApp metadata resides in the vCenter Server's database, so a vApp can be distributed across multiple
ESX/ESXi hosts. This information can be lost if the vCenter Server database is cleared or if a standalone ESX/
ESXi host that contains a vApp is removed from vCenter Server. You should back up vApps to an OVF package
in order to avoid losing any metadata.
The distribution format for vApp is OVF.

n “Create a vApp,” on page 106
n “Populate the vApp,” on page 107
n “Edit vApp Settings,” on page 108
n “Configuring IP Pools,” on page 111
n “Clone a vApp,” on page 113
n “Power On a vApp,” on page 114
n “Power Off a vApp,” on page 114
n “Edit vApp Annotation,” on page 114
VMware, Inc. 105

Create a vApp
After you create a datacenter and add a clustered DRS-enabled host to your vCenter Server system, you can
create a vApp.
You may create a new vApp under the following conditions:

n A host is selected in the inventory that is running ESX 3.0 or greater.
n A DRS-enabled cluster is selected in the inventory.
vApps can be created on folders, hosts, resource pools, DRS-enabled clusters, and within other vApps.
Procedure
1 Start the New vApp Wizard on page 106

The New vApp wizard allows you to create a new vApp.
2 Name the vApp on page 106

The name you enter is used as the vApp’s display name in the inventory.
3 Select the vApp Destination on page 106

The destination is the host, cluster, resource pool, or vApp on which the vApp will run.
4 Allocate vApp Resources on page 107

Determine how much CPU and memory should be allocated for the vApp.
5 Complete the vApp Creation on page 107

The Ready to Complete page enables you to review the vApp’s configuration.
Start the New vApp Wizard

The New vApp wizard allows you to create a new vApp.
Procedure
u Select File > New > vApp to open the New vApp wizard.
Name the vApp

The name you enter is used as the vApp’s display name in the inventory.
The name can be up to 80 characters long. This name must be unique within the folder. .
Procedure
1 On the Name and Folder page, enter a name for the vApp.
2 Select a location in the inventory for the vApp.
If you are creating a vApp from within another vApp, the vApp Inventory Location selection is
unavailable.
3 Click Next.
Select the vApp Destination

The destination is the host, cluster, resource pool, or vApp on which the vApp will run.
NOTE This step does not appear if you create a vApp from a host, cluster, resource pool, or another vApp
within the inventory.
106 VMware, Inc.

Chapter 10 Managing VMware vApp
Procedure
1 On the Destination page, select a host, cluster, or resource pool where this vApp will run and click Next.
If you selected a DRS-enabled cluster and the cluster is in DRS manual mode, select the host as the
destination for the vApp.
The message in the Compatibility panel indicates whether the validation for this destination succeeded
or if a specific requirement was not met.
2 Click Next.
Allocate vApp Resources

Determine how much CPU and memory should be allocated for the vApp.
Procedure
1 In the Resource Allocation page, allocate CPU and memory resources for this vApp.
2 Click Next.
Complete the vApp Creation

The Ready to Complete page enables you to review the vApp’s configuration.
Procedure
1 Review the new vApp settings on the Ready to Complete page.
2 (Optional) Click Back to edit or change any settings.
3 Click Finish to create the new vApp.
Populate the vApp

Virtual machines and other vApps can be added to and removed from a vApp.
Once a vApp is created, you can populate it with virtual machines or another vApp.
Create an Object Inside the vApp

Within a vApp, you can create a new virtual machine, resource pool, or another vApp.
Procedure
1 In the inventory, select the vApp in which you want to create the object machine.
2 Select the menu option to create a specific object.
Inventory > vApp > New Virtual Machine Creates a new virtual machine inside the vApp. Complete
the Create New Virtual Machine wizard. See Chapter 11,
“Creating Virtual Machines,” on page 115 for instructions
on creating a new virtual machine.
Inventory > vApp > New Resource Pool Adds a resource pool inside the vApp. Complete the
Create Resource Pool window. See “Add a Cluster,
Resource Pool, Host, or Virtual Machine,” on page 73 for
instructions on adding a new resource pool.
Inventory > vApp > New vApp Creates a new vApp inside the currently selected vApp.
Complete the New vApp wizard. See “Create a vApp,” on
page 106 for instructions on creating a new vApp.
The new object appears as part of the vApp in the inventory.
VMware, Inc. 107

Add an Object to a vApp

You can add an object, such as a virtual machine or another vApp, to an existing vApp.
An existing virtual machine or another vApp that is not already contained inside the vApp can be moved into
the currently selected vApp.
Procedure
1 Display the object in the inventory.

2 Click and drag the object to the target object.
n If the move is permitted, a box appears around the target-object, indicating it is selected.
n If move is not permitted, a naught sign (zero with a slash) appears, and the object is not moved.
3 Release the mouse button.
Either the object moves to the new location or an error message indicates what needs to be done to permit
the move.
Edit vApp Settings

You can edit and configure several aspects of a vApp, including startup order, resources, and custom
properties.
Procedure
1 On the Summary page of the vApp, click Edit Settings.
2 Click the Options tab to edit or view the following vApp properties.
NOTE The IP allocation policy and properties are typically edited by the deployer, while the rest of the
settings are more advanced options typically edited by the vApp author.
3 Click the Start Up tab to edit vApp startup and shutdown options.
4 Click OK when finished.
Edit vApp Startup and Shutdown Options

You can change the order in which virtual machines within a vApp start up and shut down. You can also
specify delays and actions performed at startup and shutdown.
Procedure
2 In the Start Up tab of the Edit Service Settings window, select a virtual machine and use the arrow keys
to change the startup order. This order will also be used for shutdown.
3 Specify the delay and action for startup and shutdown for each virtual machine.
108 VMware, Inc.

Edit vApp Resources

You can edit the CPU and memory resource allocation for the vApp.
Procedure
2 Click Resources in the Options list.
3 Edit the CPU and memory resource allocation.

Edit vApp Properties

You can edit any vApp property that is defined in Advanced Property Configuration.
Procedure
2 Click Properties in the Options list.
3 Edit the vApp properties.
View vApp License Agreement

You may view the license agreement for this vApp.
Procedure
2 Click View License Agreement in the Options list.
Edit IP Allocation Policy

You can edit how IP addresses are allocated for the vApp.
Procedure
2 Click IP Allocation Policy in the Options list.
3 Select one of the following options.
Option Description
Fixed IP addresses are manually configured. No automatic allocation is performed.
Transient IP addresses are automatically allocated from a specified range when the
appliance is powered on. The IP addresses are released when the appliance
is powered off.
DHCP A DHCP server is used to allocate the IP addresses. The addresses assigned
by the DHCP server is visible in the OVF environments of virtual machines
started in the vApp.
VMware, Inc. 109

View Additional OVF Sections

View additional OVF sections which are not recognized by vCenter Server.
These additional OVF sections originate from the OVF deployment process that created this vApp. Most of
the OVF descriptors are distributed in various vApp settings, but these unrecognized sections are visible here
for reference.
Procedure

2 Click View Additional OVF Sections in the Options list.
Configure Advanced vApp Properties

You can edit and configure advanced settings, such as product and vendor information, custom properties,
and IP allocation.
Procedure
2 Click Advanced in the Options list.
3 Specify the settings. The settings are displayed on the summary page of the virtual machine. The following
settings can be set and configured:
n Product Name—the product name.
n Version—the version of the vApp.
n Full version—the full version of the vApp.
n Product URL—the product's URL. If a product URL is entered, a user can click the product name on
the virtual machine summary page and go to the product's web page.
n Vendor URL—the vendor's URL. If a vendor URL is entered, a user can click the vendor name on the
virtual machine summary page and go to the vendor's web page.
n Application URL—the application URL. If properties are used for specifying the virtual machine IP
address, a dynamic application URL can be entered that points to a web page exposed by running
the virtual machine. If you enter a valid application URL, the state of the virtual machine changes to
a clickable Available link once the virtual machine is running.
If the virtual machine is configured to use the property called webserver_ip and the virtual machine has a
web server, you can enter http://${webserver_ip}/ as the Application URL.
4 Click View to test the Product URL and Vendor URL.
5 Click Properties to edit the custom vApp properties.
6 Click IP Allocation to edit the supported IP allocation schemes of this vApp.
110 VMware, Inc.

Define OVF Environment Properties

You can view or modify the OVF environment properties for the vApp.
Procedure
3 Edit the product information within the appropriate fields.
If permissions are set to read-only, the fields cannot be edited.
4 Click Properties.
5 In Advanced Property Configuration, you may perform the following actions.

n Click New to add a new custom property.
n Select the property and click Edit to edit a property.
n Click Delete to delete a property.
Edit Advanced IP Allocation Properties

You can edit the IP allocation scheme for the vApp.
Procedure
3 Click IP Allocation.
4 In the Advanced IP Allocation dialog, you may perform the following actions.
n Select an IP allocation scheme.
n Specify the IP protocols supported by the vApp: IPv4, IPv6, or both.
Configuring IP Pools
IP pools provide a network identity to vApps. An IP pool is a network configuration that is assigned to a
network used by a vApp. The vApp can then leverage vCenter Server to automatically provide an IP
configuration to its virtual machines.
Specify an IP Address Range

You can set up an IP address range by specifying a host address range within a network.
IP pool ranges are configured with IPv4 and IPv6. These ranges are used by vCenter Server to dynamically
allocate IP addresses to virtual machines when a vApp is set up to use transient IP allocation.
Procedure
1 In the inventory, select the datacenter that contains the vApp.
2 In the IP Pools tab, right-click the IP pool you wish to edit and select Properties.
NOTE If no IP pools are present, click Add to add a new IP pool.
VMware, Inc. 111

3 In the Properties dialog, select the IPv4 or the IPv6 tab, depending on your IP protocol.
4 Enter the IP Subnet and Gateway in the respective fields.
5 (Optional) Select the Enable IP Pool check box.
You must enable this setting to specify an IP address range.
6 (Optional) Enter a comma-separated list of host address ranges in the Ranges field.
A range is specified as an IP address, a pound sign (#), and a number indicating the length of the range.
The gateway and the ranges must be within the subnet, but must exclude the gateway address.
For example, 10.20.60.4#10, 10.20.61.0#2 indicates that the IPv4 addresses can range from 10.20.60.4 to
10.209.60.13 and 10.20.61.0 to 10.20.61.1.
Select DHCP
You can specify that an IPv4 or IPv6 DHCP server is available on the network.
Procedure
3 In the Properties dialog, select the DHCP tab.
4 Select either the IPv4 DHCP Present or IPv6 DHCP Present check box to indicate that one of the DHCP
servers are available on this network.
Specify DNS Settings

Specify the DNS settings for the vApp.
Procedure

3 In the Properties dialog, select the DNS tab.
112 VMware, Inc.

4 Enter the DNS server information.
The servers are specified by IP addresses separated by a comma, semi-colon, or space.
The DNS information that can be set include:

n DNS Domain
n Host Prefix
n DNS Search Path
n IPv4 DNS Servers
n IPv6 DNS Servers
Specify a Proxy Server

Specify a proxy server for the vApp.
Procedure
3 In the Properties dialog, select the Proxy tab.
4 Enter the server name and port number for the proxy server.
The server name can optionally include a colon and a port number.
For example, web-proxy:3912 is a valid proxy server.
Clone a vApp
Cloning a vApp is similar to cloning a virtual machine.
Prerequisites
To clone a vApp, the vSphere Client must be connected to the vCenter Server system.
A host must be selected in the inventory that is running ESX 3.0 or greater, or a DRS-enabled cluster.
Procedure
1 Select the vApp in the inventory.
2 Select Inventory > vApp > Clone
Complete each page in Clone vApp the wizard.
3 Select the vApp destination and click Next.
4 Specify a Host and click Next.
NOTE This step is only available if you select a cluster that is in DRS manual mode.
5 Name the vApp and click Next.
6 Select a datastore and click Next.
VMware, Inc. 113

7 (Optional) Select a network and click Next.
8 Complete the vApp clone.
Power On a vApp
Each application within the service will be powered on according to how the startup order is set.
When powering on a vApp within a DRS cluster in manual mode, no DRS recommendations are generated
for virtual machine placements. The power on operation performs as if DRS is run in a semi-automatic or
automatic mode for the initial placements of the virtual machines. This does not affect VMotion
recommendations. Recommendations for individual powering on and powering off of virtual machines are
also generated for vApps that are running.
Procedure
u In the Summary page for the service, click Power On.
If a delay is set in the start up settings, the vApp waits for the set length of time before powering up that
virtual machine.
In the Summary tab, the status indicates when the vApp has started and is available. Links to the product and
vendor Web sites are also found under General.
Power Off a vApp

Each application within the service will be powered off according to how the shutdown order is set.
Procedure
u In the Summary page for the service, click Power Off.
If a delay is set in the shutdown settings, the vApp waits for the set length of time before powering down
that virtual machine.
Edit vApp Annotation

You can add or edit notes for a particular vApp.
Procedure
1 Select the vApp in the inventory.
2 Click the Summary tab for the vApp.
3 In the Annotations box, click Edit.
4 Enter text in the Edit Service Annotation window.
5 Click OK.
114 VMware, Inc.

Creating Virtual Machines 11
This section discusses how to create virtual machines through the New Virtual Machine Wizard.

n “Access the New Virtual Machine Wizard,” on page 115
n “Select a Path Through the New Virtual Machine Wizard,” on page 116
n “Enter a Name and Location,” on page 116
n “Select a Resource Pool,” on page 116
n “Select a Datastore,” on page 117
n “Select a Virtual Machine Version,” on page 117
n “Select an Operating System,” on page 117
n “Select the Number of Virtual Processors,” on page 117
n “Configure Virtual Memory,” on page 118
n “Configure Networks,” on page 118
n “About VMware Paravirtual SCSI Adapters,” on page 118
n “Select a SCSI Adapter,” on page 119
n “Selecting a Virtual Disk Type,” on page 119
n “Complete Virtual Machine Creation,” on page 122
n “Installing a Guest Operating System,” on page 122
n “Installing and Upgrading VMware Tools,” on page 122
Access the New Virtual Machine Wizard

Use the New Virtual Machine Wizard to create a new virtual machine.
Procedure
1 In the vSphere Client, select one of the following objects.

n Hosts
n Virtual machine folders
2 Select File > New > Virtual Machine.
VMware, Inc. 115

Select a Path Through the New Virtual Machine Wizard

The Typical path shortens the process by skipping some choices that rarely need changing from their defaults.
This path includes the following steps:
1 “Enter a Name and Location,” on page 116
2 “Select a Resource Pool,” on page 116
3 “Select a Datastore,” on page 117

4 “Select an Operating System,” on page 117
5 “Create a Virtual Disk,” on page 120
The Custom path provides more flexibility and options. This path includes the following steps.
1 “Enter a Name and Location,” on page 116
2 “Select a Resource Pool,” on page 116
3 “Select a Datastore,” on page 117
4 “Select a Virtual Machine Version,” on page 117
5 “Select an Operating System,” on page 117
6 “Select the Number of Virtual Processors,” on page 117
7 “Configure Virtual Memory,” on page 118
8 “Configure Networks,” on page 118
9 “Select a SCSI Adapter,” on page 119
10 “Selecting a Virtual Disk Type,” on page 119
Enter a Name and Location

The name you enter is used as the virtual machine’s display name in the inventory. It is also used as the name
of the virtual machine’s files.
The name can be up to 80 characters long. This name must be unique within the folder. Names are case-
insensitive: the name my_vm is identical to My_Vm.
Procedure
1 In the Name and Location screen of the New Virtual Machine wizard, enter a name.
2 Select a folder or the root of the datacenter.
3 Click Next.
Select a Resource Pool

The resource pool option is available when resource pools are configured on the host.
Procedure
1 Navigate to the resource pool where you want to run the virtual machine.
2 Select it and click Next.
116 VMware, Inc.

Chapter 11 Creating Virtual Machines
Select a Datastore
Select a datastore that will contain the virtual machine and its virtual disk files.
For ESX/ESXi hosts, the datastores are configured on that host, including FC, NAS, and iSCSI volumes.
Procedure
u Select a datastore large enough to hold the virtual machine and all of its virtual disk files and click Next.
Select a Virtual Machine Version

If the host or cluster where you chose to locate the virtual machine supports more than one VMware virtual
machine version, you have the option to select a version for your virtual machine.
Select one of the following versions:

n Virtual machine version 4 — Compatible with ESX 3.0 and greater hosts and VMware Server 1.0 and
greater hosts. Recommended for virtual machines that need to run on ESX 3.x hosts and for virtual
machines that must share virtual hard disks with other version 4 virtual machines.
n Virtual machine version 7 — Compatible with ESX 4.0 and greater hosts. Provides greater virtual machine
functionality. Recommended for virtual machines that do not need to migrate to ESX 3.x hosts.
Select an Operating System

The guest operating system you select affects the supported devices and number of virtual CPUs available for
See the Guest Operating System Installation Guide for details.
The wizard does not install the guest operating system for you. The New Virtual Machine wizard uses this
information to select appropriate default values, such as the amount of memory needed.
Procedure
1 Select one of the following operating system families:

n Microsoft Windows
n Linux
n Novell NetWare
n Solaris
n Other
2 If you select Other, enter a display name for your operating system.
Select the Number of Virtual Processors

VMware Virtual SMP™ is required to power on multiprocessor virtual machines. The number of licensed
CPUs on the host and the number of processors supported by the guest operating system limit the number of
virtual processors you can create.
The Virtual CPUs page appears for multiprocessor hosts.
Procedure
u Select the number of processors from the drop-down menu.
VMware, Inc. 117

Configure Virtual Memory

Select the virtual memory size on the Configure Virtual Memory page.
Minimum memory size is 4MB. Maximum memory size depends on the host. The memory size must be a
multiple of 4MB. The maximum for best performance represents the threshold above which the host’s physical
memory is insufficient to run the virtual machine at full speed. This value fluctuates as conditions on the host
change (as virtual machines are powered on or off, for example).
Procedure
u Select a size for the virtual memory by using the slider or by selecting the number using the up and down
arrows.
Configure Networks
Select the number of NICs for the virtual machine on the Configure Networks page.
Exercise caution when you configure a virtual machine to connect to multiple networks. Because virtual
machines share their physical network hardware with the host, the accidental or malicious bridging of two
networks by a virtual machine can occur. Spanning Tree protocol cannot protect against these occurrences.
Procedure
1 Select the number of network interface cards (NICs) you want to create on the virtual machine.
2 For each NIC, select a network, adapter type, and whether you want the NIC to connect when the virtual
machine is powered on.
About VMware Paravirtual SCSI Adapters

Paravirtual SCSI (PVSCSI) adapters are high-performance storage adapters that can result in greater
throughput and lower CPU utilization. Paravirtual SCSI adapters are best suited for high performance storage
environments. Paravirtual SCSI adapters are not suited for DAS environments. VMware recommends that you
create a primary adapter (LSI Logic by default) for use with a disk that will host the system software (boot
disk) and a separate PVSCSI adapter for the disk that will store user data, such as a database.
Paravirtual SCSI adapters are available for virtual machines running hardware version 7 and greater. They are
supported on the following guest operating systems:
n Windows Server 2008
n Red Hat Linux (RHEL) 5
The following features are not supported with Paravirtual SCSI adapters:
n Boot disks
n Record/Replay
n Fault Tolerance
n MSCS Clustering
118 VMware, Inc.

Paravirtual SCSI adapters have the following limitations:

n Hot-add and Hot-remove requires a bus rescan from within the guest.
n (Windows guests) In the Computer Management console, right-click Storage > Disk Management
and select Rescan Disks.
n (Linux guests) See the Red Hat Linux Web site for the most current instructions.
n Disks on Paravirtual SCSI adapters might not experience performance gains if they have snapshots or if
memory on the ESX host is over committed.
n If you upgrade from RHEL 5 to an unsupported kernel, you might not be able to access data on the disks
attached to a Paravirtual SCSI adapter. To regain access to such disks, run the VMware Tools configuration
(vmware-config-tools.pl) with kernel-version parameter and pass the kernel version after the kernel is
upgraded and before the virtual machine is rebooted. Run uname -r to determine the version of the running
kernel.
Select a SCSI Adapter

The Select SCSI Controller Type page enables you to select one of the following types of SCSI controllers. The
choice of SCSI controller does not affect whether your virtual disk is an IDE or SCSI disk.
The IDE adapter is always ATAPI. The default for your guest operating system is already selected. Older guest
operating systems default to the BusLogic adapter.
If you create an LSI Logic virtual machine and add a virtual disk that uses BusLogic adapters, the virtual
machine boots from the BusLogic adapters disk. LSI Logic SAS is available only for virtual machines with
hardware version 7. Disks with snapshots might not experience performance gains when used on LSI Logic
SAS and LSI Logic Parallel adapters.
Procedure
u Choose one of the following SCSI controller types:
n BusLogic Parallel
n LSI Logic SAS
n LSI Logic Parallel
n VMware Paravirtual
Selecting a Virtual Disk Type

A virtual disk comprises one or more files on the file system that appear as a single hard disk to the guest
operating system. These disks are portable among hosts.
You can select among the following options:

n “Create a Virtual Disk,” on page 120
n “Use an Existing Virtual Disk,” on page 120
n “Create Raw Device Mappings,” on page 121
n “Do Not Create a Disk,” on page 121
VMware, Inc. 119

About Virtual Disk Formats

When you perform certain virtual machine management operations, such as create a virtual disk, clone a virtual
machine to a template, or migrate a virtual machine, you can specify a format for the virtual disk file.
The following disk formats are supported. You cannot specify the disk format if the disk resides on an NFS
datastore. The NFS server determines the allocation policy for the disk.
Thin Provisioned Format Use this format to save storage space. For the thin disk, you provision as much
datastore space as the disk would require based on the value you enter for the
disk size. However, the thin disk starts small and at first, uses only as much
datastore space as the disk actually needs for its initial operations.
NOTE If a virtual disk supports clustering solutions such as Fault Tolerance,

you cannot make the disk thin.
If the thin disk needs more space later, it can grow to its maximum capacity
and occupy the entire datastore space provisioned to it. Also, you can manually
convert the thin disk into thick.
Thick Format This is the default virtual disk format. The thick virtual disk does not change
its size and from the very beginning occupies the entire datastore space
provisioned to it. Thick format does not zero out the blocks in the allocated
space. It is not possible to convert the thick disk into thin.
Create a Virtual Disk

When you create a new disk, you can specify disk properties such as size, format, clustering features, and more.
Procedure
1 Specify the size of the disk in Megabytes, Gigabytes, or Terabytes.
You can change the size of the disk later, and add additional disks Virtual Machine Properties dialog box.
2 (Optional) If you want your disk to be in thin format, select Allocate and commit space on demand (Thin
Provisioning).
3 (Optional) If you want to use clustering features, select Support clustering features such as Fault
Tolerance.
4 Specify whether you want to store the virtual disk file on the same datastore as the virtual machine files,
or whether you want to store them on a separate datastore.
Use an Existing Virtual Disk

You can use an existing virtual disk.
Procedure
1 Browse to a virtual disk file, and click OK.
2 (Optional) Configure advanced options:

n Select a virtual device node.
n Enable Independent mode and select whether you want changes to the disk to persist, or whether
you want changes to be discarded when the virtual machine is powered off or reverted to a snapshot.
120 VMware, Inc.

Create Raw Device Mappings

For virtual machines running on an ESX/ESXi host, instead of storing virtual machine data in a virtual disk
file, you can store the data directly on a SAN LUN. This is useful if you are running applications in your virtual
machines that must know the physical characteristics of the storage device. Additionally, mapping a SAN LUN
allows you to use existing SAN commands to manage storage for the disk.
When you map a LUN to a VMFS volume, vCenter Server creates a file that points to the raw LUN.
Encapsulating disk information in a file allows vCenter Server to lock the LUN so that only one virtual machine
can write to it.
NOTE This file has a .vmdk extension, but the file contains only disk information describing the mapping to
the LUN on the ESX/ESXi system. The actual data is stored on the LUN.
You cannot deploy a virtual machine from a template and store its data on a LUN. You can only store its data
in a virtual disk file.
Procedure
1 Select a target LUN.
2 Select whether you want to store the LUN mapping file on the same datastore as the virtual machine files,
or whether you want to store them on a separate datastore.
3 Select a datastore.
4 Select a compatibility mode.
5 (Optional) Configure advanced options by selecting a virtual device node.
Virtual Disk Compatibility Modes

Virtual disk compatibility modes provide flexibility in how Raw Device Mappings (RDM) function.
Virtual Compatibility Mode
Virtual mode for an RDM specifies full virtualization of the mapped device. It appears to the guest operating
system exactly the same as a virtual disk file in a VMFS volume. The real hardware characteristics are hidden.
Virtual mode enables you to use VMFS features such as advanced file locking and snapshots. Virtual mode is
also more portable across storage hardware than physical mode, presenting the same behavior as a virtual disk
file. When you clone the disk, make a template out of it, or migrate it (if the migration involves copying the
disk), the contents of the LUN are copied into a virtual disk (.vmdk) file.
Physical Compatibility Mode
Physical mode for the RDM specifies minimal SCSI virtualization of the mapped device, allowing the greatest
flexibility for SAN management software. In physical mode, the VMkernel passes all SCSI commands to the
device, with one exception: the REPORT LUNs command is virtualized, so that the VMkernel can isolate the
LUN for the owning virtual machine. Otherwise, all physical characteristics of the underlying hardware are
exposed. Physical mode is useful to run SAN management agents or other SCSI target based software in the
virtual machine. Physical mode also allows virtual-to-physical clustering for cost-effective high availability. A
LUN configured for physical compatibility cannot be cloned, made into a template, or migrated if the migration
involves copying the disk.
Do Not Create a Disk

When you create a virtual machine, you can select not to create a virtual disk.
Select this option if you want to create a virtual machine without a disk, or if you want to add disks to the
virtual machine later using the Virtual Machine Properties dialog box.
VMware, Inc. 121

Procedure
u Select Do not create a disk.
Complete Virtual Machine Creation

The Ready to Complete page enables you to review your virtual machine’s configuration.
To perform additional configuration before completing the virtual machine, select the Edit the virtual machine
settings before completion check box and click Next.
Before you can use your new virtual machine, you must first partition and format the virtual drive, install a
guest operating system, then install VMware Tools. Typically, the operating system’s installation program
handles partitioning and formatting the virtual drive.
Installing a Guest Operating System

Installing a guest operating system inside your virtual machine is essentially the same as installing it on a
physical computer.
The basic steps for a typical operating system are described in this section. See Guest Operating System Installation
Guide for more information on individual guest operating systems.
NOTE It might be necessary to change the boot order in the virtual machine’s BIOS settings. However,
sometimes a virtual machine’s boot sequence progresses too quickly for a user to open a console to the virtual
machine and enter BIOS setup. If this happens, select the Boot Options option on the Options tab of the Virtual
Machine Properties dialog box, and select The next time the virtual machine boots, force entry into the BIOS
setup screen. The virtual machine will enter the BIOS setup the next time it boots.
Install a Guest Operating System from Media

You can install a guest operating system from ISO or CD-ROM.
Procedure
1 Using the vSphere Client, log into the vCenter Server system or host on which the virtual machine resides.
2 Insert the installation CD-ROM for your guest operating system, or create an ISO image file from the
installation CD-ROM.
Using an ISO image is faster than using a CD-ROM.
3 Use the Virtual Machine Settings editor to connect the virtual machine’s CD-ROM drive to the ISO image
file and power on the virtual machine.
4 To power on your virtual machine, click the Power On button.
When a virtual machine is powered on, a green right arrow appears next to the virtual machine icon in
the inventory list.
5 Follow the installation instructions provided by the operating system vendor.
Installing and Upgrading VMware Tools

VMware Tools is a suite of utilities that enhances the performance of the virtual machine’s guest operating
system and improves management of the virtual machine.
Installing VMware Tools in the guest operating system is vital. Although the guest operating system can run
without VMware Tools, you lose important functionality and convenience.
122 VMware, Inc.

When you install VMware Tools, you install:

n The VMware Tools service (VMwareService.exe on Windows guests or vmware-guestd on Linux and Solaris
guests). This service synchronizes the time in the guest operating system with the time in the host operating
system. On Windows guests, it also controls grabbing and releasing the mouse cursor.
n A set of VMware device drivers, including an SVGA display driver, the vmxnet networking driver for some
guest operating systems, the BusLogic SCSI driver for some guest operating systems, the memory control
driver for efficient memory allocation between virtual machines, the sync driver to quiesce I/O for
Consolidated Backup, and the VMware mouse driver.
n The VMware Tools control panel, which lets you modify settings, shrink virtual disks, and connect and
disconnect virtual devices.
n A set of scripts that helps you to automate guest operating system operations. The scripts run when the
virtual machine’s power state changes if you configure them to do so.
n The VMware user process (VMwareUser.exe on Windows guests or vmware-user on Linux and Solaris
guests), which enables you to copy and paste text between the guest and managed host operating systems.
On Linux and Solaris guests, this process controls grabbing and releasing the mouse cursor when the
SVGA driver is not installed.
The VMware Tools user process is not installed on NetWare operating systems. Instead, the vmwtool
program is installed. It controls the grabbing and releasing of the mouse cursor. It also allows you copy
and paste text.
You can optionally install WYSE Multimedia Redirector, which improves streaming video performance in
Windows guest operating systems running on WYSE thin client devices.
The installers for VMware Tools for Windows, Linux, Solaris, and NetWare guest operating systems are built
into ESX/ESXi as ISO image files. An ISO image file looks like a CD-ROM to your guest operating system and
even appears as a CD-ROM disc in Windows Explorer. You do not use an actual CD-ROM disc to install
VMware Tools, nor do you need to download the CD-ROM image or burn a physical CD-ROM of this image
file.
When you choose to install VMware Tools, vCenter Server temporarily connects the virtual machine’s first
virtual CD-ROM disk drive to the ISO image file that contains the VMware Tools installer for your guest
operating system. You are ready to begin the installation process.
Limitations
VMware Tools has the following limitations:
n Shrink disk is not supported.
n For Microsoft Windows NT, the default scripts for suspend and resume do not work.
n The mouse driver installation fails in X windows versions earlier than 4.2.0.
NOTE If you do not have VMware Tools installed in your virtual machine, you cannot use the shutdown or
restart options. You can use only the Power options. If you want to shut down the guest operating system,
shut it down from within the virtual machine console before you power off the virtual machine.
VMware, Inc. 123

Install VMware Tools on a Windows Guest

Install the most recent version of VMware Tools to enhance the performance of the virtual machine's guest
To determine the status of VMware Tools, select the virtual machine and click the Summary tab. The VMware
Tools label indicates whether VMware Tools is installed and current, installed and not current, or not installed.
NOTE During VMware Tools installation, a Windows guest operating system might display a message
indicating that the package has not been signed. If this message appears, click Install Anyway to continue the
installation.
Prerequisites
Procedure
necessary.
4 Select Interactive Tools Installation and click OK.
This step initiates the installation process by mounting the VMware Tools bundle on the guest operating
system.
5 If the New Hardware wizard appears go through the wizard and accept the defaults.
6 In the virtual machine console, do one of the following:

n If autorun is enabled, click OK to confirm that you want to install VMware Tools and launch the
n If autorun is not enabled, manually launch the VMware Tools installer, by clicking Start > Run and
entering D:\setup.exe, where D: is your first virtual CD-ROM drive.
7 Follow the onscreen instructions.
8 Reboot for the changes take effect.
What to do next
n Verify the status of VMware Tools by checking the VMware Tools label on the virtual machine Summary
tab. The VMware Tools label should display the word OK.
n For Windows 2000 and above, VMware Tools installs the VmUpgradeHelper tool to restore the network
configuration. From the Windows guest opertating system, start the VmUpgradeHelper service.
Install VMware Tools on a Linux Guest from the X Window System

Install the latest version of VMware Tools to enhance the performance of the virtual machine’s guest operating
system and improve virtual machine management.
Before you install or upgrade VMware Tools on a virtual machine, determine the status of VMware Tools. To
do this, select the virtual machine and click the Summary tab. The VMware Tools label indicates whether
VMware Tools is installed and current, installed and not current, or not installed.
124 VMware, Inc.

Prerequisites
Procedure
necessary.
system.
5 Do one of the following:

n From the desktop, double-click the VMware Tools CD icon or the file manager window and double-
click the RPM installer.
n If the VMware Tools CD icon or file manager window does not appear, install VMware Tools from
the command line.
6 When prompted, enter the root password and click OK.
The installer prepares the packages.
7 Click Continue when the installer presents a dialog box that shows Completed System Preparation.
When the installer is done, VMware Tools is installed. There is no confirmation or finish button.
8 In a terminal window, as root (su -), run the following command to configure VMware Tools: vmware-
config-tools.pl
Respond to the questions the installer displays on the screen. Press Enter to accept the default values if
appropriate for your configuration.
9 Exit from the root account by issuing the exit command.
What to do next
Verify the status of VMware Tools by checking the VMware Tools label on the virtual machine Summary tab.
The VMware Tools label should display the word OK.
Install VMware Tools on a Linux Guest with the Tar Installer

Before you install or upgrade VMware Tools on a virtual machine, determine the status of VMware Tools.
Select the virtual machine and click the Summary tab. The VMware Tools label indicates whether VMware
Tools is installed and current, installed and not current, or not installed.
Prerequisites
VMware, Inc. 125

Procedure
necessary.
system.
mkdir /mnt/cdrom

use the mount and umount commands in this procedure.
cd /tmp
7 Change to a working directory (for example, /tmp).

cd /tmp
8 If you have a previous installation, delete the previous vmware-tools-distrib directory.

9 List the contents of the /mnt/cdrom/ directory, and note the filename of the VMware Tools tar installer.
ls /mnt/cdrom
10 Uncompress the tar installer.

tar zxpf /mnt/cdrom/VMwareTools-4.0.0-<xxxxxx>.tar.gz
Where <xxxxxx> is the build/revision number of the ESX/ESXi release.
If you attempt to install a tar installation over an rpm installation, or the reverse, the installer detects the

umount /dev/cdrom
12 Run the VMware Tools tar installer.

./vmware-install.pl
For each configuration question, press Enter to accept the default value.
13 Log off the root account.

exit
126 VMware, Inc.

What to do next
After you install or upgrade VMware Tools on a virtual machine, verify the status of VMware Tools by checking
the VMware Tools label on the virtual machine Summary tab. The VMware Tools label should display the
word OK.
Install VMware Tools on a Linux Guest with the RPM Installer

Install VMware Tools to the latest version to enhance the performance of the virtual machine’s guest operating
NOTE RPM packages are not available with the ESXi installer. Only the tar package is available for ESXi hosts.
Prerequisites
The following items are prerequisites for completing this procedure:

Procedure
necessary.
system.
mkdir /mnt/cdrom
use the mount and umount commands in this procedure.
cd /tmp

cd /tmp
8 If you have a previous installation, delete the previous vmware-tools-distrib directory:

9 List the contents of the /mnt/cdrom/ directory, and note the filename of the VMware Tools rpm installer:
ls /mnt/cdrom
VMware, Inc. 127

10 Uncompress the rpm installer:

rpm -Uhv /mnt/cdrom/VMwareTools-4.0.0-<xxxxxx>.i386.rpm
Where <xxxxxx> is the build/revision number of the ESX/ESXi release.
If you attempt to install an rpm installation over a tar installation, or the reverse, the installer detects the

umount /dev/cdrom
12 Double-click the RPM installer file and step through the installation.
13 Run the ./usr/bin/vmware-config-tools.pl script to configure tools.
14 Log off the root account:

exit
What to do next
After you install or upgrade VMware Tools on a virtual machine, verify the status of VMware Tools by checking
the VMware Tools label on the virtual machine Summary tab. The VMware Tools label should display the
word OK.
Install VMware Tools on a Solaris Guest

Prerequisites
Procedure
necessary.
system.
5 In the virtual machine console, log in as root (su -) and, if necessary, mount the VMware Tools virtual
CD-ROM image, as follows.
Usually, the Solaris volume manager mounts the CD-ROM under /cdrom/vmwaretools. If the CD-ROM is
not mounted, restart the volume manager using the following commands.
/etc/init.d/volmgt stop
/etc/init.d/volmgt start
128 VMware, Inc.

6 After the CD-ROM is mounted, change to a working directory (for example, /tmp) and extract VMware
Tools.
cd /tmp
gunzip -c /cdrom/vmwaretools/vmware-solaris-tools.tar.gz | tar xf -
7 Run the VMware Tools tar installer.

./vmware-install.pl
Respond to the configuration questions on the screen. Press Enter to accept the default values.
8 Log off of the root account.

exit
What to do next
Install VMware Tools on a NetWare Guest

Install or upgrade VMware Tools to the latest version to enhance the performance of the virtual machine’s
guest operating system and improve virtual machine management.
Before you upgrade VMware Tools on a virtual machine, determine the status of VMware Tools. To do this,
select the virtual machine and click the Summary tab. The VMware Tools label indicates whether VMware
Tools is installed and current, installed and not current, or not installed.
Prerequisites
Procedure
necessary.
system.
5 In the virtual machine console, load the CD-ROM driver so the CD-ROM device mounts the ISO image
as a volume. To open the Netware Server Console, select Novell > Utilities > Server Console.

n In the NetWare 6.5 Server Console, enter: LOAD CDDVD.
n In the NetWare 6.0 or NetWare 5.1 Server Console, enter: LOAD CD9660.NSS.
7 In the Server Console, enter the following command.

vmwtools:\setup.ncf
When the installation finishes, the message VMware Tools for NetWare are now running appears in the Logger
Screen (NetWare 6.5 and NetWare 6.0 guests) or the Console Screen (NetWare 5.1 guests).
VMware, Inc. 129

What to do next
Display the VMware Tools Properties Dialog Box

Use the VMware Tools Properties dialog box to configure VMware Tools inside your virtual machine.
Instructions for displaying this dialog box vary, depending on the guest operating system.
Use this dialog box to configure time synchronization between host and guest, notifications of VMware Tools
updates (for Windows and Linux guests only), and specifying which scripts to run when the virtual machine’s
power state changes.
Procedure
n On a Windows guest: Open a console to the virtual machine and double-click the VMware Tools icon in
the system tray from inside the guest operating system.
n On a Linux or Solaris guest: Open a console to the virtual machine and open a terminal window and enter
the command:
/usr/bin/vmware-toolbox &
n On a NetWare guest: Select Novell > Settings > VMware Tools for NetWare.
VMware Tools Upgrades

You can upgrade VMware Tools manually, or you can configure virtual machines to check for and install newer
versions of VMware Tools
The following are required for automatic upgrades:

n Virtual machines must have a version of VMware Tools shipped with ESX Server 3.0.1 or greater installed.
n Virtual machines must be hosted on an ESX Server 3.0.1 or greater, and the vCenter Server must be version
2.0.1 or greater.
n Virtual machines must be running a Linux or Windows guest OS that is supported by ESX Server 3.0.1 or
greater and vCenter Server 2.0.1 or greater.
n Virtual machines must be powered on.
Upgrade VMware Tools Manually

You can manually upgrade VMware Tools.
Procedure
1 Launch the vSphere client and log in to the vCenter Server system.
2 Select the Inventory > Hosts and Clusters view.
3 Select the host or cluster that contains the virtual machines you want to upgrade.
4 Select the Virtual Machines tab.
5 Select the virtual machines you want to upgrade and power them off.
6 Right-click your selections and select Install/Upgrade Tools.
130 VMware, Inc.

7 (Optional) Enter command-line options in the Advanced field.
Command-line options for Linux are documented in the Linux installer for Linux Tools. Command-line
options for Windows are documented in the MSI for Windows Tools and at the following Wikipedia entry:
http://en.wikipedia.org/wiki/Windows_Installer .
8 Click OK.
VMware Tools can also be manually upgraded from within the virtual machine’s operating system by opening
the VMware Tools Properties dialog box (double-click the icon in the system tray) and clicking Upgrade in the
Options tab.
Configure Virtual Machines to Automatically Upgrade VMware Tools

Virtual Machines can be configured so VMware Tools are automatically upgraded.
NOTE Automatic VMware Tools upgrade is not supported for virtual machines with Solaris or Netware guest
operating systems.
The following are required for automatic upgrades:

n Virtual machines must have a version of VMware Tools shipped with ESX Server 3.0.1 or greater installed.
n Virtual machines must be hosted on an ESX Server 3.0.1 or greater, and the vCenter Server must be version
2.0.1 or greater.
n Virtual machines must be running a Linux or Windows guest OS that is supported by ESX Server 3.0.1 or
greater and vCenter Server 2.0.1 or greater.
n Virtual machines must be powered on.
Procedure
1 Open the Virtual Machine Properties dialog box for the virtual machine you want to upgrade.
2 Select Options tab > VMware Tools.
3 Select the Check and upgrade Tools before each power-on option under Automatic VMware Tools
Upgrade.
4 Click OK.
The next time the virtual machine is powered on, it checks the ESX/ESXi host for a newer version of VMware
Tools. If one is available, it is installed and the guest operating system is restarted (if required).
Custom VMware Tools Installation

You can use a custom VMware Tools installation path to install optional drivers or other software that might
improve the performance of particular virtual machines, such as WYSE Multimedia Support.
Procedure
1 Open a console to the virtual machine.
3 After the guest operating system starts, right-click the virtual machine and select Install VMware Tools.
VMware, Inc. 131

4 From inside the virtual machine, click OK to confirm that you want to install VMware Tools and launch the
n If you have autorun enabled in your guest operating system (the default setting for Windows
operating systems), a dialog box appears.
n If autorun is not enabled, run the VMware Tools installer. Click Start > Run and enter
D:\setup.exe, where D: is your first virtual CD-ROM drive.
5 Click Next.
6 Select Custom, and click Next.
7 Click the red X next to each optional feature you want to install, and select This feature will be installed
on local hard drive.
8 Click Next.
9 Click Finish.
WYSE Multimedia Support

If you are using a WYSE thin client device to conduct remote desktop sessions using VMware VDI, installing
WYSE Multimedia Support in the guest operating system improves the performance of streaming video. WYSE
Multimedia Support allows streaming video to be decoded on the client rather than on the host, thereby
conserving network bandwidth.
WYSE Multimedia Support is supported on the Windows 2003 and Windows XP guest operating systems only.
WYSE Multimedia Support is installed as part of a VMware Tools installation or upgrade.
Install WYSE Multimedia Support with VMware Tools

When you install VMware Tools in a Windows 2003 or Windows XP guest operating system for the first time,
you can install WYSE Multimedia Support at the same time by choosing a custom installation path.
Procedure
u Follow the instructions for the custom installation path as described in “Custom VMware Tools
Installation,” on page 131. On the Custom Setup page, select WYSE Multimedia Redirector for
installation.
Install WYSE Multimedia Support Using Add or Remove Programs

For virtual machines that already have VMware Tools installed, WYSE Multimedia Support can be installed
as part of a VMware Tools upgrade using the Windows Add or Remove Programs feature.
Procedure
1 Open a console to a powered-on virtual machine.
2 In the virtual machine, select Start > Settings > Control Panel > Add or Remove Programs.
3 In the list of programs, select VMware Tools and click Change.
4 Click Next.
5 Select Modify and click Next.
6 Click the red X next to WYSE Multimedia Redirector and select This feature will be installed on local
hard drive.
7 Click Next.
8 Click Modify to begin the installation.
9 Click Finish.
132 VMware, Inc.

For virtual machines on ESX Server 3.0.1 or later hosts managed by vCenter Server 2.0.1 or later, WYSE
Multimedia Support can be installed as part of a VMware Tools upgrade started from the vSphere Client.
Install WYSE Multimedia Support as Part of a VMware Tools Upgrade

For virtual machines on ESX Server 3.0.1 or later hosts managed by vCenter Server 2.0.1 or later, WYSE
Multimedia Support can be installed as part of a VMware Tools upgrade started from the vSphere Client.
Procedure
1 Right-click a powered-on virtual machine and select Upgrade VMware Tools.

2 In the Advanced text box, type setup.exe /s /v”INSTALL_WYSE=1”.
3 Click OK.
VMware, Inc. 133

134 VMware, Inc.

Managing Virtual Machines 12
You can manage virtual machines directly through the ESX/ESXi host or through a vCenter Server system.
If you manage your virtual machines directly through an ESX/ESXi host (a single or standalone system), you
can manage only those virtual machines and their resources installed on that host.
If you manage your virtual machines through a vCenter Server system, you can manage multiple virtual
machines and their resources distributed over many ESX/ESXi hosts. Multiple vCenter Server systems can be
joined together in a vCenter Server Connected Group to allow them to be managed with a single vSphere Client
connection.
The vSphere Client is a flexible, configurable interface for managing your virtual machines through an ESX/
ESXi host or through vCenter Server.
Figure 12-1 illustrates the components in an ESX/ESXi Virtual Infrastructure.

Figure 12-1. vSphere Components with an ESX/ESXi Host
vSphere vSphere
Client Client
Host Agent
VM VM VM
ESX/ESXi host
datastore
Figure 12-2 illustrates the components in a vCenter Server Virtual Infrastructure.
VMware, Inc. 135

Figure 12-2. vSphere Components with a vCenter Server System

vSphere vSphere vSphere vSphere vSphere
Client Client Client Client Client
vCenter
Server vCenter
database
vCenter vCenter vCenter

Agent Agent Agent
VM VM VM VM VM VM VM VM VM
datastore shared
datastore

n “Changing Virtual Machine Power States,” on page 136
n “Adding and Removing Virtual Machines,” on page 139
n “Configure Virtual Machine Startup and Shutdown Behavior,” on page 140
Changing Virtual Machine Power States

The power state of a virtual machine indicates whether the virtual machine is active and functional.
There are several access points for making changes to power states:
n Selecting the virtual machine and the power option from the Inventory > Virtual Machine menu.
n Selecting Power on from the Commands area.
n Selecting the power option from the right-click menu.
n Scheduling a power state change using the Scheduled Tasks button in the navigation bar.
Power on Powers on the virtual machine and boots the guest operating system if the guest
operating system is installed.
Power off Powers off the virtual machine. The virtual machine does not attempt to shut
down the guest operating system gracefully.
Suspend Pauses the virtual machine activity. All virtual machine operations are frozen
until you issue a resume command.
Resume Allows virtual machine activity to continue and releases the Suspend state.
Reset Shuts down the guest operating system and restarts it.
136 VMware, Inc.

Chapter 12 Managing Virtual Machines
The following power options perform extra functions in addition to the basic virtual machine power operations.
VMware Tools must be installed in the virtual machine to perform these functions:
Shut down guest Shuts down the guest operating system gracefully.
Restart guest Shuts down and restarts the guest operating system without powering off the
virtual machine.
Transitional Power States

Actions taken on a virtual machine require that the virtual machine be in specific power states.
When a power operation is performed on a virtual machine, the virtual machine power state changes and all
other commands are locked out until the first command is completed.
The figure below illustrates states, transitions, and state-changing commands for virtual machines.
Figure 12-3. Virtual Machine Power State Changes
powered off remove
power on power off
powered on
resume suspend
state
suspended command
Automatically Start or Shutdown Virtual Machines with Host Start or Shutdown

You can configure which virtual machines automatically start and shut down when the host is started or shut
down. .
Procedure
u To specify which virtual machines to automatically start or shutdown, select the host in the inventory and
select Configuration tab > Virtual Machine Startup/Shutdown.
Configure vSphere Toolbar Power Controls

You can specify the behavior of vSphere power controls through the Virtual Machine Properties dialog box.
Procedure
1 Log in to vSphere client.
2 On the Home page, select VMs and Templates.
3 Right-click on a virtual machine and select Edit Settings.
4 Select the Options tab.
5 Select VMware Tools.
VMware, Inc. 137

6 In the right panel specify the Power Controls, Run VMware Tools Scripts, and Advanced options to your
liking.
7 Click OK to save your settings and close the dialog box.
Power On or Power Off a Virtual Machine Manually

You can power on or off a virtual machine manually.
Powering on a virtual machine boots the guest operating system if the guest operating system is installed.
Powering off a virtual machine is analogous to pressing the off button on a computer without performing a
shut down from the operating system. The virtual machine does not attempt to shut down the guest operating
system gracefully.
Procedure
1 Log in to the vSphere Client.
2 Display the virtual machine in the inventory.
3 Select the virtual machine and do one of the following:

n Click the power state button in the toolbar.
n Right-click the virtual machine and select the power state option.
The shut down power state button in the toolbar performs a shut-down and not a power off by default.
You can configure this option in the virtual machine settings.
Suspend a Virtual Machine

The suspend and resume feature is most useful when you want to save the current state of your virtual machine
and pick up work later with the virtual machine in the same state.
The speed of the suspend and resume operations depends on how much data changed while the virtual
machine was running. In general, the first suspend operation takes a bit longer than subsequent suspend
operations take.
When you suspend a virtual machine, a file with a .vmss extension is created. This file contains the entire state
of the virtual machine. When you resume the virtual machine, its state is restored from the .vmss file.
Procedure
1 When you suspend a virtual machine, a file with a .vmss extension is created. This file contains the entire
state of the virtual machine. When you resume the virtual machine, its state is restored from the .vmss file.
If your virtual machine is running in full-screen mode, return to window mode by pressing Ctrl+Alt.
2 On the vSphere Client toolbar, click Suspend.
When the vSphere Client completes the suspend operation, it is safe to close the client.
3 Select File > Exit.
138 VMware, Inc.

Resume a Suspended Virtual Machine

After you resume a virtual machine and do additional work in the virtual machine, you cannot return to the
state the virtual machine was in at the time you suspended. To preserve the state of the virtual machine so you
can return to the same state repeatedly, take a snapshot.
Procedure
1 Start the vSphere Client and display the virtual machine in the inventory.

n Select the virtual machine and click Power On in toolbar.
n Right-click the virtual machine and select Power On in the context menu.
n Select the virtual machine and in the Summary tab Commands window, select Power On.
Applications you were running at the time you suspended the virtual machine are running and the content
is the same as it was when you suspended the virtual machine.
Scheduling a Power State Change for a Virtual Machine

You can create a scheduled task to power on, power off, or suspend a virtual machine at a designated time.
When you create the scheduled task, vCenter Server verifies that you have the correct permissions to perform
the actions on the relevant datacenters, hosts, and virtual machines. Once the task is created, the task is
performed even if you no longer have permission to perform the task.
Adding and Removing Virtual Machines

You add virtual machines to the vCenter Server inventory through their managed hosts. You can remove
virtual machines from vCenter Server, from their managed host’s storage, or both.
Adding Existing Virtual Machines to vCenter Server

When you add a host to vCenter Server, it discovers all the virtual machines on that managed host and adds
them to the vCenter Server inventory.
If a managed host is disconnected, the already discovered virtual machines continue to be listed in the
inventory.
If a managed host is disconnected and reconnected, any changes to the virtual machines on that managed host
are identified, and the vSphere Client updates the list of virtual machines. For example, if node3 is removed
and node4 is added, the new list of virtual machines adds node4 and shows node3 as orphaned.
Remove Virtual Machines from vCenter Server

Removing a virtual machines from the inventory unregisters it from the host and vCenter Server. It does not
delete it from the datastore. Virtual machine files remain at the same storage location and the virtual machine
can be re-registered using the datastore browser.
Prerequisites
Power off the virtual machine.
VMware, Inc. 139

Procedure
2 Right-click the virtual machine and select Remove from Inventory.
3 To confirm that you want to remove the virtual machine from the inventory, click OK.
vCenter Server removes references to the virtual machine and no longer tracks its condition.
Remove Virtual Machines from the Datastore

Use the Delete from Disk option to remove a virtual machine from vCenter Server and delete all virtual
machine files, including the configuration file and virtual disk files, from the datastore.
Prerequisites
Procedure
2 Right-click the virtual machine and select Delete from Disk.
3 Click OK in the confirmation dialog box.

vCenter Server deletes the virtual machine from its datastore. Disks that are shared with other virtual machines
are not deleted.
Return a Virtual Machine or Template to vCenter Server

If you removed a virtual machine or template from vCenter Server, but did not remove it from the managed
host’s datastore, you can return it to vCenter Server using the Datastore Browser.
Procedure
1 Display the datastore in the inventory.
2 Right-click the datastore and select Browse Datastore.
3 Navigate to the virtual machine or template to add to the inventory.
4 Right-click the virtual machine or template and select Add to Inventory.

5 Complete the Add to Inventory wizard to add the virtual machine or template.
Configure Virtual Machine Startup and Shutdown Behavior

You can configure a virtual machine to start up and shut down automatically, or you can disable this function.
You can also set the default timing and the startup order for specified virtual machines when the system host
starts.
Procedure
1 In the inventory, display the host where the virtual machine is located.
2 Select the host and click the Configuration tab.
3 Click Virtual Machine Startup/Shutdown, and click Properties.
4 Select Allow virtual machines to start and stop automatically with the system.
5 Click Continue immediately if the VMware Tools starts to have the operating system boot immediately
after VMware Tools starts.
140 VMware, Inc.

6 To have the operating system start after a brief delay, enter a Default Startup Delay time.
This delay allows time for VMware Tools or the booting system to run scripts.
7 Select a shutdown action.
8 Enter a Default Shutdown Delay value to delay shutdown for each virtual machine by a certain amount
of time.
This shutdown delay applies only if the virtual machine has not already shut down before the delay period
elapses. If the virtual machine shuts down before that delay time is reached, the next virtual machine starts
shutting down.
9 Use Move Up and Move Down to specify the order in which the virtual machines start when the system
starts.
10 To configure user-specified autostartup and autoshutdown behavior for any virtual machine, select the
virtual machine and click Edit.
VMware, Inc. 141

142 VMware, Inc.

Virtual Machine Configuration 13
You can configure virtual machines at any time—during the virtual machine creation process or after you
create the virtual machine and install the guest operating system.
You can configure virtual machines using two tools in the vSphere Client: the Virtual Machine Properties editor
and the Add Hardware wizard. These dialog boxes also allow you to control advanced virtual machine
configuration options. You can also upgrade the virtual hardware of a virtual machine or convert virtual disks
from thin to thick using these dialog boxes.
You must have sufficient permission to perform virtual machine configuration tasks.

n “Virtual Machine Hardware Versions,” on page 143
n “Virtual Machine Properties Editor,” on page 144
n “Adding New Hardware,” on page 158
n “Converting Virtual Disks from Thin to Thick,” on page 166
Virtual Machine Hardware Versions

All virtual machines have a hardware version. The hardware version of a virtual machine indicates the lower-
level virtual hardware features supported by the virtual machine, such as BIOS, number of virtual slots,
maximum number of CPUs, maximum memory configuration, and other characteristics typical to hardware.
The default virtual machine hardware version of a newly created virtual machine is the most recent version
available on the host where the virtual machine is created. If you need to create a virtual machine with a
hardware version older than the highest supported in order to increase compatibility, you can use the custom
virtual machine creation path. The hardware version of a virtual machine can be lower than the highest version
supported by the ESX/ESXi host it is running on if:
n You migrate a virtual machine created on an ESX/ESXi 3.x or earlier host to an ESX/ESXi 4.x host.
n You create a new virtual machine on an ESX 4.x host using an existing virtual disk that was created on an
ESX/ESXi 3.x or earlier host.
n You add a virtual disk created on an ESX/ESXi 3.x or earlier host to a virtual machine created on an ESX/
ESXi 4.x host.
Virtual machines with hardware versions lower than 4 can run on ESX/ESXi 4.x hosts but have reduced
performance and capabilities. In particular, you cannot add or remove virtual devices on virtual machines with
hardware versions lower than 4 when they reside on an ESX/ESXi 4.x host. To make full use of these virtual
machines, upgrade the virtual hardware as described in the Upgrade Guide.
VMware, Inc. 143

Table 13-1 lists virtual machine hardware versions, the ESX/ESXi versions on which they can be created, edited,
and run, the vCenter Server versions on which they are fully supported, and a brief description of the hardware
version’s capabilities.
Table 13-1. Virtual Machine Hardware Versions

Compatible with vCenter
Version 7 Version 4 Version 3 Server version
ESX/ESXi 4.x create, edit, run create, edit, run run vCenter Server 4.x
ESX Server 3.x – create, edit, run run VirtualCenter Server 2.x and
higher
ESX Server 2.x – – create, edit, run VirtualCenter Server 1.x and
higher
NOTE Virtual machine hardware version 4 may be listed as VM3 in documentation for earlier versions of ESX
and ESXi. Virtual machine hardware version 3 may be listed as VM2 in documentation for earlier versions of
ESX.
Determine the Hardware Version of a Virtual Machine

You can determine the hardware version of a virtual machine by looking in the Summary tab for the virtual
machine or the Virtual Machine Properties dialog box.
Procedure
1 Select the virtual machine in the inventory.
2 Select one of the two methods for viewing the version information.
Option Description
Select the Summary tab. The virtual machine hardware version appears at the top right corner of the
Summary tab.
Right-click and select Edit Settings. The virtual machine hardware version appears at the top right corner of the
Virtual Machine Properties dialog box.
Virtual Machine Properties Editor

The Virtual Machine Properties editor allows you to change nearly every characteristic that you selected when
you created the virtual machine.
Edit an Existing Virtual Machine Configuration

You can edit almost all of the configuration for a virtual machine with the Virtual Machine Properties dialog
box.
Some properties of a virtual machine can be changed only while it is powered off, but you can open the
properties editor regardless of the power state. Some of the controls are read-only if the virtual machine is not
powered off.
NOTE If a virtual machine is on a host managed by vCenter Server, be sure to connect to vCenter Server when
adding or modifying virtual hardware for the virtual machine. If you connect the vSphere Client directly to
the host, add hardware operations might fail with the error message Cannot complete operation due to
concurrent modification by another operation.
144 VMware, Inc.

Chapter 13 Virtual Machine Configuration
Procedure
1 From the vSphere Client, click Inventory in the navigation bar.
2 Expand the inventory as needed, and select the virtual machine you want to edit.
3 (Optional) Power off the virtual machine.
4 Click the Edit Settings link in the Commands panel to display the Virtual Machine Properties dialog box.
The Virtual Machine Properties dialog box appears. There are three tabs: Hardware, Options, and
Resources.
5 Select a tab and edit the virtual machine configuration.
What to do next
Refer to the following sections for more information about the tabs in the Virtual Machine Properties dialog
box and editing existing virtual machines.
n “Virtual Machine Hardware Configuration,” on page 145
n “Virtual Machine Options,” on page 150
n “Virtual Machine Resource Settings,” on page 155
Virtual Machine Hardware Configuration

You can add, edit, or remove hardware from your virtual machine.
The status of the device, such as edited or adding, appears in parentheses next to the hardware listing. The
selected guest operating system determines the devices that are available to be added to a given virtual
machine. The devices that can be added are:
n Serial port
n Parallel port
n Floppy drive
n DVD/CD-ROM drive
n USB Controller
n Ethernet adapter
n Hard disk
n SCSI device
Change the DVD/CD-ROM Drive Configuration

Use the Hardware tab in the Virtual Machine Properties dialog box to configure a DVD/CD-ROM drive for a
virtual machine.
Procedure
1 In the Virtual Machine Properties Editor, click the Hardware tab.
2 Click the DVD/CD-ROM drive in the Hardware list.
3 Select or deselect the Connected check box to connect or disconnect the device.
4 If you do not want the CD-ROM drive connected when the virtual machine starts, deselect Connect at
power on.
VMware, Inc. 145

5 Select whether to use a client device, host device, or ISO file.
Option Description
Client Device Select this option to connect the DVD/CD-ROM device to a physical DVD or
CD-ROM device on the system running the vSphere Client.
To connect the device, you must click the Connect CD/DVD button in the
toolbar when you power on the virtual machine.
Host Device a Select this option to connect the DVD/CD-ROM device to a physical DVD
or CD-ROM device on the host.
b Select the specific device from the drop-down list.
Datastore ISO File a Select this option to connect the DVD/CD-ROM device to an ISO file
stored on a datastore accessible to the host.
b Click Browse and select the ISO file.
6 For client devices, select the mode used for the connection.
n Use Pass-through (raw) mode only for remote client device access.
n Use ATAPI emulation to access a host CD-ROM device.
The host CD-ROM device is accessed through emulation mode. Pass-through mode is not functional
for local host CD-ROM access. You can write or burn a remote CD only through pass-through mode
access, but in emulation mode you can only read a CD-ROM from a host CD-ROM device.
7 Alternatively, select Use ISO Image to connect the virtual machine’s drive to an ISO image file.
8 If you selected Use ISO Image, click Browse to navigate to the file.
9 Under Virtual device node, use the drop-down menu to select the device node the drive uses in the virtual
machine.
10 Click OK to save your changes and close the dialog box.
Change the Floppy Drive Configuration

Use the Hardware tab in the Virtual Machine Properties dialog box to configure a floppy drive for a virtual
machine.
Procedure
2 Click the floppy drive in the Hardware list.
3 Under Device Status, select Connect at power on to connect this virtual machine to the floppy drive when
the virtual machine is powered on.
4 Select the device type to use for this virtual device.
Option Description
Client Device Select this option to connect the floppy device to a physical floppy device on
the system running the vSphere Client.
To connect the device, you must click the Connect Floppy button in the
toolbar when you power on the virtual machine.
Host Device a Select this option to connect the floppy device to a physical floppy device
on the host.
b Select the specific device from the drop-down list.
146 VMware, Inc.

Option Description
Use existing floppy image in a Select this option to connect the virtual device to an existing floppy image
datastore on a datastore accessible to the host.
b Click Browse and select the floppy image.
Create new floppy image in datastore a Select this option to create a new floppy image on a datastore accessible
to the host.
b Click Browse and browse to the location for the floppy image.
c Enter a name for the floppy image and click OK.
Change the SCSI Device Configuration

You can change the physical device and the virtual device node of the SCSI device connection.
Procedure
2 Select the SCSI device in the Hardware list.
3 Under Connection, select the physical device you want to use.
Under Virtual device node, select the virtual device node where you want this device to appear in the
virtual machine.
Change the Virtual Disk Configuration

You can change the virtual device node, the size of the disk, and the persistence mode for virtual disk
configuration for a virtual machine.
NOTE The Manage Paths feature for RDM disks is not available for virtual machines on legacy hosts running
versions of ESX Server prior to release 3.0.
Procedure
2 Click the appropriate Hard Disk in the Hardware list.
3 Use the drop-down menu to change the virtual device node.
4 To change the size of the disk, enter a new value in the Provisioned Size text box.
5 For independent mode, which is unaffected by snapshots, select the check box. Then select Persistent or
Nonpersistent mode to determine the persistence of changes.
Change the Memory Configuration

Use the Hardware tab to configure memory for a virtual machine.
Procedure
2 Click Memory in the Hardware list.
VMware, Inc. 147

3 Adjust the amount of memory allocated to the virtual machine.
Change the Virtual Ethernet Adapter (NIC) Configuration

You can change the power-on connection setting, the MAC address, and the network connection for the virtual
Ethernet adapter configuration for a virtual machine.
Procedure
1 Click the Hardware tab.

2 Click the appropriate NIC in the Hardware list.
3 To connect the virtual NIC when the virtual machine is powered on, select Connect at power on.
4 Select an option for MAC address configuration.

n Select Automatic to assign a MAC address automatically.
n Select Manual and enter a MAC address to use a manual MAC address assignment.
5 Under Network connection, use the drop-down menu to select the network label you want the virtual
machine to use.
Change the Parallel Port Configuration

You can use a physical parallel port or an output file to configure a parallel port for a virtual machine.
Procedure
2 Click the appropriate Parallel port in the Hardware list.
3 Deselect the Connect at power on check box if you do not want the parallel port device to be connected
when the virtual machine powers on.
The default setting is Connect at power on.
4 Under Connection, select a button to indicate a physical parallel port or to connect the virtual parallel port
to a file.
n If you select Use physical parallel port, select the port from the drop-down menu.
n If you select Use output file, browse to the file location.
Change the SCSI Controller or SCSI Bus Sharing Configuration

You can set the SCSI controller type and the type of SCSI bus sharing for a virtual machine. SCSI bus sharing
can set to none, virtual, or physical sharing types.
You can change the SCSI controller configuration for a virtual machine on an ESX/ESXi host only.
CAUTION Changing the SCSI controller type might result in a virtual machine boot failure.
You can also specify whether the SCSI bus is shared. Depending on the type of sharing, virtual machines can
access the same virtual disk simultaneously on the same server or any server.
148 VMware, Inc.

Procedure
2 Click the appropriate SCSI Controller in the Hardware list.
3 Under SCSI Controller Type, click Change Type.
4 Select the SCSI controller type.
5 Click OK.
6 Select the type of sharing in the SCSI Bus Sharing list:
Option Description
None Virtual disks cannot be shared by other virtual machines.
Virtual Virtual disks can be shared by virtual machines on same server.
Physical Virtual disks can be shared by virtual machines on any server.
Change the Serial Port Configuration

You can use a physical serial port, an output file, or a named pipe to configure a serial port for a virtual machine.
Procedure
2 Click the appropriate Serial port in the Hardware list.
3 If you selected Use physical serial port on the host, use the drop-down menu to select the port on the
host computer that you want to use for this serial connection.
4 If you selected Use output file, browse to the location of the file on the host that you want to use to store
the output of the virtual serial port.
5 If you selected Use named pipe, use the default pipe name or enter another pipe name of your choice in the
Pipe Name list.
For a serial pipe for a virtual machine on an ESX host for Linux, enter /tmp/<socket> or another UNIX
socket name of your choice.
Then decide whether you are connecting two virtual machines or connecting a virtual machine to an
application on the host.
6 If you are connecting two virtual machines, you must configure a serial port as a named pipe in two virtual
machines: a server virtual machine and a client virtual machine.
a For the server virtual machine, select Server in the Near end list.
b For the client virtual machine, select Client in the Near end list.
c Select A virtual machine in the Far end list.
7 If you are connecting to an application on the host, do the following:
a Select Server or Client in the Near end list. In general, select Server if you plan to start this end of
the connection first.
b Select An application in the Far end list.
By default, the serial port is connected when you power on the virtual machine. You might deselect the
Connect at power on check box (optional).
VMware, Inc. 149

8 Under I/O Mode, decide whether to configure this serial port to use interrupt mode or polled mode.
Polled mode is of interest primarily to developers who are using debugging tools that communicate over
a serial connection.
Polled mode causes the virtual machine to consume a disproportionate share of processor (or CPU) time.
This makes the host and other guests run sluggishly. To maintain best performance for applications on
the host, select the Yield CPU on poll check box. This forces the affected virtual machine to use interrupt
mode, which yields processor (or CPU) time if the only task it is trying to do is poll the virtual serial port.
Change the Virtual Processor or CPU Configuration

You can configure more than one virtual processor or CPU for a virtual machine using VMware Virtual SMP
for ESX.
If the virtual machine is on an ESX/ESXi host, you can configure a virtl machine to have up to eight virtual
processors or CPUs. Virtual machines cannot have more virtual CPUs than the actual number of logical CPUs
on the host—that is, the number of physical processor cores if hyperthreading is disabled or two times the
number of physical processor cores if hyperthreading is enabled. For more information about using SMP,
consult the VMware Knowledge Base.
NOTE Not all guest operating systems support SMP, and some that do require reinstallation if the number of
CPUs changes.
Procedure
2 Click Virtual Processor or CPU in the Hardware list.
3 Select the number of virtual processors for the virtual machine.
Virtual Machine Options

The virtual machine options define a range of virtual machine properties such as name, vApp functionality,
its behavior with the guest operating system and VMware Tools, and other Advanced options.
You can change the following settings in the Options tab of the Virtual Machine Properties Editor:
General Options Virtual machine display name and type of guest operating system. (Read-only)
location of virtual machine and its configuration file.
Appliance Options Virtual machine options for functionality, product information, properties, and
OVF settings specific to virtual appliances.
VMware Tools Power Controls behavior, VMware Tools scripts and automatic updates.
Power Management Virtual machine Suspend behavior.
Advanced > General Acceleration, logging, debugging and statistics.
Advanced > CPUID Mask NX flag and advanced identification mask options.
Advanced > Memory/ Hot add enablement for individual virtual machines.
CPU Hotplug
Advanced > Boot Virtual machine boot options.

Options
150 VMware, Inc.

Advanced > VMI paravirtualization enablement

Paravirtualization
Advanced > Fibre Virtual node and port World Wide Names (WWNs).
Channel NPIV
Advanced > CPU/MMU Settings for enabling Hardware Page Table Virtualization.
Virtualization
Advanced > Swapfile Swapfile location.

Location
Change the General Settings of a Virtual Machine

Change the virtual machine name and guest operating system settings in the General Options in the Virtual
Machine Properties dialog box.
Procedure
1 Click the Options tab.
2 Select General Options in the Settings list.
The virtual machine name appears in the Virtual machine name field.
Changing the name does not change the name of any virtual machine files or the associated directory.
3 Select an operating system and version.
Change the VMware Tools Options for a Virtual Machine

You can change the power controls, the time VMware Tools scripts run, the upgrade check option, and the
time synchronization option with the VMware Tools settings for a virtual machine.
VMware Tools options cannot be changed while the virtual machine is powered on.
Procedure
2 Select VMware Tools in the Settings list.
The stop button on the toolbar can be configured to power off the virtual machine, shut down the guest
operating system, or use the system default. The pause button on the toolbar can be configured to suspend
the virtual machine or use the system default. The reset button on the toolbar can be configured to reset
the virtual machine, restart the guest operating system, or use the system default.
3 Select the actions you want from the drop-down menus under Power Controls.
4 (Optional) Configure VMware Tools scripts to run when you change the virtual machine’s power state by
selecting options under Run VMware Tools scripts.
NOTE For ESX host virtual machines, there are no scripts for resuming and suspending virtual machines.
5 (Optional) Configure VMware Tools to check for and install updates before each power on by selecting the
Check and upgrade Tools before each power on option under Automatic VMware Tools Upgrade.
6 (Optional) Configure the guest operating system to synchronize time with the host by selecting the
Synchronize guest time with host option.
VMware, Inc. 151

Change Power Management Settings for a Virtual Machine

Power Management allows you to determine how the virtual machine responds when the guest operating
system is placed on standby.
Procedure
2 Select Power Management in the Settings list.
3 Under Guest Power Management, select either Suspend the virtual machine or Put the guest operating
system in standby mode and leave the virtual machine powered on.
4 (Optional) If you chose to leave the virtual machine on, select Wake on LAN for virtual machine traffic on
your virtual machine network by selecting the check box.
Not all guest operating systems support Wake on LAN. Only the following types of NICs support Wake
on LAN:
n Flexible (VMware Tools required).
n vmxnet
n Enhanced vmxnet
n vmxnet 3
Options are disabled if they are not supported.
Change Advanced Virtual Machine Settings

The virtual machine options define a range of virtual machine properties such as name, vApp functionality,
its behavior with the guest operating system and VMware Tools, and other Advanced options.
Procedure
2 Select Advanced > General in the Settings list.
a To disable acceleration, select the Disable acceleration check box.

You can enable and disable acceleration while the virtual machine is running.
In rare instances, you might find that when you install or run software inside a virtual machine, the
virtual machine appears to stop responding. Generally, the problem occurs early in the program’s
execution. In many cases, you can get past the problem by temporarily disabling acceleration in the
virtual machine.
This setting slows down virtual machine performance, so use it only for getting past the problem with
running the program. After the program stops encountering problems, deselect Disable
acceleration. You might then be able to run the program with acceleration.
b To enable logging mode, select the Enable logging check box.
c To enable debugging mode, select an option from the Debugging and Statistics section. Debugging
information and statistics can be helpful to VMware technical support in resolving issues.
d To set advanced configuration parameters, click Configuration Parameters. Generally, you should
only change these settings if you intend to use experimental features or when instructed to do so by
a VMware technical support representative.
152 VMware, Inc.

3 Select Advanced > CPUID Mask.
a Specify whether you want to hide the host’s CPU NX flag from the guest operating system.
Hiding the NX flag prevents the guest operating system from making use of this CPU feature, but
enables the virtual machine to be moved to hosts that do not include the NX feature. When the NX
flag is visible, the guest operating system can make use of the feature, but the virtual machine can be
moved only to hosts with the NX capability.
b Click Advanced to access the CPU Identification Mask dialog box. An explanation of the symbols in
this dialog box is available by clicking Legend.
NOTE The virtual machine must be powered off before you can change this setting.
4 Select Advanced > Memory/CPU Hotplug. VMware Tools must be installed for hotplug functionality to
work properly.
a Select Enable memory hot add for this virtual machine to enable memory hot add, or select Disable
memory hot add for this virtual machine to disable this feature.
b Select Enable CPU hot add only for this virtual machine to enable CPU hot add, select Enable CPU
hot add and remove for this virtual machine to enable CPU hot add and remove, or select Disable
CPU hot plug for this virtual machine to disable this feature.
5 Select Advanced > Boot Options.
a Specify the duration in milliseconds you want to delay entering the boot sequence when the virtual
machine is powered on or restarted.
b Select the option under Force BIOS Setup to have the virtual machine enter BIOS setup when it boots.
These options are useful when you need to enter the virtual machine’s BIOS setup because sometimes
the console attaches to the virtual machine after the boot sequence passes the point where you can
enter BIOS.
6 Select Advanced > Paravirtualization. Select Support VMI Paravirtualization to enable VMI
Paravirtualization to enable it, or deselect it to disable this feature.
VMI is a paravirtualization standard that enables improved performance for virtual machines capable of
utilizing it. Currently, this feature is available only for those versions of the Linux guest operating system
which support VMI paravirtualization.
NOTE Enabling paravirtualization utilizes one of the virtual machine’s six virtual PCI slots. Also, enabling
paravirtualization can limit how and where the virtual machine can be migrated. Consider the following
before enabling this feature:
n These hosts support VMI paravirtualization: ESX/ESXi 3.5 and greater, and Workstation 6.0 and
greater. Hardware version 4 virtual machines with paravirtualization enabled that are created on ESX
hosts can be migrated to VMware Server and Workstation hosts without loss of functionality.
n A virtual machine with paravirtualization enabled and that is powered off can be moved manually
to a host that does not support paravirtualization. However, this can result in reduced performance.
n A virtual machine with paravirtualization enabled and that is powered on or in a suspended power
state can not be migrated to a host that does not support paravirtualization.
n Automated vCenter Server DRS migrations of virtual machines with paravirtualization enabled to
hosts that do not support paravirtualization are not allowed.
VMware, Inc. 153

7 Select Advanced > Fibre Channel NPIV Settings.
N-port ID virtualization (NPIV) provides the ability to share a single physical Fibre Channel HBA port
among multiple virtual ports, each with unique identifiers. This allows control over virtual machine access
to LUNs on a per-virtual machine basis.
Each virtual port is identified by a pair of world wide names (WWNs): a world wide port name (WWPN)
and a world wide node name (WWNN). These WWNs are assigned by vCenter Server.
NPIV support is subject to the following limitations:

n NPIV must be enabled on the SAN switch. Contact the switch vendor for information about enabling
NPIV on their devices.
n NPIV is supported only for virtual machines with RDM disks. Virtual machines with regular virtual
disks continue to use the WWNs of the host’s physical HBAs.
n The physical HBAs on the ESX host must have access to a LUN using its WWNs in order for any
virtual machines on that host to have access to that LUN using their NPIV WWNs. Ensure that access
is provided to both the host and the virtual machines.
n The physical HBAs on the ESX host must support NPIV. If the physical HBAs do not support NPIV,
the virtual machines running on that host will fall back to using the WWNs of the host’s physical
HBAs for LUN access.
n Each virtual machine can have up to 4 virtual ports. NPIV-enabled virtual machines are assigned
exactly 4 NPIV-related WWNs, which are used to communicate with physical HBAs through virtual
ports. Therefore, virtual machines can utilize up to 4 physical HBAs for NPIV purposes.
To view or edit a virtual machine’s WWNs:
a To edit the virtual machine’s WWNs, power off the virtual machine.
b Ensure that the virtual machine has a datastore containing a LUN that has been made available to the
host.
c Select the Options tab.
d Select Fibre Channel NPIV.
e Currently assigned WWNs are displayed in the WWN Assignments box.
f Do one of the following:

n To leave WWNs unchanged, select Leave unchanged.
n To have vCenter Server or the ESX host generate new WWNs, select Generate New WWNs.
n To remove the current WWN assignments, select Remove WWN assignment.
g Click OK to save your changes and close the dialog box.
NOTE A virtual machine with WWNs that are already in use on the storage network is prevented
from powering on. To solve this issue, generate new WWNs or remove them.
Provide the WWN assignments to your SAN administrator. The administrator needs those assignments
to configure virtual machine access to the LUN. For more information on how to configure NPIV for a
virtual machine, see the Fibre Channel SAN Configuration Guide.
8 Select Advanced > Virtualized MMU and specify whether to disable the feature, always use the feature
where available, or have the host system determine whether the feature should be used.
154 VMware, Inc.

9 Select Advanced > Swapfile Location.
10 Select one of the following options:

n Default — Store the virtual machine swapfile at the default location defined by the host or cluster
swapfile settings. See “Host Configuration,” on page 47 for more information on host swapfile
settings. See the Resource Management Guide for more information on cluster settings.
n Always store with the virtual machine — Store the virtual machine swapfile in the same folder as
the virtual machine configuration file.
n Store in the host’s swapfile datastore — Store the virtual machine swapfile in the swapfile datastore
defined by the host or cluster swapfile settings.
Virtual Machine Resource Settings

In the Virtual Machine Properties dialog box, you can adjust the host resource allocation for the selected virtual
machine. You can change CPU, memory, disk, and advanced CPU resources from this tab.
For more information on resources, see the Resource Management Guide.
CPU Resources
The CPU Resources panel of the Virtual Machine Properties dialog box lets you allocate processor resources
for a virtual machine, specifying reservations, limits, and shares.
You can edit some of the same information on the Resource Pools tab of the main vSphere Client window,
which you might do to edit resource settings at the same time you edited other virtual machine settings.
Change CPU Settings of a Virtual Machine

Use the Resources tab in the Virtual Machine Properties dialog box to change the CPU settings of a virtual
machine.
Procedure
1 Click the Resources tab.
2 Select CPU in the Settings list.
3 Select a shares value, which represents a relative metric for allocating CPU capacity.
Option Description
Shares The values Low, Normal, High, and Custom are compared to the sum of all
shares of all virtual machines on the server and, on ESX/ESXi hosts, the
service console. Share allocation symbolic values can be used to configure
their conversion into numeric values.
Reservation Guaranteed CPU allocation for this virtual machine.
Limit Upper limit for this virtual machine’s CPU allocation. Select Unlimited to
specify no upper limit.
For more information on share values, see the Resource Management Guide.
The Virtual Machine Properties dialog box closes.
VMware, Inc. 155

Advanced CPU Settings

The Advanced CPU Resources panel of the Virtual Machine Properties dialog box lets you set low-level options
that involve scheduling the virtual machine processing to physical processor cores and hyperthreads.
This panel does not appear for virtual machines in a DRS cluster or when the host has only one processor core
and no hyperthreading.
NOTE Hyperthreading technology allows a single physical processor to behave like two logical processors.
The processor can run two independent applications at the same time. While hyperthreading does not double
the performance of a system, it can increase performance by better utilizing idle resources. For detailed
information about hyperthreading and its use in vSphere, see the Resource Management Guide (select Help >
Manuals).
ESX generally manages processor scheduling well, even when hyperthreading is enabled. The settings on this
page are useful only for fine-grained tweaking of critical virtual machines.
The Hyperthreading Sharing option provides detailed control over whether a virtual machine should be
scheduled to share a physical processor core (assuming hyperthreading is enabled on the host at all).
The Scheduling Affinity option allows fine-grained control over how virtual machine CPUs are distributed
across the host's physical cores (and hyperthreads if hyperthreading is enabled).
Change Advanced CPU Settings of a Virtual Machine

Set the hyperthreaded core sharing mode for a virtual machine's advanced CPU settings in the Resource tab
of the Virtual Machine Properties dialog box.
Procedure
2 Select Advanced CPU in the Settings list.
3 Select Hyperthreading Sharing Mode from the drop-down menu.
Option Description
Any (default) The virtual CPUs of this virtual machine can freely share cores with
other virtual CPUs of this or other virtual machines.
None The virtual CPUs of this virtual machine have exclusive use of a processor
core whenever they are scheduled to it. The other hyperthread of the core is
halted while this virtual machine is using the core.
Internal On a virtual machine with exactly two virtual processors, the two virtual
processors are allowed to share one physical core (at the discretion of the
host scheduler), but this virtual machine never shares a core with any other
virtual machine. If this virtual machine has any other number of processors
other than two, this setting is the same as the None setting.
156 VMware, Inc.

4 Select to schedule affinity by selecting the Run on processor(s) button.
NOTE This option is not allowed when the virtual machine resides on a DRS cluster, and its values are
cleared when a virtual machine is migrated to a new host. The value of the option is only in tuning the
performance of a precise set of virtual machines on the same host.
The check boxes for the individual processors represent physical cores if hyperthreading is disabled or
logical cores (two per physical core) if hyperthreading is enabled. Checking all the boxes is the same as
not applying any affinity. You must provide at least as many processor affinities as the number of virtual
CPUs in the virtual machine.
Memory Resources
The Memory Resources panel lets you allocate memory resources for a virtual machine and specify
reservations, limits, and shares.
You can edit some of the same information on the Resource Pools tab of the main vSphere Client window,
which you might do to edit resource settings at the same time as other virtual machine settings.
Change the Memory Settings of a Virtual Machine

You can select a relative metric for allocating memory to all virtual machines on a host.
Procedure
2 Select Memory in the Settings list.
3 From the drop-down menu in the Resource allocation panel, select a relative metric for allocating memory
to all virtual machines.
Symbolic values Low, Normal, High, and Custom are compared to the sum of all shares of all virtual
machines on the server and, on an ESX host, the service console. Share allocation symbolic values can be
used to configure their conversion into numeric values.
4 In the Resource allocation panel, use the slider to select the amount of reserved memory and the memory
limit, or use the up and down arrows to enter the number of MBs allocated.
For more information on memory values, see the mem man page.
Advanced Memory Resources
The Advanced Memory Resources page lets you set low-level options that involve distribution of virtual
machine memory to NUMA memory nodes.
This page appears only if the host utilizes the NUMA memory architecture. Because affinity settings are
meaningful only when used to tweak the performance of a specific set of virtual machines on one host, this
page also is not displayed when the virtual machine resides on a DRS cluster. The option values are cleared
when the virtual machine is moved to a new host.
NUMA memory node affinity enables fine-grained control over how virtual machine memory is distributed
to host physical memory. Checking all the boxes is the same as applying no affinity.
VMware, Inc. 157

Consult the Resource Management Guide for details about NUMA and advanced memory resources.
NOTE Specify nodes to be used for future memory allocations only if you have also specified CPU affinity. If
you make manual changes only to the memory affinity settings, automatic NUMA rebalancing does not work
properly.
Associate Memory Allocations with a NUMA Node
Use the Resources tab in the Virtual Machine Properties dialog box to associate memory allocations with a
NUMA node.
Procedure
1 Select the Resources tab, and select Memory.
2 In the NUMA Memory Affinity panel, set memory affinity.
Disk Resources
The Disk Resources panel lets you allocate host disk I/O bandwidth to the virtual hard disks of this virtual
machine.
Disk I/O is a host-centric resource and cannot be pooled across a cluster. However, CPU and memory resources
are much more likely to constrain virtual machine performance than disk resources.
Change the Disk Settings of a Virtual Machine

You can adjust the host disk allocation for a virtual machine.
Procedure

2 Select Disk in the Settings list.
3 In the Resource Allocation panel, select the virtual hard disk from the list.
4 Click in the Shares field. Use the drop-down menu to change the value to allocate a number of shares of
its disk bandwidth to the virtual machine.
Shares is a value that represents the relative metric for controlling disk bandwidth to all virtual machines.
The values Low, Normal, High, and Custom are compared to the sum of all shares of all virtual machines
on the server and, on an ESX/ESXi host, the service console. Share allocation symbolic values can be used
to configure their conversion into numeric values.
Adding New Hardware

You can add virtual hardware to a virtual machine using the Add Hardware wizard.
The virtual hardware that you add appears in the hardware list displayed in the Virtual Machine Properties
wizard. The selected guest operating system determines the devices that are available to add to a given virtual
machine.
158 VMware, Inc.

Virtual machine hardware can be reconfigured while the virtual machine is running, if the following conditions
are met:
n The virtual machine has a guest operating system that supports hot-plug functionality. See the Guest
Operating System Installation Guide.
n The virtual machine is using hardware version 7.
n Virtual CPUs can only be added while the virtual machine is running if CPU Hot Plug has been enabled
on the Options tab of the Virtual Machine Properties dialog box.
NOTE If a virtual machine is on a host managed by vCenter Server, be sure to connect to vCenter Server when
adding or modifying virtual hardware for the virtual machine. If you connect the vSphere Client directly to
the host, add hardware operations might fail with the error message Cannot complete operation due to
concurrent modification by another operation.
Rescan a Host
You rescan a host to ensure that it detects changes made to storage adapter or SAN configuration.
Procedure
1 Select a host.
2 Select the Configuration tab.
3 Click Network Adapters in the Hardware section.
4 Click Rescan.
5 Select New Storage Devices
6 Click OK.
Start the Add Hardware Wizard

The Add Hardware Wizard enables you to reconfigure a virtual machine’s hardware.
Procedure
1 In the vSphere Client, click Inventory in the navigation bar. Expand the inventory as needed, and click
the appropriate virtual machine.
2 To display the Virtual Machine Properties dialog box, click the Edit Settings link in the Commands panel.
3 Click the Hardware tab.
4 Click Add to start the Add Hardware wizard.
Add a Serial Port to a Virtual Machine

When you add a serial port to a virtual machine, you can use a physical serial port on the host, an output file,
or a named pipe.
Procedure
1 Start the Add Hardware wizard.
2 Select Serial Port, and click Next.
3 Select the type of media you want the virtual port to access: use a physical serial port on the host, output
to a file, or connect to a named pipe.
4 Click Next.
VMware, Inc. 159

5 If you selected Use physical serial port on the host, use the drop-down menu to select the port on the
host computer that you want to use for this serial connection.
6 If you selected Output to file, browse to the file on the host that you want to use to store the output of the
virtual serial port.
7 If you selected Connect to named pipe, enter a pipe name in the Pipe Name field and use the drop-down
menus to select the near and far ends of the pipe.
The options for the near end are client or server. The options for the far end are a process or a virtual
machine.
By default, the serial port is connected when you power on the virtual machine.
8 (Optional) Deselect the Connect at power on check box if you do not want the serial port to connect when
9 (Optional) Deselect the I/O mode Yield CPU on poll check box if you want to configure this serial port to
use interrupt mode as opposed to polled mode.
Polled mode is of interest primarily to developers who are using debugging tools that communicate over
a serial connection. Polled mode causes the virtual machine to consume a disproportionate share of CPU
time. This makes the host and other guests run sluggishly.
10 (Optional) To maintain best performance for applications on the host, select the Yield CPU on poll check
box.
This forces the affected virtual machine to use interrupt mode, which yields CPU time if the only task it
is trying to do is poll the virtual serial port.
11 Review the information on the Ready to Complete page, and click Finish.
Add a Parallel Port to a Virtual Machine

When you add a parallel port to a virtual machine, you can use a parallel port on the host or an output file.
Procedure
2 Select Parallel Port, and click Next.
3 Select Use physical parallel port on the host or Output to file, and click Next.
4 If you selected Use physical parallel port on the host, select the port from the drop-down menu. If you
selected Output to file, browse to the location of the file.
5 Under Device status, deselect the Connect at power on check box if you do not want the parallel port
device to be connected when the virtual machine powers on.
6 Click Next.
Add a DVD/CD-ROM Drive to a Virtual Machine

You can use a physical drive on a client or host or you can use an ISO image to add a DVD/CD-ROM drive to
a virtual machine.
If you are adding a CD/DVD-ROM drive that is backed by USB CD/DVD drive on the host, you must add the
drive as a SCSI device.
160 VMware, Inc.

Procedure
2 Select DVD/CD-ROM Drive, and click Next.
3 Select either Use physical drive or Use ISO image.

n If you selected Use physical drive, select either client or host as the device location. Select the drive
you want to use from the drop-down menu.
n Select pass through and use the check box to indicate whether to connect exclusively to the virtual
machine, or select ATAPI emulation.
n If you selected Use ISO Image, enter the path and filename for the image file, or click Browse to
navigate to the file.
4 If you do not want the CD-ROM drive connected when the virtual machine starts, deselect Connect at
power on.
5 Click Next.
6 Specify the virtual device node the drive uses in the virtual machine, and click Next.
7 Review the information on the Ready to Complete window, and click Finish or Back if you want to change
any information.
Add a Floppy Drive to a Virtual Machine

Use a physical floppy drive or a floppy image to add a floppy drive to a virtual machine.
Procedure
2 Select Floppy Drive, and click Next.
3 Select the type of floppy media to use:

n A physical floppy drive to give the guest access to the floppy on the host.
n A floppy image, which is a file on the host that stores data in the same format as a physical floppy
disk.
n A blank floppy image to create and use a blank floppy image.
4 Click Next.
5 Specify the location of the floppy drive or image.

n If you selected Use a physical floppy drive, select either client or host as the device location and select
the drive from the drop-down menu.
n If you selected Use a floppy image, browse to the floppy image.
n If you selected Create a blank floppy image, browse to the floppy image.
6 To have the floppy drive connected to the virtual machine when you power it on, select Connect at power
on.
7 Click Next.
VMware, Inc. 161

Add an Ethernet Adapter (NIC) to a Virtual Machine

When you add an Ethernet adapter to a virtual machine, you select the adapter type, the network label and
whether the device should connect when the virtual machine is powered on.
Procedure
2 Select Ethernet Adapter, and click Next.

3 In the Adapter Type section, select a type.
4 In the Network connection panel, select either a named network with a specified label or a legacy network.
5 To connect the virtual NIC when the virtual machine is powered on, select Connect at power on.
6 Click Next.
7 Review your selections and click Finish.
Network Adapter Types

When you configure a virtual machine, you can add network adapters (NICs) and specify the adapter type.
The type of network adapters that are available depend on the following factors:
n The version of the virtual machine, which depends on what host created it or most recently updated it.
n Whether or not the virtual machine has been updated to the latest version for the current host.
n The guest operating system.
The following NIC types are supported:
Flexible Supported on virtual machines that were created on ESX Server 3.0 or greater
and that run 32-bit guest operating systems. The Flexible adapter functions as
a Vlance adapter if VMware Tools is not installed in the virtual machine and
as a Vmxnet driver if VMware Tools is installed in the virtual machine.
e1000 Emulates the functioning of an E1000 network card. It is the default adapter
type for virtual machines that run 64-bit guest operating systems.
Enhanced vmxnet An upgraded version of the Vmxnet device with enhanced performance. It
requires that VMware Tools be installed in the virtual machine.
vmxnet 3 Next generation Vmxnet device with enhanced performance and enhanced
networking features. It requires that VMware Tools be installed in the virtual
machine, and is available only on virtual machines with hardware version 7
and greater.
Network Adapters and Legacy Virtual Machines

This section discusses network adapters on legacy virtual machines.
If your virtual machine was created on ESX Server 3.0 or greater and runs a 32-bit guest operating system, the
default adapter type is Flexible. The Flexible adapter functions as a Vlance adapter if the adapter’s driver is
the stock driver the guest operating system. The Flexible adapter functions as a vmxnet adapter if the vmxnet
driver has been installed on the virtual machine as part of the VMware Tools installation.
If your virtual machine runs a 64-bit guest operating system, the default adapter type is E1000. If you change
a virtual machine from a 32-bit to a 64-bit guest operating system, or the reverse, you must remove the existing
network adapter and replace it with a new one, or the virtual machine will not power on.
162 VMware, Inc.

If you do a hardware upgrade on a legacy virtual machine, the adapter type for that upgraded machine is as
follows:
n If the adapter type was Vlance, the adapter type on the upgraded virtual machine is Flexible. That adapter
functions as a Vlance adapter would function. If you want to obtain significantly better performance, you
need only install the VMware Tools on the virtual machine as described in the previous step.
n If the adapter type is vmxnet, the adapter type on the upgraded virtual machine is still vmxnet. However,
you cannot change this adapter’s type to Vlance, as you would have been able to do on a legacy virtual
machine.
Add a Hard Disk to a Virtual Machine

When you add a hard disk to a virtual machine, you can create a new virtual disk, add an existing virtual disk,
or add a mapped SAN LUN.
Procedure
2 Select Hard Disk, and click Next.
3 Select the type of storage for the virtual machine’s disk, and click Next.
You can store virtual machine data in a new virtual disk, an existing virtual disk, or a Mapped SAN LUN.
A virtual disk, which appears as a single hard disk to the guest operating system, is composed of one or
more files on the host file system. Virtual disks can easily be copied or moved on the same host or between
hosts.
4 If you selected Create a new virtual disk, do the following:
a Enter the disk capacity.
b Select the location as either Store with the virtual machine or Specify a datastore.
c If you selected Specify a datastore, browse for the datastore location, and click Next. Continue with
Step 7.
5 If you selected an existing disk, browse for the disk file path and click Next.
6 If you selected Mapped SAN LUN:
a Select the LUN that you want to use for the raw disk, and click Next.
b Select a datastore and click Next.
c Select the compatibility mode: physical to allow the guest operating system to access the hardware
directly or virtual to allow the virtual machine to use VMware snapshots and other advanced
functions. Click Next.
7 Specify the virtual device node.
8 Set virtual disk mode options:
a Select Independent to make the disk independent. Independent disks are not affected by snapshots.
b If you selected Independent, select one of the two modes for independent disks:
n Persistent – The disk operates normally except that changes to the disk are permanent even if the
virtual machine is reverted to a snapshot.
n Nonpersistent – The disk appears to operate normally, but whenever the virtual machine is
powered off or reverted to a snapshot, the contents of the disk return to their original state. All
later changes are discarded.
VMware, Inc. 163

9 Click Next.
10 Review the information, and click Finish.
Add a SCSI Device to a Virtual Machine

You can add a SCSI device to a virtual machine through the Add Hardware wizard.
Procedure

2 Select SCSI Device, and click Next.
3 Under Connection, use the drop-down menu to select the physical device you want to use.
4 To connect this virtual machine to the server’s SCSI device when the virtual machine is powered on, select
Connect at power on.
5 Under Virtual device node, select the virtual device node where you want this device to appear in the
virtual machine.
You can also select the check box to indicate that the virtual device is set up in the same way as the physical
unit.
6 Review the information in the Ready to Complete page, and click Finish.
Add a PCI Device

VMDirectPath I/O allows a guest operating system on a virtual machine to directly access physical PCI and
PCIe devices connected to a host. Each virtual machine can be connected to up to two PCI devices.
PCI devices connected to a host can be marked as available for passthrough from the Hardware Advanced
Settings in the Configuration tab for the host.
Prerequisites
®
To use VMDirectPath, the host must have Intel Virtualization Technology for Directed I/O (VT-d) or AMD
I/O Virtualization Technology (IOMMU) enabled in the BIOS. In order to add PCI devices to a virtual machine,
the devices must be connected to the host and marked as available for passthrough. In addition, PCI devices
can be added only to virtual machines with hardware version 7.
Procedure
1 Select the virtual machine from the inventory panel and click Virtual Machine > Edit Settings.
2 On the Hardware tab, click Add.
3 In the Add Hardware wizard, select PCI Device and click Next.
4 Select the passthrough device to connect to the virtual machine from the drop-down list and click Next.
5 Click Finish.
Add a Paravirtualized SCSI Adapter

Paravirtual SCSI (PVSCSI) adapters are high-performance storage adapters that can provide greater
throughput and lower CPU utilization. PVSCSI adapters are best suited for environments, especially SAN
environments, running I/O-intensive applications. PVSCSI adapters are not suited for DAS environments.
Prerequisites
An existing virtual machine with a guest operating system and VMware Tools installed. Paravirtual SCSI
adapters do not support bootable disk. Therefore, the virtual machine must be configured with a primary SCSI
adapter to support a disk where the system software is installed.
164 VMware, Inc.

Procedure
1 Right-click on the virtual machine and select Edit Settings.
2 Click Add.
3 Select SCSI Device and click Next.
4 Select a SCSI device.
5 Select an unused Virtual Device Node.
6 Click Next.
7 Review your selections and click Finish.
A new SCSI device and a new SCSI controller are created.
8 Select the new SCSI controller and click Change Type.
9 Select VMware Paravirtual and click OK.
About VMware Paravirtual SCSI Adapters

Paravirtual SCSI (PVSCSI) adapters are high-performance storage adapters that can result in greater
throughput and lower CPU utilization. Paravirtual SCSI adapters are best suited for high performance storage
environments. Paravirtual SCSI adapters are not suited for DAS environments. VMware recommends that you
create a primary adapter (LSI Logic by default) for use with a disk that will host the system software (boot
disk) and a separate PVSCSI adapter for the disk that will store user data, such as a database.
Paravirtual SCSI adapters are available for virtual machines running hardware version 7 and greater. They are
supported on the following guest operating systems:
n Red Hat Linux (RHEL) 5
The following features are not supported with Paravirtual SCSI adapters:
n Boot disks
n Record/Replay
n Fault Tolerance
n MSCS Clustering
Paravirtual SCSI adapters have the following limitations:

n Hot-add and Hot-remove requires a bus rescan from within the guest.
n (Windows guests) In the Computer Management console, right-click Storage > Disk Management
and select Rescan Disks.
n (Linux guests) See the Red Hat Linux Web site for the most current instructions.
n Disks on Paravirtual SCSI adapters might not experience performance gains if they have snapshots or if
memory on the ESX host is over committed.
n If you upgrade from RHEL 5 to an unsupported kernel, you might not be able to access data on the disks
attached to a Paravirtual SCSI adapter. To regain access to such disks, run the VMware Tools configuration
(vmware-config-tools.pl) with kernel-version parameter and pass the kernel version after the kernel is
upgraded and before the virtual machine is rebooted. Run uname -r to determine the version of the running
kernel.
VMware, Inc. 165

Add a USB Controller to a Virtual Machine

Although you can add a USB controller to a virtual machine, attaching USB devices is not supported.
Converting Virtual Disks from Thin to Thick

If you created a virtual disk in the thin format, you can convert it to thick.
The thin provisioned disk starts small and at first, uses just as much storage space as it needs for its initial
operations. You can determine whether your virtual disk is in the thin format and, if required, convert it to
thick. After having been converted, the virtual disk grows to its full capacity and occupies the entire datastore
space provisioned to it during the disk’s creation.
For more information on thin provisioning and disk formats, see ESX Configuration Guide or ESXi Configuration
Guide.
Determine the Disk Format of a Virtual Machine

You can determine whether your virtual disk is in thick or thin format.
Procedure
2 Click Edit Settings to display the Virtual Machine Properties dialog box.
3 Click the Hardware tab and select the appropriate hard disk in the Hardware list.
The Disk Provisioning section on the right shows the type of your virtual disk, either Thin or Thick.
4 Click OK.
What to do next
If your virtual disk is in the thin format, you can inflate it to its full size.
Convert a Virtual Disk from Thin to Thick

Procedure
2 Click the Summary tab and, under Resources, double-click the datastore for the virtual machine to open
the Datastore Browser dialog box.
3 Click the virtual machine folder to find the virtual disk file you want to convert. The file has the .vmdk
extension.
4 Right-click the virtual disk file and select Inflate.
The virtual disk in thick format occupies the entire datastore space originally provisioned to it.
166 VMware, Inc.

Working with Templates and Clones 14
A template is a master copy of a virtual machine that can be used to create and provision new virtual machines.
This image typically includes a specified operating system and configuration that provides virtual counterparts
to hardware components. Typically, a template includes an installed guest operating system and a set of
applications.
Templates coexist with virtual machines at any level within the template and virtual machine domain. You
can order collections of virtual machines and templates into arbitrary folders and apply a variety of permissions
to both virtual machines and templates. Virtual machines can be transformed into templates without requiring
a full copy of the virtual machine files and the creation of a new object.
You can use templates to create new virtual machines by deploying the template as a virtual machine. When
complete, the deployed virtual machine is added to the folder chosen by the user.
To view templates, select the datacenter and click the Virtual Machines tab. All virtual machines and templates
for the datacenter are visible from here. Virtual machines and templates have different icons.

n “Creating Templates,” on page 167
n “Edit a Template,” on page 169
n “Change Template Name,” on page 170
n “Deploy Virtual Machines from Templates,” on page 170
n “Convert Templates to Virtual Machines,” on page 171
n “Deleting Templates,” on page 171
n “Regain Templates,” on page 172
n “Clone Virtual Machines,” on page 172
n “Create a Scheduled Task to Clone a Virtual Machine,” on page 173
Creating Templates
Templates can be created by using an existing virtual machine or cloning a virtual machine or existing template.
You can create a template by:

n Using an existing virtual machine in place. This process converts the original virtual machine.
n Cloning a virtual machine to a template.
n Cloning an existing template.
VMware, Inc. 167

Convert Virtual Machine to Template

You can use an existing virtual machine to convert into a template.
Procedure
1 Start the vSphere client, and log in to the vCenter Server system.
2 From the Home page, click VMs and Templates.
3 Expand the inventory as needed, and select a virtual machine.

4 Turn off the virtual machine using the shut-down or power-off options.
5 Right-click the virtual machine and select Convert to Template.
vCenter Server marks that virtual machine as a template and displays the task in the Recent Tasks pane.
Clone Virtual Machine to Template

You can clone an existing virtual machine into a template.
Procedure
4 Right-click the virtual machine and click Clone to Template.
The Clone Virtual Machine to Template wizard appears.
5 Give the new template a name, select its inventory location, and click Next.
6 Pass through the target location page and click Next.
7 Specify in which format to store the template’s virtual disks.
Option Description
Same as Source Use the format of the original virtual disk.
Thin Provisioned Use the thin format to save storage space. The thin virtual disk starts small
and at first, uses just as much storage space as it needs for its initial
operations. When the virtual disk requires more space, it can grow to its
maximum capacity and occupy the entire datastore space originally
provisioned to it.
Only VMFS datastores version 3 and later support virtual disks in the thin
format.
Thick Allocate a fixed amount of storage space to the virtual disk. The virtual disk
in the thick format does not change its size and from the very beginning
occupies the entire datastore space provisioned to it.
8 Click Next.
9 Click Finish.
vCenter Server displays the Tasks inventory panel for reference and adds the cloned template to the list
in the information panel.
168 VMware, Inc.

Chapter 14 Working with Templates and Clones
Clone Existing Template

You can clone an existing virtual machine template.
Procedure
3 Select the datacenter that contains the template.

The virtual machines and templates associated with the datacenter appear in the datacenter panel.
4 Right-click the template and select Clone.
The Clone Template wizard appears.
5 Give the new template a unique name and description, and click Next.
6 Select the host or cluster, and click Next.
7 Select a datastore for the template and click Next.
8 Specify in which format to store the template’s virtual disks:
Option Description
Thin Provisioned Use the thin format to save storage space. The thin virtual disk starts small
and at first, uses just as much storage space as it needs for its initial
operations. When the virtual disk requires more space, it can grow to its
maximum capacity and occupy the entire datastore space provisioned to it.
Only VMFS datastores version 3 and later support virtual disks in the thin
format.
Thick Allocate a fixed amount of storage space to the virtual disk. The virtual disk
in thick format does not change its size and from the very beginning occupies
the entire datastore space provisioned to it.
9 Click Next.
10 Review the information for your new virtual machine and click Finish.
You cannot use the new template until the cloning task completes.
vCenter Server adds the cloned template to the list in the Virtual Machines tab.
Edit a Template
You can edit templates. You might want to edit templates to upgrade or add applications, or change hardware.
You can edit your template (to upgrade an application, for example). You cannot edit templates as templates.
You must convert the template to a virtual machine, edit it, and convert the edited virtual machine to a template.
Procedure
1 Convert the template to a virtual machine.
2 Edit the virtual machine.
3 Convert the virtual machine to a template.
VMware, Inc. 169

Change Template Name

You can directly change the name of a template.
Procedure
3 Right-click the template and select Rename.

The name of the virtual machine is now an editable field.
4 Change the name and click outside the field to save your changes.
Deploy Virtual Machines from Templates

This task deploys a virtual machine from an existing template.
Procedure
3 Select the datacenter that contains the template, and click the Virtual Machines tab.
4 Right-click the template, and select Deploy Virtual Machine from this Template.
The Deploy Template wizard appears.
5 Give the new virtual machine a name, select a location, and click Next.
6 On the Host / Cluster page, select the host on which you want to store the template and click Next.
7 Select a resource pool (if applicable) in which you want to run the virtual machine, and click Next.
Resource pools allow hierarchical management of resources within a host or cluster. Virtual machines and
child pools share the resources of their parent pool.
8 Select a datastore for the virtual machine and click Next.
You are choosing the datastore in which to store the files for the virtual machine. You should select one
that is large enough to accommodate the virtual machine and all of its virtual disk files so that they can
all reside in the same place.
The Advanced button allows you to store individual files in separate locations. To return to the datastore
selection page, click the Basic button.
170 VMware, Inc.

9 In the Select Guest Customization Option page, perform one of these actions:
n If you do not want to customize your guest operating system, select Do not customize and click
Next.
n If you want to customize your guest operating system, click one of the other selections as appropriate.
You customize guest operating systems through the wizard or by using an existing customization
specification that you create.
NOTE Customization is not supported for all guest operating systems. Additionally, some guest
operating systems require Microsoft Sysprep tools.
10 In the Ready to Complete page, review the information for your new virtual machine, select the Power
on the new Virtual Machine after creation check box if you want to power on the virtual machine
immediately, and click Finish.
After you click Finish, you cannot use or edit the virtual machine until the task completes. This might
take several minutes. The virtual machine is added to the datastore.
Convert Templates to Virtual Machines

You can convert a template into a virtual machine.
When a template that resides on a legacy VMFS2 datastore is converted to a virtual machine, the resulting
virtual machine must be registered on the host where the template was created. Select this host as the
destination for the new virtual machine.
Procedure
1 Start the vSphere Client, and log in to the vCenter Server system.
3 Select the datacenter that contains the template.
5 Right-click the template and select Convert to Virtual Machine.
The template is converted to a virtual machine.
Deleting Templates
You can delete a template by removing it from the inventory or deleting the template from the disk.
Remove Templates from Inventory

This procedure unregisters the template. It does not remove the template files from the datastore.
Procedure
3 Select the appropriate template.
4 Right-click the template, and select Remove from Inventory.
5 Click OK to confirm removing the template from the vCenter Server database.
The template is unregistered from the vCenter Server inventory.
VMware, Inc. 171

Delete Template from Disk

Deleted templates are permanently removed from the system.
Procedure
3 Select the datastore that contains the template, and click the Virtual Machine tab.
4 Right-click the template, and select Delete from Disk.
5 Click OK to confirm removing the template from the vCenter Server database.
The template is deleted from the disk and cannot be recovered.
Regain Templates
Templates are associated with hosts, and the only way to regain or register templates after removing and
adding a host is to use the datastore browser to locate the template. Then use the inventory wizard to name
and register the .vmtx file as a template back into vCenter Server.
If you want the template to retain its original name, do not enter a name in the Add to Inventory wizard.
vCenter Server will use the original name if the field in the wizard is left blank.
Procedure
3 Right-click the datastore that contains the template and select Browse Datastore.
4 Browse through the datastore folders to find the .vmtx file.
5 Right-click the .vmtx file and select Add to Inventory.
The Add to Inventory wizard appears.
6 Enter a template machine name, select a location, and click Next.
7 Select a host or cluster on which to store the template, and click Next.
8 Review your selections, and click Finish.
The template is registered to the host. You can view the template from the host’s Virtual Machine tab.
Clone Virtual Machines

A clone is a copy plus customization of a virtual machine. When you create a clone, vCenter Server provides
an option to customize the guest operating system of that virtual machine.
You can place the new clone on any host within any datacenter.
Procedure
1 Start the vSphere Client and log in to the vCenter Server system.
3 Expand the inventory as needed, and click the source virtual machine.
172 VMware, Inc.

5 Right-click the virtual machine and select Clone.
The Clone Virtual Machine wizard appears.
6 Enter a virtual machine name, select a location, and click Next.
7 Select a host or cluster on which to run the clone, and click Next.
8 If you select a cluster, you must select a specific host within the cluster, and click Next.
9 Select a resource pool in which to run the clone, and click Next.
10 Select the datastore location where you want to store the virtual machine files, and click Next.
11 Click Advanced for more options, and click Next.
The Select Guest Customization Option page appears. You can choose to customize the guest operating
system using the wizard or using an existing customization specification. You can also choose not to
customize.
12 Select the appropriate button, and click Next.
13 Review your selections, and click Finish.
On the Ready to Complete New Virtual Machine page, you can select the check box to power on the new
virtual machine after creation. After you click Finish, you cannot use or edit the virtual machine until the
task completes. If the task involves the creation of a virtual disk, it could take several minutes to complete.
Create a Scheduled Task to Clone a Virtual Machine

This procedure creates a scheduled task to clone a virtual machine.
Procedure
2 From the Home page, click Scheduled Tasks.
3 Select File > New > Scheduled Task, or click New.
The Select a Task to Schedule dialog box appears.
4 Select Clone a virtual machine from the drop-down menu, and click OK.
The Clone Virtual Machine wizard appears.
5 Select the virtual machine to clone and click Next.
6 Follow the wizard through the same steps as those in the previous task in which you cloned a virtual
machine.
7 Enter a name and a task description in the text box.
8 Select the frequency of the task.
VMware, Inc. 173

9 Select Now or Later. If later, enter the time and date when you want the virtual machine to be deployed,
and click Next.
To see the calendar, click Later, and click the drop-down arrow to select a date from the calendar. A red
circle indicates today’s date, and a dark circle indicates the scheduled date.
10 Review the information on the Ready to Complete New Virtual Machine page, and click Finish.
Optionally, you can select the check box to power on the new virtual machine after it is created.
vCenter Server adds the new task to the scheduled task list and completes it at the designated time. When
it is time to perform the task, vCenter Server first verifies that the user who created the task still has
permission to complete the task. If the permission levels are not acceptable, vCenter Server sends a
message to the log and the task is not performed.
174 VMware, Inc.

Customizing Guest Operating
Systems 15
The Guest Customization wizard lets you create specifications you can use to prepare the guest operating
systems of virtual machines to function in a target environment.
You can store specifications in the database to customize the guest operating system of a virtual machine during
the cloning or deploying process. Use the Customization Specification Manager to manage customization
specifications you create with the Guest Customization wizard.

n “Preparing for Guest Customization,” on page 175
n “Customize Windows During Cloning or Deployment,” on page 178
n “Customize Linux During Cloning or Deployment,” on page 179
n “Create a Customization Specification for Linux,” on page 180
n “Create a Customization Specification for Windows,” on page 180
n “Managing Customization Specification,” on page 181
n “Completing a Guest Operating System Customization,” on page 183
Preparing for Guest Customization

This topic lists the tasks that must be performed before running the Guest Customization wizard.
Before you run the Guest Customization wizard:

n You must create and configure a virtual machine.
n The virtual machine must be registered in the vCenter Server inventory.
n Verify that your system meets the virtual hardware requirements for guest customization listed in “Virtual
Hardware Requirements for Guest Customization,” on page 176.
n Verify that your system meets the operating system requirements for guest customization listed in
“Windows Requirements for Guest Customization,” on page 176 and “Linux Requirements for Guest
Customization,” on page 177.
n Understand the naming requirements for a guest operating system as described in “Naming Requirements
for a Guest Operating System,” on page 178.
n If you are customizing a Windows guest operating system, verify that all required components are
installed on the Windows machine where vCenter Server is installed.
NOTE After deploying and customizing nonvolume-licensed versions of Windows XP or Windows 2003, you
might need to reactivate your Microsoft operating system on the new virtual machine.
VMware, Inc. 175

Virtual Hardware Requirements for Guest Customization

This topic describes the virtual machine hardware requirements for customizing the guest operating system.
Guest customization requires that the source virtual machine that you use to create a clone or template has the
following:
n VMware Tools installed
n 32-bit or 64-bit hardware corresponding to the 32-bit or 64-bit operating system being installed
n SCSI disks
About SCSI Disks

The guest operating system being customized must reside on a disk attached as SCSI 0:0 node in the virtual
machine configuration.
vCenter Server customization operates on the disk attached to the virtual SCSI node with the lowest address
on the SCSI controller with the lowest index.
Setting Up SCSI Disks

This section lists the requirements for setting up SCSI disks.
Consider the following requirements when setting up SCSI disks:

n If a virtual machine has mixed IDE and SCSI disks, the first IDE disk is considered the boot disk, and
vCenter Server passes it to the customizer. “First” is in controller:device order, that is, ide0:0, ide0:1, scsi0:0,
scsi0:1, and so on.
n On a Windows guest operating system, if the virtual machine resides on a host running ESX Server 3.0.x
or earlier, both the active partition (the partition containing boot.ini) and the system partition (the
partition containing the system directory, for example, \WINNT or \WINDOWS), are on the same virtual disk
and attached the SCSI 0:0 virtual SCSI node. It is not a requirement that active and system partitions be
the same partition.
n On a Linux guest operating system, if the virtual machine resides on a host running ESX Server 3.0.x or
earlier, the virtual disk containing the system partition (the partition containing the /etc directory) must
reside on the SCSI 0:0 node.
Windows Requirements for Guest Customization

To customize a Windows guest operating system, the virtual machine must meet certain requirements.
The following are the requirements for Windows:

n The guest operating system is not a primary or backup domain controller.
n The clone or template has one of the following Windows versions installed:
n Windows 2000 Server, Advanced Server, or Professional (including 64-bit)
n Windows XP Professional (including 64-bit)
n Windows Server 2003, Web, Standard, or Enterprise Editions (including 64-bit)
n Windows Server 2008 (including 64-bit)
n Windows Vista (including 64-bit)
Windows Vista customization is supported only on hosts running ESX/ESXi 3.5 and greater.
Windows XP Home or Windows NT4 operating system guest customization is not supported.
176 VMware, Inc.

Chapter 15 Customizing Guest Operating Systems
n The guest operating system has the most recent version of VMware Tools installed.
n The Microsoft Sysprep tools are installed on the vCenter Server system.
Microsoft Sysprep tools have certain requirements and impose certain restrictions on the source machine.
n If the virtual machine resides on a host running ESX Server 3.0.x or earlier, both the active partition (the
partition containing boot.ini) and the system partition (the partition containing the system directory, for
example, \WINNT or \WINDOWS), must be on the same virtual disk.
Linux Requirements for Guest Customization

To customize a Linux guest operating system, the virtual machine must meet certain requirements.
The following are the requirements for Linux:

n The clone or template has one of the following Linux versions installed:
n Red Hat Enterprise Linux AS 2.1
n Red Hat Enterprise Linux ES 2.1
n Red Hat Desktop 3, 4
n Red Hat Enterprise Linux AS 3 (Update 5 or later)
n Red Hat Enterprise Linux ES 3 (Update 5 or later)
n Red Hat Enterprise Linux AS 4 (Update 2 through Update 4)
n Red Hat Enterprise Linux ES 4 (Update 2 through Update 4)
n Red Hat Enterprise Linux AS 4.5 (including 64-bit)
n Red Hat Enterprise Linux 5 (including 64-bit)
n Red Hat Enterprise Linux 5 Desktop
n SUSE Linux Enterprise Server 8, 9, or 10
NOTE Customization for Red Hat Enterprise Linux Server version 4 and greater and SUSE Linux
Enterprise Server version 9 and greater is supported only on hosts running ESX/ESXi 3.5 and greater.
n Ubuntu 8.04
n Debian 4.0
n The guest operating system has the most recent version of VMware Tools installed.
n Perl must be installed in the Linux guest operating system.
n The clone or template has a root volume formatted with an ext2, ext3, or ReiserFS file system.
VMware, Inc. 177

Naming Requirements for a Guest Operating System

In the Guest Customization wizard, on the Computer Name page, you must specify a name for this instance
of a guest operating system. On Linux systems, it is called the host name. The operating system uses this name
to identify itself on the network.
You can set the computer name using one of the following options:
Use a specific name The name can contain alphanumeric characters and the underscore ( _ ) and
hyphen (-) characters. It cannot contain periods (.) or blank spaces and cannot
be made up of digits only. To ensure that the name is unique, select Append a
numeric value to ensure uniqueness. This appends a hyphen followed by a
numeric value to the virtual machine name. Names are case-insensitive.
Use the virtual The computer name that vCenter Server creates is identical to the name of the
machine’s name virtual machine on which the guest operating system is running.
Prompt the user for a The vSphere Client populates the Deploy Virtual Machine wizard with a
name in the Deploy prompt for the computer name after you complete all the steps in the wizard.
wizard
Use a custom Enter a parameter that can be passed to the custom application.
application configured
with vCenter Server to
generate a name
Customize Windows During Cloning or Deployment

In the process of deploying a new virtual machine from a template or cloning an existing virtual machine, you
can customize Windows guest operating systems for the virtual machine.
Procedure
1 From the Clone Virtual Machine or Deploy Template wizard, select Guest Customization.
2 Type the virtual machine owner’s name and organization and click Next.
3 Specify the name that will identify the guest operating system on the network and click Next.
4 Type the Windows product key for the new guest operating system.
5 (Optional) If you are customizing a server guest operating system:
a Select Include Server License Information.
b Select either Per seat or Per server.
For Per server, enter the maximum number of simultaneous connections you want the server to
accept.
6 Click Next.
7 Type a password for the administrator account, and confirm the password by typing it again.
NOTE You can change the administrator password only if the administrator password on the source
Windows virtual machine is blank. If the source Windows virtual machine or template already has a
password, the administrator password does not change.
8 To log users into the guest operating system as Administrator, select the check box, and select the number
of times to log in automatically.
9 Click Next.
178 VMware, Inc.

10 Select the time zone for the virtual machine and click Next.
11 (Optional) On the Run Once page, specify commands to be run the first time a user logs into the guest
operating system and click Next.
12 Select the type of network settings to apply to the guest operating system and click Next:
n Typical settings allow vCenter Server to configure all network interfaces from a DHCP server.
n Custom settings require you to manually configure the network interface settings.
13 Select how the virtual machine will participate in the network by typing the following:
n Workgroup (for example, MSHOME)
n Windows Server Domain: Type the domain, the user name, and the password for a user account that
has permission to add a computer to the specified domain.
14 Click Next.
15 (Optional) Select Generate New Security ID (SID) and click Next.
16 (Optional) Save the customized options as an .xml file:
a Select Save this customization specification for later use.
b Specify the filename for the specification and click Next.
17 Click Finish to save your changes and exit the Guest Customization wizard.
You return to the Deploy Template or Clone Virtual Machine wizard.
Customize Linux During Cloning or Deployment

In the process of deploying a new virtual machine from a template or cloning an existing virtual machine, you
can customize Linux guest operating systems for the virtual machine.
Procedure
1 From the Clone Virtual Machine or Deploy Template wizard, select Guest Customization.
2 Specify a host name to identify the guest operating system on the network.
3 Enter the Domain Name for the computer and click Next.
6 Enter DNS and domain settings.
7 (Optional) Save the customized options as an .xml file:
a Select Save this customization specification for later use.
b Specify the filename for the specification, and click Next.
8 Click Finish to save your changes.
You return to the Deploy Template or Clone Virtual Machine wizard.
VMware, Inc. 179

Create a Customization Specification for Linux

Use the Guest Customization wizard to save guest operating system settings in a specification that you can
apply to virtual machines in your inventory.
Procedure
1 In the vSphere Client, select View > Management > Customization Specifications Manager.
2 Click New.
3 In the Guest Customization wizard, select Linux from the Target Virtual Machine OS menu.
4 Under Customization Specification Information, enter a name for the specification and an optional
description and click Next.
5 Specify a host name to identify the guest operating system on the network.
6 Enter the Domain Name for the computer and click Next.
9 Enter DNS and domain settings.
The custom specification you created is listed in the Customization Specification Manager, and can be used to
customize virtual machine guest operating systems.
Create a Customization Specification for Windows

Use the Guest Customization wizard to save Windows guest operating system settings in a specification that
you can apply to virtual machines in your inventory.
Procedure
2 Click New.
3 In the Guest Customization wizard, select Windows from the Target Virtual Machine OS menu.
4 To use a custom Sysprep Answer File, select the check box.
5 Under Customization Specification Information, enter a name for the specification and an optional
description, and click Next.
6 Enter the virtual machine owner’s name and organization and click Next.
This information appears in the guest operating system System Properties.
7 Type the name that will identify the guest operating system on the network and click Next.
8 Type the Windows product key for the new guest operating system.
180 VMware, Inc.

9 (Optional) If you are customizing a server guest operating system:
a Select Include Server License Information.
b Select either Per seat or Per server.
For Per server, enter the maximum number of simultaneous connections you want the server to
accept.
10 Click Next.
11 Type a password for the administrator account, and confirm the password by typing it again.
NOTE You can change the administrator password only if the administrator password on the source
Windows virtual machine is blank. If the source Windows virtual machine or template already has a
password, the administrator password does not change.
12 To log users into the guest operating system as Administrator, select the check box, and select the number
of times to log in automatically.
13 Click Next.
15 (Optional) On the Run Once page, specify commands to be run the first time a user logs into the guest
operating system and click Next.
17 Select how the virtual machine will participate in the network and click Next.
n Workgroup (for example, MSHOME)
n Windows Server Domain: Type the domain, the user name, and the password for a user account that
has permission to add a computer to the specified domain.
18 (Optional) Select Generate New Security ID (SID) and click Next.
The custom specification you created is listed in the Customization Specification Manager. You can use it to
customize virtual machine guest operating systems.
Managing Customization Specification

Customization specifications are XML files that contain guest operating system settings for virtual machines.
You create customization specifications with the Guest Customization wizard, and manage specifications
using the Customization Specification Manager.
vCenter Server saves the customized configuration parameters in the vCenter Server database. If the
customization settings are saved, the administrator, and domain administrator, passwords are stored in
encrypted format in the database. Because the certificate used to encrypt the passwords is unique to each
vCenter Server system, reinstalling vCenter Server, or attaching a new instance of the server the database,
invalidates the encrypted passwords. The passwords must be re-entered before they can be used.
VMware, Inc. 181

Edit Customization Specifications

You can edit existing specifications using the Customization Specification Manager.
Prerequisites
Before you begin, you must have at least one customization specification.
Procedure
2 In the Customization Specification Manager, right-click a specification and select Edit.
3 Proceed through the Guest Customization wizard to change specification setting.
Export Customization Specifications

You can export customization specifications and save them as .xml files. To apply an exported specification to
a virtual machine, import the .xml file using the Customization Specification Manager.
Prerequisites
Procedure
2 In the Customization Specification Manager, right-click a specification and select Export.
3 In the Save As dialog, enter a file name and location.
4 Click Save.
The specification is saved as an .xml file to the location you specified.
Remove a Customization Specification

You can remove customization specifications from the Customization Specification Manager.
Prerequisites
Procedure
2 In the Customization Specification Manager, right-click a specification and select Remove.
3 In the confirmation dialog box, select Yes.
The specification is removed from the list.
Copy a Customization Specification

You can copy an existing customization specification using the Customization Specification Manager.
Prerequisites
182 VMware, Inc.

Procedure
2 In the Customization Specification Manager, right-click a specification and select Copy.
A new specification is created, Copy of<specification name>.
Import a Customization Specification

You can import an existing specification using the Customization Specification Manager, and use the
specification to customize the guest operating system of a virtual machine.
Prerequisites
Procedure
2 Click Import.
3 From the Open dialog, browse the .xml to import and click Open.
The imported specification is added to the list of customization specifications.
Completing a Guest Operating System Customization

When a new virtual machine boots for the first time, the final steps of the customization process take place.
This includes the following operations:
1 The guest operating system boots.
If the guest operating system pauses when the new virtual machine boots, it might be waiting for you to
correct errors, such as an incorrect product key or invalid user name. Open the virtual machine’s console
to determine whether the system is waiting for information.
2 The guest operating system runs finalization scripts.
NOTE The virtual machine might reboot a number of times.
The log in page appears when the process is complete.
View the Error Log on Windows

If the new virtual machine encounters customization errors while it is booting, the errors are reported using
the guest’s system logging mechanism.
Procedure
u Click the Windows Start button and select Programs > Administrative Tools > Event Viewer.
Errors are logged to %WINDIR%\temp\vmware-imc.
View the Error Log on Linux

If the new virtual machine encounters customization errors while it is booting, the errors are reported using
the guest’s system logging mechanism.
Procedure
u Navigate to /var/log/vmware/customization.log.
VMware, Inc. 183

184 VMware, Inc.

Migrating Virtual Machines 16
Migration is the process of moving a virtual machine from one host or storage location to another. Copying a
virtual machine creates a new virtual machine. It is not a form of migration.
In vCenter Server, you have the following migration options:
Cold Migration Moving a powered-off virtual machine to a new host. Optionally, you can
relocate configuration and disk files to new storage locations. Cold migration
can be used to migrate virtual machines from one datacenter to another.
Migrating a Suspended Moving a suspended virtual machine to a new host. Optionally, you can
Virtual Machine relocate configuration and disk files to new storage location. You can migrate
suspended virtual machines from one datacenter to another.
Migration with VMotion Moving a powered-on virtual machine to a new host. Migration with VMotion
allows you to move a virtual machine to a new host without any interruption
in the availability of the virtual machine. Migration with VMotion cannot be
used to move virtual machines from one datacenter to another.
Migration with Storage Moving the virtual disks or configuration file of a powered-on virtual machine
VMotion to a new datastore. Migration with Storage VMotion allows you to move a
virtual machine’s storage without any interruption in the availability of the
virtual machine.
Both migration of a suspended virtual machine and migration with VMotion are sometimes referred to as “hot
migration”, because they allow migration of a virtual machine without powering it off. Migration with
VMotion is sometimes referred to as "live migration".
You can move virtual machines manually or set up a scheduled task to perform the cold migration.

n “Cold Migration,” on page 186
n “Migrating a Suspended Virtual Machine,” on page 186
n “Migration with VMotion,” on page 186
n “Migration with Storage VMotion,” on page 195
n “Migrate a Powered-Off or Suspended Virtual Machine,” on page 196
n “Migrate a Powered-On Virtual Machine with VMotion,” on page 197
n “Migrate a Virtual Machine with Storage VMotion,” on page 198
n “Storage VMotion Command-Line Syntax,” on page 200
VMware, Inc. 185

Cold Migration
Cold migration is the migration of a powered-off virtual machine. With cold migration, you have the option
of moving the associated disks from one datastore to another. The virtual machines are not required to be on
shared storage.
The virtual machine you want to migrate must be powered off prior to beginning the cold migration process.
CPU compatibility checks do not apply when you migrate a virtual machine with cold migration.
A cold migration consists of the following tasks:

1 The configuration files, including the NVRAM file (BIOS settings), and log files, as well as the disks of the
virtual machine, are moved from the source host to the destination host’s associated storage area.
2 The virtual machine is registered with the new host.
3 After the migration is completed, the old version of the virtual machine is deleted from the source host.
Migrating a Suspended Virtual Machine

When migrating a suspended virtual machine, you also have the option of moving the associated disks from
one datastore to another. The virtual machines are not required to be on shared storage.
Migration of suspended virtual machines is supported in ESX Server 3.x and ESX Server 3i and later only.
Virtual machines created using ESX Server 2.x must be powered off before migration.
When you migrate a suspended virtual machine, the new host for the virtual machine must meet CPU
compatibility requirements, because the virtual machine must resume executing instructions on the new host.
Migration of a suspended virtual machine consists of the following steps:
1 The configuration files, including the NVRAM file (BIOS settings), log files, and the suspend file as well
as the disks of the virtual machine are moved from the source host to the destination host’s associated
storage area.
2 The virtual machine is registered with the new host.
3 After the migration is completed, the old version of the virtual machine is deleted from the source host.
Migration with VMotion

Migration with VMotion™ allows virtual machine working processes to continue throughout a migration.
The entire state of the virtual machine, as well as its configuration file, if necessary, is moved to the new host,
while the associated virtual disk remains in the same location on storage that is shared between the two hosts.
After the virtual machine state is migrated to the alternate host, the virtual machine runs on the new host.
The state information includes the current memory content and all the information that defines and identifies
the virtual machine. The memory content includes transaction data and whatever bits of the operating system
and applications are in the memory. The defining and identification information stored in the state includes
all the data that maps to the virtual machine hardware elements, such as BIOS, devices, CPU, MAC addresses
for the Ethernet cards, chip set states, registers, and so forth.
When you migrate a virtual machine with VMotion, the new host for the virtual machine must meet
compatibility requirements in order for the migration to proceed.
186 VMware, Inc.

Chapter 16 Migrating Virtual Machines
Migration with VMotion happens in three stages:
1 When the migration with VMotion is requested, vCenter Server verifies that the existing virtual machine
is in a stable state with its current host.
2 The virtual machine state information (memory, registers, and network connections) is copied to the target
host.
3 The virtual machine resumes its activities on the new host.
If any error occurs during migration, the virtual machines revert to their original states and locations.
Migration of a suspended virtual machine and migration with VMotion can be referred to as hot migration,
because they allow migration of a virtual machine without powering it off.
Host Configuration for VMotion

In order to successfully use VMotion, you must first configure your hosts correctly.
Ensure that you have correctly configured your hosts in each of the following areas:
n Each host must be correctly licensed for VMotion. For more information on licensing, see the Installation
Guide.
n Each host must meet shared storage requirements for VMotion.
n Each host must meet the networking requirements for VMotion.
VMotion Shared Storage Requirements

Configure hosts for VMotion with shared storage to ensure that virtual machines are accessible to both source
and target hosts.
During a migration with VMotion, the migrating virtual machine must be on storage accessible to both the
source and target hosts. Ensure that the hosts configured for VMotion use shared storage. Shared storage is
typically on a storage area network (SAN), but can also be implemented using iSCSI and NAS shared storage.
See the VMware SAN Configuration Guide for additional information on SAN and the ESX Configuration Guide
or ESXi Configuration Guide for information on other shared storage.
VMotion Networking Requirements

Migration with VMotion requires correctly configured network interfaces on source and target hosts.
VMotion requires a Gigabit Ethernet (GigE) network between all VMotion-enabled hosts. Each host enabled
for VMotion must have a minimum of two Ethernet adapters, at least one of which must be a GigE adapter.
Recommended networking best practices are as follows:

n Use one dedicated Ethernet adapter for the service console (on ESX hosts).
n Use one dedicated GigE adapter for VMotion.
n If only two Ethernet adapters are available:
n For best security, dedicate the GigE adapter to VMotion, and use VLANs to divide the virtual machine
and management traffic on the other adapter.
n For best availability, combine both adapters into a bond, and use VLANs to divide traffic into
networks: one or more for virtual machine traffic, one for the service console (on ESX hosts), and one
for VMotion.
Configure the virtual networks on VMotion-enabled hosts as follows:

n On each host, configure a VMkernel port group for VMotion.
n Ensure that virtual machines have access to the same subnets on source and destination hosts.
VMware, Inc. 187

n Ensure that the network labels used for virtual machine port groups are consistent across hosts. During a
migration with VMotion, vCenter Server assigns virtual machines to port groups based on matching
network labels.
n Use of Jumbo Frames is recommended for best VMotion performance.
CPU Compatibility and Migration

vCenter Server performs a number of compatibility checks before allowing migration of running or suspended
virtual machines to ensure that the virtual machine is compatible with the target hosts.
VMotion transfers the running state of a virtual machine between underlying ESX/ESXi systems. Successful
migration requires that the processors of the target host be able to execute using the equivalent instructions
that the processors of the source host were using when the virtual machine was migrated off of the source host.
Processor clock speeds and cache sizes, and the number of processor cores can vary, but processors must come
from the same vendor class (AMD or Intel) and use compatible feature sets to be compatible for migration with
VMotion.
Migrations of suspended virtual machines also require that the virtual machine be able to resume execution
on the target host using equivalent instructions.
When you initiate a migration with VMotion or a migration of a suspended virtual machine, the Migrate Virtual
Machine wizard checks the destination host for compatibility and produces an error message if there are
compatibility problems that will prevent migration.
When a virtual machine is powered on, it determines its available CPU feature set. The virtual machine’s CPU
feature set is based on the host’s CPU feature set. However, some of the host CPU features can be hidden from
the virtual machine if the host is part of a cluster using Enhanced VMotion Compatibility (EVC), or if a CPU
compatibility mask is applied to the virtual machine.
NOTE VMware, in partnership with CPU and hardware vendors, is working to maintain VMotion
compatibility across the widest range of processors. For additional information, search the VMware
Knowledge Base for the VMotion and CPU Compatibility FAQ.
CPU Compatibility Scenarios

vCenter's CPU compatibility checks compare the features available on the source and target host CPUs. A
mismatch in user-level features blocks migration. A mismatch in kernel-level features does not block migration.
When you attempt to migrate a virtual machine with VMotion, one of the following scenarios applies:
n The destination host feature set matches the virtual machine’s CPU feature set. CPU compatibility
requirements are met, and migration with VMotion proceeds.
n The virtual machine’s CPU feature set contains features not supported by the destination host. CPU
compatibility requirements are not met, and migration with VMotion cannot proceed.
n The destination host supports the virtual machine’s feature set, plus additional user-level features (such
as SSE4.1) not found in the virtual machine’s feature set. CPU compatibility requirements are not met, and
migration with VMotion cannot proceed.
n The destination host supports the virtual machine’s feature set, plus additional kernel-level features (such
as NX or XD) not found in the virtual machine’s feature set. CPU compatibility requirements are met, and
migration with VMotion proceeds. The virtual machine retains its CPU feature set as long as it remains
powered on, allowing it to migrate freely back to the original host. However, if the virtual machine is
rebooted, it acquires a new feature set from the new host, which might cause VMotion incompatibility if
you attempt to migrate the virtual machine back to the original host.
188 VMware, Inc.

CPU Families and Feature Sets

Processors are grouped into families. Processors within a given family generally have similar feature sets.
Processor families are defined by the processor vendors. You can distinguish different processor versions
within the same family by comparing the processors’ model, stepping level, and extended features. In some
cases, processor vendors have introduced significant architectural changes within the same processor family,
such as the SSSE3 and SSE4.1 instructions, and NX/XD CPU security features.
By default, vCenter Server identifies mismatches on features accessible to applications as incompatible to

guarantee the stability of virtual machines after migrations with VMotion.
Server hardware’s CPU specifications will usually indicate whether or not the CPUs contain the features that
affect VMotion compatibility. If the specifications of a server or its CPU features are unknown, VMware’s
bootable CPU identification utility (available for download from the VMware website) can be used to boot a
server and determine whether its CPUs contain features such as SSE3, SSSE3, and NX/XD.
®
For more information on identifying Intel processors and their features, see Application Note 485: Intel Processor
Identification and the CPUID Instruction, available from Intel. For more information on identifying AMD
processors and their features, see CPUID Specification, available from AMD.
NX/XD Considerations
The AMD No eXecute (NX) and the Intel eXecute Disable (XD) technology serve the same security purpose.
They mark memory pages as data-only to prevent malicious software exploits and buffer overflow attacks.
Refer to the documentation for your guest operating system to determine whether it supports NX and XD.
In ESX/ESXi 3.0 and later, NX and XD technology is exposed by default for all guest operating systems that
can use it (trading off some compatibility for security by default). Hosts that were previously compatible for
VMotion in ESX Server 2.x might become incompatible after upgrading to ESX/ESXi 3.0 and later, because the
NX or XD is now exposed when it was previously suppressed, but you can use per-virtual machine CPU
compatibility masks to restore compatibility.
VMware, Inc. 189

SSE3 Considerations
Within the Intel P4 and AMD Opteron processor families, VMware places a restriction between processors that
do support the SSE3 instructions and processors that do not support the SSE3 instructions. Because they are
application level instructions that bypass the virtualization layer, these instructions could cause application
instability if mismatched after a migration with VMotion.
SSSE3 Considerations
Within the Intel P4 and Intel Core processor families, VMware places a restriction between processors that do
support the SSSE3 instructions and processors that do not support the SSSE3 instructions. Because they are
application level instructions that bypass the virtualization layer, these instructions could cause application
instability if mismatched after a migration with VMotion.
SSE4.1 Considerations
Within the Intel Core 2 processor family, VMware places a restriction between processors that do support the
SSE4.1 instructions and processors that do not support the SSE4.1 instructions because they are application
level instructions that bypass the virtualization layer, and could cause application instability if mismatched
after a migration with VMotion.
About Enhanced VMotion Compatibility

You can use the Enhanced VMotion Compatibility (EVC) feature to help ensure VMotion compatibility for the
hosts in a cluster. EVC ensures that all hosts in a cluster present the same CPU feature set to virtual machines,
even if the actual CPUs on the hosts differ. Using EVC prevents migrations with VMotion from failing because
of incompatible CPUs.
Configure EVC from the cluster settings dialog box. When you configure EVC, you configure all host processors
in the cluster to present the feature set of a baseline processor. EVC leverages AMD-V Extended Migration
technology (for AMD hosts) and Intel FlexMigration technology (for Intel hosts) to mask processor features so
that hosts can present the feature set of an earlier generation of processors. The baseline feature set must be
equivalent to, or a subset of, the feature set of the host with the smallest feature set in the cluster.
EVC masks only those processor features that affect VMotion compatibility. Enabling EVC does not prevent
a virtual machine from taking advantage of faster processor speeds, increased numbers of CPU cores, or
hardware virtualization support that might be available on newer hosts.
EVC cannot prevent virtual machines from accessing hidden CPU features in all circumstances. Applications
that do not follow CPU vendor recommended methods of feature detection might behave unexpectedly in an
EVC environment. VMware EVC cannot be supported with ill-behaved applications that do not follow the
CPU vendor recommendations. For more information about creating well-behaved applications, search the
VMware Knowledge Base for the article Detecting and Using New Features in CPUs.
EVC Requirements
Hosts in an EVC cluster must meet certain requirements.
To enable EVC on a cluster, the cluster must meet the following requirements:
n You must be running vCenter Server 2.5 Update 2 or later.
n All virtual machines in the cluster that are running on hosts with a feature set greater than the EVC mode
you intend to enable must be powered off or migrated out of the cluster before EVC is enabled. (For
example, consider a cluster containing an Intel Xeon Core 2 host and an Intel Xeon 45nm Core 2 host, on
which you intend to enable the Intel Xeon Core 2 baseline. The virtual machines on the Intel Xeon Core 2
host can remain powered on, but the virtual machines on the Intel Xeon 45nm Core 2 host must be powered
off or migrated out of the cluster.)
n All hosts in the cluster must have CPUs from a single vendor, either AMD or Intel.
n All hosts in the cluster must be running ESX/ESXi 3.5 Update 2 or later.
190 VMware, Inc.

n All hosts in the cluster must be connected to the vCenter Server system.
n All hosts in the cluster must have advanced CPU features, such as hardware virtualization support (AMD-
V or Intel VT) and AMD No eXecute (NX) or Intel eXecute Disable (XD), enabled in the BIOS if they are
available.
n All hosts in the cluster should be configured for VMotion. See “Host Configuration for VMotion,” on
page 187.
n All hosts in the cluster must have supported CPUs for the EVC mode you want to enable. For specific host
processors supported, see Table 16-1.
Any host added to an existing EVC-enabled cluster must also meet the requirements listed above.
NOTE Hardware vendors sometimes disable particular CPU features in the BIOS by default. This can cause
problems in enabling EVC, because the EVC compatibility checks do not detect features that are expected to
be present for a particular CPU. If you cannot enable EVC on a system with a compatible processor, ensure
that all features are enabled in the BIOS.
Table 16-1 lists the processors supported in EVC Clusters.
Table 16-1. Processors Supported in EVC Clusters

Vendor EVC Mode Processors Supported
AMD AMD Opteron Generation 1 AMD Opteron Generation 1
AMD Opteron Generation 2
AMD Opteron Generation 2 AMD Opteron Generation 2
AMD Opteron Generation 3 AMD Opteron Generation 3
Intel Intel Xeon Core 2 Intel Xeon Core 2
Intel Xeon 45nm Core 2
Intel Xeon Core i7
Intel Xeon 45nm Core 2 Intel Xeon 45nm Core 2
Intel Xeon Core i7
Intel Xeon Core i7 Intel Xeon Core i7
Create an EVC Cluster

Create an EVC cluster to help ensure VMotion compatibility between the hosts in the cluster.
When you create an EVC cluster, use one of the following methods:
n Create an empty cluster, enable EVC, and move hosts into the cluster.
n Enable EVC on an existing cluster.
VMware recommends creating an empty EVC cluster as the simplest way of creating an EVC cluster with
minimal disruption to your existing infrastructure.
Prerequisites
Before you create an EVC cluster, ensure that the hosts you intend to add to the cluster meet the requirements
listed in “EVC Requirements,” on page 190.
VMware, Inc. 191

Procedure
1 Create an empty cluster, and enable EVC.
Select the CPU vendor and feature set appropriate for the hosts you intend to add to the cluster. For
information on configuring EVC, see the vSphere Client online Help.
Other cluster features such as VMware DRS and VMware HA are fully compatible with EVC. You can
enable these features when you create the cluster. For information on specific cluster options, see the
vSphere Client online Help.
2 Select a host to move into the cluster.

3 If the host feature set is greater than the baseline feature set that you have enabled for the EVC cluster, do
one of the following:
n Power off all the virtual machines on the host.
n Migrate the host’s virtual machines to another host using VMotion.
4 Move the host into the cluster.
You can power on the virtual machines on the host, or migrate virtual machines into the cluster with
VMotion, if the virtual machines meet CPU compatibility requirements for the cluster’s baseline feature
set. Virtual machines running on hosts with more features than the EVC cluster baseline must be powered
off before migration into the cluster.
5 Repeat Step 3 and Step 4 for each additional host that you want to move into the cluster.
Enable EVC on an Existing Cluster

Enable EVC on an existing cluster to help ensure VMotion compatibility between the hosts in the cluster.
Prerequisites
Before you enable EVC on an existing cluster, ensure that the hosts in the cluster meet the requirements listed in
“EVC Requirements,” on page 190.
Procedure
1 Select the cluster for which you want to enable EVC.
2 If virtual machines are running on hosts that have feature sets greater than the baseline feature set you
intend to enable, do one of the following tasks:
n Power off all the virtual machines on the hosts with feature sets greater than the EVC baseline.
n Migrate the cluster’s virtual machines to another host using VMotion.
Because these virtual machines are running with more features than the EVC cluster baseline you
intend to set, power off the virtual machines to migrate them back into the cluster after enabling EVC.
3 Ensure that the cluster contains hosts with CPUs from only one vendor, either Intel or AMD.
4 Edit the cluster settings and enable EVC.
Select the CPU vendor and feature set appropriate for the hosts in the cluster.
5 If you powered off or migrated virtual machines out of the cluster, power on the virtual machines in the
cluster, or migrate virtual machines into the cluster.
Any virtual machines running at a higher baseline than the EVC mode you enabled for the cluster must
be powered off before they can be moved back into the cluster.
192 VMware, Inc.

Change the EVC Mode for an Existing Cluster

If all the hosts in a cluster are compatible with the new mode, you can change the EVC mode of an existing
EVC cluster. You can raise the EVC mode to expose more CPU features, or lower the EVC mode to hide CPU
features and increase compatibility.
To raise the EVC mode from a CPU baseline with fewer features to one with more features, you do not need
to turn off any running virtual machines in the cluster. Virtual machines that are running do not have access
to the new features available in the new EVC mode until they are powered off and powered back on. A full
power cycling is required. Rebooting the guest operating system or suspending and resuming the virtual
machine is not sufficient.
To lower the EVC mode from a CPU baseline with more features to one with fewer features, you must first
power off the virtual machines in the cluster, and power them back on after the new mode has been enabled.
Prerequisites
If you intend to lower the EVC mode, power off the currently running virtual machines in the cluster.
Procedure
1 Display the cluster in the inventory.
2 Right-click the cluster and select Edit Settings.

3 In the left panel, select VMware EVC.
The dialog box displays the current EVC settings.
4 To edit the EVC settings, click Change.
5 From the VMware EVC Mode drop-down menu, select the baseline CPU feature set you want to enable
for the cluster.
If the selected EVC Mode cannot be selected, the Compatibility pane displays the reason or reasons why,
along with the relevant hosts for each reason.
6 Click OK to close the EVC Mode dialog box, and click OK to close the cluster settings dialog box.
CPU Compatibility Masks

CPU compatibility masks allow per-virtual machine customization of the CPU features visible to a virtual
machine.
vCenter Server compares the CPU features available to a virtual machine with the CPU features of the
destination host to determine whether to allow or disallow migrations with VMotion.
Default values for the CPU compatibility masks are set by VMware to guarantee the stability of virtual
machines after a migration with VMotion.
In some cases, where a choice between CPU compatibility or guest operating system features (such as NX/XD)
exists, VMware provides check-box options to configure individual virtual machines through the virtual
machine’s Advanced Settings option. For more control over the visibility of CPU features, you can edit the
virtual machine’s CPU compatibility mask at the bit level.
CAUTION Manual edit of the CPU compatibility masks without the appropriate documentation and testing
might lead to an unsupported configuration.
VMware, Inc. 193

CPU compatibility masks cannot prevent virtual machines from accessing masked CPU features in all
circumstances. In some circumstances, applications can detect and use masked features even though they are
hidden from the guest operating system. In addition, on any host, applications that use unsupported methods
of detecting CPU features rather than using the CPUID instruction can access masked features. Virtual
machines running applications that use unsupported CPU detection methods might experience stability
problems after migration.
Virtual Machine Configuration Requirements for VMotion

A number of specific virtual machine configurations can prevent migration of a virtual machine with VMotion.
The following virtual machine configurations can prevent migration with VMotion:
n You cannot use migration with VMotion to migrate virtual machines using raw disks for clustering
purposes.
n You cannot use migration with VMotion to migrate a virtual machine that uses a virtual device backed
by a device that is not accessible on the destination host. (For example, you cannot migrate a virtual
machine with a CD drive backed by the physical CD drive on the source host.) Disconnect these devices
before migrating the virtual machine.
n You cannot use migration with VMotion to migrate a virtual machine that uses a virtual device backed
by a device on the client computer. Disconnect these devices before migrating the virtual machine.
Swapfile Location Compatibility

Virtual machine swapfile location affects VMotion compatibility in different ways depending on the version
of ESX/ESXi running on the virtual machine's host.
Virtual machines on hosts running ESX Server 3.0.x have a virtual machine swap file located with the virtual
machine configuration file. Virtual machines on these hosts can be migrated with VMotion only if the
destination host can access the VMFS volume where the swap file is located.
You can configure ESX 3.5 or ESXi 3.5 or later hosts to store virtual machine swapfiles in one of two locations:
with the virtual machine configuration file, or on a local swapfile datastore specified for that host. You can also
set individual virtual machines to have a different swapfile location from the default set for their current host.
The location of the virtual machine swapfile affects VMotion compatibility as follows:
n Migrations between hosts running ESX/ESXi version 3.5 and later: Migrations with VMotion and
migrations of suspended and powered-off virtual machines are allowed.
During a migration with VMotion, if the swapfile location specified on the destination host differs from
the swapfile location specified on the source host, the swapfile is copied to the new location. This can result
in slower migrations with VMotion. If the destination host cannot access the specified swapfile location,
it stores the swapfile with the virtual machine configuration file.
n Migrations between a host running ESX/ESXi version 3.5 and later and a host running an earlier version
of ESX Server: Migrations of suspended and powered-off virtual machines are allowed. If the virtual
machine is configured to use a local swapfile datastore, attempting to migrate it to a host that does not
support this configuration produces a warning, but the migration can proceed. When the virtual machine
is powered on again, the swapfile is located with the virtual machine.
Migrations with VMotion are not allowed unless the destination swapfile location is the same as the source
swapfile location. In practice, this means that virtual machine swapfiles must be located with the virtual
machine configuration file.
See the vSphere Client online Help for more information on configuring swapfile policies.
194 VMware, Inc.

Migrating Virtual Machines with Snapshots

Migration of virtual machines with snapshots is possible if the virtual machine resides on shared storage
accessible to source and destination hosts.
Some restrictions apply when migrating virtual machines with snapshots. You cannot migrate a virtual
machine with snapshots with Storage VMotion. Otherwise, migrating a virtual machine with snapshots is
permitted, regardless of the virtual machine power state, as long as the virtual machine is being migrated to
a new host without moving its configuration file or disks. (The virtual machine must reside on shared storage
accessible to both hosts.)
If the migration involves moving the configuration file or virtual disks, the following additional restrictions
apply:
n The starting and destination hosts must be running ESX 3.5 or ESXi 3.5 or later.
n All of the virtual machine files and disks must reside in a single directory, and the migrate operation must
move all the virtual machine files and disks to a single destination directory.
Reverting to a snapshot after migration with VMotion might cause the virtual machine to fail, because the
migration wizard cannot verify the compatibility of the virtual machine state in the snapshot with the
destination host. Failure occurs only if the configuration in the snapshot uses devices or virtual disks that are
not accessible on the current host, or if the snapshot contains an active virtual machine state that was running
on hardware that is incompatible with the current host CPU.
Migration with Storage VMotion

Using Storage VMotion, you can migrate a virtual machine and its disk files from one datastore to another
while the virtual machine is running.
You can choose to place the virtual machine and all its disks in a single location, or select separate locations
for the virtual machine configuration file and each virtual disk. The virtual machine does not change execution
host during a migration with Storage VMotion.
During a migration with Storage VMotion, you can transform virtual disks from thick-provisioned to thin-
provisioned or from thin-provisioned to thick-provisioned.
Storage VMotion has a number of uses in administering virtual infrastructure, including the following
examples of use:
n Upgrading ESX/ESXi without virtual machine downtime. During an upgrade from ESX Server 2.x to ESX/
ESXi 3.5 or later, you can migrate running virtual machines from a VMFS2 datastore to a VMFS3 datastore,
and upgrade the VMFS2 datastore without any impact on virtual machines. You can then use Storage
VMotion to migrate virtual machines back to the original datastore without any virtual machine
downtime.
n Storage maintenance and reconfiguration. You can use Storage VMotion to move virtual machines off of
a storage device to allow maintenance or reconfiguration of the storage device without virtual machine
downtime.
n Redistributing storage load. You can use Storage VMotion to manually redistribute virtual machines or
virtual disks to different storage volumes to balance capacity or improve performance.
VMware, Inc. 195

Storage VMotion Requirements and Limitations

A virtual machine and its host must meet resource and configuration requirements for the virtual machine
disks to be migrated with Storage VMotion.
Storage VMotion is subject to the following requirements and limitations:

n Virtual machines with snapshots cannot be migrated using Storage VMotion.
n Virtual machine disks must be in persistent mode or be raw device mappings (RDMs). For virtual
compatibility mode RDMs, you can migrate the mapping file or convert to thick-provisioned or thin-
provisioned disks during migration as long as the destination is not an NFS datastore. For physical
compatibility mode RDMs, you can migrate the mapping file only.
n Migration of virtual machines during VMware Tools installation is not supported.
n The host on which the virtual machine is running must have a license that includes Storage VMotion.
n ESX/ESXi 3.5 hosts must be licensed and configured for VMotion. ESX/ESXi 4.0 and later hosts do not
require VMotion configuration in order to perform migration with Storage VMotion.
n The host on which the virtual machine is running must have access to both the source and target datastores.
n A particular host can be involved in up to two migrations with VMotion or Storage VMotion at one time.
n vSphere supports a maximum of eight simultaneous VMotion, cloning, deployment, or Storage VMotion
accesses to a single VMFS3 datastore, and a maximum of four simultaneous VMotion, cloning,
deployment, or Storage VMotion accesses to a single NFS or VMFS2 datastore. A migration with VMotion
involves one access to the datastore. A migration with Storage VMotion involves one access to the source
datastore and one access to the destination datastore.
Migrate a Powered-Off or Suspended Virtual Machine

You can use the Migration wizard to migrate a powered-off virtual machine or suspended virtual machine.
Procedure
1 Display the virtual machine you want to migrate in the inventory.
2 Right-click on the virtual machine and select Migrate from the pop-up menu.
3 Select whether to change the virtual machine’s host, datastore, or both.
Option Description
Change host Move the virtual machine to another host.
Change datastore Move the virtual machine’s configuration file and virtual disks.
Change both host and datastore Move the virtual machine to another host and move its configuration file and
virtual disks.
4 To move the virtual machine to another host, select the destination host or cluster for this virtual machine
migration and click Next.
Any compatibility problem appears in the Compatibility panel. Fix the problem, or select another host or
cluster.
Possible targets include hosts and DRS clusters with any level of automation. If a cluster has no DRS
enabled, select a specific host in the cluster rather than selecting the cluster itself.
5 Select the destination resource pool for the virtual machine migration and click Next.
196 VMware, Inc.

6 If you chose to move the virtual machine’s configuration file and virtual disks, select the destination
datastore:
n To move the virtual machine configuration files and virtual disks to a single destination, select the
datastore and click Next.
n To select individual destinations for the configuration file and each virtual disk, click Advanced. In the
Datastore column, select a destination for the configuration file and each virtual disk, and click
Next.
7 If you chose to move the virtual machine’s configuration file and virtual disks, select a disk format and click
Next.
Option Description
If you select this option for an RDM disk in either physical or virtual
compatibility mode, only the mapping file is migrated.
Thin provisioned Use the thin format to save storage space. The thin virtual disk uses just as
much storage space as it needs for its initial operations. When the virtual disk
requires more space, it can grow in size up to its maximum allocated capacity.
This option is not available for RDMs in physical compatibility mode. If you
select this option for a virtual compatibility mode RDM, the RDM is
converted to a virtual disk. RDMs converted to virtual disks cannot be
converted back to RDMs.
Thick Allocate a fixed amount of hard disk space to the virtual disk. The virtual
disk in the thick format does not change its size and from the beginning
Disks are converted from thin to thick format or thick to thin format only when they are copied from one
datastore to another. If you leave a disk in its original location, the disk format is not converted, regardless
of the selection made here.
8 Review the summary and click Finish.
vCenter Server moves the virtual machine to the new host. Event messages appear in the Events tab. The data
displayed on the Summary tab shows the status and state throughout the migration. If errors occur during
migration, the virtual machines revert to their original states and locations.
Migrate a Powered-On Virtual Machine with VMotion

You can use the Migration wizard to migrate a powered-on virtual machine from one host to another using
VMotion technology. To relocate the disks of a powered-on virtual machine, migrate the virtual machine using
Storage VMotion.
Prerequisites
Before migrating a virtual machine with VMotion, ensure that your hosts and virtual machines meet the
requirements for migration with VMotion.
n “Host Configuration for VMotion,” on page 187
n “Virtual Machine Configuration Requirements for VMotion,” on page 194
Procedure
2 Right-click on the virtual machine, and select Migrate from the pop-up menu.
VMware, Inc. 197

3 Select Change host and click Next.
4 Select a destination host or cluster for the virtual machine.
Any compatibility problem appears in the Compatibility panel. Fix the problem, or select another host or
cluster.
Possible targets include hosts and fully automated DRS clusters. You can select a non-automated cluster
as a target. You are prompted to select a host within the non-automated cluster.
5 Select a resource pool and click Next.
6 Select the migration priority level and click Next.
Option Description
High Priority vCenter Server reserves resources on both the source and destination hosts
to maintain virtual machine availability during the migration. High priority
migrations do not proceed if resources are unavailable.
Low Priority vCenter Server does not reserve resources on the source and destination
hosts to maintain availability during the migration. Low priority migrations
always proceed. However, the virtual machine might become briefly
unavailable if host resources are unavailable during the migration.
7 Review the page and click Finish.
A task is created that begins the virtual machine migration process.
Migrate a Virtual Machine with Storage VMotion

Use migration with Storage VMotion to relocate a virtual machine’s configuration file and virtual disks while
You cannot change the virtual machine’s execution host during a migration with Storage VMotion.
Procedure
2 Right-click on the virtual machine, and select Migrate from the pop-up menu.
3 Select Change datastore and click Next.
4 Select a resource pool and click Next.
5 Select the destination datastore:

n To move the virtual machine configuration files and virtual disks to a single destination, select the
datastore and click Next.
n To select individual destinations for the configuration file and each virtual disk, click Advanced. In the
Datastore column, select a destination for the configuration file and each virtual disk, and click
Next.
198 VMware, Inc.

6 Select a disk format and click Next:
Option Description
If you select this option for an RDM disk in either physical or virtual
compatibility mode, only the mapping file is migrated.
Thin provisioned Use the thin format to save storage space. The thin virtual disk uses just as
much storage space as it needs for its initial operations. When the virtual disk
requires more space, it can grow in size up to its maximum allocated capacity.
Thick Allocate a fixed amount of hard disk space to the virtual disk. The virtual
disk in the thick format does not change its size and from the beginning
Disks are converted from thin to thick format or thick to thin format only when they are copied from one
datastore to another. If you choose to leave a disk in its original location, the disk format is not converted,
regardless of the selection made here.
7 Review the page and click Finish.
A task is created that begins the virtual machine migration process.
About Migration Compatibility Checks

During migration, the Migrate Virtual Machine wizard checks the destination host for compatibility with the
migrating virtual machine using a number of criteria.
When you select a host, the Compatibility panel at the bottom of the Migrate Virtual Machine wizard displays
information about the compatibility of the selected host or cluster with the virtual machine’s configuration.
If the virtual machine is compatible, the panel displays the message, Validation succeeded. If the virtual
machine is not compatible with either the host’s or cluster’s configured networks or datastores, the
compatibility window can display both warnings and errors:
n Warning messages do not disable migration. Often the migration is justified and you can continue with
the migration despite the warnings.
n Errors can disable migration if there are no error-free destination hosts among the selected destination
hosts. In this case, the Next button is disabled.
For clusters, the network and datastore configurations are taken into account when checking compatibility
issues. For hosts, the individual host’s configuration is used. A possible problem might be that VMotion is not
enabled on one or both hosts.
A specific host CPU feature’s effects on compatibility are dependent on whether ESX/ESXi exposes or hides
them from virtual machines.
n Features that are exposed to virtual machines are not compatible when they are mismatched.
n Features that are not exposed to virtual machines are compatible regardless of mismatches.
Specific items of virtual machine hardware can also cause compatibility issues. For example, a virtual machine
using an enhanced vmxnet virtual NIC cannot be migrated to a host running a version of ESX that does not
support enhanced vmxnet.
VMware, Inc. 199

Storage VMotion Command-Line Syntax

In addition to using the Migration wizard, you can initiate migrations with Storage VMotion from the vSphere
Command-Line Interface (vSphere CLI) using the svmotion command.
For more information about installing and using the vSphere CLI, see vSphere Command-Line Interface Installation
and Reference.
You can run the svmotion command in either interactive or noninteractive mode.
n To use the command in interactive mode, type svmotion --interactive. You are prompted for all the
information necessary to complete the storage migration. When the command is invoked in interactive
mode, all other parameters given are ignored.
n In noninteractive mode, the svmotion command uses the following syntax:
svmotion [Standard CLI options] --datacenter=<datacenter name> --vm ‘<VM config datastore
path>:<new datastore>’ [--disks ‘<virtual disk datastore path>:<new datastore>, <virtual disk
datastore path>:<new datastore>]’
Square brackets indicate optional elements.
On Windows systems, use double quotes instead of single quotes around the values specified for the --vm and
--disks options.
For more information on the standard CLI options, see the vSphere Command-Line Interface Installation and
Reference.
Table 16-2 describes the parameters for the svmotion command.
Table 16-2. svmotion Command Parameters

Parameter Description
<datacenter> The datacenter that contains the virtual machine to be migrated. You must quote the name
if it contains white space or other special characters.
<VM config datastore The datastore path to the virtual machine’s configuration file. If the path contains white
path> space or other special characters, you must quote it.
<new datastore> The name of the new datastore to which the virtual machine configuration file or disk is to
be moved. Do not include brackets around the name of the new datastore.
--disks If you do not specify this parameter, all virtual disks associated with a virtual machine are
relocated to the same datastore as the virtual machine configuration file. By specifying this
parameter, you can choose to locate individual virtual disks to different datastores.
To keep a virtual disk on its current datastore, use the --disks option for that disk with its
current datastore as the <new datastore>.
<virtual disk datastore The datastore path to the virtual disk file.
path>
Determine the Path to a Virtual Machine Configuration File

The path to the virtual machine configuration file is a necessary argument to the svmotion command.
You must specify the datastore path to the virtual machine’s configuration file in the <VM config datastore
path> svmotion command.
200 VMware, Inc.

Procedure
1 In the vSphere Client inventory, select the virtual machine and click the Summary tab.
3 Click the Options tab, and select General Options.
The path to the virtual machine configuration file appears in the Virtual Machine Configuration File text box.
Determine the Path to a Virtual Disk File

You must specify the virtual disk datastore path as part of the svmotion command.
Procedure
1 In the vSphere Client inventory, select the virtual machine to which the virtual disk belongs, and click the
Summary tab.
3 Click the Hardware tab, and select the virtual disk from the list of devices.
The path to the virtual disk file appears in the Disk File text box.
Storage VMotion Examples

The examples show how to use the Storage VMotion command-line interface to relocate a virtual machine and
all its disks, or to relocate the virtual machine configuration file while leaving the disks in place.
The examples in this section are formatted on multiple lines for readability. The command should be issued
on a single line.
An example of relocating all of a virtual machine’s disks to a datastore named new_datastore:

svmotion --url=https://myvc.mycorp.com/sdk
--username=me
--password=secret
--datacenter=DC1
--vm='[old_datastore] myvm/myvm.vmx: new_datastore'
An example of relocating a virtual machine to new_datastore, while leaving the disks, myvm_1.vmdk and
myvm_2.vmdk on old_datastore:
svmotion --datacenter='My DC'

--vm='[old_datastore] myvm/myvm.vmx:
new_datastore'
--disks='[old_datastore] myvm/myvm_1.vmdk:
old_datastore,
[old_datastore] myvm/myvm_2.vmdk:
old_datastore'
VMware, Inc. 201

202 VMware, Inc.

Using Snapshots 17
VMware vCenter Server snapshots allow you to preserve the state of the virtual machine so you can return to
the same state repeatedly.

n “About Snapshots,” on page 203
n “Using the Snapshot Manager,” on page 206
n “Restore a Snapshot,” on page 207
About Snapshots
A snapshot captures the entire state of the virtual machine at the time you take the snapshot.
This includes:
n Memory state – The contents of the virtual machine’s memory.
n Settings state – The virtual machine settings.
n Disk state – The state of all the virtual machine’s virtual disks.
NOTE Snapshots of raw disks, RDM physical mode disks, and independent disks are not supported.
Snapshots operate on individual virtual machines. In a team of virtual machines, taking a snapshot preserves
the state only of the active virtual machine.
When you revert to a snapshot, you return all these items to the state they were in at the time you took that
snapshot. If you want the virtual machine to be suspended, powered on, or powered off when you launch it,
be sure it is in the correct state when you take that snapshot.
Snapshots are useful when you need to revert repeatedly to the same state but you don’t want to create multiple
virtual machines. With snapshots, you create backup and restore positions in a linear process. You can also
preserve a baseline before diverging a virtual machine in a process tree.
Snapshots can be used as restoration points during a linear or iterative process, such as installing update
packages, or during a branching process, such as installing different versions of a program. Taking snapshots
ensures that each installation begins from an identical baseline.
NOTE While snapshots do provide a "point in time" image of the disk that backup solutions can use, snapshots
should not be used for your own virtual machine backups. Large numbers of snapshots are difficult to manage
and take up large amounts of disk space. Backup solutions, like VMware Data Recovery, use the snapshot
mechanism to "freeze" the state of a virtual machine and make a copy. However, the Data Recovery backup
method has addtitional capabilities that mitigate the limitations of snapshots.
VMware, Inc. 203

Multiple snapshots refers to the ability to create more than one snapshot of the same virtual machine. To take
snapshots of multiple virtual machines, (for example, snapshots for all members of a team) requires that you
take a separate snapshot of each team member.
Multiple snapshots are not simply a way of saving your virtual machines. With multiple snapshots, you can
save many positions to accommodate many kinds of work processes.
In order to take a snapshot, the state of the virtual disk at the time the snapshot is taken must be preserved.
When this occurs, the guest cannot write to the vmdk file. The delta disk is an additional vmdk file that the guest
is allowed to write. The delta disk represents the difference between the current state of the virtual disk and
the state that existed at the time of the previous snapshot. If more than one snapshot exists, delta disks may
represent the difference (or delta) between each snapshot. For example, a snapshot can be taken, then the guest
could write to every single block of the virtual disk causing the delta disk to grow as large as the entire virtual
disk.
When a snapshot is deleted, all the data from the delta disk that contains the information about the deleted
snapshot is written to the parent disk. This can involve a large amount of disk input and output. This may
reduce the virtual machine performance until consolidation is complete.
NOTE You can find more information on the iterative snapshot deletion behavior by searching VMware's
Knowledge Base system.
The amount of time it takes to commit or delete snapshots is a function of how much data the guest operating
system has written to the virtual disks since the last snapshot was taken. The required time is directly
proportional to the amount of data (committed or deleted) and the virtual machine’s RAM size.
Relationship Between Snapshots

The relationship between snapshots is like that of a parent to a child. In the linear process, each snapshot has
one parent and one child, except for the last snapshot, which has no children.
The snapshots taken form a tree. Each time you revert and take another, a branch (child) is formed.
In the process tree, each snapshot has one parent, but one snapshot may have more than one child. Many
snapshots have no children.
You can revert to a parent or a child.
Snapshots and Other Activity in the Virtual Machine

When you take a snapshot, be aware of other activity going on in the virtual machine and the likely effect of
reverting to that snapshot.
In general, it is best to take a snapshot when no applications in the virtual machine are communicating with
other computers. The potential for problems is greatest if the virtual machine is communicating with another
computer, especially in a production environment.
For example, if you take a snapshot while the virtual machine is downloading a file from a server on the
network, the virtual machine continues downloading the file, communicating its progress to the server. If you
revert to the snapshot, communications between the virtual machine and the server are confused and the file
transfer fails.
Take a Snapshot
You can take a snapshot while a virtual machine is powered on, powered off, or suspended. If you are
suspending a virtual machine, wait until the suspend operation has finished before taking a snapshot.
You must power off the virtual machine before taking a snapshot if the virtual machine has multiple disks in
different disk modes. For example, if you have a special purpose configuration that requires you to use an
independent disk, you must power off the virtual machine before taking a snapshot.
204 VMware, Inc.

Chapter 17 Using Snapshots
Procedure
1 Select Inventory > Virtual Machine > Snapshot > Take Snapshot.
You can also right-click the virtual machine and select Snapshot > Take Snapshot.
The Take Virtual Machine Snapshot window appears.
2 Type a name for your snapshot.
3 (Optional) Type a description for your snapshot.
4 (Optional) Select the Snapshot the virtual machine’s memory check box if you want to capture the
memory of the virtual machine.
5 (Optional) Select the Quiesce guest file system (Needs VMware Tools installed) check box to pause
running processes on the guest operating system so that file system contents are in a known consistent
state when the snapshot is taken. This applies only to virtual machines that are powered on.
6 Click OK.
When the snapshot has been successfully taken, it is listed in the Recent Tasks field at the bottom of the
vSphere Client.
7 Click the target virtual machine to display tasks and events for this machine or, while the virtual machine
is selected, click the Tasks & Events tab.
Change Disk Mode to Exclude Virtual Disks from Snapshots

Deleting a snapshot involves committing the existing data on the snapshot disk to the parent disk.
Prerequisites
You must power off and delete any existing snapshots before you attempt to change the disk mode.
Procedure
1 Select Inventory > Virtual Machine > Edit Settings.
2 Click the Hardware tab, and select the hard disk you want to exclude.
3 Under Mode, select Independent. Independent disks are not affected by snapshots.
You have the following persistence options for an independent disk:
Option Description
Persistent Disks in persistent mode behave like conventional disks on your physical
computer. All data written to a disk in persistent mode are written
permanently to the disk.
Nonpersistent Changes to disks in nonpersistent mode are discarded when you power off
or reset the virtual machine. Nonpersistent mode enables you to restart the
virtual machine with a virtual disk in the same state every time. Changes to
the disk are actually written to and read from a redo log file that is deleted
when you power off or reset.
4 Click OK.
VMware, Inc. 205

Using the Snapshot Manager

The Snapshot Manager lets you review all snapshots for the active virtual machine and act on them directly.
The Snapshot Manager window contains the following areas: Snapshot tree, Details region, Command buttons,
Navigation region, and a You are here icon.
n Snapshot tree – Displays all snapshots for the virtual machine.
n You are here icon – Represents the current operational state of the virtual machine. The You are here icon
is always selected and visible when you open the Snapshot Manager.
You cannot go to or select the You are here state. You are here always represents the current and active
state.
n Command Buttons – The Snapshot Manager has three command buttons in the left pane: Go to, Delete,
and Delete All.
n Details – Displays the name and description of the selected snapshot. These fields are blank if you have
not selected a snapshot.
n Navigation Region – Contains buttons for navigating out of the dialog box:
n Close – Closes the Snapshot Manager.
n Help – Opens the help system.
Restore a Snapshot
The Go to button allows you to restore the state of any snapshot.
Procedure
1 Select Inventory > Virtual Machine > Snapshot > Snapshot Manager.
2 In the Snapshot Manager, select a snapshot by clicking it.
3 Click the Go to button to restore the virtual machine to any arbitrary snapshot.
NOTE Virtual machines running certain kinds of workloads might take several minutes to resume
responsiveness after reverting from a snapshot. This delay may be improved by increasing the guest
memory.
4 Click Yes in the confirmation dialog box.
Delete a Snapshot
You can permanently remove a snapshot from vCenter Server.
Procedure
1 Select Inventory > Virtual Machine > Snapshot > Snapshot Manager.
2 In the Snapshot Manager, select a snapshot by clicking it.
3 Click Delete to permanently remove a snapshot from vCenter Server.
Clicking Delete All permanently removes all snapshots from the virtual machine.
NOTE Delete commits the snapshot data to the parent and removes the selected snapshot. Delete All
commits all the immediate snapshots before the You are here current state to the base disk and removes
all existing snapshots for that virtual machine.
206 VMware, Inc.

Chapter 17 Using Snapshots
Restore a Snapshot
To return a virtual machine to its original state, you can restore a snapshot.
Do one of the following:
Procedure
n The Inventory > Virtual Machine > Snapshot menu contains the command Revert to Snapshot.
n The Snapshot Manager has a Go to button.
Parent Snapshot
The parent snapshot is the most recently saved version of the current state of the virtual machine.
If you have just taken a snapshot, that stored state is the parent snapshot of the current state (You are here). If
you revert or go to a snapshot, that snapshot becomes the parent of the current state (You are here).
The parent snapshot is always the snapshot appearing immediately above the You are here icon in the Snapshot
Manager.
NOTE The parent snapshot is not always the snapshot you took most recently.
Revert to Snapshot Command

Revert to Snapshot is a shortcut to the parent snapshot of You are here.
This command immediately activates the parent snapshot of the current state of the virtual machine.
The current disk and memory states are discarded and restored as they were when you took that snapshot. If
your parent snapshot was taken when the virtual machine was powered off, choosing Snapshot > Revert to
Snapshot moves the powered-on virtual machine to that parent state, that is, to a powered-off state.
NOTE Virtual machines running certain kinds of workloads might take several minutes to resume
responsiveness after reverting from a snapshot. This delay may be improved by increasing the guest memory.
VMware, Inc. 207

Figure 17-1. Revert to Snapshot

VM
Virtual machine
You are here with no snapshots
take a
snapshot
The new snapshot (snapshot_a)
VM is now the parent snapshot of the
You are here state. The parent
snapshot_a snapshot of the You are here state
You are here is the parent snapshot of the
take a virtual machine.
snapshot
When you take a snapshot from
VM the snapshot_a state, snapshot_a
becomes the parent of the new
snapshot_a snapshot (snapshot_b) and
snapshot_b is the parent snapshot
snapshot_b of the You are here state.
If you take a snapshot now, the
You are here new snapshot will be based on
go to
the snapshot_b state, whose
snapshot_a parent snapshot is the
snapshot_b state.
VM
When you go to snapshot_a,
snapshot_a snapshot_a becomes the parent
of the You are here state.
snapshot_b If you take a snapshot now, the
new snapshot will be based on
You are here the snapshot_a state.
When you revert a virtual machine, the virtual machine returns to the parent snapshot
of the virtual machine (that is, the parent of the current You are here state).
Revert to Parent Snapshot

You can revert any snapshot to the parent snapshot state.
Procedure
u Select Inventory > Virtual Machine > Snapshot > Revert to Snapshot.
208 VMware, Inc.

System Administration
VMware, Inc. 209

210 VMware, Inc.

Managing Users, Groups, Roles, and
Permissions 18
Use users, groups, roles, and permissions to control who has access to your vSphere managed objects and what
actions they can perform.
vCenter Server and ESX/ESXi hosts determine the level of access for the user based on the permissions that are
assigned to the user. The combination of user name, password, and permissions is the mechanism by which
vCenter Server and ESX/ESXi hosts authenticate a user for access and authorize the user to perform activities.
The servers and hosts maintain lists of authorized users and the permissions assigned to each user.
Privileges define basic individual rights that are required to perform actions and read properties. ESX/ESXi
and vCenter Server use sets of privileges, or roles, to control which users or groups can access particular
vSphere objects. ESX/ESXi and vCenter Server provide a set of pre-established roles. You can also create new
roles.
The privileges and roles assigned on an ESX/ESXi host are separate from the privileges and roles assigned on
a vCenter Server system. When you manage a host using vCenter Server, only the privileges and roles assigned
through the vCenter Server system are available. If you connect directly to the host using the vSphere Client,
only the privileges and roles assigned directly on the host are available.

n “Managing vSphere Users,” on page 211
n “Groups,” on page 212
n “Removing or Modifying Users and Groups,” on page 213
n “Best Practices for Users and Groups,” on page 213
n “Using Roles to Assign Privileges,” on page 213
n “Permissions,” on page 217
n “Best Practices for Roles and Permissions,” on page 224
n “Required Privileges for Common Tasks,” on page 225
Managing vSphere Users

A user is an individual authorized to log in to a host or vCenter Server.
Several users can access the vCenter Server system from different vSphere Client sessions at the same time.
vSphere does not explicitly restrict users with the same authentication credentials from accessing and taking
action within the vSphere environment simultaneously.
VMware, Inc. 211

You manage users defined on the vCenter Server system and users defined on individual hosts separately.
Even if the user lists of a host and a vCenter Server system appear to have common users (for instance, a user
called devuser), these users should be treated as separate users who have the same name. The attributes of
devuser in vCenter Server, including permissions, passwords, and so forth, are separate from the attributes of
devuser on the ESX/ESXi host. If you log in to vCenter Server as devuser, you might have permission to view
and delete files from a datastore. If you log in to an ESX/ESXi host as devuser, you might not have these
permissions.
vCenter Server Users

Authorized users for vCenter Server are those included in the Windows domain list referenced by vCenter
Server or local Windows users on the vCenter Server system. The permissions defined for these users apply
whenever a user connects to vCenter Server.
You cannot use vCenter Server to manually create, remove, or otherwise change vCenter Server users. To
manipulate the user list or change user passwords, use the tools you use to manage your Windows domain or
Active Directory. For more information on creating users and groups for use with vCenter Server, see your
Microsoft documentation.
Any changes you make to the Windows domain are reflected in vCenter Server. Because you cannot directly
manage users in vCenter Server, the user interface does not provide a user list for you to review. You see these
changes only when you select users to configure permissions.
vCenter Servers connected in a Linked Mode group use Active Directory to maintain the list of users, allowing
all vCenter Server systems in the group to share a common set of users.
Host Users
Users authorized to work directly on an ESX/ESXi host are added to the internal user list by default when ESX/
ESXi is installed or by a system administrator after installation.
If you log in to an ESX/ESXi host as root using the vSphere Client, you can use the Users and Groups tab to
perform a variety of management activities for these users. You can add users, remove users, change
passwords, set group membership, and configure permissions.
CAUTION See the Authentication and User Management chapter of the ESX Configuration Guide or ESXi
Configuration Guide for information about root users and your ESX/ESXi host before you make any changes to
the default users. Mistakes regarding root users can have serious access consequences.
Each ESX/ESXi host has two default users:

n The root user has full administrative privileges. Administrators use this log in and its associated password
to log in to a host through the vSphere Client. Root users have a complete range of control activities on
the specific host that they are logged on to, including manipulating permissions, creating groups and users
(on ESX/ESXi hosts only), working with events, and so on.
n The vpxuser user is a vCenter Server entity with root rights on the ESX/ESXi host, allowing it to manage
activities for that host. The vpxuser is created at the time that an ESX/ESXi host is attached to vCenter
Server. It is not present on the ESX host unless the host is being managed through vCenter Server.
Groups
You can efficiently manage some user attributes by creating groups. A group is a set of users that you manage
through a common set of permissions.
A user can be a member of more than one group. When you assign permissions to a group, all users in the
group inherit those permissions. Using groups can significantly reduce the time it takes to set up your
permissions model.
212 VMware, Inc.

Chapter 18 Managing Users, Groups, Roles, and Permissions
The group lists in vCenter Server and an ESX/ESXi host are drawn from the same sources as the user lists. If
you are working through vCenter Server, the group list is called from the Windows domain. If you are logged
on to an ESX/ESXi host directly, the group list is called from a table maintained by the host..
Create groups for the vCenter Server system through the Windows domain or Active Directory database.
Create groups for ESX/ESXi hosts using the Users and Groups tab in the vSphere Client when connected
directly to the host.
NOTE If you use Active Directory groups, make sure that they are security groups and not distribution groups.
Permisions assigned to distribution groups are not enforced by vCenter Server. For more information on
security groups and distribution groups, see the Microsoft Active Directory documentation.
Removing or Modifying Users and Groups

When you remove users or groups, you also remove permissions granted to those users or groups. Modifying
a user or group name causes the original name to become invalid.
See the Security chapter in the ESX Configuration Guide or ESXi Configuration Guide for information about
removing users and groups from an ESX/ESXi host.
To remove users or groups from vCenter Server, you must remove them from the domain or Active Directory
users and groups list.
If you remove users from the vCenter Server domain, they lose permissions to all objects in the vSphere
environment and cannot log in again. Users who are currently logged in and are removed from the domain
retain their vSphere permissions only until the next validation period (the default is every 24 hours). Removing
a group does not affect the permissions granted individually to the users in that group, or those granted as
part of inclusion in another group.
If you change a user’s name in the domain, the original user name becomes invalid in the vCenter Server
system. If you change the name of a group, the original group becomes invalid only after you restart the vCenter
Server system.
Best Practices for Users and Groups

Use best practices for managing users and groups to increase the security and manageability of your vSphere
environment.
VMware recommends several best practices for creating users and groups in your vSphere environment:
n Use vCenter Server to centralize access control, rather than defining users and groups on individual hosts.
n Choose a local Windows user or group to have the Administrator role in vCenter Server.
n Create new groups for vCenter Server users. Avoid using Windows built-in groups or other existing
groups.
Using Roles to Assign Privileges

A role is a predefined set of privileges. Privileges define basic individual rights required to perform actions
and read properties.
When you assign a user or group permissions, you pair the user or group with a role and associate that pairing
with an inventory object. A single user might have different roles for different objects in the inventory. For
example, if you have two resource pools in your inventory, Pool A and Pool B, you might assign a particular
user the Virtual Machine User role on Pool A and the Read Only role on Pool B. This would allow that user to
power on virtual machines in Pool A, but not those in Pool B, although the user would still be able to view the
status of the virtual machines in Pool B.
VMware, Inc. 213

The roles created on an ESX/ESXi host are separate from the roles created on a vCenter Server system. When
you manage a host using vCenter Server, only the roles created through vCenter Server are available. If you
connect directly to the host using the vSphere Client, only the roles created directly on the host are available.
vCenter Server and ESX/ESXi hosts provide default roles:
System roles System roles are permanent. You cannot edit the privileges associated with
these roles.
Sample roles VMware provides sample roles for convenience as guidelines and suggestions.
You can modify or remove these roles.
You can also create completely new roles.
All roles permit the user to schedule tasks by default. Users can schedule only tasks they have permission to
perform at the time the tasks are created.
NOTE Changes to permissions and roles take effect immediately, even if the users involved are logged in,
except for searches, where permissions changes take effect after the user has logged out and logged back in
again.
Default Roles for ESX/ESXi and vCenter Server

vCenter Server, ESX, and ESXi provide default roles. These roles group together privileges for common areas
of responsibility in a vSphere environment.
You can use the default roles to assign permissions in your environment, or use them as a model to develop
your own roles.
Table 18-1 lists the default roles for ESX/ESXi and vCenter Server.
Table 18-1. Default Roles

Role Role Type Description of User Capabilities
No Access system Cannot view or change the assigned object.

vSphere Client tabs associated with an object appear without content.
This role can be used to revoke permissions that would otherwise be
propagated to an object from a parent object.
This role is available in ESX/ESXi and vCenter Server.
Read Only system View the state and details about the object.
View all the tab panels in the vSphere Client except the Console tab.
Cannot perform any actions through the menus and toolbars.
This role is available on ESX/ESXi and vCenter Server.
Administrator system All privileges for all objects.

Add, remove, and set access rights and privileges for all the vCenter
Server users and all the virtual objects in the vSphere environment.
This role is available in ESX/ESXi and vCenter Server.
Virtual Machine Power sample A set of privileges to allow the user to interact with and make hardware
User changes to virtual machines, as well as perform snapshot operations.
Privileges granted include:
n All privileges for the scheduled task privileges group.
n Selected privileges for global items, datastore, and virtual machine
privileges groups.
n No privileges for folder, datacenter, network, host, resource, alarms,
sessions, performance, and permissions privileges groups.
Usually granted on a folder that contains virtual machines or on
individual virtual machines.
This role is available only on vCenter Server.
214 VMware, Inc.

Table 18-1. Default Roles (Continued)

Role Role Type Description of User Capabilities
Virtual Machine User sample A set of privileges to allow the user to interact with a virtual machine’s
console, insert media, and perform power operations. Does not grant
privileges to make virtual hardware changes to the virtual machine.
n All privileges for the scheduled tasks privileges group.
n Selected privileges for the global items and virtual machine
privileges groups.
n No privileges for the folder, datacenter, datastore, network, host,
resource, alarms, sessions, performance, and permissions privileges
groups.
Usually granted on a folder that contains virtual machines or on
individual virtual machines.
Resource Pool sample A set of privileges to allow the user to create child resource pools and
Administrator modify the configuration of the children, but not to modify the resource
configuration of the pool or cluster on which the role was granted. Also
allows the user to grant permissions to child resource pools, and assign
virtual machines to the parent or child resource pools.
n All privileges for folder, virtual machine, alarms, and scheduled
task privileges groups.
n Selected privileges for resource and permissions privileges groups.
n No privileges for datacenter, network, host, sessions, or
performance privileges groups.
Additional privileges must be granted on virtual machines and
datastores to allow provisioning of new virtual machines.
Usually granted on a cluster or resource pool.
VMware Consolidated sample This role is designed for use by the VMware Consolidated Backup
Backup User product and should not be modified.
Datastore Consumer sample A set of privileges to allow the user to consume space on the datastores
on which this role is granted. To perform a space-consuming operation,
such as creating a virtual disk or taking a snapshot, the user must also
have the appropriate virtual machine privileges granted for these
operations.
Usually granted on a datastore or a folder of datastores.
Network Consumer sample A set of privileges to allow the user to assign virtual machines or hosts
to networks, provided that the appropriate permissions for the
assignment are also granted on the virtual machines or hosts.
Usually granted on a network or folder of networks.
Create a Role
VMware recommends that you create roles to suit the access control needs of your environment.
If you create or edit a role on a vCenter Server system that is part of a connected group in Linked Mode, the
changes you make are propagated to all other vCenter Server systems in the group. Assignments of roles to
specific users and objects are not shared across linked vCenter Server systems.
Prerequisites
You must be logged in as a user with Administrator privileges.
VMware, Inc. 215

Procedure
1 On the vSphere Client Home page, click Roles.
2 Right-click the Roles tab information panel and click Add.
3 Type a name for the new role.
4 Select privileges for the role and click OK.
Clone a Role
You can make a copy of an existing role, rename it, and later edit it. When you make a copy, the new role is
not applied to the same users or groups and objects.
If you create or modify a role on a vCenter Server system that is part of a connected group in Linked Mode,
the changes you make are propagated to all other vCenter Server systems in the group. However, assignments
of roles to specific users and objects are not shared across linked vCenter Server systems.
Prerequisites
Procedure

2 To select the role to duplicate, click the object in the list of Roles.
3 To clone the selected role, select Administration > Role > Clone.
A duplicate of the role is added to the list of roles. The name is Copy of <rolename>.
Edit a Role
When you edit a role, you can change any of the privileges selected for that role. When completed, these new
privileges are applied to any user or group assigned the edited role.
If you create or edit a role on a vCenter Server system that is part of a connected group in Linked Mode, the
changes you make are propagated to all other vCenter Server systems in the group. However, assignments of
roles to specific users and objects are not shared across linked vCenter Server systems.
Prerequisites
Procedure
2 To select the role to edit, click the object in the list of Roles.
3 Select Administration > Role > Edit Role.
4 Select privileges for the role and click OK.
Remove a Role
When you remove a role, if it is not assigned to any users or groups, the definition is removed from the list of
possible roles. When you remove a role that is assigned to a user or group you can remove all assignments or
replace them with an assignment to another role.
CAUTION Be sure that you understand how users will be affected before removing all assignments or replacing
them. Users that have no permissions granted to them cannot log in to vCenter Server.
216 VMware, Inc.

Prerequisites
If you are removing a role from a vCenter Server system that is part of a connected group in Linked Mode,
check the usage of that role on the other vCenter Server systems in the group before proceeding. Removing a
role from one vCenter Server system also removes the role from all other vCenter Server systems in the group,
even if you choose to reassign permissions to another role on the current vCenter Server system.
Procedure

2 To select the role to remove, click the object in the list of roles.
3 Select Administration > Role > Remove.
4 Click OK.
The role is removed from the list and is no longer available for assigning to users or groups.
If the role is assigned to a user or group, a warning message appears.
5 Select a reassignment option and click OK.
Option Description
Remove Role Assignments Removes any configured user or group and role pairings on the server. If a
user or group does not have any other permissions assigned, they lose all
privileges.
Reassign affected users to Reassigns any configured user or group and role pairings to the selected new
role.
Rename a Role
Renaming a role does not change that role’s assignments.
If you create or modify a role on a vCenter Server system that is part of a connected group in Linked Mode,
the changes you make are propagated to all other vCenter Server systems in the group. However, assignments
of roles to specific users and objects are not shared across linked vCenter Server systems.
Prerequisites
Procedure
2 To select the role to rename, click the object in the list of roles.
3 Select Administration > Role > Rename.
4 Type the new name.
Permissions
In vSphere, a permission consists of a user or group and an assigned role for an inventory object, such as a
virtual machine or ESX/ESXi host. Permissions grant users the right to perform the activities specified by the
role on the object to which the role is assigned.
For example, to configure memory for an ESX/ESXi host, a user must be granted a role that includes the
Host.Configuration.Memory Configuration privilege. By assigning different roles to users or groups for
different objects, you can precisely control the tasks that users can perform in your vSphere environment.
VMware, Inc. 217

Figure 18-1. The Conceptual Structure of a Permission
role user or group
permission =
object
By default, all users who are members of the Windows Administrators group on the vCenter Server system
have the same access rights as any user assigned to the Administrator role on all objects. When connecting
directly to an ESX/ESXi host, the root and vpxuser user accounts have the same access rights as any user
assigned the Administrator role on all objects.
All other users initially have no permissions on any objects, which means they cannot view these objects or
perform operations on them. A user with Administrator privileges must assign permissions to these users to
allow them to perform necessary tasks.
Many tasks require permissions on more than one object. Some general rules can help you determine where
you must assign permissions to allow particular operations:
n Any operation that consumes storage space, such as creating a virtual disk or taking a snapshot, requires
the Datastore.Allocate Space privilege on the target datastore, as well as the privilege to perform the
operation itself.
n Moving an object in the inventory hierarchy requires appropriate privileges on the object itself, the source
parent object (such as a folder or cluster), and the destination parent object.
n Each host and cluster has its own implicit resource pool that contains all the resources of that host or
cluster. Deploying a virtual machine directly to a host or cluster requires the Resource.Assign Virtual
Machine to Resource Pool privilege.
Hierarchical Inheritance of Permissions

When you assign a permission to an object, you can choose whether the permission propagates down the object
hierarchy. Propagation is set per permission, not universally applied. Permissions defined for a child object
always override those propagated from parent objects.
Figure 18-2 illustrates the vSphere inventory hierarchy, and the paths by which permissions can propagate.
218 VMware, Inc.

Figure 18-2. vSphere Inventory Hierarchy
root folder
data center folder
data center
VM folder host folder network folder datastore folder
template host network datastore
virtual machine resource pool cluster
host
virtual machine
Most inventory objects inherit permissions from a single parent object in the hierarchy. For example, a datastore
inherits permissions from either its parent datastore folder or parent datacenter. However, virtual machines
inherit permissions from both the parent virtual machine folder and the parent host, cluster, or resource pool
simultaneously. This means that to restrict a user’s privileges on a virtual machine, you must set permissions
on both the parent folder and the parent host, cluster or resource pool for that virtual machine.
You cannot set permissions directly on a vNetwork Distributed Switches. To set permissions for a vNetwork
Distributed Switch and its associated dvPort Groups, set permissions on a parent object, such a folder or
datacenter, and select the option to propagate these permissions to child objects.
Permissions take several forms in the hierarchy:
Managed entities Can have permissions defined on them.

n Clusters
n Datacenters
n Datastores
n Folders
VMware, Inc. 219

n Hosts
n Networks (except vNetwork Distributed Switches)
n dvPort Groups
n Resource pools
n Templates
n Virtual machines
n vApps
Global entities Derive their permissions from the root vCenter Server system.
n Custom fields
n Licenses
n Roles
n Statistics intervals
n Sessions
Multiple Permission Settings

Objects might have multiple permissions, but at most one for each user or group.
Permissions applied on a child object always override permissions applied on a parent object. Virtual machine
folders and resource pools are equivalent levels in the hierarchy. If a user or group is assigned propagating
permissions on both a virtual machine's folder and its resource pool, the user has the privileges propagated
from the resource pool and from the folder.
If multiple group permissions are defined on the same object and the user belongs to two or more of those
groups, two situations are possible:
n If no permission is defined for the user on that object, the user is assigned the union of privileges assigned
to the groups for that object.
n If a permission is defined for the user on that object, the user's permission takes precedence over all group
permissions.
Example 1: Inheritance of Multiple Permissions

This example illustrates how an object can inherit multiple permissions from groups granted permission on a
parent object.
In this example, two permissions are assigned on the same object for two different groups.
n Role 1 can power on virtual machines.
n Role 2 can take snapshots of virtual machines.
n Group A is granted Role 1 on VM Folder, with the permission set to propagate to child objects.
n Group B is granted Role 2 on VM Folder, with the permission set to propagate to child objects.
n User 1 is not assigned specific permission.
User 1, who belongs to groups A and B, logs on. User 1 can both power on and take snapshots of VM A and
VM B.
220 VMware, Inc.

Figure 18-3. Example 1: Inheritance of Multiple Permissions
group A + role 1 VM Folder

group B + role 2
user 1 has permissions
VM A
of role 1 and role 2
VM B
Example 2: Child Permissions Overriding Parent Permissions

This example illustrates how permissions assigned on a child object override permissions assigned on a parent
object. You can use this overriding behavior to restrict user access to particular areas of the inventory.
In this example, permissions are to two different groups on two different objects.
n Role 2 can take snapshots of virtual machines.
n Group A is granted Role 1 on VM Folder, with the permission set to propagate to child objects.
n Group B is granted Role 2 on VM B.
User 1, who belongs to groups A and B, logs on. Because Role 2 has been assigned at a lower point in the
hierarchy than Role 1, it overrides Role 1 on VM B. User 1 can power on VM A, but not take snapshots. User
1 can take snapshots of VM B, but not power it on.
Figure 18-4. Example 2: Child Permissions Overriding Parent Permissions
group A + role 1 VM Folder user 1 has permissions

of role 1 only
VM A
group B + role 2 VM B user 1 has permissions

of role 2 only
Example 3: User Permissions Overriding Group Permissions

This example illustrates how permissions assigned directly to an individual user override permissions assigned
to a group that the user is a member of.
In this example, permissions are assigned to a user and to a group on the same object.
n Group A is granted Role 1 on VM Folder.
n User 1 is granted No Access role on VM Folder.
User 1, who belongs to group A, logs on. The No Access role granted to User 1 on VM Folder overrides the
group permission. User 1 has no access to VM Folder or VMs A and B.
Figure 18-5. Example 3: User Permissions Overriding Group Permissions
group A + role 1 VM Folder

user 1 + no access
user 1 has no access to the folder
VM A
or the virtual machines
VM B
VMware, Inc. 221

Permission Validation
vCenter Server regularly validates its users and groups against the Windows Active Directory domain.
Validation occurs whenever the vCenter Server system starts and at regular intervals specified in the vCenter
Server settings.
For example, if user Smith was assigned permissions and in the domain the user’s name was changed to Smith2,
vCenter Server concludes that Smith no longer exists and removes permissions for that user when the next
validation occurs.
Similarly, if user Smith is removed from the domain, all permissions are removed when the next validation
occurs. If a new user Smith is added to the domain before the next validation occurs, the new user Smith
receives all the permissions the old user Smith was assigned.
Assign Permissions
After you create users and groups and define roles, you must assign the users and groups and their roles to
the relevant inventory objects. You can assign the same permissions at one time on multiple objects by moving
the objects to a folder and setting the permissions on the folder.
Prerequisites
Required privilege: Permissions.Modify permission on the parent object of the object whose permissions you
want to modify.
Procedure
1 Select an object and click the Permissions tab.
2 Right-click the Permissions tab and select Add Permission.
3 Select a role from the Assigned Role drop-down menu.
This menu displays all the roles that are assigned to the object. When the role appears, the privileges
contained in the role are listed in the section below the role title for reference purposes.
4 (Optional) Deselect the Propagate to Child Objects check box.
If you deselect this check box, the role is applied only to the selected object, and does not propagate to the
child objects.
5 Click Add to open the Select Users or Groups dialog box.
6 Identify the user or group to assign to this role.
a Select the domain where the user or group is located from the Domain drop-down menu.
b Type a name in the Search box or select a name from the Name list.
c Click Add.
The name is added to either the Users or Groups list.
d Repeat Step a through Step c to add additional users or groups.
e Click OK when finished.
7 Verify the users and groups are assigned to the appropriate permissions, and click OK.
8 To finish the task, click OK.
The server adds the permission to the list of permissions for the object.
The list of permissions references all users and groups that have roles assigned to the object, and indicates
where in the vCenter Server hierarchy the role is assigned.
222 VMware, Inc.

Adjust the Search List in Large Domains

If you have domains with thousands of users or groups, or if searches take a long time to complete, adjust the
search settings for use in the Select Users or Groups dialog box.
NOTE This procedure applies only to vCenter Server user lists. ESX/ESXi user lists cannot be searched in the
same way.
Procedure
1 From the vSphere Client connected to a vCenter Server system, select Administration > vCenter Server
Management Server Configuration.
2 Click the Active Directory list item.
3 Change the values as needed.
Option Description
Active Directory Timeout Specifies in seconds the maximum amount of time vCenter Server allows the
search to run on the selected domain. Searching very large domains can take
a very long time.
Enable Query Limit To specify no maximum limit on the number of users and groups that
vCenter Server displays from the selected domain, deselect the check box.
Users & Groups value Specifies the maximum number of users and groups vCenter Server displays
from the selected domain in the Select Users or Groups dialog box.
4 Click OK.
Change Permission Validation Settings

vCenter Server periodically validates its user and group lists against the users and groups in the Windows
Active Directory domain, and removes users or groups that no longer exist in the domain. You can change the
interval between validations.
Procedure
1 From the vSphere Client connected to a vCenter Server system, select Administration > vCenter Server
Management Server Configuration.
2 Click the Active Directory list item.
3 Deselect the Enable Validation check box to disable validation.
Validation is enabled by default. Users and groups are always validated when vCenter Server system
starts, even if validation is disabled.
4 If validation is enabled, enter a value in the Validation Period text box to specify a time, in minutes,
between validations.
Change Permissions
After a user or group and role pair is set for an inventory object, you can change the role paired with the user
or group or change the setting of the Propagate check box. You can also remove the permission setting.
Procedure
1 From the vSphere Client, select an object in the inventory.
2 Click the Permissions tab.
3 Click the line item to select the user or group and role pair.
VMware, Inc. 223

4 Select Inventory > Permissions > Properties.
5 In the Change Access Role dialog box, select a role for the user or group from the drop-down menu.
6 To propagate the privileges to the children of the assigned inventory object, click the Propagate check box
and click OK.
Remove Permissions
Removing a permission for a user or group does not remove the user or group from the list of those available.
It also does not remove the role from the list of available items. It removes the user or group and role pair from
the selected inventory object.
Procedure
1 From the vSphere Client, click the Inventory button in the navigation bar.
2 Expand the inventory as needed and click the appropriate object.
3 Click the Permissions tab.
4 Click the appropriate line item to select the user or group and role pair.
5 Select Inventory > Permissions > Delete.
vCenter Server removes the permission setting.
Best Practices for Roles and Permissions

Use best practices for roles and permissions to maximize the security and manageability of your vCenter Server
environment.
VMware recommends the following best practices when configuring roles and permissions in your vCenter
Server environment:
n Where possible, grant permissions to groups rather than individual users.
n Grant permissions only where needed. Using the minimum number of permissions makes it easier to
understand and manage your permissions structure.
n If you assign a restrictive role to a group, check that the group does not contain the Administrator user or
other users with administrative privileges. Otherwise, you could unintentionally restrict administrators'
privileges in parts of the inventory hierarchy where you have assigned that group the restrictive role.
n Use folders to group objects to correspond to the differing permissions you want to grant for them.
n Use caution when granting a permission at the root vCenter Server level. Users with permissions at the
root level have access to global data on vCenter Server, such as roles, custom attributes, vCenter Server
settings, and licenses. Changes to licenses and roles propagate to all vCenter Server systems in a Linked
Mode group, even if the user does not have permissions on all of the vCenter Server systems in the group.
n In most cases, enable propagation on permissions. This ensures that when new objects are inserted in to
the inventory hierarchy, they inherit permissions and are accessible to users.
n Use the No Access role to masks specific areas of the hierarchy that you don’t want particular users to
have access to.
224 VMware, Inc.

Required Privileges for Common Tasks

Many tasks require permissions on more than one object in the inventory.
Table 18-2 lists common tasks that require more than one privilege. It lists the privileges required to perform
the tasks and, where applicable, the appropriate sample roles. You can use the listed Applicable Roles on the
listed inventory objects to grant permission to perform these tasks, or you can create your own roles with the
equivalent required privileges.
Table 18-2. Required Privileges for Common Tasks

Task Required Privileges Applicable Role
Create a virtual machine On the destination folder or datacenter: Virtual Machine

n Virtual Machine.Inventory.Create Administrator
n Virtual Machine.Configuration.Add New Disk (if
creating a new virtual disk)
n Virtual Machine .Configuration.Add Existing Disk
(if using an existing virtual disk)
n Virtual Machine.Configuration.Raw Device (if using
a RDM or SCSI pass-through device)
On the destination host, cluster, or resource pool: Virtual Machine

Resource.Assign Virtual Machine to Resource Pool Administrator
On the destination datastore or folder containing a Datastore Consumer or

datastore: Virtual Machine
Datastore.Allocate Space Administrator
On the network that the virtual machine will be assigned Network Consumer or
to: Virtual Machine
Network.Assign Network Administrator
Deploy a virtual machine On the destination folder or datacenter: Virtual Machine

from a template n Virtual Machine.Inventory.Create Administrator
n Virtual Machine.Configuration.Add New Disk
On a template or folder of templates: Virtual Machine

Virtual Machine.Provisioning.Deploy Template Administrator
On the destination host, cluster or resource pool: Virtual Machine

Resource.Assign Virtual.Machine to Resource Pool Administrator
On the destination datastore or folder of datastores: Datastore Consumer or

Datastore.Allocate Space Virtual Machine
Administrator
On the network that the virtual machine will be assigned Network Consumer or
to: Virtual Machine
Network.Assign Network Administrator
Take a virtual machine On the virtual machine or a folder of virtual machines: Virtual Machine Power User
snapshot Virtual Machine.State.Create Snapshot or Virtual Machine
Administrator
On the destination datastore or folder of datastores: Datastore Consumer or

Administrator
Move a virtual machine into a On the virtual machine or folder of virtual machines: Virtual Machine
resource pool n Resource.Assign Virtual Machine to Resource Pool Administrator
n Virtual Machine.Inventory.Move
On the destination resource pool: Virtual Machine

Resource.Assign Virtual Machine to Resource Pool Administrator
VMware, Inc. 225

Table 18-2. Required Privileges for Common Tasks (Continued)

Task Required Privileges Applicable Role
Install a guest operating On the virtual machine or folder of virtual machines: Virtual Machine Power User
system on a virtual machine n Virtual Machine.Interaction.Answer Question or Virtual Machine
Administrator
n Virtual Machine.Interaction.Console Interaction
n Virtual Machine.Interaction.Device Connection
n Virtual Machine.Interaction.Power Off
n Virtual Machine.Interaction.Power On
n Virtual Machine.Interaction.Reset
n Virtual Machine.Interaction.Configure CD Media (if
installing from a CD)
n Virtual Machine.Interaction.Configure Floppy
Media (if installing from a floppy disk)
n Virtual Machine.Interaction.Tools Install
On a datastore containing the installation media ISO Virtual Machine Power User
image: or Virtual Machine
Datastore.Browse Datastore (if installing from an ISO Administrator
image on a datastore)
Migrate a virtual machine On the virtual machine or folder of virtual machines: Datacenter Administrator or
with VMotion n Resource.Migrate Resource Pool Administrator
n Resource.Assign Virtual Machine to Resource Pool or Virtual Machine
Administrator
(if destination is a different resource pool from the
source)
On the destination host, cluster, or resource pool (if Datacenter Administrator or

different from the source): Resource Pool Administrator
Resource.Assign Virtual Machine to Resource Pool or Virtual Machine
Administrator
Cold migrate (relocate) a On the virtual machine or folder of virtual machines: Datacenter Administrator or
virtual machine n Resource.Relocate Resource Pool Administrator
n Resource.Assign Virtual Machine to Resource Pool or Virtual Machine
Administrator
(if destination is a different resource pool from the
source)
On the destination host, cluster, or resource pool (if Datacenter Administrator or

different from the source): Resource Pool Administrator
Resource.Assign Virtual Machine to Resource Pool or Virtual Machine
Administrator
On the destination datastore (if different from the source): Datastore Consumer or
Administrator
Migrate a Virtual Machine On the virtual machine or folder of virtual machines: Datacenter Administrator or
with Storage VMotion Resource.Migrate Resource Pool Administrator
or Virtual Machine
Administrator
On the destination datastore: Datastore Consumer or

Administrator
Move a host into a cluster On the host: Datacenter Administrator or

Host.Inventory.Add Host to Cluster Virtual Machine
Administrator
On the destination cluster: Datacenter Administrator or

Host.Inventory.Add Host to Cluster Virtual Machine
Administrator
226 VMware, Inc.

Monitoring Storage Resources 19
If you use vCenter Server to manage your ESX/ESXi hosts, you can review information on storage usage and
visually map relationships between all storage entities available in vCenter Server.
In the vSphere Client, for any inventory object except networking, the storage usage data appears in the Storage
Views tab. To view this tab, you must have the vCenter Storage Monitoring plug-in, which is generally installed
and enabled by default.
You can display storage information as reports or storage topology maps.
Reports Reports display relationship tables that provide insight about how an
inventory object is associated with storage entities. They also offer summarized
storage usage data for the object’s virtual and physical storage resources. Use
the Reports view to analyze storage space utilization and availability,
multipathing status, and other storage properties of the selected object and
items related to it.
Maps Maps display storage topology maps that visually represent relationships
between the selected object and its associated virtual and physical storage
entities.
For more information on virtual and phisical storage resources and how virtual mahcines access sotrage, see
ESX Configuration Guide or ESXi Configuration Guide.

n “Working with Storage Reports,” on page 227
n “Working with Storage Maps,” on page 229
Working with Storage Reports

Reports help you monitor storage information.
You can display and review statistics for different categories depending on the inventory object. For example,
if the inventory object is a datastore, you can display information for all virtual machines that reside on the
datastore, all hosts that have access to the datastore, the LUNs on which the datastore is deployed, and so on.
When you display the report tables, the default column headings depend on the inventory object you select.
You can customize the tables by adding or removing columns. Reports are updated every 30 minutes. You can
manually update the reports by clicking Update.
You can search for specific information you need to see by filtering report tables based on storage attributes
and keywords.
VMware, Inc. 227

Display Storage Reports

You display storage reports to review storage information for any inventory object except networking. For
example, if the inventory object is a virtual machine, you can review all datastores and LUNs that the virtual
machine uses, status of all paths to the LUNs, adapters that the host uses to access the LUNs, and so on.
Procedure
1 Display the object, for which you want to view reports, in the inventory.
For example, display virtual machines if you want to review storage information for a specific virtual
machine.
2 Select the object and click Storage Views > Reports.
3 To display information for a specific category, click Show all [Category of Items] and select the
appropriate category from the list.
For example, if you want to see all datastores that the virtual machine is using, select Show all
Datastores.
4 To see the description of each column, move the cursor over the column heading.
Export Storage Reports

You can export storage usage data for an object in various formats, including XML, HTML, or Microsoft Excel.
Perform the following task in the vSphere Client.
Procedure
4 Right-click below the table and select Export List.
5 Specify a file name, type, and location.
6 Click Save.
Filter Storage Reports

To search for specific information, you can filter reports based on any number of storage attributes you select
and keywords you enter in the search field.
Procedure
1 In the inventory, display the object for which to filter the reports.
4 Click the search field arrow and select the attributes to include in the search.
5 Type a keyword into the box and press Enter.
The table is updated based on your search criteria. For example, if you are reviewing reports for datastores in
a datacenter, you can display information for only those datastores that have NFS format by selecting the File
System Type attribute and entering NFS as a key word. Filtering is persistent for the user session.
228 VMware, Inc.

Chapter 19 Monitoring Storage Resources
Customize Storage Reports

You display storage reports in the vSphere Client. When you display the reports tables, the default column
headings depend on the inventory object you select. You can customize the tables by adding or removing
columns.
Procedure
1 Display the object in the inventory for which you want to customize reports.

4 To add a column, right-click any column heading and select an item to display from the list.
5 To hide a column, right-click the column heading and deselect it in the list.
Working with Storage Maps

Storage maps help you visually represent and understand the relationships between an inventory object and
all virtual and physical storage resources available for this object. Map views are object-centric and display
only items relevant to the specific object.
Map views are updated every 30 minutes. You can manually update the maps by clicking the Update link.
You can customize a map view by selecting or deselecting options in the Show area, or by hiding specific items
or changing their position on the map.
You can reposition the map by dragging it, and zoom in or out of the map or its particular section.
Display Storage Maps

For any inventory object except networking, you can display storage maps that graphically represent the
relationships between the object, for example, a virtual machine, and all resources, such as datastores, LUNs,
hosts, and so on, available for this object.
Procedure
2 Select the object and click Storage Views > Maps.
Export Storage Maps

You can export maps to various graphic files, including JPEG, TIFF, and GIF.
Procedure
1 Display a storage map.
2 Right-click the map and select Export Map from the menu.
3 Type a file name, type, and location.
4 Click Save.
The image file is saved to the format and directory you specified.
VMware, Inc. 229

Hide Items on Storage Maps

You can hide any number of items in a storage map.
Procedure
2 Right-click the item you want to hide and select Hide Node from the menu.
Move Items on Storage Maps

You might need to move individual items on the storage map to make the map visually more clear.
Procedure
2 Click the item you want to move and drag it to the new location.
230 VMware, Inc.

Using vCenter Maps 20
A vCenter map is a visual representation of your vCenter Server topology. Maps show the relationships
between the virtual and physical resources available to vCenter Server.
Maps are available only when the vSphere Client is connected to a vCenter Server system.
The maps can help you determine such things as which clusters or hosts are most densely populated, which
networks are most critical, and which storage devices are being utilized. vCenter Server provides the following
map views.
Virtual Machine Displays virtual machine-centric relationships.

Resources
Host Resources Displays host-centric relationships.
Datastore Resources Displays datastore-centric relationships.
VMotion Resources Displays hosts available for VMotion migration.
You can use a map view to limit or expand the scope of a map. You can customize all map views, except
VMotion Resources maps. If you are accessing map views using the navigation bar, all vCenter Server resources
are available for display. If you are using the Maps tab of a selected inventory item, only items related to that
item are displayed. For virtual machine inventory items, the VMotion Resources view is the only map view
available on the Maps tab.
You can customize a map view by selecting or deselecting objects in the inventory pane or by selecting or
deselecting options in the Map Relationships area.
You can reposition the map by dragging it (click and hold anywhere on the map and drag the map to the new
location). A grey box in the overview area represents the section of the total map that is viewable and moves
as you drag the map. You can resize the grey box to zoom in or out of a section of the map.
You can double-click any object in a map to switch to the Map tab for that item (providing a Map tab is available
for that type of object).
Right-click on any object in a map to access its context menu.

n “vCenter VMotion Maps,” on page 232
n “vCenter Map Icons and Interface Controls,” on page 232
n “View vCenter Maps,” on page 233
n “Print vCenter Maps,” on page 233
n “Export vCenter Maps,” on page 233
VMware, Inc. 231

vCenter VMotion Maps

VMotion resource maps provide a visual representation of hosts, datastores, and networks associated with the
selected virtual machine.
VMotion resource maps also indicate which hosts in the virtual machine’s cluster or datacenter are compatible
with the virtual machine and are potential migration targets. For a host to be compatible, it must meet the
following criteria.
n Connect to all the same datastores as the virtual machine.
n Connect to all the same networks as the virtual machine.
n Have compatible software with the virtual machine.
n Have a compatible CPU with the virtual machine.
NOTE The VMotion map provides information as to whether VMotion might be possible, and if not, what an
administrator might do to remedy the situation. It does not guarantee that a particular VMotion migration will
be successful.
vCenter Map Icons and Interface Controls

Resource maps are visual representations of your datacenter topology. Each icon in a resource map represents
a managed object or its current state. Controls in the Maps tab enable you to work with the current resource
map.
Map Icons
The icons in a resource map represent the objects in the inventory and their current state. Table 20-1 describes
the map icons.
Table 20-1. Resource Map Icons

Icon Description
Host icon.
A host that is compatible for VMotion migration. The color of the circle varies in intensity based on the load of
the current host. Heavily used hosts are pale; low-load hosts are saturated green.
A host that is not compatible for VMotion migration.
Virtual machine icon. When the virtual machine is powered on, the icon contains a green triangle.
Network icon.
Datastore icon.
232 VMware, Inc.

Chapter 20 Using vCenter Maps
Map Interface Controls

Use the controls in the Maps tab to customize map relationships, refresh map views, and move the focus of
the current map. Table 20-2 describes the controls located on the Maps tab.
Table 20-2. Resource Map Interface Controls

Map Interface Panel Description
Overview panel Thumbnail graphic of the full-scale map.
Map Relationships panel Displayed when more than one map view is available. The Map Relationships panel lets you
customize map relationships for hosts and virtual machines. Use the checkboxes to enable or
disable relationships for the selected object and display them in the current resource map.
Refresh link Maps do not auto-refresh. Click Refresh to synchronize your map with the current state of the
inventory and to center the map view.
Inventory panel When selecting through the Inventory navigation bar, a selected item stays highlighted to
indicate map focus.
When selecting through the Maps navigation bar, all items in the inventory are listed with a
check box. You can select or deselect any inventory items you do not want included in the map.
View vCenter Maps

Resource maps enable you to view the relationships among hosts, clusters, and virtual machines. You can view
a resource map for an entire vCenter Server system or for a specific object, such as a datacenter or cluster. Maps
for specific objects show only the object relationships for that object.
Procedure
2 Select the object and click the Maps tab.
For example, to display the resource map for your entire vCenter Server system, select the vCenter Server
in the inventory panel. To display the resource map for a host, select the host in the inventory panel.
Print vCenter Maps

You can print resource maps to any standard printer.
Perform this procedure on the vSphere Client Map tab.
Procedure
1 Select File > Print Maps > Print.
2 In the printer Name list, select the printer.

3 Click Print.
Export vCenter Maps

Exporting a resource map saves the map to an image file.
Perform this procedure on the vSphere Client Map tab.
Procedure
1 If necessary, view the resource map.
2 Select File > Export > Export Maps.
VMware, Inc. 233

3 Navigate to the location to save the file.
4 Type a name for the file and select a file format.
5 Click Export.
234 VMware, Inc.

Working with Alarms 21
Alarms are notifications that occur in response to selected events, conditions, and states that occur with objects
in the inventory. You use the vSphere Client to create and modify alarms.
The vCenter Server system is configured with a set of predefined alarms that monitor clusters, hosts,
datacenters, datastores, networks, and virtual machines. it is also configured with alarms that monitor vCenter
Server licensing.
Each predefined alarm monitors a specific object and applies to all objects of that type. For example, by default,
the Host CPU Usage alarm is set automatically on each host in the inventory and triggers automatically when
any host's CPU usage reaches the defined CPU value.
If the predefined vCenter Server alarms do not account for the condition, state, or event you need to monitor,
you can define custom alarms.
When you set an alarm on a parent object, such as a vCenter Server, a datatcenter, or a cluster, all applicable
child objects inherit the alarm. You can also set an alarm on a folder to propagate the same alarm to all objects
contained in that folder. You cannot change or override an alarm that is set on a child object from its parent
object. You must change the alarm on the child object itself.
Alarms are composed of a trigger and an action.
Trigger A set of conditions that must be met for an alarm warning and alert to occur.
Most triggers consist of a condition value and a length of time that value is true.
For example, the virtual machine memory alarm triggers a warning when
memory usage is over 75% for one hour and over 90% for five minutes.
VMware uses colors to denote alarm severity:

n Normal – green
n Warning – yellow
n Alert – red
VMware, Inc. 235

You can set alarms to trigger when the state changes from green to yellow,
yellow to red, red to yellow, and yellow to green. Triggers are defined for the
default VMware alarms. You can change the trigger conditions (thresholds,
warning values, and alert values) for the default alarms.
Action The operation that occurs in response to the trigger. For example, you can have
an email notification sent to one or more administrators when an alarm is
triggered. The default vCenter Server alarms are not preconfigured with
actions. You must manually set what action occurs when the triggering event,
condition, or state occurs.
NOTE Some alarms contain triggers that are not supported in the vSphere Client and cannot be changed.
However, you can still configure the alarm actions, enable or disable the alarm, and change the alarm name.
If your environment requires changes to these alarm triggers, create custom alarms by using the vSphere Client
or the VMware vSphere APIs.

n “Alarm Triggers,” on page 236
n “Alarm Actions,” on page 246
n “Alarm Reporting,” on page 251
n “Creating Alarms,” on page 251
n “Managing Alarms,” on page 255
n “Managing Alarm Actions,” on page 259
n “Preconfigured VMware Alarms,” on page 262
Alarm Triggers
You configure alarm triggers to generate warnings and alerts when the specified criteria is met. Alarms have
two types of triggers: condition or state triggers, and event triggers.
Condition or State Monitor the current condition or state of virtual machines, hosts, and
Triggers datastores. This includes power states, connection states, and performance
metrics, such as CPU and disk usage. To set alarms on other objects in the
inventory, including datacenters, clusters, resource pools, and networking
objects, use event triggers.
NOTE You can set a condition or state alarm at the datacenter level that
monitors all virtual machines, hosts, or datastores in the datacenter.
Event Triggers Monitors events that occur in response to operations occuring with any
managed object in the inventory, the vCenter Server system, or the license
server. For example, an event is recorded each time a virtual machine is cloned,
created, deleted, deployed, and migrated.
236 VMware, Inc.

Chapter 21 Working with Alarms
Condition and State Triggers

Use condition triggers and state triggers to set alarms on performance metrics, power states, and connection
states for virtual machines, hosts, and datastores. To set alarms on other objects in the inventory, you must use
event triggers.
Condition and state triggers use one of the following operator sets to monitor an object:
n Is equal to and Is not equal to
n Is above and Is below
To define a condition or state trigger, you choose the appropriate operator set and enter the values for the
warning and alert status. You can use any number of triggers for an alarm. When you use more than one trigger,
you choose whether to trigger the alarm when any conditions are satisfied or when all conditions are satisfied.
For example, you can create a host alarm that has two condition triggers, one for CPU usage and one for memory
usage:
Warning Alert
Trigger Condition Operator Value Operator Value
1 CPU usage Is above 75% Is above 90%
2 Memory usage Is above 75% Is above 90%
If you trigger the alarm when all conditions are satisfied, the alarm will trigger the warning only when both
CPU usage and memory usage values are above 75%. Likewise, it will trigger the alert only when both CPU
usage and memory usage are above 90%.
NOTE Unexpected results might occur when you have an alarm with multiple triggers with opposing warning
and alert conditions, and you set the alarm to trigger when all conditions are satisfied. For example, an alarm
has two triggers that set warnings and alerts for the virtual machine power state.
Table 21-1. Example – Opposing Warning and Alert Conditions

Trigger Warning Alert
1 Powered Off Powered On
2 Powered On Powered Off
If you choose to trigger the alarm when all conditions are satisfied, the alarm triggers a warning. This is because
the vServer System uses the AndAlarmExpression operator to validate the condition statuses for each trigger.
When they are all satisfied, the first condition is satisfied, and therefore is used: Warning & Alert = warning.
Condition and State Trigger Components

Condition and State triggers are comprised of a trigger type, a triggering condition and length, and warning
and alert values.
Table 21-2 describes each component of Condition and State triggers.
Table 21-2. Condition and State Trigger Components

Trigger Component Description
Trigger type The condition or state to monitor, for example, VM CPU Usage (%).
Condition The qualifier used to set the threshold for the trigger, for example, Is Above and Is
Below.
Warning The value that must be reached for the alarm to transition from a normal state to a
warning state, and to trigger the alarm.
VMware, Inc. 237

Table 21-2. Condition and State Trigger Components (Continued)

Condition Length For condition triggers, after the warning condition is reached, the amount of time the
warning condition stays true in order for the warning to trigger.
State triggers do not have condition lengths. As soon as the state condition occurs, the
warning is triggered.
Alert The value that must be reached for the alarm to transition from the warning state to an
alert state and to trigger the alarm.
Condition Length For condition triggers, after the alert value is reached, the amount of time the alert
condition stays true in order for the alarm to trigger.
State triggers do not have condition lengths. As soon as the state condition occurs, the
alert is triggered.
For condition triggers to generate a warning or an alert, the value you set must be reached and for the specified
condition length. For example, you can configure a condition trigger to generate a warning and an alert under
the following conditions:
n A virtual machine’s CPU usage must be above 75% for more than 10 minutes to generate a warning.
n A virtual machine’s CPU usage must be above 95% for more than 5 minutes to generate a warning.
The 10 minute and 5 minute time conditions in this example help distinguish an erratic condition from a true
scenario. You set time requisites to ensure that the metric conditions are valid and not caused by incidental
spikes.
Triggered alarms reset when the triggering condition or state is no longer true. For example, if you have an
alarm defined to trigger a warning when host CPU is above 75%, the condition will reset to normal when the
value falls below the 75% and the warning alarm will no longer be triggered. The threshold condition is
dependent on any tolerance range you set for the threshold.
Virtual Machine Condition and State Triggers

VMware provides default triggers that you can use to define alarms on virtual machines when they undergo
certain conditions and states.
Table 21-3 lists the Condition and State triggers you can set on virtual machines.
Table 21-3. Virtual Machine Condition and State Alarm Triggers

Trigger Type Trigger Name Description
Condition CPU Ready Time (ms) The amount of time the virtual machine was ready during the collection
interval, but could not get scheduled to run on the physical CPU. CPU ready
time is dependent on the number of virtual machines on the host and their
CPU loads.
Condition CPU Usage (%) Amount of virtual CPU (MHz) used by the virtual machine. CPU limits are
ignored in the calculation. The calculation is:
VM CPU Usage (%) = VM CPU [MHz] / (# of vCPUs x clock rate of the physical
CPU [MHz]) x 100
Condition Disk Aborts Number of SCSI commands that were not completed on each physical disk
of the virtual machine.
Condition Disk Resets Number of SCSI-bus reset commands issued on each physical disk of the
virtual machine.
Condition Disk Usage (KBps) Sum of the data read and written across all disk instances on the virtual
machine.
238 VMware, Inc.

Table 21-3. Virtual Machine Condition and State Alarm Triggers (Continued)
Condition Fault Tolerance Amount of wallclock time that the virtual CPU of the secondary virtual
Secondary VM Latency machine is behind the virtual CPU of the primary virtual machine.
Status Changed n Low – 0-2 seconds
n Moderate – 2-6 seconds
n High – More than 6 seconds
State Heartbeat Current status of the guest operating system heartbeat:

n Gray – VMware Tools are not installed or not running.
n Red – No heartbeat. Guest operating system may have stopped
responding.
n Yellow – Intermittent heartbeat. A Yellow status may be caused by heavy
guest OS usage.
n Green – Guest operating system is responding normally.
Condition Memory Usage (%) Amount of configured RAM (MB) used by the virtual machine. The
calculation is:
VM Memory Usage (%) = Active Memory [MB] / configured RAM of VM [MB]
x 100
Condition Network Usage (Kbps) Sum of data transmitted and received across all virtual NIC instances on the
virtual machine.
Condition Snapshot Size (GB) Aggregate size (KB) of all snapshots taken for the current virtual machine.
State State Current state of the virtual machine:

n Powered On – The virtual machine is powered on.
n Powered Off – The virtual machine is powered off.
n Suspended – The virtual machine is suspended.
Condition Total Disk Latency (ms) Average amount of time taken to process a SCSI command issued by the Guest
OS to the virtual machine. The calculation is:
Total Disk Latency = kernelLatency + deviceLatency
n Low – 0-2 seconds
n Moderate – 2-6 seconds
n High – More than 6 seconds
Condition Total Size on Disk (GB) Aggregate amount of disk space occupied by all virtual machines on the host.
Host Condition and State Triggers

VMware provides preconfigured alarms that trigger when hosts undergo certain conditions and states.
Table 21-4 lists the default Condition and State triggers you can set on hosts.
VMware, Inc. 239

Table 21-4. Host Condition and State Triggers

Trigger Name Description Trigger Type
Connection State Current connection state of the host: State

n Connected – The host is connected to the server. For ESX/ESXi hosts,
this is always the state.
n Disconnected – A user has explicitly shut down the host. In this state,
vCenter Server does not expect to receive heartbeats from the host.
The next time a heartbeat is received, the host is returned to a
connected state and an event is logged.
n Not Responding – vCenter Server is not receiving heartbeat messages
from the host. After the heartbeat messages are received again, the
state automatically changes to Connected. This state is often used to
trigger an alarm on the host.
Console SwapIn Rate Rate at which the service console kernel is swapping in memory. The Condition
(KBps) Console Swapin Rate indicates memory pressure in the service console.
A high value is generally a precursor to timeout operations. To fix the
problem, consider adding more memory or ending the memory-intensive
task.
Console SwapOut Rate Rate at which the service console kernel is swapping out memory. The Condition
(KBps) Console Swapout Rate indicates memory pressure in the service console.
A high value is generally a precursor to timeout operations. To fix the
problem, consider adding more memory or ending the memory-intensive
task.
CPU Usage (%) Amount of physical CPU (MHz) used by the ESX/ESXi host. The Condition
calculation is:
Host CPU Usage (%) = CPU usage [MHz] / (# of physical CPUs x clock
rate [MHz]) x 100
Disk Usage (KBps) Sum of the data read from and written to all disk instances on the host. Condition
Memory Usage (%) Amount of physical RAM (MB) consumed by the ESX/ESXi host. The Condition
calculation is:
Host Memory Usage (%) = Consumed Memory [MB] / physical RAM of
server [MB] x 100
Network Usage (kbps) Sum of data transmitted and received for all the NIC instances of the host. Condition
Power State Current power state of the host: State

n Powered On – The host is powered on.
n Powered Off – The host is powered off.
n Suspended – The host is suspended.
Swap Pages Write (KBps) Rate at which host memory is swapped out to the disk. Condition
Datastore Condition and State Triggers

VMware provides preconfigured alarms that trigger when datastores undergo certain conditions and states.
Table 21-5 lists the default Condition and State triggers you can set on datastores.
240 VMware, Inc.

Table 21-5. Datastore Condition and State Triggers

Condition Datastore Disk Amount of overallocated disk space in the datastore.

Overallocation (%)
Condition Datastore Disk Usage Amount of disk space (KB) used by the datastore.
(%)
State Datastore State to All n Connected to all hosts – The datastore is connected to at least one
Hosts host.
n Disconnected from all hosts – The datastore is disconnected from at
least one host.
Event Triggers
Event triggers monitor events that occur in response to actions related to managed objects, the vCenter Server
system, and the License Server.
Event triggers use arguments, operators, and values to monitor operations that occur in the vServer System.
Because the occurrance of the event gives you information about the operation occurring in your environment,
you usually will not need to configure arguments for them. However, some events are general and
configuration might be required to set the alarm on the desired information. For example, the Hardware Health
Changed event occurs for a variety of different subsystems on a host.The preconfigured datacenter alarm Host
Hardware Fan Health uses the Hardware Health Changed event with the following two arguments to set a
warning condition when a fan is not operating:
Table 21-6. Example – Event Arguments, Operators, and Values

Argument Operator Value
group equal to Fan
newState equal to Yellow
NOTE Due to the large number of events tracked by vCenter Server, the event table for each object does not
contain definitive lists of events. Instead, it provides a subset of the events available for alarm triggers.
Event Trigger Components

Event triggers are composed of a trigger type, a trigger status, and triggering conditions.
Table 21-7 describes the components of event alarm triggers.
VMware, Inc. 241

Table 21-7. Event Trigger Components

Trigger type Event to monitor. Events can be generated by a user action or the system, for example,
Account Password Change and Alarm Email Sent.
Status The value that must be met for the alarm to trigger:
n Normal
n Warning
n Alert.
Conditions Specifications that define the trigger.

Event conditions include the following components:
n Argument – The event attribute to monitor.
n Operator – The qualifier used to set the trigger value, for example Starts with and
Doesn’t start with.
n Value – The value that must be met to trigger the event.
Conditions are not configurable for all events.
For example, you have a subset of hosts in the same datacenter named with the identifying prefix, QA_. To
trigger an alarm when any of these hosts lose network connectivity, create an alarm on the datacenter to monitor
the event Lost Network Connectivity. The trigger conditions are:
n Argument — host.name
n Operator — Starts with
n Value – QA_
When storage connectivity is lost on a host named QA_Host1, the event triggers.
Event triggers do not rely on thresholds or durations. They use the arguments, operators, and values to identify
the triggering condition. When the triggering conditions are no longer true, a triggered alarm resets
automatically, and no longer triggers.
Virtual Machine Event Triggers

VMware provides preconfigured alarms that trigger when events occur on virtual machines.
Table 21-8 lists events you can use to trigger alarms on virtual machines.
Table 21-8. Virtual Machine Event Triggers

Event Category Available Events
Customization Customization started, Customization succeeded, Cannot complete Sysprep,

Unknown error.
DRS DRS VM migrated, VM powered on, No maintenance mode DRS recommendation.
General messages and information VM error, VM error message, VM information, VM information message, VM
warning, VM warning message, VM migration error, VM migration warning, VM
configuration missing.
Deployment VM created, VM auto renamed, VM being closed, VM being creating, VM

deploying, VM emigrating, VM hot migrating, VM migrating, VM reconfigured,
VM registered, VM removed, VM renamed, VM relocating, VM upgrading.
Cannot complete clone, Cannot migrate, Cannot relocate, Cannot upgrade.
Power and connection states VM connected, VM disconnected, VM discovered, VM powered off, VM powered
on, VM starting, VM stopping, VM suspended, VM restarted on alternate host, VM
resuming.
Guest reboot, guest shutdown, guest standby.
Cannot power off, Cannot power on, Cannot reboot guest OS, Cannot reset, Cannot
shut down the guest OS, Cannot standby guest OS, Cannot suspend.
Remote console connected, Remote console disconnected.
242 VMware, Inc.

Table 21-8. Virtual Machine Event Triggers (Continued)

HA HA enabled VM reset, Cannot resent HA enabled VM, VM HA updated error.
Fault tolerance Secondary VM added, Secondary VM disabled, Secondary VM enabled, Secondary

VM started.
Cannot start secondary VM, Cannot update secondary VM configuration.
Fault tolerance state changed, Fault tolerance VM deleted.
No compatible host for secondary VM.
Naming and IDs UUID: Assigned, Changed, Conflict. Assign a new instance, Instance changed,
Instance conflict.
MAC: Assigned, Changed, Conflict. VM static MAC conflict.
WWN: Assigned, Changed, Conflict.
Record, Replay Start a recording session, Start a replay session.
Resource Pool Resource pool moved, Resource pool relocated.
Host Event Triggers

VMware provides preconfigured alarms that trigger when events occur on hosts.
Table 21-9 lists events you can use to trigger alarms on hosts.
Table 21-9. Host Event Triggers

Accounts Account created, Account removed, Account updated.
Access and security Administrator access disabled, Administrator access enabled.

Administrator password not changed. VIM account password changed.
License expired, No license.
Connection and mode Host connected, Host disconnected.

Host entered maintenance mode, Host exited maintenance mode, Host entering standby
mode, Host exiting standby mode.
Cannot connect host, Host already managed, Incorrect Ccagent, Incorrect user name,
Incompatible version, Ccagent upgrade, Network error, No access.
Connection lost, Cannot reconnect host. Lost network connectivity, Lost network
redundancy, Lost storage connectivity, Lost storage path redundancy.
DRS DRS entering standby mode, DRS exited standby mode, DRS exiting standby mode. Cannot
complete DRS resource configuration, Resource configuration synchronized.
General error information Host error, Host information, Host warning.
HA Host HA agent disabled, HA agent enabled, Disabling HA, Enabling HA agent, HA agent
error, HA agent configured.
Host has extra HA networks, Host has no available HA networks, Host is missing HA
networks, N.o redundant management network for host.
Hardware health Hardware health changed
Inventory Host added, Host not in cluster. No datastores configured.
IP address Host IP changed, IP inconsistent, IP to short name not completed, Cannot get short host
name, Short name to IP not completed, Duplicate IP detected.
Datastore Event Triggers

VMware provides preconfigured alarms that trigger when events occur on datastores.
Table 21-10 lists events you can use to trigger alarms on datastores.
VMware, Inc. 243

Table 21-10. Datastore Event Triggers

Datastore modification Datastore capacity increased.

Local datastore created, Datastore deleted, Datastore discovered, Datastore
removed.
NAS NAS datastore created.
VMFS VMFS datastore created, VMFS datastore expanded, VMFS datastore extended.
Datacenter Event Triggers

VMware provides preconfigured alarms that trigger when events occur on datacenters.
Table 21-11 lists events you can use to set alarms on datacenters.
Table 21-11. Datacenter Event Triggers

Alarms Alarm created, reconfigured, removed. Alarm email sent, email send failed. Alarm
script completed, script not completed. Alarm SNMP trap sent, SNMP trap not
completed. Alarm status changed.
Authentication, Permissions, and Already authenticated. Permission added, removed, updated. Profile created,
Roles removed. Role added, created, removed.
Custom Fields Custom field definition added, removed, renamed. Custom field value changed.
cannot complete customization network setup.
Customization Customization Linux identity failed, network setup failed.
Datacenter Datacenter created, renamed.
Datastore Datastore renamed, datastore renamed on host.
DRS DRS invocation not completed, DRS recovered from failure.
DVS vNetwork Distributed Switch merged, renamed, configuration on some hosts

differed from that of the vCenter Server.
HA and DRS HA agent found, DRS invocation not completed, DRS recovered from failure.
Hosts Host add failed, inventory full, short name inconsistent, cannot add host.
Licensing License added, assigned, expired, insufficient, removed, unassigned. License server
available, unavailable. Unlicensed virtual machines, all virtual machines licensed.
Scheduled Tasks Scheduled task created, completed, cannot complete, email sent, email not sent,
reconfigured, removed, started.
Templates Upgrading template, template upgraded, cannot upgrade template.
User Operations User assigned to group, removed from group, login, logout, upgrade.
Virtual Machines VM cloned, created, relocated, upgraded.
vServer Server license expired, session started, session stopped.
Cluster Event Triggers

VMware provides preconfigured alarms that trigger when events occur on clusters.
Table 21-12 lists events you can use to set alarms on clusters.
244 VMware, Inc.

Table 21-12. Cluster Event Triggers

Cluster creation, modification, and Cluster created, Cluster deleted, Cluster overcommitted, Cluster reconfigured.
compliance Cluster status changed, Cluster compliance checked.
High Availability (HA) HA agent unavailable, HA disabled, HA enabled, HA host failed, HA host isolated,
All HA hosts isolated.
DRS DRS enabled, DRS disabled.
dvPort Group Event Triggers

VMware provides preconfigured alarms that trigger when events occur on dvPort group alarms.
Table 21-13 lists events you can use to set alarms on dvPort groups.
Table 21-13. dvPort Group Event Triggers

Distributed Virtual Port Group Distributed virtual group created, Distributed virtual group
deleted, Distributed virtual group reconfigured, Distributed
virtual group renamed.
vNetwork Distributed Switch Event Triggers

VMware provides preconfigured alarms that trigger when events occur on on vNetwork distributed switches.
Table 21-14 lists the events you can use to set alarms on vNetwork distributed switches.
Table 21-14. vNetwork Distributed Switch Event Triggers

Distributed Virtual Switch creation and modification Distributed Virtual Switch created, Distributed Virtual
Switch deleted, Distributed Virtual Switch reconfigured,
Distributed Virtual Switch upgraded.
Port Port blocked, Port connected, Port disconnected, Port

created, Port deleted, Port link up, Port link down.
Host Host joined or left the distributed vswitch.

Host and vCenter Server configuration synchronized.
Network Event Triggers

VMware provides preconfigured alarms that trigger when events occur on networks.
Table 21-15 lists the events you can use to trigger alarms on networks.
Table 21-15. Network Event Triggers

dvPort group creation and dvPort group created, dvPort group deleted, dvPort group reconfigured, dvPort
modification group renamed.
VMware, Inc. 245

Alarm Actions
Alarm actions are operations that occur in response to triggered alarms. For example, email notifications are
alarm actions.
VMware provides a list of preconfigured actions you can associate with an alarm. These actions are specific to
the object on which you set the alarm. For example, preconfigured alarm actions for hosts include rebooting
the host and putting the host in maintenance mode. Alarm actions for virtual machines include powering on,
powering off, and suspending the virtual machine.
Although the actions are preconfigured, you must manually set up certain aspects of the action, such as having
the action occur when a warning is triggered or when an alert is triggered, and whether to repeat the action.
You can configure alarm actions to repeat in the following ways:
n At a specified time interval after an alarm triggers. For example, if an alarm triggers because a physical
host is not responding, you can have an email message sent every 10 minutes until the host is returned to
a connected state or until the alarm trigger is suppressed.
n Until the alarm is explicitly acknowledged by an administrator. When you acknowledge an alarm, the
alarm actions are suppressed. The alarm trigger is not reset. It remains in its current state until the
triggering condition, state, or event is no longer valid.
Some alarm actions, such as sending notification emails or traps, and running a script, require additional
configuration.
NOTE The default VMware alarms do not have actions associated with them. You must manually associate
actions with the default alarms.
Default vSphere Alarm Actions

VMware provides default alarm actions you can associate with an alarm. When the alarm triggers, the action
occurs.
Table 21-16 lists the default vSphere alarm actions.
Table 21-16. Default vSphere Alarm Actions

Action Description Alarm Object
Send a notification email SMTP sends an email message. The SMTP must be ready datacenter, datastore, cluster,
when the email message is sent. You can set SMTP host, resource pool, virtual
through vCenter Server or through Microsoft Outlook machine, network, vNetwork
Express. distributed switch, dvPort group
Send a notification trap SNMP sends a notification trap. vCenter Server is the datacenter, datastore, cluster,
default SNMP notification receiver. An SNMP trap host, resource pool, virtual
viewer is required to view a sent trap. machine
Run a command Performs the operation defined in the script you specify. datacenter, datastore, cluster,
It runs as separate process and does not block vCenter host, resource pool, virtual
Server processes. machine, network, vNetwork
distributed switch, dvPort group
Enter or exit maintenance Puts the host in and out of maintenance mode. host
mode Maintenance mode restricts virtual machine operations
on the host. You put a host in maintenance mode when
you need to move or service it.
Enter or exit standby Suspends or resumes the guest operating system on the host
virtual machine.
Reboot or shut down host Reboots or shuts down the host. host
246 VMware, Inc.

Table 21-16. Default vSphere Alarm Actions (Continued)

Action Description Alarm Object
Suspend the virtual Suspends the virtual machine when the alarm triggers. virtual machine
machine You can use the suspend feature to make resources
available on a short-term basis or for other situations in
which you want to put a virtual machine on hold without
powering it down.
Power on or power off the Power on starts the virtual machine and boots the guest virtual machine
virtual machine operating system if the guest operating system is
installed.
Power off is analogous to pulling the power cable on a
physical machine. It is not a graceful shutdown of the
guest operating system, but is used when a shut down
might not succeed. For example, a shut down will not
work if the guest operating system is not responding.
Reset the virtual machine Pauses activity on the virtual machine. Transactions are virtual machine
frozen until you issue a Resume command.
Migrate the virtual Powers off the virtual machine and migrates it according virtual machine
machine to the settings you define when you created the alarm
action.
Reboot or shutdown the Reboot shuts down and restarts the guest operating virtual machine
guest system without powering off the virtual machine.
Shutdown shuts down the guest operating system
gracefully.
Disabling Alarm Actions

You can disable an alarm action from occurring without disabling the alarm itself. For example, if you have
an alarm set to trigger when a host is disconnected, and you put the host in maintenance mode, you can disable
the alarm action from firing because you know the host is not available. The alarm is still enabled, so it triggers,
but the action does not.
You disable alarm actions for a selected inventory object. You can also disable alarm actions across multiple
objects at one time from the object tab. For example, to disable the alarm actions for multiple virtual machines
on a host, go to the Virtual Machines tab of the host. When you disable the alarm actions for an object, they
continue to occur on child objects.
When you disable alarm actions, all actions on all alarms for the object are disabled. You cannot disable a subset
of alarm actions.
SNMP Traps as Alarm Actions

The SNMP agent included with vCenter Server can be used to send traps when alarms are triggered on a
vCenter Server. When an SNMP trap notification occurs, only one trap is triggered and sent.
Table 21-17 describes the trap information provided in the body of an SNMP notification.
Table 21-17. SNMP Trap Notification Details

Trap Entry Description
Type The state vCenter Server is monitoring for the alarm. Options include Host Processor (or CPU)
usage, Host Memory usage, Host State, Virtual Machine Processor (or CPU) usage, Virtual Machine
Memory usage, Virtual Machine State, Virtual Machine Heartbeat.
Name The name of the host or virtual machine that triggers the alarm.
Old Status The alarm status before the alarm was triggered.
VMware, Inc. 247

Table 21-17. SNMP Trap Notification Details (Continued)

Trap Entry Description
New Status The alarm status when the alarm is triggered.
Object Value The object value when the alarm is triggered.
NOTE To use SNMP with vCenter Server, you must configure SNMP settings using the vSphere Client.
However, if you configured SMTP settings in Microsoft Outlook Express, configuring them in vCenter Server
is not required.
Email Notifications as Alarm Actions

The SMTP agent included with vCenter Server can be used to send email notifications when alarms are
triggered on vCenter Server. When an alarm is triggered, any number of email notification are sent. You define
the recipient list when you set up the alarm actions for an alarm.
Table 21-18 describes the information provided in the body of an SMTP notification.
Table 21-18. SMTP Email Notification Details

Email Entry Description
Target Object for which the alarm was triggered.
Old Status Previous alarm status. Applies only to state triggers.
New Status Current alarm status. Applies only to state triggers.
Metric Value Threshold value that triggered the alarm. Applies only to metric condition triggers.
Alarm Definition Alarm definition in vCenter Server, including the alarm name and status.
Description Localized string containing a summary of the alarm. For example:

Alarm New_Alarm on host1.vmware.com changed from Gray to Red.
If the alarm was triggered by an event, the information in Table 21-19 is also included in the body of the email.
Table 21-19. Event Details in Email

Detail Description
Event Details VMODL event type name.
Summary Alarm summary, including the event type, alarm name, and target object.
Date Time and date the alarm was triggered.
UserName Person who initiated the action that caused the event to be created. Events caused by an
internal system activity do not have a UserName value.
Host Host on which the alarm was triggered.
Resource Pool Resource pool on which the alarm was triggered.
Datacenter Datacenter on which the alarm was triggered.
Arguments Arguments passed with the alarm and their values.
NOTE If you configured SMTP settings in Microsoft Outlook Express, you do not need to configure them for
vCenter Server.
248 VMware, Inc.

Running Scripts as Alarm Actions

You can write scripts and attach them to alarms so that when the alarm triggers, the script runs.
Use the alarm environment variables to define complex scripts and attach them to multiple alarms or inventory
objects. For example, you can write a script that enters the following trouble ticket information into an external
system when an alarm is triggered:
n Alarm name
n Object on which the alarm was triggered
n Event that triggered the alarm
n Alarm trigger values
When you write the script, include the following environment variables in the script:
n VMWARE_ALARM_NAME
n VMWARE_ALARM_TARGET_NAME
n VMWARE_ALARM_EVENTDESCRIPTION
n VMWARE_ALARM_ALARMVALUE
You can attach the script to any alarm on any object without changing the script.
Alarm Environment Variables

To simplify script configuration for alarm actions, VMware provides environment variables for VMware
alarms.
Table 21-20 lists the default environment variables defined for alarms. Use these variables to define more
complex scripts and attach them to multiple alarms or inventory objects so the action occurs when the alarm
triggers.
Table 21-20. Alarm Environment Variables

Supported Alarm
Variable Name Variable Description Type
VMWARE_ALARM_NAME Name of the triggered alarm. Condition, State,

Event
VMWARE_ALARM_ID MOID of the triggered alarm. Condition, State,

Event
VMWARE_ALARM_TARGET_NAME Name of the entity on which the Condition, State,

alarm triggered. Event
VMWARE_ALARM_TARGET_ID MOID of the entity on which the Condition, State,

alarm triggered. Event
VMWARE_ALARM_OLDSTATUS Old status of the alarm. Condition, State,

Event
VMWARE_ALARM_NEWSTATUS New status of the alarm. Condition, State,

Event
VMWARE_ALARM_TRIGGERINGSUMMARY Multiline summary of the alarm. Condition, State,

Event
VMWARE_ALARM_DECLARINGSUMMARY Single-line declaration of the alarm Condition, State,

expression. Event
VMWARE_ALARM_ALARMVALUE Value that triggered the alarm. Condition, State
VMWARE_ALARM_EVENTDESCRIPTION Description text of the alarm status Condition, State

change event.
VMware, Inc. 249

Table 21-20. Alarm Environment Variables (Continued)

Supported Alarm
Variable Name Variable Description Type
VMWARE_ALARM_EVENTDESCRIPTION Description of the event that Event

triggered the alarm.
VMWARE_ALARM_EVENT_USERNAME User name associated with the event. Event
VMWARE_ALARM_EVENT_DATACENTER Name of the datacenter in which the Event

event occurred.
VMWARE_ALARM_EVENT_COMPUTERESOURCE Name of the cluster or resource pool Event

in which the event occurred.
VMWARE_ALARM_EVENT_HOST Name of the host on which the event Event

occurred.
VMWARE_ALARM_EVENT_VM Name of the virtual machine on Event

which the event occurred.
VMWARE_ALARM_EVENT_NETWORK Name of the network on which the Event

event occurred.
VMWARE_ALARM_EVENT_DATASTORE Name of the datastore on which the Event

event occurred.
VMWARE_ALARM_EVENT_DVS Name of the vNetwork Distributed Event

Switch on which the event occurred.
Alarm Command-Line Parameters

VMware provides command-line parameters that function as a substitute for the default alarm environment
variables. You can use these parameters when running a script as an alarm action for a condition, state, or
event alarm.
The command-line parameters enable you to pass alarm information without having to change an alarm script.
For example, use these parameters when you have an external program for which you do not have the source.
You can pass in the necessary data by using the substitution parameters, which take precedence over the
environment variables. You pass the parameters through the vSphere Client Alarm Actions Configuration
dialog box or on a command line.
Table 21-21 lists the command-line substitution parameters for scripts that run as alarm actions.
Table 21-21. Command-Line Parameters for Alarm Action Scripts

Variable Description
{eventDescription} Text of the alarmStatusChange event. The {eventDescription} variable is

supported only for Condition and State alarms.
{targetName} Name of the entity on which the alarm is triggered.
{alarmName} Name of the alarm that is triggered.
{triggeringSummary} Summary info of the alarm trigger values.
{declaringSummary} Summary info of the alarm declaration values.
{oldStatus} Alarm status before the alarm is triggered.
{newStatus} Alarm status after the alarm is triggered.
{target} Inventory object on which the alarm is set.
250 VMware, Inc.

Alarm Reporting
Alarm reporting further restricts when a condition or state alarm trigger occurs by adding a tolerance range
and a trigger frequency to the trigger configuration.
Tolerance Range
The tolerance range specifies a percentage above or below the configured threshold point, after which the alarm
triggers or clears. A nonzero value triggers and clears the alarm only after the triggering condition falls above
or below the tolerance range. A 0 (zero) value triggers and clears the alarm at the threshold point you
configured.
vCenter Server uses the following calculation to trigger an alarm:

Condition threshold + Tolerance Range = Trigger alarm
For example, an alarm is defined to trigger a warning state when a host’s CPU usage is above 70%. If you set
the tolerance range to 5%, the warning state triggers only when CPU usage is above 75% (70 + 5) and resets to
a normal state only when CPU usage falls below 65% (70 - 5).
The tolerance range ensures you do not transition alarm states based on false changes in a condition.
Trigger Frequency
The trigger frequency is the time period during which a triggered alarm action is not reported again. When
the time period has elapsed, the alarm action occurs again if the condition or state is still true. By default, the
trigger frequency for the default VMware alarms is set to 5 minutes.
For example, if the Host CPU Usage alarm triggers for a warning state at 2 p.m. and an alert state occurs at
2:02 p.m, the alert state is not reported at 2:02 p.m. because the frequency prohibits it. If the warning state is
still true at 2:05 p.m., the alarm is reported. This guards against repeatedly reporting insignificant alarm
transitions.
Creating Alarms
Creating an alarm involves setting up general alarm settings, alarm triggers, trigger reporting, and alarm
actions.
Required Privilege: Alarms.Create Alarm
You create an alarm by using the Alarm Settings dialog box. You can open this dialog box by selecting the
object in the inventory and using any of the following methods.
n Select File > New > Alarm.
n Select Inventory > <object_type> > Alarm > Add Alarm.
n Right-click the object and select Alarm > Add Alarm.
n In the Alarms tab, click the Definitions tab, right-click in the pane, and select New > Alarm.
n Select the object in the inventory and press Ctrl+A.
Prerequisites
To set up an alarm on an object, the vSphere Client must be connected to a vCenter Server system. In addition,
you must have proper user permissions on all relevant objects to create alarms. After an alarm is created, it
will be enabled even if the user who created it no longer has permissions.
VMware, Inc. 251

Procedure
1 Alarm Settings – General on page 252

Use the General tab of the Alarm Settings dialog box to set up general alarm information, such as the
alarm name, description, monitoring type, and status.
2 Alarm Settings – Triggers on page 253

In the Alarm Settings dialog box, use the Triggers tab to add, edit, or remove alarm triggers. The
procedure for setting up triggers depends on whether you are setting the trigger for a condition or state
or for an event.
3 Alarm Settings – Reporting on page 255
In the Alarm Settings dialog box, use the Reporting tab to define a tolerance range and trigger frequency
for condition or state triggers. Reporting further restricts when the trigger occurs.
Alarm Settings – General

Use the General tab of the Alarm Settings dialog box to set up general alarm information, such as the alarm
name, description, monitoring type, and status.
Procedure
1 If necessary, display the Alarm Settings dialog box.

a Display the object in the Inventory panel.
b Select the object and press Ctrl-M.
2 On the General tab, enter an alarm name and alarm description.
3 In the Alarm Type box, define the type of alarm to create.
a In the Monitor list, select the object on which to create the alarm.
The objects listed are determined by the object selected in the inventory.
b Select how to monitor the object: for specific conditions or states, or for specific events.
This determines which triggers are available for the alarm. You cannot monitor conditions or states
of clusters.
4 (Optional) To enable the alarm, select Enable this alarm.
You can enable an alarm at anytime after you create it.

5 (Optional) To define the alarm triggers, click the Triggers tab.
6 (Optional) To save general edits without updating the alarm triggers or alarm actions, click OK.
NOTE You cannot save an alarm if it does not have triggers defined for it.
252 VMware, Inc.

Alarm Settings – Triggers

In the Alarm Settings dialog box, use the Triggers tab to add, edit, or remove alarm triggers. The procedure
for setting up triggers depends on whether you are setting the trigger for a condition or state or for an event.
n Set Up a Condition or State Trigger on page 253
Condition and state triggers monitor performance metrics and object states, such as CPU usage and
connection states. You can only monitor hosts, virtual machines, and datastores with condition and state
triggers.
n Set Up an Event Trigger on page 254
Event triggers monitor events that occur on managed objects, vCenter Server, and the License Server.
An event is recorded for any action that is of interest to vCenter Server.
Set Up a Condition or State Trigger

Condition and state triggers monitor performance metrics and object states, such as CPU usage and connection
states. You can only monitor hosts, virtual machines, and datastores with condition and state triggers.
Procedure
1 If necessary, display the Triggers tab of the Alarm Settings dialog box.
b Select the object and press Ctrl-M to open the Alarm Settings dialog box.
c Click the Triggers tab.
2 Click Add.
A default condition trigger is added to the triggers list.
3 If you do not want to use the default trigger, replace it.
a Select the default trigger.
b Double-click the Trigger Type list arrow to open the trigger list.
c Select a trigger.
4 For a condition trigger, define the condition lengths.
Double-click each attribute field—Condition, Warning, Condition Length, Alert, Condition Length—
and select or enter values. Not all condition triggers have condition lengths.
State triggers occur immediately when the state is reached. You cannot define condition lengths for state
alarms.
5 (Optional) Define multiple conditions for the same trigger type.
a Repeat Step 2 through Step 3, and select the same trigger you just configured.
b Set values for each attribute.
6 (Optional) To define additional condition or state triggers, repeat Step 2 through Step 5.
NOTE You cannot use the VM Total Size on Disk and VM Snapshot Size triggers in combination with
other triggers.
VMware, Inc. 253

7 Below the triggers list, select one of the following options to specify how to trigger the alarm.
n If any conditions are satisfied (default).
n If all conditions are satisfied.
8 Click OK.
Set Up an Event Trigger

Event triggers monitor events that occur on managed objects, vCenter Server, and the License Server. An event
is recorded for any action that is of interest to vCenter Server.
Procedure
1 If necessary, display the Triggers tab of the Alarm Settings dialog box.
c Click the Triggers tab.
2 Click Add.
A default event trigger is added to the triggers list.
3 To replace the default event, double-click the event name and in the Event list, select an event.
If you know the event name, you can type it in the Event field to filter the list.
4 To change the default status for the event trigger, double-click the status name and in the Status list, select
a status.
NOTE To set an alarm to trigger when more than one status has been reached, configure each event status
separately. For example, to trigger a warning when a host's hardware health changes and an alert when
a host's hardware health changes, configure two Hardware Health Changed events, one with a warning
status and one with an alert status.
5 (Optional) To configure custom conditions for the event trigger, in the Condition column, click Advanced
to open the Trigger Conditions dialog box.
a Click Add.
A default argument is added to the Event Arguments list.
b To replace the default argument, double-click the argument name and in the argument list, select an
argument.
c To replace the default operator, double-click the operator name and select an operator from the list.
d Click the Value field and type a value.
e (Optional) To define multiple conditions for the same trigger, repeat Step 5.
f Click OK.
6 (Optional) To define additional event triggers, repeat this task.
7 Click OK.
254 VMware, Inc.

Alarm Settings – Reporting

In the Alarm Settings dialog box, use the Reporting tab to define a tolerance range and trigger frequency for
condition or state triggers. Reporting further restricts when the trigger occurs.
Procedure
1 If necessary, display the Reporting tab of the Alarm Settings dialog box.

c Click the Reporting tab.
2 Enter a Tolerance.
A 0 value triggers and clears the alarm at the threshold point you configured. A non-zero value triggers
the alarm only after the condition reaches an additional percentage above or below the threshold point.
Condition threshold + Reporting Tolerance = trigger alarm
Tolerance values ensure you do not transition alarm states based on false changes in a condition.
3 Select a Frequency.
The frequency sets the time period during which a triggered alarm is not reported again. When the time
period has elapsed, the alarm will report again if the condition or state is still true.
4 Click OK.
Managing Alarms
You can change alarms, disable alarms, reset alarms, and acknowledge triggered alarms. In addition, you can
export a list of alarms to a file.
To manage alarms the vSphere Client must be connected to a vCenter Server system.
Acknowledge Triggered Alarms

Acknowledging a triggered alarm suppresses the alarm actions from occurring. It does not reset the alarm to
a normal state.
Required privilege: Alarm.Alarm Acknowledge
Procedure
1 Display the inventory panel.
2 If necessary, select View > Status Bar to display the status pane.
3 In the status bar, click Alarms to display the Triggered Alarms panel.
4 Right-click the alarm and select Acknowledge Alarm.
5 (Optional) To acknowledge multiple alarms at one time, shift-click each alarm to select it, right-click the
selection, and select Acknowledge Alarm.
Change Alarm Attributes

You can rename alarms and change alarm triggers, reporting, and actions.
Required privilege: Alarm.Modify Alarm
VMware, Inc. 255

Procedure
1 Display the object in the inventory on which the alarm is defined.
2 Select the object and click the Alarms tab.
3 Click Definitions.
The Defined in column lists the object on which the alarm is defined. If the value is not This object, click
the object name. The alarms list for the object opens in the Alarms tab.
4 Double-click the alarm to open the Alarm Settings dialog box.

5 Edit the alarm general settings, triggers, reporting, or actions, as needed.
For help on how to configure the values on each tab, click Help.
6 Click OK.
vCenter Server verifies the configuration of the alarm and updates the alarm for the selected object.
Disable Alarms
You disable alarms from the object on which they were defined. You can enable a disabled alarm at any time.
Procedure
If the Defined in column does not contain This object for the alarm to disable, it was not defined on the
object selected in the inventory. To open the alarm definitions for that object, click the linked object in the
Defined in column.
4 Double-click the alarm to open the Alarm Settings dialog box.
5 Deselect Enable this alarm.
6 Click OK.
Export a List of Alarms

You can export, to a system file, a list of alarms defined on any managed object in the inventory. The list of
alarms for an object includes alarms set on all child objects.
Required privilege: Read-Only
Procedure
4 Select File > Export > Export List.
5 In the Save As dialog box, specify the directory, file name, and file type for the exported file.
6 Click Save.
256 VMware, Inc.

Identifying Triggered Alarms

You can identify triggered alarms in the vSphere Client Inventory panel, the Status bar, and the Alarms tab.
Table 21-22. Triggered Alarm Indicators in the vSphere Client

vSphere Client Location Triggered Alarm Indicator
Inventory panel An icon on the object where the alarm was triggered.
Status bar, Triggered Alarms panel A list of alarms triggered on all inventory objects. Double-
click an alarm to select the object in the inventory on which
the alarm was triggered.
Alarms tab A list of alarms triggered on the selected inventory object.
Remove Alarms
You remove alarms from the object on which they were defined. You cannot remove an alarm from a child
object that inherited the alarm and you cannot remove the default VMware alarms.
When an alarm is removed, it is removed from vCenter Server and cannot be retrieved.
Required privilege: Alarm.Remove Alarm
Procedure
If the Defined in column does not contain This object for the alarm to disable, it was not defined on the
object selected in the inventory. To open the alarm definitions for that object, click the linked object in the
Defined in column.
4 Select the alarm and select Edit > Remove.
5 Click Yes.
Reset Triggered Event Alarms

An alarm triggered by an event might not reset to a normal state if vCenter Server does not retrieve the event
that identifies the normal condition. In such cases, reset the alarm manually to return it to a normal state.
Required privilege: Alarm.Set Alarm Status
Procedure
1 Locate the triggered alarm in the Triggered Alarms panel or on the Alarms tab for the object.
2 Right-click the alarm and select Reset Alarm to Green.
VMware, Inc. 257

View Alarms
You view alarms that have been triggered on objects and those that have been defined on objects in the vSphere
Client Alarms tab.
The Alarms tab is available only when the vSphere Client is connected to a vCenter Server system. It has two
views, Triggered Alarms and Definitions.
Triggered Alarms Lists the alarms triggered on the selected object, including the status of the
alarm, the date and time it was last triggered, and if the alarm was
acknowledged.
Definitions Lists the alarms associated with the selected object, including the alarm
description and the object on which the alarm was defined.
There vSphere Client offers several different options for viewing alarms.
n View Alarms Defined on an Object on page 258
The vSphere Client Alarms tab contains a list of alarms definitions for the object selected in the inventory.
n View Alarms Triggered on an Object on page 258
You view triggered alarms on an object on the object’s Alarms tab.
n View All Alarms Triggered in vCenter Server on page 258
You view triggered alarms in the Alarms tab of the Status bar.
View Alarms Defined on an Object

The vSphere Client Alarms tab contains a list of alarms definitions for the object selected in the inventory.
Procedure
The Defined In column displays the object on which the alarm was created.
View Alarms Triggered on an Object

You view triggered alarms on an object on the object’s Alarms tab.
Procedure
3 Click Triggered Alarms.
View All Alarms Triggered in vCenter Server

You view triggered alarms in the Alarms tab of the Status bar.
Procedure
1 Display the vSphere Client inventory.
2 If necessary, select View > Status Bar to display the status pane at the bottom of the vSphere Client.
3 In the Status bar, click Alarms.
258 VMware, Inc.

The list of triggered alarms displays in the status pane.
What to do next
You can also view alarms for a selected inventory object in the Triggered Alarms pane of the Alarms tab.
Managing Alarm Actions

You can change alarm actions on the preconfigured vSphere alarms and on custom alarms. Use the vSphere
Client to disable alarm actions, identify disabled alarm actions, remove alarm actions, and run commands as
alarm actions.
To manage alarm actions, the vSphere Client must be connected to a vCenter Server system.
Disable Alarm Actions

Disabling an alarm action stops the action from occuring when the alarm triggers. It does not disable the alarm
from triggering.
When you disable alarm actions on a selected inventory object, all actions for all alarms are disabled on that
object. You cannot disable a subset of alarm actions. The alarm actions will continue to fire on the child objects.
Required privilege: Alarm.Disable Alarm Action
Procedure
2 Right-click the object and select Alarm > Disable Alarm Actions.
The actions defined for the alarm will not occur on the object until they are enabled.
Enable Alarm Actions

Enabling alarm actions resumes all actions set for triggered alarms.
Required privilege: Alarm.Disable Alarm Actions
Procedure
2 Right-click the object and select Alarm > Enable Alarm Actions.
Identifying Disabled Alarm Actions

The vSphere Client uses visual indicators to denote whether alarm actions are enabled or disabled.
When an object is selected in the inventory, you can identify its disabled alarm actions in the following areas
of the vSphere user interface:
n In the General pane of the object's Summary tab.
n In the Alarm Actions Disabled pane of the Alarms tab.
n In the Alarm Actions column of the object's child object tabs. For example, if you select a host in the
inventory, the Virtual Machines tab displays whether alarm actions are enabled or disabled for each
virtual machine on the host.
VMware, Inc. 259

Remove Alarm Actions

Removing an alarm action stops the action from occurring. It does not stop the alarm itself.
Remove an alarm action if you are certain you will not use again. If you are not sure, disable the alarm action
instead.
Required privilege: Alarm.Remove Alarm
Procedure
4 Right-click the alarm and select Edit Settings from the context menu.
If the Edit Settings option is not available, the object you selected is not the owner of the alarm. To open
the correct object, click the object link in the Defined In column for the alarm. Then repeat this step.
5 In the Alarm Settings dialog box, click the Actions tab.
6 Select the action and click Remove.
7 Click OK.
Run a Command as an Alarm Action

You can run a script when an alarm triggers by configuring a command alarm action.
NOTE Alarm commands run in other processes and do not block vCenter Server from running. They do,
however, consume server resources such as processor and memory.This procedure assumes you are adding
the alarm action to an existing alarm.
This procedure assumes you are adding the alarm action to an existing alarm.
Procedure
1 If necessary, open the Alarm Settings dialog box.
a Select the object in the inventory on which the alarm is set.
b Click the Alarms tab.
c Click Definitions.
d Double-click the alarm in the list.
2 Click the Actions tab.
3 Click Add.
4 Double-click the default action and select Run a command.
260 VMware, Inc.

5 Double-click the Configuration field and do one of the following, depending on the command file type:
n If the command is a .exe file, enter the full pathname of the command. For example, to run the cmd.exe
command in the C:\tools directory, type:c:\tools\cmd.exe.
n If the command is a .bat file, enter the full pathname of the command as an argument to the c:
\windows\system32\cmd.exe command. For example, to run the cmd.bat command in the C:\tools
directory, type:c:\windows\system32\cmd.exe /c c:\tools\cmd.bat.
If your script does not make use of the alarm environment variables, include any necessary parameters
in the configuration field. For example:
c:\tools\cmd.exe AlarmName targetName
c:\windows\system32\cmd.exe /c c:\tools\cmd.bat alarmName targetName
For .bat files, the command and its parameters must be formatted into one string.
6 Click OK.
When the alarm triggers, the action defined in the script is performed.
Configure SNMP Settings for vCenter Server

To use SNMP with vCenter Server, you must configure SNMP settings using the vSphere Client.
Prerequisites
To complete the following task, the vSphere Client must be connected to a vCenter Server. In addition, you
need the DNS name and IP address of the SNMP receiver, the port number of the receiver, and the community
identifier.
Procedure
2 If the vCenter Server is part of a connected group, in Current vCenter Server, select the appropriate server.
3 Click SNMP in the navigation list.
4 Enter the following information for the Primary Receiver of the SNMP traps.
Option Description
Receiver URL The DNS name and IP address of the SNMP receiver.
Receiver port The port number of the receiver to which the SNMP agent sends traps.
If the port value is empty, vCenter Server uses the default port, 162.
Community The community identifier.
5 (Optional) Enable additional receivers in the Enable Receiver 2, Enable Receiver 3, and Enable Receiver 4
options.
6 Click OK.
The vCenter Server system is now ready to send traps to the management system you have specified.
What to do next
Configure your SNMP management software to receive and interpret data from the vCenter Server SNMP
agent. See “Configure SNMP Management Client Software,” on page 53.
VMware, Inc. 261

Configure vCenter Server SMTP Mail Settings

You can configure vCenter Server to send email notifications as alarm actions.
Prerequisites
Before vCenter Server can send email, you must perform the following tasks:
n Configure the SMTP server settings for vCenter Server or Microsoft Outlook Express.
n Specify email recipients through the Alarm Settings dialog box when you configure alarm actions.
To perform this task, the vSphere Client must be connected to a vCenter Server.
Procedure
2 If the vCenter Server system is part of a connected group, in Current vCenter Server, select the vCenter
Server system to configure.
3 Select Mail in the navigation list.
4 For email message notification, set the SMTP server and SMTP port:
Option Description
SMTP Server The DNS name or IP address of the SMTP gateway to use for sending email
messages.
Sender Account The email address of the sender, for example, notifications@example.com.
5 Click OK.
Preconfigured VMware Alarms

VMware provides preconfigured alarms for the vCenter Server system that trigger automatically when
problems are detected. You only need to set up actions for these alarms.
Table 21-23 lists the preconfigured alarms available for the vCenter Server system.
Table 21-23. Default VMware Alarms

Alarm Name Description
Cannot Connect to Network Monitors network connectivity on a vSwitch.
Cannot Connect to Storage Monitors host connectivity to a storage device.
Cluster High Availability Error Monitors high availability errors on a cluster.
Datastore Usage On Disk Monitors datastore disk usage.
Exit Standby Error Monitors whether a host cannot exit standby mode.
Health Status Changed Monitors changes to service and extension health status.
Host Battery Status Monitors host batteries.
Host Connection and Power State Monitors host connection and power state.
Host Connection Failure Monitors host connection failures.
Host CPU Usage Monitors host CPU usage.
Host Error Monitors host error and warning events.
Host Hardware Fan Status Monitors host fans.
Host Hardware Power Status Monitors host power.
262 VMware, Inc.

Table 21-23. Default VMware Alarms (Continued)

Alarm Name Description
Host Hardware System Board Status Monitors host system boards.
Host Hardware Temperature Status Monitors host temperature.
Host Hardware Voltage Monitors host voltage.
Host Memory Status Monitors host memory.
Host Memory Usage Monitors host memory usage.
Host Processor Status Monitors host processors.
Host Service Console SwapIn Rate Monitors host service console memory swapin rate.
Host Service Console SwapOut Rate Monitors host service console memory swapout rate.
Host Status for Hardware Objects Monitors the status of host hardware objects.
Host Storage Status Monitors host connectivity to storage devices.
License Error Monitors license errors.
License Inventory Monitoring Monitors the license inventory for compliancy.
Migration Error Monitors whether a virtual machine cannot migrate or relocate, or is orphaned.
No Compatible Host For Secondary Monitors whether there are no compatible hosts available to place a secondary virtual
Virtual Machine machine.
Timed Out Starting Secondary Monitors timeouts when starting a Secondary virtual machine.
Virtual Machine
Virtual Machine CPU Ready Monitors virtual machine CPU ready time.
Virtual Machine CPU Usage Monitors virtual machine CPU usage.
Virtual machine disk commands Monitors the number of virtual machine disk commands that are canceled.
canceled
Virtual machine disk reset Monitors the number of virtual machine bus resets.
Virtual Machine Error Monitors virtual machine error and warning events.
Virtual Machine Fault Tolerance Monitors changes in latency status of a fault tolerance secondary virtual machine.
Secondary Latency Status Changed
Virtual Machine Fault Tolerance Monitors changes in the fault tolerance state of a virtual machine.
State Changed
Virtual Machine High Availability Monitors high availability errors on a virtual machine.
Error
Virtual Machine Memory Usage Monitors virtual machine memory usage.
Virtual Machine Total Disk Latency Monitors virtual machine total disk latency.
VMware, Inc. 263

264 VMware, Inc.

Working with Performance Statistics 22
You can configure how statistics are collected and archived for your vCenter Server system. This determines
the data available in the performance charts, which you use to monitor and troubleshoot performance in your
environment.

n “Statistics Collection for vCenter Server,” on page 265
n “vCenter Server Performance Charts,” on page 272
n “Monitoring and Troubleshooting Performance,” on page 277
Statistics Collection for vCenter Server

You can collect statistical data for all managed objects in your vCenter Server system. Statistical data consists
of CPU, memory, disk, network, system, and virtual machine operations metrics.
Table 22-1 lists each metric group and describes the type of data collected.
Table 22-1. Metric Groups

Metric group Description
CPU CPU utilization per host, virtual machine, resource pool, or compute resource.
Memory Memory utilization per host, virtual machine, resource pool, or compute resource. The value obtained is
one of the following:
n For virtual machines, memory refers to guest physical memory. Guest physical memory is the amount
of physical memory presented as a virtual-hardware component to the virtual machine, at creation
time, and made available when the virtual machine is running.
n For hosts, memory refers to machine memory. Machine memory is the random-access memory (RAM)
that is installed in the hardware that comprises the ESX/ESXi system.
Disk Disk utilization per host, virtual machine, or datastore. Disk metrics include input/output (I/O)
performance (such as latency and read/write speeds), and utilization metrics for storage as a finite
resource.
Network Network utilization for both physical and virtual network interface controllers (NICs) and other network
devices, such as the virtual switches (vSwitch) that support connectivity among all components (hosts,
virtual machines, VMkernel, and so on).
VMware, Inc. 265

Table 22-1. Metric Groups (Continued)

Metric group Description
System Overall system availability, such as system heartbeat and uptime. These counters are available directly
from ESX and from vCenter Server.
Virtual Virtual machine power and provisioning operations in a cluster or datacenter.

Machine
Operations
For a complete list of all statistics available for ESX/ESXi hosts and collected by vCenter Server, see the
PerformanceManager API documentation pages in the vSphere API Reference.
Data Counters
vCenter Server and ESX/ESXi hosts use data counters to query for statistics. A data counter is a unit of
information relevant to a given object.
For example, network metrics for a virtual machine include one counter that tracks the rate at which data is
transmitted and another counter that tracks the rate at which data is received across a NIC instance.
To ensure performance is not impaired when collecting and writing the data to the database, cyclical queries
are used to collect data counter statistics. The queries occur for a specified collection interval. At the end of
each interval, the data calculation occurs.
Each data counter is comprised of several attributes that are used to determine the statistical value collected.
Table 22-2 lists data counter attributes.
Table 22-2. Data Counter Attributes

Attribute Description
Unit of Standard in which the statistic quantity is measured. One of:

Measurement n KiloBytes (KB) – 1024 bytes
n KiloBytes per second (KBps) – 1024 bytes per second
n Kilobits (kb) – 1000 bits
n Kilobits per second (kbps) – 1000 bits per second
n Megabytes (MB)
n megabytes per second (MBps)
n megabits (Mb), megabits per second (Mbps)
n megahertz (MHz)
n microseconds (µs)
n milliseconds (ms)
n number (#)
n percent (%)
n seconds (s)
Description Text description of the data counter.
Statistics Type Measurement used during the statistics interval. The statistics type is related to the unit of
measurement. One of:
n Rate – Value over the current statistics interval
n Delta – Change from previous statistics interval.
n Absolute – Absolute value (independent of the statistics interval).
266 VMware, Inc.

Chapter 22 Working with Performance Statistics
Table 22-2. Data Counter Attributes (Continued)

Rollup Type Calculation method used during the statistics interval to roll up data. This determines the type of
statistical values that are returned for the counter. One of:
n Average – Data collected during the interval is aggregated and averaged.
n Minimum – The minimum value is rolled up.
n Maximum – The maximum value is rolled up.
The Minimum and Maximum values are collected and displayed only in collection level 4.
Minimum and maximum rollup types are used to capture peaks in data during the interval. For
real-time data, the value is the current minimum or current maximum. For historical data, the
value is the average minimum or average maximum.
For example, the following information for the CPU usage chart shows that the average is
collected at collection level 1 and the minimum and maximum values are collected at collection
level 4.
n Counter: usage
n Unit: Percentage (%)
n Rollup Type: Average (Minimum/Maximum)
n Collection Level: 1 (4)
n Summation – Data collected is summed. The measurement displayed in the chart represents the
sum of data collected during the interval.
n Latest – Data collected during the interval is a set value. The value displayed in the performance
charts represents the current value.
Collection level Number of data counters used to collect statistics. Collection levels range from 1 to 4, with 4 having
the most counters.
Collection Intervals
Collection intervals determine the time period during which statistics are aggregated and rolled up, and the
length of time the statistics are archived in the vCenter database.
By default, vCenter Server has four collection intervals: Day, Week, Month, and Year. Each interval specifies
a length of a time statistics are archived in the vCenter database. You can configure which intervals are enabled
and for what period of time. You can also configure the number of data counters used during a collection
interval by setting the collection level. Together, the collection interval and collection level determine how
much statistical data is collected and stored in your vCenter Server database.
Real-time statistics are not stored in the database. They are stored in a flat file on ESX/ESXi hosts and in memory
on the vCenter Server systems. ESX/ESXi hosts collect real-time statistics only for the host or the virtual
machines available on the host. Real-time statistics are collected directly on an ESX/ESXi host every 20 seconds
(60 seconds for ESX Server 2.x hosts). If you query for real-time statistics in the vSphere Client for performance
charts, vCenter Server queries each host directly for the data. It does not process the data at this point. It only
passes the data to the vSphere Client. The processing occurs in a separate operation, depending on the host
type.
n On ESX hosts, the statistics are kept for one hour, after which 180 data points (15 -20 second samples) will
have been collected. The data points are aggregated, processed, and returned to vCenter Server. At this
point, vCenter Server archives the data in the database as a data point for the Day collection interval.
n On ESXi hosts, the statistics are kept for 30 minutes, after which 90 data points will have been collected.
The data points are aggregated, processed, and returned to vCenter Server. At this point, vCenter Server
archives the data in the database as a data point for the Day collection interval.
To ensure performance is not impaired when collecting and writing the data to the database, cyclical queries
are used to collect data counter statistics. The queries occur for a specified collection interval. At the end of
each interval, the data calculation occurs.
Table 22-3 lists the default collection intervals available for the vCenter Server.
VMware, Inc. 267

Table 22-3. Collection Intervals

Collection Interval/ Collection
Archive Length Frequency Default Behavior
1 Day 5 Minutes Real-time statistics are rolled up to create one data point every 5 minutes. The
result is 12 data points every hour and 288 data points every day. After 30
minutes, the six data points collected are aggregated and rolled up as a data
point for the 1 Week time range.
You can change the interval duration and archive length of the 1 Day
collection interval by configuring the statistics settings.
1 Week 30 Minutes 1 Day statistics are rolled up to create one data point every 30 minutes. The
result is 48 data points every day and 336 data points every week. Every 2
hours, the 12 data points collected are aggregated and rolled up as a data point
for the 1 Month time range.
You cannot change the default settings of the 1 Week collection interval.
1 Month 2 Hours 1 Week statistics are rolled up to create one data point every 2 hours. The
result is 12 data points every day and 360 data points every month (assuming
a 30-day month). After 24 hours, the 12 data points collected are aggregated
and rolled up as a data point for the 1 Year time range.
You cannot change the default settings of the 1 Month collection interval.
1 Year 1 Day 1 Month statistics are rolled up to create one data point every day. The result
is 365 data points each year.
You can change the interval duration and archive length of the 1 Year
collection interval by configuring the statistics settings.
Configure Collection Intervals

You can change the frequency at which statistic queries occur, the length of time statistical data is stored in the
vCenter Server database, and the amount of statistical data collected. By default, all collection intervals are
enabled and query for statistics at collection level 1.
Prerequisites
To configure statistics settings, the vSphere Client must be connected to a vCenter Server system.
NOTE Not all attributes are configurable for each collection interval.
Procedure
2 If your environment uses multiple vCenter Servers, in Current vCenter Server, select the server.
3 In the navigation panel, select Statistics.
4 In the Statistics Intervals section, select or deselect a collection interval to enable or disable it.
Enabling a longer interval automatically enables all shorter intervals. If you disable all collection levels,
statistical data is not archived in the vCenter Server database.
268 VMware, Inc.

5 (Optional) To change a collection interval attribute, select its row in the Statistics Interval section and click
Edit to open the Edit Collection Interval dialog box.
a In Keep Samples for, select an archive length.
This option is configurable only for the Day and Year intervals.
b In Statistics Interval, select an interval duration.
This option is configurable only for the Day interval.
c In Statistics Level select a new level interval level.

Level 4 uses the highest number of statistics counters. Use it only for debugging purposes.
The statistics level must be less than or equal to the statistics level set for the preceeding statistics
interval. This is a vCenter Server dependency.
6 (Optional) In the Database Size section, estimate the effect of the statistics settings on the database.
a Enter the number of Physical Hosts.
b Enter the number of Virtual Machines.
The estimated space required and number of database rows required are calculated and displayed.
c If necessary, make changes to your statistics collection settings.
7 Click OK.
Enable or Disable Collection Intervals

Enabling and disabling collection intervals controls the amount of statistical data saved to the vCenter Server
database.
Prerequisites
To configure statistics settings, the vSphere Client must be connected to a vCenter Server system.
Procedure
2 If your environment uses multiple vCenter Servers, in Current vCenter Server, select the appropriate
server.
3 In the vCenter Server Settings dialog box, select Statistics.
4 In the Statistics Intervals section, select or deselect a collection interval to enable or disable it.
NOTE When you disable a collection interval, all subsequent intervals are automatically disabled.
5 (Optional) In the Database Size section, estimate the effect of the statistics settings on the database.
a Enter the number of Physical Hosts.
b Enter the number of Virtual Machines.
The estimated space required and number of database rows required are calculated and displayed.
c If necessary, make changes to your statistics collection settings.
6 Click OK.
VMware, Inc. 269

Collection Levels
Each collection interval has a default collection level that determines how many data counters are used when
collecting statistics data.
The collection level establishes which metrics are retrieved and recorded in the vCenter Server database. You
can assign a collection level of 1- 4 to each collection interval, with level 4 having the largest number of counters.
By default, all collection intervals use collection level 1.
The collection level for an interval cannot be greater than the collection level set for the preceding collection
interval. For example, if the Month interval is set to collection level 3, the Year interval can be set to collection
level 1, 2, or 3, but not to collection level 4. This is a vCenter Server dependency.
Table 22-4 describes each collection level and provides recommendations on when to use them.
Table 22-4. Collection Levels

Level Metrics Best Practice
Level 1 n Cluster Services (VMware Distributed Resource Scheduler) – Use for long-term performance
all metrics monitoring when device statistics are
n CPU – cpuentitlement, totalmhz, usage (average), usagemhz not required.
n Disk – capacity, maxTotalLatency, provisioned, unshared, Level 1 is the default Collection Level
usage (average), used for all Collection Intervals.
n Memory – consumed, mementitlement, overhead,
swapinRate, swapoutRate, swapused, totalmb, usage
(average), vmmemctl (balloon)
n Network – usage (average)
n System – heartbeat, uptime
n Virtual Machine Operations – numChangeDS,
numChangeHost, numChangeHostDS
Level 2 n Level 1 metrics Use for long-term performance

n CPU – idle, reservedCapacity monitoring when device statistics are
not required but you want to monitor
n Disk – All metrics, excluding numberRead and numberWrite.
more than the basic statistics.
n Memory – All metrics, excluding memUsed and maximum
and minimum rollup values.
n Virtual Machine Operations – All metrics
Level 3 n Level 1 and Level 2 metrics Use for short-term performance

n Metrics for all counters, excluding minimum and maximum monitoring after encountering
rollup values. problems or when device statistics are
required.
n Device metrics
Due to the large quantity of
troubleshooting data retrieved and
recorded, use level 3 for the shortest
time period possible— the Day or Week
collection interval.
Level 4 All metrics supported by the vCenter Server, including minimum Use for short-term performance
and maximum rollup values. monitoring after encountering
problems or when device statistics are
required.
Due to the large quantity of
troubleshooting data retrieved and
recorded, use level 4 for the shortest
amount of time possible.
Generally, you need to use only collection levels 1 and 2 for performance monitoring and analysis. Levels 3
and 4 provide granularity that is generally useful only for developers. Unless vCenter Server is set to a collection
level that contains a data counter, the data for that counter is not stored in the database nor is it rolled up into
a past-day statistic on the ESX/ESXi host. The counter will not appear in the performance charts.
270 VMware, Inc.

Using Collection Levels Effectively

Using collection level 1 is generally adequate for monitoring performance. There are some instances in which
you might need to collect more performance statistics, for example, to troubleshoot performance problems.
Before you increase the collection level for an interval, view charts in real-time. Viewing real-time data has less
impact on performance because metrics are retrieved directly from the source without being written to the
vCenter Server database.
If you change to collection level 3 or 4 to diagnose problems, reset the collection level to its previous state as
soon as possible. At collection level 4, try to limit the collection period to the Day interval to not have an impact
on the database. If you need to save the data for longer than one day, increase interval to two or three days
rather than using the Week interval. For example, if you need to record data over the weekend, set the interval
to three days. Use a week interval only when you need the duration to be more than three days.
Table 22-5 lists the circumstances in which you might want to increase the collection level for your vCenter
Server.
Table 22-5. Collection Level Scenarios

Use Collection
Level To do this
2 n Identify virtual machines that can be co-located because of complimentary memory sharing.
n Detect the amount of active memory on a host to determine whether it can handle additional virtual
machines.
3 n Compare ready and wait times of virtual CPUs to determine the effectiveness of VSMP.
n Diagnose problems with devices, or compare performance among multiple devices.
4 n Determine whether a device is being saturated.

n Troubleshoot errors.
How Metrics Are Stored in the vCenter Server Database

The metrics gathered for each collection interval are stored in their own database tables.
At the end of an interval, one of two things can occur.

n If the next interval is disabled, the data in the table that is older than the interval duration is purged.
n If the next interval is enabled, the data is aggregated into groups and is rolled up to the database table of
the subsequent collection interval. For example, the day interval has a 5 minute collection frequency, and
the week interval has a 30 minute collection frequency. When the day interval completes, it aggregates
the 5 minute queries into groups of six (equaling 30 minutes) and rolls the 30-minute data block to the
week interval database table. The day-old data is then purged from the database to make room for new
queries.
You control how long statistical data is stored in the vCenter Server database by enabling or disabling a
collection interval. When you disable a collection interval, all subsequent intervals are automatically disabled.
For example, when you disable the week interval, the month and year intervals are also disabled. Data is purged
at the end of the day interval cycle because no rollups can occur. The oldest data is purged first.
NOTE You must manually enable each collection interval to use it again. Also, you can only enable a collection
interval if all previous collection intervals are enabled. For example, to enable the month interval, the day and
week intervals must be enabled.
By default, statistics are stored in the vCenter Server database for one year. You can increase this to three years.
To save statistical data for longer than three years, archive it outside of the vCenter Server database.
VMware, Inc. 271

Estimate the Statistics Impact on the vCenter Server Database

After you configure collection intervals, you can verify that the vCenter Server database has enough space to
archive the data collected.
Perform the following task in the vSphere Client.
Procedure
1 If necessary, open the Statistics tab of the vCenter Server Settings dialog box.
a Select Administration > vCenter Server Settings.
b In the navigation panel, click Statistics.
2 (Optional) Edit a statistics interval.
a Select the interval to change.
b Click Edit.
c In the Edit Statistics Interval dialog box, change the settings as necessary.
d Click OK.
3 Enter the number of physical hosts and virtual machines in your inventory.
The vCenter Server uses a database calculator to determine the estimated size required for your statistics
configuration. The value appears in the Estimated space required field after you enter values.
4 Click OK.
vCenter Server Performance Charts

The performance charts graphically display CPU, memory, disk, network, and storage metrics for devices and
entities managed by vCenter Server. Chart types include line charts, pie charts, bar charts, and stacked charts.
You view the performance charts for an object that is selected in the inventory on the vSphere Client
Performance tab. You can view overview charts and advanced charts for an object. Both the overview charts
and the advanced charts use the following chart types to display statistics:
Line charts Display metrics for a single inventory object. The data for each performance
counter is plotted on a separate line in the chart. For example, a network chart
for a host can contain two lines: one showing the number of packets received,
and one showing the number of packets transmitted.
Bar charts Display storage metrics for datastores in a selected datacenter. Each datastore
is represented as a bar in the chart, and each bar displays metrics based on file
type (virtual disks, snapshots, swap files, and other files).
272 VMware, Inc.

Pie charts Display storage metrics for a single datastore or virtual machine. Storage
information is based on file type or virtual machine. For example, a pie chart
for a datastore displays the amount of storage space occupied by the five-
largest virtual machines on that datastore. A pie chart for a virtual machine
displays the amount of storage space occupied by virtual machine files.
Stacked charts Display metrics for children of the selected parent object. For example, a host's
stacked CPU usage chart displays CPU usage metrics for each virtual machine
on the host. The metrics for the host itself are displayed in separate line charts.
Stacked charts are useful in comparing resource allocation and usage across
multiple hosts or virtual machines. Each metric group appears on a separate
chart for a managed entity. For example, hosts have one chart that displays
CPU metrics and one that displays memory metrics.
Overview Performance Charts

The overview performance charts enable you to view CPU, memory, network, disk, and storage metrics for
an object at the same time.
All overview charts for an object appear in the same panel in the Performance tab. This allows you to do side-
by-side comparisions of resource usage for clusters, datacenters, datastores, hosts, resource pools, and virtual
machines. You can perform the following tasks with the overview performance charts.
n View all charts for an object in one panel. The single-panel view enables you to make side-by-side
comparisons of different resource statistics, for example, CPU usage and memory usage.
n View real-time and historic data.
n View thumbnail charts for child objects. Thumbnail charts provide a quick summary of resource usage
for each child object of a datacenter, datastore, cluster, or host.
n Open the overview charts for a child object by clicking the object name in the thumbnail section.
View the Overview Performance Charts

You can view CPU, memory, disk, network, and storage statistics for an object in the overview performance
charts. These charts support a subset of data counters supported by vCenter Server.
Prerequisites
The vSphere Client must be connected to a vCenter Server system.
Procedure
2 Select the object and click the Performance tab.
3 Click Overview.
The overview charts for the object appear.
View the Overview Performance Charts Help

The Performance Chart Help contains information on how to work with overview charts, including how to
analyze chart data and how to set the time range for the chart data. It also describes the metric counters
displayed in each overview chart.
Procedure
1 Display the object in the inventory panel.
VMware, Inc. 273

3 Click Overview.
4 Click the Help icon (?).
5 To view the Help for a specific chart, click the Help icon for that chart.
Advanced Performance Charts

With the advanced performance charts, you can see data point information for a plotted metric, export chart
data to a spreadsheet, and save chart data to a file. You can customize the advanced chart views.
NOTE You cannot view datastore metrics in the advanced charts. They are only available in the overview
charts.
View the Advanced Performance Charts

You can view CPU, memory, disk, and network statistics for an object in the advanced performance charts.
These charts support additional data counters not supported in the overview performance charts.
Prerequisites
When connected directly to an ESX/ESXi host, the advanced performance charts display only real-time statistics
and past day statistics. To view historical data, the vSphere Client must be connected to a vCenter Server
system.
Procedure
1 Select a host, cluster, resource pool, or virtual machine in the inventory panel.
2 Click the Performance tab.
3 Click Advanced.
4 To view a different chart, select an option from the Switch to list.
The default charts are configured to show the following information.
Option Description
CPU Shows the CPU usage in MHz. Available for clusters, resource pools, hosts,
and virtual machines.
Memory Shows the amount of memory granted. Available for clusters, resource pools,
hosts, and virtual machines.
Disk Shows the aggregated storage performance statistics. Available for hosts and
virtual machines.
Network Shows the aggregated network performance statistics. Available for hosts
and virtual machines.
System Shows statistics for overall system availability, including CPU usage by the
service console and other aapplications. Available for hosts and virtual
machines.
Cluster Services Shows aggregate CPU, aggregate memory, and failover statistics for DRS
and HA clusters and hosts that are part of DRS clusters.
The amount of historical data displayed in a chart depends on the collection interval and collection level
set for vCenter Server.
274 VMware, Inc.

Save Chart Data to a File

You can save data from the Advanced performance charts to a file in various graphics formats or in Microsoft
Excel format.
Procedure
1 In the Performance tab, click Advanced.
2 Click Save.
3 In the Save Performance Chart dialog box, navigate to the location to save the file.
4 Enter a name for the file.
5 Select a file type.
6 Click Save.
The file is saved to the location and format you specified.
Export Performance Data to a Spreadsheet

You can export performance data from the Advanced charts to a Microsoft Office Excel file. You use the vSphere
Client to export data.
Prerequisites
Before you view or export performance data, verify that the time is set correctly on the ESX/ESXi host, the
vCenter Server system, and the client machine. Each host and client machine can be in different time zones,
but the times must be correct for their respective time zones.
Procedure
2 Select File > Report > Performance.
If performance data is not available for the selected inventory object, the Export Performance option is not
available.
3 Enter a filename and location.
4 Select the date and time range for the chart.

5 In Chart Options, select the chart type.
6 Select the metric groups to display in the chart.
You can also specify the objects using the All or None buttons.
7 (Optional) To customize the options, click Advanced, select the objects and counters to include in the chart,
and click OK.
8 Specify the size of the chart in the exported file.
9 Click OK to export the data.
Customize Advanced Chart Views

You can customize a performance chart by specifying the objects to monitor, the counters to include, the time
range, and chart type. You can customize preconfigured chart views and create new chart views.
Changes to chart options take effect immediately. New views are added to the Switch to menu.
VMware, Inc. 275

Procedure
3 Click Advanced.
4 Click Chart Options.
5 In Chart Options, select a metric group for the chart.
6 Select a time range for the metric group.

If you choose Custom, do one of the following.
n Select Last and set the number of hours, days, weeks, or months for the amount of time to monitor
the object.
n Select From and select the beginning and end dates.
You can also customize the time range options by customizing the statistics collection interval setting.
7 Select the chart type.
When selecting the stacked graph option, consider the following.

n You can select only one item from the list of measurements.
n Per-virtual-machine stacked graphs are available only for hosts.
n Click a counter description name to display information about the counter’s function and whether
the selected metric can be stacked for per-virtual-machine graphs.
8 In Objects, select the inventory objects to display in the chart.
You can also specify the objects using the All or None buttons.
9 In Counters, select the data counters to display in the chart.
You can also specify counters using the All or None buttons.
Click a counter name to display information about the counter in the Counter Description panel.
10 Click Apply to see the results.
11 Click OK.
To view the chart in its own window, click the pop-up chart button ( ). This enables you to view
additional charts while keeping this chart open.
Delete a Custom Advanced Chart View

You can delete custom chart views from the vSphere Client.
Procedure
1 Display the vSphere Client inventory panel.
2 Select any object in the datacenter to enable the Performance tab.
3 Click the Performance tab and click Advanced.
4 Click Chart Options to open the Customize Performance Charts dialog box.
5 Click Manage Chart Settings.
276 VMware, Inc.

6 Select a chart and click Delete.
The chart is deleted, and it is removed from the Switch to menu.
7 Click OK.
Monitoring and Troubleshooting Performance

You monitor CPU, memory, disk, network, and storage metrics by using the performance charts located on the
Performance tab of the vSphere Client. Use the following guidelines to identify and resolve potential
performance problems.
n CPU Performance on page 277
Use the vSphere Client CPU performance charts to monitor CPU usage for hosts, clusters, resource pools,
virtual machines, and vApps. Use the guidelines below to identify and correct problems with CPU
performance.
n Disk I/O Performance on page 278
Use the vSphere Client disk performance charts to monitor disk I/O usage for clusters, hosts, and virtual
machines. Use the guidelines below to identify and correct problems with disk I/O performance.
n Memory Performance on page 279
Use the vSphere Client memory performance charts to monitor memory usage of clusters, hosts, virtual
machines, and vApps. Use the guidelines below to identify and correct problems with memory
performance.
n Network Performance on page 280
Use the network performance charts to monitor network usage and bandwidth for clusters, hosts, and
virtual machines. Use the guidelines below to identify and correct problems with networking
performance.
n Storage Performance on page 281
Use the vSphere Client datastore performance charts to monitor datastore usage. Use the guidelines
below to identify and correct problems with datastore performance.
CPU Performance
Use the vSphere Client CPU performance charts to monitor CPU usage for hosts, clusters, resource pools,
virtual machines, and vApps. Use the guidelines below to identify and correct problems with CPU
performance.
A short spike in CPU usage or CPU ready indicates that you are making the best use of the host resources.
However, if both values are constantly high, the hosts are probably overcommitted. Generally, if the CPU
usage value for a virtual machine is above 90% and the CPU ready value is above 20%, performance is impacted.
Table 22-6. CPU Performance Enhancement Advice

# Resolution
1 Verify that VMware Tools is installed on every virtual machine on the host.
2 Compare the CPU usage value of a virtual machine with the CPU usage of other virtual machines on the host or in
the resource pool. The stacked bar chart on the host's Virtual Machine view shows the CPU usage for all virtual
machines on the host.
3 Determine whether the high ready time for the virtual machine resulted from its CPU usage time reaching the CPU
limit setting. If so, increase the CPU limit on the virtual machine.
4 Increase the CPU shares to give the virtual machine more opportunities to run. The total ready time on the host might
remain at the same level if the host system is constrained by CPU. If the host ready time doesn't decrease, set the CPU
reservations for high-priority virtual machines to guarantee that they receive the required CPU cycles.
VMware, Inc. 277

Table 22-6. CPU Performance Enhancement Advice (Continued)

# Resolution
5 Increase the amount of memory allocated to the virtual machine. This decreases disk and or network activity for
applications that cache. This might lower disk I/O and reduce the need for the ESX/ESXi host to virtualize the hardware.
Virtual machines with smaller resource allocations generally accumulate more CPU ready time.
6 Reduce the number of virtual CPUs on a virtual machine to only the number required to execute the workload. For
example, a single-threaded application on a four-way virtual machine only benefits from a single vCPU. But the
hypervisor's maintenance of the three idle vCPUs takes CPU cycles that could be used for other work.
7 If the host is not already in a DRS cluster, add it to one. If the host is in a DRS cluster, increase the number of hosts
and migrate one or more virtual machines onto the new host.
8 Upgrade the physical CPUs or cores on the host if necessary.
9 Use the newest version of ESX/ESXi, and enable CPU-saving features such as TCP Segmentation Offload, large
memory pages, and jumbo frames.
Disk I/O Performance

Use the vSphere Client disk performance charts to monitor disk I/O usage for clusters, hosts, and virtual
machines. Use the guidelines below to identify and correct problems with disk I/O performance.
The virtual machine disk usage (%) and I/O data counters provide information about average disk usage on a
virtual machine. Use these counters to monitor trends in disk usage.
The best ways to determine if your vSphere environment is experiencing disk problems is to monitor the disk
latency data counters. You use the Advanced performance charts to view these statistics.
n The kernelLatency data counter measures the average amount of time, in milliseconds, that the VMkernel
spends processing each SCSI command. For best performance, the value should be 0-1 milliseconds. If the
value is greater than 4ms, the virtual machines on the ESX/ESXi host are trying to send more throughput
to the storage system than the configuration supports. Check the CPU usage, and increase the queue depth
or storage.
n The deviceLatency data counter measures the average amount of time, in milliseconds, to complete a SCSI
command from the physical device. Depending on your hardware, a number greater than 15ms indicates
there are probably problems with the storage array. Move the active VMDK to a volume with more
spindles or add disks to the LUN.
n The queueLatency data counter measures the average amount of time taken per SCSI command in the
VMkernel queue. This value must always be zero. If not, the workload is too high and the array cannot
process the data fast enough.
Table 22-7. Disk I/O Performance Enhancement Advice

# Resolution
1 Increase the virtual machine memory. This should allow for more operating system caching, which can reduce I/O
activity. Note that this may require you to also increase the host memory. Increasing memory might reduce the need
to store data because databases can utilize system memory to cache data and avoid disk access.
To verify that virtual machines have adequate memory, check swap statistics in the guest operating system. Increase
the guest memory, but not to an extent that leads to excessive host memory swapping. Install VMware Tools so that
memory ballooning can occur.
2 Defragment the file systems on all guests.
3 Disable antivirus on-demand scans on the VMDK and VMEM files.
4 Use the vendor's array tools to determine the array performance statistics. When too many servers simultaneously
access common elements on an array, the disks might have trouble keeping up. Consider array-side improvements
to increase throughput.
5 Use Storage VMotion to migrate I/O-intensive virtual machines across multiple ESX/ESXi hosts.
278 VMware, Inc.

Table 22-7. Disk I/O Performance Enhancement Advice (Continued)

# Resolution
6 Balance the disk load across all physical resources available. Spread heavily used storage across LUNs that are
accessed by different adapters. Use separate queues for each adapter to improve disk efficiency.
7 Configure the HBAs and RAID controllers for optimal use. Verify that the queue depths and cache settings on the
RAID controllers are adequate. If not, increase the number of outstanding disk requests for the virtual machine by
adjusting the Disk.SchedNumReqOutstanding parameter. For more information, see the Fibre Channel SAN
Configuration Guide.
8 For resource-intensive virtual machines, separate the virtual machine's physical disk drive from the drive with the
system page file. This alleviates disk spindle contention during periods of high use.
9 On systems with sizable RAM, disable memory trimming by adding the line MemTrimRate=0 to the virtual
machine's .VMX file.
10 If the combined disk I/O is higher than a single HBA capacity, use multipathing or multiple links.
11 For ESXi hosts, create virtual disks as preallocated. When you create a virtual disk for a guest operating system, select
Allocate all disk space now. The performance degradation associated with reassigning additional disk space does
not occur, and the disk is less likely to become fragmented.
12 Use the most current ESX/ESXi host hardware.
Memory Performance
Use the vSphere Client memory performance charts to monitor memory usage of clusters, hosts, virtual
machines, and vApps. Use the guidelines below to identify and correct problems with memory performance.
To ensure best performance, the host memory must be large enough to accommodate the active memory of
the virtual machines. Note that the active memory can be smaller than the virtual machine memory size. This
allows you to over-provision memory, but still ensures that the virtual machine active memory is smaller than
the host memory.
A virtual machine's memory size must be slightly larger than the average guest memory usage. This enables
the host to accommodate workload spikes without swapping memory among guests. Increasing the virtual
machine memory size results in more overhead memory usage.
If a virtual machine has high ballooning or swapping, check the amount of free physical memory on the host.
A free memory value of 6% or less indicates that the host cannot meet the memory requirements. This leads
to memory reclamation which may degrade performance. If the active memory size is the same as the granted
memory size, demand for memory is greater than the memory resources available. If the active memory is
consistently low, the memory size might be too large.
If the host has enough free memory, check the resource shares, reservation, and limit settings of the virtual
machines and resource pools on the host. Verify that the host settings are adequate and not lower than those
set for the virtual machines.
If the memory usage value is high, and the host has high ballooning or swapping, check the amount of free
physical memory on the host. A free memory value of 6% or less indicates that the host cannot handle the
demand for memory. This leads to memory reclamation which may degrade performance.
If memory usage is high or you notice degredation in performance, consider taking the actions listed below.
Table 22-8. Memory Performance Enhancement Advice

# Resolution
1 Verify that VMware Tools is installed on each virtual machine. The balloon driver is installed with VMware Tools
and is critical to performance.
2 Verify that the balloon driver is enabled. The VMkernel regularly reclaims unused virtual machine memory by
ballooning and swapping. Generally, this does not impact virtual machine performance.
VMware, Inc. 279

Table 22-8. Memory Performance Enhancement Advice (Continued)

# Resolution
3 Reduce the memory space on the virtual machine, and correct the cache size if it is too large. This frees up memory
for other virtual machines.
4 If the memory reservation of the virtual machine is set to a value much higher than its active memory, decrease the
reservation setting so that the VMkernel can reclaim the idle memory for other virtual machines on the host.
5 Migrate one or more virtual machines to a host in a DRS cluster.
6 Add physical memory to the host.
Network Performance
Use the network performance charts to monitor network usage and bandwidth for clusters, hosts, and virtual
machines. Use the guidelines below to identify and correct problems with networking performance.
Network performance is dependent on application workload and network configuration. Dropped network
packets indicate a bottleneck in the network. To determine whether packets are being dropped, use esxtop or
the advanced performance charts to examine the droppedTx and droppedRx network counter values.
If packets are being dropped, adjust the virtual machine shares. If packets are not being dropped, check the
size of the network packets and the data receive and transfer rates. In general, the larger the network packets,
the faster the network speed. When the packet size is large, fewer packets are transferred, which reduces the
amount of CPU required to process the data. When network packets are small, more packets are transferred
but the network speed is slower because more CPU is required to process the data.
NOTE In some instances, large packets can result in high network latency. To check network latency, use the
VMware AppSpeed performance monitoring application or a third-party application.
If packets are not being dropped and the data receive rate is slow, the host is probably lacking the CPU resources
required to handle the load. Check the number of virtual machines assigned to each physical NIC. If necessary,
perform load balancing by moving virtual machines to different vSwitches or by adding more NICs to the host.
You can also move virtual machines to another host or increase the host CPU or virtual machine CPU.
Table 22-9. Networking Performance Enhancement Advice

# Resolution
1 Verify that VMware Tools is installed on each virtual machine.
2 If possible, use vmxnet3 NIC drivers, which are available with VMware Tools. They are optimized for high
performance.
3 If virtual machines running on the same ESX/ESXi host communicate with each other, connect them to the same
vSwitch to avoid the cost of transferring packets over the physical network.
4 Assign each physical NIC to a port group and a vSwitch.
5 Use separate physical NICs to handle the different traffic streams, such as network packets generated by virtual
machines, iSCSI protocols, VMotion tasks, and service console activities.
6 Ensure that the physical NIC capacity is large enough to handle the network traffic on that vSwitch. If the capacity
is not enough, consider using a high-bandwidth physical NIC (10Gbps) or moving some virtual machines to a vSwitch
with a lighter load or to a new vSwitch.
7 If packets are being dropped at the vSwitch port, increase the virtual network driver ring buffers where applicable.
8 Verify that the reported speed and duplex settings for the physical NIC match the hardware expectations and that
the hardware is configured to run at its maximum capability. For example, verify that NICs with 1Gbps are not reset
to 100Mbps because they are connected to an older switch.
280 VMware, Inc.

Table 22-9. Networking Performance Enhancement Advice (Continued)

# Resolution
9 Verify that all NICs are running in full duplex mode. Hardware connectivity issues might result in a NIC resetting
itself to a lower speed or half duplex mode.
10 Use vNICs that are TSO-capable, and verify that TSO-Jumbo Frames are enabled where possible.
Storage Performance
Use the vSphere Client datastore performance charts to monitor datastore usage. Use the guidelines below to
identify and correct problems with datastore performance.
NOTE The datastore charts are available only in the overview performance charts.
The datastore is at full capacity when the used space is equal to the capacity. Allocated space can be larger
than datastore capacity, for example, when you have snapshots and thin-provisioned disks. You can provision
more space to the datastore if possible, or you can add disks to the datastore or use shared datastores.
If snapshot files are consuming a lot of datastore space, consider consolidating them to the virtual disk when
they are no longer needed. Consolidating the snapshots deletes the redo log files and removes the snapshots
from the vSphere Client user interface. For information on consolidating the datacenter, see the vSphere Client
Help.
VMware, Inc. 281

282 VMware, Inc.

Working with Tasks and Events 23
The topics in this section describe vSphere tasks and events and provide information on how to work with
them.

n “Managing Tasks,” on page 283
n “Managing Events,” on page 290
Managing Tasks
Tasks represent system activities that do not complete immediately, such as migrating a virtual machine. They
are initiated by high-level activities you perform with the vSphere Client in real-time and those you schedule
to occur at a later time or on a recurring basis.
For example, powering off a virtual machine is a task. You can perform this task manually every evening, or
you can set up a scheduled task to power off the virtual machine every evening for you.
NOTE The functionality available in the vSphere Client depends on whether the vSphere Client is connected
to a vCenter Server system or an ESX/ESXi host. Unless indicated, the process, task, or description applies to
both kinds of vSphere Client connections. When the vSphere Client is connected to an ESX/ESXi host, the Tasks
option is not available; however, you can view recent tasks in the Status Bar at the bottom of the vSphere Client.
Viewing Tasks
You can view tasks that are associated with a single object or all objects in the vSphere Client inventory. The
Tasks & Events tab lists completed tasks and tasks that are currently running.
By default, the tasks list for an object also includes tasks performed on its child objects. You can filter the list
by removing tasks performed on child objects and by using keywords to search for tasks.
If you are logged in to a vCenter Server system that is part of a Connected Group, a column in the task list
displays the name of the vCenter Server system on which the task was performed.
VMware, Inc. 283

View All Tasks

You view completed tasks and running tasks on the vSphere Client Tasks & Events tab.
Procedure
2 Display the tasks for a single object or the entire vCenter Server.
n To display the tasks for an object, select the object.
n To display the tasks in the vCenter Server, select the root folder.
3 Click the Tasks & Events tab.
The task list contains tasks performed on the object and its children.
4 (Optional) To view detailed information for a task, select the task in the list.
Details appear in the Task Details pane.
View Recent Tasks

You view recent tasks for vCenter Server or an ESX/ESXi host in the vSphere Client Recent Tasks pane.
Procedure
1 Display the Inventory panel.
2 Select the object.
3 If necessary, select View > Status to display the status bar at the bottom of the vSphere Client.
4 In the status bar, Click Tasks.
The list of completed tasks appears in the Recent Tasks pane of the Status Bar.
5 If necessary, select View > Status to display the status bar at the bottom of the vSphere Client.
View Scheduled Tasks

You view scheduled tasks in the vSphere Client Scheduled Tasks pane. The scheduled task list includes tasks
that are scheduled to run and those that have already run.
Procedure
u In the navigation bar, select Home > Management > Scheduled Tasks.
Filter Tasks for a Host or Datacenter

Filtering the task list removes tasks performed on child objects.
Procedure
1 Select the host or datacenter in the inventory and click the Tasks & Events tab.
2 In View, click Tasks to display the tasks list.
3 If the Show all entries list and the search field are not displayed under the Tasks and Events buttons, select
View > Filtering.
4 Click Show all entries and select Show host entries or Show datacenter entries, depending on the object
selected.
284 VMware, Inc.

Chapter 23 Working with Tasks and Events
Use Keywords to Filter the Tasks List

You can filter the tasks list based on any task attribute, including task name, target, status, initiator, change
history, and time. Filtering is inclusive, not exclusive. If the keyword is found in any of the selected columns,
the task is included in the filtered list.
Procedure
2 Select the object and click the Tasks & Events tab.
3 If the Name, Target or Status contains search field is not displayed, select View > Filtering.
5 Type a keyword into the box and press Enter.
Cancel a Task
Canceling a task stops a running task from occurring. Canceling a scheduled task does not cancel subsequent
runs. To cancel a scheduled task that has not run, reschedule it.
NOTE You can only cancel a subset of tasks by using the vSphere Client, and you cannot cancel tasks on an
ESX Server version 2.0.1 host.
Required privileges:
n Manual tasks: Tasks.Update Task
n Scheduled tasks:Scheduled Task.Remove Task
n Appropriate permissions on the host where the task is running
Prerequisites
To cancel a task, the vSphere Client must be connected to a vCenter Server system.
Procedure
1 Locate the task in the Recent Tasks pane of the Status Bar.
By default, the Status Baris displayed at the bottom of the vSphere Client. If it is not visible, select View >
Status Bar.
2 Right-click the appropriate task and select Cancel.
If the cancel option is unavailable, the selected task cannot be canceled.
The vCenter Server system or ESX/ESXi host stops the progress of the task and returns the object to its previous
state. The vSphere Client displays the task with a Canceled status.
Schedule Tasks
You can schedule tasks to run once in the future or multiple times, at a recurring interval.
The vSphere Client must be connected to a vCenter Server system to create and manage scheduled tasks. The
tasks you can schedule are listed in the following table.
VMware, Inc. 285

Table 23-1. Scheduled Tasks

Scheduled Task Description
Add a host Adds the host to the specified datacenter or cluster.
Change the power state of a virtual machine Powers on, powers off, suspends, or resets the state of the virtual machine.
Change resource settings of a resource pool Changes the following resource settings:
or virtual machine n CPU – Shares, Reservation, Limit.
n Memory – Shares, Reservation, Limit.
Check compliance of a profile Checks that a host's configuration matches the configuration specified in a
host profile.
Clone a virtual machine Makes a clone of the virtual machine and places it on the specified host or
cluster.
Create a virtual machine Creates a new virtual machine on the specified host.
Deploy a virtual machine Creates a new virtual machine from a template on the specified host or
cluster.
Export a virtual machine Exports virtual machines that vCenter Server manages to managed formats
or hosted formats. The export process converts the source to a virtual
machine in the format you specify.
This scheduled task is available only when VMware vCenter Converter is
installed.
Import a virtual machine Imports a physical machine, virtual machine, or system image into a virtual
machine that vCenter Server manages.
This scheduled task is available only when VMware vCenter Converter is
installed.
Migrate a virtual machine Migrate a virtual machine to the specified host or datastore by using
migration or migration with VMotion.
Make a snapshot of a virtual machine Captures the entire state of the virtual machine at the time the snapshot is
taken.
Scan for Updates Scans templates, virtual machines, and hosts for available updates.
This task is available only when VMware vCenter Update Manager is
installed.
Remediate Downloads any new patches discovered during the scan operation and
applies the newly configured settings.
This task is available only when VMware vCenter Update Manager is
installed.
You create scheduled tasks by using the Scheduled Task wizard. For some scheduled tasks, this wizard opens
the wizard used specifically for that task. For example, if you create a scheduled task that migrates a virtual
machine, the Scheduled Task wizard opens the Migrate Virtual Machine wizard, which you use to set up the
migration details.
Scheduling one task to run on multiple objects is not possible. For example, you cannot create one scheduled
task on a host that powers on all virtual machines on that host. You must create a separate scheduled task for
each virtual machine.
After a scheduled task runs, you can reschedule it to run again at another time.
Create a Scheduled Task

To schedule a task, use the Scheduled Task wizard.
Required privilege: Schedule Task.Create Tasks
286 VMware, Inc.

You can schedule a limited number of tasks by using the vSphere Client. If the task to schedule is not available,
use the VMware Infrastructure API. See the vSphere SDK Programming Guide.
CAUTION Do not schedule multiple tasks to be performed at the same time on the same object. The results are
unpredictable.
Prerequisites
The vSphere Client must be connected to a vCenter Server system to schedule tasks.
Procedure
1 In the navigation bar, click Home > Management > Scheduled Tasks.
The current list of scheduled tasks appears.
2 In the toolbar, click New.
3 In the Select a Task to Schedule dialog box, select a task and click OK to open the wizard for that task.
NOTE For some scheduled tasks, the wizard opens the wizard used specifically for that task. For example,
to migrate a virtual machine, the Scheduled Task wizard opens the Migrate Virtual Machine Wizard,
which you use to set up the migration details.
4 Complete the wizard that opens for the task.
5 Click OK to open the Scheduled Task wizard.
6 Enter a task name and task description and click Next.
7 Select a Frequency and specify a Start Time.
You can schedule a task to run only once during a day. To set up a task to run multiple times in one day,
set up additional scheduled tasks.
Table 23-2. Scheduled Task Frequency Options

Frequency Action
Once n To run the scheduled task immediately, select Now and click Next.
n To run the scheduled task at a later time and date, select Later and enter a Time. Click the
Date arrow to display the calendar and click a date.
After Startup n In Delay, enter the number of minutes to delay the task.
Hourly a In Start Time, enter the number of minutes after the hour to run the task.
b In Interval, enter the number of hours after which to run the task.
For example, to start a task at the half-hour mark of every 5th hour, enter 30 and 5.
Daily n Enter the Start Time and Interval.

For example, to run the task at 2:30 pm every four days, enter 2:30 and 4.
VMware, Inc. 287

Table 23-2. Scheduled Task Frequency Options (Continued)

Frequency Action
Weekly a Enter the Interval and Start Time.

b Select each day on which to run the task.
For example, to run the task at 6 am every Tuesday and Thursday, enter 1 and 6 am, and select
Tuesday and Thursday.
Monthly a Enter the Start Time.

b Specify the days by using one of the following methods.
n Enter a specific date of the month.
n Select first, second, third, fourth, or last, and select the day of the week.
last runs the task on the last week in the month that the day occurs. For example, if
you select the last Monday of the month and the month ends on a Sunday, the task
runs six days before the end of the month.
c In Interval, enter the number of months between each task run.
8 Click Next.
9 Set up email notifications and click Next.
10 Click Finish.
The vCenter Server system adds the task to the list in the Scheduled Tasks window.
Canceling Scheduled Tasks

Canceling a task stops a running task from occurring, regardless of whether the task was a real-time task or a
scheduled task. The operation cancels only the running task. If the task being canceled is a scheduled task,
subsequent runs are not canceled.
Tasks that aren’t running can be cleared when they are in a queued or scheduled state. In such cases, because
the cancel operation is not available, either remove the task or reschedule it to run at a different time. Removing
a scheduled task requires that you recreate it to run it in the future, rescheduling does not.
You can cancel the following tasks:

n Connecting to a host
n Cloning a virtual machine
n Deploying a virtual machine
n Migrating a powered off virtual machine. This task is cancelable only when the source disks have not been
deleted.
If your vSphere uses virtual services, you can also cancel the following scheduled tasks:
n Change the power state of a virtual machine
n Make a snapshot of a virtual machine
Change or Reschedule a Task

After a scheduled task is created, you can change the timing, frequency, and specifics of the task. You can edit
and reschedule tasks before or after they run.
Required privilege:Schedule Task.Modify Task
Procedure
1 In the vSphere Client navigation bar, click Home > Management > Scheduled Tasks.
2 Select the task.
288 VMware, Inc.

3 In the toolbar, click Properties.
4 Change task attributes as necessary.
5 Click Next to advance through the wizard.
6 Click Finish.
Remove a Scheduled Task

Removing a scheduled task removes all future occurrences of the task. The history associated with all
completed occurrences of the task remains in the vCenter Server database.
Prerequisites
To remove scheduled tasks, the vSphere Client must be connected to the vCenter Server system.
Required privilege:Scheduled Task.Remove Task
Procedure
1 In the vSphere Client navigation bar, click Home > Management > Scheduled Tasks.
2 Select the task.
3 Select Inventory > Scheduled Task > Remove.
4 Click OK.
The task is removed from the list of scheduled tasks.
Policy Rules for Task Operations

The vCenter Server and ESX/ESXi hosts adhere to certain rules when managing tasks in the system.
vCenter Server and ESX/ESXi hosts use the following rules to process tasks:
n The user performing the task in the vSphere Client must have the correct permissions on the relevant
objects. After a scheduled task is created, it will be performed even if the user no longer has permission
to perform the task.
n When the operations required by manual tasks and scheduled tasks conflict, the activity due first is started
first.
n When a virtual machine or host is in an incorrect state to perform any activity, manual or scheduled,
vCenter Server or the ESX/ESXi host does not perform the task. A message is recorded in the log.
n When an object is removed from the vCenter Server or the ESX/ESXi host, all associated tasks are also
removed.
n The vSphere Client and vCenter Server system use UTC time to determine the start time of a scheduled
task. This ensures vSphere Client users in different time zones see the task scheduled to run at their local
time.
Events are logged in the event log at start and completion of a task. Any errors that occur during a task are
also recorded in the event log.
CAUTION Do not schedule multiple tasks to be performed at the same time on the same object. The results are
unpredictable.
VMware, Inc. 289

Managing Events
An event is an action that occurs on an object in vCenter Server or on a host.
Events include user actions and system actions that occur on managed objects in the vSphere Client inventory.
For example, events are created when a user logs in to a virtual machine and when a host connection is lost.
Each event records an event message. An event message is a predefined description of an event. Event messages
contain information such as the user who generated the event, the time the event occurred, and the type of
event message (information, error, or warning). Event messages are archived in vCenter Server.
Typically, event details include the name of the object on which the event occurred and describes the action
that occurred. The object of the event is a link to the object’s individual event page.
NOTE When actions occur on a folder, for example, when an alarm is created on a folder, the related event (in
this case the AlarmCreatedEvent) is visible only in the parent datacenter.
Viewing Events
You can view events associated with a single object or with all objects in the vSphere Client inventory.
The events listed for a selected object include events associated with the child objects. Detailed information
about a selected event appears in the Event Details panel below the event list.
NOTE When the vSphere Client is connected directly to an ESX/ESXi host, the Tasks & Events tab is labeled
Events.
View Events Associated with One Object

The events listed for a selected object include events associated with its child objects.
Required privilege: Read-only
Procedure
1 Display the object in the vSphere Client inventory.
2 Select the object and click the Tasks & Events tab.
3 Click Events.
A list of events appears.
4 (Optional) Select an event in the list to see the Event Details, including a list of related events.
View Events Associated with All Objects

The most recent events appear at the top of the Events list. Events are identified by Information type, Error
type, and Warning type.
Required privilege: Read-only
290 VMware, Inc.

Procedure
1 View the events associated with all objects in the inventory.

n In the navigation bar, click Home > Management > Events.
n In the inventory, select the root node, click the Tasks & Events tab, and click Events.
2 (Optional) To see details about an event in the list, select the event.
The Event Details panel shows the details.
3 (Optional) To see events related to a target object in the list, click the target object’s name.
The Tasks & Events tab for the selected object appears.
Filter Events on a Host or Datacenter

By default, the events list for an object includes events performed on its child objects. You can remove all child
events associated with a host or a datastore and display only the events performed on the object itself.
Procedure
1 Display the host or datacenter in the inventory.
2 Select the host or datacenter and click the Tasks & Events tab.
3 Click Events to display the events list.
4 If the Show all entries list and search field are not visible under the Tasks and Events buttons, select View
> Filtering.
5 Click Show all entries and select Show host entries or Show datacenter entries, depending on the object
selected.
Use Keywords to Filter the Events List

You can display events based on any attribute, including event name, target, type, user, change history, and
time. Filtering is inclusive, not exclusive. If the keyword is found in any of the selected columns, the event is
included in the list.
Procedure
1 Select the object on which to filter the events.

n To filter events associated with one object, select the object in the inventory, click the Events tab, and
click Events.
n To filter events associated with all objects, in the navigation bar, click Home > Management >
Events.
2 If the Name, Target or Status contains search field is not visible, select View > Filtering.
The search field appears.
4 Type a keyword in the field and press Enter.
The events that match the search are retrieved and displayed in the events list.
VMware, Inc. 291

Trigger an Alarm on an Event

You can configure an alarm to trigger when an event occurs in the vCenter Server System.
Procedure
1 In the inventory, select the object on which to create the alarm.
For example, to create an alarm for all hosts in a cluster, display the cluster. To create an alarm for a single
host, display the host.
2 Select File > New > Alarm.
3 Complete the information on the General tab.
a Enter an alarm name and description.
b In Alarm Type, select the object to monitor and select Monitor for specific events occurring on this
object.
4 Click the Triggers tab and set up the alarm triggers.
5 Click to the Actions tab and set up the alarm actions.
The vCenter Server verifies the configuration of the alarm and adds the alarm to the list of alarms for the
selected object.
For help on configuring the values on each tab, click Help.
Export Events
You can export all or part of the events log file when the vSphere Client is connected to a vCenter Server system.
Required Privilege: Read-only
Procedure
1 Select File > Export > Export Events.
2 If your vSphere environment has multiple vCenter Servers, in thevCenter Server list, select the server
where the events occurred.
3 In File name, type a name for the event file.
NOTE If you do not specify a file extension, the file is saved as a text file.
4 In Events, specify the event attributes on which to filter.
a In Type, select User or System.
b If you selected User, select a user option.

n All users
n These users
n To specify a subset of users, click Search and specify the users to include.
c In Severity, select the event level: Error, Info, or Warning.
5 In Time, specify the time range during which the events to export occurred.
n To specify an hour, day, week, or month time period, select Last and set the number and time
increment.
n To specify a calendar time span, select From and set the from and to dates.
292 VMware, Inc.

6 In Limits, set the number of events to export.

n Select All matching events.
n Select most recent matching events and enter the number.
7 Click OK.
vCenter Server creates the file in the specified location. The file contains the Type, Time, and Description of
the events.
VMware, Inc. 293

294 VMware, Inc.

Appendixes
VMware, Inc. 295

296 VMware, Inc.

Defined Privileges A
The following tables list the default privileges that, when selected for a role, can be paired with a user and
assigned to an object. The tables in this appendix use VC to indicate vCenter Server and HC to indicate host
client, a standalone ESX/ESXi host.
When setting permissions, verify all the object types are set with appropriate privileges for each particular
action. Some operations require access permission at the root folder or parent folder in addition to access to
the object being manipulated. Some operations require access or performance permission at a parent folder
and a related object.
vCenter Server extensions might define additional privileges not listed here. Refer to the documentation for
the extension for more information on those privileges.
This appendix includes the following topics:

n “Alarms,” on page 298
n “Datacenter,” on page 299
n “Datastore,” on page 299
n “Distributed Virtual Port Group,” on page 300
n “Distributed Virtual Switch,” on page 301
n “Extensions,” on page 302
n “Folders,” on page 302
n “Global,” on page 303
n “Host CIM,” on page 304
n “Host Configuration,” on page 304
n “Host Inventory,” on page 306
n “Host Local Operations,” on page 307
n “Host Profile,” on page 308
n “Network,” on page 308
n “Performance,” on page 309
n “Permissions,” on page 310
n “Resource,” on page 310
n “Scheduled Task,” on page 312
n “Sessions,” on page 312
VMware, Inc. 297

n “Tasks,” on page 313

n “vApp,” on page 313
n “Virtual Machine Configuration,” on page 315
n “Virtual Machine Interaction,” on page 319
n “Virtual Machine Inventory,” on page 322
n “Virtual Machine Provisioning,” on page 323
n “Virtual Machine State,” on page 326
Alarms
Alarms privileges control the ability to set and respond to alarms on inventory objects.
Table A-1. Alarms Privileges

Privilege Name Description Used Object Object
Acknowledge alarm Suppresses all alarm actions from VC only All inventory Object on which
occurring on all triggered alarms. objects an alarm is
User interface element – Triggered defined
Alarms panel
Create alarm Creates a new alarm. VC only All inventory Object on which
When creating alarms with a custom objects an alarm is
action, privilege to perform the action defined
is verified when the user creates the
alarm.
User interface element– Alarms tab
context menu, File > New > Alarm
Disable alarm action Stops the alarm action from occurring VC only All inventory Object on which
after an alarm has been triggered. This objects an alarm is
does not disable the alarm from defined
triggering.
User interface element – Inventory >
object_name > Alarm > Disable All
Alarm Actions
Modify alarm Changes the properties of an existing VC only All inventory Object on which
alarm. objects an alarm is
User interface element – Alarms tab defined
context menu
Remove alarm Deletes an existing alarm. VC only All inventory Object on which
User interface element – Alarms tab objects an alarm is
context menu defined
Set alarm status Changes the status of the configured VC only All inventory Object on which
event alarm. The status can change to objects an alarm is
Normal, Warning, or Alert. defined
User interface element – Alarm
Settings dialog box, Triggers tab
298 VMware, Inc.

Appendix A Defined Privileges
Datacenter
Datacenter privileges control the ability to create and edit datacenters in the vSphere Client inventory.
Table A-2. Datacenter Privileges

Pair with
Privilege Name Description Affects Object Effective on Object
Create Creates a new datacenter. VC only Datacenter Datacenter folder or root

datacenter User interface element– Inventory context folders or object
menu, toolbar button, and File > New root object
Datacenter
IP pool Allows configuration of a pool of IP VC only Datacenters, Datacenter

configuration addresses. Datacenter
folders, or
root object
Move datacenter Moves a datacenter. VC only Datacenters, Datacenter, source and

Privilege must be present at both the source Datacenter destination
and destination. folders, or
root object
User interface element – Inventory drag-
and-drop
Remove Removes a datacenter. VC only Datacenters, Datacenter plus parent

datacenter In order to have permission to perform this Datacenter object
operation, you must have this privilege folders, or
assigned to both the object and its parent root object
object.
User interface element– Inventory context
menu, Inventory > Datacenter > Remove,
Edit > Remove
Rename Changes the name of a datacenter. VC only Datacenters, Datacenter

datacenter User interface element – Inventory object, Datacenter
Inventory context menu, Edit > Rename, folders, or
Inventory > Datacenter > Rename root object
Datastore
Datastore privileges control the ability to browse, manage, and allocate space on datastores.
Table A-3. Datastore Privileges

Effective on Pair with
Privilege Name Description Affects Object Object
Allocate space Allocates space on a datastore for a virtual HC and VC Datastores Datastores
machine, snapshot, clone, or virtual disk.
Browse datastore Browses files on a datastore. HC and VC Datastores Datastores,

User interface element – Add existing disk, Datastore
browse for CD-ROM or Floppy media, folders
serial or parallel port files
Low level file Carries out read, write, delete, and rename HC and VC Datastores Datastores
operations operations in the datastore browser.
Move datastore Moves a datastore between folders. VC only Datastore, Datastores,

Privileges must be present at both the source and Datastore
source and destination. destination folders
User interface element – Inventory drag-
and-drop
VMware, Inc. 299

Table A-3. Datastore Privileges (Continued)

Effective on Pair with
Remove datastore Removes a datastore. HC and VC Datastores Datastores,

This privilege is deprecated. Datastore
folders
In order to have permission to perform this
operation, you must have this privilege
assigned to both the object and its parent
object.
User interface element– Inventory
datastore context menu, Inventory >
Datastore > Remove
Remove file Deletes a file in the datastore. HC and VC Datastores Datastores

This privilege is deprecated. Assign the
Low level file operations
User interface element – Datastore Browser
toolbar button and Datastore context menu
Rename datastore Renames a datastore. HC and VC Datastores Datastores

User interface element– Datastore
Properties dialog Change button, host
Summary tab context menu
Distributed Virtual Port Group

Distributed virtual port group privileges control the ability to create, delete, and modify distributed virtual
port groups.
Table A-4. Distributed Virtual Port Group Privileges

Create Create a distributed virtual port group. HC and VC Datacenter, vNetwork

Network folder Distributed
Switch
Delete Delete a distributed virtual port group. HC and VC vNetwork vNetwork

In order to have permission to perform this Distributed Distributed
operation, you must have this privilege Switch, Switch
assigned to both the object and its parent Network folder,
object. Datacenter
Modify Modify the configuration of a distributed HC and VC vNetwork vNetwork

virtual port group. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Policy operation Set the policy of a distributed virtual port HC and VC vNetwork vNetwork
group. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Scope operation Set the scope of a distributed virtual port HC and VC vNetwork vNetwork
group. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
300 VMware, Inc.

Distributed Virtual Switch

Distributed Virtual Switch privileges control the ability to perform tasks related to the management of
vNetwork Distributed Switches.
Table A-5. Distributed Virtual Switch Privileges

Create Create a vNetwork Distributed Switch. HC and VC Datacenter, Datacenter,

Network folder Network
folder
Delete Remove a vNetwork Distributed Switch. HC and VC vNetwork vNetwork

In order to have permission to perform this Distributed Distributed
operation, you must have this privilege Switch, Switch
assigned to both the object and its parent Network folder,
object. Datacenter
Host operation Change the host members of a vNetwork HC and VC vNetwork vNetwork
Distributed Switch. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Modify Change the Configuration of a vNetwork HC and VC vNetwork vNetwork

Distributed Switch. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Move Move a vNetwork Distributed Switch into VC only vNetwork vNetwork

another folder. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Policy operation Change the policy of a vNetwork Distributed HC and VC vNetwork vNetwork
Switch. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Port configuration Change the configuration of a port in a HC and VC vNetwork vNetwork

operation vNetwork Distributed Switch. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
Port setting Change the setting of a port in a vNetwork HC and VC vNetwork vNetwork
operation Distributed Switch. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
VSPAN operation Change the VSPAN configuration of a HC and VC vNetwork vNetwork

vNetwork Distributed Switch. Distributed Distributed
Switch, Switch
Network folder,
Datacenter
VMware, Inc. 301

Extensions
Extensions privileges control the ability to install and manage extensions.
Table A-6. Extension Privileges

Register extension Registers an extension (plug-in) VC only Root vCenter Root vCenter
Server Server
Unregister Unregisters an extension (plug-in) VC only Root vCenter Root vCenter

extension Server Server
Update extension Updates an extension (plug-in) VC only Root vCenter Root vCenter
Server Server
Folders
Folders privileges control the abililty to create and manage folders.
Table A-7. Folder Privileges

Create folder Creates a new folder. VC only Folders Folders

User interface element– Taskbar button, File
menu, context menu
Delete folder Deletes a folder. VC only Folders plus Folders

In order to have permission to perform this parent object
object.
User interface element– File menu, context
menu
Move folder Moves a folder. VC only Folders, source Folders

Privilege must be present at both the source and destination
and destination.
User interface element – Inventory drag-and-
drop
Rename folder Changes the name of a folder. VC only Folders Folders

User interface element – Inventory pane object
text field, context menu, File menu
302 VMware, Inc.

Global
Global privileges control a number of global tasks related to tasks, scripts, and extensions.
Table A-8. Global Privileges

Act as vCenter Prepare or initiate a VMotion send operation VC only Any object Root vCenter
Server or a VMotion receive operation. Server
No user vSphere Client interface elements are
associated with this privilege.
Cancel task Cancel a running or queued task. HC and VC Any object Inventory object
User interface element – Recent tasks pane related to the
context menu, Tasks & Events context menu. task
Can currently cancel clone and clone to
template.
Capacity planning Enable the use of capacity planning for VC only Root vCenter Root vCenter
planning consolidation of physical machines Server Server
to virtual machines.
User interface element - Consolidation button
in toolbar.
Diagnostics Get list of diagnostic files, log header, binary VC only Any object Root vCenter
files, or diagnostic bundle. Server
User interface element – File > Export > Export
Diagnostic Data, Admin System Logs tab
Disable methods Allows servers for vCenter Server extensions VC only Any object Root vCenter
to disable certain operations on objects Server
Enable methods Allows servers for vCenter Server extensions VC only Any object Root vCenter
to enable certain operations on objects Server
Global tag Add or remove global tags. HC and VC Any object Root host or
vCenter Server
Health View the health of vCenter Server VC only Root vCenter Root vCenter
components. Server Server
User interface element – vCenter Service
Status on the Home page.
Licenses See what licenses are installed and add or HC and VC Any object Root host or
remove licenses. vCenter Server
User interface element – Licenses tab,
Configuration > Licensed Features
Log Event Log a user-defined event against a particular HC and VC Any object Any object
managed entity.
User interface element – Should ask for a
reason when shutting down or rebooting a
host.
Manage Custom Add, remove, or rename custom field VC only Any object Root vCenter
Attributes definitions. Server
User interface element – Administration >
Custom Attributes
VMware, Inc. 303

Table A-8. Global Privileges (Continued)

Proxy Allows access to an internal interface for VC only Any object Root vCenter
adding or removing endpoints to or from the Server
proxy.
Script Action Schedule a scripted action in conjunction with VC only Any object Any object
an alarm.
User interface element – Alarm Settings dialog
box
Service Managers Allows use of the resxtop command in the HC and VC Root host or Root host or
vSphere CLI. vCenter Server vCenter Server
Set Custom View, create, or remove custom attributes for VC only Any object Any object
Attributes a managed object.
User interface element – Any list view shows
the fields defined and allows setting them
Settings Read and modifie runtime VC configuration VC only Any object Root vCenter
settings. Server
User interface element – Administration >
vCenter Server Management Server
Configuration
System tag Add or remove system tag. VC only Root vCenter Root vCenter
Server Server
Host CIM
Host CIM privileges control the use of CIM for host health monitoring.
Table A-9. Host CIM Privileges

CIM interaction Allow a client to obtain a ticket to use for CIM HC and VC Hosts Hosts
services.
Host Configuration
Host configuration privileges control the ability to configure hosts.
Table A-10. Host Configuration Privileges

Advanced settings Set advanced options in host HC and VC Hosts Hosts

configuration.
User interface element – Host
Configuration tab > Advanced Settings,
Inventory hierarchy context menu
Change date and time Sets time and date settings on the host. HC and VC Hosts Hosts
settings User interface element – Host
Configuration tab > Time Configuration
304 VMware, Inc.

Table A-10. Host Configuration Privileges (Continued)

Change PciPassthru Change PciPassthru settings for a host. HC and VC Hosts Hosts
settings User interface element – Host
Configuration tab > Advanced Settings,
Inventory hierarchy context menu
Change settings Allows setting of lockdown mode on ESXi HC and VC Hosts Hosts (ESXi only)
hosts only.
Configuration tab > Security Profile >
Lockdown Mode > Edit
Change SNMP Configure, restart, and stop SNMP agent. HC and VC Hosts Hosts
settings No user vSphere Client interface elements
are associated with this privilege.
Connection Change the connection status of a host VC only Hosts Hosts

(connected or disconnected).
User interface element– Right-click Host
Firmware Update the host firmware on ESXi hosts. HC and VC Hosts Hosts (ESXi only)
No user vSphere Client interface elements
Hyperthreading Enable and disable hyperthreading in a HC and VC Hosts Hosts

host CPU scheduler.
Configuration tab > Processors
Maintenance Put the host in and out of maintenance HC and VC Hosts Hosts
mode. Shut down and restart a host.
User interface element– Host context
menu, Inventory > Host > Enter
Maintenance Mode
Memory configuration Set configured service console memory HC and VC Hosts Hosts
reservation. This setting is applicable only
on ESX hosts.
Configuration tab > Memory
Network Configure network, firewall, and HC and VC Hosts Hosts

configuration VMotion network.
Configuration tab > Networking,
Network Adapter, DNS and Routing
Query Patch Query for installable patches and install HC and VC Hosts Hosts
patches on the host.
Security profile and Configure internet services, such as SSH, HC and VC Hosts Hosts
firewall Telnet, SNMP, and host firewall.
User interface element– Host
Configuration tab > Security Profile
Storage partition Manages VMFS datastore and diagnostic HC and VC Hosts Hosts
configuration partitions. Scan for new storage devices.
Manage iSCSI.
User interface element– Host
Configuration tab > Storage, Storage
Adapters, Virtual Machine Swapfile
LocationHost Configuration tab
datastore context menu
VMware, Inc. 305

Table A-10. Host Configuration Privileges (Continued)

System Management Allows extensions to manipulate the file HC and VC Hosts Hosts
system on the host.
No user vSphere Client interface elements
System resources Update the configuration of the system HC and VC Hosts Hosts
resource hierarchy.
Configuration tab > System Resource
Allocation
Virtual machine Change auto-start and auto-stop order of HC and VC Hosts Hosts
autostart virtual machines on a single host.
configuration User interface element– Host
Configuration tab > Virtual Machine
Startup or Shutdown
Host Inventory
Host inventory privileges control adding hosts to the inventory, adding hosts to clusters, and moving hosts in
the inventory.
Table A-11. Host Inventory Privileges

Add host to cluster Add a host to an existing cluster. VC only Datacenters, Clusters
User interface element – Inventory context Clusters, Host
menu, File > New > Add Host folders
Add standalone Add a standalone host. VC only Datacenters, Host folders

host User interface element – Toolbar button, Host folders
Inventory context menu, Inventory >
Datacenter > Add Host, File > New > Add
Host, Hosts tab context menu
Create cluster Create a new cluster. VC only Datacenters, Host folders

User interface elements – Toolbar button, Host folders
inventory context menu, Inventory >
Datacenter > New Cluster, File > New >
Cluster
Modify cluster Change the properties of a cluster. VC only Datacenters, Clusters

User interface element – Inventory context Host folders,
menu, Inventory > Cluster > Edit Settings, Clusters
Summary tab
Move cluster or Move a cluster or standalone host between VC only Datacenters, Clusters
standalone host folders. Host folders,
Privilege must be present at both the source Clusters
and destination.
User interface element– Inventory hierarchy
Move host Move a set of existing hosts into or out of a VC only Datacenters, Clusters
cluster. Host folders,
Privilege must be present at both the source Clusters
and destination.
User interface element– Inventory hierarchy
drag-and-drop
306 VMware, Inc.

Table A-11. Host Inventory Privileges (Continued)

Remove cluster Delete a cluster or standalone host. VC only Datacenters, Clusters, Hosts
In order to have permission to perform this Host folders,
operation, you must have this privilege Clusters, Hosts
object.
User interface element – Inventory context
menu, Edit > Remove, Inventory > Cluster >
Remove
Remove host Remove a host. VC only Datacenters, Hosts plus parent

In order to have permission to perform this Host folders, object
operation, you must have this privilege Clusters, Hosts
object.
drop out of cluster, context menu, Inventory >
Host > Remove
Rename cluster Rename a cluster. VC only Datacenters, Clusters

User interface element– Inventory single click, Host folders,
inventory hierarchy context menu, Inventory Clusters
> Cluster > Rename
Host Local Operations

Host local operations privileges control actions performed when the vSphere Client is connected directly to a
host.
Table A-12. Host Local Operations Privileges

Add host to Install and uninstall vCenter agents, such as HC only Root host Root host
vCenter vpxa and aam, on a host.
Create virtual Create a new virtual machine from scratch on HC only Root host Root host
machine a disk without registering it on the host.
Delete virtual Delete a virtual machine on disk, whether HC only Root host Root host
machine registered or not.
Manage user Manage local accounts on a host. HC only Root host Root host
groups User interface element – Users & Groups tab
(only present if the vSphere Client logs on to
the host directly)
Reconfigure Reconfigure a virtual machine. HC only Root host Root host

virtual machine
VMware, Inc. 307

Host Profile
Host Profile privileges control operations related to creating and modifying host profiles.
Privilege Name Description Affects Pair with Object Effective on Object
Clear Clear profile related HC and VC Root vCenter Server Root vCenter Server
information. Apply a profile to a
host.
User interface element –
Inventory > Host > Host Profile
> Apply Profile
Create Create a host profile. HC and VC Root vCenter Server Root vCenter Server
User interface element – Create
Profilebutton on Profiles tab
Delete Delete a host profile. HC and VC Root vCenter Server Root vCenter Server
User interface element – Delete
host profile button when a
profile is selected
Edit Edit a host profile. HC and VC Root vCenter Server Root vCenter Server
User interface element – Edit
Profile button when a profile is
selected
View View a host profile. HC and VC Root vCenter Server Root vCenter Server
Profiles button on vSphere
Client Home page
Network
Network privileges control tasks related to network management.
Table A-13. Network Privileges

Assign network Assign a network to a virtual machine. HC and VC Networks, Networks,

Network folders Virtual
Machines
Configure Configure a network. HC and VC Networks, Networks,

Network folders Virtual
Machines
308 VMware, Inc.

Table A-13. Network Privileges (Continued)

Move network Move a network between folders. HC and VC Networks Networks

Privilege must be present at both the source
and destination.
drop
Remove Remove a network. HC and VC Networks, Networks

This privilege is deprecated. Network
folders, and
Datacenters
object.
User interface element– Inventory network
context menu, Edit > Remove, Inventory >
Network > Remove
Performance
Performance privileges control modifying performance statistics settings.
Table A-14. Performance Privileges

Modify intervals Creates, removes, and updates performance VC only Root vCenter Root vCenter
data collection intervals. Server Server
User interface element– Administration >
vCenter Server Management Server
Configuration > Statistics
VMware, Inc. 309

Permissions
Permissions privileges control the assigning of roles and permissions.
Table A-15. Permissions Privileges

Privilege Name Description Used Object Object
Modify Define one or more permission rules on an HC and VC All inventory Any object plus
permission entity, or updates rules if already present for objects parent object
the given user or group on the entity.
object.
User interface element – Permissions tab
context menu, Inventory > Permissions menu
Modify role Update a role's name and its privileges. HC and VC Root vCenter Any object
User interface element – Roles tab context Server
menu, toolbar button, File menu
Reassign role Reassign all permissions of a role to another HC and VC Root vCenter Any object
permissions role. Server
User interface element – Delete Role dialog
box, Reassign affected users radio button and
associated menu
Resource
Resource privileges control the creation and management of resource pools, as well as the migration of virtual
machines.
Table A-16. Resource Privileges

Apply recommendation Ask the server to go ahead with VC only Datacenters, Clusters
a suggested VMotion. Host folders,
User interface element – Cluster Clusters
DRS tab
Assign vApp to resource Assign a vApp to a resource pool. HC and VC Datacenters, Resource pools
pool User interface element – New Host folders,
vApp wizard Clusters,
Resource pools,
Hosts
Assign virtual machine Assign a virtual machine to a HC and VC Datacenters, Resource pools
to resource pool resource pool. Host folders,
User interface element – New Clusters,
Virtual Machine wizard Resource pools,
Hosts
Create resource pool Create a new resource pool. HC and VC Datacenters, Resource pools,
User interface element – File Host folders, clusters
menu, context menu, Summary Clusters,
tab, Resources tab Resource pools,
Hosts
310 VMware, Inc.

Table A-16. Resource Privileges (Continued)

Migrate Migrate a virtual machine's VC only Datacenters, Virtual

execution to a specific resource Virtual machine machines
pool or host. folders, Virtual
User interface element– machines
Inventory context menu, Virtual
Machine Summary tab,
Inventory > Virtual Machine >
Migrate, drag-and- drop
Modify resource pool Change the allocations of a HC and VC Resource pools Resource pools
resource pool. plus parent
User interface element – object
Inventory > Resource Pool >
Remove, Resources tab
Move resource pool Move a resource pool. HC and VC Resource pools, Resource pools
Privilege must be present at both source and
the source and destination. destination
User interface element – Drag-
and-drop
Query VMotion Query the general VMotion VC only Root folder Root folder
compatibility of a virtual
machine with a set of hosts.
Required when displaying the
migration wizard for a powered-
on VM, to check compatibility
Relocate Cold migrate a virtual machine's VC only Virtual Virtual

execution to a specific resource machines machines
pool or host.
User interface element–
Inventory context menu, Virtual
Machine Summary tab,
Inventory > Virtual Machine >
Migrate, drag-and- drop
Remove resource pool Delete a resource pool. HC and VC Resource pools Resource pools
In order to have permission to plus parent
perform this operation, you must object
have this privilege assigned to
both the object and its parent
object.
User interface element – Edit >
Remove, Inventory > Resource
Pool > Remove, inventory
context menu, Resources tab
Rename resource pool Rename a resource pool. HC and VC Resource pools Resource pools
User interface element – Edit >
Rename, Inventory > Resource
Pool > Rename, context menu
VMware, Inc. 311

Scheduled Task
Scheduled task privileges control creation, editing, and removal of scheduled tasks.
Table A-17. Scheduled Task Privileges

Create tasks Schedule a task. Required in addition to the VC only Any object Any object
privileges to perform the scheduled action at
the time of scheduling.
User interface element – Scheduled Tasks
toolbar button and context menu
Modify task Reconfigure the scheduled task properties. VC only Any object Any object
User interface element – Inventory >
Scheduled Tasks > Edit, Scheduled Tasks tab
context menu
Remove task Remove a scheduled task from the queue. VC only Any object Any object
context menu, Inventory > Scheduled Task >
Remove, Edit > Remove
Run task Run the scheduled task immediately. VC only Any object Any object
Creating and running a task also requires
permission to perform the associated action.
context menu, Inventory > Scheduled Task >
Run
Sessions
Sessions privileges control the ability of extensions to open sessions on the vCenter Server.
Table A-18. Session Privileges

Impersonate User Impersonate another user. This capability is VC only Root vCenter Root vCenter
used by extensions. Server Server
Message Set the global log in message. VC only Root vCenter Root vCenter
User interface element – Sessions tab, Server Server
Administration > Edit Message of the Day
Validate session Verifies session validity. VC only Root vCenter Root vCenter
Server Server
View and stop View sessions. Force log out of one or more VC only Root vCenter Root vCenter
sessions logged-on users. Server Server
User interface element– Sessions tab
312 VMware, Inc.

Tasks
Tasks privileges control the ability of extensions to create and update tasks on the vCenter Server.
Table A-19. Tasks Privileges

Create task Allows an extension to create a user-defined VC only Root vCenter Root vCenter
task. Server Server
Update task Allows an extension to updates a user-defined VC only Root vCenter Root vCenter
task. Server Server
vApp
vApp privileges control operations related to deploying and configuring a vApp.
Table A-20. vApp Privileges

Add virtual machine Add a virtual machine to a HC and VC Datacenters, clusters, vApps
vApp. hosts, virtual
User interface element – drag- machine folders,
and-drop in the Virtual vApps
Machines and Templates or
Hosts and Clusters inventory
view
Assign resource pool Assign a resource pool to a HC and VC Datacenters, clusters, vApps
vApp. hosts, virtual
and-drop in the Hosts and vApps
Clusters inventory view
Assign vApp Assign a vApp to another vApp HC and VC Datacenters, clusters, vApps
User interface element – drag- hosts, virtual
and-drop in the Virtual machine folders,
Machines and Templates or vApps
view
Clone Clone a vApp. HC and VC Datacenters, clusters, vApps

User interface element – hosts, virtual
Inventory > vApp > Clone machine folders,
vApps
Delete Delete a vApp. HC and VC Datacenters, clusters, vApps

In order to have permission to hosts, virtual
perform this operation, you machine folders,
must have this privilege vApps
assigned to both the object and
its parent object.
Inventory > vApp > Delete
from Disk
Export Export a vApp from vSphere. HC and VC Datacenters, clusters, vApps

User interface element – File > hosts, virtual
Export > Export OVF Template machine folders,
vApps
VMware, Inc. 313

Table A-20. vApp Privileges (Continued)

Import Import a vApp into vSphere. HC and VC Datacenters, clusters, vApps

User interface element – File > hosts, virtual
Deploy OVF Template machine folders,
vApps
Move Move a vApp to a new HC and VC Datacenters, clusters, vApps

inventory location. hosts, virtual
and-drop in the Virtual vApps
Machines and Templates or
view
Power Off Power off a vApp. HC and VC Datacenters, clusters, vApps

Inventory > vApp > Power Off machine folders,
vApps
Power On Power on a vApp. HC and VC Datacenters, clusters, vApps

Inventory > vApp > Power On machine folders,
vApps
Rename Rename a vApp. HC and VC Datacenters, clusters, vApps

Inventory > vApp > Rename machine folders,
vApps
Unregister Unregister a vApp. HC and VC Datacenters, clusters, vApps

In order to have permission to hosts, virtual
perform this operation, you machine folders,
must have this privilege vApps
its parent object.
Inventory > vApp > Remove
from Inventory
vApp application Modify a vApp's internal HC and VC Datacenters, clusters, vApps

configuration structure, such as product hosts, virtual
information and properties. machine folders,
User interface element – Edit vApps
vApp Settings dialog box,
Options tab, Advanced option
vApp instance Modify a vApp's instance HC and VC Datacenters, clusters, vApps

configuration configuration, such as policies. hosts, virtual
User interface element – Edit machine folders,
vApp Settings dialog box, vApps
Options tab, Properties option
and IP Allocation Policy
option
314 VMware, Inc.

Table A-20. vApp Privileges (Continued)

vApp resource Modify a vApp's resource HC and VC Datacenters, clusters, vApps

configuration configuration. hosts, virtual
In order to have permission to machine folders,
perform this operation, you vApps
must have this privilege
its parent object.
User interface element – Edit
vApp Settings dialog box,
Options tab, Resources option
View OVF View the OVF environment of a HC and VC Datacenters, clusters, vApps
Environment powered-on virtual machine hosts, virtual
within a vApp. machine folders,
User interface element – Virtual vApps
Machine Properties dialog box,
Options tab, OVF Settings
option, View button
Virtual Machine Configuration

Virtual Machine Configuration privileges control the ability to configure virtual machine options and devices.
Table A-21. Virtual Machine Privileges

Add existing disk Add an existing virtual disk to a virtual HC and VC Datacenters, Virtual
machine. Hosts, machines
User interface element – Virtual Machine Clusters,
Properties dialog box Virtual
machine
folders,
Resource
pools, Virtual
machines
Add new disk Create a new virtual disk to add to a virtual HC and VC Datacenters, Virtual
Properties dialog box Virtual
machine
folders,
Resource
pools, Virtual
machines
Add or remove Add or removes any non-disk device. HC and VC Datacenters, Virtual
device User interface element – Virtual Machine Hosts, machines
Properties dialog box Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
VMware, Inc. 315

Table A-21. Virtual Machine Privileges (Continued)

Advanced Add or modify advanced parameters in the HC and VC Datacenters, Virtual

virtual machine's configuration file. Hosts, machines
Properties dialog box > Options tab > Virtual
Advanced - General option > Configuration machine
Parameters button folders,
Resource
pools, Virtual
machines
Change CPU count Change the number of virtual CPUs. HC and VC Datacenters, Virtual
User interface element – Virtual Machine Hosts, machines
Properties dialog box Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Change resource Change resource configuration of a set of VM HC and VC Datacenters, Virtual

nodes in a given resource pool. Hosts, machines
Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Disk change Enable or disable change tracking for the HC and VC Datacenters, Virtual
tracking virtual machine's disks. Hosts, machines
Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Disk lease Leases disks for VMware Consolidated HC and VC Datacenters, Virtual
Backup. Hosts, machines
No user vSphere Client interface elements are Clusters,
associated with this privilege. Virtual
machine
folders,
Resource
pools, Virtual
machines
Extend virtual Expand the size of a virtual disk. HC and VC Datacenters, Virtual
disk Hosts, machines
Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
316 VMware, Inc.


Host USB device Attach a host-based USB device to a virtual HC and VC Datacenters, Virtual
Adding USB devices to virtual machines on Clusters,
ESX/ESXi hosts is not supported. Virtual
machine
folders,
Resource
pools, Virtual
machines
Memory Change the amount of memory allocated to the HC and VC Datacenters, Virtual
virtual machine. Hosts, machines
Properties dialog box > Memory Virtual
machine
folders,
Resource
pools, Virtual
machines
Modify device Change the properties of an existing device. HC and VC Datacenters, Virtual
settings User interface element – Virtual Machine Hosts, machines
Properties dialog box > SCSI/IDE node Clusters,
selection Virtual
machine
folders,
Resource
pools, Virtual
machines
Query unowned Query unowned files. HC and VC Datacenters, Virtual

files Hosts, machines
Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Raw device Add or removes a raw disk mapping or SCSI HC and VC Datacenters, Virtual
pass through device. Hosts, machines
Setting this parameter overrides any other Clusters,
privilege for modifying raw devices, including Virtual
connection states. machine
folders,
User interface element – Virtual Machine
Resource
Properties > Add/Remove raw disk mapping
pools, Virtual
machines
Remove disk Remove a virtual disk device. HC and VC Datacenters, Virtual

Properties dialog box > Hard Disk (but not a Clusters,
raw disk mapping) Virtual
machine
folders,
Resource
pools, Virtual
machines
VMware, Inc. 317


Rename Rename a virtual machine or modifies the HC and VC Datacenters, Virtual

associated notes of a virtual machine. Hosts, machines
User interface element– Virtual Machine Clusters,
Properties dialog box, inventory, inventory Virtual
context menu, File menu, Inventory menu machine
folders,
Resource
pools, Virtual
machines
Reset guest Edit the guest operating system information HC and VC Datacenters, Virtual
information for a virtual machine Hosts, machines
Properties dialog box Options tab, Virtual
machine
folders,
Resource
pools, Virtual
machines
Settings Change general VM settings. HC and VC Datacenters, Virtual

Properties dialog box Options tab, General Clusters,
Options option Virtual
machine
folders,
Resource
pools, Virtual
machines
Swapfile Change the swapfile placement policy for a HC and VC Datacenters, Virtual
placement virtual machine. Hosts, machines
Properties dialog box Options tab, Swapfile Virtual
Location option machine
folders,
Resource
pools, Virtual
machines
Upgrade virtual Upgrade the virtual machine’s virtual HC and VC Datacenters, Virtual
hardware hardware version from a previous version of Hosts, machines
VMware. Clusters,
User interface element – context menu, File Virtual
menu (appears only if vmx file shows a lower machine
configuration number) folders,
Resource
pools, Virtual
machines
318 VMware, Inc.

Virtual Machine Interaction

Virtual Machine Interaction privileges control the ability to interact with a virtual machine console, configure
media, perform power operations, and install VMware Tools.
Table A-22. Virtual Machine Interaction

Answer question Resolve issues with VM state transitions or HC and VC Datacenters, Virtual
runtime errors. Hosts, machines
User interface element – Summary tab, Clusters,
Inventory menu, context menu Virtual
machine
folders,
Resource
pools, Virtual
machines
Backup operation Perform backup operations on virtual HC and VC Datacenters, Virtual

on virtual machine machines. Hosts, machines
Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Configure CD Configure a virtual DVD or CD-ROM device. HC and VC Datacenters, Virtual

media User interface element – Virtual Machine Hosts, machines
Properties dialog box > DVD/CD-ROM Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Configure floppy Configure a virtual floppy device. HC and VC Datacenters, Virtual

media User interface element – Virtual Machine Hosts, machines
Properties dialog box, Summary tab Edit Clusters,
Settings Virtual
machine
folders,
Resource
pools, Virtual
machines
Console Interact with the virtual machine’s virtual HC and VC Datacenters, Virtual
interaction mouse, keyboard, and screen. Hosts, machines
User interface element– Console tab, toolbar Clusters,
button, Inventory > Virtual Machine > Open Virtual
Console, inventory context menu machine
folders,
Resource
pools, Virtual
machines
VMware, Inc. 319

Table A-22. Virtual Machine Interaction (Continued)

Create screenshot Create a virtual machinescreen shot. HC and VC Datacenters, Virtual

Hosts, machines
Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Defragment all Defragment all disks on the virtual machine. HC and VC. Datacenters, Virtual
disks Hosts, machines
Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Device connection Change the connected state of a virtual HC and VC Datacenters, Virtual
machine’s disconnectable virtual devices. Hosts, machines
User interface element– Virtual Machine Clusters,
Properties dialog box, Summary tab Edit Virtual
Settings machine
folders,
Resource
pools, Virtual
machines
Disable Fault Disable the Secondary virtual machine for a VC only Datacenters, Virtual
Tolerance virtual machine using Fault Tolerance. Hosts, machines
User interface element – Inventory > Virtual Clusters,
Machine > Fault Tolerance > Disable Fault Virtual
Tolerance machine
folders,
Resource
pools, Virtual
machines
Enable Fault Enable the Seocondary virtual machine for a VC only Datacenters, Virtual
Tolerance virtual machine using Fault Tolerance. Hosts, machines
Machine > Fault Tolerance > Enable Fault Virtual
Tolerance machine
folders,
Resource
pools, Virtual
machines
Power Off Power off a powered-on virtual machine, shuts HC and VC Datacenters, Virtual
down guest. Hosts, machines
Machine > Power > Power Off, Summary tab, Virtual
toolbar button, virtual machine context menu machine
folders,
Resource
pools, Virtual
machines
320 VMware, Inc.


Power On Power on a powered-off virtual machine, HC and VC Datacenters, Virtual

resumes a suspended virtual machine. Hosts, machines
User interface element– Inventory > Virtual Clusters,
Machine > Power > Power On, Summary tab, Virtual
folders,
Resource
pools, Virtual
machines
Record session on Record a session on a virtual machine. HC and VC Datacenters, Virtual

Virtual Machine No vSphere Client user interface elements are Hosts, machines
associated with this privilege. Clusters,
Virtual
machine
folders,
Resource
pools, Virtual
machines
Replay session on Replay a recorded session on a virtual HC and VC Datacenters, Virtual

Virtual Machine machine. Hosts, machines
No vSphere Client user interface elements are Clusters,
associated with this privilege. Virtual
machine
folders,
Resource
pools, Virtual
machines
Reset Resets virtual machine and reboots the guest HC and VC Datacenters, Virtual
operating system. Hosts, machines
Machine > Power > Reset, Summary tab, Virtual
folders,
Resource
pools, Virtual
machines
Suspend Suspends a powered-on virtual machine, puts HC and VC Datacenters, Virtual

guest in standby mode. Hosts, machines
Machine > Power > Suspend, Summary tab, Virtual
folders,
Resource
pools, Virtual
machines
Test failover Test Fault Tolerance failover by making the VC only Datacenters, Virtual
Secondary virtual machine the Primary virtual Hosts, machines
machine. Clusters,
User interface element – Inventory > Virtual Virtual
Machine > Fault Tolerance > Test Failover machine
folders,
Resource
pools, Virtual
machines
VMware, Inc. 321


Test restart Terminate a Secondary virtual machine for a VC only Datacenters, Virtual
Secondary VM virtual machine using Fault Tolerance. Hosts, machines
Machine > Fault Tolerance > Test Restart Virtual
Secondary machine
folders,
Resource
pools, Virtual
machines
Turn Off Fault Turn off Fault Tolerance for a virtual machine. VC only Datacenters, Virtual
Tolerance User interface element – Inventory > Virtual Hosts, machines
Machine > Fault Tolerance > Turn Off Fault Clusters,
Tolerance Virtual
machine
folders,
Resource
pools, Virtual
machines
Turn On Fault Turn on Fault Tolerance for a virtual machine. VC only Datacenters, Virtual
Tolerance User interface element – Inventory > Virtual Hosts, machines
Machine > Fault Tolerance > Turn On Fault Clusters,
Tolerance Virtual
machine
folders,
Resource
pools, Virtual
machines
VMware Tools Mounts and unmounts the VMware Tools CD HC and VC Datacenters, Virtual
install installer as a CD-ROM for the guest operating Hosts, machines
system. Clusters,
User interface element– Inventory > Virtual Virtual
Machine > Guest > Install/Upgrade VMware machine
Tools, virtual machine context menu folders,
Resource
pools, Virtual
machines
Virtual Machine Inventory

Virtual Machine Inventory privileges control adding, moving, and removing virtual machines.
Table A-23. Virtual Machine Inventory Privileges

Create from Create a virtual machine based on an existing HC and VC Datacenters, Clusters, Hosts,
existing virtual machine or template, by cloning or Clusters, Virtual machine
deploying from a template. Hosts, Virtual folders
machine
folders
Create new Create a new virtual machine and allocates HC and VC Datacenters, Clusters, Hosts,
resources for its execution. Clusters, Virtual machine
User interface element– File menu, context Hosts, Virtual folders
menu, Summary tab - New Virtual Machine machine
links folders
322 VMware, Inc.

Table A-23. Virtual Machine Inventory Privileges (Continued)

Move Relocate a virtual machine in the hierarchy. VC only Datacenters, Virtual machines
Privilege must be present at both the source Clusters,
and destination. Hosts, Virtual
machine
User interface element – Inventory hierarchy
folders,
drag-and-drop in Virtual Machines &
Virtual
Templates view
machines
Register Add an existing virtual machine to a vCenter HC and VC Datacenters, Clusters, Hosts,
Server or host inventory. Clusters, Virtual machine
Hosts, Virtual folders
machine
folders
Remove Delete a virtual machine, removing its HC and VC Datacenters, Virtual machines
underlying files from disk. Clusters,
In order to have permission to perform this Hosts, Virtual
operation, you must have this privilege machine
assigned to both the object and its parent folders,
object. Virtual
machines
User interface element – File menu, context
menu, Summary tab
Unregister Unregister a virtual machine from a vCenter HC and VC Datacenters, Virtual machines
Server or host inventory. Clusters,
In order to have permission to perform this Hosts, Virtual
operation, you must have this privilege machines,
assigned to both the object and its parent virtual
object. machine
folders
Virtual Machine Provisioning

Virtual Machine Provisioning privileges control activities related to deploying and customizing virtual
machines.
Table A-24. Virtual Machine Provisioning Privileges

Allow disk access Open a disk on a virtual machine for random n/a Datacenters, Virtual
read and write access. Used mostly for remote Hosts, machines
disk mounting. Clusters,
No user vSphere Client interface elements are Resource
associated with this privilege. pools, Virtual
machine
folders, Virtual
machines
Allow read-only disk Open a disk on a virtual machine for random n/a Datacenters, Virtual
access read access. Used mostly for remote disk Hosts, machines
mounting. Clusters,
No user vSphere Client interface elements are Resource
associated with this privilege. pools, Virtual
machine
folders, Virtual
machines
VMware, Inc. 323

Table A-24. Virtual Machine Provisioning Privileges (Continued)

Allow virtual Read files associated with a virtual machine, HC and VC Datacenters, Root folders
machine download including vmx, disks, logs, and nvram. Hosts,
associated with this privilege. Resource
pools, Virtual
machine
folders, Virtual
machines
Allow virtual Write files associated with a virtual machine, HC and VC Datacenters, Root folders
machine files upload including vmx, disks, logs, and nvram. Hosts,
pools, Virtual
machine
folders, Virtual
machines
Clone template Clone a template. VC only Datacenters, Templates

User interface element– Inventory > Virtual Hosts,
Machine > Template > Clone, context menu, Clusters,
Virtual Machines tab Resource
pools, Virtual
machine
folders,
Templates
Clone virtual Clone an existing virtual machine and VC only Datacenters, Virtual
machine allocates resources. Hosts, machines
Machine > Clone, context menu, Summary Resource
tab pools, Virtual
machine
folders, Virtual
machines
Create template from Create a new template from a virtual machine. VC only Datacenters, Virtual
virtual machine User interface element – Inventory > Virtual Hosts, machines
Machine > Template > Clone to Template, Clusters,
context menu, Summary tab items Resource
pools, Virtual
machine
folders, Virtual
machines
Customize Customize a virtual machine’s guest VC only Datacenters, Virtual

operating system without moving the virtual Hosts, machines
machine. Clusters,
User interface element– Clone Virtual Resource
Machine wizard: Guest Customization pools, Virtual
machine
folders, Virtual
machines
Deploy template Deploy a virtual machine from a template. VC only Datacenters, Templates
User interface element – “Deploy to template” Hosts,
File menu, context menu items, Virtual Clusters,
Machines tab Resource
pools, Virtual
machine
folders,
Templates
324 VMware, Inc.

Table A-24. Virtual Machine Provisioning Privileges (Continued)

Mark as template Mark an existing, powered off virtual machine VC only Datacenters, Virtual
as a template. Hosts, machines
Machine > Template > Convert to Template, Resource
context menu items, Virtual Machines tab, pools, Virtual
Summary tab machine
folders, Virtual
machines
Mark as virtual Mark an existing template as a VM. VC only Datacenters, Templates

machine User interface element – “Convert to Virtual Hosts,
Machine...” context menu items, Virtual Clusters,
Machines tab Resource
pools, Virtual
machine
folders,
Templates
Modify Create, modify, or delete customization VC only Root vCenter Root vCenter
customization specifications. Server Server
specification User interface element – Customization
Specifications Manager
Promote disks Promote a virtual machine's disks. VC only Datacenters, Virtual

Hosts, machines
Clusters,
Resource
pools, Virtual
machine
folders, Virtual
machines
Read customization View the customization specifications defined VC only Root vCenter Root vCenter
specification on the system. Server Server
User interface element – Edit > Customization
Specifications
VMware, Inc. 325

Virtual Machine State

Virtual machine state privileges control the ability to take, delete, rename, and restore snapshots.
Table A-25. Virtual Machine State Privileges

Create snapshot Create a new snapshot from the virtual HC and VC Datacenters, Virtual machines
machine’s current state. Clusters,
User interface element – virtual machine Hosts,
context menu, toolbar button, Inventory > Resource
Virtual Machine > Snapshot > Take Snapshot pools, Virtual
machine
folders,
Virtual
machines
Remove Snapshot Remove a snapshot from the snapshot history. HC and VC Datacenters, Virtual machines
User interface element – virtual machine Clusters,
context menu, toolbar button, Inventory menu Hosts,
Resource
pools, Virtual
machine
folders,
Virtual
machines
Rename Snapshot Rename this snapshot with either a new name HC and VC Datacenters, Virtual machines
or a new description or both. Clusters,
No user vSphere Client interface elements are Hosts,
pools, Virtual
machine
folders,
Virtual
machines
Revert to snapshot Set the VM to the state it was in at a given HC and VC Datacenters, Virtual machines
snapshot. Clusters,
User interface element – virtual machine Hosts,
context menu, toolbar button, Inventory > Resource
Virtual Machine > Snapshot > Revert to pools, Virtual
Snapshot, Virtual Machines tab machine
folders,
Virtual
machines
326 VMware, Inc.

Installing the Microsoft Sysprep Tools B
The Microsoft System Preparation tools enable you to customize guest Windows operating systems.
Using System Preparation tools is especially useful when you clone virtual machines. The guest operating
system customization feature in vCenter Server leverages the functionality of the System Preparation tools.
Ensure that your vCenter Server system meets the following requirements before you customize your virtual
machine’s Windows guest operating systems:
n Install Microsoft System Preparation tools. Microsoft includes the system tool set on the installation CD-
ROM discs for Windows 2000, Windows XP, and Windows 2003. System Preparation tools are built into
the Windows Vista operating system.
n Ensure that the correct versions of the System Preparation tools are installed for each guest operating
system you want to customize.
n Ensure that the password for the local administrator account on the virtual machines is set to blank (““).
NOTE Customization operations will fail if the correct version of sysprep tools is not found.

n “Install the Microsoft System Preparation Tools from a Microsoft Web Site Download,” on page 327
n “Install the Microsoft Sysprep Tools from the Windows Operating System CD,” on page 328
Install the Microsoft System Preparation Tools from a Microsoft Web

Site Download
You can download and install Microsoft System Preparation tools from the Microsoft Web site.
Ensure you download the correct version for the guest operating system that you want to customize.
Procedure
1 Open a browser window and navigate to the Microsoft Download Center.
2 Navigate to the page that contains the download link to the version of the tools you want.
3 Click Download and save the file to your local disk.
4 Open and expand the .cab file, using a tool such as Winzip.exe or another tool capable of reading Microsoft
CAB files.
VMware, Inc. 327

5 Extract the files to the provided directory.
The following System Preparation tools support directories were created during vCenter Server
installation:
C:\<ALLUSERSPROFILE>\Application Data\Vmware\VMware VirtualCenter\sysprep
...\1.1\
...\2k\
...\xp\
...\svr2003\
...\xp-64\
...\svr2003-64\
where <ALLUSERSPROFILE> is usually \Documents And Settings\All Users\. This is where vpxd.cfg is
also located.
Select the subdirectory that corresponds to your operating system.
6 Click OK to expand the files.
After you have extracted the files from the .cab file, you should see:
...\<guest>\deptool.chm
...\<guest>\readme.txt
...\<guest>\setupcl.exe
...\<guest>\setupmgr.exe
...\<guest>\setupmgx.dll
...\<guest>\sysprep.exe
...\<guest>\unattend.doc
where <guest> is 2k, xp, svr2003, xp-64, or svr2003-64.
What to do next
You are now ready to customize a new virtual machine with a supported Windows guest operating system
when you clone an existing virtual machine.
Install the Microsoft Sysprep Tools from the Windows Operating

System CD
You can install the Microsoft Sysprep tools from a CD.
Procedure
1 Insert the Windows operating system CD into the CD-ROM drive (often the D: drive).
2 Locate the DEPLOY.CAB file in the CD directory, \Support\Tools.
3 Open and expand the DEPLOY.CAB file, using a tool such as Winzip.exe or another tool capable of reading
Microsoft CAB files.
328 VMware, Inc.

Appendix B Installing the Microsoft Sysprep Tools
4 Extract the files to the directory appropriate to your Sysprep guest operating system.
The following Sysprep support directories were created during vCenter Server installation:
C:\<ALLUSERSPROFILE>\Application Data\Vmware\VMware VirtualCenter\sysprep
...\1.1\
...\2k\
...\xp\
...\svr2003\
...\xp-64\
...\svr2003-64\
where <ALLUSERSPROFILE> is usually \Documents And Settings\All Users\. This is where vpxd.cfg is
also located.
Select the subdirectory that corresponds to your operating system.
5 Click OK to expand the files.
After you have extracted the files from the .cab file, you should see:
...\<guest>\deptool.chm
...\<guest>\readme.txt
...\<guest>\setupcl.exe
...\<guest>\setupmgr.exe
...\<guest>\setupmgx.dll
...\<guest>\sysprep.exe
...\<guest>\unattend.doc
where <guest> is 2k, xp, svr2003, xp-64, or svr2003-64.
6 Repeat this procedure to extract Sysprep files for each of the Windows guest operating systems (Windows
2000, Windows XP, or Windows 2003) you plan to customize using vCenter Server.
What to do next
You are now ready to customize a new virtual machine with a supported Windows guest operating system
when you clone an existing virtual machine.
VMware, Inc. 329

330 VMware, Inc.

Performance Metrics C
Performance metrics are collected on ESX/ESXi servers and vCenter Servers for managed objects and the
physical and virtual devices associated with these objects. Each object and device has its own set of data
counters that provide the metadata for the metrics.
The performance metrics for VMware vSphere are organized into tables for each metric group: cluster services,
CPU, disk, management agent, memory, network, system, and virtual machine operations. Each table contains
the following information:
Counter Lists the display name of each data counter.
Label Indicates the name of the data counter as displayed in the APIs and advanced
performance charts. In some cases the labels are different in the overview
performance charts.
Description Provides a brief description of the metric.
Stats Type Measurement used during the statistics interval. The Stats Type is related to
the unit of measurement and can be one of the following:
n Rate - Value over the current statistics interval.
n Delta - Change from previous statistics interval.
n Absolute - Absolute value, independent of the statistics interval .
Unit How the statistic quantity is measured across the collection interval, for
example, kiloBytes (KB) and kiloBytesPerSecond (KBps).
NOTE For some statistics, the value is converted before it is displayed in the
overview performance charts. For example, memory usage is displayed in
KiloBytes by the APIs and the advanced performance charts, but it is displayed
in MegaBytes in the overview performance charts.
Rollup Type Indicates the calculation method used during the statistics interval to roll up
data. Determines the type of statistical values that are returned for the counter.
For real-time data, the value shown is the current value. One of:
n Average - Data collected is averaged.
n Minimum - The minimum value collected is rolled up.
n Maximum - The maximum value collected is rolled up.
n Summation - Data collected is summed.
n Latest - Data collected is the most recent value.
VMware, Inc. 331

Collection Level Indicates the minimum value to which the statistics collection level must be set
for the metric to be gathered during each collection interval. You can assign a
collection level of 1 to 4 to each collection interval enabled on your vCenter
Server, with 4 containing the most data counters.
VHRCD Indicates the entity for which the counter applies. One of:
n V – virtual machines
n H – hosts
n R – resource pools
n C – compute resources
n D – datastores
Calculations for all metrics listed in the data counter tables are for the duration of the data collection cycle.
Collection cycle durations are specified with the Statistics Collection Interval setting.
NOTE The availability of some data counters in the vSphere Client depends on the statistics Collection Level
set for the vCenter Server. The entire set of data counters are collected and available in vCenter Server. You
can use the vShpere Web Services SDK to query vCenter Server and get statistics for all counters. For more
information, see the VMware vSphere API Reference.

n “Cluster Services Metrics,” on page 332
n “CPU Metrics,” on page 333
n “Disk Metrics,” on page 337
n “Management Agent Metrics,” on page 341
n “Memory Metrics,” on page 342
n “Network Metrics,” on page 350
n “Storage Utilization Metrics,” on page 352
n “System Metrics,” on page 353
n “Virtual Machine Operations Metrics,” on page 354
Cluster Services Metrics

The cluster-services metric group (clusterServices) tracks performance statistics for clusters configured by
using VMware DRS (distributed resource scheduler), VMware HA (high availability), or both.
Table C-1 lists the cluster services data counters.
NOTE The cluster services metrics appear only in the advanced performance charts.
332 VMware, Inc.

Appendix C Performance Metrics
Table C-1. Cluster Services Data Counters

Entity
Counter Label Description V H R C
cpufairness CPU Fairness Fairness of distributed CPU resource allocation. ο • ο ο

n Stats Type: absolute
n Unit: number
n Rollup Type: latest
n Collection Collection Level: 1
n VC/ESX: Yes/No
effectivecpu Effective CPU Total available CPU resources of all hosts within a cluster. ο ο ο •
Resources Effective CPU = Aggregate host CPU capacity – VMkernel CPU + Service
Console CPU + other service CPU)
n Stats Type: rate
n Unit: megaHertz
n Rollup Type: average
n Collection Level: 1
n VC/ESX: Yes/No
effectivemem Effective Total amount of machine memory of all hosts in the cluster that is ο ο ο •
Memory available for virtual machine memory (physical memory for use by the
Resources Guest OS) and virtual machine overhead memory.
Effective Memory = Aggregate host machine memory – (VMkernel
memory + Service Console memory + other service memory)
n Unit: megaBytes
n VC/ESX: Yes/No
failover Current Number of VMware HA failures that can be tolerated. ο ο ο •

Failover Level n Stats Type: absolute
n Unit: number
n VC/ESX: Yes/No
memfairness Memory Aggregate available memory resources of all hosts within a cluster. ο • ο ο
Fairness n Stats Type: absolute
n Unit: number
n VC/ESX: Yes/No
CPU Metrics
The cpu metric group tracks CPU utilization for hosts, virtual machines, resource pools, and compute
resources.
Table C-2 lists the CPU data counters.
NOTE The performance charts display a subset of the CPU data counters. The entire set is collected and available
in vCenter Server. You can use the vSphere Web Services SDK to query vCenter Server and get statistics for
those counters. For more information, see the VMware vSphere API Reference.
VMware, Inc. 333

Table C-2. CPU Data Counters

cpuentitlement Worst Case Allocation Amount of CPU resources allocated to the virtual machine • ο • ο
(virtual machine or resource pool based on the total cluster capacity and the
Resource Allocation resource configuration (reservations, shares, and limits) on
tab) the resource hierarchy.
cpuentitlement is computed based on an ideal scenario in
which all virtual machines are completely busy and the load
is perfectly balanced across all hosts.
This counter is for internal use only and is not useful for
performance monitoring.
n Unit: megaHertz
n VC/ESX: No/Yes
guaranteed CPU Guaranteed Not supported for ESX 4.x systems, except through vCenter • ο ο ο
Server. CPU time that is reserved for the entity. For virtual
machines, this measures CPU time that is reserved, per
virtual CPU (vCPU).
This counter has been deprecated and should not be used to
monitor performance.
n Stats Type: delta
n Unit: millisecond
n VC/ESX: Yes/No
idle CPU Idle Total time that the CPU spent in an idle state (meaning that • ο ο ο
a virtual machine is not runnable). This counter represents
the variance, in milliseconds, during the interval.
n Stats Type: delta
n Unit: millisecond
n Rollup Type: summation
n VC/ESX: Yes/Yes
ready CPU Ready Percentage of time that the virtual machine was ready, but • ο ο ο
could not get scheduled to run on the physical CPU. CPU
ready time is dependent on the number of virtual machines
on the host and their CPU loads.
n Stats Type: delta
n Unit: millisecond
n VC/ESX: Yes/Yes
reservedCapacity CPU Reserved Total CPU capacity reserved by the virtual machines. ο • ο •
Capacity n Stats Type: absolute
n Unit: megaHertz
n VC/ESX: Yes/Yes
334 VMware, Inc.

Table C-2. CPU Data Counters (Continued)

system CPU System Amount of time spent on system processes on each virtual • ο ο ο
CPU in the virtual machine. This is the host view of the CPU
usage, not the guest operating system view.
n Stats Type: delta
n Unit: millisecond
n VC/ESX: Yes/Yes
totalmhz CPU Total Total amount of CPU resources of all hosts in the cluster. The ο ο ο •
maximum value is equal to the frequency of the processors
multiplied by the number of cores.
totalmhz = CPU frequency × number of cores
For example, a cluster has two hosts, each of which has four
CPUs that are 3GHz each, and one virtual machine that has
two virtual CPUs.
VM totalmhz = 2 vCPUs × 3000MHz = 6000MHz
Host totalmhz = 4 CPUs × 3000MHz = 12000MHz
Cluster totalmhz = 2 x 4 × 3000MHz = 24000MHz
n Stats Type: rate
n Unit: megaHertz
n VC/ESX: Yes/Yes
VMware, Inc. 335


usage CPU Usage CPU usage as a percentage during the interval. • • • •
VM Amount of actively used virtual CPU,

as a percentage of total available CPU.
This is the host's view of the CPU
usage, not the guest operating system
view. It is the average CPU utilization
over all available virtual CPUs in the
virtual machine. For example, if a
virtual machine with one virtual CPU
is running on a host that has four
physical CPUs and the CPU usage is
100%, the virtual machine is using one
physical CPU completely.
virtual CPU usage = usagemhz ÷
(# of virtual CPUs × core
frequency)
Host Actively used CPU of the host, as a

percentage of the total available CPU.
Active CPU is approximately equal to
the ratio of the used CPU to the
available CPU.
available CPU = # of physical
CPUs × clock rate
100% represents all CPUs on the host.
For example, if a four-CPU host is
running a virtual machine with two
CPUs, and the usage is 50%, the host is
using two CPUs completely.
Cluster Sum of actively used CPU of all virtual

machines in the cluster, as a percentage
of the total available CPU.
CPU Usage = CPU usagemhz ÷
effectivecpu
n Stats Type: rate

n Unit: percent
n Rollup Type: average (min/max)
n Collection Level: 1(4)
n VC/ESX: Yes/Yes
336 VMware, Inc.


usagemhz CPU Usage in MHz The amount of CPU used, in megahertz, during the interval. • • • •
VM Amount of actively used virtual CPU.

This is the host's view of the CPU
usage, not the guest operating system
view.
Host Sum of the actively used CPU of all

powered on virtual machines on a host.
The maximum possible value is the
frequency of the processors multiplied
by the number of processors. For
example, if you have a host with four
2GHz CPUs running a virtual machine
that is using 4000MHz, the host is using
two CPUs completely.
4000 ÷ (4 × 2000) = 0.50
n Stats Type: rate

n Unit: megaHertz
n Rollup Type: average(min/max)
n VC/ESX: Yes/Yes
used CPU Used Amount of used CPU time. • ο ο ο

n Stats Type: delta
n Unit: millisecond
n VC/ESX: Yes/Yes
wait CPU Wait Amount of CPU time spent in wait state. • ο ο ο

n Stats Type: delta
n Unit: millisecond
n VC/ESX: Yes/Yes
Disk Metrics
The disk metric group tracks statistics for disk input/output (I/O) performance.
Disk I/O counters support metrics for both physical devices and virtual devices. A host reads data from a LUN
(logical unit number) associated with the physical storage media. A virtual machine reads data from a virtual
disk, which is the virtual hardware presented to the Guest OS running on the virtual machine. The virtual disk
is a file in VMDK format.
Table C-3 lists the disk data counters.
NOTE Some counters listed in Table C-3 subsume other counters. For example, kernelLatency includes both
queueReadLatency and queueWriteLatency and the disk usage statistic include both read and write statistics.
In addition, only a subset of the disk counters appear in the overview performance charts. To view all disk
data counters, use the advanced performance charts.
VMware, Inc. 337

Table C-3. Disk Data Counters

Entity
commands Disk Commands Number of SCSI commands issued during the collection • • ο ο
Issued interval.
n Stats Type: delta
n Unit: number
n VC/ESX: Yes/Yes
commandsAborted Disk Command Number of SCSI commands aborted during the collection • • ο ο
Aborts interval.
n Stats Type: delta
n Unit: number
n VC/ESX: Yes/Yes
deviceLatency Physical Device Average amount of time, in milliseconds, to complete a SCSI • • ο ο

Command command from the physical device.
Latency n Stats Type: absolute
n Unit: millisecond
n VC/ESX: Yes/Yes
deviceReadLatency Physical Device Average amount of time, in milliseconds, to complete read from • • ο ο
Read Latency the physical device.
n Unit: millisecond
n VC/ESX: Yes/Yes
deviceWriteLatency Physical Device Average amount of time, in milliseconds, to write to the • • ο ο

Write Latency physical device (LUN).
n Unit: millisecond
n VC/ESX: Yes/Yes
kernelLatency Kernel Disk Average amount of time, in milliseconds, spent by VMkernel • • ο ο

Command processing each SCSI command.
Latency n Stats Type: absolute
n Unit: millisecond
n VC/ESX: Yes/Yes
kernelReadLatency Kernel Disk Read Average amount of time, in milliseconds, spent by VMKernel • • ο ο
Latency processing each SCSI read command.
n Unit: millisecond
n VC/ESX: Yes/Yes
338 VMware, Inc.

Table C-3. Disk Data Counters (Continued)

Entity
kernelWriteLatency Kernel Disk Write Average amount of time, in milliseconds, spent by VMKernel • • ο ο
Latency processing each SCSI write command.
n Unit: millisecond
n VC/ESX: Yes/Yes
maxTotalLatency Highest Disk Highest latency value across all disks used by the host. Latency ο • ο ο
Latency measures the time taken to process a SCSI command issued by
the guest OS to the virtual machine. The kernel latency is the
time VMkernel takes to process an IO request. The device
latency is the time it takes the hardware to handle the request.
Total latency = kernelLatency + deviceLatency
n Unit: millisecond
n VC/ESX: Yes/Yes
numberRead Disk Read • • ο ο

VM Number of times data was read from each
Requests
virtual disk on the virtual machine.
Host Number of times data was read from each

LUN on the host during the collection
interval.
n Stats Type: delta

n Unit: number
n VC/ESX: Yes/Yes
numberWrite Disk Write • • ο ο

VM Number of times data was written to each
Requests
Host Number of times data was written to each

LUN on the host during the collection
interval.
n Stats Type: delta

n Unit: number
n VC/ESX: Yes/Yes
queueLatency Queue Command Average amount of time spent in the VMkernel queue, per SCSI • • ο ο
Latency command, during the collection interval.
n Unit: millisecond
n VC/ESX: Yes/Yes
VMware, Inc. 339


Entity
queueReadLatency Queue Read Average amount of time taken during the collection interval per • • ο ο
Latency SCSI read command in the VMKernel queue.
n Unit: millisecond
n VC/ESX: Yes/Yes
queueWriteLatency Queue Write Average amount time taken during the collection interval per • • ο ο
Latency SCSI write command in the VMKernel queue.
n Unit: millisecond
n VC/ESX: Yes/Yes
read Disk Read Rate • • ο ο

VM Rate at which data is read from each
Host Rate at which data is read from each LUN

on the host.
read rate = # blocksRead per
second × blockSize
n Stats Type: rate

n Unit: kiloBytesPerSecond
n VC/ESX: Yes/Yes
totalLatency Disk Command Average amount of time taken during the collection interval to • • ο ο
Latency process a SCSI command issued by the Guest OS to the virtual
machine. The sum of kernelLatency and deviceLatency.
n Unit: millisecond
n VC/ESX: Yes/Yes
totalReadLatency Disk Read Average amount of time taken during the collection interval to • • ο ο
Latency process a SCSI read command issued from the Guest OS to the
virtual machine. The sum of kernelReadLatency and
deviceReadLatency.
n Unit: millisecond
n VC/ESX: Yes/Yes
340 VMware, Inc.


Entity
totalWriteLatency Disk Write Average amount of time taken during the collection interval to • • ο ο
Latency process a SCSI write command issued by the Guest OS to the
virtual machine. The sum of kernelWriteLatency and
deviceWriteLatency.
n Unit: millisecond
n VC/ESX: Yes/Yes
usage Disk Usage Aggregated disk I/O rate. For hosts, this metric includes the • • ο ο
rates for all virtual machines running on the host during the
collection interval.
n Stats Type: kiloBytesPerSecond
n Unit: rate
n VC/ESX: Yes/Yes
write Disk Write Rate • • ο ο

VM Rate at which data is written to each
Host Rate at which data is written to each LUN

on the host.
Write rate = blocksWritten/
second * blockSize
n Stats Type: rate

n VC/ESX: Yes/Yes
Management Agent Metrics

The management agent metric group tracks consumption of resources by the various management agents
(hostd, vpxd, and so on) running on the ESX/ESXi host.
Table C-4 lists the management agent data counters.
NOTE The management agent metrics appear only in the advanced performance charts.
VMware, Inc. 341

Table C-4. Management Agent Metrics

Entity
memUsed Memory Amount of total configured memory available for use. ο • ο ο

Used n Stats Type: absolute
n Unit: kiloBytes
swapUsed Memory Sum of the memory swapped by all powered-on virtual machines on the ο • ο ο
Swap Used host.
n Unit: kiloBytes
swapIn Memory Amount of memory swapped in for the Service Console. Use this counter ο • ο ο
Swap In to determine whether to increase the amount of memory dedicated to the
service console.
n Stats Type: rate
swapOut Memory Amount of memory swapped out for the Service Console. Use this counter ο • ο ο
Swap Out to determine whether to decrease the amount of memory dedicated to the
service console.
n Stats Type: rate
Memory Metrics
The memory metric group tracks memory statistics for virtual machines, hosts, resource pools, and compute
resources.
Interpret the data counter definitions in the context of the entity to which it applies, as follows:
n For virtual machines, memory refers to guest physical memory. Guest physical memory is the amount of
physical memory presented as a virtual-hardware component to the virtual machine, at creation time, and
made available when the virtual machine is running.
n For hosts, memory refers to machine memory. Machine memory is the random-access memory (RAM)
that is actually installed in the hardware that comprises the ESX/ESXi host.
Table C-5 lists the memory data counters.
NOTE Only a subset of memory counters appear in the overview charts. To view all memory data counters,
use the advanced performance charts.
342 VMware, Inc.

Table C-5. Memory Data Counters

Entity
active Memory Active Amount of memory actively used, as estimated by VMkernel. • • • •

Active memory is based on the current workload of the virtual
machine or host.
VM Amount of guest physical memory in use by

the virtual machine. Active memory is
estimated by VMkernel statistical sampling
and represents the actual amount of
memory the virtual machine needs.
Host Sum of the active guest physical memory of

all powered on virtual machines on the
host, plus memory used by basic VMKernel
applications on the host.

n Unit: KiloBytes
consumed Memory • • • •
VM Amount of guest physical memory
Consumed
consumed by the virtual machine for guest
memory. Consumed memory does not
include overhead memory. It includes
shared memory and memory that might be
reserved, but not actually used. It does not
include overhead memory.
vm consumed memory = memory granted -
memory saved due to memory sharing
Host Amount of machine memory used on the

host. Consumed memory includes memory
used by virtual machines, the service
console, VMkernel, and vSphere services,
plus the total consumed memory for all
running virtual machines.
host consumed memory = total host
memory - free host memory
Cluster Amount of host machine memory used by

all powered on virtual machines in the
cluster. A cluster's consumed memory
consists of virtual machine consumed
memory and overhead memory. It does not
include host-specific overhead memory,
such as memory used by the service console
or VMkernel.

n Unit: KiloBytes
VMware, Inc. 343

Table C-5. Memory Data Counters (Continued)

Entity
granted Memory • • • •
VM The amount of guest physical memory that
Granted
is mapped to machine memory. Includes
shared memory amount. The amount of
guest physical memory currently mapped
to machine memory, including shared
memory, but excluding overhead.
Host The total of all granted metrics for all

powered-on virtual machines, plus
memory for vSphere services on the host.

n Unit: kiloBytes
heap Memory Heap Amount of VMkernel virtual address space dedicated to VMkernel ο • ο ο
main heap and related data.
n Unit: kiloBytes
heapfree Memory Heap Amount of free address space in the VMkernel’s main heap. Heap • ο ο ο
Free Free varies, depending on the number of physical devices and
various configuration options. There is no direct way for the user
to increase or decrease this statistic.
n Unit: kiloBytes
mementitlement Worst Case Memory allocation as calculated by the VMkernel scheduler based ο • ο ο
Allocation on current estimated demand, and the reservation, limit, and
(virtual shares policies set for all virtual machines and resource pools in
machine the host or cluster.
Resource This counter is for internal use only and is not useful for
Allocation tab) performance monitoring.
n Unit: megaBytes
memUsed Memory Used Amount of used memory. Sum of the memory used by all powered ο • ο ο
on virtual machines and vSphere services on the host.
n Unit: kiloBytes
344 VMware, Inc.


Entity
overhead Memory Amount of additional machine memory allocated to a virtual • ο ο ο

Overhead machine for overhead. The overhead amount is beyond the
reserved amount.
VM Amount of machine memory used by the

VMkernel to run the virtual machine.
Host Total of all overhead metrics for powered-

on virtual machines, plus the overhead of
running vSphere services on the host.

n Unit: kiloBytes
reservedCapacity Memory Total amount of memory reservation used by powered on VMs ο • ο •

Reserved and vSphere services on the host. Includes overhead amount.
n Unit: megaBytes
shared Memory • • ο ο
VM Amount of guest physical memory that is
Shared
shared with other virtual machines
(through the VMkernel’s transparent page-
sharing mechanism, a RAM de-duplication
technique). The value of shared includes the
size of the zero memory area.
Host Sum of the shared memory values of all

powered-on virtual machines, plus the
amount for the vSphere services on the host.
The host’s Memory Shared may be larger
than the amount of machine memory if
memory is overcommitted (the aggregate
virtual machine configured memory is
much greater than machine memory). The
value of this statistic reflects how effective
transparent page sharing and memory
overcommitment are for saving machine
memory.

n Unit: kiloBytes
sharedcommon Memory Amount of machine memory that is shared by all powered-on • • ο ο

Shared virtual machines and vSphere services on the host.
Common Memory Shared - Memory Shared Common = Host memory
saved by sharing
n Unit: kiloBytes
VMware, Inc. 345


Entity
state Memory State Amount of free machine memory on the host. VMkernel has four • • ο ο
free-memory thresholds that affect the mechanisms used for
memory reclamation.
0 (High) Free memory >= 6% of machine memory

- service console memory
1 (Soft) Free memory >= 4% of machine memory

2 (Hard) Free memory >= 2% of machine memory

3 (Low) Free memory >= 1% of machine memory

For 0 and 1, swapping is favored over ballooning. For 2 and 3,

ballooning is favored over swapping.
n Unit: number
swapin Memory Swap Amount of memory that has been swapped in to memory from • • ο ο
In disk.
VM Total amount of memory data that has been

read in from the virtual machine’s swap file
to machine memory by the VMkernel. This
statistic refers to VMkernel swapping and
not to guest OS swapping.
Host Sum of memory swapin of all powered on

VMs on the host.

n Unit: kiloBytes
swapinRate Memory Swap Rate at which memory is swapped from disk into active memory • • ο ο
In Rate during the current interval. This counter applies to virtual
machines and is generally more useful than the swapin counter to
determine if the virtual machine is running slow due to swapping,
especially when looking at real-time statistics.
n Stats Type: rate
346 VMware, Inc.


Entity
swapout Memory Swap Amount of memory that has been swapped out to disk. • • ο ο
Out
VM Total amount of memory data that has been
written out to the virtual machine’s swap
file from machine memory by the
VMkernel. This statistic refers to VMkernel
swapping and not to guest OS swapping.
Host Sum of Memory Swap Out of all powered

on VMs on the host.

n Unit: kiloBytes
swapoutRate Memory Swap Rate at which memory is being swapped from active memory to • • ο ο
Out Rate disk during the current interval. This counter applies to virtual
machines and is generally more useful than the swapout counter
to determine if the virtual machine is running slow due to
swapping, especially when looking at real-time statistics.
n Stats Type: rate
swapped Memory Current amount of guest physical memory swapped out to the • ο ο ο
Swapped virtual machine’s swap file by the VMkernel. Swapped memory
stays on disk until the virtual machine needs it. This statistic refers
to VMkernel swapping and not to guest OS swapping.
swapped = swapin +swapout
n Unit: kiloBytes
swaptarget Memory Swap Amount of memory available for swapping. • ο ο ο

Target Target value for the virtual machine swap size, as determined by
the VMkernel. The VMkernel sets a target for the level of swapping
for each virtual machine, based on a number of factors.
If Memory Swap Target is greater than Memory Swap, then the
VMkernel will start swapping, causing more virtual machine
memory to be swapped out. This will generally happen quickly. If
Memory Swap Target is less than Memory Swap, then the
VMkernel will stop swapping.
Since swapped memory stays swapped until the virtual machine
accesses it, Memory Swapped can be greater than Memory Swap
Target, possibly for a prolonged period of time. This simply means
that the swapped memory is not currently needed by the virtual
machine and is not a cause for concern.
n Unit: kiloBytes
VMware, Inc. 347


Entity
swapunreserved Memory Swap Amount of memory that is unreserved by swap. ο • ο •

Unreserved n Stats Type: absolute
n Unit: kiloBytes
swapused Memory Swap Amount of memory that is used by swap. Sum of Memory ο • • •
Used Swapped of all powered on virtual machines and vSphere services
on the host.
n Unit: kiloBytes
sysUsage Memory Used Amount of memory used by the VMkernel. Amount of machine • • • •
by VMkernel memory used by the VMkernel for “core” functionality (such as its
own internal uses, device drivers, etc). It does not include memory
used by VMs or by vSphere services.
n Unit: kiloBytes
totalmb Memory Total Total amount of machine memory of all hosts in the cluster that is ο ο ο •
available for virtual machine memory (physical memory for use
by the Guest OS) and virtual machine overhead memory.
Memory Total = Aggregate host machine memory - (VMkernel
memory + Service Console memory + other service memory)
n Unit: megaBytes
n VC/ESX: Yes/No
unreserved Memory Amount of memory that is unreserved. Memory reservation not ο • ο ο

Unreserved used by the Service Console, VMkernel, vSphere services and other
powered on VMs’ user-specified memory reservations and
overhead memory.
NOTE This statistic is no longer relevant to virtual machine
admission control, as reservations are now handled through
resource pools.
n Unit: kiloBytes
348 VMware, Inc.


Entity
usage Memory Usage Memory usage as percentage of total configured or available • • ο ο

memory.
VM memory usage = memory active ÷

virtual machine physical memory
size
Host memory usage = memory consumed ÷

host configured memory size
Cluster memory usage = memory consumed +

memory overhead ÷ effectivemem

n Unit: percent
vmmemctl Memory Amount of memory allocated by the virtual machine memory • • • •

Balloon control driver, which is installed with VMware Tools.
VM Amount of guest physical memory that is

currently reclaimed from the virtual
machine through ballooning. This is the
amount of guest physical memory that has
been allocated and pinned by the balloon
driver.
Host Sum of Memory Balloon of all powered on

virtual machines and vSphere services on
the host. If the balloon target value is greater
than the balloon value, the VMkernel
inflates the balloon, causing more virtual
machine memory to be reclaimed. If the
balloon target value is less than the balloon
value, the VMkernel deflate the balloon,
which allows the virtual machine to
consume additional memory if needed.
Virtual machines initiate memory reallocation. Therefore, it is

possible to have a balloon target value of 0 and balloon value
greater than 0.
n Unit: kiloBytes
VMware, Inc. 349


Entity
vmmemctltarget Memory Amount of memory that can be used by memory control. • ο ο ο

Balloon Target This is the target value for the virtual machine’s Memory Balloon
value, as determined by the VMkernel. The VMkernel sets a target
for the level of ballooned memory for each virtual machine, based
on a number of factors.
If Memory Balloon Target is greater than Memory Balloon, the
VMkernel inflates the balloon, causing more virtual machine
memory to be reclaimed and Memory Balloon to increase.
If Memory Balloon Target is less than Memory Balloon, the
VMkernel deflates the balloon, allowing the virtual machine to
map/consume additional memory if it needs it. Memory Balloon
decreases as the VMkernel deflates the balloon.
n Unit: kiloBytes
zero Memory Zero Amount of memory that is zeroed out (contains only 0s). This • • ο ο
statistic is included in Memory Shared.
VM Amount of guest physical zero memory that

is shared through transparent page sharing.
Zero memory is simply memory that is all
zeroes.
Host Sum of Memory Zero of all powered on

VMs and vSphere services on the host.

n Unit: kiloBytes
Network Metrics
The network metric group tracks network utilization for both physical and virtual NICs (network interface
controllers) and other network devices, such as the virtual switches (vSwitch), that support connectivity among
all vSphere components (virtual machines, VMkernel, host, and so on).
Table C-6 lists the network data counters.
Table C-6. Network Data Counters

Entity
droppedRx droppedRx Number of receive packets dropped during the collection interval. • • ο ο
n Stats Type: delta
n Unit: number
droppedTx droppedTx Number of transmit packets dropped during the collection interval. • • ο ο
n Stats Type: delta
n Unit: number
350 VMware, Inc.

Table C-6. Network Data Counters (Continued)

Entity
packetsRx Network Number of packets received during the collection interval. • • ο ο

Packets
Received VM Number of packets received by each vNIC
(virtual network interface controller) on the
virtual machine.
Host Total number of packets received on all virtual

machines running on the host.
n Stats Type: delta

n Unit: number
packetsTx Network Number of packets transmitted during the collection interval. • • ο ο

Packets
Transmitted VM Number of packets transmitted by each vNIC on
Host Number of packets transmitted across each

physical NIC instance on the host.
n Stats Type: delta

n Unit: number
received Network Data Average rate at which data was received during the collection interval. • • ο ο
Receive Rate This represents the bandwidth of the network.
VM Rate at which data is received across each vNIC

on the virtual machine.
Host Rate at which data is received across each

n Stats Type: rate

n Unit: megabitsPerSecond
VMware, Inc. 351

Table C-6. Network Data Counters (Continued)

Entity
transmitted Network Data Average rate at which data was transmitted during the collection interval. • • ο ο
Transmit Rate This represents the bandwidth of the network.
VM Rate at which data is transmitted across each

vNIC on the virtual machine.
Host Rate at which data is transmitted across each

n Stats Type: rate

n Unit: megabitsPerSecond
usage Network Sum of the data transmitted and received during the collection interval. • • ο ο
Usage
VM Sum of data transmitted and received across all
virtual NIC instances connected to the virtual
machine.
Host Sum of data transmitted and received across all

physical NIC instances connected to the host.
n Stats Type: rate

n Unit: Mbps
n Rollup Type: average(min/max)
Storage Utilization Metrics

The disk metric group tracks statistics for datastore utilization.
A datastore provides an abstraction of the underlying LUNs (logical unit numbers), which provide the actual
physical storage. Storage is made-up of various files on the server, including swapfiles, virtual disk files,
snapshot files, configuration files, and log files. The file type is used for the instance property of the metric ID.
The storage utilization counters measure various aspects of datastore space. Data counters that measure an
aggregate amount take into account the entire datastore.
Table C-7 lists the storage utilization data counters.
NOTE Storage metrics appear only in the overview performance charts.
Legend:
n D = Datastores
n V = Virtual Machines
n F = Filetypes
352 VMware, Inc.

Table C-7. Storage Utilization Data Counters

Entity
Counter Label Description D V F
capacity Storage Configured size of the datastore. • ο ο

n Unit: kiloBytes
provisioned Allocated Amount of physical space allocated by an administrator for the datastore. • • ο
Provisioned space is not always in use; it is the storage size up to which
files on a datastore or virtual machine can grow. Files cannot expand
beyond this size.
n Unit: kiloBytes
unshared Not-shared Amount of datastore space that belongs only to the virtual machine and is • • ο
not shared with other virtual machines. Only unshared space is guaranteed
to be reclaimed for the virtual machine if, for example, it is moved to a
different datastore and then back again. The value is an aggregate of all
unshared space for the virtual machine, across all datastores.
n Unit: kiloBytes
used Used Amount of space actually used by a virtual machine or a datastore. The • • •
used amount can be less than the amount provisioned at any given time,
depending on whether the virtual machine is powered-off, whether
snapshots have been created, and other such factors.
n Unit: kiloBytes
System Metrics
The system metric group tracks statistics for overall system availability. These counters are available directly
from ESX and from vCenter Server.
Table C-8 lists the system data counters.
NOTE The system metrics appear only in the advanced performance charts, and only for hosts and virtual
machines.
VMware, Inc. 353

Table C-8. System Data Counters

Entity
heartbeat Heartbeat Number of heartbeats issued per virtual machine • • ο ο

during the interval.
n Stats Type: delta
n Unit: number
n Rollup Type: sum
resourceCpuUsage Resource CPU Usage Amount of CPU used during the interval by the Service • • ο ο
Console and other applications.
n Stats Type: rate
n Unit: megaHertz
uptime Uptime Total time elapsed, in seconds, since last system • • ο ο

startup.
n Unit: second
Virtual Machine Operations Metrics

The virtual machine operations metric group (vmop) tracks virtual machine power and provisioning
operations in a cluster or datacenter.
Table C-9 lists the virtual machine operations data counters.
NOTE The vmops metrics appear only in the advanced performance charts.
Table C-9. Virtual Machine Operations Data Counters

Counter Label Description
numChangeDS VM datastore change Number of datastore change operations for powered-off and suspended
count (non-powered- virtual machines.
on VMs) n Stats Type: absolute
n Unit: number
numChangeHost VM host change count Number of host change operations for powered-off and suspended
(non-powered-on VMs.
VMs) n Stats Type: absolute
n Unit: number
numChangeHostDS VM host and Number of host and datastore change operations for powered-off and
datastore change suspended virtual machines.
count (non-powered- n Stats Type: absolute
on VMs) n Unit: number
354 VMware, Inc.

Table C-9. Virtual Machine Operations Data Counters (Continued)

numClone VM clone count Number of virtual machine clone operations.

n Unit: number
numCreate VM create count Number of virtual machine create operations.

n Unit: number
numDeploy VM template deploy Number of virtual machine template deploy operations.

count n Stats Type: absolute
n Unit: number
numDestroy VM delete count Number of virtual machine delete operations.

n Unit: number
numPoweroff VM power off count Number of virtual machine power off operations.
n Unit: number
numPoweron VM power on count Number of virtual machine power on operations.

n Unit: number
numRebootGuest VM guest reboot Number of virtual machine guest reboot operations.

n Unit: number
numReconfigure VM reconfigure count Number of virtual machine reconfigure operations.

n Unit: number
numRegister VM register count Number of virtual machine register operations.

n Unit: number
VMware, Inc. 355

Table C-9. Virtual Machine Operations Data Counters (Continued)

numReset VM reset count Number of virtual machine reset operations.

n Unit: number
numShutdownGuest VM guest shutdown Number of virtual machine guest shutdown operations.

n Unit: number
numStandbyGuest VM standby guest Number of virtual machine standby guest operations.

n Unit: number
numSuspend VM suspend count Number of virtual machine suspend operations.

n Unit: number
numSVMotion Storage VMotion Number of migrations with Storage VMotion (datastore change
count operations for powered-on virtual machines).
n Unit: number
numUnregister VM unregister count Number of virtual machine unregister operations.

n Unit: number
numVMotion VMotion count Number of migrations with VMotion (host change operations for
powered-on virtual machines).
n Unit: number
356 VMware, Inc.

Index
A creating 251
access definition 17
permissions 213 disabling 256
privileges 297 disabling actions 259
access privileges components 21 exporting alarm definitions 256
Active Directory, vCenter Server settings 48 general settings 252
Active Directory Application Mode 31 identifying triggered alarms 257
Active Directory Timeout 223 managing 255
active sessions, send messages 50 managing actions 259
ADAM 31 preconfigured vSphere alarms 262
adapters privileges 298
Ethernet 145, 162 removing 257
paravirtual SCSI 118, 164, 165 reporting settings 255
SCSI 119 resetting triggered event alarms 257
Add Hardware wizard 159 setting up triggers 253
adding, hosts 78, 79 SMTP settings 248
admin option, definition 17
SNMP traps 247
advanced search 42
triggering on events 292
alarm action scripts, environment variables 249
triggers 236
alarm actions
about disabling 247 viewing 40, 258
disabled, identifying 259 viewing triggered alarms 258
analysis
disabling 259
confidence metric 95
email notification 49, 262
guided consolidation 94
enabling 259
annotations 43
removing 260
run a command 260 B
running scripts 249 baselines, security 21
substitution parameters 250 best practices
alarm triggers groups 213
condition-state components 237
permissions 224
condition/state triggers 237
roles 224
datastore conditions/states 240
users 213
event 241
boot settings 152
event trigger components 241
BusLogic 119
host conditions/states 239
setting for conditions/states 253 C
setting for events 254 cable/interconnect, health monitoring 83
virtual machine conditions/states 238 charts
alarms customizing advanced charts 275
about 235 exporting data 275
acknowledging triggered alarms 255 saving data to a file 275
actions 246 clones, concept 167
alarm reporting 251 cloning
changing 255 templates 167, 169
VMware, Inc. 357

vApps 113 tasks 96

virtual machines 168, 172 troubleshooting 97
cluster services metrics 332 conversion recommendation 96
clusters converting, virtual machines to templates 168
adding 73 converting physical systems, disk resizing 95
EVC 191, 192 core dumps 70
event triggers 244 CPU
removing hosts 81 advanced settings 156
requirements for enabling EVC 190 compatibility masks 193
shared storage 187 configuration 150
cold migration 185, 186 performance 277
collection intervals CPU compatibility
about 267 EVC 190
configuring 268 for VMotion 188
enabling and disabling 269 masks 193
collection levels SSE3 190
about 270 SSE4.1 considerations 190
best practices 270 SSSE3 190
guidelines 271 CPU families 189
command-line interface, remote 29 CPU features
commands, service console 29 kernel level 188
communities, SNMP 52 user-level 188
components
CPU Identification Mask 152
access privileges 21
CPU metrics 333
datastore 15
CPU settings 155
ESX/ESXi 15
CPUs, health monitoring 83
functional 17
creating vApps 106
host agent 15
credentials
license server 15
consolidation 93
managed 19
vCenter Guided Consolidation 93
vCenter Server 15 custom attributes, adding 44
vCenter Server agent 15 customization specifications 181
vCenter Server database 15
vSphere 15 D
condition and state triggers 236 data counters
condition/state alarm triggers cluster services 332
datastores 240 cpu 333
hosts 239 disk 337
virtual machines 238 management agent 341
configuration files, virtual machines 200 memory 342
console, service, the 29 network 350
consoles, virtual machines 41
storage 352
consolidation
analysis results 95 system 353
cache 97 virtual machine operations 354
database, vCenter Server 15, 48
confidence metric 95
databases, preparing 31
credentials 93 datacenters
first use 90 adding 74
limits 97 event triggers 244
prerequisites 90 privileges 299
services 90, 93 topology maps 231
settings 90, 93 Datastore Browser 75
358 VMware, Inc.

Index
datastores ESX
about 15, 19 configuring SNMP 51
condition/state alarm triggers 240 shut down 26
event triggers 243 ESX/ESXi
performance 281 about 15
privileges 299 adding to vCenter Server 78
relocate virtual machine files 195 diagram 135
select 117 hosts 77
deploying, OVF templates 101 manage 135
DHCP 29 rebooting 25
DHCP settings 112 shutdown 25
diagnostic data syslog service 68
export 66 ESX/ESXi hosts, start 25
exporting 68 ESXi, configuring SNMP 51
diagnostics, SNMP 65 Ethernet adapters 145, 162
Directory Services 34 EVC
disk formats configuring 193
thick provisioned 120 creating a cluster 191
thin provisioned 120 enabling on a cluster 192
disk I/O, performance 278 requirements 190
disk metrics 337 supported processors 190
disk resizing 95 EVC mode 193
disks event triggers
clustering features 120 clusters 244
format 166 datacenters 244
independent 205 datastores 243
modes 163 dvPort groups 245
resources 158 hosts 243
sharing 120 networks 245
thin vs. thick 168 virtual machines 242
think vs. thick 169 vNetwork distributed switch 245
virtual 119, 120 events
distributed virtual port groups, privileges 300 about 290
distribution groups, Active Directory 212 about viewing 290
DNS 35 definition 17
DNS settings, networks, DNS settings 112 exporting 292
Do Not Create A Disk option 121 filtering for hosts and datacenters 291
domain, changing for vCenter Server 34 filtering using keywords 291
domain controller 35 viewing 290
domains, active 94 exporting
DVD/CD-ROM,, See optical drives diagnostic data 68
dvPorts, event triggers 245 lists 43
logs 68
E OVF templates 101, 104
e1000 162 vCenter Server data 46
editing vApp properties 108 extensions
privileges 302
email notification, setting up 49, 262
troubleshooting 46
Enhanced VMotion Compatibility, See EVC
enhanced vmxnet 162
F
environment variables, alarm actions 249 fans, monitoring 83
error logs, VMkernel 70
Fibre Channel NPIV 150, 152
filtering, lists 43
VMware, Inc. 359

firewall Guided Consolidation, recommendations 96

configure communication 49
network-based 36 H
Windows 36 hardware
floppy drives 145, 146, 161 add 159
folders health troubleshooting 85
adding 74 monitoring 84
privileges 302 virtual machine 145, 158
functional components 17 hardware health, troubleshooting 85
HBA 152
G host disk allocation 158
Getting Started tabs host health 83
disabling 40 host profiles, privileges 308
restoring 40 hosts
global data 32, 34 about 19, 77
global privileges 303 adding 73, 78–80
gpupdate /force command 35 CIM privileges 304
group policy update 35 condition/state alarm triggers 239
groups configuration privileges 304
best practices 213 configuring 47
definition 21 connecting to vCenter Server 80
modifying 213 custom attributes 43
removing 213 definition 19
requirements 31 disconnecting 80
searching 223 disconnecting from vCenter Server 80
guest customization ESX/ESXi 25
completing customization 183 event triggers 243
copying specifications 182 hardware monitoring 83
creating Linux specifications 180 health monitoring 84
creating Windows specifications 180 inventory privileges 306
editing specifications 182 local operations privileges 307
exporting specifications 182 managing 77
importing specifications 183 monitoring health 84
Linux customization during cloning or reconnecting 81
deployment 179
removing from cluster 81
Linux requirements 177
removing from vCenter Server 82
removing specifications 182
rescanning 159
SCSI disks 176
shutdown 26
setting up SCSI disks 176
hot add enablement 152
viewing Linux error log 183
HTTP and HTTPS ports, vCenter Server
viewing Windows error log 183 settings 48
virtual hardware requirements 176 hyperthreaded core sharing 156
Windows customization during cloning or hyperthreading 156
deployment 178
Windows requirements 176 I
guest operating systems
IDE,ATAPI 119
customization prerequisites 175
image files, ISO 145
install 122
independent disks 205
installing 122
information panels 40
naming requirements 178
installing
selecting 117
Microsoft Sysprep Tools 327
SNMP 55
plug-ins 45
GUID 35
360 VMware, Inc.

Index
VirtualCenter Server 31 logging in

VMware Tools 122 vSphere Client 27
interfaces 17 vSphere Web Access 28
Internet Explorer, security settings 85 logging out
inventory vSphere Client 28
definition 17 vSphere Web Access 28
objects, add 73 logs
collecting 69
searching 41
ESX 66
selecting objects 44
ESXi 66
topology maps 231
inventory objects export 68
adding 73 vCenter Server settings 48
moving 74 vSphere Client 66
naming 71 LSI logic 119
removing 74 LUNs 121, 163
inventory panels 40
IP address configuration 111 M
mail, vCenter Server settings 48
IP pools 111
man pages, service console 30
ISO image files 145
managed components 19
managed devices, MIB files 55
K managed entities, permissions 218
kernel-level CPU features 188
management agent metrics 341
maps
L definition 17
LDAP 32
exporting 229
legacy virtual machines, network adapters 162
hiding items 230
license server
diagram 135 moving items on a 230
vCenter Server settings 48 storage 229
Linked Mode viewing 73
and databases 32 memory
and permissions 32 health monitoring 83
groups 31 performance 279
reachability 34, 35 resources 157
requirements 31 virtual 118
roles 33 memory affinity 158
troubleshooting 35, 36 memory allocation 157
Linux memory metrics 342
guest, customize 175 metrics
install VMware Tools on 124 cluster services 332
Linux guest, VMware Tools upgrade (rpm cpu 333
installer) 127 disk 337
lists management agent 341
exporting 43 memory 342
filtering 43 network 350
load balancing 22 performance 331
Lockdown mode 78, 79 storage 352
log files system 353
collecting 69 virtual machine operations 354
ESX 69 MIB files 55
export 66 Microsoft Sysprep Tools
external 66 installing 327
turning off compression 70
VMware, Inc. 361

installing from CD 328 O

installing from Web 327 object identifiers (OIDs) 55
migrating object relationships, viewing 73
powered-off virtual machines 196 objects
powered-on virtual machines 197 inventory 71, 73
suspended virtual machines 196 selecting 44
virtual machine disks 198 Open Virtual Machine Format (OVF) 101
virtual machines with Storage VMotion 198 operating system, guest 122
with VMotion 197 optical drives 145, 160
migration OVF, browsing virtual appliance
about 185 marketplace 103
compatibility checks 199 OVF templates
of suspended virtual machines 186 deploying 101
relocate virtual machine files 195 exporting 104
Storage VMotion 195
with snapshots 195 P
with VMotion 186 panels 40
modules, See plug-ins parallel port 148
monitoring paravirtual SCSI 119
collection levels 271 paravirtual SCSI adapter 164
hardware 84 paravirtual SCSI adapters 118, 165
performance 277 paravirtualization 152
reports 227 PCI 152
PCI devices 164
N performance
naming requirements, guest operating advanced charts 274
systems 178 archiving statistics in vCenter database 271
NetWare 129 collection intervals, enabling and
network adapters disabling 269
e1000 162 collection levels
flexible 162 about 270
legacy virtual machines 162 using effectively 271
vmxnet 162 configuring collection intervals 268
vmxnet3 162 CPU 277
network metrics 350 data counters 266
networks Disk I/O 278
DHCP settings 112 memory 279
event triggers 245 metrics 331
health monitoring 83 monitoring 277
IP address configuration 111 network 280
performance 280 overview charts 273
privileges 308 performance chart types 272
requirements for VMotion 187 privileges 309
NICs statistics collection 265
configuration 148
statistics impact on vCenter Server
e1000 162 database 272
flexible 162 storage 281
vmxnet 162 troubleshooting 277
vmxnet3 162 performance charts
NPIV 150, 152 advanced charts
NUMA 157, 158 about 274
NUMA memory 157 deleting views 276
NX 189 viewing 274
362 VMware, Inc.

Index
chart types 272 host CIM 304

customizing advanced charts 275 host inventory 306
exporting data 275 host local operations 307
overview charts host profiles 308
about 273 network 308
viewing 273 performance 309
viewing Help 273 permission 310
saving data to a file 275 plug-ins 302
performance statistics 265 required for common tasks 225
permissions resource 310
access 213 scheduled tasks 312
assigning 213, 222 sessions 312
best practices 224 tasks 313
changing 223 vApps 313
inheritance 218, 220, 221 virtual machine 322
overriding 221 virtual machine configuration 315
privileges 310 virtual machine interaction 319
removing 224 virtual machine provisioning 323
search 41 virtual machine state 326
settings 220 vNetwork Distributed Switches 301
validating 222, 223 processors, health monitoring 83
vNetwork Distributed Switches 218 proxy server settings, networks, proxy server
physical compatibility mode 121 settings 113
plug-ins
disabling 45 R
downloading 45 raw device mappings, migrating 196
enabling 45 RDMs, See raw device mappings
installing 45 reconnecting hosts 81
managing 45 registry settings 36
privileges 302 remote, command-line interface 29
remote access, disabling 78, 79
removing 46
removing, plug-ins 46
troubleshooting 46 reporting, alarms 251
viewing installed 45 reports
ports exporting 228
for SNMP 53 filtering 228
parallel 160 monitoring 227
power, health monitoring 83
storage 229
power management 22
storage, displaying 228
power off, shutdown, versus 138 required privileges, for common tasks 225
power states rescanning, hosts 159
transitional 137
reservation 155
virtual machines 136
reset 136
printing, vSphere Client window 46
privileges resource maps
alarms 298 exporting 233
assigning 213 icons 232
configuration 304 interface controls 232
datacenter 299 printing 233
datastores 299 viewing 233
distributed virtual port groups 300 VMotion resources 232
resource pools
extension 302
adding 73
folders 302
selecting 116
global 303
VMware, Inc. 363

resources inventory objects 41, 42

CPU 155 simple search 41
definition 19 searching inventory, permissions 41
management 22 security, baselines 21
memory 157 security groups, Active Directory 212
security settings, Internet Explorer 85
privileges 310
select a datastore 117
storage 227
serial port 149, 159
virtual machine settings 155
restart service console
vCenter Server 26 commands 29
virtual machines 136 connection 29
resume, virtual machines 139 DHCP 29
roles man pages 30
best practices 224 remote command-line interface, versus 29
cloning 216 services
copy 216 consolidation 93
creating 215 syslogd 68
default 214 vCenter Server 37
editing 216 VMware Tools 122
in linked mode groups 33 sessions
privileges 312
privileges, lists of 297
viewing 49
removing 216, 224
vSphere Client, terminating 50
renaming 217
shares 155, 158
RPCCfg.exe 36
sharing, disks 120
rpm installer 127
shutdown, power off, versus 138
RPM installer 124
simple search 41
runtime settings, vCenter Server settings 48
SMASH 83
SMP, virtual 117
S SMTP
SAN LUNs 163 configuring email 49, 262
scheduled tasks configuring email notifications 248
about 285
vCenter Server settings 48
about canceling 288 snapshots
canceling 285 about 203
clone virtual machine 173 activity in virtual machine 204
creating 286 deleting 206
definition 17 exclude virtual disks from 205
privileges 312 manage 206
process rules 289 parent 207
removing 289 relationship between 204
rules 289 restoring 206
scheduling affinity 156 revert to 207
SCSI revert to parent 208
adapter 119 reverting to 207
paravirtual 119 taking 204
SCSI bus sharing 148 virtual machines, migrate 195
SCSI controller type 148 SNMP
SCSI device 147 communities 52
SDK 34, 35 configuring 50, 51, 261
search lists, adjusting for large domains 223 configuring for ESX 51
searching configuring for ESXi 51
advanced search 42 configuring traps 52, 247
364 VMware, Inc.

Index
diagnostics 54, 65 examples 201

GET 53 limitations 196
guest operating systems 55 requirements 196
management software 53 streaming multimedia, WYSE 132
polling 53 substitution parameters, alarm action
scripts 250
ports 53
suspend, virtual machines 138
traps 50
swapfile 150
vCenter Server settings 48
syslog 68
VMWARE-ENV-MIB 56
Sysprep Tools
VMWARE-OBSOLETE-MIB 57 installing 327
VMWARE-PRODUCTS-MIB 60 installing from CD 328
VMWARE-RESOURCES-MIB 60 installing from Web 327
VMWARE-ROOT-MIB 56 system logs
VMWARE-SYSTEM-MIB 61 configuring 69
VMWARE-TC-MIB 61 definition 17
VMWARE-VC-EVENT-MIB 62 ESX 66
VMWARE-VMINFO-MIB 62 ESXi 66
Solaris 128 VMkernel 70
SSE3, CPU compatibility 190 system metrics 353
SSE4.1, CPU compatibilty 190 Systems Management Architecture for Server
SSH 29 Hardware, See SMASH
SSL, vCenter Server 48
SSL certificate 81 T
tabs, Getting Started 40
SSSE3, CPU compatibility 190
tar installer 125
standby 136
tasks
starting, vSphere Client 27
about 283
startup 140
canceling 285
statistics
clone virtual machine 173
about vCenter Server data 265
definition 17
archiving statistics in vCenter database 271
filtering on hosts and datacenters 284
collection intervals, enabling and
disabling 269 filtering with keywords 285
collection levels guidelines 289
about 270 privileges 313
using effectively 271 removing scheduled tasks 289
data counters 266 rescheduling 288
performance 331 rules 289
vCenter Server database calculator 272 scheduled, about 285
vCenter Server settings 48 scheduling 286
status bar 40 viewing 40, 283
storage viewing all tasks 284
customizing reports 229 viewing recent tasks 284
health monitoring 83 viewing scheduled tasks 284
maps 229 Telnet 29
monitoring 227 temperature, monitoring 83
performance 281 templates
reports, displaying 228 about 17
storage maps, displaying 229 cloning 168, 169
storage metrics 352 concept 167
storage resources, monitoring 227 converting virtual machines to 168
Storage VMotion create 167
command-line syntax 200
creating 168
VMware, Inc. 365

delete 171 removing 222

deleting 172 searching 223
deploy virtual machines 170 vCenter 212
edit 169 utilities, VMware Tools 122
removing from inventory 171
renaming 170 V
vApps
return to vCenter Server 140
adding objects to 108
returning to inventory 172
cloning 113
unregister 171
creating
virtual machines, convert to 171 allocating resources 107
thick provisioned disks 168, 169 completing creation 107
thin provisioned disks 166, 168, 169 selecting destination 106
Thin Provisioning 120 creating new objects inside 107
time zones 288 DNS settings 112
timeout, vCenter Server settings 48 edit properties
traps, configuring SNMP traps 52 network configuration 109
triggered alarms
resources 109
acknowledging 255
view license agreement 109
identifying 257
triggers, condition and state 237 editing annotaton 114
troubleshooting editing properties
available domains list 98, 99 advanced IP allocation 111
collecting performance data 98 advanced properties 110
consolidation 97 startup options 108
CPU performance 277 view additional OVF sections 110
datastore performance 281 editing properties;custom properties 111
disable guided consolidation 99 IP address configuration 111
Disk I/O performance 278 IP pools 111
extensions 46 managing 105
hardware health 85 naming 106
Linked Mode 34, 35 populating 107
log files 65, 69 powering off 114
memory performance 279 powering on 114
network performance 280 privileges 313
performance 277 proxy server settings 113
plug-ins 46 wizard 106
uninstall Guided Consolidation 99 vCenter Colletor Service 93
vCenter Server performance 97 vCenter database, archiving statistics,
about 271
U vCenter Guided Consolidation
upgrading, VMware Tools 122, 124, 125, 130, active domains 94
131 analysis 94
upgrading,VMware Tools 127 credentials 93
upgradingi, VMware Tools 122, 124, 125, 130, disk resizing 95
131 overview 89
URLs, configuring 34, 35 populating the Add to Analysis dialog box 94
USB controller 166 vCenter Guided Consolidation,manual
user-level CPU features 188 conversion 96
users vCenter Linked Mode 31, 212
Active Directory 212 vCenter Provider Service 93
best practices 213 vCenter Server
definition 21 about 15
host 212 active sessions, view 49
366 VMware, Inc.

Index
adding hosts 78 virtual machine hardware, virtual disks 147

agent 15 virtual machine hardware version,
changing domain 34 determining 144
communication through firewall 49 virtual machine operations metrics 354
configuration 48 virtual machine wizard 116
configuring 47 virtual machines
about scheduling power states 139
configuring SNMP 51, 261
acceleration 152
configuring URLs 34, 35
add existing 139
custom attributes 43
adding 73
database 15, 48
adding, about 139
diagram 135
advanced settings 152
events 290
boot settings 152
joining a group 32, 34
cloning 172
performance statistics 265
completing 122
plug-ins 15
condition/state alarm triggers 238
plugins 21
configuration files 200
removing hosts 82
configuration privileges 315
requirements for joining a group 31
configure 143
restarting 26
convert 21
SNMP 50
copy disks 75
start 26
CPU compatibility masks 193
stop 26, 27
CPU configuration 150
templates, unregister 171
CPU settings, resource 155
verify on Windows 26
vCenter Server database CPU, settings, advanced 156
collection intervals, enabling and CPUID Mask settings 152
disabling 269 creating 115
configuring collection intervals 268 custom attributes 43
statistics impact calculation 272 definition 19
vCenter Server services, monitoring 37 deploy from templates 170
vCenterServer.VimApiUrl 34, 35 disk settings 158
vCenterServer.VimWebServicesUrl 34, 35 editing 144
verbose logging, configuring 69 Ethernet adapter 162
version, virtual machine 117 event triggers 242
virtual compatibility mode 121 Fibre Channel NPIV settings 152
virtual device node 147 floppy drives 146, 161
virtual disks guest operating system 122
configuration 147
guest operating system customization 175
determining path 201
guest operating system settings 151
formats 120
hard disks 163
migrating 201
hardware 145, 158
sharing 120
hardware version 143
thick format 166
hot add enablement 152
thin format 166
interaction privileges 319
virtual Ethernet adapter configuration 148
inventory privileges 322
virtual machine
log settings 152
creating 115
memory 147
hardware 159
memory settings 157
memory 157
virtual machine configuration migrating 186, 196, 198
Fibre Channel NPIV 150 migrating with VMotion 186
swapfile location 150 migration 185
VMware, Inc. 367

name 116, 151 swapfile considerations 194

NIC 162 virtual machine requirements 194
NICs 118 VMware Converter Enterprise, about 21
optical drives 160 VMware Data Recovery 22
options 150 VMware DRS 22
parallel port 160 VMware High Availability (HA) 22
paravirtualization settings 152 VMware SDK 22
power management settings 152 VMware Server 15
power states 136 VMware Service Console 17
properties 143, 144 VMware Tools
provisioning privileges 323 automate upgrades 130
remove from the datastore 140 custom install 131
remove from vCenter Server 139 installing 122, 124
requirements for VMotion 194 Linux 124
resource settings 155 NetWare 129
resume 139 properties 130
return to vCenter Server 140 RPM installer 124, 125
scheduled task to clone 173 settings 151
SCSI devices 164 Solaris 128
security compliance 21 tar installer 125
selecting guest operating systems 117 upgrading 122, 124, 130, 131
serial port 159 WYSE 132
shutdown 140 VMware Tools upgrade, Linux (rpm
installer) 127
snapshots 203
VMware Update Manager 21
startup 140
VMware vCenter Management Webservices 93
state privileges 326
VMware vCenter Orchestrator 22
statistic collection settings 152
VMware Virtual SMP 117
suspend 138
VMWARE-ENV-MIB, definitions 56
templates, convert from 171
VMWARE-OBSOLETE-MIB, definitions 57
templates, convert to 167 VMWARE-PRODUCTS-MIB, definitions 60
upgrade version 143 VMWARE-RESOURCES-MIB, definitions 60
version 117 VMWARE-ROOT-MIB, definitions 56
view console 41 VMWARE-SYSTEM-MIB, definitions 61
virtual disks 201 VMWARE-TC-MIB, definitions 61
VMware Tools settings 151 VMWARE-VC-EVENT-MIB, definitions 62
VMWARE-VMINFO-MIB, definitions 62
See also templates, clones
vmxnet 162
virtual memory 118
vmxnet3 162
VMI paravirtualization 152
vNetwork distributed switches, event
VMkernel, logs 70
triggers 245
VMotion
vNetwork Distributed Switches
compatibility checks 188, 199
permission 218
migrating virtual machines with 197
privileges 301
network requirements 187 vpxd, log files 70
NX and XD considerations 189 vShield 22
requirements 187 vSphere
resource maps 232 components 25
SSE3 considerations 190 components of 15
SSE4.1 190 diagram 135
SSSE3 considerations 190 vSphere Client
storage requirements 187 about 39
communication through firewall 49
368 VMware, Inc.

Index
diagram 135 W
logging in 27 watchdog, health monitoring 83
logging out 28 Web Service, vCenter Server settings 48
logs 66 Windows, guest operating system
customization 175
panels 40
WWN 152
printing data 46
WYSE, install 132, 133
sessions 49, 50
WYSE multimedia 132
starting 27
stop 28
X
vSphere Web Access
logging in 28 X terminal 124
logging out 28 XD 189
VWS 34, 35
VMware, Inc. 369

370 VMware, Inc.

vSphere Web Access Administrator's
Guide
vSphere Web Access 4.0
vCenter Server 4.0
ESX 4.0
EN-000128-01
vSphere Web Access Administrator's Guide
©
2008, 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About This Book 7
1 Introducing VMware vSphere Web Access 9

About vSphere Web Access 9
Key Features of vSphere Web Access 10
Meeting System Requirements for Clients Running vSphere Web Access 10
2 Getting Started with vSphere Web Access 13

Run the vSphere Web Access Service on an ESX Host 13
Run the vSphere Web Access Service on vCenter Server 14
Connect to vSphere Web Access 14
Log Out of vSphere Web Access 14
3 Managing Virtual Machines with vSphere Web Access 15

Add a Virtual Machine to the Inventory 15
Create a Virtual Machine with vSphere Web Access 16
About VMware Remote Console 25
Managing VMware Tools 28
Virtual Machine Tasks, Alarms, and Events 30
Creating Virtual Machine Shortcuts 31
Upgrade the Virtual Machine Hardware Version 32
Change the Power State of a Virtual Machine 33
Delete a Virtual Machine 33
4 Configuring Virtual Machine Options and Resources 35

Changing the Hardware Configuration of Virtual Machines 35
Removing Hardware Components from a Virtual Machine 40
Changing Virtual Machine Settings and Options 43
5 Adding Hardware to a Virtual Machine 49

Add Hardware to a Virtual Machine 49
6 Creating and Managing Snapshots 57

When Not to Take a Snapshot 58
Snapshots and Logging Changes 58
Take a Snapshot 58
Revert to a Snapshot 59
Remove a Snapshot 59
Set Snapshot Power Off Options 59
VMware, Inc. 3
7 Troubleshooting vSphere Web Access Errors 61

Browser Service Unavailable Error 503 61
VMware Remote Console Does Not Load in Internet Explorer 62
VMware Remote Console Does Not Load in Firefox 63
Problems Installing Software on a Guest Operating System 63
Problems Performing Virtual Machine Power Operations 63
Unsupported Version of Firefox 64
Web Proxy Does Not Support IPv6 Addresses 64
Index 67
4 VMware, Inc.
Updated Information
This vSphere Web Access Administrator's Guide is updated with each release of the product or when necessary.
This table provides the update history of the vSphere Web Access Administrator's Guide.
EN-000128-01 n The topic “Add a USB Controller to the New Virtual Machine,” on page 23 now
states that connected USB devices cannot be used in a virtual machine.
n In topic “Modify a Network Adapter,” on page 39, step 2 now states selecting a
network from the drop-down menu as the only option for configuring a network.
n Minor revisions in topic “Change Virtual Machine Settings Associated with the
Host,” on page 44.
n Topic “Adding a Virtual Hard Disk,” on page 49 now mentions local and remote
VMFS SANs as possible datastore locations.
n The topic “Add a Named Pipe Serial Port,” on page 53 now mentions Windows
and Linux guests.
n The topic “Add a Passthrough SCSI Device,” on page 54 now mentions Windows
and Linux guests.
n The topic “Add a USB Controller,” on page 55 now states that connected USB
devices cannot be used in a virtual machine.
VMware, Inc. 5
6 VMware, Inc.
About This Book
This documentation provides information on how to create, configure, and manage virtual machines for
® ® ®
VMware ESX and VMware vCenter Server by using VMware vSphere Web Access.
Intended Audience
This book is intended for anyone who wants to install, upgrade, or use ESX. The information in this book is
written for experienced Windows or Linux system administrators who are familiar with virtual machine
technology and datacenter operations.
Document Feedback

set.


VMware, Inc. 7
8 VMware, Inc.
Introducing VMware vSphere Web
Access 1
®
VMware vSphere Web Access is a browser-based application. You use it to manage virtual machines on ESX
and vCenter Server deployments. You can use vSphere Web Access to give users access to the settings and
guest operating systems of virtual machines.

n “About vSphere Web Access,” on page 9
n “Key Features of vSphere Web Access,” on page 10
n “Meeting System Requirements for Clients Running vSphere Web Access,” on page 10
About vSphere Web Access

You use a Web browser to open vSphere Web Access and to manage virtual machines stored on an ESX host
or vCenter Server.
vSphere Web Access is intended for anyone who performs the following aspects of virtual machine
management:
n System administrators who need to access virtual machines without a vSphere Client.
n People who use virtual machines as remote desktops.
n vSphere administrators who need to interact with virtual machines remotely.
The vSphere Web Access interface provides an overview of all of the virtual machines on an ESX host and
vCenter Server. To manage virtual machines with vSphere Web Access, you can perform the following tasks:
n Use a browser to view hosts and virtual machine details.
n Perform power operations on virtual machines.
n Edit a virtual machine’s configuration and hardware.
n Generate VMware Remote Console URLs that users can use to access their virtual machines.
n Interact with the guest operating systems that are running on the virtual machines.
n Access ESX hosts and vCenter Servers from Linux systems.
vSphere Web Access focuses on virtual machine management and does not offer the full range of administrative
tasks available through the vSphere Client.
VMware, Inc. 9
Key Features of vSphere Web Access

vSphere Web Access has a set of key features that help you manage virtual machines.
n Access ESX hosts and vCenter Servers from Linux and Windows systems.
n Access virtual machines on ESX hosts and vCenter Server instances without installing the vSphere client.
n Create new virtual machines on ESX hosts.
n Configure existing virtual machine settings.
n Add virtual machines to the inventory.
n Remove virtual machines from the inventory.
n Perform power operations (start, stop, reset, suspend, and resume) on virtual machines.
n Monitor the operation of datacenters, ESX hosts, and virtual machines.
n Interact with the guest operating systems running within virtual machines that use the VMware Remote
console.
n Generate URL and desktop shortcuts for virtual machines.
n Create and manage snapshots of virtual machines.
n Perform complete virtual machine snapshot hierarchy management
n Provide end users with access to virtual machines.
n Use client devices (such as CD/DVD drives) from your own computer to install software or copy data.
Meeting System Requirements for Clients Running vSphere Web

Access
To run vSphere Web Access, you must have a client system that meets the hardware and software requirements
and uses one of the supported Web browsers.
You can run vSphere Web Access on any system with a basic hardware configuration that has either a Windows
or a Linux operating system installed. You must use Internet Explorer or Mozilla Firefox to run vSphere Web
Access.
Hardware Requirements
You can run vSphere Web Access on any system that meets the minimum hardware requirements.
You must have the following minimum hardware requirements to run vSphere Web Access:
n Standard x86-based computer
n 266MHz processor (500MHz or more recommended)
n 128MB RAM (256MB or more recommended)
n 20MB (for Windows hosts) or 10MB (for Linux hosts) free disk space to install the VMware Remote Console
browser plug-in
Operating System Requirements

You can run vSphere Web Access on Windows and Linux operating systems.
Table 1-1 lists the supported Windows versions and Linux requirements.
10 VMware, Inc.
Chapter 1 Introducing VMware vSphere Web Access
Table 1-1. Supported Operating Systems

System Requirements
Windows n Microsoft Windows 2003 Web Edition Service Pack 1, Windows 2003 Standard Edition
Service Pack 1, or Windows Server 2003 Enterprise Edition Service Pack 1
n Windows XP Professional Service Pack 3 or Windows XP Home Edition Service Pack 2
n Microsoft Windows 2000 Professional Service Pack 4, Windows 2000 Server Service Pack
4, or Windows 2000 Advanced Server Service Pack 4
Linux n Linux kernel 2.2.14 or later

n glibc 2.3.2 or later
n XFree86-3.3.6 or later
n gtk+2.0 or later
n fontconfig (also known as xft)
n libstdc++5 or later
Browser Requirements
You can use Microsoft Internet Explorer and Mozilla Firefox Web browsers to run vSphere Web Access.
VMware has certified vSphere Web Access with the following browsers. Other browsers are not, however,
actively excluded. For additional requirements, see your browser vendor's documentation. Your browser must
include all security and stability updates that the vendor recommends.
n Internet Explorer 6.0, 7.0, or later for Microsoft Windows
n Mozilla Firefox 2.0, 3.0, or later for Microsoft Windows
n Mozilla Firefox 2.0, 3.0, or later for Linux
VMware, Inc. 11
12 VMware, Inc.
Getting Started with vSphere Web
Access 2
The vSphere Web Access service is installed when you install ESX 4.0 or vCenter Server 4.0, but is not running
by default. Before you log in and start managing virtual machines, you must start the vSphere Web Access
service on your ESX or vCenter Server instance.

n “Run the vSphere Web Access Service on an ESX Host,” on page 13
n “Run the vSphere Web Access Service on vCenter Server,” on page 14
n “Connect to vSphere Web Access,” on page 14
n “Log Out of vSphere Web Access,” on page 14
Run the vSphere Web Access Service on an ESX Host

You must run the vSphere Web Access service in the ESX host before you use your Web browser to connect.
If the service is not currently running, you cannot log in.
Prerequisites
You must have root privileges to check the status and run the vSphere Web Access service.
Procedure
1 Log in to the ESX host using root privileges.
2 Type the command to check whether the Web Access service is running.
service vmware-webAccess status
A message appears that says whether the service is running.
3 (Optional) If vSphere Web Access is not running, type the command to start Web Access.
service vmware-webAccess start
What to do next
You can now use vSphere Web Access to log in to the ESX host.
VMware, Inc. 13
Run the vSphere Web Access Service on vCenter Server

You must run the vSphere Web Access service on vCenter Server before you use your Web browser to connect.
If the service is not currently running, you cannot log in.
Prerequisites
You must use administrator privileges to log in to your vCenter Server.
Procedure
1 In the vCenter Server Desktop, right-click My Computer and select Manage.
The Computer Management window appears.
2 Expand Services and Applications and select Services.
3 Locate VMware VirtualCenter Management Webservices on the list and check whether the service is
running.
4 If the service is not running, right-click VMware VirtualCenter Management Webservices and select
Start.
What to do next
You can now use vSphere Web Access to log in to vCenter Server.
Connect to vSphere Web Access

You can use vSphere Web Access to connect to an ESX host or vCenter Server.
Prerequisites
Before you connect to vSphere Web Access, make sure that the vSphere Web Access service is running. You
must also have a compatible Web browser as well as access rights to the ESX host or vCenter Server.
Make sure that your Web proxy supports IPv6 addresses before you use vSphere Web Access to connect to an
ESX host or vCenter Server with an IPv6 address.
Procedure
1 Start your Web browser.
2 Enter the URL of your ESX host or your vCenter Server installation.
https://<host or server name>/ui
3 In the Log In window, enter your user name and password and click Log In.
IMPORTANT If you have a pop-up blocker enabled, a message appears that says a pop-up blocker was
detected. Disable your pop-up blocker to use client devices.
The vSphere Web Access main screen appears.
Log Out of vSphere Web Access

You can close the running vSphere Web Access instance by logging out of the ESX host or vCenter Server.
Procedure
u In the window or tab where vSphere Web Access is running, click Log Out in the upper-right corner.
You are logged out and the connection with the ESX host or vCenter Server is closed.
14 VMware, Inc.
Managing Virtual Machines with
vSphere Web Access 3
You can use vSphere Web Access to add, create, and delete virtual machines. You can also install a guest
operating system and VMware Tools, and create virtual machine shortcuts for virtual machine users.

n “Add a Virtual Machine to the Inventory,” on page 15
n “Create a Virtual Machine with vSphere Web Access,” on page 16
n “About VMware Remote Console,” on page 25
n “Managing VMware Tools,” on page 28
n “Virtual Machine Tasks, Alarms, and Events,” on page 30
n “Creating Virtual Machine Shortcuts,” on page 31
n “Upgrade the Virtual Machine Hardware Version,” on page 32
n “Change the Power State of a Virtual Machine,” on page 33
n “Delete a Virtual Machine,” on page 33
Add a Virtual Machine to the Inventory

You can add an existing virtual machine to the inventory of the ESX host or vCenter Server.
Procedure
1 In the Menu toolbar, select Virtual Machine > Add Virtual Machine To Inventory.
The Add Existing Virtual Machine window opens.
2 Browse for the .vmx file of the virtual machine to add and click OK.
The virtual machine is added to the inventory.
What to do next
You can now power on the virtual machine and use the guest operating system.
VMware, Inc. 15
Create a Virtual Machine with vSphere Web Access

You can use vSphere Web Access to create virtual machines and add devices to the hardware configuration of
a machine.
Prerequisites
You must connect to an ESX host to use the Create Virtual Machine wizard.
In the Menu toolbar, select Virtual Machine > Create Virtual Machine to start the Create Virtual Machine
wizard.
Procedure
1 Specify a Name and a Location for the New Virtual Machine on page 17
You can name the new virtual machine. You can also select the datastore in which to save virtual machine
files.
2 Select a Guest Operating System for the New Virtual Machine on page 17
You can select the type of guest operating system to install on the new virtual machine. Examples include
Windows, Novel Netware, Solaris, Linux, and other operating systems.
3 Specify the Amount of Memory and the Number Of Processors on page 17

You can specify the amount of memory to allocate for a new virtual machine. You can also specify the
number of processors to use.
4 Add a Hard Disk to the New Virtual Machine on page 18

You can add a hard disk to the new virtual machine by creating a new virtual hard disk or by using a
virtual hard disk from another virtual machine.
5 Add a Network Adapter to the New Virtual Machine on page 20

You can set up a network in your virtual machine by adding a network adapter.
6 Add a CD or DVD Drive to the New Virtual Machine on page 20

You can connect a virtual CD/DVD drive to a physical drive. You can also use an ISO image that is located
on the host file system.
7 Add a Floppy Drive to the New Virtual Machine on page 22

You can add a floppy drive to the virtual machine. You can use a physical floppy drive, a floppy image,
or a newly created image stored on the host file system.
8 Add a USB Controller to the New Virtual Machine on page 23

You can add a USB controller to a virtual machine. However, you cannot attach and use USB devices in
a virtual machine.
9 Review the New Virtual Machine Hardware Configuration on page 23

Before you complete the creation of a virtual machine, you can review the hardware configuration and
also add hardware to the virtual machine.
10 Install a Guest Operating System on page 24

A new virtual machine is like a physical computer with a blank hard disk. Before you can use it, you
must partition and format the virtual disk and install an operating system. The operating system’s
installation program might handle the partitioning and formatting steps for you.
What to do next
You can now power on the virtual machine and start using the guest operating system by starting the VMware
Remote Console.
16 VMware, Inc.
Chapter 3 Managing Virtual Machines with vSphere Web Access
Specify a Name and a Location for the New Virtual Machine

You can name the new virtual machine. You can also select the datastore in which to save virtual machine files.
Procedure
1 On the Name and Location page, enter the virtual machine name in the Name field.
2 Select the datastore to save the virtual machine files and click Next.
The assigned name of the virtual machine appears in the Inventory panel when you are finished configuring
the machine.
Select a Guest Operating System for the New Virtual Machine

You can select the type of guest operating system to install on the new virtual machine. Examples include
Windows, Novel Netware, Solaris, Linux, and other operating systems.
Procedure
1 On the Guest Operating System page, select the type of operating system from the Operating System list.
2 In the Version drop-down menu, select the specific operating system.
3 (Optional) Click Product Compatibility and select the hardware version to use for the new virtual
machine.
Hardware version 7.0 is the default.
4 Click Next.
ESX uses your selection to do the following:

n Select appropriate default values, such as the amount of memory needed.
n Name files associated with the virtual machine.
n Adjust settings for optimal performance.
n Work around special behaviors and known issues within a guest operating system.
Specify the Amount of Memory and the Number Of Processors

You can specify the amount of memory to allocate for a new virtual machine. You can also specify the number
of processors to use.
The maximum amount of memory per virtual machine is 255GB for hardware version 7.0.
Procedure
1 In the Processors section on the Memory and Processors page, allocate memory for the virtual machine.
Option Description
Enter Custom Memory Amount Enter an amount of memory in the Size field.
IMPORTANT Do not enter a value lower than the recommended minimum.
This could prevent the guest operating system from running.
Recommended Size Allocates the memory size that VMware recommends.
VMware, Inc. 17
Option Description
Recommended Minimum Allocates the minimum memory size that VMware recommends.
Recommended Maximum Allocates the maximum memory size that VMware recommends.
2 In the Processors section, select the number of processors to use in the Count drop-down menu.
IMPORTANT VMware recommends that you do not reconfigure the number of processors after you install
the guest operating system.
3 Click Next.
Add a Hard Disk to the New Virtual Machine

You can add a hard disk to the new virtual machine by creating a new virtual hard disk or by using a virtual
hard disk from another virtual machine.
Procedure
u On the Hard Disk page, select to create a new virtual disk or use an existing one.
Option Action
Create a New Virtual Disk Adds a blank disk to the virtual machine.
Use an Existing Virtual Disk Reuses or shares a hard disk from another virtual machine.
Don't Add a Hard Disk Skips the step of adding a hard disk.
The Properties page appears. If you selected to not add a hard disk, the Network Adapter page appears.
Customize the New Virtual Disk

You can specify the capacity of the new hard disk, where it is located, the running mode of the disk, the disk
device type, and the write caching policy.
Procedure
1 On the Hard Disk page, click Create a New Virtual Disk to customize it.
2 On the Properties page, enter the capacity of the new virtual disk in the Capacity text box.
You can specify the capacity in megabytes or gigabytes by selecting MB or GB from the drop-down menu.
NOTE Set the maximum size of the disk to a value between 1MB and 2047GB. You can set the virtual disk
size to 2047GB only when the block size of the file system is set to 8MB. For more information about block
size and maximum file values, see Configuration Maximums for VMware vSphere 4.0.
3 To specify a different location for the new virtual disk, click Browse in the Location field.
The virtual disk is stored as a .vmdk file on the selected datastore.
18 VMware, Inc.
4 To run the disk in independent mode, click Disk Mode, select Independent, and click the appropriate
option.
Option Action
computer. All data written to a disk in persistent mode is written
the disk are written to and read from a redo log file that is deleted when you
power off or reset.
5 To specify the adapter type and a device node for the virtual disk, click Virtual Device Node.
a In the Adapter drop-down menu, select the adapter type.
b In the Device drop-down menu, select an available device node.
6 To change the write caching policies for the virtual disk, click Policies and select the appropriate option.
Option Action
Optimize for safety Saves all changes to the virtual disk before notifying the system.
Optimize for performance Acknowledges changes to the virtual disk immediately, but saves them at a
later time.
7 Click Next.
The virtual disk is now configured and added to the hardware of the virtual machine.
Browse for an Existing Virtual Disk

You can use an existing virtual disk for the virtual machine that you are creating. You can also customize the
existing virtual disk.
Procedure
1 On the Hard Disk page, click Use an Existing Virtual Disk to customize it.
2 On the Properties page, click Browse to locate an existing virtual disk.
option.
Option Action
power off or reset.
VMware, Inc. 19
Option Action
later time.
6 Click Next.
Add a Network Adapter to the New Virtual Machine

You can set up a network in your virtual machine by adding a network adapter.
Prerequisites
Before you add a network adapter, make sure that your ESX host has port groups configured to which the
virtual machine can connect.
Procedure
1 On the Network Adapter page, click Add a Network Adapter.
2 On the Properties page, select the virtual network to connect to from the Network Connection drop-down
menu.
3 To connect the network adapter to the network when you power on the virtual machine, select the Connect
at Power On check box.
This option is selected by default.
4 Click Next.
The network adapter is now configured and is added to the virtual machine hardware.
Add a CD or DVD Drive to the New Virtual Machine

You can connect a virtual CD/DVD drive to a physical drive. You can also use an ISO image that is located on
the host file system.
Procedure
u On the CD/DVD Drive page, select to use a physical drive or an ISO image for the new CD or DVD drive.
Option Action
Use a Physical Drive Uses a physical CD or DVD drive on the host system.
Use an ISO Image Uses an ISO image file located on the host file system for the new device.
Don't Add a CD/DVD Drive Skips the step of adding a CD or DVD drive.
The Properties page appears. If you are not adding a CD or DVD drive, the Floppy Drive page appears.
Use a Physical CD or DVD Drive to Connect to the New Virtual Machine

You can select a physical CD or DVD drive on the host to connect to the virtual machine.
A virtual CD or DVD drive is associated with a specific SCSI or IDE device node. The type of device does not
have to match the type of device on the host. You can configure an IDE CD or DVD drive on the host as a
virtual SCSI CD or DVD drive. You can configure a SCSI CD or DVD drive on the host as a virtual IDE CD or
DVD drive. To burn disks with the drive, match the bus types with the physical drive so that they are both
IDE or SCSI.
To boot from a virtual CD/DVD drive, you must configure it as an IDE drive.
20 VMware, Inc.
Prerequisites
You must have a disk in the drive that you select to access the media.
Procedure
1 On the CD/DVD Drive page, select Use a Physical Drive to customize the drive.
2 On the Properties page, select the physical CD or DVD drive to use from the Host CD/DVD Drive drop-
down menu.
3 To connect the new virtual CD or DVD drive when you power on the virtual machine, select the Connect
5 Click Next.
Use an ISO Image for the New CD or DVD Drive

You can use an ISO image file for the CD or DVD drive of the new virtual machine.
A virtual CD or DVD drive is associated with a specific SCSI or IDE device node. The type of device does not
have to match the type of device on the host. You can configure an IDE CD or DVD drive on the host as a
virtual SCSI CD or DVD drive. You can configure a SCSI CD or DVD drive on the host as a virtual IDE CD or
DVD drive. To burn disks with the drive, match the bus types with the physical drive so that they are both
IDE or SCSI.
To boot from a virtual CD/DVD drive, you must configure it as an IDE drive.
Procedure
1 On the CD/DVD drive page, select Use an ISO Image.
2 On the Properties page, click Browse to locate the ISO image to use for the virtual CD or DVD drive.
3 To connect the new virtual CD or DVD drive when you power on the virtual machine, select the Connect

5 Click Next.
VMware, Inc. 21
Add a Floppy Drive to the New Virtual Machine

You can add a floppy drive to the virtual machine. You can use a physical floppy drive, a floppy image, or a
newly created image stored on the host file system.
Procedure
u On the Floppy Drive page, select to use a physical drive or a floppy image for the new floppy drive.
Option Action
Use a Physical Drive Uses a physical floppy drive on the host.
Use a Floppy Image Uses a floppy image stored on the host file system.
Create a New Floppy Image Creates a new floppy image and uses it for the new virtual drive.
Don't Add a Floppy Drive Skips the step of adding a floppy drive.
The Properties page for the new floppy drive appears. If you are not adding a floppy drive, the USB Controller
page appears.
Use a Physical Floppy Drive to Connect to the New Virtual Machine

You can connect a physical floppy drive to the new virtual machine.
Prerequisites
To access the media, you must have a floppy disk in the drive that you select.
Procedure
1 On the Floppy Drive page, select Use a Physical Drive to customize the drive.
2 On the Properties page, select an available floppy drive from the Host Floppy Drive drop-down menu.
3 To connect the new virtual floppy drive when you power on the virtual machine, select the Connect at
Power On check box.
4 Click Next.
Use a Floppy Image for the New Floppy Drive

You can give the new guest operating system access to an existing floppy drive image located on the host file
system.
Procedure
1 On the Floppy Drive page, you must select Use a Floppy Image.
2 On the Properties page, click Browse to locate a floppy image file.
3 To mount the floppy drive image when you power on the virtual machine, select the Connect at Power On
check box.
4 Click Next.
The floppy drive image is mounted when you start the guest operating system for the first time.
22 VMware, Inc.
Create a New Floppy Image for the Virtual Floppy Drive

You can create a new floppy image to use for the floppy drive.
Procedure
1 On the Floppy Drive page, you must select Create a New Floppy Image.
2 On the Properties page, click Browse to specify a location for the new floppy drive image.
3 To connect the new virtual floppy drive when you power on the virtual machine, select the Connect at
Power On check box.
4 Click Next.
The floppy drive image is mounted when you start the guest operating system for the first time.
Add a USB Controller to the New Virtual Machine

You can add a USB controller to a virtual machine. However, you cannot attach and use USB devices in a
virtual machine.
Procedure
u On the USB Controller page, select whether to add a USB controller to the virtual machine.
Option Action
Add a USB Controller Adds a USB controller to the hardware configuration of the virtual machine
Don't Add a USB Controller Skips the step of adding a USB controller
Review the New Virtual Machine Hardware Configuration

Before you complete the creation of a virtual machine, you can review the hardware configuration and also
add hardware to the virtual machine.
Procedure
1 On the Ready to Complete page, review the hardware configuration.

2 To add hardware, click More Hardware and select a hardware device type to add.
Option Description
Hard Disk Adds a hard disk.
Network Adapter Adds a network adapter.
CD/DVD Drive Adds a CD or DVD drive.
Floppy Drive Adds a floppy drive.
Serial Port Adds a serial port.
Parallel Port Adds a parallel port.
Passthrough SCSI Device Adds a SCSI device.
USB Controller Unavailable if you already added a USB controller.
3 To power on the virtual machine after you complete the wizard, select the Power on your new virtual
machine now check box.
4 To create the virtual machine with the listed hardware components, click Finish.
The new virtual machine is added to the list of virtual machines on the ESX host.
VMware, Inc. 23
Install a Guest Operating System

A new virtual machine is like a physical computer with a blank hard disk. Before you can use it, you must
partition and format the virtual disk and install an operating system. The operating system’s installation
program might handle the partitioning and formatting steps for you.
IMPORTANT Do not install a 64-bit operating system after you select a 32-bit guest operating system type.
In some host configurations, the virtual machine cannot boot from the installation CD. In this case, you can
create an ISO image from the installation CD and install from the ISO image.
If you are using a PXE server to install the guest operating system over a network connection, you do not need
the operating system installation media. When you power on the virtual machine, the virtual machine detects
the PXE server.
For information about your specific guest operating system, see the Guest Operating System Installation Guide.
Prerequisites
Before you begin, you must add a CD or DVD drive to the virtual machine. The CD or DVD drive must use
the installation CD or an ISO image with the guest operating system.
If you are replacing an operating system, click Configure VM in the Commands section on the Summary tab
to change the guest operating system for the virtual machine.
Procedure
1 Log in to vSphere Web Access.
2 Select the virtual machine from the Inventory panel.
3 Click Power On to power on the virtual machine.
4 Click the Console tab to use the VMware Remote Console to complete the guest operating system
installation.
5 (Optional) To change the boot order of the disk devices in the virtual machine BIOS, press F2 when
prompted during the virtual machine startup.
6 Follow the instructions that the operating system vendor provides.
7 (Optional) If you are using an ISO image that spans multiple files, you are prompted to insert the next
CD.
a Click the Summary tab.
b In the Hardware section, click the CD/DVD drive’s icon and select Edit.
c In the Connection section, click Browse to locate the next ISO image file and click OK.
d Click the Console tab to return to VMware Remote Console.
e In the guest operating system, click OK or respond to the prompt so that the installation can continue.
f Repeat these steps for additional files.
What to do next
Install VMware Tools, as described in “Install VMware Tools on the Guest Operating System,” on page 28.
24 VMware, Inc.
About VMware Remote Console

You use VMware Remote Console to connect remotely to the virtual machine's mouse, keyboard, and screen.
This allows you to use them as if you have the guest operating system installed on your local computer.
VMware Remote Console is a browser plug-in that you can use with Microsoft Internet Explorer and Mozilla
Firefox.
VMware Remote Console opens in a separate window. You can keep VMware Remote Console running even
if you close your browser. You can open more than one console to interact with the operating systems of several
virtual machines at the same time.
Install the VMware Remote Console Plug-In for Mozilla Firefox

The VMware Remote Console plug-in enables you to use the Firefox browser to interact with the virtual
machine.
Prerequisites
To install the plug-in, vSphere Web Access must be running on vCenter Server or on the ESX host to which
you are connecting.
You must have administrator privileges to install the VMware Remote Console plug-in.
Make sure that Mozilla Firefox allows pop-up windows during the installation.
Procedure
1 In Firefox, type the URL for vSphere Web Access.
https://<vmwarehost.yourdomain.com>/ui
2 Log in to vSphere Web Access using the user name and password for the host to which you are connecting.
3 Select a virtual machine from the Inventory panel.
4 Click the Console tab.
If the plug-in is not already installed, a warning message appears.
5 Click Install plug-in.
The Software Installation window appears.
6 In the Software Installation window, click Install now.
7 Restart Firefox to complete the installation.
What to do next
You can use Mozilla Firefox to open VMware Remote Console and use the guest operating system of a virtual
machine.
Install the VMware Remote Console Plug-In for Internet Explorer

You can install the VMware Remote Console plug-in for Internet Explorer and use the browser to interact with
a virtual machine.
Prerequisites
To install the plug-in, vSphere Web Access must be running on vCenter Server or on the ESX host to which
you are connecting.
You must have administrator privileges to install the VMware Remote Console plug-in.
VMware, Inc. 25
Procedure
1 In Internet Explorer, type the URL for vSphere Web Access.
2 Log in to vSphere Web Access using the user name and password for the host to which you are connecting.
3 Select a virtual machine from the Inventory panel.
If the plug-in is not already installed, a warning message appears.
5 In the warning message, click Install plug-in.
The File Download - Security Warning window appears and asks if you want to run or save the file.
6 Click Run and on the Internet Explorer - Security Warning window click Run again.
7 On the Welcome page, click Install.
8 When the installation is complete, click Finish.
The VMware Remote Console plug-in for Internet Explorer is now installed.
What to do next
You can use Internet Explorer to open VMware Remote Console to use the guest operating system of a virtual
machine.
Start VMware Remote Console

You can use the VMware Remote Console to interact with the guest operating system of a virtual machine.
Procedure
1 In the Inventory panel, select the powered-on virtual machine.
3 To open VMware Remote Console, click inside the black area.
VMware Remote Console opens.
What to do next
You can now work with the guest operating system of the selected virtual machine by clicking in the VMware
Remote Console window.
Set the VMware Remote Console View

You can set the preferences for the VMware Remote Console view, such as setting screen size and toolbar
options.
Procedure
u Select one of the following options to customize the appearance of the VMware Remote Console.
Option Action
Run Your Virtual Machine in Full On the VMware Remote Console window, click Maximize.
Screen Mode
Hide the VMware Remote Console On the VMware Remote Console toolbar, click the pushpin so that it is in a
Toolbar horizontal position.
26 VMware, Inc.
Option Action
Make the VMware Remote Console Move the pointer to the top of the screen and click the pushpin at the end of
Toolbar Always Visible the toolbar so that it is in a diagonal position.
Run a Virtual Machine in a Separate While the VMware Remote Console is in full screen mode, press Ctrl+Alt to
Window switch back to a separate window.
Use Client Devices with VMware Remote Console

You can use your local physical drives on virtual machines that you open with vSphere Web Access. You can
also use ISO and floppy images located on your local system.
Several virtual machines can use a single drive at the same time. To eject the disk from the physical drive, you
must first disconnect the drive from all virtual machines that are using it.
Connect Client Devices to a Virtual Machine

You can access your local CD/DVD and floppy drives from the virtual machine with VMware Remote Console.
Prerequisites
In Linux, make sure that the device you are connecting to is not mounted or in use.
Procedure
1 In the VMware Remote Console window, select Devices > <Device Name> > Connect to
<path_to_device>.
2 Insert the disk media in the client device and access it from the guest operating system.
Your local CD/DVD media is connected to the virtual machine.
Connect Client Device Image Files to a Virtual Machine

You can access your local image drive files (.iso or .flp) on a virtual machine with VMware Remote Console.
Prerequisites
In Linux, make sure that the image device files that you use are not mounted or in use.
Procedure
1 In the VMware Remote Console window, select Devices > <Device Name> > Connect to Disk Image
File.
2 In the Choose Image dialog box, browse for the .iso or .flp file to connect to the virtual machine.
Quit VMware Remote Console

You can close VMware Remote Console and disconnect from the virtual machine when you want to stop
working with the guest operating system.
When you quit VMware Remote Console, your virtual machine remains powered-on.
Procedure
u In the VMware Remote Console window, select VMware Remote Console > Disconnect and Exit.
VMware, Inc. 27
Troubleshoot Virtual Machines Using VMware Remote Console

You can use the VMware Remote Console to troubleshoot virtual machine errors or nonresponsive guest
operating systems.
Procedure
u Select an option to troubleshoot a specific virtual machine issue.
Option Action
View the Virtual Machine Message In the VMware Remote Console window, select VMware Remote Console >
Log Troubleshoot > Message Log.
Send Ctrl+Alt+Delete to the Guest In the VMware Remote Console window, select VMware Remote Console >
Operating System Troubleshoot > Send Ctrl+Alt+Del.
Reset Your Virtual Machine In the VMware Remote Console window, select VMware Remote Console >
Troubleshoot > Reset.
Suspend and Exit Your Virtual In the VMware Remote Console window, select VMware Remote Console >
Machine Troubleshoot > Suspend and Exit.
Power Off and Exit Your Virtual In the VMware Remote Console window, select VMware Remote Console >
Machine Troubleshoot > Power Off and Exit.
VMware Remote Console Keyboard Shortcuts

The VMware Remote Console has several keyboard shortcuts that you can use when you work with the guest
operating system of a virtual machine.
Table 3-1 lists the available keyboard shortcuts.
Table 3-1. VMware Remote Console Keyboard Shortcuts

Keyboard
Shortcut Action
Ctrl+Alt n Transfers mouse and keyboard input from the virtual machine to the local machine
n Switches from full screen mode to running the VMware Remote Console in a separate window
Ctrl+G Transfers mouse and keyboard input from the local machine to the virtual machine
Ctrl+Alt+Insert Sends a Ctrl+Alt+Del signal to the virtual machine
Ctrl+Alt+Enter Switches between full screen mode and running VMware Remote Console in a separate window
Managing VMware Tools

VMware Tools is a suite of utilities that improves the performance of guest operating systems and enhances
virtual machine management. For best results, install VMware Tools in all of your guest operating systems.
Install VMware Tools on the Guest Operating System

After you install your guest operating system, you can install VMware Tools to enhance the performance and
interaction with the virtual machine.
Procedure
2 In the Status section of the virtual machine’s Summary tab, select Install VMware Tools.
3 (Optional) To automatically check for updates of VMware Tools every time the virtual machine is powered
on, select the Upgrade VMware Tools automatically check box in the Install VMware Tools window.
28 VMware, Inc.
4 Click Install to start the Installation wizard.
vSphere Web Access connects the virtual machine’s CD drive to an installation file on the ESX host machine
or vCenter Server. If autorun is enabled in your guest operating system (the default setting for Windows
operating systems), a dialog box appears asking if you want to install VMware Tools.
5 Click the Console tab and use the guest operating system to complete the installation.
6 Restart the guest operating system when prompted.
VMware Tools is installed.
Upgrade VMware Tools

If you upgrade to a newer version of ESX or vCenter Server, you can upgrade the VMware Tools version on
Procedure
1 In the Status section of the virtual machine's Summary tab, click Upgrade VMware Tools.
2 In the Upgrade VMware Tools window, select an option and click Upgrade.
Option Action
Automatic VMware Tools Upgrade Upgrades VMware Tools automatically without user interaction.
Interactive VMware Tools Upgrade Allows you to select the VMware Tools components to install.
n If you selected an automatic upgrade, the installation program installs VMware Tools and might
reboot the guest operating system.
n If you selected an interactive upgrade, the installation program mounts the VMware Tools image file
in the guest operating system virtual CD/DVD drive.
3 (Optional) If you selected Interactive VMware Tools Upgrade, in the guest operating system, open the
CD/DVD drive and follow the VMware Tools installation instructions to complete the upgrade process.
Change the VMware Tools Settings on Windows

You can change VMware Tools settings in Windows by running the VMware Tools Control Panel.
Prerequisites
In Windows Vista, you must log in as an administrator to open the VMware Tools Control Panel.
Procedure
1 In the guest operating system, select Start > Settings > Control Panel.
2 In the Control Panel, double-click the VMware Tools icon.
3 To change the VMware Tools properties, use the tabs in this dialog box.
Change the VMware Tools Settings on a Linux, Solaris, or FreeBSD Operating

System
You can change the VMware Tools properties by running the VMware Tools command in the command line.
Prerequisites
You must use the operating system graphical interface mode, to run VMware Tools.
To shrink virtual disks or to change any VMware Tools scripts, you must run VMware Tools as the root user.
VMware, Inc. 29
Procedure
1 Boot the guest operating system and launch your graphical environment.
2 Open the command line and start the VMware Tools background application.
vmware-toolbox &
The VMware Tools dialog box appears.
3 To change the VMware Tools properties, use the tabs in the dialog box.
Virtual Machine Tasks, Alarms, and Events

All virtual machines have log files for events, tasks, and alarms. You can view them to gather information
about possible failures or malfunctions that might occur because of lack of resources.
Virtual machine events can be ESX queries, errors, or other events like powering on or powering off the virtual
machine. Events inform you of anything that occurs during the lifetime of a virtual machine.
Virtual machine alarms are notifications that are triggered when specific events happen to a virtual machine.
A virtual machine alarm can be CPU usage that exceeds the designated usage. Depending on the severity of
the alarm, you can make a decision to move a virtual machine to another host or add additional hardware to
the current host.
Tasks are high-level actions, such as powering on a virtual machine, that the user performs manually or that
you schedule to perform at a certain time. You can only view scheduled tasks. You cannot schedule tasks with
vSphere Web Access.
View Virtual Machine Alarms

You can view the list of alarms that occur for a virtual machine. Depending on the severity of the alarm, you
can decide to take action to prevent the lack of resources or system overload.
The Alarms tab is available only when you use vSphere Web Access to connect to vCenter Server.
Procedure
1 In the Inventory panel, select a virtual machine.
2 Select the Alarms tab from the virtual machine panel.
A list of alarms appears, sorted in reverse chronological order.

3 (Optional) Change the sorting order of the alarms.
Option Action
Triggered Sorts the alarms in chronological order
Status Sorts the alarms by their status
Object Sorts the alarms alphabetically by the name of the object they refer to
Name Sorts the alarms alphabetically by the name of the alarm
Double-click the alarm name in the View more details about a specific alarm
list
View the Tasks Assigned to a Virtual Machine

You can view the assigned tasks for a virtual machine.
You cannot assign tasks by using vSphere Web Access.
30 VMware, Inc.
Procedure
2 Select the Tasks tab from the virtual machine panel.
A list of tasks appears in reverse chronological order.
3 (Optional) Change the sorting order of the tasks.
Option Action
Triggered Sorts the tasks in chronological order
Status Sorts the tasks alphabetically by their status
Object Sorts the tasks alphabetically by the name of the object they are assigned to
Triggered By Sorts the tasks alphabetically by the name of the user that scheduled them
Double-click the task name in the list View more details about a specific task
View Virtual Machine Events

The event log contains data about the time and the severity of the event, and a short description of the nature
of the event. The event log draws its data from the log file stored in the directory of the virtual machine.
Procedure
2 Select the Events tab from the virtual machine panel.
A list of the events of the virtual machine appears in reverse chronological order.
3 (Optional) Change the sorting order of the events.
Option Action
Triggered Sorts the events in chronological order
Severity Sorts the events by their severity status
Description Sorts the events alphabetically by their description
Double-click the event name in the Presents more details about a specific events
list
Creating Virtual Machine Shortcuts

You can create a shortcut of a virtual machine. A shortcut enables users to interact directly with the guest
operating system from a Web browser. You can also configure the shortcut to give permissions to see other
virtual machines or limit the access only to one virtual machine's workspace.
You can create Web and desktop shortcuts by using vSphere Web Access.
Create a Web Shortcut

Administrators can create a customized Web shortcut to share with other users. You can create a shortcut that
displays only the Console tab, enables or disables access to the workspace, or enables or disables access to the
virtual machine inventory.
Procedure
1 In the Inventory panel, select the virtual machine from which to generate a Web shortcut.
2 In the Commands section of the Summary tab, click Generate Virtual Machine Shortcut.
VMware, Inc. 31
3 Click Customize Web Shortcut and select the options for this shortcut.
Option Action
Limit workspace view to the console Provides access to the virtual machine Console tab while hiding other
details, like event logs.
Limit view to a single virtual machine Disables navigation to another machine in the inventory.
Obfuscate this URL Generate a URL that is difficult to read.
4 Copy the Web shortcut for future use.
5 Click OK.
What to do next
To test a Web shortcut, use a different browser or computer. If you use your active vSphere Web Access browser
session to test the Web shortcut, you must close all instances of that browser before you can log back in to
vSphere Web Access with full user interface capabilities.
Create a VMware Remote Console Desktop Shortcut

After you install the VMware Remote Console plug-in, you can create a desktop shortcut to start VMware
Remote Console and connect to the virtual machine.
NOTE When you use Internet Explorer, you must restart the Web browser after you install VMware Remote
Console and before you create the VMware Remote Console desktop shortcut. If you do not restart Internet
Explorer, you receive a JavaScript error and the shortcut is not created.
Prerequisites
You must install the VMware Remote Console plug-in for your browser.
Procedure
1 In the Inventory panel, select the virtual machine from which to generate a desktop shortcut.
2 In the Commands section of the Summary tab, click Generate Virtual Machine Shortcut.
3 In the Desktop Shortcut section, click Install Desktop Shortcut to <Virtual Machine>.
4 Confirm that you want to create the shortcut when prompted.
The shortcut is created on the desktop.
5 Click OK.
A shortcut to the virtual machine appears on your desktop.
What to do next
You can use the desktop shortcut for quick access to the virtual machine.
Upgrade the Virtual Machine Hardware Version

If you created virtual machines with an earlier version of ESX or another VMware product, you can upgrade
the virtual machine version.
Procedure
1 Log in to ESX.
2 In the Inventory, select and power off the virtual machine.
32 VMware, Inc.
3 Click Upgrade Virtual Machine in the Status section of the workspace.
4 Click OK to confirm that you want to upgrade the virtual machine.
After the virtual machine version is updated, you can configure it to use the features supported with the new
version.
Change the Power State of a Virtual Machine

Depending on your permissions, you can use vSphere Web Access to change the power state of the virtual
machine.
If you installed VMware Tools on a virtual machine, you can use the Reset, Power Off, and Suspend buttons
to restart , shut down, and suspend the guest operating system.
Procedure
u To change a virtual machine’s power state, click the button in the toolbar for that power state.
Option Action
Powers off the virtual machine.
Suspends the virtual machine.
Powers on the virtual machine.
Resets the virtual machine.
Delete a Virtual Machine

You can remove a virtual machine from the inventory or completely delete the virtual machine.
If you remove the virtual machine from the inventory, the virtual machine files are not deleted from the hard
disk.
Procedure
1 In the Inventory panel, select and power off the virtual machine.
2 Select Virtual Machine > Remove Virtual Machine to remove only the virtual machine from the inventory.
3 Select Delete this virtual machine’s files from the disk to delete all of the virtual machine's files from the
disk.
4 Click OK.
The virtual machine is deleted from the inventory.
VMware, Inc. 33
34 VMware, Inc.
Configuring Virtual Machine Options
and Resources 4
You can use vSphere Web Access to configure a virtual machine's hardware configuration, power options, and
advanced virtual machine settings.
Access to a virtual machine's options and settings depends on the user permissions that you have to the virtual
machine's configuration file. The permissions determine whether you can browse, interact, configure, or
administer a virtual machine.
Depending on your permissions and the state of the virtual machine, you might not be able to configure some
options.
Permissions are configured with the vSphere Client.

n “Changing the Hardware Configuration of Virtual Machines,” on page 35
n “Removing Hardware Components from a Virtual Machine,” on page 40
n “Changing Virtual Machine Settings and Options,” on page 43
Changing the Hardware Configuration of Virtual Machines

You can configure each hardware component of a virtual machine.
In some cases, the virtual machine must be powered off to configure it.
NOTE Do not edit the virtual machine configuration file directly. Instead, use the Advanced tab of the VM
Configuration dialog box.
Change the Number of Processors in a Virtual Machine

You can change the number of virtual processors that your virtual machine uses.
CAUTION Changing the number of processors after the guest operating system is installed might make the
virtual machine unstable.
Procedure
1 Shut down the guest operating system and power off the virtual machine to modify.
2 In the Inventory panel, select the virtual machine.
3 In the Hardware section on the Summary tab, in the Processors drop-down menu, select Edit.
4 In the Processor Count drop-down menu, select the number of processors.
5 Click OK.
VMware, Inc. 35
Change Memory Allocation in a Virtual Machine

You can change the memory allocation for each virtual machine.
Procedure
1 Shut down the guest operating system and power off the virtual machine to modify.
3 In the Hardware list on the Summary tab, in the Memory drop-down menu, select Edit.
4 To ensure that the virtual machine will boot, allocate at least the recommended minimum memory.
5 Click OK.
Configure a CD/DVD Drive to Use a Host CD/DVD Media

You can configure a virtual CD/DVD drive to connect to a CD/DVD drive installed on the host system.
Procedure
1 In the Hardware section of the Summary tab, select the CD/DVD drive from the drop-down menu and click
Edit.
2 In the CD/DVD Drive window, select Host Media.
3 Make the appropriate changes in the Device Status section to change the status of the CD/DVD drive.
4 Select Physical Drive in the Connection section to make changes to the physical drive
a Select the optical drive to use from the drop-down menu.
b If you are using a physical drive, select Use ATAPI emulation or Access the drive directly.
Use ATAPI emulation if you cannot access the CD/DVD drive. The emulation mode works only with
data disks.
5 In the Connection section, select ISO image, click Browse and locate the .iso file to use an ISO image.
6 In the Virtual Device Node section, select the adapter type and the appropriate device to change the
adapter type.
This option is available only when the virtual machine is powered off.
7 Click OK.
Configure a CD/DVD Drive to Use a Client CD/DVD Media

You can configure the virtual CD/DVD drive to connect to a CD/DVD device on the client system.
Procedure
1 In the Hardware section of the Summary tab, select the CD/DVD drive from the drop-down menu and click
Edit.
2 In the CD/DVD Drive window, select Client Media.
adapter type.
You must power off the virtual machine to change the adapter.
4 Click OK.
36 VMware, Inc.
Chapter 4 Configuring Virtual Machine Options and Resources
Configure a Floppy Drive to Use a Host Floppy Media

You can configure a virtual floppy drive to connect to a physical floppy drive installed on the host system.
Procedure
1 In the Hardware section of the Summary tab, select the floppy drive from the drop-down menu and click
Edit.
2 In the Floppy Drive window, select Host Media.

3 To change the status of the floppy drive, make the appropriate changes in the Device Status section.
4 To change the connection settings, in the Connection section, select an option.
Option Description
Physical Drive Allows you to select a physical floppy drive installed on the host system.
Available only when the virtual machine is powered off.
Floppy Image Allows you to use an existing floppy image located on the host.
New Floppy Images Allows you to create a floppy image on the host.
5 Click OK.
Configure a Floppy Drive to Use a Client Floppy Media

You can configure the virtual floppy drive to connect to a floppy device on the client system.
Procedure
1 In the Hardware section of the Summary tab, select the floppy drive from the drop-down menu and click
Edit.
2 In the Floppy Drive window, select Client Media.
3 Click OK.
Modify a Hard Disk

You can modify some of the settings of an existing hard disk on a virtual machine or remove it from your
virtual machine. You can also view the file allocation options, but you cannot change them.
Procedure
2 Shut down the guest operating system.
3 In the Hardware section of the Summary tab, click the hard disk to modify and select Edit.
4 To increase capacity on growable disks, click Increase Capacity and enter a new value for the Increase By
or New Capacity option.
If you have a snapshot of the disk, you must delete it to change the disk capacity.
NOTE You can only change the capacity of SCSI disks.
adapter type.
VMware, Inc. 37
option.
Option Action
power off or reset.
Option Action
later time.
Modify a SCSI Device

You can change the SCSI connection settings and the device type and device node to use for a particular SCSI
device.
Procedure
1 In the Inventory panel, select the virtual machine to modify.
2 In the Hardware section on the Summary tab, select the SCSI device to modify and click Edit.
3 In the Connection drop-down menu, specify the physical device.
4 In the Virtual Device section, specify the adapter type and the device node.
5 Click OK.
The SCSI device is now reconfigured.
Modify a SCSI Controller

You can edit the settings of a SCSI controller attached to a virtual machine.
The available SCSI controller device types are BusLogic and LSI Logic parallel interfaces.
For hardware version 7.0 virtual machines, you can also select an LSI SAS serial attached storage interface.
Procedure
1 In the Inventory panel, select and power off the virtual machine.
2 In the Hardware section of the Summary tab, click the SCSI controller and select Edit.
3 Click Modify device type to change the SCSI controller device type.
4 Click OK.
The SCSI controller is reconfigured.
38 VMware, Inc.
Modify a Network Adapter

You can connect virtual network adapters to a labeled network in much the same way that you connect physical
network adapters by cables to wall jacks. By choosing a labeled network for an adapter, you enable the guest
operating system to reach the resources of the specified network.
Procedure
2 In the Hardware section of the Summary tab, select the network adapter to modify, and click Edit.
3 Select Connect at power on to connect to this network when the virtual machine is powered on.
4 In the Network Connection section, select the virtual network to use.
5 In the MAC Address section, select how to generate the machine's MAC address.
Option Description
Generated by the host The host generates the MAC address.
Manual Allows you to manually change the MAC address.
What to do next
Make sure that the guest operating system uses an appropriate IP address on the new network. If the guest is
using DHCP, release and renew the IP address. If the IP address is static, verify that the guest has an address
on the correct virtual network.
Modify a Parallel Port

You can edit the configuration of an existing parallel port to run tests or to use physical devices connected to
the host system.
Procedure
2 Shut down the guest operating system and power off the virtual machine.
3 In the Hardware section of the Summary tab, select the parallel port to modify and click Edit.
4 Select the Connect at power on check box to connect the parallel port when the virtual machine is powered
on.
5 In the Connection section, select to use a physical parallel port or to use parallel port data file for tests.
Option Action
Physical Select the available host parallel port from the drop-down menu.
File Select and click Browse to save parallel port data to a new file or to locate an
existing output file.
VMware, Inc. 39
Modify a Serial Port

You can change the configuration of an existing serial port. You can configure the serial port to connect to a
physical serial port on the host machine, to send output data to a file, or use it to create a named pipe.
Procedure
3 In the Hardware section of the Summary tab, select the serial port to modify and click Edit.
4 Select Connect at power on to connect to the serial port when the virtual machine is powered on.
5 Select the type of the serial port to use.
Option Description
Physical Allows you to use a host serial port.
File Allows you to send data to a selected output file.
Named Pipe Allows you to create a pipe.
a Enter the path and file for the pipe.
b In the Near End drop-down menu, select an option.
n To start the far end of the connection first, select Is a client.
n To start the end of the connection first, select Is a server.
c In the Far End drop-down menu, select an option.
n If the application that the virtual machine connects to is located on
another virtual machine on the host, select Is a virtual machine.
n If the application that the virtual machine connects to is running
directly on the host, select Is an application.
6 Select the Yield CPU on poll check box to have the kernel in the target virtual machine use the virtual
serial port in polled mode, not interrupt mode.
Removing Hardware Components from a Virtual Machine

If your virtual machine has a hardware component that you do not use, you can remove it from the virtual
machine configuration. You might also need to delete a component to reuse its physical counterpart in another
virtual machine.
Remove a CD/DVD Drive from a Virtual Machine

You can remove any CD/DVD drive from a virtual machine.
Procedure
3 In the Hardware section of the Summary tab, click the CD/DVD drive to remove and select Remove.
The CD/DVD drive is removed from the virtual machine hardware configuration.
40 VMware, Inc.
Remove a Floppy Drive from a Virtual Machine

If you do not need to use a floppy drive in the guest operating system, you can remove it from the virtual
machine hardware configuration.
Procedure
3 In the Hardware section of the Summary tab, click the floppy drive and select Remove.
The floppy drive is removed from the virtual machine hardware configuration.
Remove a Hard Disk from a Virtual Machine

If you have a hard disk you do not use, you can delete it from the virtual machine hardware configuration.
Prerequisites
To remove an IDE hard disk, you must power off the virtual machine.
Procedure
2 In the Hardware section of the Summary tab, click the hard disk to remove and select one of the options.
Option Description
Remove Removes the hard disk from the virtual machine.
Keeps the virtual disk files on the host system. You can use the hard disk files
in another virtual machine.
Delete from Disk Removes the hard disk from the virtual machine. Deletes the associated disk
files from the host system.
The hard disk is removed from the virtual machine hardware configuration.
Remove a SCSI Device from a Virtual Machine

You can delete a SCSI device from a virtual machine.
Procedure
3 In the Hardware section of the Summary tab, select the SCSI device from the drop-down menu and click
Remove.
The SCSI device is removed from the virtual machine hardware configuration.
VMware, Inc. 41
Remove a Network Adapter from a Virtual Machine

You can remove a network adapter from the virtual machine.
Prerequisites
Procedure

3 On the Summary tab, select the network adapter to remove and click Remove.
The network adapter is removed from the virtual machine hardware configuration.
Remove a Parallel Port from a Virtual Machine

You can remove a parallel port from the virtual machine configuration.
Procedure
3 In the Hardware section of the Summary tab, select the parallel port to remove and click Remove.
The parallel port is removed from the virtual machine hardware configuration.
Remove a Serial Port from a Virtual Machine

You can remove a serial port from the virtual machine.
Prerequisites
Procedure
3 In the Hardware section of the Summary tab, select the serial port and click Remove.
The serial port is removed from the virtual machine hardware configuration.
Remove a USB Controller from a Virtual Machine

You can remove the USB controller from a virtual machine if you do not use USB devices in the virtual machine.
Procedure
42 VMware, Inc.
3 In the Hardware section of the Summary tab, select the USB controller and click Remove.
The USB controller is removed from the virtual machine hardware configuration.
Changing Virtual Machine Settings and Options

You can adjust general settings, power options, snapshot options, and advanced options for each selected
virtual machine.
Change the Name and Guest Operating System of a Virtual Machine

You can change the name and the guest operating system of a virtual machine.
Procedure
1 In the Commands section of the Summary tab, click Configure VM.
3 In the Virtual Machine Name field, enter a new name for the virtual machine.
4 In the Guest Operating System section, change the guest operating system for the virtual machine.
NOTE Do not change the guest operating system if you do not plan to install a new guest operating system
on this virtual machine.
5 Click OK.
The name and the guest operating system of the virtual machine are reconfigured.
Change Virtual Machine Power Settings

Power control options allow you to define actions that occur when you change the power state of a virtual
machine.
Procedure
1 In the Commands section of the virtual machine’s Summary tab, click Configure VM.
2 Click the Power tab.
3 Select the default power off command for the virtual machine.
Option Description
Power Off Powers off the virtual machine without a clean shutdown of the guest
operating system services.
Shut Down Guest Shuts down the guest before powering off the virtual machine.
When VMware Tools is not installed, the default action is to power off the virtual machine without shutting
down the guest. When VMware Tools is installed, the default action is to shut down the guest before
powering off the virtual machine.
VMware, Inc. 43
4 Select the default suspend option for the virtual machine.
Option Description
Suspend Suspends the virtual machine without suspending the guest operating
system.
Suspend Guest Suspends the guest before suspending the virtual machine.
When VMware Tools is not installed, the default action is to suspend the virtual machine without
suspending the guest. When VMware Tools is installed, the default action is to suspend the guest before
suspending the virtual machine.
5 Select the default reboot option for the virtual machine.
Option Description
Reboot Restarts the virtual machine without rebooting the guest.
Reboot Guest Restarts the guest before rebooting the virtual machine.
When VMware Tools is not installed, the default action is to reset the virtual machine without shutting
down the guest. When VMware Tools is installed, the default action is to shut down the guest before
resetting the virtual machine.
6 In the VMware Tools Scripts section, select one or more of the options for when to run a VMware Tools
script.
7 In the BIOS Setup section, select the Enter the BIOS setup screen the next time the virtual machine boots
check box to go directly to the BIOS setup screen the next time the virtual machine is powered on.
After the next power on, this setting is deactivated.
8 In the Advanced section, select one or both of the VMware Tools options.
9 Click OK.
The virtual machine power settings are reconfigured.
Change Virtual Machine Settings Associated with the Host

You can configure the automatic startup and shutdown properties as well as the delay settings for virtual
machines.
The startup and shutdown settings are associated with the ESX host configuration and can be changed only
when you use vSphere Web Access to connect to an ESX host.
Prerequisites
You must log in to an ESX host to configure the virtual machine startup and shutdown settings.
Required privilege: Host.Configuration.Virtual Machine Auto-Start Configuration.
Procedure
1 In the Inventory panel, select the ESX host.
2 Click the Summary tab and click Edit Virtual Machine Startup/Shutdown Settings in the Commands
section.
The Virtual Machine Startup/Shutdown Settings dialog box opens.
3 Select the Allow virtual machines to start and stop automatically with the system check box.
4 (Optional) Select the Start next VM immediately if the VMware Tools start check box to have the virtual
machine boot immediately after VMware Tools start.
44 VMware, Inc.
5 (Optional) To have the operating system start after a brief delay, enter a Default Startup Delay time.
This delay allows time for VMware Tools or the booting system to run scripts.
6 Select a shutdown action.
7 (Optional) To delay shutdown for each virtual machine by a certain amount of time, enter a Default
Shutdown Delay value.
This shutdown delay applies only if the virtual machine did not already shut down before the delay period
elapses. If the virtual machine shuts down before that delay time is reached, the next virtual machine starts
shutting down.
8 Use Move Up and Move Down to specify the order in which the virtual machines start when the system
starts.
9 To configure user-specified autostartup and autoshutdown behavior for any virtual machine, select the
virtual machine in the list and click Edit.
a In the Startup Settings section, select one of the options.

n Select Use default.
n Select Use specified settings, enter a Startup Delay time in seconds, and select or deselect the
Continue immediately if the VMware Tools start check box.
b In the Shutdown Settings section, select one of the options.

n Select Use default.
n Select Use specified settings, enter a Shutdown Delay time in seconds, and select a shutdown
action from the Perform shutdown action drop-down menu.
CAUTION You must enter a value in the Shutdown Delay time text field when you change the
shutdown action. The text field cannot be empty. If you do not enter a delay time, you cannot save
the shutdown action changes. Also, if you change the shutdown action setting when accessing the
setting from outside the vSphere Client, that change is not reflected in the Autostart Settings manager
if you did not also set the shutdown delay to a nonnegative value.
c Click OK to accept the changes to the autostartup and autoshutdown settings of the selected virtual
machine.
10 Click OK again to accept the changes to the startup and shutdown settings of the ESX host.
Changing Virtual Machine Advanced Settings

You can use vSphere Web Access to configure more advanced settings of virtual machine management.
Advanced settings include log management, enabling or disabling acceleration, paravirtualization support,
MMU support, and modifying virtual machine configuration files.
You can configure the following advanced settings:

n What kind of information is collected while ESX or vCenter Server is running.
n Enabling and disabling logging.
n Disabling acceleration if a program cannot run in your virtual machine.
n Enabling Virtual Machine Interface (VMI) paravirtualization to increase performance on hosts that
support paravirtualization.
VMware, Inc. 45
n Specifying whether and how virtualized MMU support is used.

n Modifying virtual machine configuration file parameters.
NOTE Do not change any configuration file parameters unless you are instructed to do so in the documentation
or by VMware technical support.
Change Virtual Machine Runtime Settings

You can configure virtual machine runtime settings, such as logging, disabling acceleration, record debugging
information, enabling VMI paravirtualization, and virtualized Memory Management Unit (MMU) settings.
Procedure
2 Click the Advanced tab.
3 In the Settings section, select any of the options.
Option Description
Record runtime information Collects debugging and performance information. You can use this
information to troubleshoot problems.
Enable logging Enables event logging.
Disable acceleration Disables acceleration in the virtual machine. You might want to temporarily
disable acceleration if you are installing or starting a program in a virtual
machine and the program stalls, fails, or reports that it is running under a
debugger.
Disabling acceleration slows virtual machine performance, so when you no
longer have a problem, deselect Disable acceleration.
Support VMI Paravirtualization If you have a VMware VMI 3.0-enabled kernel in a Linux guest, VMI
paravirtualization improves virtual machine performance.
For more information about paravirtualization, see
http://www.vmware.com/interfaces/paravirtualization.html.
Available VMI-enabled kernels include Ubuntu 7.04 (Feisty) or later.
Use the standard image for 32-bit Intel x86 systems. VMI currently supports
only 32-bit guests.
NOTE Only hardware version 7.0 virtual machines support VMI.
4 In the Virtualized MMU section, select an option.

Recent CPUs can virtualize the MMU. Virtualizing the MMU generally improves virtual machine
performance. In some instances, it might be preferable not to virtualize the MMU.
5 Click OK.
The virtual machine runtime settings are reconfigured.
Add a Parameter to the Virtual Machine Configuration File

You can add parameters to a virtual machine's configuration file.
NOTE Do not edit the configuration file manually.
Procedure
46 VMware, Inc.
3 In the Configuration Parameters section, click Add New Entry and enter information in the fields.
4 Click OK and click OK again to save your changes.
Edit a Parameter in the Virtual Machine Configuration File

You can change the values of parameters included in the virtual machine's configuration file.
Procedure

3 In the Configuration Parameters section, select the parameter, click Edit, and enter the new value in the
Value field.
4 Click OK and click OK again to save your changes.
VMware, Inc. 47
48 VMware, Inc.
Adding Hardware to a Virtual Machine 5
You can add different types of virtual devices to a virtual machine and connect them to their physical
counterparts.
Add Hardware to a Virtual Machine

Use the Add Hardware wizard to add new hardware to a virtual machine.
Prerequisites
Before you add hardware, power off the virtual machine. If you are adding a SCSI hard disk, you can leave
the virtual machine powered on.
Procedure
2 In the Commands section of the Summary tab, click Add Hardware.
The Add Hardware wizard opens.
3 On the Hardware Type page, select the type of hardware to add.
Adding a Virtual Hard Disk

You can add more than one virtual disk to a virtual machine.
You can store virtual disks as files in a datastore, which can be located on the local file system or a remote
VMFS SAN datastore. You can store an IDE virtual disk or a SCSI virtual disk on either an IDE physical hard
disk or on a SCSI physical hard disk.
You can add a SCSI virtual disk to a powered-on virtual machine with hardware versions earlier than 7.0. For
earlier virtual machine hardware versions, you can add a SCSI virtual disk when the virtual machine is
powered on only if a SCSI controller with an available slot already exists. SCSI controllers are created when
you add a SCSI virtual disk or a passthrough SCSI device to the virtual machine. For virtual machines with
hardware versions earlier than 7.0, you cannot create SCSI controllers when the virtual machine is powered
on.
You cannot add an IDE virtual disk when the virtual machine is powered on.
NOTE If you have a Windows NT 4.0 guest with a SCSI virtual disk, you cannot add an additional SCSI disk
and an IDE disk to the configuration.
VMware, Inc. 49
Add a Hard Disk

You can add a new or an existing virtual disk to your virtual machine.
Prerequisites
Before you begin, make sure that you understand the hard disk types and properties settings in “Adding a
Virtual Hard Disk,” on page 49.
Procedure
3 Click Hard Disk.
4 Select whether to create a virtual disk or to use an existing one.
5 On the Properties page, change the default values as needed and click Next.
6 On the Ready to Complete page, review the configuration summary and click Finish.
The virtual disk appears to your guest operating system as a new blank hard disk.
What to do next
If you add a new virtual disk to the virtual machine, you can use the guest operating system’s utilities to
partition and format the disk.
Add a Network Adapter

You can add more than one network adapter to a virtual machine.
Procedure
3 Select Network Adapter.
4 On the Properties page, select the network connection type for the new network adapter.
5 Select whether to connect the network adapter when the virtual machine is powered on and click Next.
6 On the Ready to Complete page, review the network adapter settings and click Finish.
What to do next
Use the network adapter to set up new network connections.
Add a CD/DVD Drive

You can add four CD/DVD drives to your virtual machine. You can connect the virtual machine's drive to a
physical drive or an ISO image on the host machine.
A virtual IDE CD/DVD drive can use a physical IDE drive or a physical SCSI drive.
50 VMware, Inc.
Chapter 5 Adding Hardware to a Virtual Machine
Procedure
3 Click CD/DVD Drive.
4 In the Host Media section, select whether to connect to a physical drive or an ISO image on the host and
click Next.
5 On the Properties page, specify which physical drive or which ISO image to use:
n If you selected Use a Physical Drive, specify the drive to use.
n If you selected Use an ISO Image, click Browse to navigate to a file with the .iso extension in an
existing datastore.
6 (Optional) To connect the drive to the virtual machine when you power on, select Connect at power on
(the default).
7 (Optional) In the Virtual Device Node section, select an adapter and device node from the drop-down
menus.
8 Click Next.
9 In the Ready to Complete page, view the configuration summary and click Finish.
The guest operating system detects the new CD/DVD drive the next time you power on the virtual machine.
Add a Floppy Drive

You can use a physical floppy drive on the host or a floppy image file located on the host for the virtual drive.
You can add two floppy drives to your virtual machine.
Procedure
3 Click Floppy Drive.

4 Under Host Media, select an option to connect to a drive or floppy image on the host and click Next.
5 On the Properties page, specify which physical drive or floppy image to use:
n If you selected Use a Physical Drive, select the drive to use.
n If you selected Use a Floppy Image or Create a New Floppy Image, click Browse to select a location
for a new file or navigate to a file with the .flp extension that is located on an existing datastore.
6 (Optional) To connect the drive to the virtual machine when you power on, select Connect at Power On
(the default) and click Next.
The guest operating system detects the new floppy drive the next time you power on the virtual machine.
VMware, Inc. 51
Adding a Serial Port

You can set up the virtual serial port in a virtual machine to use a physical serial port on the host computer.
You can also create an output file for the serial port or a named pipe.
Add a Physical Serial Port

You can use an external device in a virtual machine by adding a physical serial port to the machine.
Procedure
3 Click Serial Port.
4 Click Use Physical Serial Port.
5 On the Properties page, select a physical port from the drop-down menu.
6 (Optional) To connect this virtual machine to the host’s serial port when the virtual machine is powered
on, select Connect at power on (the default).
7 (Optional) Expand I/O Mode to select Yield CPU on poll.
The kernel in the target virtual machine uses the virtual serial port in polled mode, not interrupt mode.
This option applies only to Windows hosts.
8 Click Next.
The operating system recognizes the new serial port the next time you power on the virtual machine.
Add an Output Serial Port

You can capture data that a running program sends by directing the output to an output serial port. You can
read the output file to view the data.
Procedure
4 Click Use Output File to send the output of an application that is running in the guest operating system
to a file on the host machine.
5 On the Properties page, enter the path and filename for the output file or click Browse to navigate to the
file.
6 (Optional) To connect this virtual machine to the host’s output file when the virtual machine is powered
on, select Connect at power on (the default).
7 (Optional) Expand I/O Mode to select Yield CPU on poll, which is deselected by default.
This option applies only to Windows hosts.
52 VMware, Inc.
8 Click Next.
9 In the Ready to Complete page, review the configuration summary and click Finish.
Add a Named Pipe Serial Port

You can add a named pipe serial port for connecting a virtual machine to an application or to another virtual
machine that is running on the host system.
Procedure
4 Click Use Named Pipe.
5 On the Properties page, enter the path and filename for the pipe.
n On Windows guests: The pipe name must be in the format \\.\pipe\<namedpipe>.
n On Linux guests: The pipe name must be in the format /tmp/<socket> or another UNIX socket name.
6 For Near End, select whether the application running in the guest operating system functions as a server
or a client.
n Select Is a server to start this end of the connection first.
n Select Is a client to start the far end of the connection first.
7 For Far End, specify where the application that the virtual machine connects to is located.
n Select Is a virtual machine if the application that the virtual machine connects to is located on another
virtual machine on the host.
n Select Is an application if the application that the virtual machine connects to is running directly on
the host machine.
8 (Optional) To connect to the named pipe when the virtual machine is powered on, select Connect at Power
On (the default).
9 (Optional) Expand I/O Mode to select Yield CPU on poll, which is deselected by default.
This option applies to Windows hosts only.
10 Click Next.
VMware, Inc. 53
Adding a Parallel Port

A variety of devices, including printers, scanners, dongles, and disk drives, use parallel ports. The virtual
parallel port can connect to a parallel port or to a file on the host operating system.
Add a Physical Parallel Port

To use an external device connected to a physical parallel port in a virtual machine, you can add a virtual
parallel port to a virtual machine.
Procedure
3 Click Parallel Port.
4 Click Use a physical parallel port to connect to a physical port on the host machine.
5 On the Properties page, select a physical port from the drop-down menu.
on, select Connect at power on (the default) and click Next.
The operating system detects the new parallel port the next time you power on the virtual machine.
Add an Output Parallel Port

You can capture data that a running program sends by directing the output to an output parallel port. You can
view the data by reading the output file.
Procedure
3 Click Parallel Port.
4 Click Output file.
5 On the Properties page, type the path and filename for the output file or click Browse to navigate to the
file.
on, select Connect at Power On (the default) and click Next.
The operating system detects the new parallel port the next time you power on the virtual machine.
Add a Passthrough SCSI Device

To map a virtual SCSI device on a virtual machine to a physical generic SCSI device on the host, add a generic
SCSI device to the virtual machine.
You can add a SCSI device without powering off the virtual machine.
54 VMware, Inc.
Prerequisites
You must have the following required permissions:

n On Windows guests, you must log in as a user with administrator access.
n On Linux guests, you must be logged in as a user who has read and write permissions to use the device.
Procedure

3 Click Passthrough SCSI Device.
4 Select a SCSI device to use.
A physical SCSI device must be attached to the device and it must be connected to the virtual machine.
5 (Optional) In the Virtual Device Node section, select a SCSI adapter and device node from the drop-down
menus.
6 Click Next.
The operating system recognizes the new SCSI device the next time you power on the virtual machine.
Add a USB Controller

You can add a USB controller to a virtual machine. You cannot attach and use USB devices in a virtual machine.
Procedure
3 Click USB Controller.
VMware, Inc. 55
56 VMware, Inc.
Creating and Managing Snapshots 6
Snapshots preserve the current state of a virtual machine so that you can return to the state as needed. You
can use snapshots as restoration points when you install update packages or different versions of a program.
A snapshot includes:
Memory state Contents of the virtual machine's memory.
Settings state Virtual machine settings.
Disk state State of all the virtual machine's virtual disks.
When you revert to a snapshot, you return these items to the state that they were in at the time you took that
snapshot. Snapshots operate on individual virtual machines.
Snapshots let you revert repeatedly to the same state without creating multiple virtual machines. With
snapshots, you create backup and restore positions in a linear process. You can also preserve a baseline before
diverging a virtual machine in a process tree.
You can take more than one snapshot of the same virtual machine. Using multiple snapshots, you can save
different states for different work processes. You can take snapshots to 32 levels, but each level increases the
time it takes to save or delete a snapshot. The amount of time depends on the amount of data and the RAM
size of the virtual machine.
NOTE Snapshots are not available in versions before ESX 3.0. Snapshots of raw disks or RDM physical mode
disks are not supported.

n “When Not to Take a Snapshot,” on page 58
n “Snapshots and Logging Changes,” on page 58
n “Take a Snapshot,” on page 58
n “Revert to a Snapshot,” on page 59
n “Remove a Snapshot,” on page 59
n “Set Snapshot Power Off Options,” on page 59
VMware, Inc. 57
When Not to Take a Snapshot

It is best to take a snapshot when no applications in the virtual machine are sending transactions to other
computers. The potential for problems is greatest if the virtual machine is sending transactions to or receiving
transactions from another computer, especially in a production environment.
VMware recommends that you do not take a snapshot under the following conditions.
n When the virtual machine is downloading a file from a server on the network. After you take the snapshot,
the virtual machine continues downloading the file, transmitting its progress to the server. If you revert
to the snapshot, transmission between the virtual machine and the server is confused, and the file transfer
fails.
n When an application in the virtual machine is sending a transaction to a database on a separate machine.
If you revert to that snapshot, especially if you revert after the transaction starts but before it is committed,
the database might become corrupted.
Snapshots and Logging Changes

After you create a snapshot, the virtual machine writes new data to redo log files. These files can become large
as saved data continues to accumulate, until you take an action that affects the snapshot.
Different snapshot actions affect the redo log files differently.

n When you remove the snapshot, the changes accumulated in the redo log files are written permanently
to the base virtual disk files.
n When you revert to the snapshot, the contents of the redo log files are discarded. Any subsequent changes
are accumulated in new redo logs.
n If you take a snapshot when the virtual machine already has a snapshot, the changes accumulated in the
redo log files are written permanently to the base virtual disk files. Any subsequent changes accumulate
in new redo logs.
Take a Snapshot
You can take a snapshot while the virtual machine is powered on, powered off, or suspended.
Do not take a snapshot when the virtual machine is communicating with another computer.
NOTE If you require strong performance from virtual machines, consider defragmenting the guest operating
system’s drives before taking a snapshot. Use the guest operating system’s defragmentation utility.
Prerequisites
To exclude virtual disks from snapshots, change the disk mode. For more information about changing the disk
mode, see “Modify a Hard Disk,” on page 37.
If you are suspending a virtual machine, wait until the suspend operation has finished before taking a snapshot.
Procedure
1 In the Commands section of the virtual machine’s Summary tab, expand the Snapshot command (if it is
not already expanded) and click Take Snapshot.
2 Enter the name of the snapshot and any notes and click OK.
The snapshot is created.
58 VMware, Inc.
Chapter 6 Creating and Managing Snapshots
Revert to a Snapshot
You can restore the virtual machine to the specific time when you took a snapshot. The current disk, settings,
and memory states are discarded, and the virtual machine reverts to the disk, settings, and memory states of
the snapshot.
Procedure
not already expanded) and click Manage Snapshots.
2 In the Snapshots for <virtual_machine> window, select the snapshot to revert to, and click Revert to
snapshot.
3 Click Revert in the confirmation dialog box.
You can also configure a virtual machine to automatically revert to a snapshot or ask you whether to revert to
the snapshot whenever you power off the virtual machine. See “Set Snapshot Power Off Options,” on
page 59.
Remove a Snapshot
Removing a snapshot writes the contents of the snapshot to the virtual disk. This action does not destroy any
data in the virtual machine. Subsequently, any changes that you make when you run the virtual machine are
written to the virtual disk.
Removing a snapshot when the virtual machine is powered off can take a long time, depending on the size of
the snapshot file.
Procedure
not already expanded) and click Manage Snapshots.
3 In the Snapshots for <virtual_machine> window, select the snapshot and click Delete Snapshot.
4 Click Delete in the confirmation dialog box.
The snapshot is deleted.
Set Snapshot Power Off Options

You can have a virtual machine automatically revert to a snapshot or ask you whether to revert whenever you
power off the virtual machine.
Reverting to a snapshot discards all changes. For example, an instructor might discard student answers for a
computer lesson when a virtual machine is powered off at the end of class.
Procedure
2 Click the Snapshot tab.
VMware, Inc. 59
3 In the When powering off section, select the snapshot behavior of the virtual machine when you power it
off.
Option Action
Just power off Powers off without making any changes to the snapshot.
Revert to snapshot Reverts to the current snapshot, so that the virtual machine always starts in
the state it was in when the current snapshot was taken.
Ask me When you power off a virtual machine, you are prompted to specify whether
you want to power off or revert to the current snapshot.
4 Click OK.
The snapshot power off options are now configured.
60 VMware, Inc.
Troubleshooting vSphere Web Access
Errors 7
If you encounter problems when you run vSphere Web Access, you can use a troubleshooting scenario to fix
the problem.

n “Browser Service Unavailable Error 503,” on page 61
n “VMware Remote Console Does Not Load in Internet Explorer,” on page 62
n “VMware Remote Console Does Not Load in Firefox,” on page 63
n “Problems Installing Software on a Guest Operating System,” on page 63
n “Problems Performing Virtual Machine Power Operations,” on page 63
n “Unsupported Version of Firefox,” on page 64
n “Web Proxy Does Not Support IPv6 Addresses,” on page 64
Browser Service Unavailable Error 503

Your browser might show an error saying that the vSphere Web Access service is unavailable.
Problem
vSphere Web Access does not open and the browser shows the 503 Service Unavailable error.
Cause
The vSphere Web Access service on the ESX host or vCenter Server is not configured to run automatically or
failed to start properly.
Solution
Start vSphere Web Access service on your ESX host or vCenter Server instance.
VMware, Inc. 61
ESX 1 Log in to your ESX service console.

2 Enter service vmware-webAccess status to check the status of the host’s
vSphere Web Access service.
3 If the vSphere Web Access service is stopped, enter
service vmware-webAccess start.
The vSphere Web Access service is now running on the ESX host.
vCenter Server 1 Log in to your vCenter Server instance.

2 In the vCenter Server Desktop, right-click My Computer and select Manage.
The Computer Management window appears.

3 Expand Services and Applications and select Services.
4 Locate VMware VirtualCenter Management Webservices on the list and check
whether the service is running.
5 If the service is not running, right-click VMware VirtualCenter Management
Webservices and select Start.
The vSphere Web Access service is now running on vCenter Server.
VMware Remote Console Does Not Load in Internet Explorer

If the Console does not load properly in your Microsoft Internet Explorer browser, you might need to
troubleshoot the plug-in installation.
Problem Solution
Old plug-in version 1 In Windows, select Start > Settings > Control Panel > Add or Remove Programs.
2 In the list of programs, click VMware Remote Console Plug-in.
3 Click Click here for support information to see the version of the VMware Remote
Console Plug-in.
The Version column for VMware Remote Console Plug-In should show 2.5.0.x.
If any earlier version number appears, click Remove.

4 Reinstall the plug-in.
Plug-in installation error 1 Quit Internet Explorer.

2 Launch Internet Explorer again.
3 In the Internet Explorer window, type the vSphere Web Access URL.
4 Select a virtual machine from the Virtual Machines list.
6 When you are prompted to install the plug-in, click OK.
After the installation is complete, restart Internet Explorer.
62 VMware, Inc.
Chapter 7 Troubleshooting vSphere Web Access Errors
VMware Remote Console Does Not Load in Firefox

If VMware Remote Console does not load properly in your Mozilla Firefox browser, begin by troubleshooting
the plug-in installation.
Problem Solution
Old version of VMware 1 In Firefox, select Tools > Add-ons.

Remote Console
The VMware Remote Console plug-in should be version 2.5.0.x.
2 If you have an earlier version, reinstall the plug-in.
VMware Remote Console 1 Quit Firefox.

installation error 2 Restart Firefox.
3 Type the vSphere Web Access URL.
4 Select a virtual machine from the Virtual Machines list.
6 When you are prompted to install the plug-in, click OK.
7 After the installation is complete, restart Firefox.
Problems Installing Software on a Guest Operating System

Installing software on a guest operating system in vSphere Web Access might cause problems.
Problem Cause Solution
Guest operating ESX cannot access installation media Make sure that ESX can access the media used for installing
system does not the software. Verify that the virtual machine has access to the
recognize CD-ROM drive, ISO image file, or floppy drive, as needed.
installation media
ESX stops Enabled acceleration in the virtual 1 Click the Summary tab of the virtual machine.
responding when machine causes the application to slow 2 In the Commands section, select Configure VM.
running down. VMware recommends 3 In the VM Configuration window, click the Advanced
applications disabling acceleration only for passing tab and select the Disable acceleration checkbox.
the problem of running the program.
After you pass the point where the
program encountered problems,
enable the acceleration option again.
Software Some applications use a product To minimize the number of significant changes in the virtual
Activation Key is activation feature that creates a key. hardware, set the memory size and install VMware Tools.
invalid The key is based on the virtual
hardware in the virtual machine
where it is installed. Changes in the
configuration of the virtual machine
might require you to reactivate the
software.
Problems Performing Virtual Machine Power Operations

If you have problems performing power operations on a selected virtual machine, your Linux distribution
might be missing libraries.
Problem
You cannot power on a virtual machine on your ESX host.
VMware, Inc. 63
Cause
Libraries are missing in your Linux distribution.
Solution
To troubleshoot the issue, you must install the missing libraries.
1 Make sure that you have a dependency checker, such as ldd against libmks.so, viewer, and remotemks
binaries.
2 Use the following commands to determine the missing libraries.
cd ~/.mozilla/plugins
ldd ./libmks.so | grep not
ldd ./viewer | grep not
ldd ./remotemks | grep not
3 Examine the output for missing libraries.
If these steps produce no output, all of the required libraries are available.
4 Install any libraries that are indicated as missing.
Unsupported Version of Firefox

You might have problems if you are using a version of Firefox that does not support running vSphere Web
Access.
Problem
Firefox does not open vSphere Web Access.
Cause
Several causes might trigger this problem.
n Your Mozilla Firefox version does not support GTK.
n Your Mozilla Firefox browser installation was included in your Linux distribution. Some distributions
package Firefox incorrectly and do not work with vSphere Web Access.
Solution
Download and install the latest version of Firefox from the Mozilla Web site.
Web Proxy Does Not Support IPv6 Addresses

If your ESX host or vCenter Server has an IPv6 address, your Web browser might show an error message and
you cannot open vSphere Web Access.
Problem
You cannot open vSphere Web Access when your ESX host or vCenter Server has an IPv6 address. The Web
browser might show the message ERROR The requested URL could not be retrieved, While trying to
retrieve the URL: http://<host or server name>:<port>.
64 VMware, Inc.
Chapter 7 Troubleshooting vSphere Web Access Errors
Cause
Your Web proxy does not support IPv6 addresses.
Solution
You can verify whether your Web proxy supports IPv6 addresses or disable the proxy in your Web browser
application. Table 7-1 shows how to stop using a Web proxy in your browser.
Table 7-1. Disable Your Web Proxy in Internet Explorer and Firefox
Browser Action
Internet Explorer 1 Select Tools > Internet Options.

2 Click the Connections tab and click LAN settings.
3 Deselect the Use a proxy server for your LAN check box and click OK.
Firefox 1 Select Tools > Options.

2 Select the Advanced tab and select the Network subtab.
3 Click Settings, select the No proxy option, and click OK.
VMware, Inc. 65
66 VMware, Inc.
Index
A adding a hard disk 18

adding hardware adding a network adapter 20
CD/DVD drive 50 adding a USB controller 23
disk drive 51 browsing for an existing virtual disk 19
floppy drive 51 creating a new floppy image 23
hard disk 49, 50 customizing new virtual disk 18
network adapter 50 reviewing the hardware configuration 23
output parallel port 54 selecting a guest operating system 17
output serial port 52 specify memory amount and processors
parallel port 54 count 17
physical parallel port 54 specify name and location 17
physical serial port 52 start wizard 16
serial port 52 using a floppy image 22
USB controller 55 using a physical CD/DVD drive 20
advanced settings using a physical floppy drive 22
adding parameter 46 using an ISO image for CD/DVD drive 21
editing parameter 47
D
B disk drive
browsers, supported 11 adding 51
configuring 37
C
CD/DVD drive E
adding 50 ESX host associated options 44
configuring 36
removing 40 F
client devices floppy drive
connecting 27 adding 51
connecting drive image files 27 configuring 37
defined 27 removing 41
configuring
CD/DVD drive 36 G
disk drive 37 guest operating system
floppy drive 37 CD/DVD installation 24
hard disk 37 installing software 63
memory allocation 36 ISO image install 24
network adapter 39 settings 43
parallel port 39
processors 35 H
SCSI controller 38 hard disk
adding 49, 50
SCSI device 38
configuring 37
serial port 40
removing 41
virtual machines 35
hardware configuration
creating a virtual machine
adding hardware 49
adding a CD/DVD drive 20
CD/DVD drive 36
adding a floppy drive 22
VMware, Inc. 67
CD/DVD drive with client media 36 SCSI device

CD/DVD drive with host media 36 adding 54
disk drive 37 configuration 38
floppy drive 37 removing 41
floppy drive with client media 37 serial port
adding 52
floppy drive with host media 37
configuring 40
hard disk 37
removing 42
memory 36
shrink virtual disks 29
network adapter 39
shutdown settings, virtual machine 44
parallel port 39
snapshot
processors 35 conflicting activities 58
SCSI controller 38 logging changes 58
SCSI device 38 power-off options 59
serial port 40 removing 59
hardware requirements 10 reverting to 59
taking 58
L understanding 57
logging in 14 startup and shutdown settings, virtual
logging out 14 machine 44
startup settings, virtual machine 44
M supported operating systems 10
memory configuration 36 system requirements
browser requirements 11
N hardware requirements 10
named pipe 53 operating system requirements 10
network adapter
adding 50 T
configuring 39 troubleshooting
removing 42 error 503 61
installing software on a guest operating
O system 63
operating systems, supported 10 power operations 63
output parallel port, adding 54 unsupported Firefox version 64
output serial port, adding 52 VMware Remote Console installation 62, 63
Web proxy does not support IPv6 64
P
parallel port U
adding 54 USB controller, adding 55
configuring 39
removing 42 V
physical parallel port, adding 54 virtual disk shrinking 29
physical serial port, adding 52 virtual machine
pipe, named 53 adding 15
power off, snapshot options 59 advanced settings 45
power settings 43 alarms 30
processors 35 changing power state 33
creating 16
R deleting 33
runtime settings 46 Desktop shortcut 32
ESX host associated options 44
S events 30, 31
SCSI controller 38 generating shortcuts 31
68 VMware, Inc.
Index
memory configuration 36 running in a separate window 26

power settings 43 running in full screen 26
runtime settings 46 send Ctrl+Alt+Delete 28
settings 43 starting 26
startup and shutdown settings 44 suspending virtual machines 28
tasks 30 troubleshooting a virtual machine 28
upgrading hardware version 32 view log 28
web shortcut 31 VMware Tools
virtual machine name 43 installing 28
VMware Remote Console property settings in Windows 29
hide the toolbar 26 running in Windows 29
installing in Firefox 25 starting in Linux, Solaris or FreeBSD 29
installing in Internet Explorer 25 upgrading 29
keyboard shortcuts 28 vSphere Web Access features 9, 10
make the toolbar always visible 26 vSphere Web Access service
powering off virtual machines 28 running on ESX 13
quitting 27 running on vCenter Server 14
resetting virtual machines 28
VMware, Inc. 69
70 VMware, Inc.
ESX 4.0
vCenter Server 4.0
This document supports the version of each product listed and

supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of this
document, see http://www.vmware.com/support/pubs.
EN-000106-03
Copyright © 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About This Book 9
1 Introduction to ESX Configuration 11
Networking
2 Introduction to Networking 15
Networking Concepts Overview 15
Network Services 16
View Networking Information in the vSphere Client 16
View Network Adapter Information in the vSphere Client 17
3 Basic Networking with vNetwork Standard Switches 19

vNetwork Standard Switches 19
Port Groups 20
Port Group Configuration for Virtual Machines 20
VMkernel Networking Configuration 21
Service Console Configuration 23
vNetwork Standard Switch Properties 26
4 Basic Networking with vNetwork Distributed Switches 29

vNetwork Distributed Switch Architecture 29
Configuring a vNetwork Distributed Switch 30
dvPort Groups 32
Private VLANs 34
Configuring vNetwork Distributed Switch Network Adapters 35
Configuring Virtual Machine Networking on a vNetwork Distributed Switch 39
5 Advanced Networking 41
Internet Protocol Version 6 41
Networking Policies 42
Change the DNS and Routing Configuration 55
MAC Addresses 56
TCP Segmentation Offload and Jumbo Frames 57
NetQueue and Networking Performance 60
VMDirectPath Gen I 61
VMware, Inc. 3
6 Networking Best Practices, Scenarios, and Troubleshooting 63

Networking Best Practices 63
Mounting NFS Volumes 64
Networking Configuration for Software iSCSI Storage 64
Configuring Networking on Blade Servers 65
Troubleshooting 67
Storage
7 Introduction to Storage 71
About ESX Storage 71
Types of Physical Storage 72
Supported Storage Adapters 73
Target and Device Representations 73
About ESX Datastores 76
Comparing Types of Storage 79
Viewing Storage Information in the vSphere Client 80
8 Configuring ESX Storage 85

Local SCSI Storage 85
Fibre Channel Storage 86
iSCSI Storage 86
Storage Refresh and Rescan Operations 96
Create VMFS Datastores 97
Network Attached Storage 98
Creating a Diagnostic Partition 100
9 Managing Storage 103

Managing Datastores 103
Changing VMFS Datastore Properties 105
Managing Duplicate VMFS Datastores 107
Using Multipathing with ESX 109
Thin Provisioning 118
Turn off vCenter Server Storage Filters 121
10 Raw Device Mapping 123

About Raw Device Mapping 123
Raw Device Mapping Characteristics 126
Managing Mapped LUNs 130
Security
11 Security for ESX Systems 135

ESX Architecture and Security Features 135
Security Resources and Information 143
4 VMware, Inc.
Contents
12 Securing an ESX Configuration 145

Securing the Network with Firewalls 145
Securing Virtual Machines with VLANs 154
Securing Virtual Switch Ports 159
Securing iSCSI Storage 161
13 Authentication and User Management 165

Securing ESX Through Authentication and Permissions 165
Encryption and Security Certificates for ESX 172
14 Service Console Security 179

General Security Recommendations 179
Log In to the Service Console 180
Service Console Firewall Configuration 180
Password Restrictions 184
Cipher Strength 190
setuid and setgid Flags 190
SSH Security 192
Security Patches and Security Vulnerability Scanning Software 193
15 Security Deployments and Recommendations 195

Security Approaches for Common ESX Deployments 195
Virtual Machine Recommendations 199
Host Profiles
16 Managing Host Profiles 207

Host Profiles Usage Model 207
Access Host Profiles View 208
Creating a Host Profile 208
Export a Host Profile 209
Import a Host Profile 209
Edit a Host Profile 210
Manage Profiles 211
Checking Compliance 214
Appendixes
A ESX Technical Support Commands 219
B Linux Commands Used with ESX 223
C Using vmkfstools 225

vmkfstools Command Syntax 225
vmkfstools Options 226
Index 235
VMware, Inc. 5
6 VMware, Inc.
Updated Information
This ESX Configuration Guide is updated with each release of the product or when necessary.
This table provides the update history of the ESX Configuration Guide.
EN-000106-03 Appendix A, “ESX Technical Support Commands,” on page 219 now correctly lists the
esxcfg-scsidevs command.
EN-000106-02 The topic “Change Default Password Complexity for the pam_cracklib.so Plug-In,” on
page 187 now correctly describes the behavior of the pam_cracklib.so plug-in.
EN-000106-01 The topic “Configure a Password Reuse Rule,” on page 187 now correctly lists the file
where you can set the number of old passwords that are stored for a user. The correct
file is system-auth-generic.
VMware, Inc. 7
8 VMware, Inc.
About This Book
This manual, the ESX Configuration Guide, provides information on how to configure networking for ESX,
including how to create virtual switches and ports and how to set up networking for virtual machines,
VMotion, IP storage, and the service console. It also discusses configuring the file system and various types of
storage such as iSCSI, Fibre Channel, and so forth. To help you protect your ESX installation, the guide provides
a discussion of security features built into ESX and the measures you can take to safeguard it from attack. In
addition, it includes a list of ESX technical support commands along with their vSphere Client equivalents and
a description of the vmkfstools utility.
This information covers ESX 4.0.
Intended Audience
This manual is intended for anyone who needs to install, upgrade, or use ESX. The information in this manual
is written for experienced Windows or Linux system administrators who are familiar with virtual machine
technology and datacenter operations.
Document Feedback

The vSphere documentation consists of the combined VMware vCenter Server and ESX documentation set.

SAN Storage area network type datastore shared between

managed hosts
tmplt Template
VMware, Inc. 9
Table 1. Abbreviations (Continued)

VC vCenter Server


10 VMware, Inc.
Introduction to ESX Configuration 1
This guide describes the tasks you need to complete to configure ESX host networking, storage, and security.
In addition, it provides overviews, recommendations, and conceptual discussions to help you understand these
tasks and how to deploy a host to meet your needs.
Before you use this information, read the Introduction to vSphere for an overview of system architecture and the
physical and virtual devices that make up a vSphere system.
This introduction summarizes the contents of this guide.
Networking
The networking information provides you with a conceptual understanding of physical and virtual network
concepts, a description of the basic tasks you need to complete to configure your ESX host’s network
connections, and a discussion of advanced networking topics and tasks.
Storage
The storage information provides you with a basic understanding of storage, a description of the basic tasks
you perform to configure and manage your ESX host’s storage, and a discussion of how to set up raw device
mapping (RDM).
Security
The security information discusses safeguards that VMware has built into ESX and measures that you can take
to protect your host from security threats. These measures include using firewalls, taking advantage of the
security features of virtual switches, and setting up user authentication and permissions.
Host Profiles
This section describes the host profiles feature and how it is used to encapsulate the configuration of a host
into a host profile. This section also describes how to apply this host profile to another host or cluster, edit a
profile, and check a host’s compliance with a profile.
VMware, Inc. 11
Appendixes
The appendixes provide specialized information you might find useful when configuring an ESX host.
n ESX Technical Support Commands – Discusses the ESX configuration commands that you can issue
through a command-line shell such as secure shell (SSH). Although these commands are available for your
use, do not consider them to be an API that you can build scripts on. These commands are subject to change
and VMware does not support applications and scripts that rely on ESX configuration commands. This
appendix provides you with vSphere Client equivalents for these commands.
n Using vmkfstools – Discusses the vmkfstools utility, which you can use to perform management and
migration tasks for iSCSI disks.
12 VMware, Inc.
Networking
VMware, Inc. 13
14 VMware, Inc.
Introduction to Networking 2
This introduction to networking guides you through the basic concepts of ESX networking and how to set up
and configure a network in a vSphere environment.

n “Networking Concepts Overview,” on page 15
n “Network Services,” on page 16
n “View Networking Information in the vSphere Client,” on page 16
n “View Network Adapter Information in the vSphere Client,” on page 17
Networking Concepts Overview

A few concepts are essential for a thorough understanding of virtual networking. If you are new to ESX, it is
helpful to review these concepts.
A physical network is a network of physical machines that are connected so that they can send data to and
receive data from each other. VMware ESX runs on a physical machine.
A virtual network is a network of virtual machines running on a single physical machine that are connected
logically to each other so that they can send data to and receive data from each other. Virtual machines can be
connected to the virtual networks that you create when you add a network.
A physical Ethernet switch manages network traffic between machines on the physical network. A switch has
multiple ports, each of which can be connected to a single machine or another switch on the network. Each
port can be configured to behave in certain ways depending on the needs of the machine connected to it. The
switch learns which hosts are connected to which of its ports and uses that information to forward traffic to
the correct physical machines. Switches are the core of a physical network. Multiple switches can be connected
together to form larger networks.
A virtual switch, vSwitch, works much like a physical Ethernet switch. It detects which virtual machines are
logically connected to each of its virtual ports and uses that information to forward traffic to the correct virtual
machines. A vSwitch can be connected to physical switches by using physical Ethernet adapters, also referred
to as uplink adapters, to join virtual networks with physical networks. This type of connection is similar to
connecting physical switches together to create a larger network. Even though a vSwitch works much like a
physical switch, it does not have some of the advanced functionality of a physical switch.
A vNetwork Distributed Switch acts as a single vSwitch across all associated hosts on a datacenter. This allows
virtual machines to maintain consistent network configuration as they migrate across multiple hosts.
A dvPort is a port on a vNetwork Distributed Switch that connects to a host’s service console or VMkernel or
to a virtual machine’s network adapter.
VMware, Inc. 15
A port group specifies port configuration options such as bandwidth limitations and VLAN tagging policies
for each member port. Network services connect to vSwitches through port groups. Port groups define how a
connection is made through the vSwitch to the network. Typically, a single vSwitch is associated with one or
more port groups.
A dvPort group is a port group associated with a vNetwork Distributed Switch and specifies port configuration
options for each member port. dvPort Groups define how a connection is made through the vNetwork
Distributed Switch to the network.
NIC teaming occurs when multiple uplink adapters are associated with a single vSwitch to form a team. A
team can either share the load of traffic between physical and virtual networks among some or all of its
members, or provide passive failover in the event of a hardware failure or a network outage.
VLANs enable a single physical LAN segment to be further segmented so that groups of ports are isolated
from one another as if they were on physically different segments. The standard is 802.1Q.
The VMkernel TCP/IP networking stack supports iSCSI, NFS, and VMotion. Virtual machines run their own
systems’ TCP/IP stacks and connect to the VMkernel at the Ethernet level through virtual switches.
IP storage refers to any form of storage that uses TCP/IP network communication as its foundation. iSCSI can
be used as a virtual machine datastore, and NFS can be used as a virtual machine datastore and for direct
mounting of .ISO files, which are presented as CD-ROMs to virtual machines.
TCP Segmentation Offload, TSO, allows a TCP/IP stack to emit very large frames (up to 64KB) even though
the maximum transmission unit (MTU) of the interface is smaller. The network adapter then separates the
large frame into MTU-sized frames and prepends an adjusted copy of the initial TCP/IP headers.
Migration with VMotion enables a virtual machine that is powered on to be transferred from one ESX host to
another without shutting down the virtual machine. The optional VMotion feature requires its own license
key.
Network Services
A vNetwork provides several different services to the host and virtual machines.
You can enable three types of network services in ESX:

n Connecting virtual machines to the physical network and to each other.
n Connecting VMkernel services (such as NFS, iSCSI, or VMotion) to the physical network.
n Running management services for ESX via the service console. A service console port, which is set up by
default during installation, is required for ESX to connect to any network or remote services, including
the vSphere Client. Additional service console ports might be necessary for other services, such as iSCSI
storage.
View Networking Information in the vSphere Client

The vSphere Client displays general networking information and information specific to network adapters.
Procedure
1 Log in to the vSphere Client and select the host from the inventory panel.
2 Click the Configuration tab and click Networking.
3 Click Virtual Switch to view vNetwork Standard Switch networking on the host or Distributed Virtual
Switch to view vNetwork Distributed Switch networking on the host.
The Distributed Virtual Switch option appears only on hosts that are associated with a vNetwork
Distributed Switch.
Networking information is displayed for each virtual switch on the host.
16 VMware, Inc.
Chapter 2 Introduction to Networking
View Network Adapter Information in the vSphere Client

For each physical network adapter on the host, you can view information such as the speed, duplex, and
observed IP ranges.
Procedure
2 Click the Configuration tab, and click Network Adapters.

The network adapters panel displays the following information.
Option Description
Device Name of the network adapter
Speed Actual speed and duplex of the network adapter
Configured Configured speed and duplex of the network adapter
vSwitch vSwitch that the network adapter is associated with
Observed IP ranges IP addresses that the network adapter has access to
Wake on LAN supported Network adapter ability to support Wake on the LAN
VMware, Inc. 17
18 VMware, Inc.
Basic Networking with vNetwork
Standard Switches 3
The following topics guide you through basic vNetwork Standard Switch (vSwitch) network setup and
configuration in a vSphere environment.
Use the vSphere Client to add networking based on the categories that reflect the types of network services:
n Virtual machines
n VMkernel
n Service console

n “vNetwork Standard Switches,” on page 19
n “Port Groups,” on page 20
n “Port Group Configuration for Virtual Machines,” on page 20
n “VMkernel Networking Configuration,” on page 21
n “Service Console Configuration,” on page 23
n “vNetwork Standard Switch Properties,” on page 26
vNetwork Standard Switches

You can create abstracted network devices called vNetwork Standard Switches (vSwitches). A vSwitch can
route traffic internally between virtual machines and link to external networks.
You can use vSwitches to combine the bandwidth of multiple network adapters and balance communications
traffic among them. You can also configure a vSwitch to handle physical NIC failover.
A vSwitch models a physical Ethernet switch. The default number of logical ports for a vSwitch is 56, but it
can have up to 1016 ports in ESX. You can connect one network adapter of a virtual machine to each port. Each
uplink adapter associated with a vSwitch uses one port. Each logical port on the vSwitch is a member of a
single port group. Each vSwitch can also have one or more port groups assigned to it. You can create a
maximum of 127 vSwitches on a single host.
When two or more virtual machines are connected to the same vSwitch, network traffic between them is routed
locally. If an uplink adapter is attached to the vSwitch, each virtual machine can access the external network
that the adapter is connected to.
VMware, Inc. 19
Port Groups
Port groups aggregate multiple ports under a common configuration and provide a stable anchor point for
virtual machines connecting to labeled networks. You can create a maximum of 512 port groups on a single
host.
Each port group is identified by a network label, which is unique to the current host. Network labels are used
to make virtual machine configuration portable across hosts. All port groups in a datacenter that are physically
connected to the same network (in the sense that each can receive broadcasts from the others) are given the
same label. Conversely, if two port groups cannot receive broadcasts from each other, they have distinct labels.
A VLAN ID, which restricts port group traffic to a logical Ethernet segment within the physical network, is
optional. For a port group to reach port groups located on other VLANs, the VLAN ID must be set to 4095. If
you use VLAN IDs, you must change the port group labels and VLAN IDs together so that the labels properly
represent connectivity.
Port Group Configuration for Virtual Machines

You can add or modify a virtual machine port group from the vSphere Client.
The vSphere Client Add Network wizard guides you through the tasks to create a virtual network to which
virtual machines can connect, including creating a vSwitch and configuring settings for a network label.
When you set up virtual machine networks, consider whether you want to migrate the virtual machines in the
network between hosts. If so, be sure that both hosts are in the same broadcast domain—that is, the same Layer
2 subnet.
ESX does not support virtual machine migration between hosts in different broadcast domains because the
migrated virtual machine might require systems and resources that it would no longer have access to in the
new network. Even if your network configuration is set up as a high-availability environment or includes
intelligent switches that can resolve the virtual machine’s needs across different networks, you might
experience lag times as the Address Resolution Protocol (ARP) table updates and resumes network traffic for
Virtual machines reach physical networks through uplink adapters. A vSwitch can transfer data to external
networks only when one or more network adapters are attached to it. When two or more adapters are attached
to a single vSwitch, they are transparently teamed.
Add a Virtual Machine Port Group

Virtual machine port groups provide networking for virtual machines.
Procedure
3 Select the Virtual Switch view.
vSwitches appear in an overview that includes a details layout.
4 On the right side of the page, click Add Networking.
5 Accept the default connection type, Virtual Machines, and click Next.
20 VMware, Inc.
Chapter 3 Basic Networking with vNetwork Standard Switches
6 Select Create a virtual switch or one of the listed existing vSwitches and the associated physical adapters
to use for this port group.
You can create a new vSwitch with or without Ethernet adapters.
If you create a vSwitch without physical network adapters, all traffic on that vSwitch is confined to that
vSwitch. No other hosts on the physical network or virtual machines on other vSwitches can send or
receive traffic over this vSwitch. You might create a vSwitch without physical network adapters if you
want a group of virtual machines to be able to communicate with each other, but not with other hosts or
with virtual machines outside the group.
7 Click Next.
8 In the Port Group Properties group, enter a network label that identifies the port group that you are
creating.
Use network labels to identify migration-compatible connections common to two or more hosts.
9 (Optional) If you are using a VLAN, for VLAN ID, enter a number between 1 and 4094. If you are not
using a VLAN, leave this blank.
If you enter 0 or leave the option blank, the port group can see only untagged (non-VLAN) traffic. If you
enter 4095, the port group can see traffic on any VLAN while leaving the VLAN tags intact.
10 Click Next.
11 After you determine that the vSwitch is configured correctly, click Finish.
VMkernel Networking Configuration

A VMkernel networking interface is used for VMware VMotion and IP storage.
Moving a virtual machine from one host to another is called migration. Using VMotion, you can migrate
powered on virtual machines with no downtime. Your VMkernel networking stack must be set up properly
to accommodate VMotion.
IP storage refers to any form of storage that uses TCP/IP network communication as its foundation, which
includes iSCSI and NFS for ESX. Because these storage types are network based, they can use the same
VMkernel interface and port group.
The network services that the VMkernel provides (iSCSI, NFS, and VMotion) use a TCP/IP stack in the
VMkernel. This TCP/IP stack is completely separate from the TCP/IP stack used in the service console. Each
of these TCP/IP stacks accesses various networks by attaching to one or more port groups on one or more
vSwitches.
TCP/IP Stack at the VMkernel Level

The VMware VMkernel TCP/IP networking stack provides networking support in multiple ways for each of
the services it handles.
The VMkernel TCP/IP stack handles iSCSI, NFS, and vMotion in the following ways.
n iSCSI as a virtual machine datastore
n iSCSI for the direct mounting of .ISO files, which are presented as CD-ROMs to virtual machines
n NFS as a virtual machine datastore
n NFS for the direct mounting of .ISO files, which are presented as CD-ROMs to virtual machines
n Migration with VMotion
VMware, Inc. 21
If you have two or more physical NICs for iSCSI, you can create multiple paths for the software iSCSI by using
the port binding technique. For more information on port binding, see the iSCSI SAN Configuration Guide.
NOTE ESX supports only NFS version 3 over TCP/IP.
Set Up VMkernel Networking

Create a VMkernel network adapter for use as a VMotion interface or an IP storage port group.
Procedure
3 In the Virtual Switch view, click Add Networking.
4 Select VMkernel and click Next.
5 Select the vSwitch to use, or select Create a virtual switch to create a new vSwitch.
6 Select the check boxes for the network adapters your vSwitch will use.
Select adapters for each vSwitch so that virtual machines or other services that connect through the adapter
can reach the correct Ethernet segment. If no adapters appear under Create a new virtual switch, all the
network adapters in the system are being used by existing vSwitches. You can either create a new vSwitch
without a network adapter, or select a network adapter that an existing vSwitch uses.
7 Click Next.
8 Select or enter a network label and a VLAN ID.
Option Description
Network Label A name that identifies the port group that you are creating. This is the label
that you specify when configuring a virtual adapter to be attached to this
port group when configuring VMkernel services such as vMotion and IP
storage.
VLAN ID Identifies the VLAN that the port group’s network traffic will use.
9 Select Use this port group for VMotion to enable this port group to advertise itself to another host as the
network connection where vMotion traffic should be sent.
You can enable this property for only one vMotion and IP storage port group for each host. If this property
is not enabled for any port group, migration with vMotion to this host is not possible.
10 Choose whether to use this port group for fault tolerance logging, and click Next.
22 VMware, Inc.
11 Select Obtain IP settings automatically to use DHCP to obtain IP settings, or select Use the following IP
settings to specify IP settings manually.
If you choose to specify IP settings manually, provide this information.
a Enter the IP address and subnet mask for the VMkernel interface.
This address must be different from the IP address set for the service console.
b Click Edit to set the VMkernel Default Gateway for VMkernel services, such as vMotion, NAS, and
iSCSI.
c On the DNS Configuration tab, the name of the host is entered by default.
The DNS server addresses that were specified during installation are also preselected, as is the
domain.
d On the Routing tab, the service console and the VMkernel each need their own gateway information.
A gateway is needed for connectivity to machines not on the same IP subnet as the service console or
VMkernel. The default is static IP settings.
e Click OK, then click Next.
12 On an IPV6-enabled host, select No IPv6 settings to use only IPv4 settings on the VMkernel interface, or
select Use the following IPv6 settings to configure IPv6 for the VMkernel interface.
This screen does not appear when IPv6 is disabled on the host.
13 If you choose to use IPv6 for the VMkernel interface, select one of the following options for obtaining IPv6
addresses.
n Obtain IPv6 addresses automatically through DHCP
n Obtain IPv6 addresses automatically through router advertisement
n Static IPv6 addresses
14 If you choose to use static IPv6 addresses, complete the following steps.
a Click Add to add a new IPv6 address.
b Enter the IPv6 address and subnet prefix length, and click OK.
c To change the VMkernel default gateway, click Edit.
15 Click Next.
16 Review the information, click Back to change any entries, and click Finish.
Service Console Configuration

The service console and the VMkernel use virtual Ethernet adapters to connect to a vSwitch and to reach
networks that the vSwitch services.
Common service console configuration modifications include changing NICs and changing the settings for a
NIC that is in use.
If there is only one service console connection, changing the service console configuration is not allowed. For
a new connection, change the network settings to use an additional NIC. After you verify that the new
connection is functioning properly, remove the old connection. You are switching over to the new NIC.
You can create a maximum of 16 service console ports in ESX.
VMware, Inc. 23
Set Up Service Console Networking

A single service console network interface is set up during the ESX installation process. You can also add
additional service console interfaces after ESX is up and running.
Procedure
2 Click the Configuration tab, and click Networking.

4 Select Service Console, and click Next.
5 Select the vSwitch to use for network access, or select Create a new vSwitch, and click Next.
If no adapters appear in the Create a new virtual switch group, all network adapters in the system are
being used by existing vSwitches.
6 Enter the network label and VLAN ID, and click Next.
7 Enter the IP address and subnet mask, or select Obtain IP setting automatically.
8 Click Edit to set the service console default gateway and click Next.
9 On an IPV6-enabled host, select No IPv6 settings to use only IPv4 settings for the service console, or select
Use the following IPv6 settings to configure IPv6 for the service console.
This screen does not appear if IPv6 is disabled on the host.
10 If you choose to use IPv6, select how to obtain IPv6 addresses.
11 If you chose Static IPv6 addresses, do the following:
a Click Add to add a new IPv6 address.
b Enter the IPv6 address and subnet prefix length, and click OK.
c To change the service console default gateway, click Edit.
12 Click Next.
13 Review the information, click Back to change any entries, and click Finish.
Configure Service Console Ports

You can edit service console port properties, such as IP settings and networking policies.
Procedure
3 On the right side of the page, click Properties for the vSwitch that you want to edit.
4 In the vSwitch Properties dialog box, click the Ports tab.
5 Select Service Console and click Edit.
6 To continue with the service console configuration, click Continue modifying this connection.
7 Edit port properties, IP settings, and effective policies as necessary.
8 Click OK.
24 VMware, Inc.
Set the Default Gateway

You can configure one default gateway for the service console per TCP/IP stack.
CAUTION Make sure that your network settings are correct before saving your changes. If the network settings
are misconfigured, the UI can lose connectivity to the host, and you must then reconfigure the host from the
command line at the service console.
Procedure
1 Log into the vSphere Client and select the host from the inventory panel.
2 Click the Configuration tab, and click DNS and Routing.
3 Click Properties.
4 Click the Routing tab.
5 Under Service Console, set the default gateway and gateway device for service console networking.
For the service console, the gateway device is needed only when two or more network adapters are using
the same subnet. The gateway device determines which network adapter is used for the default route.
The service console and VMkernel are often not connected to the same network, so each needs its own
gateway information. A gateway is needed for connectivity to machines not on the same IP subnet as the
service console or VMkernel interfaces.
On an IPv6-enabled host, you can also select a default gateway for IPv6 and a gateway device for IPv6 for
service console networking.
6 Under VMkernel, set the default gateway for VMkernel networking.
On an IPv6-enabled host, you can also select a default gateway for IPv6 for VMkernel networking.
7 Click OK.
Display Service Console Information

You can view service console network information, such as the VLAN ID and network policies.
Procedure
1 Click the info icon to the left of the service console port group to display service console information.
2 Click the X to close the information pop-up window.
Using DHCP for the Service Console

In most cases, you use static IP addresses for the service console. You can also set up the service console to use
dynamic addressing, DHCP, if your DNS server can map the service console’s host name to the dynamically
generated IP address.
If your DNS server cannot map the host name to its DHCP-generated IP address, use the service console’s
numeric IP address to access the host. The numeric IP address might change as DHCP leases expire or when
the system is rebooted. For this reason, VMware does not recommend using DHCP for the service console
unless your DNS server can handle the host name translation.
VMware, Inc. 25
vNetwork Standard Switch Properties

vNetwork Standard Switch settings control vSwitch-wide defaults for ports, which can be overridden by port
group settings for each vSwitch. You can edit vSwitch properties, such as the uplink configuration and the
number of available ports.
Change the Number of Ports for a vSwitch

A vSwitch serves as a container for port configurations that use a common set of network adapters, including
sets that contain no network adapters at all. Each virtual switch provides a finite number of ports through
which virtual machines and network services can reach one or more networks.
Procedure
3 On the right side of the page, click Properties for the vSwitch that you want to edit.
4 Click the Ports tab.
5 Select the vSwitch item in the Configuration list, and click Edit.
7 Choose the number of ports that you want to use from the drop-down menu.
8 Click OK.
What to do next
Changes will not take effect until the system is restarted.
Change the Speed of an Uplink Adapter

You can change the connection speed and duplex of an uplink adapter.
Procedure
3 Select a vSwitch and click Properties.
4 Click the Network Adapters tab.
5 To change the configured speed and duplex value of a network adapter, select the network adapter and
click Edit.
6 To select the connection speed manually, select the speed and duplex from the drop-down menu.
Choose the connection speed manually if the NIC and a physical switch might fail to negotiate the proper
connection speed. Symptoms of mismatched speed and duplex include low bandwidth or no link
connectivity.
The adapter and the physical switch port it is connected to must be set to the same value, such as auto and
auto or ND and ND, where ND is some speed and duplex, but not auto and ND.
7 Click OK.
26 VMware, Inc.
Add Uplink Adapters

You can associate multiple adapters to a single vSwitch to provide NIC teaming. The team can share traffic
and provide failover.
Procedure

4 Click the Network Adapters tab.
5 Click Add to launch the Add Adapter wizard.
6 Select one or more adapters from the list and click Next.
7 (Optional) To reorder the NICs into a different category, select a NIC and click Move Up and Move
Down.
Option Description
Active Adapters Adapters that the vSwitch uses.
Standby Adapters Adapters that become active if one or more of the active adapters fails.
8 Click Next.
9 Review the information on the Adapter Summary page, click Back to change any entries, and click
Finish.
The list of network adapters reappears, showing the adapters that the vSwitch now claims.
10 Click Close to exit the vSwitch Properties dialog box.
The Networking section in the Configuration tab shows the network adapters in their designated order
and categories.
Cisco Discovery Protocol

Cisco Discovery Protocol (CDP) allows ESX administrators to determine which Cisco switch port is connected
to a given vSwitch. When CDP is enabled for a particular vSwitch, you can view properties of the Cisco switch
(such as device ID, software version, and timeout) from the vSphere Client.
VMware, Inc. 27
Enable CDP on an ESX Host

vSwitches are set to detect Cisco port information by default. You can also set the CDP mode so that a vSwitch
makes information available to the Cisco switch administrator.
Procedure
1 Log in directly to your ESX host's console.
2 View the current CDP mode for the a vSwitch by entering the esxcfg-vswitch -b <vSwitch> command.
If CDP is disabled, the mode will be shown as down.
3 Change the CDP mode by entering the esxcfg-vswitch -B <mode> <vSwitch> command.
Mode Description
down CDP is disabled.
listen ESX detects and displays information about the associated Cisco switch port,
but information about the vSwitch is not available to the Cisco switch
administrator.
advertise ESX makes information about the vSwitch available to the Cisco switch
administrator, but does not detect and display information about the Cisco
switch.
both ESX detects and displays information about the associated Cisco switch and
makes information about the vSwitch available to the Cisco switch
administrator.
View Cisco Switch Information on the vSphere Client

When CDP is set to listen or both, you can view Cisco switch information.
Procedure
3 Click the info icon to the right of the vSwitch.
NOTE Because the CDP advertisements of Cisco equipment typically occur once a minute, a noticeable
delay might occur between enabling CDP on ESX and the availability of CDP data from the vSphere client.
28 VMware, Inc.
Basic Networking with vNetwork
Distributed Switches 4
These topics guide you through the basic concepts of networking with vNetwork Distributed Switches and
how to set up and configure networking with vNetwork Distributed Switches in a vSphere environment.

n “vNetwork Distributed Switch Architecture,” on page 29
n “Configuring a vNetwork Distributed Switch,” on page 30
n “dvPort Groups,” on page 32
n “Private VLANs,” on page 34
n “Configuring vNetwork Distributed Switch Network Adapters,” on page 35
n “Configuring Virtual Machine Networking on a vNetwork Distributed Switch,” on page 39
vNetwork Distributed Switch Architecture

A vNetwork Distributed Switch functions as a single virtual switch across all associated hosts. This allows
virtual machines to maintain a consistent network configuration as they migrate across multiple hosts.
Like a vNetwork Standard Switch, each vNetwork Distributed Switch is a network hub that virtual machines
can use. A vNetwork Distributed Switch can forward traffic internally between virtual machines or link to an
external network by connecting to physical Ethernet adapters, also known as uplink adapters.
Each vNetwork Distributed Switch can also have one or more dvPort groups assigned to it. dvPort groups
group multiple ports under a common configuration and provide a stable anchor point for virtual machines
connecting to labeled networks. Each dvPort group is identified by a network label, which is unique to the
current datacenter. A VLAN ID, which restricts port group traffic to a logical Ethernet segment within the
physical network, is optional.
In addition to VMware vNetwork Distributed Switches, vSphere 4 also provides initial support for third-party
virtual switches. For information on configuring these third-party switches, visit
http://www.cisco.com/go/1000vdocs.
VMware, Inc. 29
Configuring a vNetwork Distributed Switch

You can create a vNetwork Distributed Switch on a vCenter Server datacenter. After you have created a
vNetwork Distributed Switch, you can add hosts, create dvPort groups, and edit vNetwork Distributed Switch
properties and policies.
Create a vNetwork Distributed Switch

Create a vNetwork Distributed Switch to handle networking traffic for associated hosts on the datacenter.
Procedure
1 Log in to the vSphere Client and display the datacenter in Networking view.
2 From the Inventory menu, select Datacenter > vNetwork Distributed Switch.
The Create vNetwork Distributed Switch wizard appears.
3 Enter a name for the vNetwork Distributed Switch in the Name field.
4 Select the Number of dvUplink Ports, and click Next.
dvUplink ports connect the vNetwork Distributed Switch to physical NICs on associated ESX hosts. The
number of dvUplink ports is the maximum number of allowed physical connections to the vNetwork
Distributed Switch per host.
5 Click Next.
6 Choose Add now or Add later.
7 If you chose Add now, select the hosts and physical adapters to use by clicking the check box next to each
host or adapter. You can add only physical adapters that are not already in use during vNetwork
Distributed Switch creation.
8 Click Next.
9 Choose whether to Automatically create a default port group.
This option creates an early-binding port group with 128 ports. For systems with complex port group
requirements, skip the default port group and create a new dvPort group after you have finished adding
the vNetwork Distributed Switch.
10 Review the vNetwork Distributed Switch diagram to ensure proper configuration, and click Finish.
What to do next
If you chose to add hosts later, you must add hosts to the vNetwork Distributed Switch before adding network
adapters.
Network adapters can be added from the host configuration page of the vSphere Client or by using Host
Profiles.
Add a Host to a vNetwork Distributed Switch

Use the Add Host to vNetwork Distributed Switch wizard to associate a host with a vNetwork Distributed
Switch. You can also add hosts to a vNetwork Distributed Switch using Host Profiles.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the vNetwork Distributed Switch.
2 From the Inventory menu, select Distributed Virtual Switch > Add Host.
The Add Host to vNetwork Distributed Switch wizard appears.
30 VMware, Inc.
Chapter 4 Basic Networking with vNetwork Distributed Switches
3 Select the host to add.
4 Under the selected host, select the physical adapters to add, and click Next.
You may select both free and in use physical adapters. If you select an adapter that is currently in use by
a host, choose whether to move the associated virtual adapters to the vNetwork Distributed Switch.
NOTE Moving a physical adapter to a vNetwork Distributed Switch without moving any associated virtual
adapters will cause those virtual adapters to lose network connectivity.
5 Click Finish.
Edit General vNetwork Distributed Switch Settings

You can edit the general properties for a vNetwork Distributed Switch, such as the vNetwork Distributed
Switch name and the number of uplink ports on the vNetwork Distributed Switch.
Procedure
2 From the Inventory menu, select Distributed Virtual Switch > Edit Settings.
3 Select General to edit the following vNetwork Distributed Switch settings.
a Enter the name for the vNetwork Distributed Switch.
b Select the number of uplink ports.
c To edit uplink port names, click Edit uplink port names, enter the new names, and click OK.
d Enter any notes for the vNetwork Distributed Switch.
4 Click OK.
Edit Advanced vNetwork Distributed Switch Settings

Use the vNetwork Distributed Switch Settings dialog box to configure advanced vNetwork Distributed Switch
settings such as Cisco Discovery Protocol and the maximum MTU for the vNetwork Distributed Switch.
Procedure
3 Select Advanced to edit the following vNetwork Distributed Switch properties.
a Specify the maximum MTU size.
b Select the Enable Cisco Discovery Protocol check box to enable CDP, and set the operation to
Listen, Advertise, or Both.
c Enter the name and other details for the vNetwork Distributed Switch administrator in the Admin
Contact Info section.
4 Click OK.
VMware, Inc. 31
View Network Adapter Information for a vNetwork Distributed Switch

View physical network adapters and uplink assignments for a vNetwork Distributed Switch from the
networking inventory view of the vSphere Client.
Procedure
3 On the Network Adapters tab, you can view network adapter and uplink assignments for associated hosts.
This tab is read-only. vNetwork Distributed Switch network adapters must be configured at the host level.
4 Click OK.
dvPort Groups
A dvPort group specifies port configuration options for each member port on a vNetwork Distributed Switch.
dvPort groups define how a connection is made to a network.
Add a dvPort Group

Use the Create dvPort Group wizard to add a dvPort group to a vNetwork Distributed Switch.
Procedure
2 From the Inventory menu, select Distributed Virtual Switch > New Port Group.
3 Enter a name and the number of ports for the dvPort group.
4 Choose a VLAN type.
Option Description
None Do not use VLAN.
VLAN In the VLAN ID field, enter a number between 1 and 4094.
VLAN Trunking Enter a VLAN trunk range.
Private VLAN Select a private VLAN entry. If you have not created any private VLANs,
this menu is empty.
5 Click Next.
6 Click Finish.
Edit General dvPort Group Properties

Use the dvPort Group Properties dialog box to configure general dvPort group properties such as the dvPort
group name and port group type.
Procedure
1 In the vSphere Client, display the Networking inventory view and select the dvPort group.
2 From the Inventory menu, select Network > Edit Settings.
32 VMware, Inc.
3 Select General to edit the following dvPort group properties.
Option Action
Name Enter the name for the dvPort group.
Description Enter a brief description of the dvPort group.
Number of Ports Enter the number of ports on the dvPort group.
Port binding Choose when ports are assigned to virtual machines connected to this dvPort
group.
n Select Static binding to assign a port to a virtual machine when the
virtual machine is connected to the dvPort group.
n Select Dynamic binding to assign a port to a virtual machine the first
time the virtual machine powers on after it is connected to the dvPort
group.
n Select Ephemeral for no port binding.
4 Click OK.
Edit Advanced dvPort Group Properties

Use the dvPort Group Properties dialog box to configure advanced dvPort group properties such as the port
name format and override settings.
Procedure
3 Select Advanced to edit the dvPort group properties.
a Select Allow port policies to be overridden to allow dvPort group policies to be overridden on a per-
port level.
b Click Edit Override Settings to select which policies can be overridden.
c Choose whether to allow live port moving.
d Select Config reset at disconnect to discard per-port configurations when a dvPort is disconnected
from a virtual machine.
e Select Binding on host allowed to specify that when vCenter Server is down, ESX can assign a dvPort
to a virtual machine.
f Select Port name format to provide a template for assigning names to the dvPorts in this group.
4 Click OK.
Configure dvPort Settings

Use the Port Settings dialog box to configure general dvPort properties such as the port name and description.
Procedure
1 Log in to the vSphere Client and display the vNetwork Distributed Switch.
2 On the Ports tab, right-click the port to modify and select Edit Settings.
3 Click General.
4 Modify the port name and description.
5 Click OK.
VMware, Inc. 33
Private VLANs
Private VLANs are used to solve VLAN ID limitations and waste of IP addresses for certain network setups.
A private VLAN is identified by its primary VLAN ID. A primary VLAN ID can have multiple secondary
VLAN IDs associated with it. Primary VLANs are Promiscuous, so that ports on a private VLAN can
communicate with ports configured as the primary VLAN. Ports on a secondary VLAN can be either
Isolated, communicating only with promiscuous ports, or Community, communicating with both
promiscuous ports and other ports on the same secondary VLAN.
To use private VLANs between an ESX host and the rest of the physical network, the physical switch connected
to the ESX host needs to be private VLAN-capable and configured with the VLAN IDs being used by ESX for
the private VLAN functionality. For physical switches using dynamic MAC+VLAN ID based learning, all
corresponding private VLAN IDs must be first entered into the switch's VLAN database.
In order to configure dvPorts to use Private VLAN functionality, you must first create the necessary Private
VLANs on the vNetwork Distributed Switch that the dvPorts are connected to.
Create a Private VLAN

You can create a private VLAN for use on a vNetwork Distributed Switch and its associated dvPorts.
Procedure
2 From the Inventory menu, select vNetwork Distributed Switch > Edit Settings.
3 Select the Private VLAN tab.
4 Under Primary Private VLAN ID, click [Enter a Private VLAN ID here], and enter the number of the
primary private VLAN.
5 Click anywhere in the dialog box, and then select the primary private VLAN that you just added.
The primary private VLAN you added appears under Secondary Private VLAN ID.
6 For each new secondary private VLAN, click [Enter a Private VLAN ID here] under Secondary Private
VLAN ID, and enter the number of the secondary private VLAN.
7 Click anywhere in the dialog box, select the secondary private VLAN that you just added, and select either
Isolated or Community for the port type.
8 Click OK.
Remove a Primary Private VLAN

Remove unused primary private VLANs from the networking inventory view of the vSphere Client.
Prerequisites
Before removing a private VLAN, be sure that no port groups are configured to use it.
Procedure
34 VMware, Inc.
4 Select the primary private VLAN to remove.
5 Click Remove under Primary Private VLAN ID, and click OK.
Removing a primary private VLAN also removes all associated secondary private VLANs.
Remove a Secondary Private VLAN

Remove unused secondary private VLANs from the networking inventory view of the vSphere Client.
Prerequisites
Before removing a private VLAN, be sure that no port groups are configured to use it.
Procedure
4 Select a primary private VLAN to display its associated secondary private VLANs.
5 Select the secondary private VLAN to remove.
6 Click Remove under Secondary Private VLAN ID, and click OK.
Configuring vNetwork Distributed Switch Network Adapters

The vNetwork Distributed Switch networking view of the host configuration page displays the configuration
of the host’s associated vNetwork Distributed Switches and allows you to configure the vNetwork Distributed
Switch network adapters and uplink ports.
Managing Physical Adapters

For each host associated with a vNetwork Distributed Switch, you must assign physical network adapters, or
uplinks, to the vNetwork Distributed Switch. You can assign one uplink on each host per uplink port on the
vNetwork Distributed Switch.
Add an Uplink to a vNetwork Distributed Switch

Physical uplinks must be added to a vNetwork Distributed Switch in order for virtual machines and virtual
network adapters connected to the vNetwork Distributed Switch to connect to networks outside the hosts on
which they reside.
Procedure
1 Log in to the vSphere Client and select a host from the inventory panel.
3 Select the vNetwork Distributed Switch view.
4 Click Manage Physical Adapters.
5 Click Click to Add NIC for the uplink port to add an uplink to.
6 Select the physical adapter to add. If you select an adapter that is attached to another switch, it is removed
from that switch and reassigned to this vNetwork Distributed Switch.
7 Click OK.
VMware, Inc. 35
Remove an Uplink from a vNetwork Distributed Switch

An uplink that is associated with a vNetwork Distributed Switch cannot be added to a vSwitch or another
vNetwork Distributed Switch.
Procedure
1 Log in to the vSphere Client and select a host from the inventory panel.
4 Click Manage Physical Adapters.
5 Click Remove for the uplink to remove.
6 Click OK.
Managing Virtual Network Adapters

Virtual network adapters handle host network services over a vNetwork Distributed Switch.
You can configure service console and VMkernel virtual adapters for an ESX host through an associated
vNetwork Distributed Switch either by creating new virtual adapters or migrating existing virtual adapters.
Create a VMkernel Network Adapter on a vNetwork Distributed Switch

Create a VMkernel network adapter for use as a VMotion interface or an IP storage port group.
Procedure
4 Click Manage Virtual Adapters.
5 Click Add.
6 Select New virtual adapter, and click Next.
7 Select VMkernel, and click Next.

8 Under Network Connection, select the vNetwork Distributed Switch and the associated port group, or
select Standalone Port to which to add this virtual adapter.
9 Select Use this virtual adapter for VMotion to enable this port group to advertise itself to another ESX
host as the network connection where VMotion traffic is sent.
You can enable this property for only one VMotion and IP storage port group for each ESX host. If this
property is not enabled for any port group, migration with VMotion to this host is not possible.
10 Choose whether to Use this virtual adapter for fault tolerance logging.
11 Under IP Settings, specify the IP address and subnet mask.
12 Click Edit to set the VMkernel default gateway for VMkernel services, such as VMotion, NAS, and iSCSI.
13 On the DNS Configuration tab, the name of the host is entered by default. The DNS server addresses and
domain that were specified during installation are also preselected.
36 VMware, Inc.
14 On the Routing tab, the service console and the VMkernel each need their own gateway information. A
gateway is needed for connectivity to machines not on the same IP subnet as the service console or
VMkernel.
Static IP settings is the default.
15 Click OK, and then click Next.
16 Click Finish.
Create a Service Console Network Adapter on a vNetwork Distributed Switch

Create a service console network adapter on a vNetwork Distributed Switch from the configuration page of
an associated host.
Procedure
5 Click Add.
6 Select New virtual adapter, and click Next.
7 Select Service Console, and click Next.
10 Click Edit to set the service console default gateway.
11 Click Next.
12 Click Finish.
Migrate an Existing Virtual Adapter to a vNetwork Distributed Switch

Migrate an existing virtual adapter from a vNetwork Standard Switch to a vNetwork Distributed Switch from
the host configuration page.
Procedure
5 Click Add.
6 Select Migrate existing virtual network adapters, and click Next.
7 In the Select by drop-down menu, choose whether to connect this virtual adapter to a port group or a
standalone dvPort.
8 Select one or more virtual network adapters to migrate.
9 For each selected adapter, choose a port group or dvPort from the Select a port group or Select a port
drop-down menu.
VMware, Inc. 37
10 Click Next.
11 Click Finish.
Migrate a Virtual Adapter to a vNetwork Standard Switch

Use the Migrate to Virtual Switch wizard to migrate an existing virtual adapter from a vNetwork Distriubted
Switch to a vNetwork Standard Switch.
Procedure
The hardware configuration page for this server appears.
5 Select the virtual adapter to migrate, and click Migrate to Virtual Switch.
The Migrate Virtual Adapter wizard appears.
6 Select the vSwitch to migrate the adapter to and click Next.
7 Enter a Network Label and optionally a VLAN ID for the virtual adapter, and click Next.
8 Click Finish to migrate the virtual adapter and complete the wizard.
Edit the VMkernel Configuration on a vNetwork Distributed Switch

You can edit the properties of an existing VMkernel adapter on a vNetwork Distributed Switch from the
associated host.
Procedure
5 Select the VMkernel adapter to modify and click Edit.
7 Select Use this virtual adapter for VMotion to enable this port group to advertise itself to another ESX
host as the network connection where VMotion traffic is sent.
You can enable this property for only one VMotion and IP storage port group for each ESX host. If this
property is not enabled for any port group, migration with VMotion to this host is not possible.
8 Choose whether to Use this virtual adapter for fault tolerance logging.
9 Under IP Settings, specify the IP address and subnet mask, or select Obtain IP settings automatically.
10 Click Edit to set the VMkernel default gateway for VMkernel services, such as VMotion, NAS, and iSCSI.
11 Click OK.
38 VMware, Inc.
Edit the Service Console Configuration on a vNetwork Distributed Switch

Edit the properties of a service console virtual adapter from the networking view of the host configuration
page.
Procedure
5 Select the service console adapter to modify and click Edit.
8 Click Edit to set the service console default gateway.
9 Click OK.
Remove a Virtual Adapter

Remove a virtual network adapter from a vNetwork Distributed Switch in the Manage Virtual Adapters dialog
box.
Procedure
5 Select the virtual adapter to remove and click Remove.
A dialog box appears with the message, Are you sure you want to remove <adapter name>?
6 Click Yes.
Configuring Virtual Machine Networking on a vNetwork Distributed

Switch
Virtual machines can be connected to a vNetwork Distributed Switch either by configuring an individual
virtual machine NIC or migrating groups of virtual machines from the vNetwork Distributed Switch itself.
Virtual machines are connected to vNetwork Distributed Switches by connecting their associated virtual
network adapters to dvPort groups. This can be done either for an individual virtual machine by modifying
the virtual machine’s network adapter configuration, or for a group of virtual machines by migrating virtual
machines from an existing virtual network to a vNetwork Distributed Switch.
VMware, Inc. 39
Migrate Virtual Machines to or from a vNetwork Distributed Switch

In addition to connecting virtual machines to a vNetwork Distributed Switch at the individual virtual machine
level, you can migrate a group of virtual machines between a vNetwork Distributed Switch network and a
vNetwork Standard Switch network.
Procedure
2 From the Inventory menu, select Distributed Virtual Switch > Migrate Virtual Machine Networking.
The Migrate Virtual Machine Networking wizard appears.
3 In the Select Source Network drop-down menu, select the virtual network to migrate from.
4 Select the virtual network to migrate to from the Select Destination Network drop-down menu.
5 Click Show Virtual Machines.
Virtual machines associated with the virtual network you are migrating from are displayed in the Select
Virtual Machines field.
6 Select virtual machines to migrate to the destination virtual network, and click OK.
Connect an Individual Virtual Machine to a dvPort Group

Connect an individual virtual machine to a vNetwork Distributed Switch by modifying the virtual machine's
NIC configuration.
Procedure
1 Log in to the vSphere Client and select the virtual machine from the inventory panel.
2 On the Summary tab, click Edit Settings.
3 On the Hardware tab, select the virtual network adapter.
4 Select the dvPort group to migrate to from the Network Label drop-down menu, and click OK.
40 VMware, Inc.
Advanced Networking 5
The following topics guide you through advanced networking in an ESX environment, and how to set up and
change advanced networking configuration options.

n “Internet Protocol Version 6,” on page 41
n “Networking Policies,” on page 42
n “Change the DNS and Routing Configuration,” on page 55
n “MAC Addresses,” on page 56
n “TCP Segmentation Offload and Jumbo Frames,” on page 57
n “NetQueue and Networking Performance,” on page 60
n “VMDirectPath Gen I,” on page 61
Internet Protocol Version 6

vSphere supports both Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) environments.
The Internet Engineering Task Force has designated IPv6 as the successor to IPv4. The adoption of IPv6, both
as a standalone protocol and in a mixed environment with IPv4, is rapidly increasing. With IPv6, you can use
vSphere features such as NFS in an IPv6 environment.
A major difference between IPv4 and IPv6 is address length. IPv6 uses a 128-bit address rather than the 32-bit
addresses used by IPv4. This helps alleviate the problem of address exhaustion that is present with IPv4 and
eliminates the need for network address translation (NAT). Other notable differences include link-local
addresses that appear as the interface is initialized, addresses that are set by router advertisements, and the
ability to have multiple IPv6 addresses on an interface.
An IPv6-specific configuration in vSphere involves providing IPv6 addresses, either by entering static
addresses or by using DHCP for all relevant vSphere networking interfaces. IPv6 addresses can also be
configured using stateless autoconfiguration sent by router advertisement.
Enable IPv6 Support on an ESX Host

You can enable or disable IPv6 support on the host.
Procedure
1 Click the arrow next to the Inventory button in the navigation bar and select Hosts and Clusters.
2 Select the host and click the Configuration tab.
3 Click the Networking link under Hardware.
VMware, Inc. 41
4 In the Virtual Switch view, click the Properties link.
5 Select Enable IPv6 support on this host and click OK.
6 Reboot the host.
Networking Policies
Any policies set at the vSwitch or dvPort group level are applied to all of the port groups on that vSwitch or
dvPorts in the dvPort group, except for the configuration options that are overridden at the port group or
dvPort level.
The following networking policies can be applied

n Load balancing and failover
n VLAN (vNetwork Distributed Switch only)
n Security
n Traffic shaping
n Port blocking policies (vNetwork Distributed Switch only)
Load Balancing and Failover Policy

Load balancing and failover policies allow you to determine how network traffic is distributed between
adapters and how to re-route traffic in the event of adapter failure.
You can edit your load balancing and failover policy by configuring the following parameters:
n Load Balancing policy determines how outgoing traffic is distributed among the network adapters
assigned to a vSwitch.
NOTE Incoming traffic is controlled by the load balancing policy on the physical switch.
n Failover Detection controls the link status and beacon probing. Beaconing is not supported with guest
VLAN tagging.
n Network Adapter Order can be active or standby.
Edit the Failover and Load Balancing Policy on a vSwitch

Failover and load balancing policies allow you to determine how network traffic is distributed between
adapters and how to re-route traffic in the event of an adapter failure..
Procedure
4 In the vSwitch Properties dialog box, click the Ports tab.
5 To edit the failover and load balancing values for the vSwitch, select the vSwitch item and click
Properties.
6 Click the NIC Teaming tab.
You can override the failover order at the port group level. By default, new adapters are active for all
policies. New adapters carry traffic for the vSwitch and its port group unless you specify otherwise.
42 VMware, Inc.
Chapter 5 Advanced Networking
7 Specify the settings in the Policy Exceptions group.
Option Description
Load Balancing Specify how to choose an uplink.
n Route based on the originating port ID — Choose an uplink based on
the virtual port where the traffic entered the virtual switch.
n Route based on ip hash — Choose an uplink based on a hash of the
source and destination IP addresses of each packet. For non-IP packets,
whatever is at those offsets is used to compute the hash.
n Route based on source MAC hash — Choose an uplink based on a hash
of the source Ethernet.
n Use explicit failover order — Always use the highest order uplink from
the list of Active adapters which passes failover detection criteria.
NOTE IP-based teaming requires that the physical switch be configured with
etherchannel. For all other options, etherchannel should be disabled.
Network Failover Detection Specify the method to use for failover detection.
n Link Status only – Relies solely on the link status that the network
adapter provides. This option detects failures, such as cable pulls and
physical switch power failures, but not configuration errors, such as a
physical switch port being blocked by spanning tree or that is
misconfigured to the wrong VLAN or cable pulls on the other side of a
physical switch.
n Beacon Probing – Sends out and listens for beacon probes on all NICs
in the team and uses this information, in addition to link status, to
determine link failure. This detects many of the failures previously
mentioned that are not detected by link status alone.
Notify Switches Select Yes or No to notify switches in the case of failover.
If you select Yes, whenever a virtual NIC is connected to the vSwitch or
whenever that virtual NIC’s traffic would be routed over a different physical
NIC in the team because of a failover event, a notification is sent out over the
network to update the lookup tables on physical switches. In almost all cases,
this process is desirable for the lowest latency of failover occurrences and
migrations with VMotion.
NOTE Do not use this option when the virtual machines using the port group
are using Microsoft Network Load Balancing in unicast mode. No such issue
exists with NLB running in multicast mode.
Failback Select Yes or No to disable or enable failback.
This option determines how a physical adapter is returned to active duty
after recovering from a failure. If failback is set to Yes (default), the adapter
is returned to active duty immediately upon recovery, displacing the standby
adapter that took over its slot, if any. If failback is set to No, a failed adapter
is left inactive even after recovery until another currently active adapter fails,
requiring its replacement.
Failover Order Specify how to distribute the work load for uplinks. If you want to use some
uplinks but reserve others for emergencies in case the uplinks in use fail, set
this condition by moving them into different groups:
n Active Uplinks — Continue to use the uplink when the network adapter
connectivity is up and active.
n Standby Uplinks — Use this uplink if one of the active adapter’s
connectivity is down.
n Unused Uplinks — Do not use this uplink.
8 Click OK.
VMware, Inc. 43
Edit the Failover and Load Balancing Policy on a Port Group

You can edit the failover and load balancing policy configuration for a port group.
Procedure
3 Select a port group and click Edit.
4 In the Properties dialog box, click the Ports tab.
5 To edit the Failover and Load Balancing values for the vSwitch, select the vSwitch item and click
Properties.
6 Click the NIC Teaming tab.
You can override the failover order at the port-group level. By default, new adapters are active for all
policies. New adapters carry traffic for the vSwitch and its port group unless you specify otherwise.
7 Specify the settings in the Policy Exceptions group.
Option Description
physical switch.
44 VMware, Inc.
Option Description
8 Click OK.
Edit the Teaming and Failover Policy on a dvPort Group

Teaming and Failover policies allow you to determine how network traffic is distributed between adapters
and how to re-route traffic in the event of an adapter failure.
Procedure
3 Select Policies.
4 In the Teaming and Failover group, specify the following.
Option Description
physical switch.
NOTE Do not use beacon probing with IP-has load balancing.
VMware, Inc. 45
Option Description
NOTE When using IP-has load balancing, do not configure standby uplinks.
5 Click OK.
Edit dvPort Teaming and Failover Policies

Teaming and Failover policies allow you to determine how network traffic is distributed between adapters
and how to re-route traffic in the event of an adapter failure.
Prerequisites
To edit the teaming and failover policies on an individual dvPort, the associated dvPort group must be set to
allow policy overrides.
Procedure
The Port Settings dialog box appears.

3 Click Policies to view and modify port networking policies.
46 VMware, Inc.
4 In the Teaming and Failover group, specify the following.
Option Description
physical switch.
NOTE Do not use beacon probing with IP-has load balancing.
NOTE When using IP-has load balancing, do not configure standby uplinks.
5 Click OK.
VMware, Inc. 47
VLAN Policy
The VLAN policy allows virtual networks to join physical VLANs.
Edit the VLAN Policy on a dvPort Group

You can edit the VLAN policy configuration on a dvPort group.
Procedure
3 Select VLAN.
4 Select the VLAN Type to use.
Option Description
None Do not use VLAN.
VLAN In the VLAN ID field, enter a number between 1 and 4094.
Private VLAN Select an available private VLAN to use.
Edit dvPort VLAN Policies

A VLAN policy set at the dvPort level allows the individual dvPort to override the VLAN policy set at the
dvPort group level.
Prerequisites
To edit the VLAN policies on an individual dvPort, the associated dvPort group must be set to allow policy
overrides.
Procedure
3 Click Policies.
4 Select the VLAN type to use.
Option Action
None Do not use a VLAN.
VLAN For the VLAN ID, enter a number between 1 and 4095.
Private VLAN Select an available private VLAN to use.
5 Click OK.
Security Policy
Networking security policies determine how the adapter filters inbound and outbound frames.
Layer 2 is the Data Link Layer. The three elements of the security policy are promiscuous mode, MAC address
changes, and forged transmits.
48 VMware, Inc.
In nonpromiscuous mode, a guest adapter listens only to traffic forwarded to own MAC address. In
promiscuous mode, it can listen to all the frames. By default, guest adapters are set to nonpromiscuous mode.
Edit the Layer 2 Security Policy on a vSwitch

Control how inbound and outbound frames are handled by editing Layer 2 Security policies.
Procedure
1 Log in to the VMware vSphere Client and select the host from the inventory panel.

3 Click Properties for the vSwitch to edit.
5 Select the vSwitch item and click Edit.
6 In the Properties dialog box, click the Security tab.
By default, Promiscuous Mode is set to Reject, and MAC Address Changes and Forged Transmits are
set to Accept.
The policy applies to all virtual adapters on the vSwitch, unless the port group for the virtual adapter
specifies a policy exception.
7 In the Policy Exceptions pane, select whether to reject or accept the security policy exceptions.
Mode Reject Accept
Promiscuous Mode Placing a guest adapter in Placing a guest adapter in promiscuous mode
promiscuous mode has no causes it to detect all frames passed on the
effect on which frames are vSwitch that are allowed under the VLAN policy
received by the adapter. for the port group that the adapter is connected
to.
MAC Address Changes If the guest OS changes the If the MAC address from the guest OS changes,
MAC address of the adapter to frames to the new MAC address are received.
anything other than what is in
the .vmx configuration file, all
inbound frames are dropped.
If the guest OS changes the
MAC address back to match
the MAC address in the .vmx
configuration file, inbound
frames are sent again.
Forged Transmits Outbound frames with a No filtering is performed, and all outbound
source MAC address that is frames are passed.
different from the one set on
the adapter are dropped.
8 Click OK.
Edit the Layer 2 Security Policy Exception on a Port Group

Control how inbound and outbound frames are handled by editing Layer 2 Security policies.
Procedure
1 Log in to the VMware vSphere Client and select the host from the inventory panel.
3 Click Properties for the port group to edit.
VMware, Inc. 49
5 Select the port group item and click Edit.
6 In the Properties dialog box for the port group, click the Security tab.
By default, Promiscuous Mode is set to Reject. MAC Address Changes and Forged Transmits are set to
Accept.
The policy exception overrides any policy set at the vSwitch level.
Mode Reject Accept
to.
8 Click OK.
Edit the Security Policy on a dvPort Group

Control how inbound and outbound frames for a dvPort group are handled by editing the Security policies.
Procedure
3 In the Properties dialog box for the port group, click the Security tab.
By default, Promiscuous Mode is set to Reject. MAC Address Changes and Forged Transmits are set to
Accept.
The policy exception overrides any policy set at the vSwitch level.
50 VMware, Inc.
Mode Reject Accept
to.
5 Click OK.
Edit dvPort Security Policies

Control how inbound and outbound frames for a dvPort are handled by editing the Security policies.
Prerequisites
To edit the Security policies on an individual dvPort, the associated dvPort group must be set to allow policy
overrides.
Procedure
3 Click Policies.
By default, Promiscuous Mode is set to Reject, and MAC Address Changes and Forged Transmits are
set to Accept.
VMware, Inc. 51
4 In the Security group, select whether to reject or accept the security policy exceptions:
Mode Reject Accept
to.
5 Click OK.
Traffic Shaping Policy

A traffic shaping policy is defined by three characteristics: average bandwidth, peak bandwidth, and burst
size. You can establish a traffic shaping policy for each port group and each dvPort or dvPort group.
ESX shapes outbound network traffic on vSwitches and both inbound and outbound traffic on a vNetwork
Distributed Switch. Traffic shaping restricts the network bandwidth available on a port, but can also be
configured to allow “bursts” of traffic to flow through at higher speeds.
Average Bandwidth Establishes the number of bits per second to allow across a port, averaged over
time—the allowed average load.
Peak Bandwidth The maximum number of bits per second to allow across a port when it is
sending or receiving a burst of traffic. This tops the bandwidth used by a port
whenever it is using its burst bonus.
Burst Size The maximum number of bytes to allow in a burst. If this parameter is set, a
port might gain a burst bonus if it does not use all its allocated bandwidth.
Whenever the port needs more bandwidth than specified by Average
Bandwidth, it might be allowed to temporarily transmit data at a higher speed
if a burst bonus is available. This parameter tops the number of bytes that have
accumulated in the burst bonus and thus transfers at a higher speed.
Edit the Traffic Shaping Policy on a vSwitch

Use traffic shaping policies to control the bandwidth and burst size on a vSwitch.
Procedure
3 Click Properties for the vSwitch to edit.
52 VMware, Inc.
5 Select the vSwitch item and click Edit.
6 In the Properties dialog box, click the Traffic Shaping tab.
When traffic shaping is disabled, the options are dimmed. You can selectively override all traffic-shaping
features at the port group level if traffic shaping is enabled.
This policy is applied to each individual virtual adapter attached to the port group, not to the vSwitch as
a whole.
NOTE Peak bandwidth cannot be less than the specified average bandwidth.
Option Description
Status If you enable the policy exception in the Status field, you are setting limits
on the amount of networking bandwidth allocated for each virtual adapter
associated with this particular port group. If you disable the policy, services
have a free and clear connection to the physical network.
Average Bandwidth A value measured over a particular period of time.
Peak Bandwidth Limits the maximum bandwidth during a burst. It can never be smaller than
the average bandwidth.
Burst Size Specifies how large a burst can be in kilobytes (KB).
Edit the Traffic Shaping Policy on a Port Group

Use traffic shaping policies to control the bandwidth and burst size on a port group.
Procedure
3 Click Properties for the port group to edit.
5 Select the port group item and click Edit.
6 In the Properties dialog box for the port group, click the Traffic Shaping tab.
When traffic shaping is disabled, the options are dimmed.
Option Description
VMware, Inc. 53
Edit the Traffic Shaping Policy on a dvPort Group

You can shape both inbound and outbound traffic on vNetwork Distributed Switches. You can restrict the
network bandwidth available to a port, but you can also temporarily allow bursts of traffic to flow through a
port at higher speeds.
Procedure
3 Select Traffic Shaping.
4 In the Properties dialog box for the port group, click the Traffic Shaping tab.
You can configure both inbound traffic shaping and outbound traffic shaping. When traffic shaping is
disabled, the options are dimmed.
NOTE Peak bandwidth cannot be less than the specified average bandwidth.
Option Description
Edit dvPort Traffic Shaping Policies

You can shape both inbound and outbound traffic on vNetwork Distributed Switches. You can restrict the
network bandwidth available to a port, but you can also temporarily allow bursts of traffic to flow through a
port at higher speeds.
A traffic shaping policy is defined by three characteristics: average bandwidth, peak bandwidth, and burst
size.
Prerequisites
To edit the traffic shaping policies on an individual dvPort, the associated dvPort group must be set to allow
policy overrides.
Procedure
2 On the Ports tab, right-click the port to modify, and select Edit Settings.
3 Click Policies.
54 VMware, Inc.
4 In the Traffic Shaping group, you can configure both inbound traffic shaping and outbound traffic shaping.
When traffic shaping is disabled, the options are dimmed.
Option Description
5 Click OK.
Port Blocking Policies

Set blocking policies for dvPorts from the miscellaneous policies dialog box.
Edit the Port Blocking Policy on a dvPort Group

Set the port blocking policy for a dvPort group under miscellaneous policies.
Procedure
3 Select Miscellaneous.
4 Choose whether to Block all ports on this dvPort group.
Edit dvPort Port Blocking Policy

The Miscellaneous policies dialog allows you to configure port blocking policies for a dvPort.
Procedure
3 Click Policies.
4 In the Miscellaneous group, select whether to Block all ports.
5 Click OK.
Change the DNS and Routing Configuration

You can change the DNS server and default gateway information provided during installation from the host
configuration page in the vSphere Client.
Procedure
2 Click the Configuration tab, and click DNS and Routing.
3 On the right side of the window, click Properties.
4 In the DNS Configuration tab, enter a name and domain.
VMware, Inc. 55
5 Choose whether to obtain the DNS server address automatically or use a DNS server address.
NOTE DHCP is supported only if the DHCP server is accessible to the service console. The service console
must have a virtual interface (vswif) configured and attached to the network where the DHCP server
resides.
6 Specify the domains in which to look for hosts.
7 On the Routing tab, change the default gateway information as needed.
Select a gateway device only if you have configured the service console to connect to more than one subnet.
8 Click OK.
MAC Addresses
MAC addresses are generated for virtual network adapters that the service console, the VMkernel, and virtual
machines use.
In most cases, the generated MAC addresses are appropriate. However, you might need to set a MAC address
for a virtual network adapter, as in the following cases:
n Virtual network adapters on different physical hosts share the same subnet and are assigned the same
MAC address, causing a conflict.
n To ensure that a virtual network adapter always has the same MAC address.
To circumvent the limit of 256 virtual network adapters per physical machine and possible MAC address
conflicts between virtual machines, system administrators can manually assign MAC addresses. VMware uses
the Organizationally Unique Identifier (OUI) 00:50:56 for manually generated addresses.
The MAC address range is 00:50:56:00:00:00-00:50:56:3F:FF:FF.
You can set the addresses by adding the following line to a virtual machine‘s configuration file:
ethernet<number>.address = 00:50:56:XX:YY:ZZ
where <number> refers to the number of the Ethernet adapter, XX is a valid hexadecimal number between 00
and 3F, and YY and ZZ are valid hexadecimal numbers between 00 and FF. The value for XX must not be greater
than 3F to avoid conflict with MAC addresses that are generated by the VMware Workstation and VMware
Server products. The maximum value for a manually generated MAC address is:
ethernet<number>.address = 00:50:56:3F:FF:FF
You must also set the option in a virtual machine’s configuration file:
ethernet<number>.addressType="static"
Because VMware ESX virtual machines do not support arbitrary MAC addresses, you must use the above
format. As long as you choose a unique value for XX:YY:ZZ among your hard-coded addresses, conflicts
between the automatically assigned MAC addresses and the manually assigned ones should never occur.
MAC Address Generation

Each virtual network adapter in a virtual machine is assigned its own unique MAC address. Each network
adapter manufacturer is assigned a unique three-byte prefix called an Organizationally Unique Identifier
(OUI), which it can use to generate unique MAC addresses.
VMware has the following OUIs:

n Generated MAC addresses
n Manually set MAC addresses
n For legacy virtual machines, but no longer used with ESX
56 VMware, Inc.
The first three bytes of the MAC address that is generated for each virtual network adapter consists of the OUI.
The MAC address-generation algorithm produces the other three bytes. The algorithm guarantees unique
MAC addresses within a machine and attempts to provide unique MAC addresses across machines.
The network adapters for each virtual machine on the same subnet should have unique MAC addresses.
Otherwise, they can behave unpredictably. The algorithm puts a limit on the number of running and suspended
virtual machines at any one time on any given host. It also does not handle all cases when virtual machines on
distinct physical machines share a subnet.
The VMware Universally Unique Identifier (UUID) generates MAC addresses that are checked for conflicts.
The generated MAC addresses are created by using three parts: the VMware OUI, the SMBIOS UUID for the
physical ESX machine, and a hash based on the name of the entity that the MAC address is being generated
for.
After the MAC address has been generated, it does not change unless the virtual machine is moved to a different
location, for example, to a different path on the same server. The MAC address in the configuration file of the
virtual machine is saved. All MAC addresses that have been assigned to network adapters of running and
suspended virtual machines on a given physical machine are tracked.
The MAC address of a powered off virtual machine is not checked against those of running or suspended
virtual machines. It is possible that when a virtual machine is powered on again, it can acquire a different MAC
address. This acquisition is caused by a conflict with a virtual machine that was powered on when this virtual
machine was powered off.
Set Up a MAC Address

You can change a powered-down virtual machine's virtual NICs to use statically assigned MAC addresses.
Procedure
2 Click the Summary tab, and click Edit Settings.
3 Select the network adapter from the Hardware list.
4 In the MAC Address group, select Manual.
5 Enter the desired static MAC address, and click OK.
TCP Segmentation Offload and Jumbo Frames

Jumbo frames must be enabled at the host level using the command-line interface to configure the MTU size
for each vSwitch. TCP Segmentation Offload (TSO) is enabled on the VMkernel interface by default, but must
be enabled at the virtual machine level.
Enabling TSO
To enable TSO at the virtual machine level, you must replace the existing vmxnet or flexible virtual network
adapters with enhanced vmxnet virtual network adapters. This might result in a change in the MAC address
of the virtual network adapter.
TSO support through the enhanced vmxnet network adapter is available for virtual machines running the
following guest operating systems:
n Microsoft Windows 2003 Enterprise Edition with Service Pack 2 (32 bit and 64 bit)
n Red Hat Enterprise Linux 4 (64 bit)
n Red Hat Enterprise Linux 5 (32 bit and 64 bit)
n SuSE Linux Enterprise Server 10 (32 bit and 64 bit)
VMware, Inc. 57
Enable TSO Support for a Virtual Machine

You can enable TSO support on a virtual machine by using an enhanced vmxnet adapter for that virtual
machine.
Procedure
4 Record the network settings and MAC address that the network adapter is using.
5 Click Remove to remove the network adapter from the virtual machine.
6 Click Add.
7 Select Ethernet Adapter and click Next.
8 In the Adapter Type group, select Enhanced vmxnet.
9 Select the network setting and MAC address that the old network adapter was using and click Next.
10 Click Finish and then click OK.

11 If the virtual machine is not set to upgrade VMware Tools at each power on, you must upgrade VMware
Tools manually.
TSO is enabled on a VMkernel interface. If TSO becomes disabled for a particular VMkernel interface, the only
way to enable TSO is to delete that VMkernel interface and recreate it with TSO enabled.
Check Whether TSO is Enabled on a VMkernel Interface

You can check whether TSO is enabled on a particular VMkernel networking interface.
Procedure
1 Log in to your ESX host's console.
2 Use the esxcfg-vmknic -l command to display a list of VMkernel interfaces.
The list shows each TSO-enabled VMkernel interface with TSO MSS set to 65535.
What to do next
If TSO is not enabled for a particular VMkernel interface, the only way to enable it is to delete the VMkernel
interface and recreate the interface.
Enabling Jumbo Frames

Jumbo frames allow ESX to send larger frames out onto the physical network. The network must support jumbo
frames end-to-end.
Jumbo frames up to 9kB (9000 bytes) are supported.
Jumbo frames must be enabled for each vSwitch or VMkernel interface through the command-line interface
on your ESX host. Before enabling jumbo frames, check with your hardware vendor to ensure that your physical
network adapter supports jumbo frames.
58 VMware, Inc.
Create a Jumbo Frames-Enabled vSwitch

You configure a vSwitch for jumbo frames by changing the MTU size for that vSwitch.
Procedure
1 Use the vicfg-vswitch -m <MTU> <vSwitch> command in the VMware vSphere CLI to set the MTU size
for the vSwitch.
This command sets the MTU for all uplinks on that vSwitch. Set the MTU size to the largest MTU size
among all the virtual network adapters connected to the vSwitch.
2 Use the vicfg-vswitch -l command to display a list of vSwitches on the host and check that the
configuration of the vSwitch is correct.
Enable Jumbo Frames on a vNetwork Distributed Switch

You enable a vNetwork Distributed Switch for jumbo frames by changing the MTU size for that vNetwork
Distributed Switch.
Procedure
3 On the Properties tab, select Advanced.
4 Set the Maximum MTU to the largest MTU size among all the virtual network adapters connected to the
vNetwork Distributed Switch, and click OK.
Enable Jumbo Frame Support on a Virtual Machine

Enabling jumbo frame support on a virtual machine requires an enhanced vmxnet adapter for that virtual
machine.
Procedure

4 Record the network settings and MAC address that the network adapter is using.
5 Click Remove to remove the network adapter from the virtual machine.
6 Click Add.
7 Select Ethernet Adapter and click Next.
8 In the Adapter Type group, select Enhanced vmxnet.
9 Select the network that the old network adapter was using and click Next.
10 Click Finish.
11 Select the new network adapter from the Hardware list.
12 Under MAC Address, select Manual, and enter the MAC address that the old network adapter was using.
13 Click OK.
14 Check that the Enhanced vmxnet adapter is connected to a vSwitch with jumbo frames enabled.
VMware, Inc. 59
15 Inside the guest operating system, configure the network adapter to allow jumbo frames.
See your guest operating system’s documentation for details.
16 Configure all physical switches and any physical or virtual machines to which this virtual machine
connects to support jumbo frames.
Create a Jumbo Frames-Enabled VMkernel Interface

You can create a VMkernel network interface enabled with jumbo frames.
Procedure
1 Log in to your ESX host’s console.
2 Use the esxcfg-vmknic -a -I <ip address> -n <netmask> -m <MTU> <port group name> command to
create a VMkernel connection with jumbo frame support.
3 Use the esxcfg-vmknic -l command to display a list of VMkernel interfaces and check that the
configuration of the jumbo frame-enabled interface is correct.
4 Check that the VMkernel interface is connected to a vSwitch with jumbo frames enabled.
5 Configure all physical switches and any physical or virtual machines to which this VMkernel interface
connects to support jumbo frames.
NetQueue and Networking Performance

NetQueue in ESX takes advantage of the capability of some network adapters to deliver network traffic to the
system in multiple receive queues that can be processed separately. This allows processing to be scaled to
multiple CPUs, improving receive-side networking performance.
Enable NetQueue on an ESX Host

NetQueue is enabled by default. In order to use NetQueue after it has been disabled, you must reenable it.
Procedure
2 Click the Configuration tab, and click Advanced Settings from the Software menu.
3 Select VMkernel.
4 Select VMkernel.Boot.netNetQueueEnable and click OK.
5 Use the VMware vSphere CLI to configure the NIC driver to use NetQueue.
See the VMware vSphere Command-Line Interface Installation and Reference guide.
6 Reboot the ESX host.
Disable NetQueue on an ESX Host

NetQueue is enabled by default.
Procedure
2 Click the Configuration tab, and click Advanced Settings.
3 Deselect VMkernel.Boot.netNetQueueEnable and click OK.
60 VMware, Inc.
4 To disable NetQueue on the NIC driver, use the vicfg-module -s "" [module name] command.
For example, if you are using the s2io NIC driver, use vicfg-module -s "" s2io.
For information on the VMware vSphere CLI, see the VMware vSphere Command-Line Interface Installation
and Reference guide.
5 Reboot the host.
VMDirectPath Gen I
With vSphere 4, ESX supports a direct PCI device connection for virtual machines running on Intel Nehalem
platforms. Each virtual machine can connect to up to two passthrough devices.
The following features are unavailable for virtual machines configured with VMDirectPath:
n VMotion
n Hot adding and removing of virtual devices
n Suspend and resume
n Record and replay
n Fault tolerance
n High availability
n DRS (limited availability; the virtual machine can be part of a cluster, but cannot migrate across hosts)
Configure Passthrough Devices on a Host

You can configure passthrough networking devices on a host.
Procedure
1 Select a host from the inventory panel of the vSphere Client.
2 On the Configuration tab, click Advanced Settings.
The Passthrough Configuration page appears, listing all available passthrough devices. A green icon
indicates that a device is enabled and active. An orange icon indicates that the state of the device has
changed and the host must be rebooted before the device can be used.
3 Click Edit.
4 Select the devices to be used for passthrough and click OK.
Configure a PCI Device on a Virtual Machine

You can configure a passthrough PCI device on a virtual machine.
Procedure
1 Select a virtual machine from the inventory panel of the vSphere Client.
2 From the Inventory menu, select Virtual Machine > Edit Settings.
3 On the Hardware tab, click Add.
4 Select PCI Device and click Next.
5 Select the passthrough device to use, and click Next.
6 Click Finish.
VMware, Inc. 61
Adding a VMDirectPath device to a virtual machine sets memory reservation to the memory size of the virtual
machine.
62 VMware, Inc.
Networking Best Practices, Scenarios,
and Troubleshooting 6
These topics describe networking best practices and common networking configuration and troubleshooting
scenarios.

n “Networking Best Practices,” on page 63
n “Mounting NFS Volumes,” on page 64
n “Networking Configuration for Software iSCSI Storage,” on page 64
n “Configuring Networking on Blade Servers,” on page 65
n “Troubleshooting,” on page 67
Networking Best Practices

Consider these best practices for configuring your network.
n Separate network services from one another to achieve greater security or better performance.
To have a particular set of virtual machines function at the highest performance levels, put them on a
separate physical NIC. This separation allows for a portion of the total networking workload to be more
evenly shared across multiple CPUs. The isolated virtual machines can then better serve traffic from a
Web client, for instance.
n You can satisfy the following recommendations either by using VLANs to segment a single physical
network or separate physical networks (the latter is preferable).
n Keeping the service console on its own network is an important part of securing the ESX system.
Consider the service console network connectivity in the same light as any remote access device in a
host, because compromising the service console gives an attacker full control of all virtual machines
running on the system.
n Keeping the VMotion connection on a separate network devoted to VMotion is important because
when migration with VMotion occurs, the contents of the guest operating system’s memory is
transmitted over the network.
n When using passthrough devices with a Linux kernel version 2.6.20 or earlier, avoid MSI and MSI-X modes
because these modes have significant performance impact.
n To physically separate network services and to dedicate a particular set of NICs to a specific network
service, create a vSwitch for each service. If this is not possible, separate them on a single vSwitch by
attaching them to port groups with different VLAN IDs. In either case, confirm with your network
administrator that the networks or VLANs you choose are isolated in the rest of your environment and
that no routers connect them.
VMware, Inc. 63
n You can add and remove NICs from the vSwitch without affecting the virtual machines or the network
service that is running behind that vSwitch. If you remove all the running hardware, the virtual machines
can still communicate among themselves. Moreover, if you leave one NIC intact, all the virtual machines
can still connect with the physical network.
n To protect your most sensitive virtual machines, deploy firewalls in virtual machines that route between
virtual networks with uplinks to physical networks and pure virtual networks with no uplinks.
Mounting NFS Volumes

In ESX, the model of how ESX accesses NFS storage of ISO images that are used as virtual CD-ROMs for virtual
machines is different from the model used in ESX Server 2.x.
ESX has support for VMkernel-based NFS mounts. The new model is to mount your NFS volume with the ISO
images through the VMkernel NFS functionality. All NFS volumes mounted in this way appear as datastores
in the vSphere Client. The virtual machine configuration editor allows you to browse the service console file
system for ISO images to be used as virtual CD-ROM devices.
Networking Configuration for Software iSCSI Storage

The storage you configure for an ESX host might include one or more storage area networks (SANs) that use
iSCSI storage, which is a means of accessing SCSI devices and exchanging data records by using TCP/IP over
a network port rather than through a direct connection to a SCSI device.
In iSCSI transactions, blocks of raw SCSI data are encapsulated in iSCSI records and transmitted to the
requesting device or user.
NOTE Software-initiated iSCSI is not available over 10GigE network adapters in ESX.
Create a VMkernel Port for Software iSCSI

Before you can configure iSCSI storage, you must create one or more VMkernel ports to handle iSCSI
networking.
Procedure
3 Click Add Networking.
On the Network Access page, you connect the physical network to the VMkernel, which runs services for
iSCSI storage.
5 Select the vSwitch to use or click Create a virtual switch.
6 Select the check boxes for the network adapters for the vSwitch.
Select adapters for each vSwitch so that virtual machines or other services that connect through the adapter
can reach the correct Ethernet segment. If no adapters appear in the Create a virtual switch group, existing
vSwitches are using all the adapters.
Your choices appear in the Preview pane.
NOTE Do not use iSCSI on 100Mbps or slower network adapters.
7 Click Next.
64 VMware, Inc.
Chapter 6 Networking Best Practices, Scenarios, and Troubleshooting
8 In the Port Group Properties group, select or enter a network label and, optionally, a VLAN ID.
Enter a network label to identify the port group that you are creating. When you configure iSCSI storage,
specify this label.
Enter a VLAN ID to identify the VLAN that the port group’s network traffic will use. VLAN IDs are not
required. If you are not sure whether you need them, ask your network administrator.
9 In the IP Settings group, click Edit to set the VMkernel default gateway for iSCSI.
On the Routing tab, the service console and the VMkernel each need their own gateway information.
NOTE Set a default gateway for the port that you created. You must use a valid static IP address to configure
the VMkernel stack.
10 Click OK and then click Next.
11 Click Back to make any changes.
12 Review your changes on the Ready to Complete page and click Finish.
Configuring Networking on Blade Servers

Because blade servers have a limited number of network adapters, you might need to use VLANs to separate
traffic for the service console, vMotion, IP storage, and various groups of virtual machines.
VMware best practices recommend that the service console and vMotion have their own networks for security
reasons. If you dedicate physical adapters to separate vSwitches for this purpose, you might need to relinquish
redundant (teamed) connections, stop isolating the various networking clients, or both. VLANs allow you to
achieve network segmentation without having to use multiple physical adapters.
For the network blade of a blade server to support an ESX port group with VLAN tagged traffic, you must
configure the blade to support 802.1Q and configure the port as a tagged port.
The method for configuring a port as a tagged port differs from server to server. The list describes how to
configure a tagged port on three of the most commonly used blade servers.
Server Type Configuration Option
HP Blade Set VLAN Tagging to enabled.
Dell PowerEdge Set the port to Tagged.
IBM eServer Blade Center Select Tag in the port’s configuration.
Configure a Virtual Machine Port Group with a VLAN on a Blade Server

Configuring virtual machine networking on a blade server requires some special considerations.
Procedure
3 On the right side of the page, click Properties for the vSwitch associated with the service console.
4 On the Ports tab, click Add.
5 Select Virtual Machines for the connection type (default).
6 Click Next.
VMware, Inc. 65
7 In the Port Group Properties group, enter a network label that identifies the port group that you are
creating.
Use network labels to identify migration-compatible connections common to two or more hosts.
8 For VLAN ID, enter a number between 1 and 4094.
If you are unsure what to enter, leave this blank or ask your network administrator.
9 Click Next.
10 After you determine that the vSwitch is configured correctly, click Finish.
Configure a VMkernel Port with a VLAN on a Blade Server

You can configure a VMkernel networking interface using a VLAN on a blade server.
Procedure
3 On the right side of the page, click Properties for the vSwitch associated with the service console.
4 On the Ports tab, click Add.
This option lets you connect the physical network to the VMkernel, which runs services for vMotion and
IP storage (NFS or iSCSI).
6 In the Port Group Properties group, select or enter a network label and a VLAN ID.
Enter a network label to identify the port group that you are creating. This is the label that you specify
when configuring a virtual adapter to be attached to this port group, when configuring VMkernel services,
such as VMotion and IP storage.
Enter a VLAN ID to identify the VLAN that the port group’s network traffic will use.
7 Select Use this port group for VMotion to enable this port group to advertise itself to another ESX host
as the network connection where vMotion traffic should be sent.
You can enable this property for only one vMotion and IP storage port group for each ESX host. If this
property is not enabled for any port group, migration with vMotion to this host is not possible.
8 In the IP Settings group, click Edit to set the VMkernel default gateway for VMkernel services, such as
vMotion, NAS, and iSCSI.
Under the DNS Configuration tab, the name of the host is entered into the name field by default. The
DNS server addresses and the domain that were specified during installation are also preselected.
On the Routing tab, the service console and the VMkernel each need their own gateway information. A
gateway is needed if connectivity to machines not on the same IP subnet as the service console or
VMkernel.
Static IP settings is the default.
9 Click OK and then click Next.
10 Click Back to make any changes.
11 Review your changes on the Ready to Complete page and click Finish.
66 VMware, Inc.
Chapter 6 Networking Best Practices, Scenarios, and Troubleshooting
Troubleshooting
The following topics guide you through troubleshooting common networking issues that you might encounter
in an ESX environment.
Troubleshooting Service Console Networking

If certain parts of the service console’s networking are misconfigured, you cannot access your ESX host with
the vSphere Client.
If your host’s service console loses network connectivity, you can reconfigure networking by connecting
directly to the service console and using service console commands.
n esxcfg-vswif -l
Provides a list of the service console’s current network interfaces. Check that vswif0 is present and that
the current IP address and netmask are correct.
n esxcfg-vswitch -l
Provides a list of the current virtual switch configurations. Check that the uplink adapter configured for
the service console is connected to the appropriate physical network.
n exscfg-nics -l
Provides a list of the current network adapters. Check that the uplink adapter configured for the service
console is up and that the speed and duplex are both correct.
n esxcfg-nics -s <speed> <nic>
Changes the speed of a network adapter.

n esxcfg-nics -d <duplex> <nic>
Changes the duplex of a network adapter.

n esxcfg-vswif -I <new ip address> vswifX
Changes the service console’s IP address.

n esxcfg-vswif -n <new netmask> vswifX
Changes the service console’s netmask.

n esxcfg-vswitch -U <old vmnic> <service console vswitch>
Removes the uplink for the service console.

n esxcfg-vswitch -L <new vmnic> <service console vswitch>
Changes the uplink for the service console.
If you encounter long waits when using esxcfg-* commands, DNS might be misconfigured. The esxcfg-*
commands require that DNS be configured so that localhost name resolution works properly. This requires
that the /etc/hosts file contain an entry for the configured IP address and the 127.0.0.1 localhost address.
VMware, Inc. 67
Rename Network Adapters by Using the Service Console

If you lose service console connectivity after adding a new network adapter, you must use the service console
to rename the affected network adapters. Adding a new network adapter can cause loss of service console
connectivity and manageability by using the vSphere Client because of network adapters are renamed.
Procedure
1 Log in directly to the ESX host’s console.
2 Use the esxcfg-nics -l command to see which names are assigned to the network adapters.
3 Use the esxcfg-vswitch -l command to see which vSwitches are now associated with device names no
longer shown by esxcfg-nics.
4 Use the esxcfg-vswitch -U <old vmnic name> <vswitch> command to remove any network adapters that
were renamed.
5 Use the esxcfg-vswitch -L <new vmnic name> <vswitch> command to add the network adapters again,
giving them the correct names.
Troubleshooting Physical Switch Configuration

You might lose vSwitch connectivity when a failover or failback event occurs. This causes the MAC addresses
that the virtual machines associated with that vSwitch to appear on a different switch port.
To avoid this problem, put your physical switch in PortFast or PortFast trunk mode.
Troubleshooting Port Group Configuration

Changing the name of a port group when virtual machines are already connected to that port group causes an
invalid network configuration for the virtual machines configured to connect to that port group.
The connection from virtual network adapters to port groups is made by name, and the name is what is stored
in the virtual machine configuration. Changing the name of a port group does not cause a mass reconfiguration
of all the virtual machines connected to that port group. Virtual machines that are already powered on continue
to function until they are powered off, because their connections to the network are already established.
Avoid renaming networks after they are in use. After you rename a port group, you must reconfigure each
associated virtual machine by using the service console to reflect the new port group name.
68 VMware, Inc.
Storage
VMware, Inc. 69
70 VMware, Inc.
Introduction to Storage 7
This introduction describes available storage options for ESX and explains how to configure your ESX system
so that it can use and manage different types of storage.

n “About ESX Storage,” on page 71
n “Types of Physical Storage,” on page 72
n “Supported Storage Adapters,” on page 73
n “Target and Device Representations,” on page 73
n “About ESX Datastores,” on page 76
n “Comparing Types of Storage,” on page 79
n “Viewing Storage Information in the vSphere Client,” on page 80
About ESX Storage

ESX storage is storage space on a variety of physical storage systems, local or networked, that a host uses to
store virtual machine disks.
A virtual machine uses a virtual hard disk to store its operating system, program files, and other data associated
with its activities. A virtual disk is a large physical file, or a set of files, that can be copied, moved, archived,
and backed up as easily as any other file. To store virtual disk files and manipulate the files, a host requires
dedicated storage space.
The host uses storage space on a variety of physical storage systems, including your host’s internal and external
devices, or networked storage, dedicated to the specific tasks of storing and protecting data.
The host can discover storage devices to which it has access and format them as datastores. The datastore is a
special logical container, analogous to a file system on a logical volume, where ESX places virtual disk files
and other files that encapsulate essential components of a virtual machine. Deployed on different devices, the
datastores hide specifics of each storage product and provide a uniform model for storing virtual machine
files.
Using the vSphere Client, you can set up datastores on any storage device that your host discovers. In addition,
you can use folders to create logical groups of datastores for organizational purposes, and for setting
permissions and alarms across the datastore group.
VMware, Inc. 71
Types of Physical Storage

The ESX storage management process starts with a storage space that your storage administrator preallocates
on different storage systems.
ESX supports the following types of storage:
Local Storage Stores virtual machine files on internal or external storage disks or arrays
attached to your host through a direct connection.
Networked Storage Stores virtual machine files on external shared storage systems located outside
of your host. The host communicates with the networked devices through a
high-speed network.
Local Storage
Local storage can be internal hard disks located inside your ESX host, or external storage systems located
outside and connected to the host directly.
Local storage does not require a storage network to communicate with your host. All you need is a cable
connected to the storage unit and, when required, a compatible HBA in your host.
Generally, you can connect multiple hosts to a single local storage system. The actual number of hosts you
connect varies depending on the type of storage device and topology you use.
Many local storage systems support redundant connection paths to ensure fault tolerance.
When multiple hosts connect to the local storage unit, they access storage devices in the unshared mode. The
unshared mode does not permit several hosts to access the same VMFS datastore concurrently. However, a
few SAS storage systems offer shared access to multiple hosts. This type of access permits multiple hosts to
access the same VMFS datastore on a LUN.
ESX supports a variety of internal or external local storage devices, including SCSI, IDE, SATA, USB, and SAS
storage systems. No matter which type of storage you use, your host hides a physical storage layer from virtual
machines.
When you set up your local storage, keep in mind the following:
n You cannot use IDE/ATA drives to store virtual machines.
n Use local SATA storage, internal and external, in unshared mode only. SATA storage does not support
sharing the same LUNs and, therefore, the same VMFS datastore across multiple hosts.
n Some SAS storage systems can offer shared access to the same LUNs (and, therefore, the same VMFS
datastores) to multiple hosts.
Networked Storage
Networked storage consists of external storage systems that your ESX host uses to store virtual machine files
remotely. The host accesses these systems over a high-speed storage network.
ESX supports the following networked storage technologies.
NOTE Accessing the same storage through different transport protocols, such as iSCSI and Fibre Channel, at
the same time is not supported.
Fibre Channel (FC) Stores virtual machine files remotely on an FC storage area network (SAN). FC
SAN is a specialized high-speed network that connects your hosts to high-
performance storage devices. The network uses Fibre Channel protocol to
transport SCSI traffic from virtual machines to the FC SAN devices.
72 VMware, Inc.
Chapter 7 Introduction to Storage
To connect to the FC SAN, your host should be equipped with Fibre Channel
host bus adapters (HBAs) and, unless you use Fibre Channel direct connect
storage, with Fibre Channel switches that help route storage traffic.
Internet SCSI (iSCSI) Stores virtual machine files on remote iSCSI storage devices. iSCSI packages
SCSI storage traffic into the TCP/IP protocol so that it can travel through
standard TCP/IP networks instead of the specialized FC network. With an iSCSI
connection, your host serves as the initiator that communicates with a target,
located in remote iSCSI storage systems.
ESX offers the following types of iSCSI connections:
Hardware- Your host connects to storage through a third-party

initiated iSCSI iSCSI HBA.
Software- Your host uses a software-based iSCSI initiator in the

initiated iSCSI VMkernel to connect to storage. With this type of iSCSI
connection, your host needs only a standard network
adapter for network connectivity.
Network-attached Stores virtual machine files on remote file servers accessed over a standard
Storage (NAS) TCP/IP network. The NFS client built into ESX uses Network File System (NFS)
protocol version 3 to communicate with the NAS/NFS servers. For network
connectivity, the host requires a standard network adapter.
Supported Storage Adapters

Storage adapters provide connectivity for your ESX host to a specific storage unit or network.
Depending on the type of storage you use, you might need to install or enable a storage adapter on your host.
ESX supports different classes of adapters, including SCSI, iSCSI, RAID, Fibre Channel, and Ethernet. ESX
accesses the adapters directly through device drivers in the VMkernel.
Target and Device Representations

In the ESX context, the term target identifies a single storage unit that the host can access. The terms device
and LUN describe a logical volume that represents storage space on a target. Typically, the terms device and
LUN, in the ESX context, mean a SCSI volume presented to the host from a storage target and available for
formatting.
Different storage vendors present the storage systems to ESX hosts in different ways. Some vendors present a
single target with multiple storage devices or LUNs on it, while others present multiple targets with one LUN
each.
Figure 7-1. Target and LUN Representations
target target target target
LUN LUN LUN LUN LUN LUN
storage array storage array
In this illustration, three LUNs are available in each configuration. In one case, the host sees one target, but
that target has three LUNs that can be used. Each LUN represents an individual storage volume. In the other
example, the host sees three different targets, each having one LUN.
VMware, Inc. 73
Targets that are accessed through the network have unique names that are provided by the storage systems.
The iSCSI targets use iSCSI names, while Fibre Channel targets use World Wide Names (WWNs).
NOTE ESX does not support accessing the same LUN through different transport protocols, such as iSCSI and
Fibre Channel.
A device, or LUN, is identified by its UUID name.
Understanding Fibre Channel Naming

In Fibre Channel SAN, a World Wide Name (WWN) uniquely identifies each element in the network, such as
a Fibre Channel adapter or storage device.
The WWN is a 64-bit address that consists of 16 hexadecimal numbers and might look like this:
20:00:00:e0:8b:8b:38:77 21:00:00:e0:8b:8b:38:77
The WWN is assigned to every Fibre Channel SAN element by its manufacturer.
74 VMware, Inc.
Understanding iSCSI Naming and Addressing

In an iSCSI network, each iSCSI element that uses the network has a unique and permanent iSCSI name and
is assigned an address for access.
iSCSI Name Identifies a particular iSCSI element, regardless of its physical location. The
iSCSI name can use IQN or EUI format.
n IQN (iSCSI qualified name). Can be up to 255 characters long and has the
following format:
iqn.yyyy-mm.naming-authority:unique name
n yyyy-mm is the year and month when the naming authority was
established.
n naming-authority is usually reverse syntax of the Internet domain
name of the naming authority. For example, the iscsi.vmware.com
naming authority could have the iSCSI qualified name form of iqn.
1998-01.com.vmware.iscsi. The name indicates that the vmware.com
domain name was registered in January of 1998, and iscsi is a
subdomain, maintained by vmware.com.
n unique nameis any name you want to use, for example, the name of
your host. The naming authority must make sure that any names
assigned following the colon are unique, such as:
n iqn.1998-01.com.vmware.iscsi:name1
n EUI (extended unique identifier). Includes the eui. prefix, followed by the
16-character name. The name includes 24 bits for the company name
assigned by the IEEE and 40 bits for a unique ID, such as a serial number.
For example,
eui.0123456789ABCDEF
iSCSI Alias A more manageable, easy-to-remember name to use instead of the iSCSI name.
iSCSI aliases are not unique, and are intended to be just a friendly name to
associate with the node.
IP Address An address associated with each iSCSI element so that routing and switching
equipment on the network can establish the connection between different
elements, such as the host and storage. This is just like the IP address you assign
to a computer to get access to your company's network or the Internet.
VMware, Inc. 75
Understanding Storage Device Naming

In the vSphere Client, each storage device, or LUN, is identified by several names, including a friendly name,
a UUID, and a runtime name.
Name A friendly name that the ESX host assigns to a device based on the storage type
and manufacturer. You can modify the name using the vSphere Client. When
you modify the name of the device on one host, the change takes affect across
all hosts that have access to this device.
Identifier A universally unique identifier assigned to a device. Depending on the type of

storage, different algorithms are used to create the identifier. The identifier is
persistent across reboots and is the same for all hosts sharing the device.
Runtime Name The name of the first path to the device. The runtime name is created by the
host, is not a reliable identifier for the device, and is not persistent.
The runtime name has the following format: vmhba#:C#:T#:L#, where

n vmhba# is the name of the storage adapter. The name refers to the physical
adapter on the host, not to the SCSI controller used by the virtual machines.
n C# is the storage channel number.
Software iSCSI initiators use the channel number to show multiple paths
to the same target.
n T# is the target number. Target numbering is decided by the host and might
change if there is a change in the mappings of targets visible to the host.
Targets that are shared by different ESX hosts might not have the same
target number.
n L# is the LUN number that shows the position of the LUN within the target.
The LUN number is provided by the storage system. If a target has only
one LUN, the LUN number is always zero (0).
For example, vmhba1:C0:T3:L1 represents LUN1 on target 3 accessed through

the storage adapter vmhba1 and channel 0.
About ESX Datastores

Datastores are logical containers, analogous to file systems, that hide specifics of each storage device and
provide a uniform model for storing virtual machine files. Datastores can also be used for storing ISO images,
virtual machine templates, and floppy images.
You use the vSphere Client to access different types of storage devices that your ESX host discovers and to
deploy datastores on them.
76 VMware, Inc.
Depending on the type of storage you use, datastores can be backed by the following file system formats:
Virtual Machine File High-performance file system optimized for storing virtual machines. Your
System (VMFS) host can deploy a VMFS datastore on any SCSI-based local or networked
storage device, including Fibre Channel and iSCSI SAN equipment.
As an alternative to using the VMFS datastore, your virtual machine can have
direct access to raw devices and use a mapping file (RDM) as a proxy.
Network File System File system on a NAS storage device. ESX supports NFS version 3 over TCP/
(NFS) IP. The host can access a designated NFS volume located on an NFS server,
mount the volume, and use it for any storage needs.
If you use the service console to access your ESX host, you can see the VMFS and NFS datastores as separate
subdirectories in the /vmfs/volumes directory.
VMFS Datastores
ESX can format SCSI-based storage devices as VMFS datastores. VMFS datastores primarily serve as
repositories for virtual machines.
You can store multiple virtual machines on the same VMFS volume. Each virtual machine, encapsulated in a
set of files, occupies a separate single directory. For the operating system inside the virtual machine, VMFS
preserves the internal file system semantics, which ensures correct application behavior and data integrity for
applications running in virtual machines.
In addition, you can use the VMFS datastores to store other files, such as virtual machine templates and ISO
images.
VMFS supports the following file and block sizes, enabling your virtual machines to run even the most data-
intensive applications, including databases, ERP, and CRM, in virtual machines:
n Maximum virtual disk size: 2TB with 8MB block size
n Maximum file size: 2TB with 8MB block size
n Block size: 1MB (default), 2MB, 4MB, and 8MB
Creating and Increasing VMFS Datastores

You can set up VMFS datastores on any SCSI-based storage devices that your ESX host discovers. After you
create the VMFS datastore, you can edit its properties.
You can have up to 256 VMFS datastores per system, with a minimum volume size of 1.2GB.
NOTE Always have only one VMFS datastore for each LUN.
If your VMFS datastore requires more space, you can increase the VMFS volume. You can dynamically add
new extents to any VMFS datastore and grow the datastore up to 64TB. An extent is a LUN or partition on a
physical storage device. The datastore can stretch over multiple extents, yet appear as a single volume.
Another option is to grow the existing datastore extent if the storage device where your datastore resides has
free space. You can grow the extent up to 2 TB.
VMware, Inc. 77
Sharing a VMFS Volume Across ESX Hosts

As a cluster file system, VMFS lets multiple ESX hosts access the same VMFS datastore concurrently. You can
connect up to 32 hosts to a single VMFS volume.
Figure 7-2. Sharing a VMFS Volume Across Hosts
host host host
A B C
VM1 VM2 VM3
VMFS volume
disk1
virtual
disk2 disk
files
disk3
To ensure that the same virtual machine is not accessed by multiple servers at the same time, VMFS provides
on-disk locking.
Sharing the same VMFS volume across multiple hosts offers the following advantages:
n You can use VMware Distributed Resource Scheduling and VMware High Availability.
You can distribute virtual machines across different physical servers. That means you run a mix of virtual
machines on each server so that not all experience high demand in the same area at the same time. If a
server fails, you can restart virtual machines on another physical server. In case of a failure, the on-disk
lock for each virtual machine is released.
n You can use vMotion to migrate running virtual machines from one physical server to another.
n You can use VMware Consolidated Backup, which lets a proxy server, called VCB proxy, back up a
snapshot of a virtual machine while the virtual machine is powered on and is reading and writing to its
storage.
NFS Datastore
ESX can access a designated NFS volume located on a NAS server, mount the volume, and use it for its storage
needs. You can use NFS volumes to store and boot virtual machines in the same way that you use VMFS
datastores.
ESX supports the following shared storage capabilities on NFS volumes:

n vMotion
n VMware DRS and VMware HA
n ISO images, which are presented as CD-ROMs to virtual machines
n Virtual machine snapshots
78 VMware, Inc.
How Virtual Machines Access Storage

When a virtual machine communicates with its virtual disk stored on a datastore, it issues SCSI commands.
Because datastores can exist on various types of physical storage, these commands are encapsulated into other
forms, depending on the protocol that the ESX host uses to connect to a storage device.
ESX supports Fibre Channel (FC), Internet SCSI (iSCSI), and NFS protocols. Regardless of the type of storage
device your host uses, the virtual disk always appears to the virtual machine as a mounted SCSI device. The
virtual disk hides a physical storage layer from the virtual machine’s operating system. This allows you to run
operating systems that are not certified for specific storage equipment, such as SAN, inside the virtual machine.
Figure 7-3 depicts five virtual machines using different types of storage to illustrate the differences between
each type.
Figure 7-3. Virtual machines accessing different types of storage
Host
requires TCP/IP connectivity
virtual virtual virtual virtual virtual

machine machine machine machine machine
local
ethernet
SCSI
software
initiator
fibre iSCSI
channel hardware ethernet ethernet
VMFS
HBA initiator NIC NIC
SAN LAN LAN LAN

Key
physical
disk
datastore
VMFS VMFS NFS

virtual
disk fibre array iSCSI array NAS appliance
NOTE This diagram is for conceptual purposes only. It is not a recommended configuration.
Comparing Types of Storage

Whether certain vSphere functionality is supported might depend on the storage technology that you use.
Table 7-1 compares networked storage technologies that ESX supports.
Table 7-1. Networked Storage that ESX Supports

Technology Protocols Transfers Interface
Fibre Channel FC/SCSI Block access of data/LUN FC HBA
iSCSI IP/SCSI Block access of data/LUN n iSCSI HBA (hardware-initiated iSCSI)

n NIC (software-initiated iSCSI)
NAS IP/NFS File (no direct LUN access) NIC
Table 7-2 compares the vSphere features that different types of storage support.
VMware, Inc. 79
Table 7-2. vSphere Features Supported by Storage

VMware HA
Storage Type Boot VM vMotion Datastore RDM VM Cluster and DRS VCB
Local Storage Yes No VMFS No No No Yes
Fibre Channel Yes Yes VMFS Yes Yes Yes Yes
iSCSI Yes Yes VMFS Yes Yes Yes Yes
NAS over NFS Yes Yes NFS No No Yes Yes
Viewing Storage Information in the vSphere Client

The vSphere Client displays detailed information on storage adapters and devices, and any available
datastores.
Displaying Storage Adapters

The host uses storage adapters to access different storage devices. You can display the available storage
adapters and review their information.
Table 7-3 lists information that you can see when you display details for each adapter. Certain adapters, for
example iSCSI, need to be configured or enabled before you can view their information.
Table 7-3. Storage Adapter Information

Adapter Information Description
Model Model of the adapter.
Targets (Fibre Channel and Number of targets accessed through the adapter.
SCSI)
Connected Targets (iSCSI) Number of connected targets on an iSCSI adapter.
WWN (Fibre Channel) World Wide Name formed according to Fibre Channel standards that uniquely identifies
the FC adapter.
iSCSI Name (iSCSI) Unique name formed according to iSCSI standards that identifies the iSCSI adapter.
iSCSI Alias (iSCSI) A friendly name used instead of the iSCSI name.
IP Address (hardware iSCSI) Address assigned to the iSCSI adapter.
Discovery Methods (iSCSI) Discovery methods the iSCSI adapter uses to access iSCSI targets.
Devices All storage devices or LUNs the adapter can access.
Paths All paths the adapter uses to access storage devices.
View Storage Adapters Information

You can display storage adapters that your host uses and review their information.
Procedure
1 In Inventory, select Hosts and Clusters.
2 Select a host and click the Configuration tab.
3 In Hardware, select Storage Adapters.
4 To view details for a specific adapter, select the adapter from the Storage Adapters list.
5 To list all storage devices the adapter can access, click Devices.
6 To list all paths the adapter uses, click Paths.
80 VMware, Inc.
Copy Storage Adapter Identifiers to the Clipboard

If your storage adapters use unique identifiers, such as an iSCSI Name or WWN, you can copy them to a
clipboard directly from the UI.
Procedure
4 Select the adapter from the Storage Adapters list.
5 In the Details panel, right-click the value in the name field, and select Copy.
Viewing Storage Devices

You can display all storage devices or LUNs available to the host, including all local and networked devices.
If you use third-party multipathing plugins, the storage devices available through the plugins also appear on
the list.
For each storage adapter, you can display a separate list of storage devices available just for this adapter.
Generally, when you review a list of storage devices, you see the following information.
Storage Device Information Description
Name A friendly name that the ESX host assigns to the device based on the storage type and
manufacturer. You can change this name to a name of your choice.
Identifier A universally unique identifier that is intrinsic to the device.
Runtime Name The name of the first path to the device.
LUN The LUN number that shows the position of the LUN within the target.
Type Type of device, for example, disk or CD-ROM.
Transport Transportation protocol your host uses to access the device.
Capacity Total capacity of the storage device.
Owner The plug-in, such as the NMP or a third-party plug-in, that the host uses to manage the
storage device.
Details for each storage device include the following:

n A path to the storage device in the /vmfs/devices/ directory.
n Primary and logical partitions, including a VMFS datastore, if configured.
Display Storage Devices for a Host

You can display all storage devices or LUNs available to a host. If you use any third-party multipathing plugins,
the storage devices available through the plugins also appear on the list.
Procedure
3 In Hardware, select Storage.
VMware, Inc. 81
4 Click Devices.
5 To view additional details about a specific device, select the device from the list.
Display Storage Devices for an Adapter

You can display a list of storage devices accessible to a specific storage adapter on the host.
Procedure

5 Click Devices.
Copy Storage Device Identifiers to the Clipboard

A storage device identifier is a universally unique ID assigned to a storage device or LUN. Depending on the
type of storage, different algorithms are used to create the identifier and it can be long and complex. You can
copy the storage device identifier directly from the UI.
Procedure
1 Display a list of storage devices.
2 Right-click a device and select Copy identifier to clipboard.
Displaying Datastores
You can display all datastores available to your hosts and analyze their properties.
Datastores are added to the vSphere Client in the following ways:

n Created on an available storage device.
n Discovered when a host is added to the inventory. When you add a host to the inventory, the vSphere
Client displays any datastores available to the host.
If your vSphere Client is connected to a vCenter Server system, you can see datastore information in the
Datastores view. This view displays all datastores in the inventory, arranged by a datacenter. Through this
view, you can organize datastores into folder hierarchies, create new datastores, edit their properties, or remove
existing datastores.
This view is comprehensive and shows all information for your datastores including hosts and virtual machines
using the datastores, storage reporting information, permissions, alarms, tasks and events, storage topology,
and storage reports. Configuration details for each datastore on all hosts connected to this datastore are
provided on the Configuration tab of the Datastores view.
NOTE The Datastores view is not available when the vSphere client connects directly to your host. In this case,
review datastore information through the host storage configuration tab.
Generally, you can see the following datastore configuration details:

n Target storage device where the datastore is located
n File system that the datastore uses
n Location of the datastore
n Total capacity, including the used and available space
82 VMware, Inc.
n Individual extents that the datastore spans and their capacity (VMFS datastores only)
n Paths used to access the storage device (VMFS datastores only)
Review Datastore Properties

You can display all datastores available to the hosts and analyze their properties.
Procedure
1 Display the host in the inventory.
2 Select a host in the inventory and click the Configuration tab.
4 Click the Datastores view.
5 To display details for a particular datastore, select the datastore from the list.
VMware, Inc. 83
84 VMware, Inc.
Configuring ESX Storage 8
The following topics contain information about configuring local SCSI storage devices, Fibre Channel SAN
storage, iSCSI storage, and NFS storage.

n “Local SCSI Storage,” on page 85
n “Fibre Channel Storage,” on page 86
n “iSCSI Storage,” on page 86
n “Storage Refresh and Rescan Operations,” on page 96
n “Create VMFS Datastores,” on page 97
n “Network Attached Storage,” on page 98
n “Creating a Diagnostic Partition,” on page 100
Local SCSI Storage

Local storage uses a SCSI-based device such as your ESX host’s hard disk or any external dedicated storage
system connected directly to your host.
Figure 8-1 depicts a virtual machine using local SCSI storage.

Figure 8-1. Local Storage
Host
virtual
machine
local
ethernet
SCSI
VMFS
In this example of a local storage topology, the ESX host uses a single connection to plug into a disk. On that
disk, you can create a VMFS datastore, which you use to store virtual machine disk files.
VMware, Inc. 85
Although this storage configuration is possible, it is not a recommended topology. Using single connections
between storage arrays and hosts creates single points of failure (SPOF) that can cause interruptions when a
connection becomes unreliable or fails.
To ensure fault tolerance, some DAS systems support redundant connection paths.
Fibre Channel Storage

ESX supports Fibre Channel adapters, which allow a host to connect to a SAN and see storage devices on the
SAN.
You must install Fibre Channel (FC) adapters before the host can display FC storage devices.
Figure 8-2 depicts virtual machines using Fibre Channel storage.

Figure 8-2. Fibre Channel Storage
Host
virtual
machine
fibre
channel
HBA
SAN
VMFS
fibre array
In this configuration, an ESX host connects to SAN fabric, which consists of Fibre Channel switches and storage
arrays, using a Fibre Channel adapter. LUNs from a storage array become available to the host. You can access
the LUNs and create a datastore for your storage needs. The datastore uses the VMFS format.
For specific information on setting up the FC SAN fabric and storage arrays to work with ESX, see the Fibre
Channel SAN Configuration Guide.
iSCSI Storage
ESX supports iSCSI technology that allows your host to use an IP network while accessing remote storage.
With iSCSI, SCSI storage commands that your virtual machine issues to its virtual disk are converted into TCP/
IP packets and transmitted to a remote device, or target, that stores the virtual disk.
To access remote targets, the host uses iSCSI initiators. Initiators transport SCSI requests and responses between
the host and the target storage device on the IP network. ESX supports hardware-based and software-based
iSCSI initiators.
You must configure iSCSI initiators for the host to access and display iSCSI storage devices.
Figure 8-3 depicts two virtual machines that use different types of iSCSI initiators.
86 VMware, Inc.
Chapter 8 Configuring ESX Storage
Figure 8-3. iSCSI Storage
Host
virtual virtual
machine machine
software
initiator
iSCSI
hardware ethernet
initiator NIC
LAN LAN
VMFS
iSCSI array
In the left example, the host uses the hardware iSCSI adapter to connect to the iSCSI storage system.
In the right example, the host is configured with the software iSCSI initiator. Using the software initiator, the
host connects to the iSCSI storage through an existing network adapter.
iSCSI storage devices from the storage system become available to the host. You can access the storage devices
and create VMFS datastores for your storage needs.
For specific information on setting up the iSCSI SAN fabric to work with ESX, see the iSCSI SAN Configuration
Guide.
Setting Up Hardware iSCSI Initiators

With hardware-based iSCSI storage, you use a specialized third-party adapter capable of accessing iSCSI
storage over TCP/IP. This iSCSI initiator handles all iSCSI and network processing and management for your
ESX system.
You must install and configure the hardware iSCSI adapter for your host to be able to access the iSCSI storage
device. For installation information, see vendor documentation.
View Hardware iSCSI Initiators

View an iSCSI hardware initiator to verify that it is correctly installed and ready for configuration.
Prerequisites
Before you begin configuring the hardware iSCSI initiator, make sure that the iSCSI HBA is successfully
installed and appears on the list of initiators available for configuration. If the initiator is installed, you can
view its properties.
Procedure
1 Log in to the vSphere Client, and select a host from the inventory panel.
2 Click the Configuration tab and click Storage Adapters in the Hardware panel.
The hardware iSCSI initiator appears in the list of storage adapters.
VMware, Inc. 87
3 Select the initiator to view.
The default details for the initiator appear, including the model, iSCSI name, iSCSI alias, IP address, and
target and paths information.
4 Click Properties.
The iSCSI Initiator Properties dialog box appears. The General tab displays additional characteristics of
the initiator.
You can now configure your hardware initiator or change its default characteristics.
Change Name and IP Address for Hardware Initiators

When you configure your hardware iSCSI initiators, make sure that their names and IP addresses are formatted
properly.
Procedure
3 Select the initiator to configure and click Properties > Configure.
4 To change the default iSCSI name for your initiator, enter the new name.
Make sure the name you enter is worldwide unique and properly formatted or some storage devices might
not recognize the hardware iSCSI initiator.
5 (Optional) Enter the iSCSI alias.
The alias is a name that you use to identify the hardware iSCSI initiator.
6 Change the default IP settings.
You must change the default IP settings so that they are configured properly for the IP SAN. Work with
your network administrator to determine the IP setting for the HBA.
If you change the iSCSI name, it is used for new iSCSI sessions. For existing sessions, new settings are not used
until logout and re-login.
Setting Up Software iSCSI Initiators

With the software-based iSCSI implementation, you can use standard network adapters to connect your ESX
host to a remote iSCSI target on the IP network. The software iSCSI initiator that is built into ESX facilitates
this connection by communicating with the network adapter through the network stack.
Before you configure the software iSCSI initiator, you must perform the following tasks:
1 Create a VMkernel port for physical network adapters.
2 Enable the software iSCSI initiator.
3 If you use multiple network adapters, activate multipathing on your host using the port binding technique.
For more information on port binding, see the iSCSI SAN Configuration Guide.
4 If needed, enable Jumbo Frames. Jumbo Frames must be enabled for each vSwitch through the vSphere
CLI. Also, if you use an ESX host, you must create a VMkernel network interface enabled with Jumbo
Frames.
See the Networking section for more information.
88 VMware, Inc.

Networking configuration for software iSCSI involves creating an iSCSI VMkernel port and mapping it to a
physical NIC that handles iSCSI traffic.
Depending on the number of physical NICs you use for iSCSI traffic, the networking setup can be different:
n If you have one physical NIC, create one VMkernel port on a vSwitch and map the port to the NIC. VMware
recommends that you designate a separate network adapter entirely for iSCSI. No additional network
configuration steps are required.
For information on creating a port, see “Create a VMkernel Port for Software iSCSI,” on page 89.
n If you have two or more physical NICs for iSCSI, you can create multiple paths for the software iSCSI by
using the port binding technique.
For more information on port binding, see the iSCSI SAN Configuration Guide.
This procedure lets you connect the VMkernel, which runs services for iSCSI storage, to the physical network
adapter.
Procedure
5 Select Create a virtual switch to create a new vSwitch.
If no adapters appear under Create a virtual switch, existing vSwitches are using all of the network
adapters in the system. You can use an existing vSwitch for your iSCSI traffic.
6 Select an adapter you want to use for iSCSI traffic.
IMPORTANT Do not use iSCSI on 100Mbps or slower adapters.
7 Click Next.
8 Under Port Group Properties, enter a network label. Network label is a friendly name that identifies the
VMkernel port that you are creating.
9 Click Next.
10 Specify the IP settings and click Next.
11 Review the information and click Finish.
What to do next
You can now enable your software initiator.
VMware, Inc. 89
Enable the Software iSCSI Initiator

You must enable your software iSCSI initiator so that ESX can use it to access iSCSI storage.
Procedure
1 Log in to the vSphere Client, and select a server from the inventory panel.
The list of available storage adapters appears.
3 Select the iSCSI initiator to configure and click Properties.
4 Click Configure.
The General Properties dialog box displays the initiator’s status, default name, and alias.
5 To enable the initiator, select Enabled.
not recognize the software iSCSI initiator.

until you logout and re-login.
Configuring Discovery Addresses for iSCSI Initiators

Set up target discovery addresses so that the iSCSI initiator can determine which storage resource on the
network is available for access.
The ESX system supports these discovery methods:
Dynamic Discovery Also known as Send Targets discovery. Each time the initiator contacts a
specified iSCSI server, the initiator sends the Send Targets request to the server.
The server responds by supplying a list of available targets to the initiator. The
names and IP addresses of these targets appear on the Static Discovery tab. If
you remove a static target added by dynamic discovery, the target might be
returned to the list the next time a rescan happens, the HBA is reset, or the host
is rebooted.
Static Discovery The initiator does not have to perform any discovery. The initiator has a list of
targets it can contact and uses their IP addresses and target names to
communicate with them.
Set Up Dynamic Discovery

With Dynamic Discovery, each time the initiator contacts a specified iSCSI server, it sends the Send Targets
request to the server. The server responds by supplying a list of available targets to the initiator.
Procedure
1 Log in to the vSphere Client and select a server from the inventory panel.
90 VMware, Inc.
4 In the iSCSI Initiator Properties dialog box, click the Dynamic Discovery tab.
5 To add an address for the Send Targets discovery, click Add.
The Add Send Targets Server dialog box appears.
6 Enter the IP address or DNS name of the storage system and click OK.
After your host establishes the Send Targets session with this system, any newly discovered targets appear
in the Static Discovery list.
7 To delete a specific Send Targets server, select it and click Remove.

After you remove a Send Targets server, it might still appear in the Inheritance field as the parent of static
targets. This entry indicates where the static targets were discovered and does not affect the functionality.
NOTE You cannot change the IP address, DNS name, or port number of an existing Send Targets server. To
make changes, delete the existing server and add a new one.
Set Up Static Discovery

With iSCSI initiators, in addition to the dynamic discovery method, you can use static discovery and manually
enter information for the targets.
Procedure
4 In the iSCSI Initiator Properties dialog box, click the Static Discovery tab.
The tab displays all dynamically discovered targets and any static targets already entered.
5 To add a target, click Add and enter the target’s information.
6 To delete a specific target, select the target and click Remove.
NOTE You cannot change the IP address, DNS name, iSCSI target name, or port number of an existing target.
To make changes, remove the existing target and add a new one.
Configuring CHAP Parameters for iSCSI Initiators

Because the IP networks that the iSCSI technology uses to connect to remote targets do not protect the data
they transport, you must ensure security of the connection. One of the protocols that iSCSI implements is the
Challenge Handshake Authentication Protocol (CHAP), which verifies the legitimacy of initiators that access
targets on the network.
CHAP uses a three-way handshake algorithm to verify the identity of your host and, if applicable, of the iSCSI
target when the host and target establish a connection. The verification is based on a predefined private value,
or CHAP secret, that the initiator and target share.
ESX supports CHAP authentication at the adapter level. In this case, all targets receive the same CHAP name
and secret from the iSCSI initiator. For software iSCSI, ESX also supports per-target CHAP authentication,
which allows you to configure different credentials for each target to achieve greater level of security.
VMware, Inc. 91
Choosing CHAP Authentication Method

ESX supports one-way CHAP for both hardware and software iSCSI, and mutual CHAP for software iSCSI
only.
Before configuring CHAP, check whether CHAP is enabled at the iSCSI storage system and check the CHAP
authentication method the system supports. If CHAP is enabled, enable it for your initiators, making sure that
the CHAP authentication credentials match the credentials on the iSCSI storage.
ESX supports the following CHAP authentication methods:
One-way CHAP In one-way, or unidirectional, CHAP authentication, the target authenticates

the initiator, but the initiator does not authenticate the target.
Mutual CHAP (software In mutual, or bidirectional, CHAP authentication, an additional level of

iSCSI only) security enables the initiator to authenticate the target.
For software iSCSI only, you can set one-way CHAP and mutual CHAP for each initiator or at the target level.
Hardware iSCSI supports CHAP only at the initiator level.
When you set the CHAP parameters, specify a security level for CHAP.
Table 8-1. CHAP Security Level

CHAP Security Level Description Supported
Do not use CHAP The host does not use CHAP authentication. Select this Software iSCSI
option to disable authentication if it is currently enabled. Hardware iSCSI
Do not use CHAP unless The host prefers a non-CHAP connection, but can use a Software iSCSI
required by target CHAP connection if required by the target.
Use CHAP unless prohibited by The host prefers CHAP, but can use non-CHAP Software iSCSI
target connections if the target does not support CHAP. Hardware iSCSI
Use CHAP The host requires successful CHAP authentication. The Software iSCSI
connection fails if CHAP negotiation fails.
Set Up CHAP Credentials for an iSCSI Initiator

For increased security, you can set up all targets to receive the same CHAP name and secret from the iSCSI
initiator at the initiator level. By default, all discovery addresses or static targets inherit CHAP parameters that
you set up at the initiator level.
Prerequisites
Before setting up CHAP parameters for software iSCSI, determine whether to configure one-way or mutual
CHAP. Hardware iSCSI does not support mutual CHAP.
n In one-way CHAP, the target authenticates the initiator.
n In mutual CHAP, both the target and initiator authenticate each other. Make sure to use different secrets
for CHAP and mutual CHAP.
When configuring CHAP parameters, make sure that they match the parameters on the storage side.
For software iSCSI, the CHAP name should not exceed 511 and the CHAP secret 255 alphanumeric characters.
For hardware iSCSI, the CHAP name should not exceed 255 and the CHAP secret 100 alphanumeric characters.
92 VMware, Inc.
Procedure
4 On the General tab, click CHAP.
5 To configure one-way CHAP, under CHAP specify the following.

a Select one of the following options:
n Do not use CHAP unless required by target (software iSCSI only)
n Use CHAP unless prohibited by target
n Use CHAP (software iSCSI only). To be able to configure mutual CHAP, you must select this
option.
b Specify the CHAP name.
Make sure that the name you specify matches the name configured on the storage side.
n To set the CHAP name to the iSCSI initiator name, select Use initiator name.
n To set the CHAP name to anything other than the iSCSI initiator name, deselect Use initiator
name and enter a name in the Name field.
c Enter a one-way CHAP secret to be used as part of authentication. Make sure to use the same secret
that you enter on the storage side.
6 To configure mutual CHAP, first configure one-way CHAP by following directions in Step 5.
Make sure to select Use CHAP as an option for one-way CHAP. Then, specify the following under Mutual
CHAP:
a Select Use CHAP.
b Specify the mutual CHAP name.
c Enter the mutual CHAP secret. Make sure to use different secrets for the one-way CHAP and mutual
CHAP.
7 Click OK.
8 Rescan the initiator.
If you change the CHAP or mutual CHAP parameters, they are used for new iSCSI sessions. For existing
sessions, new settings are not used until you log out and login again.
Set Up CHAP Credentials for a Target

For software iSCSI, you can configure different CHAP credentials for each discovery address or static target.
When configuring CHAP parameters, make sure that they match the parameters on the storage side. For
software iSCSI, the CHAP name should not exceed 511 and the CHAP secret 255 alphanumeric characters.
VMware, Inc. 93
Prerequisites
CHAP.
Procedure
3 Select the software iSCSI initiator to configure and click Properties.
4 Select either Dynamic Discovery tab or Static Discovery tab.
5 From the list of available targets, select a target you want to configure and click Settings > CHAP.
a Deselect Inherit from parent.
b Select one of the following options:

n Do not use CHAP unless required by target
n Use CHAP. To be able to configure mutual CHAP, you must select this option.
c Specify the CHAP name.
d Enter a one-way CHAP secret to be used as part of authentication. Make sure to use the same secret
CHAP:
b Select Use CHAP.
c Specify the mutual CHAP name.
d Enter the mutual CHAP secret. Make sure to use different secrets for the one-way CHAP and mutual
CHAP.
8 Click OK.
94 VMware, Inc.
Disable CHAP
You can disable CHAP if your storage system does not require it.
If you disable CHAP on a system that requires CHAP authentication, existing iSCSI sessions remain active
until you reboot your ESX host or the storage system forces a logout. After the session ends, you can no longer
connect to targets that require CHAP.
Procedure
1 Open the CHAP Credentials dialog box.
2 For software iSCSI, to disable just the mutual CHAP, select Do not use CHAP under Mutual CHAP.
3 To disable one-way CHAP, select Do not use CHAP under CHAP.
The mutual CHAP, if set up, automatically turns to Do not use CHAP when you disable the one-way
CHAP.
4 Click OK.
Configuring Additional Parameters for iSCSI

You might need to configure additional parameters for your iSCSI initiators. For example, some iSCSI storage
systems require ARP (Address Resolution Protocol) redirection to move iSCSI traffic dynamically from one
port to another. In this case, you must activate ARP redirection on your host.
Do not make any changes to the advanced iSCSI settings unless you are working with the VMware support
team or otherwise have thorough information about the values to provide for the settings.
Table 8-2 lists advanced iSCSI parameters that you can configure using the vSphere Client. In addition, you
can use the vicfg-iscsi vSphere CLI command to configure some of the advanced parameters. For
information, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Table 8-2. Additional Parameters for iSCSI Initiators

Advanced Parameter Description Configurable On
Header Digest Increases data integrity. When header digest is enabled, the system Software iSCSI
performs a checksum over each iSCSI Protocol Data Unit’s (PDU’s)
header part and verifies using the CRC32C algorithm.
Data Digest Increases data integrity. When data digest is enabled, the system Software iSCSI
performs a checksum over each PDU's data part and verifies using
the CRC32C algorithm.
NOTE Systems that use Intel Nehalem processors offload the iSCSI
digest calculations for software iSCSI, thus reducing the impact on
performance.
Maximum Defines the R2T (Ready to Transfer) PDUs that can be in transition Software iSCSI
Outstanding R2T before an acknowledge PDU is received.
First Burst Length Specifies the maximum amount of unsolicited data an iSCSI initiator Software iSCSI
can send to the target during the execution of a single SCSI command,
in bytes.
Maximum Burst Maximum SCSI data payload in a Data-In or a solicited Data-Out Software iSCSI
Length iSCSI sequence, in bytes.
Maximum Receive Maximum data segment length, in bytes, that can be received in an Software iSCSI
Data Segment Length iSCSI PDU.
VMware, Inc. 95
Table 8-2. Additional Parameters for iSCSI Initiators (Continued)

Advanced Parameter Description Configurable On
ARP Redirect Allows storage systems to move iSCSI traffic dynamically from one Hardware iSCSI
port to another. ARP is required by storage systems that do array- (Configurable through
based failover. vSphere CLI)
Delayed ACK Allows systems to delay acknowledgment of received data packets. Software iSCSI
Configure Advanced Parameters for iSCSI

The advanced iSCSI settings control such parameters as header and data digest, ARP redirection, delayed ACK,
and so on. Generally, you do not need to change these settings because your ESX host works with the assigned
predefined values.
CAUTION Do not make any changes to the advanced iSCSI settings unless you are working with the VMware
support team or otherwise have thorough information about the values to provide for the settings.
Procedure
2 Click Configuration tab and click Storage Adapters.
4 To configure advanced parameters at the initiator level, on the General tab, click Advanced. Proceed to
Step 6.
5 Configure advanced parameters at the target level.
At the target level, advanced parpameters can be configured only for software iSCSI.
a Select either the Dynamic Discovery tab or Static Discovery tab.
b From the list of available targets, select a target to configure and click Settings > Advanced.
6 Enter any required values for the advanced parameters you want to modify and click OK to save your
changes.
Storage Refresh and Rescan Operations

The refresh operation updates the datastore lists and storage information, such as the datastore capacity,
displayed in the vSphere Client. When you make changes in your ESX host or SAN configuration, you need
to use the rescan operation.
You can rescan all adapters on your host. If the changes you make are isolated to a specific adapter, rescan
only this adapter. If your vSphere Client is connected to a vCenter Server system, you can rescan adapters on
all hosts managed by the vCenter Server system.
Perform a rescan each time you make one of the following changes.
n Create new LUNs on a SAN.
n Change the path masking on a host.
96 VMware, Inc.
n Reconnect a cable.
n Make a change to a host in a cluster.
IMPORTANT Do not rescan when a path is unavailable. If one path fails, another takes over and your system
continues to be fully functional. If, however, you rescan at a time when a path is not available, the host removes
the path from its list of paths to the device. The path cannot be used by the host until the next time a rescan is
performed while the path is active.
Rescan Storage Adapters

When you make changes in your ESX host or SAN configuration, you might need to rescan your storage
adapters. You can rescan all adapters on your host. If the changes you make are isolated to a specific adapter,
rescan only this adapter.
Use this procedure if you want to limit the rescan to a particular host or an adapter on the host. If you want to
rescan adapters on all hosts managed by your vCenter Server system, you can do so by right-clicking a
datacenter, cluster, or folder that contains the hosts and selecting Rescan for Datastores.
Procedure
1 In the vSphere Client, select a host and click the Configuration tab.
2 In the Hardware panel, select Storage Adapters, and click Rescan above the Storage Adapters panel.
You can also right-click an individual adapter and click Rescan to rescan just that adapter.
3 To discover new disks or LUNs, select Scan for New Storage Devices.
If new LUNs are discovered, they appear in the device list.
4 To discover new datastores or update a datastore after its configuration has been changed, select Scan for
New VMFS Volumes.
If new datastores or VMFS volumes are discovered, they appear in the datastore list.
Create VMFS Datastores

VMFS datastores serve as repositories for virtual machines. You can set up VMFS datastores on any SCSI-based
storage devices that the host discovers.
Prerequisites
Before creating datastores, you must install and configure any adapters that your storage requires. Rescan the
adapters to discover newly added storage devices.
Procedure
1 Log in to the vSphere Client and select the host from the Inventory panel.
2 Click the Configuration tab and click Storage in the Hardware panel.
3 Click Datastores and click Add Storage.
4 Select the Disk/LUN storage type and click Next.
5 Select a device to use for your datastore and click Next.
NOTE Select the device that does not have a datastore name displayed in the VMFS Label column. If a
name is present, the device contains a copy of an existing VMFS datastore.
If the disk you are formatting is blank, the Current Disk Layout page automatically presents the entire
disk space for storage configuration.
VMware, Inc. 97
6 If the disk is not blank, review the current disk layout in the top panel of the Current Disk Layout page
and select a configuration option from the bottom panel.
Option Description
Use all available partitions Dedicates the entire disk or LUN to a single VMFS datastore. If you select
this option, all file systems and data currently stored on this device is
destroyed.
Use free space Deploys a VMFS datastore in the remaining free space of the disk.
7 Click Next.
8 In the Properties page, enter a datastore name and click Next.
9 If needed, adjust the file system and capacity values.
By default, the entire free space on the storage device is available.
10 Click Next.
11 In the Ready to Complete page, review the datastore configuration information and click Finish.
A datastore on the SCSI-based storage device is created. If you use the vCenter Server system to manage your
hosts, the newly created datastore is automatically added to all hosts.
Network Attached Storage

ESX supports using NAS through the NFS protocol. The NFS protocol enables communication between an
NFS client and an NFS server.
The NFS client built into ESX lets you access the NFS server and use NFS volumes for storage. ESX supports
only NFS Version 3 over TCP.
You use the vSphere Client to configure NFS volumes as datastores. Configured NFS datastores appear in the
vSphere Client, and you can use them to store virtual disk files in the same way that you use VMFS-based
datastores.
NOTE ESX does not support the delegate user functionality that enables access to NFS volumes using non-
root credentials.
Figure 8-4 depicts a virtual machine using the NFS volume to store its files. In this configuration, the host
connects to the NFS server, which stores the virtual disk files, through a regular network adapter.
98 VMware, Inc.
Figure 8-4. NFS Storage
Host
virtual
machine
ethernet
NIC
LAN
NFS
NAS appliance
The virtual disks that you create on NFS-based datastores use a disk format dictated by the NFS server, typically
a thin format that requires on-demand space allocation. If the virtual machine runs out of space while writing
to this disk, the vSphere Client notifies you that more space is needed. You have the following options:
n Free up additional space on the volume so that the virtual machine continues writing to the disk.
n Terminate the virtual machine session. Terminating the session shuts down the virtual machine.
CAUTION When your host accesses a virtual machine disk file on an NFS-based datastore, a .lck-XXX lock file
is generated in the same directory where the disk file resides to prevent other hosts from accessing this virtual
disk file. Do not remove the .lck-XXX lock file, because without it, the running virtual machine cannot access
its virtual disk file.
NFS Datastores as Repositories for Commonly Used Files

In addition to storing virtual disks on NFS datastores, you can also use NFS as a central repository for ISO
images, virtual machine templates, and so on.
To use NFS as a shared repository, you create a directory on the NFS server and then mount it as a datastore
on all hosts. If you use the datastore for ISO images, you can connect the virtual machine's CD-ROM device to
an ISO file on the datastore and install a guest operating system from the ISO file.
For information on configuring virtual machines, see Basic System Administration.
NOTE If the underlying NFS volume, on which the files are stored, is read-only, make sure that the volume is
exported as a read-only share by the NFS server, or configure it as a read-only datastore on the ESX host.
Otherwise, the host considers the datastore to be read-write and might not be able to open the files.
VMware, Inc. 99
Create an NFS-Based Datastore

You can use the Add Storage wizard to mount an NFS volume and use it as if it were a VMFS datastore.
Prerequisites
Because NFS requires network connectivity to access data stored on remote servers, before configuring NFS,
you must first configure VMkernel networking.
Procedure
4 Select Network File System as the storage type and click Next.
5 Enter the server name, the mount point folder name, and the datastore name.
NOTE When you mount the same NFS volume on different hosts, make sure that the server and folder
names are identical across the hosts. If the names do not match exactly, for example, if you enter share as
the folder name on one host and /share on the other, the hosts see the same NFS volume as two different
datastores. This might result in a failure of such features as vMotion.
6 (Optional) Select Mount NFS read only if the volume is exported as read only by the NFS server.
7 Click Next.
8 In the Network File System Summary page, review the configuration options and click Finish.
Creating a Diagnostic Partition

To run successfully, your host must have a diagnostic partition or a dump partition to store core dumps for
debugging and technical support. You can create the diagnostic partition on a local disk or on a private or
shared SAN LUN.
A diagnostic partition cannot be located on an iSCSI LUN accessed through a software iSCSI initiator.
Each host must have a diagnostic partition of 100MB. If multiple hosts share a SAN, configure a diagnostic
partition with 100MB for each host.
CAUTION If two hosts that share a diagnostic partition fail and save core dumps to the same slot, the core
dumps might be lost. To collect core dump data, reboot a host and extract log files immediately after the host
fails. However, if another host fails before you collect the diagnostic data of the first host, the second host will
fail to save the core dump.
With the ESX host, you typically create a diagnostic partition when installing ESX by selecting Recommended
Partitioning. The installer automatically creates a diagnostic partition for your host. If you select Advanced
Partitioning and choose not to specify the diagnostic partition during installation, you can configure it using
the Add Storage wizard.
Create a Diagnostic Partition

You can create a diagnostic partition on your host.
Procedure
100 VMware, Inc.

4 Select Diagnostic and click Next.
If you do not see Diagnostic as an option, the host already has a diagnostic partition.
You can query and scan the host’s diagnostic partition using the vicfg-dumppart -l command on the
vSphere CLI.
5 Specify the type of diagnostic partition.
Option Description
Private Local Creates the diagnostic partition on a local disk. This partition stores fault
information only for your host.
Private SAN Storage Creates the diagnostic partition on a non-shared SAN LUN. This partition
stores fault information only for your host.
Shared SAN Storage Creates the diagnostic partition on a shared SAN LUN. This partition is
accessed by multiple hosts and can store fault information for more than one
host.
6 Click Next.
7 Select the device to use for the diagnostic partition and click Next.
8 Review the partition configuration information and click Finish.
VMware, Inc. 101

102 VMware, Inc.

Managing Storage 9
After you create datastores, you can change their properties, use folders to group datastores based on your
business needs, or delete unused datastores. You might also need to set up multipathing for your storage or
resignature datastore copies.

n “Managing Datastores,” on page 103
n “Changing VMFS Datastore Properties,” on page 105
n “Managing Duplicate VMFS Datastores,” on page 107
n “Using Multipathing with ESX,” on page 109
n “Thin Provisioning,” on page 118
n “Turn off vCenter Server Storage Filters,” on page 121
Managing Datastores
An ESX system uses datastores to store all files associated with its virtual machines. After you create datastores,
you can manage them by performing a number of tasks.
A datastore is a logical storage unit that can use disk space on one physical device, one disk partition, or span
several physical devices. The datastore can exist on different types of physical devices, including SCSI, iSCSI,
Fibre Channel SAN, or NFS.
Datastores are added to the vSphere Client in one of the following ways:
n Discovered when a host is added to the inventory. The vSphere Client displays any datastores that the
host can recognize.
n Created on an available storage device using the Add Storage command.
After the datastores are created, you can use them to store virtual machine files. You can manage them by
renaming, removing, and setting access control permissions. In addition, you can group datastores to organize
them and set the same permissions across the group at one time.
For information on setting access control permissions on a datastore, see the vSphere Client Help.
VMware, Inc. 103

Rename Datastores
You can change the name of an existing datastore.
Procedure
1 Display the datastores.
2 Right-click the datastore to rename and select Rename.
3 Type a new datastore name.

If you use the vCenter Server system to manage your hosts, the new name appears on all hosts that have access
to the datastore.
Group Datastores
If you use the vCenter Server system to manage your hosts, group datastores into folders. This allows you to
organize your datastores according to business practices and to assign the same permissions and alarms on
the datastores in the group at one time.
Procedure
1 Log in to the vSphere Client.
2 If necessary, create the datastores.
For details, see the vSphere Client Help.
3 In the Inventory panel, choose Datastores.
4 Select the datacenter containing the datastores to group.
5 In the shortcut menu, click the New Folder icon.
6 Give the folder a descriptive name.
7 Click and drag each datastore onto the folder.
Delete Datastores
You can delete any type of VMFS datastore, including copies that you have mounted without resignaturing.
When you delete a datastore, it is destroyed and disappears from all hosts that have access to the datastore.
Prerequisites
Before deleting a datastore, remove all virtual machines from the datastore. Make sure that no other host is
accessing the datastore.
Procedure
2 Right-click the datastore to delete and click Delete.
3 Confirm that you want to delete the datastore.
104 VMware, Inc.

Chapter 9 Managing Storage
Unmount Datastores
When you unmount a datastore, it remains intact, but can no longer be seen from the hosts that you specify.
It continues to appear on other hosts, where it remains mounted.
You can unmount only the following types of datastores:

n NFS datastores
n VMFS datastore copies mounted without resignaturing
Procedure

2 Right-click the datastore to unmount and select Unmount.
3 If the datastore is shared, specify which hosts should no longer access the datastore.
a If needed, deselect the hosts where you want to keep the datastore mounted.
By default, all hosts are selected.
b Click Next.
c Review the list of hosts from which to unmount the datastore, and click Finish.
4 Confirm that you want to unmount the datastore.
Changing VMFS Datastore Properties

After you create a VMFS-based datastore, you can modify it. For example, you can increase it if you need more
space. If you have VMFS-2 datastores, you can upgrade them to VMFS-3 format.
Datastores that use the VMFS format are deployed on SCSI-based storage devices.
You cannot reformat a VMFS datastore that a remote host is using. If you attempt to, a warning appears that
specifies the name of the datastore in use and the host that is using it. This warning also appears in the VMkernel
and vmkwarning log files.
Depending on whether your vSphere Client is connected to a vCenter Server system or directly to a host,
different ways to access the Datastore Properties dialog box exist.
n vCenter Server only. To access the Datastore Properties dialog box, select the datastore form the inventory,
click the Configuration tab, and click Properties.
n vCenter Server and ESX/ESXi host. To access the Datastore Properties dialog box, select a host from the
inventory, click the Configuration tab and click Storage. From the Datastores view, select the datastore
to modify and click Properties.
VMware, Inc. 105

Increase VMFS Datastores

When you need to create new virtual machines on a datastore, or when the virtual machines running on this
datastore require more space, you can dynamically increase the capacity of a VMFS datastore.
Use one of the following methods:

n Add a new extent. An extent is a partition on a LUN. You can add a new extent to any existing VMFS
datastore. The datastore can stretch over multiple extents, up to 32.
NOTE You cannot add a local extent to a datastore located on a SAN LUN.
n Grow an extent in an existing VMFS datastore. Only extents with free space immediately after them are
expandable. As a result, rather than adding the new extent, you can grow the existing extent so that it fills
the available adjacent capacity.
NOTE If a shared datastore has powered on virtual machines and becomes 100% full, you can increase the
datastore's capacity only from the host, with which the powered on virtual machines are registered.
Procedure
1 Log in to the vSphere Client and select a host from the Inventory panel.
2 Click the Configuration tab and click Storage.
3 From the Datastores view, select the datastore to increase and click Properties.
4 Click Increase.
5 Select a device from the list of storage devices and click Next.
n If you want to add a new extent, select the device for which the Expandable column reads No.
n If you want to expand an existing extent, select the device for which the Expandable column reads
Yes.
6 Select a configuration option from the bottom panel.
Depending on the current layout of the disk and on your previous selections, the options you see might
vary.
Option Description
Use free space to add new extent Adds the free space on this disk as a new datastore extent.
Use free space to expand existing Grows an existing extent to a required capacity.
extent
Use free space Deploys an extent in the remaining free space of the disk. This option is
available only when adding an extent.
Use all available partitions Dedicates the entire disk to a single datastore extent. This option is available
only when adding an extent and when the disk you are formatting is not
blank. The disk is reformatted, and the datastores and any data that it
contains are erased.
7 Set the capacity for the extent.
By default, the entire free space on the storage device is available.
8 Click Next.
9 Review the proposed layout and the new configuration of your datastore, and click Finish.
106 VMware, Inc.

What to do next
After you grow an extent in a shared VMFS datastore, refresh the datastore on each host that can access this
datastore, so that the vSphere Client can display the correct datastore capacity for all hosts.
Upgrade Datastores
ESX includes VMFS version 3 (VMFS-3). If your datastore was formatted with VMFS-2, you can read files
stored on VMFS-2, but you cannot write to them. To have complete access to the files, upgrade VMFS-2 to
VMFS-3.
When you upgrade VMFS-2 to VMFS-3, the ESX file-locking mechanism ensures that no remote host or local
process is accessing the VMFS datastore being converted. Your host preserves all files on the datastore.
As a precaution, before you use the upgrade option, consider the following:
n Commit or discard any changes to virtual disks in the VMFS-2 volume that you plan to upgrade.
n Back up the VMFS-2 volume.
n Be sure that no powered on virtual machines are using the VMFS-2 volume.
n Be sure that no other ESX host is accessing the VMFS-2 volume.
The VMFS-2 to VMFS-3 conversion is a one-way process. After you convert the VMFS-based datastore to
VMFS-3, you cannot revert it back to VMFS-2.
To upgrade the VMFS-2 file system, its file block size must not exceed 8MB.
Procedure
1 Log in to the vSphere Client and select a host from the Inventory panel.
3 Select the datastore that uses the VMFS-2 format.
4 Click Upgrade to VMFS-3.
5 Perform a rescan on all hosts that see the datastore.
Managing Duplicate VMFS Datastores

When a LUN contains a VMFS datastore copy, you can mount the datastore with the existing signature or
assign a new signature.
Each VMFS datastore created in a LUN has a unique UUID that is stored in the file system superblock. When
the LUN is replicated or snapshotted, the resulting LUN copy is identical, byte-for-byte, with the original LUN.
As a result, if the original LUN contains a VMFS datastore with UUID X, the LUN copy appears to contain an
identical VMFS datastore, or a VMFS datastore copy, with exactly the same UUID X.
ESX can determine whether a LUN contains the VMFS datastore copy, and either mount the datastore copy
with its original UUID or change the UUID, thus resignaturing the datastore.
VMware, Inc. 107

Mounting VMFS Datastores with Existing Signatures

You might not have to resignature a VMFS datastore copy. You can mount a VMFS datastore copy without
changing its signature.
For example, you can maintain synchronized copies of virtual machines at a secondary site as part of a disaster
recovery plan. In the event of a disaster at the primary site, you can mount the datastore copy and power on
the virtual machines at the secondary site.
IMPORTANT You can mount a VMFS datastore only if it does not collide with an already mounted VMFS
datastore that has the same UUID.
When you mount the VMFS datastore, ESX allows both reads and writes to the datastore residing on the LUN
copy. The LUN copy must be writable. The datastore mounts are persistent and valid across system reboots.
Because ESX does not allow you to resignature the mounted datastore, unmount the datastore before
resignaturing.
Mount a VMFS Datastore with an Existing Signature

If you do not need to resignature a VMFS datastore copy, you can mount it without changing its signature.
Prerequisites
Before you mount a VMFS datastore, perform a storage rescan on your host so that it updates its view of LUNs
presented to it.
Procedure
1 Log in to the vSphere Client and select the server from the inventory panel.
3 Click Add Storage.
5 From the list of LUNs, select the LUN that has a datastore name displayed in the VMFS Label column and
click Next.
The name present in the VMFS Label column indicates that the LUN is a copy that contains a copy of an
existing VMFS datastore.
6 Under Mount Options, select Keep Existing Signature.
What to do next
If you later want to resignature the mounted datastore, you must unmount it first.
Resignaturing VMFS Copies

Use datastore resignaturing to retain the data stored on the VMFS datastore copy. When resignaturing a VMFS
copy, ESX assigns a new UUID and a new label to the copy, and mounts the copy as a datastore distinct from
the original.
The default format of the new label assigned to the datastore is snap-<snapID>-<oldLabel>, where <snapID> is
an integer and <oldLabel> is the label of the original datastore.
108 VMware, Inc.

When you perform datastore resignaturing, consider the following points:

n Datastore resignaturing is irreversible.
n The LUN copy that contains the VMFS datastore that you resignature is no longer treated as a LUN copy.
n A spanned datastore can be resignatured only if all its extents are online.
n The resignaturing process is crash and fault tolerant. If the process is interrupted, you can resume it later.
n You can mount the new VMFS datastore without a risk of its UUID colliding with UUIDs of any other
datastore, such as an ancestor or child in a hierarchy of LUN snapshots.
Resignature a VMFS Datastore Copy

Use datastore resignaturing if you want to retain the data stored on the VMFS datastore copy.
Prerequisites
To resignature a mounted datastore copy, first unmount it.
Before you resignature a VMFS datastore, perform a storage rescan on your host so that the host updates its
view of LUNs presented to it and discovers any LUN copies.
Procedure
click Next.
6 Under Mount Options, select Assign a New Signature and click Next.
What to do next
After resignaturing, you might have to do the following:

n If the resignatured datastore contains virtual machines, update references to the original VMFS datastore
in the virtual machine files, including .vmx, .vmdk, .vmsd, and .vmsn.
n To power on virtual machines, register them with vCenter Server.
Using Multipathing with ESX

To maintain a constant connection between an ESX host and its storage, ESX supports multipathing.
Multipathing is a technique that lets you use more than one physical path for transferring data between the ESX
host and the external storage device.
In case of a failure of an element in the SAN network, such as an HBA, switch, or cable, ESX can fail over to
another physical path. In addition to path failover, multipathing offers load balancing, which redistributes I/
O loads between multiple paths, thus reducing or removing potential bottlenecks.
VMware, Inc. 109

Managing Multiple Paths

To manage storage multipathing, ESX users a special VMkernel layer, Pluggable Storage Architecture (PSA).
The PSA is an open modular framework that coordinates the simultaneous operation of multiple multipathing
plugins (MPPs).
The VMkernel multipathing plugin that ESX provides by default is the VMware Native Multipathing Plugin
(NMP). The NMP is an extensible module that manages subplugins. There are two types of NMP subplugins,
Storage Array Type Plugins (SATPs), and Path Selection Plugins (PSPs). SATPs and PSPs can be built-in and
provided by VMware, or can be provided by a third party.
If more multipathing functionality is required, a third party can also provide an MPP to run in addition to, or
as a replacement for, the default NMP.
When coordinating the VMware NMP and any installed third-party MPPs, the PSA performs the following
tasks:
n Loads and unloads multipathing plugins.
n Hides virtual machine specifics from a particular plugin.
n Routes I/O requests for a specific logical device to the MPP managing that device.
n Handles I/O queuing to the logical devices.
n Implements logical device bandwidth sharing between virtual machines.
n Handles I/O queueing to the physical storage HBAs.
n Handles physical path discovery and removal.
n Provides logical device and physical path I/O statistics.
As Figure 9-1 illustrates, multiple third-party MPPs can run in parallel with the VMware NMP. The third-party
MPPs can replace the behavior of the NMP and take complete control of the path failover and the load-
balancing operations for specified storage devices.
Figure 9-1. Pluggable Storage Architecture
VMkernel
pluggable storage architecture
third-party third-party VMware NMP

MPP MPP
VMware SATP VMware PSP
VMware SATP
third-party SATP third-party PSP
The multipathing modules perform the following operations:

n Manage physical path claiming and unclaiming.
n Manage creation, registration, and deregistration of logical devices.
n Associate physical paths with logical devices.
110 VMware, Inc.

n Process I/O requests to logical devices:

n Select an optimal physical path for the request.
n Depending on a storage device, perform specific actions necessary to handle path failures and I/O
command retries.
n Support management tasks, such as abort or reset of logical devices.
VMware Multipathing Module

By default, ESX provides an extensible multipathing module called the Native Multipathing Plugin (NMP).
Generally, the VMware NMP supports all storage arrays listed on the VMware storage HCL and provides a
default path selection algorithm based on the array type. The NMP associates a set of physical paths with a
specific storage device, or LUN. The specific details of handling path failover for a given storage array are
delegated to a Storage Array Type Plugin (SATP). The specific details for determining which physical path is
used to issue an I/O request to a storage device are handled by a Path Selection Plugin (PSP). SATPs and PSPs
are sub-plugins within the NMP module.
VMware SATPs
Storage Array Type Plugins (SATPs) run in conjunction with the VMware NMP and are responsible for array-
specific operations.
ESX offers an SATP for every type of array that VMware supports. These SATPs include an active/active SATP
and active/passive SATP for non-specified storage arrays, and the local SATP for direct-attached storage. Each
SATP accommodates special characteristics of a certain class of storage arrays and can perform the array-
specific operations required to detect path state and to activate an inactive path. As a result, the NMP module
can work with multiple storage arrays without having to be aware of the storage device specifics.
After the NMP determines which SATP to call for a specific storage device and associates the SATP with the
physical paths for that storage device, the SATP implements the tasks that include the following:
n Monitors health of each physical path.
n Reports changes in the state of each physical path.
n Performs array-specific actions necessary for storage fail-over. For example, for active/passive devices, it
can activate passive paths.
VMware PSPs
Path Selection Plugins (PSPs) run in conjunction with the VMware NMP and are responsible for choosing a
physical path for I/O requests.
The VMware NMP assigns a default PSP for every logical device based on the SATP associated with the physical
paths for that device. You can override the default PSP.
VMware, Inc. 111

By default, the VMware NMP supports the following PSPs:
Most Recently Used Selects the path the ESX host used most recently to access the given device. If
(MRU) this path becomes unavailable, the host switches to an alternative path and
continues to use the new path while it is available.
Fixed Uses the designated preferred path, if it has been configured. Otherwise, it uses
the first working path discovered at system boot time. If the host cannot use
the preferred path, it selects a random alternative available path. The host
automatically reverts back to the preferred path as soon as that path becomes
available.
NOTE With active-passive arrays that have a Fixed path policy, path thrashing
might be a problem.
Round Robin (RR) Uses a path selection algorithm that rotates through all available paths enabling
load balancing across the paths.
VMware NMP Flow of I/O
When a virtual machine issues an I/O request to a storage device managed by the NMP, the following process
takes place.
1 The NMP calls the PSP assigned to this storage device.
2 The PSP selects an appropriate physical path on which to issue the I/O.
3 If the I/O operation is successful, the NMP reports its completion.
4 If the I/O operation reports an error, the NMP calls an appropriate SATP.
5 The SATP interprets the I/O command errors and, when appropriate, activates inactive paths.
6 The PSP is called to select a new path on which to issue the I/O.
Multipathing with Local Storage and Fibre Channel SANs

In a simple multipathing local storage topology, you can use one ESX host, which has two HBAs. The ESX host
connects to a dual-port local storage system through two cables. This configuration ensures fault tolerance if
one of the connection elements between the ESX host and the local storage system fails.
To support path switching with FC SAN, the ESX host typically has two or more HBAs available from which
the storage array can be reached using one or more switches. Alternatively, the setup can include one HBA
and two storage processors so that the HBA can use a different path to reach the disk array.
In Figure 9-2, multiple paths connect each server with the storage device. For example, if HBA1 or the link
between HBA1 and the switch fails, HBA2 takes over and provides the connection between the server and the
switch. The process of one HBA taking over for another is called HBA failover.
112 VMware, Inc.

Figure 9-2. Fibre Channel Multipathing

Host Host
1 2
HBA2 HBA1 HBA3 HBA4
switch switch
SP1 SP2
storage array
Similarly, if SP1 or the link between SP1 and the switch breaks, SP2 takes over and provides the connection
between the switch and the storage device. This process is called SP failover. ESX supports HBA and SP failover
with its multipathing capability.
Multipathing with iSCSI SAN

With iSCSI storage, you can take advantage of the multipathing support that the IP network offers. In addition,
ESX supports host-based multipathing for both hardware and software iSCSI initiators.
ESX can use multipathing support built into the IP network, which allows the network to perform routing.
Through dynamic discovery, iSCSI initiators obtain a list of target addresses that the initiators can use as
multiple paths to iSCSI LUNs for failover purposes.
ESX also supports host-based multipathing.
With the hardware iSCSI, the host can have two or more hardware iSCSI adapters and use them as different
paths to reach the storage system.
As Figure 9-3 illustrates, the host has two hardware iSCSI adapters, HBA1 and HBA2, that provide two physical
paths to the storage system. Multipathing plugins on the host, whether the VMkernel NMP or any third-party
MPPs, have access to the paths by default and can monitor the health of each physical path. If, for example,
HBA1 or the link between HBA1 and the network fails, the multipathing plugins can switch the path over to
HBA2.
VMware, Inc. 113

Figure 9-3. Hardware iSCSI and Failover

ESX/ESXi
HBA2 HBA1
IP network
SP
iSCSI storage
With the software iSCSI, as Figure 9-4 shows, you can use multiple NICs that provide failover and load-
balancing capabilities for iSCSI connections between the host and storage systems.
For this setup, because multipathing plugins do not have direct access to the physical NICs on your host, you
must first connect each physical NIC to a separate VMkernel port. You then associate all VMkernel ports with
the software iSCSI initiator using a port binding technique. As a result, each VMkernel port connected to a
separate NIC becomes a different path that the iSCSI storage stack and its storage-aware multipathing plugins
can use.
For more information on this setup, see the iSCSI SAN Configuration Guide.
114 VMware, Inc.

Figure 9-4. Software iSCSI and Failover

ESX/ESXi
software initiator
NIC2 NIC1
IP network
SP
iSCSI storage
Path Scanning and Claiming

When you start your ESX host or rescan your storage adapter, the host discovers all physical paths to storage
devices available to the host. Based on a set of claim rules defined in the /etc/vmware/esx.conf file, the host
determines which multipathing plugin (MPP) should claim the paths to a particular device and become
responsible for managing the multipathing support for the device.
By default, the host performs a periodic path evaluation every 5 minutes causing any unclaimed paths to be
claimed by the appropriate MPP.
The claim rules are numbered. For each physical path, the host runs through the claim rules starting with the
lowest number first. The attributes of the physical path are compared to the path specification in the claim rule.
If there is a match, the host assigns the MPP specified in the claim rule to manage the physical path. This
continues until all physical paths are claimed by corresponding MPPs, either third-party multipathing plugins
or the native multipathing plugin (NMP).
For the paths managed by the NMP module, a second set of claim rules is applied. These rules determine which
SATP should be used to manage the paths from a specific array type, and which PSP is to be used for each
storage device. For example, for a storage device that belongs to the EMC CLARiiON CX storage family, the
default SATP is VMW_SATP_CX and the default PSP is Most Recently Used.
Use the vSphere Client to view which SATP and PSP the host is using for a specific storage device and the
status of all available paths for this storage device. If needed, you can change the default VMware PSP using
the vSphere Client. To change the default SATP, you need to modify claim rules using the vSphere CLI.
For detailed descriptions of the commands available to manage PSA, see the vSphere Command-Line Interface
VMware, Inc. 115

Viewing the Paths Information

Use the vSphere Client to determine which SATP and PSP the ESX host uses for a specific storage device and
the status of all available paths for this storage device. You can access the path information from both, the
Datastores and Devices views. For datastores, you review the paths that connect to the device the datastore is
deployed on.
The path information includes the SATP assigned to manage the device, the path selection policy (PSP), and
a list of paths with their physical characteristics, such as an adapter and target each path uses, and the status
of each path. The following path status information can appear:
Active Paths available for issuing I/O to a LUN. A single or multiple working paths
currently used for transferring data are marked as Active (I/O).
NOTE For hosts that run ESX 3.5 or earlier, the term active means the only path
that the host is using to issue I/O to a LUN.
Standby The path is operational and can be used for I/O if active paths fail.
Disabled The path is disabled and no data can be transferred.
Broken The software cannot connect to the disk through this path.
If you are using the Fixed path policy, you can see which path is the preferred path. The preferred path is
marked with an asterisk (*) in the Preferred column.
View Datastore Paths

Use the vSphere Client to review the paths that connect to storage devices the datastores are deployed on.
Procedure
3 Click Datastores under View.
4 From the list of configured datastores, select the datastore whose paths you want to view or configure.
The Details panel shows the total number of paths being used to access the device and whether any of
them are broken or disabled.
5 Click Properties > Manage Paths to open the Manage Paths dialog box.
You can use the Manage Paths dialog box to enable or disable your paths, set multipathing policy, and
specify the preferred path.
View Storage Device Paths

Use the vSphere Client to view which SATP and PSP the host uses for a specific storage device and the status
of all available paths for this storage device.
Procedure
3 Click Devices under View.
4 Click Manage Paths to open the Manage Paths dialog box.
116 VMware, Inc.

Setting a Path Selection Policy

For each storage device, the ESX host sets the path selection policy based on the claim rules defined in the /
etc/vmware/esx.conf file.
By default, VMware supports the following path selection policies. If you have a third-party PSP installed on
your host, its policy also appears on the list.
Fixed (VMware) The host always uses the preferred path to the disk when that path is available.
If the host cannot access the disk through the preferred path, it tries the
alternative paths. The default policy for active-active storage devices is Fixed.
Most Recently Used The host uses a path to the disk until the path becomes unavailable. When the
(VMware) path becomes unavailable, the host selects one of the alternative paths. The host
does not revert back to the original path when that path becomes available
again. There is no preferred path setting with the MRU policy. MRU is the
default policy for active-passive storage devices and is required for those
devices.
Round Robin (VMware) The host uses an automatic path selection algorithm rotating through all
available paths. This implements load balancing across all the available
physical paths.
Load balancing is the process of spreading server I/O requests across all
available host paths. The goal is to optimize performance in terms of
throughput (I/O per second, megabytes per second, or response times).
Table 9-1 summarizes how the behavior of host changes, depending on the type of array and the failover policy.
Table 9-1. Path Policy Effects

Policy/Controller Active-Active Active-Passive
Most Recently Used Administrator action is required to fail back Administrator action is required to fail back
after path failure. after path failure.
Fixed VMkernel resumes using the preferred path VMkernel attempts to resume using the
when connectivity is restored. preferred path. This can cause path thrashing
or failure when another SP now owns the
LUN.
Round Robin No fail back. Next path in round robin scheduling is

selected.
VMware, Inc. 117

Change the Path Selection Policy

Generally, you do not have to change the default multipathing settings your host uses for a specific storage
device. However, if you want to make any changes, you can use the Manage Paths dialog box to modify a path
selection policy and specify the preferred path for the Fixed policy.
Procedure
1 Open the Manage Paths dialog box either from the Datastores or Devices view.
2 Select a path selection policy.
By default, VMware supports the following path selection policies. If you have a third-party PSP installed
on your host, its policy also appears on the list.
n Fixed (VMware)
n Most Recently Used (VMware)
n Round Robin (VMware)
3 For the fixed policy, specify the preferred path by right-clicking the path you want to assign as the
preferred path, and selecting Preferred.
4 Click OK to save your settings and exit the dialog box.
Disable Paths
You can temporarily disable paths for maintenance or other reasons. You can do so using the vSphere Client.
Procedure
2 In the Paths panel, right-click the path to disable, and select Disable.
You can also disable a path from the adapter’s Paths view by right-clicking the path in the list and selecting
Disable.
Thin Provisioning
When you create a virtual machine, a certain amount of storage space on a datastore is provisioned or allocated
to the virtual disk files.
By default, ESX offers a traditional storage provisioning method during creation in which you estimate how
much storage the virtual machine will need for its entire life cycle, provision a fixed amount of storage space
to its virtual disk, and have the entire provisioned space committed to the virtual disk. A virtual disk that
immediately occupies the entire provisioned space is called a thick disk. Creating virtual disks in thick format
can lead to underutilization of datastore capacity, because large amounts of storage space, pre-allocated to
individual virtual machines, might remain unused.
To help avoid over-allocating storage space and save storage, ESX supports thin provisioning, which lets you,
in the beginning, use just as much storage capacity as currently needed and then add the required amount of
storage space at a later time. Using the ESX thin provisioning feature, you can create virtual disks in a thin
format. For a thin virtual disk, ESX provisions the entire space required for the disk’s current and future
activities, but commits only as much storage space as the disk needs for its initial operations.
118 VMware, Inc.

About Virtual Disk Formats

When you perform certain virtual machine management operations, such as create a virtual disk, clone a virtual
machine to a template, or migrate a virtual machine, you can specify a format for the virtual disk file.
The following disk formats are supported. You cannot specify the disk format if the disk resides on an NFS
datastore. The NFS server determines the allocation policy for the disk.
Thin Provisioned Format Use this format to save storage space. For the thin disk, you provision as much
datastore space as the disk would require based on the value you enter for the
disk size. However, the thin disk starts small and at first, uses only as much
datastore space as the disk actually needs for its initial operations.
NOTE If a virtual disk supports clustering solutions such as Fault Tolerance,

you cannot make the disk thin.
If the thin disk needs more space later, it can grow to its maximum capacity
and occupy the entire datastore space provisioned to it. Also, you can manually
convert the thin disk into thick.
Thick Format This is the default virtual disk format. The thick virtual disk does not change
its size and from the very beginning occupies the entire datastore space
provisioned to it. Thick format does not zero out the blocks in the allocated
space. It is not possible to convert the thick disk into thin.
Create Thin Provisioned Virtual Disks

When you need to save storage space, you can create a virtual disk in thin provisioned format. The thin
provisioned virtual disk starts small and grows as more disk space is required.
This procedure assumes that you are creating a typical or custom virtual machine using the New Virtual
Machine wizard.
Prerequisites
You can create thin disks only on the datastores that support thin provisioning. If a disk resides on an NFS
datastore, you cannot specify the disk format because the NFS server determines the allocation policy for the
disk.
Procedure
u In the Create a Disk dialog box, select Allocate and commit space on demand (Thin Provisioning).
A virtual disk in thin format is created. If you do not select the Thin Provisioning option, your virtual disk will
have the default thick format.
What to do next
If you created a virtual disk in the thin format, you can later inflate it to its full size.
VMware, Inc. 119

View Virtual Machine Storage Resources

You can view how datastore storage space is allocated for your virtual machines.
Procedure
2 Click the Summary tab.
3 Review the space allocation information in the Resources section.

n Provisioned Storage – Shows datastore space guaranteed to the virtual machine. The entire space
might not be used by the virtual machine if it has disks in thin provisioned format. Other virtual
machines can occupy any unused space.
n Not-shared Storage – Shows datastore space occupied by the virtual machine and not shared with
any other virtual machines.
n Used Storage – Shows datastore space actually occupied by virtual machine files, including
configuration and log files, snapshots, virtual disks, and so on. When the virtual machine is running,
the used storage space also includes swap files.
Determine the Disk Format of a Virtual Machine

You can determine whether your virtual disk is in thick or thin format.
Procedure
3 Click the Hardware tab and select the appropriate hard disk in the Hardware list.
The Disk Provisioning section on the right shows the type of your virtual disk, either Thin or Thick.
4 Click OK.
What to do next
If your virtual disk is in the thin format, you can inflate it to its full size.
Convert a Virtual Disk from Thin to Thick

Procedure
2 Click the Summary tab and, under Resources, double-click the datastore for the virtual machine to open
the Datastore Browser dialog box.
3 Click the virtual machine folder to find the virtual disk file you want to convert. The file has the .vmdk
extension.
4 Right-click the virtual disk file and select Inflate.
The virtual disk in thick format occupies the entire datastore space originally provisioned to it.
120 VMware, Inc.

Handling Datastore Over-Subscription

Because the provisioned space for thin disks can be greater than the committed space, a datastore over-
subscription can occur, which results in the total provisioned space for the virtual machine disks on the
datastore being greater than the actual capacity.
Over-subscription can be possible because usually not all virtual machines with thin disks need the entire
provisioned datastore space simultaneously. However, if you want to avoid over-subscribing the datastore,
you can set up an alarm that notifies you when the provisioned space reaches a certain threshold.
For information on setting alarms, see Basic System Administration.

If your virtual machines require more space, the datastore space is allocated on a first come first served basis.
When the datastore runs our of space, you can add more physical storage and increase the datastore.
See “Increase VMFS Datastores,” on page 106.
Turn off vCenter Server Storage Filters

When you perform VMFS datastore management operations, for example create a VMFS datastore or an RDM,
add an extent, or increase a VMFS datastore, the vCenter Server uses default storage filters. The filters retrieve
only those storage devices, or LUNs, that can be used for a particular operation. Unsuitable LUNs are filtered
out and are not displayed for your selection. Using the vSphere Client, you can turn off the filters.
To turn off the filters, you use the Advanced Settings page to modify the vCenter Server configuration file,
vpxd.cfg. This page can be used to add entries to the file, but not to edit or delete them.
As with any advanced configuration settings, consult with the VMware support team before making any
changes to the LUN filters. Do not turn the filters off unless you have other methods to prevent LUN corruption.
Procedure
1 Select Administration > vCenter Server Settings to display the vCenter Server Settings dialog box.
2 In the settings list, select Advanced Settings.
3 In the Key field, type a key.
Key Description
config.vpxd.filter.vmfsFilter VMFS Filter
config.vpxd.filter.rdmFilter RDM Filter
config.vpxd.filter.SameHostAndTra Same Host and Transports Filter
nsportsFilter
config.vpxd.filter.hostRescanFilter Host Rescan Filter
4 In the Value field, type False for the specified key.
5 Click Add.
6 Click OK.
What to do next
You are not required to restart the vCenter Server system.
VMware, Inc. 121

vCenter Server Storage Filtering

The storage filters that the vCenter Server provides help you avoid storage device corruption and performance
degradation that can be caused by an unsupported use of LUNs. These filters are available by default.
Filter Description Key
VMFS Filter Filters out any storage devices, or LUNs, that are config.vpxd.filter.vmfsFilter
already used by another VMFS datastore on any
host managed by the vCenter Server. Prevents
LUN sharing by multiple datastores or a datastore
and RDM combination.
RDM Filter Filters out any LUNs that are already referenced config.vpxd.filter.rdmFilter
by another RDM on any host managed by the
vCenter Server. Prevents LUN sharing by a
datastore and RDM combination. In addition, the
filter prevents virtual machines from accessing
the same LUN through different RDM mapping
files.
If you need virtual machines to access the same
raw LUN, they must share the same RDM
mapping file. For details on this type of
configuration, see Setup for Failover Clustering and
Microsoft Cluster Service.
Same Host and Filters out LUNs ineligible for use as VMFS config.vpxd.filter.SameHostAndTransportsFi
Transports Filter datastore extents due a host or storage type lter
incompatibility. Prevents you from adding the
following LUNs as extents:
n LUNs not exposed to all hosts that share the
original VMFS datastore.
n LUNs that use a storage type different from
the one the original VMFS datastore uses. For
example, you cannot add a Fibre Channel
extent to a VMFS datastore on a local storage
device.
Host Rescan Filter Automatically rescans and updates storage config.vpxd.filter.hostRescanFilter

devices after you perform datastore management
operations. The filter helps provide a consistent
view of all storage devices and VMFS datastores
on all hosts managed by the vCenter Server.
122 VMware, Inc.

Raw Device Mapping 10
Raw device mapping (RDM) provides a mechanism for a virtual machine to have direct access to a LUN on
the physical storage subsystem (Fibre Channel or iSCSI only).
The following topics contain information about RDMs and provide instructions on how to create and manage
RDMs.

n “About Raw Device Mapping,” on page 123
n “Raw Device Mapping Characteristics,” on page 126
n “Managing Mapped LUNs,” on page 130
About Raw Device Mapping

RDM is a mapping file in a separate VMFS volume that acts as a proxy for a raw physical device, a SCSI device
used directly by a virtual machine. The RDM contains metadata for managing and redirecting disk access to
the physical device.
The file gives you some of the advantages of direct access to a physical device while keeping some advantages
of a virtual disk in VMFS. As a result, it merges VMFS manageability with raw device access.
RDMs can be described in terms such as mapping a raw device into a datastore, mapping a system LUN, or
mapping a disk file to a physical disk volume. All these terms refer to RDMs.
Figure 10-1. Raw Device Mapping
Virtual
machine
opens reads,
writes
VMFS volume
address
mapping file mapped device
resolution
Although VMware recommends that you use VMFS datastores for most virtual disk storage, on certain
occasions, you might need to use raw LUNs or logical disks located in a SAN.
VMware, Inc. 123

For example, you need to use raw LUNs with RDMs in the following situations:
n When SAN snapshot or other layered applications are run in the virtual machine. The RDM better enables
scalable backup offloading systems by using features inherent to the SAN.
n In any MSCS clustering scenario that spans physical hosts — virtual-to-virtual clusters as well as physical-
to-virtual clusters. In this case, cluster data and quorum disks should be configured as RDMs rather than
as files on a shared VMFS.
Think of an RDM as a symbolic link from a VMFS volume to a raw LUN. The mapping makes LUNs appear
as files in a VMFS volume. The RDM, not the raw LUN, is referenced in the virtual machine configuration. The
RDM contains a reference to the raw LUN.
Using RDMs, you can:
n Use vMotion to migrate virtual machines using raw LUNs.
n Add raw LUNs to virtual machines using the vSphere Client.
n Use file system features such as distributed file locking, permissions, and naming.
Two compatibility modes are available for RDMs:

n Virtual compatibility mode allows an RDM to act exactly like a virtual disk file, including the use of
snapshots.
n Physical compatibility mode allows direct access of the SCSI device for those applications that need lower
level control.
Benefits of Raw Device Mapping

An RDM provides a number of benefits, but it should not be used in every situation. In general, virtual disk
files are preferable to RDMs for manageability. However, when you need raw devices, you must use the RDM.
RDM offers several benefits.
User-Friendly Persistent Provides a user-friendly name for a mapped device. When you use an RDM,
Names you do not need to refer to the device by its device name. You refer to it by the
name of the mapping file, for example:
/vmfs/volumes/myVolume/myVMDirectory/myRawDisk.vmdk
Dynamic Name Stores unique identification information for each mapped device. VMFS
Resolution associates each RDM with its current SCSI device, regardless of changes in the
physical configuration of the server because of adapter hardware changes, path
changes, device relocation, and so on.
Distributed File Locking Makes it possible to use VMFS distributed locking for raw SCSI devices.
Distributed locking on an RDM makes it safe to use a shared raw LUN without
losing data when two virtual machines on different servers try to access the
same LUN.
File Permissions Makes file permissions possible. The permissions of the mapping file are
enforced at file-open time to protect the mapped volume.
File System Operations Makes it possible to use file system utilities to work with a mapped volume,
using the mapping file as a proxy. Most operations that are valid for an ordinary
file can be applied to the mapping file and are redirected to operate on the
mapped device.
Snapshots Makes it possible to use virtual machine snapshots on a mapped volume.

Snapshots are not available when the RDM is used in physical compatibility
mode.
124 VMware, Inc.

Chapter 10 Raw Device Mapping
vMotion Lets you migrate a virtual machine with vMotion. The mapping file acts as a
proxy to allow vCenter Server to migrate the virtual machine by using the same
mechanism that exists for migrating virtual disk files.
Figure 10-2. vMotion of a Virtual Machine Using Raw Device Mapping
Host 1 Host 2
VMotion
VM1 VM2
VMFS volume
mapping file
address
resolution
mapped device
SAN Management Makes it possible to run some SAN management agents inside a virtual
Agents machine. Similarly, any software that needs to access a device by using
hardware-specific SCSI commands can be run in a virtual machine. This kind
of software is called SCSI target-based software. When you use SAN
management agents, select a physical compatibility mode for the RDM.
N-Port ID Virtualization Makes it possible to use the NPIV technology that allows a single Fibre Channel
(NPIV) HBA port to register with the Fibre Channel fabric using several worldwide
port names (WWPNs). This ability makes the HBA port appear as multiple
virtual ports, each having its own ID and virtual port name. Virtual machines
can then claim each of these virtual ports and use them for all RDM traffic.
NOTE You can use NPIV only for virtual machines with RDM disks.
VMware works with vendors of storage management software to ensure that their software functions correctly
in environments that include ESX. Some applications of this kind are:
n SAN management software
n Storage resource management (SRM) software
n Snapshot software
n Replication software
Such software uses a physical compatibility mode for RDMs so that the software can access SCSI devices
directly.
VMware, Inc. 125

Various management products are best run centrally (not on the ESX machine), while others run well on the
service console or on the virtual machines. VMware does not certify these applications or provide a
compatibility matrix. To find out whether a SAN management application is supported in an ESX environment,
contact the SAN management software provider.
Limitations of Raw Device Mapping

Certain limitations exist when you use RDMs.
n Not available for block devices or certain RAID devices – RDM uses a SCSI serial number to identify the
mapped device. Because block devices and some direct-attach RAID devices do not export serial numbers,
they cannot be used with RDMs.
n Available with VMFS-2 and VMFS-3 volumes only – RDM requires the VMFS-2 or VMFS-3 format. In
ESX, the VMFS-2 file system is read only. Upgrade it to VMFS-3 to use the files that VMFS-2 stores.
n No snapshots in physical compatibility mode – If you are using an RDM in physical compatibility mode,
you cannot use a snapshot with the disk. Physical compatibility mode allows the virtual machine to
manage its own snapshot or mirroring operations.
Snapshots are available in virtual mode.

n No partition mapping – RDM requires the mapped device to be a whole LUN. Mapping to a partition is
not supported.
Raw Device Mapping Characteristics

An RDM is a special mapping file in a VMFS volume that manages metadata for its mapped device. The
mapping file is presented to the management software as an ordinary disk file, available for the usual file-
system operations. To the virtual machine, the storage virtualization layer presents the mapped device as a
virtual SCSI device.
Key contents of the metadata in the mapping file include the location of the mapped device (name resolution),
the locking state of the mapped device, permissions, and so on.
RDM Virtual and Physical Compatibility Modes

You can use RDMs in virtual compatibility or physical compatibility modes. Virtual mode specifies full
virtualization of the mapped device. Physical mode specifies minimal SCSI virtualization of the mapped
device, allowing the greatest flexibility for SAN management software.
In virtual mode, the mapped device appears to the guest operating system exactly the same as a virtual disk
file in a VMFS volume. The real hardware characteristics are hidden. If you are using a raw disk in virtual
mode, you can realize the benefits of VMFS such as advanced file locking for data protection and snapshots
for streamlining development processes. Virtual mode is also more portable across storage hardware than
physical mode, presenting the same behavior as a virtual disk file.
In physical mode, the VMkernel passes all SCSI commands to the device, with one exception: the REPORT
LUNs command is virtualized so that the VMkernel can isolate the LUN for the owning virtual machine.
Otherwise, all physical characteristics of the underlying hardware are exposed. Physical mode is useful to run
SAN management agents or other SCSI target-based software in the virtual machine. Physical mode also allows
virtual-to-physical clustering for cost-effective high availability.
126 VMware, Inc.

Figure 10-3. Virtual And Physical Compatibility Modes
virtual machine 1
virtualization virtual mode
VMFS
mapping file mapped

device
VMFS volume
virtual machine 1
virtualization physical mode
VMFS
mapping file mapped

device
VMFS volume
Dynamic Name Resolution

RDM lets you give a permanent name to a device by referring to the name of the mapping file in the /vmfs
subtree.
The example in Figure 10-4 shows three LUNs. LUN 1 is accessed by its device name, which is relative to the
first visible LUN. LUN 2 is a mapped device, managed by an RDM on LUN 3. The RDM is accessed by its path
name in the /vmfs subtree, which is fixed.
VMware, Inc. 127

Figure 10-4. Example of Name Resolution

host
virtual machine 1 virtual machine 2

scsi0:0.name = scsi0:0.name=
vmhba0:0:1:0:mydiskdir mymapfile
/mydiskname.vmdk
HBA 0 HBA 1
(/vmfs/volumes/myVolume
(vmhba0:0:1:0)
/myVMDirectory/mymapfile)
)
:0
LUN 3
:1
:0
a1
hb
m
(v
mapping file
VMFS
LUN 1
vmhba0:0:3:0
LUN 2
vmhba0:0:1:0 mapped device
vmhba0:0:2:0
VMFS uniquely identifies all mapped LUNs, and the identification is stored in its internal data structures. Any
change in the SCSI path, such as a Fibre Channel switch failure or the addition of a new host bus adapter, can
change the device name. Dynamic name resolution compensates for these changes by adjusting the data
structures to retarget LUNs to their new device names.
128 VMware, Inc.

Raw Device Mapping with Virtual Machine Clusters

Use an RDM with virtual machine clusters that need to access the same raw LUN for failover scenarios. The
setup is similar to that of a virtual machine cluster that accesses the same virtual disk file, but an RDM replaces
the virtual disk file.
Figure 10-5. Access from Clustered Virtual Machines
Host 3 Host 4
VM3 VM4
“shared” access
address
mapping file mapped
resolutiion device
VMFS volume
Comparing Available SCSI Device Access Modes

The ways of accessing a SCSI-based storage device include a virtual disk file on a VMFS datastore, virtual mode
RDM, and physical mode RDM.
To help you choose among the available access modes for SCSI devices, Table 10-1 provides a quick comparison
of features available with the different modes.
Table 10-1. Features Available with Virtual Disks and Raw Device Mappings
ESX Features Virtual Disk File Virtual Mode RDM Physical Mode RDM
SCSI Commands Passed No No Yes

Through REPORT LUNs is not passed
through
vCenter Server Support Yes Yes Yes
Snapshots Yes Yes No
Distributed Locking Yes Yes Yes
Clustering Cluster-in-a-box only Cluster-in-a-box and Physical to Virtual Clustering

cluster-across-boxes
SCSI Target-Based Software No No Yes
VMware recommends that you use virtual disk files for the cluster-in-a-box type of clustering. If you plan to
reconfigure your cluster-in-a-box clusters as cluster-across-boxes clusters, use virtual mode RDMs for the
cluster-in-a-box clusters.
VMware, Inc. 129

Managing Mapped LUNs

You can use the vSphere Client to map a SAN LUN to a datastore and manage paths to your mapped LUN.
Additional tools available to manage mapped LUNs and their RDMs include the vmkfstools utility and other
commands used with the vSphere CLI. You can use the vmkfstools utility to perform many of the same
operations available through the vSphere Client.
You can also use common file system commands in the service console.
Create Virtual Machines with RDMs

When you give your virtual machine direct access to a raw SAN LUN, you create a mapping file (RDM) that
resides on a VMFS datastore and points to the LUN. Although the mapping file has the same.vmdk extension
as a regular virtual disk file, the RDM file contains only mapping information. The actual virtual disk data is
stored directly on the LUN.
You can create the RDM as an initial disk for a new virtual machine or add it to an existing virtual machine.
When creating the RDM, you specify the LUN to be mapped and the datastore on which to put the RDM.
Procedure
1 Follow all steps required to create a custom virtual machine.
2 In the Select a Disk page, select Raw Device Mapping, and click Next.
3 From the list of SAN disks or LUNs, select a raw LUN for your virtual machine to access directly.
4 Select a datastore for the RDM mapping file.
You can place the RDM file on the same datastore where your virtual machine configuration file resides,
or select a different datastore.
NOTE To use vMotion for virtual machines with enabled NPIV, make sure that the RDM files of the virtual
machines are located on the same datastore. You cannot perform Storage vMotion or VMotion between
datastores when NPIV is enabled.
5 Select a compatibility mode.
Option Description
Physical Allows the guest operating system to access the hardware directly. Physical
compatibility is useful if you are using SAN-aware applications on the virtual
machine. However, a virtual machine with a physical compatibility RDM
cannot be cloned, made into a template, or migrated if the migration involves
copying the disk.
Virtual Allows the RDM to behave as if it were a virtual disk, so you can use such
features as snapshotting, cloning, and so on.
6 Select a virtual device node.
7 If you select Independent mode, choose one of the following.
Option Description
Persistent Changes are immediately and permanently written to the disk.
Nonpersistent Changes to the disk are discarded when you power off or revert to the
snapshot.
8 Click Next.
130 VMware, Inc.

9 In the Ready to Complete New Virtual Machine page, review your selections.
10 Click Finish to complete your virtual machine.
Manage Paths for a Mapped Raw LUN

You can manage paths for mapped raw LUNs.
Procedure
1 Log in as administrator or as the owner of the virtual machine to which the mapped disk belongs.
2 Select the virtual machine from the Inventory panel.
4 On the Hardware tab, select Hard Disk, then click Manage Paths.
5 Use the Manage Paths dialog box to enable or disable your paths, set multipathing policy, and specify the
preferred path.
For information on managing paths, see “Using Multipathing with ESX,” on page 109.
VMware, Inc. 131

132 VMware, Inc.

Security
VMware, Inc. 133

134 VMware, Inc.

Security for ESX Systems 11
ESX is developed with a focus on strong security. VMware ensures security in the ESX environment and
addresses system architecture from a security standpoint.

n “ESX Architecture and Security Features,” on page 135
n “Security Resources and Information,” on page 143
ESX Architecture and Security Features

The components and the overall architecture of ESX are designed to ensure security of the ESX system as a
whole.
From a security perspective, ESX consists of four major components: the virtualization layer, the virtual
machines, the service console, and the virtual networking layer.
Figure 11-1 provides an overview of these components.

Figure 11-1. ESX Architecture
ESX
virtual virtual virtual virtual

service console
machine machine machine machine
VMware
Virtualization
Layer (VMkernel) Virtual
Networking
Layer
CPU memory hardware network storage

adapter
VMware, Inc. 135

Security and the Virtualization Layer

The virtualization layer, or VMkernel, is a kernel designed by VMware to run virtual machines. It controls the
hardware that hosts use and schedules the allocation of hardware resources among the virtual machines.
Because the VMkernel is fully dedicated to supporting virtual machines and is not used for other purposes,
the interface to the VMkernel is strictly limited to the API required to manage virtual machines.
ESX provides additional VMkernel protection with the following features:
Memory Hardening The ESX kernel, user-mode applications, and executable components such as
drivers and libraries are located at random, non-predictable memory
addresses. Combined with the non-executable memory protections made
available by microprocessors, this provides protection that makes it difficult
for malicious code to use memory exploits to take advantage of vulnerabilities.
Kernel Module Integrity Digital signing ensures the integrity and authenticity of modules, drivers and
applications as they are loaded by the VMkernel. Module signing allows ESX
to identify the providers of modules, drivers, or applications and whether they
are VMware-certified.
Security and Virtual Machines

Virtual machines are the containers in which applications and guest operating systems run. By design, all
VMware virtual machines are isolated from one another. This isolation enables multiple virtual machines to
run securely while sharing hardware and ensures both their ability to access hardware and their uninterrupted
performance.
Even a user with system administrator privileges on a virtual machine’s guest operating system cannot breach
this layer of isolation to access another virtual machine without privileges explicitly granted by the ESX system
administrator. As a result of virtual machine isolation, if a guest operating system running in a virtual machine
fails, other virtual machines on the same host continue to run. The guest operating system failure has no effect
on:
n The ability of users to access the other virtual machines
n The ability of the operational virtual machines to access the resources they need
n The performance of the other virtual machines
Each virtual machine is isolated from other virtual machines running on the same hardware. Although virtual
machines share physical resources such as CPU, memory, and I/O devices, a guest operating system on an
individual virtual machine cannot detect any device other than the virtual devices made available to it, as
shown in Figure 11-2.
136 VMware, Inc.

Chapter 11 Security for ESX Systems
Figure 11-2. Virtual Machine Isolation

Virtual Machine
app app app app app
Operating System
Virtual Machine Resources
CPU memory disk network and

video cards
SCSI mouse CD/DVD keyboard

controller
Because the VMkernel mediates the physical resources and all physical hardware access takes place through
the VMkernel, virtual machines cannot circumvent this level of isolation.
Just as a physical machine communicates with other machines in a network through a network card, a virtual
machine communicates with other virtual machines running in the same host through a virtual switch. Further,
a virtual machine communicates with the physical network, including virtual machines on other ESX hosts,
through a physical network adapter, as shown in Figure 11-3.
Figure 11-3. Virtual Networking Through Virtual Switches
ESX
Virtual Machine Virtual Machine
virtual virtual
network network
adapter adapter
VMkernel
Virtual Virtual Switch

Networking links virtual
Layer machines together
Hardware Network Adapter

links virtual machines to
the physical network
Physical Network
These characteristics apply to virtual machine isolation in a network context:

n If a virtual machine does not share a virtual switch with any other virtual machine, it is completely isolated
from virtual networks within the host.
n If no physical network adapter is configured for a virtual machine, the virtual machine is completely
isolated from any physical networks.
n If you use the same safeguards (firewalls, antivirus software, and so forth) to protect a virtual machine
from the network as you would for a physical machine, the virtual machine is as secure as the physical
machine.
VMware, Inc. 137

You can further protect virtual machines by setting up resource reservations and limits on the host. For
example, through the detailed resource controls available in ESX, you can configure a virtual machine so that
it always receives at least 10 percent of the host’s CPU resources, but never more than 20 percent.
Resource reservations and limits protect virtual machines from performance degradation that would result if
another virtual machine consumed excessive shared hardware resources. For example, if one of the virtual
machines on a host is incapacitated by a denial-of-service (DoS) attack, a resource limit on that machine
prevents the attack from taking up so much of the hardware resources that the other virtual machines are also
affected. Similarly, a resource reservation on each of the virtual machines ensures that, in the event of high
resource demands by the virtual machine targeted by the DoS attack, all the other virtual machines still have
enough resources to operate.
By default, ESX imposes a form of resource reservation by applying a distribution algorithm that divides the
available host resources equally among the virtual machines while keeping a certain percentage of resources
for use by other system components. This default behavior provides a degree of natural protection from DoS
and distributed denial-of-service (DDoS) attacks. You set specific resource reservations and limits on an
individual basis to customize the default behavior so that the distribution is not equal across the virtual machine
configuration.
Security and the Virtual Networking Layer

The virtual networking layer includes virtual network adapters and virtual switches. ESX relies on the virtual
networking layer to support communications between virtual machines and their users. In addition, hosts use
the virtual networking layer to communicate with iSCSI SANs, NAS storage, and so forth.
The methods you use to secure a virtual machine network depend on which guest operating system is installed,
whether the virtual machines operate in a trusted environment, and a variety of other factors. Virtual switches
provide a substantial degree of protection when used with other common security practices, such as installing
firewalls.
ESX also supports IEEE 802.1q VLANs, which you can use to further protect the virtual machine network,
service console, or storage configuration. VLANs let you segment a physical network so that two machines on
the same physical network cannot send packets to or receive packets from each other unless they are on the
same VLAN.
Creating a Network DMZ on a Single ESX Host

One example of how to use ESX isolation and virtual networking features to configure a secure environment
is the creation of a network demilitarized zone (DMZ) on a single host.
Figure 11-4 shows the configuration.
138 VMware, Inc.

Figure 11-4. DMZ Configured on a Single ESX Host
ESX
Virtual Machine 1 Virtual Machine 2 Virtual Machine 3 Virtual Machine 4
firewall server web server application server firewall server
virtual switch 1 virtual switch 2 virtual switch 3
hardware network hardware network

adapter 1 adapter 2
External Network Internal Network
In this example, four virtual machines are configured to create a virtual DMZ on Virtual Switch 2:
n Virtual Machine 1 and Virtual Machine 4 run firewalls and are connected to virtual adapters through
virtual switches. Both of these virtual machines are multi homed.
n Virtual Machine 2 runs a Web server, and Virtual Machine 3 runs as an application server. Both of these
virtual machines are single-homed.
The Web server and application server occupy the DMZ between the two firewalls. The conduit between these
elements is Virtual Switch 2, which connects the firewalls with the servers. This switch has no direct connection
with any elements outside the DMZ and is isolated from external traffic by the two firewalls.
From an operational viewpoint, external traffic from the Internet enters Virtual Machine 1 through Hardware
Network Adapter 1 (routed by Virtual Switch 1) and is verified by the firewall installed on this machine. If the
firewall authorizes the traffic, it is routed to the virtual switch in the DMZ, Virtual Switch 2. Because the Web
server and application server are also connected to this switch, they can serve external requests.
Virtual Switch 2 is also connected to Virtual Machine 4. This virtual machine provides a firewall between the
DMZ and the internal corporate network. This firewall filters packets from the Web server and application
server. If a packet is verified, it is routed to Hardware Network Adapter 2 through Virtual Switch 3. Hardware
Network Adapter 2 is connected to the internal corporate network.
When creating a DMZ on a single host, you can use fairly lightweight firewalls. Although a virtual machine
in this configuration cannot exert direct control over another virtual machine or access its memory, all the
virtual machines are still connected through a virtual network. This network could be used for virus
propagation or targeted for other types of attacks. The security of the virtual machines in the DMZ is equivalent
to separate physical machines connected to the same network.
VMware, Inc. 139

Creating Multiple Networks Within a Single ESX Host

The ESX system is designed so that you can connect some groups of virtual machines to the internal network,
others to the external network, and still others to both—all on the same host. This capability is an outgrowth
of basic virtual machine isolation coupled with a well-planned use of virtual networking features.
Figure 11-5. External Networks, Internal Networks, and a DMZ Configured on a Single ESX Host
ESX
External Network Internal Network DMZ
VM 2
internal
user
VM 3 VM 6
internal firewall
user server
VM 4 VM 7
internal Web
user server
VM 1 VM 5 VM 8
FTP internal firewall

server user server
physical network
adapters
External Internal External Internal

Network 1 Network 2 Network 2 Network 1
In Figure 11-5 the system administrator configured a host into three distinct virtual machine zones: FTP server,
internal virtual machines, and DMZ. Each zone serves a unique function.
FTP server Virtual Machine 1 is configured with FTP software and acts as a holding area
for data sent to and from outside resources such as forms and collateral
localized by a vendor.
This virtual machine is associated with an external network only. It has its own
virtual switch and physical network adapter that connect it to External
Network 1. This network is dedicated to servers that the company uses to
receive data from outside sources. For example, the company uses External
Network 1 to receive FTP traffic from vendors and allow vendors access to data
stored on externally available servers though FTP. In addition to servicing
Virtual Machine 1, External Network 1 services FTP servers configured on
different ESX hosts throughout the site.
140 VMware, Inc.

Because Virtual Machine 1 does not share a virtual switch or physical network
adapter with any virtual machines in the host, the other resident virtual
machines cannot transmit packets to or receive packets from the Virtual
Machine 1 network. This restriction prevents sniffing attacks, which require
sending network traffic to the victim. More importantly, an attacker cannot use
the natural vulnerability of FTP to access any of the host’s other virtual
machines.
Internal virtual machines Virtual Machines 2 through 5 are reserved for internal use. These virtual
machines process and store company-private data such as medical records,
legal settlements, and fraud investigations. As a result, the system
administrators must ensure the highest level of protection for these virtual
machines.
These virtual machines connect to Internal Network 2 through their own virtual
switch and network adapter. Internal Network 2 is reserved for internal use by
personnel such as claims processors, in-house lawyers, or adjustors.
Virtual Machines 2 through 5 can communicate with one another through the
virtual switch and with internal virtual machines elsewhere on Internal
Network 2 through the physical network adapter. They cannot communicate
with externally facing machines. As with the FTP server, these virtual machines
cannot send packets to or receive packets from the other virtual machines’
networks. Similarly, the host’s other virtual machines cannot send packets to
or receive packets from Virtual Machines 2 through 5.
DMZ Virtual Machines 6 through 8 are configured as a DMZ that the marketing
group uses to publish the company’s external Web site.
This group of virtual machines is associated with External Network 2 and
Internal Network 1. The company uses External Network 2 to support the Web
servers that use the marketing and financial department to host the corporate
Web site and other Web facilities that it hosts to outside users. Internal Network
1 is the conduit that the marketing department uses to publish content to the
corporate Web site, post downloads, and maintain services like user forums.
Because these networks are separate from External Network 1 and Internal
Network 2, and the virtual machines have no shared points of contact (switches
or adapters), there is no risk of attack to or from the FTP server or the internal
virtual machine group.
By capitalizing on virtual machine isolation, correctly configuring virtual switches, and maintaining network
separation, the system administrator can house all three virtual machine zones in the same ESX host and be
confident that there will be no data or resource breaches.
The company enforces isolation among the virtual machine groups by using multiple internal and external
networks and making sure that the virtual switches and physical network adapters for each group are
completely separate from those of other groups.
Because none of the virtual switches straddle virtual machine zones, the system administrator succeeds in
eliminating the risk of packet leakage from one zone to another. A virtual switch, by design, cannot leak packets
directly to another virtual switch. The only way for packets to travel from one virtual switch to another is under
the following circumstances:
n The virtual switches are connected to the same physical LAN.
n The virtual switches connect to a common virtual machine, which could be used to transmit packets.
Neither of these conditions occur in the sample configuration. If system administrators want to verify that no
common virtual switch paths exist, they can check for possible shared points of contact by reviewing the
network switch layout in the vSphere Client or vSphere Web Access.
VMware, Inc. 141

To safeguard the virtual machines’ resources, the system administrator lowers the risk of DoS and DDoS attacks
by configuring a resource reservation and a limit for each virtual machine. The system administrator further
protects the ESX host and virtual machines by installing software firewalls at the front and back ends of the
DMZ, ensuring that the host is behind a physical firewall, and configuring the service console and networked
storage resources so that each has its own virtual switch.
Security and the Service Console

The ESX service console is a limited distribution of Linux based on Red Hat Enterprise Linux 5 (RHEL5). The
service console provides an execution environment to monitor and administer the entire ESX host.
If the service console is compromised in certain ways, the virtual machines it interacts with might also be
compromised. To minimize the risk of an attack through the service console, VMware protects the service
console with a firewall.
In addition to implementing the service console firewall, VMware mitigates risks to the service console using
other methods.
n ESX runs only services essential to managing its functions, and the distribution is limited to the features
required to run ESX.
n By default, ESX is installed with a high-security setting. All outbound ports are closed, and the only
inbound ports that are open are those required for interactions with clients such as the vSphere Client.
Keep this security setting, unless the service console is connected to a trusted network.
n By default, all ports not specifically required for management access to the service console are closed. You
must specifically open ports if you need additional services.
n By default, weak ciphers are disabled and all communications from clients are secured by SSL. The exact
algorithms used for securing the channel depend on the SSL handshake. Default certificates created on
ESX use SHA-1 with RSA encryption as the signature algorithm.
n The Tomcat Web service, used internally by ESX to support access to the service console by Web clients
like vSphere Web Access, has been modified to run only those functions required for administration and
monitoring by a Web client. As a result, ESX is not vulnerable to the Tomcat security issues reported in
broader use.
n VMware monitors all security alerts that could affect service console security and, if needed, issues a
security patch, as it would for any other security vulnerability that could affect ESX hosts. VMware
provides security patches for RHEL 5 and later as they become available.
n Insecure services such as FTP and Telnet are not installed, and the ports for these services are closed by
default. Because more secure services such as SSH and SFTP are easily available, always avoid using these
insecure services in favor of their safer alternatives. If you must use insecure services and have
implemented sufficient protection for the service console, you must explicitly open ports to support them.
n The number of applications that use a setuid or setgid flag is minimized. You can disable any setuid or
setgid application that is optional to ESX operation.
Although you can install and run certain types of programs designed for RHEL 5 in the service console, this
use is not supported unless VMware explicitly states that it is. If a security vulnerability is discovered in a
supported configuration, VMware proactively notifies all customers with valid support and subscription
contracts and provides all necessary patches.
NOTE Follow only VMware security advisories, found at http://www.vmware.com/security/. Do not follow
security advisories issued by Red Hat.
142 VMware, Inc.

Security Resources and Information

You can find additional information about security on the VMware Web site.
Table 11-1 lists security topics and the location of additional information about these topics.
Table 11-1. VMware Security Resources on the Web

Topic Resource
VMware security policy, up-to-date security http://www.vmware.com/security/

alerts, security downloads, and focus
discussions of security topics
Corporate security response policy http://www.vmware.com/support/policies/security_response.html

VMware is committed to helping you maintain a secure environment.
Security issues are corrected in a timely manner. The VMware Security
Response Policy states our commitment to resolve possible
vulnerabilities in our products.
Third-party software support policy http://www.vmware.com/support/policies/

VMware supports a variety of storage systems, software agents such as
backup agents, system management agents, and so forth. You can find
lists of agents, tools, and other software that supports ESX by searching
http://www.vmware.com/vmtn/resources/ for ESX compatibility guides.
The industry offers more products and configurations than VMware can
test. If VMware does not list a product or configuration in a compatibility
guide, Technical Support will attempt to help you with any problems,
but cannot guarantee that the product or configuration can be used.
Always evaluate security risks for unsupported products or
configurations carefully.
Certification of VMware products http://www.vmware.com/security/certifications/
VMware, Inc. 143

144 VMware, Inc.

Securing an ESX Configuration 12
You can take measures to promote a secure environment for your ESX hosts, virtual machines, and iSCSI SANs.
Consider network configuration planning from a security perspective and the steps that you can take to protect
the components in your configuration from attack.

n “Securing the Network with Firewalls,” on page 145
n “Securing Virtual Machines with VLANs,” on page 154
n “Securing Virtual Switch Ports,” on page 159
n “Securing iSCSI Storage,” on page 161
Securing the Network with Firewalls

Security administrators use firewalls to safeguard the network or selected components in the network from
intrusion.
Firewalls control access to devices within their perimeter by closing all communication pathways, except for
those that the administrator explicitly or implicitly designates as authorized. The pathways, or ports, that
administrators open in the firewall allow traffic between devices on different sides of the firewall.
In a virtual machine environment, you can plan your layout for firewalls between components.
n Physical machines such as vCenter Server hosts and ESX hosts.
n One virtual machine and another—for example, between a virtual machine acting as an external Web
server and a virtual machine connected to your company’s internal network.
n A physical machine and a virtual machine, such as when you place a firewall between a physical network
adapter card and a virtual machine.
How you use firewalls in an ESX configuration is based on how you plan to use the network and how secure
any given component needs to be. For example, if you create a virtual network where each virtual machine is
dedicated to running a different benchmark test suite for the same department, the risk of unwanted access
from one virtual machine to the next is minimal. Therefore, a configuration where firewalls are present between
the virtual machines is not necessary. However, to prevent interruption of a test run from an outside host, you
might set up the configuration so that a firewall is present at the entry point of the virtual network to protect
the entire set of virtual machines.
VMware, Inc. 145

Firewalls for Configurations with vCenter Server

If you access ESX hosts through vCenter Server, you typically protect vCenter Server using a firewall. This
firewall provides basic protection for your network.
A firewall might lie between the clients and vCenter Server. Alternatively, vCenter Server and the clients can
be behind the firewall, depending on your deployment. The main point is to ensure that a firewall is present
at what you consider to be an entry point for the system.
If you use vCenter Server, you can install firewalls at any of the locations shown in Figure 12-1. Depending on
your configuration, you might not need all the firewalls in the illustration, or you might need firewalls in other
locations. In addition, your configuration might include optional modules, such as VMware vCenter Update
Manager, that are not shown. Refer to the documentation for information about firewall setups specific to
products like Update Manager.
For a comprehensive list of TCP and UDP ports, including those for VMware VMotion™ and VMware Fault
Tolerance, see “TCP and UDP Ports for Management Access,” on page 153.
Figure 12-1. Sample vSphere Network Configuration and Traffic Flow
22 SSH
427 SLPv2
443 HTTPS third-party network
902 xinetd/vmware-authd management tool
902 (UDP) ESX/ESXi status update
903 xinetd/vmware-authd-mks
2050 - 2250 HA
5989 CIM transactions
8042 - 8045 HA vSphere
Web Access
vSphere
Client
Port 443
firewall
vCenter Server
Ports 22, 427,

443, 902,
Ports 427, 443, 903, 5989
902, 5989 Port 443
Port 902
firewall Port 443
902 902
UDP UDP
Ports 443, 902,

2050-2250,
and 8042-8045
firewall
ESXi ESX
storage
Networks configured with vCenter Server can receive communications through several types of clients: the
vSphere Client, vSphere Web Access, or third-party network management clients that use the SDK to interface
with the host. During normal operation, vCenter Server listens for data from its managed hosts and clients on
designated ports. vCenter Server also assumes that its managed hosts listen for data from vCenter Server on
designated ports. If a firewall is present between any of these elements, you must ensure that the firewall has
open ports to support data transfer.
146 VMware, Inc.

Chapter 12 Securing an ESX Configuration
You might also include firewalls at a variety of other access points in the network, depending on how you plan
to use the network and the level of security various devices require. Select the locations for your firewalls based
on the security risks that you have identified for your network configuration. The following is a list of firewall
locations common to ESX implementations. Many of the firewall locations in the list and shown in Figure 12-1
are optional.
n Between your Web browser and the vSphere Web Access HTTP and HTTPS proxy server.
n Between the vSphere Client, vSphere Web Access Client, or a third-party network-management client and
vCenter Server.
n If your users access virtual machines through the vSphere Client, between the vSphere Client and the ESX
host. This connection is in addition to the connection between the vSphere Client and vCenter Server, and
it requires a different port.
n If your users access virtual machines through a Web browser, between the Web browser and the ESX host.
This connection is in addition to the connection between the vSphere Web Access Client and vCenter
Server, and it requires different ports.
n Between vCenter Server and the ESX hosts.
n Between the ESX hosts in your network. Although traffic between hosts is usually considered trusted, you
can add firewalls between them if you are concerned about security breaches from machine to machine.
If you add firewalls between ESX hosts and plan to migrate virtual machines between the servers, perform
cloning, or use VMotion, you must also open ports in any firewall that divides the source host from the
target hosts so that the source and targets can communicate.
n Between the ESX hosts and network storage such as NFS or iSCSI storage. These ports are not specific to
VMware, and you configure them according to the specifications for your network.
Firewalls for Configurations Without vCenter Server

If you connect clients directly to your ESX network instead of using vCenter Server, your firewall configuration
is somewhat simpler.
You might install firewalls at any of the locations shown in Figure 12-2.
NOTE Depending on your configuration, you might not need all the firewalls in the illustration, or you might
need firewalls in locations not shown.
VMware, Inc. 147

Figure 12-2. Firewall Configuration for ESX Networks that a Client Manages Directly
vSphere Web Access
third-party network
vSphere Client management tool
standard http/ Port 902

https ports Port 903
firewall
Port 902 Port 903 Port 443

firewall
Ports 902, 2050-2250,

8000, 8042-8045,
8100, 8200
firewall
ESXi ESX
storage
Networks configured without vCenter Server receive communications through the same types of clients as
they do if vCenter Server were present: vSphere Clients, third-party network management clients, or vSphere
Web Access Clients. For the most part, the firewall needs are the same, but there are several key differences.
n As you would for configurations that include vCenter Server, be sure a firewall is present to protect your
ESX layer or, depending on your configuration, your clients and ESX layer. This firewall provides basic
protection for your network. The firewall ports you use are the same as those you use if vCenter Server is
in place.
n Licensing in this type of configuration is part of the ESX package that you install on each of the hosts.
Because licensing is resident to the server, a separate license server is not required. This eliminates the
need for a firewall between the license server and the ESX network.
Connecting to vCenter Server Through a Firewall

The port that vCenter Server uses to listen for data transfer from its clients is 443. If you have a firewall between
vCenter Server and its clients, you must configure a connection through which vCenter Server can receive data
from the clients.
To enable vCenter Server to receive data from the vSphere Client, open port 443 in the firewall to allow data
transfer from the vSphere Client to vCenter Server. Contact the firewall system administrator for additional
information on configuring ports in a firewall.
If you are using the vSphere Client and do not want to use port 443 as the port for vSphere Client-to-vCenter
Server communication, you can switch to another port by changing the vCenter Server settings in the vSphere
Client. To learn how to change these settings, see the Basic System Administration Guide.
148 VMware, Inc.

Connecting to the Virtual Machine Console Through a Firewall

Whether you connect your client to ESX hosts through vCenter Server or use a direct connection to the host,
certain ports are required for user and administrator communication with virtual machine consoles. These
ports support different client functions, interface with different layers on ESX, and use different authentication
protocols.
Port 902 vCenter Server uses this port to send data to vCenter Server managed hosts.
Port 902 is the port that vCenter Server assumes is available when sending data
to an ESX host.
Port 902 connects vCenter Server to the host through the VMware
Authorization Daemon (vmware-authd). This daemon multiplexes port 902 data
to the appropriate recipient for processing. VMware does not support
configuring a different port for this connection.
Port 443 The vSphere Client, vSphere Web Access Client, and SDK use this port to send
data to vCenter Server managed hosts. Also, the vSphere Client, vSphere Web
Access Client, and SDK, when connected directly to an ESX host, use this port
to support any management functions related to the server and its virtual
machines. Port 443 is the port that clients assume is available when sending
data to the ESX host. VMware does not support configuring a different port for
these connections.
Port 443 connects clients to the ESX host through the Tomcat Web service or
the SDK. The vmware-hostd multiplexes port 443 data to the appropriate
recipient for processing.
Port 903 The vSphere Client and vSphere Web Access use this port to provide a
connection for guest operating system MKS activities on virtual machines. It is
through this port that users interact with the guest operating systems and
applications of the virtual machine. Port 903 is the port that the vSphere Client
and vSphere Web Access assume is available when interacting with virtual
machines. VMware does not support configuring a different port for this
function.
Port 903 connects the vSphere Client to a specified virtual machine configured
on the ESX host.
Figure 12-3 shows the relationships between vSphere Client functions, ports, and ESX processes.
The vSphere Web Access Client uses the same basic mapping for its interactions with the ESX host.
VMware, Inc. 149

Figure 12-3. Port Use for vSphere Client Communications with ESX
vSphere Client
virtual machine
management functions
virtual machine
console
Port 443 firewall Port 903
ESX
service console VMkernel
vmware-hostd virtual machine
vmware-authd vmkauthd
If you have a firewall between your vCenter Server system and vCenter Server managed host, open Ports 443
and 903 in the firewall to allow data transfer to ESX hosts from vCenter Server and ESX hosts directly from the
vSphere Client and vSphere Web Access.
For additional information on configuring the ports, see the firewall system administrator.
Connecting ESX Hosts Through Firewalls

If you have a firewall between two ESX hosts and you want to allow transactions between the hosts or use
vCenter Server to perform any source or target activities, such as VMware High Availability (HA) traffic,
migration, cloning, or VMotion, you must configure a connection through which the managed hosts can receive
data.
To configure a connection for receiving data, open ports in the following ranges:
n 443 (server-to-server migration and provisioning traffic)
n 2050–2250 (for HA traffic)
n 8000 (for VMotion)
n 8042–8045 (for HA traffic)
Refer to the firewall system administrator for additional information on configuring the ports.
Configuring Firewall Ports for Supported Services and Management Agents

You must configure firewalls in your environment to accept commonly supported services and installed
management agents.
Use the vSphere Client to configure the service console firewall. When you configure the ESX host security
profile in vCenter Server, you add or remove these services or agents, automatically opening or closing
predetermined ports in the firewall to allow communication with the service or agent.
150 VMware, Inc.

The following services and agents are commonly present in a vSphere environment:
n NFS client (insecure service)
n NTP client
n iSCSI software client
n CIM HTTP server (insecure service)
n CIM HTTPS server
n Syslog client
n NFS server (insecure service)
n NIS client
n SMB client (insecure service)
n FTP client (insecure service)
n SSH client
n Telnet client (insecure service)
n SSH server
n Telnet server (insecure service)
n FTP server (insecure service)
n SNMP server
n Other supported management agents that you install
NOTE This list can change, so you might find that the vSphere Client provides services and agents not
mentioned in the list. Also, not all services on the list are installed by default. You might be required to perform
additional tasks to configure and enable these services.
If you are installing a device, service, or agent not on this list, open ports in the service console firewall from
a command line.
Allow Access to ESX for a Service or Management Agent

You can configure firewall properties to allow access for a service or management agent.
Procedure
1 Log in to a vCenter Server system using the vSphere Client.
2 Select the host in the inventory panel.
3 Click the Configuration tab and click Security Profile.
The vSphere Client displays a list of active incoming and outgoing connections with the corresponding
firewall ports.
4 Click Properties to open the Firewall Properties dialog box.
The Firewall Properties dialog box lists all the services and management agents that you can configure
for the host.
VMware, Inc. 151

5 Select the services and agents to enable.
The Incoming Ports and Outgoing Ports columns indicate the ports that the vSphere Client opens for the
service. The Protocol column indicates the protocol that the service uses. The Daemon column indicates
the status of daemons associated with the service.
6 Click OK.
Automating Service Behavior Based on Firewall Settings

ESX can automate whether services start based on the status of firewall ports.
Automation helps ensure that services start if the environment is configured to enable their function. For
example, starting a network service only if some ports are open can help avoid the situation where services
are started, but are unable to complete the communications required to complete their intended purpose.
In addition, having accurate information about the current time is a requirement for some protocols, such as
Kerberos. The NTP service is a way of getting accurate time information, but this service only works when
required ports are opened in the firewall. The service cannot achieve its goal if all ports are closed. The NTP
services provide an option to configure the conditions when the service starts or stops. This configuration
includes options that account for whether firewall ports are opened, and then start or stop the NTP service
based on those conditions. Several possible configuration options exist, all of which are also applicable to the
SSH server.
NOTE The settings described in this section only apply to service settings configured through the vSphere
Client or applications created with the vSphere Web services SDK. Configurations made through other means,
such as the esxcfg-firewall utility or configuration files in /etc/init.d/, are not affected by these settings.
n Start automatically if any ports are open, and stop when all ports are closed – The default setting for
these services that VMware recommends. If any port is open, the client attempts to contact the network
resources pertinent to the service in question. If some ports are open, but the port for a particular service
is closed, the attempt fails, but there is little drawback to such a case. If and when the applicable outgoing
port is opened, the service begins completing its tasks.
n Start and stop with host– The service starts shortly after the host starts and closes shortly before the host
shuts down. Much like Start automatically if any ports are open, and stop when all ports are closed, this
option means that the service regularly attempts to complete its tasks, such as contacting the specified
NTP server. If the port was closed but is subsequently opened, the client begins completing its tasks shortly
thereafter.
n Start and stop manually – The host preserves the user-determined service settings, regardless of whether
ports are open or not. When a user starts the NTP service, that service is kept running as long as the host
is powered on. If the service is started and the host is powered off, the service is stopped as part of the
shutdown process, but as soon as the host is powered on, the service is started again, preserving the user-
determined state.
Configure How Service Startup Relates to Firewall Configuration
The Startup Policy determines when a service starts. You can configure how service startup relates to a firewall
configuration by editing the Startup Policy.
Procedure
2 Select the host in the inventory panel.
3 Click the Configuration tab and click Security Profile.
The vSphere Client displays a list of active incoming and outgoing connections with the corresponding
firewall ports.
152 VMware, Inc.

4 Click Properties.
The Firewall Properties dialog box lists all the services and management agents you can configure for the
host.
5 Select the service to configure, and click Options.
The Startup Policy dialog box determines when the service starts. This dialog box also provides
information about the current state of the service and provides an interface for manually starting, stopping,
or restarting the service.
6 Select a policy from the Startup Policy list.

7 Click OK.
TCP and UDP Ports for Management Access

vCenter Server, ESX hosts, and other network components are accessed using predetermined TCP and UDP
ports. If you manage network components from outside a firewall, you might be required to reconfigure the
firewall to allow access on the appropriate ports.
Table 12-1 lists TCP and UDP ports, and the purpose and the type of each.
The ports are connected through the service console interface, unless otherwise indicated.
Table 12-1. TCP and UDP Ports

Port Purpose Traffic Type
22 SSH Server Incoming TCP
80 HTTP access Incoming TCP

The default non-secure TCP Web port typically used in conjunction with port 443
as a front end for access to ESX networks from the Web. Port 80 redirects traffic
to an HTTPS landing page (port 443).
Connection to vSphere Web Access from the Web
WS-Management
123 NTP Client Outgoing UDP
427 The CIM client uses the Service Location Protocol, version 2 (SLPv2) to find CIM Incoming and
servers. outgoing UDP
443 HTTPS access Incoming TCP

vCenter Server access to ESX hosts
Default SSL Web port
vSphere Client access to vCenter Server
vSphere Client access to ESX hosts
WS-Management
vSphere Client access to vSphere Update Manager
vSphere Converter access to vCenter Server
vSphere Web Access and third-party network management client connections to
vCenter Server
Direct vSphere Web Access and third-party network management clients access
to hosts
902 Host access to other hosts for migration and provisioning Incoming TCP,
Authentication traffic for ESX (xinetd/vmware-authd) outgoing UDP
vSphere Client access to virtual machine consoles
(UDP) Status update (heartbeat) connection from ESX to vCenter Server
VMware, Inc. 153

Table 12-1. TCP and UDP Ports (Continued)

Port Purpose Traffic Type
903 Remote console traffic that user access to virtual machines generates on a specific Incoming TCP
ESX host.
vSphere Client access to virtual machine consoles
vSphere Web Access Client access to virtual machine consoles
MKS transactions (xinetd/vmware-authd-mks)
2049 Transactions from NFS storage devices Incoming and

This port is used on the VMkernel interface rather than the service console outgoing TCP
interface.
2050–2250 Traffic between ESX hosts for VMware High Availability (HA) and EMC Outgoing TCP,
Autostart Manager incoming and
outgoing UDP
3260 Transactions to iSCSI storage devices Outgoing TCP

This port is used on the VMkernel interface and the service console interface.
5900-5964 RFB protocol, which is used by management tools such as VNC Incoming and
outgoing TCP
5989 CIM XML transactions over HTTPS Incoming and

outgoing TCP
8000 Requests from VMotion Incoming and

This port is used on the VMkernel interface rather than the service console outgoing TCP
interface.
8042–8045 Traffic between ESX hosts for HA and EMC Autostart Manager Outgoing TCP,
incoming and
outgoing UDP
8100, 8200 Traffic between ESX hosts for VMware Fault Tolerance Outgoing TCP,
incoming and
outgoing UDP
In addition to the TCP and UDP ports listed in Table 12-1, you can configure other ports depending on your
needs:
n You can use vSphere Client to open ports for installed management agents and supported services such
as NFS.
n You can open ports in the service console firewall for other services and agents required for your network
by running command-line scripts.
Securing Virtual Machines with VLANs

The network can be one of the most vulnerable parts of any system. Your virtual machine network requires as
much protection as your physical network. You can add security to your virtual machine network in several
ways.
If your virtual machine network is connected to a physical network, it can be subject to breaches to the same
degree that a network made up of physical machines is. Even if the virtual machine network is isolated from
any physical network, virtual machines in the network can be subject to attacks from other virtual machines
in the network. The requirements for securing virtual machines are often the same as those for physical
machines.
Virtual machines are isolated from each other. One virtual machine cannot read or write another virtual
machine’s memory, access its data, use its applications, and so forth. However, within the network, any virtual
machine or group of virtual machines can still be the target of unauthorized access from other virtual machines
and might require further protection by external means.
154 VMware, Inc.

You can add this level of security in different ways.

n Adding firewall protection to your virtual network by installing and configuring software firewalls on
some or all of its virtual machines.
For efficiency, you can set up private virtual machine Ethernet networks or virtual networks. With virtual
networks, you install a software firewall on a virtual machine at the head of the virtual network. This
serves as a protective buffer between the physical network adapter and the remaining virtual machines
in the virtual network.
Installing a software firewall on virtual machines at the head of virtual networks is a good security practice.
However, because software firewalls can slow performance, balance your security needs against
performance before you decide to install software firewalls on virtual machines elsewhere in the virtual
network.
n Keeping different virtual machine zones within a host on different network segments. If you isolate virtual
machine zones on their own network segments, you minimize the risks of data leakage from one virtual
machine zone to the next. Segmentation prevents various threats, including Address Resolution Protocol
(ARP) spoofing, in which an attacker manipulates the ARP table to remap MAC and IP addresses, thereby
gaining access to network traffic to and from a host. Attackers use ARP spoofing to generate denials of
service, hijack the target system, and otherwise disrupt the virtual network.
Planning segmentation carefully lowers the chances of packet transmissions between virtual machine
zones, which prevents sniffing attacks that require sending network traffic to the victim. Also, an attacker
cannot use an insecure service in one virtual machine zone to access other virtual machine zones in the
host. You can implement segmentation by using either of two approaches, each of which has different
benefits.
n Use separate physical network adapters for virtual machine zones to ensure that the zones are isolated.
Maintaining separate physical network adapters for virtual machine zones is probably the most secure
method and is less prone to misconfiguration after the initial segment creation.
n Set up virtual local area networks (VLANs) to help safeguard your network. Because VLANs provide
almost all of the security benefits inherent in implementing physically separate networks without the
hardware overhead, they offer a viable solution that can save you the cost of deploying and
maintaining additional devices, cabling, and so forth.
VLANs are an IEEE standard networking scheme with specific tagging methods that allow routing of packets
to only those ports that are part of the VLAN. When properly configured, VLANs provide a dependable means
for you to protect a set of virtual machines from accidental or malicious intrusions.
VLANs let you segment a physical network so that two machines in the network are unable to transmit packets
back and forth unless they are part of the same VLAN. For example, accounting records and transactions are
among a company’s most sensitive internal information. In a company whose sales, shipping, and accounting
employees all use virtual machines in the same physical network, you might protect the virtual machines for
the accounting department by setting up VLANs as shown in Figure 12-4.
VMware, Inc. 155

Figure 12-4. Sample VLAN Layout

Host 1
vSwitch
VM0 VM1 VM2

VLAN A
Router Broadcast
Host 2
VM3 VM4 VM5 Domain A
vSwitch
vSwitch
Switch 1
VM6 VM7 VM8 VLAN B
Broadcast
Host 3 Domain B
vSwitch
VM9 VM10 VM11
Switch 2 Host 4
Multiple VLANs
vSwitch
on the same
virtual switch
VM12 VM13 VM14
VLAN VLAN VLAN
B A B Broadcast
Domains A and B
In this configuration, all employees in the accounting department use virtual machines in VLAN A and the
employees in sales use virtual machines in VLAN B.
The router forwards packets containing accounting data to the switches. These packets are tagged for
distribution to VLAN A only. Therefore, the data is confined to Broadcast Domain A and cannot be routed to
Broadcast Domain B unless the router is configured to do so.
This VLAN configuration prevents the sales force from intercepting packets destined for the accounting
department. It also prevents the accounting department from receiving packets intended for the sales group.
The virtual machines serviced by a single virtual switch can be in different VLANs.
Security Considerations for VLANs

The way you set up VLANs to secure parts of a network depends on factors such as the guest operating system
and the way your network equipment is configured.
ESX features a complete IEEE 802.1q-compliant VLAN implementation. VMware cannot make specific
recommendations on how to set up VLANs, but there are factors to consider when using a VLAN deployment
as part of your security enforcement policy.
156 VMware, Inc.

VLANs as Part of a Broader Security Implementation

VLANs are an effective means of controlling where and how widely data is transmitted within the network.
If an attacker gains access to the network, the attack is likely to be limited to the VLAN that served as the entry
point, lessening the risk to the network as a whole.
VLANs provide protection only in that they control how data is routed and contained after it passes through
the switches and enters the network. You can use VLANs to help secure Layer 2 of your network architecture
—the data link layer. However, configuring VLANs does not protect the physical layer of your network model
or any of the other layers. Even if you create VLANs, provide additional protection by securing your hardware
(routers, hubs, and so forth) and encrypting data transmissions.
VLANs are not a substitute for firewalls in your virtual machine configurations. Most network configurations
that include VLANs also include software firewalls. If you include VLANs in your virtual network, be sure
that the firewalls that you install are VLAN-aware.
Properly Configure VLANs

Equipment misconfiguration and network hardware, firmware, or software defects can make a VLAN
susceptible to VLAN-hopping attacks.
VLAN hopping occurs when an attacker with authorized access to one VLAN creates packets that trick physical
switches into transmitting the packets to another VLAN that the attacker is not authorized to access.
Vulnerability to this type of attack usually results from a switch being misconfigured for native VLAN
operation, in which the switch can receive and transmit untagged packets.
To help prevent VLAN hopping, keep your equipment up to date by installing hardware and firmware updates
as they become available. Also, follow your vendor’s best practice guidelines when you configure your
equipment.
VMware virtual switches do not support the concept of a native VLAN. All data passed on these switches is
appropriately tagged. However, because other switches in the network might be configured for native VLAN
operation, VLANs configured with virtual switches can still be vulnerable to VLAN hopping.
If you plan to use VLANs to enforce network security, disable the native VLAN feature for all switches unless
you have a compelling reason to operate some of your VLANs in native mode. If you must use native VLAN,
see your switch vendor’s configuration guidelines for this feature.
Create Separate Communications Between Management Tools and the Service Console
Whether you use a management client or the command line, all configuration tasks for ESX are performed
through the service console, including configuring storage, controlling aspects of virtual machine behavior,
and setting up virtual switches or virtual networks. Because the service console is the point of control for ESX,
safeguarding it from misuse is crucial.
VMware ESX management clients use authentication and encryption to prevent unauthorized access to the
service console. Other services might not offer the same protection. If attackers gain access to the service
console, they are free to reconfigure many attributes of the ESX host. For example, they can change the entire
virtual switch configuration or change authorization methods.
Network connectivity for the service console is established through virtual switches. To provide better
protection for this critical ESX component, isolate the service console by using one of the following methods:
n Create a separate VLAN for management tool communication with the service console.
n Configure network access for management tool connections with the service console through a single
virtual switch and one or more uplink ports.
VMware, Inc. 157

Both methods prevent anyone without access to the service console VLAN or virtual switch from seeing traffic
to and from the service console. They also prevent attackers from sending any packets to the service console.
As an alternative, you can choose to configure the service console on a separate physical network segment
instead. Physical segmentation provides a degree of additional security because it is less prone to later
misconfiguration
Set up a separate VLAN or virtual switch for VMotion and network attached storage.
Virtual Switch Protection and VLANs

VMware virtual switches provide safeguards against certain threats to VLAN security. Because of the way that
virtual switches are designed, they protect VLANs against a variety of attacks, many of which involve VLAN
hopping.
Having this protection does not guarantee that your virtual machine configuration is invulnerable to other
types of attacks. For example, virtual switches do not protect the physical network against these attacks; they
protect only the virtual network.
Virtual switches and VLANs can protect against the following types of attacks.
MAC flooding Floods a switch with packets that contain MAC addresses tagged as having
come from different sources. Many switches use a content-addressable
memory (CAM) table to learn and store the source address for each packet.
When the table is full, the switch can enter a fully open state in which every
incoming packet is broadcast on all ports, letting the attacker see all of the
switch’s traffic. This state might result in packet leakage across VLANs.
Although VMware virtual switches store a MAC address table, they do not get
the MAC addresses from observable traffic and are not vulnerable to this type
of attack.
802.1q and ISL tagging Force a switch to redirect frames from one VLAN to another by tricking the
attacks switch into acting as a trunk and broadcasting the traffic to other VLANs.
VMware virtual switches do not perform the dynamic trunking required for
this type of attack and, therefore, are not vulnerable.
Double-encapsulation Occur when an attacker creates a double-encapsulated packet in which the

attacks VLAN identifier in the inner tag is different from the VLAN identifier in the
outer tag. For backward compatibility, native VLANs strip the outer tag from
transmitted packets unless configured to do otherwise. When a native VLAN
switch strips the outer tag, only the inner tag is left, and that inner tag routes
the packet to a different VLAN than the one identified in the now-missing outer
tag.
VMware virtual switches drop any double-encapsulated frames that a virtual

machine attempts to send on a port configured for a specific VLAN. Therefore,
they are not vulnerable to this type of attack.
Multicast brute-force Involve sending large numbers of multicast frames to a known VLAN almost
attacks simultaneously to overload the switch so that it mistakenly allows some of the
frames to broadcast to other VLANs.
VMware virtual switches do not allow frames to leave their correct broadcast
domain (VLAN) and are not vulnerable to this type of attack.
158 VMware, Inc.

Spanning-tree attacks Target Spanning-Tree Protocol (STP), which is used to control bridging
between parts of the LAN. The attacker sends Bridge Protocol Data Unit
(BPDU) packets that attempt to change the network topology, establishing
themselves as the root bridge. As the root bridge, the attacker can sniff the
contents of transmitted frames.
VMware virtual switches do not support STP and are not vulnerable to this
type of attack.
Random frame attacks Involve sending large numbers of packets in which the source and destination
addresses stay the same, but in which fields are randomly changed in length,
type, or content. The goal of this attack is to force packets to be mistakenly
rerouted to a different VLAN.
VMware virtual switches are not vulnerable to this type of attack.
Because new security threats develop over time, do not consider this an exhaustive list of attacks. Regularly
check VMware security resources on the Web to learn about security, recent security alerts, and VMware
security tactics.
Securing Virtual Switch Ports

As with physical network adapters, a virtual network adapter can send frames that appear to be from a different
machine or impersonate another machine so that it can receive network frames intended for that machine.
Also, like physical network adapters, a virtual network adapter can be configured so that it receives frames
targeted for other machines.
When you create a virtual switch for your network, you add port groups to impose a policy configuration for
the virtual machines and storage systems attached to the switch. You create virtual ports through the vSphere
Client.
As part of adding a port or port group to a virtual switch, the vSphere Client configures a security profile for
the port. You can use this security profile to ensure that ESX prevents the guest operating systems for its virtual
machines from impersonating other machines on the network. This security feature is implemented so that the
guest operating system responsible for the impersonation does not detect that the impersonation was
prevented.
The security profile determines how strongly you enforce protection against impersonation and interception
attacks on virtual machines. To correctly use the settings in the security profile, you must understand the basics
of how virtual network adapters control transmissions and how attacks are staged at this level.
Each virtual network adapter has its own MAC address assigned when the adapter is created. This address is
called the initial MAC address. Although the initial MAC address can be reconfigured from outside the guest
operating system, it cannot be changed by the guest operating system. In addition, each adapter has an effective
MAC address that filters out incoming network traffic with a destination MAC address different from the
effective MAC address. The guest operating system is responsible for setting the effective MAC address and
typically matches the effective MAC address to the initial MAC address.
When sending packets, an operating system typically places its own network adapter’s effective MAC address
in the source MAC address field of the Ethernet frame. It also places the MAC address for the receiving network
adapter in the destination MAC address field. The receiving adapter accepts packets only when the destination
MAC address in the packet matches its own effective MAC address.
Upon creation, a network adapter’s effective MAC address and initial MAC address are the same. The virtual
machine’s operating system can alter the effective MAC address to another value at any time. If an operating
system changes the effective MAC address, its network adapter receives network traffic destined for the new
MAC address. The operating system can send frames with an impersonated source MAC address at any time.
This means an operating system can stage malicious attacks on the devices in a network by impersonating a
network adapter that the receiving network authorizes.
VMware, Inc. 159

You can use virtual switch security profiles on ESX hosts to protect against this type of attack by setting three
options. If you change any default settings for a port, you must modify the security profile by editing virtual
switch settings in the vSphere Client.
MAC Address Changes

The setting for the MAC Address Changes option affects traffic that a virtual machine receives.
When the option is set to Accept, ESX accepts requests to change the effective MAC address to other than the
initial MAC address.
When the option is set to Reject, ESX does not honor requests to change the effective MAC address to anything
other than the initial MAC address, which protects the host against MAC impersonation. The port that the
virtual adapter used to send the request is disabled and the virtual adapter does not receive any more frames
until it changes the effective MAC address to match the initial MAC address. The guest operating system does
not detect that the MAC address change was not honored.
NOTE The iSCSI initiator relies on being able to get MAC address changes from certain types of storage. If you
are using ESX iSCSI and have iSCSI storage, set the MAC Address Changes option to Accept.
In some situations, you might have a legitimate need for more than one adapter to have the same MAC address
on a network—for example, if you are using Microsoft Network Load Balancing in unicast mode. When
Microsoft Network Load Balancing is used in the standard multicast mode, adapters do not share MAC
addresses.
Forged Transmissions
The setting for the Forged Transmits option affects traffic that is transmitted from a virtual machine.
When the option is set to Accept, ESX does not compare source and effective MAC addresses.
To protect against MAC impersonation, you can set this option to Reject. If you do, the host compares the
source MAC address being transmitted by the operating system with the effective MAC address for its adapter
to see if they match. If the addresses do not match, ESX drops the packet.
The guest operating system does not detect that its virtual network adapter cannot send packets by using the
impersonated MAC address. The ESX host intercepts any packets with impersonated addresses before they
are delivered, and the guest operating system might assume that the packets are dropped.
Promiscuous Mode Operation

Promiscuous mode eliminates any reception filtering that the virtual network adapter would perform so that
the guest operating system receives all traffic observed on the wire. By default, the virtual network adapter
cannot operate in promiscuous mode.
Although promiscuous mode can be useful for tracking network activity, it is an insecure mode of operation,
because any adapter in promiscuous mode has access to the packets regardless of whether some of the packets
are received only by a particular network adapter. This means that an administrator or root user within a
virtual machine can potentially view traffic destined for other guest or host operating systems.
NOTE In some situations, you might have a legitimate reason to configure a virtual switch to operate in
promiscuous mode—for example, if you are running network intrusion detection software or a packet sniffer.
160 VMware, Inc.

Securing iSCSI Storage

The storage you configure for an ESX host might include one or more storage area networks (SANs) that use
iSCSI. When you configure iSCSI on an ESX host, you can take several measures to minimize security risks.
iSCSI is a means of accessing SCSI devices and exchanging data records by using TCP/IP over a network port
rather than through a direct connection to a SCSI device. In iSCSI transactions, blocks of raw SCSI data are
encapsulated in iSCSI records and transmitted to the requesting device or user.
iSCSI SANs let you make efficient use of existing Ethernet infrastructures to provide ESX hosts access to storage
resources that they can dynamically share. iSCSI SANs provide an economical storage solution for
environments that rely on a common storage pool to serve numerous users. As with any networked system,
your iSCSI SANs can be subject to security breaches.
NOTE The requirements and procedures for securing an iSCSI SAN are similar for the hardware iSCSI adapters
you can use with ESX hosts and for iSCSI configured directly through the ESX host.
Securing iSCSI Devices Through Authentication

One means of securing iSCSI devices from unwanted intrusion is to require that the ESX host, or initiator, be
authenticated by the iSCSI device, or target, whenever the host attempts to access data on the target LUN.
The goal of authentication is to prove that the initiator has the right to access a target, a right granted when
you configure authentication.
ESX does not support Kerberos, Secure Remote Protocol (SRP), or public-key authentication methods for iSCSI.
Additionally, it does not support IPsec authentication and encryption.
Use the vSphere Client to determine whether authentication is being performed and to configure the
authentication method.
Enabling Challenge Handshake Authentication Protocol (CHAP) for iSCSI SANs

You can configure the iSCSI SAN to use CHAP authentication.
In CHAP authentication, when the initiator contacts an iSCSI target, the target sends a predefined ID value
and a random value, or key, to the initiator. The initiator creates a one-way hash value that it sends to the
target. The hash contains three elements: a predefined ID value, the random value that the target sends, and
a private value, or CHAP secret, that the initiator and target share. When the target receives the hash from the
initiator, it creates its own hash value by using the same elements and compares it to the initiator’s hash. If the
results match, the target authenticates the initiator.
ESX supports unidirectional and bidirectional CHAP authentication for iSCSI. In unidirectional CHAP
authentication, the target authenticates the initiator, but the initiator does not authenticate the target. In
bidirectional CHAP authentication, an additional level of security enables the initiator to authenticate the
target.
ESX supports CHAP authentication at the adapter level, when only one set of authentication credentials can
be sent from the host to all targets. It also supports per-target CHAP authentication, which enables you to
configure different credentials for each target to achieve greater target refinement.
See “Configuring CHAP Parameters for iSCSI Initiators,” on page 91 for information about how to work with
CHAP.
VMware, Inc. 161

Disabling iSCSI SAN Authentication

You can configure the iSCSI SAN to use no authentication. Communications between the initiator and target
are still authenticated in a rudimentary way because the iSCSI target devices are typically set up to
communicate with specific initiators only.
Choosing not to enforce more stringent authentication can make sense if your iSCSI storage is housed in one
location and you create a dedicated network or VLAN to service all your iSCSI devices. The iSCSI configuration
is secure because it is isolated from any unwanted access, much as a Fibre Channel SAN is.
As a basic rule, disable authentication only if you are willing to risk an attack to the iSCSI SAN or cope with
problems that result from human error.
ESX does not support Kerberos, Secure Remote Protocol (SRP), or public-key authentication methods for iSCSI.
Additionally, it does not support IPsec authentication and encryption.
Use the vSphere Client to determine whether authentication is being performed and to configure the
authentication method.
See “Configuring CHAP Parameters for iSCSI Initiators,” on page 91 for information about how to work with
CHAP.
Protecting an iSCSI SAN

When you plan your iSCSI configuration, take measures to improve the overall security of the iSCSI SAN. Your
iSCSI configuration is only as secure as your IP network, so by enforcing good security standards when you
set up your network, you help safeguard your iSCSI storage.
The following are some specific suggestions for enforcing good security standards.
Protect Transmitted Data

A primary security risk in iSCSI SANs is that an attacker might sniff transmitted storage data.
Take additional measures to prevent attackers from easily seeing iSCSI data. Neither the hardware iSCSI
adapter nor the ESX host iSCSI initiator encrypts the data that they transmit to and from the targets, making
the data more vulnerable to sniffing attacks.
Allowing your virtual machines to share virtual switches and VLANs with your iSCSI configuration potentially
exposes iSCSI traffic to misuse by a virtual machine attacker. To help ensure that intruders cannot listen to
iSCSI transmissions, make sure that none of your virtual machines can see the iSCSI storage network.
If you use a hardware iSCSI adapter, you can accomplish this by making sure that the iSCSI adapter and ESX
physical network adapter are not inadvertently connected outside the host by virtue of sharing a switch or
some other means. If you configure iSCSI directly through the ESX host, you can accomplish this by configuring
iSCSI storage through a different virtual switch than the one used by your virtual machines, as shown in
Figure 12-5.
162 VMware, Inc.

Figure 12-5. iSCSI Storage on a Separate Virtual Switch
In addition to protecting the iSCSI SAN by giving it a dedicated virtual switch, you can configure your iSCSI
SAN on its own VLAN to improve performance and security. Placing your iSCSI configuration on a separate
VLAN ensures that no devices other than the iSCSI adapter have visibility into transmissions within the iSCSI
SAN. Also, network congestion from other sources cannot interfere with iSCSI traffic.
Secure iSCSI Ports

When you run iSCSI devices, the ESX host does not open any ports that listen for network connections. This
measure reduces the chances that an intruder can break into the ESX host through spare ports and gain control
over the host. Therefore, running iSCSI does not present any additional security risks at the ESX host end of
the connection.
Any iSCSI target device that you run must have one or more open TCP ports to listen for iSCSI connections.
If any security vulnerabilities exist in the iSCSI device software, your data can be at risk through no fault of
ESX. To lower this risk, install all security patches that your storage equipment manufacturer provides and
limit the devices connected to the iSCSI network.
VMware, Inc. 163

164 VMware, Inc.

Authentication and User Management 13
ESX handles user authentication and supports user and group permissions. In addition, you can encrypt
connections to the vSphere Client and SDK.

n “Securing ESX Through Authentication and Permissions,” on page 165
n “Encryption and Security Certificates for ESX,” on page 172
Securing ESX Through Authentication and Permissions

When a vSphere Client or vCenter Server user connects to a ESX host, a connection is established with the
VMware Host Agent process. The process uses the user names and passwords for authentication.
ESX uses the Pluggable Authentication Modules (PAM) structure for authentication when users access the ESX
host using the vSphere Client, vSphere Web Access, or the service console. The PAM configuration for VMware
services is located in /etc/pam.d/vmware-authd, which stores paths to authentication modules.
The default installation of ESX uses /etc/passwd authentication as Linux does, but you can configure ESX to
use another distributed authentication mechanism. If you plan to use a third-party authentication tool instead
of the ESX default implementation, see the vendor documentation for instructions. As part of setting up third-
party authentication, you might be required to update the files in /etc/pam.d folder with new module
information.
The reverse proxy in the VMware Host Agent (vmware-hostd) process listens on ports 80 and 443. vSphere
Client or vCenter Server users connect to the host agent through these ports. The vmware-hostd process receives
the user name and password from the client and forwards them to the PAM module to perform the
authentication.
Figure 13-1 shows a basic example of how ESX authenticates transactions from the vSphere Client.
NOTE CIM transactions also use ticket-based authentication in connecting with the vmware-hostd process.
VMware, Inc. 165

Figure 13-1. Authentication for vSphere Client Communications with ESX

vSphere Client
management functions
console
user name/password ticket-based

authentication authentication
ESX
service console VMkernel
vmware-hostd virtual machine
vmkauthd
ESX authentication transactions with vSphere Web Access and third-party network management clients are
also direct interactions with the vmware-hostd process.
To make sure that authentication works efficiently for your site, perform basic tasks such as setting up users,
groups, permissions, and roles, configuring user attributes, adding your own certificates, and determining
whether you want to use SSL.
About Users, Groups, Permissions, and Roles

vCenter Server and ESX hosts use a combination of user name, password, and permissions to authenticate a
user for access and authorize activities. You can control access to hosts, clusters, datastores, resource pools,
networking port groups, and virtual machines by assigning permissions.
Access to an ESX host and its resources is granted when a known user with appropriate permissions logs in
to the host with a correct password. vCenter Server uses a similar approach when determining whether to
grant access to a user.
vCenter Server and ESX hosts deny access under the following circumstances:
n A user not in the user list attempts to log in.
n A user enters the wrong password.
n A user is in the list but was not assigned permissions.
n A user who successfully logged in attempts operations that they do not have permission to perform.
As part of managing ESX hosts and vCenter Server, you must plan how to handle particular types of users and
permissions. ESX and vCenter Server use sets of privileges, or roles, to control which operations individual
users or groups can perform. Predefined roles are provided, but you can also create new ones. You can manage
users more easily by assigning them to groups. When you apply a role to the group, all users in the group
inherit the role.
166 VMware, Inc.

Chapter 13 Authentication and User Management
Understanding Users
A user is an individual authorized to log in to either an ESX host or vCenter Server.
ESX users fall into two categories: those who can access the host through vCenter Server and those who can
access by directly logging in to the host from the vSphere Client, vSphere Web Access, a third-party client, or
a command shell.
Authorized vCenter Authorized users for vCenter Server are those included in the Windows
Server users domain list that vCenter Server references or are local Windows users on the
vCenter Server host.
You cannot use vCenter Server to manually create, remove, or otherwise
change users. You must use the tools for managing your Windows domain.
Any changes you make are reflected in vCenter Server. However, the user
interface does not provide a user list for you to review.
Direct-access users Users authorized to work directly on an ESX host are those added to the internal
user list by a system administrator.
An administrator can perform a variety of management activities for these
users, such as changing passwords, group memberships, and permissions as
well as adding and removing users.
The user list that vCenter Server maintains is separate from the user list that the host maintains. Even if the
lists appear to have common users (for instance, a user called devuser), treat these users separately. If you log
in to vCenter Server as devuser, you might have permission to view and delete files from a datastore, whereas
if you log in to an ESX host as devuser, you might not.
Because of the confusion that duplicate naming can cause, check the vCenter Server user list before you create
ESX host users to avoid duplicating names. To check for vCenter Server users, review the Windows domain
list.
Understanding Groups
A group is a set of users that share a common set of rules and permissions. When you assign permissions to a
group, all users in the group inherit them, and you do not have to work with the user profiles individually.
As an administrator, decide how to structure groups to achieve your security and usage goals. For example,
three part-time sales team members work different days, and you want them to share a single virtual machine
but not use the virtual machines belonging to sales managers. In this case, you might create a group called
SalesShare that includes the three sales people and give the group permission to interact with only one object,
the shared virtual machine. They cannot perform any actions on the sales managers’ virtual machines.
The group lists in vCenter Server and an ESX host are drawn from the same sources as their respective user
lists. If you are working through vCenter Server, the group list is called from the Windows domain. If you are
logged in to an ESX host directly, the group list is called from a table that the host maintains.
Understanding Permissions
For ESX and vCenter Server, permissions are defined as access roles that consist of a user and the user’s assigned
role for an object such as a virtual machine or ESX host.
Most vCenter Server and ESX users have limited ability to manipulate the objects associated with the host.
Users with the Administrator role have full access rights and permissions on all virtual objects such as
datastores, hosts, virtual machines, and resource pools. By default, the Administrator role is granted to the
root user. If vCenter Server manages the host, vpxuser is also an Administrator user.
The list of privileges is the same for both ESX and vCenter Server, and you use the same method to configure
permissions.
VMware, Inc. 167

You can create roles and set permissions through a direct connection to the ESX host. Because these tasks are
widely performed in vCenter Server, see Basic System Administration for information on working with
permissions and roles.
Assigning root User Permissions
Root users can only perform activities on the specific ESX host that they are logged in to.
For security reasons, you might not want to use the root user in the Administrator role. In this case, you can
change permissions after installation so that the root user no longer has administrative privileges or you can
delete the root user’s access permissions altogether through the vSphere Client as described in the “Managing
Users, Groups, Permissions, and Roles” chapter of Basic System Administration. If you do so, you must first
create another permission at the root level that has a different user assigned to the Administrator role.
Assigning the Administrator role to a different user helps you maintain security through traceability. The
vSphere Client logs all actions that the Administrator role user initiates as events, providing you with an audit
trail. If all administrators log in as the root user, you cannot tell which administrator performed an action. If
you create multiple permissions at the root level—each associated with a different user or user group—you
can track the actions of each administrator or administrative group.
After you create an alternative Administrator user, you can delete the root user’s permissions or change the
role to limit its privileges. You must then use the new user you created as the host authentication point when
you bring the host under vCenter Server management.
NOTE vicfg commands do not perform an access check. Therefore, even if you limit the root user’s privileges,
it does not affect what that user can do using the command-line interface commands.
Understanding vpxuser Permissions
The vpxuser permission is used for vCenter Server when managing activities for the host. The vpxuser is
created when an ESX host is attached to vCenter Server.
vCenter Server has Administrator privileges on the host that it manages. For example, vCenter Server can
move virtual machines to and from hosts and perform configuration changes needed to support virtual
machines.
The vCenter Server administrator can perform most of the same tasks on the host as the root user and also
schedule tasks, work with templates, and so forth. However, the vCenter Server administrator cannot directly
create, delete, or edit users and groups for ESX hosts. These tasks can only be performed by a user with
Administrator permissions directly on each ESX host.
CAUTION Do not change vpxuser in any way and do not change its permissions. If you do so, you might
experience problems in working with ESX hosts through vCenter Server.
Understanding Roles
vCenter Server and ESX grant access to objects only to users who are assigned permissions for the object. When
you assign a user or group permissions for the object, you do so by pairing the user or group with a role. A
role is a predefined set of privileges.
ESX hosts provide three default roles, and you cannot change the privileges associated with these roles. Each
subsequent default role includes the privileges of the previous role. For example, the Administrator role
inherits the privileges of the Read Only role. Roles you create yourself do not inherit privileges from any of
the default roles.
You can create custom roles by using the role-editing facilities in the vSphere Client to create privilege sets
that match your user needs. If you use the vSphere Client connected to vCenter Server to manage your ESX
hosts, you have additional roles to choose from in vCenter Server. Also, the roles you create directly on an ESX
host are not accessible within vCenter Server. You can work with these roles only if you log in to the host
directly from the vSphere Client.
168 VMware, Inc.

If you manage ESX hosts through vCenter Server, maintaining custom roles in the host and vCenter Server
can result in confusion and misuse. In this type of configuration, maintain custom roles only in vCenter Server.
You can create roles and set permissions through a direct connection to the ESX host. Because most users create
roles and set permissions in vCenter Server, see Basic System Administration for information on working with
permissions and roles.
Assigning the No Access Role
Users assigned the No Access role for an object cannot view or change the object in any way. New users and
groups are assigned this role by default. You can change the role on an object-by-object basis.
A user with a No Access role for a particular object can select the vSphere Client tabs associated with the object,
but the tab displays no content.
The root user and vpxuser permissions are the only users not assigned the No Access role by default. Instead,
they are assigned the Administrator role. You can delete the root user’s permissions altogether or change its
role to No Access as long as you first create a replacement permission at the root level with the Administrator
role and associate this role with a different user.
Assigning the Read Only Role
Users assigned the Read Only role for an object are allowed to view the state of the object and details about
the object.
With this role, a user can view virtual machine, host, and resource pool attributes. The user cannot view the
remote console for a host. All actions through the menus and toolbars are disallowed.
Assigning the Administrator Role
Users assigned the Administrator role for an object are allowed to view and perform all actions on the object.
This role also includes all permissions inherent in the Read Only role.
If you are acting in the Administrator role on an ESX host, you can grant permissions to individual users and
groups on that host. If you are acting in the Administrator role in vCenter Server, you can grant permissions
to any user or group included in the Windows domain list that vCenter Server references.
vCenter Server registers any selected Windows domain user or group through the process of assigning
permissions. By default, all users who are members of the local Windows Administrators group on vCenter
Server are granted the same access rights as any user assigned to the Administrator role. Users who are
members of the Administrators group can log in as individuals and have full access.
For security reasons, consider removing the Windows Administrators group from the Administrator role. You
can change permissions after installation. Alternately, you can use the vSphere Client to delete the Windows
Administrators group access permissions, but you must first create another permission at the root level that
has a different user assigned to the Administrator role.
VMware, Inc. 169

Working with Users and Groups on ESX Hosts

If you are directly connected to an ESX host through the vSphere Client, you can create, edit, and delete users
and groups. These users and groups are visible in the vSphere Client whenever you log in to the ESX host, but
are not available if you log in to vCenter Server.
View, Sort, and Export a List of Users and Groups

You can view, sort, and export lists of ESX users and groups to a file that is in HTML, XML, Microsoft Excel,
or CSV format.
Procedure
1 Log in to the host using the vSphere Client.
2 Click the Users & Groups tab and click Users or Groups.
3 Determine how to sort the table, and hide or show columns according to the information you want to see
in the exported file.
n To sort the table by any of the columns, click the column heading.
n To show or hide columns, right-click any of the column headings and select or deselect the name of
the column to hide.
n To show or hide columns, right-click any of the column headings and select or deselect the name of
the column to hide.
4 Right-click anywhere in the table and click Export List to open the Save As dialog box.
5 Select a path and enter a filename.
6 Select the file type and click OK.
Add a User to the Users Table

Adding a user to the users table updates the internal user list that ESX maintains.
Procedure
2 Click the Users & Groups tab and click Users.
3 Right-click anywhere in the Users table and click Add to open the Add New User dialog box.
4 Enter a login, a user name, a numeric user ID (UID), and a password.
Specifying the user name and UID are optional. If you do not specify the UID, the vSphere Client assigns
the next available UID.
Create a password that meets the length and complexity requirements. However, the ESX host checks for
password compliance only if you have switched to the pam_passwdqc.so plug-in for authentication. The
password settings in the default authentication plug-in, pam_cracklib.so, are not enforced.
5 To allow a user to access the ESX host through a command shell, select Grant shell access to this user.
In general, do not grant shell access unless the user has a justifiable need. Users that access the host only
through the vSphere Client do not need shell access.
6 To add the user to a group, select the group name from the Group drop-down menu and click Add.
7 Click OK.
170 VMware, Inc.

Modify the Settings for a User

You can change the user ID, user name, password, and group settings for a user. You can also grant a user
shell access.
Procedure
2 Click the Users & Groups tab and click Users.
3 Right-click the user and click Edit to open the Edit User dialog box.
4 To change the user ID, enter a numeric user UID in the UID text box.
The vSphere Client assigns the UID when you first create the user. In most cases, you do not have to change
this assignment.
5 Enter a new user name.
6 To change the user’s password, select Change Password and enter the new password.
7 To change the user’s ability to access the ESX host through a command shell, select or deselect Grant shell
access to this user.
9 To remove the user from a group, select the group name from the Group membership box and click
Remove.
10 Click OK.
Remove a User or Group

You can remove a user or group from the ESX host.
CAUTION Do not remove the root user.
Procedure
2 Click the Users & Groups tab and click Users or Groups.
3 Right-click the user or group to remove and select Remove.
Add a Group to the Groups Table

Adding a group to the ESX groups table updates the internal group list maintained by the host.
Procedure
2 Click the Users & Groups tab and click Groups.
3 Right-click anywhere in the Groups table and click Add to open the Create New Group dialog box.
4 Enter a group name and numeric group ID (GID) in the Group ID text box.
Specifying the GID is optional. If you do not specify a GID, the vSphere Client assigns the next available
group ID.
VMware, Inc. 171

5 For each user that you want to add as a group member, select the user name from the list and click Add.
6 Click OK.
Add or Remove Users from a Group

You can add or remove a user from a group in the groups table.
Procedure
2 Click the Users & Groups tab and click Groups.

3 Right-click the group to modify and select Properties to open the Edit Group dialog box.
5 To remove the user from a group, select the group name from the Group membership box and click
Remove.
6 Click OK.
Encryption and Security Certificates for ESX

ESX supports SSL v3 and TLS v1, generally referred to here as SSL. If SSL is enabled, data is private, protected,
and cannot be modified in transit without detection.
All network traffic is encrypted as long as the following conditions are true:
n You did not change the Web proxy service to allow unencrypted traffic for the port.
n Your service console firewall is configured for medium or high security.
Host certificate checking is enabled by default and SSL certificates are used to encrypt network traffic.
However, ESX uses automatically generated certificates that are created as part of the installation process and
stored on the host. These certificates are unique and make it possible to begin using the server, but they are
not verifiable and are not signed by a trusted-well-known certificate authority (CA). These default certificates
are vulnerable to possible man-in-the-middle attacks.
To receive the full benefit of certificate checking, particularly if you intend to use encrypted remote connections
externally, install new certificates that are signed by a valid internal certificate authority or purchase a certificate
from a trusted security authority.
NOTE If the self-signed certificate is used, clients receive a warning about the certificate. To address this issue,
install a certificate that is signed by a recognized certificate authority. If CA-signed certificates are not installed,
all communication between vCenter Server and vSphere Clients is encrypted using a self-signed certificate.
These certificates do not provide the authentication security you might need in a production environment.
The default location for your certificate is /etc/vmware/ssl/ on the ESX host. The certificate consists of two
files: the certificate itself (rui.crt) and the private-key file (rui.key).
Enable Certificate Checking and Verify Host Thumbprints

To prevent man-in-the-middle attacks and to fully use the security that certificates provide, certificate checking
is enabled by default. You can verify that certificate checking is enabled in the vSphere Client.
NOTE vCenter Server certificates are preserved across upgrades.
172 VMware, Inc.

Procedure
3 Click SSL Settings in the left pane and verify that Check host certificates is selected.
4 If there are hosts that require manual validation, compare the thumbprints listed for the hosts to the
thumbprints in the host console.
To obtain the host thumbprint, run the following command on the ESX host:
openssl x509 -in /etc/vmware/ssl/rui.crt -fingerprint -sha1 -noout
5 If the thumbprint matches, select the Verify check box next to the host.
Hosts that are not selected will be disconnected after you click OK.
6 Click OK.
Generate New Certificates for the ESX Host

The ESX host generates certificates the first time the system is started. Under certain circumstances, you might
be required to force the host to generate new certificates. You typically generate new certificates only if you
change the host name or accidentally delete the certificate.
Each time you restart the vmware-hostd process, the mgmt-vmware script searches for existing certificate files
(rui.crt and rui.key). If it cannot find them, it generates new certificate files.
Procedure
1 In the directory /etc/vmware/ssl, back up any existing certificates by renaming them using the following
commands.
mv rui.crt orig.rui.crt
mv rui.key orig.rui.key
NOTE If you are regenerating certificates because you accidentally deleted them, you are not required to
rename them.
2 Use the following command to restart the vmware-hostd process.
service mgmt-vmware restart
3 Confirm that the ESX host successfully generated new certificates by using the following command and
comparing the time stamps of the new certificate files with orig.rui.crt and orig.rui.key.
ls -la
VMware, Inc. 173

Replace a Default Certificate with a CA-Signed Certificate

The ESX host uses automatically generated certificates that are created as part of the installation process. These
certificates are unique and make it possible to begin using the server, but they are not verifiable and they are
not signed by a trusted, well-known certificate authority (CA). Using default certificates might not comply
with the security policy of your organization. If you require a certificate from a trusted certificate authority,
you can replace the default certificate.
Procedure
1 Log in to the service console and acquire root privileges.
2 In the directory /etc/vmware/ssl, rename the existing certificates using the following commands.
mv rui.crt orig.rui.crt
mv rui.key orig.rui.key
3 Copy the new certificate and key to /etc/vmware/ssl.
4 Rename the new certificate and key to rui.crt and rui.key.
5 Restart the vmware-hostd process for the certificates to take effect.

Configure SSL Timeouts

You can configure SSL timeouts for ESX.
Timeout periods can be set for two types of idle connections:

n The Read Timeout setting applies to connections that have completed the SSL handshake process with
port 443 of ESX.
n The Handshake Timeout setting applies to connections that have not completed the SSL handshake
process with port 443 of ESX.
Both connection timeouts are set in milliseconds.
Idle connections are disconnected after the timeout period. By default, fully established SSL connections have
a timeout of infinity.
Procedure
2 Change to the directory /etc/vmware/hostd/.
3 Use a text editor to open the config.xml file.
4 Enter the <readTimeoutMs> value in milliseconds.
For example, to set the Read Timeout to 20 seconds, enter the following command.
<readTimeoutMs>20000</readTimeoutMs>
5 Enter the <handshakeTimeoutMs> value in milliseconds.
For example, to set the Handshake Timeout to 20 seconds, enter the following command.
<handshakeTimeoutMs>20000</handshakeTimeoutMs>
6 Save your changes and close the file.
7 Enter the following command to restart the vmware-hostd process.
174 VMware, Inc.

Example 13-1. Configuration File

The following section from the file /etc/vmware/hostd/config.xml shows where to enter the SSL timeout
settings.
<vmacore>
...
<http>
<readTimeoutMs>20000</readTimeoutMs>
</http>
...
<ssl>
...
<handshakeTimeoutMs>20000</handshakeTimeoutMs>
...
</ssl>
</vmacore>
ModifyingESX Web Proxy Settings

When you modify Web proxy settings, you have several encryption and user security guidelines to consider.
NOTE Restart the vmware-hostd process after making any changes to host directories or authentication
mechanisms by entering the command service mgmt-vmware restart.
n Do not set up certificates using pass phrases. ESX does not support pass phrases, also known as encrypted
keys. If you set up a pass phrase, ESX processes cannot start correctly.
n You can configure the Web proxy so that it searches for certificates in a location other than the default
location. This capability proves useful for companies that prefer to centralize their certificates on a single
machine so that multiple hosts can use the certificates.
CAUTION If certificates are not stored locally on the host—for example, if they are stored on an NFS share
—the host cannot access those certificates if ESX loses network connectivity. As a result, a client connecting
to the host cannot successfully participate in a secure SSL handshake with the host.
n To support encryption for user names, passwords, and packets, SSL is enabled by default for vSphere Web
Access and vSphere Web services SDK connections. To configure these connections so that they do not
encrypt transmissions, disable SSL for your vSphere Web Access connection or vSphere Web Services SDK
connection by switching the connection from HTTPS to HTTP.
Consider disabling SSL only if you created a fully trusted environment for these clients, where firewalls
are in place and transmissions to and from the host are fully isolated. Disabling SSL can improve
performance, because you avoid the overhead required to perform encryption.
n To protect against misuse of ESX services, such as the internal Web server that hosts vSphere Web Access,
most internal ESX services are accessible only through port 443, the port used for HTTPS transmission.
Port 443 acts as a reverse proxy for ESX. You can see a list of services on ESX through an HTTP welcome
page, but you cannot directly access these services without proper authorization.
You can change this configuration so that individual services are directly accessible through HTTP
connections. Do not make this change unless you are using ESX in a fully trusted environment.
n When you upgrade vCenter Server and vSphere Web Access, the certificate remains in place. If you remove
vCenter Server and vSphere Web Access, the certificate directory is not removed from the service console.
VMware, Inc. 175

Configure the Web Proxy to Search for Certificates in Nondefault Locations

You can configure the Web proxy so that it searches for certificates in a location other than the default location.
This is useful for companies that centralize their certificates on a single machine so that multiple hosts can use
the certificates.
Procedure
2 Change to the /etc/vmware/hostd/ directory.
3 Use a text editor to open the proxy.xml file and find the following XML segment.
<ssl>

<privateKey>/etc/vmware/ssl/rui.key</privateKey>

<certificate>/etc/vmware/ssl/rui.crt</certificate>
</ssl>
4 Replace /etc/vmware/ssl/rui.key with the absolute path to the private key file that you received from
your trusted certificate authority.
This path can be on the ESX host or on a centralized machine on which you store certificates and keys for
your company.
NOTE Leave the <privateKey> and </privateKey> XML tags in place.
5 Replace /etc/vmware/ssl/rui.crt with the absolute path to the certificate file that you received from your
trusted certificate authority.
CAUTION Do not delete the original rui.key and rui.crt files. The ESX host uses these files.
7 Enter the following command to restart the vmware-hostd process.

Change Security Settings for a Web Proxy Service

You can change the security configuration so that individual services are directly accessible through HTTP
connections.
Procedure
2 Change to the /etc/vmware/hostd/directory.
176 VMware, Inc.

3 Use a text editor to open the proxy.xml file.
The contents of the file typically appears as follows.

<ConfigRoot>
<EndpointList>
<_length>6</_length>
<_type>vim.ProxyService.EndpointSpec[]</_type>
<e id="0">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<pipeName>/var/run/vmware/proxy-webserver</pipeName>
<serverNamespace>/</serverNamespace>
</e>
<e id="1">
<pipeName>/var/run/vmware/proxy-sdk</pipeName>
<serverNamespace>/sdk</serverNamespace>
</e>
<e id="2">
<_type>vim.ProxyService.LocalServiceSpec</_type>
<port>8080</port>
<serverNamespace>/ui</serverNamespace>
</e>
<e id="3">
<accessMode>httpsOnly</accessMode>
<pipeName>/var/run/vmware/proxy-vpxa</pipeName>
<serverNamespace>/vpxa</serverNamespace>
</e>
<e id="4">
<pipeName>/var/run/vmware/proxy-mob</pipeName>
<serverNamespace>/mob</serverNamespace>
</e>
<e id="5">



<accessMode>httpAndHttps</accessMode>
<port>8889</port>
<serverNamespace>/wsman</serverNamespace>
</e>
</EndpointList>
</ConfigRoot>
VMware, Inc. 177

4 Change the security settings as required.
For example, you might want to modify entries for services that use HTTPS to add the option of HTTP
access.
n <e id> is an ID number for the server ID XML tag. ID numbers must be unique within the HTTP area.
n <_type> is the name of the service you are moving.
n <accessmode> is the forms of communication the service permits. Acceptable values include:
n httpOnly – The service is accessible only over plain-text HTTP connections.
n httpsOnly – The service is accessible only over HTTPS connections.
n httpsWithRedirect – The service is accessible only over HTTPS connections. Requests over HTTP
are redirected to the appropriate HTTPS URL.
n httpAndHttps – The service is accessible both over HTTP and HTTPS connections.
n <port> is the port number assigned to the service. You can assign a different port number to the service.
n <serverNamespace> is the namespace for the server that provides this service, for example /sdk or /
mob.
6 Enter the following command to restart the vmware-hostd process:

Example 13-2. Setting Up vSphere Web Access to Communicate Through an Insecure Port
vSphere Web Access normally communicates with an ESX host through a secure port (HTTPS, 443). If you are
in a fully trusted environment, you might decide that you can almost permit an insecure port (for example,
HTTP, 80). To do so, change the accessMode attribute for the Web server in proxy.xml file. In the following
result, the access mode is changed from httpsWithRedirect to httpAndHttps.
<accessMode>httpAndHttps</accessMode>
<port>8080</port>
<serverNamespace>/ui</serverNamespace>
178 VMware, Inc.

Service Console Security 14
VMware has basic security recommendations for using the service console, including how to use some of the
service console’s built-in security features. The service console is a management interface to ESX and, as such,
its security is critical. To protect the service console against unauthorized intrusion and misuse, VMware
imposes constraints on several service console parameters, settings, and activities.

n “General Security Recommendations,” on page 179
n “Log In to the Service Console,” on page 180
n “Service Console Firewall Configuration,” on page 180
n “Password Restrictions,” on page 184
n “Cipher Strength,” on page 190
n “setuid and setgid Flags,” on page 190
n “SSH Security,” on page 192
n “Security Patches and Security Vulnerability Scanning Software,” on page 193
General Security Recommendations

To protect the service console against unauthorized intrusion and misuse, VMware imposes constraints on
several service console parameters, settings, and activities. You can loosen the constraints to meet your
configuration needs, but if you do so, make sure that you are working in a trusted environment and have taken
enough other security measures to protect the network as a whole and the devices connected to the ESX host.
Consider the following recommendations when evaluating service console security and administering the
service console.
n Limit user access.
To improve security, restrict user access to the service console and enforce access security policies like
setting up password restrictions—for example, character length, password aging limits, and using a grub
password for booting the host.
The service console has privileged access to certain parts of ESX. Therefore, provide only trusted users
with login access. By default, root access is limited by not allowing secure shell (SSH) login as the root
user. Strongly consider keeping this default. Require ESX system administrators to log in as regular users
and then use the sudo command to perform specific tasks that require root privileges.
Also, try to run as few processes on the service console as possible. Ideally, strive to run only the essential
processes, services, and agents such as virus checkers, virtual machine backups, and so forth.
n Use vSphere Client to administer your ESX hosts.
VMware, Inc. 179

Whenever possible, use vSphere Client, vSphere Web Access, or a third-party network management tool
to administer your ESX hosts instead of working though the command-line interface as the root user.
Using vSphere Client lets you limit the accounts with access to the service console, safely delegate
responsibilities, and set up roles that prevent administrators and users from using capabilities they do not
need.
n Use only VMware sources to upgrade ESX components that you run on the service console.
The service console runs a variety of third-party packages, such as the Tomcat Web service, to support
management interfaces or tasks that you must perform. VMware does not support upgrading these
packages from anything other than a VMware source. If you use a download or patch from another source,
you might compromise service console security or functions. Regularly check third-party vendor sites and
the VMware knowledge base for security alerts.
Log In to the Service Console

Although you perform most ESX configuration activities through the vSphere Client, you use the service
console command-line interface when you configure certain security features. Using the command-line
interface requires that you log in to the host.
Procedure
1 Log in to the ESX host using one of the following methods.

n If you have direct access to the host, press Alt+F2 to open the login page on the machine's physical
console.
n If you are connecting to the host remotely, use SSH or another remote console connection to start a
session on the host.
2 Enter a user name and password recognized by the ESX host.
If you are performing activities that require root privileges, log in to the service console as a recognized
user and acquire root privileges through the sudo command, which provides enhanced security compared
to the su command.
What to do next
In addition to ESX-specific commands, you can use the service console command-line interface to run many
Linux and UNIX commands. For more information about service console commands, use the man
<command_name> command to check for man pages.
Service Console Firewall Configuration

ESX includes a firewall between the service console and the network. To ensure the integrity of the service
console, VMware has reduced the number of firewall ports that are open by default.
At installation time, the service console firewall is configured to block all incoming and outgoing traffic, except
for ports 22, 123, 427, 443, 902, 5989, 5988, which are used for basic communication with ESX. This setting
enforces a high level of security for the host.
NOTE The firewall also allows Internet Control Message Protocol (ICMP) pings and communication with
DHCP and DNS (UDP only) clients.
180 VMware, Inc.

Chapter 14 Service Console Security
In trusted environments, you might decide that a lower security level is acceptable. If so, you can set the firewall
for either medium or low security.
Medium security All incoming traffic is blocked, except on the default ports and any ports you
specifically open. Outgoing traffic is not blocked.
Low security There are no blocks on either incoming or outgoing traffic. This setting is
equivalent to removing the firewall.
Because the ports open by default are strictly limited, you might be required to open additional ports after
installation. For a list of commonly used ports that you might open, see “TCP and UDP Ports for Management
Access,” on page 153.
As you add the supported services and management agents required to operate ESX effectively, you open
other ports in the service console firewall. You add services and management agents through vCenter Server
as described in “Configuring Firewall Ports for Supported Services and Management Agents,” on page 150.
In addition to the ports you open for these services and agents, you might open other ports when you configure
certain devices, services, or agents such as storage devices, backup agents, and management agents. For
example, if you are using Veritas NetBackup™ 4.5 as a backup agent, open ports 13720, 13724, 13782, and
13783, which NetBackup uses for client-media transactions, database backups, user backups or restores, and
so forth. To determine which ports to open, see vendor specifications for the device, service, or agent.
Determine the Service Console Firewall Security Level

Altering the security level for the service console is a two-part process: determining the service console firewall
security level and resetting the service console firewall setting. To prevent unnecessary steps, always check
the firewall setting before you change it.
Procedure
2 Use the following two commands to determine whether incoming and outgoing traffic is blocked or
allowed.
esxcfg-firewall -q incoming
esxcfg-firewall -q outgoing
Interpret the results according to Table 14-1.
Table 14-1. Service Console Firewall Security Levels

Command Line Response Security Level
Incoming ports blocked by default. High

Outgoing ports blocked by default.
Incoming ports blocked by default. Medium

Outgoing ports not blocked by default.
Incoming ports not blocked by default. Low

Outgoing ports not blocked by default.
VMware, Inc. 181

Set the Service Console Firewall Security Level

After you determine the level of firewall security for the service console, you can set the security level. Each
time you lower your security setting or open additional ports, you increase the risk of intrusion in your network.
Balance your access needs against how tightly you want to control the security of the network.
Procedure
2 Run one of the following commands to set the service console firewall security level.
n To set the service console firewall to medium security:
esxcfg-firewall --allowOutgoing --blockIncoming
n To set the virtual firewall to low security:

esxcfg-firewall --allowIncoming --allowOutgoing
CAUTION Using the preceding command disables all firewall protection.
n To return the service console firewall to high security:

esxcfg-firewall --blockIncoming --blockOutgoing

Changing the service console firewall security level does not affect existing connections. For example, if the
firewall is set to low security and a backup is running on a port you did not explicitly open, raising the firewall
setting to high does not terminate the backup. The backup completes, releases the connection, and no further
connections are accepted for the port.
Open a Port in the Service Console Firewall

You can open service console firewall ports when you install third-party devices, services, and agents. Before
you open ports to support the item you are installing, see vendor specifications to determine the necessary
ports.
Prerequisites
Use this procedure only to open ports for services or agents that are not configurable through the vSphere
Client.
CAUTION VMware supports opening and closing firewall ports only through the vSphere Client or the esxcfg-
firewall command. Using any other methods or scripts to open firewall ports can lead to unexpected behavior.
182 VMware, Inc.

Procedure
2 Use the following command to open the port.

esxcfg-firewall --openPort <port_number>,tcp|udp,in|out,<port_name>
n <port_number> is the vendor-specified port number.

n Use tcp for TCP traffic or udp for UDP traffic.
n Use in to open the port for inbound traffic or out to open it for outbound traffic.
n <port_name> is a descriptive name to help identify the service or agent using the port. A unique name
is not required.
For example:
esxcfg-firewall --openPort 6380,tcp,in,Navisphere
3 Run the following command to restart the vmware-hostd process.

Close a Port in the Service Console Firewall

You can close particular ports in the service console firewall. If you close a port, active sessions of the service
associated with the port are not necessarily disconnected when you close the port. For example, if a backup is
executing and you close the port for the backup agent, the backup continues until it completes and the agent
releases the connection.
You can use the -closePort option to close only those ports that you opened with the -openPort option. If you
used a different method to open the port, use an equivalent method to close it. For example, you can close the
SSH port (22) only by disabling the SSH server incoming connection and SSH client outgoing connection in
the vSphere Client.
Prerequisites
Use this procedure only to close ports for services or agents not specifically configurable through the vSphere
Client.
CAUTION VMware supports opening and closing firewall ports only through the vSphere Client or the esxcfg-
firewall command. Using any other methods or scripts to open and close firewall ports can lead to unexpected
behavior.
Procedure
2 Use the following command to close the port.

esxcfg-firewall --closePort <port_number>,tcp|udp,in|out,<port_name>
The <port_name> argument is optional.
For example:
esxcfg-firewall --closePort 6380,tcp,in

VMware, Inc. 183

Password Restrictions
The ease with which an attacker can log in to an ESX host depends on finding a legitimate user name and
password combination. You can set password restrictions to help prevent attackers from obtaining user
passwords.
A malicious user can obtain a password in a number of ways. For example, an attacker can sniff insecure
network traffic, such as Telnet or FTP transmissions, for successful login attempts. Another common method
is to crack the password by running a password generator to try every character combination up to a certain
length or use real words and simple mutations of real words.
Implementing restrictions that govern the length, character sets, and duration of passwords can make attacks
that a password generator initiates more difficult. The longer and more complex the password, the harder it
is for an attacker to discover. The more often users have to change passwords, the more difficult it is to find a
password that works repeatedly.
NOTE Always consider the human factor when you decide how to implement password restrictions. If you
make passwords too hard to remember or enforce frequent password changes, your users might be inclined
to write down their passwords, which eliminates any benefit.
To help protect your password database from misuse, password shadowing is enabled so that password hashes
are hidden from access. Also, ESX uses MD5 password hashes, which provide stronger password security and
lets you set minimum length requirements to more than eight characters.
Password Aging
You can impose password aging restrictions to ensure that user passwords do not stay active for long periods.
ESX imposes the following password aging restrictions for user logins by default.
Maximum days The number of days that a user can keep a password. By default, passwords
are set to never expire.
Minimum days The minimum number of days between password changes. The default is 0,
meaning that the users can change their passwords any time.
Warning time The number of days in advance of password expiration that a reminder is sent.
The default is seven days. Warnings are only displayed when logging directly
in to the service console or when using SSH.
You can tighten or loosen any of these settings. You can also override the default password aging settings for
an individual user or group.
Change Default Password Aging Restrictions for a Host

You can impose stricter or looser password aging restrictions for a host than those provided by default.
Procedure
2 To change the maximum number of days a user can keep a password, use the following command.
esxcfg-auth --passmaxdays=<number_of_days>
184 VMware, Inc.

3 To change the minimum number of days between password changes, use the following command.
esxcfg-auth --passmindays=<number_of_days>
4 To change the warning time before a password change, use the following command.
esxcfg-auth --passwarnage=<number_of_days>
Change Default Password Aging Restrictions for Users

You can override the default password aging restrictions for particular users or groups.
Procedure
2 To change the maximum number of days, use the following command.

chage -M <number_of_days> <username>
3 To change the warning time, use the following command.

chage -W <number_of_days> <username>
4 To change the minimum number of days, use the following command.

chage -m <number_of_days> <username>
Password Complexity
By default, ESX uses the pam_cracklib.so plug-in to set the rules that users must observe when creating
passwords and to check password strength during the creation process.
The pam_cracklib.so plug-in lets you determine the basic standards that all passwords must meet. By default,
ESX imposes no restrictions on the root password. However, when nonroot users attempt to change their
passwords, the passwords they choose must meet the basic standards that pam_cracklib.so sets. In addition,
nonroot users can make only a certain number of password change attempts before pam_cracklib.so begins
issuing messages and eventually closes the password change page. ESX has defaults for password standards
and retry restrictions.
Minimum length The minimum password length is set to nine. This means that the user must
enter at least eight characters if they use only one character class (lowercase,
uppercase, digit, or other).
The password length algorithm allows shorter passwords if the user enters a
mix of character classes. To calculate the actual character length a user needs
to enter to form a valid password for a given minimum length setting, apply
the password length algorithm as follows:
M – CC = E
where:
n M is the minimum length parameter.
n CC is the number of character classes the user includes in the password.
n E is the number of characters the user must enter.
Table 14-2 shows how the algorithm works, assuming the user enters at least
one lowercase character as part of the password. The pam_cracklib.so plug-in
does not allow passwords of fewer than six characters, so although the
mathematically accurate character requirement for a four character-class
password is five characters, the effective requirement is six.
VMware, Inc. 185

Table 14-2. Password Complexity Algorithm Results

Character Types in the Password Attempt
# of Characters
for a Valid Lowercase Uppercase Other
Password Characters Characters Digits Characters
8 yes
7 yes yes yes yes

yes
yes
6 yes yes yes yes

yes yes yes yes
yes
5 yes yes yes yes
Retries The pam_cracklib.so retries parameter for ESX systems is set to three. If the
user does not enter a strong enough password in three attempts,
pam_cracklib.so closes the password change dialog box. The user must open
a new password change session to try again.
The pam_cracklib.so plug-in checks all password change attempts to ensure that passwords meet the following
strength criteria:
n The new password must not be a palindrome—a password where the characters mirror each other around
a central letter, as in radar or civic.
n The new password must not be the reverse of the old password.
n The new password must not be a rotation—a version of the old password in which one or more characters
have been rotated to the front or back of the password string.
n The new password must differ from the old password by more than a change of case.
n The new password must differ from the old password by more than a few characters.
n The new password must not have been used in the past. The pam_cracklib.so plug-in applies this criterion
only if you have configured a password reuse rule.
By default, ESX does not enforce any password reuse rules, so ordinarily the pam_cracklib.so plug-in
never rejects a password change attempt on these grounds. However, you can configure a reuse rule to
ensure that your users do not alternate between a few passwords.
If you configure a reuse rule, old passwords are stored in a file that the pam_cracklib.so plug-in references
during each password change attempt. The reuse rules determine the number of old passwords that ESX
retains. When a user creates enough passwords to reach the value specified in the reuse rule, old passwords
are removed from the file in age order.
n The new password must be long enough and complex enough. You configure these requirements by
changing the pam_cracklib.so complexity parameters with the esxcfg-auth command, which lets you set
the number of retries, the minimum password length, and a variety of character credits. Character credits
let the user enter shorter passwords if they include more character types in the password.
For more information on the pam_cracklib.so plug-in, see your Linux documentation.
NOTE The pam_cracklib.so plug-in used in Linux provides more parameters than the parameters supported
for ESX. You cannot specify these additional parameters in esxcfg-auth.
186 VMware, Inc.

Configure a Password Reuse Rule

You can set the number of old passwords that are stored for each user.
Procedure
2 Change to the directory /etc/pam.d/.
3 Use a text editor to open the system-auth-generic file.
4 Locate the line that starts with password sufficient /lib/security/$ISA/pam_unix.so.
5 Add the following parameter to the end of the line, where X is the number of old passwords to store for
each user.
remember=X
Use a space between parameters.
7 Change to the directory /etc/security/ and use the following command to make a zero (0) length file with
opasswd as the filename.
touch opasswd
8 Enter the following commands:

chmod 0600 opasswd
chown root:root /etc/security/opasswd
Change Default Password Complexity for the pam_cracklib.so Plug-In

The pam_cracklib.so plug-in allows you to set the minimum length and complexity of a password.
To make a password more complex, you can assign values to the credit parameters for each of the following
character classes:
n <lc_credit> represents lowercase letters
n <uc_credit> represents uppercase letters
n <d_credit> represents digits
n <oc_credit> represents special characters, such as underscore or dash
Credits add to a password's complexity score. A user's password must meet or exceed the minimum score,
which you define using the <minimum_length> parameter.
NOTE The pam_cracklib.so plug-in does not accept passwords that are less than six characters, regardless of
credits used and regardless of the value you assign to <minimum_length>. In other words, if <minimum_length>
is 5, users must still enter no fewer than six characters.
To determine whether or not a password is acceptable, the pam_cracklib.so plug-in uses several rules to
calculate the password score.
n Each character in the password, regardless of type, counts as one against <minimum_length>.
n Nonzero values in the credit parameters affect password complexity differently depending on whether
negative or positive values are used.
n For positive values, add one credit for the character class, up to the maximum number of credits
specified by the credit parameter.
VMware, Inc. 187

For example, if <lc_credit> is 1, add one credit for using a lowercase letter in the password. In this case,
one is the maximum number of credits allowed for lowercase letters, regardless of how many are
used.
n For negative values, do not add credit for the character class, but require that the character class is
used a minimum number of times. The minimum number is specified by the credit parameter.
For example, if <uc_credit> is -1, passwords must contain at least one uppercase character. In this case,
no extra credit is given for using uppercase letters, regardless of how many are used.
n Character classes with a value of zero count toward the total length of the password, but do not receive
extra credit, nor are they required. You can set all character classes to zero to enforce password length
without considering complexity.
For example, the passwords xyzpqets and Xyzpq3#s would each have a password score of eight.
The plug-in then compares the total score, or effective length, of the password to the value of
<minimum_length>.
Procedure
2 Enter the following command.

esxcfg-auth --usecrack=<retries><minimum_length><lc_credit><uc_credit><d_credit><oc_credit>
<retries> is the number of retries users are allowed before they are locked out.
Example 14-1. esxcfg-auth --usecrack Command
esxcfg-auth --usecrack=3 9 1 -1 -1 1
n Users are allowed three attempts to enter their password before they are locked out.
n The password score must be 9.
n Up to one credit is given for using lowercase letters.
n At least one uppercase letter is required. No extra credit is given for this character class.
n At least one digit is required. No extra credit is given for this character class.
n Up to one credit is given for using special characters.
Using these sample values, the password candidate xyzpqe# would fail:
(x + y + z + p +q + e + #) + (lc_credit + oc_credit) = 9
While the password score is 9, it does not contain the required uppercase letter and digit.
The password candidate Xyzpq3# would be accepted:
(X + y + z + p +q + 3 + #) + (lc_credit + oc_credit) = 9
The password score for this example is also 9, but this password includes the required uppercase letter and
digit. The uppercase letter and digit do not add extra credit.
188 VMware, Inc.

Switch to the pam_passwdqc.so Plug-In

The pam_cracklib.so plug-in provides sufficient password strength enforcement for most environments.
However, if the plug-in is not stringent enough for your needs, you can use the pam_passwdqc.so plug-in
instead.
The pam_passwdqc.so provides a greater number of options for fine-tuning password strength and performs
password strength tests for all users, including the root user. The pam_passwdqc.so plug-in is also somewhat
more difficult to use than the pam_cracklib.so plug-in.
NOTE The pam_passwdqc.so plug-in used in Linux provides more parameters than the parameters supported
for ESX. You cannot specify these additional parameters in esxcfg-auth. For more information on this plug-
in, see your Linux documentation.
Procedure
2 Enter the following command.

esxcfg-auth --usepamqc=<N0><N1><N2><N3><N4><match>
n <N0> is the number of characters required for a password that uses characters from only one character
class.
n <N1> is the number of characters required for a password that uses characters from two character
classes.
n <N2> is used for passphrases. ESX requires three words for a passphrase.
n <N3> is the number of characters required for a password that uses characters from three character
classes.
n <N4> is the number of characters required for a password that uses characters from all four character
classes.
n <match> is the number of characters allowed in a string that is reused from the old password. If the
pam_passwdqc.so plug-in finds a reused string of this length or longer, it disqualifies the string from
the strength test and uses only the remaining characters.
Setting any of these options to -1 directs the pam_passwdqc.so plug-in to ignore the requirement. Setting
any of these options to disabled directs the pam_passwdqc.so plug-in to disqualify passwords with the
associated characteristic. The values used must be in descending order except for -1 and disabled.
For example, you use the following command.

esxcfg-auth --usepamqc=disabled 18 -1 12 8
With this setting in effect, a user creating a password would never be able to set passwords that contain
only one character class. The user needs to use at least 18 characters for a password with a two-character
class, 12 characters for a three-character class password, and eight characters for four-character class
passwords. Attempts to create passphrases are ignored.
VMware, Inc. 189

Cipher Strength
Transmitting data over insecure connections presents a security risk because malicious users might be able to
scan data as it travels through the network. As a safeguard, network components commonly encrypt the data
so that it cannot be easily read.
To encrypt data, the sending component, such as a gateway or redirector, applies algorithms, or ciphers, to
alter the data before transmitting it. The receiving component uses a key to decrypt the data, returning it to its
original form. Several ciphers are in use, and the level of security that each provides is different. One measure
of a cipher’s ability to protect data is its cipher strength—the number of bits in the encryption key. The larger
the number, the more secure the cipher.
To ensure the protection of the data transmitted to and from external network connections, ESX uses one of
the strongest block ciphers available—256-bit AES block encryption. ESX also uses 1024-bit RSA for key
exchange. These encryption algorithms are the default for the following connections.
n vSphere Client connections to vCenter Server and to the ESX host through the service console.
n vSphere Web Access connections to the ESX host through the service console.
NOTE Because use of vSphere Web Access ciphers is determined by the Web browser you are using, this
management tool might use other ciphers.
n SDK connections to vCenter Server and to ESX.

n Service console connections to virtual machines through the VMkernel.
n SSH connections to the ESX host through the service console.
setuid and setgid Flags

During ESX installation, several applications that include the setuid and setgid flags are installed by default.
Some of the applications provide facilities required for correct operation of the host. Others are optional, but
they can make maintaining and troubleshooting the host and the network easier.
setuid A flag that allows an application to temporarily change the permissions of the
user running the application by setting the effective user ID to the program
owner’s user ID.
setgid A flag that allows an application to temporarily change the permissions of the
group running the application by setting the effective group ID to the program
owner’s group ID.
Disable Optional Applications

Disabling any of the required applications results in problems with ESX authentication and virtual machine
operation, but you can disable any optional application.
Optional applications are listed in Table 14-3 and Table 14-4.
190 VMware, Inc.

Procedure
2 Run one of the following commands to disable the application.

n For setuid flagged applications:
chmod a-s <path_to_executable_file>
n For setgid flagged applications:

chmod a-g <path_to_executable_file>
Default setuid Applications

Several applications that include the setuid flag are installed by default.
Table 14-3 lists the default setuid applications and indicates whether the application is required or optional.
Table 14-3. Default setuid Applications

Application Purpose and Path Required or Optional
crontab Lets individual users add cron jobs. Optional

Path: /usr/bin/crontab
pam_timestamp_check Supports password authentication. Required

Path: /sbin/pam_timestamp_check
passwd Supports password authentication. Required

Path: /usr/bin/passwd
ping Sends and listens for control packets on the network interface. Optional
Useful for debugging networks.
Path: /bin/ping
pwdb_chkpwd Supports password authentication. Required

Path: /sbin/pwdb_chkpwd
ssh-keysign Performs host-based authentication for SSH. Required if you use

Path: /usr/libexec/openssh/ssh-keysign host-based
authentication.
Otherwise optional.
su Lets a general user become the root user by changing users. Required
Path: /bin/su
sudo Lets a general user act as the root user only for specific Optional
operations.
Path: /usr/bin/sudo
unix_chkpwd Supports password authentication. Required

Path: /sbin/unix_chkpwd
vmkload_app Performs tasks required to run virtual machines. This Required in both paths
application is installed in two locations: one for standard use
and one for debugging.
Path for standard use: /usr/lib/vmware/bin/vmkload_app
Path for debugging: /usr/lib/vmware/bin-debug/
vmkload_app
VMware, Inc. 191

Table 14-3. Default setuid Applications (Continued)

vmware-authd Authenticates users for use of services specific to VMware. Required

Path: /usr/sbin/vmware-authd
vmware-vmx Performs tasks required to run virtual machines. This Required in both paths
application is installed in two locations: one for standard use
and one for debugging.
Path for standard use: /usr/lib/vmware/bin/vmware-vmx
Path for debugging: /usr/lib/vmware/bin-debug/vmware-
vmk
Default setgid Applications

Two applications that include the setgid flag are installed by default.
Table 14-4 lists the default setgid applications and indicates whether the application is required or optional.
Table 14-4. Default setgid Applications

wall Alerts all terminals that an action is about to occur. This Optional
application is called by shutdown and other commands.
Path: /usr/bin/wall
lockfile Performs locking for the Dell OM management agent. Required for Dell OM
Path: /usr/bin/lockfile but optional otherwise
SSH Security
SSH is a commonly used Unix and Linux command shell that lets you remotely log in to the service console
and perform certain management and configuration tasks for the host. SSH is used for secure logins and data
transfers because it offers stronger protection than other command shells.
In this ESX release, the SSH configuration is enhanced to provide a higher security level. This enhancement
includes the following key features.
n Version 1 SSH protocol disabled – VMware no longer supports Version 1 SSH protocol and uses Version
2 protocol exclusively. Version 2 eliminates certain security issues present in Version 1 and provides you
with a safer communications interface to the service console.
n Improved cipher strength – SSH now supports only 256-bit and 128-bit AES ciphers for your connections.
n Limits on remote logins as root – You can no longer remotely log in as root. Instead, you log in as an
identifiable user and either use the sudo command to run specific operations that require root privileges
or enter the su command to become the root user.
NOTE The sudo command provides security benefits in that it limits root activities and helps you check
for possible misuse of root privileges by generating an audit trail of any root activities that the user
performs.
These settings are designed to provide solid protection for the data you transmit to the service console through
SSH. If this configuration is too rigid for your needs, you can lower security parameters.
192 VMware, Inc.

Change the Default SSH Configuration

You can change the default SSH configuration.
Procedure
2 Change to the /etc/ssh directory.
3 Use a text editor to perform any of the following actions in the sshd_config file.
n To allow remote root login, change the setting to yes in the following line.
PermitRootLogin no
n To revert to the default SSH protocol (Version 1 and 2), comment out the following line.
Protocol 2
n To revert to the 3DES cipher and other ciphers, comment out the following line.
Ciphers aes256-cbc,aes128-cbc
n To disable Secure FTP (SFTP) on SSH, comment out the following line.
Subsystem ftp /usr/libexec/openssh/sftp-server
5 Run the following command to restart the SSHD service.

service sshd restart
Security Patches and Security Vulnerability Scanning Software

Certain security scanners such as Nessus check the version number but not the patch suffix as they search for
security holes. As a result, these scanners can falsely report that software is down-level and does not include
the most recent security patches even though it does. If this occurs, you can perform certain checks.
This problem is common to the industry and not specific to VMware. Some security scanners can handle this
situation correctly, but they typically lag by a version or more. For example, the version of Nessus released
after a Red Hat patch often does not report these false positives.
If a fix for a particular Linux-supported software package that VMware provides as a service console
component becomes available—for example, a service, facility, or protocol—VMware provides a bulletin that
contains a list of vSphere Installation Bundles (VIBs) that you use to update the software on ESX. Although
these fixes might be available from other sources, always use bulletins that VMware generates instead of using
third-party RPM Package Manager packages.
When providing patches for a software package, the VMware policy is to backport the fix to a version of the
software known to be stable. This approach reduces the chance of introducing new problems and instability
in the software. Because the patch is added to an existing version of the software, the version number of the
software stays the same, but a patch number is added as a suffix.
The following is an example of how this problem occurs:
1 You initially install ESX with OpenSSL version 0.9.7a (where 0.9.7a is the original version with no patches).
2 OpenSSL releases a patch that fixes a security hole in version 0.9.7. This version is called 0.9.7x.
3 VMware backports the OpenSSL 0.9.7x fix to the original version, updates the patch number, and creates
a VIB. The OpenSSL version in the VIB is 0.9.7a-1, indicating that the original version (0.9.7a) now contains
patch 1.
VMware, Inc. 193

4 You install the updates.
5 The security scanner fails to note the -1 suffix and erroneously reports that security for OpenSSL is not up
to date.
If your scanner reports that security for a package is down-level, perform the following checks.
n Look at the patch suffix to determine if you require an update.
n Read the VMware VIB documentation for information on the patch contents.
n Look for the Common Vulnerabilities and Exposures (CVE) number from the security alert in the software
update change log.
If the CVE number is there, the specified package addresses that vulnerability.
194 VMware, Inc.

Security Deployments and
Recommendations 15
A series of ESX deployment scenarios can help you understand how best to employ the security features in
your own deployment. Scenarios also illustrate some basic security recommendations that you can consider
when creating and configuring virtual machines.

n “Security Approaches for Common ESX Deployments,” on page 195
n “Virtual Machine Recommendations,” on page 199
Security Approaches for Common ESX Deployments

You can compare security approaches for different types of deployments to help plan security for your own ESX
deployment.
The complexity of ESX deployments can vary significantly depending on the size of your company, the way
that data and resources are shared with the outside world, whether there are multiple datacenters or only one,
and so forth. Inherent in the following deployments are policies for user access, resource sharing, and security
level.
Single-Customer Deployment
In a single-customer deployment, ESX hosts are owned and maintained within a single corporation and single
datacenter. Host resources are not shared with outside users. One site administrator maintains the hosts, which
are run on a number of virtual machines.
The single-customer deployment does not allow customer administrators, and the site administrator is solely
responsible for maintaining the various virtual machines. The corporation staffs a set of system administrators
who do not have accounts on the host and cannot access any of the ESX tools such as vCenter Server or
command line shells for the host. These system administrators have access to virtual machines through the
virtual machine console so that they can load software and perform other maintenance tasks inside the virtual
machines.
Table 15-1 shows how you might handle sharing for the components that you use and configure for the host.
Table 15-1. Sharing for Components in a Single-Customer Deployment

Function Configuration Comments
Service console shares the same No Isolate the service console by configuring it on its own
physical network as the virtual physical network.
machines?
Service console shares the same No Isolate the service console by configuring it on its own VLAN.
VLAN as the virtual machines? No virtual machine or other system facility such as VMotion
must use this VLAN.
VMware, Inc. 195

Table 15-1. Sharing for Components in a Single-Customer Deployment (Continued)

Virtual machines share the same Yes Configure your virtual machines on the same physical
physical network? network.
Network adapter sharing? Partial Isolate the service console by configuring it on its own virtual
switch and virtual network adapter. No virtual machine or
other system facility must use this switch or adapter.
You can configure your virtual machines on the same virtual
switch and network adapter.
VMFS sharing? Yes All .vmdk files reside in the same VMFS partition.
Security level High Open ports for needed services like FTP on an individual
basis. See “Service Console Firewall Configuration,” on
page 180 for information on security levels.
Virtual machine memory Yes Configure the total memory for the virtual machines as
overcommitment? greater than the total physical memory.
Table 15-2 shows how you might set up user accounts for the host.
Table 15-2. User Account Setup in a Single-Customer Deployment

User Category Total Number of Accounts
Site administrators 1
Customer administrators 0
System administrators 0
Business users 0
Table 15-3 shows the level of access for each user.
Table 15-3. User Access in a Single-Customer Deployment

Access Level Site Administrator System Administrator
Root access? Yes No
Service console access through SSH? Yes No
vCenter Server and vSphere Web Access? Yes No
Virtual machine creation and modification? Yes No
Virtual machine access through the console? Yes Yes
Multiple-Customer Restricted Deployment

In a multiple-customer restricted deployment, ESX hosts are in the same datacenter and are used to serve
applications for multiple customers. The site administrator maintains the hosts, and these hosts run a number
of virtual machines dedicated to the customers. Virtual machines that belong to the various customers can be
on the same host, but the site administrator restricts resource sharing to prevent rogue interaction.
Although there is only one site administrator, several customer administrators maintain the virtual machines
assigned to their customers. This deployment also includes customer system administrators who do not have
ESX accounts but have access to the virtual machines through the virtual machine console so that they can load
software and perform other maintenance tasks inside the virtual machines.
Table 15-4 shows how you might handle sharing for the components you use and configure for the host.
196 VMware, Inc.

Chapter 15 Security Deployments and Recommendations
Table 15-4. Sharing for Components in a Multiple-Customer Restricted Deployment

Service console shares the same No Isolate the service console by configuring it on its own physical
physical network as the virtual network.
machines?
Service console shares the same No Isolate the service console by configuring it on its own VLAN.
VLAN as the virtual machines? No virtual machine or other system facility such as VMotion
must use this VLAN.
Virtual machines share the same Partial Put the virtual machines for each customer on a different
physical network? physical network. All physical networks are independent of
each other.
Network adapter sharing? Partial Isolate the service console by configuring it on its own virtual
switch and virtual network adapter. No virtual machine or
other system facility must use this switch or adapter.
You configure virtual machines for one customer so that they
all share the same virtual switch and network adapter. They do
not share the switch and adapter with any other customers.
VMFS sharing? No Each customer has its own VMFS partition, and the virtual
machine .vmdk files reside exclusively on that partition. The
partition can span multiple LUNs.
Security level High Open ports for services like FTP as needed.
Virtual machine memory Yes Configure the total memory for the virtual machines as greater
overcommitment? than the total physical memory.
Table 15-5 shows how you might set up user accounts for the ESX host.
Table 15-5. User Account Setup in a Multiple-Customer Restricted Deployment

Business users 0
Table 15-6. User Access in a Multiple-Customer Restricted Deployment

Customer System
Access Level Site Administrator Administrator Administrator
Root access? Yes No No
Service console access through SSH? Yes Yes No
vCenter Server and vSphere Web Access? Yes Yes No
Virtual machine creation and modification? Yes Yes No
Virtual machine access through the console? Yes Yes Yes
VMware, Inc. 197

Multiple-Customer Open Deployment

In a multiple-customer open deployment, ESX hosts are in the same datacenter and are used to serve
applications for multiple customers. The site administrator maintains the hosts, and these hosts run a number
of virtual machines dedicated to the customers. Virtual machines that belong to the various customers can be
on the same host, but there are fewer restrictions on resource sharing.
Although there is only one site administrator in a multiple-customer open deployment, several customer
administrators maintain the virtual machines assigned to their customers. The deployment also includes
customer system administrators who do not have ESX accounts but have access to the virtual machines through
the virtual machine console so that they can load software and perform other maintenance tasks inside the
virtual machines. Lastly, a group of business users who do not have accounts can use virtual machines to run
their applications.
Table 15-7 shows how you might handle sharing for the components that you use and configure for the host.
Table 15-7. Sharing for Components in a Multiple-Customer Open Deployment

Service console shares the same No Isolate the service console by configuring it on its own
physical network as the virtual physical network.
machines?
Service console shares the same VLAN No Isolate the service console by configuring it on its own
as the virtual machines? VLAN. No virtual machine or other system facility such as
VMotion must use this VLAN.
Virtual machines share the same Yes Configure your virtual machines on the same physical
physical network? network.
Network adapter sharing? Partial Isolate the service console by configuring it on its own
virtual switch and virtual network adapter. No virtual
machine or other system facility must use this switch or
adapter.
You configure all virtual machines on the same virtual
switch and network adapter.
VMFS sharing? Yes Virtual machines can share VMFS partitions, and their
virtual machine .vmdk files can reside on shared partitions.
Virtual machines do not share .vmdk files.
Security level High Open ports for services like FTP as needed.
Virtual machine memory Yes Configure the total memory for the virtual machines as
overcommitment? greater than the total physical memory.
Table 15-8 shows how you might set up user accounts for the host.
Table 15-8. User Account Setup in a Multiple-Customer Open Deployment

Business users 0
198 VMware, Inc.

Table 15-9. User Access in a Multiple-Customer Open Deployment

Customer System
Access Level Site Administrator Administrator Administrator Business User
Root access? Yes No No No
Service console access through Yes Yes No No

SSH?
vCenter Server and vSphere Yes Yes No No

Web Access?
Virtual machine creation and Yes Yes No No

modification?
Virtual machine access through Yes Yes Yes Yes

the console?
Virtual Machine Recommendations

There are several safety precautions to consider when evaluating virtual machine security and administering
virtual machines.
Installing Antivirus Software

Because each virtual machine hosts a standard operating system, consider protecting it from viruses by
installing antivirus software. Depending on how you are using the virtual machine, you might also want to
install a software firewall.
Stagger the schedule for virus scans, particularly in deployments with a large number of virtual machines.
Performance of systems in your environment will degrade significantly if you scan all virtual machines
simultaneously.
Because software firewalls and antivirus software can be virtualization-intensive, you can balance the need
for these two security measures against virtual machine performance, especially if you are confident that your
virtual machines are in a fully trusted environment.
Disable Copy and Paste Operations Between the Guest Operating System and
Remote Console
You can disable copy and paste operations to prevent exposing sensitive data that has been copied to the
clipboard.
When VMware Tools runs on a virtual machine, you can copy and paste between the guest operating system
and remote console. As soon as the console window gains focus, non-privileged users and processes running
in the virtual machine can access the clipboard for the virtual machine console. If a user copies sensitive
information to the clipboard before using the console, the user—perhaps unknowingly—exposes sensitive data
to the virtual machine. To prevent this problem, consider disabling copy and paste operations for the guest
operating system.
Procedure
3 Select Options > Advanced > General and click Configuration Parameters.
VMware, Inc. 199

4 Click Add Row and type the following values in the Name and Value columns.
Name Value
isolation.tools.copy.disable true
isolation.tools.paste.disable true
isolation.tools.setGUIOptions.enable false
NOTE These options override any settings made in the guest operating system’s VMware Tools control
panel.
The result appears as follows.
Name Value Field
sched.mem.max unlimited
sched.swap.derivedName /vmfs/volumes/e5f9f3d1-ed4d8ba/New Virtual Machine
scsi0:0.redo true
vmware.tools.installstate none
vmware.tools.lastInstallStatus.result unknown
isolation.tools.copy.disable true
isolation.tools.paste.disable true
isolation.tools.setGUIOptions.enable false
5 Click OK to close the Configuration Parameters dialog box, and click OK again to close the Virtual Machine
Properties dialog box.
Removing Unnecessary Hardware Devices

Users and processes without privileges on a virtual machine can connect or disconnect hardware devices, such
as network adapters and CD-ROM drives. Therefore, removing unnecessary hardware devices can help
prevent attacks.
Attackers can use this capability to breach virtual machine security in several ways. For example, an attacker
with access to a virtual machine can connect a disconnected CD-ROM drive and access sensitive information
on the media left in the drive, or disconnect a network adapter to isolate the virtual machine from its network,
resulting in a denial of service.
As a general security precaution, use commands on the vSphere Client Configuration tab to remove any
unneeded or unused hardware devices. Although this measure tightens virtual machine security, it is not a
good solution in situations where you might bring an unused device back into service at a later time.
Prevent a Virtual Machine User or Process from Disconnecting Devices

If you do not want to permanently remove a device, you can prevent a virtual machine user or process from
connecting or disconnecting the device from within the guest operating system.
Procedure
2 Select the virtual machine in the inventory panel.
4 Select Options > General Options and make a record of the path displayed in the Virtual Machine
Configuration File text box.
200 VMware, Inc.

6 Change directories to access the virtual machine configuration file whose path you recorded in Step 4.
Virtual machine configuration files are located in the /vmfs/volumes/<datastore> directory, where
<datastore> is the name of the storage device on which the virtual machine files reside. For example, if the
virtual machine configuration file you obtained from the Virtual Machine Properties dialog box is
[vol1]vm-finance/vm-finance.vmx, you would change to the following directory.
/vmfs/volumes/vol1/vm-finance/
7 Use a text editor to add the following line to the .vmx file, where <device_name> is the name of the device
you want to protect (for example, ethernet1).
<device_name>.allowGuestConnectionControl = "false"
NOTE By default, Ethernet 0 is configured to disallow device disconnection. The only reason you might
change this is if a prior administrator set <device_name>.allowGuestConnectionControl to true.
9 In the vSphere Client, right-click the virtual machine and select Power Off.
10 Right-click the virtual machine and select Power On.
Limiting Guest Operating System Writes to Host Memory

The guest operating system processes send informational messages to the ESX host through VMware Tools.
If the amount of data the host stored as a result of these messages was unlimited, an unrestricted data flow
would provide an opportunity for an attacker to stage a denial-of-service (DoS) attack.
The informational messages sent by guest operating processes are known as setinfo messages and typically
contain name-value pairs that define virtual machine characteristics or identifiers that the host stores—for
example, ipaddress=10.17.87.224. The configuration file containing these name-value pairs is limited to a size
of 1MB, which prevents attackers from staging a DoS attack by writing software that mimics VMware Tools
and filling the host's memory with arbitrary configuration data, which consumes space needed by the virtual
machines.
If you require more than 1MB of storage for name-value pairs, you can change the value as required. You can
also prevent the guest operating system processes from writing any name-value pairs to the configuration file.
Modify Guest Operating System Variable Memory Limit

You can increase the guest operating system variable memory limit if large amounts of custom information
are being stored in the configuration file.
Procedure

VMware, Inc. 201

5 If the size limit attribute is not present, you must add it.
a Click Add Row.
b In the Name column, type tools.setInfo.sizeLimit.
c In the Value column, type Number of Bytes.
If the size limit attribute exists, modify it to reflect the appropriate limits.
Prevent the Guest Operating System Processes from Sending Configuration Messages to
the Host
You can prevent guests from writing any name-value pairs to the configuration file. This is appropriate when
guest operating systems must be prevented from modifying configuration settings.
Procedure
5 Click Add Row and type the following values in the Name and Value columns.
n In the Name column: isolation.tools.setinfo.disable
n In the Value column: true
Configuring Logging Levels for the Guest Operating System

Virtual machines can write troubleshooting information into a virtual machine log file stored on the VMFS
volume. Virtual machine users and processes can abuse logging either on purpose or inadvertently so that
large amounts of data flood the log file. Over time, the log file can consume enough file system space to cause
a denial of service.
To prevent this problem, consider modifying logging settings for virtual machine guest operating systems.
These settings can limit the total size and number of log files. Normally, a new log file is created each time you
reboot a host, so the file can grow to be quite large. You can ensure new log file creation happens more
frequently by limiting the maximum size of the log files. VMware recommends saving 10 log files, each one
limited to 100KB. These values are large enough to capture sufficient information to debug most problems that
might occur.
Each time an entry is written to the log, the size of the log is checked. If it is over the limit, the next entry is
written to a new log. If the maximum number of log files exists, the oldest log file is deleted. A DoS attack that
avoids these limits could be attempted by writing an enormous log entry, but each log entry is limited in size
to 4KB, so no log files are ever more than 4KB larger than the configured limit.
202 VMware, Inc.

Limit Log File Numbers and Sizes

To prevent virtual machine users and processes from flooding the log file, which can lead to denial of service,
you can limit the number and size of the log files ESX generates.
Procedure
3 Select Options > General Options and make a record of the path displayed in the Virtual Machine
Configuration File text box.
4 Log into the service console and acquire root privileges.
5 Change directories to access the virtual machine configuration file whose path you recorded in Step 3.
Virtual machine configuration files are located in the /vmfs/volumes/<datastore> directory, where
<datastore> is the name of the storage device on which the virtual machine files reside. For example, if the
virtual machine configuration file you obtained from the Virtual Machine Properties dialog box is
[vol1]vm-finance/vm-finance.vmx, you would change to the following directory.
/vmfs/volumes/vol1/vm-finance/
6 To limit the log size, use a text editor to add or edit the following line to the .vmx file, where <maximum_size>
is the maximum file size in bytes.
log.rotateSize=<maximum_size>
For example, to limit the size to around 100KB, enter 100000.
7 To keep a limited number of log files, use a text editor to add or edit the following line to the .vmx file, where
<number_of_files_to_keep> is the number of files the server keeps.
log.keepOld=<number_of_files_to_keep>
For example, to keep 10 log files and begin deleting the oldest ones as new ones are created, enter 10.
Disable Logging for the Guest Operating System

If you choose not to write troubleshooting information into a virtual machine log file stored on the VMFS
volume, you can stop logging altogether.
If you disable logging for the guest operating system, be aware that you might not be able to gather adequate
logs to allow troubleshooting. Further, VMware does not offer technical support for virtual machine problems
if logging has been disabled.
Procedure
1 Log in to a vCenter Server system using the vSphere Client and select the virtual machine in the inventory.
3 Click the Options tab and in the options list under Advanced, select General.
4 In Settings, deselect Enable logging.
5 Click OK to close the Virtual Machine Properties dialog box.
VMware, Inc. 203

204 VMware, Inc.

Host Profiles
VMware, Inc. 205

206 VMware, Inc.

Managing Host Profiles 16
The host profiles feature creates a profile that encapsulates the host configuration and helps to manage the
host configuration, especially in environments where an administrator manages more than one host or cluster
in vCenter Server.
Host profiles eliminates per-host, manual, or UI-based host configuration and maintain configuration
consistency and correctness across the datacenter by using host profile policies. These policies capture the
blueprint of a known, validated reference host configuration and use this to configure networking, storage,
security, and other settings on multiple hosts or clusters. You can then check a host or cluster against a profile’s
configuration for any deviations.

n “Host Profiles Usage Model,” on page 207
n “Access Host Profiles View,” on page 208
n “Creating a Host Profile,” on page 208
n “Export a Host Profile,” on page 209
n “Import a Host Profile,” on page 209
n “Edit a Host Profile,” on page 210
n “Manage Profiles,” on page 211
n “Checking Compliance,” on page 214
Host Profiles Usage Model

This topic describes the workflow of using Host Profiles.
You must have an existing vSphere installation with at least one properly configured host.
1 Set up and configure the host that will be used as the reference host.
A reference host is the host from which the profile is created.
2 Create a profile using the designated reference host.
3 Attach a host or cluster with the profile.
VMware, Inc. 207

4 Check the host's compliance against a profile. This ensures that the host continues to be correctly
configured.
5 Apply the host profile of the reference host to other hosts or clusters of hosts.
NOTE Host profiles is only supported for VMware vSphere 4.0 hosts. This feature is not supported for VI 3.5
or earlier hosts. If you have VI 3.5 or earlier hosts managed by your vCenter Server 4.0, the following can occur
if you try to use host profiles for those hosts:
n You cannot create a host profile that uses a VMware Infrastructure 3.5 or earlier host as a reference host.
n You cannot apply a host profile to any VI 3.5 or earlier hosts. The compliance check fails.
n While you can attach a host profile to a mixed cluster that contains VI 3.5 or earlier hosts, the compliance
check for those hosts fails.
As a licensed feature of vSphere, Host Profiles are only available when the appropriate licensing is in place. If
you see errors, please ensure that you have the appropriate vSphere licensing for your hosts.
Access Host Profiles View

The Host Profiles main view lists all available profiles. Administrators can also use the Host Profiles main view
to perform operations on host profiles and configure profiles.
The Host Profiles main view should be used by experienced administrators who wish to perform host profile
operations and configure advanced options and policies. Most operations such as creating new profiles,
attaching entities, and applying profiles can be performed from the Hosts and Clusters view.
Procedure
u Select View > Management > Host Profiles.
Any existing profiles are listed on the left side in the profiles list. When a profile is selected from the profile
list, the details of that profile are displayed on the right side.
Creating a Host Profile

You create a new host profile by using the designated reference host's configuration.
A host profile can be created from the Host Profiles main view or the host's context menu in the Hosts and
Clusters.
Create a Host Profile from Host Profiles View

You can create a host profile from the Host Profiles main view by using the configuration of an existing host.
Prerequisites
You must have a vSphere installation and at least one properly configured host in the inventory.
Procedure
1 In the Host Profiles main view, click Create Profile.
The Create Profile wizard appears.
2 Select the option to create a new profile and click Next.
3 Select the host to use to create the profile and click Next.
4 Type the name and enter a description for the new profile and click Next.
5 Review the summary information for the new profile and click Finish to complete creating the profile.
The new profile appears in the profile list.
208 VMware, Inc.

Chapter 16 Managing Host Profiles
Create a Host Profile from Host

You can create a new host profile from the host's context menu in the Hosts and Clusters inventory view.
Prerequisites
You must have a vSphere installation and at least one properly configured host in the inventory.
Procedure
1 In the Hosts and Clusters view, select the host that you want to designate as the reference host for the new
host profile.
2 Right-click the host and select Host Profile > Create Profile from Host.
The Create Profile from Host wizard opens.
3 Type the name and enter a description for the new profile and click Next.
4 Review the summary information for the new profile and click Finish to complete creating the profile.
The new profile appears in the host's Summary tab.
Export a Host Profile

You can export a profile to a file that is in the VMware profile format (.vpf).
Procedure
1 In the Host Profiles main page, select the profile to export from the profile list.
2 Right-click the profile and select Export Profile.
3 Select the location and type the name of the file to export the profile.
4 Click Save.
Import a Host Profile

You can import a profile from a file in the VMware profile format (.vpf).
Procedure
1 In the Host Profiles main page, click the Create Profile icon.
The Create Profile wizard appears.
2 Select the option to import a profile and click Next.
3 Enter or browse for the VMware Profile Format file to import and click Next.
4 Type the name and enter a description for the imported profile and click Next.
5 Review the summary information for the imported profile and click Finish to complete importing the
profile.
The imported profile appears in the profile list.
VMware, Inc. 209

Edit a Host Profile

You can view and edit host profile policies, select a policy to be checked for compliance, and change the policy
name or description.
Procedure
1 In the Host Profiles main view, select the profile to edit from the profile list.
2 Click Edit Host Profile.

3 Change the profile name or description in the fields at the top of the Profile Editor.
4 (Optional) Edit or disable the policy.
5 Enable the policy compliance check.
6 Click OK to close the Profile Editor.
Edit a Policy
A policy describes how a specific configuration setting should be applied. The Profile Editor allows you to edit
policies belonging to a specific host profile.
On the left side of the Profile Editor, you can expand the host profile. Each host profile is composed of several
sub-profiles that are designated by functional group to represent configuration instances. Each sub-profile
contains many policies that describe the configuration that is relevant to the profile.
The sub-profiles (and example policies and compliance checks) that may be configured are:
Table 16-1. Host Profile Sub-profile Configurations

Sub-Profile Configuration Example Policies and Compliance Checks
Memory reservation Set memory reservation to a fixed value.
Storage Configure NFS storage.
Networking Configure virtual switch, port groups, physical NIC speed,

security and NIC teaming policies.
Date and Time Configure time settings, timezone of server.
Firewall Enable or disable a ruleset.
Security Add a user or usergroup.
Service Configure settings for a service.
Advanced Modify advanced options.
Procedure
1 Open the Profile Editor for the profile you wish to edit.
2 On the left side of the Profile Editor, expand a sub-profile until you reach the policy you want to edit.
3 Select the policy.
On the right side of the Profile Editor, the policy options and parameters are displayed within the
Configuration Details tab.
4 Select a policy option from the drop-down menu and set its parameter.
5 (Optional) If you make a change to a policy, but wish to revert back to the default option, click Revert and
the option is reset.
210 VMware, Inc.

Enable Compliance Check

You can decide whether a host profile policy is checked for compliance.
Procedure
1 Open the Profile Editor for a profile and navigate to the policy you wish to enable for compliance check.
2 On the right-hand side of the Profile Editor, select the Compliance Details tab.
3 Enable the check box for the policy.
NOTE If you disable the check box so this policy is not checked for compliance, the other policies that are
enabled for compliance check will still be checked.
Manage Profiles
After you create a host profile, you can manage the profile by attaching a profile to a particular host or cluster
and then applying that profile to the host or cluster.
Attaching Entities
Hosts that need to be configured are attached to a profile. Profiles can also be attached to a cluster. In order to
be compliant, all hosts within an attached cluster must be configured according to the profile.
You can attach a host or cluster to a profile from:

n Host Profiles main view
n host's context menu
n cluster's context menu
n cluster's Profile Compliance tab
Attach Entities from the Host Profiles View

Before you can apply the profile to an entity (host or cluster of hosts), you must attach the entity to the profile.
You can attach a host or cluster to a profile from the Host Profiles main view.
Procedure
1 In the Host Profiles main view, select the profile to which you want to add the attachment from the profile
list.
2 Click the Attach Host/Cluster icon.
3 Select the host or cluster from the expanded list and click Attach.
The host or cluster is added to the Attached Entities list.
4 (Optional) Click Detach to remove an attachment from a host or cluster.
5 Click OK to close the dialog.
Attach Entities from the Host

Before you can apply the profile to host you must attach the entity to the profile.
You can attach a profile to a host from the host's context menu in the Hosts and Clusters inventory view.
VMware, Inc. 211

Procedure
1 In the Hosts and Clusters view, select the host to which you want to attach a profile.
2 Right-click the host and select Host Profile > Manage Profile.
NOTE If no host profiles exist in your inventory, a dialog appears asking if you want to create and attach
the host to this profile.
3 In the Change Attached Profile dialog, select the profile to attach to the host and click OK.
The host profile is updated in the Summary tab of the host.
Applying Profiles
To bring a host to the desired state as specified in the profile, apply the profile to the host.
You can apply a profile to a host from:

n Host Profiles main view
n Host's context menu
n Cluster's Profile Compliance tab
Apply a Profile from the Host Profiles View

You can apply a profile to a host from the Host Profiles main view.
Prerequisites
The host must be in maintenance mode before a profile is applied to it.
Procedure
1 In the Host Profiles main view, select the profile you want to apply to the host .
2 Select the Hosts and Clusters tab.
The list of attached hosts are shown under Entity Name.
3 Click Apply Profile.
In the Profile Editor, you might be prompted to enter the required parameters needed to apply the profile.
4 Enter the parameters and click Next.
5 Continue until all the required parameters are entered.
6 Click Finish.
Compliance Status is updated.
Apply a Profile from the Host

You can apply a profile to a host from the host's context menu.
Prerequisites
The host must be in maintenance mode before applying it to a profile.
Procedure
1 In the Hosts and Clusters view, select the host to which you want to apply a profile.
2 Right-click the host and select Host Profile > Apply Profile.
3 In the Profile Editor, enter the parameters and click Next.
212 VMware, Inc.

4 Continue until all the required parameters are entered.
5 Click Finish.
Compliance Status is updated.
Change Reference Host

The reference host configuration is used to create the host profile.
You can perform this task from the Host Profiles main view.
Prerequisites
The host profile must already exist.
Procedure
1 You can perform this task either from the Host Profiles main view or from the host.
u In the Host Profiles main view, right-click the profile you wish to change the reference host and select
Change Reference Host.
u In the Hosts and Clusters view, right-click the host to which you want to update references and select
Manage Profiles.
The Detach or Change Host Profile dialog opens.
2 Determine if you want to detatch the profile from the host or cluster or change the profile's reference host.
u Click Detach to remove the association between the host and the profile.
u Click Change to continue with updating the profile's reference host.
If you selected Change, the Change Reference Host dialog opens. The current host that the profile
references is displayed as Reference Host.
3 Expand the inventory list and select the host to which you want the profile attached.
4 Click Update.
The Reference Host is updated.
5 Click OK.
The Summary tab for the host profile lists the updated reference host.
VMware, Inc. 213

Manage Profiles from a Cluster

You can create a profile, attach a profile, or update reference hosts from the cluster's context menu.
Procedure
u In the Hosts and Clusters view, right-click a cluster and select Host Profile > Manage Profile. Depending
on your host profile setup, one of the following occurs:
Profile Status Result
If the cluster is not attached to a host profile and no profile a A dialog opens asking if you would like to create a
exist in your inventory. profile and attach it to the cluster.
b If you select Yes, the Create Profile wizard opens.
If the cluster is not attached to a host profile and one or a The Attach Profile dialog opens.
more profiles exist in your inventory. b Select the profile you wish to attach to the cluster and
click OK.
If the cluster is already attached to a host profile. In the dialog, click Detach to detach the profile from the
cluster or Change to attach a different profile to the cluster.
Checking Compliance
Checking compliance ensures that the host or cluster continues to be correctly configured.
After a host or cluster is configured with the reference host profile, a manual change, for example, can occur,
making the configuration incorrect. Checking compliance on a regular basis ensures that the host or cluster
continues to be correctly configured.
Check Compliance from the Host Profiles View

You can check the compliance of a host or cluster to a profile from the Host Profiles main view.
Procedure
1 From the Host Profiles list, select the profile that you want to check.
2 In the Hosts and Clusters tab, select the host or cluster from the list under Entity Name.
3 Click Check Compliance Now.

The compliance status is updated as Compliant, Unknown, or Non-compliant.
If the compliance status is Non-compliant, you can apply the host to the profile.
Check Compliance from Host

After a profile has been attached to a host, run a compliance check to verify the configuration.
Procedure
1 In the Hosts and Clusters view, select the host on which you want to run the compliance check.
2 Right-click the host and select Host Profile > Check Compliance
The host's compliance status is displayed in the host's Summary tab.
If the host is not compliant, you must apply the profile to the host.
214 VMware, Inc.

Check Cluster Compliance

A cluster may be checked for compliance against a host profile or for specific cluster requirements and settings.
Procedure
1 In the Hosts and Clusters view, select the cluster on which you want to run the compliance check.
2 In the Profile Compliance tab, click Check Compliance Now to check the cluster's compliance with both
the host profile that is attached to this cluster and the cluster requirements, if any.
n The cluster is checked for compliance with specific settings for hosts in the cluster, such as DRS, HA,
and DPM. For example, it may check if VMotion is enabled. The compliance status for the cluster
requirements is updated. This check is performed even if a host profile is not attached to the cluster.
n If a host profile is attached to the cluster, the cluster is checked for compliance with the host profile.
The compliance status for the host profile is updated.
3 (Optional) Click Description next to the Cluster Requirements for a list of the specific cluster requirements.
4 (Optional) Click Description next to Host Profiles for a list of the specific host profile compliance checks.
5 (Optional) Click Change to change the host profile that is attached to the cluster.
6 (Optional) Click Remove to detach the host profile that is attached to the cluster.
If the cluster is not compliant, the profile must be applied separately to each host within the cluster.
VMware, Inc. 215

216 VMware, Inc.

Appendixes
VMware, Inc. 217

218 VMware, Inc.

ESX Technical Support Commands A
Most of the service console commands are reserved for Technical Support use and are included for your
reference only. In a few cases, however, these commands provide the only means of performing a configuration
task for the ESX host. Also, if you lose your connection to the host, executing certain of these commands through
the command-line interface may be your only recourse—for example, if networking becomes nonfunctional
and vSphere Client access is therefore unavailable.
NOTE If you use the commands in this appendix, you must execute the service mgmt-vmware restart
command to restart the vmware-hostd process and alert the vSphere Client and other management tools that
the configuration has changed. In general, avoid executing the commands in this appendix if the host is
currently under the vSphere Client or vCenter Server management.
The vSphere Client graphical user interface provides the preferred means of performing the configuration
tasks described in this topic. You can use this topic to learn which vSphere Client commands to use in place
of the service console commands. This topic provides a summary of the actions you take in vSphere Client but
does not give complete instructions. For details on using commands and performing configuration tasks
through vSphere Client, see the online help.
You can find additional information on a number of ESX commands by logging in to the service console and
using the man <esxcfg_command_name> command to display man pages.
Appendix A, “ESX Technical Support Commands,” on page 219 lists the Technical Support commands
provided for ESX, summarizes the purpose of each command, and provides a vSphere Client alternative. You
can perform most of the vSphere Client actions listed in the table only after you have selected an ESX host from
the inventory panel and clicked the Configuration tab. These actions are preliminary to any procedure
discussed below unless otherwise stated.
Table A-1. ESX Technical Support Commands

Service Console Command Command Purpose and vSphere Client Procedure
esxcfg-advcfg Configures advanced options for ESX.

To configure advanced options in vSphere Client, click Advanced
Settings. When the Advanced Settings dialog box opens, use the list on
the left to select the device type or activity you want to work with and
then enter the appropriate settings.
esxcfg-auth Configures authentication. You can use this command to switch between
the pam_cracklib.so and pam_passwdqc.so plugins for password
change rule enforcement. You also use this command to reset options for
these two plugins.
There is no means of configuring these functions in vSphere Client.
VMware, Inc. 219

Table A-1. ESX Technical Support Commands (Continued)

esxcfg-boot Configures bootstrap settings. This command is used for the bootstrap
process and is intended for VMware Technical Support use only. You
should not issue this command unless instructed to do so by a VMware
Technical Support representative.
There is no means of configuring these functions in vSphere Client.
esxcfg-dumppart Configures a diagnostic partition or searches for existing diagnostic
partitions.
When you install ESX, a diagnostic partition is created to store debugging
information in the event of a system fault. You don’t need to create this
partition manually unless you determine that there is no diagnostic
partition for the host.
You can perform the following management activities for diagnostic
partitions in vSphere Client:
n Determine whether there is a diagnostic partition — Click
Storage>AddStorage and check the first page of the Add Storage
Wizard to see whether it includes the Diagnostic option. If Diagnostic
is not one of the options, ESX already has a diagnostic partition.
n Configure a diagnostic partition — Click Storage>Add
Storage>Diagnostic and step through the wizard.
esxcfg-firewall Configures the service console firewall ports.
To configure firewall ports for supported services and agents in vSphere
Client, you select the Internet services that will be allowed to access the
ESX host. Click Security Profile>Firewall>Properties and use the
Firewall Properties dialog box to add services.
You cannot configure unsupported services through the vSphere Client.
For these services, use the esxcfg-firewall.
esxcfg-info Prints information about the state of the service console, VMkernel,
various subsystems in the virtual network, and storage resource
hardware.
vSphere Client doesn’t provide a method for printing this information,
but you can obtain much of it through different tabs and functions in the
user interface. For example, you can check the status of your virtual
machines by reviewing the information on the Virtual Machines tab.
esxcfg-init Performs internal initialization routines. This command is used for the
bootstrap process you should not use it under any circumstances. Using
this command can cause problems for your ESX host.
There is no vSphere Client equivalent for this command.
esxcfg-module Sets driver parameters and modifies which drivers are loaded during
startup. This command is used for the bootstrap process and is intended
for VMware Technical Support use only. You should not issue this
command unless instructed to do so by a VMware Technical Support
representative.
There is no vSphere Client equivalent for this command.
esxcfg-mpath Configures multipath settings for your Fibre Channel or iSCSI disks.
To configure multipath settings for your storage in vSphere Client, click
Storage. Select a datastore or mapped LUN and click Properties. When the
Properties dialog box opens, select the desired extent if necessary. Then,
click Extent Device>Manage Paths and use the Manage Path dialog box
to configure the paths.
220 VMware, Inc.

Appendix A ESX Technical Support Commands

esxcfg-nas Manages NFS mounts. You use this command to create or unmount an
NFS datastore.
To view NFS datastores in vSphere Client, click Storage > Datastores and
scroll through the datastores list. You can also perform the following
activities from the Storage > Datastores view:
n Display the attributes of an NFS datastore – Click the datastore and
review the information under Details.
n Create an NFS datastore – Click Add Storage.
n Unmount an NFS datastore – Click Remove, or right-click the
datastore to unmount and select Unmount.
esxcfg-nics Prints a list of physical network adapters along with information on the
driver, PCI device, and link state of each NIC. You can also use this
command to control a physical network adapter’s speed and duplexing.
To view information on the physical network adapters for the host in
vSphere Client, click Network Adapters.
To change the speed and duplexing for a physical network adapter in the
vSphere Client, click Networking>Properties for any of the virtual
switches associated with the physical network adapter. In the Properties
dialog box, click Network Adapters>Edit and select the speed and duplex
combination.
esxcfg-resgrp Restores resource group settings and lets you perform basic resource
group management.
Select a resource pool from the inventory panel and click Edit Settings on
the Summary tab to change the resource group settings.
esxcfg-route Sets or retrieves the default VMkernel gateway route and adds, removes,
or lists static routes.
To view the default VMkernel gateway route in vSphere Client, click DNS
and Routing. To change the default routing, click Properties and update
the information in both tabs of the DNS and Routing Configuration
dialog box.
esxcfg-swiscsi Configures your software iSCSI software adapter.
To configure your software iSCSI system in vSphere Client, click Storage
Adapters, select the iSCSI adapter you want to configure, and click
Properties. Use the iSCSI Initiator Properties dialog box to configure the
adapter.
esxcfg-upgrade Upgrades from ESX Server 2.x to ESX. This command is not for general
use.
You complete the following three tasks when upgrading from 2.x to 3.x.
Some of these can be performed in vSphere Client:
n Upgrade the host — You upgrade the binaries, converting from ESX
Server 2.x to ESX. You cannot perform this step from vSphere Client.
n Upgrade the file system — To upgrade VMFS-2 to VMFS-3, suspend
or power off your virtual machines and then click
Inventory>Host>Enter Maintenance Mode. Click Storage, select a
storage device, and click Upgrade to VMFS-3. You must perform this
step for each storage device you want to upgrade.
n Upgrade the virtual machines — To upgrade a virtual machine from
VMS-2 to VMS-3, right-click the virtual machine in the inventory
panel and choose Upgrade Virtual Machine.
esxcfg-scsidevs Prints a map of VMkernel storage devices to service console devices. There
is no vSphere Client equivalent for this command.
VMware, Inc. 221


esxcfg-vmknic Creates and updates VMkernel TCP/IP settings for VMotion, NAS, and
iSCSI.
To set up VMotion, NFS, or iSCSI network connections in vSphere Client,
click Networking > Add Networking. Select VMkernel and step through
the Add Network Wizard. Define the IP address subnet mask and
VMkernel default gateway in the Connection Settings step.
To review your settings, click the blue icon to the left of the VMotion,
iSCSI, or NFS port. To edit any of these settings, click Properties for the
switch. Select the port from the list on the switch Properties dialog box
and click Edit to open the port Properties dialog box and change the
settings for the port.
esxcfg-vswif Creates and updates service console network settings. This command is
used if you cannot manage the ESX host through the vSphere Client
because of network configuration issues.
To set up connections for the service console in vSphere Client, click
Networking > Add Networking. Select Service Console and step through
the Add Network Wizard. Define the IP address subnet mask and the
service console default gateway in the Connection Settings step.
To review your settings, click the blue icon to the left of the service console
port. To edit any of these settings, click Properties for the switch. Select
the service console port from the list on the switch Properties dialog box.
Click Edit to open the port Properties dialog box and change the settings
for the port.
esxcfg-vswitch Creates and updates virtual machine network settings.
To set up connections for a virtual machine in vSphere Client, click
Networking > Add Networking. Select Virtual Machine and step
through the Add Network Wizard.
To review your settings, click the speech bubble icon to the left of the
virtual machine port group. To edit any of these settings, click Properties
for the switch. Select the virtual machine port from the list on the switch
Properties dialog box, then click Edit to open the port Properties dialog
box and change the settings for the port.
222 VMware, Inc.

Linux Commands Used with ESX B
To support certain internal operations, ESX installations include a subset of standard Linux configuration
commands, for example, network and storage configuration commands. Using these commands to perform
configuration tasks can result in serious configuration conflicts and render some ESX functions unusable.
Always work through the vSphere Client when configuring ESX, unless otherwise instructed in vSphere
documentation or by VMware Technical Support.
VMware, Inc. 223

224 VMware, Inc.

Using vmkfstools C
You use the vmkfstools utility to create and manipulate virtual disks, file systems, logical volumes, and physical
storage devices on the VMware ESX hosts.
Using vmkfstools, you can create and manage virtual machine file system (VMFS) on a physical partition of a
disk. You can also use the command to manipulate files, such as virtual disk files, stored on VMFS-2, VMFS-3,
and NFS.
You can perform most vmkfstools operations using the vSphere Client.

n “vmkfstools Command Syntax,” on page 225
n “vmkfstools Options,” on page 226
vmkfstools Command Syntax

Generally, you do not need to log in as the root user to run the vmkfstools commands. However, some
commands, such as the file system commands, might require the root user login.
Use the following arguments with the vmkfstools command:

n <options> are one or more command-line options and associated arguments that you use to specify the
activity for vmkfstools to perform, for example, choosing the disk format when creating a new virtual
disk.
After entering the option, specify a file or VMFS file system on which to perform the operation by entering
a relative or absolute file path name in the /vmfs hierarchy.
n <partition> specifies disk partitions. This argument uses a vml.<vml_ID>:P format, where <vml_ID> is the
device ID returned by the storage array and P is an integer that represents the partition number. The
partition digit must be greater than zero (0) and should correspond to a valid VMFS partition of type fb.
VMware, Inc. 225

n <device> specifies devices or logical volumes. This argument uses a path name in the ESX device file
system. The path name begins with /vmfs/devices, which is the mount point of the device file system.
Use the following formats when you specify different types of devices:
n /vmfs/devices/disks for local or SAN-based disks.
n /vmfs/devices/lvm for ESX logical volumes.
n /vmfs/devices/generic for generic SCSI devices, such as tape drives.
n <path> specifies a VMFS file system or file. This argument is an absolute or relative path that names a
directory symbolic link, a raw device mapping, or a file under /vmfs.
n To specify a VMFS file system, use this format:
/vmfs/volumes/<file_system_UUID>
or
/vmfs/volumes/<file_system_label>
n To specify a VMFS file, use this format:

/vmfs/volumes/<file system label|file system UUID>/[dir]/myDisk.vmdk
You do not need to enter the entire path if the current working directory is the parent directory of
myDisk.vmdk.
For example,
/vmfs/volumes/datastore1/rh9.vmdk
vmkfstools Options
The vmkfstools command has several options. Some of the options are suggested for advanced users only.
The long and single-letter forms of the options are equivalent. For example, the following commands are
identical.
vmkfstools --createfs vmfs3 --blocksize 2m vml.<vml_ID>:1
vmkfstools -C vmfs3 -b 2m vml.<vml_ID>:1
-v Suboption
The -v suboption indicates the verbosity level of the command output.
The format for this suboption is as follows:

-v --verbose <number>
You specify the <number> value as an integer from 1 through 10.
You can specify the -v suboption with any vmkfstools option. If the output of the option is not suitable for use
with the -v suboption, vmkfstools ignores -v.
NOTE Because you can include the -v suboption in any vmkfstools command line, -v is not included as a
suboption in the option descriptions.
226 VMware, Inc.

Appendix C Using vmkfstools
File System Options

File system options allow you to create a VMFS file system. These options do not apply to NFS. You can perform
many of these tasks through the vSphere Client.
Creating a VMFS File System

Use the vmkfstools command to create a VMFS file system.
-C --createfs vmfs3
-b --blocksize <block_size>kK|mM
-S --setfsname <fsName>
This option creates a VMFS-3 file system on the specified SCSI partition, such as vml.<vml_ID>:1. The partition
becomes the file system's head partition.
VMFS-2 file systems are read-only on any ESX host. You cannot create or modify VMFS-2 file systems but you
can read files stored on VMFS-2 file systems. VMFS-3 file systems are not accessible from ESX 2.x hosts.
CAUTION You can have only one VMFS volume for a LUN.
You can specify the following suboptions with the -C option:

n -b --blocksize – Define the block size for the VMFS-3 file system. The default block size is 1MB. The
<block_size> value you specify must be a multiple of 128kb, with a minimum value of 128kb. When you
enter a size, indicate the unit type by adding a suffix of m or M. The unit type is not case sensitive —
vmkfstools interprets m or M to mean megabytes and k or K to mean kilobytes.
n -S --setfsname – Define the volume label of a VMFS volume for the VMFS-3 file system you are creating.
Use this suboption only in conjunction with the -C option. The label you specify can be up to 128 characters
long and cannot contain any leading or trailing blank spaces.
After you define a volume label, you can use it whenever you specify the VMFS volume for the vmkfstools
command. The volume label appears in listings generated for the Linux ls -l command and as a symbolic
link to the VMFS volume under the /vmfs/volumes directory.
To change the VMFS volume label, use the Linux ln -sf command. Use the following as an example:
ln -sf /vmfs/volumes/<UUID> /vmfs/volumes/<fsName>
<fsName> is the new volume label to use for the <UUID> VMFS.
Example for Creating a VMFS File System

This example illustrates creating a new VMFS-3 file system named my_vmfs on the vml.<vml_ID>:1 partition.
The file block size is 1MB.
vmkfstools -C vmfs3 -b 1m -S my_vmfs /vmfs/devices/disks/vml.<vml_ID>:1
Extending an Existing VMFS-3 Volume

Use the vmkfstools command to add an extend to a VMFS volume.
-Z --extendfs <extention-device> <existing-VMFS-volume>
VMware, Inc. 227

This option adds another extent to a previously created VMFS volume <existing-VMFS-volume>. You must
specify the full path name, for example /vmfs/devices/disks/vml.<vml_ID>:1, not just the short name
vml.<vml_ID>:1. Each time you use this option, you extend a VMFS-3 volume with a new extent so that the
volume spans multiple partitions. At most, a logical VMFS-3 volume can have 32 physical extents.
CAUTION When you run this option, you lose all data that previously existed on the SCSI device you specified in
<extension-device>.
Example for Extending a VMFS-3 Volume

This example extends the logical file system by allowing it to span to a new partition.
vmkfstools -Z /vmfs/devices/disks/vml.<vml_ID_2>:1
/vmfs/devices/disks/vml.<vml_ID_1>:1
The extended file system spans two partitions—vml.<vml_ID_1>:1 and vml.<vml_ID_2>:1. In this example,
vml.<vml_ID_1>:1 is the name of the head partition.
Listing Attributes of a VMFS Volume

Use the vmkfstools command to list attributes of a VMFS volume.
-P --queryfs
-h --human-readable
When you use this option on any file or directory that resides on a VMFS volume, the option lists the attributes
of the specified volume. The listed attributes include the VMFS version number (VMFS-2 or VMFS-3), the
number of extents comprising the specified VMFS volume, the volume label if any, the UUID, and a listing of
the device names where each extent resides.
NOTE If any device backing VMFS file system goes offline, the number of extents and available space change
accordingly.
You can specify the -h suboption with the -P option. If you do so, vmkfstools lists the capacity of the volume
in a more readable form, for example, 5k, 12.1M, or 2.1G.
Upgrading a VMFS-2 to VMFS-3

You can upgrade a VMFS-2 file system to VMFS-3.
CAUTION The VMFS-2 to VMFS-3 conversion is a one-way process. After you have converted a VMFS-2 volume
to VMFS-3, you cannot revert it back to a VMFS-2 volume.
You can upgrade a VMFS-2 file system only if its file block size does not exceed 8 MB.
When upgrading the file system, use the following options:

n -T --tovmfs3 -x --upgradetype [zeroedthick|eagerzeroedthick|thin]
This option converts a VMFS-2 file system VMFS-3 preserving all files on the file system. Before conversion,
unload the vmfs2 and vmfs3 drivers and load the auxiliary file system driver, fsaux, with a module option
fsauxFunction=upgrade.
228 VMware, Inc.

You must specify the upgrade type using the -x --upgradetype suboption as one of the following:
n -x zeroedthick (default) – Retains the properties of VMFS-2 thick files. With the zeroedthick file
format, disk space is allocated to the files for future use and the unused data blocks are not zeroed
out.
n -x eagerzeroedthick – Zeroes out unused data blocks in thick files during conversion. If you use this
suboption, the upgrade process might take much longer than with the other options.
n -x thin – Converts the VMFS-2 thick files into thin-provisioned VMFS-3 files. As opposed to thick
file format, the thin-provisioned format doesn't allow files to have extra space allocated for their future
use, but instead provides the space on demand. During this conversion, unused blocks of the thick
files are discarded.
During conversion, the ESX file-locking mechanism ensures that no other local process accesses the VMFS
volume that is being converted, although you need to make sure that no remote ESX host is accessing this
volume. The conversion might take several minutes and returns to the command prompt when complete.
After conversion, unload the fsaux driver and load vmfs3 and vmfs2 drivers to resume normal operations.
n -u --upgradefinish
This option completes the upgrade.
Virtual Disk Options

Virtual disk options allow you to set up, migrate, and manage virtual disks stored in VMFS-2, VMFS-3, and
NFS file systems. You can also perform most of these tasks through the vSphere Client.
Supported Disk Formats

When you create or clone a virtual disk, you can use the -d --diskformat suboption to specify the format for
the disk.
Choose from the following formats:

n zeroedthick (default) – Space required for the virtual disk is allocated during creation. Any data remaining
on the physical device is not erased during creation, but is zeroed out on demand at a later time on first
write from the virtual machine. The virtual machine does not read stale data from disk.
n eagerzeroedthick – Space required for the virtual disk is allocated at creation time. In contrast to
zeroedthick format, the data remaining on the physical device is zeroed out during creation. It might take
much longer to create disks in this format than to create other types of disks.
n thick – Space required for the virtual disk is allocated during creation. This type of formatting doesn’t
zero out any old data that might be present on this allocated space. A non-root user is not allowed to create
this format.
n thin – Thin-provisioned virtual disk. Unlike with the thick format, space required for the virtual disk is
not allocated during creation, but is supplied, zeroed out, on demand at a later time.
n rdm – Virtual compatibility mode raw disk mapping.
n rdmp – Physical compatibility mode (pass-through) raw disk mapping.
n raw – Raw device.
n 2gbsparse – A sparse disk with 2GB maximum extent size. You can use disks in this format with other
VMware products, however, you cannot power on sparse disk on an ESX host unless you first reimport
the disk with vmkfstools in a compatible format, such as thick or thin.
VMware, Inc. 229

n monosparse – A monolithic sparse disk. You can use disks in this format with other VMware products.
n monoflat – A monolithic flat disk. You can use disks in this format with other VMware products.
NOTE The only disk formats you can use for NFS are thin, thick, zerodthick and 2gbsparse.
Thick, zeroedthick and thin usually mean the same because the NFS server and not the ESX host decides the
allocation policy. The default allocation policy on most NFS servers is thin.
Creating a Virtual Disk

Use the vmkfstools command to create a virtual disk.
-c --createvirtualdisk <size>[kK|mM|gG]
-a --adaptertype [buslogic|lsilogic] <srcfile>
-d --diskformat [thin|zeroedthick|eagerzeroedthick]
This option creates a virtual disk at the specified path on a VMFS volume. Specify the size of the virtual disk.
When you enter the value for <size>, you can indicate the unit type by adding a suffix of k (kilobytes), m
(megabytes), or g (gigabytes). The unit type is not case sensitive—vmkfstools interprets either k or K to mean
kilobytes. If you don’t specify a unit type, vmkfstools defaults to bytes.
You can specify the following suboptions with the -c option.

n -a specifies the device driver that is used to communicate with the virtual disks. You can choose between
BusLogic and LSI Logic SCSI drivers.
n -d specifies disk formats.
Example for Creating a Virtual Disk

This example illustrates creating a two-gigabyte virtual disk file named rh6.2.vmdk on the VMFS file system
named myVMFS. This file represents an empty virtual disk that virtual machines can access.
vmkfstools -c 2048m /vmfs/volumes/myVMFS/rh6.2.vmdk
Initializing a Virtual Disk

Use the vmkfstools command to initialize a virtual disk.
-w --writezeros
This option cleans the virtual disk by writing zeros over all its data. Depending on the size of your virtual disk
and the I/O bandwidth to the device hosting the virtual disk, completing this command might take a long time.
CAUTION When you use this command, you lose any existing data on the virtual disk.
Inflating a Thin Virtual Disk

Use the vmkfstools command to inflate a thin virtual disk.
-j --inflatedisk
This option converts a thin virtual disk to eagerzeroedthick, preserving all existing data. The option allocates
and zeroes out any blocks that are not already allocated.
Deleting a Virtual Disk

This option deletes files associated with the virtual disk listed at the specified path on the VMFS volume.
-U --deletevirtualdisk
230 VMware, Inc.

Renaming a Virtual Disk

This option renames a file associated with the virtual disk listed in the path specification portion of the
command line. You must specify the original file name or file path <oldName> and the new file name or file
path <newName>.
-E --renamevirtualdisk <oldName> <newName>
Cloning a Virtual or Raw Disk

This option creates a copy of a virtual disk or raw disk you specify.
-i --importfile <srcfile> -d --diskformat
[rdm:<device>|rdmp:<device>|
raw:<device>|thin|2gbsparse|monosparse|monoflat]
You can use the -d suboption for the -i option. This suboption specifies the disk format for the copy you create.
A non-root user is not allowed to clone a virtual disk or a raw disk.
NOTE To clone the ESX Redo logs while preserving their hierarchy, use the cp command.
Example for Cloning a Virtual Disk

This example illustrates cloning the contents of a master virtual disk from the templates repository to a virtual
disk file named myOS.vmdk on the myVMFS file system.
vmkfstools -i /vmfs/volumes/templates/gold-master.vmdk /vmfs/volumes/myVMFS/myOS.vmdk
You can configure a virtual machine to use this virtual disk by adding lines to the virtual machine configuration
file, as in the following example:
scsi0:0.present = TRUE
scsi0:0.fileName = /vmfs/volumes/myVMFS/myOS.vmdk
Migrate VMware Workstation and VMware GSX Server Virtual Machines

You cannot use a vSphere Client to migrate virtual machines created with VMware Workstation or VMware
GSX Server into your ESX system. However, you can use the vmkfstools -i command to import the virtual
disk into your ESX system and then attach this disk to a new virtual machine you create in ESX.
You must import the virtual disk first because you cannot power on disks exported in 2gbsparse format on an
ESX host.
Procedure
1 Import a Workstation or GSX Server disk into your /vmfs/volumes/myVMFS/ directory or any subdirectory.
2 In the vSphere Client, create a new virtual machine using the Custom configuration option.
3 When you configure a disk, select Use an existing virtual disk and attach the Workstation or GSX Server
disk you imported.
Extending a Virtual Disk

This option extends the size of a disk allocated to a virtual machine after the virtual machine has been created.
-X --extendvirtualdisk <newSize>[kK|mM|gG]
You must power off the virtual machine that uses this disk file before you enter this command. You might
have to update the file system on the disk so the guest operating system can recognize and use the new size
of the disk and take advantage of the extra space.
VMware, Inc. 231

You specify the newSize parameter in kilobytes, megabytes, or gigabytes by adding a k (kilobytes), m
(megabytes), or g (gigabytes) suffix. The unit type is not case sensitive—vmkfstools interprets either k or K to
mean kilobytes. If you don’t specify a unit type, vmkfstools defaults to kilobytes.
The newSize parameter defines the entire new size, not just the increment you add to the disk.
For example, to extend a 4g virtual disk by 1g, enter: vmkfstools -X 5g <disk name>.dsk
NOTE Do not extend the base disk of a virtual machine that has snapshots associated with it. If you do, you
can no longer commit the snapshot or revert the base disk to its original size.
Migrating a VMFS-2 Virtual Disk to VMFS-3

This option converts the specified virtual disk file from ESX Server 2 format to ESX format.
-M --migratevirtualdisk
Creating a Virtual Compatibility Mode Raw Device Mapping

This option creates a Raw Device Mapping (RDM) file on a VMFS-3 volume and maps a raw disk to this file.
After this mapping is established, you can access the raw disk as you would a normal VMFS virtual disk. The
file length of the mapping is the same as the size of the raw disk it points to.
-r --createrdm <device>
When specifying the <device> parameter, use the following format:

/vmfs/devices/disks/vml.<vml_ID>
NOTE All VMFS-3 file-locking mechanisms apply to RDMs.
Example for Creating a Virtual Compatibility Mode RDM

In this example, you create an RDM file named my_rdm.vmdk and map the vml.<vml_ID> raw disk to that file.
vmkfstools -r /vmfs/devices/disks/vml.<vml_ID> my_rdm.vmdk
You can configure a virtual machine to use the my_rdm.vmdk mapping file by adding the following lines to the
virtual machine configuration file:
scsi0:0.present = TRUE
scsi0:0.fileName = /vmfs/volumes/myVMFS/my_rdm.vmdk
Creating a Physical Compatibility Mode Raw Device Mapping

This option lets you map a pass-through raw device to a file on a VMFS volume. This mapping lets a virtual
machine bypass ESX SCSI command filtering when accessing its virtual disk.This type of mapping is useful
when the virtual machine needs to send proprietary SCSI commands, for example, when SAN-aware software
runs on the virtual machine.
-z --createrdmpassthru <device>
After you establish this type of mapping, you can use it to access the raw disk just as you would any other
VMFS virtual disk.
When specifying the <device> parameter, use the following format:

/vmfs/devices/disks/vml.<vml_ID>
232 VMware, Inc.

Listing Attributes of an RDM

This option lets you list the attributes of a raw disk mapping.
-q --queryrdm
This option prints the name of the raw disk RDM. The option also prints other identification information, like
the disk ID, for the raw disk.
Displaying Virtual Disk Geometry

This option gets information about the geometry of a virtual disk.
-g --geometry
The output is in the form: Geometry information C/H/S, where C represents the number of cylinders, H
represents the number of heads, and S represents the number of sectors.
NOTE When you import VMware Workstation virtual disks to an ESX host, you might see a disk geometry
mismatch error message. A disk geometry mismatch might also be the cause of problems loading a guest
operating system or running a newly-created virtual machine.
Managing SCSI Reservations of LUNs

The -L option allows you to perform administrative task for physical storage devices. You can perform most
of these tasks through the vSphere Client.
-L --lock [reserve|release|lunreset|targetreset|busreset]<device>
This option lets you reserve a SCSI LUN for exclusive use by an ESX host, release a reservation so that other
hosts can access the LUN, and reset a reservation, forcing all reservations from the target to be released.
CAUTION Using the -L option can interrupt the operations of other servers on a SAN. Use the -L option only
when troubleshooting clustering setups.
Unless specifically advised by VMware, never use this option on a LUN hosting a VMFS volume.
You can specify the -L option in several ways:

n -L reserve – Reserves the specified LUN. After the reservation, only the server that reserved that LUN
can access it. If other servers attempt to access that LUN, a reservation error results.
n -L release – Releases the reservation on the specified LUN. Other servers can access the LUN again.
n -L lunreset – Resets the specified LUN by clearing any reservation on the LUN and making the LUN
available to all servers again. The reset does not affect any of the other LUNs on the device. If another
LUN on the device is reserved, it remains reserved.
n -L targetreset – Resets the entire target. The reset clears any reservations on all the LUNs associated
with that target and makes the LUNs available to all servers again.
n -L busreset – Resets all accessible targets on the bus. The reset clears any reservation on all the LUNs
accessible through the bus and makes them available to all servers again.
When entering the <device> parameter, use the following format:

/vmfs/devices/disks/vml.<vml_ID>:P
VMware, Inc. 233

234 VMware, Inc.

Index
Symbols B
* next to path 116 bandwidth
average 52, 53
Numerics peak 52, 53
802.1Q and ISL tagging attacks 158 binding on host, dvPort groups 33
Blade servers
and virtual networking 65
A
configuring a virtual machine port group 65
accessing storage 79
configuring a VMkernel port 66
active adapters 27
block devices 126
active uplinks 42, 45, 46
blocked ports, dvPorts 55
active-active disk arrays 117
burst size 52–54
active-passive disk arrays 117
adapter, virtual 38
C
adding
dvPort groups 32 CA-signed certificates 174
NFS storage 100 CDP 27, 28
adding a VMkernel network adapter 22 certificates
certificate file 172
adding users to groups 172
checking 172
admin contact info 31
configuring host searches 176
Administrator role 168, 169
default 172
aging, password restrictions 184
disabling SSL for vSphere Web Access and
antivirus software, installing 199
SDK 175
applications
default 191, 192 generating new 173
disabling optional 190 key file 172
optional 190–192 location 172
setgid flag 190 SSL 172
setuid flag 190 vCenter Server 172
asterisk next to path 116 vSphere Web Access 172
certification, security 143
attacks
802.1Q and ISL tagging 158 changing host proxy services 176
double-encapsulated 158 CHAP
disabling 95
MAC flooding 158
for discovery targets 93
multicast brute-force 158
for iSCSI initiators 92
random frame 158
for static targets 93
spanning tree 158
authentication mutual 92
groups 167 one-way 92
iSCSI storage 161 CHAP authentication 91, 161, 162
users 165, 167 CHAP authentication methods 92
vSphere Client to ESX 165 CIM and firewall ports 150
authentication daemon 165 cipher strength, connections 190
average bandwidth 54 Cisco Discovery Protocol 28, 31
Cisco switches 27
claim rules 115
VMware, Inc. 235

command reference for ESX 219 SSL for vSphere Web Access and SDK 175
compatibility modes variable information size 201
physical 126 disabling paths 118
virtual 126 discovery
config reset at disconnect, dvPort groups 33 address 90
configuring dynamic 90
dynamic discovery 90
static 91
RDM 130 disk arrays
SCSI storage 97 active-active 117
static discovery 91 active-passive 117
creating host profile 208, 209 disk formats
creating host profiles 208 NFS 98
current multipathing state 116 thick provisioned 119
cut and paste, disabling for guest operating thin provisioned 119
systems 199 disks, format 120
DMZ 140
D DNS 55
datastore copies, mounting 108 double-encapsulated attacks 158
datastores dvPort group, load balancing 45
adding extents 106 dvPort groups
configuring on NFS volumes 100 binding on host 33
creating on SCSI disk 97 config reset at disconnect 33
displaying 82 description 32
grouping 104 failback 45
increasing capacity 106 failover order 45
managing 103 live port moving 33
managing duplicate 107 name 32
mounting 108 network failover detection 45
NFS 76 notify switches 45
paths 116 number of ports 32
refresh 96 override settings 33
renaming 104 port blocking 55
review properties 83 port group type 32
storage over-subscription 121 port name format 33
unmounting 105 teaming and failover policies 45
viewing in vSphere Client 80 traffic shaping policies 54
VMFS 76 virtual machines 40
default certificates, replacing with CA-signed dvPort Groups, adding 32
certificates 174 dvPorts
delegate user 98 blocked ports 55
deployments for security failback 46
multiple customer open 195, 198 failover order 46
multiple customer restricted 196 load balancing 46
device disconnection, preventing 200 network failover detection 46
DHCP 25 notify switches 46
diagnostic partition, configuring 100 port policies 55
direct access 167 properties 33
disabling teaming and failover policies 46
cut and paste for virtual machines 199
traffic shaping policies 54
iSCSI SAN authentication 162
VLAN policies 48
logging for guest operating systems 202, 203 DVS
setgid applications 190 adding a VMkernel network adapter 36
setuid applications 190 admin contact info 31
236 VMware, Inc.

Index
Cisco Discovery Protocol 31 service console 180–183

IP address 31 supported services 150
maximum MTU 31 vSphere Client and vCenter Server 146
maximum number of ports 31 vSphere Client and virtual machine
dvUplink 30 console 149
dynamic discovery, configuring 90 vSphere Client direct connection 147
dynamic discovery addresses 90 vSphere Web Access and the virtual machine
console 149
E vSphere Web Access and vCenter Server 146
early binding port groups 32 vSphere Web Access direct connection 147
encryption firewalls
certificates 172 access for management agents 151
enabling and disabling SSL 172 access for services 151
for user name, passwords, packets 172 configuring 152
enhanced vmxnet 58, 59 Fixed path policy 111, 117
ESX, command reference 219 forged transmissions 159, 160
esxcfg commands 219 forged transmits 50, 51
exporting FTP and firewall ports 150
host groups 170
host users 170 G
extents generating certificates 173
adding to datastore 106 groups
growing 106 about 170
adding to hosts 171
F adding users 172
failback 42, 45, 46 authentication 167
failover 42, 109 exporting a group list 170
failover order 42, 45, 46 modifying on hosts 172
failover paths, status 116 permissions and roles 166
failover policies removing from hosts 171
dvPort groups 45 viewing group lists 170
dvPorts 46 guest operating systems
vSwitch 42 disabling cut and paste 199
Fibre Channel 72 disabling logging 202, 203
Fibre Channel SANs, WWNs 74 limiting variable information size 201
Fibre Channel storage, overview 86 logging levels 202
file systems, upgrading 107 security recommendations 199
firewall ports
automating service behavior 152
H
backup agents 180 hardware devices, removing 200
closing 183 hardware iSCSI, and failover 113
configuring with vCenter Server 146 hardware iSCSI initiator, changing iSCSI
configuring without vCenter Server 147 name 88
connecting to vCenter Server 148 hardware iSCSI initiators
configuring 87
connecting virtual machine console 149
installing 87
encryption 172
setting up discovery addresses 90
host to host 150
setting up naming parameters 88
management 150
viewing 87
opening in service console 182
host certificate searches 176
opening with vSphere Client 150
host networking, viewing 16
overview 145
host profile, attaching entities 211
SDK and virtual machine console 149 host profiles
security level 180–182 accessing 208
VMware, Inc. 237

applying profiles 212 iSCSI storage

attaching entities from host 211 hardware-initiated 86
attaching entities from Host Profile view 211 initiators 86
checking compliance 214, 215 software-initiated 86
create new profile 208 isolation
virtual machines 136
create new profile from host 209
virtual networking layer 138
create new profile from host profile view 208
virtual switches 138
editing 210
VLANs 138
editing policies 210
enabling policy compliance check 211
J
exporting 209 jumbo frames
importing 209 enabling 59
managing profiles 211 virtual machines 58, 59
usage model 207
host-to-host firewall ports 150 L
hosts late binding port groups 32
adding groups 171 Layer 2 security 48
adding to a vNetwork Distributed Switch 30 live port moving, dvPort groups 33
adding users 170 load balancing 42, 45, 46
deployments and security 195 local SCSI storage, overview 85
memory 201 log files
thumbprints 172 limiting number 203
limiting size 203
I logging, disabling for guest operating
systems 202, 203
IDE 72
logging levels, guest operating systems 202
inbound traffic shaping 54 LUNs
Internet Protocol 41 creating, and rescan 96, 97
IP address 31 making changes and rescan 96
IP addresses 75 masking changes and rescan 97
IP storage port groups, creating 22, 36 multipathing policy 117
IPv4 41 setting multipathing policy 117
IPv6 41
iSCSI M
authentication 161 MAC address
networking 64 configuring 56
protecting transmitted data 162 generating 56
QLogic iSCSI adapters 161 MAC address changes 159, 160
securing ports 162 MAC addresses 50, 51
security 161 MAC flooding 158
software client and firewall ports 150 management access
iSCSI aliases 75 firewalls 151
iSCSI HBA, alias 88 TCP and UDP ports 153
iSCSI initiators maximum MTU 31
advanced parameters 95 maximum number of ports 31
configuring advanced parameters 96 metadata, RDMs 126
configuring CHAP 92 modifying groups on hosts 172
hardware 87 Most Recently Used path policy 111, 117
setting up CHAP parameters 91 mounting VMFS datastores 108
iSCSI names 75 MPPs, See multipathing plugins
iSCSI networking, creating a VMkernel port 64, MRU path policy 117
89 MTU 59
iSCSI SAN authentication, disabling 162 multicast brute-force attacks 158
238 VMware, Inc.

Index
multipathing criteria 185

active paths 116 host 184, 185, 187, 189
broken paths 116 length 185
disabled paths 116 pam_cracklib.so plug-in 185
standby paths 116 pam_passwdqc.so plug-in 189
viewing the current state of 116 plug-ins 185
multipathing plugins, path claiming 115 restrictions 184, 185
multipathing policy 117 reuse rules 187
multipathing state 116 service console 184
mutual CHAP 92 path claiming 115
path failover, host-based 113
N
path failure 112
NAS, mounting 64
path failure rescan 96, 97
NAT 41
path management 109
Native Multipathing Plugin 110, 111
path policies
Nessus 193
changing defaults 118
NetQueue, disabling 60
Fixed 111, 117
network adapter, service console 24
network adapters, viewing 17, 32 Most Recently Used 111, 117
network address translation 41 MRU 117
network failover detection 42, 45, 46 Round Robin 111, 117
networking, security policies 50, 51 Path Selection Plugins 111
networking best practices 63 paths
disabling 118
networks, security 154
NFS, firewall ports 150 preferred 116
NFS datastores, unmounting 105 peak bandwidth 52–54
NFS storage permissions
adding 100 and privileges 167
overview 98 overview 167
NIC, adding 35 root user 167
NIC teaming, definition 15
user 168
NIS and firewall ports 150
vCenter Server administrator 167
NMP, path claiming 115
vpxuser 167
no access role 169 physical adapters, removing 36
No Access role 168 physical switches, troubleshooting 68
notify switches 42, 45, 46 plug-ins
NTP 152 pam_cracklib.so 185
pam_passwdqc.so 189
O Pluggable Storage Architecture 110
one-way CHAP 92 port binding 89, 113
outbound traffic shaping 54 port blocking, dvPort groups 55
override settings, dvPort groups 33 port configuration 26
port group
P definition 15
pam_cracklib.so plug-in 185 using 20
pam_passwdqc.so plug-in 189 port groups
Layer 2 Security 49
partition mappings 126
traffic shaping 53
passive disk arrays 117
port name format, dvPort groups 33
passthrough device, add to a virtual machine 61 ports, service console 24
passwords
preferred path 116
aging 184
private VLAN
aging restrictions 184, 185
create 34
complexity 185, 187
primary 34
VMware, Inc. 239

removing 34, 35 SDK, firewall ports and virtual machine

secondary 35 console 149
privileges and permissions 167 security
architecture 135
promiscuous mode 50, 51, 159, 160
certification 143
properties, dvPorts 33
proxy services cipher strength 190
changing 176 DMZ in single host 138, 140
encryption 172 features 135
PSA, See Pluggable Storage Architecture iSCSI storage 161
PSPs, See Path Selection Plugins overview 135
PAM authentication 165
R patches 193
RAID devices 126 permissions 167
random frame attacks 158 recommendations for virtual machines 199
raw device mapping, see RDM 123 resource guarantees and limits 136
RDM scanning software 193
advantages 124 service console 142, 179
and virtual disk files 129 setuid and setgid flags 190
creating 130 virtual machines 136
dynamic name resolution 127 virtual machines with VLANs 154
overview 123 virtual networking layer 138
physical compatibility mode 126 virtual switch ports 159
virtual compatibility mode 126 virtualization layer 136
with clustering 129 VLAN hopping 156
RDMs
VMkernel 136
and snapshots 126
VMware policy 143
and VMFS formats 126
vmware-authd 165
Read Only role 168, 169
vmware-hostd 165
refresh 96
security policies, dvPorts 50, 51
removing users from groups 172 service console
replacing, default certificates 174 closing firewall ports 183
rescan direct connections 180
LUN creation 96, 97
firewall ports 182
path masking 96, 97
firewall security 180
when path is down 96, 97
isolating 157
resource limits and guarantees, security 136
roles logging in 180
Administrator 168 network policies 25
and permissions 168 opening firewall ports 182
default 168 password plug-in 189
No Access 168 password restrictions 184
Read Only 168 recommendations for securing 179
security 168 remote connections 180
root login securing with VLANs and virtual switches 156
permissions 167, 168 security 142
SSH 192 setgid applications 190
Round Robin path policy 111, 117 setuid applications 190
routing 55 SSH connections 192
troubleshooting 68
S VLAN 25
SAS 72 service console networking
SATA 72 configuration 23
SCSI, vmkfstools 225 troubleshooting 67, 68
240 VMware, Inc.

Index
services securing with VLANs and virtual switches 156

automating 152 types 72
starting 152 used by virtual machines 120
setgid viewing in vSphere Client 80
applications 190 storage adapters
default applications 192 copying names 81
disabling applications 190 Fibre Channel 86
setinfo 201 viewing 80
setuid viewing in vSphere Client 80
applications 190 SATPs 111
default applications 191 Storage Array Type Plugins 111
disabling applications 190 storage devices
shell access, granting 171 displaying for a host 81
single point of failure 85 displaying for an adapter 82
SMB and firewall ports 150 identifiers 76
SNMP and firewall ports 150 names 76
software iSCSI paths 116
and failover 113
runtime names 76
diagnostic partition 100
viewing 81
networking 89
storage space 118
software iSCSI initiators
configuring 88 switch, vNetwork 38
enabling 90
setting up discovery addresses 90
T
targets 73
spanning tree attacks 158
TCP ports 153
SPOF 85
teaming policies
SSH
dvPort groups 45
configuring 193
dvPorts 46
firewall ports 150
vSwitch 42
security settings 192
thin disks, creating 119
service console 192
third-party software support policy 143
SSL
enabling and disabling 172 third-party switch 29
encryption and certificates 172 thumbprints, hosts 172
timeouts, SSL 174
timeouts 174
Tomcat Web service 142
standby adapters 27
traffic shaping
standby uplinks 42, 45, 46
port groups 53
static discovery, configuring 91
vSwitch 52
static discovery addresses 90 traffic shaping policies
storage dvPort groups 54
access for virtual machines 79 dvPorts 54
adapters 73
Fibre Channel 86 U
iSCSI 86 UDP ports 153
local 72 uplink adapters
local SCSI 85 adding 27
networked 72 duplex 26
NFS 98 speed 26
not-shared 120 uplink assignments 32
overview 71 uplinks, removing 36
provisioned 120 USB 72
provisioning 118 user permissions, vpxuser 168
SAN 86
VMware, Inc. 241

user roles double-encapsulated attacks 158

Administrator 169 forged transmissions 159
no access 169 MAC address changes 159
Read Only 169 MAC flooding 158
users multicast brute-force attacks 158
about 170
promiscuous mode 159
adding to groups 172
random frame attacks 158
adding to hosts 170
scenarios for deployment 195
authentication 167
security 158
direct access 167
spanning tree attacks 158
exporting a user list 170 virtualization layer, security 136
from Windows domain 167 VLAN
modifying on hosts 171 definition 15
permissions and roles 166 private 34
removing from groups 172 VLAN ID 32
removing from hosts 171 VLAN policies
security 167 dvPort group 48
vCenter Server 167 dvPorts 48
viewing user list 170 VLAN security 156
VLAN trunking 48
V VLAN Trunking 32, 48
variable information size for guest operating VLAN Type 48
systems VLANs
disabling 201 and iSCSI 162
limiting 201 Layer 2 security 156
vCenter Server
scenarios for deployment 195
connecting through firewall 148
security 154, 157
firewall ports 146
VLAN hopping 156
permissions 167
VLANS
vCenter Server users 167 configuring for security 157
virtual adapter, VMkernel 38 service console 157
virtual disks, formats 119 VMFS
virtual machine networking 16, 20 sharing 195
virtual machines vmkfstools 225
disabling cut and paste 199 volume resignaturing 107
disabling logging 202, 203 VMFS datastores
isolation 138, 140 adding extents 106
limiting variable information size 201 changing properties 105
migrating to or from a vNetwork Distributed changing signatures 109
Switch 40 configuring 97
networking 40 creating 77
preventing device disconnection 200 deleting 104
resource reservations and limits 136 increasing capacity 106
security 136 resignaturing copies 108
security recommendations 199 sharing 78
virtual network, security 154 unmounting 105
virtual network adapters, removing 39
VMFS volume resignaturing 107
virtual networking layer and security 138
VMkernel
virtual switch ports, security 159 configuring 21
virtual switch security 156 definition 15
virtual switches security 136
802.1Q and ISL tagging attacks 158
VMkernel adapter 38
and iSCSI 162
VMkernel network adapters, adding 22, 36
242 VMware, Inc.

Index
VMkernel networking 16 traffic shaping 52

vmkfstools viewing 16
file system options 227 volume resignaturing 107, 108
overview 225 vpxuser 168
syntax 225 vSphere Client
virtual disk options 229 firewall ports connecting to virtual machine
VMotion console 149
definition 15 firewall ports for direct connection 147
networking configuration 21 firewall ports with vCenter Server 146
securing with VLANs and virtual switches 156 vSphere Web Access
VMotion interfaces, creating 22, 36 and host services 172
VMware NMP disabling SSL 175
I/O flow 112 firewall ports connecting to virtual machine
See also Native Multipathing Plugin console 149
vmware-hostd 165 firewall ports for direct connection 147
vNetwork Distributed Switch firewall ports with vCenter Server 146
adding a host to 30 vSwitch
adding a NIC to 35 definition 15
new 30 failback 42
third-party 29 failover order 42
VMkernel adapter 38 Layer 2 Security 49
vNetwork Distributed Switches load balancing 42
adding a VMkernel network adapter 36 network failover detection 42
adding hosts to 30 notify switches 42
admin contact info 31 port configuration 26
Cisco Discovery Protocol 31 teaming and failover policies 42
IP address 31 traffic shaping 52
maximum MTU 31 using 19
maximum number of ports 31 viewing 16
migrating virtual machines to or from 40
miscellaneous policies 55 W
vNetwork Standard Switch WWNs 74
Layer 2 Security 49
port configuration 26
VMware, Inc. 243

244 VMware, Inc.

vSphere Resource Management Guide
ESX 4.0
ESXi 4.0
vCenter Server 4.0
EN-000107-00
©
2006–2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About This Book 5
1 Getting Started with Resource Management 7

What Is Resource Management? 7
Configuring Resource Allocation Settings 8
Viewing Resource Allocation Information 11
Admission Control 14
2 Managing CPU Resources 15

CPU Virtualization Basics 15
Administering CPU Resources 16
3 Managing Memory Resources 23

Memory Virtualization Basics 23
Administering Memory Resources 26
4 Managing Resource Pools 35

Why Use Resource Pools? 36
Create Resource Pools 37
Add Virtual Machines to a Resource Pool 38
Removing Virtual Machines from a Resource Pool 39
Resource Pool Admission Control 39
5 Creating a DRS Cluster 43

Admission Control and Initial Placement 44
Virtual Machine Migration 45
DRS Cluster Prerequisites 47
Create a DRS Cluster 48
Set a Custom Automation Level for a Virtual Machine 49
Disable DRS 50
6 Using DRS Clusters to Manage Resources 51

Using DRS Rules 51
Adding Hosts to a Cluster 53
Adding Virtual Machines to a Cluster 54
Remove Hosts from a Cluster 55
Removing Virtual Machines from a Cluster 56
DRS Cluster Validity 56
Managing Power Resources 60
VMware, Inc. 3
7 Viewing DRS Cluster Information 65

Viewing the Cluster Summary Tab 65
Using the DRS Tab 67
8 Using NUMA Systems with ESX/ESXi 71

What is NUMA? 71
How ESX/ESXi NUMA Scheduling Works 72
VMware NUMA Optimization Algorithms and Settings 73
Resource Management in NUMA Architectures 74
Specifying NUMA Controls 75
A Performance Monitoring Utilities: resxtop and esxtop 79

Using the esxtop Utility 79
Using the resxtop Utility 79
Using esxtop or resxtop in Interactive Mode 80
Using Batch Mode 94
Using Replay Mode 95
B Advanced Attributes 97
Set Advanced Host Attributes 97
Set Advanced Virtual Machine Attributes 99
Index 101
4 VMware, Inc.
About This Book
®
The vSphere Resource Management Guide describes resource management for vSphere environments. Its focus
is on the following major topics:
n Resource allocation and resource management concepts
n Virtual machine attributes and admission control
n Resource pools and how to manage them
® ®
n Clusters, VMware Distributed Resource Scheduler (DRS), VMware Distributed Power Management
(DPM), and how to work with them
n Advanced resource management options
n Performance considerations
® ®
The vSphere Resource Management Guide covers ESX , ESXi, and vCenter Server.
Intended Audience
This manual is for system administrators who want to understand how the system manages resources and
how they can customize the default behavior. It’s also essential for anyone who wants to understand and use
resource pools, clusters, DRS, or VMware DPM.
This manual assumes you have a working knowledge of VMware ESX and VMware ESXi and of vCenter
Server.
Document Feedback
The vSphere documentation consists of the combined vCenter Server and ESX/ESXi documentation set.

VMware, Inc. 5

6 VMware, Inc.
Getting Started with Resource
Management 1
To understand resource management, you must be aware of its components, its goals, and how best to
implement it in a cluster setting.
Resource allocation settings for a virtual machine (shares, reservation, and limit) are discussed, including how
to set them and how to view them. Also, admission control, the process whereby resource allocation settings
are validated against existing resources is explained.

n “What Is Resource Management?,” on page 7
n “Configuring Resource Allocation Settings,” on page 8
n “Viewing Resource Allocation Information,” on page 11
n “Admission Control,” on page 14
What Is Resource Management?

Resource management is the allocation of resources from resource providers to resource consumers.
The need for resource management arises from the overcommitment of resources—that is, more demand than
capacity and from the fact that demand and capacity vary over time. Resource management allows you to
dynamically reallocate resources, so that you can more efficiently use available capacity.
Resource Types
Resources include CPU, memory, power, storage, and network resources.
Resource management in this context focuses primarily on CPU and memory resources. Power resource
®
consumption can also be reduced with the VMware Distributed Power Management (DPM) feature.
NOTE ESX/ESXi manages network bandwidth and disk resources on a per-host basis, using network traffic
shaping and a proportional share mechanism, respectively.
Resource Providers
Hosts and clusters are providers of physical resources.
For hosts, available resources are the host’s hardware specification, minus the resources used by the
virtualization software.
VMware, Inc. 7
®
A cluster is a group of hosts. You can create a cluster using VMware vCenter Server, and add multiple hosts
to the cluster. vCenter Server manages these hosts’ resources jointly: the cluster owns all of the CPU and
memory of all hosts. You can enable the cluster for joint load balancing or failover. See Chapter 5, “Creating a
DRS Cluster,” on page 43 for more information.
Resource Consumers
Virtual machines are resource consumers.
The default resource settings assigned during creation work well for most machines. You can later edit the
virtual machine settings to allocate a share-based percentage of the total CPU and memory of the resource
provider or a guaranteed reservation of CPU and memory. When you power on that virtual machine, the server
checks whether enough unreserved resources are available and allows power on only if there are enough
resources. This process is called admission control.
A resource pool is a logical abstraction for flexible management of resources. Resource pools can be grouped
into hierarchies and used to hierarchically partition available CPU and memory resources. Accordingly,
resource pools can be considered both resource providers and consumers. They provide resources to child
resource pools and virtual machines, but are also resource consumers because they consume their parents’
resources. See Chapter 4, “Managing Resource Pools,” on page 35.
An ESX/ESXi host allocates each virtual machine a portion of the underlying hardware resources based on a
number of factors:
n Total available resources for the ESX/ESXi host (or the cluster).
n Number of virtual machines powered on and resource usage by those virtual machines.
n Overhead required to manage the virtualization.
n Resource limits defined by the user.
Goals of Resource Management

When managing your resources, you should be aware of what your goals are.
In addition to resolving resource overcommitment, resource management can help you accomplish the
following:
n Performance Isolation—prevent virtual machines from monopolizing resources and guarantee
predictable service rates.
n Efficient Utilization—exploit undercommitted resources and overcommit with graceful degradation.
n Easy Administration—control the relative importance of virtual machines, provide flexible dynamic
partitioning, and meet absolute service-level agreements.
Configuring Resource Allocation Settings

When available resource capacity does not meet the demands of the resource consumers (and virtualization
overhead), administrators might need to customize the amount of resources that are allocated to virtual
machines or to the resource pools in which they reside.
Use the resource allocation settings (shares, reservation, and limit) to determine the amount of CPU and
memory resources provided for a virtual machine. In particular, administrators have several options for
allocating resources.
n Reserve the physical resources of the host or cluster.
n Ensure that a certain amount of memory for a virtual machine is provided by the physical memory of the
ESX/ESXi machine.
8 VMware, Inc.
Chapter 1 Getting Started with Resource Management
n Guarantee that a particular virtual machine is always allocated a higher percentage of the physical
resources than other virtual machines.
n Set an upper bound on the resources that can be allocated to a virtual machine.
Resource Allocation Shares

Shares specify the relative priority or importance of a virtual machine (or resource pool). If a virtual machine
has twice as many shares of a resource as another virtual machine, it is entitled to consume twice as much of
that resource when these two virtual machines are competing for resources.
Shares are typically specified as High, Normal, or Low and these values specify share values with a 4:2:1 ratio,
respectively. You can also select Custom to assign a specific number of shares (which expresses a proportional
weight) to each virtual machine.
Specifying shares makes sense only with regard to sibling virtual machines or resource pools, that is, virtual
machines or resource pools with the same parent in the resource pool hierarchy. Siblings share resources
according to their relative share values, bounded by the reservation and limit. When you assign shares to a
virtual machine, you always specify the priority for that virtual machine relative to other powered-on virtual
machines.
The following table shows the default CPU and memory share values for a virtual machine. For resource pools,
the default CPU and memory share values are the same, but must be multiplied as if the resource pool were
a virtual machine with four VCPUs and 16 GB of memory.
Table 1-1. Share Values

Setting CPU share values Memory share values
High 2000 shares per virtual CPU 20 shares per megabyte of configured virtual machine
memory.
Normal 1000 shares per virtual CPU 10 shares per megabyte of configured virtual machine
memory.
Low 500 shares per virtual CPU 5 shares per megabyte of configured virtual machine
memory.
For example, an SMP virtual machine with two virtual CPUs and 1GB RAM with CPU and memory shares set to
Normal has 2x1000=2000 shares of CPU and 10x1024=10240 shares of memory.
NOTE Virtual machines with more than one virtual CPU are called SMP (symmetric multiprocessing) virtual
machines. ESX/ESXi supports up to eight virtual CPUs per virtual machine. This is also called eight-way SMP
support.
The relative priority represented by each share changes when a new virtual machine is powered on. This affects
all virtual machines in the same resource pool. All of the virtual machines have the same number of VCPUs.
Consider the following examples.
n Two CPU-bound virtual machines run on a host with 8GHz of aggregate CPU capacity. Their CPU shares
are set to Normal and get 4GHz each.
n A third CPU-bound virtual machine is powered on. Its CPU shares value is set to High, which means it
should have twice as many shares as the machines set to Normal. The new virtual machine receives 4GHz
and the two other machines get only 2GHz each. The same result occurs if the user specifies a custom
share value of 2000 for the third virtual machine.
VMware, Inc. 9
Resource Allocation Reservation

A reservation specifies the guaranteed minimum allocation for a virtual machine.
vCenter Server or ESX/ESXi allows you to power on a virtual machine only if there are enough unreserved
resources to satisfy the reservation of the virtual machine. The server guarantees that amount even when the
physical server is heavily loaded. The reservation is expressed in concrete units (megahertz or megabytes).
For example, assume you have 2GHz available and specify a reservation of 1GHz for VM1 and 1GHz for VM2.
Now each virtual machine is guaranteed to get 1GHz if it needs it. However, if VM1 is using only 500MHz,
VM2 can use 1.5GHz.
Reservation defaults to 0. You can specify a reservation if you need to guarantee that the minimum required
amounts of CPU or memory are always available for the virtual machine.
Resource Allocation Limit

Limit specifies an upper bound for CPU or memory resources that can be allocated to a virtual machine.
A server can allocate more than the reservation to a virtual machine, but never allocates more than the limit,
even if there is unutilized CPU or memory on the system. The limit is expressed in concrete units (megahertz
or megabytes).
CPU and memory limit default to unlimited. When the memory limit is unlimited, the amount of memory
configured for the virtual machine when it was created becomes its effective limit in most cases.
In most cases, it is not necessary to specify a limit. There are benefits and drawbacks:
n Benefits — Assigning a limit is useful if you start with a small number of virtual machines and want to
manage user expectations. Performance deteriorates as you add more virtual machines. You can simulate
having fewer resources available by specifying a limit.
n Drawbacks — You might waste idle resources if you specify a limit. The system does not allow virtual
machines to use more resources than the limit, even when the system is underutilized and idle resources
are available. Specify the limit only if you have good reasons for doing so.
Resource Allocation Settings Suggestions

Select resource allocation settings (shares, reservation, and limit) that are appropriate for your ESX/ESXi
environment.
The following guidelines can help you achieve better performance for your virtual machines.
n If you expect frequent changes to the total available resources, use Shares to allocate resources fairly across
virtual machines. If you use Shares, and you upgrade the host, for example, each virtual machine stays
at the same priority (keeps the same number of shares) even though each share represents a larger amount
of memory or CPU.
n Use Reservation to specify the minimum acceptable amount of CPU or memory, not the amount you want
to have available. The host assigns additional resources as available based on the number of shares,
estimated demand, and the limit for your virtual machine. The amount of concrete resources represented
by a reservation does not change when you change the environment, such as by adding or removing
virtual machines.
n When specifying the reservations for virtual machines, do not commit all resources (plan to leave at least
10% unreserved.) As you move closer to fully reserving all capacity in the system, it becomes increasingly
difficult to make changes to reservations and to the resource pool hierarchy without violating admission
control. In a DRS-enabled cluster, reservations that fully commit the capacity of the cluster or of individual
hosts in the cluster can prevent DRS from migrating virtual machines between hosts.
10 VMware, Inc.
Changing Resource Allocation Settings—Example

The following example illustrates how you can change resource allocation settings to improve virtual machine
performance.
Assume that on an ESX/ESXi host, you have created two new virtual machines—one each for your QA (VM-
QA) and Marketing (VM-Marketing) departments.
Figure 1-1. Single Host with Two Virtual Machines
ESX/ESXi
host
VM-QA VM-Marketing
In the following example, assume that VM-QA is memory intensive and accordingly you want to change the
resource allocation settings for the two virtual machines to:
n Specify that, when system memory is overcommitted, VM-QA can use twice as much memory and CPU
as the Marketing virtual machine. Set the memory shares and CPU shares for VM-QA to High and for
VM-Marketing set them to Normal.
n Ensure that the Marketing virtual machine has a certain amount of guaranteed CPU resources. You can
do so using a reservation setting.
Procedure
1 Start the vSphere Client and connect to a vCenter Server.
2 Right-click VM-QA, the virtual machine for which you want to change shares, and select Edit Settings.
3 Select the Resources and In the CPU panel, select High from the Shares drop-down menu.
4 In the Memory panel, select High from the Shares drop-down menu.
5 Click OK.
6 Right-click the marketing virtual machine (VM-Marketing) and select Edit Settings.
7 In the CPU panel, change the value in the Reservation field to the desired number.
8 Click OK.
If you select the cluster’s Resource Allocation tab and click CPU, you should see that shares for VM-QA are
twice that of the other virtual machine. Also, because the virtual machines have not been powered on, the
Reservation Used fields have not changed.
Viewing Resource Allocation Information

Using the vSphere Client, you can select a cluster, resource pool, standalone host, or a virtual machine in the
inventory panel and view how its resources are being allocated by clicking the Resource Allocation tab.
This information can then be used to help inform your resource management decisions.
Cluster Resource Allocation Tab

The Resource Allocation tab is available when you select a cluster from the inventory panel.
The Resource Allocation tab displays information about the CPU and memory resources in the cluster.
VMware, Inc. 11
CPU Section
The following information about CPU resource allocation is shown:
Table 1-2. CPU Resource Allocation

Field Description
Total Capacity Guaranteed CPU allocation, in megahertz (MHz), reserved for this object.
Reserved Capacity Number of megahertz (MHz) of the reserved allocation that this object is using.
Available Capacity Number of megahertz (MHz) not reserved.
Memory Section
The following information about memory resource allocation is shown:
Table 1-3. Memory Resource Allocation

Field Description
Total Capacity Guaranteed memory allocation, in megabytes (MB), for this object.
Reserved Capacity Number of megabytes (MB) of the reserved allocation that this object is using.
Overhead Reservation The amount of the “Reserved Capacity” field that is being reserved for
virtualization overhead.
Available Capacity Number of megabytes (MB) not reserved.
NOTE Reservations for the root resource pool of a cluster that is enabled for VMware HA might be larger than
the sum of the explicitly-used resources in the cluster. These reservations not only reflect the reservations for
the running virtual machines and the hierarchically-contained (child) resource pools in the cluster, but also
the reservations needed to support VMware HA failover. See the vSphere Availability Guide.
The Resource Allocation tab also displays a chart showing the resource pools and virtual machines in the DRS
cluster with the following CPU or memory usage information. To view CPU or memory information, click the
CPU button or Memory button, respectively.
Table 1-4. CPU or Memory Usage Information

Field Description
Name Name of the object.
Reservation - MHz Guaranteed minimum CPU allocation, in megahertz (MHz), reserved for this object.
Reservation - MB Guaranteed minimum memory allocation, in megabytes (MB), for this object.
Limit - MHz Maximum amount of CPU the object can use.
Limit - MB Maximum amount of memory the object can use.
Shares A relative metric for allocating CPU or memory capacity. The values Low, Normal, High, and
Custom are compared to the sum of all shares of all virtual machines in the enclosing resource
pool.
Shares Value Actual value based on resource and object settings.
% Shares Percentage of cluster resources assigned to this object.
Worst Case Allocation The amount of (CPU or memory) resource that is allocated to the virtual machine based on user-
configured resource allocation policies (for example, reservation, shares and limit), and with the
assumption that all virtual machines in the cluster consume their full amount of allocated
resources. The values for this field must be updated manually by pressing the F5 key.
Type Type of reserved CPU or memory allocation, either Expandable or Fixed.
12 VMware, Inc.
Virtual Machine Resource Allocation Tab

A Resource Allocation tab is available when you select a virtual machine from the inventory panel.
This Resource Allocation tab displays information about the CPU and memory resources for the selected
virtual machine.
CPU Section
These bars display the following information about host CPU usage:
Table 1-5. Host CPU

Field Description
Consumed Actual consumption of CPU resources by the virtual machine.
Active Estimated amount of resources consumed by virtual machine if there is no resource contention. If
you have set an explicit limit, this amount does not exceed that limit.
Table 1-6. Resource Settings

Field Description
Reservation Guaranteed minimum CPU allocation for this virtual machine.
Limit Maximum CPU allocation for this virtual machine.
Shares CPU shares for this virtual machine.
Worst Case The amount of (CPU or memory) resource that is allocated to the virtual machine based on user-
Allocation configured resource allocation policies (for example, reservation, shares and limit), and with the
assumption that all virtual machines in the cluster consume their full amount of allocated resources.
Memory Section
These bars display the following information about host memory usage:
Table 1-7. Host Memory

Field Description
Consumed Actual consumption of physical memory that has been allocated to the virtual machine.
Overhead Amount of consumed memory being used for virtualization purposes. Overhead Consumption is
Consumption included in the amount shown in Consumed.
These bars display the following information about guest memory usage:
Table 1-8. Guest Memory

Field Description
Private Amount of memory backed by host memory and not being shared.
Shared Amount of memory being shared.
Swapped Amount of memory reclaimed by swapping.
Ballooned Amount of memory reclaimed by ballooning.
Unaccessed Amount of memory never referenced by the guest.
Active Amount of memory recently accessed.
VMware, Inc. 13
Table 1-9. Resource Settings

Field Description
Reservation Guaranteed memory allocation for this virtual machine.
Limit Upper limit for this virtual machine’s memory allocation.
Shares Memory shares for this virtual machine.
Configured User-specified guest physical memory size.
Worst Case The amount of (CPU or memory) resource that is allocated to the virtual machine based on user-
Allocation configured resource allocation policies (for example, reservation, shares and limit), and with the
assumption that all virtual machines in the cluster consume their full amount of allocated resources.
Overhead The amount of memory that is being reserved for virtualization overhead.
Reservation
Admission Control
When you power on a virtual machine, the system checks the amount of CPU and memory resources that have
not yet been reserved. Based on the available unreserved resources, the system determines whether it can
guarantee the reservation for which the virtual machine is configured (if any). This process is called admission
control.
If enough unreserved CPU and memory are available, or if there is no reservation, the virtual machine is
powered on. Otherwise, an Insufficient Resources warning appears.
NOTE In addition to the user-specified memory reservation, for each virtual machine there is also an amount
of overhead memory. This extra memory commitment is included in the admission control calculation.
When the VMware DPM feature is enabled, hosts might be placed in standby mode (that is, powered off) to
reduce power consumption. The unreserved resources provided by these hosts are considered available for
admission control. If a virtual machine cannot be powered on without these resources, a recommendation to
power on sufficient standby hosts is made.
14 VMware, Inc.
Managing CPU Resources 2
ESX/ESXi hosts support CPU virtualization.
When you utilize CPU virtualization, you should understand how it works, its different types, and processor-
specific behavior. Also, you need to be aware of the performance implications of CPU virtualization.

n “CPU Virtualization Basics,” on page 15
n “Administering CPU Resources,” on page 16
CPU Virtualization Basics

CPU virtualization emphasizes performance and runs directly on the processor whenever possible. The
underlying physical resources are used whenever possible and the virtualization layer runs instructions only
as needed to make virtual machines operate as if they were running directly on a physical machine.
CPU virtualization is not the same thing as emulation. With emulation, all operations are run in software by
an emulator. A software emulator allows programs to run on a computer system other than the one for which
they were originally written. The emulator does this by emulating, or reproducing, the original computer’s
behavior by accepting the same data or inputs and achieving the same results. Emulation provides portability
and runs software designed for one platform across several platforms.
When CPU resources are overcommitted, the ESX/ESXi host time-slices the physical processors across all
virtual machines so each virtual machine runs as if it has its specified number of virtual processors. When an
ESX/ESXi host runs multiple virtual machines, it allocates to each virtual machine a share of the physical
resources. With the default resource allocation settings, all virtual machines associated with the same host
receive an equal share of CPU per virtual CPU. This means that a single-processor virtual machines is assigned
only half of the resources of a dual-processor virtual machine.
Software-Based CPU Virtualization

With software-based CPU virtualization, the guest application code runs directly on the processor, while the
guest privileged code is translated and the translated code executes on the processor.
The translated code is slightly larger and usually executes more slowly than the native version. As a result,
guest programs, which have a small privileged code component, run with speeds very close to native. Programs
with a significant privileged code component, such as system calls, traps, or page table updates can run slower
in the virtualized environment.
VMware, Inc. 15
Hardware-Assisted CPU Virtualization

Certain processors (such as Intel VT and AMD SVM) provide hardware assistance for CPU virtualization.
When using this assistance, the guest can use a separate mode of execution called guest mode. The guest code,
whether application code or privileged code, runs in the guest mode. On certain events, the processor exits
out of guest mode and enters root mode. The hypervisor executes in the root mode, determines the reason for
the exit, takes any required actions, and restarts the guest in guest mode.
When you use hardware assistance for virtualization, there is no need to translate the code. As a result, system
calls or trap-intensive workloads run very close to native speed. Some workloads, such as those involving
updates to page tables, lead to a large number of exits from guest mode to root mode. Depending on the number
of such exits and total time spent in exits, this can slow down execution significantly.
Virtualization and Processor-Specific Behavior

Although VMware software virtualizes the CPU, the virtual machine detects the specific model of the processor
on which it is running.
Processor models might differ in the CPU features they offer, and applications running in the virtual machine
®
can make use of these features. Therefore, it is not possible to use VMotion to migrate virtual machines
between systems running on processors with different feature sets. You can avoid this restriction, in some
cases, by using Enhanced VMotion Compatibility (EVC) with processors that support this feature. See Basic
System Administration for more information.
Performance Implications of CPU Virtualization

CPU virtualization adds varying amounts of overhead depending on the workload and the type of
virtualization used.
An application is CPU-bound if it spends most of its time executing instructions rather than waiting for external
events such as user interaction, device input, or data retrieval. For such applications, the CPU virtualization
overhead includes the additional instructions that must be executed. This overhead takes CPU processing time
that the application itself can use. CPU virtualization overhead usually translates into a reduction in overall
performance.
For applications that are not CPU-bound, CPU virtualization likely translates into an increase in CPU use. If
spare CPU capacity is available to absorb the overhead, it can still deliver comparable performance in terms
of overall throughput.
ESX/ESXi supports up to eight virtual processors (CPUs) for each virtual machine.
NOTE Deploy single-threaded applications on uniprocessor virtual machines, instead of on SMP virtual
machines, for the best performance and resource use.
Single-threaded applications can take advantage only of a single CPU. Deploying such applications in dual-
processor virtual machines does not speed up the application. Instead, it causes the second virtual CPU to use
physical resources that other virtual machines could otherwise use.
Administering CPU Resources

You can configure virtual machines with one or more virtual processors, each with its own set of registers and
control structures.
When a virtual machine is scheduled, its virtual processors are scheduled to run on physical processors. The
VMkernel Resource Manager schedules the virtual CPUs on physical CPUs, thereby managing the virtual
machine’s access to physical CPU resources. ESX/ESXi supports virtual machines with up to eight virtual
processors.
16 VMware, Inc.
Chapter 2 Managing CPU Resources
View Processor Information

You can access information about current CPU configuration through the vSphere Client or using the vSphere
SDK.
Procedure
1 In the vSphere Client, select the host and click the Configuration tab.
2 Select Processors.
You can view the information about the number and type of physical processors and the number of logical
processors.
NOTE In hyperthreaded systems, each hardware thread is a logical processor. For example, a dual-core
processor with hyperthreading enabled has two cores and four logical processors.
3 (Optional) You can also disable or enable hyperthreading by clicking Properties.
Specifying CPU Configuration

You can specify CPU configuration to improve resource management. However, if you do not customize CPU
configuration, the ESX/ESXi host uses defaults that work well in most situations.
You can specify CPU configuration in the following ways:

n Use the attributes and special features available through the vSphere Client. The vSphere Client graphical
user interface (GUI) allows you to connect to an ESX/ESXi host or a vCenter Server system.
n Use advanced settings under certain circumstances.
n Use the vSphere SDK for scripted CPU allocation.
n Use hyperthreading.
Multicore Processors
Multicore processors provide many advantages for an ESX/ESXi host performing multitasking of virtual
machines.
Intel and AMD have each developed processors which combine two or more processor cores into a single
integrated circuit (often called a package or socket). VMware uses the term socket to describe a single package
which can have one or more processor cores with one or more logical processors in each core.
A dual-core processor, for example, can provide almost double the performance of a single-core processor, by
allowing two virtual CPUs to execute at the same time. Cores within the same processor are typically
configured with a shared last-level cache used by all cores, potentially reducing the need to access slower main
memory. A shared memory bus that connects a physical processor to main memory can limit performance of
its logical processors if the virtual machines running on them are running memory-intensive workloads which
compete for the same memory bus resources.
Each logical processor of each processor core can be used independently by the ESX CPU scheduler to execute
virtual machines, providing capabilities similar to SMP systems. For example, a two-way virtual machine can
have its virtual processors running on logical processors that belong to the same core, or on logical processors
on different physical cores.
The ESX CPU scheduler can detect the processor topology and the relationships between processor cores and
the logical processors on them. It uses this information to schedule virtual machines and optimize performance.
VMware, Inc. 17
The ESX CPU scheduler can interpret processor topology, including the relationship between sockets, cores,
and logical processors. The scheduler uses topology information to optimize the placement of virtual CPUs
onto different sockets to maximize overall cache utilization, and to improve cache affinity by minimizing
virtual CPU migrations.
In undercommitted systems, the ESX CPU scheduler spreads load across all sockets by default. This improves
performance by maximizing the aggregate amount of cache available to the running virtual CPUs. As a result,
the virtual CPUs of a single SMP virtual machine are spread across multiple sockets (unless each socket is also
a NUMA node, in which case the NUMA scheduler restricts all the virtual CPUs of the virtual machine to
reside on the same socket.)
In some cases, such as when an SMP virtual machine exhibits significant data sharing between its virtual CPUs,
this default behavior might be sub-optimal. For such workloads, it can be beneficial to schedule all of the virtual
CPUs on the same socket, with a shared last-level cache, even when the ESX/ESXi host is undercommitted. In
such scenarios, you can override the default behavior of spreading virtual CPUs across packages by including
the following configuration option in the virtual machine's .vmx configuration file:
sched.cpu.vsmpConsolidate="TRUE".
Hyperthreading
Hyperthreading technology allows a single physical processor core to behave like two logical processors. The
processor can run two independent applications at the same time. To avoid confusion between logical and
physical processors, Intel refers to a physical processor as a socket, and the discussion in this chapter uses that
terminology as well.
Intel Corporation developed hyperthreading technology to enhance the performance of its Pentium IV and
Xeon processor lines. Hyperthreading technology allows a single processor core to execute two independent
threads simultaneously.
While hyperthreading does not double the performance of a system, it can increase performance by better
utilizing idle resources leading to greater throughput for certain important workload types. An application
running on one logical processor of a busy core can expect slightly more than half of the throughput that it
obtains while running alone on a non-hyperthreaded processor. Hyperthreading performance improvements
are highly application-dependent, and some applications might see performance degradation with
hyperthreading because many processor resources (such as the cache) are shared between logical processors.
NOTE On processors with Intel Hyper-Threading technology, each core can have two logical processors which
share most of the core's resources, such as memory caches and functional units. Such logical processors are
usually called threads.
Many processors do not support hyperthreading and as a result have only one thread per core. For such
processors, the number of cores also matches the number of logical processors. The following processors
support hyperthreading and have two threads per core.
n Processors based on the Intel Xeon 5500 processor microarchitecture.
n Intel Pentium 4 (HT-enabled)
n Intel Pentium EE 840 (HT-enabled)
Hyperthreading and ESX/ESXi Hosts

An ESX/ESXi host enabled for hyperthreading should behave similarly to a host without hyperthreading. You
might need to consider certain factors if you enable hyperthreading, however.
ESX/ESXi hosts manage processor time intelligently to guarantee that load is spread smoothly across processor
cores in the system. Logical processors on the same core have consecutive CPU numbers, so that CPUs 0 and
1 are on the first core together, CPUs 2 and 3 are on the second core, and so on. Virtual machines are
preferentially scheduled on two different cores rather than on two logical processors on the same core.
18 VMware, Inc.
If there is no work for a logical processor, it is put into a halted state, which frees its execution resources and
allows the virtual machine running on the other logical processor on the same core to use the full execution
resources of the core. The VMware scheduler properly accounts for this halt time, and charges a virtual machine
running with the full resources of a core more than a virtual machine running on a half core. This approach to
processor management ensures that the server does not violate any of the standard ESX/ESXi resource
allocation rules.
Consider your resource management needs before you enable CPU affinity on hosts using hyperthreading.
For example, if you bind a high priority virtual machine to CPU 0 and another high priority virtual machine
to CPU 1, the two virtual machines have to share the same physical core. In this case, it can be impossible to
meet the resource demands of these virtual machines. Ensure that any custom affinity settings make sense for
a hyperthreaded system.
Enable Hyperthreading
To enable hyperthreading you must first enable it in your system's BIOS settings and then turn it on in the
vSphere Client. Hyperthreading is enabled by default.
Some Intel processors, for example Xeon 5500 processors or those based on the P4 microarchitecture, support
hyperthreading. Consult your system documentation to determine whether your CPU supports
hyperthreading. ESX/ESXi cannot enable hyperthreading on a system with more than 32 physical cores,
because ESX/ESXi has a logical limit of 64 CPUs.
Procedure
1 Ensure that your system supports hyperthreading technology.
2 Enable hyperthreading in the system BIOS.
Some manufacturers label this option Logical Processor, while others call it Enable Hyperthreading.
3 Make sure that you turn on hyperthreading for your ESX/ESXi host.
a In the vSphere Client, select the host and click the Configuration tab.
b Select Processors and click Properties.
c In the dialog box, you can view hyperthreading status and turn hyperthreading off or on (default).
Hyperthreading is now enabled.
Set Hyperthreading Sharing Options for a Virtual Machine

You can specify how the virtual CPUs of a virtual machine can share physical cores on a hyperthreaded system.
Two virtual CPUs share a core if they are running on logical CPUs of the core at the same time. You can set
this for individual virtual machines.
Procedure
1 In the vSphere Client inventory panel, right-click the virtual machine and select Edit Settings.
2 Click the Resources tab, and click Advanced CPU.
3 Select a hyperthreading mode for this virtual machine from the Mode drop-down menu.
Hyperthreaded Core Sharing Options
You can set the Hyperthreaded Core Sharing Mode for a virtual machine using the vSphere Client.
You have the following choices for this mode.
VMware, Inc. 19
Table 2-1. Hyperthreaded Core Sharing Modes

Option Description
Any The default for all virtual machines on a hyperthreaded system. The virtual CPUs of a virtual machine
with this setting can freely share cores with other virtual CPUs from this or any other virtual machine at
any time.
None Virtual CPUs of a virtual machine should not share cores with each other or with virtual CPUs from other
virtual machines. That is, each virtual CPU from this virtual machine should always get a whole core to
itself, with the other logical CPU on that core being placed into the halted state.
Internal This option is similar to none. Virtual CPUs from this virtual machine cannot share cores with virtual
CPUs from other virtual machines. They can share cores with the other virtual CPUs from the same virtual
machine.
You can select this option only for SMP virtual machines. If applied to a uniprocessor virtual machine,
the system changes this option to none.
These options have no effect on fairness or CPU time allocation. Regardless of a virtual machine’s
hyperthreading settings, it still receives CPU time proportional to its CPU shares, and constrained by its CPU
reservation and CPU limit values.
For typical workloads, custom hyperthreading settings should not be necessary. The options can help in case
of unusual workloads that interact badly with hyperthreading. For example, an application with cache
thrashing problems might slow down an application sharing its physical core. You can place the virtual
machine running the application in the none or internal hyperthreading status to isolate it from other virtual
machines.
If a virtual CPU has hyperthreading constraints that do not allow it to share a core with another virtual CPU,
the system might deschedule it when other virtual CPUs are entitled to consume processor time. Without the
hyperthreading constraints, you can schedule both virtual CPUs on the same core.
The problem becomes worse on systems with a limited number of cores (per virtual machine). In such cases,
there might be no core to which the virtual machine that is descheduled can be migrated. As a result, virtual
machines with hyperthreading set to none or internal can experience performance degradation, especially on
systems with a limited number of cores.
Quarantining
In certain rare circumstances, an ESX/ESXi host might detect that an application is interacting badly with the
Pentium IV hyperthreading technology (this does not apply to systems based on the Intel Xeon 5500 processor
microarchitecture). In such cases, quarantining, which is transparent to the user, might be necessary.
Certain types of self-modifying code, for example, can disrupt the normal behavior of the Pentium IV trace
cache and can lead to substantial slowdowns (up to 90 percent) for an application sharing a core with the
problematic code. In those cases, the ESX/ESXi host quarantines the virtual CPU running this code and places
its virtual machine in the none or internal mode, as appropriate.
Set the Cpu.MachineClearThreshold advanced setting for the host to 0 to disable quarantining.
Using CPU Affinity

By specifying a CPU affinity setting for each virtual machine, you can restrict the assignment of virtual
machines to a subset of the available processors in multiprocessor systems. By using this feature, you can assign
each virtual machine to processors in the specified affinity set.
In this context, the term CPU refers to a logical processor on a hyperthreaded system, but refers to a core on a
non-hyperthreaded system.
The CPU affinity setting for a virtual machine applies not only to all of the virtual CPUs associated with the
virtual machine, but also to all other threads (also known as worlds) associated with the virtual machine. Such
virtual machine threads perform processing required for emulating mouse, keyboard, screen, CD-ROM and
miscellaneous legacy devices.
20 VMware, Inc.
In some cases, such as display-intensive workloads, significant communication might occur between the virtual
CPUs and these other virtual machine threads. Performance might degrade if the virtual machine's affinity
setting prevents these additional threads from being scheduled concurrently with the virtual machine's virtual
CPUs (for example, a uniprocessor virtual machine with affinity to a single CPU, or a two-way SMP virtual
machine with affinity to only two CPUs).
For the best performance, when you use manual affinity settings, VMware recommends that you include at
least one additional physical CPU in the affinity setting to allow at least one of the virtual machine's threads
to be scheduled at the same time as its virtual CPUs (for example, a uniprocessor virtual machine with affinity
to at least two CPUs or a two-way SMP virtual machine with affinity to at least three CPUs).
NOTE CPU affinity specifies virtual machine-to-processor placement constraints and is different from the
affinity based on DRS rules, which specifies virtual machine-to-virtual machine host placement constraints.
Assign a Virtual Machine to a Specific Processor

Using CPU affinity, you can assign a virtual machine to a specific processor. This allows you to restrict the
assignment of virtual machines to a specific available processor in multiprocessor systems.
Procedure
1 In the vSphere Client inventory panel, select a virtual machine and select Edit Settings.
2 Select the Resources tab and select Advanced CPU.
3 Click the Run on processor(s) button.
4 Select the processors on which you want the virtual machine to run and click OK.
Potential Issues with CPU Affinity

Before you use CPU affinity, you might need to consider certain issues.
Potential issues with CPU affinity include:

n For multiprocessor systems, ESX/ESXi systems perform automatic load balancing. Avoid manual
specification of virtual machine affinity to improve the scheduler’s ability to balance load across
processors.
n Affinity can interfere with the ESX/ESXi host’s ability to meet the reservation and shares specified for a
virtual machine.
n Because CPU admission control does not consider affinity, a virtual machine with manual affinity settings
might not always receive its full reservation.
Virtual machines that do not have manual affinity settings are not adversely affected by virtual machines
with manual affinity settings.
n When you move a virtual machine from one host to another, affinity might no longer apply because the
new host might have a different number of processors.
n The NUMA scheduler might not be able to manage a virtual machine that is already assigned to certain
processors using affinity.
n Affinity can affect an ESX/ESXi host's ability to schedule virtual machines on multicore or hyperthreaded
processors to take full advantage of resources shared on such processors.
VMware, Inc. 21
CPU Power Management

To improve CPU power efficiency, you can configure your ESX/ESXi hosts to dynamically switch CPU
frequencies based on workload demands. This type of power management is called Dynamic Voltage and
Frequency Scaling (DVFS). It uses processor performance states (P-states) made available to the VMkernel
through an ACPI interface.
ESX/ESXi supports the Enhanced Intel SpeedStep and Enhanced AMD PowerNow! CPU power management
technologies. For the VMkernel to take advantage of the power management capabilities provided by these
technologies, you might need to first enable power management, sometimes referred to as Demand-Based
Switching (DBS), in the BIOS.
To set the CPU power management policy, use the advanced host attribute Power.CpuPolicy. This attribute
setting is saved in the host configuration and can be used again at boot time, but it can be changed at any time
and does not require a server reboot. You can set this attribute to the following values.
static The default. The VMkernel can detect power management features available
on the host but does not actively use them unless requested by the BIOS for
power capping or thermal events.
dynamic The VMkernel optimizes each CPU's frequency to match demand in order to
improve power efficiency but not affect performance. When CPU demand
increases, this policy setting ensures that CPU frequencies also increase.
22 VMware, Inc.
Managing Memory Resources 3
All modern operating systems provide support for virtual memory, allowing software to use more memory
than the machine physically has. Similarly, the ESX/ESXi hypervisor provides support for overcommitting
virtual machine memory, where the amount of guest memory configured for all virtual machines might be
larger than the amount of physical host memory.
If you intend to use memory virtualization, you should understand how ESX/ESXi hosts allocate, tax, and
reclaim memory. Also, you need to be aware of the memory overhead incurred by virtual machines.

n “Memory Virtualization Basics,” on page 23
n “Administering Memory Resources,” on page 26
Memory Virtualization Basics

Before you manage memory resources, you should understand how they are being virtualized and used by
ESX/ESXi.
The VMkernel manages all machine memory. (An exception to this is the memory that is allocated to the service
console in ESX.) The VMkernel dedicates part of this managed machine memory for its own use. The rest is
available for use by virtual machines. Virtual machines use machine memory for two purposes: each virtual
machine requires its own memory and the VMM requires some memory and a dynamic overhead memory for
its code and data.
The virtual memory space is divided into blocks, typically 4KB, called pages. The physical memory is also
divided into blocks, also typically 4KB. When physical memory is full, the data for virtual pages that are not
present in physical memory are stored on disk. ESX/ESXi also provides support for large pages (2 MB). See
“Advanced Memory Attributes,” on page 98.
Virtual Machine Memory

Each virtual machine consumes memory based on its configured size, plus additional overhead memory for
virtualization.
Configured Size
The configured size is a construct maintained by the virtualization layer for the virtual machine. It is the amount
of memory that is presented to the guest operating system, but it is independent of the amount of physical
RAM that is allocated to the virtual machine, which depends on the resource settings (shares, reservation, limit)
explained below.
VMware, Inc. 23
For example, consider a virtual machine with a configured size of 1GB. When the guest operating system boots,
it detects that it is running on a dedicated machine with 1GB of physical memory. The actual amount of physical
host memory allocated to the virtual machine depends on its memory resource settings and memory contention
on the ESX/ESXi host. In some cases, the virtual machine might be allocated the full 1GB. In other cases, it
might receive a smaller allocation. Regardless of the actual allocation, the guest operating system continues to
behave as though it is running on a dedicated machine with 1GB of physical memory.
Shares Specify the relative priority for a virtual machine if more than the reservation
is available.
Reservation Is a guaranteed lower bound on the amount of physical memory that the host
reserves for the virtual machine, even when memory is overcommitted. Set the
reservation to a level that ensures the virtual machine has sufficient memory
to run efficiently, without excessive paging.
After a virtual machine has accessed its full reservation, it is allowed to retain
that amount of memory and this memory is not reclaimed, even if the virtual
machine becomes idle. For example, some guest operating systems (for
example, Linux) might not access all of the configured memory immediately
after booting. Until the virtual machines accesses its full reservation, VMkernel
can allocate any unused portion of its reservation to other virtual machines.
However, after the guest’s workload increases and it consumes its full
reservation, it is allowed to keep this memory.
Limit Is an upper bound on the amount of physical memory that the host can allocate
to the virtual machine. The virtual machine’s memory allocation is also
implicitly limited by its configured size.
Overhead memory includes space reserved for the virtual machine frame
buffer and various virtualization data structures.
Memory Overcommitment
For each running virtual machine, the system reserves physical memory for the virtual machine’s reservation
(if any) and for its virtualization overhead.
Because of the memory management techniques the ESX/ESXi host uses, your virtual machines can use more
memory than the physical machine (the host) has available. For example, you can have a host with 2GB memory
and run four virtual machines with 1GB memory each. In that case, the memory is overcommitted.
Overcommitment makes sense because, typically, some virtual machines are lightly loaded while others are
more heavily loaded, and relative activity levels vary over time.
To improve memory utilization, the ESX/ESXi host transfers memory from idle virtual machines to virtual
machines that need more memory. Use the Reservation or Shares parameter to preferentially allocate memory
to important virtual machines. This memory remains available to other virtual machines if it is not in use.
Memory Sharing
Many workloads present opportunities for sharing memory across virtual machines.
For example, several virtual machines might be running instances of the same guest operating system, have
the same applications or components loaded, or contain common data. ESX/ESXi systems use a proprietary
page-sharing technique to securely eliminate redundant copies of memory pages.
With memory sharing, a workload consisting of multiple virtual machines often consumes less memory than
it would when running on physical machines. As a result, the system can efficiently support higher levels of
overcommitment.
24 VMware, Inc.
Chapter 3 Managing Memory Resources
The amount of memory saved by memory sharing depends on workload characteristics. A workload of many
nearly identical virtual machines might free up more than thirty percent of memory, while a more diverse
workload might result in savings of less than five percent of memory.
Software-Based Memory Virtualization

ESX/ESXi virtualizes guest physical memory by adding an extra level of address translation.
n The VMM for each virtual machine maintains a mapping from the guest operating system's physical
memory pages to the physical memory pages on the underlying machine. (VMware refers to the
underlying host physical pages as “machine” pages and the guest operating system’s physical pages as
“physical” pages.)
Each virtual machine sees a contiguous, zero-based, addressable physical memory space. The underlying
machine memory on the server used by each virtual machine is not necessarily contiguous.
n The VMM intercepts virtual machine instructions that manipulate guest operating system memory
management structures so that the actual memory management unit (MMU) on the processor is not
updated directly by the virtual machine.
n The ESX/ESXi host maintains the virtual-to-machine page mappings in a shadow page table that is kept
up to date with the physical-to-machine mappings (maintained by the VMM).
n The shadow page tables are used directly by the processor's paging hardware.
This approach to address translation allows normal memory accesses in the virtual machine to execute without
adding address translation overhead, after the shadow page tables are set up. Because the translation look-
aside buffer (TLB) on the processor caches direct virtual-to-machine mappings read from the shadow page
tables, no additional overhead is added by the VMM to access the memory.
Performance Considerations
The use of two-page tables has these performance implications.
n No overhead is incurred for regular guest memory accesses.
n Additional time is required to map memory within a virtual machine, which might mean:
n The virtual machine operating system is setting up or updating virtual address to physical address
mappings.
n The virtual machine operating system is switching from one address space to another (context switch).
n Like CPU virtualization, memory virtualization overhead depends on workload.
Hardware-Assisted Memory Virtualization

Some CPUs, such as AMD SVM-V and the Intel Xeon 5500 series, provide hardware support for memory
virtualization by using two layers of page tables.
The first layer of page tables stores guest virtual-to-physical translations, while the second layer of page tables
stores guest physical-to-machine translation. The TLB (translation look-aside buffer) is a cache of translations
maintained by the processor's memory management unit (MMU) hardware. A TLB miss is a miss in this cache
and the hardware needs to go to memory (possibly many times) to find the required translation. For a TLB
miss to a certain guest virtual address, the hardware looks at both page tables to translate guest virtual address
to host physical address.
The diagram in Figure 3-1 illustrates the ESX/ESXi implementation of memory virtualization.
VMware, Inc. 25
Figure 3-1. ESX/ESXi Memory Mapping

virtual machine virtual machine
1 2
a b c b guest virtual memory
a b b c guest physical memory
a b b c machine memory
n The boxes represent pages, and the arrows show the different memory mappings.
n The arrows from guest virtual memory to guest physical memory show the mapping maintained by the
page tables in the guest operating system. (The mapping from virtual memory to linear memory for x86-
architecture processors is not shown.)
n The arrows from guest physical memory to machine memory show the mapping maintained by the VMM.
n The dashed arrows show the mapping from guest virtual memory to machine memory in the shadow
page tables also maintained by the VMM. The underlying processor running the virtual machine uses the
shadow page table mappings.
Because of the extra level of memory mapping introduced by virtualization, ESX/ESXi can effectively manage
memory across all virtual machines. Some of the physical memory of a virtual machine might be mapped to
shared pages or to pages that are unmapped, or swapped out.
An ESX/ESXi host performs virtual memory management without the knowledge of the guest operating system
and without interfering with the guest operating system’s own memory management subsystem.
Performance Considerations
When you use hardware assistance, you eliminate the overhead for software memory virtualization. In
particular, hardware assistance eliminates the overhead required to keep shadow page tables in
synchronization with guest page tables. However, the TLB miss latency when using hardware assistance is
significantly higher. As a result, whether or not a workload benefits by using hardware assistance primarily
depends on the overhead the memory virtualization causes when using software memory virtualization. If a
workload involves a small amount of page table activity (such as process creation, mapping the memory, or
context switches), software virtualization does not cause significant overhead. Conversely, workloads with a
large amount of page table activity are likely to benefit from hardware assistance.
Administering Memory Resources

Using the vSphere Client you can view information about and make changes to memory allocation settings.
To administer your memory resources effectively, you must also be familiar with memory overhead, idle
memory tax, and how ESX/ESXi hosts reclaim memory.
When administering memory resources, you can specify memory allocation. If you do not customize memory
allocation, the ESX/ESXi host uses defaults that work well in most situations.
You can specify memory allocation in several ways.

n Use the attributes and special features available through the vSphere Client. The vSphere Client GUI
allows you to connect to an ESX/ESXi host or a vCenter Server system.
n Use advanced settings.
n Use the vSphere SDK for scripted memory allocation.
26 VMware, Inc.
View Memory Allocation Information

You can use the vSphere Client to view information about current memory allocations.
You can view the information about the total memory and memory available to virtual machines. In ESX, you
can also view memory assigned to the service console.
Procedure
2 Click Memory.
You can view the information shown in “Host Memory Information,” on page 27.
Host Memory Information

The vSphere Client shows information about host memory allocation.
The host memory fields are discussed in Table 3-1.
Table 3-1. Host Memory Information

Field Description
Total Total physical memory for this host.
System Memory used by the ESX/ESXi system.

ESX/ESXi uses at least 50MB of system memory for the VMkernel, and additional memory for
device drivers. This memory is allocated when the ESX/ESXi is loaded and is not configurable.
The actual required memory for the virtualization layer depends on the number and type of PCI
(peripheral component interconnect) devices on a host. Some drivers need 40MB, which almost
doubles base system memory.
The ESX/ESXi host also attempts to keep some memory free at all times to handle dynamic
allocation requests efficiently. ESX/ESXi sets this level at approximately six percent of the memory
available for running virtual machines.
An ESXi host uses additional system memory for management agents that run in the service
console of an ESX host.
Virtual Machines Memory used by virtual machines running on the selected host.
Most of the host’s memory is used for running virtual machines. An ESX/ESXi host manages the
allocation of this memory to virtual machines based on administrative parameters and system
load.
The amount of physical memory the virtual machines can use is always less than what is in the
physical host because the virtualization layer takes up some resources. For example, a host with
a dual 3.2GHz CPU and 2GB of memory might make 6GHz of CPU power and 1.5GB of memory
available for use by virtual machines.
Service Console Memory reserved for the service console.

Click Properties to change how much memory is available for the service console. This field
appears only in ESX. ESXi does not provide a service console.
Understanding Memory Overhead

Virtualization of memory resources has some associated overhead.
ESX/ESXi virtual machines can incur two kinds of memory overhead.

n The additional time to access memory within a virtual machine.
n The extra space needed by the ESX/ESXi host for its own code and data structures, beyond the memory
allocated to each virtual machine.
VMware, Inc. 27
ESX/ESXi memory virtualization adds little time overhead to memory accesses. Because the processor's paging
hardware uses page tables (shadow page tables for software-based approach or nested page tables for
hardware-assisted approach) directly, most memory accesses in the virtual machine can execute without
address translation overhead.
The memory space overhead has two components.

n A fixed, system-wide overhead for the VMkernel and (for ESX only) the service console.
n Additional overhead for each virtual machine.
For ESX, the service console typically uses 272MB and the VMkernel uses a smaller amount of memory. The
amount depends on the number and size of the device drivers that are being used.
Overhead memory includes space reserved for the virtual machine frame buffer and various virtualization
data structures, such as shadow page tables. Overhead memory depends on the number of virtual CPUs and
the configured memory for the guest operating system.
ESX/ESXi also provides optimizations such as memory sharing to reduce the amount of physical memory used
on the underlying server. These optimizations can save more memory than is taken up by the overhead.
Overhead Memory on Virtual Machines

Virtual machines incur overhead memory. You should be aware of the amount of this overhead.
Table 3-2 lists the overhead memory (in MB) for each number of VCPUs.
Table 3-2. Overhead Memory on Virtual Machines

Memory
(MB) 1 VCPU 2 VCPUs 3 VCPUs 4 VCPUs 5 VCPUs 6 VCPUs 7 VCPUs 8 VCPUs
256 113.17 159.43 200.53 241.62 293.15 334.27 375.38 416.50
512 116.68 164.96 206.07 247.17 302.75 343.88 385.02 426.15
1024 123.73 176.05 217.18 258.30 322.00 363.17 404.34 445.52
2048 137.81 198.20 239.37 280.53 360.46 401.70 442.94 484.18
4096 165.98 242.51 283.75 324.99 437.37 478.75 520.14 561.52
8192 222.30 331.12 372.52 413.91 591.20 632.86 674.53 716.19
16384 334.96 508.34 550.05 591.76 900.44 942.98 985.52 1028.07
32768 560.27 863.41 906.06 948.71 1515.75 1559.42 1603.09 1646.76
65536 1011.21 1572.29 1616.19 1660.09 2746.38 2792.30 2838.22 2884.14
131072 1912.48 2990.05 3036.46 3082.88 5220.24 5273.18 5326.11 5379.05
262144 3714.99 5830.60 5884.53 5938.46 10142.83 10204.79 10266.74 10328.69
How ESX/ESXi Hosts Allocate Memory

An ESX/ESXi host allocates the memory specified by the Limit parameter to each virtual machine unless
memory is overcommitted. An ESX/ESXi host never allocates more memory to a virtual machine than its
specified physical memory size.
For example, a 1GB virtual machine might have the default limit (unlimited) or a user-specified limit (for
example 2GB). In both cases, the ESX/ESXi host never allocates more than 1GB, the physical memory size that
was specified for it.
When memory is overcommitted, each virtual machine is allocated an amount of memory somewhere between
what is specified by Reservation and what is specified by Limit. The amount of memory granted to a virtual
machine above its reservation usually varies with the current memory load.
28 VMware, Inc.
An ESX/ESXi host determines allocations for each virtual machine based on the number of shares allocated to
it and an estimate of its recent working set size.
n Shares — ESX/ESXi hosts use a modified proportional-share memory allocation policy. Memory shares
entitle a virtual machine to a fraction of available physical memory.
n Working set size —ESX/ESXi hosts estimate the working set for a virtual machine by monitoring memory
activity over successive periods of virtual machine execution time. Estimates are smoothed over several
time periods using techniques that respond rapidly to increases in working set size and more slowly to
decreases in working set size.
This approach ensures that a virtual machine from which idle memory is reclaimed can ramp up quickly
to its full share-based allocation when it starts using its memory more actively.
Memory activity is monitored to estimate the working set sizes for a default period of 60 seconds. To
modify this default , adjust the Mem.SamplePeriod advanced setting. See “Set Advanced Host Attributes,”
on page 97.
Memory Tax for Idle Virtual Machines

If a virtual machine is not actively using all of its currently allocated memory, ESX/ESXi charges more for idle
memory than for memory that is in use. This is done to help prevent virtual machines from hoarding idle
memory.
The idle memory tax is applied in a progressive fashion. The effective tax rate increases as the ratio of idle
memory to active memory for the virtual machine rises. (In earlier versions of ESX which did not support
hierarchical resource pools, all idle memory for a virtual machine was taxed equally).
The Mem.IdleTax advanced setting allows you to modify the idle memory tax rate. Use this option, together
with the Mem.SamplePeriod advanced attribute, to control how the system determines target memory
allocations for virtual machines. See “Set Advanced Host Attributes,” on page 97.
NOTE In most cases, changes to Mem.IdleTax are not necessary or even appropriate.
Memory Reclamation
ESX/ESXi hosts can reclaim memory from virtual machines.
An ESX/ESXi host allocates the amount of memory specified by a reservation directly to a virtual machine.
Anything beyond the reservation is allocated using the host's physical resources or, when physical resources
are not available, handled using special techniques such as ballooning or swapping. Hosts can use two
techniques for dynamically expanding or contracting the amount of memory allocated to virtual machines.
n ESX/ESXi systems use a memory balloon driver (vmmemctl), loaded into the guest operating system
running in a virtual machine. See “Memory Balloon Driver,” on page 29.
n ESX/ESXi systems page from a virtual machine to a server swap file without any involvement by the guest
operating system. Each virtual machine has its own swap file.
Memory Balloon Driver

The memory balloon driver (vmmemctl) collaborates with the server to reclaim pages that are considered least
valuable by the guest operating system. The driver uses a proprietary ballooning technique that provides
predictable performance which closely matches the behavior of a native system under similar memory
constraints. This technique increases or decreases memory pressure on the guest operating system, causing
the guest to use its own native memory management algorithms. When memory is tight, the guest operating
system determines which pages to reclaim and, if necessary, swaps them to its own virtual disk. See
Figure 3-2.
VMware, Inc. 29
Figure 3-2. Memory Ballooning in the Guest Operating System
memory
swap space
memory
swap space
memory
NOTE You must configure the guest operating system with sufficient swap space. Some guest operating
systems have additional limitations.
If necessary, you can limit the amount of memory vmmemctl reclaims by setting the sched.mem.maxmemctl
parameter for a specific virtual machine. This option specifies the maximum amount of memory that can be
reclaimed from a virtual machine in megabytes (MB). See “Set Advanced Virtual Machine Attributes,” on
page 99.
Using Swap Files

You can specify the location of your swap file, reserve swap space when memory is overcommitted, and delete
a swap file.
ESX/ESXi hosts use swapping to forcibly reclaim memory from a virtual machine when the vmmemctl driver is
not available or is not responsive.
n It was never installed.
n It is explicitly disabled.
n It is not running (for example, while the guest operating system is booting).
n It is temporarily unable to reclaim memory quickly enough to satisfy current system demands.
n It is functioning properly, but maximum balloon size is reached.
Standard demand-paging techniques swap pages back in when the virtual machine needs them.
NOTE For optimum performance, ESX/ESXi hosts use the ballooning approach (implemented by the vmmemctl
driver) whenever possible. Swapping is a reliable mechanism of last resort that a host uses only when necessary
to reclaim memory.
30 VMware, Inc.
Swap File Location
By default, the swap file is created in the same location as the virtual machine's configuration file.
A swap file is created by the ESX/ESXi host when a virtual machine is powered on. If this file cannot be created,
the virtual machine cannot power on. Instead of accepting the default, you can also:
n Use per-virtual machine configuration options to change the datastore to another shared storage location.
n Use host-local swap, which allows you to specify a datastore stored locally on the host. This allows you
to swap at a per-host level, saving space on the SAN. However, it can lead to a slight degradation in
performance for VMware VMotion because pages swapped to a local swap file on the source host must
be transferred across the network to the destination host.
Enable Host-Local Swap for a DRS Cluster
Host-local swap allows you to specify a datastore stored locally on the host as the swap file location. You can
enable host-local swap for a DRS cluster.
Procedure
1 Right-click the cluster in the vSphere Client inventory panel and click Edit Settings.
2 In the left pane of the cluster Settings dialog box, click Swapfile Location.
3 Select the Store the swapfile in the datastore specified by the host option and click OK.
4 Select one of the cluster’s hosts in the vSphere Client inventory panel and click the Configuration tab.
5 Select Virtual Machine Swapfile Location.
6 Click the Swapfile Datastore tab.
7 From the list provided, select the local datastore to use and click OK.
8 Repeat Step 4 through Step 7 for each host in the cluster.
Host-local swap is now enabled for the DRS cluster.
Enable Host-Local Swap for a Standalone Host
Host-local swap allows you to specify a datastore stored locally on the host as the swap file location. You can
enable host-local swap for a standalone host.
Procedure
1 Select the host in the vSphere Client inventory panel and click the Configuration tab.
2 Select Virtual Machine Swapfile Location.
3 In the Swapfile location tab of the Virtual Machine Swapfile Location dialog box, select Store the swapfile
in the swapfile datastore.
4 Click the Swapfile Datastore tab.
5 From the list provided, select the local datastore to use and click OK.
Host-local swap is now enabled for the standalone host.
Swap Space and Memory Overcommitment
You must reserve swap space for any unreserved virtual machine memory (the difference between the
reservation and the configured memory size) on per-virtual machine swap files.
This swap reservation is required to ensure that the ESX/ESXi host is able to preserve virtual machine memory
under any circumstances. In practice, only a small fraction of the host-level swap space might be used.
VMware, Inc. 31
If you are overcommitting memory with ESX/ESXi, to support the intra-guest swapping induced by ballooning,
ensure that your guest operating systems also have sufficient swap space. This guest-level swap space must
be greater than or equal to the difference between the virtual machine’s configured memory size and its
Reservation.
CAUTION If memory is overcommitted, and the guest operating system is configured with insufficient swap
space, the guest operating system in the virtual machine can fail.
To prevent virtual machine failure, increase the size of the swap space in your virtual machines.
n Windows guest operating systems— Windows operating systems refer to their swap space as paging files.
Some Windows operating systems try to increase the size of paging files automatically, if there is sufficient
free disk space.
See your Microsoft Windows documentation or search the Windows help files for “paging files.” Follow
the instructions for changing the size of the virtual memory paging file.
n Linux guest operating system — Linux operating systems refer to their swap space as swap files. For
information on increasing swap files, see the following Linux man pages:
n mkswap — Sets up a Linux swap area.
n swapon — Enables devices and files for paging and swapping.
Guest operating systems with a lot of memory and small virtual disks (for example, a virtual machine with
8GB RAM and a 2GB virtual disk) are more susceptible to having insufficient swap space.
Delete Swap Files
If an ESX/ESXi host fails, and that host had running virtual machines that were using swap files, those swap
files continue to exist and take up disk space even after the ESX/ESXi host restarts. These swap files can consume
many gigabytes of disk space so ensure that you delete them properly.
Procedure
1 Restart the virtual machine that was on the host that failed.
2 Stop the virtual machine.
The swap file for the virtual machine is deleted.
Sharing Memory Across Virtual Machines

Many ESX/ESXi workloads present opportunities for sharing memory across virtual machines (as well as
within a single virtual machine).
the same applications or components loaded, or contain common data. In such cases, an ESX/ESXi host uses a
proprietary transparent page sharing technique to securely eliminate redundant copies of memory pages. With
memory sharing, a workload running in virtual machines often consumes less memory than it would when
running on physical machines. As a result, higher levels of overcommitment can be supported efficiently.
Use the Mem.ShareScanTime and Mem.ShareScanGHz advanced settings to control the rate at which the system
scans memory to identify opportunities for sharing memory.
You can also disable sharing for individual virtual machines by setting the sched.mem.pshare.enable option to
FALSE (this option defaults to TRUE). See “Set Advanced Virtual Machine Attributes,” on page 99.
ESX/ESXi memory sharing runs as a background activity that scans for sharing opportunities over time. The
amount of memory saved varies over time. For a fairly constant workload, the amount generally increases
slowly until all sharing opportunities are exploited.
32 VMware, Inc.
To determine the effectiveness of memory sharing for a given workload, try running the workload, and use
resxtop or esxtop to observe the actual savings. Find the information in the PSHARE field of the interactive mode
in the Memory page.
Measuring and Differentiating Types of Memory Usage

The Performance tab of the vSphere Client displays a number of metrics that can be used to analyze memory
usage.
Some of these memory metrics measure guest physical memory while other metrics measure machine memory.
For instance, two types of memory usage that you can examine using performance metrics are guest physical
memory and machine memory. You measure guest physical memory using the Memory Granted metric (for
a virtual machine) or Memory Shared (for an ESX/ESXi host). To measure machine memory, however, use
Memory Consumed (for a virtual machine) or Memory Shared Common (for an ESX/ESXi host). Understanding
the conceptual difference between these types of memory usage is important for knowing what these metrics
are measuring and how to interpret them.
The VMkernel maps guest physical memory to machine memory, but they are not always mapped one-to-one.
Multiple regions of guest physical memory might be mapped to the same region of machine memory (in the
case of memory sharing) or specific regions of guest physical memory might not be mapped to machine
memory (when the VMkernel swaps out or balloons guest physical memory). In these situations, calculations
of guest physical memory usage and machine memory usage for an individual virtual machine or an ESX/ESXi
host differ.
Consider the example in the following figure. Two virtual machines are running on an ESX/ESXi host. Each
block represents 4 KB of memory and each color/letter represents a different set of data on a block.
Figure 3-3. Memory Usage Example

virtual machine virtual machine
1 2
a b c a c b d f e guest virtual memory
a b a c c b d f e guest physical memory
a b c d e f machine memory
The performance metrics for the virtual machines can be determined as follows:
n To determine Memory Granted (the amount of guest physical memory that is mapped to machine
memory) for virtual machine 1, count the number of blocks in virtual machine 1's guest physical memory
that have arrows to machine memory and multiply by 4 KB. Since there are five blocks with arrows,
Memory Granted would be 20 KB.
n Memory Consumed is the amount of machine memory allocated to the virtual machine, accounting for
savings from shared memory. First, count the number of blocks in machine memory that have arrows
from virtual machine 1's guest physical memory. There are three such blocks, but one block is shared with
virtual machine 2. So count two full blocks plus half of the third and multiply by 4 KB for a total of 10 KB
Memory Consumed.
The important difference between these two metrics is that Memory Granted counts the number of blocks with
arrows at the guest physical memory level and Memory Consumed counts the number of blocks with arrows
at the machine memory level. The number of blocks differs between the two levels due to memory sharing
and so Memory Granted and Memory Consumed differ. This is not problematic and shows that memory is
being saved through sharing or other reclamation techniques.
VMware, Inc. 33
A similar result is obtained when determining Memory Shared and Memory Shared Common for the ESX/
ESXi host.
n Memory Shared for the host is the sum of each virtual machine's Memory Shared. Calculate this by looking
at each virtual machine's guest physical memory and counting the number of blocks that have arrows to
machine memory blocks that themselves have more than one arrow pointing at them. There are six such
blocks in the example, so Memory Shared for the host is 24 KB.
n Memory Shared Common is the amount of machine memory that is shared by virtual machines. To
determine this, look at the machine memory and count the number of blocks that have more than one
arrow pointing at them. There are three such blocks, so Memory Shared Common is 12 KB.
Memory Shared is concerned with guest physical memory and looks at the origin of the arrows. Memory
Shared Common, however, deals with machine memory and looks at the destination of the arrows.
The memory metrics that measure guest physical memory and machine memory might appear contradictory.
In fact, they are measuring different aspects of a virtual machine's memory usage. By understanding the
differences between these metrics, you can better utilize them to diagnose performance issues.
34 VMware, Inc.
Managing Resource Pools 4
A resource pool is a logical abstraction for flexible management of resources. Resource pools can be grouped
into hierarchies and used to hierarchically partition available CPU and memory resources.
Each standalone host and each DRS cluster has an (invisible) root resource pool that groups the resources of
that host or cluster. The root resource pool is not displayed because the resources of the host (or cluster) and
the root resource pool are always the same.
Users can create child resource pools of the root resource pool or of any user-created child resource pool. Each
child resource pool owns some of the parent’s resources and can, in turn, have a hierarchy of child resource
pools to represent successively smaller units of computational capability.
A resource pool can contain child resource pools, virtual machines, or both. You can create a hierarchy of
shared resources. The resource pools at a higher level are called parent resource pools. Resource pools and
virtual machines that are at the same level are called siblings. The cluster itself represents the root resource
pool. If you do not create child resource pools, only the root resource pools exist.
In Figure 4-1, RP-QA is the parent resource pool for RP-QA-UI. RP-Marketing and RP-QA are siblings. The
three virtual machines immediately below RP-Marketing are also siblings.
Figure 4-1. Parents, Children, and Siblings in Resource Pool Hierarchy
root resource pool siblings
siblings
parent resource pool
child resource pool
For each resource pool, you specify reservation, limit, shares, and whether the reservation should be
expandable. The resource pool resources are then available to child resource pools and virtual machines.

n “Why Use Resource Pools?,” on page 36
n “Create Resource Pools,” on page 37
n “Add Virtual Machines to a Resource Pool,” on page 38
n “Removing Virtual Machines from a Resource Pool,” on page 39
n “Resource Pool Admission Control,” on page 39
VMware, Inc. 35
Why Use Resource Pools?

Resource pools allow you to delegate control over resources of a host (or a cluster), but the benefits are evident
when you use resource pools to compartmentalize all resources in a cluster. Create multiple resource pools as
direct children of the host or cluster and configure them. You can then delegate control over the resource pools
to other individuals or organizations.
Using resource pools can result in the following benefits.

n Flexible hierarchical organization—Add, remove, or reorganize resource pools or change resource
allocations as needed.
n Isolation between pools, sharing within pools—Top-level administrators can make a pool of resources
available to a department-level administrator. Allocation changes that are internal to one departmental
resource pool do not unfairly affect other unrelated resource pools.
n Access control and delegation—When a top-level administrator makes a resource pool available to a
department-level administrator, that administrator can then perform all virtual machine creation and
management within the boundaries of the resources to which the resource pool is entitled by the current
shares, reservation, and limit settings. Delegation is usually done in conjunction with permissions settings.
n Separation of resources from hardware—If you are using clusters enabled for DRS, the resources of all
hosts are always assigned to the cluster. That means administrators can perform resource management
independently of the actual hosts that contribute to the resources. If you replace three 2GB hosts with two
3GB hosts, you do not need to make changes to your resource allocations.
This separation allows administrators to think more about aggregate computing capacity and less about
individual hosts.
n Management of sets of virtual machines running a multitier service— Group virtual machines for a
multitier service in a resource pool. You do not need to set resources on each virtual machine. Instead,
you can control the aggregate allocation of resources to the set of virtual machines by changing settings
on their enclosing resource pool.
For example, assume a host has a number of virtual machines. The marketing department uses three of the
virtual machines and the QA department uses two virtual machines. Because the QA department needs larger
amounts of CPU and memory, the administrator creates one resource pool for each group. The administrator
sets CPU Shares to High for the QA department pool and to Normal for the Marketing department pool so
that the QA department users can run automated tests. The second resource pool with fewer CPU and memory
resources is sufficient for the lighter load of the marketing staff. Whenever the QA department is not fully
using its allocation, the marketing department can use the available resources.
This scenario is shown in Figure 4-2. The numbers show the effective allocations to the resource pools.
Figure 4-2. Allocating Resources to Resource Pools
ESX/ESXi
host
6GHz, 3GB
RP-
RP-QA 4GHz, 2GB Marketing 2GHz, 1GB
VM-QA 1 VM-QA 2 VM-Marketing 1 VM-Marketing 2 VM-Marketing 3
36 VMware, Inc.
Chapter 4 Managing Resource Pools
Create Resource Pools

You can create a child resource pool of any ESX/ESXi host, resource pool, or DRS cluster.
NOTE If a host has been added to a cluster, you cannot create child resource pools of that host. You can create
child resource pools of the cluster if the cluster is enabled for DRS.
When you create a child resource pool, you are prompted for resource pool attribute information. The system
uses admission control to make sure you cannot allocate resources that are not available.
Procedure
1 Select the intended parent and select File > New > Resource Pool (or click New Resource Pool in the
Commands panel of the Summary tab).
2 In the Create Resource Pool dialog box, provide the required information for your resource pool.
3 After you have made all selections, click OK.
vCenter Server creates the resource pool and displays it in the inventory panel. A yellow triangle appears
if any of the selected values are not legal values because of limitations on total available CPU and memory.
After a resource pool has been created, you can add virtual machines to it. A virtual machine’s shares are
relative to other virtual machines (or resource pools) with the same parent resource pool.
Resource Pool Attributes

You can use resource allocation settings to manage a resource pool.
Table 4-1 is a summary of the attributes that you can specify for a resource pool.
Table 4-1. Resource Pool Attributes

Field Description
Name Name of the new resource pool.
Shares Number of CPU or memory shares the resource pool has with respect to the parent’s total.
Sibling resource pools share resources according to their relative share values bounded
by the reservation and limit. You can select Low, Normal, or High, or select Custom to
specify a number that assigns a share value.
Reservation Guaranteed CPU or memory allocation for this resource pool. A nonzero reservation is
subtracted from the unreserved resources of the parent (host or resource pool). The
resources are considered reserved, regardless of whether virtual machines are associated
with the resource pool. Defaults to 0.
Expandable Reservation Indicates whether expandable reservations are considered during admission control. If
you power on a virtual machine in this resource pool, and the reservations of the virtual
machines combined are larger than the reservation of the resource pool, the resource pool
can use resources from its parent or ancestors if this check box is selected (the default).
Limit Upper limit for the amount of CPU or memory the host makes available to this resource
pool. Default is Unlimited. To specify a limit, deselect the Unlimited check box.
VMware, Inc. 37
Resource Pool Creation Example

This procedure example demonstrates how you can create a resource pool with the ESX/ESXi host as the parent
resource.
Assume that you have an ESX/ESXi host that provides 6GHz of CPU and 3GB of memory that must be shared
between your marketing and QA departments. You also want to share the resources unevenly, giving one
department (QA) a higher priority. This can be accomplished by creating a resource pool for each department
and using the Shares attribute to prioritize the allocation of resources.
The example procedure demonstrates how to create a resource pool, with the ESX/ESXi host as the parent
resource.
Procedure
1 In the Create Resource Pool dialog box, type a name for the QA department’s resource pool (for example,
RP-QA).
2 Specify Shares of High for the CPU and memory resources of RP-QA.
3 Create a second resource pool, RP-Marketing.
Leave Shares at Normal for CPU and memory.
4 Click OK to exit.
If there is resource contention, RP-QA receives 4GHz and 2GB of memory, and RP-Marketing 2GHz and 1GB.
Otherwise, they can receive more than this allotment. Those resources are then available to the virtual machines
in the respective resource pools.
Change Resource Pool Attributes

After a resource pool is created, you can change its attributes.
Procedure
1 Select the resource pool in the vSphere Client inventory panel.
2 In the Summary tab Command panel, select Edit Settings.
3 In the Edit Settings dialog box, you can change all attributes of the selected resource pool.
Add Virtual Machines to a Resource Pool

When you create a virtual machine, the New Virtual Machine wizard allows you to specify a resource pool
location as part of the creation process. You can also add an existing virtual machine to a resource pool.
When you move a virtual machine to a new resource pool:

n The virtual machine’s reservation and limit do not change.
n If the virtual machine’s shares are high, medium, or low, %Shares adjusts to reflect the total number of
shares in use in the new resource pool.
38 VMware, Inc.
n If the virtual machine has custom shares assigned, the share value is maintained.
NOTE Because share allocations are relative to a resource pool, you might have to manually change a
virtual machine’s shares when you move it into a resource pool so that the virtual machine’s shares are
consistent with the relative values in the new resource pool. A warning appears if a virtual machine would
receive a very large (or very small) percentage of total shares.
n The information displayed in the Resource Allocation tab about the resource pool’s reserved and
unreserved CPU and memory resources changes to reflect the reservations associated with the virtual
machine (if any).
NOTE If a virtual machine has been powered off or suspended, it can be moved but overall available
resources (such as reserved and unreserved CPU and memory) for the resource pool are not affected.
Procedure
1 Select the preexisting virtual machine from any location in the inventory.
The virtual machine can be associated with a standalone host, a cluster, or a different resource pool.
2 Drag the virtual machine (or machines) to the resource pool object you want.
If a virtual machine is powered on, and the destination resource pool does not have enough CPU or memory
to guarantee the virtual machine’s reservation, the move fails because admission control does not allow it. An
error dialog box explains the situation. The error dialog box compares available and requested resources, so
you can consider whether an adjustment might resolve the issue.
Removing Virtual Machines from a Resource Pool

You can remove a virtual machine from a resource pool either by moving the virtual machine to another
resource pool or deleting it.
Moving a Virtual Machine to a Different Resource Pool

You can drag the virtual machine to another resource pool. You do not need to power off a virtual machine if
you only move it.
When you remove a virtual machine from a resource pool, the total number of shares associated with the
resource pool decreases, so that each remaining share represents more resources. For example, assume you
have a pool that is entitled to 6GHz, containing three virtual machines with shares set to Normal. Assuming
the virtual machines are CPU-bound, each gets an equal allocation of 2GHz. If one of the virtual machines is
moved to a different resource pool, the two remaining virtual machines each receive an equal allocation of
3GHz.
Removing a Virtual Machine from the Inventory or Deleting it from the Disk
Right-click the virtual machine and click Remove from Inventory or Delete from Disk.
You need to power off the virtual machine before you can completely remove it.
Resource Pool Admission Control

When you power on a virtual machine in a resource pool, or try to create a child resource pool, the system
performs additional admission control to ensure the resource pool’s restrictions are not violated.
Before you power on a virtual machine or create a resource pool, check the CPU Unreserved and memory
Unreserved fields in the resource pool’s Resource Allocation tab to determine whether sufficient resources
are available.
VMware, Inc. 39
How Unreserved CPU and memory are computed and whether actions are performed depends on the
Reservation Type.
Table 4-2. Reservation Types

Reservation Type Description
Fixed The system checks whether the selected resource pool has sufficient unreserved resources.
If it does, the action can be performed. If it does not, a message appears and the action
cannot be performed.
Expandable The system considers the resources available in the selected resource pool and its direct
(default) parent resource pool. If the parent resource pool also has the Expandable Reservation
option selected, it can borrow resources from its parent resource pool. Borrowing resources
occurs recursively from the ancestors of the current resource pool as long as the
Expandable Reservation option is selected. Leaving this option selected offers more
flexibility, but, at the same time provides less protection. A child resource pool owner
might reserve more resources than you anticipate.
The system does not allow you to violate preconfigured Reservation or Limit settings. Each time you
reconfigure a resource pool or power on a virtual machine, the system validates all parameters so all service-
level guarantees can still be met.
Expandable Reservations Example 1

This example shows you how a resource pool with expandable reservations works.
Assume an administrator manages pool P, and defines two child resource pools, S1 and S2, for two different
users (or groups).
The administrator knows that users want to power on virtual machines with reservations, but does not know
how much each user will need to reserve. Making the reservations for S1 and S2 expandable allows the
administrator to more flexibly share and inherit the common reservation for pool P.
Without expandable reservations, the administrator needs to explicitly allocate S1 and S2 a specific amount.
Such specific allocations can be inflexible, especially in deep resource pool hierarchies and can complicate
setting reservations in the resource pool hierarchy.
Expandable reservations cause a loss of strict isolation. S1 can start using all of P's reservation, so that no
memory or CPU is directly available to S2.
Expandable Reservations Example 2

This example shows how a resource pool with expandable reservations works.
Assume the following scenario (shown in Figure 4-3).

n Parent pool RP-MOM has a reservation of 6GHz and one running virtual machine VM-M1 that reserves
1GHz.
n You create a child resource pool RP-KID with a reservation of 2GHz and with Expandable Reservation
selected.
n You add two virtual machines, VM-K1 and VM-K2, with reservations of 2GHz each to the child resource
pool and try to power them on.
n VM-K1 can reserve the resources directly from RP-KID (which has 2GHz).
n No local resources are available for VM-K2, so it borrows resources from the parent resource pool, RP-
MOM. RP-MOM has 6GHz minus 1GHz (reserved by the virtual machine) minus 2GHz (reserved by RP-
KID), which leaves 3GHz unreserved. With 3GHz available, you can power on the 2GHz virtual machine.
40 VMware, Inc.
Figure 4-3. Admission Control with Expandable Resource Pools: Successful Power-On
6GHz RP-MOM
VM-M1, 1GHz
2GHz RP-KID
VM-K1, 2GHz VM-K2, 2GHz
Now, consider another scenario with VM-M1 and VM-M2 (shown in Figure 4-4):
n Power on two virtual machines in RP-MOM with a total reservation of 3GHz.
n You can still power on VM-K1 in RP-KID because 2GHz are available locally.
n When you try to power on VM-K2, RP-KID has no unreserved CPU capacity so it checks its parent. RP-
MOM has only 1GHz of unreserved capacity available (5GHz of RP-MOM are already in use—3GHz
reserved by the local virtual machines and 2GHz reserved by RP-KID). As a result, you cannot power on
VM-K2, which requires a 2GHz reservation.
Figure 4-4. Admission Control with Expandable Resource Pools: Power-On Prevented
6GHz RP-MOM
VM-M1, 1GHz VM-M2, 2GHz
2GHz RP-KID
VM-K1, 2GHz VM-K2, 2GHz
VMware, Inc. 41
42 VMware, Inc.
Creating a DRS Cluster 5
A DRS cluster is a collection of ESX/ESXi hosts and associated virtual machines with shared resources and a
shared management interface. Before you can obtain the benefits of cluster-level resource management you
must create a DRS cluster.
When you add a host to a DRS cluster, the host’s resources become part of the cluster’s resources. In addition
to this aggregation of resources, with a DRS cluster you can support cluster-wide resource pools and enforce
cluster-level resource allocation policies. The following cluster-level resource management capabilities are also
available.
n Load Balancing — The distribution and usage of CPU and memory resources for all hosts and virtual
machines in the cluster are continuously monitored. DRS compares these metrics to an ideal resource
utilization given the attributes of the cluster’s resource pools and virtual machines, the current demand,
and the imbalance target. It then performs (or recommends) virtual machine migrations accordingly. See
“Virtual Machine Migration,” on page 45. When you first power on a virtual machine in the cluster, DRS
attempts to maintain proper load balancing by either placing the virtual machine on an appropriate host
or making a recommendation. See “Admission Control and Initial Placement,” on page 44.
n Power management— When the VMware Distributed Power Management feature is enabled, DRS
compares cluster- and host-level capacity to the demands of the cluster’s virtual machines, including recent
historical demand. It places (or recommends placing) hosts in standby power mode if sufficient excess
capacity is found or powering on hosts if capacity is needed. Depending on the resulting host power state
recommendations, virtual machines might need to be migrated to and from the hosts as well. See
“Managing Power Resources,” on page 60.
n DRS Rules—You can control the placement of virtual machines on hosts within a cluster, by assigning
DRS (affinity or anti-affinity) rules. See “Using DRS Rules,” on page 51.

n “Admission Control and Initial Placement,” on page 44
n “Virtual Machine Migration,” on page 45
n “DRS Cluster Prerequisites,” on page 47
n “Create a DRS Cluster,” on page 48
n “Set a Custom Automation Level for a Virtual Machine,” on page 49
n “Disable DRS,” on page 50
VMware, Inc. 43
Admission Control and Initial Placement

When you attempt to power on a single virtual machine or a group of virtual machines in a DRS-enabled
cluster, vCenter Server performs admission control. It checks that there are enough resources in the cluster to
support the virtual machine(s).
If the cluster does not have sufficient resources to power on a single virtual machine, or any of the virtual
machines in a group power-on attempt, a message appears. Otherwise, for each virtual machine, DRS generates
a recommendation of a host on which to run the virtual machine and takes one of the following actions
n Automatically executes the placement recommendation.
n Displays the placement recommendation, which the user can then choose to accept or override.
NOTE No initial placement recommendations are given for virtual machines on standalone hosts or in
non-DRS clusters. When powered on, they are placed on the host where they currently reside.
For more information about DRS recommendations and applying them, see “DRS Recommendations Page,”
on page 67.
Single Virtual Machine Power On

In a DRS cluster, you can power on a single virtual machine and receive initial placement recommendations.
When you power on a single virtual machine, you have two types of initial placement recommendations:
n A single virtual machine is being powered on and no prerequisite steps are needed.
The user is presented with a list of mutually exclusive initial placement recommendations for the virtual
machine. You can select only one.
n A single virtual machine is being powered on, but prerequisite actions are required.
These actions include powering on a host in standby mode or the migration of other virtual machines from
one host to another. In this case, the recommendations provided have multiple lines, showing each of the
prerequisite actions. The user can either accept this entire recommendation or cancel powering on the
virtual machine.
Group Power On
You can attempt to power on multiple virtual machines at the same time (group power on).
Virtual machines selected for a group power-on attempt do not have to be in the same DRS cluster. They can
be selected across clusters but must be within the same datacenter. It is also possible to include virtual machines
located in non-DRS clusters or on standalone hosts. These are powered on automatically and not included in
any initial placement recommendation.
The initial placement recommendations for group power-on attempts are provided on a per-cluster basis. If
all of the placement-related actions for a group power-on attempt are in automatic mode, the virtual machines
are powered on with no initial placement recommendation given. If placement-related actions for any of the
virtual machines are in manual mode, the powering on of all of the virtual machines (including those that are
in automatic mode) is manual and is included in an initial placement recommendation.
For each DRS cluster that the virtual machines being powered on belong to, there is a single recommendation,
which contains all of the prerequisites (or no recommendation). All such cluster-specific recommendations are
presented together under the Power On Recommendations tab.
When a nonautomatic group power-on attempt is made, and virtual machines not subject to an initial
placement recommendation (that is, those on standalone hosts or in non-DRS clusters) are included, vCenter
Server attempts to power them on automatically. If these power ons are successful, they are listed under the
Started Power-Ons tab. Any virtual machines that fail to power on are listed under the Failed Power-Ons tab.
44 VMware, Inc.
Chapter 5 Creating a DRS Cluster
Group Power-On Example

The user selects three virtual machines in the same datacenter for a group power-on attempt. The first two
virtual machines (VM1 and VM2) are in the same DRS cluster (Cluster1), while the third virtual machine (VM3)
is on a standalone host. VM1 is in automatic mode and VM2 is in manual mode. For this scenario, the user is
presented with an initial placement recommendation for Cluster1 (under the Power On Recommendations
tab) which consists of actions for powering on VM1 and VM2. An attempt is made to power on VM3
automatically and, if successful, it is listed under the Started Power-Ons tab. If this attempt fails, it is listed
under the Failed Power-Ons tab.
Virtual Machine Migration

Although DRS performs initial placements so that load is balanced across the cluster, changes in virtual
machine load and resource availability can cause the cluster to become unbalanced. To correct such imbalances,
DRS generates migration recommendations.
If DRS is enabled on the cluster, load can be distributed more uniformly to reduce the degree of this imbalance.
For example, see Figure 5-1. The three hosts on the left side of this figure are unbalanced. Assume that Host 1,
Host 2, and Host 3 have identical capacity, and all virtual machines have the same configuration and load
(which includes reservation, if set). However, because Host 1 has six virtual machines, its resources might be
overused while ample resources are available on Host 2 and Host 3. DRS migrates (or recommends the
migration of) virtual machines from Host 1 to Host 2 and Host 3. On the right side of the diagram, the properly
load balanced configuration of the hosts that results is displayed.
Figure 5-1. Load Balancing
VM1 VM2 VM3 VM1 VM2 VM3
VM4 VM5 VM6

Host 1 Host 1
VM7 VM7 VM4 VM5
Host 2 Host 2
VM8 VM9 VM8 VM9 VM6
Host 3 Host 3
VMware, Inc. 45
When a cluster becomes unbalanced, DRS makes recommendations or migrates virtual machines, depending
on the default automation level:
n If the cluster or any of the virtual machines involved are manual or partially automated, vCenter Server
does not take automatic actions to balance resources. Instead, the Summary page indicates that migration
recommendations are available and the DRS Recommendations page displays recommendations for
changes that make the most efficient use of resources across the cluster.
n If the cluster and virtual machines involved are all fully automated, vCenter Server migrates running
virtual machines between hosts as needed to ensure efficient use of cluster resources.
NOTE Even in an automatic migration setup, users can explicitly migrate individual virtual machines, but
vCenter Server might move those virtual machines to other hosts to optimize cluster resources.
By default, automation level is specified for the whole cluster. You can also specify a custom automation level
for individual virtual machines.
DRS Migration Threshold

The DRS migration threshold allows you to specify which recommendations are generated and then applied
(when the virtual machines involved in the recommendation are in fully automated mode) or shown (if in
manual mode). This threshold is also a measure of how much cluster imbalance across host (CPU and memory)
loads is acceptable.
You can move the threshold slider to use one of five settings, ranging from Conservative to Aggressive. The
five migration settings generate recommendations based on their assigned priority level. Each setting you
move the slider to the right allows the inclusion of one more lower level of priority. The Conservative setting
generates only priority-one recommendations (mandatory recommendations), the next level to the right
generates priority-two recommendations and higher, and so on, down to the Aggressive level which generates
priority-five recommendations and higher (that is, all recommendations.)
A priority level for each migration recommendation is computed using the load imbalance metric of the cluster.
This metric is displayed as Current host load standard deviation in the cluster's Summary tab in the vSphere
Client. A higher load imbalance leads to higher-priority migration recommendations. For more information
about this metric and how a recommendation priority level is calculated, see the VMware Knowledge Base
article "Calculating the priority level of a VMware DRS migration recommendation."
After a recommendation receives a priority level, this level is compared to the migration threshold you set. If
the priority level is less than or equal to the threshold setting, the recommendation is either applied (if the
relevant virtual machines are in fully automated mode) or displayed to the user for confirmation (if in manual
or partially automated mode.)
Migration Recommendations
If you create a cluster with a default manual or partially automated mode, vCenter Server displays migration
recommendations on the DRS Recommendations page.
The system supplies as many recommendations as necessary to enforce rules and balance the resources of the
cluster. Each recommendation includes the virtual machine to be moved, current (source) host and destination
host, and a reason for the recommendation. The reason can be one of the following:
n Balance average CPU loads or reservations.
n Balance average memory loads or reservations.
n Satisfy resource pool reservations.
46 VMware, Inc.
n Satisfy DRS (affinity or anti-affinity) rule.

n Host is entering maintenance mode or standby mode.
NOTE If you are using the VMware Distributed Power Management feature, in addition to migration
recommendations, DRS provides host power state recommendations.
DRS Cluster Prerequisites

Any host that is added to a DRS cluster must meet certain prerequisites to use cluster features successfully.
Shared Storage
Ensure that the managed hosts use shared storage. Shared storage is typically on a storage area network (SAN)
but can also be implemented using NAS shared storage.
See the iSCSI SAN Configuration Guide and the Fibre Channel SAN Configuration Guide for additional information
on SAN and the ESX Configuration Guide or ESXi Configuration Guide for information on other shared storage.
Shared VMFS Volume

Configure all managed hosts to use shared VMFS volumes.
n Place the disks of all virtual machines on VMFS volumes that are accessible by source and destination
hosts.
n Set access mode for the shared VMFS to public.
n Ensure the VMFS volume is sufficiently large to store all virtual disks for your virtual machines.
n Ensure all VMFS volumes on source and destination hosts use volume names, and all virtual machines
use those volume names for specifying the virtual disks.
NOTE Virtual machine swap files also need to be on a VMFS accessible to source and destination hosts (just
like .vmdk virtual disk files). This requirement no longer applies if all source and destination hosts are ESX
Server 3.5 or higher and using host-local swap. In that case, VMotion with swap files on unshared storage is
supported. Swap files are placed on a VMFS by default, but administrators might override the file location
using advanced virtual machine configuration options.
Processor Compatibility
To avoid limiting the capabilities of DRS, you should maximize the processor compatibility of source and
destination hosts in the cluster.
VMotion transfers the running architectural state of a virtual machine between underlying ESX/ESXi hosts.
VMotion compatibility means that the processors of the destination host must be able to resume execution
using the equivalent instructions where the processors of the source host were suspended. Processor clock
speeds and cache sizes might vary, but processors must come from the same vendor class (Intel versus AMD)
and same processor family to be compatible for migration with VMotion.
Processor families such as Xeon MP and Opteron are defined by the processor vendors. You can distinguish
different processor versions within the same family by comparing the processors’ model, stepping level, and
extended features.
In some cases, processor vendors have introduced significant architectural changes within the same processor
family (such as 64-bit extensions and SSE3). VMware identifies these exceptions if it cannot guarantee
successful migration with VMotion.
VMware, Inc. 47
vCenter Server provides features that help ensure that virtual machines migrated with VMotion meet processor
compatibility requirements. These features include:
n Enhanced VMotion Compatibility (EVC) – You can use EVC to help ensure VMotion compatibility for the
hosts in a cluster. EVC ensures that all hosts in a cluster present the same CPU feature set to virtual
machines, even if the actual CPUs on the hosts differ. This prevents migrations with VMotion from failing
due to incompatible CPUs.
Configure EVC from the Cluster Settings dialog box. The hosts in a cluster must meet certain requirements
for the cluster to use EVC. For more information on EVC and EVC requirements, see Basic System
Administration.
n CPU compatibility masks – vCenter Server compares the CPU features available to a virtual machine with
the CPU features of the destination host to determine whether to allow or disallow migrations with
VMotion. By applying CPU compatibility masks to individual virtual machines, you can hide certain CPU
features from the virtual machine and potentially prevent migrations with VMotion from failing due to
incompatible CPUs.
VMotion Requirements
To enable the use of DRS migration recommendations, the hosts in your cluster must be part of a VMotion
network. If the hosts are not in the VMotion network, DRS can still make initial placement recommendations.
To be configured for VMotion, each host in the cluster must meet the following requirements:
n The virtual machine configuration file for ESX/ESXi hosts must reside on a VMware Virtual Machine File
System (VMFS).
n VMotion does not support raw disks or migration of applications clustered using Microsoft Cluster Service
(MSCS).
n VMotion requires a private Gigabit Ethernet migration network between all of the VMotion enabled
managed hosts. When VMotion is enabled on a managed host, configure a unique network identity object
for the managed host and connect it to the private migration network.
Create a DRS Cluster

Create a DRS cluster using the New Cluster wizard in the vSphere Client.
Prerequisites
You can create a cluster without a special license, but you must have a license to enable a cluster for DRS (or
VMware HA).
Procedure
1 Right-click a datacenter or folder in the vSphere Client and select New Cluster.
2 Name the Cluster in the Name field.
This name appears in the vSphere Client inventory panel.
3 Enable the DRS feature by clicking the VMware DRS box.
You can also enable the VMware HA feature by clicking VMware HA.
4 Click Next.
48 VMware, Inc.
5 Select a default automation level for DRS.
Initial Placement Migration
Recommended host(s) is Migration recommendation is displayed.

Manual displayed.
Partially Automated Automatic placement. Migration recommendation is displayed.
Fully Automated Automatic placement. Migration recommendation is executed automatically.
6 Set the migration threshold for DRS.
7 Click Next.
8 Specify the default power management setting for the cluster.
If you enable power management, select a DPM threshold setting.
9 Click Next.
10 If appropriate, enable Enhanced VMotion Compatibility (EVC) and select the mode it should operate in.
11 Click Next.
12 Select a location for the swapfiles of your virtual machines.
You can either store a swapfile in the same directory as the virtual machine itself, or a datastore specified
by the host (host-local swap)
13 Click Next.
14 Review the summary page that lists the options you selected.
15 Click Finish to complete cluster creation, or click Back to go back and make modifications to the cluster
setup.
A new cluster does not include any hosts or virtual machines.
To add hosts and virtual machines to the cluster see “Adding Hosts to a Cluster,” on page 53 and “Removing
Virtual Machines from a Cluster,” on page 56.
Set a Custom Automation Level for a Virtual Machine

After you create a DRS cluster, you can customize the automation level for individual virtual machines to
override the cluster’s default automation level.
Procedure
1 Select the cluster in the vSphere Client inventory.
2 Right-click and select Edit Settings.
3 In the Cluster Settings dialog box, under VMware DRS select Virtual Machine Options.
4 Select the Enable individual virtual machine automation levels check box.
5 Select an individual virtual machine, or select multiple virtual machines.
6 Right-click and select an automation mode.
7 Click OK.
NOTE Other VMware products or features, such as VMware vApp and VMware Fault Tolerance, might
override the automation levels of virtual machines in a DRS cluster. Refer to the product-specific
documentation for details.
VMware, Inc. 49
Disable DRS
You can turn off DRS for a cluster.
When DRS is disabled, the cluster’s resource pool hierarchy and DRS rules (see “Using DRS Rules,” on
page 51) are not reestablished when DRS is turned back on. So if you disable DRS, the resource pools are
removed from the cluster. To avoid losing the resource pools, instead of disabling DRS, you should suspend
it by changing the DRS automation level to manual (and disabling any virtual machine overrides). This
prevents automatic DRS actions, but preserves the resource pool hierarchy.
Procedure
2 Right click and select Edit Settings.
3 In the left panel, select General, and deselect the Turn On VMware DRS check box.
4 Click OK to turn off DRS.
50 VMware, Inc.
Using DRS Clusters to Manage
Resources 6
After you create a DRS cluster, you can customize it and use it to manage resources.
To customize your DRS cluster and the resources it contains you can configure DRS rules and you can add and
remove hosts and virtual machines. When a cluster’s settings and resources have been defined, you should
ensure that it is and remains a valid cluster. You can also use a valid DRS cluster to manage power resources
and interoperate with VMware HA.

n “Using DRS Rules,” on page 51
n “Adding Hosts to a Cluster,” on page 53
n “Adding Virtual Machines to a Cluster,” on page 54
n “Remove Hosts from a Cluster,” on page 55
n “Removing Virtual Machines from a Cluster,” on page 56
n “DRS Cluster Validity,” on page 56
n “Managing Power Resources,” on page 60
Using DRS Rules

You can control the placement of virtual machines on hosts within a cluster, by using DRS affinity and anti-
affinity rules. An affinity rule specifies that two or more virtual machines be placed on the same host. An anti-
affinity rule is limited to two virtual machines, and it requires that these two virtual machines not be placed
on the same host.
If two rules conflict, the older one will take precedence, and the newer rule is disabled. DRS only tries to satisfy
enabled rules, even if they are in violation. Disabled rules are ignored. DRS gives higher precedence to
preventing violations of anti-affinity rules than violations of affinity rules.
To check if any enabled DRS rules are being violated, select the cluster in the inventory panel of the vSphere
Client, select the DRS tab, and click Faults. Any rule currently being violated has a corresponding fault on this
page. Read the fault to determine why DRS is not able to satisfy the particular rule.
NOTE DRS rules are different from an individual host’s CPU affinity rules.
VMware, Inc. 51
Create DRS Rules

You can create DRS rules to specify virtual machine affinity or anti-affinity.
Procedure
2 Right-Click and select Edit Settings.
3 In the left panel under VMware DRS select Rules.
4 Click Add.
5 In the Virtual Machine Rule dialog box, name the rule.
6 Select one of the options from the pop-up menu:

n Keep Virtual Machines Together
One virtual machine cannot be part of more than one such rule.
n Separate Virtual Machines
This type of rule cannot contain more than two virtual machines.
7 Click Add and click OK.
The rule is created.
Edit DRS Rules

You can edit DRS rules.
Procedure
1 Display the cluster in the inventory.
2 Right-click the cluster and select Edit Settings.
The cluster's Settings dialog box appears.
3 In the left pane under VMware DRS, select Rules.
4 Select a rule in the right pane and click Edit.
5 Make changes in the dialog box and click OK.
Disable DRS Rules

You can disable DRS rules.
Procedure
2 Select Edit Settings from the right-click menu.
3 In the left panel, select Rules under VMware DRS.
4 Deselect the check box to the left of the rule and click OK.
What to do next
You can later enable the rule by reselecting the check box.
52 VMware, Inc.
Chapter 6 Using DRS Clusters to Manage Resources
Delete DRS Rules

You can delete DRS rules.
Procedure
2 Select Edit Settings from the right-click menu.
3 In the left panel, select Rules under VMware DRS.
4 Select the rule you want to remove and click Remove.
The rule is deleted.
Adding Hosts to a Cluster

The procedure for adding hosts to a cluster is different for hosts managed by the same vCenter Server (managed
hosts) than for hosts not managed by that server.
After a host has been added, the virtual machines deployed to the host become part of the cluster and DRS can
recommend migration of some virtual machines to other hosts in the cluster.
Add a Managed Host to a Cluster

When you add a standalone host already being managed by vCenter Server to a DRS cluster, the host’s
resources become associated with the cluster.
You can decide whether you want to associate existing virtual machines and resource pools with the cluster’s
root resource pool or graft the resource pool hierarchy.
NOTE If a host has no child resource pools or virtual machines, the host’s resources are added to the cluster
but no resource pool hierarchy with a top-level resource pool is created.
Procedure
1 Select the host from either the inventory or list view.
2 Drag the host to the target cluster object.
3 Select what to do with the host’s virtual machines and resource pools.
n Put this host’s virtual machines in the cluster’s root resource pool
vCenter Server removes all existing resource pools of the host and the virtual machines in the host’s
hierarchy are all attached to the root. Because share allocations are relative to a resource pool, you
might have to manually change a virtual machine’s shares after selecting this option, which destroys
the resource pool hierarchy.
n Create a resource pool for this host’s virtual machines and resource pools
vCenter Server creates a top-level resource pool that becomes a direct child of the cluster and adds
all children of the host to that new resource pool. You can supply a name for that new top-level
resource pool. The default is Grafted from <host_name>.
The host is added to the cluster.
VMware, Inc. 53
Add an Unmanaged Host to a Cluster

You can add an unmanaged host to a cluster. Such a host is not currently managed by the same vCenter Server
system as the cluster and it is not visible in the vSphere Client.
Procedure
1 Select the cluster to which to add the host and select Add Host from the right-click menu.
2 Enter the host name, user name, and password, and click Next.
3 View the summary information and click Next.
4 Select what to do with the host’s virtual machines and resource pools.
n Put this host’s virtual machines in the cluster’s root resource pool
vCenter Server removes all existing resource pools of the host and the virtual machines in the host’s
hierarchy are all attached to the root. Because share allocations are relative to a resource pool, you
might have to manually change a virtual machine’s shares after selecting this option, which destroys
the resource pool hierarchy.
n Create a resource pool for this host’s virtual machines and resource pools
vCenter Server creates a top-level resource pool that becomes a direct child of the cluster and adds
all children of the host to that new resource pool. You can supply a name for that new top-level
resource pool. The default is Grafted from <host_name>.
The host is added to the cluster.
Adding Virtual Machines to a Cluster

You can add a virtual machine to a cluster in three ways.
n When you add a host to a cluster, all virtual machines on that host are added to the cluster.
n When a virtual machine is created, the New Virtual Machine wizard prompts you for the location to place
the virtual machine. You can select a standalone host or a cluster and you can select any resource pool
inside the host or cluster.
n You can migrate a virtual machine from a standalone host to a cluster or from a cluster to another cluster
using the Migrate Virtual Machine wizard. To start this wizard either drag the virtual machine object on
top of the cluster object or right-click the virtual machine name and select Migrate.
NOTE You can drag a virtual machine directly to a resource pool within a cluster. In this case, the Migrate
Virtual Machine wizard is started but the resource pool selection page does not appear. Migrating directly
to a host within a cluster is not allowed because the resource pool controls the resources.
54 VMware, Inc.
Remove Hosts from a Cluster

You can remove hosts from a cluster.
Prerequisites
Before you remove a host from a DRS cluster, consider the issues involved.
n Resource Pool Hierarchies – When you remove a host from a cluster, the host retains only the root resource
pool, even if you used a DRS cluster and decided to graft the host resource pool when you added the host
to the cluster. In that case, the hierarchy remains with the cluster. You can create a host-specific resource
pool hierarchy.
NOTE Ensure that you remove the host from the cluster by first placing it in maintenance mode. If you
instead disconnect the host before removing it from the cluster, the host retains the resource pool that
reflects the cluster hierarchy.
n Virtual Machines – A host must be in maintenance mode before you can remove it from the cluster and
for a host to enter maintenance mode all powered-on virtual machines must be migrated off that host.
When you request that a host enter maintenance mode, you are also asked whether you want to migrate
all the powered-off virtual machines on that host to other hosts in the cluster.
n Invalid Clusters – When you remove a host from a cluster, the resources available for the cluster decrease.
If the cluster has enough resources to satisfy the reservations of all virtual machines and resource pools
in the cluster, the cluster adjusts resource allocation to reflect the reduced amount of resources. If the
cluster does not have enough resources to satisfy the reservations of all resource pools, but there are
enough resources to satisfy the reservations for all virtual machines, an alarm is issued and the cluster is
marked yellow. DRS continues to run.
Procedure
1 Select the host and select Enter Maintenance Mode from the right-click menu.
2 After the host is in maintenance mode, drag it to a different inventory location, either the top-level
datacenter or a different cluster.
When you move the host, its resources are removed from the cluster. If you grafted the host’s resource
pool hierarchy onto the cluster, that hierarchy remains with the cluster.
After you move the host, you can:

n Remove the host from vCenter Server. (Select Remove from the right-click menu.)
n Run the host as a standalone host under vCenter Server. (Select Exit Maintenance Mode from the right-
click menu.)
n Move the host into another cluster.
Using Maintenance Mode

You place a host in maintenance mode when you need to service it, for example, to install more memory. A
host enters or leaves maintenance mode only as the result of a user request.
Virtual machines that are running on a host entering maintenance mode need to be migrated to another host
(either manually or automatically by DRS) or shut down. The host is in a state of Entering Maintenance Mode
until all running virtual machines are powered down or migrated to different hosts. You cannot power on
virtual machines or migrate virtual machines to a host entering maintenance mode.
VMware, Inc. 55
When no more running virtual machines are on the host, the host’s icon changes to include under maintenance
and the host’s Summary panel indicates the new state. While in maintenance mode, the host does not allow
you to deploy or power on a virtual machine.
NOTE DRS does not recommend (or perform, in fully automated mode) any virtual machine migrations off
of a host entering maintenance or standby mode if the VMware HA failover level would be violated after the
host enters the requested mode.
Using Standby Mode

When a host machine is placed in standby mode, it is powered off.
Normally, hosts are placed in standby mode by the VMware DPM feature to optimize power usage. You can
also place a host in standby mode manually. However, DRS might undo (or recommend undoing) your change
the next time it runs. To force a host to remain off, place it in maintenance mode and power it off.
Removing Virtual Machines from a Cluster

You can remove virtual machines from a cluster.
You can remove a virtual machine from a cluster in two ways:

n When you remove a host from a cluster, all of the powered-off virtual machines that you do not migrate
to other hosts are removed as well. You can remove a host only if it is in maintenance mode or disconnected.
If you remove a host from a DRS cluster, the cluster can become yellow because it is overcommitted.
n You can migrate a virtual machine from a cluster to a standalone host or from a cluster to another cluster
using the Migrate Virtual Machine wizard. To start this wizard either drag the virtual machine object on
top of the cluster object or right-click the virtual machine name and select Migrate.
If the virtual machine is a member of a DRS cluster rules group, vCenter Server displays a warning before
it allows the migration to proceed. The warning indicates that dependent virtual machines are not
migrated automatically. You have to acknowledge the warning before migration can proceed.
DRS Cluster Validity

The vSphere Client indicates whether a DRS cluster is valid, overcommitted (yellow), or invalid (red).
DRS clusters become overcommitted or invalid for several reasons.

n A cluster might become overcommitted if a host fails.
n A cluster becomes invalid if vCenter Server is unavailable and you power on virtual machines using a
vSphere Client connected directly to an ESX/ESXi host.
n A cluster becomes invalid if the user reduces the reservation on a parent resource pool while a virtual
machine is in the process of failing over.
n If changes are made to hosts or virtual machines using a vSphere Client connected to an ESX/ESXi host
while vCenter Server is unavailable, those changes take effect. When vCenter Server becomes available
again, you might find that clusters have turned red or yellow because cluster requirements are no longer
met.
When considering cluster validity scenarios, you should understand these terms.
Reservation A fixed, guaranteed allocation for the resource pool input by the user.
Reservation Used The sum of the reservation or reservation used (whichever is larger) for each
child resource pool, added recursively.
Unreserved This nonnegative number differs according to resource pool type.
56 VMware, Inc.
Nonexpandable resource Reservation minus reservation used.

pools
Expandable resource pools (Reservation minus reservation used) plus any unreserved resources that can be borrowed
from its ancestor resource pools.
Valid DRS Clusters

A valid cluster has enough resources to meet all reservations and to support all running virtual machines.
Figure 6-1 shows an example of a valid cluster with fixed resource pools and how its CPU and memory
resources are computed.
Figure 6-1. Valid Cluster with Fixed Resource Pools
cluster
Total Capacity: 12G
Reserved Capacity: 11G
Available Capacity: 1G
RP1 RP2 RP3

Reservation: 4G Reservation: 4G Reservation: 3G
Reservation Used: 4G Reservation Used: 3G Reservation Used: 3G
Unreserved: 0G Unreserved: 1G Unreserved: 0G
VM1, 2G VM6, 2G VM2, 2G VM3, 3G VM5, 2G
VM7, 2G VM4, 1G VM8, 2G
The cluster has the following characteristics:

n A cluster with total resources of 12GHz.
n Three resource pools, each of type Fixed (Expandable Reservation is not selected).
n The total reservation of the three resource pools combined is 11GHz (4+4+3 GHz). The total is shown in the
Reserved Capacity field for the cluster.
n RP1 was created with a reservation of 4GHz. Two virtual machines. (VM1 and VM7) of 2GHz each are
powered on (Reservation Used: 4GHz). No resources are left for powering on additional virtual machines.
VM6 is shown as not powered on. It consumes none of the reservation.
n RP2 was created with a reservation of 4GHz. Two virtual machines of 1GHz and 2GHz are powered on
(Reservation Used: 3GHz). 1GHz remains unreserved.
n RP3 was created with a reservation of 3GHz. One virtual machine with 3GHz is powered on. No resources
for powering on additional virtual machines are available.
Figure 6-2 shows an example of a valid cluster with some resource pools (RP1 and RP3) using reservation type
Expandable.
VMware, Inc. 57
Figure 6-2. Valid Cluster with Expandable Resource Pools
cluster
Total Capacity: 16G
RP1 (expandable) RP2 RP3 (expandable)

VM7, 2G VM4, 1G VM8, 2G
A valid cluster can be configured as follows:

n A cluster with total resources of 16GHz.
n RP1 and RP3 are of type Expandable, RP2 is of type Fixed.
n The total reservation used of the three resource pools combined is 16GHz (6GHz for RP1, 5GHz for RP2,
and 5GHz for RP3). 16GHz shows up as the Reserved Capacity for the cluster at top level.
n RP1 was created with a reservation of 4GHz. Three virtual machines of 2GHz each are powered on. Two
of those virtual machines (for example, VM1 and VM7) can use RP1’s reservations, the third virtual
machine (VM6) can use reservations from the cluster’s resource pool. (If the type of this resource pool were
Fixed, you could not power on the additional virtual machine.)
n RP2 was created with a reservation of 5GHz. Two virtual machines of 1GHz and 2GHz are powered on
(Reservation Used: 3GHz). 2GHz remains unreserved.
RP3 was created with a reservation of 5GHz. Two virtual machines of 3GHz and 2GHz are powered on.
Even though this resource pool is of type Expandable, no additional 2GHz virtual machine can be powered
on because the parent’s extra resources are already used by RP1.
Overcommitted DRS Clusters

A cluster becomes overcommitted (yellow) when the tree of resource pools and virtual machines is internally
consistent but the cluster does not have the capacity to support all resources reserved by the child resource
pools.
There will always be enough resources to support all running virtual machines because, when a host becomes
unavailable, all its virtual machines become unavailable. A cluster typically turns yellow when cluster capacity
is suddenly reduced, for example, when a host in the cluster becomes unavailable. VMware recommends that
you leave adequate additional cluster resources to avoid your cluster turning yellow.
Consider the following example, as shown in Figure 6-3.
58 VMware, Inc.
Figure 6-3. Yellow Cluster
cluster
X
Total Capacity:12G 8G

VM4, 1G VM7, 0G
In this example:
n A cluster with total resources of 12GHz coming from three hosts of 4GHz each.
n Three resource pools reserving a total of 12GHz.
n The total reservation used by the three resource pools combined is 12GHz (4+5+3 GHz). That shows up
as the Reserved Capacity in the cluster.
n One of the 4GHz hosts becomes unavailable, so total resources reduce to 8GHz.
n At the same time, VM4 (1GHz) and VM3 (3GHz), which were running on the host that failed, are no longer
running.
n The cluster is now running virtual machines that require a total of 6GHz. The cluster still has 8GHz
available, which is sufficient to meet virtual machine requirements.
The resource pool reservations of 12GHz can no longer be met, so the cluster is marked as yellow.
Invalid DRS Clusters

A cluster enabled for DRS becomes invalid (red) when the tree is no longer internally consistent, that is, resource
constraints are not observed.
The total amount of resources in the cluster does not affect whether the cluster is red. A cluster can be red,
even if enough resources exist at the root level, if there is an inconsistency at a child level.
You can resolve a red DRS cluster problem either by powering off one or more virtual machines, moving virtual
machines to parts of the tree that have sufficient resources, or editing the resource pool settings in the red part.
Adding resources typically helps only when you are in the yellow state.
VMware, Inc. 59
A cluster can also turn red if you reconfigure a resource pool while a virtual machine is failing over. A virtual
machine that is failing over is disconnected and does not count toward the reservation used by the parent
resource pool. You might reduce the reservation of the parent resource pool before the failover completes.
After the failover is complete, the virtual machine resources are again charged to the parent resource pool. If
the pool’s usage becomes larger than the new reservation, the cluster turns red.
As is shown in the example in Figure 6-4, if a user is able to start a virtual machine (in an unsupported way)
with a reservation of 3GHz under resource pool 2, the cluster would become red.
Figure 6-4. Red Cluster
cluster
Total Capacity:12G
Reserved Capacity: 12G 15G

Reservation Used: 4G Reservation Used:2G 5G Reservation Used: 2G
Unreserved: 0G Unreserved: 0G Unreserved:4G 0G
VM1, 1G VM2, 3G VM3, 1G VM4, 1G VM5, 1G VM6, 1G
VM7, 3G
Managing Power Resources

The VMware Distributed Power Management (DPM) feature allows a DRS cluster to reduce its power
consumption by powering hosts on and off based on cluster resource utilization.
VMware DPM monitors the cumulative demand of all virtual machines in the cluster for memory and CPU
resources and compares this to the total available resource capacity of all hosts in the cluster. If sufficient excess
capacity is found, VMware DPM places one or more hosts in standby mode and powers them off after migrating
their virtual machines to other hosts. Conversely, when capacity is deemed to be inadequate, DRS brings hosts
out of standby mode (powers them on) and migrates virtual machines, using VMotion, to them. When making
these calculations, VMware DPM considers not only current demand, but it also honors any user-specified
virtual machine resource reservations.
NOTE ESX/ESXi hosts cannot automatically be brought out of standby mode unless they are running in a
cluster managed by vCenter Server.
60 VMware, Inc.
VMware DPM can use one of three power management protocols to bring a host out of standby mode:
Intelligent Platform Management Interface (IPMI), Hewlett-Packard Integrated Lights-Out (iLO), or Wake-On-
LAN (WOL). Each protocol requires its own hardware support and configuration. If a host does not support
any of these protocols it cannot be put into standby mode by VMware DPM. If a host supports multiple
protocols, they are used in the following order: IPMI, iLO, WOL.
NOTE Do not disconnect a host in standby mode or move it out of the DRS cluster without first powering it
on, otherwise vCenter Server is not able to power the host back on.
Configure IPMI or iLO Settings for VMware DPM

IPMI is a hardware-level specification and Hewlett-Packard iLO is an embedded server management
technology. Each of them describes and provides an interface for remotely monitoring and controlling
computers.
You must perform the following procedure on each host.
Prerequisites
Both IPMI and iLO require a hardware Baseboard Management Controller (BMC) to provide a gateway for
accessing hardware control functions, and allow the interface to be accessed from a remote system using serial
or LAN connections. The BMC is powered-on even when the host itself is powered-off. If properly enabled,
the BMC can respond to remote power-on commands.
If you plan to use IPMI or iLO as a wake protocol, you must configure the BMC. BMC configuration steps vary
according to model. See your vendor’s documentation for more information. With IPMI, you must also ensure
that the BMC LAN channel is configured to be always available and to allow operator-privileged commands.
On some IPMI systems, when you enable "IPMI over LAN" you must configure this in the BIOS and specify a
particular IPMI account.
VMware DPM using only IPMI supports MD5- and plaintext-based authentication, but MD2-based
authentication is not supported. vCenter Server uses MD5 if a host's BMC reports that it is supported and
enabled for the Operator role. Otherwise, plaintext-based authentication is used if the BMC reports it is
supported and enabled. If neither MD5 nor plaintext authentication is enabled, IPMI cannot be used with the
host and vCenter Server attempts to use Wake-on-LAN.
Procedure
1 Select the host in the vSphere Client inventory.
3 Click Power Management.
4 Click Properties.
5 Enter the following information.

n User name and password for a BMC account. (The user name must have the ability to remotely power
the host on.)
n IP address of the NIC associated with the BMC, as distinct from the IP address of the host. The IP
address should be static or a DHCP address with infinite lease.
n MAC address of the NIC associated with the BMC.
6 Click OK.
VMware, Inc. 61
Test Wake-on-LAN for VMware DPM

The use of Wake-on-LAN (WOL) for the VMware DPM feature is fully supported, if you configure and
successfully test it according to the VMware guidelines. You must perform these steps before enabling VMware
DPM for a cluster for the first time or on any host that is being added to a cluster that is using VMware DPM.
Prerequisites
Before testing WOL, ensure that your cluster meets the prerequisites.
n Your cluster must contain at least two ESX 3.5 (or ESX 3i version 3.5) or later hosts.
n Each host's VMotion networking link must be working correctly. The VMotion network should also be a
single IP subnet, not multiple subnets separated by routers.
n The VMotion NIC on each host must support WOL. To check for WOL support, first determine the name
of the physical network adapter corresponding to the VMkernel port by selecting the host in the inventory
panel of the vSphere Client, selecting the Configuration tab, and clicking Networking. After you have
this information, click on Network Adapters and find the entry corresponding to the network adapter. The
Wake On LAN Supported column for the relevant adapter should show Yes.
n To display the WOL-compatibility status for each NIC on a host, select the host in the inventory panel of
the vSphere Client, select the Configuration tab, and click Network Adapters. The NIC must show Yes
in the Wake On LAN Supported column.
n The switch port that each WOL-supporting VMotion NIC is plugged into should be set to auto negotiate
the link speed, and not set to a fixed speed (for example, 1000 Mb/s). Many NICs support WOL only if
they can switch to 100 Mb/s or less when the host is powered off.
After you verify these prerequisites, test each ESX/ESXi host that is going to use WOL to support VMware
DPM. When you test these hosts, ensure that the VMware DPM feature is disabled for the cluster.
CAUTION Ensure that any host being added to a VMware DPM cluster that uses WOL as a wake protocol is
tested and disabled from using power management if it fails the testing. If this is not done, VMware DPM
might power off hosts that it subsequently cannot power back up.
Procedure
1 Click the Enter Standby Mode command on the host's Summary tab in the vSphere Client.
This action powers down the host.

2 Try to bring the host out of standby mode by clicking the Power Oncommand on the host's Summary tab.
3 Observe whether or not the host successfully powers back on.
4 For any host that fails to exit standby mode successfully, select the host in the cluster Settings dialog box’s
Host Options page and change its Power Management setting to Disabled.
After you do this, VMware DPM does not consider that host a candidate for being powered-off.
Enabling VMware DPM for a DRS Cluster

After you have performed any configuration or testing steps required by the wake protocol you are using on
each host, you can enable VMware DPM.
To do this, configure the power management automation level, threshold, and host-level overrides. These
settings are configured under Power Management in the cluster’s Settings dialog box.
62 VMware, Inc.
Automation Level
Whether the host power state and migration recommendations generated by VMware DPM are executed
automatically or not depends upon the power management automation level selected for the feature.
The automation level is configured under Power Management in the cluster’s Settings dialog box. The options
available are:
n Off – The feature is disabled and no recommendations will be made.
n Manual – Host power operation and related virtual machine migration recommendations are made, but
not automatically executed. These recommendations appear on the cluster’s DRS tab in the vSphere Client.
n Automatic – Host power operations are automatically executed if related virtual machine migrations can
all be executed automatically.
NOTE The power management automation level is not the same as the DRS automation level.
VMware DPM Threshold

The power state (host power on or off) recommendations generated by the VMware DPM feature are assigned
priorities that range from priority-one recommendations to priority-five recommendations.
These priority ratings are based on the amount of over- or under-utilization found in the DRS cluster and the
improvement that is expected from the intended host power state change. A priority-one recommendation is
mandatory, while a priority-five recommendation brings only slight improvement.
The threshold is configured under Power Management in the cluster’s Settings dialog box. Each level you
move the VMware DPM Threshold slider to the right allows the inclusion of one more lower level of priority
in the set of recommendations that are executed automatically or appear as recommendations to be manually
executed. At the Conservative setting, VMware DPM only generates priority-one recommendations, the next
level to the right only priority-two and higher, and so on, down to the Aggressive level which generates
priority-five recommendations and higher (that is, all recommendations.)
NOTE The DRS threshold and the VMware DPM threshold are essentially independent. You can differentiate
the aggressiveness of the migration and host-power-state recommendations they respectively provide.
Host-Level Overrides
When you enable VMware DPM in a DRS cluster, by default all hosts in the cluster inherit its VMware DPM
automation level.
You can override this default for an individual host by selecting the host Host Options page of the cluster's
Settings dialog box and clicking its Power Management setting. You can change this setting to the following
options:
n Disabled
n Manual
n Automatic
NOTE Do not change a host's Power Management setting if it has been set to Disabled due to failed exit standby
mode testing.
VMware, Inc. 63
After enabling and running VMware DPM, you can verify that it is functioning properly by viewing each host’s
Last Time Exited Standby information displayed on the Host Options page in the cluster Settings dialog box
and on the Hosts tab for each cluster. This field shows a timestamp and whether vCenter Server Succeeded or
Failed the last time it attempted to bring the host out of standby mode. If no such attempt has been made, the
field displays Never.
NOTE Times for the Last Time Exited Standby field are derived from the vCenter Server event log. If this log
is cleared, the times are reset to Never.
Monitoring VMware DPM

You can use event-based alarms in vCenter Server to monitor VMware DPM.
The most serious potential error you face when using VMware DPM is the failure of a host to exit standby
mode when its capacity is needed by the DRS cluster. You can monitor for instances when this error occurs by
using the preconfigured Exit Standby Error alarm in vCenter Server. If VMware DPM cannot bring a host out
of standby mode (vCenter Server event DrsExitStandbyModeFailedEvent), you can configure this alarm to send
an alert email to the administrator or to send notification using an SNMP trap. By default, this alarm is cleared
after vCenter Server is able to successfully connect to that host.
To monitor VMware DPM activity, you can also create alarms for the following vCenter Server events.
Table 6-1. vCenter Server Events

Event Type Event Name
Entering Standby mode (about to power off host) DrsEnteringStandbyModeEvent
Successfully entered Standby mode (host power off DrsEnteredStandbyModeEvent

succeeded)
Exiting Standby mode (about to power on the host) DrsExitingStandbyModeEvent
Successfully exited Standby mode (power on succeeded) DrsExitedStandbyModeEvent
For more information on creating and editing alarms, see the Basic System Administration guide.
If you use monitoring software other than vCenter Server, and that software triggers alarms when physical
hosts are powered off unexpectedly, you might have a situation where false alarms are generated when
VMware DPM places a host into standby mode. If you do not want to receive such alarms, work with your
vendor to deploy a version of the monitoring software that is integrated with vCenter Server. You could also
use vCenter Server itself as your monitoring solution, because starting with vSphere 4.x, it is inherently aware
of VMware DPM and does not trigger these false alarms.
64 VMware, Inc.
Viewing DRS Cluster Information 7
You can view information about a DRS cluster using the cluster Summary and DRS tabs in the vSphere Client.
You can also apply the DRS recommendations that appear in the DRS tab.

n “Viewing the Cluster Summary Tab,” on page 65
n “Using the DRS Tab,” on page 67
Viewing the Cluster Summary Tab

You can access a cluster’s Summary tab from the inventory panel of the vSphere Client.
The General, VMware DRS, and VMware DRS Resource Distribution sections of this tab display useful
information about the configuration and operation of your cluster. The following sections describe the fields
that appear in those sections.
Cluster Summary Tab General Section

The General section of the cluster's Summary tab provides general information about your cluster.
Table 7-1. General Section

Field Description
VMware DRS Indicates whether VMware DRS is enabled or disabled.
VMware HA Indicates whether VMware HA is enabled or disabled.
VMware EVC Mode Indicates whether Enhanced VMotion Compatibility is enabled or disabled.
Total CPU Resources Total CPU resources assigned to this cluster.
Total Memory Total memory resources assigned to this cluster.
Number of Hosts Number of hosts in this cluster.
Total Processors Number of processors in all of the hosts in this cluster.
Number of Virtual Machines Number of virtual machines in this cluster.
Total Migrations using VMotion Number of migrations performed in the cluster.
VMware, Inc. 65
Cluster Summary Tab VMware DRS Section

The VMware DRS section appears in the cluster's Summary tab only if VMware DRS is enabled.
Table 7-2. VMware DRS Section

Field Description
Migration Automation Level Manual, Partially Automated, Fully Automated.
Power Management Automation Level Off, Manual, Automatic.
DRS Recommendations Number of DRS migration recommendations awaiting user confirmation. If the
value is nonzero, opens the Recommendations page of the cluster’s DRS tab.
DRS Faults Number of DRS faults currently outstanding. If the value is nonzero, opens the
Faults page of the cluster’s DRS tab.
Migration Threshold Indicates the priority level of migration recommendations to apply or generate.
Target host load standard deviation A value derived from the migration threshold setting that indicates the value
under which load imbalance is to be kept.
Current host load standard deviation A value indicating the current load imbalance in the cluster. This value should be
less than the target host load standard deviation unless unapplied DRS
recommendations or constraints preclude attaining that level.
View Resource Distribution Chart Opens the Resource Distribution chart that provides CPU and memory utilization
information.
VMware DRS Resource Distribution Chart

The VMware DRS Resource Distribution chart displays CPU and memory utilization information.
Open this chart by clicking the View Resource Distribution Chart link on the Summary tab for a VMware DRS
cluster.
CPU Utilization
CPU utilization is displayed on a per-virtual machine basis, grouped by host. The chart shows information for
each virtual machine as a colored box, which symbolizes the percentage of entitled resources (as computed by
DRS) that are delivered to it. If the virtual machine is receiving its entitlement, this box should be green. If it
is not green for an extended time, you might want to investigate what is causing this shortfall (for example,
unapplied recommendations).
If you hold the pointer over the box for a virtual machine, its utilization information (Consumed versus
Entitlement) appears.
You can toggle the display of CPU resources between % and MHz by clicking the appropriate button.
Memory Utilization
Memory utilization is displayed on a per-virtual machine basis, grouped by host.
If you hold the pointer over the box for a virtual machine, its utilization information (Consumed versus
Entitlement) appears.
You can toggle the display of memory resources between % and MB by clicking the appropriate button.
66 VMware, Inc.
Chapter 7 Viewing DRS Cluster Information
Using the DRS Tab

The DRS tab is available when you select a DRS cluster object from the inventory panel in the vSphere Client.
This tab displays information about the DRS recommendations made for the cluster, faults that have occurred
in applying such recommendations, and the history of DRS actions. You can access three pages from this tab.
These pages are named Recommendations, Faults, and History.
DRS Recommendations Page

You can reach this page by clicking the Recommendations button on the DRS tab.
The Recommendations page of the DRS tab displays the following cluster properties.
Table 7-3. DRS Recommendations Page

Field Description
Migration Automation Level Automation level for DRS virtual machine migration recommendations. Fully
Automated, Partially Automated, or Manual.
Power Management Automation level for VMware DPM recommendations. Off, Manual, or Automatic.
Automation Level
Migration Threshold Priority level (or higher) of DRS recommendations to apply.
Power Management Threshold Priority level (or higher) of VMware DPM recommendations to apply.
Additionally, the DRS Recommendations section on this page displays the current set of recommendations
generated for optimizing resource utilization in the cluster through either migrations or power management.
Only manual recommendations awaiting user confirmation appear on this list.
Actions that you can take from this page:

n To refresh the recommendations, click Run DRS and the recommendations update. This command
appears on all three DRS pages.
n To apply all recommendations, click Apply Recommendations.
n To apply a subset of the recommendations, select the Override DRS recommendations check box. This
activates the Apply check boxes next to each recommendation. Select the check box next to each desired
recommendation and click Apply Recommendations.
Table 7-4 shows the information that DRS provides for each recommendation.
VMware, Inc. 67
Table 7-4. DRS Recommendations Information

Column Description
Priority Priority level (1-5) for the recommendation. Priority one, the highest, indicates a mandatory move
because of a host entering maintenance or standby mode or DRS rule violations. Other priority
ratings denote how much the recommendation would improve the cluster’s performance; from
priority two (significant improvement) to priority five (slight). Prior to ESX/ESXi 4.0,
recommendations received a star rating (1 to 5 stars) instead of a priority level. The higher the
star rating, the more desirable the move. See the VMware knowledge base article at
http://kb.vmware.com/kb/1007485 for information on priority level calculation.
Recommendation The action recommended by DRS. What appears in this column depends on the type of
recommendation.
n For virtual machine migrations: the name of the virtual machine to migrate, the source host
(on which the virtual machine is currently running), and the destination host (to which the
virtual machine is migrated).
n For host power state changes: the name of the host to power on or off.
Reason Reason for the recommendation. why DRS recommends that you migrate the virtual machine or
transition the power state of the host. Reasons can be related to any of the following.
n Balance average CPU or memory loads.
n Satisfy a DRS (affinity or anti-affinity) rule.
n Host is entering maintenance.
n Decrease power consumption.
n Power off a specific host.
n Increase cluster capacity.
n Balance CPU or memory reservations.
n Maintain unreserved capacity.
DRS recommendations are configurable only using vCenter Server. Migrations are not available when you
connect the vSphere Client directly to ESX/ESXi hosts. To use the migrations function, have vCenter Server
manage the host.
DRS Faults Page

The Faults page of the DRS tab displays faults that prevented the recommendation of a DRS action (in manual
mode) or the application of a DRS recommendation (in automatic mode).
You can reach this page by clicking the Faults button on the DRS tab.
You can customize the display of problems using the Contains text box. Select the search criteria (Time,
Problem, Target) from the drop-down box next to the text box and enter a relevant text string.
You can click on a problem to display additional details about it, including specific faults and the
recommendations it prevented. If you click on a fault name, a detailed description of that fault is provided by
the DRS Troubleshooting Guide. You can also access this guide from the Faults page, by clicking View DRS
Troubleshooting Guide.
For each fault, DRS provides the information shown in Table 7-5.
Table 7-5. DRS Faults Page

Field Description
Time Timestamp of when the fault occurred.
Problem Description of the condition that prevented the recommendation from being made or
applied. When you select this field, more detailed information about its associated faults
displays in the Problem Details box.
Target Target of the intended action.
68 VMware, Inc.
Chapter 7 Viewing DRS Cluster Information
DRS History Page

The History page of the DRS tab displays recent actions taken as a result of DRS recommendations.
You can reach this page by clicking the History button on the DRS tab.
For each action, DRS provides the information shown in Table 7-6.
Table 7-6. DRS History Page

Field Description
DRS Actions Details of the action taken.
Time Timestamp of when the action occurred.
By default, the information on this page is maintained for four hours and it is preserved across sessions (you
can log out and when you log back in, the information is still available.)
You can customize the display of recent actions using the Contains text box. Select the search criteria (DRS
Actions, Time) from the drop-down box next to the text box and enter a relevant text string.
VMware, Inc. 69
70 VMware, Inc.
Using NUMA Systems with ESX/ESXi 8
ESX/ESXi supports memory access optimization for Intel and AMD Opteron processors in server architectures
that support NUMA (non-uniform memory access).
After you understand how ESX/ESXi NUMA scheduling is performed and how the VMware NUMA
algorithms work, you can specify NUMA controls to optimize the performance of your virtual machines.

n “What is NUMA?,” on page 71
n “How ESX/ESXi NUMA Scheduling Works,” on page 72
n “VMware NUMA Optimization Algorithms and Settings,” on page 73
n “Resource Management in NUMA Architectures,” on page 74
n “Specifying NUMA Controls,” on page 75
What is NUMA?
NUMA systems are advanced server platforms with more than one system bus. They can harness large
numbers of processors in a single system image with superior price to performance ratios.
For the past decade, processor clock speed has increased dramatically. A multi-gigahertz CPU, however, needs
to be supplied with a large amount of memory bandwidth to use its processing power effectively. Even a single
CPU running a memory-intensive workload, such as a scientific computing application, can be constrained by
memory bandwidth.
This problem is amplified on symmetric multiprocessing (SMP) systems, where many processors must
compete for bandwidth on the same system bus. Some high-end systems often try to solve this problem by
building a high-speed data bus. However, such a solution is expensive and limited in scalability.
NUMA is an alternative approach that links several small, cost-effective nodes using a high-performance
connection. Each node contains processors and memory, much like a small SMP system. However, an advanced
memory controller allows a node to use memory on all other nodes, creating a single system image. When a
processor accesses memory that does not lie within its own node (remote memory), the data must be transferred
over the NUMA connection, which is slower than accessing local memory. Memory access times are not
uniform and depend on the location of the memory and the node from which it is accessed, as the technology’s
name implies.
Challenges for Operating Systems

Because a NUMA architecture provides a single system image, it can often run an operating system with no
special optimizations. For example, Windows 2000 is fully supported on the IBM x440, although it is not
designed for use with NUMA.
VMware, Inc. 71
There are many disadvantages to using such an operating system on a NUMA platform. The high latency of
remote memory accesses can leave the processors under-utilized, constantly waiting for data to be transferred
to the local node, and the NUMA connection can become a bottleneck for applications with high-memory
bandwidth demands.
Furthermore, performance on such a system can be highly variable. It varies, for example, if an application has
memory located locally on one benchmarking run, but a subsequent run happens to place all of that memory
on a remote node. This phenomenon can make capacity planning difficult. Finally, processor clocks might not
be synchronized between multiple nodes, so applications that read the clock directly might behave incorrectly.
Some high-end UNIX systems provide support for NUMA optimizations in their compilers and programming
libraries. This support requires software developers to tune and recompile their programs for optimal
performance. Optimizations for one system are not guaranteed to work well on the next generation of the same
system. Other systems have allowed an administrator to explicitly decide on the node on which an application
should run. While this might be acceptable for certain applications that demand 100 percent of their memory
to be local, it creates an administrative burden and can lead to imbalance between nodes when workloads
change.
Ideally, the system software provides transparent NUMA support, so that applications can benefit immediately
without modifications. The system should maximize the use of local memory and schedule programs
intelligently without requiring constant administrator intervention. Finally, it must respond well to changing
conditions without compromising fairness or performance.
How ESX/ESXi NUMA Scheduling Works

ESX/ESXi uses a sophisticated NUMA scheduler to dynamically balance processor load and memory locality
or processor load balance.
1 Each virtual machine managed by the NUMA scheduler is assigned a home node. A home node is one of
the system’s NUMA nodes containing processors and local memory, as indicated by the System Resource
Allocation Table (SRAT).
2 When memory is allocated to a virtual machine, the ESX/ESXi host preferentially allocates it from the
home node.
3 The NUMA scheduler can dynamically change a virtual machine's home node to respond to changes in
system load. The scheduler might migrate a virtual machine to a new home node to reduce processor load
imbalance. Because this might cause more of its memory to be remote, the scheduler might migrate the
virtual machine’s memory dynamically to its new home node to improve memory locality. The NUMA
scheduler might also swap virtual machines between nodes when this improves overall memory locality.
Some virtual machines are not managed by the ESX/ESXi NUMA scheduler. For example, if you manually set
the processor affinity for a virtual machine, the NUMA scheduler might not be able to manage this virtual
machine. Virtual machines that have more virtual processors than the number of physical processor cores
available on a single hardware node cannot be managed automatically. Virtual machines that are not managed
by the NUMA scheduler still run correctly. However, they don't benefit from ESX/ESXi NUMA optimizations.
The NUMA scheduling and memory placement policies in ESX/ESXi can manage all virtual machines
transparently, so that administrators do not need to address the complexity of balancing virtual machines
between nodes explicitly.
The optimizations work seamlessly regardless of the type of guest operating system. ESX/ESXi provides
NUMA support even to virtual machines that do not support NUMA hardware, such as Windows NT 4.0. As
a result, you can take advantage of new hardware even with legacy operating systems.
72 VMware, Inc.
Chapter 8 Using NUMA Systems with ESX/ESXi
VMware NUMA Optimization Algorithms and Settings

This section describes the algorithms and settings used by ESX/ESXi to maximize application performance
while still maintaining resource guarantees.
Home Nodes and Initial Placement

When a virtual machine is powered on, ESX/ESXi assigns it a home node. A virtual machine runs only on
processors within its home node, and its newly allocated memory comes from the home node as well.
Unless a virtual machine’s home node changes, it uses only local memory, avoiding the performance penalties
associated with remote memory accesses to other NUMA nodes.
New virtual machines are initially assigned to home nodes in a round robin fashion, with the first virtual
machine going to the first node, the second virtual machine to the second node, and so forth. This policy ensures
that memory is evenly used throughout all nodes of the system.
Several operating systems, such as Windows Server 2003, provide this level of NUMA support, which is known
as initial placement. It might be sufficient for systems that run only a single workload, such as a benchmarking
configuration, which does not change over the course of the system’s uptime. However, initial placement is
not sophisticated enough to guarantee good performance and fairness for a datacenter-class system that is
expected to support changing workloads.
To understand the weaknesses of an initial-placement-only system, consider the following example: an

administrator starts four virtual machines and the system places two of them on the first node. The second
two virtual machines are placed on the second node. If both virtual machines on the second node are stopped,
or if they become idle, the system becomes completely imbalanced, with the entire load placed on the first
node. Even if the system allows one of the remaining virtual machines to run remotely on the second node, it
suffers a serious performance penalty because all its memory remains on its original node.
Dynamic Load Balancing and Page Migration

ESX/ESXi combines the traditional initial placement approach with a dynamic rebalancing algorithm.
Periodically (every two seconds by default), the system examines the loads of the various nodes and determines
if it should rebalance the load by moving a virtual machine from one node to another.
This calculation takes into account the resource settings for virtual machines and resource pools to improve
performance without violating fairness or resource entitlements.
The rebalancer selects an appropriate virtual machine and changes its home node to the least loaded node.
When it can, the rebalancer moves a virtual machine that already has some memory located on the destination
node. From that point on (unless it is moved again), the virtual machine allocates memory on its new home
node and it runs only on processors within the new home node.
Rebalancing is an effective solution to maintain fairness and ensure that all nodes are fully used. The rebalancer
might need to move a virtual machine to a node on which it has allocated little or no memory. In this case, the
virtual machine incurs a performance penalty associated with a large number of remote memory accesses.
ESX/ESXi can eliminate this penalty by transparently migrating memory from the virtual machine’s original
node to its new home node:
1 The system selects a page (4KB of contiguous memory) on the original node and copies its data to a page
in the destination node.
2 The system uses the virtual machine monitor layer and the processor’s memory management hardware
to seamlessly remap the virtual machine’s view of memory, so that it uses the page on the destination
node for all further references, eliminating the penalty of remote memory access.
VMware, Inc. 73
When a virtual machine moves to a new node, the ESX/ESXi host immediately begins to migrate its memory
in this fashion. It manages the rate to avoid overtaxing the system, particularly when the virtual machine has
little remote memory remaining or when the destination node has little free memory available. The memory
migration algorithm also ensures that the ESX/ESXi host does not move memory needlessly if a virtual machine
is moved to a new node for only a short period.
When initial placement, dynamic rebalancing, and intelligent memory migration work in conjunction, they
ensure good memory performance on NUMA systems, even in the presence of changing workloads. When a
major workload change occurs, for instance when new virtual machines are started, the system takes time to
readjust, migrating virtual machines and memory to new locations. After a short period, typically seconds or
minutes, the system completes its readjustments and reaches a steady state.
Transparent Page Sharing Optimized for NUMA

Many ESX/ESXi workloads present opportunities for sharing memory across virtual machines.
the same applications or components loaded, or contain common data. In such cases, ESX/ESXi systems use a
proprietary transparent page-sharing technique to securely eliminate redundant copies of memory pages. With
memory sharing, a workload running in virtual machines often consumes less memory than it would when
running on physical machines. As a result, higher levels of overcommitment can be supported efficiently.
Transparent page sharing for ESX/ESXi systems has also been optimized for use on NUMA systems. On NUMA
systems, pages are shared per-node, so each NUMA node has its own local copy of heavily shared pages. When
virtual machines use shared pages, they don't need to access remote memory.
Memory Page Sharing Across and Within NUMA Nodes

The VMkernel.Boot.sharePerNode option controls whether memory pages can be shared (de-duplicated) only
within a single NUMA node or across multiple NUMA nodes.
VMkernel.Boot.sharePerNode is turned on by default, and identical pages are shared only within the same
NUMA node. This improves memory locality, because all accesses to shared pages use local memory.
NOTE This default behavior is the same in all previous versions of ESX.
When you turn off the VMkernel.Boot.sharePerNode option, identical pages can be shared across different
NUMA nodes. This increases the amount of sharing and de-duplication, which reduces overall memory
consumption at the expense of memory locality. In memory-constrained environments, such as VMware View
deployments, many similar virtual machines present an opportunity for de-duplication, and page sharing
across NUMA nodes could be very beneficial.
Resource Management in NUMA Architectures

You can perform resource management with different types of NUMA architecture. The systems that offer a
NUMA platform to support industry-standard operating systems include those based on either AMD CPUs
or the IBM Enterprise X-Architecture.
IBM Enterprise X-Architecture

One architecture that supports NUMA is the IBM Enterprise X-Architecture.
74 VMware, Inc.
The IBM Enterprise X-Architecture supports servers with up to four nodes (also called CECs or SMP Expansion
Complexes in IBM terminology). Each node can contain up to four Intel Xeon MP processors for a total of 16
CPUs. The next generation IBM eServer x445 uses an enhanced version of the Enterprise X-Architecture, and
scales to eight nodes with up to four Xeon MP processors for a total of 32 CPUs. The third-generation IBM
eServer x460 provides similar scalability but also supports 64-bit Xeon MP processors. The high scalability of
all these systems stems from the Enterprise X-Architecture’s NUMA design that is shared with IBM high end
POWER4-based pSeries servers.
AMD Opteron-Based Systems

AMD Opteron-based systems, such as the HP ProLiant DL585 Server, also provide NUMA support.
The BIOS setting for node interleaving determines whether the system behaves more like a NUMA system or
more like a Uniform Memory Architecture (UMA) system. See the HP ProLiant DL585 Server technology brief.
See also the HP ROM-Based Setup Utility User Guide at the HP Web site.
By default, node interleaving is disabled, so each processor has its own memory. The BIOS builds a System
Resource Allocation Table (SRAT), so the ESX/ESXi host detects the system as NUMA and applies NUMA
optimizations. If you enable node interleaving (also known as interleaved memory), the BIOS does not build
an SRAT, so the ESX/ESXi host does not detect the system as NUMA.
Currently shipping Opteron processors have up to four cores per socket. When node memory is enabled, the
memory on the Opteron processors is divided such that each socket has some local memory, but memory for
other sockets is remote. The single-core Opteron systems have a single processor per NUMA node and the
dual-core Opteron systems have two processors for each NUMA node.
SMP virtual machines (having two virtual processors) cannot reside within a NUMA node that has a single
core, such as the single-core Opteron processors. This also means they cannot be managed by the ESX/ESXi
NUMA scheduler. Virtual machines that are not managed by the NUMA scheduler still run correctly. However,
those virtual machines don't benefit from the ESX/ESXi NUMA optimizations. Uniprocessor virtual machines
(with a single virtual processor) can reside within a single NUMA node and are managed by the ESX/ESXi
NUMA scheduler.
NOTE For small Opteron systems, NUMA rebalancing is now disabled by default to ensure scheduling fairness.
Use the Numa.RebalanceCoresTotal and Numa.RebalanceCoresNode options to change this behavior.
Specifying NUMA Controls

If you have applications that use a lot of memory or have a small number of virtual machines, you might want
to optimize performance by specifying virtual machine CPU and memory placement explicitly.
This is useful if a virtual machine runs a memory-intensive workload, such as an in-memory database or a
scientific computing application with a large data set. You might also want to optimize NUMA placements
manually if the system workload is known to be simple and unchanging. For example, an eight-processor
system running eight virtual machines with similar workloads is easy to optimize explicitly.
NOTE In most situations, an ESX/ESXi host’s automatic NUMA optimizations result in good performance.
ESX/ESXi provides two sets of controls for NUMA placement, so that administrators can control memory and
processor placement of a virtual machine.
The vSphere Client allows you to specify two options.
CPU Affinity A virtual machine should use only the processors on a given node.
Memory Affinity The server should allocate memory only on the specified node.
If you set both options before a virtual machine starts, the virtual machine runs only on the selected node and
all of its memory is allocated locally.
VMware, Inc. 75
An administrator can also manually move a virtual machine to another node after the virtual machine has
started running. In this case, the page migration rate of the virtual machine must be set manually, so that
memory from the virtual machine’s previous node can be moved to its new node.
Manual NUMA placement might interfere with the ESX/ESXi resource management algorithms, which try to
give each virtual machine a fair share of the system’s processor resources. For example, if ten virtual machines
with processor-intensive workloads are manually placed on one node, and only two virtual machines are
manually placed on another node, it is impossible for the system to give all twelve virtual machines equal
shares of the system’s resources.
NOTE You can view NUMA configuration information in the Memory panel of the resxtop (or esxtop) utility.
Associate Virtual Machines with a Single NUMA Node Using CPU Affinity
You might be able to improve the performance of the applications on a virtual machine by associating it to the
CPU numbers on a single NUMA node (manual CPU affinity).
Procedure
1 Using a vSphere Client, right-click a virtual machine and select Edit Settings.
2 In the Virtual Machine Properties dialog box, select the Resources tab and select Advanced CPU.
3 In the Scheduling Affinity panel, set CPU affinity for different NUMA nodes.
NOTE You must manually select the boxes for all processors in the NUMA node. CPU affinity is specified
on a per-processor, not on a per-node, basis.
Associate Memory Allocations with a NUMA Node Using Memory Affinity

You can specify that all future memory allocations on a virtual machine use pages associated with a single
NUMA node (also known as manual memory affinity). When the virtual machine uses local memory, the
performance improves on that virtual machine.
NOTE Specify nodes to be used for future memory allocations only if you have also specified CPU affinity. If
you make manual changes only to the memory affinity settings, automatic NUMA rebalancing does not work
properly.
Procedure
1 Using a vSphere Client, right-click a virtual machine and select Edit Settings.
2 In the Virtual Machine Properties dialog box, select the Resources tab, and select Memory.
3 In the NUMA Memory Affinity panel, set memory affinity.
76 VMware, Inc.
Example 8-1. Binding a Virtual Machine to a Single NUMA Node

The following example illustrates manually binding the last four physical CPUs to a single NUMA node for a
two-way virtual machine on an eight-way server.
The CPUs—for example, 4, 5, 6, and 7—are the physical CPU numbers.
1 In the vSphere Client inventory panel, select the virtual machine and select Edit Settings.
2 Select Options and click Advanced.
3 Click the Configuration Parameters button.
4 In the vSphere Client, turn on CPU affinity for processors 4, 5, 6, and 7.
Then, you want this virtual machine to run only on node 1.
1 In the vSphere Client inventory panel, select the virtual machine and select Edit Settings.
2 Select Options and click Advanced.
4 In the vSphere Client, set memory affinity for the NUMA node to 1.
Completing these two tasks ensures that the virtual machine runs only on NUMA node 1 and, when possible,
allocates memory from the same node.
VMware, Inc. 77
78 VMware, Inc.
Performance Monitoring Utilities:
resxtop and esxtop A
The resxtop and esxtop command-line utilities provide a detailed look at how ESX/ESXi uses resources in real
time. You can start either utility in one of three modes: interactive (default), batch, or replay.
The fundamental difference between resxtop and esxtop is that you can use resxtop remotely (or locally),
whereas esxtop can be started only through the service console of a local ESX host.

n “Using the esxtop Utility,” on page 79
n “Using the resxtop Utility,” on page 79
n “Using esxtop or resxtop in Interactive Mode,” on page 80
n “Using Batch Mode,” on page 94
n “Using Replay Mode,” on page 95
Using the esxtop Utility

The esxtop utility runs only on the ESX host’s service console and to use it you must have root user privileges.
Type the command, using the options you want:

esxtop [-] [h] [v] [b] [s] [a] [c filename] [R vm-support_dir_path] [d delay] [n iter]
The esxtop utility reads its default configuration from .esxtop4rc. This configuration file consists of eight lines.
The first seven lines contain lowercase and uppercase letters to specify which fields appear in which order on
the CPU, memory, storage adapter, storage device, virtual machine storage, network, and interrupt panels.
The letters correspond to the letters in the Fields or Order panels for the respective esxtop panel.
The eighth line contains information on the other options. Most important, if you saved a configuration in
secure mode, you do not get an insecure esxtop without removing the s from the seventh line of
your .esxtop4rc file. A number specifies the delay time between updates. As in interactive mode, typing c, m,
d, u, v, n, or I determines the panel with which esxtop starts.
NOTE Do not edit the .esxtop4rc file. Instead, select the fields and the order in a running esxtop process, make
changes, and save this file using the W interactive command.
Using the resxtop Utility

The resxtop utility is a vSphere CLI command.
Before you can use any vSphere CLI commands, you must either download and install a vSphere CLI package
or deploy the vSphere Management Assistant (vMA) to your ESX/ESXi host or vCenter Server system.
VMware, Inc. 79
After it is set up, start resxtop from the command line. For remote connections, you can either connect to an
ESX/ESXi host either directly or through vCenter Server.
The command-line options are the same as for esxtop (except for the R option) with additional connection
options.
NOTE resxtop does not use all the options shared by other vSphere CLI commands.
Table A-1. resxtop Command-Line Options

Option Description
[server] Name of the remote host to connect to (required). If connecting directly to the ESX/
ESXi host, use the name of that host. If your connection to the ESX/ESXi host is indirect
(that is, through vCenter Server), use the name of the vCenter Server system for this
option.
[vihost] If you connect indirectly (through vCenter Server), this option should contain the
name of the ESX/ESXi host you connect to. If you connect directly to the ESX/ESXi
host, this option is not used.
[portnumber] Port number to connect to on the remote server. The default port is 443, and unless
this is changed on the server, this option is not needed.
[username] User name to be authenticated when connecting to the remote host. The remote server
prompts you for a password.
You can also use resxtop on a local ESX/ESXi host by omitting the server option on the command line and the
command defaults to localhost.
Using esxtop or resxtop in Interactive Mode

By default, resxtop and esxtop run in interactive mode. Interactive mode displays statistics in different panels.
A help menu is available for each panel.
Interactive Mode Command-Line Options

You can use various command-line options with esxtop and resxtop in interactive mode.
Table A-2 lists the command-line options available in interactive mode.
Table A-2. Interactive Mode Command-Line Options

Option Description
h Prints help for resxtop (or esxtop) command-line options.
v Prints resxtop (or esxtop) version number.
s Calls resxtop (or esxtop) in secure mode. In secure mode, the -d command, which specifies delay
between updates, is disabled.
d Specifies the delay between updates. The default is five seconds. The minimum is two seconds.
Change this with the interactive command s. If you specify a delay of less than two seconds, the
delay is set to two seconds.
n Number of iterations. Updates the display n times and exits.
server The name of the remote server host to connect to (required for resxtop only).
portnumber The port number to connect to on the remote server. The default port is 443, and unless this is
changed on the server, this option is not needed. (resxtop only)
username The user name to be authenticated when connecting to the remote host. The remote server prompts
you for a password, as well (resxtop only).
80 VMware, Inc.
Appendix A Performance Monitoring Utilities: resxtop and esxtop
Table A-2. Interactive Mode Command-Line Options (Continued)

Option Description
a Show all statistics. This option overrides configuration file setups and shows all statistics. The
configuration file can be the default ~/.esxtop4rc configuration file or a user-defined configuration
file.
c<filename> Load a user-defined configuration file. If the -c option is not used, the default configuration filename
is ~/.esxtop4rc. Create your own configuration file, specifying a different filename, using the W
single-key interactive command.
Common Statistics Description
Several statistics appear on the different panels while resxtop (or esxtop) is running in interactive mode. These
statistics are common across all four panels.
The Uptime line, found at the top of each of the four resxtop (or esxtop) panels, displays the current time, time
since last reboot, number of currently running worlds and load averages. A world is an ESX/ESXi VMkernel
schedulable entity, similar to a process or thread in other operating systems.
Below that the load averages over the past one, five, and fifteen minutes appear. Load averages take into
account both running and ready-to-run worlds. A load average of 1.00 means that there is full utilization of
all physical CPUs. A load average of 2.00 means that the ESX/ESXi system might need twice as many physical
CPUs as are currently available. Similarly, a load average of 0.50 means that the physical CPUs on the ESX/
ESXi system are half utilized.
Statistics Columns and Order Pages
You can define the order of fields displayed in interactive mode.
If you press f, F, o, or O, the system displays a page that specifies the field order on the top line and short
descriptions of the field contents. If the letter in the field string corresponding to a field is uppercase, the field
is displayed. An asterisk in front of the field description indicates whether a field is displayed.
The order of the fields corresponds to the order of the letters in the string.
From the Field Select panel, you can:

n Toggle the display of a field by pressing the corresponding letter.
n Move a field to the left by pressing the corresponding uppercase letter.
n Move a field to the right by pressing the corresponding lowercase letter.
Interactive Mode Single-Key Commands
When running in interactive mode, resxtop (or esxtop) recognizes several single-key commands.
All interactive mode panels recognize the commands listed in Table A-3. The command to specify the delay
between updates is disabled if the s option is given on the command line. All sorting interactive commands
sort in descending order.
Table A-3. Interactive Mode Single-Key Commands

Key Description
h or ? Displays a help menu for the current panel, giving a brief summary of commands, and the status of secure mode.
space Immediately updates the current panel.
^L Erases and redraws the current panel.
f or F Displays a panel for adding or removing statistics columns (fields) to or from the current panel.
o or O Displays a panel for changing the order of statistics columns on the current panel.
VMware, Inc. 81
Table A-3. Interactive Mode Single-Key Commands (Continued)

Key Description
# Prompts you for the number of statistics rows to display. Any value greater than 0 overrides automatic
determination of the number of rows to show, which is based on window size measurement. If you change this
number in one resxtop (or esxtop) panel, the change affects all four panels.
s Prompts you for the delay between updates, in seconds. Fractional values are recognized down to microseconds.
The default value is five seconds. The minimum value is two seconds. This command is not available in secure
mode.
W Write the current setup to an esxtop (or resxtop) configuration file. This is the recommended way to write a
configuration file. The default filename is the one specified by -c option, or ~/.esxtop4rc if the -c option is not
used. You can also specify a different filename on the prompt generated by this W command.
q Quit interactive mode.
c Switch to the CPU resource utilization panel.
m Switch to the memory resource utilization panel.
d Switch to the storage (disk) adapter resource utilization panel.
u Switch to storage (disk) device resource utilization screen.
v Switch to storage (disk) virtual machine resource utilization screen.
n Switch to the network resource utilization panel.
I Switch to the interrupt panel.
CPU Panel
The CPU panel displays server-wide statistics as well as statistics for individual world, resource pool, and
virtual machine CPU utilization.
Resource pools, running virtual machines, or other worlds are at times called groups. For worlds belonging
to a virtual machine, statistics for the running virtual machine are displayed. All other worlds are logically
aggregated into the resource pools that contain them.
Table A-4 discusses statistics displayed in this panel.
Table A-4. CPU Panel Statistics

Line Description
PCPU USED(%) A PCPU refers to a physical hardware execution context. This can be a physical CPU core if
hyperthreading is unavailable or disabled, or a logical CPU (LCPU or SMT thread) if hyperthreading
is enabled.
PCPU USED(%) displays:
n Percentage of CPU usage per PCPU
n percentage of CPU usage averaged over all PCPUs
CPU Usage (%USED) is the percentage of PCPU nominal frequency that was used since the last screen
update. It equals the total sum of %USED for Worlds that ran on this PCPU.
NOTE If a PCPU is running at frequency that is higher than its nominal (rated) frequency, then PCPU
USED(%) can be greater than 100%.
PCPU UTIL(%) A PCPU refers to a physical hardware execution context. This can be a physical CPU core if
hyperthreading is unavailable or disabled, or a logical CPU (LCPU or SMT thread) if hyperthreading
is enabled.
PCPU UTIL(%) represents the percentage of real time that the PCPU was not idle (raw PCPU
utilization) and it displays the percentage CPU utilization per PCPU, and the percentage CPU
utilization averaged over all PCPUs.
NOTE PCPU UTIL(%) might differ from PCPU USED(%) due to power management technologies or
hyperthreading.
82 VMware, Inc.
Table A-4. CPU Panel Statistics (Continued)

Line Description
CCPU(%) Percentages of total CPU time as reported by the ESX service console. This field is not displayed if you
are using ESXi.
n us — Percentage user time.
n sy — Percentage system time.
n id — Percentage idle time.
n wa — Percentage wait time.
n cs/sec — Context switches per second recorded by the service console.
ID Resource pool ID or virtual machine ID of the running world’s resource pool or virtual machine, or
world ID of running world.
GID Resource pool ID of the running world’s resource pool or virtual machine.
NAME Name of running world’s resource pool or virtual machine, or name of running world.
NWLD Number of members in running world’s resource pool or virtual machine. If a Group is expanded
using the interactive command e (see interactive commands), then NWLD for all the resulting worlds
is 1 (some resource pools like the console resource pool have only one member).
%STATE TIMES Set of CPU statistics made up of the following percentages. For a world, the percentages are a
percentage of one physical CPU core.
%USED Percentage of physical CPU core cycles used by the resource pool, virtual machine, or world. %USED
might depend on the frequency with which the CPU core is running. When running with lower CPU
core frequency, %USED can be smaller than %RUN. On CPUs which support turbo mode, CPU
frequency can also be higher than the nominal (rated) frequency, and %USED can be larger than
%RUN.
%SYS Percentage of time spent in the ESX/ESXi VMkernel on behalf of the resource pool, virtual machine,
or world to process interrupts and to perform other system activities. This time is part of the time used
to calculate %USED.
%WAIT Percentage of time the resource pool, virtual machine, or world spent in the blocked or busy wait state.
This percentage includes the percentage of time the resource pool, virtual machine, or world was idle.
%IDLE Percentage of time the resource pool, virtual machine, or world was idle. Subtract this percentage
from %WAIT to see the percentage of time the resource pool, virtual machine, or world was waiting
for some event. The difference, %WAIT- %IDLE, of the VCPU worlds can be used to estimate guest
I/O wait time. To find the VCPU worlds, use the single-key command e to expand a virtual machine
and search for the world NAME starting with "vcpu". (Note that the VCPU worlds might wait for
other events besides I/O events, so, this measurement is only an estimate.)
%RDY Percentage of time the resource pool, virtual machine, or world was ready to run, but was not be
provided CPU resources on which to execute.
%MLMTD (max Percentage of time the ESX/ESXi VMkernel deliberately did not run the resource pool, virtual machine,
limited) or world because doing so would violate the resource pool, virtual machine, or world's limit setting.
Because the resource pool, virtual machine, or world is ready to run when it is prevented from running
in this way, the %MLMTD (max limited) time is included in %RDY time.
%SWPWT Percentage of time a resource pool or world spends waiting for the ESX/ESXi VMkernel to swap
memory. The %SWPWT (swap wait) time is included in the %WAIT time.
EVENT COUNTS/s Set of CPU statistics made up of per second event rates. These statistics are for VMware internal use
only.
CPU ALLOC Set of CPU statistics made up of the following CPU allocation configuration parameters.
AMIN Resource pool, virtual machine, or world attribute Reservation.
AMAX Resource pool, virtual machine, or world attribute Limit. A value of -1 means unlimited.
ASHRS Resource pool, virtual machine, or world attribute Shares.
SUMMARY STATS Set of CPU statistics made up of the following CPU configuration parameters and statistics. These
statistics apply only to worlds and not to virtual machines or resource pools.
VMware, Inc. 83
Table A-4. CPU Panel Statistics (Continued)

Line Description
AFFINITY BIT Bit mask showing the current scheduling affinity for the world.
MASK
HTSHARING Current hyperthreading configuration.
CPU The physical or logical processor on which the world was running when resxtop (or esxtop) obtained
this information.
HTQ Indicates whether the world is currently quarantined or not. N means no and Y means yes.
TIMER/s Timer rate for this world.
%OVRLP Percentage of system time spent during scheduling of a resource pool, virtual machine, or world on
behalf of a different resource pool, virtual machine, or world while the resource pool, virtual machine,
or world was scheduled. This time is not included in %SYS. For example, if virtual machine A is
currently being scheduled and a network packet for virtual machine B is processed by the ESX/ESXi
VMkernel, the time spent appears as %OVRLP for virtual machine A and %SYS for virtual machine
B.
%RUN Percentage of total time scheduled. This time does not account for hyperthreading and system time.
On a hyperthreading enabled server, the %RUN can be twice as large as %USED.
%CSTP Percentage of time a resource pool spends in a ready, co-deschedule state.

(Note: you might see this statistic displayed, but it is intended for VMware use only).
You can change the display using single-key commands as discussed in Table A-5.
Table A-5. CPU Panel Single-Key Commands

Command Description
e Toggles whether CPU statistics are displayed expanded or unexpanded.

The expanded display includes CPU resource utilization statistics broken down by individual worlds
belonging to a resource pool or virtual machine. All percentages for the individual worlds are percentage
of a single physical CPU.
Consider these examples:
n If the %Used by a resource pool is 30% on a two-way server, the resource pool is utilizing 30 percent
of two physical CPUs.
n If the %Used by a world belonging to a resource pool is 30 percent on a two-way server, that world is
utilizing 30% of one physical CPU.
U Sorts resource pools, virtual machines, and worlds by the resource pool’s or virtual machine’s %Used
column.
R Sorts resource pools, virtual machines, and worlds by the resource pool’s or virtual machine’s %RDY
column.
N Sorts resource pools, virtual machines, and worlds by the GID column. This is the default sort order.
V Displays virtual machine instances only.
L Changes the displayed length of the NAME column.
Memory Panel
The Memory panel displays server-wide and group memory utilization statistics. As on the CPU panel, groups
correspond to resource pools, running virtual machines, or other worlds that are consuming memory.
The first line, found at the top of the Memory panel displays the current time, time since last reboot, number
of currently running worlds, and memory overcommitment averages. The memory overcommitment averages
over the past one, five, and fifteen minutes appear. Memory overcommitment of 1.00 means a memory
overcommit of 100 percent. See “Memory Overcommitment,” on page 24.
84 VMware, Inc.
Table A-6. Memory Panel Statistics

Field Description
PMEM (MB) Displays the machine memory statistics for the server. All numbers are in megabytes.
total Total amount of machine memory in the server.
cos Amount of machine memory allocated to the ESX service console.
vmk Amount of machine memory being used by the ESX/ESXi

VMkernel.
other Amount of machine memory being used by everything other than

the ESX service console and ESX/ESXi VMkernel.
free Amount of machine memory that is free.
VMKMEM (MB) Displays the machine memory statistics for the ESX/ESXi VMkernel. All numbers are in
megabytes.
managed Total amount of machine memory managed by the ESX/ESXi

VMkernel.
min free Minimum amount of machine memory that the ESX/ESXi

VMkernel aims to keep free.
rsvd Total amount of machine memory currently reserved by resource

pools.
ursvd Total amount of machine memory currently unreserved.
state Current machine memory availability state. Possible values are

high, soft, hard and low. High means that the machine memory is
not under any pressure and low means that it is.
COSMEM (MB) Displays the memory statistics as reported by the ESX service console. All numbers are in
megabytes. This field is not displayed if you are using ESXi.
free Amount of idle memory.
swap_t Total swap configured.
swap_f Amount of swap free.
r/s is Rate at which memory is swapped in from disk.
w/s Rate at which memory is swapped to disk.
NUMA (MB) Displays the ESX/ESXi NUMA statistics. This line appears only if the ESX/ESXi host is running
on a NUMA server. All numbers are in megabytes.
For each NUMA node in the server, two statistics are displayed:
n The total amount of machine memory in the NUMA node that is managed by ESX/ESXi.
n The amount of machine memory in the node that is currently free (in parentheses).
PSHARE (MB) Displays the ESX/ESXi page-sharing statistics. All numbers are in megabytes.
shared Amount of physical memory that is being shared.
common Amount of machine memory that is common across worlds.
saving Amount of machine memory that is saved because of page sharing.
VMware, Inc. 85
Table A-6. Memory Panel Statistics (Continued)

Field Description
SWAP (MB) Displays the ESX/ESXi swap usage statistics. All numbers are in megabytes.
curr Current swap usage.
target Where the ESX/ESXi system expects the swap usage to be.
r/s Rate at which memory is swapped in by the ESX/ESXi system from

disk.
w/s Rate at which memory is swapped to disk by the ESX/ESXi system.
MEMCTL (MB) Displays the memory balloon statistics. All numbers are in megabytes.
curr Total amount of physical memory reclaimed using the vmmemctl

module.
target Total amount of physical memory the ESX/ESXi host attempts to

reclaim using the vmmemctl module.
max Maximum amount of physical memory the ESX/ESXi host can

reclaim using the vmmemctl module.
AMIN Memory reservation for this resource pool or virtual machine.
AMAX Memory limit for this resource pool or virtual machine. A value of -1 means Unlimited.
ASHRS Memory shares for this resource pool or virtual machine.
NHN Current home node for the resource pool or virtual machine. This statistic is applicable only on
NUMA systems. If the virtual machine has no home node, a dash (-) is displayed.
NRMEM (MB) Current amount of remote memory allocated to the virtual machine or resource pool. This
statistic is applicable only on NUMA systems.
N% L Current percentage of memory allocated to the virtual machine or resource pool that is local.
MEMSZ (MB) Amount of physical memory allocated to a resource pool or virtual machine.
GRANT (MB) Amount of guest physical memory mapped to a resource pool or virtual machine. The
consumed host machine memory is equal to GRANT - SHRDSVD.
SZTGT (MB) Amount of machine memory the ESX/ESXi VMkernel wants to allocate to a resource pool or
virtual machine.
TCHD (MB) Working set estimate for the resource pool or virtual machine.
%ACTV Percentage of guest physical memory that is being referenced by the guest. This is an
instantaneous value.
%ACTVS Percentage of guest physical memory that is being referenced by the guest. This is a slow
moving average.
%ACTVF Percentage of guest physical memory that is being referenced by the guest. This is a fast moving
average.
%ACTVN Percentage of guest physical memory that is being referenced by the guest. This is an estimation.
(You might see this statistic displayed, but it is intended for VMware use only.)
MCTL? Memory balloon driver is installed or not. N means no, Y means yes.
MCTLSZ (MB) Amount of physical memory reclaimed from the resource pool by way of ballooning.
MCTLTGT (MB) Amount of physical memory the ESX/ESXi system attempts to reclaim from the resource pool
or virtual machine by way of ballooning.
MCTLMAX (MB) Maximum amount of physical memory the ESX/ESXi system can reclaim from the resource
pool or virtual machine by way of ballooning. This maximum depends on the guest operating
system type.
SWCUR (MB) Current swap usage by this resource pool or virtual machine.
86 VMware, Inc.
Table A-6. Memory Panel Statistics (Continued)

Field Description
SWTGT (MB) Target where the ESX/ESXi host expects the swap usage by the resource pool or virtual machine
to be.
SWR/s (MB) Rate at which the ESX/ESXi host swaps in memory from disk for the resource pool or virtual
machine.
SWW/s (MB) Rate at which the ESX/ESXi host swaps resource pool or virtual machine memory to disk.
CPTRD (MB) Amount of data read from checkpoint file.
CPTTGT (MB) Size of checkpoint file.
ZERO (MB) Resource pool or virtual machine physical pages that are zeroed.
SHRD (MB) Resource pool or virtual machine physical pages that are shared.
SHRDSVD (MB) Machine pages that are saved because of resource pool or virtual machine shared pages.
OVHD (MB) Current space overhead for resource pool.
OVHDMAX (MB) Maximum space overhead that might be incurred by resource pool or virtual machine.
OVHDUW (MB) Current space overhead for a user world. (You might see this statistic displayed, but it is
intended for VMware use only.)
GST_NDx (MB) Guest memory allocated for a resource pool on NUMA node x. This statistic is applicable on
NUMA systems only.
OVD_NDx (MB) VMM overhead memory allocated for a resource pool on NUMA node x. This statistic is
applicable on NUMA systems only.
Table A-7 displays the interactive commands you can use with the memory panel.
Table A-7. Memory Panel Interactive Commands

Command Description
M Sort resource pools or virtual machines by Group Mapped column.
B Sort resource pools or virtual machines by Group Memctl column.
N Sort resource pools or virtual machines by GID column. This is the default sort order.
V Display virtual machine instances only.
Storage Adapter Panel

Statistics in the Storage Adapter panel are aggregated per storage adapter by default. Statistics can also be
viewed per storage channel, target, or LUN.
The Storage Adapter panel displays the information shown in Table A-8.
Table A-8. Storage Adapter Panel Statistics

Column Description
ADAPTR Name of the storage adapter.
CID Storage adapter channel ID. This ID is visible only if the corresponding adapter is expanded. See the
interactive command e below.
TID Storage adapter channel target ID. This ID is visible only if the corresponding adapter and channel are
expanded. See the interactive commands e and a below.
LID Storage adapter channel target LUN ID. This ID is visible only if the corresponding adapter, channel
and target are expanded. See the interactive commands e, a, and t below.
NCHNS Number of channels.
VMware, Inc. 87
Table A-8. Storage Adapter Panel Statistics (Continued)

Column Description
NTGTS Number of targets.
NLUNS Number of LUNs.
NWDS Number of worlds.
BLKSZ Block size in bytes. This statistic is applicable only to LUNs.
AQLEN Storage adapter queue depth. Maximum number of ESX/ESXi VMkernel active commands that the
adapter driver is configured to support.
LQLEN LUN queue depth. Maximum number of ESX/ESXi VMkernel active commands that the LUN is allowed
to have.
%USD Percentage of queue depth (adapter, LUN or world) used by ESX/ESXi VMkernel active commands.
LOAD Ratio of ESX/ESXi VMkernel active commands plus ESX/ESXi VMkernel queued commands to queue
depth (adapter, LUN or world).
ACTV Number of commands in the ESX/ESXi VMkernel that are currently active.
QUED Number of commands in the ESX/ESXi VMkernel that are currently queued.
CMDS/s Number of commands issued per second.
READS/s Number of read commands issued per second.
WRITES/s Number of write commands issued per second.
MBREAD/s Megabytes read per second.
MBWRTN/s Megabytes written per second.
DAVG/cmd Average device latency per command, in milliseconds.
KAVG/cmd Average ESX/ESXi VMkernel latency per command, in milliseconds.
GAVG/cmd Average virtual machine operating system latency per command, in milliseconds.
DAVG/rd Average device read latency per read operation, in milliseconds.
KAVG/rd Average ESX/ESXi VMkernel read latency per read operation, in milliseconds.
GAVG/rd Average guest operating system read latency per read operation, in milliseconds.
DAVG/wr Average device write latency per write operation, in milliseconds.
KAVG/wr Average ESX/ESXi VMkernel write latency per write operation, in milliseconds.
GAVG/wr Average guest operating system write latency per write operation, in milliseconds.
QAVG/cmd Average queue latency per command, in milliseconds.
QAVG/rd Average queue latency per read operation, in milliseconds.
QAVG/wr Average queue latency per write operation, in milliseconds.
ABRTS/s Number of commands aborted per second.
RESETS/s Number of commands reset per second.
PAECMD/s The number of PAE (Physical Address Extension) commands per second.
PAECP/s The number of PAE copies per second.
SPLTCMD/s The number of split commands per second.
SPLTCP/s The number of split copies per second.
Table A-9 displays the interactive commands you can use with the storage adapter panel.
88 VMware, Inc.
Table A-9. Storage Adapter Panel Interactive Commands

Command Description
e Toggles whether storage adapter statistics are displayed expanded or unexpanded. Allows viewing
storage resource utilization statistics broken down by individual channels belonging to an expanded
storage adapter. You are prompted for the adapter name.
P Toggles whether storage adapter statistics are displayed expanded or unexpanded. Allows viewing
storage resource utilization statistics broken down by paths belonging to an expanded storage adapter.
Does not roll up to adapter statistics. You are prompted for the adapter name.
a Toggles whether storage channel statistics are displayed expanded or unexpanded. Allows viewing
storage resource utilization statistics broken down by individual targets belonging to an expanded
storage channel. You are prompted for the adapter name and the channel ID. The channel adapter needs
to be expanded before the channel itself can be expanded.
t Toggles whether storage target statistics are displayed in expanded or unexpanded mode. Allows
viewing storage resource utilization statistics broken down by individual paths belonging to an
expanded storage target. You are prompted for the adapter name, the channel ID, and the target ID. The
target channel and adapter must be expanded before the target itself can be expanded.
r Sorts by READS/s column.
w Sorts by WRITES/s column.
R Sorts by MBREAD/s read column.
T Sorts by MBWRTN/s written column.
N Sorts first by ADAPTR column, then by CID column within each ADAPTR, then by TID column within
each CID, then by LID column within each TID, and finally by WID column within each LID. This is the
default sort order.
Storage Device Panel

The storage device panel displays server-wide storage utilization statistics.
By default, the information is grouped per storage device. You can also group the statistics per path, per world,
or per partition.
Table A-10. Storage Device Panel Statistics

Column Description
DEVICE Name of the storage device.
PATH Path name. This name is visible only if the corresponding device is expanded to paths. See the interactive
command p below.
WORLD World ID. This ID is visible only if the corresponding device is expanded to worlds. See the interactive
command e below. The world statistics are per world per device.
PARTITION Partition ID. This ID is visible only if the corresponding device is expanded to partitions. See interactive
command t below.
NPH Number of paths.
NWD Number of worlds.
NPN Number of partitions.
SHARES Number of shares. This statistic is applicable only to worlds.
BLKSZ Block size in bytes.
NUMBLKS Number of blocks of the device.
DQLEN Storage device queue depth. This is the maximum number of ESX/ESXi VMkernel active commands that
the device is configured to support.
VMware, Inc. 89
Table A-10. Storage Device Panel Statistics (Continued)

Column Description
WQLEN World queue depth. This is the maximum number of ESX/ESXi VMkernel active commands that the
world is allowed to have. This is a per device maximum for the world. It is valid only if the corresponding
device is expanded to worlds.
ACTV Number of commands in the ESX/ESXi VMkernel that are currently active. This statistic is applicable
only to worlds and devices.
QUED Number of commands in the ESX/ESXi VMkernel that are currently queued. This statistic is applicable
%USD Percentage of the queue depth used by ESX/ESXi VMkernel active commands. This statistic is applicable
depth. This statistic is applicable only to worlds and devices.
DAVG/cmd Average device latency per command in milliseconds.
KAVG/cmd Average ESX/ESXi VMkernel latency per command in milliseconds.
GAVG/cmd Average guest operating system latency per command in milliseconds.
QAVG/cmd Average queue latency per command in milliseconds.
DAVG/rd Average device read latency per read operation in milliseconds.
KAVG/rd Average ESX/ESXi VMkernel read latency per read operation in milliseconds.
GAVG/rd Average guest operating system read latency per read operation in milliseconds.
QAVG/rd Average queue read latency per read operation in milliseconds.
DAVG/wr Average device write latency per write operation in milliseconds.
KAVG/wr Average ESX/ESXi VMkernel write latency per write operation in milliseconds.
GAVG/wr Average guest operating system write latency per write operation in milliseconds.
QAVG/wr Average queue write latency per write operation in milliseconds.
ABRTS/s Number of commands aborted per second.
RESETS/s Number of commands reset per second.
PAECMD/s Number of PAE commands per second. This statistic is applicable only to paths.
PAECP/s Number of PAE copies per second. This statistic is applicable only to paths.
SPLTCMD/s Number of split commands per second. This statistic is applicable only to paths.
SPLTCP/s Number of split copies per second. This statistic is applicable only to paths.
Table A-11 displays the interactive commands you can use with the storage device panel.
90 VMware, Inc.
Table A-11. Storage Device Panel Interactive Commands

Command Description
e Expand or roll up storage world statistics. This command allows you to view storage resource utilization
statistics separated by individual worlds belonging to an expanded storage device. You are prompted for
the device name. The statistics are per world per device.
p Expand or roll up storage path statistics. This command allows you to view storage resource utilization
statistics separated by individual paths belonging to an expanded storage device. You are prompted for
the device name.
t Expand or roll up storage partition statistics. This command allows you to view storage resource
utilization statistics separated by individual partitions belonging to an expanded storage device. You are
prompted for the device name.
r Sort by READS/s column.
w Sort by WRITES/s column.
R Sort by MBREAD/s column.
T Sort by MBWRTN column.
N Sort first by DEVICE column, then by PATH, WORLD, and PARTITION column. This is the default sort
order.
L Changes the displayed length of the DEVICE column.
Virtual Machine Storage Panel

This panel displays virtual machine-centric storage statistics.
By default, statistics are aggregated on a per-resource-pool basis. One virtual machine has one corresponding
resource pool, so the panel really displays statistics on a per-virtual-machine basis. You can also view statistics
on a per-world, or a per-world-per-device basis.
Table A-12. Virtual Machine Storage Panel Statistics

Column Description
ID Resource pool ID of the running world’s resource pool or the world ID of the running world.
GID Resource pool ID of running world’s resource pool.
NAME Name of running world’s resource pool or name of the running world.
Device Storage device name. This name is visible only if corresponding world is expanded to devices. See the
interactive command I below.
NWD Number of worlds.
NDV The number of devices. This number is valid only if the corresponding resource pool is expanded to
worlds
SHARES Number of shares. This statistic is only applicable to worlds. It is valid only if the corresponding resource
pool is expanded to worlds
BLKSZ Block size in bytes. It is valid only if the corresponding world is expanded to devices.
NUMBLKS Number of blocks of the device. It is valid only if the corresponding world is expanded to devices.
DQLEN Storage device queue depth. This is the maximum number of ESX/ESXi VMkernel active commands that
the device is configured to support. The displayed number is valid only if the corresponding world is
expanded to devices.
WQLEN World queue depth. This column displays the maximum number of ESX/ESXi VMkernel active
commands that the world is allowed to have. The number is valid only if the corresponding world is
expanded to devices. This is a per device maximum for the world.
ACTV Number of commands in the ESX/ESXi VMkernel that are currently active. This number is applicable
VMware, Inc. 91
Table A-12. Virtual Machine Storage Panel Statistics (Continued)

Column Description
QUED Number of commands in the ESX/ESXi VMkernel that are currently queued. This number is applicable
%USD Percentage of queue depth used by ESX/ESXi VMkernel active commands. This number is applicable
depth. This number is applicable only to worlds and devices.
DAVG/cmd Average device latency per command in milliseconds.
KAVG/cmd Average ESX/ESXi VMkernel latency per command in milliseconds.
GAVG/cmd Average guest operating system latency per command in milliseconds.
QAVG/cmd Average queue latency per command in milliseconds.
DAVG/rd Average device read latency per read operation in milliseconds.
KAVG/rd Average ESX/ESXi VMkernel read latency per read operation in milliseconds.
GAVG/rd Average guest operating system read latency per read operation in milliseconds.
QAVG/rd Average queue read latency per read operation in milliseconds.
DAVG/wr Average device write latency per write operation in milliseconds.
KAVG/wr Average ESX/ESXi VMkernel write latency per write operation in milliseconds.
GAVG/wr Average guest operating system write latency per write operation in milliseconds.
QAVG/wr Average queue write latency per write operation in milliseconds.
ABRTS/s Number of commands aborted per second in milliseconds.
RESETS/s Number of commands reset per second in milliseconds.
Table A-13 displays the interactive commands you can use with the virtual machine storage panel.
Table A-13. Virtual Machine Storage Panel Interactive Commands

Command Description
e Expand or roll up storage world statistics. Allows you to view storage resource utilization statistics
separated by individual worlds belonging to a group. You are prompted to enter the group ID. The
statistics are per world.
l Expand or roll up storage device, that is LUN, statistics. Allows you to view storage resource
utilization statistics separated by individual devices belonging to an expanded world. You are
prompted to enter the world ID.
V Display virtual machine instances only.
r Sort by READS/s column.
w Sort by WRITES/s column.
R Sort by MBREAD/s column.
T Sort by MBWRTN/s column.
92 VMware, Inc.
Table A-13. Virtual Machine Storage Panel Interactive Commands (Continued)

Command Description
N Sort first by virtual machine column, and then by WORLD column. This is the default sort order.
Network Panel
The Network panel displays server-wide network utilization statistics.
Statistics are arranged by port for each virtual network device configured. For physical network adapter
statistics, see the row corresponding to the port to which the physical network adapter is connected. For
statistics on a virtual network adapter configured in a particular virtual machine, see the row corresponding
to the port to which the virtual network adapter is connected.
Table A-14. Network Panel Statistics

Column Description
PORT-ID Virtual network device port ID.
UPLINK Y means the corresponding port is an uplink. N means it is not.
UP Y means the corresponding link is up. N means it is not.
SPEED Link speed in Megabits per second.
FDUPLX Y means the corresponding link is operating at full duplex. N means it is not.
USED-BY Virtual network device port user.
DTYP Virtual network device type. H means HUB and S means switch.
DNAME Virtual network device name.
PKTTX/s Number of packets transmitted per second.
PKTRX/s Number of packets received per second.
MbTX/s MegaBits transmitted per second.
MbRX/s MegaBits received per second.
%DRPTX Percentage of transmit packets dropped.
%DRPRX Percentage of receive packets dropped.
TEAM-PNIC Name of the physical NIC used for the team uplink.
Table A-15 displays the interactive commands you can use with the network panel.
Table A-15. Network Panel Interactive Commands

Command Description
T Sorts by Mb Tx column.
R Sorts by Mb Rx column.
t Sorts by Packets Tx column.
r Sorts by Packets Rx column.
N Sorts by PORT-ID column. This is the default sort order.
L Changes the displayed length of the DNAME column.
VMware, Inc. 93
Interrupt Panel
The interrupt panel displays information about the use of interrupt vectors.
Table A-16. Interrupt Panel Statistics

Column Description
VECTOR Interrupt vector ID.
COUNT/s Total number of interrupts per second. This value is cumulative of the count for every CPU.
COUNT_x Interrupts per second on CPU x.
TIME/int Average processing time per interrupt (in microseconds).
TIME_x Average processing time per interrupt on CPU x (in microseconds).
DEVICES Devices that use the interrupt vector. If the interrupt vector is not enabled for the device, its name is
enclosed in angle brackets (< and >).
Using Batch Mode

Batch mode allows you to collect and save resource utilization statistics in a file.
After you prepare for batch mode, you can use esxtop or resxtop in this mode.
Prepare for Batch Mode

To run in batch mode, you must first prepare for batch mode.
Procedure
1 Run resxtop (or esxtop) in interactive mode.
2 In each of the panels, select the columns you want.
3 Save this configuration to a file (by default ~/.esxtop4rc) using the W interactive command.
You can now use resxtop (or esxtop) in batch mode.
Use esxtop or resxtop in Batch Mode

After you have prepared for batch mode, you can use esxtop or resxtop in this mode.
Procedure
1 Start resxtop (or esxtop) to redirect the output to a file.
For example:
esxtop -b > my_file.csv
The filename must have a .csv extension. The utility does not enforce this, but the post-processing tools
require it.
2 Process statistics collected in batch mode using tools such as Microsoft Excel and Perfmon.
In batch mode, resxtop (or esxtop) does not accept interactive commands. In batch mode, the utility runs until
it produces the number of iterations requested (see command-line option n, below, for more details), or until
you end the process by pressing Ctrl+c.
Batch Mode Command-Line Options

You can use batch mode with command-line options.
The command-line options in Table A-17 are available in batch mode.
94 VMware, Inc.
Table A-17. Command-Line Options in Batch Mode

Option Description
configuration file can be the default ~/.esxtop4rc configuration file or a user-defined configuration
file.
b Runs resxtop (or esxtop) in batch mode.
c <filename> Load a user-defined configuration file. If the -c option is not used, the default configuration filename
is ~/.esxtop4rc. Create your own configuration file, specifying a different filename, using the W single-
key interactive command.
d Specifies the delay between statistics snapshots. The default is five seconds. The minimum is two
seconds. If a delay of less than two seconds is specified, the delay is set to two seconds.
n Number of iterations. resxtop (or esxtop) collects and saves statistics this number of times, and
then exits.
server The name of the remote server host to connect to (required, resxtop only).
portnumber The port number to connect to on the remote server. The default port is 443, and unless this is changed
on the server, this option is not needed. (resxtop only)
username The user name to be authenticated when connecting to the remote host. You are prompted by the
remote server for a password, as well (resxtop only).
Using Replay Mode

In replay mode, esxtop replays resource utilization statistics collected using vm-support.
After you prepare for replay mode, you can use esxtop in this mode. See the vm-support man page.
In replay mode, esxtop accepts the same set of interactive commands as in interactive mode and runs until no
more snapshots are collected by vm-support to be read or until the requested number of iterations are
completed.
Prepare for Replay Mode

To run in replay mode, you must prepare for replay mode.
Procedure
1 Run vm-support in snapshot mode on the ESX service console.
Use the following command.

vm-support -S -d duration -I interval
2 Unzip and untar the resulting tar file so that esxtop can use it in replay mode.
You can now use esxtop in replay mode.
Use esxtop in Replay Mode

You can use esxtop in replay mode.
You do not have to run replay mode on the ESX service console. Replay mode can be run to produce output
in the same style as batch mode (see the command-line option b, below).
Procedure
u To activate replay mode, enter the following at the command-line prompt.
esxtop -R <vm-support_dir_path>
VMware, Inc. 95
Replay Mode Command-Line Options

You can use replay mode with command-line options.
Table A-18 lists the command-line options available for esxtop replay mode.
Table A-18. Command-Line Options in Replay Mode

Option Description
R Path to the vm-support collected snapshot’s directory.

configuration file can be the default ~/.esxtop4rc configuration file or a user-defined
configuration file.
b Runs esxtop in Batch mode.
c<filename> Load a user-defined configuration file. If the -c option is not used, the default configuration
filename is ~/.esxtop4rc. Create your own configuration file and specify a different filename using
the W single-key interactive command.
d Specifies the delay between panel updates. The default is five seconds. The minimum is two
seconds. If a delay of less than two seconds is specified, the delay is set to two seconds.
n Number of iterations esxtop updates the display this number of times and then exits.
96 VMware, Inc.
Advanced Attributes B
You can set advanced attributes for hosts or individual virtual machines to help you customize resource
management.
In most cases, adjusting the basic resource allocation settings (reservation, limit, shares) or accepting default
settings results in appropriate resource allocation. However, you can use advanced attributes to customize
resource management for a host or a specific virtual machine.

n “Set Advanced Host Attributes,” on page 97
n “Set Advanced Virtual Machine Attributes,” on page 99
Set Advanced Host Attributes

You can set advanced attributes for a host.
CAUTION VMware recommends that only advanced users set advanced host attributes. In most cases, the
default settings produce the optimum result.
Procedure
1 In the vSphere Client inventory panel, select the host to customize.
3 In the Software menu, click Advanced Settings.
4 In the Advanced Settings dialog box select the appropriate item (for example, CPU or Memory), and scroll
in the right panel to find and change the attribute.
Advanced CPU Attributes

You can use the advanced CPU attributes to customize CPU resource usage.
Table B-1. Advanced CPU Attributes

CPU.MachineClearThreshold If you are using a host enabled for hyperthreading, set this value to 0 to disable
quarantining.
Power.CpuPolicy When you set this attribute to the default value of static, VMkernel does not
directly set CPU power management states and only responds to requests from
the BIOS. When you enable this policy (set to dynamic), VMkernel dynamically
selects appropriate power management states based on current usage. This can
save power without degrading performance. Enabling this option on systems that
do not support power management results in an error message.
VMware, Inc. 97
Advanced Memory Attributes

You can use the advanced memory attributes to customize memory resource usage.
Table B-2. Advanced Memory Attributes

Attribute Description Default
Mem.CtlMaxPercent Limits the maximum amount of memory reclaimed from any virtual 65
machine using vmmemctl, based on a percentage of its configured
memory size. Specify 0 to disable reclamation using vmmemctl for
all virtual machines.
Mem.ShareScanTime Specifies the time, in minutes, within which an entire virtual 60

machine is scanned for page sharing opportunities. Defaults to 60
minutes.
Mem.ShareScanGHz Specifies the maximum amount of memory pages to scan (per 4

second) for page sharing opportunities for each GHz of available
host CPU resource.
Defaults to 4 MB/sec per 1GHz.
Mem.IdleTax Specifies the idle memory tax rate, as a percentage. This tax 75
effectively charges virtual machines more for idle memory than for
memory they are actively using. A tax rate of 0 percent defines an
allocation policy that ignores working sets and allocates memory
strictly based on shares. A high tax rate results in an allocation policy
that allows idle memory to be reallocated away from virtual
machines that are unproductively hoarding it.
Mem.SamplePeriod Specifies the periodic time interval, measured in seconds of the 60

virtual machine’s execution time, over which memory activity is
monitored to estimate working set sizes.
Mem.BalancePeriod Specifies the periodic time interval, in seconds, for automatic 15

memory reallocations. Significant changes in the amount of free
memory also trigger reallocations.
Mem.AllocGuestLargePage Set this option to 1 to enable backing of guest large pages with host 1
large pages. Reduces TLB misses and improves performance in
server workloads that use guest large pages. 0=disable.
Mem.AllocUsePSharePool Set these options to 1 to reduce memory fragmentation. If host 1

and memory is fragmented, the availability of host large pages is
reduced. These options improve the probability of backing guest
Mem.AllocUseGuestPool
large pages with host large pages. 0 = disable.
LPage.LPageDefragEnable Set this option to 1 to enable large page defragmentation. 0 = disable. 1
LPage.LPageDefragRateVM Maximum number of large page defragmentation attempts per 2

second per virtual machine. Accepted values range from 1 to 1024.
LPage.LPageDefragRateTotal Maximum number of large page defragmentation attempts per 8

second. Accepted values range from 1 to 10240.
LPage.LPageAlwaysTryForNPT Set this option to 1 to enable always try to allocate large pages for 1
nested page tables (NPTs). 0= disable.
If you enable this option, all guest memory is backed with large
pages in machines that use nested page tables (for example, AMD
Barcelona). If NPT is not available, only some portion of guest
memory is backed with large pages.
98 VMware, Inc.
Appendix B Advanced Attributes
Advanced NUMA Attributes

You can use the advanced NUMA attributes to customize NUMA usage.
Table B-3. Advanced NUMA Attributes

Attribute Description Default
Numa.RebalanceEnable Set this option to 0 to disable all NUMA rebalancing and 1

initial placement of virtual machines, effectively disabling
the NUMA scheduling system.
Numa.PageMigEnable If you set this option to 0, the system does not automatically 1
migrate pages between nodes to improve memory locality.
Page migration rates set manually are still in effect.
Numa.AutoMemAffinity If you set this option to 0, the system does not automatically 1
set memory affinity for virtual machines with CPU affinity
set.
Numa.MigImbalanceThreshold The NUMA rebalancer computes the CPU imbalance 10

between nodes, accounting for the difference between each
virtual machine’s CPU time entitlement and its actual
consumption. This option controls the minimum load
imbalance between nodes needed to trigger a virtual
machine migration, in percent.
Numa.RebalancePeriod Controls the frequency of rebalance periods, specified in 2000

milliseconds. More frequent rebalancing can increase CPU
overheads, particularly on machines with a large number of
running virtual machines. More frequent rebalancing can
also improve fairness.
Numa.RebalanceCoresTotal Specifies the minimum number of total processor cores on 4

the host required to enable the NUMA rebalancer.
Numa.RebalanceCoresNode Specifies the minimum number of processor cores per node 2

required to enable the NUMA rebalancer.
This option and Numa.RebalanceCoresTotal are useful
when disabling NUMA rebalancing on small NUMA
configurations (for example, two-way Opteron hosts), where
the small number of total or per-node processors can
compromise scheduling fairness when you enable NUMA
rebalancing.
VMkernel.Boot.sharePerNode Controls whether memory pages can be shared (de- True (selected)
duplicated) only within a single NUMA node or across
multiple NUMA nodes.
Unlike the other NUMA options, this option appears under
"VMkernel" in the Advanced Settings dialog box. This is
because, unlike the other NUMA options shown here which
can be changed while the system is running,
VMkernel.Boot.sharePerNode is a boot-time option that only
takes effect after a reboot.
Set Advanced Virtual Machine Attributes

You can set advanced attributes for a virtual machine.
Procedure
1 Select the virtual machine in the vSphere Client inventory panel, and select Edit Settings from the right-
click menu.
2 Click Options and click Advanced > General.
VMware, Inc. 99
4 In the dialog box that appears, click Add Row to enter a new parameter and its value.
Advanced Virtual Machine Attributes

You can use the advanced virtual machine attributes to customize virtual machine configuration.
Table B-4. Advanced Virtual Machine Attributes

sched.mem.maxmemctl Maximum amount of memory reclaimed from the selected virtual machine by
ballooning, in megabytes (MB). If the ESX/ESXi host needs to reclaim additional
memory, it is forced to swap. Swapping is less desirable than ballooning.
sched.mem.pshare.enable Enables memory sharing for a selected virtual machine.

This boolean value defaults to True. If you set it to False for a virtual machine, this
turns off memory sharing.
sched.swap.persist Specifies whether the virtual machine’s swap files should persist or be deleted when
the virtual machine is powered off. By default, the system creates the swap file for a
virtual machine when the virtual machine is powered on, and deletes the swap file
when the virtual machine is powered off.
sched.swap.dir VMFS directory location of the virtual machine's swap file. Defaults to the virtual
machine's working directory, that is, the VMFS directory that contains its configuration
file. This directory must remain on a host that is accessible to the virtual machine. If
you move the virtual machine (or any clones created from it), you might need to reset
this attribute.
100 VMware, Inc.

Index
A D
admission control DPM
CPU 21 and admission control 14
resource pools 39 automation level 63
with expandable resource pools 40 enabling 62
advanced attributes Last Time Exited Standby 63
CPU 97 monitoring 64
hosts 97 overrides 63
memory 98 threshold 63
NUMA 99 DRS
virtual machines 99 disabling 50
alarms 64 fully automated 48
AMD Opteron-based systems 47, 71, 74, 99 group power on 44
applications information 66
CPU-bound 16 initial placement 43, 44
single-threaded 16 load balancing 43
automation modes, virtual machines 49 manual 48
migration 43
B migration recommendations 46
ballooning, memory 29
partially automated 48
Baseboard Management Controller (BMC) 61
single virtual machine power on 44
batch mode
virtual machine migration 45
command-line options 94
VMotion network 47
preparing for 94
DRS actions, history 67
DRS Cluster Summary tab 65
C
CPU DRS clusters
admission control 21 adding managed hosts 53
advanced attributes 97 adding unmanaged hosts 54
managing allocation 15, 16 as resource providers 7
overcommitment 15 creating 48
CPU affinity general information 65
hyperthreading 18 managing resources with 51
NUMA nodes 76 prerequisites 47
potential issues 21 processor compatibility 47
CPU panel shared storage 47
esxtop 82
shared VMFS volume 47
resxtop 82
validity 56
CPU power efficiency 22
viewing information 65
CPU virtualization
DRS faults 67
hardware-assisted 16
DRS migration threshold 46
software-based 15
DRS recommendations
CPU-bound applications 16
priority 67
CPU.MachineClearThreshold 20, 97
reasons 67
custom automation mode 49
DRS Resource Distribution Chart 66
VMware, Inc. 101

DRS rules host-local swap

creating 52 DRS cluster 31
deleting 53 standalone host 31
disabling 52 hosts
editing 52 adding to DRS clusters 53, 54
DRS tab advanced attributes 97
Faults page 68 as resource providers 7
History page 69 entering maintenance mode 55
Recommendations page 67 removing from a DRS cluster 55
using 67 hyperthreading
DRS Troubleshooting Guide 68 and ESX/ESXi 18
dual-processor virtual machine 15 core sharing modes 19
dynamic load balancing, NUMA 73 CPU affinity 18
Dynamic Voltage and Frequency Scaling CPU.MachineClearThreshold 20
(DVFS) 22 disabling 17
disabling quarantining 97
E enabling 19
Enhanced VMotion Compatibility (EVC) 16, 47, performance implications 18
48, 65 quarantining 20
entering maintenance mode 55 server configuration for 19
ESX/ESXi hyperthreading modes 19
memory allocation 28
memory reclamation 29 I
esxtop IBM Enterprise X-Architecture 74
batch mode 94
idle memory tax 29
common statistics description 81
iLO, configuring 61
CPU panel 82 initial placement, NUMA 73
interactive mode 80 Intelligent Platform Management Interface (IPMI),
interactive mode command-line options 80 configuring 61
interactive mode single-key commands 81 invalid DRS clusters 59
interrupt panel 94
memory panel 84 L
network panel 93 Last Time Exited Standby 63
order pages 81 limit 10
performance monitoring 79 load balancing, virtual machines 45
replay mode 95 logical processors 17
statistics column 81 LPage.LPageAlwaysTryForNPT 98
storage adapter panel 87 LPage.LPageDefragEnable 98
storage device panel 89 LPage.LPageDefragRateTotal 98
virtual machine storage panel 91 LPage.LPageDefragRateVM 98
Exit Standby Error 64
expandable reservations, example 40 M
maintenance mode, entering 55
F manual DRS 48
fully automated DRS 48 Mem.AllocGuestLargePage 98
Mem.AllocUseGuestPool 98
G Mem.AllocUsePSharePool 98
grafted, resource pool 53, 54 Mem.BalancePeriod 98
group power on 44 Mem.CtlMaxPercent 98
Mem.IdleTax 29, 98
H Mem.SamplePeriod 28, 98
home nodes, NUMA 73 Mem.ShareScanGHz 32, 98
Mem.ShareScanTime 32, 98
102 VMware, Inc.

Index
memory P
advanced attributes 98 page migration, NUMA 73
balloon driver 29 parent resource pool 35
managing allocation 23, 26 partially automated DRS 48
overcommitment 24, 31 performance, CPU-bound applications 16
overhead 23 performance monitoring 79
overhead, understanding 27 physical memory usage 27
reclaiming unused 29 physical processors 17
service console 23 power on, single virtual machine 44
sharing 24 Power.CpuPolicy 22, 97
sharing across virtual machines 32 processor-specific behavior 16
virtual machines 29
virtualization 23 Q
memory affinity, NUMA nodes 76 quarantining, hyperthreading 20
memory idle tax 29
memory usage 33 R
memory virtualization red DRS clusters 59
hardware-assisted 25 replay mode
software-based 25 command-line options 96
migration recommendations 46 preparing for 95
monitoring software 64 reservation 10
multicore processors 17 resource allocation settings
changing 11
N limit 10
NUMA reservation 10
advanced attributes 99 shares 9
AMD Opteron-based systems 74 suggestions 10
CPU affinity 76 resource consumers 8
description 71 resource management
dynamic load balancing 73 customizing 97
home nodes 73 defined 7
home nodes and initial placement 73 goals 8
IBM Enterprise X-Architecture 74 information 11
manual controls 75 resource pools
memory page sharing 73 adding virtual machines 38
optimization algorithms 73 admission control 39
page migration 73 advantages 36
scheduling 72 attributes 37
supported architectures 74 changing attributes of 38
transparent page sharing 73 creating 37, 38
Numa.AutoMemAffinity 99 grafted 53, 54
Numa.MigImbalanceThreshold 99 parent 35
Numa.PageMigEnable 99 removing virtual machines 39
Numa.RebalanceCoresNode 99 root resource pool 35
Numa.RebalanceCoresTotal 99 siblings 35
Numa.RebalanceEnable 99 resource providers 7
Numa.RebalancePeriod 99 resource types 7
resxtop
O batch mode 94
Opteron 74 common statistics description 81
overcommitted DRS clusters 58 CPU panel 82
overhead memory 23 interactive mode 80
VMware, Inc. 103

interactive mode command-line options 80 vCenter Server events 64

interactive mode single-key commands 81 virtual machine affinity 51
interrupt panel 94 virtual machine anti-affinity 51
memory panel 84 Virtual Machine File System (VMFS) 47, 100
network panel 93 virtual machines
options 79 adding to DRS clusters 54
order pages 81 adding to resource pools 38
performance monitoring 79 advanced attributes 99
statistics column 81 as resource consumers 8
storage adapter panel 87 assigning to a specific processor 21
storage device panel 89 automation modes 49
virtual machine storage panel 91 configuration file 47
root resource pool 35 memory 23, 29
migration 45
S monitor 25
sched.mem.maxmemctl 29, 100 number of virtual processors 16
sched.mem.pshare.enable 100 overhead memory 28
sched.swap.dir 100 removing from a DRS cluster 56
sched.swap.persist 100 removing from resource pools 39
server configuration for hyperthreading 19 sharing memory across 32
service console, memory use 23 vMA 79
shares 9 VMFS (Virtual Machine File System) 47, 100
sharing memory 24 VMkernel.Boot.sharePerNode 73, 99
siblings 35 VMM 23, 25
single virtual machine power on 44 vmmemctl
single-processor virtual machine 15 Mem.CtlMaxPercent 98
single-threaded applications 16 sched.mem.maxmemctl 100
SMP virtual machines 16 VMware HA 11, 48, 51, 55, 65
standby mode, Last Time Exited Standby 63 vSphere CLI 79
statistics, esxtop 81 vSphere Client 11, 13, 17, 27, 65, 67
statistics, resxtop 81 vSphere Management Assistant 79
swap file vSphere SDK 17
deleting 32
location 31 W
using 30 wake protocols 60
swap space 31 Wake-on-LAN (WOL), testing 62
System Resource Allocation Table (SRAT) 72 working set size 28
V Y
valid DRS clusters 57 yellow DRS clusters 58
104 VMware, Inc.

vSphere Availability Guide
ESX 4.0
ESXi 4.0
vCenter Server 4.0
EN-000108-00
©
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About This Book 5
1 Business Continuity and Minimizing Downtime 7

Reducing Planned Downtime 7
Preventing Unplanned Downtime 8
VMware HA Provides Rapid Recovery from Outages 8
VMware Fault Tolerance Provides Continuous Availability 9
2 Creating and Using VMware HA Clusters 11

How VMware HA Works 11
VMware HA Admission Control 13
Creating a VMware HA Cluster 19
Customizing VMware HA Behavior 24
Best Practices for VMware HA Clusters 26
3 Providing Fault Tolerance for Virtual Machines 29

How Fault Tolerance Works 29
Fault Tolerance Use Cases 30
Fault Tolerance Configuration Requirements 31
Fault Tolerance Interoperability 32
Preparing Your Cluster and Hosts for Fault Tolerance 33
Turning On Fault Tolerance for Virtual Machines 35
Viewing Information About Fault Tolerant Virtual Machines 37
Fault Tolerance Best Practices 38
VMware Fault Tolerance Configuration Recommendations 39
Troubleshooting Fault Tolerance 39
Appendix: Fault Tolerance Error Messages 43
Index 49
VMware, Inc. 3
4 VMware, Inc.
About This Book
The vSphere Availability Guide contains information about using solutions that provide business continuity,
®
including how to establish VMware High Availability (HA) and VMware Fault Tolerance.
Intended Audience
This book is for anyone who wants to provide business continuity through the VMware High Availability and
Fault Tolerance solutions. The information in this book is for experienced Windows or Linux system
administrators who are familiar with virtual machine technology and datacenter operations.
Document Feedback
®
® ®
set. The vSphere Availability Guide covers ESX , ESXi, and vCenter Server.


VMware, Inc. 5
6 VMware, Inc.
Business Continuity and Minimizing
Downtime 1
Downtime, whether planned or unplanned, brings with it considerable costs. However, solutions to ensure
higher levels of availability have traditionally been costly, hard to implement, and difficult to manage.
VMware software makes it simpler and less expensive to provide higher levels of availability for important
applications. With vSphere, organizations can easily increase the baseline level of availability provided for all
applications as well as provide higher levels of availability more easily and cost effectively. With vSphere, you
can:
n Provide higher availability independent of hardware, operating system, and applications.
n Eliminate planned downtime for common maintenance operations.
n Provide automatic restart in cases of failure.
vSphere makes it possible to reduce planned downtime, prevent unplanned downtime, and recover rapidly
from outages.

n “Reducing Planned Downtime,” on page 7
n “Preventing Unplanned Downtime,” on page 8
n “VMware HA Provides Rapid Recovery from Outages,” on page 8
n “VMware Fault Tolerance Provides Continuous Availability,” on page 9
Reducing Planned Downtime

Planned downtime typically accounts for over 80% of datacenter downtime. Hardware maintenance, server
migration, and firmware updates all require downtime for physical servers. To minimize the impact of this
downtime, organizations are forced to delay maintenance until inconvenient and difficult-to-schedule
downtime windows.
vSphere makes it possible for organizations to dramatically reduce planned downtime. Because workloads in
a vSphere environment can be dynamically moved to different physical servers without downtime or service
interruption, server maintenance can be performed without requiring application and service downtime. With
vSphere organizations can:
n Eliminate downtime for common maintenance operations.
n Eliminate planned maintenance windows.
n Perform maintenance at any time without disrupting users and services.
VMware, Inc. 7
®
The VMotion and Storage VMotion functionality in vSphere makes it possible for organizations to
dramatically reduce planned downtime because workloads in a VMware environment can be dynamically
moved to different physical servers or to different underlying storage without service interruption.
Administrators can perform faster and completely transparent maintenance operations, without being forced
to schedule inconvenient maintenance windows.
Preventing Unplanned Downtime

While an ESX/ESXi host provides a robust platform for running applications, an organization must also protect
itself from unplanned downtime caused from hardware or application failures. vSphere builds important
capabilities into datacenter infrastructure that can help you prevent unplanned downtime.
These vSphere capabilities are part of virtual infrastructure and are transparent to the operating system and
applications running in virtual machines. These features can be configured and utilized by all the virtual
machines on a physical system, reducing the cost and complexity of providing higher availability. Key fault-
tolerance capabilities are built into vSphere:
n Shared storage. Eliminate single points of failure by storing virtual machine files on shared storage, such
as Fibre Channel or iSCSI SAN, or NAS. The use of SAN mirroring and replication features can be used
to keep updated copies of virtual disk at disaster recovery sites.
n Network interface teaming. Provide tolerance of individual network card failures.
n Storage multipathing. Tolerate storage path failures.
In addition to these capabilities, the VMware HA and Fault Tolerance features can minimize or eliminate
unplanned downtime by providing rapid recovery from outages and continuous availability, respectively.
VMware HA Provides Rapid Recovery from Outages

VMware HA leverages multiple ESX/ESXi hosts configured as a cluster to provide rapid recovery from outages
and cost-effective high availability for applications running in virtual machines.
VMware HA protects application availability in two ways:

n It protects against a server failure by automatically restarting the virtual machines on other hosts within
the cluster.
n It protects against application failure by continuously monitoring a virtual machine and resetting it in the
event that a failure is detected.
Unlike other clustering solutions, VMware HA provides the infrastructure to protect all workloads with the
infrastructure:
n No special software needs to be installed within the application or virtual machine. All workloads are
protected by VMware HA. After VMware HA is configured, no actions are required to protect new virtual
machines. They are automatically protected.
n VMware HA can be combined with VMware Distributed Resource Scheduler (DRS) not only to protect
against failures but also to provide load balancing across the hosts within a cluster.
8 VMware, Inc.
Chapter 1 Business Continuity and Minimizing Downtime
VMware HA has a number of advantages over traditional failover solutions:
Minimal setup After a VMware HA cluster is set up, all virtual machines in the cluster get
failover support without additional configuration.
Reduced hardware cost The virtual machine acts as a portable container for the applications and it can
and setup be moved among hosts. Administrators avoid duplicate configurations on
multiple machines. When you use VMware HA, you must have sufficient
resources to fail over the number of hosts you want to protect with VMware
HA. However, the vCenter Server system automatically manages resources
and configures clusters.
Increased application Any application running inside a virtual machine has access to increased
availability availability. Because the virtual machine can recover from hardware failure, all
applications that start at boot have increased availability without increased
computing needs, even if the application is not itself a clustered application.
By monitoring and responding to VMware Tools heartbeats and resetting non-
responsive virtual machines, it also protects against guest operating system
crashes.
DRS and VMotion If a host fails and virtual machines are restarted on other hosts, DRS can provide
integration migration recommendations or migrate virtual machines for balanced resource
allocation. If one or both of the source and destination hosts of a migration fail,
VMware HA can help recover from that failure.
VMware Fault Tolerance Provides Continuous Availability

VMware HA provides a base level of protection for your virtual machines by restarting virtual machines in
the event of a host failure. VMware Fault Tolerance provides a higher level of availability, allowing users to
protect any virtual machine from a host failure with no loss of data, transactions, or connections.
Fault Tolerance uses the VMware vLockstep technology on the ESX/ESXi host platform to provide continuous
availability. This is done by ensuring that the states of the Primary and Secondary VMs are identical at any
point in the instruction execution of the virtual machine. vLockstep accomplishes this by having the Primary
and Secondary VMs execute identical sequences of x86 instructions. The Primary VM captures all inputs and
events -- from the processor to virtual I/O devices -- and replays them on the Secondary VM. The Secondary
VM executes the same series of instructions as the Primary VM, while only a single virtual machine image (the
Primary VM) is seen executing the workload.
If either the host running the Primary VM or the host running the Secondary VM fails, a transparent failover
occurs whereby the host that is still functioning seamlessly becomes the host of the Primary VM. With
transparent failover, there is no data loss and network connections are maintained. After a transparent failover
occurs, a new Secondary VM is automatically respawned and redundancy is re-established. The entire process
is transparent and fully automated and occurs even if vCenter Server is unavailable.
VMware, Inc. 9
Figure 1-1. Primary VM and Secondary VM in Fault Tolerance Pair

primary secondary
applications applications
guest operating guest operating

system system
logging traffic
VMware VMware
client
RECORD REPLAY
Nondeterministic events Nondeterministic events
• Input (network, user), • Result = repeatable
asynchronous I/O (disk, virtual machine execution
devices) CPU timer
events
10 VMware, Inc.
Creating and Using VMware HA
Clusters 2
VMware HA clusters enable a collection of ESX/ESXi hosts to work together so that, as a group, they provide
higher levels of availability for virtual machines than each ESX/ESXi host could provide individually. When
you plan the creation and usage of a new VMware HA cluster, the options you select affect the way that cluster
responds to failures of hosts or virtual machines.
Before creating a VMware HA cluster, you should be aware of how VMware HA identifies host failures and
isolation and responds to these situations. You also should know how admission control works so that you
can choose the policy that best fits your failover needs. After a cluster has been established, you can customize
its behavior with advanced attributes and optimize its performance by following recommended best practices.

n “How VMware HA Works,” on page 11
n “VMware HA Admission Control,” on page 13
n “Creating a VMware HA Cluster,” on page 19
n “Customizing VMware HA Behavior,” on page 24
n “Best Practices for VMware HA Clusters,” on page 26
How VMware HA Works

VMware HA provides high availability for virtual machines by pooling them and the hosts they reside on into
a cluster. Hosts in the cluster are monitored and in the event of a failure, the virtual machines on a failed host
are restarted on alternate hosts.
Primary and Secondary Hosts in a VMware HA Cluster

When you add a host to a VMware HA cluster, an agent is uploaded to the host and configured to communicate
with other agents in the cluster. The first five hosts added to the cluster are designated as primary hosts, and
all subsequent hosts are designated as secondary hosts. The primary hosts maintain and replicate all cluster
state and are used to initiate failover actions. If a primary host is removed from the cluster, VMware HA
promotes another host to primary status.
Any host that joins the cluster must communicate with an existing primary host to complete its configuration
(except when you are adding the first host to the cluster). At least one primary host must be functional for
VMware HA to operate correctly. If all primary hosts are unavailable (not responding), no hosts can be
successfully configured for VMware HA.
VMware, Inc. 11
One of the primary hosts is also designated as the active primary host and its responsibilities include:
n Deciding where to restart virtual machines.
n Keeping track of failed restart attempts.
n Determining when it is appropriate to keep trying to restart a virtual machine.
If the active primary host fails, another primary host replaces it.
Failure Detection and Host Network Isolation

Agents communicate with each other and monitor the liveness of the hosts in the cluster. This is done through
the exchange of heartbeats, by default, every second. If a 15-second period elapses without the receipt of
heartbeats from a host, and the host cannot be pinged, it is declared as failed. In the event of a host failure, the
virtual machines running on that host are failed over, that is, restarted on the alternate hosts with the most
available unreserved capacity (CPU and memory.)
NOTE In the event of a host failure, VMware HA does not fail over any virtual machines to a host that is in
maintenance mode, because such a host is not considered when VMware HA computes the current failover
level. When a host exits maintenance mode, the VMware HA service is reenabled on that host, so it becomes
available for failover again.
Host network isolation occurs when a host is still running, but it can no longer communicate with other hosts
in the cluster. With default settings, if a host stops receiving heartbeats from all other hosts in the cluster for
more than 12 seconds, it attempts to ping its isolation addresses. If this also fails, the host declares itself as
isolated from the network.
When the isolated host's network connection is not restored for 15 seconds or longer, the other hosts in the
cluster treat it as failed and attempt to fail over its virtual machines. However, when an isolated host retains
access to the shared storage it also retains the disk lock on virtual machine files. To avoid potential data
corruption, VMFS disk locking prevents simultaneous write operations to the virtual machine disk files and
attempts to fail over the isolated host's virtual machines fail. By default, the isolated host leaves its virtual
machines powered on, but you can change the host isolation response to Shut Down VM or Power Off VM. See
“Virtual Machine Options,” on page 22.
NOTE If you ensure that your network infrastructure is sufficiently redundant and that at least one network
path is available at all times, host network isolation should be a rare occurrence.
Using VMware HA and DRS Together

Using VMware HA in conjunction with Distributed Resource Scheduler (DRS) combines automatic failover
with load balancing. This combination can result in faster rebalancing of virtual machines after VMware HA
has moved virtual machines to different hosts.
When VMware HA performs failover and restarts virtual machines on different hosts, its first priority is the
immediate availability of all virtual machines. After the virtual machines have been restarted, those hosts on
which they were powered on might be heavily loaded, while other hosts are comparatively lightly loaded.
VMware HA uses the CPU and memory reservation to determine failover, while the actual usage might be
higher.
In a cluster using DRS and VMware HA with admission control turned on, virtual machines might not be
evacuated from hosts entering maintenance mode. This is because of the resources reserved to maintain the
failover level. You must manually migrate the virtual machines off of the hosts using VMotion.
12 VMware, Inc.
Chapter 2 Creating and Using VMware HA Clusters
When VMware HA admission control is disabled, failover resource constraints are not passed on to DRS and
VMware Distributed Power Management (DPM). The constraints are not enforced.
n DRS does evacuate virtual machines from hosts and place the hosts in maintenance mode or standby mode
regardless of the impact this might have on failover requirements.
n VMware DPM does power off hosts (place them in standby mode) even if doing so violates failover
requirements.
For more information about DRS, see Resource Management Guide.
VMware HA Admission Control

vCenter Server uses admission control to ensure that sufficient resources are available in a cluster to provide
failover protection and to ensure that virtual machine resource reservations are respected.
Including VMware HA, there are three types of admission control.
Host Ensures that a host has sufficient resources to satisfy the reservations of all
virtual machines running on it.
Resource pool Ensures that a resource pool has sufficient resources to satisfy the reservations,
shares, and limits of all virtual machines associated with it.
VMware HA Ensures that sufficient resources in the cluster are reserved for virtual machine
recovery in the event of host failure.
Admission control imposes constraints on resource usage and any action that would violate these constraints
is not permitted. Examples of actions that could be disallowed include:
n Powering on a virtual machine.
n Migrating a virtual machine onto a host or into a cluster or resource pool.
n Increasing the CPU or memory reservation of a virtual machine.
Of the three types of admission control, only VMware HA admission control can be disabled. However, without
it there is no assurance that all virtual machines in the cluster can be restarted after a host failure. VMware
recommends that you do not disable admission control, but you might need to do so temporarily, for the
following reasons:
n If you need to violate the failover constraints when there are not enough resources to support them (for
example, if you are placing hosts in standby mode to test them for use with DPM).
n If an automated process needs to take actions that might temporarily violate the failover constraints (for
example, as part of an upgrade directed by VMware Update Manager).
n If you need to perform testing or maintenance operations.
Host Failures Cluster Tolerates

You can configure VMware HA to tolerate a specified number of host failures. With the Host Failures Cluster
Tolerates admission control policy, VMware HA ensures that a specified number of hosts can fail and sufficient
resources remain in the cluster to fail over all the virtual machines from those hosts.
With the Host Failures Cluster Tolerates policy, VMware HA performs admission control in the following way:
1 Calculates the slot size.
A slot is a logical representation of the memory and CPU resources that satisfy the requirements for any
powered-on virtual machine in the cluster.
2 Determines how many slots each host in the cluster can hold.
VMware, Inc. 13
3 Determines the Current Failover Capacity of the cluster.
This is the number of hosts that can fail and still leave enough slots to satisfy all of the powered-on virtual
machines.
4 Determines whether the Current Failover Capacity is less than the Configured Failover Capacity (provided
by the user).
If it is, admission control disallows the operation.
NOTE The maximum Configured Failover Capacity that you can set is four. Each cluster has up to five primary
hosts and if all fail simultaneously, failover of all hosts might not be successful.
Slot Size Calculation

Slot size is comprised of two components, CPU and memory. VMware HA calculates these values.
n The CPU component by obtaining the CPU reservation of each powered-on virtual machine and selecting
the largest value. If you have not specified a CPU reservation for a virtual machine, it is assigned a default
value of 256 MHz (this value can be changed using the das.vmCpuMinMHz advanced attribute.)
n The memory component by obtaining the memory reservation (plus memory overhead) of each powered-
on virtual machine and selecting the largest value.
If your cluster contains any virtual machines that have much larger reservations than the others, they will
distort slot size calculation. To avoid this, you can specify an upper bound for the CPU or memory component
of the slot size by using the das.slotCpuInMHz or das.slotMemInMB advanced attributes, respectively.
When using these advanced attributes, there is a risk of resource fragmentation where virtual machines larger
than the slot size are assigned multiple slots. In a cluster that is close to capacity, there might be enough slots
in aggregate for a virtual machine to be failed over. However, those slots could be located on multiple hosts
and are unusable by a virtual machine assigned multiple slots because a virtual machine can run on only a
single ESX/ESXi host at a time.
Using Slots to Compute the Current Failover Capacity

After the slot size is calculated, VMware HA determines each host's CPU and memory resources that are
available for virtual machines. These amounts are those contained in the host's root resource pool, not the total
physical resources of the host. Resources being used for virtualization purposes are not included. Only hosts
that are connected, not in maintenance mode, and have no VMware HA errors are considered.
The maximum number of slots that each host can support is then determined. To do this, the host’s CPU
resource amount is divided by the CPU component of the slot size and the result is rounded down. The same
calculation is made for the host's memory resource amount. These two numbers are compared and the lower
is the number of slots that the host can support.
The Current Failover Capacity is computed by determining how many hosts (starting from the largest) can fail
and still leave enough slots to satisfy the requirements of all powered-on virtual machines.
Advanced Runtime Info

When you select the Host Failures Cluster Tolerates admission control policy, the Advanced Runtime Info
link appears in the VMware HA section of the cluster's Summary tab in the vSphere Client. Click this link to
display the following information about the cluster:
n Slot size.
n Total slots in cluster. The sum of the slots supported by the good hosts in the cluster.
n Used slots. The number of slots assigned to powered-on virtual machines. It can be more than the number
of powered-on virtual machines if you have defined an upper bound for the slot size using the advanced
options.
14 VMware, Inc.
n Available slots. The number of slots available to power on additional virtual machines in the cluster.
VMware HA automatically reserves the required number of slots for failover. The remaining slots are
available to power on new virtual machines.
n Total powered on VMs in cluster.
n Total hosts in cluster.
n Total good hosts in cluster. The number of hosts that are connected, not in maintenance mode, and have
no VMware HA errors.
VMware, Inc. 15
Example 2-1. Admission Control Using Host Failures Cluster Tolerates Policy
The way that slot size is calculated and utilized with this admission control policy can be shown with an
example. Make the following assumptions about a cluster:
n The cluster is comprised of three hosts, each with a different amount of available CPU and memory
resources. The first host (H1) has 9GHz of available CPU resources and 9GB of available memory, while
Host 2 (H2) has 9GHz and 6GB and Host 3 (H3) has 6GHz and 6GB.
n There are five powered-on virtual machines in the cluster with differing CPU and memory requirements.
VM1 needs 2GHz of CPU resources and 1GB of memory, while VM2 needs 2GHz and 1GB, VM3 needs
1GHz and 2GB, VM4 needs 1GHz and 1GB, and VM5 needs 1GHz and 1GB.
n The Host Failures Cluster Tolerates is set to one.
Figure 2-1. Admission Control Example with Host Failures Cluster Tolerates Policy
VM1 VM2 VM3 VM4 VM5
2GHz 2GHz 1GHz 1GHz 1GHz
1GB 1GB 2GB 1GB 1GB
slot size
2GHz, 2GB
H1 H2 H3
9GHz 9GHz 6GHz
9GB 6GB 6GB
4 slots 3 slots 3 slots
6 slots remaining
if H1 fails
1 Slot size is calculated by comparing both the CPU and memory requirements of the virtual machines and
selecting the largest.
The largest CPU requirement (shared by VM1 and VM2) is 2GHz, while the largest memory requirement
(for VM3) is 2GB. Based on this, the slot size is 2GHz CPU and 2GB memory.
2 Maximum number of slots that each host can support is determined.
H1 can support four slots. H2 can support three slots (which is the smaller of 9GHz/2GHz and 6GB/2GB)
and H3 can also support three.
3 Current Failover Capacity is computed.
The largest host is H1 and if it fails, six slots remain in the cluster, which is sufficient for all five of the
powered-on virtual machines. If both H1 and H2 fail, only three slots remain, which is insufficient.
Therefore, the Current Failover Capacity is one.
The cluster has one available slot (the six slots on H2 and H3 minus the five used slots). VMware HA admission
control allows you to power on one additional virtual machine (that does not exceed the slot size).
16 VMware, Inc.
Percentage of Cluster Resources Reserved

You can configure VMware HA to perform admission control by reserving a specific percentage of cluster
resources for recovery from host failures.
With the Percentage of Cluster Resources Reserved admission control policy, VMware HA ensures that a
specified percentage of aggregate cluster resources is reserved for failover.
With the Cluster Resources Reserved policy, VMware HA performs admission control.
1 Calculates the total resource requirements for all powered-on virtual machines in the cluster.
2 Calculates the total host resources available for virtual machines.
3 Calculates the Current CPU Failover Capacity and Current Memory Failover Capacity for the cluster.
4 Determines if either the Current CPU Failover Capacity or Current Memory Failover Capacity is less than
the Configured Failover Capacity (provided by the user).
If so, admission control disallows the operation.
It uses the actual reservations of the virtual machines. If a virtual machine does not have reservations, meaning
that the reservation is 0, a default of 0MB memory and 256MHz CPU is applied. This is controlled by the same
HA advanced options used for the failover level policy.
Computing the Current Failover Capacity

The total resource requirements for the powered-on virtual machines is comprised of two components, CPU
and memory. VMware HA calculates these values.
n The CPU component by summing the CPU reservations of the powered-on virtual machines. If you have
not specified a CPU reservation for a virtual machine, it is assigned a default value of 256 MHz (this value
can be changed using the das.vmCpuMinMHz advanced attribute.)
n The memory component by summing the memory reservation (plus memory overhead) of each powered-
on virtual machine.
The total host resources available for virtual machines is calculated by summing the hosts' CPU and memory
resources. These amounts are those contained in the host's root resource pool, not the total physical resources
of the host. Resources being used for virtualization purposes are not included. Only hosts that are connected,
not in maintenance mode, and have no VMware HA errors are considered.
The Current CPU Failover Capacity is computed by subtracting the total CPU resource requirements from the
total host CPU resources and dividing the result by the total host CPU resources. The Current Memory Failover
Capacity is calculated similarly.
VMware, Inc. 17
Example 2-2. Admission Control Using Percentage of Cluster Resources Reserved Policy
The way that Current Failover Capacity is calculated and utilized with this admission control policy can be
shown with an example. Make the following assumptions about a cluster:
n The cluster is comprised of three hosts, each with a different amount of available CPU and memory
resources. The first host (H1) has 9GHz of available CPU resources and 9GB of available memory, while
Host 2 (H2) has 9GHz and 6GB and Host 3 (H3) has 6GHz and 6GB.
n There are five powered-on virtual machines in the cluster with differing CPU and memory requirements.
VM1 needs 2GHz of CPU resources and 1GB of memory, while VM2 needs 2GHz and 1GB, VM3 needs
1GHz and 2GB, VM4 needs 1GHz and 1GB, and VM5 needs 1GHz and 1GB.
n The Configured Failover Capacity is set to 25%.
Figure 2-2. Admission Control Example with Percentage of Cluster Resources Reserved Policy
VM1 VM2 VM3 VM4 VM5
2GHz 2GHz 1GHz 1GHz 1GHz
1GB 1GB 2GB 1GB 1GB
total resource requirements
7GHz, 6GB
H1 H2 H3
9GHz 9GHz 6GHz
9GB 6GB 6GB
total host resources

24GHz, 21GB
The total resource requirements for the powered-on virtual machines is 7GHz and 6GB. The total host resources
available for virtual machines is 24GHz and 21GB. Based on this, the Current CPU Failover Capacity is 70%
((24GHz - 7GHz)/24GHz). Similarly, the Current Memory Failover Capacity is 71% ((21GB-6GB)/21GB).
Because the cluster's Configured Failover Capacity is set to 25%, 45% of the cluster's total CPU resources and
46% of the cluster's memory resources are still available to power on additional virtual machines.
Specify a Failover Host

You can configure VMware HA to designate a specific host as the failover host.
With the Specify a Failover Host admission control policy, when a host fails, VMware HA attempts to restart
its virtual machines on a specified failover host. If this is not possible, for example the failover host itself has
failed or it has insufficient resources, then VMware HA attempts to restart those virtual machines on another
host in the cluster.
To ensure that spare capacity is available on the failover host, you are prevented from powering on virtual
machines or using VMotion to migrate virtual machines to the failover host. Also, DRS does not use the failover
host for load balancing.
18 VMware, Inc.
The Current Failover Host is displayed in the VMware HA section of the cluster's Summary tab in the vSphere
Client. The status icon next to the host can be green, yellow, or red.
n Green. The host is connected, not in maintenance mode, and has no VMware HA errors. Also, no powered-
on virtual machines reside on the host.
n Yellow. The host is connected, not in maintenance mode, and has no VMware HA errors. However,
powered-on virtual machines reside on the host.
n Red. The host is disconnected, in maintenance mode, or has VMware HA errors.
Choosing an Admission Control Policy

You should choose a VMware HA admission control policy based on your availability needs and the
characteristics of your cluster.
When choosing an admission control policy, you should consider a number of factors.
Avoiding Resource Fragmentation

Resource fragmentation occurs when there are enough resources in aggregate for a virtual machine to be failed
over. However, those resources are located on multiple hosts and are unusable because a virtual machine can
run on one ESX/ESXi host at a time. The Host Failures Cluster Tolerates policy avoids resource fragmentation
by defining a slot as the maximum virtual machine reservation. The Percentage of Cluster Resources policy
does not address the problem of resource fragmentation. With the Specify a Failover Host policy, resources
are not fragmented because a single host is reserved for failover.
Flexibility of Failover Resource Reservation

Admission control policies differ in the granularity of control they give you when reserving cluster resources
for failover protection. The Host Failures Cluster Tolerates policy allows you to set the failover level from one
to four hosts. The Percentage of Cluster Resources policy allows you to designate up to 50% of cluster resources
for failover. The Specify a Failover Host policy only allows you to specify a single failover host.
Heterogeneity of Cluster
Clusters can be heterogeneous in terms of virtual machine resource reservations and host total resource
capacities. In a heterogeneous cluster, the Host Failures Cluster Tolerates policy can be too conservative
because it only considers the largest virtual machine reservations when defining slot size and assumes the
largest hosts fail when computing the Current Failover Capacity. The other two admission control policies are
not affected by cluster heterogeneity.
Creating a VMware HA Cluster

VMware HA operates in the context of a cluster of ESX/ESXi hosts. You must create a cluster, populate it with
hosts, and configure VMware HA settings before failover protection can be established.
When you create a VMware HA cluster, you must configure a number of settings that determine how the
feature works. Before you do this, first identify your cluster's nodes. These are the ESX/ESXi hosts that will
provide the resources to support virtual machines and that VMware HA will use for failover protection. Then
you should determine how those nodes are to be connected to one another and to the shared storage where
your virtual machine data resides. After that networking architecture is in place, you can add the hosts to the
cluster and finish configuring VMware HA.
VMware, Inc. 19
You can enable and configure VMware HA before you add host nodes to the cluster. However, until the hosts
are added your cluster is not fully operational and some of the cluster settings are unavailable. For example,
the Specify a Failover Host admission control policy is unavailable until there is a host that can be designated
as the failover host.
NOTE The Virtual Machine Startup and Shutdown (automatic startup) feature is disabled for all virtual
machines residing on hosts that are in (or moved into) a VMware HA cluster. VMware recommends that you
do not manually re-enable this setting for any of the virtual machines. Doing so could interfere with the actions
of cluster features such as VMware HA or Fault Tolerance.
Create a VMware HA Cluster

Your cluster can be enabled for VMware HA, and a VMware HA-enabled cluster is a prerequisite for Fault
Tolerance. VMware recommends that you first create an empty cluster. After you have planned the resources
and networking architecture of your cluster, you can use the vSphere Client to add hosts to the cluster and
specify the cluster's VMware HA settings.
Connect vSphere Client to vCenter Server using an account with cluster administrator permissions.
Prerequisites
All virtual machines and their configuration files must reside on shared storage. So that you can power on the
virtual machines using different hosts in the cluster, the hosts must be configured to access that shared storage.
Each host in a VMware HA cluster must have a host name assigned and a static IP address associated with
each of the virtual NICs.
Hosts must be configured to have access to the virtual machine network.
VMware recommends redundant network connections for VMware HA.

n For ESX, set up redundant service console networking.
n For ESXi, set up redundant VMkernel networking.
For information about setting up network redundancy, see “Network Path Redundancy,” on page 28.
Procedure
1 Select the Hosts & Clusters view.
2 Right-click the Datacenter in the Inventory tree and click New Cluster.
3 Complete the New Cluster wizard.
Do not enable VMware HA (or DRS) at this time.
4 Click Finish to close the wizard and create the cluster.
You have created an empty cluster.
5 Based on your plan for the resources and networking architecture of the cluster, use the vSphere Client
to add hosts to the cluster.
6 Right-click the cluster and click Edit Settings.
The cluster's Settings dialog box is where you can modify the VMware HA (and other) settings for the
cluster.
7 On the Cluster Features page , select Turn On VMware HA.
8 Configure the VMware HA settings as appropriate for your cluster.

n Host Monitoring Status
n Admission Control
20 VMware, Inc.
n Virtual Machine Options

n VM Monitoring
9 Click OK to close the cluster's Settings dialog box.
A configured VMware HA cluster, populated with hosts, is created.
Cluster Features
The first panel in the New Cluster wizard allows you to specify basic options for the cluster.
In this panel you can specify the cluster name and choose one or both cluster features.
Name Specifies the name of the cluster. This name appears in the vSphere Client
inventory panel. You must specify a name to continue with cluster creation.
Turn On VMware HA If this check box is selected, virtual machines are restarted on another host in
the cluster if a host fails. You must turn on VMware HA to enable VMware
Fault Tolerance on any virtual machine in the cluster.
Turn On VMware DRS If this check box is selected, DRS balances the load of virtual machines across
the cluster. DRS also places and migrates virtual machines when they are
protected with HA.
You can change any of these cluster features at a later time.
Host Monitoring Status

After you create a cluster, enable Host Monitoring so that VMware HA can monitor heartbeats sent by ESX/
ESXi hosts in the cluster.
If Enable Host Monitoring is selected, each ESX/ESXi host in the cluster is checked to ensure it is running. If
a host failure occurs, virtual machines are restarted on another host. Host Monitoring is also required for the
VMware Fault Tolerance recovery process to work properly.
If you need to perform network maintenance that might trigger host isolation responses, VMware recommends
that you first suspend VMware HA by disabling Host Monitoring. After the maintenance is complete, reenable
Host Monitoring.
Enabling or Disabling Admission Control

The New Cluster wizard allows you to enable or disable admission control for the VMware HA cluster and
choose a policy for how it is enforced.
You can enable or disable admission control for the HA cluster.
Prevent VMs from being Enables admission control and enforces availability constraints and preserves
powered on if they failover capacity. Any operation on a virtual machine that decreases the
violate availability unreserved resources in the cluster and violates availability constraints is not
constraints permitted.
Allow VMs to be powered Disables admission control. If you select this option, virtual machines can, for
on even if they violate example, be powered on even if that causes insufficient failover capacity. When
availability constraints this is done, no warnings are presented, and the cluster does not turn red. If a
cluster has insufficient failover capacity, VMware HA can still perform
failovers and it uses the VM Restart Priority setting to determine which virtual
machines to power on first.
VMware, Inc. 21
VMware HA provides three policies for enforcing admission control, if it is enabled.

n Host failures cluster tolerates
n Percentage of cluster resources reserved as failover spare capacity
n Specify a failover host
NOTE See “Choosing an Admission Control Policy,” on page 19 for more information about how VMware HA
admission control works.
Virtual Machine Options

Default virtual machine settings control the order in which virtual machines are restarted and how VMware
HA responds if hosts lose network connectivity with other hosts. These settings apply to all virtual machines
in the cluster in the case of a host failure or isolation. You can configure exceptions for each virtual machine.
VM Restart Priority
VM restart priority determines the relative order in which virtual machines are restarted after a host failure.
Such virtual machines are restarted sequentially on new hosts, with the highest priority virtual machines first
and continuing to those with lower priority until all virtual machines are restarted or no more cluster resources
are available. If the number of hosts failures or virtual machines restarts exceeds what admission control
permits, the virtual machines with lower priority might not be restarted until more resources become available.
Virtual machines are restarted on the failover host, if one is specified, or on the host with the highest percentage
of available resources.
The values for this setting are: Disabled, Low, Medium (the default), and High. If Disabled is selected, VMware
HA is disabled for the virtual machine, meaning that it is not restarted on other ESX/ESXi hosts if its ESX/ESXi
host fails. If Disabled is selected, this does not affect virtual machine monitoring, which means that if a virtual
machine fails on a host that is functioning properly, that virtual machine is reset on that same host. You can
change this property for individual virtual machines.
The restart priority settings for virtual machines vary depending on user needs. VMware recommends that
you assign higher restart priority to the virtual machines that provide the most important services.
For example, in the case of a multitier application you might rank assignments according to functions hosted
on the virtual machines.
n High. Database servers that will provide data for applications.
n Medium. Application servers that consume data in the database and provide results on web pages.
n Low. Web servers that receive user requests, pass queries to application servers, and return results to
users.
Host Isolation Response

Host isolation response determines what happens when a host in a VMware HA cluster loses its service console
networks (or VMkernel networks, in ESXi) connection but continues running. Host isolation responses require
that Host Monitoring Status is enabled. If it is disabled, host isolation responses are also suspended. A host
determines that it is isolated when it stops receiving heartbeats from all other hosts and it is unable to ping its
isolation addresses. When this occurs, the host executes its isolation response. The responses are: Leave VM
powered on, Power off VM, and Shut down VM. You can customize this property for individual virtual
machines.
22 VMware, Inc.
To use the Shut down VM setting, you must install VMware Tools in the guest operating system of the virtual
machine. Shutting down the virtual machine provides the advantage of preserving its state. This is better than
powering it off, which does not flush most recent changes to disk or commit transactions. Virtual machines
that are shut down will take longer to fail over while the shutdown completes. Virtual Machines that have not
shut down in 300 seconds, or the time specified in the advanced attribute das.isolationShutdownTimeout
seconds, are powered off.
NOTE After you create a VMware HA cluster, you can override the default cluster settings for Restart Priority
and Isolation Response for specific virtual machines. Such overrides are useful for virtual machines that are
used for special tasks. For example, virtual machines that provide infrastructure services like DNS or DHCP
might need to be powered on before other virtual machines in the cluster.
VM Monitoring
VM Monitoring restarts individual virtual machines if their VMware Tools heartbeats are not received within
a set time. You can configure the degree to which VMware HA is sensitive to such non-responsiveness.
If you select Enable VM Monitoring, the VM Monitoring service (using VMware Tools) evaluates whether
each virtual machine in the cluster is running by checking for regular heartbeats from the VMware Tools
process running inside the guest. If no heartbeats are received, this is most likely because the guest operating
system has failed or VMware Tools is not being allocated any time to complete tasks. In such a case, the VM
Monitoring service determines that the virtual machine has failed and the virtual machine is rebooted to restore
service.
You can also configure the level of monitoring sensitivity. Highly sensitive monitoring results in a more rapid
conclusion that a failure has occurred. While unlikely, highly sensitive monitoring might lead to falsely
identifying failures when the virtual machine in question is actually still working, but heartbeats have not been
received due to factors such as resource constraints. Low sensitivity monitoring results in longer interruptions
in service between actual failures and virtual machines being reset. Select an option that is an effective
compromise for your needs.
After failures are detected, VMware HA resets virtual machines. This helps ensure that services remain
available. To avoid resetting virtual machines repeatedly for nontransient errors, by default virtual machines
will be reset only three times during a certain configurable time interval. After virtual machines have been
reset three times, VMware HA makes no further attempts to reset the virtual machines after any subsequent
failures until after the specified time has elapsed. You can configure the number of resets using the Maximum
per-VM resets custom setting.
Occasionally, virtual machines that are still functioning properly stop sending heartbeats. To avoid
unnecessarily resetting such virtual machines, the VM Monitoring service also monitors a virtual machine's I/
O activity. If no heartbeats are received within the failure interval, the I/O stats interval (a cluster-level attribute)
is checked. The I/O stats interval determines if any disk or network activity has occurred for the virtual machine
during the previous two minutes (120 seconds). If not, the virtual machine is reset. This default value (120
seconds) can be changed using the advanced attribute das.iostatsInterval.
NOTE The VM Monitoring settings cannot be configured though advanced attributes. Modify settings in the
VM Monitoring page of the cluster’s Settings dialog box.
The default settings for VM Monitoring sensitivity are described in the table.
Table 2-1. VM Monitoring Settings

Setting Failure Interval (seconds) Reset Period
High 30 1 hour
Medium 60 24 hours
Low 120 7 days
VMware, Inc. 23
You can specify custom values for both VM Monitoring sensitivity and the I/O stats interval, as described in
“Customizing VMware HA Behavior,” on page 24.
Customizing VMware HA Behavior

After you have established a cluster, you can modify the specific attributes that affect how VMware HA
behaves. You can also change the cluster default settings inherited by individual virtual machines.
This section guides you through setting advanced attributes for VMware HA and lists a few attributes you
might want to set. Because these attributes affect the functioning of HA, change them with caution. Review
the advanced settings you can use to optimize the VMware HA clusters in your environment.
Table 2-2. VMware HA Attributes

das.isolationaddress[...] Sets the address to ping to determine if a host is isolated from

the network. This address is pinged only when heartbeats are
not received from any other host in the cluster. If not specified,
the default gateway of the console network is used. This
default gateway has to be a reliable address that is available,
so that the host can determine if it is isolated from the network.
You can specify multiple isolation addresses (up to 10) for the
cluster: das.isolationaddressX, where X = 1-10. Typically you
should specify one per service console. Specifying too many
addresses makes isolation detection take too long and can
affect VMware HA behavior.
das.usedefaultisolationaddress By default, VMware HA uses the default gateway of the

console network as an isolation address. This attribute
specifies whether or not this default is used (true|false).
das.failuredetectiontime Changes the default failure detection time for host monitoring.
The default is 15000 milliseconds (15 seconds). This is the time
period, when a host has received no heartbeats from another
host, that it waits before declaring that host as failed.
das.failuredetectioninterval Changes the heartbeat interval among VMware HA hosts. By

default, this occurs every 1000 milliseconds (1 second).
das.defaultfailoverhost Defines the host that VMware HA tries to fail virtual machines
over to. Use this option only if the VMware HA admission
control policy is failover level or cluster resource percentage.
If this option is used with the failover host admission control
policy, it takes precedence over the failover host named in the
policy. You can define only one failover host.
das.isolationShutdownTimeout The period of time the system waits for a virtual machine to
shut down before powering it off. This only applies if the host's
isolation response is Shut down VM. Default value is 300
seconds.
das.slotMemInMB Defines the maximum bound on the memory slot size. If this
option is used, the slot size is the smaller of this value or the
maximum memory reservation plus memory overhead of any
powered-on virtual machine in the cluster.
das.slotCpuInMHz Defines the maximum bound on the CPU slot size. If this
option is used, the slot size is the smaller of this value or the
maximum CPU reservation of any powered-on virtual
machine in the cluster.
das.vmMemoryMinMB Defines the default memory resource value assigned to a

virtual machine if its memory reservation is not specified or
zero. This is used for the Host Failures Cluster Tolerates
admission control policy. If no value is specified, the default
is 0 MB.
24 VMware, Inc.
Table 2-2. VMware HA Attributes (Continued)

das.vmCpuMinMHz Defines the default CPU resource value assigned to a virtual

machine if its CPU reservation is not specified or zero. This is
used for the Host Failures Cluster Tolerates admission control
policy. If no value is specified, the default is 256MHz.
das.iostatsInterval Changes the default I/O stats interval for VM monitoring

sensitivity. The default is 120 (seconds). Can be set to any value
greater than, or equal to 0. Setting to 0 disables the check.
NOTE If you change the value of any of the following advanced attributes, you must disable and then re-enable
VMware HA before your changes take effect.
n das.isolationaddress[...]
n das.usedefaultisolationaddress
n das.failuredetectiontime
n das.failuredetectioninterval
n das.isolationShutdownTimeout
Set Advanced VMware HA Options

To customize VMware HA behavior, set advanced VMware HA options.
Prerequisites
A VMware HA cluster for which to modify settings.
Cluster administrator privileges.
Procedure
1 In the cluster’s Settings dialog box, select VMware HA.
2 Click the Advanced Options button to open the Advanced Options (HA) dialog box.
3 Enter each advanced attribute you want to change in a text box in the Option column and enter a value
in the Value column.
4 Click OK.
The cluster uses options you added or modified.
Customize VMware HA Behavior for an Individual Virtual Machine

Each virtual machine in a VMware HA cluster is assigned the cluster default settings for VM Restart Priority,
Host Isolation Response, and VM Monitoring. You can specify specific behavior for each virtual machine by
changing these defaults. If the virtual machine leaves the cluster, these settings are lost.
Procedure
1 Select the cluster and select Edit Settings from the right-click menu.
2 Select Virtual Machine Options under VMware HA.
3 In the Virtual Machine Settings pane, select a virtual machine and customize its VM Restart Priority or
Host Isolation Response setting.
VMware, Inc. 25
4 Select VM Monitoring under VMware HA.
5 In the Virtual Machine Settings pane, select a virtual machine and customize its VM Monitoring setting.
6 Click OK.
The virtual machine’s behavior now differs from the cluster defaults for each setting you changed.
Best Practices for VMware HA Clusters

To help ensure optimal VMware HA cluster performance, VMware recommends that you follow certain best
practices. Also, networking configuration and redundancy are important when designing and implementing
your cluster.
Setting Alarms to Monitor Cluster Changes

When VMware HA or Fault Tolerance take action to maintain availability, for example, a virtual machine
failover, you might need to be notified about such changes. You can configure alarms in vCenter Server to be
triggered when these actions are taken, and have alerts, such as emails, sent to a specified set of administrators.
Monitoring Cluster Validity

A valid cluster is one in which the admission control policy has not been violated.
A cluster enabled for VMware HA becomes invalid (red) when the number of virtual machines powered on
exceeds the failover requirements, that is, the current failover capacity is smaller than configured failover
capacity. If admission control is disabled, clusters do not become invalid.
The cluster's Summary page in the vSphere Client displays a list of configuration issues for clusters. The list
explains what has caused the cluster to become invalid or over-committed (yellow).
DRS behavior is not affected if a cluster is red because of a VMware HA issue.
Networking Best Practices

VMware recommends some best practices for the configuration of host NICs and network topology for
VMware HA. This includes recommendations not only for your ESX/ESXi hosts, but also for cabling, switches,
routers, and firewalls.
Network Configuration and Maintenance

The following network maintenance suggestions can help you avoid the accidental detection of failed hosts
and network isolation due to dropped VMware HA heartbeats.
n When making changes to the network(s) that your clustered ESX/ESXi hosts are on, VMware recommends
that you suspend the Host Monitoring feature. Changing your network hardware or networking settings
can interrupt the heartbeats that VMware HA uses to detect host failures, and this might result in
unwanted attempts to fail over virtual machines.
n When you change the networking configuration on the ESX/ESXi hosts themselves, for example, adding
port groups, or removing vSwitches, VMware recommends that in addition to suspending Host
Monitoring, you place the host in maintenance mode.
NOTE Because networking is a vital component of VMware HA, if network maintenance needs to be performed
the VMware HA administrator should be informed.
26 VMware, Inc.
Networks Used for VMware HA Communications

To identify which network operations might disrupt the functioning of VMware HA, you should be aware of
which network(s) are being used for heart beating and other VMware HA communications.
n On ESX hosts in the cluster, VMware HA communications travel over all networks that are designated as
service console networks. VMkernel networks are not used by these hosts for VMware HA
communications.
n On ESXi hosts in the cluster, VMware HA communications, by default, travel over VMkernel networks,
except those marked for use with VMotion. If there is only one VMkernel network, VMware HA shares
it with VMotion, if necessary. With ESXi 4.0, you must also explicitly enable the Management Network
checkbox for VMware HA to use this network.
Cluster-Wide Networking Considerations

For VMware HA to function, all hosts in the cluster must have compatible networks. The first node added to
the cluster dictates the networks that all subsequent hosts allowed into the cluster must also have. Networks
are considered compatible if the combination of the IP address and subnet mask result in a network that
matches another host's. If you attempt to add a host with too few, or too many, networks, or if the host being
added has incompatible networks, the configuration task fails, and the Task Details pane specifies this
incompatibility.
For example, if the first host you add to the cluster has two networks being used for VMware HA
communications, 10.10.135.0/255.255.255.0 and 10.17.142.0/255.255.255.0, all subsequent hosts must have the
same two networks configured and used for VMware HA communications.
Network Isolation Addresses

A network isolation address is an IP address that is pinged to determine if a host is isolated from the network.
This address is pinged only when a host has stopped receiving heartbeats from all other hosts in the cluster.
If a host can ping its network isolation address, the host is not network isolated, and the other hosts in the
cluster have failed. However, if the host cannot ping its isolation address, it is likely that the host has become
isolated from the network and no failover action is taken.
By default, the network isolation address is the default gateway for the host. There is only one default gateway
specified, regardless of how many service console networks have been defined, so you should use the
das.isolationaddress[...] advanced attribute to add isolation addresses for additional networks. For example,
das.isolationAddress2 to add an isolation address for your second network, das.isolationAddress3 for the
third, up to a maximum of das.isolationAddress9 for the ninth.
When you specify additional isolation address, VMware recommends that you increase the setting for the
das.failuredetectiontime advanced attribute to 20000 milliseconds (20 seconds) or greater. A node that is
isolated from the network needs time to release its virtual machine's VMFS locks if the host isolation response
is to fail over the virtual machines (not to leave them powered on.) This must happen before the other nodes
declare the node as failed, so that they can power on the virtual machines, without getting an error that the
virtual machines are still locked by the isolated node.
For more information on VMware HA advanced attributes, see “Customizing VMware HA Behavior,” on
page 24.
Other Networking Considerations

Configuring Switches. If the physical network switches that connect your servers support the PortFast (or an
equivalent) setting, enable it. This setting prevents a host from incorrectly determining that a network is
isolated during the execution of lengthy spanning tree algorithms.
VMware, Inc. 27
Host Firewalls. On ESX/ESXi hosts, VMware HA needs and automatically opens the following firewall ports.
n Incoming port: TCP/UDP 8042-8045
n Outgoing port: TCP/UDP 2050-2250
Port Group Names and Network Labels. Use consistent port group names and network labels on VLANs for
public networks. Port group names are used to reconfigure access to the network by virtual machines. If you
use inconsistent names between the original server and the failover server, virtual machines are disconnected
from their networks after failover. Network labels are used by virtual machines to reestablish network
connectivity upon restart.
Network Path Redundancy

Network path redundancy between cluster nodes is important for VMware HA reliability. A single service
console network ends up being a single point of failure and can result in failovers although only the network
has failed.
If you have only one service console network, any failure between the host and the cluster can cause an
unnecessary (or false) failover situation. Possible failures include NIC failures, network cable failures, network
cable removal, and switch resets. Consider these possible sources of failure between hosts and try to minimize
them, typically by providing network redundancy.
You can implement network redundancy at the NIC level with NIC teaming, or at the service console (or
VMkernel port on ESXi) level. In most implementations, NIC teaming provides sufficient redundancy, but you
can use or add service console (or VMkernel port) redundancy if required. Redundant service console
networking on ESX (or VMkernel networking) allows the reliable detection of failures and prevents isolation
conditions from occurring, because heartbeats can be sent over multiple networks.
Configure the fewest possible number of hardware segments between the servers in a cluster. The goal being
to limit single points of failure. Additionally, routes with too many hops can cause networking packet delays
for heartbeats, and increase the possible points of failure.
Network Redundancy Using NIC Teaming

Using a team of two NICs connected to separate physical switches improves the reliability of a service console
(or, in ESXi, VMkernel) network. Because servers connected through two NICs (and through separate switches)
have two independent paths for sending and receiving heartbeats, the cluster is more resilient. To configure a
NIC team for the service console, configure the vNICs in vSwitch configuration for Active or Standby
configuration. The recommended parameter settings for the vNICs are:
n Default load balancing = route based on originating port ID
n Failback = No
After you have added a NIC to a host in your VMware HA cluster, you must reconfigure VMware HA on that
host.
Network Redundancy Using a Secondary Network

As an alternative to NIC teaming for providing redundancy for heartbeats, you can create a secondary service
console (or VMkernel port for ESXi), which is attached to a separate virtual switch. The primary service console
is used for network and management purposes. When the secondary service console network is created,
VMware HA sends heartbeats over both the primary and secondary service consoles. If one path fails, VMware
HA can still send and receive heartbeats over the other path.
28 VMware, Inc.
Providing Fault Tolerance for Virtual
Machines 3
You can enable VMware Fault Tolerance for your virtual machines to ensure business continuity with higher
levels of availability and data protection than is offered by VMware HA.
Fault Tolerance is built on the ESX/ESXi host platform (using the VMware vLockstep functionality) and it
provides continuous availability by having identical virtual machines run in virtual lockstep on separate hosts.
To obtain the optimal results from Fault Tolerance you should be familiar with how it works, how to enable
it for your cluster and virtual machines, the best practices for its usage, and troubleshooting tips.

n “How Fault Tolerance Works,” on page 29
n “Fault Tolerance Use Cases,” on page 30
n “Fault Tolerance Configuration Requirements,” on page 31
n “Fault Tolerance Interoperability,” on page 32
n “Preparing Your Cluster and Hosts for Fault Tolerance,” on page 33
n “Turning On Fault Tolerance for Virtual Machines,” on page 35
n “Viewing Information About Fault Tolerant Virtual Machines,” on page 37
n “Fault Tolerance Best Practices,” on page 38
n “VMware Fault Tolerance Configuration Recommendations,” on page 39
n “Troubleshooting Fault Tolerance,” on page 39
How Fault Tolerance Works

VMware Fault Tolerance provides continuous availability for virtual machines by creating and maintaining a
Secondary VM that is identical to, and continuously available to replace, the Primary VM in the event of a
failover situation.
You can enable Fault Tolerance for most mission critical virtual machines. A duplicate virtual machine, called
the Secondary VM, is created and runs in virtual lockstep with the Primary VM. VMware vLockstep captures
inputs and events that occur on the Primary VM and sends them to the Secondary VM, which is running on
another host. Using this information, the Secondary VM's execution is identical to that of the Primary VM.
Because the Secondary VM is in virtual lockstep with the Primary VM, it can take over execution at any point
without interruption, thereby providing fault tolerant protection.
VMware, Inc. 29
The Primary and Secondary VMs continuously exchange heartbeats. This allows the virtual machine pair to
monitor the status of one another to ensure that Fault Tolerance is continually maintained. A transparent
failover occurs if the host running the Primary VM fails, in which case the Secondary VM is immediately
activated to replace the Primary VM. A new Secondary VM is started and Fault Tolerance redundancy is
reestablished within a few seconds. If the host running the Secondary VM fails, it is also immediately replaced.
In either case, users experience no interruption in service and no loss of data.
A fault tolerant virtual machine and its secondary copy are not allowed to run on the same host. Fault Tolerance
uses anti-affinity rules, which ensure that the two instances of the fault tolerant virtual machine are never on
the same host. This ensures that a host failure cannot result in the loss of both virtual machines.
Fault Tolerance avoids "split-brain" situations, which can lead to two active copies of a virtual machine after
recovery from a failure. Atomic file locking on shared storage is used to coordinate failover so that only one
side continues running as the Primary VM and a new Secondary VM is respawned automatically.
NOTE The anti-affinity check is performed when the Primary VM is powered on. It is possible that the Primary
and Secondary VMs can be on the same host when they are both in a powered-off state. This is normal behavior
and when the Primary VM is powered on, the Secondary VM is started on a different host at that time.
Fault Tolerance Use Cases

Several typical situations can benefit from the use of VMware Fault Tolerance.
Fault Tolerance provides a higher level of business continuity than VMware HA. When a Secondary VM is
called upon to replace its Primary VM counterpart, the Secondary VM immediately takes over the Primary
VM’s role with the entire state of the virtual machine preserved. Applications are already running, and data
stored in memory does not need to be re-entered or reloaded. This differs from a failover provided by VMware
HA, which restarts the virtual machines affected by a failure.
This higher level of continuity and the added protection of state information and data informs the scenarios
when you might want to deploy Fault Tolerance.
n Applications that need to be available at all times, especially those that have long-lasting client connections
that users want to maintain during hardware failure.
n Custom applications that have no other way of doing clustering.
n Cases where high availability might be provided through custom clustering solutions, which are too
complicated to configure and maintain.
On-Demand Fault Tolerance

Another key use case for protecting a virtual machine with Fault Tolerance can be described as On-Demand
Fault Tolerance. In this case, a virtual machine is adequately protected with VMware HA during normal
operation. During certain critical periods, you might want to enhance the protection of the virtual machine.
For example, you might be executing a quarter-end report which, if interrupted, might delay the availability
of mission critical information. With VMware Fault Tolerance, you can protect this virtual machine prior to
running this report and then turn off or disable Fault Tolerance after the report has been produced. You can
use On-Demand Fault Tolerance to protect the virtual machine during a critical time period and return the
resources to normal during non-critical operation.
30 VMware, Inc.
Chapter 3 Providing Fault Tolerance for Virtual Machines
Fault Tolerance Configuration Requirements

For VMware Fault Tolerance (FT) to perform as expected, the configuration of your cluster, hosts, and virtual
machines must meet specific requirements.
Cluster Prerequisites
Unlike VMware HA which, by default, protects every virtual machine in the cluster, VMware Fault Tolerance
is enabled on individual virtual machines. For a cluster to support VMware Fault Tolerance, the following
prerequisites must be met:
n VMware HA must be enabled on the cluster. Host Monitoring should also be enabled. If it is not, when
Fault Tolerance uses a Secondary VM to replace a Primary VM no new Secondary VM is created and
redundancy is not restored.
n Host certificate checking must be enabled for all hosts that will be used for Fault Tolerance. See “Enable
Host Certificate Checking,” on page 33.
n Each host must have a VMotion and a Fault Tolerance Logging NIC configured. See “Configure
Networking for Host Machines,” on page 34.
n At least two hosts must have processors from the same compatible processor group. While Fault Tolerance
supports heterogeneous clusters (a mix of processor groups), you get the maximum flexibility if all hosts
are compatible. See the VMware knowledge base article at http://kb.vmware.com/kb/1008027 for
information on supported processors.
n All hosts must have the same ESX/ESXi version and patch level.
n All hosts must have access to the virtual machines' datastores and networks.
To confirm the compatibility of the hosts in the cluster to support Fault Tolerance, run profile compliance
checks.
NOTE VMware HA includes the resource usage of Fault Tolerance Secondary VMs when it performs admission
control calculations. For the Host Failures Cluster Tolerates policy, a Secondary VM is assigned a slot, and for
the Percentage of Cluster Resources policy, the Secondary VM's resource usage is accounted for when
computing the usable capacity of the cluster. See “VMware HA Admission Control,” on page 13.
Host Prerequisites
A host can support fault tolerant virtual machines if it meets the following requirements.
n A host must have processors from the FT-compatible processor group. See the VMware knowledge base
article at http://kb.vmware.com/kb/1008027.
n A host must be certified by the OEM as FT-capable. Refer to the current Hardware Compatibility List
(HCL) for a list of FT-supported servers (see
http://www.vmware.com/resources/compatibility/search.php).
n The host configuration must have Hardware Virtualization (HV) enabled in the BIOS. Some hardware
manufacturers ship their products with HV disabled. The process for enabling HV varies among BIOSes.
See the documentation for your hosts' BIOSes for details on how to enable HV. If HV is not enabled,
attempts to power on a fault tolerant virtual machine produce an error and the virtual machine does not
power on.
Review the Host Configuration Section of “Fault Tolerance Best Practices,” on page 38 to select host options
that best support VMware Fault Tolerance.
VMware, Inc. 31
Virtual Machine Requirements

Before Fault Tolerance can be turned on, a virtual machine must meet minimum requirements.
n Virtual machine files must be stored on shared storage. Acceptable shared storage solutions include Fibre
Channel, (hardware and software) iSCSI, NFS, and NAS.
n Virtual machines must be stored in virtual RDM or virtual machine disk (VMDK) files that are thick
provisioned with the Cluster Features option. If a virtual machine is stored in a VMDK file that is thin
provisioned or thick provisioned without clustering features enabled and an attempt is made to enable
Fault Tolerance, a message appears indicating that the VMDK file must be converted. Users can accept
this automatic conversion (which requires the virtual machine to be powered off), allowing the disk to be
converted and the virtual machine to be protected with Fault Tolerance. The amount of time needed for
this conversion process can vary depending on the size of the disk and the host's processor type.
n Virtual machines must be running on one of the supported guest operating systems. See the VMware
knowledge base article at http://kb.vmware.com/kb/1008027 for more information.
Fault Tolerance Interoperability

Before configuring VMware Fault Tolerance, you should be aware of the features and products Fault Tolerance
cannot interoperate with.
Fault Tolerance and vSphere Features Not Supported

The following vSphere features are not supported for fault tolerant virtual machines.
n Snapshots. Snapshots must be removed or committed before Fault Tolerance can be enabled on a virtual
machine. In addition, it is not possible to take snapshots of virtual machines on which Fault Tolerance is
enabled.
n Storage VMotion. You cannot invoke Storage VMotion for virtual machines with Fault Tolerance turned
on. To migrate the storage, you should temporarily turn off Fault Tolerance, and perform the storage
VMotion action. When this is complete, you can turn Fault Tolerance back on.
n DRS features. A fault tolerant virtual machine is automatically configured as DRS-disabled. DRS does
initially place a Secondary VM, however, DRS does not make recommendations or load balance Primary
or Secondary VMs when load balancing the cluster. The Primary and Secondary VMs can be manually
migrated during normal operation.
Other Features Incompatible with Fault Tolerance

For a virtual machine to be compatible with Fault Tolerance, the Virtual Machine must not use the following
features or devices.
Table 3-1. Features and Devices Incompatible with Fault Tolerance and Corrective Actions
Incompatible Feature or Device Corrective Action
Symmetric multiprocessor (SMP) virtual machines. Only Reconfigure the virtual machine as a single vCPU. Many
virtual machines that support a single vCPU are compatible workloads have good performance configured as a single
with Fault Tolerance. vCPU.
Physical Raw Disk mapping (RDM). If you want to use Raw Reconfigure virtual machines with physical RDM-backed
Disk Mapping (RDM) for your virtual disks, only virtual virtual devices to use virtual RDMs instead.
RDMs are supported.
CD-ROM or floppy virtual devices backed by a physical or Remove the CD-ROM or floppy virtual device or reconfigure
remote device. the backing with an ISO installed on shared storage.
Paravirtualized guests. If paravirtualization is not required, reconfigure the virtual

machine without a VMI ROM.
32 VMware, Inc.
Table 3-1. Features and Devices Incompatible with Fault Tolerance and Corrective Actions (Continued)
Incompatible Feature or Device Corrective Action
USB and sound devices. Remove these devices from the virtual machine.
N_Port ID Virtualization (NPIV). Disable the NPIV configuration of the virtual machine.
NIC passthrough. This feature is not supported by Fault Tolerance so it must be

turned off.
Network interfaces for legacy network hardware. While some legacy drivers are not supported, Fault Tolerance
does support the vmxnet2 driver. You might need to install
VMware tools to access the vmxnet2 driver instead of vlance
in certain guest operating systems.
Virtual disks backed with thin-provisioned storage or When you turn on Fault Tolerance, the conversion to the
thick-provisioned disks that do not have clustering features appropriate disk format is performed by default. The virtual
enabled. machine must be in a powered-off state to take this action.
Hot-plugging devices. The hot plug feature is automatically disabled for fault tolerant
virtual machines. To hot plug devices, you must momentarily
turn off Fault Tolerance, perform the hot plug, and then turn
on Fault Tolerance.
Extended Page Tables/Rapid Virtualization Indexing (EPT/ EPT/RVI is automatically disabled for virtual machines with
RVI). Fault Tolerance turned on.
Preparing Your Cluster and Hosts for Fault Tolerance

To enable VMware Fault Tolerance for your cluster, you must meet the feature's prerequisites and you must
perform certain configuration steps on your hosts. After those steps are accomplished and your cluster has
been created, you can also check that your configuration complies with the requirements for enabling Fault
Tolerance.
The tasks you should complete before attempting to enable Fault Tolerance for your cluster include:
n Enable host certificate checking (if you are upgrading from a previous version of Virtual Infrastructure)
n Configure networking for each host
n Create the VMware HA cluster, add hosts, and check compliance
After your cluster and hosts are prepared for Fault Tolerance, you are ready to turn on Fault Tolerance for
your virtual machines. See “Turn On Fault Tolerance for Virtual Machines,” on page 36.
Enable Host Certificate Checking

Using host certificate checking, you can configure ESX/ESXi hosts to verify each other's identities, thereby
helping to ensure a more secure environment. This is required for ESX/ESXi hosts on which fault tolerant
virtual machines reside. If you installed VMware vCenter Server version 4.0, this enablement is performed
automatically. If you upgraded from a previous version, you must perform the procedure manually. During
this procedure, you will be presented with the list of hosts and their certificates for verification. You can verify
the host certificate before committing the certificate checking enablement. Hosts not verified in this step must
be manually verified and reconnected.
Procedure
1 Connect vSphere Client to vCenter Server.
2 Select Administration and select vCenter Server Settings.
The vCenter Server Settings window appears.
3 Click SSL Settings in the left pane.
VMware, Inc. 33
4 Select the Check host certificates box.
5 Click OK.
Configure Networking for Host Machines

On each host that you intend to add to a VMware HA cluster, you must configure two different networking
switches so that the host can also support VMware Fault Tolerance.
Prerequisites
Multiple gigabit Network Interface Cards (NICs) are required. For each host supporting Fault Tolerance, you
need a total of two VMkernel gigabit NICs: one dedicated to Fault Tolerance logging and one dedicated to
VMotion. The VMotion and FT logging NICs must be on different subnets. Additional NICs are recommended
for virtual machine and management network traffic.
Procedure
2 In the vCenter Server inventory, select the host and click the Configuration tab.
3 Select Networking under Hardware, and click the Add Networking link.
The Add Network wizard appears.
4 Select VMkernel under Connection Types and click Next.
5 Select Create a virtual switch and click Next.
6 Provide a label for the switch, and select either Use this port group for VMotion or Use this port group
for fault tolerance logging.
7 Click Next.
8 Provide an IP address and subnet mask and click Next.
9 Click Finish.
To enable Fault Tolerance for a host, VMware recommends that you complete this procedure twice, once
for each port group option to ensure that sufficient bandwidth is available for Fault Tolerance logging.
Select one option, finish this procedure, and repeat the procedure a second time, selecting the other port
group option.
After you have created both a VMotion and Fault Tolerance logging virtual switch, you should add the host
to the cluster and complete any steps needed to turn on Fault Tolerance.
What to do next
To confirm that you successfully enabled both VMotion and Fault Tolerance on the host, view its Summary
tab in the vSphere Client. In the General pane, the fields VMotion Enabled and Fault Tolerance Enabled
should show yes.
NOTE If you configure networking to support Fault Tolerance but subsequently disable it, pairs of fault tolerant
virtual machines that are already powered on remain so. However, if a failover situation occurs, when the
Primary VM is replaced by its Secondary VM a new Secondary VM is not started, causing the new Primary
VM to run in a Not Protected state.
34 VMware, Inc.
Create VMware HA Cluster and Check Compliance

VMware Fault Tolerance is used in the context of a VMware HA cluster. After you have configured networking
on each host, create the VMware HA cluster and add the hosts to it. You can check to see if the cluster is
configured correctly and complies with the requirements for the successful enablement of Fault Tolerance.
Procedure
2 In the vCenter Server inventory, select the cluster and click the Profile Compliance tab.
3 Click Check Compliance Now to run the compliance tests.
To view the tests that are run, click Description.
The results of the compliance test appear at the bottom of the screen. A host is labeled as either Compliant or
Noncompliant.
NOTE For a detailed discussion of how to create a VMware HA cluster, see Chapter 2, “Creating and Using
VMware HA Clusters,” on page 11.
Turning On Fault Tolerance for Virtual Machines

After you have taken all of the required steps for enabling VMware Fault Tolerance for your cluster, you can
turn on the feature for individual virtual machines.
The option to turn on Fault Tolerance is unavailable (grayed out) if any of these conditions apply:
n The virtual machine resides on a host that does not have a license for the feature.
n The virtual machine resides on a host that is in maintenance mode or standby mode.
n The virtual machine is disconnected or orphaned (its .vmx file cannot be accessed).
n The user does not have permission to turn the feature on.
If the option to turn on Fault Tolerance is available, this task still must be validated and can fail if certain
requirements are not met.
Validation Checks for Turning On Fault Tolerance

A number of validation checks are performed on a virtual machine before Fault Tolerance can be turned on.
n SSL certificate checking must be enabled in the vCenter Server settings.
n The host must be in a VMware HA cluster or a mixed VMware HA and DRS cluster.
n The host must have ESX/ESXi 4.0 or greater installed.
n The virtual machine must not have multiple vCPUs.
n The virtual machine must not have snapshots.
n The virtual machine must not be a template.
n The virtual machine must not have VMware HA disabled.
A number of additional validation checks are performed for powered-on virtual machines (or those being
powered on).
n The BIOS of the hosts where the fault tolerant virtual machines reside must have Hardware Virtualization
(HV) enabled.
n The host that supports the Primary VM must have a processor that supports Fault Tolerance.
VMware, Inc. 35
n The host that supports the Secondary VM must have a processor that supports Fault Tolerance and is the
same CPU family or model as the host that supports the Primary VM.
n The combination of the virtual machine's guest operating system and processor must be supported by
Fault Tolerance (for example, 32-bit Solaris on AMD-based processors is not currently supported).
n The configuration of the virtual machine must be valid for use with Fault Tolerance (for example, it must
not contain any unsupported devices).
When your effort to turn on Fault Tolerance for a virtual machine passes the validation checks, the Secondary
VM is created and the entire state of the Primary VM is copied. The placement and immediate status of the
Secondary VM depends upon whether the Primary VM was powered-on or powered-off when you turned on
Fault Tolerance.
If the Primary VM is powered on:

n The Secondary VM is created, placed on a separate compatible host, and powered on if it passes admission
control.
n The Fault Tolerance Status displayed on the virtual machine's Summary tab in the vSphere Client is
Protected.
If the Primary VM is powered off:

n The Secondary VM is immediately created and registered to a host in the cluster (it might be re-registered
to a more appropriate host when it is powered on.)
n The Secondary VM is not powered on until after the Primary VM is powered on.
n The Fault Tolerance Status displayed on the virtual machine's Summary tab in the vSphere Client is Not
Protected, VM not Running.
n When you attempt to power on the Primary VM after Fault Tolerance has been turned on, the additional
validation checks listed above are performed. To power on properly, the virtual machine must not use
paravirtualization (VMI).
After these checks are passed, the Primary and Secondary VMs are powered on, placed on separate,
compatible hosts and the Fault Tolerance Status displayed on the virtual machine's Summary tab in the
vSphere Client is Protected.
Turn On Fault Tolerance for Virtual Machines

You can turn on VMware Fault Tolerance through the vSphere Client.
NOTE When Fault Tolerance is turned on, vCenter Server unsets the virtual machine's memory limit and sets
the memory reservation to the memory size of the virtual machine. While Fault Tolerance remains turned on,
you cannot change the memory reservation, size, limit, or shares. When Fault Tolerance is turned off, any
parameters that were changed are not reverted to their original values.
Connect vSphere Client to vCenter Server using an account with cluster administrator permissions.
Procedure
1 Select the Hosts & Clusters view.
2 Right-click a virtual machine and select Fault Tolerance > Turn On Fault Tolerance.
The specified virtual machine is designated as a Primary VM and a Secondary VM is established on another
host. The Primary VM is now fault tolerant.
36 VMware, Inc.
Viewing Information About Fault Tolerant Virtual Machines

You can view fault tolerant virtual machines in the vCenter Server inventory using the vSphere Client.
NOTE You cannot disable Fault Tolerance from the Secondary VM.
A VMware Fault Tolerance section (pane) is provided in the Summary tab for the Primary VM and includes
information about the virtual machine.
Fault Tolerance Status Indicates the Fault Tolerance status of the virtual machine.
n Protected. Indicates that the Primary and Secondary VMs are powered on
and running as expected.
n Not Protected. Indicates that the Secondary VM is not running. Possible
reasons are listed in the table.
Table 3-2. Reasons for Primary VM Not Protected Status

Reason for Not Protected Status Description
Starting Fault Tolerance is in the process of

starting the Secondary VM. This message
is only visible for a short period of time.
Need Secondary VM The Primary VM is running without a

Secondary VM, so the Primary VM is
currently not protected. This generally
occurs when there is no compatible host
in the cluster available for the Secondary
VM. Correct this by bringing a
compatible host online. If there is a
compatible host online in the cluster,
further investigation might be required.
Under certain circumstances, disabling
Fault Tolerance and then re-enabling it
corrects this problem.
Disabled Fault Tolerance is currently disabled (no

Secondary VM is running). This happens
when Fault Tolerance is disabled by the
user or when vCenter Server disables
Fault Tolerance after being unable to
power on the Secondary VM.
VM not Running Fault Tolerance is enabled but the virtual

machine is powered off. Power on the
virtual machine to reach Protected state.
Secondary location Displays the ESX/ESXi host on which the Secondary VM is hosted.
Total Secondary CPU Indicates the CPU usage of the Secondary VM, displayed in MHz.
Total Secondary Indicates the memory usage of the Secondary VM, displayed in MB.
Memory
vLockstep Interval The time interval (displayed in seconds) needed for the Secondary VM to match
the current execution state of the Primary VM. Typically, this interval is less
than one-half of one second.
Log Bandwidth The amount of network capacity being used for sending VMware Fault
Tolerance log information from the host running the Primary VM to the host
running the Secondary VM.
VMware, Inc. 37
Fault Tolerance Best Practices

To help ensure optimal Fault Tolerance results, VMware recommends that you follow certain best practices.
Host Configuration
Observe the following best practices when configuring your hosts.
n Hosts running the Primary and Secondary VMs should operate at approximately the same processor
frequencies, otherwise the Secondary VM might be restarted more frequently. Platform power
management features which do not adjust based on workload (for example, power capping and enforced
low frequency modes to save power) can cause processor frequencies to vary greatly. If Secondary VMs
are being restarted on a regular basis, disable all power management modes on the hosts running fault
tolerant virtual machines or ensure that all hosts are running in the same power management modes.
n Apply the same instruction set extension configuration (enabled or disabled) to all hosts. The process for
enabling or disabling instruction sets varies among BIOSes. See the documentation for your hosts' BIOSes
for details on how to configure instruction sets.
Homogeneous Clusters
VMware Fault Tolerance can function in clusters with non-uniform hosts, but it works best in clusters with
compatible nodes. When constructing your cluster, all hosts should have the following:
n Processors from the same compatible processor group.
n Common access to datastores used by the virtual machines.
n The same virtual machine network configuration.
n The same ESX/ESXi version.
n The same BIOS settings for all hosts.
Run Check Compliance to identify incompatibilities and correct them.
Performance
To increase the bandwidth available for the logging traffic between Primary and Secondary VMs use a 10Gbit
NIC rather than 1Gbit NIC, and enable the use of jumbo frames.
Store ISOs on Shared Storage for Continuous Access

ISOs that are accessed by virtual machines with Fault Tolerance enabled should be stored on shared storage
that is accessible to both instances of the fault tolerant virtual machine. If this configuration is used, the CD-
ROM in the virtual machine continues operating normally, even if there is a failover.
For virtual machines with Fault Tolerance enabled, you might use ISO images that are accessible only to the
Primary VM. In such a case, the Primary VM is able to access the ISO, but if a failover occurs, the CD-ROM
reports errors as if there is no media. This situation might be acceptable if the CD-ROM is being used for a
temporary, non-critical operation such as an installation.
Upgrade Hosts Used for Fault Tolerance

When you upgrade hosts that contain fault tolerant virtual machines, ensure that the Primary and Secondary
VMs continue to run on hosts with the same ESX/ESXi version and patch level.
Prerequisites
38 VMware, Inc.
Sets of four or more ESX/ESXi hosts that are hosting fault tolerant virtual machines which are powered on. If
the virtual machines are powered off, the Primary and Secondary VMs can be relocated to hosts with different
builds.
NOTE This upgrade procedure is for a minimum four-node cluster. The same instructions can be followed for
a smaller cluster, though the unprotected interval will be slightly longer.
Procedure
1 Using VMotion, migrate the fault tolerant virtual machines off of two hosts.
2 Upgrade the two evacuated hosts to the same ESX/ESXi build.
3 Disable Fault Tolerance on the Primary VM.
4 Using VMotion, move the disabled Primary VM to one of the upgraded hosts.
5 Re-enable Fault Tolerance on the Primary VM that was moved.
6 Repeat Step 1 to Step 5 for as many fault tolerant virtual machine pairs as can be accommodated on the
upgraded hosts.
7 Using VMotion, redistribute the fault tolerant virtual machines.
All ESX/ESXi hosts in a cluster are upgraded.
VMware Fault Tolerance Configuration Recommendations

VMware recommends that you observe certain guidelines when configuring Fault Tolerance.
n In addition to non-fault tolerant virtual machines, you should have no more than four fault tolerant virtual
machines (primaries or secondaries) on any single host. The number of fault tolerant virtual machines that
you can safely run on each host is based on the sizes and workloads of the ESX/ESXi host and virtual
machines, all of which can vary.
n If you are using NFS to access shared storage, use dedicated NAS hardware with at least a 1Gbit NIC to
obtain the network performance required for Fault Tolerance to work properly.
n Ensure that a resource pool containing fault tolerant virtual machines has excess memory above the
memory size of the virtual machines. Fault tolerant virtual machines use their full memory reservation.
Without this excess in the resource pool, there might not be any memory available to use as overhead
memory.
n VMware recommends that you use a maximum of 16 virtual disks per fault tolerant virtual machine.
n To ensure redundancy and maximum Fault Tolerance protection, VMware recommends that you have a
minimum of three hosts in the cluster. In a failover situation, this provides a host that can accommodate
the new Secondary VM that is created.
Troubleshooting Fault Tolerance

To maintain a high level of performance and stability for your fault tolerant virtual machines and also to
minimize failover rates, you should be aware of certain troubleshooting topics.
The troubleshooting topics discussed focus on issues that you might encounter when using the VMware Fault
Tolerance feature on your virtual machines. The topics also describe how to resolve problems.
You can use the information provided in the appendix Fault Tolerance Error Messages to help you troubleshoot
Fault Tolerance. The topic contains a list of error messages that you might encounter when you attempt to use
the feature and, where applicable, advice on how to resolve each error.
VMware, Inc. 39
Unexpected Virtual Machine Failovers

You might need to troubleshoot VMware Fault Tolerance by determining the reason for unexpected virtual
machine failovers. This type of failover is when your Primary or Secondary VM has failed over and redundancy
is reestablished, even though its ESX/ESXi host has not crashed. In such cases, virtual machine execution is not
interrupted, but redundancy is temporarily lost.
Partial Hardware Failure Related to Storage

This problem can arise when access to storage is slow or completely down for one of the hosts. When this
occurs there are many storage errors listed in the VMkernel log. To resolve this problem you must address
your storage-related issues.
Partial Hardware Failure Related to Network

If the logging NIC is not functioning or connections to other hosts through that NIC are down, this can trigger
a fault tolerant virtual machine to be failed over so that redundancy can be reestablished. To avoid this problem,
dedicate a separate NIC each for VMotion and FT logging traffic and perform VMotion migrations only when
the virtual machines are less active.
Insufficient Bandwidth on the Logging NIC Network

This can happen because of too many fault tolerant virtual machines being on a host. To resolve this problem,
more broadly distribute pairs of fault tolerant virtual machines across different hosts.
VMotion Failures Due to Virtual Machine Activity Level

If the VMotion migration of a fault tolerant virtual machine fails, the virtual machine might need to be failed
over. Usually, this occurs when the virtual machine is too active for the migration to be completed with only
minimal disruption to the activity. To avoid this problem, perform VMotion migrations only when the virtual
machines are less active.
Too Much Activity on VMFS Volume Can Lead to Virtual Machine Failovers
When a number of file system locking operations, virtual machine power ons, power offs, or VMotion
migrations occur on a single VMFS volume, this can trigger fault tolerant virtual machines to be failed over.
A symptom that this might be occurring is receiving many warnings about SCSI reservations in the VMkernel
log. To resolve this problem, reduce the number of file system operations or ensure that the fault tolerant virtual
machine is on a VMFS volume that does not have an abundance of other virtual machines that are regularly
being powered on, powered off, or migrated using VMotion.
Lack of File System Space Prevents Secondary VM Startup

Check whether or not your /(root) or /vmfs/<datasource> file systems have available space. These file systems
can become full for many reasons, and a lack of space might prevent you from being able to start a new
Secondary VM.
Other Fault Tolerance Troubleshooting Issues

You might need to troubleshoot issues that are adversely affecting the functioning of your fault tolerant virtual
machines.
Hardware Virtualization Must Be Enabled

When attempting to power on a virtual machine with VMware Fault Tolerance enabled, an error message
might appear. This is often the result of Hardware Virtualization (HV) not being available on the ESX/ESXi
server on which you are attempting to power on the virtual machine. HV might not be available either because
it is not supported by the ESX/ESXi server hardware or because HV is not enabled in the BIOS.
40 VMware, Inc.
If the ESX/ESXi server hardware supports HV, but HV is not currently enabled, enable HV in the BIOS on that
server. The process for enabling HV varies among BIOSes. See the documentation for your hosts' BIOSes for
details on how to enable HV.
If the ESX/ESXi server hardware does not support HV, switch to hardware that uses processors that support
Fault Tolerance.
Compatible Secondary Hosts Must Be Available

After powering on a virtual machine with Fault Tolerance enabled, an error message might appear in the Recent
Task Pane:
Secondary VM could not be powered on as there are no compatible hosts that can accommodate it.
This can occur for a variety of reasons including that there are no other hosts in the cluster, there are no other
hosts with HV enabled, data stores are inaccessible, there is no available capacity, or hosts are in maintenance
mode. If there are insufficient hosts, add more hosts to the cluster. If there are hosts in the cluster, ensure they
support HV and that HV is enabled. The process for enabling HV varies among BIOSes. See the documentation
for your hosts' BIOSes for details on how to enable HV. Check that hosts have sufficient capacity and that they
are not in maintenance mode.
Secondary VM on Overcommitted Host Degrades Performance of Primary VM

If a Primary VM appears to be executing slowly, even though its host is lightly loaded and retains idle CPU
time, check the host where the Secondary VM is running to see if it is heavily loaded. A Secondary VM running
on a host that is overcommitted for CPU resources might not get the same amount of CPU resources as the
Primary VM. When this occurs, the Primary VM frequently must slow down to allow the Secondary VM to
keep up, effectively reducing its execution speed to the slower speed of the Secondary VM.
Further evidence of this problem could be if the vLockstep Interval on the Primary VM's Fault Tolerance panel
is yellow or red. This means that the Secondary VM is running several seconds behind the Primary VM. In
such cases, Fault Tolerance slows down the Primary VM. If the vLockstep Interval remains yellow or red for
an extended period of time, this is a strong indication that the Secondary VM is not getting enough CPU
resources to keep up with the Primary VM.
To resolve this problem, set an explicit CPU reservation for the Primary VM at a MHz value sufficient to run
its workload at the desired performance level. This reservation is applied to both the Primary and Secondary
VMs ensuring that both are able to execute at a specified rate. For guidance setting this reservation, view the
performance graphs of the virtual machine (prior to Fault Tolerance being enabled) to see how much CPU
resources it used under normal conditions.
Very Large Virtual Machines Can Prevent Use of Fault Tolerance

Enabling Fault Tolerance or migrating a running fault tolerant virtual machine using VMotion can fail if the
virtual machine is too large (greater than 15GB) or if memory is changing at a rate faster than VMotion can
copy over the network. This occurs if, due to the virtual machine’s memory size, there is not enough bandwidth
to complete the VMotion switchover operation within the default timeout window (8 seconds).
To resolve this problem, before you enable Fault Tolerance, power off the virtual machine and increase its
timeout window by adding the following line to the vmx file of the virtual machine:
ft.maxSwitchoverSeconds = "30"
where 30 is the timeout window in number in seconds. Enable Fault Tolerance and power the virtual machine
back on. This solution should work except under conditions of very high network activity.
NOTE If you increase the timeout to 30 seconds, the fault tolerant virtual machine might become unresponsive
for a longer period of time (up to 30 seconds) when enabling FT or when a new Secondary VM is created after
a failover.
VMware, Inc. 41
Secondary VM CPU Usage Appears Excessive

In some cases, you might notice that the CPU usage for a Secondary VM is higher than for its associated Primary
VM. This is because replaying events (such as timer interrupts) on the Secondary VM can be slightly more
expensive than recording them on the Primary VM. This additional overhead is small. When the Primary VM
is idle, this relative difference between the Primary and Secondary VMs might seem large, but examining the
actual CPU usage shows that very little CPU resource is being consumed by the Primary VM or the Secondary
VM.
42 VMware, Inc.
Appendix: Fault Tolerance Error Messages
You might encounter error messages when trying to use VMware Fault Tolerance (FT). The table lists some of
these error messages. For each error message there is a description and information about resolving the error,
if applicable.
Table A-1. Fault Tolerance Error Messages

Error Message Description and Solution
This host contains virtual machines This host cannot be moved out of the cluster because it contains virtual machines with
(VMs) with Fault Tolerance turned FT turned on. To move the host to another cluster, first migrate the fault tolerant
On; therefore, this host cannot be virtual machines to a different host.
moved out of its current cluster. To
move the host to another cluster,
first migrate the VMs with Fault
Tolerance turned On to a different
host
Cannot add a host with virtual FT requires the cluster to be enabled for VMware HA. Edit your cluster settings and
machines that have Fault Tolerance turn on VMware HA.
turned On to a non-HA enabled
cluster
Cannot add a host with virtual FT cannot be enabled on a stand-alone host. While the host is in the VMware HA-
machines that have Fault Tolerance enabled cluster, right-click each virtual machine on the host and select Turn Off Fault
turned On as a stand-alone host Tolerance. Once FT is disabled, the host can be made into a stand-alone host.
Fault Tolerance is enabled on one or This host cannot be moved out of the cluster until FT is turned off. To turn off FT,
more VMs on this host and must be right-click the fault tolerant virtual machines and select Turn Off Fault Tolerance.
disabled to move the host out of the
current cluster
Fault Tolerance is enabled on VM To move the virtual machine to another cluster or to a standalone host, first turn off
{vmName}. Disable Fault Tolerance FT.
to move the VM from the current
[Resource pool, Cluster]
The host {hostName} has VMs with This host cannot be disconnected until it is placed in maintenance mode or until FT is
Fault Tolerance turned On. Before turned off. To turn off FT, right-click the fault tolerant virtual machines and select
disconnecting the host, the host Turn Off Fault Tolerance.
should be put into maintenance
mode or turn Off Fault Tolerance
protection on these VMs
Virtual machines in the same Fault You have attempted to VMotion a Secondary VM to the same host a Primary VM is
Tolerance pair cannot be on the on. A Primary VM and its Secondary VM cannot reside on the same host. Select a
same host different destination host for the Secondary VM.
VMware, Inc. 43
Table A-1. Fault Tolerance Error Messages (Continued)

The unused disk blocks of the You have attempted to turn on FT on a powered-on virtual machine which has thick
virtual machine's disks have not formatted disks with the property of being lazy-zeroed. FT cannot be enabled on such
been scrubbed on the file system. a virtual machine while it is powered on. Power off the virtual machine, then turn on
This is needed to support features FT and power the virtual machine back on. This changes the disk format of the virtual
like Fault Tolerance machine when it is powered back on. Turning on FT could take some time to complete
if the virtual disk is large.
The disk blocks of the virtual You have attempted to turn on FT on a powered-on virtual machine with thin
machine's disks have not been fully provisioned disks. FT cannot be enabled on such a virtual machine while it is powered
provisioned on the file system. This on. Power off the virtual machine, then turn on FT and power the virtual machine
is needed to support features like back on. This changes the disk format of the virtual machine when it is powered back
Fault Tolerance on. Turning on FT could take some time to complete if the virtual disk is large.
Unsupported virtual machine The virtual machine has a virtual device that does not support FT. The specific reason
configuration for Fault Tolerance for the incompatibility (for example, multiple vCPUs) is specified in the sub-fault of
this message. This error also occurs when you attempt to reconfigure a fault tolerant
virtual machine with an unsupported operation, for example, extend disk.
There are configuration issues for There are FT operation issues. To troubleshoot this issue, in the vSphere Client select
the Fault Tolerance operation. Refer the failed FT operation in either the Recent Tasks pane or the Tasks & Events tab and
to the errors and warnings list for click the View details link that appears in the Details column.
details
This operation is not supported on An unsupported operation was performed directly on the Secondary VM. Typically
a Secondary VM of a Fault Tolerant this operation would come from an API. FT does not allow direct interaction with the
pair Secondary VM (except for relocating or migrating it to a different host). Most
operations must be performed on the Primary VM.
The Secondary VM with An attempt was made to enable FT for a virtual machine on which FT was already
instanceUuid '{instanceUuid}' has enabled. Typically, such an operation would come from an API.
already been enabled
The Secondary VM with An attempt was made to disable FT for a Secondary VM on which FT was already
instanceUuid '{instanceUuid}' has disabled. Typically, such an operation would come from an API.
already been disabled
Cannot power On the Fault An attempt to power on the Secondary VM failed. To troubleshoot this issue, in the
Tolerance Secondary VM for virtual vSphere Client select the failed FT operation in either the Recent Tasks pane or the
machine {vmName}. Refer to the Tasks & Events tab and click the View details link that appears in the Details column.
errors list for details
Host {hostName} does not support The product you are using is not compatible with Fault Tolerance. To use the product
virtual machines with Fault you must turn Fault Tolerance off. This error message primarily appears when
Tolerance turned on. This VMware vCenter Server is managing a host with an earlier version of ESX/ESXi or if you are
product does not support Fault using VMware Server.
Tolerance
Host {hostName} does not support This hosts' processor does not support Fault Tolerance. Use a host with supported
virtual machines with Fault hardware to use FT. See the VMware knowledge base article at
Tolerance turned on. This product http://kb.vmware.com/kb/1008027 for information on supported processors.
supports Fault Tolerance, but the
host processor does not
Host {hostName} has some Fault vCenter Server has detected FT issues on the host. To troubleshoot this issue, in the
Tolerance issues for virtual vSphere Client select the failed FT operation in either the Recent Tasks pane or the
machine {vmName}. Refer to the Tasks & Events tab and click the View details link that appears in the Details column.
errors list for details
No suitable host can be found to FT requires that the hosts for the Primary and Secondary VMs use the same CPU
place the Fault Tolerance model or family and have the same ESX/ESXi host version and patch level. Enable FT
Secondary VM for virtual machine on a virtual machine registered to a host with a matching CPU model or family within
{vmName} the cluster. If no such hosts exist, you must add one.
44 VMware, Inc.

Operation to power On the Fault The attempt to start the Secondary VM by copying the state of the Primary VM failed
Tolerance Secondary VM for with a timeout. Default timeout is 300 seconds. Determine what is preventing the
{vmName} could not be completed Secondary VM from powering on. Check if the FT logging NIC on the Primary VM's
within {timeout} seconds host and those tried for the Secondary VM is being shared with other network traffic
You can reduce traffic on the logging NIC of the Primary and Secondary VMs by
moving virtual machines with high network traffic to another host.
The Fault Tolerance Secondary VM The Secondary VM was not powered on due to a failure to power on the Primary VM.
was not powered On because the This error displays when the vSphere Client is used to attempt to power on a Primary
Fault Tolerance Primary VM could VM or if an SDK client invokes the vim.Datacenter.PowerOnVM() API. You must
not be powered On address the issue that prevented the Primary VM from powering on because vCenter
Server attempts to power on the Secondary VM only after it has powered on the
Primary VM.
DRS Disabled is the only supported An SDK client attempted to set a DRS automation level override for a Primary or
DRS behavior for Fault Tolerance Secondary VM. vCenter Server blocks all such attempts to change the DRS automation
virtual machine {vmName} level of fault tolerant virtual machines.
Host CPU is incompatible with the FT requires that the hosts for the Primary and Secondary VMs use the same CPU
virtual machine's requirements model, family, and stepping. Enable FT on a virtual machine registered to a host with
mismatch detected for these a matching CPU model, family, and stepping within the cluster. If no such hosts exist,
features: CPU does not match you must add one. This error also occurs when you attempt to migrate a fault tolerant
virtual machine to a different host.
Record/Replay is not supported for This error occurs when you attempt to power on an FT virtual machine that does not
Guest OS XP/PRO on this CPU meet all of the configuration requirements for FT. See “Turning On Fault Tolerance
for Virtual Machines,” on page 35.
The Fault Tolerance configuration This virtual machine is on a host that is not in a VMware HA cluster or it has had
of the entity {entityName} has an VMware HA disabled. Fault Tolerance requires VMware HA.
issue: HA is not enabled on the
virtual machine
The Fault Tolerance configuration The Primary VM already has a Secondary VM. Do not attempt to create multiple
of the entity {entityName} has an Secondary VMs for the same Primary VM.
issue: Secondary VM already exists
The Fault Tolerance configuration FT cannot be enabled on virtual machines which are templates. Use a non-template
of the entity {entityName} has an virtual machine for FT.
issue: Template virtual machine
The Fault Tolerance configuration FT is only supported on virtual machines with a single vCPU configured. Use a single
of the entity {entityName} has an vCPU virtual machine for FT.
issue: Virtual machine with
multiple virtual CPUs
The Fault Tolerance configuration You must enable FT on an active host. An inactive host is one that is disconnected, in
of the entity {entityName} has an maintenance mode, or in standby mode.
issue: Host is inactive
The Fault Tolerance configuration FT is only supported on specific processors and BIOS settings with Hardware
of the entity {entityName} has an Virtualization (HV) enabled. To resolve this issue, use hosts with supported CPU
issue: Fault Tolerance not models and BIOS settings.
supported by host hardware
The Fault Tolerance configuration Upgrade to VMware ESX or ESXi 4.0 or later.
of the entity {entityName} has an
issue: Fault Tolerance not
supported by VMware Server 2.0
The Fault Tolerance configuration Verify that you have correctly configured networking on the host. See “Configure
of the entity {entityName} has an Networking for Host Machines,” on page 34. If it is, then you might need to acquire
issue: No VMotion license or no a VMotion license.
virtual NIC configured for
VMotion
VMware, Inc. 45

The Fault Tolerance configuration An FT logging NIC has not been configured. See “Configure Networking for Host
of the entity {entityName} has an Machines,” on page 34 for instructions.
issue: No virtual NIC configured
for Fault Tolerance logging
The Fault Tolerance configuration The "check host certificates" box is not checked in the SSL settings for vCenter Server.
of the entity {entityName} has an You must check that box. See “Enable Host Certificate Checking,” on page 33.
issue: Check host certificates flag
not set for vCenter Server
The Fault Tolerance configuration FT does not support virtual machines with snapshots. Enable FT on a virtual machine
of the entity {entityName} has an without snapshots or use the snapshot manager to delete all snapshots associated with
issue: The virtual machine has one this virtual machine.
or more snapshots
The Fault Tolerance configuration vCenter Server has no information about the configuration of the virtual machine.
of the entity {entityName} has an Determine if it is misconfigured. You can try removing the virtual machine from the
issue: No configuration inventory and re-registering it.
information for the virtual machine
The Fault Tolerance configuration Upgrade the hardware the virtual machine is running on and then turn on FT.
of the entity {entityName} has an Potential configuration issues include:
issue: Record and replay n Software virtualization with FT is unsupported.
functionality not supported by the n FT is not supported for SMP virtual machines.
virtual machine
n Paravirtualization (VMI) with FT is not supported.
n VM has device that is not supported with FT.
n Combination of guest operating system, CPU type and configuration options is
incompatible with FT.
See “Fault Tolerance Interoperability,” on page 32 for more details about these
requirements.
The Fault Tolerance configuration This error occurs when you attempt to turn on FT for a powered-on virtual machine
of the entity {entityName} has an that does not meet all of the configuration requirements for FT. Power off the virtual
issue: The virtual machine's current machine, address the configuration issue, then Turn On Fault Tolerance. Potential
configuration does not support configuration issues include:
Fault Tolerance n Software virtualization with FT is unsupported.
n FT is not supported for SMP virtual machines.
n Paravirtualization (VMI) with FT is not supported.
n VM has device that is not supported with FT.
n Combination of guest operating system, CPU type and configuration options is
incompatible with FT.
See “Fault Tolerance Interoperability,” on page 32 for more details about these
requirements.
The virtual machine has {numCpu} This error occurs when you attempt to reconfigure a Primary VM with more than one
virtual CPUs and is not supported vCPU. You must modify the number of vCPUs to one.
for reason: Fault Tolerance
The file backing FT is not supported on a virtual machine with a virtual floppy device that has file
({backingFilename}) for device backing not accessible to the host upon which the Secondary VM resides. To turn on
Virtual Floppy is not supported for FT for this virtual machine, first remove the unsupported device.
Fault Tolerance
The file backing FT is not supported on a virtual machine with a virtual CDROM device that has file
Virtual CDROM is not supported FT for this virtual machine, first remove the unsupported device.
for Fault Tolerance
The file backing FT is not supported on a virtual machine with a virtual serial port device that has file
Virtual serial port is not supported FT for this virtual machine, first remove the unsupported device.
for Fault Tolerance
46 VMware, Inc.

The file backing FT is not supported on a virtual machine with a virtual parallel port device that has
({backingFilename}) for device file backing not accessible to the host upon which the Secondary VM resides. To turn
Virtual parallel port is not on FT for this virtual machine, first remove the unsupported device.
supported for Fault Tolerance
The file backing FT is not supported on a virtual machine with a physical disk that has file backing not
({backingFilename}) for device accessible to the host upon which the Secondary VM resides. To turn on FT for this
Virtual disk is not supported for virtual machine, first remove the unsupported device.
Fault Tolerance
vCenter disabled Fault Tolerance To diagnose why the Secondary VM could not be powered on, see “Troubleshooting
on VM {vmName} because the Fault Tolerance,” on page 39.
Secondary VM could not be
powered on
Starting the Secondary VM You might be experiencing network latency that is causing the timeout. See
{vmName} timed out within “Troubleshooting Fault Tolerance,” on page 39.
{timeout} ms
Resynchronizing Primary and Fault Tolerance has detected a difference between the Primary and Secondary VMs.
Secondary VMs This can be caused by transient events which occur due to hardware or software
differences between the two hosts. FT has automatically started a new Secondary VM,
and no action is required. If you see this message frequently, you should alert support
to determine if there is an issue.
NOTE For errors related to CPU compatibility, see the VMware knowledge base article at
http://kb.vmware.com/kb/1008027 for information on supported processors.
VMware, Inc. 47
48 VMware, Inc.
Index
A das.vmCpuMinMHz 13, 17, 24

admission control das.vmMemoryMinMB 24
enabling 21 default gateway 26
policy 21 Distributed Power Management (DPM) 11, 13
types 13 Distributed Resource Scheduler (DRS)
VMware HA 13 and Fault Tolerance 32
admission control policy Fault Tolerance errors 43
choosing 19 turning on 21
Host Failures Cluster Tolerates 13 using with VMware HA 11
Percentage of Cluster Resources downtime
Reserved 17 planned 7
Specify a Failover Host 18 unplanned 8
advanced attributes, VMware HA 24
Advanced Runtime Info 13 E
affinity rules 29 error messages, Fault Tolerance 43
anti-affinity rules 29 events and alarms, setting 26
Extended Page Tables (EPT) 32
B
best practices F
Fault Tolerance 38 failover host 18
VMware HA clusters 26 Fault Tolerance
VMware HA networking 26 anti-affinity rules 29
business continuity 7 best practices 38
compliance check 35
C configuration recommendations 39
cluster settings 20 continuous availability 9
cluster validity 26 enabling 33
compliance check, Fault Tolerance 35 error messages 43
Configured Failover Capacity 13, 17 interoperability 32
configuring VMware HA advanced options 25 Log Bandwidth 37
creating a VMware HA cluster 19 logging 34, 40
Current Failover Capacity 13, 17 networking configuration 34
Current Failover Host 18 overview 29
customizing VMware HA 24 prerequisites 31
restrictions for turning on 35
D secondary location 37
das.defaultfailoverhost 24 Total Secondary CPU 37
das.failuredetectioninterval 24 Total Secondary Memory 37
das.failuredetectiontime 24, 26 troubleshooting 39, 40
das.iostatsInterval 23, 24 turning on 36
das.isolationaddress 24, 26 use cases 30
das.isolationShutdownTimeout 22, 24 validation checks 35
das.slotCpuInMHz 13, 24 vLockstep Interval 37
das.slotMemInMB 13, 24 vSphere configuration 31
das.usedefaultisolationaddress 24
VMware, Inc. 49
Fault Tolerance status R

Disabled 37 Rapid Virtualization Indexing (RVI) 32
Need Secondary VM 37 RDM 31, 32
Starting 37 resource fragmentation 19
VM not Running 37
firewall ports 26 S
ft.maxSwitchoverSeconds 40 secondary hosts in clusters 11
slot 13
H slot size calculation 13
Hardware Virtualization (HV) 31, 35, 40 snapshots 32
host certificate checking 31, 33 Specify a Failover Host 18
Host Failures Cluster Tolerates 13 storage
Host Isolation Response setting 22 iSCSI 31
Host Monitoring 31 NAS 31, 39
Host Monitoring feature 21, 26 NFS 31, 39
hosts Storage VMotion 7, 32
maintenance mode 11 suspending VMware HA 21
network isolation 11 Symmetric multiprocessor (SMP) 32
I T
I/O stats interval 23 tolerating host failures 13
interoperability, Fault Tolerance 32 transparent failover 9, 29
iSCSI SAN 31 troubleshooting Fault Tolerance 39
ISO images 38 turning on VMware HA 21
M U
Maximum per-VM resets 23 unplanned downtime 8
minimizing downtime 7 upgrading hosts with FT virtual machines 38
modifying cluster settings 20 use cases, Fault Tolerance 30
monitoring VMware HA 26
V
N validation checks 35
N_Port ID Virtualization (NPIV) 32 virtual machine overrides 22, 25
network isolation address 26 Virtual Machine Startup and Shutdown
network labels 26 feature 19
networking configuration, Fault Tolerance 34 VM Monitoring 23
NIC teaming 28 VM Monitoring sensitivity 23
VM Restart Priority setting 22
O VMDK 31
On-Demand Fault Tolerance 30 VMFS 11, 26, 40
VMware HA
P advanced attributes 24
paravirtualization 32 advantages 8
Percentage of Cluster Resources Reserved 17 cluster settings 19
planned downtime 7 customizing 24
planning a VMware HA cluster 11 monitoring 26
port group names 26 recovery from outages 8
PortFast 26 suspending 21
prerequisites, Fault Tolerance 31 turning on 21
primary hosts in clusters 11 VMware HA cluster
admission control 13
best practices 26
50 VMware, Inc.
Index
creating 19, 20, 35 primary hosts 11

heterogeneity 19 secondary hosts 11
planning 11 VMware HA networking
best practices 26
path redundancy 28
VMware Tools 23
VMware vLockstep 9, 29
VMware, Inc. 51
52 VMware, Inc.
ESX 4.0
ESXi 4.0
vCenter Server 4.0
EN-000109-02
©
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About This Book 7
1 Overview of VMware ESX/ESXi 9

Introduction to ESX/ESXi 9
Understanding Virtualization 10
Interacting with ESX/ESXi Systems 13
2 Using ESX/ESXi with Fibre Channel SAN 15

Storage Area Network Concepts 15
Overview of Using ESX/ESXi with a SAN 17
Understanding VMFS Datastores 18
Making LUN Decisions 19
Specifics of Using SAN Storage with ESX/ESXi 21
How Virtual Machines Access Data on a SAN 22
Understanding Multipathing and Failover 22
Choosing Virtual Machine Locations 26
Designing for Server Failure 26
Optimizing Resource Use 27
3 Requirements and Installation 29

General ESX/ESXi SAN Requirements 29
ESX Boot from SAN Requirements 31
Installation and Setup Steps 31
4 Setting Up SAN Storage Devices with ESX/ESXi 33

Testing ESX/ESXi SAN Configurations 33
General Setup Considerations for Fibre Channel SAN Arrays 34
EMC CLARiiON Storage Systems 34
EMC Symmetrix Storage Systems 35
IBM TotalStorage DS4800 Storage Systems 36
IBM TotalStorage 8000 38
HP StorageWorks Storage Systems 38
Hitachi Data Systems Storage 41
Network Appliance Storage 41
5 Using Boot from SAN with ESX Systems 43

Boot from SAN Overview 43
Getting Ready for Boot from SAN 44
Setting Up the QLogic FC HBA for Boot from SAN 47
VMware, Inc. 3
Setting Up the Emulex FC HBA for Boot from SAN 48
6 Managing ESX/ESXi Systems That Use SAN Storage 51

Viewing Storage Adapter Information 51
Viewing Storage Device Information 52
Viewing Datastore Information 54
Resolving Display Issues 54
N-Port ID Virtualization 57
Path Scanning and Claiming 60
Path Management and Manual, or Static, Load Balancing 63
Path Failover 64
Set Device Driver Options for SCSI Controllers 65
Sharing Diagnostic Partitions 65
Disable Automatic Host Registration 66
Avoiding and Resolving SAN Problems 66
Optimizing SAN Storage Performance 67
Resolving Performance Issues 68
SAN Storage Backup Considerations 71
Layered Applications 72
A Multipathing Checklist 77
B Managing Storage Paths and Multipathing Plugins 79

List Claim Rules for the Host 79
Display Multipathing Modules 80
Display SATPs for the Host 81
Display NMP Storage Devices 81
Add PSA Claim Rules 82
Delete PSA Claim Rules 83
Mask Paths 83
Unmask Paths 84
Define NMP SATP Rules 84
esxcli corestorage Command-Line Options 85
Index 87
4 VMware, Inc.
Updated Information
This Fibre Channel SAN Configuration Guide is updated with each release of the product or when necessary.
This table provides the update history of the Fibre Channel SAN Configuration Guide.
EN-000109-02 n “EMC CLARiiON Storage Systems,” on page 34 has been updated to include
information on the host automatic registration feature. “Disable Automatic Host
Registration,” on page 66 provides instructions about how to turn the feature off.
n “Path Failover,” on page 64 has been updated to remove information on setting
HBA timeout parameters for failover. This information is no longer valid for ESX 4.0.
EN-000109-01 n The topic “HP StorageWorks EVA,” on page 40 has been updated to remove
references to the HP EVA3000/5000 storage devices, which are not supported by
ESX 4.0.
n Appendix A, “Multipathing Checklist,” on page 77 has been updated to remove
references to the HP EVA3000/5000 storage devices, which are not supported by
ESX 4.0.
VMware, Inc. 5
6 VMware, Inc.
About This Book
®
This manual, the Fibre Channel SAN Configuration Guide, explains how to use a VMware ESX and VMware
ESXi systems with a Fibre Channel storage area network (SAN). The manual discusses conceptual background,
installation requirements, and management information in the following main topics:
n Understanding ESX/ESXi – Introduces ESX/ESXi systems for SAN administrators.
n Using ESX/ESXi with a SAN – Discusses requirements, noticeable differences in SAN setup if ESX/ESXi
is used, and how to manage and troubleshoot the two systems together.
n Enabling your ESX system to boot from a LUN on a SAN – Discusses requirements, limitations, and
management of boot from SAN.
The Fibre Channel SAN Configuration Guide covers ESX, ESXi, and vCenter Server.
Intended Audience
The information presented in this manual is written for experienced Windows or Linux system administrators
and who are familiar with virtual machine technology datacenter operations.
Document Feedback

documentation set.
VMware, Inc. 7

8 VMware, Inc.
Overview of VMware ESX/ESXi 1
You can use ESX/ESXi in conjunction with a Fibre Channel storage area network (SAN), a specialized high-
speed network that uses Fibre Channel (FC) protocol to transmit data between your computer systems and
high-performance storage subsystems. Using ESX/ESXi with a SAN provides extra storage for consolidation,
improves reliability, and helps with disaster recovery.
To use ESX/ESXi effectively with a SAN, you must have a working knowledge of ESX/ESXi systems and SAN
concepts.

n “Introduction to ESX/ESXi,” on page 9
n “Understanding Virtualization,” on page 10
n “Interacting with ESX/ESXi Systems,” on page 13
Introduction to ESX/ESXi
The ESX/ESXi architecture allows administrators to allocate hardware resources to multiple workloads in fully
isolated environments called virtual machines.
System Components
The main components of ESX/ESXi include a virtualization layer, hardware interface components, and user
interface.
An ESX/ESXi system has the following key components.
Virtualization layer This layer provides the idealized hardware environment and virtualization of
underlying physical resources to the virtual machines. This layer includes the
virtual machine monitor (VMM), which is responsible for virtualization, and
VMkernel.
VMware, Inc. 9
The virtualization layer schedules the virtual machine operating systems and,
if you are running an ESX host, the service console. The virtualization layer
manages how the operating systems access physical resources. The VMkernel
must have its own drivers to provide access to the physical devices. VMkernel
drivers are modified Linux drivers, even though the VMkernel is not a Linux
variant.
Hardware interface The virtual machine communicates with hardware such as CPU or disk by
components using hardware interface components. These components include device
drivers, which enable hardware-specific service delivery while hiding
hardware differences from other parts of the system.
User interface Administrators can view and manage ESX/ESXi hosts and virtual machines in
several ways:
n A VMware vSphere Client (vSphere Client) can connect directly to the
ESX/ESXi host. This setup is appropriate if your environment has only one
host.
A vSphere Client can also connect to vCenter Server and interact with all
ESX/ESXi hosts that vCenter Server manages.
n The vSphere Web Access Client allows you to perform many management
tasks by using a browser-based interface.
n When you must have command-line access, you can use the VMware
vSphere Command-Line Interface (vSphere CLI).
Software and Hardware Compatibility

In the VMware ESX/ESXi architecture, the operating system of the virtual machine (the guest operating system)
interacts only with the standard, x86-compatible virtual hardware that the virtualization layer presents. This
architecture allows VMware products to support any x86-compatible operating system.
Most applications interact only with the guest operating system, not with the underlying hardware. As a result,
you can run applications on the hardware of your choice if you install a virtual machine with the operating
system that the application requires.
Understanding Virtualization
The VMware virtualization layer is common across VMware desktop products (such as VMware Workstation)
and server products (such as VMware ESX/ESXi). This layer provides a consistent platform for development,
testing, delivery, and support of application workloads.
The virtualization layer is organized as follows:

n Each virtual machine runs its own operating system (the guest operating system) and applications.
n The virtualization layer provides the virtual devices that map to shares of specific physical devices. These
devices include virtualized CPU, memory, I/O buses, network interfaces, storage adapters and devices,
human interface devices, and BIOS.
10 VMware, Inc.
Chapter 1 Overview of VMware ESX/ESXi
CPU, Memory, and Network Virtualization

A VMware virtual machine provides complete hardware virtualization. The guest operating system and
applications running on a virtual machine can never determine directly which physical resources they are
accessing (such as which physical CPU they are running on in a multiprocessor system, or which physical
memory is mapped to their pages).
The following virtualization processes occur.
CPU virtualization Each virtual machine appears to run on its own CPU (or a set of CPUs), fully
isolated from other virtual machines. Registers, the translation lookaside
buffer, and other control structures are maintained separately for each virtual
machine.
Most instructions are executed directly on the physical CPU, allowing resource-
intensive workloads to run at near-native speed. The virtualization layer safely
performs privileged instructions.
Memory virtualization A contiguous memory space is visible to each virtual machine. However, the
allocated physical memory might not be contiguous. Instead, noncontiguous
physical pages are remapped and presented to each virtual machine. With
unusually memory-intensive loads, server memory becomes overcommitted.
In that case, some of the physical memory of a virtual machine might be
mapped to shared pages or to pages that are unmapped or swapped out.
ESX/ESXi performs this virtual memory management without the information
that the guest operating system has and without interfering with the guest
operating system’s memory management subsystem.
Network virtualization The virtualization layer guarantees that each virtual machine is isolated from
other virtual machines. Virtual machines can communicate with each other
only through networking mechanisms similar to those used to connect separate
physical machines.
The isolation allows administrators to build internal firewalls or other network
isolation environments that allow some virtual machines to connect to the
outside, while others are connected only through virtual networks to other
virtual machines.
Storage Virtualization
ESX/ESXi provides host-level storage virtualization, which logically abstracts the physical storage layer from
virtual machines. Virtual machines running on the ESX/ESXi host are not aware of the complexities and
specifics of the storage devices to which the host connects.
An ESX/ESXi virtual machine uses a virtual hard disk to store its operating system, program files, and other
data associated with its activities. A virtual disk is a large physical file, or a set of files, that can be copied,
moved, archived, and backed up as easily as any other file. You can configure virtual machines with multiple
virtual disks.
To access virtual disks, a virtual machine uses virtual SCSI controllers. These virtual controllers appear to a
virtual machine as different types of controllers, including BusLogic Parallel, LSI Logic Parallel, LSI Logic SAS,
and VMware Paravirtual. These controllers are the only types of SCSI controllers that a virtual machine can
see and access.
VMware, Inc. 11
Each virtual disk that a virtual machine can access through one of the virtual SCSI controllers resides in the
VMware Virtual Machine File System (VMFS) datastore, NFS-based datastore, or on a raw disk. From the
standpoint of the virtual machine, each virtual disk appears as if it were a SCSI drive connected to a SCSI
controller. Whether the actual physical disk device is being accessed through parallel SCSI, iSCSI, network, or
Fibre Channel adapters on the host is transparent to the guest operating system and to applications running
Figure 1-1 gives an overview of storage virtualization. The diagram illustrates storage that uses VMFS and
storage that uses raw device mapping (RDM).
Figure 1-1. SAN Storage Virtualization

ESX/ESXi
virtual machine
1
SCSI controller
virtual disk 1 virtual disk 2
VMware virtualization layer
HBA
VMFS
LUN1 LUN2 LUN5
.vmdk RDM
Virtual Machine File System

In a simple configuration, the disks of virtual machines are stored as files within a Virtual Machine File System
(VMFS). When guest operating systems issue SCSI commands to their virtual disks, the virtualization layer
translates these commands to VMFS file operations.
ESX/ESXi hosts use VMFS to store virtual machine files. With VMFS, multiple virtual machines can run
concurrently and have concurrent access to their virtual disk files. Since VMFS is a clustered file system,
multiple hosts can have a shared simultaneous access to VMFS datastores on SAN LUNs. VMFS provides the
distributed locking to ensure that the multi-host environment is safe.
You can configure a VMFS datastore on either local disks or SAN LUNs. If you use the ESXi host, the local disk
is captured and used for the VMFS datastore during the host's first boot.
A VMFS datastore can map to a single SAN LUN or stretch over multiple SAN LUNs. You can expand a
datastore while virtual machines are running on it, either by growing the datastore or by adding a new extent.
The VMFS datastore can be extended over 32 physical storage extents of the same storage type.
12 VMware, Inc.
Chapter 1 Overview of VMware ESX/ESXi
Raw Device Mapping

A raw device mapping (RDM) is a special file in a VMFS volume that acts as a proxy for a raw device, such as
a SAN LUN. With the RDM, the SAN LUN can be directly and entirely allocated to a virtual machine. The
RDM provides some of the advantages of a virtual disk in the VMFS file system, while keeping some
advantages of direct access to physical devices.
An RDM might be required if you use Microsoft Cluster Service (MSCS) or if you run SAN snapshot or other
layered applications on the virtual machine. RDMs enable systems to use the hardware features inherent to
SAN arrays. However, virtual machines with RDMs do not display performance gains compared to virtual
machines with virtual disk files stored on a VMFS datastore.
For more information on the RDM, see the ESX Configuration Guide or ESXi Configuration Guide.
Interacting with ESX/ESXi Systems

You can interact with ESX/ESXi systems in several different ways. You can use a client or, in special cases,
interact programmatically.
Administrators can interact with ESX/ESXi systems in one of the following ways:
n With a GUI client (vSphere Client or vSphere Web Access). You can connect clients directly to the ESX/
ESXi host, or you can manage multiple ESX/ESXi hosts simultaneously with vCenter Server.
n Through the command-line interface. vSphere Command-Line Interface (vSphere CLI) commands are
scripts that run on top of the vSphere SDK for Perl. The vSphere CLI package includes commands for
storage, network, virtual machine, and user management and allows you to perform most management
operations. For more information, see vSphere Command-Line Interface Installation and Reference Guide.
n ESX administrators can also use the ESX service console, which supports a full Linux environment and
includes all vSphere CLI commands. Using the service console is less secure than remotely running the
vSphere CLI. The service console is not supported on ESXi.
VMware vCenter Server

vCenter Server is a central administrator for ESX/ESXi hosts. You can access vCenter Server through a vSphere
Client or vSphere Web Access.
vCenter Server vCenter Server acts as a central administrator for your hosts connected on a
network. The server directs actions upon the virtual machines and VMware
ESX/ESXi.
vSphere Client The vSphere Client runs on Microsoft Windows. In a multihost environment,
administrators use the vSphere Client to make requests to vCenter Server,
which in turn affects its virtual machines and hosts. In a single-server
environment, the vSphere Client connects directly to an ESX/ESXi host.
vSphere Web Access vSphere Web Access allows you to connect to vCenter Server by using an
HTML browser.
VMware, Inc. 13
14 VMware, Inc.
Using ESX/ESXi with Fibre Channel
SAN 2
When you set up ESX/ESXi hosts to use FC SAN array storage, special considerations are necessary. This section
provides introductory information about how to use ESX/ESXi with a SAN array.

n “Storage Area Network Concepts,” on page 15
n “Overview of Using ESX/ESXi with a SAN,” on page 17
n “Understanding VMFS Datastores,” on page 18
n “Making LUN Decisions,” on page 19
n “Specifics of Using SAN Storage with ESX/ESXi,” on page 21
n “How Virtual Machines Access Data on a SAN,” on page 22
n “Understanding Multipathing and Failover,” on page 22
n “Choosing Virtual Machine Locations,” on page 26
n “Designing for Server Failure,” on page 26
n “Optimizing Resource Use,” on page 27
Storage Area Network Concepts

If you are an ESX/ESXi administrator planning to set up ESX/ESXi hosts to work with SANs, you must have a
working knowledge of SAN concepts. You can find information about SANs in print and on the Internet.
Because this industry changes constantly, check these resources frequently.
If you are new to SAN technology, familiarize yourself with the basic terminology.
A storage area network (SAN) is a specialized high-speed network that connects computer systems, or host
servers, to high performance storage subsystems. The SAN components include host bus adapters (HBAs) in
the host servers, switches that help route storage traffic, cables, storage processors (SPs), and storage disk
arrays.
A SAN topology with at least one switch present on the network forms a SAN fabric.
To transfer traffic from host servers to shared storage, the SAN uses Fibre Channel (FC) protocol that packages
SCSI commands into Fibre Channel frames.
To restrict server access to storage arrays not allocated to that server, the SAN uses zoning. Typically, zones
are created for each group of servers that access a shared group of storage devices and LUNs. Zones define
which HBAs can connect to which SPs. Devices outside a zone are not visible to the devices inside the zone.
VMware, Inc. 15
Zoning is similar to LUN masking, which is commonly used for permission management. LUN masking is a
process that makes a LUN available to some hosts and unavailable to other hosts. Usually, LUN masking is
performed at the SP or server level.
Ports
In the context of this document, a port is the connection from a device into the SAN. Each node in the SAN, a
host, storage device, and fabric component has one or more ports that connect it to the SAN. Ports are identified
in a number of ways.
WWPN (World Wide Port A globally unique identifier for a port that allows certain applications to access
Name) the port. The FC switches discover the WWPN of a device or host and assign
a port address to the device.
Port_ID (or port address) In the SAN, each port has a unique port ID that serves as the FC address for
the port. This unique ID enables routing of data through the SAN to that port.
The FC switches assign the port ID when the device logs in to the fabric. The
port ID is valid only while the device is logged on.
When N-Port ID Virtualization (NPIV) is used, a single FC HBA port (N-port) can register with the fabric by
using several WWPNs. This method allows an N-port to claim multiple fabric addresses, each of which appears
as a unique entity. When ESX/ESXi hosts use a SAN, these multiple, unique identifiers allow the assignment
of WWNs to individual virtual machines as part of their configuration.
Multipathing and Path Failover

When transferring data between the host server and storage, the SAN uses a multipathing technique.
Multipathing allows you to have more than one physical path from the ESX/ESXi host to a LUN on a storage
system.
If a path or any component along the path, HBA or NIC, cable, switch or switch port, or storage processor,
fails, the server selects another of the available paths. The process of detecting a failed path and switching to
another is called path failover.
Storage System Types

Storage disk systems can be active-active and active-passive.
ESX/ESXi supports the following types of storage systems:

n An active-active storage system, which allows access to the LUNs simultaneously through all the storage
ports that are available without significant performance degradation. All the paths are active at all times,
unless a path fails.
n An active-passive storage system, in which one port is actively providing access to a given LUN. The other
ports act as backup for the LUN and can be actively providing access to other LUN I/O. I/O can be
successfully sent only to an active port for a given LUN. If access through the primary storage port fails,
one of the secondary ports or storage processors becomes active, either automatically or through
administrator intervention.
16 VMware, Inc.
Chapter 2 Using ESX/ESXi with Fibre Channel SAN
Overview of Using ESX/ESXi with a SAN

Using ESX/ESXi with a SAN improves flexibility, efficiency, and reliability. Using ESX/ESXi with a SAN also
supports centralized management and failover and load balancing technologies.
The following are benefits of using ESX/ESXi with a SAN:

n You can store data redundantly and configure multiple paths to your storage, eliminating a single point
of failure. ESX/ESXi systems provide multipathing by default for every virtual machine.
n Using a SAN with ESX/ESXi systems extends failure resistance to the server. When you use SAN storage,
all applications can instantly be restarted after host failure.
n You can perform live migration of virtual machines using VMware VMotion.
n Use VMware High Availability (HA) in conjunction with a SAN for a cold-standby solution that
guarantees an immediate, automatic response.
n Use VMware Distributed Resource Scheduler (DRS) to migrate virtual machines from one host to another
for load balancing. Because storage is on a SAN array, applications continue running seamlessly.
n If you use VMware DRS clusters, put an ESX/ESXi host into maintenance mode to have the system migrate
all running virtual machines to other ESX/ESXi hosts. You can then perform upgrades or other
maintenance operations.
The transportability and encapsulation of VMware virtual machines complements the shared nature of this
storage. When virtual machines are located on SAN-based storage, you can quickly shut down a virtual
machine on one server and power it up on another server, or suspend it on one server and resume operation
on another server on the same network. This ability allows you to migrate computing resources while
maintaining consistent shared access.
ESX/ESXi and SAN Use Cases

You can perform a number of tasks when using ESX/ESXi with SAN.
Using ESX/ESXi in conjunction with SAN is effective for the following tasks:
Maintenance with zero When performing an ESX/ESXi host or infrastructure maintenance, use
downtime VMware DRS or VMotion to migrate virtual machines to other servers. If
shared storage is on the SAN, you can perform maintenance without
interruptions to the user.
Load balancing Use VMotion or VMware DRS to migrate virtual machines to other hosts for
load balancing. If shared storage is on a SAN, you can perform load balancing
without interruption to the user.
Storage consolidation If you are working with multiple hosts, and each host is running multiple
and simplification of virtual machines, the storage on the hosts is no longer sufficient and external
storage layout storage is required. Choosing a SAN for external storage results in a simpler
system architecture along with other benefits.
Start by reserving a large LUN and then allocate portions to virtual machines
as needed. LUN reservation and creation from the storage device needs to
happen only once.
VMware, Inc. 17
Disaster recovery Having all data stored on a SAN facilitates the remote storage of data backups.
You can restart virtual machines on remote ESX/ESXi hosts for recovery if one
site is compromised.
Simplified array When you purchase new storage systems or arrays, use storage VMotion to
migrations and storage perform live automated migration of virtual machine disk files from existing
upgrades storage to their new destination.
Finding Further Information

In addition to this document, a number of other resources can help you configure your ESX/ESXi system in
conjunction with a SAN.
n Use your storage array vendor's documentation for most setup questions. Your storage array vendor might
also offer documentation on using the storage array in an ESX/ESXi environment.
n The VMware Documentation Web site.
n The iSCSI SAN Configuration Guide discusses the use of ESX/ESXi with iSCSI storage area networks.
n The VMware I/O Compatibility Guide lists the currently approved HBAs, HBA drivers, and driver versions.
n The VMware Storage/SAN Compatibility Guide lists currently approved storage arrays.
n The VMware Release Notes give information about known issues and workarounds.
n The VMware Knowledge Bases have information on common issues and workarounds.
Understanding VMFS Datastores

To store virtual disks, ESX/ESXi uses datastores, which are logical containers that hide specifics of storage from
virtual machines and provide a uniform model for storing virtual machine files. Datastores that you deploy
on storage devices use the VMware Virtual Machine File System (VMFS) format, a special high-performance
file system format that is optimized for storing virtual machines.
A VMFS datastore can run multiple virtual machines as one workload. VMFS provides distributed locking for
your virtual machine files, so that your virtual machines can operate safely in a SAN environment where
multiple ESX/ESXi hosts share a set of LUNs.
Use the vSphere Client to set up a VMFS datastore in advance on any SCSI-based storage device that your ESX/
ESXi host discovers. A VMFS datastore can be extended over several physical storage extents, including SAN
LUNs and local storage. This feature allows you to pool storage and gives you flexibility in creating the storage
volume necessary for your virtual machine.
You can increase the capacity of a datastore while virtual machines are running on the datastore. This ability
lets you add new space to your VMFS datastores as your virtual machine requires it. ESX/ESXi VMFS is
designed for concurrent access from multiple physical machines and enforces the appropriate access controls
on virtual machine files.
Sharing a VMFS Datastore Across ESX/ESXi Hosts

As a cluster file system, VMFS lets multiple ESX/ESXi hosts access the same VMFS datastore concurrently.
To ensure that multiple servers do not access the same virtual machine at the same time, VMFS provides on-
disk locking. To coordinate access to VMFS internal file system information, ESX/ESXi uses SCSI reservations
on the entire LUN.
Figure 2-1 shows several ESX/ESXi systems sharing the same VMFS volume.
18 VMware, Inc.
Figure 2-1. Sharing a VMFS Datastore Across ESX/ESXi Hosts

ESX/ESXi ESX/ESXi ESX/ESXi
A B C
VM1 VM2 VM3
VMFS volume
disk1
virtual
disk2 disk
files
disk3
Because virtual machines share a common VMFS datastore, it might be difficult to characterize peak-access
periods or to optimize performance. You must plan virtual machine storage access for peak periods, but
different applications might have different peak-access periods. VMware recommends that you load balance
virtual machines over servers, CPU, and storage. Run a mix of virtual machines on each server so that not all
experience high demand in the same area at the same time.
Metadata Updates
A VMFS datastore holds virtual machine files, directories, symbolic links, RDMs, and so on. A VMS datastore
also maintains a consistent view of all the mapping information for these objects. This mapping information
is called metadata.
Metadata is updated each time the attributes of a virtual machine file are accessed or modified when, for
example, you perform one of the following operations:
n Creating, growing, or locking a virtual machine file
n Changing a file's attributes
n Powering a virtual machine on or off
Making LUN Decisions

You must plan how to set up storage for your ESX/ESXi systems before you format LUNs with VMFS
datastores.
When you make your LUN decision, keep in mind the following considerations:
n Each LUN should have the correct RAID level and storage characteristic for applications in virtual
machines that use it.
n One LUN must contain only one VMFS datastore.
n If multiple virtual machines access the same VMFS, use disk shares to prioritize virtual machines.
You might want fewer, larger LUNs for the following reasons:
n More flexibility to create virtual machines without asking the storage administrator for more space.
n More flexibility for resizing virtual disks, doing snapshots, and so on.
n Fewer VMFS datastores to manage.
VMware, Inc. 19
You might want more, smaller LUNs for the following reasons:
n Less wasted storage space.
n Different applications might need different RAID characteristics.
n More flexibility, as the multipathing policy and disk shares are set per LUN.
n Use of Microsoft Cluster Service requires that each cluster disk resource is in its own LUN.
n Better performance because there is less contention for a single volume.
When the storage characterization for a virtual machine is not available, there is often no simple answer when
you have to decide on the LUN size and number of LUNs to use. You can experiment using either predictive
or adaptive scheme.
Use the Predictive Scheme to Make LUN Decisions

When you plan how to set up your storage for your ESX/ESXi systems before you format LUNs with VMFS
datastores, you must decide on the LUN size and number of LUNs to use. You can experiment using the
predictive scheme.
Procedure
1 Create several LUNs with different storage characteristics.
2 Build a VMFS datastore on each LUN, labeling each datastore according to its characteristics.
3 Allocate virtual disks to contain the data for virtual machine applications in the VMFS datastores built on
LUNs with the appropriate RAID level for the applications' requirements.
4 Use disk shares to distinguish high-priority from low-priority virtual machines.
Disk shares are relevant only within a given host. The shares assigned to virtual machines on one host
have no effect on virtual machines on other hosts.
5 Run the applications to determine whether virtual machine performance is acceptable.
Use the Adaptive Scheme to Make LUN Decisions

adaptive scheme.
Procedure
1 Create a large LUN (RAID 1+0 or RAID 5), with write caching enabled.
2 Build a VMFS on that LUN.
3 Place four or five virtual disks on the VMFS.
4 Run the applications to determine whether disk performance is acceptable.
If performance is acceptable, you can place additional virtual disks on the VMFS. If performance is not
acceptable, create a new, larger LUN, possibly with a different RAID level, and repeat the process. Use
migration so that you do not lose virtual machines when you recreate the LUN.
20 VMware, Inc.
Use Disk Shares to Prioritize Virtual Machines

If multiple virtual machines access the same VMFS datastore (and therefore the same LUN), use disk shares
to prioritize the disk accesses from the virtual machines. Disk shares distinguish high-priority from low-
priority virtual machines.
Procedure
1 Start a vSphere Client and connect to vCenter Server.
2 Select the virtual machine in the inventory panel and click Edit virtual machine settings from the menu.
3 Click the Resources tab and click Disk.
4 Double-click the Shares column for the disk to modify and select the required value from the drop-down
menu.
on the server and, on an ESX host, the service console. Share allocation symbolic values can be used to
configure their conversion into numeric values.
5 Click OK to save your selection.
NOTE Disk shares are relevant only within a given ESX/ESXi host. The shares assigned to virtual machines on
one host have no effect on virtual machines on other hosts.
Specifics of Using SAN Storage with ESX/ESXi

Using a SAN in conjunction with an ESX/ESXi host differs from traditional SAN usage in a variety of ways.
When you use SAN storage with ESX/ESXi, keep in mind the following considerations:
n You cannot directly access the virtual machine operating system that uses the storage. With traditional
tools, you can monitor only the VMware ESX/ESXi operating system. You use the vSphere Client to
monitor virtual machines.
n When you create a virtual machine, it is, by default, configured with one virtual hard disk and one virtual
SCSI controller. You can modify the SCSI controller type and SCSI bus sharing characteristics by using
the vSphere Client to edit the virtual machine settings. You can also add hard disks to your virtual machine.
n The HBA visible to the SAN administration tools is part of the ESX/ESXi system, not part of the virtual
machine.
n Your ESX/ESXi system performs multipathing for you.
Third-Party Management Applications

You can use third-party management applications in conjunction with your ESX/ESXi host.
Most SAN hardware is packaged with SAN management software. This software typically runs on the storage
array or on a single server, independent of the servers that use the SAN for storage.
Use this third-party management software for the following tasks:

n Storage array management, including LUN creation, array cache management, LUN mapping, and LUN
security.
n Setting up replication, check points, snapshots, or mirroring.
VMware, Inc. 21
If you decide to run the SAN management software on a virtual machine, you gain the benefits of running a
virtual machine, including failover using VMotion and VMware HA. Because of the additional level of
indirection, however, the management software might not be able to detect the SAN. This problem can be
resolved by using an RDM.
NOTE Whether a virtual machine can run management software successfully depends on the particular storage
system.
How Virtual Machines Access Data on a SAN

ESX/ESXi stores a virtual machine's disk files within a VMFS datastore that is deployed on a SAN storage
device. When virtual machine guest operating systems issue SCSI commands to their virtual disks, the
virtualization layer translates these commands to VMFS file operations.
When a virtual machine interacts with its virtual disk stored on a SAN, the following process takes place:
1 When the guest operating system in a virtual machine reads or writes to SCSI disk, it issues SCSI
commands to the virtual disk.
2 Device drivers in the virtual machine’s operating system communicate with the virtual SCSI controllers.
3 The virtual SCSI Controller forwards the command to the VMkernel.
4 The VMkernel performs the following tasks.

n Locates the file in the VMFS volume that corresponds to the guest virtual machine disk.
n Maps the requests for the blocks on the virtual disk to blocks on the appropriate physical device.
n Sends the modified I/O request from the device driver in the VMkernel to the physical HBA (host
HBA).
5 The host HBA performs the following tasks.

n Converts the request from its binary data form to the optical form required for transmission on the
fiber optic cable.
n Packages the request according to the rules of the FC protocol.
n Transmits the request to the SAN.
6 Depending on which port the HBA uses to connect to the fabric, one of the SAN switches receives the
request and routes it to the storage device that the host wants to access.
This storage device appears to be a specific disk to the host, but it might be a logical device that corresponds
to a physical device on the SAN. The switch must determine which physical device is made available to
the host for its targeted logical device.
Understanding Multipathing and Failover

To maintain a constant connection between an ESX/ESXi host and its storage, ESX/ESXi supports multipathing.
Multipathing is a technique that lets you use more than one physical path that transfers data between the host
and external storage device.
In case of a failure of any element in the SAN network, such as an adapter, switch, or cable, ESX/ESXi can
switch to another physical path, which does not use the failed component. This process of path switching to
avoid failed components is known as path failover.
In addition to path failover, multipathing provides load balancing. Load balancing is the process of distributing
I/O loads across multiple physical paths. Load balancing reduces or removes potential bottlenecks.
NOTE Virtual machine I/O might be delayed for up to sixty seconds while path failover takes place. These
delais allow the SAN to stabilize its configuration after topology changes. In general, the I/O delays might be
longer on active-passive arrays and shorter on activate-active arrays.
22 VMware, Inc.
Host-Based Failover with Fibre Channel

To support multipathing, your host typically has two or more HBAs available. This configuration supplements
the SAN multipathing configuration that generally provides one or more switches in the SAN fabric and the
one or more storage processors on the storage array device itself.
In Figure 2-2, multiple physical paths connect each server with the storage device. For example, if HBA1 or
the link between HBA1 and the FC switch fails, HBA2 takes over and provides the connection between the
server and the switch. The process of one HBA taking over for another is called HBA failover.
Figure 2-2. Multipathing and Failover

ESX/ESXi ESX/ESXi
HBA2 HBA1 HBA3 HBA4
switch switch
SP1 SP2
storage array
Similarly, if SP1 fails or the links between SP1 and the switches breaks, SP2 takes over and provides the
connection between the switch and the storage device. This process is called SP failover. VMware ESX/ESXi
supports HBA and SP failover with its multipathing capability.

To manage storage multipathing, ESX/ESXiusers a special VMkernel layer, Pluggable Storage Architecture
(PSA). The PSA is an open modular framework that coordinates the simultaneous operation of multiple
multipathing plugins (MPPs).
The VMkernel multipathing plugin that ESX/ESXi provides by default is the VMware Native Multipathing
Plugin (NMP). The NMP is an extensible module that manages subplugins. There are two types of NMP
subplugins, Storage Array Type Plugins (SATPs), and Path Selection Plugins (PSPs). SATPs and PSPs can be
built-in and provided by VMware, or can be provided by a third party.
tasks:
VMware, Inc. 23


VMkernel

MPP MPP
VMware SATP

command retries.

By default, ESX/ESXi provides an extensible multipathing module called the Native Multipathing Plugin
(NMP).
VMware SATPs
ESX/ESXi offers an SATP for every type of array that VMware supports. These SATPs include an active/active
SATP and active/passive SATP for non-specified storage arrays, and the local SATP for direct-attached storage.
Each SATP accommodates special characteristics of a certain class of storage arrays and can perform the array-
24 VMware, Inc.
VMware PSPs
Most Recently Used Selects the path the ESX/ESXi host used most recently to access the given device.
(MRU) If this path becomes unavailable, the host switches to an alternative path and
available.
might be a problem.
takes place.
VMware, Inc. 25
Choosing Virtual Machine Locations

Storage location is an important factor when you want to optimize the performance of your virtual machines.
There is always a trade-off between expensive storage that offers high performance and high availability and
storage with lower cost and lower performance.
Storage can be divided into different tiers depending on a number of factors:
High tier Offers high performance and high availability. Might offer built-in snapshots
to facilitate backups and Point-in-Time (PiT) restorations. Supports replication,
full SP redundancy, and fibre drives. Uses high-cost spindles.
Mid tier Offers mid-range performance, lower availability, some SP redundancy, and
SCSI drives. Might offer snapshots. Uses medium-cost spindles.
Lower tier Offers low performance, little internal storage redundancy. Uses low end SCSI
drives or SATA (serial low-cost spindles).
Not all applications require the highest performance and most available storage, at least not throughout their
entire life cycle.
If you want some of the functionality of the high tier, such as snapshots, but do not want to pay for it, you
might be able to achieve some of the high-performance characteristics in software.
When you decide where to place a virtual machine, ask yourself these questions:
n How critical is the virtual machine?
n What are its performance and availability requirements?
n What are its point-in-time (PiT) restoration requirements?
n What are its backup requirements?
n What are its replication requirements?
A virtual machine might change tiers throughout its life cycle because of changes in criticality or changes in
technology that push higher-tier features to a lower tier. Criticality is relative and might change for a variety
of reasons, including changes in the organization, operational processes, regulatory requirements, disaster
planning, and so on.
Designing for Server Failure

The RAID architecture of SAN storage inherently protects you from failure at the physical disk level. A dual
fabric, with duplication of all fabric components, protects the SAN from most fabric failures. The final step in
making your whole environment failure resistant is to protect against server failure.
Using VMware HA
With VMware HA, you can organize virtual machines into failover groups. When a host fails, all its virtual
machines are immediately started on different hosts. HA requires SAN storage.
When a virtual machine is restored on a different host, the virtual machine loses its memory state, but its disk
state is exactly as it was when the host failed (crash-consistent failover).
NOTE You must be licensed to use VMware HA.
26 VMware, Inc.
Using Cluster Services

Server clustering is a method of tying two or more servers together by using a high-speed network connection
so that the group of servers functions as a single, logical server. If one of the servers fails, the other servers in
the cluster continue operating, picking up the operations that the failed server performs.
VMware tests Microsoft Cluster Service in conjunction with ESX/ESXi systems, but other cluster solutions
might also work. Different configuration options are available for achieving failover with clustering:
Cluster in a box Two virtual machines on one host act as failover servers for each other. When
one virtual machine fails, the other takes over. This configuration does not
protect against host failures and is most commonly used during testing of the
clustered application.
Cluster across boxes A virtual machine on an ESX/ESXi host has a matching virtual machine on
another ESX/ESXi host.
Physical to virtual A virtual machine on an ESX/ESXi host acts as a failover server for a physical
clustering (N+1 server. Because virtual machines that run on a single host can act as failover
clustering) servers for numerous physical servers, this clustering method is a cost-effective
N+1 solution.
Server Failover and Storage Considerations

For each type of server failover, you must consider storage issues.
n Approaches to server failover work only if each server has access to the same storage. Because multiple
servers require a lot of disk space, and because failover for the storage array complements failover for the
server, SANs are usually employed in conjunction with server failover.
n When you design a SAN to work in conjunction with server failover, all LUNs that are used by the clustered
virtual machines must be detected by all ESX/ESXi hosts. This requirement is counterintuitive for SAN
administrators, but is appropriate when using virtual machines.
Although a LUN is accessible to a host, all virtual machines on that host do not necessarily have access to
all data on that LUN. A virtual machine can access only the virtual disks for which it has been configured.
In case of a configuration error, virtual disks are locked when the virtual machine boots so that no
corruption occurs.
NOTE As a rule, when you are using boot from a SAN LUN, only the host that is booting from a LUN should
see each boot LUN. An exception is when you are trying to recover from a failure by pointing a second host
to the same LUN. In this case, the SAN LUN in question is not really booting from SAN. No host is booting
from the SAN LUN because it is corrupted. The SAN LUN is a nonboot LUN that is made visible to a host.
Optimizing Resource Use

VMware vSphere allows you to optimize resource allocation by migrating virtual machines from overused
hosts to underused hosts.
You have the following options:

n Migrate virtual machines manually by using VMotion.
n Migrate virtual machines automatically by using VMware DRS.
You can use VMotion or DRS only if the virtual disks are located on shared storage accessible to multiple
servers. In most cases, SAN storage is used.
VMware, Inc. 27
Using VMotion to Migrate Virtual Machines

VMotion allows administrators to manually migrate virtual machines to different hosts. Administrators can
migrate a running virtual machine to a different physical server connected to the same SAN without service
interruption.
VMotion makes it possible to do the following tasks:

n Perform zero-downtime maintenance by moving virtual machines around so that the underlying
hardware and storage can be serviced without disrupting user sessions.
n Continuously balance workloads across the datacenter to most effectively use resources in response to
changing business demands.
Using VMware DRS to Migrate Virtual Machines

VMware DRS helps improve resource allocation across all hosts and resource pools.
DRS collects resource usage information for all hosts and virtual machines in a VMware cluster and gives
recommendations (or migrates virtual machines) in one of two situations:
Initial placement When you first power on a virtual machine in the cluster, DRS either places the
virtual machine or makes a recommendation.
Load balancing DRS tries to improve resource use across the cluster by performing automatic
migrations of virtual machines (VMotion) or by providing recommendations
for virtual machine migrations.
28 VMware, Inc.
Requirements and Installation 3
When you use ESX/ESXi systems with SAN storage, specific hardware and system requirements exist.
n “General ESX/ESXi SAN Requirements,” on page 29
n “ESX Boot from SAN Requirements,” on page 31
n “Installation and Setup Steps,” on page 31
General ESX/ESXi SAN Requirements

In preparation for configuring your SAN and setting up your ESX/ESXi system to use SAN storage, review the
requirements and recommendations.
n Make sure that the SAN storage hardware and firmware combinations you use are supported in
conjunction with ESX/ESXi systems.
n Configure your system to have only one VMFS volume per LUN. With VMFS-3, you do not have to set
accessibility.
n Unless you are using diskless servers, do not set up the diagnostic partition on a SAN LUN.
In the case of diskless servers that boot from a SAN, a shared diagnostic partition is appropriate.
n VMware recommends that you use RDMs for access to any raw disk from an ESX Server 2.5 or later
machine.
n For multipathing to work properly, each LUN must present the same LUN ID number to all ESX/ESXi
hosts.
n Make sure the driver you use in the guest operating system specifies a large enough queue. You can set
the queue depth for the physical HBA during system setup.
n On virtual machines running Microsoft Windows, increase the value of the SCSI TimeoutValue parameter
to 60. This increase allows Windows to better tolerate delayed I/O resulting from path failover.
Restrictions for ESX/ESXi with a SAN

This topic lists restrictions that exist when you use ESX/ESXi with a SAN.
n ESX/ESXi does not support FC connected tape devices.
n You cannot use virtual machine multipathing software to perform I/O load balancing to a single physical
LUN.
n You cannot use virtual machine logical-volume manager software to mirror virtual disks. Dynamic disks
on a Microsoft Windows virtual machine are an exception, but require special configuration.
VMware, Inc. 29
Setting LUN Allocations

This topic provides some general information on how to allocate LUNs when your ESX/ESXi works in
conjunction with SAN.
When you set LUN allocations, note the following points:
Storage provisioning. To ensure that the ESX/ESXi system recognizes the LUNs at startup time,
provision all LUNs to the appropriate HBAs before you connect the SAN to the
ESX/ESXi system.
VMware recommends that you provision all LUNs to all ESX/ESXi HBAs at the
same time. HBA failover works only if all HBAs see the same LUNs.
VMotion and VMware When you use vCenter Server and VMotion or DRS, make sure that the LUNs
DRS for the virtual machines are provisioned to all ESX/ESXi hosts. This provides
the greatest freedom in moving virtual machines.
Active/active compared When you use VMotion or DRS with an active/passive SAN storage device,
to active/passive arrays make sure that all ESX/ESXi systems have consistent paths to all storage
processors. Not doing so can cause path thrashing when a VMotion migration
occurs.
For active/passive storage arrays not listed in the Storage/SAN Compatibility
Guide, VMware does not support storage port failover. In those cases, you must
connect the server to the active port on the storage array. This configuration
ensures that the LUNs are presented to the ESX/ESXi host.
Setting Fibre Channel HBA

This topic provides general guidelines for setting a FC HBA on your ESX/ESXi host.
During FC HBA setup, consider the following issues.
HBA Default Settings

FC HBAs work correctly with the default configuration settings. Follow the configuration guidelines given by
your storage array vendor.
NOTE You should not mix FC HBAs from different vendors in a single server. Having different models of the
same HBA is supported, but a single LUN can not be accessed through two different HBA types, only through
the same type. Ensure that the firmware level on each HBA is the same.
Static Load Balancing Across HBAs

With both active/active and active/passive storage arrays, you can set up your host to use different paths to
different LUNs so that your adapters are being used evenly. See “Path Management and Manual, or Static,
Load Balancing,” on page 63.
Setting the Timeout for Failover

Set the timeout value for detecting when a path fails in the HBA driver. VMware recommends that you set the
timeout to 30 seconds to ensure optimal performance.
Dedicated Adapter for Tape Drives

For best results, use a dedicated SCSI adapter for any tape drives that you are connecting to an ESX/ESXi
system. FC connected tape drives are not supported. Use the Consolidated Backup proxy, as discussed in the
Virtual Machine Backup Guide.
30 VMware, Inc.
Chapter 3 Requirements and Installation
ESX Boot from SAN Requirements

When you have SAN storage configured with your ESX system, you can place the ESX boot image on one of
the LUNs on the SAN. This configuration must meet specific criteria.
To enable your ESX system to boot from a SAN, your environment must meet the requirements listed in
Table 3-1.
Table 3-1. Boot from SAN Requirements

Requirement Description
ESX system ESX 3.x or later is recommended. When you use the ESX 3.x system or later, RDMs are supported
requirements in conjunction with boot from SAN. For an ESX Server 2.5.x system, RDMs are not supported in
conjunction with boot from SAN.
HBA requirements The HBA BIOS for your HBA FC card must be enabled and correctly configured to access the boot
LUN.
The HBA should be plugged into the lowest PCI bus and slot number. This allows the drivers to
detect the HBA quickly because the drivers scan the HBAs in ascending PCI bus and slot numbers,
regardless of the associated virtual machine HBA number.
Boot LUN n When you boot from an active/passive storage array, the SP whose WWN is specified in the
considerations BIOS configuration of the HBA must be active. If that SP is passive, the HBA cannot support
the boot process.
n To facilitate BIOS configuration, mask each boot LUN so that only its own ESX system can see
it. Each ESX system should see its own boot LUN, but not the boot LUN of any other ESX
system.
SAN considerations n SAN connections must be through a switched topology if the array is not certified for direct
connect topology. If the array is certified for direct connect topology, the SAN connections can
be made directly to the array. Boot from SAN is supported for both switched topology and
direct connect topology if these topologies for the specific array are certified.
n Redundant and nonredundant configurations are supported. In the redundant case, ESX
collapses the redundant paths so that only a single path to a LUN is presented to the user.
Hardware- specific If you are running an IBM eServer BladeCenter and use boot from SAN, you must disable IDE
considerations drives on the blades.
Installation and Setup Steps

This topic provides an overview of installation and setup steps that you need to follow when configuring your
SAN environment to work with ESX/ESXi.
Follow these steps to configure your ESX/ESXi SAN environment.
1 Design your SAN if it is not already configured. Most existing SANs require only minor modification to
work with ESX/ESXi.
2 Check that all SAN components meet requirements.
3 Perform any necessary storage array modification.
Most vendors have vendor-specific documentation for setting up a SAN to work with VMware ESX/ESXi.
4 Set up the HBAs for the hosts you have connected to the SAN.
5 Install ESX/ESXi on the hosts.
6 Create virtual machines.
7 (Optional) Set up your system for VMware HA failover or for using Microsoft Clustering Services.
8 Upgrade or modify your environment as needed.
VMware, Inc. 31
32 VMware, Inc.
Setting Up SAN Storage Devices with
ESX/ESXi 4
This section discusses many of the storage devices supported in conjunction with VMware ESX/ESXi. For each
device, it lists the major known potential issues, points to vendor-specific information (if available), and
includes information from VMware knowledge base articles.
NOTE Information related to specific storage devices is updated only with each release. New information
might already be available. Consult the most recent Storage/SAN Compatibility Guide, check with your storage
array vendor, and explore the VMware knowledge base articles.

n “Testing ESX/ESXi SAN Configurations,” on page 33
n “General Setup Considerations for Fibre Channel SAN Arrays,” on page 34
n “EMC CLARiiON Storage Systems,” on page 34
n “EMC Symmetrix Storage Systems,” on page 35
n “IBM TotalStorage DS4800 Storage Systems,” on page 36
n “IBM TotalStorage 8000,” on page 38
n “HP StorageWorks Storage Systems,” on page 38
n “Hitachi Data Systems Storage,” on page 41
n “Network Appliance Storage,” on page 41
Testing ESX/ESXi SAN Configurations

ESX/ESXi supports a variety of SAN storage systems in different configurations. Generally, VMware tests ESX/
ESXi with supported storage systems for basic connectivity, HBA failover, and so on.
Not all storage devices are certified for all features and capabilities of ESX/ESXi, and vendors might have
specific positions of support with regard to ESX/ESXi.
Basic connectivity Tests whether ESX/ESXi can recognize and operate with the storage array. This
configuration does not allow for multipathing or any type of failover.
HBA failover The server is equipped with multiple HBAs connecting to one or more SAN
switches. The server is robust to HBA and switch failure only.
Storage port failover The server is attached to multiple storage ports and is robust to storage port
failures and switch failures.
Boot from SAN (with ESX The ESX host boots from a LUN configured on the SAN rather than from the
only) server itself.
VMware, Inc. 33
Direct connect The server connects to the array without using switches and with only an FC
cable. For all other tests, a fabric connection is used. FC Arbitrated Loop (AL)
is not supported.
Clustering The system is tested with Microsoft Cluster Service running in the virtual
machine.
General Setup Considerations for Fibre Channel SAN Arrays

When you prepare your FC SAN storage to work with ESX/ESXi, you must follow specific general requirements
that apply to all storage arrays.
For all storage arrays, make sure that the following requirements are met:
n LUNs must be presented to each HBA of each host with the same LUN ID number.
Because instructions on how to configure identical SAN LUN IDs are vendor specific, consult your storage
array documentation for more information.
n Unless specified for individual storage arrays, set the host type for LUNs presented to ESX/ESXi to
Linux, Linux Cluster, or, if available, to vmware or esx.
n If you are using VMotion, DRS, or HA, make sure that both source and target hosts for virtual machines
can see the same LUNs with identical LUN IDs.
SAN administrators might find it counterintuitive to have multiple hosts see the same LUNs because they
might be concerned about data corruption. However, VMFS prevents multiple virtual machines from
writing to the same file at the same time, so provisioning the LUNs to all required ESX/ESXi system is
appropriate.
EMC CLARiiON Storage Systems

EMC CLARiiON storage systems work with ESX/ESXi hosts in SAN configurations.
Basic configuration includes the following steps:
1 Installing and configuring the storage device.
2 Configuring zoning at the switch level.
3 Creating RAID groups.

4 Creating and binding LUNs.
5 Registering the servers connected to the SAN. By default, the host automatically performs this step.
6 Creating storage groups that contain the servers and LUNs.
Use the EMC storage management software to perform configuration. For information, see the EMC
documentation.
ESX/ESXi automatically sends the host's name and IP address to the array and registers the host with the array.
You are no longer required to perform host registration manually. If you prefer to use storage management
software, such as EMC Navisphere, to perform manual registration, turn off the ESX/ESXi auto-registration
feature. Turning it off helps you avoid overwriting the manual user registration. For information, see “Disable
Automatic Host Registration,” on page 66.
34 VMware, Inc.
Chapter 4 Setting Up SAN Storage Devices with ESX/ESXi
Because this array is an active/passive disk array, the following general considerations apply.
n To avoid the possibility of path thrashing, the default multipathing policy is Most Recently Used, not
Fixed. The ESX/ESXi system sets the default policy when it identifies the array.
n Automatic volume resignaturing is not supported for AX100 storage devices.
n To use boot from SAN, make sure that the active SP is chosen for the boot LUN’s target in the HBA BIOS.
IMPORTANT If the EMC CLARiiON CX storage systems use the ALUA protocol, your host cannot boot from
the systems or display VMFS datastores deployed on them. With ALUA enabled, these storage systems do not
support SCSI-2 reservations that ESX/ESXi requires for its operations.
EMC CLARiiON AX100 and RDM

On EMC CLARiiON AX100 systems, RDMs are supported only if you use the Navisphere Management Suite
for SAN administration. Navilight is not guaranteed to work properly.
To use RDMs successfully, a given LUN must be presented with the same LUN ID to every ESX/ESXi host in
the cluster. By default, the AX100 does not support this configuration.
AX100 Display Problems with Inactive Connections

When you use an AX100 FC storage device directly connected to an ESX/ESXi system, you must verify that all
connections are operational and unregister any connections that are no longer in use. If you do not, ESX/ESXi
cannot discover new LUNs or paths.
Consider the following scenario:
An ESX/ESXi system is directly connected to an AX100 storage device. The ESX/ESXi has two FC HBAs. One
of the HBAs was previously registered with the storage array and its LUNs were configured, but the
connections are now inactive.
When you connect the second HBA on the ESX/ESXi host to the AX100 and register it, the ESX/ESXi host
correctly shows the array as having an active connection. However, none of the LUNs that were previously
configured to the ESX/ESXi host are visible, even after repeated rescans.
To resolve this issue, remove the inactive HBA, unregister the connection to the inactive HBA, or make all
inactive connections active. This causes only active HBAs to be in the storage group. After this change, rescan
to add the configured LUNs.
Pushing Host Configuration Changes to the Array

When you use an AX100 storage array, no host agent periodically checks the host configuration and pushes
changes to the array. The axnaviserverutil cli utility is used to update the changes. This is a manual operation
and should be performed as needed.
The utility runs only on the service console and is not available with ESXi.
EMC Symmetrix Storage Systems

EMC Symmetrix storage systems work with ESX/ESXi hosts in FC SAN configurations. Generally, you use the
EMC software to perform configurations.
The following settings are required on the Symmetrix networked storage system. For more information, see
the EMC documentation.
n Common serial number (C)
n Auto negotiation (EAN) enabled
n Fibrepath enabled on this port (VCM)
VMware, Inc. 35
n SCSI 3 (SC3) set enabled

n Unique world wide name (UWN)
n SPC-2 (Decal) (SPC2) SPC-2 flag is required
The ESX/ESXi host considers any LUNs from a Symmetrix storage array with a capacity of 50MB or less as
management LUNs. These LUNs are also known as pseudo or gatekeeper LUNs. These LUNs appear in the
EMC Symmetrix Management Interface and should not be used to hold data.
IBM TotalStorage DS4800 Storage Systems

IBM TotalStorage DS4800 systems used to be called IBM FAStT. A number of storage array vendors (including
LSI and StorageTek) make SAN storage arrays that are compatible with the DS4800.
In addition to normal configuration steps for your IBM TotalStorage storage system, you must perform specific
tasks. You must also make sure that multipathing policy is set to Most Recently Used.
Configuring the Hardware for SAN Failover with DS4800 Storage Servers
This topic provides information on how to set up a highly available SAN failover configuration with an ESX/
ESXi host and DS4800 storage.
You must have the following hardware components:

n Two FC HBAs, such as QLogic or Emulex, on each ESX/ESXi machine.
n Two FC switches connecting the HBAs to the SAN (for example, FC switch 1 and FC switch 2).
n Two SPs (for example, SP1 and SP2).
Each SP must have at least two ports connected to the SAN.
Use the following connection settings for the ESX/ESXi host, as shown in Figure 4-1:
n Connect each HBA on each ESX/ESXi machine to a separate switch. For example, connect HBA1 to FC
switch 1 and HBA2 to FC switch 2.
n On FC switch 1, connect SP1 to a lower switch port number than SP2, to ensure that SP1 is listed first. For
example, connect SP1 to FC switch 1 port 1 and SP2 to FC switch 1 port 2.
n On FC switch 2, connect SP1 to a lower switch port number than SP2, to ensure that SP1 is listed first. For
example, connect SP1 to port 1 on FC switch 2 and SP2 to port 2 on FC switch 2.
Figure 4-1. SAN Failover

ESX/ESXi 1 ESX/ESXi 2
HBA1 HBA2 HBA3 HBA4
FC switch 1 FC switch 2
SP1 SP2
storage
36 VMware, Inc.
This configuration provides two paths from each HBA, so that each element of the connection can fail over to
a redundant path. The order of the paths in this configuration provides HBA and switch failover without the
need to trigger SP failover. The storage processor that the preferred paths are connected to must own the LUNs.
In the preceding example configuration, SP1 owns them.
NOTE The preceding example assumes that the switches are not connected through an Inter-Switch Link (ISL)
in one fabric.
Verify the Storage Processor Port Configuration

You can verify the SP port configuration by comparing the vSphere Client information with the information
in the DS4800 subsystem profile.
Procedure
1 Connect to the ESX/ESXi host by using the vSphere Client.
2 Select the host and choose the Configuration tab.
3 Click Storage Adapters in the Hardware panel.
4 Select each storage adapter to see its WWPN.
5 Select Storage to see the available datastores.
Compare the WWPN information to the information listed in the DS4800 storage subsystem profile.
Disabling Auto Volume Transfer

To avoid the possibility of path thrashing, disable Auto Volume Transfer (AVT) on the SAN storage processors.
If AVT is enabled, the two storage processors can alternately take ownership of the LUN in certain situations,
resulting in performance degradation. AVT is also known as ADT (Auto Disk Transfer).
To disable AVT, in the DS 4800 Storage Manager, for each port defined in each host group that contains HBAs
for one or more ESX/ESXi machines, set the host type to LNXCL or, in later versions, to VMware.
You must reboot the ESX/ESXi host after you change the AVT configuration.
Configure Storage Processor Sense Data

A DS4800 SP that runs Windows as a guest operating system should return Not Ready sense data when it is
quiescent. Returning Unit Attention might cause the Windows guest to fail during a failover.
Procedure
1 Determine the index for the LNXCL host type by using the following commands in a shell window.
Press Enter after each command.

SMcli.exe <ip-addr-for-SPA> show hosttopology; <Enter>
SMcli.exe <ip-addr-for-SPB> show hosttopology; <Enter>
VMware, Inc. 37
The following commands assume that 13 is the index corresponding to LNXCL in the NVSRAM host type
definitions. If your storage processors have LNXCL at a different index, substitute that index for 13 in the
following commands.
2 Execute these commands for SPA to have it return Not Ready sense data.
Press Enter only after you enter all commands.

SMcli.exe <ip-addr-for-SPA>
set controller [a] HostNVSRAMBYTE [13,0x12]=0x01;
set controller [a] HostNVSRAMBYTE [13,0x13]=0x00;
reset Controller [a];
<Enter>
3 Execute these commands for SPB to have it return Not Ready sense data.
Press Enter only after you enter all commands.

SMcli.exe <ip-addr-for-SPB>
set controller [b] HostNVSRAMBYTE [13,0x12]=0x01;
set controller [b] HostNVSRAMBYTE [13,0x13]=0x00;
reset Controller [b];
<Enter>
NOTE If you use the DS4800 Storage Manager GUI, paste the configuration commands for both storage
processors into a single script and configure both storage processors at the same time. If you use
SMcli.exe, make individual connections to each SP.
IBM TotalStorage 8000

IBM TotalStorage 8000 systems use an active/active array that does not need special configuration in
conjunction with VMware ESX/ESXi.
To use RDMs successfully, a given LUN must be presented with the same LUN ID to every ESX/ESXi host in
the cluster.
In the TotalStorage Configuration Management tool, select Use same ID for LUN in source and target.
Automatic resignaturing is not supported for IBM TotalStorage 8000 systems.
NOTE If you are configuring the ESX host to use boot from SAN from a LUN on an IBM TotalStorage 8000
array, disable the internal fibre port for the corresponding blade until installation is finished.
HP StorageWorks Storage Systems

This section includes configuration information for the different HP StorageWorks storage systems.
For additional information, see the HP ActiveAnswers section on VMware ESX/ESXi at the HP web site.
38 VMware, Inc.
HP StorageWorks MSA
This section lists issues of interest if you are using the active/passive version of the HP StorageWorks MSA.
Set the Profile Name to Linux

To use HP StorageWorks MSA 1000 and MSA 1500 with ESX/ESXi systems, configure the FC connections
between the SAN array and the ESX/ESXi host with the Profile Name set to Linux.
Procedure
1 Create a static connection on the MSA 1000 by using the MSA 1000 command-line interface.
For information on installing and configuring the command-line interface, see the HP StorageWorks MSA
1000 documentation.
NOTE You cannot create connection settings by using the HP Array Configuration utility.
2 Connect the MSA 1000 command-line interface to the MSA 1000.
3 Verify that the FC network between the MSA 1000 and the ESX/ESXi host is working.
4 Start the command-line interface and enter the following at the prompt:
SHOW CONNECTIONS
The output displays a connection specification for each FC WWNN and WWPN attached to the MSA 1000.
Connection Name: <unknown>
Host WWNN = 20:02:00:a0:b8:0c:d5:56
Host WWPN = 20:03:00:a0:b8:0c:d5:57
Profile Name = Default
Unit Offset 0
Controller 1 Port 1 Status = Online
5 Make sure the host’s WWNN and WWPN show the correct connection for each FC adapter on the ESX/
ESXi machine.
6 Create a static connection.

ADD CONNECTION ESX_CONN_1 WWNN=20:02:00:a0:b8:0c:d5:56 WWPN=20:03:00:a0:b8:0c:d5:57
PROFILE=LINUX
VMware, Inc. 39
7 Verify the connection by entering the following:
SHOW CONNECTIONS
The output displays a single connection with the WWNN and WWPN pair 20:02:00:a0:b8:0c:d5:56 and
20:03:00:a0:b8:0c:d5:57 and the Profile Name set to Linux:
Connection Name: ESX_CONN_1

Host WWNN = 20:02:00:a0:b8:0c:d5:56
Host WWPN = 20:03:00:a0:b8:0c:d5:57
Profile Name = Linux
Unit Offset = 0
NOTE Make sure WWNN = 20:02:00:a0:b8:0c:d5:56 and WWPN = 20:03:00:a0:b8:0c:d5:57 display a

single connection.
There should be no connection with the Connection Name unknown for WWNN=20:02:00:a0:b8:0c:d5:56 and
WWPN =20:03:00:a0:b8:0c:d5:57.
8 Add static connections with different connection name values for each WWNN and WWPN on the ESX/
ESXi host.
Hub Controller Issues

The ESX/ESXi system might not function correctly with the MSA hub controller. Use the 2/8 internal switch or
the single port controller instead.
HP StorageWorks EVA
To use an HP StorageWorks EVA system with ESX/ESXi, you must configure the correct host mode type.
Set the connection type to Custom when you present a LUN to an ESX/ESXi host. The value is one of the
following:
n For EVA4000/6000/8000 active/active arrays with firmware below 5.031, use the host mode type
000000202200083E.
n For EVA4000/6000/8000 active/active arrays with firmware 5.031 and above, use the host mode type
VMware.
Otherwise, EVA systems do not require special configuration changes to work with an ESX/ESXi system.
See the VMware Infrastructure, HP StorageWorks Best Practices on the HP Web site.
40 VMware, Inc.
HP StorageWorks XP
For HP StorageWorks XP, set the host mode to Windows (not Linux). This system is available from Hitachi Data
Systems.
Hitachi Data Systems Storage

This section introduces the setup for Hitachi Data Systems storage. This storage solution is also available from
Sun and as HP XP storage.
LUN masking To mask LUNs on an ESX/ESXi host, use the HDS Storage Navigator software
for best results.
Microcode and Check with your HDS representative for exact configurations and microcode
configurations levels needed for interoperability with ESX/ESXi. If your microcode is not
supported, interaction with ESX/ESXi is usually not possible.
Modes The modes you set depend on the model you are using, for example:
n 9900 and 9900v uses Netware host mode.
n 9500v series uses Hostmode1: standard and Hostmode2: SUN Cluster.
Check with your HDS representative for host mode settings for the models not
listed here.
Network Appliance Storage

When configuring a Network Appliance storage device, first set the appropriate LUN type and initiator group
type for the storage array.
LUN type VMware (if VMware type is not available, use Linux).
Initiator group type VMware (if VMware type is not available, use Linux).
You must then provision storage.
Provision Storage from a Network Appliance Storage Device

You can use CLI or the FilerView GUI to provision storage on a Network Appliance storage system.
For additional information on how to use Network Appliance Storage with VMware technology, see the
Network Appliance documents.
Procedure
1 Using CLI or the FilerView GUI, create an Aggregate if required.
aggr create <vmware-aggr> <number of disks>
2 Create a Flexible Volume.
vol create <aggregate name> <volume size>
3 Create a Qtree to store each LUN.
qtree create <path>
4 Create a LUN.
lun create -s <size> -t vmware <path>
VMware, Inc. 41
5 Create an initiator group.
igroup create -f -t vmware <igroup name>
6 Map the LUN to the initiator group you just created.
lun map (<path>) <igroup name> <LUN ID>
42 VMware, Inc.
Using Boot from SAN with ESX
Systems 5
This section discusses the benefits of boot from SAN and describes the tasks you need to perform to have the
ESX boot image stored on a SAN LUN.
NOTE Skip this information if you do not plan to have your ESX host boot from a SAN.

n “Boot from SAN Overview,” on page 43
n “Getting Ready for Boot from SAN,” on page 44
n “Setting Up the QLogic FC HBA for Boot from SAN,” on page 47
n “Setting Up the Emulex FC HBA for Boot from SAN,” on page 48
Boot from SAN Overview

Before you consider how to set up your system for boot from SAN, decide whether it makes sense for your
environment.
Use boot from SAN in the following circumstances:

n If you do not want to handle maintenance of local storage.
n If you need easy cloning of service consoles.
n In diskless hardware configurations, such as on some blade systems.
You should not use boot from SAN in the following situations:
n If you are using Microsoft Cluster Service.
n If I/O contention might occur between the service console and VMkernel.
NOTE With ESX Server 2.5, you could not use boot from SAN together with RDM. With ESX 3.x or later, this
restriction is removed.
VMware, Inc. 43
How Boot from a SAN Works

When you set up your host to boot from a SAN, the boot image is not stored on the ESX host’s local disk, but
instead is stored on a SAN LUN. The host is informed about the boot image location. When the host is started,
it boots from the LUNs on the SAN array.
On a system set up to boot from a SAN:

n The HBA BIOS must designate the FC card as the boot controller.
n The FC card must be configured to initiate a primitive connection to the target boot LUN.
Figure 5-1. How Boot from a SAN Works

host
service
console VMkernel
HBA
FC switch
storage array
boot disk
NOTE When you use boot from SAN in conjunction with ESX hosts, each host must have its own boot LUN.
Benefits of Boot from SAN

Booting your ESX host from a SAN provides numerous benefits.
The benefits include:

n Cheaper servers – Servers can be more dense and run cooler without internal storage.
n Easier server replacement – You can replace servers and have the new server point to the old boot location.
n Less wasted space.
n Easier backup processes – The system boot images in the SAN can be backed up as part of the overall SAN
backup procedures.
n Improved management – Creating and managing the operating system image is easier and more efficient.
Getting Ready for Boot from SAN

In addition to the general ESX with SAN configuration tasks, complete the following tasks to enable your ESX
host to boot from SAN.
1 Ensure that the configuration settings meet the basic boot from SAN requirements.
2 Prepare the hardware elements.
This includes your HBA, network devices, and storage system. Refer to the product documentation for
each device.
44 VMware, Inc.
Chapter 5 Using Boot from SAN with ESX Systems
3 Configure LUN masking on your SAN.
This ensures that each ESX host has a dedicated LUN for the boot partitions. The boot LUN must be
dedicated to a single server.
4 Choose the location for the diagnostic partition.
Diagnostic partitions can be put on the same LUN as the boot partition. Core dumps are stored in
diagnostic partitions.
IMPORTANT Your host cannot boot from the EMC CLARiiON CX storage systems that use the ALUA protocol.
With ALUA enabled, these storage systems do not support SCSI-2 reservations, which ESX requires to boot
from a SAN LUN.
Before You Begin

When preparing your ESX host and storage array for the boot from SAN setup, review any available
information, including specific recommendations and requirements, vendor's documentation, and so on.
Review the following information:

n The recommendations or sample setups for the type of configuration you want:
n Single or redundant paths to the boot LUN.
n FC switch fabric.
n Any specific recommendations that apply to the type of storage array you have.
n Restrictions and requirements, including:
n Boot-from-SAN restrictions.
n The vendor's recommendation for the storage array to be used for booting from a SAN.
n The vendor's recommendation for the server booting from a SAN.
n Find the WWN for the boot path HBA by using one of the following methods:
n Go into the FC HBA BIOS upon boot.
n Find the WWN on the physical card. It is similar to a MAC address.
LUN Masking in Boot from SAN Mode

Proper LUN masking is critical in boot from SAN mode.
n Each server can see only its own boot LUN, not the boot LUNs of other servers.
n Multiple servers can share a diagnostic partition. You can use LUN masking to achieve this.
For information on how to mask paths to specific LUNs on your host, see “Mask Paths,” on page 83.
VMware, Inc. 45
Prepare the SAN

This section lists the steps for preparing the SAN storage array for boot from SAN.
Procedure
1 Connect the FC and Ethernet cables, referring to any cabling guide that applies to your setup.
Check the FC switch wiring, if there is any.
2 Configure the storage array.

a From the SAN storage array, make the ESX host visible to the SAN. (This is often referred to as creating
an object.)
b From the SAN storage array, set up the ESX host to have the WWPNs of the host’s FC adapters as
port names or node names.
c Create LUNs.
d Assign LUNs.
e Record the IP addresses of the FC switches and storage arrays.
f Record the WWPN for each SP and host adapter involved.
CAUTION If you use scripted installation to install ESX in boot from SAN mode, you need to take special
steps to avoid unintended data loss.
3 Configure the HBA BIOS for boot from SAN.
4 Boot your ESX system from the ESX installation CD.
The QLogic BIOS uses a search list of paths (wwpn:lun) to locate a boot image. If one of the wwpn:lun paths is
associated with a passive path, for example, when you use CLARiiON or IBM TotalStorage DS 4000 systems,
the BIOS stays with the passive path and does not locate an active path. If you are booting your ESX system
from a SAN LUN, the boot fails while the host tries to access the passive path.
Minimizing the Number of Initiators

Be sure the zone contains the minimum number of host and storage ports possible. The Emulex and QLogic
BIOS can become unresponsive if several other initiators are in the same zone and you try to select a boot LUN.
For example, if fifteen initiators and four Symmetrix ports are in one zone, you might not be able to select a
boot device from either the Emulex or QLogic BIOS because it becomes unresponsive. If you zone the two host
ports to see only the four storage ports, you can select a boot LUN.
Set Up Your System to Boot from CD-ROM First

Because the VMware installation CD is in the CD-ROM drive, set up your system to boot from CD-ROM first.
To achieve this, change the system boot sequence in your system BIOS setup.
For example, you need to complete the following on the IBM X-Series 345 server.
Procedure
1 During your system power up, enter the system BIOS Configuration/Setup Utility.
2 Select Startup Options and press Enter.
46 VMware, Inc.
3 Select Startup Sequence Options and press Enter.
4 Change the First Startup Device to [CD-ROM].
You can now install the ESX system.
Setting Up the QLogic FC HBA for Boot from SAN

Configuring the QLogic HBA BIOS to boot ESX from a SAN includes enabling the QLogic HBA BIOS, enabling
the selectable Boot, and selecting the Boot LUN.
NOTE If you are using an IBM BladeCenter, disconnect all your local disk drives from the server.
Enable the QLogic HBA BIOS

When configuring the QLogic HBA BIOS to boot ESX from SAN, start with enabling the QLogic HBA BIOS.
Procedure
1 Enter the BIOS Fast!UTIL configuration utility.
a Boot the server.
b While booting the server, press Ctrl+Q.
2 Perform the appropriate action depending on the number of HBAs.
Option Description
One HBA If you have only one host bus adapter (HBA), the Fast!UTIL Options page
appears. Skip to Step 3.
Multiple HBAs If you have more than one HBA, select the HBA manually.
a In the Select Host Adapter page, use the arrow keys to position the cursor
on the appropriate HBA.
b Press Enter.
3 In the Fast!UTIL Options page, select Configuration Settings and press Enter.
4 In the Configuration Settings page, select Host Adapter Settings and press Enter.
5 Set the BIOS to search for SCSI devices.
a In the Host Adapter Settings page, select Host Adapter BIOS.

b Press Enter to toggle the value to Enabled.
c Press Esc to exit.
Enable the Selectable Boot

You need to enable the selectable boot.
Procedure
1 Choose Selectable Boot Settings and press Enter.
2 In the Selectable Boot Settings page, choose Selectable Boot.
3 Press Enter to toggle the value to Enabled.
VMware, Inc. 47
Select the Boot LUN

If you are using an active/passive storage array, the selected SP must be on the preferred (active) path to the
boot LUN. If you are not sure which SP is on the active path, use your storage array management software to
find out. The target IDs are created by the BIOS and might change with each reboot.
Procedure
1 Use the cursor keys to select the first entry in the list of storage processors.
2 Press Enter to open the Select Fibre Channel Device page.

3 Use the cursor keys to select the chosen SP and press Enter.
n If the SP has only one LUN attached, it is selected as the boot LUN, and you can skip to Step 4.
n If the SP has more than one LUN attached, the Select LUN page opens. Use the arrow keys to position
to the selected LUN and press Enter.
If any remaining storage processors show in the list, position to those entries and press C to clear the
data.
4 Press Esc twice to exit.
5 Press Enter to save the setting.
Setting Up the Emulex FC HBA for Boot from SAN

Configuring the Emulex HBA BIOS to boot ESX from SAN includes enabling the BootBIOS prompt and
enabling BIOS.
Enable the BootBIOS Prompt

When you configure the Emulex HBA BIOS to boot ESX from SAN, you need to enable the BootBIOS prompt.
Procedure
1 From the ESX service console or a Linux command prompt, run lputil.
NOTE Consider booting the ESX host from a Linux Administration CD that loads the Emulex driver, then
run lputil from there.
2 Select <3> Firmware Maintenance.
3 Select an adapter.
4 Select <6> Boot BIOS Maintenance.
5 Select <1> Enable Boot BIOS.
Enable the BIOS

When you configure the Emulex HBA BIOS to boot ESX from SAN, you need to enable BIOS.
Procedure
1 Reboot the ESX machine.
2 Press ALT+E at the Emulex prompt.
a Select an adapter (with BIOS support).
b Select <2> Configure Adapter's Parameters.
48 VMware, Inc.
c Select <1> Enable or Disable BIOS.
d Select <1> to enable BIOS.
e Select <x> to exit and <N> to return to the main menu.
3 From the Emulex main menu:
a Select the same adapter.
b Select <1> Configure Boot Devices.
c Select the location for the Boot Entry.

d Enter the two-digit boot device.
e Enter the two-digit (HEX) starting LUN (for example, 08).
f Select the boot LUN.
g Select <1> WWPN. (Boot this device using WWPN, not DID).
h Select <x> to exit and <Y> to reboot.
4 Boot into the system BIOS and move Emulex first in the boot controller sequence.
5 Reboot and install on a SAN LUN.
VMware, Inc. 49
50 VMware, Inc.
Managing ESX/ESXi Systems That Use
SAN Storage 6
This section helps you manage your ESX/ESXi system, use SAN storage effectively, and perform
troubleshooting. It also explains how to find information about storage devices, adapters, multipathing, and
so on.

n “Viewing Storage Adapter Information,” on page 51
n “Viewing Storage Device Information,” on page 52
n “Viewing Datastore Information,” on page 54
n “Resolving Display Issues,” on page 54
n “N-Port ID Virtualization,” on page 57
n “Path Scanning and Claiming,” on page 60
n “Path Management and Manual, or Static, Load Balancing,” on page 63
n “Path Failover,” on page 64
n “Set Device Driver Options for SCSI Controllers,” on page 65
n “Sharing Diagnostic Partitions,” on page 65
n “Disable Automatic Host Registration,” on page 66
n “Avoiding and Resolving SAN Problems,” on page 66
n “Optimizing SAN Storage Performance,” on page 67
n “Resolving Performance Issues,” on page 68
n “SAN Storage Backup Considerations,” on page 71
n “Layered Applications,” on page 72
Viewing Storage Adapter Information

In the vSphere Client, you can display storage adapters that your host uses and review their information.
When you list all available adapters, you can see their models, types, such as Fibre Channel, Parallel SCSI, or
iSCSI, and, if available, their unique identifiers.
As unique identifiers, Fibre Channel HBAs use World Wide Names (WWNs).
When you display details for each Fibre Channel HBA, you see the following information.
VMware, Inc. 51

Targets Number of targets accessed through the adapter.
WWN A World Wide Name formed according to Fibre Channel standards that uniquely identifies
the FC adapter.
View Storage Adapter Information

Use the vSphere Client to display storage adapters and review their information.
Procedure
Viewing Storage Device Information

You can use the vSphere Client to display all storage devices or LUNs available to your host, including all local
and networked devices. If you use any third-party multipathing plugins, storage devices available through
the plugins also appear on the list.
For each storage adapter, you can display a separate list of storage devices accessible just through this adapter.
When you review a list of storage devices, you typically see the following information.
Table 6-2. Storage Device Information

Device Information Description
Name A friendly name that the host assigns to the device based on the storage type and
manufacturer.
Identifier A universally unique identifier that is intrinsic to the storage device.
Owner The plugin, such as the NMP or a third-party plugin, the host uses to manage the storage
device.

52 VMware, Inc.
Chapter 6 Managing ESX/ESXi Systems That Use SAN Storage

In the vSphere Client, each storage device, or LUN, is identified by several names.
Name A friendly name that the host assigns to a device based on the storage type and
manufacturer. You can modify the name using the vSphere Client.
Identifier A universally unique identifier that the host extracts from the storage.
Depending on the type of storage, the host uses different algorithms to extract
the identifier. The identifier is persistent across reboots and is the same for all
hosts sharing the device.
host. The name is not a reliable identifier for the device, and is not persistent.
The runtime name has the following format:
vmhba#:C#:T#:L#, where
Targets that are shared by different hosts might not have the same target
number.


Procedure
4 Click Devices.
VMware, Inc. 53

For each storage adapter on your host, you can display a list of storage devices accessible just through this
adapter.
Procedure

5 Click Devices.
Viewing Datastore Information

You can view a list of available datastores and analyze their properties.
The Datastores pane shows summary information about the datastore.

n Target storage device where the datastore is located.
n File system the datastore uses.
n Total capacity and available space.
For each datastore, you can also review the following details:
n Location of the datastore.
n Total capacity, including the used and available space.
n Individual extents that the datastore spans and their capacity. To view extent details, click Properties and
select the Extents panel.
n Paths used to access the storage device.

Use the vSphere Client to review datastore properties.
Procedure
Resolving Display Issues

When you use the vSphere Client to view storage devices available to your ESX/ESXi host and the output
differs from what you expect, perform troubleshooting tasks.
Perform the following troubleshooting tasks if you have display issues.
54 VMware, Inc.
Table 6-3. Troubleshooting Fibre Channel LUN Display

Troubleshooting Task Description
Check cable connectivity. If you do not see a port, the problem could be cable connectivity. Check the cables first.
Ensure that cables are connected to the ports and a link light indicates that the connection
is good. If each end of the cable does not show a good link light, replace the cable.
Check zoning. Zoning limits access to specific storage devices, increases security, and decreases traffic
over the network. Some storage vendors allow only single-initiator zones. In that case, an
HBA can be in multiple zones to only one target. Other vendors allow multiple-initiator
zones. See your storage vendor’s documentation for zoning requirements. Use the SAN
switch software to configure and manage zoning.
Check access control n The MASK_PATH plugin allows you to prevent your host form seeing a specific
configuration. storage array or specific LUNs on a storage array. If your host does not see the expected
LUNs on the array, path masking could have been set up incorrectly.
n For booting from a SAN, ensure that each ESX host sees only required LUNs. Do not
allow any ESX host to see any boot LUN other than its own. Use storage system
software to make sure that the ESX host can see only the LUNs that it is supposed to
see.
n Ensure that the Disk.MaxLUN setting allows you to view the LUN you expect to see.
Check storage processor If a disk array has more than one storage processor (SP), make sure that the SAN switch
setup. has a connection to the SP that owns the LUNs you want to access. On some disk arrays,
only one SP is active and the other SP is passive until there is a failure. If you are connected
to the wrong SP (the one with the passive path), you might see the LUNs but get errors
when trying to access them.
Rescan your HBA. Perform a rescan each time you complete the following tasks:
n Change the path masking configuration on an ESX/ESXi host storage system.

displayed in the vSphere Client. When you make changes in your ESX/ESXi host or SAN configuration, you
need to use the rescan operation.
n Zone a new disk array on the SAN to an ESX/ESXi host.
VMware, Inc. 55

When you make changes in your ESX/ESXi host or SAN configuration, you might need to rescan your storage
Procedure
IMPORTANT On ESXi, it is not possible to rescan a single storage adapter. If you rescan a single adapter,
all adapters are rescanned.
New VMFS Volumes.
Change the Number of Scanned LUNs

By default, the VMkernel scans for LUN 0 to LUN 255 for every target (a total of 256 LUNs). You can modify the
Disk.MaxLUN parameter to improve LUN discovery speed.
IMPORTANT You cannot discover LUNs with a LUN ID number that is greater than 255.
Reducing the value can shorten rescan time and boot time. However, the time to rescan LUNs might depend
on other factors, including the type of storage system and whether sparse LUN support is enabled.
Procedure
1 In the vSphere Client inventory panel, select the host, click the Configuration tab, and click Advanced
Settings.
2 Select Disk.
3 Scroll down to Disk.MaxLUN.
4 Change the existing value to the value of your choice, and click OK.
The value you enter specifies the LUN after the last one you want to discover.
For example, to discover LUNs from 0 through 31, set Disk.MaxLUN to 32.
56 VMware, Inc.
Disable Sparse LUN Support

You can disable the default sparse LUN support to decrease the time ESX/ESXi needs to scan for LUNs.
The VMkernel provides sparse LUN support by default. The sparse LUN support enables the VMkernel to
perform uninterrupted LUN scanning when a storage system presents LUNs with nonsequential LUN
numbering, for example 0, 6, and 23. If all LUNs that your storage system presents are sequential, you can
disable the sparse LUN support.
Procedure
Settings.
2 In the Advanced Settings dialog box, select Disk.
3 Scroll down to Disk.SupportSparseLUN, change the value to 0, and click OK.
N-Port ID Virtualization
N-Port ID Virtualization (NPIV) is an ANSI T11 standard that describes how a single Fibre Channel HBA port
can register with the fabric using several worldwide port names (WWPNs). This allows a fabric-attached N-
port to claim multiple fabric addresses. Each address appears as a unique entity on the Fibre Channel fabric.
How NPIV-Based LUN Access Works

NPIV enables a single FC HBA port to register several unique WWNs with the fabric, each of which can be
assigned to an individual virtual machine.
SAN objects, such as switches, HBAs, storage devices, or virtual machines can be assigned World Wide Name
(WWN) identifiers. WWNs uniquely identify such objects in the Fibre Channel fabric. When virtual machines
have WWN assignments, they use them for all RDM traffic, so the LUNs pointed to by any of the RDMs on
the virtual machine must not be masked against its WWNs. When virtual machines do not have WWN
assignments, they access storage LUNs with the WWNs of their host’s physical HBAs. By using NPIV, however,
a SAN administrator can monitor and route storage access on a per virtual machine basis. The following section
describes how this works.
When a virtual machine has a WWN assigned to it, the virtual machine’s configuration file (.vmx) is updated
to include a WWN pair (consisting of a World Wide Port Name, WWPN, and a World Wide Node Name,
WWNN). As that virtual machine is powered on, the VMkernel instantiates a virtual port (VPORT) on the
physical HBA which is used to access the LUN. The VPORT is a virtual HBA that appears to the FC fabric as
a physical HBA, that is, it has its own unique identifier, the WWN pair that was assigned to the virtual machine.
Each VPORT is specific to the virtual machine, and the VPORT is destroyed on the host and it no longer appears
to the FC fabric when the virtual machine is powered off. When a virtual machine is migrated from one ESX/
ESXi to another, the VPORT is closed on the first host and opened on the destination host.
If NPIV is enabled, four WWN pairs (WWPN & WWNN) are specified for each virtual machine at creation
time.When a virtual machine using NPIV is powered on, it uses each of these WWN pairs in sequence to try
to discover an access path to the storage. The number of VPORTs that are instantiated equals the number of
physical HBAs present on the host up to the maximum of four. A VPORT is created on each physical HBA that
a physical path is found on. Each physical path is used to determine the virtual path that will be used to access
the LUN.Note that HBAs that are not NPIV-aware are skipped in this discovery process because VPORTs
cannot be instantiated on them.
NOTE If a host has four physical HBAs as paths to the storage, all physical paths must be zoned to the virtual
machine by the SAN administrator. This is required to support multipathing even though only one path at a
time will be active.
VMware, Inc. 57
Requirements for Using NPIV

If you plan to enable NPIV on your virtual machines, you should be aware of certain requirements and
limitations.
The following requirements and limitations exist:

n NPIV can only be used for virtual machines with RDM disks. Virtual machines with regular virtual disks
use the WWNs of the host’s physical HBAs.
n For this implementation of NPIV, the physical HBAs on an ESX/ESXi host, using their own WWNs, must
have access to all LUNs that are to be accessed by virtual machines running on that host.
n The ESX/ESXi host’s physical HBAs must support NPIV. Currently, the following vendors and types of
HBA provide this support:
n QLogic – any 4GB HBA.
n Emulex – 4GB HBAs that have NPIV-compatible firmware.
n Only four WWN pairs are generated per virtual machine.
n When a virtual machine or template with a WWN assigned to it is cloned, the clones do not retain the
WWN.
n The switches used must be NPIV-aware.
n When configuring an NPIV LUN for access at the storage level, make sure that the NPIV LUN number
and NPIV target ID match the physical LUN and Target ID.
n Always use the vSphere Client to manipulate virtual machines with WWNs.
CAUTION Disabling and then re-enabling the NPIV capability on an FC switch while virtual machines are
running can cause an FC link to fail and I/O to stop.
Assign WWNs to Virtual Machines

You can assign a WWN to a new virtual machine with an RDM disk when you create this virtual machine, or
to an existing virtual machine you can temporarily power off.
Procedure
1 From the vSphere Client, click Inventory in the navigation bar, and expand the inventory as needed.
2 In the inventory list, select the managed host to which you want to add a new virtual machine.
3 Select File > New > Virtual Machine.
The New Virtual Machine wizard appears.
4 Select Custom, and click Next.
5 Type a virtual machine name, and click Next.
6 Select a folder or the root of a datacenter, and click Next.
7 If the resource pool option is available, expand the tree until you locate the resource pool in which you
want to run the virtual machine, highlight it, and click Next.
8 Select a datastore in which to store the virtual machine files, and click Next.
9 Under Guest operating system, select the operating system family (Microsoft Windows, Linux, Novell
NetWare, Solaris, or Other).
10 Select the version from the pull-down menu, and click Next.
58 VMware, Inc.
11 Select the number of virtual processors in the virtual machine from the pull-down list, and click Next.
12 Configure the virtual machine’s memory size by selecting the number of megabytes, and click Next.
13 Configure network connections, and click Next.
14 Choose the type of SCSI adapter you want to use with the virtual machine.
15 Select Raw Device Mapping, and click Next.
16 From a list of SAN disks or LUNs, select a raw LUN you want your virtual machine to access directly.
17 Select a datastore for the RDM mapping file.

You can place the RDM file on the same datastore where your virtual machine files reside, or select a
different datastore.
NOTE If you want to use VMotion for a virtual machine with enabled NPIV, make sure that the RDM file
is located on the same datastore where the virtual machine configuration file resides. You cannot perform
Storage VMotion, or VMotion between datastores, when NPIV is enabled.
18 Select a compatibility mode, either physical or virtual.
Depending on your choice, subsequent screens offer different options.

n Physical compatibility mode allows the guest operating system to access the hardware directly.
Physical compatibility is useful if you are using SAN-aware applications in the virtual machine.
However, a virtual machine with the physical compatibility RDM cannot be cloned, made into a
template, or migrated if the migration involves copying the disk.
n Virtual compatibility allows the RDM to behave as if it were a virtual disk, so you can use such features
as snapshotting, cloning, and so on.
19 On the Specify Advanced Options page, you can change the virtual device node and click Next.
20 Assign WWNs to the virtual machine.
21 On the Ready to Complete New Virtual Machine page, select the Edit the virtual machine settings before
completion check box and click Next.
Assign or Modify WWNs

After you create a virtual machine with an RDM, you can assign virtual WWNs to it. You can also modify
WWN assignments for an existing virtual machine with an RDM.
Prerequisites
Make sure to power off the virtual machine if you want to edit the existing WWNs.
Before you begin, ensure that your SAN administrator has provisioned the storage LUN ACL to allow the
virtual machine’s ESX/ESXi host to access it.
VMware, Inc. 59
Procedure
1 Open the Virtual Machine Properties dialog box.
Option Action
New virtual machine For a new virtual machine, after creating the virtual machine, on the Ready
to Complete New Virtual Machine page select the Edit the virtual machine
settings before submitting the creation task checkbox, and click
Continue.
Existing virtual machine For an existing virtual machine, select the virtual machine from the inventory
panel, and click the Edit Settings link.
2 Select the Options tab.
3 Select Fibre Channel NPIV.
4 In the dialog box that opens, select one of the following options:
Option Description
Leave unchanged The existing WWN assignments are retained. The read-only WWN
Assignments section of this dialog box displays the node and port values of
any existing WWN assignments.
Generate new WWNs New WWNs are generated and assigned to the virtual machine, overwriting
any existing WWNs (those of the HBA itself are unaffected).
Remove WWN assignment The WWNs assigned to the virtual machine are removed and it uses the HBA
WWNs to access the storage LUN. This option is not available if you are
creating a new virtual machine.
CAUTION Removing or changing a virtual machine’s existing WWN
assignments causes it to lose connectivity to the storage LUNs

When you start your ESX/ESXi host or rescan your storage adapter, the host discovers all physical paths to
storage devices available to the host. Based on a set of claim rules defined in the /etc/vmware/esx.conf file,
the host determines which multipathing plugin (MPP) should claim the paths to a particular device and become
60 VMware, Inc.
You can find some information about modifying claim rules in Appendix B, “Managing Storage Paths and
Multipathing Plugins,” on page 79.

Use the vSphere Client to determine which SATP and PSP the ESX/ESXi host uses for a specific storage device
and the status of all available paths for this storage device. You can access the path information from both, the
deployed on.
NOTE For hosts that run ESX/ESXi 3.5 or earlier, the term active means the only
path that the host is using to issue I/O to a LUN.

Procedure
VMware, Inc. 61

Procedure

For each storage device, the ESX/ESXi host sets the path selection policy based on the claim rules defined in
the /etc/vmware/esx.conf file.
devices.
physical paths.

or failure when another SP now owns the
LUN.

selected.
62 VMware, Inc.

Procedure
n Fixed (VMware)
Disable Paths
Procedure
Disable.
Path Management and Manual, or Static, Load Balancing

Balancing loads among available paths improves performance. With both active/active and active/passive
storage arrays, you can set up your host to use different paths to different LUNs so that your adapters are being
used evenly.
If a path fails, the surviving paths carry all the traffic. Path failover might take a minute or more, because the
SAN might converge with a new topology to try to restore service. This delay is necessary to allow the SAN
to stabilize its configuration after topology changes.
With active/active storage arrays, you can configure your ESX/ESXi host to load balance traffic across multiple
adapters by assigning preferred paths to your LUNs. Path policy must be set to Fixed.
The following example demonstrates how manual load balancing is performed with an active/active array.
Assume the following setup, shown in Figure 6-1.

n Active/Active SPs
n An ESX/ESXi system
n Four Fibre Channel HBAs in each server
n Director class software
VMware, Inc. 63
Figure 6-1. Manual Load Balancing with Fibre Channel

ESX/ESXi
HBA1 HBA2 HBA3 HBA4
FC switch
SP1 SP2
1 2 3 4
storage array
For load balancing, set the preferred paths as follows. Load balancing can be performed with as few as two
HBAs, although this example uses four.
n For LUN 1: HBA1-SP1-LUN1
With active/passive arrays, you can perform load balancing if the array supports two active paths and the HBA
ports can access both SPs in an array.
NOTE Active/passive arrays use the MRU path policy which does not have a preferred path. If a path failure
occurs, there is no failback. As a result, static load balancing can become out of balance over time.
Path Failover
Path failover refers to situations when the active path to a LUN is changed from one path to another, usually
because of some SAN component failure along the current path. A server usually has one or two HBAs and
each HBA is connected to one or two storage processors on a given SAN array. You can determine the active
path, the path currently used by the server, by looking at the LUN’s properties.
When an FC cable is pulled, I/O might pause for 30-60 seconds until the FC driver determines that the link is
unavailable and failover has occurred. As a result, the virtual machines, with their virtual disks installed on
SAN storage, can appear unresponsive. If you attempt to display the host, its storage devices, or its adapter,
the operation might appear to stall. After failover is complete, I/O resumes normally.
In case of disastrous events that include multiple breakages, all connections to SAN storage devices might be
lost. If none of the connections to the storage device is working, some virtual machines might encounter I/O
errors on their virtual SCSI disks.
Set Operating System Timeout

You might want to increase the standard disk timeout value so that a Windows guest operating system is not
extensively disrupted during failover.
For Windows 2000 and Windows Server 2003 guest operating systems, you can set operating system timeout
using the registry.
Prerequisites
Before you begin, back up your Windows registry.
64 VMware, Inc.
Procedure
2 In the command window, type regedit.exe, and click OK.
3 In the left panel hierarchy view, double-click first HKEY_LOCAL_MACHINE, then System, then
CurrentControlSet, then Services, and then Disk.
4 Select the TimeOutValue and set the data value to x03c (hexadecimal) or 60 (decimal).
After you’ve made this change, Windows waits at least 60 seconds for delayed disk operations to complete
before it generates errors.
5 Click OK to exit the Registry Editor.
Set Device Driver Options for SCSI Controllers

This section describes how to set device driver options for QLogic, Emulex, or other SCSI card drivers.
Procedure
1 Back up the file /etc/vmware/esx.conf, and open it for editing.
The file includes a section for each SCSI device, as in the following example.
/device/002:02.0/class = "0c0400"
/device/002:02.0/devID = "2312"
/device/002:02.0/irq = "19"
/device/002:02.0/name = "QLogic Corp QLA231x/2340 (rev 02)"
/device/002:02.0/options = ""
/device/002:02.0/owner = "vmkernel"
/device/002:02.0/subsysDevID = "027d"
/device/002:02.0/subsysVendor = "1014"
/device/002:02.0/vendor = "1077"
/device/002:02.0/vmkname = "vmhba0"
2 Find the options line right under the name line and modify it as appropriate.
3 Repeat for every SCSI adapter that is controlled by the same driver if needed.
Sharing Diagnostic Partitions

Generally, you use the local disc of your ESX/ESXi host as a diagnostic partition. If you have diskless ESX
servers that boot from a SAN, multiple hosts can share one diagnostic partition on the same SAN LUN.
If more than one ESX/ESXi system uses the same LUN as the diagnostic partition, that LUN must be zoned so
that all the servers can access it.
Each server needs 100MB of space, so the size of the LUN determines how many servers can share it. Each
ESX/ESXi system is mapped to a diagnostic slot. VMware recommends at least 16 slots (1600MB) of disk space
if servers share a diagnostic partition.
If there is only one diagnostic slot on the device, all ESX/ESXi systems sharing that device map to the same
slot. This setup can easily create problems. If two ESX/ESXi systems perform a core dump at the same time,
the core dumps are overwritten on the last slot on the diagnostic partition.
If you allocate enough disk space for 16 slots, it is unlikely that core dumps are mapped to the same location
on the diagnostic partition, even if two ESX/ESXi systems perform a core dump at the same time.
VMware, Inc. 65
Disable Automatic Host Registration

When you use EMC CLARiiON or Invista arrays for storage, the hosts must register with the arrays. ESX/ESXi
performs automatic host registration by sending the host's name and IP address to the array. If you prefer to
perform manual registration by using storage management software, turn off the ESX/ESXi auto-registration
feature.
Procedure
1 In the vSphere Client, select the host in the inventory panel.

2 Click the Configuration tab and select Advanced Settings under Software.
3 Select Disk in the left panel and scroll down to Disk.EnableNaviReg on the right.
4 Change the default value to 0.
5 Reboot the host for the changes to take effect.
This action disables the automatic host registration enabled by default.
Avoiding and Resolving SAN Problems

When using ESX/ESXi in conjunction with a SAN, you must follow specific guidelines to avoid SAN problems.
You should observe these tips for avoiding and resolving problems with your SAN configuration:
n Place only one VMFS datastore on each LUN. Multiple VMFS datastores on one LUN is not recommended.
n Do not change the path policy the system sets for you unless you understand the implications of making
such a change. In particular, working with an active-passive array and setting the path policy to Fixed can
lead to path thrashing.
n Document everything. Include information about zoning, access control, storage, switch, server and FC
HBA configuration, software and firmware versions, and storage cable plan.
n Plan for failure:
n Make several copies of your topology maps. For each element, consider what happens to your SAN
if the element fails.
n Cross off different links, switches, HBAs and other elements to ensure you did not miss a critical
failure point in your design.
n Ensure that the Fibre Channel HBAs are installed in the correct slots in the ESX/ESXi host, based on slot
and bus speed. Balance PCI bus load among the available busses in the server.
n Become familiar with the various monitor points in your storage network, at all visibility points, including
ESX/ESXi performance charts, FC switch statistics, and storage performance statistics.
n Be cautious when changing IDs of the LUNs that have VMFS datastores being used by your ESX/ESXi
host. If you change the ID, virtual machines running on the VMFS datastore will fail.
If there are no running virtual machines on the VMFS datastore, after you change the ID of the LUN, you
must use rescan to reset the ID on your host. For information on using rescan, see “Rescan Storage
Adapters,” on page 56.
66 VMware, Inc.
Optimizing SAN Storage Performance

Several factors contribute to optimizing a typical SAN environment.
If the environment is properly configured, the SAN fabric components (particularly the SAN switches) are
only minor contributors because of their low latencies relative to servers and storage arrays. Make sure that
the paths through the switch fabric are not saturated, that is, that the switch fabric is running at the highest
throughput.
Storage Array Performance

Storage array performance is one of the major factors contributing to the performance of the entire SAN
environment.
If there are issues with storage array performance, be sure to consult your storage array vendor’s
documentation for any relevant information.
When assigning LUNs, remember that each LUN is accessed by a number of ESX/ESXi hosts, and that a number
of virtual machines can run on each host. One LUN used by an ESX/ESXi host can service I/O from many
different applications running on different operating systems. Because of this diverse workload, the RAID
group containing the ESX/ESXi LUNs should not include LUNs used by other hosts that are not running ESX/
ESXi for I/O intensive applications.
Make sure read/write caching is enabled.
SAN storage arrays require continual redesign and tuning to ensure that I/O is load balanced across all storage
array paths. To meet this requirement, distribute the paths to the LUNs among all the SPs to provide optimal
load balancing. Close monitoring indicates when it is necessary to manually rebalance the LUN distribution.
Tuning statically balanced storage arrays is a matter of monitoring the specific performance statistics (such as
I/O operations per second, blocks per second, and response time) and distributing the LUN workload to spread
the workload across all the SPs.
NOTE Dynamic load balancing is not currently supported with ESX/ESXi.
Server Performance
You must consider several factors to ensure optimal server performance.
Each server application must have access to its designated storage with the following conditions:
n High I/O rate (number of I/O operations per second)
n High throughput (megabytes per second)
n Minimal latency (response times)
Because each application has different requirements, you can meet these goals by choosing an appropriate
RAID group on the storage array. To achieve performance goals:
n Place each LUN on a RAID group that provides the necessary performance levels. Pay attention to the
activities and resource utilization of other LUNS in the assigned RAID group. A high-performance RAID
group that has too many applications doing I/O to it might not meet performance goals required by an
application running on the ESX/ESXi host.
n Make sure that each server has a sufficient number of HBAs to allow maximum throughput for all the
applications hosted on the server for the peak period. I/O spread across multiple HBAs provide higher
throughput and less latency for each application.
n To provide redundancy in the event of HBA failure, make sure the server is connected to a dual redundant
fabric.
VMware, Inc. 67
n When allocating LUNs or RAID groups for ESX/ESXi systems, multiple operating systems use and share
that resource. As a result, the performance required from each LUN in the storage subsystem can be much
higher if you are working with ESX/ESXi systems than if you are using physical machines. For example,
if you expect to run four I/O intensive applications, allocate four times the performance capacity for the
ESX/ESXi LUNs.
n When using multiple ESX/ESXi systems in conjunction with vCenter Server, the performance needed from
the storage subsystem increases correspondingly.
n The number of outstanding I/Os needed by applications running on an ESX/ESXi system should match
the number of I/Os the HBA and storage array can handle.
Resolving Performance Issues

The vSphere Client offers extensive facilities for collecting performance information. The information is
graphically displayed in the vSphere Client. The vSphere Client updates its display periodically.
You can also use the resxtop vSphere CLI command that allows you to examine how ESX/ESXi hosts use
resources. For information about resxtop, see the Resource Management Guide or vSphere Command-Line Interface
Resolving Path Thrashing

If your server is unable to access a LUN, or access is very slow, you might have a problem with path thrashing
(also called LUN thrashing). Path thrashing might occur when two hosts access the LUN through different SPs
and, as a result, the LUN is never actually available.
Only specific SAN configurations in conjunction with the following conditions can cause the path thrashing:
n You are working with an active-passive array. Path thrashing only occurs on active-passive arrays. For
active-active arrays or arrays that provide transparent failover, path thrashing does not occur.
n Two hosts access the same LUN using different storage processors (SPs). For example, the LUN is
configured to use the Fixed PSP. On Host A, the preferred path to the LUN is set to use a path through SP
A. On Host B, the preferred path to the LUN is configured to use a path through SP B.
Path thrashing can also occur if the LUN is configured to use either the Fixed PSP or the MRU PSP and Host
A can access the LUN only with paths through SP A, while Host B can access the LUN only with paths through
SP B.
This problem can also occur on a direct connect array (such as AX100) with HBA failover on one or more nodes.
Path thrashing is a problem that you typically do not experience with other operating systems:
n No other common operating system uses shared LUNs for more than two servers. That setup is typically
reserved for clustering.
n If only one server is issuing I/Os to the LUN at a time, path thrashing does not become a problem.
In contrast, multiple ESX/ESXi systems might issue I/O to the same LUN concurrently.
68 VMware, Inc.
Resolve Path Thrashing

Use this procedure to resolve path thrashing. Path thrashing occurs on active-passive arrays when two hosts
access the LUN through different SPs and, as a result, the LUN is never actually available.
Procedure
1 Ensure that all hosts sharing the same set of LUNs on the active-passive arrays use the same storage
processor.
2 Correct any cabling inconsistencies between different ESX/ESXi hosts and SAN targets so that all HBAs
see the same targets in the same order.
3 Configure the path to use the Most Recently Used PSP (the default).
Understanding Path Thrashing

The SPs in a storage array are like independent computers that have access to some shared storage. Algorithms
determine how concurrent access is handled.
For active/passive arrays, all the sectors on the storage that make up a given LUN can be accessed by only one
SP at a time. The LUN ownership is passed around between the storage processors. The reason is that storage
arrays use caches and SP A must not write anything to disk that invalidates the SP B cache. Because the SP has
to flush the cache when it finishes the operation, it takes a little time to move the ownership. During that time,
no I/O to the LUN can be processed by either SP.
Some active/passive arrays attempt to look like active/active arrays by passing the ownership of the LUN to
the various SPs as I/O arrives. This approach works in a clustering setup, but if many ESX/ESXi systems access
the same LUN concurrently through different SPs, the result is path thrashing.
Consider how path selection works:

n On an active/active array the ESX/ESXi system starts sending I/O down the new path.
n On an active/passive arrays, the ESX/ESXi system checks all standby paths. The SP of the path that is
currently under consideration sends information to the system on whether it currently owns the LUN.
n If the ESX/ESXi system finds an SP that owns the LUN, that path is selected and I/O is sent down that
path.
n If the ESX/ESXi host cannot find such a path, the ESX/ESXi host picks one of the standby paths and
sends the SP of that path a command to move the LUN ownership to the SP.
Path thrashing can occur as a result of the following path choice: If server A can reach a LUN only through
one SP, and server B can reach the same LUN only through a different SP, they both continually cause the
ownership of the LUN to move between the two SPs, effectively ping-ponging the ownership of the LUN.
Because the system moves the ownership quickly, the storage array cannot process any I/O (or can process
only very little). As a result, any servers that depend on the LUN will experience low throughput due to
the long time it takes to complete each I/O request.
Equalize Disk Access Between Virtual Machines

You can adjust the maximum number of outstanding disk requests with the Disk.SchedNumReqOutstanding
parameter in the vSphere Client. When two or more virtual machines are accessing the same LUN, this
parameter controls the number of outstanding requests that each virtual machine can issue to the LUN.
Adjusting the limit can help equalize disk access between virtual machines.
This limit does not apply when only one virtual machine is active on a LUN. In that case, the bandwidth is
limited by the queue depth of the storage adapter.
VMware, Inc. 69
Procedure
2 Click the Configuration tab and click Advanced Settings under Software.
3 Click Disk in the left panel and scroll down to Disk.SchedNumReqOutstanding.
4 Change the parameter value to the number of your choice and click OK.
This change can impact disk bandwidth scheduling, but experiments have shown improvements for disk-
intensive workloads.
What to do next
If you adjust this value in the VMkernel, you might also want to adjust the queue depth in your storage adapter.
Reducing SCSI Reservations

Operations that require getting a file lock or a metadata lock in VMFS result in short-lived SCSI reservations.
SCSI reservations lock an entire LUN. Excessive SCSI reservations by a server can cause performance
degradation on other servers accessing the same VMFS.
Examples of operations that require getting file locks or metadata locks include:
n Virtual machine power on.
n VMotion.
n Virtual machines running with virtual disk snapshots.
n File operations that require opening files or doing metadata updates.
Performance degradation can occur if such operations occur frequently on multiple servers accessing the same
VMFS. For instance, VMware recommends that you do not run many virtual machines from multiple servers
that are using virtual disk snapshots on the same VMFS. Limit the number of VMFS file operations when many
virtual machines run on the VMFS.
Adjust Queue Depth for a QLogic HBA

If you are not satisfied with the performance of your QLogic adapter, you can change its maximum queue
depth.
You can adjust the maximum queue depth for a QLogic qla2xxx series adapter by using the vSphere CLI.
Procedure
1 Verify which QLogic HBA module is currently loaded by entering the following command:
vmkload_mod -l | grep qla2xxx.
2 Run the following commands.
The example shows the qla2300_707 module. Use the appropriate module based on the outcome of the
previous step.
vicfg-module -s ql2xmaxqdepth=64 qla2300_707
In this case, the HBA represented by ql2x will have its LUN queue depth set to 64.
3 Reboot your host.
70 VMware, Inc.
Adjust Queue Depth for an Emulex HBA

If you are not satisfied with the performance of your Emulex adapter, you can change its maximum queue
depth.
You can adjust the maximum queue depth for an Emulex HBA using vSphere CLI.
Procedure
1 Verify which Emulex HBA module is currently loaded by entering the vmkload_mod -l | grep lpfcdd
command.
2 Run the following command.
The example shows the lpfcdd_7xx module. Use the appropriate module based on the outcome of
Step 1.
vicfg-module -s lpfc0_lun_queue_depth=16 lpfcdd_7xx
In this case, the HBA represented by lpfc0 will have its LUN queue depth set to 16.
3 Reboot your host.
SAN Storage Backup Considerations

In the SAN environment, backups have two goals. The first goal is to archive online data to offline media. This
process is repeated periodically for all online data on a time schedule. The second goal is to provide access to
offline data for recovery from a problem. For example, database recovery often requires retrieval of archived
log files that are not currently online.
Scheduling a backup depends on a number of factors:

n Identification of critical applications that require more frequent backup cycles within a given period of
time.
n Recovery point and recovery time goals. Consider how precise your recovery point needs to be, and how
long you are willing to wait for it.
n The rate of change (RoC) associated with the data. For example, if you are using synchronous/
asynchronous replication, the RoC affects the amount of bandwidth required between the primary and
secondary storage devices.
n Overall impact on SAN environment, storage performance (while backing up), and other applications.
n Identification of peak traffic periods on the SAN (backups scheduled during those peak periods can slow
the applications and the backup process).
n Time to schedule all backups within the datacenter.
n Time it takes to back up an individual application.
n Resource availability for archiving data; usually offline media access (tape).
Include a recovery-time objective for each application when you design your backup strategy. That is, consider
the time and resources necessary to reprovision the data. For example, if a scheduled backup stores so much
data that recovery requires a considerable amount of time, examine the scheduled backup. Perform the backup
more frequently, so that less data is backed up at a time and the recovery time decreases.
If a particular application requires recovery within a certain time frame, the backup process needs to provide
a time schedule and specific data processing to meet this requirement. Fast recovery can require the use of
recovery volumes that reside on online storage to minimize or eliminate the need to access slow offline media
for missing data components.
VMware, Inc. 71
Snapshot Software
Snapshot software allows an administrator to make an instantaneous copy of any single virtual disk defined
within the disk subsystem.
Snapshot software is available at different levels:

n ESX/ESXi hosts allow you to create snapshots of virtual machines. This software is included in the basic
ESX/ESXi package.
n Third-party backup software might allow for more comprehensive backup procedures and might contain
more sophisticated configuration options.
Administrators make snapshots for a variety of reasons:

n Backup
n Disaster recovery
n Availability of multiple configurations, versions, or both
n Forensics (looking at a snapshot to find the cause of problems while your system is running)
n Data mining (looking at a copy of your data to reduce load on production systems)
Using a Third-Party Backup Package

Using third-party software has the advantage of a uniform environment. However, the additional cost of the
third-party snapshotting software can become higher as your SAN grows.
If you are using third-party backup software, make sure that the software is supported with ESX/ESXi hosts.
If you use snapshots to back up your data, consider the following points:
n Some vendors support snapshots for both VMFS and RDMs. If both are supported, you can make either
a snapshot of the whole virtual machine file system for a host, or snapshots for the individual virtual
machines (one per disk).
n Some vendors support snapshots only for a setup using RDM. If only RDM is supported, you can make
snapshots of individual virtual machines.
See your storage vendor’s documentation.
NOTE ESX/ESXi systems also include a Consolidated Backup component.
Layered Applications
SAN administrators customarily use specialized array-based software for backup, disaster recovery, data
mining, forensics, and configuration testing.
Storage providers typically supply two types of advanced services for their LUNs: snapshotting and
replication.
n Snapshotting creates space with efficient copies of LUNs that share common blocks of data. In general,
snapshotting is used locally on the same storage systems as the primary LUN for quick backups,
application testing, forensics, or data mining.
n Replication creates full copies of LUNs. Replicas are usually made to separate storage systems, possibly
separate sites to protect against major outages that incapacitate or destroy an entire array or site.
When you use an ESX/ESXi system in conjunction with a SAN, you must decide whether array-based or host-
based tools are more suitable for your particular situation.
72 VMware, Inc.
Array-Based (Third-Party) Solution

When you use an ESX/ESXi system in conjunction with a SAN, you must decide whether array-based tools are
more suitable for your particular situation.
When you consider an array-based solution, keep in mind the following points:
n Array-based solutions usually result in more comprehensive statistics. With RDM, data always takes the
same path, which results in easier performance management.
n Security is more transparent to the storage administrator when you use RDM and an array-based solution
because with RDM, virtual machines more closely resemble physical machines.
n If you use an array-based solution, physical compatibility RDMs are often used for the storage of virtual
machines. If you do not intend to use RDM, check the storage vendor documentation to see if operations
on LUNs with VMFS volumes are supported. If you use array operations on VMFS LUNs, carefully read
the section on resignaturing.
File-Based (VMFS) Solution

When you use an ESX/ESXi system in conjunction with a SAN, you must decide whether host-based tools are
When you consider a file-based solution that uses VMware tools and VMFS instead of the array tools, be aware
of the following points:
n Using VMware tools and VMFS is better for provisioning. One large LUN is allocated and multiple .vmdk
files can be placed on that LUN. With RDM, a new LUN is required for each virtual machine.
n Snapshotting is included with your ESX/ESXi host at no extra cost. The file-based solution is therefore
more cost-effective than the array-based solution.
n Using VMFS is easier for ESX/ESXi administrators.
n ESX/ESXi administrators who use the file-based solution are more independent from the SAN
administrator.

ESX/ESXi can determine whether a LUN contains the VMFS datastore copy, and either mount the datastore
copy with its original UUID or change the UUID, thus resignaturing the datastore.
VMware, Inc. 73

When you mount the VMFS datastore, ESX/ESXi allows both reads and writes to the datastore residing on the
LUN copy. The LUN copy must be writable. The datastore mounts are persistent and valid across system
reboots.
Because ESX/ESXi does not allow you to resignature the mounted datastore, unmount the datastore before
resignaturing.

Prerequisites
presented to it.
Procedure
click Next.
What to do next
Unmount Datastores

n NFS datastores
74 VMware, Inc.
Procedure
b Click Next.

copy, ESX/ESXi assigns a new UUID and a new label to the copy, and mounts the copy as a datastore distinct
from the original.
The default format of the new label assigned to the datastore is snap-<snapID>-<oldLabel>, where <snapID>
is an integer and <oldLabel> is the label of the original datastore.

Prerequisites
Procedure
click Next.
VMware, Inc. 75
What to do next

76 VMware, Inc.
Multipathing Checklist A
This topic provides a checklist of multipathing setup requirements for different storage arrays.
Table A-1. Multipathing Setup Requirements

Component Comments
All storage arrays Write cache must be disabled if not battery backed.
Topology No single failure should cause both HBA and SP failover, especially with active-passive
storage arrays.
IBM TotalStorage DS 4000 Host type must be LNXCL or VMware in later versions.
(formerly FastT) AVT (Auto Volume Transfer) is disabled in this host mode.
HDS 99xx and 95xxV family HDS 9500V family (Thunder) requires two host modes:
n Host Mode 1: Standard.
n Host Mode 2: Sun Cluster
HDS 99xx family (Lightning) and HDS Tabma (USP) require host mode set to Netware.
EMC Symmetrix Enable the SPC2 and SC3 settings. Contact EMC for the latest settings.
EMC Clariion All Initiator records must have:

n Failover Mode = 1
n Initiator Type = “Clariion Open”
n Array CommPath = “Enabled” or 1
HP MSA Host type must be Linux.

Set the connection type for each HBA port to Linux.
HP EVA For EVA4000/6000/8000 firmware 5.031 and above, set the host type to VMware.
Otherwise, set the host mode type to Custom. The value is: 000000202200083E.
HP XP For XP 128/1024/10000/12000, the host mode should be set to 0C (Windows), that is, zeroC
(Windows).
NetApp No specific requirements
ESX/ESXi Configuration A PSP of Most Recently Used must be used for all LUNs hosting clustered disks for active-
passive arrays. A PSP of Most Recently Used or Fixed may be used for LUNs on active-
active arrays.
All FC HBAs must be of the same model.
VMware, Inc. 77
78 VMware, Inc.
Managing Storage Paths and
Multipathing Plugins B
Use the vSphere CLI to manage the Pluggable Storage Architecture (PSA) multipathing plugins and storage
paths assigned to them.
You can use the vSphere CLI to display all multipathing plugins available on your host. You can list any third-
party MPPs, as well as your host's NMP and SATPs and review the paths they claim. You can also define new
paths and specify which multipathing plugin should claim the paths.
For more information about additional commands available to manage PSA, see the vSphere Command-Line
Interface Installation and Reference Guide.

n “List Claim Rules for the Host,” on page 79
n “Display Multipathing Modules,” on page 80
n “Display SATPs for the Host,” on page 81
n “Display NMP Storage Devices,” on page 81
n “Add PSA Claim Rules,” on page 82
n “Delete PSA Claim Rules,” on page 83
n “Mask Paths,” on page 83
n “Unmask Paths,” on page 84
n “Define NMP SATP Rules,” on page 84
n “esxcli corestorage Command-Line Options,” on page 85
List Claim Rules for the Host

Use the vSphere CLI to list all claim rules from 0 to 65535.
Claim rules indicate which multipathing plugin, the NMP or any third-party MPP, manages a given physical
path. Each claim rule identifies a set of paths based on the following parameters:
n Vendor/model strings
n Transportation, such as SATA, IDE, Fibre Channel, and so on
n Adapter, target, or LUN location
n Device driver, for example, Mega-RAID
VMware, Inc. 79
Procedure
u Use the esxcli corestorage claimrule list to list claim rules.
Example B-1 shows the output of the command.
Example B-1. Sample Output of the esxcli corestorage claimrule list Command
Rule Class Type Plugin Matches

0 runtime transport NMP transport=usb
1 runtime transport NMP transport=sata
2 runtime transport NMP transport=ide
3 runtime transport NMP transport=block
101 runtime vendor MASK_PATH vendor=DELL model=Universal Xport
101 file vendor MASK_PATH vendor=DELL model=Universal Xport
200 runtime vendor MPP_1 vendor=NewVend model=*
200 file vendor MPP_1 vendor=NewVend model=*
201 runtime location MPP_2 adapter=vmhba41 channel=* target=* lun=*
201 file location MPP_2 adapter=vmhba41 channel=* target=* lun=*
202 runtime driver MPP_3 driver=megaraid
202 file driver MPP_3 driver=megaraid
65535 runtime vendor NMP vendor=* model=*
This example indicates the following:

n The NMP claims all paths connected to storage devices that use the USB, SATA, IDE, and Block SCSI
transportation.
n The MASK_PATH module claims all paths returning SCSI inquiry data with a vendor string of DELL and
a model string of Universal Xport. The MASK_PATH module is used to mask paths from your host.
n The MPP_1 module claims all paths connected to any model of the NewVend storage array.
n The MPP_3 module claims the paths to storage devices controlled by the Mega-RAID device driver.
n Any paths not described in the previous rules are claimed by NMP.
n The Class column in the output shows which rules are defined and which are loaded. The file parameter
in the Class column indicates that the rule is defined. The runtime parameter indicates that the rule has
been loaded into your system. For a user- defined claim rule to be active, two lines with the same rule
number should exist, one line for the rule with the file parameter and another line with runtime. Several
low numbered rules have only one line with the Class of runtime. These are system defined claim rules
that you cannot modify.
Display Multipathing Modules

Use the vSphere CLI to list all multipathing modules loaded into the system. Multipathing modules manage
physical paths that connect your host with storage.
Procedure
u To list all multipathing modules, run the following command:
vicfg-mpath --server <server> --list-plugins,
where <server> is your vSphere CLI administration server. You might be prompted for a user name and
password.
At a minimum, this command returns the NMP module. If any third-party MPPs have been loaded, they are
listed as well.
80 VMware, Inc.
Appendix B Managing Storage Paths and Multipathing Plugins
Example B-2. Sample Output of the vicfg-mpath Command
MPP_1
MPP_2
MPP_3
MASK_PATH
NMP
Display SATPs for the Host

Use the vSphere CLI to list all VMware NMP SATPs loaded into the system.
Procedure
u To list all VMware SATPs, run the following command.
esxcli nmp satp list
For each SATP, the command displays information that shows the type of storage array or system this SATP
supports and the default PSP for any LUNs using this SATP.
Keep in mind the following:

n If no SATP is assigned to the device by the claim rules, the default SATP for iSCSI or FC devices is
VMW_SATP_DEFAULT_AA. The default PSP is VMW_PSP_FIXED.
n If VMW_SATP_ALUA is assigned to a specific storage device, but the device is not ALUA-aware, there
is no claim rule match for this device. In this case, the device is claimed by the default SATP based on the
device's transport type.
n The default PSP for all devices claimed by VMW_SATP_ALUA is VMW_PSP_MRU. The VMW_PSP_MRU
selects an active/optimized path as reported by the VMW_SATP_ALUA, or an active/unoptimized path
if there is no active/optimized path. This path is used until a better path is available (MRU). For example,
if the VMW_PSP_MRU is currently using an active/unoptimized path and an active/optimized path
becomes available, the VMW_PSP_MRU will switch the current path to the active/optimized one.
Example B-3. Sample Output of the esxcli nmp satp list Command
Name Default PSP Description

VMW_SATP_ALUA_CX VMW_PSP_FIXED Supports EMC CX that use the ALUA protocol
VMW_SATP_SVC VMW_PSP_FIXED Supports IBM SVC
VMW_SATP_MSA VMW_PSP_MRU Supports HP MSA
VMW_SATP_EQL VMW_PSP_FIXED Supports EqualLogic arrays
VMW_SATP_INV VMW_PSP_FIXED Supports EMC Invista
VMW_SATP_SYMM VMW_PSP_FIXED Supports EMC Symmetrix
Display NMP Storage Devices

Use vSphere CLI to list all storage devices controlled by the VMware NMP and display SATP and PSP
information associated with each device.
Procedure
1 To list all storage devices, run the following command:
esxcli nmp device list
2 To show information for a specific device, run the following:
esxcli nmp device list -d <device_ID>
VMware, Inc. 81
Add PSA Claim Rules

Use the vSphere CLI to add a new PSA claim rule to the set of claim rules on the system. For the new claim
rule to be active, you first define the rule and then load it into your system.
You add a new PSA claim rule when, for example, you load a new multipathing plugin (MPP) and need to
define which paths this module should claim. You may need to create a new claim rule if you add new paths
and want an existing MPP to claim them.
CAUTION When creating new claim rules, be careful to avoid a situation when different physical paths to the
same LUN are claimed by different MPPs. Unless one of the MPPs is the MASK_PATH MPP, this configuration
will cause performance errors.
Procedure
1 To define a new claim rule, on the vSphere CLI, run the following command:
esxcli corestorage claimrule add -r <claimrule_ID> -t <type> <required_option (based on type)>

-P <MPP_name>
For information on the options that the command requires, see “esxcli corestorage Command-Line
Options,” on page 85.
2 To load the new claim rule into your system, run the following command:
esxcli corestorage claimrule load
This command has no options. It loads all newly created claim rules from your system's configuration file.
Example B-4. Adding a PSA Claim Rule

In the following example, you define the claim rule # 500, which specifies that the NMP module claims all
paths to the NewMod model of the NewVend storage array. You then load this claim rule into your system.
1 # esxcli corestorage claimrule add -r 500 -t vendor -V NewVend -M NewMod -P NMP
2 # esxcli corestorage claimrule load
If you now run the esxcli corestorage claimrule list command, you can see the new claim rule appearing
on the list.
NOTE The two lines for the claim rule, one with the Class of runtime another with the Class of file, indicate
that the new claim rule has been loaded into the system and is active.

500 runtime vendor NMP vendor=NewVend model=NewMod
500 file vendor NMP vendor=NewVend model=NewMod
82 VMware, Inc.
Delete PSA Claim Rules

Use the vSphere CLI to remove a PSA claim rule from the set of claim rules on the system.
Procedure
1 Delete a claim rule from the set of claim rules.
esxcli corestorage claimrule delete -r <claimrule_ID>
For information on the options that the command takes, see “esxcli corestorage Command-Line Options,”
on page 85.
NOTE By default, the PSA claim rule 101 masks Dell array pseudo devices. Do not delete this rule, unless
you want to unmask these devices.
2 Remove the claim rule from the ESX/ESXi system.
Mask Paths
You can prevent the ESX/ESXi host from accessing storage devices or LUNs or from using individual paths to
a LUN. Use the vSphere CLI commands to mask the paths.
When you mask paths, you create claim rules that assign the MASK_PATH plugin to the specified paths.
Procedure
1 Check what the next available rule ID is.
esxcli corestorage claimrule list
The claim rules that you use to mask paths should have rule IDs in the range of 101 – 200. If this command
shows that rule 101 and 102 already exist, you can specify 103 for the rule to add.
2 Assign the MASK_PATH plugin to a path by creating a new claim rule for the plugin.
esxcli corestorage claimrule add -r <claimrule_ID> -t <type> <required_option> -P <MASK_PATH>
For information on command-line options, see “esxcli corestorage Command-Line Options,” on

page 85.
3 Load the MASK_PATH claim rule into your system.
4 Verify that the MASK_PATH claim rule was added correctly.
5 If a claim rule for the masked path exists, remove the rule.
esxcli corestorage claiming unclaim <type> <required_option>
6 Run the path claiming rules.
esxcli corestorage claimrule run
After you assign the MASK_PATH plugin to a path, the path state becomes irrelevant and is no longer
maintained by the host. As a result, commands that display the masked path's information might show the
path state as dead.
VMware, Inc. 83
Example B-5. Masking a LUN

In this example, you mask the LUN 20 on targets T1 and T2 accessed through storage adapters vmhba2 and
vmhba3.
1 #esxcli corestorage claimrule list
2 #esxcli corestorage claimrule add -P MASK_PATH -r 109 -t location -A vmhba2 -C 0 -T 1 -L 20

#esxcli corestorage claimrule add -P MASK_PATH -r 110 -t location -A vmhba3 -C 0 -T 1 -L 20
3 #esxcli corestorage claimrule load
5 #esxcli corestorage claiming unclaim -t location -A vmhba2

#esxcli corestorage claiming unclaim -t location -A vmhba3
6 # esxcli corestorage claimrule run
Unmask Paths
When you need the host to access the masked storage device, unmask the paths to the device.
Procedure
1 Unmask a path to the storage device by running the esxcli corestorage claiming unclaim command.
Run this command for each path to the storage device.
For example:
esxcli corestorage claiming unclaim -t location -A vmhba0 -C 0 -T 0 -L 149
2 Load path claiming rules into the VMkernel by running the esxcli corestorage claimrule load
command.
3 Run the path claiming rules by entering the esxcli corestorage claimrule run.
Your host can now access the previously masked storage device.
Define NMP SATP Rules

The NMP SATP claim rules specify which SATP should manage a particular storage device. Usually you do
not need to modify the NMP SATP rules. If you need to do so, use vSphere CLI to add a rule to the list of claim
rules for the specified SATP.
You might need to create a new SATP rule when you install a third-party SATP for a specific storage array.
Procedure
1 To add a claim rule for a specific SATP, run the following command.
esxcli nmp satp addrule <rule_parameter> -e <description> -o <option> -s <SATP_name>
84 VMware, Inc.
Use the following options for <rule_parameter>. The -V and -M options can be used at the same time. They
cannot be used in conjunction with the -R or -D options.
NOTE When searching the SATP rules to locate an SATP for a given device, the NMP searches the driver
rules first. If there is no match, the vendor/model rules are searched, and finally the transport rules. If
there is still no match, NMP selects a default SATP for the device.
n -D <driver> -- Driver string to set when adding the SATP claim rule.
n -V <vendor> -- Vendor string to set when adding the SATP claim rule.
n -M <model> -- Model string to set when adding the SATP claim rule.
n -R <transport> -- Transport type string to set when adding the SATP claim rule.
Specify the following options for any SATP claim rule:

n -e <description> -- Description string to set when adding the SATP claim rule.
n -o <option> -- Claim option string to set when adding the SATP claim rule. This string is passed to
the SATP when the SATP claims a path. The contents of this string, and how the SATP behaves as a
result, are unique to each SATP. For example, some SATPs support the claim option strings tpgs_on
and tpgs_off. If tpgs_on is specified, the SATP will claim the path only if the ALUA Target Port Group
support is enabled on the storage device.
2 To delete a rule from the list of claim rules for the specified SATP, run the following command. You can
run this command with the same options you used for addrule.
esxcli nmp satp deleterule <rule_parameter> -s <SATP_name>
3 Reboot your host.
Example B-6. Defining an NMP SATP Rule

The following sample command assigns the VMW_SATP_INV plugin to manage storage arrays with vendor
string NewVend and model string NewMod.
# esxcli nmp satp addrule -V NewVend -M NewMod -s VMW_SATP_INV
If you run the esxcli nmp satp listrules -s VMW_SATP_INV command, you can see the new rule added to the
list of VMW_SATP_INV rules.
Name Vendor Model Driver Transport Options Claim Options Description
VMW_SATP_INV EMC Invista
VMW_SATP_INV EMC LUNZ Invista LUNZ
VMW_SATP_INV NewVend NewMod
esxcli corestorage Command-Line Options

Certain esxcli corestorage commands, for example the commands that you run to add new claim rules,
remove the rules, or mask paths, require that you specify a number of options.
Table B-1 lists options available for the esxcli corestorage commands.
Table B-1. esxcli corestorage command-line options

Option Description Required Option
-r <claimrule_ID> Use to specify the order number for the claim

rule from 0 to 65535.
-t <type> Use to define the set of paths for the claim These options change depending on the value
rule. Specify one of the following values for you enter for <type>.
the <type> variable:
VMware, Inc. 85
Table B-1. esxcli corestorage command-line options (Continued)

vendor – Indicate the vendor and model of -V <vendor> -M <model>

the storage device used for this path. Use asterisk (*) to specify all vendors or
models.
location – Indicate the adapter, channel, Use any of the following:

target, or LUN used for this path. n -A <adapter>
n -C <channel>
n -T <target>
n -L <lunID>
driver – Indicate the driver used for the -D <driver>

path.
transport – Indicate the transport used for -R <transport>

the path. Use one of the following for the <transport>
variable:
n block – Raid block devices, such as cciss
n fc – Fibre Channel
n iscsi – Default iSCSI
n iscsivendor – iSCSI with vendor
supplied IMA
n ide – IDE
n sas – Serial attached SCSI
n sata – Serial ATA
n usb – USB storage devices
n parallel – Parallel SCSI devices
n unknown – Unknown storage device type
-P <MPP_name> Indicate which MPP plugin should claim the

paths defined by the claim rule.
Run the vicfg-mpath --list-plugins
command to see valid values.
86 VMware, Inc.
Index
Symbols ESX requirements 31

* next to path 61 HBA requirements 31
introduction 43
A LUN masking 45
access, equalizing disk access 69 preparing installation 44
active-active disk arrays 16, 62 Qlogic FC HBA 47
active-passive disk arrays, path policy reset 66 recommendations 45
active/active disk arrays, managing paths 63 requirements 31
active/passive disk arrays
boot LUN 48
boot from SAN 31
boot LUN, selecting 48
HP StorageWorks MSA 39
BusLogic, queue depth 29
managing paths 63
path thrashing 69
C
adaptive scheme 20
can't see LUN 54
allocations 30
CD-ROM, booting from 46
applications,layered 72
claim rules, adding 82
array-based (third-party) solution 73
cluster across boxes 27
asterisk next to path 61
cluster in a box 27
auto volume transfer 37
cluster services 27
automatic host registration, disabling 66
clustering 33
avoiding problems 66
commands
AVT 37 SDK 13
AX100 vSphere CLI 13
display problems 35 configuration, storage processor sense data 37
inactive connections 35 configuring hardware for SAN failover,
axnaviserverutil cli utility 35 DS4800 36
CPU virtualization 11
B current multipathing state 61
backups
considerations 71 D
third-party backup package 72 datastore copies, mounting 74
basic connectivity 33 datastores
benefits 17 managing duplicate 73
BIOS mounting 74
enabling for BFS 48 paths 61
enabling Qlogic HBA for BFS 47 refresh 55
boot BIOS prompt, enabling for BFS 48 reviewing properties 54
boot from CD-ROM 46 unmounting 74
boot from SAN viewing information 54
benefits 44 design, for server failure 26
boot LUN considerations 31 device driver options 65
conceptual overview 44 device drivers 9
diagnostic partitions 44 diagnostic partitions
Emulex FC HBA 48 boot from SAN 44
enabling Qlogic HBA BIOS 47 sharing 65
direct connect 33
VMware, Inc. 87
disabling auto volume transfer 37 hardware compatibility 10

disabling paths 63 HBA
disaster recovery 17 Emulex 48, 58
disk access, equalizing 69 enabling Qlogic HBA BIOS for BFS 47
disk arrays Qlogic 47, 58
active-active 62 queue depth 70
active-passive 62 setup 30
active/active 30 static load balancing 30
active/passive 30, 48, 69 high-tier storage 26
zoning disk array 55, 56 Hitachi Data Systems storage, microcode 41
disk shares 21 host type 34
Disk.MaxLUN 56 host-based failover 23
Disk.SchedNumReqOutstanding parameter 69 HP StorageWorks
Disk.SupportSparseLUN 57 EVA 40
display problems, AX100 35 MSA 39
distributed locking 12 XP 41
drivers, device drivers 65 hub controller issues 40
DRS 28
DS4800, configuring hardware for SAN I
failover 36 IBM TotalStorage DS4000 36
dump partitions, sharing 65 IBM TotalStorage Enterprise Storage
Systems 38
E initiators, minimizing the number 46
EMC CLARiiON 34 installation
preparing for boot from SAN 44
EMC Symmetrix, pseudo LUNs 35
Emulex FC HBA steps 31
boot from SAN 48 Inter-Switch Link 36
NPIV support 58 interacting with ESX/ESXi systems 13
enabling BIOS for BFS 48 ISL 36
enabling boot BIOS prompt for BFS 48 issues
equalizing disk access 69 hub controller 40
esx, host type 34 performance 68
ESX/ESXi visibility 54
introduction 9
sharing VMFS 18 L
ESX/ESXi and SAN, requirements 29 layered applications 72
EVA (HP StorageWorks) 40 Linux
extents 12 host type 34
profile name 39
F VMkernel 9
failover Linux Cluster, host type 34
FAStT storage 36 load balancing, manual 63
transparent 16 locations of virtual machines 26
failover paths, status 61 locking 12
failure 26 lower-tier storage 26
FC HBA setup 30 LSILogic queue depth 29
Fibre Channel, concepts 15 LUN decisions
file-based (VMFS) solution 73 adaptive scheme 20
finding information 18 predictive scheme 20
Fixed path policy, path thrashing 68 LUN masking, boot from SAN 45
LUN not visible, SP visibility 54
LUNs
H 1 VMFS volume 29
HA 26
88 VMware, Inc.
Index
allocations 30 Network Appliance storage, provisioning

boot LUN 48 storage 41
can't see 54 network virtualization 11
changing number scanned 56 NFS datastores, unmounting 74
creating, and rescan 54–56 NMP, path claiming 60
decisions 19 number of extents 12
making changes and rescan 55 number of outstanding disk requests 69
masking 83
O
masking changes and rescan 54, 56
operating system timeout 64
multipathing policy 62
optimizing resource utilization 27
NPIV-based access 57
outstanding disk requests 69
number scanned 56
selecting boot LUN 48
P
setting multipathing policy 62 passive disk arrays, path thrashing 69
sparse 57 path claiming 60
path failover 22, 23
M path failure rescan 55, 56
maintenance 17
path management 22, 63
manual load balancing 63
path policies
mapping file 13 changing defaults 63
masking LUNs 83 Fixed 25, 62
maximum HBA queue depth 70 Most Recently Used 25, 62
memory virtualization 11 MRU 62
metadata updates 19 Round Robin 25, 62
microcode, Hitachi Data Systems storage 41 path policy reset, active-passive disk array 66
Microsoft Cluster Service 13, 33 Path Selection Plugins 25
mid-tier storage 26 path thrashing, resolving 69
Most Recently Used path policy, path paths
thrashing 68 disabling 63
mounting VMFS datastores 74 masking 83
MPPs preferred 61
displaying 80 performance
See also multipathing plugins issues 68
MRU path policy 62 optimizing 67
MSA (HP StorageWorks) 39 SCSI reservations 18
MSCS 33 physical to virtual clustering 27
multipathing Pluggable Storage Architecture 23
active paths 61 Port_ID 16
broken paths 61 ports, configuration 37
disabled paths 61 predictive scheme 20
standby paths 61 preferred path 61
viewing the current state of 61 prioritizing virtual machines 21
multipathing plugins, path claiming 60 problems
multipathing policy 62 avoiding 66
multipathing state 61 hub controller 40
performance 68
N visibility 54
N-Port ID Virtualization (NPIV), requirements 58 profile name, Linux 39
N+1 clustering 27 PSA, See Pluggable Storage Architecture
Native Multipathing Plugin 23, 24 PSPs, See Path Selection Plugins
Netware host mode 41
VMware, Inc. 89
Q snapshot software 72
Qlogic FC HBA software compatibility 10
boot from SAN 47 SP visibility, LUN not visible 54
NPIV support 58 sparse LUN support 57
Qlogic HBA BIOS, enabling for BFS 47 storage adapter, displaying in vSphere Client 52
queue depth 70 storage adapters, viewing in vSphere Client 51
SATPs, displaying 81
R Storage Array Type Plugins 24
raw device mapping, mapping file 13 storage arrays
RDM configuring 33
mapping file 13 performance 67
Microsoft Cluster Service 13 storage devices
refresh 55 accessible through adapters 54
requirements, boot from SAN 31 available to hosts 53
rescan displaying 81
adding disk array 55, 56 naming 53
LUN creation 54–56 paths 62
LUN masking 54 viewing information 52
path masking 55, 56 storage processors
when path is down 55, 56 configuring sense data 37
reservations, reducing SCSI reservations 70 port configuration 37
resolving problems 66 sense data 37
resource utilization, optimizing 27 storage systems
restrictions 29 EMC CLARiiON 34
Round Robin path policy 25, 62 EMC Symmetrix 35
Hitachi 41
S HP StorageWorks 38
SAN Network Appliance 41
backup considerations 71 types 16
hardware failover 36 storage virtualization 11
preparing 46 supported devices 34
requirements 29
server failover 27 T
specifics 21 tape devices 30
SAN fabric 15 third-party backup package 72
SAN management software 21 third-party management applications 21
SAN storage performance, optimizing 67 timeout 64
SAN storage, benefits 17 TimeoutValue parameter 29
SANs, accessing 22 troubleshooting 66
SATP rules, adding 84
scanning, changing number 56 U
SCSI controllers 11 use cases 17
SCSI controllers, device driver options 65
SCSI reservations, reducing 70 V
SDK 13 vCenter Server, accessing 13
selectable boot, enabling 47 Virtual Machine File System 12
server failover 27 Virtual Machine Monitor 9
server failure 26 virtual machines
server performance 67 accessing SANs 22
service console 43 assigning WWNs to 58
setup steps 31 equalizing disk access 69
sharing diagnostic partitions 65 locations 26
sharing VMFS across servers 18 prioritizing 21
90 VMware, Inc.
Index
virtual ports (VPORTs) 57 VMware vSphere Client 9

virtualization 10 volume resignaturing 73, 75
visibility issues 54 vSphere CLI, See vSphere Command-Line
VMFS Interface
1 volume per LUN 29 vSphere Client 9, 13
creating new volume 12 vSphere Command-Line Interface 13
locking 12 vSphere SDK 13
minimum size 12 vSphere Web Access 9, 13
number of extents 12
sharing across ESX/ESXi hosts 18 W
volume resignaturing 73 World Wide Names (WWNs)
VMFS datastores assigning to virtual machines 58
changing signatures 75 World Wide Port Names (WWPNs) 37, 57
resignaturing copies 75 WWNs
assigning 59
unmounting 74
changing 59
VMFS volume resignaturing 73
WWPN 16
VMkernel 9
VMM 9
X
VMotion 17, 28, 30
XP (HP StorageWorks) 41
vmware, host type 34
VMware DRS 17, 28 Z
VMware HA 17, 26 zoning 15
VMware NMP
I/O flow 25
See also Native Multipathing Plugin
VMware, Inc. 91
92 VMware, Inc.
iSCSI SAN Configuration Guide
ESX 4.0
ESXi 4.0
vCenter Server 4.0
EN-000110-00
©
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About This Book 5
1 Using ESX/ESXi with an iSCSI Storage Area Network 7

Understanding Virtualization 7
iSCSI SAN Concepts 9
Overview of Using ESX/ESXi with a SAN 13
Specifics of Using SAN Storage with ESX/ESXi 15
Understanding VMFS Datastores 15
Making LUN Decisions 17
How Virtual Machines Access Data on a SAN 18
Understanding Multipathing and Failover 19
Choosing Virtual Machine Locations 24
Designing for Server Failure 25
LUN Display and Rescan 26
2 Configuring iSCSI Initiators and Storage 27

ESX/ESXi iSCSI SAN Requirements 27
ESX/ESXi iSCSI SAN Restrictions 28
Setting LUN Allocations 28
Network Configuration and Authentication 28
Setting Up Hardware iSCSI Initiators 28
Setting Up Software iSCSI Initiators 30
Configuring Discovery Addresses for iSCSI Initiators 35
Configuring CHAP Parameters for iSCSI Initiators 37
Configuring Additional Parameters for iSCSI 40
Add iSCSI Storage 41
3 Modifying SAN Storage Systems for ESX/ESXi 43

Testing ESX/ESXi SAN Configurations 43
General Considerations for iSCSI SAN Storage Systems 44
EMC CLARiiON Storage Systems 44
EMC Symmetrix Storage Systems 45
Enable HP StorageWorks MSA1510i to Communicate with ESX/ESXi 45
HP StorageWorks EVA Storage Systems 46
NetApp Storage Systems 47
EqualLogic Storage Systems 49
LeftHand Networks SAN/iQ Storage Systems 49
Dell PowerVault MD3000i Storage Systems 49
4 Booting from an iSCSI SAN with ESX Systems 51

Booting from a SAN Overview 51
VMware, Inc. 3
Enable Booting from a SAN 52
5 Managing ESX/ESXi Systems That Use SAN Storage 55

Viewing Storage Adapter Information 55
Viewing Storage Device Information 56
Viewing Datastore Information 58
Resolving Display Issues 59
Path Scanning and Claiming 61
Sharing Diagnostic Partitions 66
Avoiding and Resolving SAN Problems 66
Optimizing SAN Storage Performance 67
Resolving Performance Issues 70
SAN Storage Backup Considerations 73
A iSCSI SAN Configuration Checklist 79
B VMware vSphere Command-Line Interface 81

resxtop Command 81
vicfg-iscsi Command 81
vicfg-mpath Command 81
esxcli corestorage claimrule Command 81
vmkping Command 82
C Managing Storage Paths and Multipathing Plugins 83

List Claim Rules for the Host 83
Display Multipathing Modules 84
Display SATPs for the Host 85
Display NMP Storage Devices 85
Add PSA Claim Rules 86
Delete PSA Claim Rules 87
Mask Paths 87
Unmask Paths 88
Define NMP SATP Rules 88
esxcli corestorage Command-Line Options 89
Index 91
4 VMware, Inc.
About This Book
®
This manual, the iSCSI SAN Configuration Guide, explains how to use a VMware ESX and VMware ESXi
systems with an iSCSI storage area network (SAN). The manual discusses conceptual background, installation
requirements, and covers ESX, ESXi, and vCenter Server.
Intended Audience
The information presented in this manual is written for experienced Windows or Linux system administrators
who are familiar with virtual machine technology datacenter operations.
Document Feedback

documentation set.

VMware, Inc. 5
6 VMware, Inc.
Using ESX/ESXi with an iSCSI Storage
Area Network 1
You can use ESX/ESXi in conjunction with a storage area network (SAN), a specialized high-speed network
that connects computer systems to high-performance storage subsystems. Using ESX/ESXi together with a
SAN provides extra storage for consolidation, improves reliability, and helps with disaster recovery.
To use ESX/ESXi effectively with a SAN, you must have a working knowledge of ESX/ESXi systems and SAN
concepts. Also, when you set up ESX/ESXi hosts to use Internet SCSI (iSCSI) SAN storage systems, you must
be aware of certain special considerations that exist.

n “Understanding Virtualization,” on page 7
n “iSCSI SAN Concepts,” on page 9
n “Overview of Using ESX/ESXi with a SAN,” on page 13
n “Specifics of Using SAN Storage with ESX/ESXi,” on page 15
n “Understanding VMFS Datastores,” on page 15
n “Making LUN Decisions,” on page 17
n “How Virtual Machines Access Data on a SAN,” on page 18
n “Understanding Multipathing and Failover,” on page 19
n “Choosing Virtual Machine Locations,” on page 24
n “Designing for Server Failure,” on page 25
n “LUN Display and Rescan,” on page 26
Understanding Virtualization
The VMware virtualization layer is common across VMware desktop products (such as VMware Workstation)
and server products (such as VMware ESX/ESXi). This layer provides a consistent platform for development,
testing, delivery, and support of application workloads.
The virtualization layer is organized as follows:

n Each virtual machine runs its own operating system (the guest operating system) and applications.
n The virtualization layer provides the virtual devices that map to shares of specific physical devices. These
devices include virtualized CPU, memory, I/O buses, network interfaces, storage adapters and devices,
human interface devices, and BIOS.
VMware, Inc. 7
Network Virtualization
The virtualization layer guarantees that each virtual machine is isolated from other virtual machines. Virtual
machines can talk to each other only through networking mechanisms similar to those used to connect separate
physical machines.
The isolation allows administrators to build internal firewalls or other network isolation environments so that
some virtual machines can connect to the outside, while others are connected only through virtual networks
to other virtual machines.
Storage Virtualization
ESX/ESXi provides host-level storage virtualization, which logically abstracts the physical storage layer from
virtual machines. Virtual machines running on the ESX/ESXi host are not aware of the complexities and
specifics of the storage devices to which the host connects.
An ESX/ESXi virtual machine uses a virtual hard disk to store its operating system, program files, and other
data associated with its activities. A virtual disk is a large physical file, or a set of files, that can be copied,
moved, archived, and backed up as easily as any other file. You can configure virtual machines with multiple
virtual disks.
To access virtual disks, a virtual machine uses virtual SCSI controllers. These virtual controllers appear to a
virtual machine as different types of controllers, including BusLogic Parallel, LSI Logic Parallel, LSI Logic SAS,
and VMware Paravirtual. These controllers are the only types of SCSI controllers that a virtual machine can
see and access.
Each virtual disk that a virtual machine can access through one of the virtual SCSI controllers resides in the
VMware Virtual Machine File System (VMFS) datastore, NFS-based datastore, or on a raw disk. From the
standpoint of the virtual machine, each virtual disk appears as if it were a SCSI drive connected to a SCSI
controller. Whether the actual physical disk device is being accessed through parallel SCSI, iSCSI, network, or
Fibre Channel adapters on the host is transparent to the guest operating system and to applications running
Figure 1-1 gives an overview of storage virtualization. The diagram illustrates storage that uses VMFS and
storage that uses raw device mapping. The diagram also shows how iSCSI storage is accessed through either
iSCSI HBAs or by using a general-purpose NIC that uses iSCSI initiator software.
8 VMware, Inc.
Chapter 1 Using ESX/ESXi with an iSCSI Storage Area Network
Figure 1-1. iSCSI SAN Storage Virtualization

ESX/ESXi
virtual virtual
machine machine
SCSI SCSI
controller controller
virtual disk virtual disk
VMware virtualization layer
software
iSCSI initiator
hardware
iSCSI
initiator ethernet
(HBA) NIC
LAN LAN
VMFS
LUN1 LUN2 LUN5
.vmdk
iSCSI SAN Concepts

If you are an ESX/ESXi administrator who plans to set up ESX/ESXi hosts to work with SANs, you must have
a working knowledge of SAN concepts. You can find information about SAN in print and on the Internet. If
you are new to iSCSI SAN technology, read the following sections to familiarize yourself with the basic
terminology this document uses.
iSCSI SANs use Ethernet connections between computer systems, or host servers, and high-performance
storage subsystems. The SAN components include host bus adapters (HBAs) or Network Interface Cards
(NICs) in the host servers, switches and routers that transport the storage traffic, cables, storage processors
(SPs), and storage disk systems.
To transfer traffic from host servers to shared storage, the SAN uses the iSCSI protocol that packages SCSI
commands into iSCSI packets and transmits them on an Ethernet network.
VMware, Inc. 9
iSCSI Initiators
To access remote targets, your ESX/ESXi host uses iSCSI initiators. Initiators transport SCSI requests and
responses between the ESX/ESXi system and the target storage device on the IP network.
ESX/ESXi supports hardware-based and software-based iSCSI initiators:
Hardware iSCSI Initiator Uses a specialized iSCSI HBA. The hardware iSCSI initiator is responsible for
all iSCSI and network processing and management.
Software iSCSI Initiator Code built into the VMkernel that allows an ESX/ESXi to connect to the iSCSI
storage device through standard network adapters. The software initiator
handles iSCSI processing while communicating with the network adapter.
With the software initiator, you can use iSCSI technology without purchasing
specialized hardware.
Ports in the iSCSI SAN

In the context of this document, a port is an end point of the connection from a device into the iSCSI SAN. Each
node in the iSCSI SAN, a host, storage device, and Ethernet switch has one or more ports that connect it to the
SAN. Ports are identified in a number of ways.
IP Address Each iSCSI port has an IP address associated with it so that routing and
switching equipment on your network can establish the connection between
the server and storage. This address is just like the IP address that you assign
to your computer to get access to your company's network or the Internet.
iSCSI Name A worldwide unique name for identifying the port. The iSCSI name starts with
either iqn. (for iSCSI qualified name) or eui. (for extended unique identifier).
Multiple iSCSI devices can be present, with multiple iSCSI names, and can be
connected through a single physical Ethernet port.
By default, ESX/ESXi generates unique iSCSI names for your iSCSI initiators,
for example, iqn.1998-01.com.vmware:iscsitestox-68158ef2. Usually, you do
not have to change the default value, but if you do, make sure that the new
iSCSI name you enter is worldwide unique.
iSCSI Alias A more manageable name for an iSCSI device or port used instead of the iSCSI
name. iSCSI aliases are not unique and are intended to be just a friendly name
to associate with a port.
Multipathing and Path Failover

When transferring data between the host server and storage, the SAN uses a multipathing technique.
Multipathing allows you to have more than one physical path from the ESX/ESXi host to a LUN on a storage
system.
If a path or any component along the path, HBA or NIC, cable, switch or switch port, or storage processor,
fails, the server selects another of the available paths. The process of detecting a failed path and switching to
another is called path failover.
10 VMware, Inc.
Storage System Types

Storage disk systems can be active-active and active-passive.
ESX/ESXi supports the following types of storage systems:

n An active-active storage system, which allows access to the LUNs simultaneously through all the storage
ports that are available without significant performance degradation. All the paths are active at all times,
unless a path fails.
n An active-passive storage system, in which one port is actively providing access to a given LUN. The other
ports act as backup for the LUN and can be actively providing access to other LUN I/O. I/O can be
successfully sent only to an active port for a given LUN. If access through the primary storage port fails,
one of the secondary ports or storage processors becomes active, either automatically or through
administrator intervention.
n A virtual port storage system, which allows access to all available LUNs through a single virtual port.
These are active-active storage devices, but hide their multiple connections though a single port. The ESX/
ESXi multipathing cannot detect the multiple connections to the storage. These storage systems handle
port failover and connection balancing transparently. This is often referred to as transparent failover.
Target Compared to LUN Representations

In the ESX/ESXi context, the term target identifies a single storage unit that your host can access. The terms
storage device and LUN describe a logical volume that represents storage space on a target. Typically, the
terms device and LUN, in the ESX/ESXi context, mean a SCSI volume presented to your host from a storage
target and available for formatting.
Different iSCSI storage vendors present storage to servers in different ways. Some vendors present multiple
LUNs on a single target, while others present multiple targets with one LUN each. While the way the storage
is used by an ESX/ESXi is similar, the way the information is presented through administrative tools is different.
Figure 1-2. Target Compared to LUN Representations
target target target target
LUN LUN LUN LUN LUN LUN
storage array storage array
Three LUNs are available in each of these configurations. In the first case, ESX/ESXi detects one target but that
target has three LUNs that can be used. Each of the LUNs represents individual storage volume. In the second
case, the ESX/ESXi detects three different targets, each having one LUN.
ESX/ESXi-based iSCSI initiators establish connections to each target. Storage systems with a single target
containing multiple LUNs have traffic to all the LUNs on a single connection. With a system that has three
targets with one LUN each, a host uses separate connections to the three LUNs. This information is useful
when you are trying to aggregate storage traffic on multiple connections from the ESX/ESXi host with multiple
iSCSI HBAs, where traffic for one target can be set to a particular HBA, while traffic for another target can use
a different HBA.
VMware, Inc. 11
iSCSI Naming Conventions

iSCSI uses a worldwide unique name to identify an iSCSI device, either target or initiator. This name is similar
to the WorldWide Name (WWN) associated with Fibre Channel devices and is used as a way to universally
identify the device.
iSCSI names are formatted in two different ways. The first is by an iSCSI qualified name, commonly referred
to as an IQN name. The second, much less common method, is through an enterprise unique identifier, also
referred to as an EUI name.
For more details on iSCSI naming requirements and string profiles, see RFC 3721 and RFC 3722 on the IETF
Web site.
iSCSI Qualified Names

iSCSI qualified names take the form iqn.yyyy-mm.naming-authority:unique name, where:
n yyyy-mm is the year and month when the naming authority was established.
n naming-authority is usually reverse syntax of the Internet domain name of the naming authority. For
example, the iscsi.vmware.com naming authority could have the iSCSI qualified name form of iqn.
1998-01.com.vmware.iscsi. The name indicates that the vmware.com domain name was registered in
January of 1998, and iscsi is a subdomain, maintained by vmware.com.
n unique name is any name you want to use, for example, the name of your host. The naming authority
must make sure that any names assigned following the colon are unique, such as:
Enterprise Unique Identifiers

Enterprise unique identifiers take the form eui.<16 hex digits>.
For example, eui.0123456789ABCDEF.
The 16-hexadecimal digits are text representations of a 64-bit number of an IEEE EUI (extended unique
identifier) format. The top 24 bits are a company ID that IEEE registers with a particular company. The lower
40 bits are assigned by the entity holding that company ID and must be unique.
In many cases, the IQN format is chosen over the EUI format for readability and as a more user-friendly method
of assigning names.
Discovery, Authentication, and Access Control

You can use several mechanisms to limit which volumes on an iSCSI storage system your ESX/ESXi host can
access.
You must configure your host and the iSCSI storage system to support your storage access control policy.
Discovery
A discovery session is part of the iSCSI protocol, and it returns the set of targets you can access on an iSCSI
storage system. The two types of discovery available on ESX/ESXi are dynamic and static. Dynamic discovery
obtains a list of accessible targets from the iSCSI storage system, while static discovery can only try to access
one particular target by target name.
12 VMware, Inc.
Authentication
iSCSI storage systems authenticate an initiator by a name and key pair. ESX/ESXi supports the CHAP protocol,
which VMware recommends for your SAN implementation. The ESX/ESXi host and the iSCSI storage system
must have CHAP enabled and have common credentials. In the iSCSI login phrase, the iSCSI storage system
exchanges and checks these credentials.
Access Control
Access control is a policy set up on the iSCSI storage system. Most implementations support one or more of
three types of access control:
n By initiator name
n By IP address
n By the CHAP protocol
Only initiators that meet all rules can access the iSCSI volume.
Error Correction
To protect the integrity of iSCSI headers and data, the iSCSI protocol defines error correction methods known
as header digests and data digests.
Both parameters are disabled by default, but you can enable them. These digests pertain to, respectively, the
header and SCSI data being transferred between iSCSI initiators and targets, in both directions.
Header and data digests check the end-to-end, noncryptographic data integrity beyond the integrity checks
that other networking layers provide, such as TCP and Ethernet. They check the entire communication path,
including all elements that can change the network-level traffic, such as routers, switches, and proxies.
The existence and type of the digests are negotiated when an iSCSI connection is established. When the initiator
and target agree on a digest configuration, this digest must be used for all traffic between them.
Enabling header and data digests does require additional processing for both the initiator and the target and
can affect throughput and CPU use performance.
NOTE Systems that use Intel Nehalem processors offload the iSCSI digest calculations, thus reducing the impact
on performance.
Overview of Using ESX/ESXi with a SAN

Using ESX/ESXi with a SAN improves flexibility, efficiency, and reliability. Using ESX/ESXi with a SAN also
supports centralized management and failover and load balancing technologies.
The following are benefits of using ESX/ESXi with a SAN:

n You can store data redundantly and configure multiple paths to your storage, eliminating a single point
of failure. ESX/ESXi systems provide multipathing by default for every virtual machine.
n Using a SAN with ESX/ESXi systems extends failure resistance to the server. When you use SAN storage,
all applications can instantly be restarted after host failure.
n You can perform live migration of virtual machines using VMware VMotion.
n Use VMware High Availability (HA) in conjunction with a SAN for a cold-standby solution that
guarantees an immediate, automatic response.
VMware, Inc. 13
n Use VMware Distributed Resource Scheduler (DRS) to migrate virtual machines from one host to another
for load balancing. Because storage is on a SAN array, applications continue running seamlessly.
n If you use VMware DRS clusters, put an ESX/ESXi host into maintenance mode to have the system migrate
all running virtual machines to other ESX/ESXi hosts. You can then perform upgrades or other
maintenance operations.
The transportability and encapsulation of VMware virtual machines complements the shared nature of this
storage. When virtual machines are located on SAN-based storage, you can quickly shut down a virtual
machine on one server and power it up on another server, or suspend it on one server and resume operation
on another server on the same network. This ability allows you to migrate computing resources while
maintaining consistent shared access.
ESX/ESXi and SAN Use Cases

You can perform a number of tasks when using ESX/ESXi with SAN.
Using ESX/ESXi in conjunction with SAN is effective for the following tasks:
Maintenance with zero When performing an ESX/ESXi host or infrastructure maintenance, use
downtime VMware DRS or VMotion to migrate virtual machines to other servers. If
shared storage is on the SAN, you can perform maintenance without
interruptions to the user.
Load balancing Use VMotion or VMware DRS to migrate virtual machines to other hosts for
load balancing. If shared storage is on a SAN, you can perform load balancing
without interruption to the user.
Storage consolidation If you are working with multiple hosts, and each host is running multiple
and simplification of virtual machines, the storage on the hosts is no longer sufficient and external
storage layout storage is required. Choosing a SAN for external storage results in a simpler
system architecture along with other benefits.
Start by reserving a large volume and then allocate portions to virtual machines
as needed. Volume allocation and creation from the storage device needs to
happen only once.
Disaster recovery Having all data stored on a SAN facilitates the remote storage of data backups.
You can restart virtual machines on remote ESX/ESXi hosts for recovery if one
site is compromised.
Simplified array When you purchase new storage systems or arrays, use storage VMotion to
migrations and storage perform live automated migration of virtual machine disk files from existing
upgrades storage to their new destination.
Finding Further Information

In addition to this document, a number of other resources can help you configure your ESX/ESXi system in
conjunction with a SAN.
n Use your storage array vendor's documentation for most setup questions. Your storage array vendor might
also offer documentation on using the storage array in an ESX/ESXi environment.
n The VMware Documentation Web site.
n The Fibre Channel SAN Configuration Guide discusses the use of ESX/ESXi with Fibre Channel storage area
networks.
n The VMware I/O Compatibility Guide lists the currently approved HBAs, HBA drivers, and driver versions.
n The VMware Storage/SAN Compatibility Guide lists currently approved storage arrays.
14 VMware, Inc.
n The VMware Release Notes give information about known issues and workarounds.
n The VMware Knowledge Bases have information on common issues and workarounds.
Specifics of Using SAN Storage with ESX/ESXi

Using a SAN in conjunction with an ESX/ESXi host differs from traditional SAN usage in a variety of ways.
When you use SAN storage with ESX/ESXi, keep in mind the following considerations:
n You cannot directly access the virtual machine operating system that uses the storage. With traditional
tools, you can monitor only the VMware ESX/ESXi operating system. You use the vSphere Client to
monitor virtual machines.
n When you create a virtual machine, it is, by default, configured with one virtual hard disk and one virtual
SCSI controller. You can modify the SCSI controller type and SCSI bus sharing characteristics by using
the vSphere Client to edit the virtual machine settings. You can also add hard disks to your virtual machine.
n The HBA visible to the SAN administration tools is part of the ESX/ESXi system, not part of the virtual
machine.
n Your ESX/ESXi system performs multipathing for you.
Third-Party Management Applications

You can use third-party management applications in conjunction with your ESX/ESXi host.
Most iSCSI storage hardware is packaged with storage management software. In many cases, this software is
a web application that can be used with any web browser connected to your network. In other cases, this
software typically runs on the storage system or on a single server, independent of the servers that use the
SAN for storage.
Use this third-party management software for the following tasks:

n Storage array management, including LUN creation, array cache management, LUN mapping, and LUN
security.
n Setting up replication, check points, snapshots, or mirroring.
If you decide to run the SAN management software on a virtual machine, you gain the benefits of running a
virtual machine, including failover using VMotion and VMware HA. Because of the additional level of
indirection, however, the management software might not be able to detect the SAN. This problem can be
resolved by using an RDM.
NOTE Whether a virtual machine can run management software successfully depends on the particular storage
system.
Understanding VMFS Datastores

To store virtual disks, ESX/ESXi uses datastores, which are logical containers that hide specifics of storage from
virtual machines and provide a uniform model for storing virtual machine files. Datastores that you deploy
on storage devices use the VMware Virtual Machine File System (VMFS) format, a special high-performance
file system format that is optimized for storing virtual machines.
A VMFS datastore can run multiple virtual machines as one workload. VMFS provides distributed locking for
your virtual machine files, so that your virtual machines can operate safely in a SAN environment where
multiple ESX/ESXi hosts share a set of LUNs.
VMware, Inc. 15
Use the vSphere Client to set up a VMFS datastore in advance on any SCSI-based storage device that your ESX/
ESXi host discovers. A VMFS datastore can be extended over several physical storage extents, including SAN
LUNs and local storage. This feature allows you to pool storage and gives you flexibility in creating thestorage
volume necessary for your virtual machine.
You can increase the capacity of a datastore while virtual machines are running on the datastore. This ability
lets you add new space to your VMFS datastores as your virtual machine requires it. ESX/ESXi VMFS is
designed for concurrent access from multiple physical machines and enforces the appropriate access controls
on virtual machine files.
Sharing a VMFS Datastore Across ESX/ESXi Hosts

As a cluster file system, VMFS lets multiple ESX/ESXi hosts access the same VMFS datastore concurrently.
To ensure that multiple servers do not access the same virtual machine at the same time, VMFS provides on-
disk locking. To coordinate access to VMFS internal file system information, ESX/ESXi uses SCSI reservations
on the entire LUN.
Figure 1-3 shows several ESX/ESXi systems sharing the same VMFS volume.
Figure 1-3. Sharing a VMFS Datastore Across ESX/ESXi Hosts

ESX/ESXi ESX/ESXi ESX/ESXi
A B C
VM1 VM2 VM3
VMFS volume
disk1
virtual
disk2 disk
files
disk3
Because virtual machines share a common VMFS datastore, it might be difficult to characterize peak-access
periods or to optimize performance. You must plan virtual machine storage access for peak periods, but
different applications might have different peak-access periods. VMware recommends that you load balance
virtual machines over servers, CPU, and storage. Run a mix of virtual machines on each server so that not all
experience high demand in the same area at the same time.
Metadata Updates
A VMFS datastore holds virtual machine files, directories, symbolic links, RDMs, and so on. A VMS datastore
also maintains a consistent view of all the mapping information for these objects. This mapping information
is called metadata.
Metadata is updated each time the attributes of a virtual machine file are accessed or modified when, for
example, you perform one of the following operations:
n Creating, growing, or locking a virtual machine file
n Changing a file's attributes
n Powering a virtual machine on or off
16 VMware, Inc.
Making LUN Decisions

You must plan how to set up storage for your ESX/ESXi systems before you format LUNs with VMFS
datastores.
When you make your LUN decision, keep in mind the following considerations:
n Each LUN should have the correct RAID level and storage characteristic for applications in virtual
machines that use it.
n One LUN must contain only one VMFS datastore.
n If multiple virtual machines access the same VMFS, use disk shares to prioritize virtual machines.
You might want fewer, larger LUNs for the following reasons:
n More flexibility to create virtual machines without asking the storage administrator for more space.
n More flexibility for resizing virtual disks, doing snapshots, and so on.
n Fewer VMFS datastores to manage.
You might want more, smaller LUNs for the following reasons:
n Less wasted storage space.
n Different applications might need different RAID characteristics.
n More flexibility, as the multipathing policy and disk shares are set per LUN.
n Use of Microsoft Cluster Service requires that each cluster disk resource is in its own LUN.
n Better performance because there is less contention for a single volume.
When the storage characterization for a virtual machine is not available, there is often no simple answer when
you have to decide on the LUN size and number of LUNs to use. You can experiment using either predictive
or adaptive scheme.
Use the Predictive Scheme to Make LUN Decisions

predictive scheme.
Procedure
1 Create several LUNs with different storage characteristics.
2 Build a VMFS datastore on each LUN, labeling each datastore according to its characteristics.
3 Allocate virtual disks to contain the data for virtual machine applications in the VMFS datastores built on
LUNs with the appropriate RAID level for the applications' requirements.
4 Use disk shares to distinguish high-priority from low-priority virtual machines.
Disk shares are relevant only within a given host. The shares assigned to virtual machines on one host
have no effect on virtual machines on other hosts.
5 Run the applications to determine whether virtual machine performance is acceptable.
VMware, Inc. 17
Use the Adaptive Scheme to Make LUN Decisions

adaptive scheme.
Procedure
1 Create a large LUN (RAID 1+0 or RAID 5), with write caching enabled.
2 Build a VMFS on that LUN.
3 Place four or five virtual disks on the VMFS.
4 Run the applications to determine whether disk performance is acceptable.
If performance is acceptable, you can place additional virtual disks on the VMFS. If performance is not
acceptable, create a new, larger LUN, possibly with a different RAID level, and repeat the process. Use
migration so that you do not lose virtual machines when you recreate the LUN.
Use Disk Shares to Prioritize Virtual Machines

If multiple virtual machines access the same VMFS datastore (and therefore the same LUN), use disk shares
to prioritize the disk accesses from the virtual machines. Disk shares distinguish high-priority from low-
priority virtual machines.
Procedure
1 Start a vSphere Client and connect to vCenter Server.
2 Select the virtual machine in the inventory panel and click Edit virtual machine settings from the menu.
3 Click the Resources tab and click Disk.
4 Double-click the Shares column for the disk to modify and select the required value from the drop-down
menu.
on the server and, on an ESX host, the service console. Share allocation symbolic values can be used to
configure their conversion into numeric values.
5 Click OK to save your selection.
NOTE Disk shares are relevant only within a given ESX/ESXi host. The shares assigned to virtual machines on
one host have no effect on virtual machines on other hosts.
How Virtual Machines Access Data on a SAN

ESX/ESXi stores a virtual machine's disk files within a VMFS datastore that is deployed on a SAN storage
device. When virtual machine guest operating systems issue SCSI commands to their virtual disks, the
virtualization layer translates these commands to VMFS file operations.
When a virtual machine interacts with its virtual disk stored on a SAN, the following process takes place:
1 When the guest operating system in a virtual machine reads or writes to SCSI disk, it issues SCSI
commands to the virtual disk.
2 Device drivers in the virtual machine’s operating system communicate with the virtual SCSI controllers.
3 The virtual SCSI Controller forwards the command to the VMkernel.
18 VMware, Inc.
4 The VMkernel performs the following tasks.

n Locates the file in the VMFS volume that corresponds to the guest virtual machine disk.
n Maps the requests for the blocks on the virtual disk to blocks on the appropriate physical device.
n Sends the modified I/O request from the device driver in the VMkernel to the iSCSI initiator (hardware
or software).
5 If the iSCSI initiator is a hardware iSCSI initiator (iSCSI HBA), the HBA performs the following tasks.
n Encapsulates I/O requests into iSCSI Protocol Data Units (PDUs).
n Encapsulates iSCSI PDUs into TCP/IP packets.
n Sends IP packets over Ethernet to the iSCSI storage system.
6 If the iSCSI initiator is a software iSCSI initiator, the following takes place.
n The initiator encapsulates I/O requests into iSCSI PDUs.
n The initiator sends iSCSI PDUs through TCP/IP connections.
n The VMkernel TCP/IP stack relays TCP/IP packets to a physical NIC.
n The physical NIC sends IP packets over Ethernet to the iSCSI storage system.
7 Depending on which port the iSCSI initiator uses to connect to the network, Ethernet switches and routers
carry the request to the storage device that the host wants to access.
This storage device appears to be a specific disk to the host, but it might be a logical device that corresponds
to a physical device on the SAN.
Understanding Multipathing and Failover

To maintain a constant connection between an ESX/ESXi host and its storage, ESX/ESXi supports multipathing.
Multipathing is a technique that lets you use more than one physical path that transfers data between the host
and external storage device.
In case of a failure of any element in the SAN network, such as an adapter, switch, or cable, ESX/ESXi can
switch to another physical path, which does not use the failed component. This process of path switching to
avoid failed components is known as path failover.
In addition to path failover, multipathing provides load balancing. Load balancing is the process of distributing
I/O loads across multiple physical paths. Load balancing reduces or removes potential bottlenecks.
NOTE Virtual machine I/O might be delayed for up to sixty seconds while path failover takes place. These
delais allow the SAN to stabilize its configuration after topology changes. In general, the I/O delays might be
longer on active-passive arrays and shorter on activate-active arrays.

To manage storage multipathing, ESX/ESXiusers a special VMkernel layer, Pluggable Storage Architecture
(PSA). The PSA is an open modular framework that coordinates the simultaneous operation of multiple
multipathing plugins (MPPs).
The VMkernel multipathing plugin that ESX/ESXi provides by default is the VMware Native Multipathing
Plugin (NMP). The NMP is an extensible module that manages subplugins. There are two types of NMP
subplugins, Storage Array Type Plugins (SATPs), and Path Selection Plugins (PSPs). SATPs and PSPs can be
built-in and provided by VMware, or can be provided by a third party.
VMware, Inc. 19
tasks:

VMkernel

MPP MPP
VMware SATP

command retries.

By default, ESX/ESXi provides an extensible multipathing module called the Native Multipathing Plugin
(NMP).
20 VMware, Inc.
VMware SATPs
ESX/ESXi offers an SATP for every type of array that VMware supports. These SATPs include an active/active
SATP and active/passive SATP for non-specified storage arrays, and the local SATP for direct-attached storage.
Each SATP accommodates special characteristics of a certain class of storage arrays and can perform the array-
VMware PSPs
Most Recently Used Selects the path the ESX/ESXi host used most recently to access the given device.
(MRU) If this path becomes unavailable, the host switches to an alternative path and
available.
might be a problem.
takes place.
VMware, Inc. 21
Host-Based Path Failover

When setting up your ESX/ESXi host for multipathing and failover, you can use multiple iSCSI HBAs with the
hardware iSCSI and multiple NICs with the software iSCSI.
Failover with Hardware iSCSI

With the hardware iSCSI, the host typically has two or more hardware iSCSI adapters available, from which
the storage system can be reached using one or more switches. Alternatively, the setup might include one
adapter and two storage processors so that the adapter can use a different path to reach the storage system.
As Figure 1-5 illustrates, the host has two hardware iSCSI adapters, HBA1 and HBA2, that provide two physical
paths to the storage system. Multipathing plugins on your host, whether the VMkernel NMP or any third-
party MPPs, have access to the paths by default and can monitor health of each physical path. If, for example,
HBA1 or the link between HBA1 and the network fails, the multipathing plugins can switch the path over to
HBA2.
Figure 1-5. Hardware iSCSI and Failover

ESX/ESXi
HBA2 HBA1
IP network
SP
iSCSI storage
Failover with Software iSCSI

With the software iSCSI, as Figure 1-6 shows, you can use multiple NICs that provide failover and load
balancing capabilities for iSCSI connections between your host and storage systems.
For this setup, because multipathing plugins do not have direct access to physical NICs on your host, you first
need to connect each physical NIC to a separate VMkernel port. You then associate all VMkernel ports with
the software iSCSI initiator using a port binding technique. As a result, each VMkernel port connected to a
separate NIC becomes a different path that the iSCSI storage stack and its storage-aware multipathing plugins
can use.
For information on how to configure multipathing for the software iSCSI, see “Networking Configuration for
Software iSCSI Storage,” on page 30.
22 VMware, Inc.
Figure 1-6. Software iSCSI and Failover

ESX/ESXi
software initiator
NIC2 NIC1
IP network
SP
iSCSI storage
Array-Based Failover
Some iSCSI storage systems manage path use of their ports automatically (transparently to ESX/ESXi).
When using one of these storage systems, ESX/ESXi does not see multiple ports on the storage and cannot
choose the storage port it connects to. These systems have a single virtual port address that ESX/ESXi uses to
initially communicate. During this initial communication, the storage system can redirect ESX/ESXi to
communicate with another port on the storage system. The iSCSI initiators in ESX/ESXi obey this reconnection
request and connect with a different port on the system. The storage system uses this technique to spread the
load across available ports.
If ESX/ESXi loses connection to one of these ports, it automatically attempts to reconnect with the virtual port
of the storage system, and should be redirected to an active, usable port. This reconnection and redirection
happens quickly and generally does not disrupt running virtual machines. These storage systems can also
request that iSCSI initiators reconnect to the system, to change which storage port they are connected to. This
allows the most effective use of the multiple ports.
Figure 1-7 shows an example of port redirection. ESX/ESXi attempts to connect to the 10.0.0.1 virtual port. The
storage system redirects this request to 10.0.0.2. ESX/ESXi connects with 10.0.0.2 and uses this port for I/O
communication.
NOTE The storage system does not always redirect connections. The port at 10.0.0.1 could be used for traffic,
also.
VMware, Inc. 23
Figure 1-7. Port Redirection

ESX/ESXi “Connect to storage at 10.0.0.1”
10.0.0.1
“Reconnect to 10.0.0.2”
10.0.0.2
storage
ESX/ESXi iSCSI storage traffic

10.0.0.1
10.0.0.2
storage
If the port on the storage system that is acting as the virtual port becomes unavailable, the storage system
reassigns the address of the virtual port to another port on the system. Figure 1-8 shows an example of this
type of port reassignment. In this case, the virtual port 10.0.0.1 becomes unavailable and the storage system
reassigns the virtual port IP address to a different port. The second port responds to both addresses.
Figure 1-8. Port Reassignment
10.0.0.1
10.0.0.2
storage
10.0.0.1
10.0.0.1
10.0.0.2
storage
Choosing Virtual Machine Locations

When you’re working on optimizing performance for your virtual machines, storage location is an important
factor. A trade-off always exists between expensive storage that offers high performance and high availability
and storage with lower cost and lower performance.
Storage can be divided into different tiers depending on a number of factors:

n High Tier. Offers high performance and high availability. Might offer built-in snapshots to facilitate
backups and point-in-time (PiT) restorations. Supports replication, full SP redundancy, and SAS drives.
Uses high-cost spindles.
n Mid Tier. Offers mid-range performance, lower availability, some SP redundancy, and SCSI or SAS drives.
May offer snapshots. Uses medium-cost spindles.
n Lower Tier. Offers low performance, little internal storage redundancy. Uses low end SCSI drives or SATA
(serial low-cost spindles).
24 VMware, Inc.
Not all applications need to be on the highest-performance, most-available storage—at least not throughout
their entire life cycle.
NOTE If you need some of the functionality of the high tier, such as snapshots, but do not want to pay for it,
you might be able to achieve some of the high-performance characteristics in software. For example, you can
create snapshots in software.
When you decide where to place a virtual machine, ask yourself these questions:
n How critical is the virtual machine?
n What are its performance and availability requirements?
n What are its PiT restoration requirements?
n What are its backup requirements?
n What are its replication requirements?
A virtual machine might change tiers throughout its life cycle because of changes in criticality or changes in
technology that push higher-tier features to a lower tier. Criticality is relative and might change for a variety
of reasons, including changes in the organization, operational processes, regulatory requirements, disaster
planning, and so on.
Designing for Server Failure

The RAID architecture of SAN storage inherently protects you from failure at the physical disk level. A SAN
provides multiple paths between servers and storage, which protects against network or port failures. The
final step in making your whole environment failure resistant is to protect against server failure.
Using VMware HA
One of the failover options ESX/ESXi provides is VMware High Availability (HA).
VMware HA allows you to organize virtual machines into failover groups. When a host fails, all its virtual
machines are immediately started on different hosts. When a virtual machine is restored on a different host, it
loses its memory state, but its disk state is exactly as it was when the host failed (crash-consistent failover).
Shared storage (such as a SAN) is required for HA.
NOTE You must be licensed to use VMware HA.
Server Failover and Storage Considerations

When you are configuring your ESX/ESXi host to work in conjunction with SAN, you must make your whole
environment failure resistant and protect it against host failures.
For each type of server failover, you must follow these practices:
n Approaches to server failover work only if each server has access to the same storage. Because multiple
servers require a lot of disk space, and because failover for the storage system complements failover for
the server, SANs are usually employed in conjunction with server failover.
n When you design a SAN to work in conjunction with server failover, all datastores the clustered virtual
machines use must be seen by all ESX/ESXi hosts.
VMware, Inc. 25
Although a datastore is accessible to a host, all virtual machines on that host do not necessarily have access
to all data on that datastore. A virtual machine can access only the virtual disks for which it was configured.
In case of a configuration error, virtual disks are locked when the virtual machine boots so no corruption
occurs.
NOTE As a rule, when you boot from a SAN, each boot volume should be seen only by the host that is booting
from that volume. An exception is when you try to recover from a failure by pointing a second host to the same
volume. In this case, the SAN volume in question is not really for booting from a SAN. No host is booting from
it because it is corrupted. The SAN volume is a regular non-boot volume that is made visible to a host.
LUN Display and Rescan

A SAN is dynamic, and which LUNs are available to a certain host can change based on a number of factors.
The VMkernel discovers LUNs when it boots, and those LUNs are then visible in the vSphere Client. If changes
are made to the LUNs, you must rescan to see those changes.
n New LUNs created on the iSCSI storage
n Changes to LUN access control
n Changes in connectivity
26 VMware, Inc.
Configuring iSCSI Initiators and
Storage 2
Before ESX/ESXi can work with a SAN, you must set up your iSCSI initiators and storage.
To do this, you must first observe certain basic requirements and then follow best practices for installing and
setting up hardware or software iSCSI initiators to access the SAN.

n “ESX/ESXi iSCSI SAN Requirements,” on page 27
n “ESX/ESXi iSCSI SAN Restrictions,” on page 28
n “Setting LUN Allocations,” on page 28
n “Network Configuration and Authentication,” on page 28
n “Setting Up Hardware iSCSI Initiators,” on page 28
n “Setting Up Software iSCSI Initiators,” on page 30
n “Configuring Discovery Addresses for iSCSI Initiators,” on page 35
n “Configuring CHAP Parameters for iSCSI Initiators,” on page 37
n “Configuring Additional Parameters for iSCSI,” on page 40
n “Add iSCSI Storage,” on page 41
ESX/ESXi iSCSI SAN Requirements

You must meet several requirements for your ESX/ESXi host to work properly with a SAN.
n Verify that your SAN storage hardware and firmware combinations are supported in conjunction with
ESX/ESXi systems. For an up-to-date list, see the Storage/SAN Compatibility Guide.
n Configure your system to have only one VMFS datastore for each LUN. (In VMFS-3, you do not need to
set accessibility.)
n Unless you are using diskless servers (booting from a SAN), do not set up the diagnostic partition on a
SAN LUN. In the case of diskless servers that boot from a SAN, a shared diagnostic partition is appropriate.
n Use RDMs for access to any raw disk.
n Set the SCSI controller driver in the guest operating system to a large enough queue. You can set the queue
depth for the physical HBA during system setup.
n On virtual machines running Microsoft Windows, increase the value of the SCSI TimeoutValue parameter
to allow Windows to better tolerate delayed I/O resulting from path failover.
VMware, Inc. 27
ESX/ESXi iSCSI SAN Restrictions

This topic lists restrictions that exist when you use ESX/ESXi with a SAN.
n ESX/ESXi does not support iSCSI-connected tape devices.
n You cannot use virtual-machine multipathing software to perform I/O load balancing to a single physical
LUN.
Setting LUN Allocations

When preparing your ESX/ESXi system to use iSCSI SAN storage you need to set LUN allocations.
Note the following points:

n Storage Provisioning. To ensure that the ESX/ESXi host recognizes LUNs at startup time, make sure to
configure all iSCSI storage targets so that your host can access them and use them. Also, configure your
host so that it can discover all available iSCSI targets.
n VMotion and VMware DRS. When you use vCenter Server and VMotion or DRS, make sure that the LUNs
for the virtual machines are provisioned to all ESX/ESXi hosts. This configuration provides the greatest
freedom in moving virtual machines.
n Active-active versus active-passive arrays. When you use VMotion or DRS with an active-passive SAN
storage device, make sure that all ESX/ESXi systems have consistent paths to all storage processors. Not
doing so can cause path thrashing when a VMotion migration occurs.
For active-passive storage arrays not listed in the Storage/SAN Compatibility Guide, VMware does not
support storage-port failover. You must connect the server to the active port on the storage system. This
configuration ensures that the LUNs are presented to the ESX/ESXi host.
Network Configuration and Authentication

Before your ESX/ESXi can discover iSCSI storage, the iSCSI initiators must be configured and authentication
might have to be set up.
n For software iSCSI, networking for the VMkernel must be configured. You can verify the network
configuration by using the vmkping utility. For hardware iSCSI, network parameters, such as IP address,
subnet mask, and default gateway must be configured on the HBA.
n Check and change the default initiator name if necessary.
n The discovery address of the storage system must be set and should be pingable using vmkping.
n For CHAP authentication, enable it on the initiator and the storage system side. After authentication is
enabled, it applies for all of the targets that are not yet discovered, but does not apply to targets that are
already discovered. After the discovery address is set, the new targets discovered are exposed and can be
used at that point.
Setting Up Hardware iSCSI Initiators

With hardware-based iSCSI storage, you use a specialized third-party adapter capable of accessing iSCSI
storage over TCP/IP. This iSCSI initiator handles all iSCSI and network processing and management for your
ESX/ESXi system.
You must install and configure the hardware iSCSI adapter before you set up a datastore that resides on an
iSCSI storage device.
28 VMware, Inc.
Chapter 2 Configuring iSCSI Initiators and Storage
View Hardware iSCSI Initiators

View an iSCSI hardware initiator to verify that it is correctly installed and ready for configuration.
Prerequisites
Before you begin configuring the hardware iSCSI initiator, make sure that the iSCSI HBA is successfully
installed and appears on the list of initiators available for configuration. If the initiator is installed, you can
view its properties.
Procedure
The hardware iSCSI initiator appears in the list of storage adapters.
3 Select the initiator to view.
The default details for the initiator appear, including the model, iSCSI name, iSCSI alias, IP address, and
target and paths information.
4 Click Properties.
The iSCSI Initiator Properties dialog box appears. The General tab displays additional characteristics of
the initiator.
You can now configure your hardware initiator or change its default characteristics.
Change Name and IP Address for Hardware Initiators

When you configure your hardware iSCSI initiators, make sure that their names and IP addresses are formatted
properly.
Procedure
3 Select the initiator to configure and click Properties > Configure.
not recognize the hardware iSCSI initiator.
5 (Optional) Enter the iSCSI alias.
The alias is a name that you use to identify the hardware iSCSI initiator.
6 Change the default IP settings.
You must change the default IP settings so that they are configured properly for the IP SAN. Work with
your network administrator to determine the IP setting for the HBA.
until logout and re-login.
VMware, Inc. 29
Setting Up Software iSCSI Initiators

With the software-based iSCSI implementation, you can use standard network adapters to connect your ESX/
ESXi host to a remote iSCSI target on the IP network. The software iSCSI initiator that is built into ESX/ESXi
facilitates this connection by communicating with the network adapter through the network stack.
Before you configure the software iSCSI initiator, you must perform the following tasks:
1 Create a VMkernel port for physical network adapters.
2 Enable the software iSCSI initiator.
3 If you use multiple network adapters, activate multipathing on your host using the port binding technique.
4 If needed, enable Jumbo Frames. Jumbo Frames must be enabled for each vSwitch through the vSphere
CLI. Also, if you use an ESX host, you must create a VMkernel network interface enabled with Jumbo
Frames.

Networking configuration for software iSCSI involves creating an iSCSI VMkernel port and mapping it to a
physical NIC that handles iSCSI traffic.
Depending on the number of physical NICs you use for iSCSI traffic, the networking setup can be different:
n If you have one physical NIC, create one VMkernel port on a vSwitch and map the port to the NIC. VMware
recommends that you designate a separate network adapter entirely for iSCSI. No additional network
configuration steps are required.
For information on creating a port, see “Create a VMkernel Port for Software iSCSI,” on page 31.
n If you have two or more physical NICs for iSCSI, you can create multiple paths for the software iSCSI by
using the port binding technique.
For background information on multipathing with software iSCSI, see “Host-Based Path Failover,” on
page 22.
With port binding, you create a separate VMkernel port for each physical NIC using 1:1 mapping. You
can add all network adapter and VMkernel port pairs to a single vSwitch, as Figure 2-1 shows.
Figure 2-1. Port Binding on a Single vSwitch
vmk1 vmk2
vSwitch1
portgrp1 portgrp2
vmnic1 vmnic2
For information on adding the NIC and VMkernel port pairs to a vSwitch, see “Set Up Multipathing for
Software iSCSI,” on page 32.
Another alternative is to create a separate vSwitch for each network adapter and VMkernel port pair, as
Figure 2-2 indicates.
30 VMware, Inc.
Figure 2-2. Port Binding on Separate vSwitches
vmk1 vmk2
vSwitch0 vSwitch1
portgrp0 portgrp1 portgrp2 portgrp3
vmnic1 vmnic2
After you map VMkernel ports to network adapters, use the esxcli command to connect the ports with
the software iSCSI initiator. For information, see “Activate Multipathing for Software iSCSI Initiator,” on
page 33.
NOTE EMC CLARiiON storage systems do not support port binding.

This procedure lets you connect the VMkernel, which runs services for iSCSI storage, to the physical network
adapter.
If you have one physical network adapter to be used for iSCSI traffic, this is the only procedure you must
perform to set up your iSCSI networking.
Procedure
5 Select Create a virtual switch to create a new vSwitch.
If no adapters appear under Create a virtual switch, existing vSwitches are using all of the network
adapters in the system. You can use an existing vSwitch for your iSCSI traffic.
6 Select an adapter you want to use for iSCSI traffic.
IMPORTANT Do not use iSCSI on 100Mbps or slower adapters.
7 Click Next.
8 Under Port Group Properties, enter a network label. Network label is a friendly name that identifies the
VMkernel port that you are creating.
9 Click Next.
10 Specify the IP settings and click Next.
11 Review the information and click Finish.
What to do next
If your host uses only one network adapter for iSCSI, no additional network configuration steps are required.
VMware, Inc. 31
If your host uses more than one physical network adapter for iSCSI, connect additional adapters and associate
them with corresponding VMkernel ports using the port binding technique. You have the following options:
n Use a single vSwitch for iSCSI multipathing. You must connect additional network adapters and VMkernel
ports to the vSwitch you just created and override the default setup, so that each port maps to only one
active adapter. See “Set Up Multipathing for Software iSCSI,” on page 32.
n Create separate vSwitches for each additional network adapter.
Set Up Multipathing for Software iSCSI

Use this procedure only if you have two or more NICs you can designate for iSCSI and you want to connect
all of your iSCSI NICs to a single vSwitch. In this procedure, you associate VMkernel ports with the network
adapters using 1:1 mapping.
You now need to connect additional network adapters to the existing vSwitch and map them to corresponding
VMkernel ports.
Prerequisites
You must create one VMkernel port for your network adapter before you can set up multipathing for software
iSCSI.
Procedure
3 Select the vSwitch that you use for iSCSI and click Properties.
4 Connect additional network adapters to the vSwitch.
a In the vSwitch Properties dialog box, click the Network Adapters tab and click Add.
b Select one or more adapters from the list and click Next.
c Review the information on the Adapter Summary page, and click Finish.
The list of network adapters reappears, showing the network adapters that the vSwitch now claims.
5 Create VMkernel ports for all network adapters that you connected.
The number of VMkernel ports must correspond to the number of network adapters on the vSwitch.
a In the vSwitch Properties dialog box, click the Ports tab and click Add.
b Select VMkernel and click Next.
c Under Port Group Properties, enter a network label and click Next.
d Specify the IP settings and click Next.
When you enter subnet mask, make sure that the network adapter is set to the subnet of the storage
system it connects to.
e Review the information and click Finish.
CAUTION If the network adapter you add to software iSCSI initiator is not in the same subnet as your iSCSI
target, your host is not able to establish sessions from this network adapter to the target.
32 VMware, Inc.
6 Map each VMkernel port to just one active adapter.
By default, for each VMkernel port on the vSwitch, all network adapters appear as active. You must
override this setup, so that each port maps to only one corresponding active adapter. For example,
VMkernel port vmk1 maps to active adapter vmnic1, port vmk2 maps to vmnic2, and so on.
a On the Ports tab, select a VMkernel port and click Edit.
b Click the NIC Teaming tab and select Override vSwitch failover order.
c Designate only one adapter as active and move all remaining adapters to the Unused Adapters
category.
7 Repeat the last step for each VMkernel port on the vSwitch.
What to do next
After performing this task, use the esxcli command to connect the VMkernel ports to the software iSCSI
initiator.
Activate Multipathing for Software iSCSI Initiator

Use this task only if your ESX/ESXi host has two or more physical network adapters that you designate for
iSCSI traffic. This task explains how to activate host-based multipathing for your host by connecting the
software iSCSI initiator to iSCSI VMkernel ports that you created for the network adapters.
Prerequisites
Before you activate multipathing, complete the following tasks:

n Create VMkernel ports for the physical network adapters making sure to use 1:1 port to adapter mapping.
See “Create a VMkernel Port for Software iSCSI,” on page 31 and “Set Up Multipathing for Software
iSCSI,” on page 32.
n Enable the software iSCSI initiator. See “Enable the Software iSCSI Initiator,” on page 34.
Procedure
1 Identify the names of VMkernel iSCSI ports assigned to physical adapters.
The vSphere Client displays the port's name below the network label.
For example, the following graphic shows the ports' names as vmk1 and vmk2.
2 Using the vSphere CLI, connect the software iSCSI initiator to the iSCSI VMkernel ports.
Repeat this command for each port.
esxcli swiscsi nic add -n <port_name> -d <vmhba>
3 Verify that the ports were added to the software iSCSI initiator by running the following command:
esxcli swiscsi nic list -d <vmhba>
VMware, Inc. 33
4 Use the vSphere Client to rescan the software iSCSI initiator.
5 To disconnect the software iSCSI initiator from the ports, run the following command.
If there are active iSCSI sessions between your host and targets, discontinue them before running this
command. You can do so by removing static targets that the ports use from the vSphere Client.
esxcli swiscsi nic remove -n <port_name> -d <vmhba>
Example 2-1. Connecting Software iSCSI Initiator to Two VMkernel Ports

This example shows how to connect the software iSCSI initiator vmhba33 to VMkernel ports vmk1 and vmk2.
1 Connect vmhba33 to vmk1: esxcli swiscsi nic add -n vmk1 -d vmhba33
2 Connect vmhba33 to vmk2: esxcli swiscsi nic add -n vmk2 -d vmhba33
3 Verify vmhba33 configuration: esxcli swiscsi nic list -d vmhba33
Both vmk1 and vmk2 should be listed.
In this example, if you use the vSphere client to display the Paths view for the vmhba33 initiator, you can see
that it uses two different paths to access the same target. The runtime names of the paths are vmhba33:C1:T1:L0
and vmhba33:C2:T1:L0. C1 and C2 in this example indicate the two network adapters that are used for
multipathing.
Enable the Software iSCSI Initiator

You must enable your software iSCSI initiator so that ESX/ESXi can use it to access iSCSI storage.
Procedure
1 Log in to the vSphere Client, and select a server from the inventory panel.
4 Click Configure.
The General Properties dialog box displays the initiator’s status, default name, and alias.
5 To enable the initiator, select Enabled.

not recognize the software iSCSI initiator.
until you logout and re-login.
Enabling Jumbo Frames for Software iSCSI

Jumbo Frames allow ESX/ESXi to send larger frames out onto the physical network. The network must support
Jumbo Frames end-to-end for Jumbo Frames to be effective. Jumbo Frames up to 9kB (9000 Bytes) are
supported.
Before enabling Jumbo Frames, check with your hardware vendor to ensure your physical network adapter
and iSCSI storage support Jumbo Frames.
Jumbo Frames must be enabled for each vSwitch through the vSphere CLI. Also, if you use an ESX host, you
must create a VMkernel network interface enabled with Jumbo Frames.
34 VMware, Inc.
Create a Jumbo Frames-Enabled vSwitch

Configure a vSwitch for Jumbo Frames by changing the MTU size for that vSwitch.
Procedure
1 To set the MTU size for the vSwitch, run the vicfg-vswitch -m <MTU> <vSwitch> command from the
vSphere CLI.
This command sets the MTU for all uplinks on that vSwitch. The MTU size should be set to the largest
MTU size among all the virtual network adapters connected to the vSwitch.
2 Run the vicfg-vswitch -l command to display a list of vSwitches on the host, and check that the
configuration of the vSwitch is correct.
Create a Jumbo Frames-Enabled VMkernel Interface

If you are using ESX host, you must use the command-line interface to create a VMkernel network interface
that is enabled with Jumbo Frames.
Procedure
1 Log in directly to the console of the ESX host.
2 Use the esxcfg-vmknic command to create a VMkernel connection with Jumbo Frame support.
esxcfg-vmknic -a -I <ip address> -n <netmask> -m <MTU> <port group name>
3 Run the esxcfg-vmknic -l command to display a list of VMkernel interfaces and check that the
configuration of the Jumbo Frame-enabled interface is correct.
4 Check that the VMkernel interface is connected to a vSwitch with Jumbo Frames enabled.
5 Configure all physical switches and any physical or virtual machines to which this VMkernel interface
connects to support Jumbo Frames.
Configuring Discovery Addresses for iSCSI Initiators

Set up target discovery addresses so that the iSCSI initiator can determine which storage resource on the
network is available for access.
The ESX/ESXi system supports these discovery methods:
Dynamic Discovery Also known as Send Targets discovery. Each time the initiator contacts a
specified iSCSI server, the initiator sends the Send Targets request to the server.
The server responds by supplying a list of available targets to the initiator. The
names and IP addresses of these targets appear on the Static Discovery tab. If
you remove a static target added by dynamic discovery, the target might be
returned to the list the next time a rescan happens, the HBA is reset, or the host
is rebooted.
Static Discovery The initiator does not have to perform any discovery. The initiator has a list of
targets it can contact and uses their IP addresses and target names to
communicate with them.
Set Up Dynamic Discovery

With Dynamic Discovery, each time the initiator contacts a specified iSCSI server, it sends the Send Targets
request to the server. The server responds by supplying a list of available targets to the initiator.
Required privilege: Host.Configuration.Storage Partition Configuration
VMware, Inc. 35
Procedure
4 In the iSCSI Initiator Properties dialog box, click the Dynamic Discovery tab.
5 To add an address for the Send Targets discovery, click Add.
The Add Send Targets Server dialog box appears.
6 Enter the IP address or DNS name of the storage system and click OK.
After your host establishes the Send Targets session with this system, any newly discovered targets appear
in the Static Discovery list.
7 To delete a specific Send Targets server, select it and click Remove.
After you remove a Send Targets server, it might still appear in the Inheritance field as the parent of static
targets. This entry indicates where the static targets were discovered and does not affect the functionality.
NOTE You cannot change the IP address, DNS name, or port number of an existing Send Targets server. To
make changes, delete the existing server and add a new one.
Set Up Static Discovery

With iSCSI initiators, in addition to the dynamic discovery method, you can use static discovery and manually
enter information for the targets.
Procedure

4 In the iSCSI Initiator Properties dialog box, click the Static Discovery tab.
The tab displays all dynamically discovered targets and any static targets already entered.
5 To add a target, click Add and enter the target’s information.
6 To delete a specific target, select the target and click Remove.
NOTE You cannot change the IP address, DNS name, iSCSI target name, or port number of an existing target.
To make changes, remove the existing target and add a new one.
36 VMware, Inc.
Configuring CHAP Parameters for iSCSI Initiators

Because the IP networks that the iSCSI technology uses to connect to remote targets do not protect the data
they transport, you must ensure security of the connection. iSCSI requires that all devices on the network
implement Challenge Handshake Authentication Protocol (CHAP), which verifies the legitimacy of initiators
that access targets on the network.
CHAP uses a three-way handshake algorithm to verify the identity of your host and, if applicable, of the iSCSI
target when the host and target establish a connection. The verification is based on a predefined private value,
or CHAP secret, that the initiator and target share.
ESX/ESXi supports CHAP authentication at the adapter level. In this case, all targets receive the same CHAP
name and secret from the iSCSI initiator. For software iSCSI, ESX/ESXi also supports per-target CHAP
authentication, which allows you to configure different credentials for each target to achieve greater level of
security.
Choosing CHAP Authentication Method

ESX/ESXi supports one-way CHAP for both hardware and software iSCSI, and mutual CHAP for software
iSCSI only.
Before configuring CHAP, check whether CHAP is enabled at the iSCSI storage system and check the CHAP
authentication method the system supports. If CHAP is enabled, enable it for your initiators, making sure that
the CHAP authentication credentials match the credentials on the iSCSI storage.
ESX/ESXi supports the following CHAP authentication methods:
One-way CHAP In one-way, or unidirectional, CHAP authentication, the target authenticates

the initiator, but the initiator does not authenticate the target.
Mutual CHAP (software In mutual, or bidirectional, CHAP authentication, an additional level of

iSCSI only) security enables the initiator to authenticate the target.
For software iSCSI only, you can set one-way CHAP and mutual CHAP for each initiator or at the target level.
Hardware iSCSI supports CHAP only at the initiator level.
When you set the CHAP parameters, specify a security level for CHAP.
Table 2-1. CHAP Security Level

CHAP Security Level Description Supported
Do not use CHAP The host does not use CHAP authentication. Select this Software iSCSI
option to disable authentication if it is currently enabled. Hardware iSCSI
Do not use CHAP unless The host prefers a non-CHAP connection, but can use a Software iSCSI
required by target CHAP connection if required by the target.
Use CHAP unless prohibited The host prefers CHAP, but can use non-CHAP Software iSCSI
by target connections if the target does not support CHAP. Hardware iSCSI
Use CHAP The host requires successful CHAP authentication. The Software iSCSI
connection fails if CHAP negotiation fails.
Set Up CHAP Credentials for an iSCSI Initiator

For increased security, you can set up all targets to receive the same CHAP name and secret from the iSCSI
initiator at the initiator level. By default, all discovery addresses or static targets inherit CHAP parameters that
you set up at the initiator level.
VMware, Inc. 37
Prerequisites
CHAP. Hardware iSCSI does not support mutual CHAP.
When configuring CHAP parameters, make sure that they match the parameters on the storage side.
For software iSCSI, the CHAP name should not exceed 511 and the CHAP secret 255 alphanumeric characters.
For hardware iSCSI, the CHAP name should not exceed 255 and the CHAP secret 100 alphanumeric characters.
Procedure
4 On the General tab, click CHAP.
a Select one of the following options:

n Do not use CHAP unless required by target (software iSCSI only)
n Use CHAP (software iSCSI only). To be able to configure mutual CHAP, you must select this
option.
b Specify the CHAP name.
c Enter a one-way CHAP secret to be used as part of authentication. Make sure to use the same secret
CHAP:
a Select Use CHAP.
b Specify the mutual CHAP name.
c Enter the mutual CHAP secret. Make sure to use different secrets for the one-way CHAP and mutual
CHAP.
7 Click OK.
38 VMware, Inc.
Set Up CHAP Credentials for a Target

For software iSCSI, you can configure different CHAP credentials for each discovery address or static target.
When configuring CHAP parameters, make sure that they match the parameters on the storage side. For
software iSCSI, the CHAP name should not exceed 511 and the CHAP secret 255 alphanumeric characters.
Prerequisites
CHAP.
Procedure
3 Select the software iSCSI initiator to configure and click Properties.
4 Select either Dynamic Discovery tab or Static Discovery tab.
5 From the list of available targets, select a target you want to configure and click Settings > CHAP.
b Select one of the following options:

n Do not use CHAP unless required by target
n Use CHAP. To be able to configure mutual CHAP, you must select this option.
c Specify the CHAP name.
d Enter a one-way CHAP secret to be used as part of authentication. Make sure to use the same secret
CHAP:
b Select Use CHAP.
VMware, Inc. 39
c Specify the mutual CHAP name.
d Enter the mutual CHAP secret. Make sure to use different secrets for the one-way CHAP and mutual
CHAP.
8 Click OK.
Disable CHAP
You can disable CHAP if your storage system does not require it.
If you disable CHAP on a system that requires CHAP authentication, existing iSCSI sessions remain active
until you reboot your ESX/ESXi host or the storage system forces a logout. After the session ends, you can no
longer connect to targets that require CHAP.
Procedure
1 Open the CHAP Credentials dialog box.
2 For software iSCSI, to disable just the mutual CHAP, select Do not use CHAP under Mutual CHAP.
3 To disable one-way CHAP, select Do not use CHAP under CHAP.
The mutual CHAP, if set up, automatically turns to Do not use CHAP when you disable the one-way
CHAP.
4 Click OK.
Configuring Additional Parameters for iSCSI

You might need to configure additional parameters for your iSCSI initiators. For example, some iSCSI storage
systems require ARP (Address Resolution Protocol) redirection to move iSCSI traffic dynamically from one
port to another. In this case, you must activate ARP redirection on your host.
Do not make any changes to the advanced iSCSI settings unless you are working with the VMware support
team or otherwise have thorough information about the values to provide for the settings.
Table 2-2 lists advanced iSCSI parameters that you can configure using the vSphere Client. In addition, you
can use the vicfg-iscsi vSphere CLI command to configure some of the advanced parameters. For
information, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Table 2-2. Additional Parameters for iSCSI Initiators

Advanced
Parameter Description Configurable On
Header Digest Increases data integrity. When header digest is enabled, the system Software iSCSI
performs a checksum over each iSCSI Protocol Data Unit’s (PDU’s)
header part and verifies using the CRC32C algorithm.
Data Digest Increases data integrity. When data digest is enabled, the system Software iSCSI
performs a checksum over each PDU's data part and verifies using
the CRC32C algorithm.
NOTE Systems that use Intel Nehalem processors offload the iSCSI
digest calculations for software iSCSI, thus reducing the impact on
performance.
Maximum Defines the R2T (Ready to Transfer) PDUs that can be in transition Software iSCSI
Outstanding R2T before an acknowledge PDU is received.
40 VMware, Inc.
Table 2-2. Additional Parameters for iSCSI Initiators (Continued)

Advanced
Parameter Description Configurable On
First Burst Length Specifies the maximum amount of unsolicited data an iSCSI initiator Software iSCSI
can send to the target during the execution of a single SCSI command,
in bytes.
Maximum Burst Maximum SCSI data payload in a Data-In or a solicited Data-Out Software iSCSI
Length iSCSI sequence, in bytes.
Maximum Receive Maximum data segment length, in bytes, that can be received in an Software iSCSI
Data Segment Length iSCSI PDU.
ARP Redirect Allows storage systems to move iSCSI traffic dynamically from one Hardware iSCSI
port to another. ARP is required by storage systems that do array- (Configurable through
based failover. vSphere CLI)
Delayed ACK Allows systems to delay acknowledgment of received data packets. Software iSCSI
Configure Advanced Parameters for iSCSI

The advanced iSCSI settings control such parameters as header and data digest, ARP redirection, delayed ACK,
and so on. Generally, you do not need to change these settings because your ESX/ESXi host works with the
assigned predefined values.
CAUTION Do not make any changes to the advanced iSCSI settings unless you are working with the VMware
support team or otherwise have thorough information about the values to provide for the settings.
Procedure
2 Click Configuration tab and click Storage Adapters.
4 To configure advanced parameters at the initiator level, on the General tab, click Advanced. Proceed to
Step 6.
5 Configure advanced parameters at the target level.
At the target level, advanced parpameters can be configured only for software iSCSI.
a Select either the Dynamic Discovery tab or Static Discovery tab.
b From the list of available targets, select a target to configure and click Settings > Advanced.
6 Enter any required values for the advanced parameters you want to modify and click OK to save your
changes.
Add iSCSI Storage

When you create a datastore on an iSCSI storage device, the Add Storage wizard guides you through the
configuration.
Procedure
VMware, Inc. 41
The Select Disk/LUN page appears. This can take a few seconds depending on the number of targets.
5 Select the iSCSI device to use for your datastore and click Next.
6 Review the current disk layout and click Next.
7 Enter a datastore name and click Next.
The datastore name appears in the vSphere Client, and the label must be unique within the current
VMware vSphere instance.
8 If needed, adjust the file system values and capacity you use for the datastore.
By default, the entire free space available on the storage device is offered to you.
9 Click Next.
The Ready to Complete page appears.
10 Review the datastore configuration information and click Finish.
A datastore is now available on the iSCSI storage device.
42 VMware, Inc.
Modifying SAN Storage Systems for
ESX/ESXi 3
After you configure your iSCSI initiators and storage, you might need to modify your storage system to ensure
that it works properly with your ESX/ESXi implementation.
This section discusses many of the iSCSI storage systems supported in conjunction with VMware ESX/ESXi.
For each device, it lists major known potential issues, points to vendor-specific information (if available), or
includes information from VMware knowledge base articles.
NOTE Information in this section is updated only with each release. New information might already be
available. Also, other iSCSI storage systems are supported but are not covered in this chapter. Consult the most
recent Storage/SAN Compatibility Guide, check with your storage vendor, and explore the VMware knowledge
base articles.

n “Testing ESX/ESXi SAN Configurations,” on page 43
n “General Considerations for iSCSI SAN Storage Systems,” on page 44
n “EMC CLARiiON Storage Systems,” on page 44
n “EMC Symmetrix Storage Systems,” on page 45
n “Enable HP StorageWorks MSA1510i to Communicate with ESX/ESXi,” on page 45
n “HP StorageWorks EVA Storage Systems,” on page 46
n “NetApp Storage Systems,” on page 47
n “EqualLogic Storage Systems,” on page 49
n “LeftHand Networks SAN/iQ Storage Systems,” on page 49
n “Dell PowerVault MD3000i Storage Systems,” on page 49
Testing ESX/ESXi SAN Configurations

ESX/ESXi supports a variety of SAN storage systems in different configurations. Generally, VMware tests ESX/
ESXi with supported storage systems for basic connectivity, HBA failover, and so on.
Not all storage devices are certified for all features and capabilities of ESX/ESXi, and vendors might have
specific positions of support with regard to ESX/ESXi.
VMware, Inc. 43
VMware tests ESX/ESXi with storage systems in the following configurations:
Basic Connectivity Tests whether ESX/ESXi can recognize and operate with the storage system.
This configuration does not allow for multipathing or any type of failover.
HBA Failover The server is equipped with multiple HBAs connecting to one or more SAN
switches. The server is robust to HBA and switch failure only.
Storage Port Failover The server is attached to multiple storage ports and is robust to storage port
failures and switch failures.
Booting from a SAN The ESX host boots from a LUN configured on the SAN rather than from the
(with ESX hosts only) server itself.
General Considerations for iSCSI SAN Storage Systems

When you prepare your iSCSI SAN storage system to work with ESX/ESXi, you need to follow specific general
requirements that apply to all storage systems.
For all storage systems, the following general requirements exist:

n LUNs must be presented to each HBA of each host with the same LUN ID number. If different numbers
are used, the ESX/ESXi hosts do not recognize different paths to the same LUN. Because instructions on
how to configure identical SAN LUN IDs are vendor-specific, consult your storage documentation for
more information.
n Unless specified for individual storage systems discussed in this chapter, set the host type for LUNs
presented to ESX/ESXi to Linux or Linux Cluster, if applicable to your storage system. The method ESX/
ESXi uses to access the storage system is most compatible with Linux access, however, this can vary
depending on the storage system you are using.
n If you are using VMotion, DRS, or HA, make sure that source and target hosts for virtual machines can
see the same LUNs with identical LUN IDs. SAN administrators might find it counterintuitive to have
multiple hosts see the same LUNs because they might be concerned about data corruption. However,
VMFS prevents multiple virtual machines from writing to the same file at the same time, so provisioning
the LUNs to all required ESX/ESXi system is appropriate.
n If you do not have CHAP authentication set up on the LUNs that are being accessed, you must also disable
CHAP on the ESX/ESXi host. Otherwise, authentication of the storage system fails, although the LUNs
have no CHAP requirement.
EMC CLARiiON Storage Systems

EMC CLARiiON storage systems work with ESX/ESXi hosts in iSCSI SAN configurations. Generally, you use
the EMC software to perform configurations.
For more information, see the EMC documentation.
This is an active-passive disk array, so any related issues that apply to all active-passive disk arrays are relevant.
In addition, keep in mind the following:
n To avoid the possibility of path thrashing, the default multipathing policy is Most Recently Used, not
Fixed. The ESX/ESXi system sets the default policy when it identifies the storage system.
n To boot from a SAN, choose the active storage processor for the boot LUN’s target in the HBA BIOS.
n On EMC CLARiiON AX100i and AX150i systems, RDMs are supported only if you use the Navisphere
Management Suite for SAN administration. Navisphere Express is not guaranteed to configure them
properly.
To use RDMs successfully, a given LUN must be presented with the same LUN ID to every ESX/ESXi host
in the cluster. The AX100i and AX150i do not do this by default.
44 VMware, Inc.
Chapter 3 Modifying SAN Storage Systems for ESX/ESXi
n When you use an AX100i or AX150i storage system, no host agent periodically checks the host
configuration and pushes changes to the storage system. The axnaviserverutil cli utility is used to
update the changes. This is a manual operation that you should perform as needed.
n EMC CLARiiON storage systems do not support port binding.
EMC Symmetrix Storage Systems

To work with ESX/ESXi, EMC Symmetrix storage systems require certain specific settings. Use EMC software
to configure the storage system. For information, see your EMC documentation.
The following settings are required for ESX/ESXi operations on the Symmetrix networked storage system:
n Common serial number (C)
n Auto negotiation (EAN) enabled
n SCSI 3 (SC3) set (enabled)
n Unique world wide name (UWN)
n SPC-2 (Decal) (SPC2) SPC-2 flag is required
NOTE The ESX/ESXi host considers any LUNs from a Symmetrix storage system that have a capacity of 50MB
or less as management LUNs. These LUNs are also known as pseudo or gatekeeper LUNs. These LUNs appear
in the EMC Symmetrix Management Interface and should not be used to hold data.
Enable HP StorageWorks MSA1510i to Communicate with ESX/ESXi

This section describes the setup and configuration steps needed to allow an HP StorageWorks MSA1510i
storage system to communicate with ESX/ESXi hosts.
Procedure
1 Install, connect, and power up the network devices as detailed in the vendor installation document.
2 Obtain the IP address assigned to the MSA1510i controller management port.
a Scroll through the messages on the LCD panel until the following message appears: 603 Port MA0 IP
<address>
b Record the management port IP address that appears in Basic MSA1510i information.
3 From the server or a workstation on the MSA1510i LAN segment, open a Web browser and enter the
address obtained in the previous step.
4 When prompted, enter the default access permissions.

n User name: root
n Password: root
5 When prompted, set a unique user name and password.
VMware, Inc. 45
6 Using the wizard, complete the following actions.
Option Description
Storage configuration a Set the Fault Tolerant mode (RAID mode).
b Assign a spare disk for appropriate RAID level.
iSCSI configuration (configure an a Select a data port.
iSCSI portal) b Assign an IP address to the data port.
c VLANs are set up on the switch and are used as one method of
controlling access to the storage. If you are using VLANs, enter the
VLAN ID to use (0 = not used).
d The wizard suggests a default iSCSI Target Name and iSCSI Target Alias.
Accept the default or enter user-defined values.
NOTE To configure the remaining data ports, complete the Initial System
Configuration Wizard process, and then use tasks available on the Configure
tab.
Login settings
Management settings
7 Click Finish to apply the configuration settings.
NOTE Wizards are available for basic configuration tasks only. Use the Manage and Configure tabs to view
and change your configuration.
What to do next
After initial setup, perform the following tasks to complete the configuration:
n Create an array.
n Create a logical drive.
n Create a target.
n Create a portal group.
n Associate or assign the portals created using the wizard with the portal group created.
n Map logical drives to the target.
n Add initiators (initiator IQN name and alias).
n Update the ACLs of the logical drives to provide access to initiators (select the list of initiators to access
the logical drive).
HP StorageWorks EVA Storage Systems

The two types of HP StorageWorks EVA systems are EVA_GL, an active-passive system, and EVA_XL, an
active-active system. For the systems to work with ESX/ESXi, certain specific settings are required.
Set the connection type to Custom when you present a LUN to an ESX/ESXi host. The value is one of the
following:
n For HP EVAgl 3000/5000 (active-passive), use the 000000002200282E host mode type.
n For HP EVAgl firmware 4.001 (active-active firmware for GL series) and above, use the VMware host mode
type.
46 VMware, Inc.
n For EVA4000/6000/8000 active-active arrays with firmware earlier than 5.031, use the 000000202200083E
host mode type.
n For EVA4000/6000/8000 active-active arrays with firmware 5.031 and later, use the VMware host mode type.
Otherwise, EVA systems do not require special configuration changes to work with an ESX/ESXi system.
NetApp Storage Systems

For NetApp storage systems to communicate within an ESX/ESXi environment, you must perform specific
configuration steps.
For additional documentation on NetApp and VMware best practices and SAN solutions, search the NetApp
web page.
Table 3-1. Configuration Steps

Configuration Step Description
Disable ALUA. If any of your iSCSI initiators are a part of an initiator group (igroup), disable ALUA on the
NetApp filter.
Set up multipathing. When you set up multipathing between two iSCSI HBAs and multiple ports on a NetApp
storage system, give the two HBAs different dynamic or static discovery addresses to connect
to the storage.
The NetApp storage system only permits one connection for each target and each initiator.
Attempts to make additional connections cause the first connection to drop. Therefore, a
single HBA should not attempt to connect to multiple IP addresses associated with the same
NetApp target.
Set LUN type and initiator Set the appropriate LUN type and initiator group type for the storage system:
group type. n LUN type – VMware (if VMware type is not available, use Linux).
n Initiator group type – VMware (if VMware type is not available, use Linux).
Provision storage. Use either FilerView or CLI.
Provision Storage by Using FilerView Storage Management

You can use FilerView to provision storage on a NetApp storage system.
Procedure
1 Log in to NetApp storage system management (FilerView).
2 Create a volume.
a Select Volumes and click Add.
b Click Next.
c Select Flexibility (Default) or Traditional, then click Next.
d Enter a Volume Name, select a Language, and click Next.
e Enter values for Containing Aggregate, Total Volume Size, and Space Guarantee and click Next.
f Click Commit to create the volume.
3 Create LUNs.
a Select LUNs and click Add.
b Enter the following:

n Path: Enter a path, for example, /vol/vol1/lun1.
n LUN Protocol Type: VMware.
VMware, Inc. 47
n Description: A brief description.

n Size and Unit: Enter a size, for example, 10GB and select Space Reserved.
a Select LUNs > Initiator Group and click Add.
b Enter the following:

n Group Name: Enter a group name
n Type: Choose iSCSI.
n Operating System: Enter VMware.
n Initiators: Enter fully qualified initiator names. If there is more than one initiator, each initiator
has to be separated with a return carriage.
c Click Add.
5 Map the LUN to the initiator group.
a Select LUNs and click Manage.
A LUNs list appears.
b From this list, click the label on the Maps row for the specific LUNs.
c Click Add Groups to Map.
d Select the initiator group and click Add.
e When prompted, enter the LUN ID (any number from 0 to 255) and click Apply.
Provision Storage by Using Command-Line Interface

You can use command-line interface to provision storage on a NetApp storage system.
Procedure
1 Use command-line interface to create an aggregate if required.

aggr create <vmware-aggr><number of disks>
2 Create a flexible volume.

vol create <aggregate name><volume size>
3 Create a Qtree to store each LUN.

qtree create <path>
4 Create a LUN.
lun create -s <size> -t vmware <path>

igroup create -f -t vmware <igroup name>
6 Map the LUN to the initiator group you created.

lun map (<path>) <igroup name><LUN ID>
48 VMware, Inc.
EqualLogic Storage Systems

When setting up your EqualLogic storage systems to work in an ESX/ESXi implementation, you must address
certain specific issues.
The following are specific requirements for EqualLogic storage systems to work with ESX/ESXi:
n Multipathing. No special setup is needed because EqualLogic storage systems support storage-processor
failover that is transparent to iSCSI. Multiple iSCSI HBAs or NICs can connect to the same target or LUN
on the storage side.
n Creating iSCSI LUNs. From the EqualLogic web portal, right-click Volumes, and then select Create
Volume.
n Enable ARP redirection for ESX/ESXi hardware iSCSI HBAs.
n EqualLogic storage systems impose a maximum limit of 512 iSCSI connections per storage pool and 2048
connections per storage group.
For more information about configuring and using EqualLogic storage systems, see the vendor’s
documentation.
LeftHand Networks SAN/iQ Storage Systems

SAN/iQ SANs support ESX/ESXi iSCSI connections from a software initiator and hardware initiator.
When configuring SAN/iQ, enable automatic volume resignaturing for SAN/iQ storage devices to allow access
to SAN/iQ snapshots and remote copies.
For more information on configuring LeftHand Networks SANs for VMware vSphere, see the vendor
documentation related to VMware.
Basic configuration steps include several tasks.
1 Install SAN/iQ storage nodes.
2 Create SAN/iQ management groups and clusters.
3 Create volumes.
4 Assign volumes to authentication groups and volume lists.
5 Enable ARP redirection on hardware iSCSI HBAs.
As a best practice, configure virtual IP load balancing in SAN/iQ for all ESX/ESXi authentication groups.
Dell PowerVault MD3000i Storage Systems

When you configure mutual CHAP for the MD3000i iSCSI storage systems, special considerations that apply.
When you configure mutual CHAP for the MD3000i iSCSI array, follow these guidelines:
n On the MD3000i storage system, mutual CHAP configuration requires only a CHAP secret.
n On the ESX/ESXi host, mutual CHAP configuration requires both the name and CHAP secret. When
configuring mutual CHAP on the ESX/ESXi host, enter the IQN name of the target as the mutual CHAP
name. Make sure the CHAP secret matches the one set on the array.
VMware, Inc. 49
50 VMware, Inc.
Booting from an iSCSI SAN with ESX
Systems 4
If you use ESX host, you can set up your system to boot from a SAN. The boot image is not stored on the ESX
system’s local disk, but instead is stored on a SAN LUN. You can boot from a SAN only with hardware iSCSI.

n “Booting from a SAN Overview,” on page 51
n “Enable Booting from a SAN,” on page 52
Booting from a SAN Overview

When booting from a SAN, the boot image of the ESX host is installed on one or more LUNs in the SAN storage
system. When the host starts, it boots from the LUN on the SAN storage system.
NOTE When you boot from a SAN in conjunction with a VMware ESX system, each server must have its own
boot LUN.
Only ESX hosts with hardware iSCSI initiators can boot from SAN.
Figure 4-1. How Booting from a SAN Works

host
service
console VMkernel
hardware
iSCSI
initiator
(HBA)
LAN
storage array
boot disk
VMware, Inc. 51
Benefits of Booting from a SAN

Booting your ESX host from a SAN provides numerous benefits.
The benefits of booting from SAN include:

n Cheaper servers – Servers can be more dense and run cooler without internal storage.
n Easier server replacement – You can replace servers and have the new server point to the old boot location.
n Less wasted space.
n Easier backup processes – The system boot images in the SAN can be backed up as part of the overall SAN
backup procedures.
n Improved management – Creating and managing the operating system image is easier and more efficient.
Deciding to Boot from a SAN

Before you consider how to set up your ESX host for booting from a SAN, decide whether it makes sense for
your environment.
Boot from a SAN:

n If you do not want to handle maintenance of local storage.
n When you need easy cloning of service consoles.
n In diskless hardware configurations, such as on some blade systems.
Do not boot from a SAN if you risk I/O contention between the service console and VMkernel.
Enable Booting from a SAN

You must complete several tasks to enable booting from SAN on an ESX host.
Procedure
1 Review any vendor configuration recommendations that apply to the storage system or the server booting
from SAN.
2 Configure the hardware elements of your storage network, including SAN and HBAs.
3 Configure ACLs on your storage system.
Proper access control on the storage systems is important when an ESX host is booting from iSCSI.
n Boot LUNs should only be visible to the server using that LUN to boot. No other server or system on
the SAN should be permitted to see that boot LUN.
n Multiple ESX hosts can share a diagnostic partition. ACLs on the storage systems can allow you to
do this.
4 Choose the location for the diagnostic partition.
Diagnostic partitions can be put on the same LUN as the boot partition. Core dumps are stored in
diagnostic partitions. If a diagnostic partition is configured in the boot LUN, this LUN cannot be shared
between multiple hosts
5 Set up your ESX to boot from CD-ROM first because the VMware installation CD is in the CD-ROM drive.
To achieve this, change the system boot sequence in your system BIOS setup.
52 VMware, Inc.
Chapter 4 Booting from an iSCSI SAN with ESX Systems
Prepare the SAN

Before you configure the iSCSI HBAs to boot from a SAN, first prepare your storage area network by checking
the cabling and switch wiring and configuring the storage system.
CAUTION If you use scripted installation to install ESX when booting from a SAN, you must take special steps
to avoid unintended data loss. See VMware knowledge base article 1540.
Procedure
1 Connect network cables, referring to any cabling guide that applies to your setup.
2 Ensure IP connectivity between your storage system and server.
This includes proper configuration of any routers or switches on your storage network. Storage systems
must be able to ping the iSCSI HBAs in your ESX hosts.
3 Configure the storage system.
a Create a volume (or LUN) on the storage system for ESX to boot from.
b Configure the storage system so that the ESX system has access to the assigned LUN.
This could involve updating ACLs with the IP addresses, iSCSI names, and the CHAP authentication
parameter you use on the ESX system. On some storage systems, in addition to providing access
information for the ESX host, you must also explicitly associate the assigned LUN with the host.
c Ensure that the LUN is presented to the ESX system as LUN 0. The host can also boot from LUN 255.
On storage systems that present volumes as multiple targets rather than multiple LUNs, the volumes
are always presented as LUN 0.
d Ensure that no other system has access to the configured LUN.
e Record the iSCSI name and IP addresses of the targets assigned to the ESX host.
You must have this information to configure your iSCSI HBA.
Configure iSCSI HBAs to Boot from a SAN

This topic discusses how to configure a QLogic iSCSI HBA for booting from a SAN.
On a system set up to boot from a SAN:

n The system BIOS must designate the iSCSI card as the boot controller.
n The BIOS must be enabled on the iSCSI HBA to locate the target boot LUN.
Procedure
1 During server POST, press Crtl+q to enter the QLogic iSCSI HBA configuration menu.
2 Select the I/O port to configure.
By default, the Adapter Boot mode is set to Disable.
3 Configure the HBA.
a From the Fast!UTIL Options menu, select Configuration Settings > Host Adapter Settings.
b Configure the following settings for your host adapter: initiator IP address, subnet mask, gateway,
initiator iSCSI name, and CHAP (if required).
VMware, Inc. 53
4 Configure iSCSI Boot Settings.
a From the Fast!UTIL Options menu, select Configuration Settings > iSCSI Boot Settings.
b Before you can set SendTargets, set Adapter Boot mode to Manual.
c Select Primary Boot Device Settings.
1 Enter the discovery Target IP and Target Port.
2 You can leave the Boot LUN and iSCSI Name fields blank if only one iSCSI target and one LUN
are at the specified address to boot from. Otherwise, you must specify these fields to ensure that
you do not boot from a volume for some other system. After the target storage system is reached,
these fields will be populated after a rescan.
3 Save changes.
d From the iSCSI Boot Settings menu, select the primary boot device. An auto rescan of the HBA is
made to find new target LUNS.
e Select the iSCSI target.
NOTE If more then one LUN exists within the target, you can choose a specific LUN ID by pressing
Enter after you locate the iSCSI device.
f Return to the Primary Boot Device Setting menu. After the rescan, the Boot LUNand iSCSI Name
fields are populated. Change the value of Boot LUN to the desired LUN ID.
5 Save your changes and restart the system.
What to do next
For more information and more up-to-date details about QLogic host adapter configuration settings, see the
QLogic host adapter readme file at the QLogic web site.
54 VMware, Inc.
Managing ESX/ESXi Systems That Use
SAN Storage 5
This section helps you manage your ESX/ESXi system, use SAN storage effectively, and perform
troubleshooting. It also explains how to find information about storage devices, adapters, multipathing, and
so on.

n “Viewing Storage Adapter Information,” on page 55
n “Viewing Storage Device Information,” on page 56
n “Viewing Datastore Information,” on page 58
n “Resolving Display Issues,” on page 59
n “Path Scanning and Claiming,” on page 61
n “Sharing Diagnostic Partitions,” on page 66
n “Avoiding and Resolving SAN Problems,” on page 66
n “Optimizing SAN Storage Performance,” on page 67
n “Resolving Performance Issues,” on page 70
n “SAN Storage Backup Considerations,” on page 73
Viewing Storage Adapter Information

In the vSphere Client, you can display storage adapters that your host uses and review their information.
When you list all available adapters, you can see their models, types, such as Fibre Channel, Parallel SCSI, or
iSCSI, and, if available, their unique identifiers.
As unique identifiers, iSCSI adapters use iSCSI names.
When you display details for each iSCSI adapter, you see the following information. Certain adapters might
need to be configured or enabled before you can view their information.

Targets Number of targets accessed through the adapter.
iSCSI Name A unique name formed according to iSCSI standards that identifies the iSCSI adapter.
iSCSI Alias A friendly name used instead of the iSCSI name.
VMware, Inc. 55
Table 5-1. Storage Adapter Information (Continued)

IP Address An address assigned to the iSCSI adapter.
View Storage Adapter Information

Use the vSphere Client to display storage adapters and review their information.
Procedure
Copy Storage Adapter Names to Clipboard

You can copy the name of an adapter to a clipboard directly from the UI.
Procedure
5 In the Details panel, right-click the value in the name field, and select Copy.
Viewing Storage Device Information

For each storage adapter, you can display a separate list of storage devices accessible just through this adapter.
When you review a list of storage devices, you typically see the following information.
Table 5-2. Storage Device Information

Name A friendly name that the host assigns to the device based on the storage type and
manufacturer.
Identifier A universally unique identifier that is intrinsic to the storage device.
56 VMware, Inc.
Table 5-2. Storage Device Information (Continued)

Owner The plugin, such as the NMP or a third-party plugin, the host uses to manage the storage
device.


In the vSphere Client, each storage device, or LUN, is identified by several names.
Name A friendly name that the host assigns to a device based on the storage type and
manufacturer. You can modify the name using the vSphere Client.
Identifier A universally unique identifier that the host extracts from the storage.
Depending on the type of storage, the host uses different algorithms to extract
the identifier. The identifier is persistent across reboots and is the same for all
hosts sharing the device.
host. The name is not a reliable identifier for the device, and is not persistent.
The runtime name has the following format:
vmhba#:C#:T#:L#, where
Software iSCSI initiators use the channel number to show multiple paths
to the same target.
Targets that are shared by different hosts might not have the same target
number.


Procedure
VMware, Inc. 57
4 Click Devices.

For each storage adapter on your host, you can display a list of storage devices accessible just through this
adapter.
Procedure
5 Click Devices.
Copy Storage Device Identifiers to Clipboard

A storage device identifier is a universally unique ID that the host assigns to a storage device or LUN.
Depending on the type of storage, the host uses different algorithms to create the identifier and it can become
quite long and complex. You can copy the storage device identifier directly from the UI.
Procedure
1 Display a list of storage devices.
2 Right-click a device and select Copy identifier to clipboard.
Viewing Datastore Information

You can view a list of available datastores and analyze their properties.
The Datastores pane shows summary information about the datastore.

n Target storage device where the datastore is located.
n File system the datastore uses.
n Total capacity and available space.
For each datastore, you can also review the following details:
n Location of the datastore.
n Total capacity, including the used and available space.
n Individual extents that the datastore spans and their capacity. To view extent details, click Properties and
select the Extents panel.
n Paths used to access the storage device.
58 VMware, Inc.

Use the vSphere Client to review datastore properties.
Procedure
Resolving Display Issues

When you use the vSphere Client to view storage devices available to your ESX/ESXi host and the output
differs from what you expect, perform troubleshooting tasks.
Perform the following troubleshooting tasks if you have display issues.
Table 5-3. Troubleshooting iSCSI LUN Display

Troubleshooting Task Description
Check cable connectivity. If you do not see a port, the problem could be cable connectivity or routing. Check the cables
first. Ensure that cables are connected to the ports and a link light indicates that the
connection is good. If each end of the cable does not show a good link light, replace the cable.
Check routing settings. Controls connectivity between different subnets on your Ethernet configuration. If your ESX/
ESXi system and iSCSI storage are not on the same subnet, ensure that appropriate routing
exists between the subnets. Also, ensure that the subnet mask and gateway address are set
correctly on the iSCSI storage and the iSCSI initiator in the ESX/ESXi host.
Check access control If the expected LUNs do not appear after rescan, access control might not be configured
configuration. correctly on the storage system side:
n If CHAP is configured, ensure that it is enabled on the ESX/ESXi host and matches the
storage system setup.
n If IP-based filtering is used, ensure that the iSCSI HBA or the VMkernel port group IP
address and service console IP address are allowed.
n If you are using initiator name-based filtering, ensure that the name is a qualified iSCSI
name and matches the storage system setup.
n For booting from a SAN, ensure that each ESX host sees only required LUNs. Do not
allow any ESX host to see any boot LUN other than its own. Use storage system software
to make sure that the ESX host can see only the LUNs that it is supposed to see.
n Ensure that the Disk.MaxLUN setting allows you to view the LUN you expect to see.
Check storage processor If a storage system has more than one storage processor, make sure that the SAN switch has
setup. a connection to the SP that owns the LUNs you want to access. On some storage systems,
only one SP is active and the other SP is passive until a failure occurs. If you are connected
to the wrong SP (the one with the passive path) you might not see the expected LUNs, or
you might see the LUNs but get errors when trying to access them.
For software iSCSI, check The software iSCSI initiator in ESX/ESXi requires that a VMkernel network port have access
network configuration. to the iSCSI storage. The software initiator uses the VMkernel for data transfer between the
ESX/ESXi system and the iSCSI storage.
Rescan your iSCSI initiator. Perform a rescan each time you complete the following tasks:
n Change the LUN masking on an ESX/ESXi host storage system.
n Change CHAP settings or add new discovery addresses.
VMware, Inc. 59

displayed in the vSphere Client. When you make changes in your ESX/ESXi host or SAN configuration, you
need to use the rescan operation.
n Change CHAP settings or add new discovery addresses.

When you make changes in your ESX/ESXi host or SAN configuration, you might need to rescan your storage
Procedure
IMPORTANT On ESXi, it is not possible to rescan a single storage adapter. If you rescan a single adapter,
all adapters are rescanned.
New VMFS Volumes.
60 VMware, Inc.
Change the Number of Scanned LUNs

By default, the VMkernel scans for LUN 0 to LUN 255 for every target (a total of 256 LUNs). You can modify the
Disk.MaxLUN parameter to improve LUN discovery speed.
IMPORTANT You cannot discover LUNs with a LUN ID number that is greater than 255.
Reducing the value can shorten rescan time and boot time. However, the time to rescan LUNs might depend
on other factors, including the type of storage system and whether sparse LUN support is enabled.
Procedure
Settings.
2 Select Disk.
3 Scroll down to Disk.MaxLUN.
4 Change the existing value to the value of your choice, and click OK.
The value you enter specifies the LUN after the last one you want to discover.
For example, to discover LUNs from 0 through 31, set Disk.MaxLUN to 32.
Disable Sparse LUN Support

You can disable the default sparse LUN support to decrease the time ESX/ESXi needs to scan for LUNs.
The VMkernel provides sparse LUN support by default. The sparse LUN support enables the VMkernel to
perform uninterrupted LUN scanning when a storage system presents LUNs with nonsequential LUN
numbering, for example 0, 6, and 23. If all LUNs that your storage system presents are sequential, you can
disable the sparse LUN support.
Procedure
Settings.
2 In the Advanced Settings dialog box, select Disk.
3 Scroll down to Disk.SupportSparseLUN, change the value to 0, and click OK.

When you start your ESX/ESXi host or rescan your storage adapter, the host discovers all physical paths to
storage devices available to the host. Based on a set of claim rules defined in the /etc/vmware/esx.conf file,
the host determines which multipathing plugin (MPP) should claim the paths to a particular device and become
VMware, Inc. 61
You can find some information about modifying claim rules in Appendix C, “Managing Storage Paths and
Multipathing Plugins,” on page 83.

Use the vSphere Client to determine which SATP and PSP the ESX/ESXi host uses for a specific storage device
and the status of all available paths for this storage device. You can access the path information from both, the
deployed on.
NOTE For hosts that run ESX/ESXi 3.5 or earlier, the term active means the only
path that the host is using to issue I/O to a LUN.

Procedure
62 VMware, Inc.

Procedure

For each storage device, the ESX/ESXi host sets the path selection policy based on the claim rules defined in
the /etc/vmware/esx.conf file.
devices.
physical paths.

or failure when another SP now owns the LUN.

selected.
VMware, Inc. 63

Procedure
n Fixed (VMware)
Disable Paths
Procedure
Disable.
Path Management and Manual, or Static, Load Balancing

Balancing loads among available paths improves performance. With both active/active and active/passive
storage arrays, you can set up your host to use different paths to different LUNs so that your adapters are being
used evenly.
If a path fails, the surviving paths carry all the traffic. Path failover might take a minute or more, because the
SAN might converge with a new topology to try to restore service. This delay is necessary to allow the SAN
to stabilize its configuration after topology changes.
With active/active storage arrays, you can configure your ESX/ESXi host to load balance traffic across multiple
adapters by assigning preferred paths to your LUNs. Path policy must be set to Fixed.
The following example demonstrates how manual load balancing is performed with an active/active array.
Assume the following setup, shown in Figure 5-1.

n Active/Active SPs
n An ESX/ESXi system
n Two iSCSI HBAs
64 VMware, Inc.
Figure 5-1. Manual Load Balancing with iSCSI

ESX/ESXi
HBA1 HBA2
IP network
SP1 SP2
1 2 3 4
storage array
For load balancing, set the preferred paths as follows.

With active/passive arrays, you can perform load balancing if the array supports two active paths and the HBA
ports can access both SPs in an array.
NOTE Active/passive arrays use the MRU path policy which does not have a preferred path. If a path failure
occurs, there is no failback. As a result, static load balancing can become out of balance over time.
Set Guest Operating System Timeout

Increase the standard disk timeout value so that a Windows guest operating system is not extensively disrupted
during a path failover.
Path failover occurs when the active path to a LUN is changed from one path to another, usually because of
some SAN component failure along the current path.
I/O might pause for 30 to 60 seconds until the iSCSI driver determines that the link is unavailable and until
failover is complete. As a result, the virtual machines (with their virtual disks installed on SAN storage) can
appear unresponsive. If you attempt to display the host, its storage devices, or its adapter, the operation might
appear to stall. After failover is complete, I/O resumes normally.
In case of multiple breakages, all connections to SAN storage devices might be lost. If none of the connections
to the storage device is working, some virtual machines might encounter I/O errors on their virtual SCSI disks.
For Windows 2000 and Windows Server 2003 guest operating systems, you can set operating system timeout
by fusing the registry.
Procedure
1 Back up your Windows registry.
3 From the command prompt type regedit.exe, and click OK.
4 In the left-panel hierarchy view, double-click HKEY_LOCAL_MACHINE, then System, then

CurrentControlSet, then Services, and then Disk.
VMware, Inc. 65
5 Select the TimeOutValue and set the data value to x03c (hexadecimal) or 60 (decimal).
After you make this change, Windows waits at least 60 seconds for delayed disk operations to complete
before it generates errors.
6 Click OK to exit the Registry Editor.
Sharing Diagnostic Partitions

Generally, you use the local disc of your ESX/ESXi host as a diagnostic partition. If you have diskless ESX
servers that boot from a SAN, multiple hosts can share one diagnostic partition on the same SAN LUN.
If more than one ESX/ESXi system uses the same LUN as the diagnostic partition, that LUN must be zoned so
that all the servers can access it.
Each server needs 100MB of space, so the size of the LUN determines how many servers can share it. Each
ESX/ESXi system is mapped to a diagnostic slot. VMware recommends at least 16 slots (1600MB) of disk space
if servers share a diagnostic partition.
If there is only one diagnostic slot on the device, all ESX/ESXi systems sharing that device map to the same
slot. This setup can easily create problems. If two ESX/ESXi systems perform a core dump at the same time,
the core dumps are overwritten on the last slot on the diagnostic partition.
If you allocate enough disk space for 16 slots, it is unlikely that core dumps are mapped to the same location
on the diagnostic partition, even if two ESX/ESXi systems perform a core dump at the same time.
Avoiding and Resolving SAN Problems

When using ESX/ESXi in conjunction with a SAN, you must follow specific guidelines to avoid SAN problems.
You should observe these tips for avoiding and resolving problems with your SAN configuration:
n Place only one VMFS datastore on each LUN. Multiple VMFS datastores on one LUN is not recommended.
n Do not change the path policy the system sets for you unless you understand the implications of making
such a change. In particular, working with an active-passive array and setting the path policy to Fixed can
lead to path thrashing.
n Document everything. Include information about configuration, access control, storage, switch, server
and iSCSI HBA configuration, software and firmware versions, and storage cable plan.
n Plan for failure:
n Make several copies of your topology maps. For each element, consider what happens to your SAN
if the element fails.
n Cross off different links, switches, HBAs and other elements to ensure you did not miss a critical
failure point in your design.
n Ensure that the iSCSI HBAs are installed in the correct slots in the ESX/ESXi host, based on slot and bus
speed. Balance PCI bus load among the available busses in the server.
n Become familiar with the various monitor points in your storage network, at all visibility points, including
ESX/ESXi performance charts, Ethernet switch statistics, and storage performance statistics.
n Be cautious when changing IDs of the LUNs that have VMFS datastores being used by your ESX/ESXi
host. If you change the ID, virtual machines running on the VMFS datastore will fail.
If there are no running virtual machines on the VMFS datastore, after you change the ID of the LUN, you
must use rescan to reset the ID on your host. For information on using rescan, see “Rescan Storage
Adapters,” on page 60.
66 VMware, Inc.
Optimizing SAN Storage Performance

Several factors contribute to optimizing a typical SAN environment.
If the network environment is properly configured, the iSCSI components provide adequate throughput and
low enough latency for iSCSI initiators and targets. If the network is congested and links, switches or routers
are saturated, iSCSI performance suffers and might not be adequate for ESX/ESXi environments.
Storage System Performance

Storage system performance is one of the major factors contributing to the performance of the entire iSCSI
environment.
If issues occur with storage system performance, consult your storage system vendor’s documentation for any
relevant information.
When you assign LUNs, remember that you can access each LUN through a number of ESX/ESXi hosts, and
that a number of virtual machines can run on each host. One LUN used by an ESX/ESXi host can service I/O
from many different applications running on different operating systems. Because of this diverse workload,
the RAID group that contains the ESX/ESXi LUNs should not include LUNs that other hosts use that are not
running ESX/ESXi for I/O intensive applications.
Enable read caching and write caching.
Load balancing is the process of spreading server I/O requests across all available SPs and their associated host
server paths. The goal is to optimize performance in terms of throughput (I/O per second, megabytes per
second, or response times).
SAN storage systems require continual redesign and tuning to ensure that I/O is load balanced across all storage
system paths. To meet this requirement, distribute the paths to the LUNs among all the SPs to provide optimal
load balancing. Close monitoring indicates when it is necessary to manually rebalance the LUN distribution.
Tuning statically balanced storage systems is a matter of monitoring the specific performance statistics (such
as I/O operations per second, blocks per second, and response time) and distributing the LUN workload to
spread the workload across all the SPs.
NOTE Dynamic load balancing is not currently supported with ESX/ESXi.
Server Performance
You must consider several factors to ensure optimal server performance.
Each server application must have access to its designated storage with the following conditions:
n High I/O rate (number of I/O operations per second)
n High throughput (megabytes per second)
n Minimal latency (response times)
Because each application has different requirements, you can meet these goals by choosing an appropriate
RAID group on the storage system. To achieve performance goals, perform the following tasks:
n Place each LUN on a RAID group that provides the necessary performance levels. Pay attention to the
activities and resource utilization of other LUNS in the assigned RAID group. A high-performance RAID
group that has too many applications doing I/O to it might not meet performance goals required by an
application running on the ESX/ESXi host.
n Provide each server with a sufficient number of network adapters or iSCSI hardware adapters to allow
maximum throughput for all the applications hosted on the server for the peak period. I/O spread across
multiple ports provides higher throughput and less latency for each application.
VMware, Inc. 67
n To provide redundancy for software iSCSI, make sure the initiator is connected to all network adapters
used for iSCSI connectivity.
n When allocating LUNs or RAID groups for ESX/ESXi systems, multiple operating systems use and share
that resource. As a result, the performance required from each LUN in the storage subsystem can be much
higher if you are working with ESX/ESXi systems than if you are using physical machines. For example,
if you expect to run four I/O intensive applications, allocate four times the performance capacity for the
ESX/ESXi LUNs.
n When using multiple ESX/ESXi systems in conjunction with vCenter Server, the performance needed from
the storage subsystem increases correspondingly.
n The number of outstanding I/Os needed by applications running on an ESX/ESXi system should match
the number of I/Os the SAN can handle.
Network Performance
A typical SAN consists of a collection of computers connected to a collection of storage systems through a
network of switches. Several computers often access the same storage.
Figure 5-2 shows several computer systems connected to a storage system through an Ethernet switch. In this
configuration, each system is connected through a single Ethernet link to the switch, which is also connected
to the storage system through a single Ethernet link. In most configurations, with modern switches and typical
traffic, this is not a problem.
Figure 5-2. Single Ethernet Link Connection to Storage
When systems read data from storage, the maximum response from the storage is to send enough data to fill
the link between the storage systems and the Ethernet switch. It is unlikely that any single system or virtual
machine gets full use of the network speed, but this situation can be expected when many systems share one
storage device.
When writing data to storage, multiple systems or virtual machines might attempt to fill their links. As
Figure 5-3 shows, when this happens, the switch between the systems and the storage system has to drop data.
This happens because, while it has a single connection to the storage device, it has more traffic to send to the
storage system than a single link can carry. In this case, the switch drops network packets because the amount
of data it can transmit is limited by the speed of the link between it and the storage system.
Figure 5-3. Dropped Packets
1 Gbit
1 Gbit
1 Gbit
dropped packets
68 VMware, Inc.
Recovering from dropped network packets results in large performance degradation. In addition to time spent
determining that data was dropped, the retransmission uses network bandwidth that could otherwise be used
for current transactions.
iSCSI traffic is carried on the network by the Transmission Control Protocol (TCP). TCP is a reliable
transmission protocol that ensures that dropped packets are retried and eventually reach their destination.
TCP is designed to recover from dropped packets and retransmits them quickly and seamlessly. However,
when the switch discards packets with any regularity, network throughput suffers significantly. The network
becomes congested with requests to resend data and with the resent packets, and less data is actually
transferred than in a network without congestion.
Most Ethernet switches can buffer, or store, data and give every device attempting to send data an equal chance
to get to the destination. This ability to buffer some transmissions, combined with many systems limiting the
number of outstanding commands, allows small bursts from several systems to be sent to a storage system in
turn.
If the transactions are large and multiple servers are trying to send data through a single switch port, a switch's
ability to buffer one request while another is transmitted can be exceeded. In this case, the switch drops the
data it cannot send, and the storage system must request retransmission of the dropped packet. For example,
if an Ethernet switch can buffer 32KB on an input port, but the server connected to it thinks it can send 256KB
to the storage device, some of the data is dropped.
Most managed switches provide information on dropped packets, similar to the following:
*: interface is up
IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count
Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
* GigabitEthernet0/1 3 9922 0 0 476303000 62273 477840000 63677 0
In this example from a Cisco switch, the bandwidth used is 476303000 bits/second, which is less than half of
wire speed. In spite of this, the port is buffering incoming packets and has dropped quite a few packets. The
final line of this interface summary indicates that this port has already dropped almost 10,000 inbound packets
in the IQD column.
Configuration changes to avoid this problem involve making sure several input Ethernet links are not funneled
into one output link, resulting in an oversubscribed link. When a number of links transmitting near capacity
are switched to a smaller number of links, oversubscription is a possibility.
Generally, applications or systems that write a lot of data to storage, such as data acquisition or transaction
logging systems, should not share Ethernet links to a storage device. These types of applications perform best
with multiple connections to storage devices.
Figure 5-4 shows multiple connections from the switch to the storage.
Figure 5-4. Multiple Connections from Switch to Storage
1 Gbit
1 Gbit
1 Gbit
1 Gbit
VMware, Inc. 69
Using VLANs or VPNs does not provide a suitable solution to the problem of link oversubscription in shared
configurations. VLANs and other virtual partitioning of a network provide a way of logically designing a
network, but do not change the physical capabilities of links and trunks between switches. When storage traffic
and other network traffic end up sharing physical connections, as they would with a VPN, the possibility for
oversubscription and lost packets exists. The same is true of VLANs that share interswitch trunks. Performance
design for a SANs must take into account the physical limitations of the network, not logical allocations.
Resolving Performance Issues

The vSphere Client offers extensive facilities for collecting performance information. The information is
graphically displayed in the vSphere Client. The vSphere Client updates its display periodically.
You can also use the resxtop vSphere CLI command that allows you to examine how ESX/ESXi hosts use
resources. For information about resxtop, see the Resource Management Guide or vSphere Command-Line Interface
Checking Ethernet Switch Statistics

Many Ethernet switches provide different methods for monitoring switch health.
Switches that have ports operating near maximum throughput much of the time do not provide optimum
performance. If you have ports in your iSCSI SAN running near the maximum, reduce the load. If the port is
connected to an ESX/ESXi system or iSCSI storage, you can reduce the load by using manual load balancing.
If the port is connected between multiple switches or routers, consider installing additional links between these
components to handle more load. Ethernet switches also commonly provide information about transmission
errors, queued packets, and dropped Ethernet packets. If the switch regularly reports any of these conditions
on ports being used for iSCSI traffic, performance of the iSCSI SAN will be poor.
Resolving Path Thrashing

If your server is unable to access a LUN, or access is very slow, you might have a problem with path thrashing
(also called LUN thrashing). Path thrashing might occur when two hosts access the LUN through different SPs
and, as a result, the LUN is never actually available.
Only specific SAN configurations in conjunction with the following conditions can cause the path thrashing:
n You are working with an active-passive array. Path thrashing only occurs on active-passive arrays. For
active-active arrays or arrays that provide transparent failover, path thrashing does not occur.
n Two hosts access the same LUN using different storage processors (SPs). For example, the LUN is
configured to use the Fixed PSP. On Host A, the preferred path to the LUN is set to use a path through SP
A. On Host B, the preferred path to the LUN is configured to use a path through SP B.
Path thrashing can also occur if the LUN is configured to use either the Fixed PSP or the MRU PSP and Host
A can access the LUN only with paths through SP A, while Host B can access the LUN only with paths through
SP B.
This problem can also occur on a direct connect array (such as AX100) with HBA failover on one or more nodes.
Path thrashing is a problem that you typically do not experience with other operating systems:
n No other common operating system uses shared LUNs for more than two servers. That setup is typically
reserved for clustering.
n If only one server is issuing I/Os to the LUN at a time, path thrashing does not become a problem.
In contrast, multiple ESX/ESXi systems might issue I/O to the same LUN concurrently.
70 VMware, Inc.
Understanding Path Thrashing

The SPs in a storage array are like independent computers that have access to some shared storage. Algorithms
determine how concurrent access is handled.
For active/passive arrays, only one LUN at a time can access all the sectors on the storage that make up a given
LUN. The ownership is passed between the storage processors. Storage systems use caches and SP A must not
write anything to disk that invalidates the SP B cache. Because the SP has to flush the cache when it finishes
the operation, it takes a little time to move the ownership. During that time, neither SP can process I/O to the
LUN.
For active/active arrays, the algorithms allow more fine-grained access to the storage and synchronize caches.
Access can happen concurrently through any SP without extra time required.
Consider how path selection works:

n On an active/active array the ESX/ESXi system starts sending I/O down the new path.
n On an active/passive arrays, the ESX/ESXi system checks all standby paths. The SP of the path that is
currently under consideration sends information to the system on whether it currently owns the LUN.
n If the ESX/ESXi system finds an SP that owns the LUN, that path is selected and I/O is sent down that
path.
n If the ESX/ESXi host cannot find such a path, the ESX/ESXi host picks one of the standby paths and
sends the SP of that path a command to move the LUN ownership to the SP.
Path thrashing can occur as a result of the following path choice: If server A can reach a LUN only through
one SP, and server B can reach the same LUN only through a different SP, they both continually cause the
ownership of the LUN to move between the two SPs, effectively ping-ponging the ownership of the LUN.
Because the system moves the ownership quickly, the storage array cannot process any I/O (or can process
only very little). As a result, any servers that depend on the LUN will experience low throughput due to
the long time it takes to complete each I/O request.
Resolve Path Thrashing

Use this procedure to resolve path thrashing. Path thrashing occurs on active-passive arrays when two hosts
access the LUN through different SPs and, as a result, the LUN is never actually available.
Procedure
1 Ensure that all hosts sharing the same set of LUNs on the active-passive arrays use the same storage
processor.
2 Correct any cabling inconsistencies between different ESX/ESXi hosts and SAN targets so that all HBAs
see the same targets in the same order.
3 Configure the path to use the Most Recently Used PSP (the default).
Equalize Disk Access Between Virtual Machines

You can adjust the maximum number of outstanding disk requests with the Disk.SchedNumReqOutstanding
parameter in the vSphere Client. When two or more virtual machines are accessing the same LUN, this
parameter controls the number of outstanding requests that each virtual machine can issue to the LUN.
Adjusting the limit can help equalize disk access between virtual machines.
This limit does not apply when only one virtual machine is active on a LUN. In that case, the bandwidth is
limited by the queue depth of the storage adapter.
VMware, Inc. 71
Procedure
2 Click the Configuration tab and click Advanced Settings under Software.
3 Click Disk in the left panel and scroll down to Disk.SchedNumReqOutstanding.
4 Change the parameter value to the number of your choice and click OK.
This change can impact disk bandwidth scheduling, but experiments have shown improvements for disk-
intensive workloads.
What to do next
If you adjust this value in the VMkernel, you might also want to adjust the queue depth in your storage adapter.
Reducing SCSI Reservations

Operations that require getting a file lock or a metadata lock in VMFS result in short-lived SCSI reservations.
SCSI reservations lock an entire LUN. Excessive SCSI reservations by a server can cause performance
degradation on other servers accessing the same VMFS.
Examples of operations that require getting file locks or metadata locks include:
n Virtual machine power on.
n VMotion.
n Virtual machines running with virtual disk snapshots.
n File operations that require opening files or doing metadata updates.
Performance degradation can occur if such operations occur frequently on multiple servers accessing the same
VMFS. For instance, VMware recommends that you do not run many virtual machines from multiple servers
that are using virtual disk snapshots on the same VMFS. Limit the number of VMFS file operations when many
virtual machines run on the VMFS.
Setting Maximum Queue Depth for Software iSCSI

If you notice unsatisfactory performance for your software iSCSI LUNs, you can change their maximum queue
depth by using the vicfg-module command.
On the vSphere CLI, run the following command:

vicfg-module -s iscsi_max_lun_queue=value iscsi_mod
After you issue this command, reboot your system.
The iscsi_max_lun_queue parameter is used to set the maximum outstanding commands, or queue depth, for
each LUN accessed through the software iSCSI adapter. The default is 32, and the valid range is 1 to 255.
CAUTION Setting the queue depth higher than the default can decrease the total number of LUNs supported.
72 VMware, Inc.
SAN Storage Backup Considerations

In the SAN environment, backups have two goals. The first goal is to archive online data to offline media. This
process is repeated periodically for all online data on a time schedule. The second goal is to provide access to
offline data for recovery from a problem. For example, database recovery often requires retrieval of archived
log files that are not currently online.
Scheduling a backup depends on a number of factors:

n Identification of critical applications that require more frequent backup cycles within a given period of
time.
n Recovery point and recovery time goals. Consider how precise your recovery point needs to be, and how
long you are willing to wait for it.
n The rate of change (RoC) associated with the data. For example, if you are using synchronous/
asynchronous replication, the RoC affects the amount of bandwidth required between the primary and
secondary storage devices.
n Overall impact on SAN environment, storage performance (while backing up), and other applications.
n Identification of peak traffic periods on the SAN (backups scheduled during those peak periods can slow
the applications and the backup process).
n Time to schedule all backups within the datacenter.
n Time it takes to back up an individual application.
n Resource availability for archiving data; usually offline media access (tape).
Include a recovery-time objective for each application when you design your backup strategy. That is, consider
the time and resources necessary to reprovision the data. For example, if a scheduled backup stores so much
data that recovery requires a considerable amount of time, examine the scheduled backup. Perform the backup
more frequently, so that less data is backed up at a time and the recovery time decreases.
If a particular application requires recovery within a certain time frame, the backup process needs to provide
a time schedule and specific data processing to meet this requirement. Fast recovery can require the use of
recovery volumes that reside on online storage to minimize or eliminate the need to access slow offline media
for missing data components.
Snapshot Software
Snapshot software allows an administrator to make an instantaneous copy of any single virtual disk defined
within the disk subsystem.
Snapshot software is available at different levels:

n ESX/ESXi hosts allow you to create snapshots of virtual machines. This software is included in the basic
ESX/ESXi package.
n Third-party backup software might allow for more comprehensive backup procedures and might contain
more sophisticated configuration options.
Administrators make snapshots for a variety of reasons:

n Backup
n Disaster recovery
n Availability of multiple configurations, versions, or both
n Forensics (looking at a snapshot to find the cause of problems while your system is running)
n Data mining (looking at a copy of your data to reduce load on production systems)
VMware, Inc. 73
Using a Third-Party Backup Package

Using third-party software has the advantage of a uniform environment. However, the additional cost of the
third-party snapshotting software can become higher as your SAN grows.
If you are using third-party backup software, make sure that the software is supported with ESX/ESXi hosts.
If you use snapshots to back up your data, consider the following points:
n Some vendors support snapshots for both VMFS and RDMs. If both are supported, you can make either
a snapshot of the whole virtual machine file system for a host, or snapshots for the individual virtual
machines (one per disk).
n Some vendors support snapshots only for a setup using RDM. If only RDM is supported, you can make
snapshots of individual virtual machines.
See your storage vendor’s documentation.
NOTE ESX/ESXi systems also include a Consolidated Backup component.
Layered Applications
SAN administrators customarily use specialized array-based software for backup, disaster recovery, data
mining, forensics, and configuration testing.
Storage providers typically supply two types of advanced services for their LUNs: snapshotting and
replication.
When you use an ESX/ESXi system in conjunction with a SAN, you must decide whether array-based or host-
based tools are more suitable for your particular situation.
Array-Based (Third-Party) Solution

When you use an ESX/ESXi system in conjunction with a SAN, you must decide whether array-based tools are
When you consider an array-based solution, keep in mind the following points:
n Array-based solutions usually result in more comprehensive statistics. With RDM, data always takes the
same path, which results in easier performance management.
n Security is more transparent to the storage administrator when you use RDM and an array-based solution
because with RDM, virtual machines more closely resemble physical machines.
n If you use an array-based solution, physical compatibility RDMs are often used for the storage of virtual
machines. If you do not intend to use RDM, check the storage vendor documentation to see if operations
on LUNs with VMFS volumes are supported. If you use array operations on VMFS LUNs, carefully read
the section on resignaturing.
File-Based (VMFS) Solution

When you use an ESX/ESXi system in conjunction with a SAN, you must decide whether host-based tools are
When you consider a file-based solution that uses VMware tools and VMFS instead of the array tools, be aware
of the following points:
n Using VMware tools and VMFS is better for provisioning. One large LUN is allocated and multiple .vmdk
files can be placed on that LUN. With RDM, a new LUN is required for each virtual machine.
n Snapshotting is included with your ESX/ESXi host at no extra cost. The file-based solution is therefore
more cost-effective than the array-based solution.
74 VMware, Inc.
n Using VMFS is easier for ESX/ESXi administrators.

n ESX/ESXi administrators who use the file-based solution are more independent from the SAN
administrator.

ESX/ESXi can determine whether a LUN contains the VMFS datastore copy, and either mount the datastore
copy with its original UUID or change the UUID, thus resignaturing the datastore.

When you mount the VMFS datastore, ESX/ESXi allows both reads and writes to the datastore residing on the
LUN copy. The LUN copy must be writable. The datastore mounts are persistent and valid across system
reboots.
Because ESX/ESXi does not allow you to resignature the mounted datastore, unmount the datastore before
resignaturing.

Prerequisites
presented to it.
Procedure
click Next.
VMware, Inc. 75
What to do next
Unmount Datastores

n NFS datastores
Procedure
b Click Next.

copy, ESX/ESXi assigns a new UUID and a new label to the copy, and mounts the copy as a datastore distinct
from the original.
The default format of the new label assigned to the datastore is snap-<snapID>-<oldLabel>, where <snapID>
is an integer and <oldLabel> is the label of the original datastore.
76 VMware, Inc.

Prerequisites
Procedure
click Next.
What to do next

VMware, Inc. 77
78 VMware, Inc.
iSCSI SAN Configuration Checklist A
This topic provides a checklist of special setup requirements for different storage systems and ESX/ESXi hosts.
Table A-1. iSCSI SAN Configuration Requirements

Component Comments
All storage systems Write cache must be disabled if not battery backed.
Topology No single failure should cause HBA and SP failover, especially with active-passive storage
arrays.
EMC Symmetrix Enable the SPC2 and SC3 settings. Contact EMC for the latest settings.
EMC Clariion Set the Advanced Setting for the ESX/ESXi host.
All Initiator records must have:
n Failover Mode = 1
n Initiator Type = Clariion Open
n Array CommPath = “Enabled” or 1
HP MSA No specific requirements
HP EVA For EVA3000/5000 firmware 4.001 and later, and EVA4000/6000/8000 firmware 5.031 and later,
set the host type to VMware.
Otherwise, set the host mode type to Custom. The value is:
n EVA3000/5000 firmware 3.x: 000000002200282E
n EVA4000/6000/8000: 000000202200083E
NetApp If any of your iSCSI initiators are a part of an initiator group (igroup), disable ALUA on the
NetApp array.
EqualLogic Make sure ARP Redirect is enabled on hardware iSCSI adapters.
LeftHand Make sure ARP Redirect is enabled on hardware iSCSI adapters.
ESX/ESXi Configuration Set the following Advanced Settings for the ESX/ESXi host:
n Set Disk.UseLunReset to 1
n Set Disk.UseDeviceReset to 0
A multipathing policy of Most Recently Used must be set for all LUNs hosting clustered disks
for active-passive arrays. A multipathing policy of Most Recently Used or Fixed may be set
for LUNs on active-active arrays.
Allow ARP redirection if the storage system supports transparent failover.
VMware, Inc. 79
80 VMware, Inc.
VMware vSphere Command-Line
Interface B
In most cases, the vSphere Client is well-suited for monitoring an ESX/ESXi host connected to SAN storage.
Advanced users might, at times, want to use some VMware vSphere Command-Line Interface (vSphere CLI)
commands for additional details.
For more information, see VMware vSphere Command-Line Interface Installation and Reference Guide.

n “resxtop Command,” on page 81
n “vicfg-iscsi Command,” on page 81
n “vicfg-mpath Command,” on page 81
n “esxcli corestorage claimrule Command,” on page 81
n “vmkping Command,” on page 82
resxtop Command
The resxtop command provides a detailed look at ESX/ESXi resource use in real time.
For detailed information about resxtop, see the Resource Management Guide and VMware vSphere Command-Line
vicfg-iscsi Command
The vicfg-iscsi command allows you to configure software or hardware iSCSI on ESX/ESXi hosts, set up
CHAP parameters, and set up iSCSI networking.
For details, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
vicfg-mpath Command
Use the vicfg-mpath command to view information about storage devices, paths, and multipathing plugins.
esxcli corestorage claimrule Command

Use the esxcli corestorage claimrule command to manage claim rules. Claim rules determine which
multipathing module should claim paths to a particular device and manage the device.
VMware, Inc. 81
vmkping Command
The vmkping command allows you to verify the VMkernel networking configuration.
Usage example:
vmkping [options] [host|IP address]
Table B-1. vmkping Command-Line Options

Option Description
-6 Use IPv6 - ICMPv6 Echo request.

-4 Use IPv4 (default).
-I Outgoing interface - for IPv6 scope.
-D VMkernel TCP stack debug mode.
-c <count> Sets packet count.
-i <interval> Sets interval.
-s <size> Sets send size.
82 VMware, Inc.
Managing Storage Paths and
Multipathing Plugins C
Use the vSphere CLI to manage the Pluggable Storage Architecture (PSA) multipathing plugins and storage
paths assigned to them.
You can use the vSphere CLI to display all multipathing plugins available on your host. You can list any third-
party MPPs, as well as your host's NMP and SATPs and review the paths they claim. You can also define new
paths and specify which multipathing plugin should claim the paths.
For more information about additional commands available to manage PSA, see the vSphere Command-Line

n “List Claim Rules for the Host,” on page 83
n “Display Multipathing Modules,” on page 84
n “Display SATPs for the Host,” on page 85
n “Display NMP Storage Devices,” on page 85
n “Add PSA Claim Rules,” on page 86
n “Delete PSA Claim Rules,” on page 87
n “Mask Paths,” on page 87
n “Unmask Paths,” on page 88
n “Define NMP SATP Rules,” on page 88
n “esxcli corestorage Command-Line Options,” on page 89
List Claim Rules for the Host

Use the vSphere CLI to list all claim rules from 0 to 65535.
Claim rules indicate which multipathing plugin, the NMP or any third-party MPP, manages a given physical
path. Each claim rule identifies a set of paths based on the following parameters:
n Vendor/model strings
n Transportation, such as SATA, IDE, Fibre Channel, and so on
n Adapter, target, or LUN location
n Device driver, for example, Mega-RAID
VMware, Inc. 83
Procedure
u Use the esxcli corestorage claimrule list to list claim rules.
Example C-1 shows the output of the command.
Example C-1. Sample Output of the esxcli corestorage claimrule list Command

200 runtime vendor MPP_1 vendor=NewVend model=*
200 file vendor MPP_1 vendor=NewVend model=*
201 runtime location MPP_2 adapter=vmhba41 channel=* target=* lun=*
201 file location MPP_2 adapter=vmhba41 channel=* target=* lun=*
202 runtime driver MPP_3 driver=megaraid
202 file driver MPP_3 driver=megaraid
65535 runtime vendor NMP vendor=* model=*
This example indicates the following:

n The NMP claims all paths connected to storage devices that use the USB, SATA, IDE, and Block SCSI
transportation.
n The MASK_PATH module claims all paths returning SCSI inquiry data with a vendor string of DELL and
a model string of Universal Xport. The MASK_PATH module is used to mask paths from your host.
n The MPP_1 module claims all paths connected to any model of the NewVend storage array.
n The MPP_3 module claims the paths to storage devices controlled by the Mega-RAID device driver.
n Any paths not described in the previous rules are claimed by NMP.
n The Class column in the output shows which rules are defined and which are loaded. The file parameter
in the Class column indicates that the rule is defined. The runtime parameter indicates that the rule has
been loaded into your system. For a user- defined claim rule to be active, two lines with the same rule
number should exist, one line for the rule with the file parameter and another line with runtime. Several
low numbered rules have only one line with the Class of runtime. These are system defined claim rules
that you cannot modify.
Display Multipathing Modules

Use the vSphere CLI to list all multipathing modules loaded into the system. Multipathing modules manage
physical paths that connect your host with storage.
Procedure
u To list all multipathing modules, run the following command:
vicfg-mpath --server <server> --list-plugins,
where <server> is your vSphere CLI administration server. You might be prompted for a user name and
password.
At a minimum, this command returns the NMP module. If any third-party MPPs have been loaded, they are
listed as well.
84 VMware, Inc.
Appendix C Managing Storage Paths and Multipathing Plugins
Example C-2. Sample Output of the vicfg-mpath Command
MPP_1
MPP_2
MPP_3
MASK_PATH
NMP
Display SATPs for the Host

Use the vSphere CLI to list all VMware NMP SATPs loaded into the system.
Procedure
u To list all VMware SATPs, run the following command.
esxcli nmp satp list
For each SATP, the command displays information that shows the type of storage array or system this SATP
supports and the default PSP for any LUNs using this SATP.
Keep in mind the following:

n If no SATP is assigned to the device by the claim rules, the default SATP for iSCSI or FC devices is
VMW_SATP_DEFAULT_AA. The default PSP is VMW_PSP_FIXED.
n If VMW_SATP_ALUA is assigned to a specific storage device, but the device is not ALUA-aware, there
is no claim rule match for this device. In this case, the device is claimed by the default SATP based on the
device's transport type.
n The default PSP for all devices claimed by VMW_SATP_ALUA is VMW_PSP_MRU. The VMW_PSP_MRU
selects an active/optimized path as reported by the VMW_SATP_ALUA, or an active/unoptimized path
if there is no active/optimized path. This path is used until a better path is available (MRU). For example,
if the VMW_PSP_MRU is currently using an active/unoptimized path and an active/optimized path
becomes available, the VMW_PSP_MRU will switch the current path to the active/optimized one.
Example C-3. Sample Output of the esxcli nmp satp list Command
Name Default PSP Description

VMW_SATP_ALUA_CX VMW_PSP_FIXED Supports EMC CX that use the ALUA protocol
VMW_SATP_SVC VMW_PSP_FIXED Supports IBM SVC
VMW_SATP_MSA VMW_PSP_MRU Supports HP MSA
VMW_SATP_EQL VMW_PSP_FIXED Supports EqualLogic arrays
VMW_SATP_INV VMW_PSP_FIXED Supports EMC Invista
VMW_SATP_SYMM VMW_PSP_FIXED Supports EMC Symmetrix
Display NMP Storage Devices

Use vSphere CLI to list all storage devices controlled by the VMware NMP and display SATP and PSP
information associated with each device.
Procedure
1 To list all storage devices, run the following command:
esxcli nmp device list
2 To show information for a specific device, run the following:
esxcli nmp device list -d <device_ID>
VMware, Inc. 85
Add PSA Claim Rules

Use the vSphere CLI to add a new PSA claim rule to the set of claim rules on the system. For the new claim
rule to be active, you first define the rule and then load it into your system.
You add a new PSA claim rule when, for example, you load a new multipathing plugin (MPP) and need to
define which paths this module should claim. You may need to create a new claim rule if you add new paths
and want an existing MPP to claim them.
CAUTION When creating new claim rules, be careful to avoid a situation when different physical paths to the
same LUN are claimed by different MPPs. Unless one of the MPPs is the MASK_PATH MPP, this configuration
will cause performance errors.
Procedure
1 To define a new claim rule, on the vSphere CLI, run the following command:
esxcli corestorage claimrule add -r <claimrule_ID> -t <type> <required_option (based on type)>

-P <MPP_name>
For information on the options that the command requires, see “esxcli corestorage Command-Line
Options,” on page 89.
2 To load the new claim rule into your system, run the following command:
This command has no options. It loads all newly created claim rules from your system's configuration file.
Example C-4. Adding a PSA Claim Rule

In the following example, you define the claim rule # 500, which specifies that the NMP module claims all
paths to the NewMod model of the NewVend storage array. You then load this claim rule into your system.
1 # esxcli corestorage claimrule add -r 500 -t vendor -V NewVend -M NewMod -P NMP
2 # esxcli corestorage claimrule load
If you now run the esxcli corestorage claimrule list command, you can see the new claim rule appearing
on the list.
NOTE The two lines for the claim rule, one with the Class of runtime another with the Class of file, indicate
that the new claim rule has been loaded into the system and is active.

500 runtime vendor NMP vendor=NewVend model=NewMod
500 file vendor NMP vendor=NewVend model=NewMod
86 VMware, Inc.
Delete PSA Claim Rules

Use the vSphere CLI to remove a PSA claim rule from the set of claim rules on the system.
Procedure
1 Delete a claim rule from the set of claim rules.
esxcli corestorage claimrule delete -r <claimrule_ID>
For information on the options that the command takes, see “esxcli corestorage Command-Line Options,”
on page 89.
NOTE By default, the PSA claim rule 101 masks Dell array pseudo devices. Do not delete this rule, unless
you want to unmask these devices.
2 Remove the claim rule from the ESX/ESXi system.
Mask Paths
You can prevent the ESX/ESXi host from accessing storage devices or LUNs or from using individual paths to
a LUN. Use the vSphere CLI commands to mask the paths.
When you mask paths, you create claim rules that assign the MASK_PATH plugin to the specified paths.
Procedure
1 Check what the next available rule ID is.
The claim rules that you use to mask paths should have rule IDs in the range of 101 – 200. If this command
shows that rule 101 and 102 already exist, you can specify 103 for the rule to add.
2 Assign the MASK_PATH plugin to a path by creating a new claim rule for the plugin.
esxcli corestorage claimrule add -r <claimrule_ID> -t <type> <required_option> -P <MASK_PATH>
For information on command-line options, see “esxcli corestorage Command-Line Options,” on

page 89.
3 Load the MASK_PATH claim rule into your system.
4 Verify that the MASK_PATH claim rule was added correctly.
5 If a claim rule for the masked path exists, remove the rule.
esxcli corestorage claiming unclaim <type> <required_option>
6 Run the path claiming rules.
esxcli corestorage claimrule run
After you assign the MASK_PATH plugin to a path, the path state becomes irrelevant and is no longer
maintained by the host. As a result, commands that display the masked path's information might show the
path state as dead.
VMware, Inc. 87
Example C-5. Masking a LUN

In this example, you mask the LUN 20 on targets T1 and T2 accessed through storage adapters vmhba2 and
vmhba3.
2 #esxcli corestorage claimrule add -P MASK_PATH -r 109 -t location -A vmhba2 -C 0 -T 1 -L 20

3 #esxcli corestorage claimrule load
5 #esxcli corestorage claiming unclaim -t location -A vmhba2

#esxcli corestorage claiming unclaim -t location -A vmhba3
6 # esxcli corestorage claimrule run
Unmask Paths
When you need the host to access the masked storage device, unmask the paths to the device.
Procedure
1 Unmask a path to the storage device by running the esxcli corestorage claiming unclaim command.
Run this command for each path to the storage device.
For example:
esxcli corestorage claiming unclaim -t location -A vmhba0 -C 0 -T 0 -L 149
2 Load path claiming rules into the VMkernel by running the esxcli corestorage claimrule load
command.
3 Run the path claiming rules by entering the esxcli corestorage claimrule run.
Your host can now access the previously masked storage device.
Define NMP SATP Rules

The NMP SATP claim rules specify which SATP should manage a particular storage device. Usually you do
not need to modify the NMP SATP rules. If you need to do so, use vSphere CLI to add a rule to the list of claim
rules for the specified SATP.
You might need to create a new SATP rule when you install a third-party SATP for a specific storage array.
Procedure
1 To add a claim rule for a specific SATP, run the following command.
esxcli nmp satp addrule <rule_parameter> -e <description> -o <option> -s <SATP_name>
88 VMware, Inc.
Use the following options for <rule_parameter>. The -V and -M options can be used at the same time. They
cannot be used in conjunction with the -R or -D options.
NOTE When searching the SATP rules to locate an SATP for a given device, the NMP searches the driver
rules first. If there is no match, the vendor/model rules are searched, and finally the transport rules. If
there is still no match, NMP selects a default SATP for the device.
n -D <driver> -- Driver string to set when adding the SATP claim rule.
n -V <vendor> -- Vendor string to set when adding the SATP claim rule.
n -M <model> -- Model string to set when adding the SATP claim rule.
n -R <transport> -- Transport type string to set when adding the SATP claim rule.
Specify the following options for any SATP claim rule:

n -e <description> -- Description string to set when adding the SATP claim rule.
n -o <option> -- Claim option string to set when adding the SATP claim rule. This string is passed to
the SATP when the SATP claims a path. The contents of this string, and how the SATP behaves as a
result, are unique to each SATP. For example, some SATPs support the claim option strings tpgs_on
and tpgs_off. If tpgs_on is specified, the SATP will claim the path only if the ALUA Target Port Group
support is enabled on the storage device.
2 To delete a rule from the list of claim rules for the specified SATP, run the following command. You can
run this command with the same options you used for addrule.
esxcli nmp satp deleterule <rule_parameter> -s <SATP_name>
3 Reboot your host.
Example C-6. Defining an NMP SATP Rule

The following sample command assigns the VMW_SATP_INV plugin to manage storage arrays with vendor
string NewVend and model string NewMod.
# esxcli nmp satp addrule -V NewVend -M NewMod -s VMW_SATP_INV
If you run the esxcli nmp satp listrules -s VMW_SATP_INV command, you can see the new rule added to the
list of VMW_SATP_INV rules.
Name Vendor Model Driver Transport Options Claim Options Description
VMW_SATP_INV EMC Invista
VMW_SATP_INV EMC LUNZ Invista LUNZ
VMW_SATP_INV NewVend NewMod
esxcli corestorage Command-Line Options

Certain esxcli corestorage commands, for example the commands that you run to add new claim rules,
remove the rules, or mask paths, require that you specify a number of options.
Table C-1 lists options available for the esxcli corestorage commands.
Table C-1. esxcli corestorage command-line options

-r <claimrule_ID> Use to specify the order number for the claim

rule from 0 to 65535.
-t <type> Use to define the set of paths for the claim These options change depending on the value
rule. Specify one of the following values for you enter for <type>.
the <type> variable:
VMware, Inc. 89
Table C-1. esxcli corestorage command-line options (Continued)

vendor – Indicate the vendor and model of -V <vendor> -M <model>

the storage device used for this path. Use asterisk (*) to specify all vendors or models.
location – Indicate the adapter, channel, Use any of the following:

target, or LUN used for this path. n -A <adapter>
n -C <channel>
n -T <target>
n -L <lunID>
driver – Indicate the driver used for the -D <driver>

path.
transport – Indicate the transport used for -R <transport>

the path. Use one of the following for the <transport>
variable:
n block – Raid block devices, such as cciss
n fc – Fibre Channel
n iscsi – Default iSCSI
n iscsivendor – iSCSI with vendor supplied
IMA
n ide – IDE
n sas – Serial attached SCSI
n sata – Serial ATA
n usb – USB storage devices
n parallel – Parallel SCSI devices
n unknown – Unknown storage device type
-P <MPP_name> Indicate which MPP plugin should claim the

paths defined by the claim rule.
Run the vicfg-mpath --list-plugins
command to see valid values.
90 VMware, Inc.
Index
Symbols claim rules, adding 86

* next to path 62 commands
esxcli corestorage claimrule 81
A resxtop 81
access, equalizing disk access 71 vicfg-iscsi 81
access control 12 vicfg-mpath 81
active-active disk arrays 11, 28, 46, 63 vmkping 82
active-passive disk arrays, path policy reset 66 configuring
active/active disk arrays, managing paths 64 dynamic discovery 35
active/passive disk arrays iSCSI storage 41
managing paths 64 static discovery 36
path thrashing 71 current multipathing state 62
adaptive scheme 18
adding, iSCSI storage 41 D
allocations, LUN 28 data digests 13
applications,layered 74 datastore copies, mounting 75
array-based (third-party) solution 74 datastores
creating on iSCSI storage 41
asterisk next to path 62
managing duplicate 75
authentication 12, 37, 59
mounting 75
avoiding problems 66
paths 62
B refresh 60
backups reviewing properties 59
considerations 73 unmounting 76
third-party backup package 74 viewing information 58
benefits 13 Dell PowerVault MD3000i storage systems 49
booting from a SAN diagnostic partitions, sharing 66
benefits 52 disabling paths 64
configuring HBAs 53 disaster recovery 14
enabling 52 discovery
making decisions 52 address 35
overview 51 dynamic 35
preparing storage 53 static 36
disk access, equalizing 71
C disk arrays
can't see LUN 59 active-active 28, 63
CHAP active-passive 28, 63
disabling 40 active/passive 71
for discovery targets 39 disk shares 18
for iSCSI initiators 37 disk timeout 65
for static targets 39 Disk.MaxLUN 61
mutual 37 Disk.SchedNumReqOutstanding parameter 71
one-way 37 Disk.SupportSparseLUN 61
CHAP authentication 12, 37, 59 dump partitions, sharing 66
CHAP authentication methods 37 dynamic discovery, configuring 35
VMware, Inc. 91
dynamic discovery addresses 35 iSCSI networking, creating a VMkernel port 31

iSCSI ports 10
E iSCSI Qualified Names 12
EMC CLARiiON 44 iSCSI SAN, concepts 9
EMC Symmetrix, pseudo LUNs 45 iSCSI storage, adding 41
Enterprise Unique Identifiers 12 iSCSI storage systems, working with ESX/
equalizing disk access 71 ESXi 43
EqualLogic, storage systems 49 iscsi_max_lun_queue 72
ESX/ESXi, sharing VMFS 16 issues
esxcli corestorage claimrule command 81 performance 70
EVA (HP StorageWorks) 46 visibility 59
F J
failover jumbo frames, enabling 34
I/O delay 23
transparent 11 L
failover paths, status 62 layered applications 74
failure, server 25 LeftHand Networks SAN/iQ storage systems 49
file-based (VMFS) solution 74 Linux Cluster host type 44
FilerView 47 Linux host type 44
finding information 14 load balancing, manual 64
Fixed path policy, path thrashing 70 locations of virtual machines 24
lower-tier storage 24
H LUN decisions
hardware iSCSI, and failover 22 adaptive scheme 18
hardware iSCSI initiator, changing iSCSI predictive scheme 17
name 29 LUN discovery, VMkernel 26
hardware iSCSI initiators
LUN not visible, SP visibility 59
configuring 28
LUNs
installing 29 allocations 28
setting up discovery addresses 35 can't see 59
setting up naming parameters 29 changing number scanned 61
viewing 29 creating, and rescan 59, 60
header digests 13 decisions 17
high-tier storage 24 display and rescan 26
host type 44 making changes and rescan 60
HP StorageWorks masking 87
EVA 46
masking changes and rescan 59, 60
MSA 45
multipathing policy 63
number scanned 61
I
one VMFS volume per 27
I/O delay 23, 27
setting multipathing policy 63
IP address 10
sparse 61
iSCSI alias 10
iSCSI HBA, alias 29
iSCSI initiators
M
advanced parameters 40 maintenance 14
configuring advanced parameters 41 manual load balancing 64
configuring CHAP 37 masking LUNs 87
hardware 10, 28 metadata updates 16
setting up CHAP parameters 37 mid-tier storage 24
software 10 Most Recently Used path policy, path
thrashing 70
viewing in vSphere Client 55
iSCSI names, conventions 12 mounting VMFS datastores 75
92 VMware, Inc.
Index
MPPs paths
displaying 84 disabling 64
See also multipathing plugins masking 87
MRU path policy 63 preferred 62
MSA (HP StorageWorks) 45 performance
MTU 35 checking Ethernet switch statistics 70
multipathing issues 70
activating for software iSCSI 33 network 68
active paths 62 optimizing 67
broken paths 62 SCSI reservations 16
disabled paths 62 storage system 67
standby paths 62 Pluggable Storage Architecture 19
viewing the current state of 62 port binding 22, 30
multipathing plugins, path claiming 61 port redirection 23
multipathing policy 63 predictive scheme 17
multipathing state 62 preferred path 62
mutual CHAP 37 prioritizing virtual machines 18
problems
N avoiding 66
Native Multipathing Plugin 19, 20 performance 70
NetApp visibility 59
provisioning storage on CLI 48 PSA, See Pluggable Storage Architecture
provisioning storage on FilerView 47 PSPs, See Path Selection Plugins
NetApp storage system 47
network performance 68 Q
network virtualization 8 queue depth 27, 72
networking, configuring 28
NFS datastores, unmounting 76 R
NICs, mapping to ports 32 refresh 60
NMP, path claiming 61 rescan
number of outstanding disk requests 71 LUN creation 59, 60
LUN display 26
O LUN masking 59
one-way CHAP 37 path masking 60
outstanding disk requests 71 when path is down 60
reservations, reducing SCSI reservations 72
P resolving problems 66
passive disk arrays, path thrashing 71
resxtop command 81
path claiming 61
Round Robin path policy 21, 63
path failover
array-based 23
S
host-based 22 SAN
path failure rescan 60 backup considerations 73
path management 19, 64 server failover 25
path policies specifics 15
changing defaults 64 SAN management software 15
Fixed 21, 23, 63 SAN restrictions, when working with ESX/
Most Recently Used 21, 63 ESXi 28
MRU 63 SAN storage performance, optimizing 67
Round Robin 21, 63 SAN storage, benefits 13
path policy reset, active-passive disk array 66 SANs, accessing 18
Path Selection Plugins 21 SATP rules, adding 88
path thrashing, resolving 71 scanning, changing number 61
VMware, Inc. 93
SCSI controllers 8 targets vs. LUNs 11

SCSI reservations, reducing 72 testing, storage systems 43
server failover 25 third-party backup package 74
server failure 25 third-party management applications 15
server performance 67 TimeoutValue parameter 27
sharing diagnostic partitions 66 troubleshooting 66
sharing VMFS across servers 16
snapshot software 73 U
software iSCSI use cases 14
and failover 22
networking 30 V
software iSCSI initiators vicfg-iscsi command 81
configuring 30 vicfg-module 72
enabling 34 vicfg-mpath command 81
queue depth 72 virtual machines
setting up discovery addresses 35 accessing SANs 18
SP visibility, LUN not visible 59 equalizing disk access 71
sparse LUN support 61 I/O delay 23
static discovery, configuring 36 locations 24
static discovery addresses 35 prioritizing 18
storage adapter, displaying in vSphere Client 56 virtualization 7
storage adapters visibility issues 59
copying names to clipboard 56 VMFS
viewing in vSphere Client 55 one volume per LUN 27
storage area network 7 sharing across ESX/ESXi hosts 16
SATPs, displaying 85 volume resignaturing 75
Storage Array Type Plugins 21 VMFS datastores
storage devices changing signatures 77
accessible through adapters 58 resignaturing copies 76
available to hosts 57 unmounting 76
displaying 85 VMFS volume resignaturing 75
identifiers 58 VMkernel, LUN discovery 26
naming 57 VMkernel interface, with Jumbo Frames
paths 63 enabled 35
viewing information 56 VMkernel ports 32
storage systems vmkping command 82
Dell PowerVault MD3000i 49 VMotion 13, 14, 28, 44
EMC CLARiiON 44 VMware DRS, using with VMotion 28
EMC Symmetrix 45 VMware HA 13, 25, 44
EqualLogic 49 VMware NMP
HP StorageWorks 45 I/O flow 21
LeftHand Networks SAN/iQ 49 See also Native Multipathing Plugin
NetApp 47 volume resignaturing 75, 76
performance 67 vSphere CLI 33
types 11 vSwitch, with Jumbo Frames enabled 35
storage virtualization 8
W
T Windows GOS timeout 65
targets 11
94 VMware, Inc.

Guia de Estudio VMware 4.0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Guia de Estudio VMware 4.0

Uploaded by

Copyright:

Available Formats

Introduction to VMware vSphere

About This Book 5

VMware vSphere Introduction 7

Introduction to VMware vSphere covers ESX, ESXi, and vCenter Server.

VMware vSphere Documentation

Abbreviations Used in Figures

database vCenter Server database

datastore Storage for the managed host

dsk# Storage disk for the managed host

hostn vCenter Server managed hosts

SAN Storage area network type datastore shared between managed

user# User with access permissions

VM# Virtual machines on a managed host

Technical Support and Education Resources

Customers with appropriate support contracts should use telephone support

Figure 1. VMware vSphere

clients vSphere vSphere vSphere other other

Application Availability Security Scalability

Infrastructure vCompute vStorage vNetwork

VMware vSphere Components

VMware vSphere includes the following components:

Physical Topology of vSphere Datacenter

This physical topology of the vSphere datacenter is illustrated in Figure 2.

Figure 2. VMware vSphere Datacenter Physical Topology

server server server

VM VM VM fibre channel switch fabric / IP network

fibre channel iSCSI NAS

The components that make up the vSphere datacenter topology are:

Virtual Datacenter Architecture

Figure 3 shows the key elements in virtual datacenter.

Figure 3. Virtual Datacenter Architecture

Hosts, Clusters, and Resource Pools

Figure 4. Hosts, Clusters, and Resource Pools

x86 server x86 server x86 server

VMware vSphere Distributed Services

Figure 5. Migration with VMotion

ESX/ESXi host ESX/ESXi host

applications applications applications applications

Figure 6. VMware DRS

virtual machines virtual machines virtual machines

physical server physical server physical server

virtual machines virtual machines virtual machines

physical server physical server physical server

Figure 8. Networking with vNetwork Standard Switches

Host1 Host2 virtual

Host1 Host2 physical

physical network adapters

Figure 9. Networking with vNetwork Distributed Switches

vNetwork Distributed Switch

dvUplinkA dvUplinkB dvUplinkA dvUplinkB virtual

Host1 Host2 physical

VLAN support Integrates virtual networks with physical network VLANs.

This storage architecture is shown in Figure 10.

Figure 10. Storage Architecture

VM1 VM2 VM3 VM4

vm1.vmx vm2.vmx vm3.vmx vm4.vmx virtual

file1.vmdk file2.vmdk file3.vmdk file4.vmdk physical

VMFS volume NFS

DAS SCSI FC SAN iSCSI NAS

Figure 11. Raw Device Mapping

VMware Consolidated Backup

Figure 12. VMware Consolidated Backup

VMware vCenter Server